diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index e39924f7e..877857553 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -49,16 +49,16 @@ import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
-/** Wrapper for a PGPSecretKey.
- *
+/**
+ * Wrapper for a PGPSecretKey.
+ * <p/>
  * This object can only be obtained from a WrappedSecretKeyRing, and stores a
  * back reference to its parent.
- *
+ * <p/>
  * This class represents known secret keys which are stored in the database.
  * All "crypto operations using a known secret key" should be implemented in
  * this class, to ensure on type level that these operations are performed on
  * properly imported secret keys only.
- *
  */
 public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
 
@@ -99,19 +99,29 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         } catch (PGPException e) {
             return false;
         }
-        if(mPrivateKey == null) {
+        if (mPrivateKey == null) {
             throw new PgpGeneralException("error extracting key");
         }
         return true;
     }
 
-    // TODO: just a hack currently
+    /**
+     * Returns a list of all supported hash algorithms. This list is currently hardcoded to return
+     * a limited set of algorithms supported by Yubikeys.
+     *
+     * @return
+     */
     public LinkedList<Integer> getSupportedHashAlgorithms() {
         LinkedList<Integer> supported = new LinkedList<Integer>();
 
         if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
-            // TODO: only works with SHA256 ?!
+            // TODO: no support for MD5
+            supported.add(HashAlgorithmTags.RIPEMD160);
+            supported.add(HashAlgorithmTags.SHA1);
+            supported.add(HashAlgorithmTags.SHA224);
             supported.add(HashAlgorithmTags.SHA256);
+            supported.add(HashAlgorithmTags.SHA384);
+            supported.add(HashAlgorithmTags.SHA512); // preferred is latest
         } else {
             supported.add(HashAlgorithmTags.MD5);
             supported.add(HashAlgorithmTags.RIPEMD160);
@@ -148,7 +158,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
                     mSecretKey.getKeyID(), nfcSignedHash, nfcCreationTimestamp)
                     .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
 
-            Log.d(Constants.TAG, "mSecretKey.getKeyID() "+ PgpKeyHelper.convertKeyIdToHex(mSecretKey.getKeyID()));
+            Log.d(Constants.TAG, "mSecretKey.getKeyID() " + PgpKeyHelper.convertKeyIdToHex(mSecretKey.getKeyID()));
         } else {
             // content signer based on signing key algorithm and chosen hash algorithm
             contentSignerBuilder = new JcaPGPContentSignerBuilder(
@@ -176,7 +186,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
             }
             signatureGenerator.setHashedSubpackets(spGen.generate());
             return signatureGenerator;
-        } catch(PGPException e) {
+        } catch (PGPException e) {
             // TODO: simply throw PGPException!
             throw new PgpGeneralException("Error initializing signature!", e);
         }
@@ -194,8 +204,8 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
     /**
      * Certify the given pubkeyid with the given masterkeyid.
      *
-     * @param publicKeyRing    Keyring to add certification to.
-     * @param userIds          User IDs to certify, must not be null or empty
+     * @param publicKeyRing Keyring to add certification to.
+     * @param userIds       User IDs to certify, must not be null or empty
      * @return A keyring with added certifications
      */
     public UncachedKeyRing certifyUserIds(CanonicalizedPublicKeyRing publicKeyRing, List<String> userIds)
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
index 901611982..3fe535f65 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
@@ -261,10 +261,12 @@ public class PgpSignEncrypt {
 
     public static class NeedNfcDataException extends Exception {
         public byte[] mHashToSign;
+        public int mHashAlgo;
         public Date mCreationTimestamp;
 
-        public NeedNfcDataException(byte[] hashToSign, Date creationTimestamp) {
+        public NeedNfcDataException(byte[] hashToSign, int hashAlgo, Date creationTimestamp) {
             mHashToSign = hashToSign;
+            mHashAlgo = hashAlgo;
             mCreationTimestamp = creationTimestamp;
         }
     }
@@ -521,7 +523,7 @@ public class PgpSignEncrypt {
                 signatureGenerator.generate().encode(pOut);
             } catch (NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded e) {
                 // this secret key diverts to a OpenPGP card, throw exception with hash that will be signed
-                throw new NeedNfcDataException(e.hashToSign, e.creationTimestamp);
+                throw new NeedNfcDataException(e.hashToSign, e.hashAlgo, e.creationTimestamp);
             }
         }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 6bc623b85..44d37b926 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -138,11 +138,12 @@ public class OpenPgpService extends RemoteService {
         return result;
     }
 
-    private Intent getNfcIntent(Intent data, byte[] hashToSign) {
+    private Intent getNfcIntent(Intent data, byte[] hashToSign, int hashAlgo) {
         // build PendingIntent for Yubikey NFC operations
         Intent intent = new Intent(getBaseContext(), NfcActivity.class);
         intent.setAction(NfcActivity.ACTION_SIGN_HASH);
         intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign);
+        intent.putExtra(NfcActivity.EXTRA_NFC_HASH_ALGO, hashAlgo);
         intent.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
         // pass params through to activity that it can be returned again later to repeat pgp operation
         intent.putExtra(NfcActivity.EXTRA_DATA, data);
@@ -239,7 +240,7 @@ public class OpenPgpService extends RemoteService {
                     // pass through the signature creation timestamp to be used again on second execution
                     // of PgpSignEncrypt when we have the signed hash!
                     data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, e.mCreationTimestamp.getTime());
-                    return getNfcIntent(data, e.mHashToSign);
+                    return getNfcIntent(data, e.mHashToSign, e.mHashAlgo);
                 }
             } finally {
                 is.close();
diff --git a/extern/openpgp-card-nfc-lib b/extern/openpgp-card-nfc-lib
index 1531e38c3..1a0579e06 160000
--- a/extern/openpgp-card-nfc-lib
+++ b/extern/openpgp-card-nfc-lib
@@ -1 +1 @@
-Subproject commit 1531e38c30a9c3e072e302c1931fef2999fe08de
+Subproject commit 1a0579e06691a62b54137382bca0e381eab2df91