wrapped-key-ring: split up CachedKeyRing and WrappedKeyRing

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedKeyRing.java

@@ -1,68 +0,0 @@
-package org.sufficientlysecure.keychain.pgp;
-
-public abstract class CachedKeyRing {
-
-    private final long mMasterKeyId;
-    private final String mUserId;
-    private final boolean mHasAnySecret;
-    private final boolean mIsRevoked;
-    private final boolean mCanCertify;
-    private final long mHasEncryptId;
-    private final long mHasSignId;
-    private final int mVerified;
-
-    protected CachedKeyRing(long masterKeyId, String userId, boolean hasAnySecret,
-                            boolean isRevoked, boolean canCertify, long hasEncryptId, long hasSignId,
-                            int verified)
-    {
-        mMasterKeyId = masterKeyId;
-        mUserId = userId;
-        mHasAnySecret = hasAnySecret;
-        mIsRevoked = isRevoked;
-        mCanCertify = canCertify;
-        mHasEncryptId = hasEncryptId;
-        mHasSignId = hasSignId;
-        mVerified = verified;
-    }
-
-    public long getMasterKeyId() {
-        return mMasterKeyId;
-    }
-
-    public String getPrimaryUserId() {
-        return mUserId;
-    }
-
-    public boolean hasAnySecret() {
-        return mHasAnySecret;
-    }
-
-    public boolean isRevoked() {
-        return mIsRevoked;
-    }
-
-    public boolean canCertify() {
-        return mCanCertify;
-    }
-
-    public long getEncryptId() {
-        return mHasEncryptId;
-    }
-
-    public boolean hasEncrypt() {
-        return mHasEncryptId != 0;
-    }
-
-    public long getSignId() {
-        return mHasSignId;
-    }
-
-    public boolean hasSign() {
-        return mHasSignId != 0;
-    }
-
-    public int getVerified() {
-        return mVerified;
-    }
-
-}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/KeyRing.java

@@ -0,0 +1,25 @@
+package org.sufficientlysecure.keychain.pgp;
+
+import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+
+public abstract class KeyRing {
+
+    abstract public long getMasterKeyId() throws PgpGeneralException;
+
+    abstract public String getPrimaryUserId() throws PgpGeneralException;
+
+    abstract public boolean isRevoked() throws PgpGeneralException;
+
+    abstract public boolean canCertify() throws PgpGeneralException;
+
+    abstract public long getEncryptId() throws PgpGeneralException;
+
+    abstract public boolean hasEncrypt() throws PgpGeneralException;
+
+    abstract public long getSignId() throws PgpGeneralException;
+
+    abstract public boolean hasSign() throws PgpGeneralException;
+
+    abstract public int getVerified() throws PgpGeneralException;
+
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java

@@ -233,7 +233,7 @@ public class PgpDecryptVerify {
 
         PGPPublicKeyEncryptedData encryptedDataAsymmetric = null;
         PGPPBEEncryptedData encryptedDataSymmetric = null;
-        CachedSecretKey secretEncryptionKey = null;
+        WrappedSecretKey secretEncryptionKey = null;
         Iterator<?> it = enc.getEncryptedDataObjects();
         boolean asymmetricPacketFound = false;
         boolean symmetricPacketFound = false;
@@ -245,10 +245,10 @@ public class PgpDecryptVerify {
 
                 PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) obj;
 
-                CachedSecretKeyRing secretKeyRing;
+                WrappedSecretKeyRing secretKeyRing;
                 try {
                     // get actual keyring object based on master key id
-                    secretKeyRing = mProviderHelper.getCachedSecretKeyRing(
+                    secretKeyRing = mProviderHelper.getWrappedSecretKeyRing(
                             KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(
                                     Long.toString(encData.getKeyID()))
                     );
@@ -368,8 +368,8 @@ public class PgpDecryptVerify {
         Object dataChunk = plainFact.nextObject();
         OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
         int signatureIndex = -1;
-        CachedPublicKeyRing signingRing = null;
+        WrappedPublicKeyRing signingRing = null;
-        CachedPublicKey signingKey = null;
+        WrappedPublicKey signingKey = null;
 
         if (dataChunk instanceof PGPCompressedData) {
             updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
@@ -393,7 +393,7 @@ public class PgpDecryptVerify {
             for (int i = 0; i < sigList.size(); ++i) {
                 try {
                     long sigKeyId = sigList.get(i).getKeyID();
-                    signingRing = mProviderHelper.getCachedPublicKeyRing(
+                    signingRing = mProviderHelper.getWrappedPublicKeyRing(
                             KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(
                                     Long.toString(sigKeyId)
                             )
@@ -413,7 +413,11 @@ public class PgpDecryptVerify {
                 signatureResultBuilder.signatureAvailable(true);
                 signatureResultBuilder.knownKey(true);
                 signatureResultBuilder.keyId(signingRing.getMasterKeyId());
-                signatureResultBuilder.userId(signingRing.getPrimaryUserId());
+                try {
+                    signatureResultBuilder.userId(signingRing.getPrimaryUserId());
+                } catch(PgpGeneralException e) {
+                    Log.d(Constants.TAG, "No primary user id in key " + signingRing.getMasterKeyId());
+                }
                 signatureResultBuilder.signatureKeyCertified(signingRing.getVerified() > 0);
 
                 signingKey.initSignature(signature);
@@ -567,8 +571,8 @@ public class PgpDecryptVerify {
             throw new InvalidDataException();
         }
 
-        CachedPublicKeyRing signingRing = null;
+        WrappedPublicKeyRing signingRing = null;
-        CachedPublicKey signingKey = null;
+        WrappedPublicKey signingKey = null;
         int signatureIndex = -1;
 
         // go through all signatures
@@ -576,7 +580,7 @@ public class PgpDecryptVerify {
         for (int i = 0; i < sigList.size(); ++i) {
             try {
                 long sigKeyId = sigList.get(i).getKeyID();
-                signingRing = mProviderHelper.getCachedPublicKeyRing(
+                signingRing = mProviderHelper.getWrappedPublicKeyRing(
                         KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(
                                 Long.toString(sigKeyId)
                         )
@@ -598,7 +602,11 @@ public class PgpDecryptVerify {
             signatureResultBuilder.signatureAvailable(true);
             signatureResultBuilder.knownKey(true);
             signatureResultBuilder.keyId(signingRing.getMasterKeyId());
-            signatureResultBuilder.userId(signingRing.getPrimaryUserId());
+            try {
+                signatureResultBuilder.userId(signingRing.getPrimaryUserId());
+            } catch(PgpGeneralException e) {
+                Log.d(Constants.TAG, "No primary user id in key " + signingRing.getMasterKeyId());
+            }
             signatureResultBuilder.signatureKeyCertified(signingRing.getVerified() > 0);
 
             signingKey.initSignature(signature);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java

@@ -27,7 +27,6 @@ import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPKeyRing;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPPublicKeyRing;
-import org.spongycastle.openpgp.PGPSecretKey;
 import org.spongycastle.openpgp.PGPSecretKeyRing;
 import org.spongycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.sufficientlysecure.keychain.Constants;
@@ -101,7 +100,7 @@ public class PgpImportExport {
         }
     }
 
-    public boolean uploadKeyRingToServer(HkpKeyServer server, CachedPublicKeyRing keyring) {
+    public boolean uploadKeyRingToServer(HkpKeyServer server, WrappedPublicKeyRing keyring) {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
         ArmoredOutputStream aos = null;
         try {
@@ -229,7 +228,7 @@ public class PgpImportExport {
             updateProgress(progress * 100 / masterKeyIdsSize, 100);
 
             try {
-                CachedPublicKeyRing ring = mProviderHelper.getCachedPublicKeyRing(
+                WrappedPublicKeyRing ring = mProviderHelper.getWrappedPublicKeyRing(
                         KeychainContract.KeyRings.buildGenericKeyRingUri(pubKeyMasterId)
                 );
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyHelper.java

@@ -72,7 +72,6 @@ public class PgpKeyHelper {
     }
 
     @SuppressWarnings("unchecked")
-    @Deprecated
     public static boolean isEncryptionKey(PGPPublicKey key) {
         if (!key.isEncryptionKey()) {
             return false;
@@ -114,7 +113,6 @@ public class PgpKeyHelper {
     }
 
     @SuppressWarnings("unchecked")
-    @Deprecated
     public static boolean isSigningKey(PGPPublicKey key) {
         if (key.getVersion() <= 3) {
             return true;
@@ -146,7 +144,6 @@ public class PgpKeyHelper {
     }
 
     @SuppressWarnings("unchecked")
-    @Deprecated
     public static boolean isCertificationKey(PGPPublicKey key) {
         if (key.getVersion() <= 3) {
             return true;

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java

@@ -337,8 +337,8 @@ public class PgpKeyOperation {
 
     }
 
-    public UncachedKeyRing buildSecretKey(CachedSecretKeyRing wmKR,
+    public UncachedKeyRing buildSecretKey(WrappedSecretKeyRing wmKR,
-                                          CachedPublicKeyRing wpKR,
+                                          WrappedPublicKeyRing wpKR,
                                           SaveKeyringParcel saveParcel)
             throws PgpGeneralMsgIdException, PGPException, SignatureException, IOException {
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java

@@ -266,11 +266,11 @@ public class PgpSignEncrypt {
         }
 
         /* Get keys for signature generation for later usage */
-        CachedSecretKey signingKey = null;
+        WrappedSecretKey signingKey = null;
         if (enableSignature) {
-            CachedSecretKeyRing signingKeyRing;
+            WrappedSecretKeyRing signingKeyRing;
             try {
-                signingKeyRing = mProviderHelper.getCachedSecretKeyRing(mSignatureMasterKeyId);
+                signingKeyRing = mProviderHelper.getWrappedSecretKeyRing(mSignatureMasterKeyId);
             } catch (ProviderHelper.NotFoundException e) {
                 throw new NoSigningKeyException();
             }
@@ -316,9 +316,9 @@ public class PgpSignEncrypt {
                 // Asymmetric encryption
                 for (long id : mEncryptionMasterKeyIds) {
                     try {
-                        CachedPublicKeyRing keyRing = mProviderHelper.getCachedPublicKeyRing(
+                        WrappedPublicKeyRing keyRing = mProviderHelper.getWrappedPublicKeyRing(
                                 KeyRings.buildUnifiedKeyRingUri(Long.toString(id)));
-                        CachedPublicKey key = keyRing.getEncryptionSubKey();
+                        WrappedPublicKey key = keyRing.getEncryptionSubKey();
                         cPk.addMethod(key.getPubKeyEncryptionGenerator());
                     } catch (PgpGeneralException e) {
                         Log.e(Constants.TAG, "key not found!", e);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedKeyRing.java

@@ -0,0 +1,81 @@
+package org.sufficientlysecure.keychain.pgp;
+
+import org.spongycastle.openpgp.PGPKeyRing;
+import org.spongycastle.openpgp.PGPPublicKey;
+import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+import org.sufficientlysecure.keychain.util.IterableIterator;
+
+public abstract class WrappedKeyRing extends KeyRing {
+
+    private final boolean mHasAnySecret;
+    private final int mVerified;
+
+    WrappedKeyRing(boolean hasAnySecret, int verified) {
+        mHasAnySecret = hasAnySecret;
+        mVerified = verified;
+    }
+
+    public long getMasterKeyId() {
+        return getRing().getPublicKey().getKeyID();
+    }
+
+    public boolean hasAnySecret() {
+        return mHasAnySecret;
+    }
+
+    public int getVerified() {
+        return mVerified;
+    }
+
+    public String getPrimaryUserId() throws PgpGeneralException {
+        return (String) getRing().getPublicKey().getUserIDs().next();
+    };
+
+    public boolean isRevoked() throws PgpGeneralException {
+        // Is the master key revoked?
+        return getRing().getPublicKey().isRevoked();
+    }
+
+    public boolean canCertify() throws PgpGeneralException {
+        return getRing().getPublicKey().isEncryptionKey();
+    }
+
+    public long getEncryptId() throws PgpGeneralException {
+        for(PGPPublicKey key : new IterableIterator<PGPPublicKey>(getRing().getPublicKeys())) {
+            if(PgpKeyHelper.isEncryptionKey(key)) {
+                return key.getKeyID();
+            }
+        }
+        throw new PgpGeneralException("No valid encryption key found!");
+    }
+
+    public boolean hasEncrypt() throws PgpGeneralException {
+        try {
+            getEncryptId();
+            return true;
+        } catch(PgpGeneralException e) {
+            return false;
+        }
+    }
+
+    public long getSignId() throws PgpGeneralException {
+        for(PGPPublicKey key : new IterableIterator<PGPPublicKey>(getRing().getPublicKeys())) {
+            if(PgpKeyHelper.isSigningKey(key)) {
+                return key.getKeyID();
+            }
+        }
+        throw new PgpGeneralException("No valid signing key found!");
+    }
+
+    public boolean hasSign() throws PgpGeneralException {
+        try {
+            getSignId();
+            return true;
+        } catch (PgpGeneralException e) {
+            return false;
+        }
+    }
+
+    abstract PGPKeyRing getRing();
+
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKey.java

@@ -11,12 +11,12 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
 
 import java.security.SignatureException;
 
-public class CachedPublicKey extends UncachedPublicKey {
+public class WrappedPublicKey extends UncachedPublicKey {
 
     // this is the parent key ring
-    final CachedKeyRing mRing;
+    final KeyRing mRing;
 
-    CachedPublicKey(CachedKeyRing ring, PGPPublicKey key) {
+    WrappedPublicKey(KeyRing ring, PGPPublicKey key) {
         super(key);
         mRing = ring;
     }
@@ -25,7 +25,7 @@ public class CachedPublicKey extends UncachedPublicKey {
         return new IterableIterator<String>(mPublicKey.getUserIDs());
     }
 
-    public CachedKeyRing getKeyRing() {
+    public KeyRing getKeyRing() {
         return mRing;
     }
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java

@@ -18,18 +18,13 @@ import java.security.SignatureException;
 import java.util.Arrays;
 import java.util.Iterator;
 
-public class CachedPublicKeyRing extends CachedKeyRing {
+public class WrappedPublicKeyRing extends WrappedKeyRing {
 
     private PGPPublicKeyRing mRing;
     private final byte[] mPubKey;
 
-    public CachedPublicKeyRing(long masterKeyId, String userId, boolean hasAnySecret,
+    public WrappedPublicKeyRing(byte[] blob, boolean hasAnySecret, int verified) {
-                               boolean isRevoked, boolean canCertify, long hasEncryptId, long hasSignId,
+        super(hasAnySecret, verified);
-                               int verified, byte[] blob)
-    {
-        super(masterKeyId, userId, hasAnySecret, isRevoked, canCertify,
-                hasEncryptId, hasSignId, verified);
-
         mPubKey = blob;
     }
 
@@ -44,19 +39,19 @@ public class CachedPublicKeyRing extends CachedKeyRing {
         getRing().encode(stream);
     }
 
-    public CachedPublicKey getSubkey() {
+    public WrappedPublicKey getSubkey() {
-        return new CachedPublicKey(this, getRing().getPublicKey());
+        return new WrappedPublicKey(this, getRing().getPublicKey());
     }
 
-    public CachedPublicKey getSubkey(long id) {
+    public WrappedPublicKey getSubkey(long id) {
-        return new CachedPublicKey(this, getRing().getPublicKey(id));
+        return new WrappedPublicKey(this, getRing().getPublicKey(id));
     }
 
     /** Getter that returns the subkey that should be used for signing. */
-    CachedPublicKey getEncryptionSubKey() throws PgpGeneralException {
+    WrappedPublicKey getEncryptionSubKey() throws PgpGeneralException {
         PGPPublicKey key = getRing().getPublicKey(getEncryptId());
         if(key != null) {
-            CachedPublicKey cKey = new CachedPublicKey(this, key);
+            WrappedPublicKey cKey = new WrappedPublicKey(this, key);
             if(!cKey.canEncrypt()) {
                 throw new PgpGeneralException("key error");
             }
@@ -66,7 +61,7 @@ public class CachedPublicKeyRing extends CachedKeyRing {
         throw new PgpGeneralException("no encryption key available");
     }
 
-    public boolean verifySubkeyBinding(CachedPublicKey cachedSubkey) {
+    public boolean verifySubkeyBinding(WrappedPublicKey cachedSubkey) {
         boolean validSubkeyBinding = false;
         boolean validTempSubkeyBinding = false;
         boolean validPrimaryKeyBinding = false;
@@ -161,17 +156,17 @@ public class CachedPublicKeyRing extends CachedKeyRing {
         return validPrimaryKeyBinding;
     }
 
-    public IterableIterator<CachedPublicKey> iterator() {
+    public IterableIterator<WrappedPublicKey> iterator() {
         final Iterator<PGPPublicKey> it = getRing().getPublicKeys();
-        return new IterableIterator<CachedPublicKey>(new Iterator<CachedPublicKey>() {
+        return new IterableIterator<WrappedPublicKey>(new Iterator<WrappedPublicKey>() {
             @Override
             public boolean hasNext() {
                 return it.hasNext();
             }
 
             @Override
-            public CachedPublicKey next() {
+            public WrappedPublicKey next() {
-                return new CachedPublicKey(CachedPublicKeyRing.this, it.next());
+                return new WrappedPublicKey(WrappedPublicKeyRing.this, it.next());
             }
 
             @Override

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKey.java

@@ -26,18 +26,18 @@ import java.security.NoSuchProviderException;
 import java.security.SignatureException;
 import java.util.List;
 
-public class CachedSecretKey extends CachedPublicKey {
+public class WrappedSecretKey extends WrappedPublicKey {
 
     private final PGPSecretKey mSecretKey;
     private PGPPrivateKey mPrivateKey = null;
 
-    CachedSecretKey(CachedSecretKeyRing ring, PGPSecretKey key) {
+    WrappedSecretKey(WrappedSecretKeyRing ring, PGPSecretKey key) {
         super(ring, key.getPublicKey());
         mSecretKey = key;
     }
 
-    public CachedSecretKeyRing getRing() {
+    public WrappedSecretKeyRing getRing() {
-        return (CachedSecretKeyRing) mRing;
+        return (WrappedSecretKeyRing) mRing;
     }
 
     /** Returns the wrapped PGPSecretKeyRing.
@@ -137,7 +137,7 @@ public class CachedSecretKey extends CachedPublicKey {
      * @param userIds          User IDs to certify, must not be null or empty
      * @return A keyring with added certifications
      */
-    public UncachedKeyRing certifyUserIds(CachedPublicKeyRing publicKeyRing, List<String> userIds)
+    public UncachedKeyRing certifyUserIds(WrappedPublicKeyRing publicKeyRing, List<String> userIds)
             throws PgpGeneralMsgIdException, NoSuchAlgorithmException, NoSuchProviderException,
             PGPException, SignatureException {
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKeyRing.java

@@ -16,18 +16,13 @@ import java.io.IOException;
 import java.security.NoSuchProviderException;
 import java.util.Iterator;
 
-public class CachedSecretKeyRing extends CachedKeyRing {
+public class WrappedSecretKeyRing extends WrappedKeyRing {
 
     private PGPSecretKeyRing mRing;
 
-    public CachedSecretKeyRing(long masterKeyId, String userId, boolean hasAnySecret,
+    public WrappedSecretKeyRing(byte[] blob, boolean isRevoked, int verified)
-                               boolean isRevoked, boolean canCertify, long hasEncryptId, long hasSignId,
-                               int verified, byte[] blob)
     {
-        super(masterKeyId, userId, hasAnySecret,
+        super(isRevoked, verified);
-                isRevoked, canCertify, hasEncryptId, hasSignId,
-                verified);
-
         mRing = (PGPSecretKeyRing) PgpConversionHelper.BytesToPGPKeyRing(blob);
     }
 
@@ -35,19 +30,19 @@ public class CachedSecretKeyRing extends CachedKeyRing {
         return mRing;
     }
 
-    public CachedSecretKey getSubKey() {
+    public WrappedSecretKey getSubKey() {
-        return new CachedSecretKey(this, mRing.getSecretKey());
+        return new WrappedSecretKey(this, mRing.getSecretKey());
     }
 
-    public CachedSecretKey getSubKey(long id) {
+    public WrappedSecretKey getSubKey(long id) {
-        return new CachedSecretKey(this, mRing.getSecretKey(id));
+        return new WrappedSecretKey(this, mRing.getSecretKey(id));
     }
 
     /** Getter that returns the subkey that should be used for signing. */
-    CachedSecretKey getSigningSubKey() throws PgpGeneralException {
+    WrappedSecretKey getSigningSubKey() throws PgpGeneralException {
         PGPSecretKey key = mRing.getSecretKey(getSignId());
         if(key != null) {
-            CachedSecretKey cKey = new CachedSecretKey(this, key);
+            WrappedSecretKey cKey = new WrappedSecretKey(this, key);
             if(!cKey.canSign()) {
                 throw new PgpGeneralException("key error");
             }
@@ -105,17 +100,17 @@ public class CachedSecretKeyRing extends CachedKeyRing {
 
     }
 
-    public IterableIterator<CachedSecretKey> iterator() {
+    public IterableIterator<WrappedSecretKey> iterator() {
         final Iterator<PGPSecretKey> it = mRing.getSecretKeys();
-        return new IterableIterator<CachedSecretKey>(new Iterator<CachedSecretKey>() {
+        return new IterableIterator<WrappedSecretKey>(new Iterator<WrappedSecretKey>() {
             @Override
             public boolean hasNext() {
                 return it.hasNext();
             }
 
             @Override
-            public CachedSecretKey next() {
+            public WrappedSecretKey next() {
-                return new CachedSecretKey(CachedSecretKeyRing.this, it.next());
+                return new WrappedSecretKey(WrappedSecretKeyRing.this, it.next());
             }
 
             @Override

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/exception/PgpGeneralException.java

@@ -27,4 +27,7 @@ public class PgpGeneralException extends Exception {
     public PgpGeneralException(String message, Throwable cause) {
         super(message, cause);
     }
+    public PgpGeneralException(Throwable cause) {
+        super(cause);
+    }
 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/CachedPublicKeyRing.java

@@ -0,0 +1,125 @@
+package org.sufficientlysecure.keychain.provider;
+
+import android.net.Uri;
+
+import org.sufficientlysecure.keychain.pgp.KeyRing;
+import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+
+public class CachedPublicKeyRing extends KeyRing {
+
+    final ProviderHelper mProviderHelper;
+    final Uri mUri;
+
+    public CachedPublicKeyRing(ProviderHelper providerHelper, Uri uri) {
+        mProviderHelper = providerHelper;
+        mUri = uri;
+    }
+
+    public long getMasterKeyId() throws PgpGeneralException {
+        try {
+            return mProviderHelper.getMasterKeyId(mUri);
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public String getPrimaryUserId() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_STRING);
+            return (String) data;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public boolean isRevoked() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Long) data > 0;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public boolean canCertify() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Long) data > 0;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public long getEncryptId() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Long) data;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public boolean hasEncrypt() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Long) data > 0;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public long getSignId() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Long) data;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public boolean hasSign() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Long) data > 0;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public int getVerified() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Integer) data;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+    }
+
+    public boolean hasAnySecret() throws PgpGeneralException {
+        try {
+            Object data = mProviderHelper.getGenericData(mUri,
+                    KeychainContract.KeyRings.MASTER_KEY_ID,
+                    ProviderHelper.FIELD_TYPE_INTEGER);
+            return (Long) data > 0;
+        } catch(ProviderHelper.NotFoundException e) {
+            throw new PgpGeneralException(e);
+        }
+
+    }
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java

@@ -261,7 +261,7 @@ public class KeychainProvider extends ContentProvider {
                 projectionMap.put(KeyRings.PRIVKEY_DATA,
                         Tables.KEY_RINGS_SECRET + "." + KeyRingData.KEY_RING_DATA
                                 + " AS " + KeyRings.PRIVKEY_DATA);
-                projectionMap.put(KeyRings.HAS_SECRET, KeyRings.HAS_SECRET);
+                projectionMap.put(KeyRings.HAS_SECRET, Tables.KEYS + "." + KeyRings.HAS_SECRET);
                 projectionMap.put(KeyRings.HAS_ANY_SECRET,
                     "(EXISTS (SELECT * FROM " + Tables.KEY_RINGS_SECRET
                         + " WHERE " + Tables.KEY_RINGS_SECRET + "." + KeyRingData.MASTER_KEY_ID

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java

@@ -39,9 +39,9 @@ import org.spongycastle.openpgp.PGPSecretKeyRing;
 import org.spongycastle.openpgp.PGPSignature;
 import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
 import org.sufficientlysecure.keychain.Constants;
-import org.sufficientlysecure.keychain.pgp.CachedKeyRing;
+import org.sufficientlysecure.keychain.pgp.KeyRing;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
-import org.sufficientlysecure.keychain.pgp.CachedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpConversionHelper;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
@@ -67,7 +67,6 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 
 public class ProviderHelper {
@@ -198,56 +197,46 @@ public class ProviderHelper {
         return result;
     }
 
-    public CachedPublicKeyRing getCachedPublicKeyRing(long id) throws NotFoundException {
+    public CachedPublicKeyRing getCachedPublicKeyRing(Uri queryUri) {
-        return (CachedPublicKeyRing) getCachedKeyRing(
+        return new CachedPublicKeyRing(this, queryUri);
+    }
+
+    public WrappedPublicKeyRing getWrappedPublicKeyRing(long id) throws NotFoundException {
+        return (WrappedPublicKeyRing) getWrappedKeyRing(
                 KeyRings.buildUnifiedKeyRingUri(Long.toString(id)), false);
     }
 
-    public CachedPublicKeyRing getCachedPublicKeyRing(Uri queryUri) throws NotFoundException {
+    public WrappedPublicKeyRing getWrappedPublicKeyRing(Uri queryUri) throws NotFoundException {
-        return (CachedPublicKeyRing) getCachedKeyRing(queryUri, false);
+        return (WrappedPublicKeyRing) getWrappedKeyRing(queryUri, false);
     }
 
-    public CachedSecretKeyRing getCachedSecretKeyRing(long id) throws NotFoundException {
+    public WrappedSecretKeyRing getWrappedSecretKeyRing(long id) throws NotFoundException {
-        return (CachedSecretKeyRing) getCachedKeyRing(
+        return (WrappedSecretKeyRing) getWrappedKeyRing(
                 KeyRings.buildUnifiedKeyRingUri(Long.toString(id)), true);
     }
 
-    public CachedSecretKeyRing getCachedSecretKeyRing(Uri queryUri) throws NotFoundException {
+    public WrappedSecretKeyRing getWrappedSecretKeyRing(Uri queryUri) throws NotFoundException {
-        return (CachedSecretKeyRing) getCachedKeyRing(queryUri, true);
+        return (WrappedSecretKeyRing) getWrappedKeyRing(queryUri, true);
     }
 
 
-    private CachedKeyRing getCachedKeyRing(Uri queryUri, boolean secret) throws NotFoundException {
+    private KeyRing getWrappedKeyRing(Uri queryUri, boolean secret) throws NotFoundException {
         Cursor cursor = mContentResolver.query(queryUri,
                 new String[] {
-                    // we pick from cache:
+                    // we pick from cache only information that is not easily available from keyrings
-                    // basic data, primary uid in particular because it's expensive
+                    KeyRings.HAS_ANY_SECRET, KeyRings.VERIFIED,
-                    KeyRings.MASTER_KEY_ID, KeyRings.USER_ID, KeyRings.HAS_ANY_SECRET,
+                    // and of course, ring data
-                    // complex knowledge about subkeys
+                    secret ? KeyRings.PRIVKEY_DATA : KeyRings.PUBKEY_DATA
-                    KeyRings.IS_REVOKED, KeyRings.CAN_CERTIFY, KeyRings.HAS_ENCRYPT, KeyRings.HAS_SIGN,
-                    // stuff only the db knows and of course, ring data
-                    KeyRings.VERIFIED, secret ? KeyRings.PRIVKEY_DATA : KeyRings.PUBKEY_DATA
                 }, null, null, null);
         try {
             if (cursor != null && cursor.moveToFirst()) {
-                long masterKeyId = cursor.getLong(0);
+
-                String userId = cursor.getString(1);
+                boolean hasAnySecret = cursor.getInt(0) > 0;
-                boolean hasAnySecret = cursor.getInt(2) > 0;
+                int verified = cursor.getInt(1);
-                boolean isRevoked = cursor.getInt(3) > 0;
+                byte[] blob = cursor.getBlob(2);
-                boolean canCertify = cursor.getInt(4) > 0;
-                long hasEncryptId = cursor.getLong(5);
-                long hasSignId = cursor.getLong(6);
-                int verified = cursor.getInt(7);
-                byte[] blob = cursor.getBlob(8);
                 return secret
-                        ? new CachedSecretKeyRing(
+                        ? new WrappedSecretKeyRing(blob, hasAnySecret, verified)
-                              masterKeyId, userId, hasAnySecret,
+                        : new WrappedPublicKeyRing(blob, hasAnySecret, verified);
-                              isRevoked, canCertify, hasEncryptId, hasSignId,
-                              verified, blob)
-                        : new CachedPublicKeyRing(
-                              masterKeyId, userId, hasAnySecret,
-                              isRevoked, canCertify, hasEncryptId, hasSignId,
-                              verified, blob);
             } else {
                 throw new NotFoundException("Key not found!");
             }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java

@@ -419,7 +419,7 @@ public class OpenPgpService extends RemoteService {
 
             try {
                 // try to find key, throws NotFoundException if not in db!
-                mProviderHelper.getCachedPublicKeyRing(masterKeyId);
+                mProviderHelper.getWrappedPublicKeyRing(masterKeyId);
 
                 Intent result = new Intent();
                 result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java

@@ -27,14 +27,17 @@ import android.os.Messenger;
 import android.os.RemoteException;
 
 import org.spongycastle.bcpg.sig.KeyFlags;
+import org.spongycastle.openpgp.PGPKeyRing;
+import org.spongycastle.openpgp.PGPObjectFactory;
+import org.spongycastle.openpgp.PGPUtil;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.helper.FileHelper;
 import org.sufficientlysecure.keychain.helper.OtherHelper;
 import org.sufficientlysecure.keychain.helper.Preferences;
-import org.sufficientlysecure.keychain.pgp.CachedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKey;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
@@ -57,6 +60,7 @@ import org.sufficientlysecure.keychain.keyimport.KeybaseKeyServer;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 
+import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -512,7 +516,7 @@ public class KeychainIntentService extends IntentService
                 ProviderHelper providerHelper = new ProviderHelper(this);
                 if (!canSign) {
                     setProgress(R.string.progress_building_key, 0, 100);
-                    CachedSecretKeyRing keyRing = providerHelper.getCachedSecretKeyRing(masterKeyId);
+                    WrappedSecretKeyRing keyRing = providerHelper.getWrappedSecretKeyRing(masterKeyId);
                     UncachedSecretKeyRing newKeyRing =
                             keyRing.changeSecretKeyPassphrase(oldPassphrase, newPassphrase);
                     setProgress(R.string.progress_saving_key_ring, 50, 100);
@@ -522,8 +526,8 @@ public class KeychainIntentService extends IntentService
                     PgpKeyOperation keyOperations = new PgpKeyOperation(new ProgressScaler(this, 0, 90, 100));
                     UncachedKeyRing pair;
                     try {
-                        CachedSecretKeyRing privkey = providerHelper.getCachedSecretKeyRing(masterKeyId);
+                        WrappedSecretKeyRing privkey = providerHelper.getWrappedSecretKeyRing(masterKeyId);
-                        CachedPublicKeyRing pubkey = providerHelper.getCachedPublicKeyRing(masterKeyId);
+                        WrappedPublicKeyRing pubkey = providerHelper.getWrappedPublicKeyRing(masterKeyId);
 
                         pair = keyOperations.buildSecretKey(privkey, pubkey, saveParcel); // edit existing
                     } catch (ProviderHelper.NotFoundException e) {
@@ -720,7 +724,7 @@ public class KeychainIntentService extends IntentService
                 HkpKeyServer server = new HkpKeyServer(keyServer);
 
                 ProviderHelper providerHelper = new ProviderHelper(this);
-                CachedPublicKeyRing keyring = providerHelper.getCachedPublicKeyRing(dataUri);
+                WrappedPublicKeyRing keyring = providerHelper.getWrappedPublicKeyRing(dataUri);
                 PgpImportExport pgpImportExport = new PgpImportExport(this, null);
 
                 boolean uploaded = pgpImportExport.uploadKeyRingToServer(server, keyring);
@@ -850,9 +854,9 @@ public class KeychainIntentService extends IntentService
                 }
 
                 ProviderHelper providerHelper = new ProviderHelper(this);
-                CachedPublicKeyRing publicRing = providerHelper.getCachedPublicKeyRing(pubKeyId);
+                WrappedPublicKeyRing publicRing = providerHelper.getWrappedPublicKeyRing(pubKeyId);
-                CachedSecretKeyRing secretKeyRing = providerHelper.getCachedSecretKeyRing(masterKeyId);
+                WrappedSecretKeyRing secretKeyRing = providerHelper.getWrappedSecretKeyRing(masterKeyId);
-                CachedSecretKey certificationKey = secretKeyRing.getSubKey();
+                WrappedSecretKey certificationKey = secretKeyRing.getSubKey();
                 if(!certificationKey.unlock(signaturePassphrase)) {
                     throw new PgpGeneralException("Error extracting key (bad passphrase?)");
                 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java

@@ -42,7 +42,7 @@ import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
 import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.helper.Preferences;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.util.Log;
@@ -178,7 +178,7 @@ public class PassphraseCacheService extends Service {
         // try to get master key id which is used as an identifier for cached passphrases
         try {
             Log.d(TAG, "getCachedPassphraseImpl() for masterKeyId " + keyId);
-            CachedSecretKeyRing key = new ProviderHelper(this).getCachedSecretKeyRing(
+            WrappedSecretKeyRing key = new ProviderHelper(this).getWrappedSecretKeyRing(
                     KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(Long.toString(keyId)));
             // no passphrase needed? just add empty string and return it, then
             if (!key.hasPassphrase()) {
@@ -241,7 +241,7 @@ public class PassphraseCacheService extends Service {
     @Deprecated
     public static boolean hasPassphrase(Context context, long secretKeyId)
             throws ProviderHelper.NotFoundException {
-        return new ProviderHelper(context).getCachedSecretKeyRing(secretKeyId).hasPassphrase();
+        return new ProviderHelper(context).getWrappedSecretKeyRing(secretKeyId).hasPassphrase();
     }
 
     /**

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java

@@ -19,7 +19,6 @@
 package org.sufficientlysecure.keychain.ui;
 
 import android.app.Activity;
-import android.app.AlertDialog;
 import android.app.ProgressDialog;
 import android.content.Context;
 import android.content.DialogInterface;
@@ -48,8 +47,8 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.helper.ActionBarHelper;
 import org.sufficientlysecure.keychain.helper.ExportHelper;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKey;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpConversionHelper;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
 import org.sufficientlysecure.keychain.pgp.UncachedSecretKey;
@@ -287,10 +286,10 @@ public class EditKeyActivity extends ActionBarActivity implements EditorListener
 
             try {
                 Uri secretUri = KeyRings.buildUnifiedKeyRingUri(mDataUri);
-                CachedSecretKeyRing keyRing = new ProviderHelper(this).getCachedSecretKeyRing(secretUri);
+                WrappedSecretKeyRing keyRing = new ProviderHelper(this).getWrappedSecretKeyRing(secretUri);
 
                 mMasterCanSign = keyRing.getSubKey().canCertify();
-                for (CachedSecretKey key : keyRing.iterator()) {
+                for (WrappedSecretKey key : keyRing.iterator()) {
                     // Turn into uncached instance
                     mKeys.add(key.getUncached());
                     mKeysUsages.add(key.getKeyUsage()); // get usage when view is created

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java

@@ -32,7 +32,7 @@ import com.beardedhen.androidbootstrap.BootstrapButton;
 
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.pgp.CachedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
@@ -147,8 +147,8 @@ public class EncryptAsymmetricFragment extends Fragment {
         // not sure if we need to distinguish between different subkeys here?
         if (preselectedSignatureKeyId != 0) {
             try {
-                CachedPublicKeyRing keyring =
+                WrappedPublicKeyRing keyring =
-                        providerHelper.getCachedPublicKeyRing(preselectedSignatureKeyId);
+                        providerHelper.getWrappedPublicKeyRing(preselectedSignatureKeyId);
                 if(keyring.hasAnySecret()) {
                     setSignatureKeyId(keyring.getMasterKeyId());
                 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewCertActivity.java

@@ -39,7 +39,7 @@ import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPSignature;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.pgp.CachedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpConversionHelper;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
 import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
@@ -147,8 +147,8 @@ public class ViewCertActivity extends ActionBarActivity
             try {
                 ProviderHelper providerHelper = new ProviderHelper(this);
 
-                CachedPublicKeyRing signeeRing = providerHelper.getCachedPublicKeyRing(data.getLong(INDEX_MASTER_KEY_ID));
+                WrappedPublicKeyRing signeeRing = providerHelper.getWrappedPublicKeyRing(data.getLong(INDEX_MASTER_KEY_ID));
-                CachedPublicKeyRing signerRing = providerHelper.getCachedPublicKeyRing(sig.getKeyID());
+                WrappedPublicKeyRing signerRing = providerHelper.getWrappedPublicKeyRing(sig.getKeyID());
 
                 try {
                     signerRing.getSubkey().initSignature(sig);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/PassphraseDialogFragment.java

@@ -44,8 +44,8 @@ import android.widget.Toast;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKey;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
-import org.sufficientlysecure.keychain.pgp.CachedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
@@ -102,7 +102,7 @@ public class PassphraseDialogFragment extends DialogFragment implements OnEditor
         // check if secret key has a passphrase
         if (!(secretKeyId == Constants.key.symmetric || secretKeyId == Constants.key.none)) {
             try {
-                if (new ProviderHelper(context).getCachedSecretKeyRing(secretKeyId).hasPassphrase()) {
+                if (new ProviderHelper(context).getWrappedSecretKeyRing(secretKeyId).hasPassphrase()) {
                     throw new PgpGeneralException("No passphrase! No passphrase dialog needed!");
                 }
             } catch(ProviderHelper.NotFoundException e) {
@@ -138,17 +138,24 @@ public class PassphraseDialogFragment extends DialogFragment implements OnEditor
 
         alert.setTitle(R.string.title_authentication);
 
-        final CachedSecretKeyRing secretRing;
+        final WrappedSecretKeyRing secretRing;
-        final String userId;
+        String userId;
 
         if (secretKeyId == Constants.key.symmetric || secretKeyId == Constants.key.none) {
-            secretRing = null;
             alert.setMessage(R.string.passphrase_for_symmetric_encryption);
+            secretRing = null;
         } else {
             try {
                 ProviderHelper helper = new ProviderHelper(activity);
-                secretRing = helper.getCachedSecretKeyRing(secretKeyId);
+                secretRing = helper.getWrappedSecretKeyRing(secretKeyId);
-                userId = secretRing.getPrimaryUserId();
+                // yes the inner try/catch block is necessary, otherwise the final variable
+                // above can't be statically verified to have been set in all cases because
+                // the catch clause doesn't return.
+                try {
+                    userId = secretRing.getPrimaryUserId();
+                } catch (PgpGeneralException e) {
+                    userId = null;
+                }
             } catch (ProviderHelper.NotFoundException e) {
                 alert.setTitle(R.string.title_key_not_found);
                 alert.setMessage(getString(R.string.key_not_found, secretKeyId));
@@ -190,9 +197,9 @@ public class PassphraseDialogFragment extends DialogFragment implements OnEditor
                     return;
                 }
 
-                CachedSecretKey unlockedSecretKey = null;
+                WrappedSecretKey unlockedSecretKey = null;
 
-                for(CachedSecretKey clickSecretKey : secretRing.iterator()) {
+                for(WrappedSecretKey clickSecretKey : secretRing.iterator()) {
                     try {
                         boolean unlocked = clickSecretKey.unlock(passphrase);
                         if (unlocked) {