Remove advanced preferences, move compression as menu item in encrypt activites, select hash and encryption algo based on hardcoded preferred lists

2025-01-31 15:10:19 -05:00 · 2015-03-05 16:57:57 +01:00 · 2015-03-05 16:57:57 +01:00 · e45f000cb4
commit e45f000cb4
parent 8b7684baf7
19 changed files with 134 additions and 484 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
@ -64,19 +64,12 @@ public final class Constants {
    }
    public static final class Pref {
        public static final String DEFAULT_ENCRYPTION_ALGORITHM = "defaultEncryptionAlgorithm";
        public static final String DEFAULT_HASH_ALGORITHM = "defaultHashAlgorithm";
        public static final String DEFAULT_ASCII_ARMOR = "defaultAsciiArmor";
        public static final String DEFAULT_MESSAGE_COMPRESSION = "defaultMessageCompression";
        public static final String DEFAULT_FILE_COMPRESSION = "defaultFileCompression";
        public static final String PASSPHRASE_CACHE_TTL = "passphraseCacheTtl";
        public static final String PASSPHRASE_CACHE_SUBS = "passphraseCacheSubs";
        public static final String LANGUAGE = "language";
        public static final String KEY_SERVERS = "keyServers";
        public static final String PREF_DEFAULT_VERSION = "keyServersDefaultVersion";
        public static final String WRITE_VERSION_HEADER = "writeVersionHeader";
        public static final String FIRST_TIME = "firstTime";
        public static final String SHOW_ADVANCED_TABS = "showAdvancedTabs";
        public static final String CACHED_CONSOLIDATE = "cachedConsolidate";
        public static final String SEARCH_KEYSERVER = "search_keyserver_pref";
        public static final String SEARCH_KEYBASE = "search_keybase_pref";
@ -86,7 +79,7 @@ public final class Constants {
    public static final class Defaults {
        public static final String KEY_SERVERS = "hkps://hkps.pool.sks-keyservers.net, hkps://pgp.mit.edu";
-        public static final int PREF_VERSION = 5;
+        public static final int PREF_VERSION = 4;
    }
    public static final class key {
@ -94,11 +87,4 @@ public final class Constants {
        public static final int symmetric = -1;
    }
    public static interface OpenKeychainSymmetricKeyAlgorithmTags extends SymmetricKeyAlgorithmTags {
        public static final int USE_PREFERRED = -1;
    }
    public static interface OpenKeychainHashAlgorithmTags extends HashAlgorithmTags {
        public static final int USE_PREFERRED = -1;
    }
 }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportExportOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportExportOperation.java
@ -505,10 +505,6 @@ public class ImportExportOperation extends BaseOperation {
                // Create an output stream
                try {
                    arOutStream = new ArmoredOutputStream(outStream);
                    String version = PgpHelper.getVersionForHeader(mContext);
                    if (version != null) {
                        arOutStream.setHeader("Version", version);
                    }
                    log.add(LogType.MSG_EXPORT_PUBLIC, 1, KeyFormattingUtils.beautifyKeyId(keyId));
@ -533,10 +529,6 @@ public class ImportExportOperation extends BaseOperation {
                if (exportSecret && cursor.getInt(3) > 0) {
                    try {
                        arOutStream = new ArmoredOutputStream(outStream);
                        String version = PgpHelper.getVersionForHeader(mContext);
                        if (version != null) {
                            arOutStream.setHeader("Version", version);
                        }
                        // export secret key part
                        log.add(LogType.MSG_EXPORT_SECRET, 2, KeyFormattingUtils.beautifyKeyId(keyId));
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@ -177,52 +177,20 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
    }
    /**
-     * Returns a list of all supported hash algorithms. This list is currently hardcoded to return
+     * Returns a list of all supported hash algorithms.
     * a limited set of algorithms supported by Yubikeys.
     *
     * TODO: look into preferred algos of this key?
     */
    public LinkedList<Integer> getSupportedHashAlgorithms() {
        LinkedList<Integer> supported = new LinkedList<>();
-        if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
+        // TODO: intersection between preferred hash algos of this key and PgpConstants.PREFERRED_HASH_ALGORITHMS
-            // No support for MD5
+        // choose best algo
-            supported.add(HashAlgorithmTags.RIPEMD160);
+        for (int currentInt : PgpConstants.PREFERRED_HASH_ALGORITHMS) {
-            // don't allow SHA1
+            supported.add(currentInt);
            supported.add(HashAlgorithmTags.SHA224);
            supported.add(HashAlgorithmTags.SHA384);
            supported.add(HashAlgorithmTags.SHA512);
            supported.add(HashAlgorithmTags.SHA256); // preferred is latest
        } else {
            // NOTE: List of hash algorithms OpenKeychain wants to support!
            // don't allow MD5
            supported.add(HashAlgorithmTags.RIPEMD160);
            // don't allow SHA1
            supported.add(HashAlgorithmTags.SHA224);
            supported.add(HashAlgorithmTags.SHA384);
            supported.add(HashAlgorithmTags.SHA512);
            supported.add(HashAlgorithmTags.SHA256); // preferred is latest
            // some application don't support SHA512, thus preferred is SHA-256 (Mailvelope?)
        }
        return supported;
    }
    /**
     * TODO: look into preferred algos of this key?
     */
    public static LinkedList<Integer> getSupportedEncryptionAlgorithms() {
        LinkedList<Integer> supported = new LinkedList<>();
        supported.add(SymmetricKeyAlgorithmTags.TWOFISH);
        supported.add(SymmetricKeyAlgorithmTags.AES_128);
        supported.add(SymmetricKeyAlgorithmTags.AES_192);
        supported.add(SymmetricKeyAlgorithmTags.AES_256); // preferred is latest
        return supported;
    }
    private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo, byte[] nfcSignedHash,
                                                            Date nfcCreationTimestamp) {
        if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpHelper.java
@ -47,26 +47,6 @@ public class PgpHelper {
            ".*?(-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----).*",
            Pattern.DOTALL);
    public static String getVersion(Context context) {
        String version;
        try {
            PackageInfo pi = context.getPackageManager().getPackageInfo(Constants.PACKAGE_NAME, 0);
            version = pi.versionName;
            return version;
        } catch (NameNotFoundException e) {
            Log.e(Constants.TAG, "Version could not be retrieved!", e);
            return "0.0";
        }
    }
    public static String getVersionForHeader(Context context) {
        if(Preferences.getPreferences(context).getWriteVersionHeader()){
            return "OpenKeychain v" + getVersion(context);
        } else {
            return null;
        }
    }
    /**
     * Deletes file securely by overwriting it with random data before deleting it.
     * <p/>
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@ -18,9 +18,7 @@
 package org.sufficientlysecure.keychain.pgp;
 import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.spongycastle.bcpg.HashAlgorithmTags;
 import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.spongycastle.bcpg.sig.Features;
 import org.spongycastle.bcpg.sig.KeyFlags;
 import org.spongycastle.jce.spec.ElGamalParameterSpec;
@ -90,49 +88,6 @@ public class PgpKeyOperation {
    private Stack<Progressable> mProgress;
    private AtomicBoolean mCancelled;
    // most preferred is first
    private static final int[] PREFERRED_SYMMETRIC_ALGORITHMS = new int[]{
            SymmetricKeyAlgorithmTags.AES_256,
            SymmetricKeyAlgorithmTags.AES_192,
            SymmetricKeyAlgorithmTags.AES_128,
            SymmetricKeyAlgorithmTags.TWOFISH
    };
    private static final int[] PREFERRED_HASH_ALGORITHMS = new int[]{
            HashAlgorithmTags.SHA512,
            HashAlgorithmTags.SHA384,
            HashAlgorithmTags.SHA256,
            HashAlgorithmTags.SHA224,
            HashAlgorithmTags.RIPEMD160
    };
    private static final int[] PREFERRED_COMPRESSION_ALGORITHMS = new int[]{
            CompressionAlgorithmTags.ZLIB,
            CompressionAlgorithmTags.BZIP2,
            CompressionAlgorithmTags.ZIP
    };
    /*
     * Note: s2kcount is a number between 0 and 0xff that controls the
     * number of times to iterate the password hash before use. More
     * iterations are useful against offline attacks, as it takes more
     * time to check each password. The actual number of iterations is
     * rather complex, and also depends on the hash function in use.
     * Refer to Section 3.7.1.3 in rfc4880.txt. Bigger numbers give
     * you more iterations.  As a rough rule of thumb, when using
     * SHA256 as the hashing function, 0x10 gives you about 64
     * iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0,
     * or about 1 million iterations. The maximum you can go to is
     * 0xff, or about 2 million iterations.
     * from http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html
     *
     * Bouncy Castle default: 0x60
     * kbsriram proposes 0xc0
     * we use 0x90, a good trade-off between usability and security against offline attacks
     */
    private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90;
    private static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA256;
    private static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256;
    private static final int SECRET_KEY_SIGNATURE_HASH_ALGO = HashAlgorithmTags.SHA256;
    public PgpKeyOperation(Progressable progress) {
        super();
        if (progress != null) {
@ -346,14 +301,14 @@ public class PgpKeyOperation {
            // Build key encrypter and decrypter based on passphrase
            PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder()
-                    .build().get(SECRET_KEY_ENCRYPTOR_HASH_ALGO);
+                    .build().get(PgpConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
            PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder(
-                    SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc, SECRET_KEY_ENCRYPTOR_S2K_COUNT)
+                    PgpConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO,
                    encryptorHashCalc, PgpConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
            // NOTE: only SHA1 is supported for key checksum calculations.
            PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder()
-                    .build().get(HashAlgorithmTags.SHA1);
+                    .build().get(PgpConstants.SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO);
            PGPSecretKey masterSecretKey = new PGPSecretKey(keyPair.getPrivateKey(), keyPair.getPublicKey(),
                    sha1Calc, true, keyEncryptor);
@ -880,14 +835,14 @@ public class PgpKeyOperation {
                PGPSecretKey sKey; {
                    // Build key encrypter and decrypter based on passphrase
                    PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder()
-                            .build().get(SECRET_KEY_ENCRYPTOR_HASH_ALGO);
+                            .build().get(PgpConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
                    PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder(
-                            SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc, SECRET_KEY_ENCRYPTOR_S2K_COUNT)
+                            PgpConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
                            PgpConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
                            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray());
                    // NOTE: only SHA1 is supported for key checksum calculations.
                    PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder()
-                            .build().get(HashAlgorithmTags.SHA1);
+                            .build().get(PgpConstants.SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO);
                    sKey = new PGPSecretKey(keyPair.getPrivateKey(), pKey, sha1Calc, false, keyEncryptor);
                }
@ -1026,7 +981,8 @@ public class PgpKeyOperation {
                // add packet with EMPTY notation data (updates old one, but will be stripped later)
                PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                        masterPrivateKey.getPublicKeyPacket().getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                        masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
                        PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
                PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
                { // set subpackets
@ -1052,7 +1008,8 @@ public class PgpKeyOperation {
            // add packet with "pin" notation data
            PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                    masterPrivateKey.getPublicKeyPacket().getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                    masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
                    PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
            PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
            { // set subpackets
@ -1099,12 +1056,13 @@ public class PgpKeyOperation {
            OperationLog log, int indent) throws PGPException {
        PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder().build()
-                .get(SECRET_KEY_ENCRYPTOR_HASH_ALGO);
+                .get(PgpConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
        PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
                Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray());
        // Build key encryptor based on new passphrase
        PBESecretKeyEncryptor keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder(
-                SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc, SECRET_KEY_ENCRYPTOR_S2K_COUNT)
+                PgpConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
                PgpConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
                        newPassphrase.toCharArray());
@ -1237,7 +1195,8 @@ public class PgpKeyOperation {
            int flags, long expiry)
            throws IOException, PGPException, SignatureException {
        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPrivateKey.getPublicKeyPacket().getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
                PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
@ -1254,9 +1213,9 @@ public class PgpKeyOperation {
             * error than be ignored.
             */
            /* non-critical subpackets: */
-            hashedPacketsGen.setPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS);
+            hashedPacketsGen.setPreferredSymmetricAlgorithms(false, PgpConstants.PREFERRED_SYMMETRIC_ALGORITHMS);
-            hashedPacketsGen.setPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS);
+            hashedPacketsGen.setPreferredHashAlgorithms(false, PgpConstants.PREFERRED_HASH_ALGORITHMS);
-            hashedPacketsGen.setPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS);
+            hashedPacketsGen.setPreferredCompressionAlgorithms(false, PgpConstants.PREFERRED_COMPRESSION_ALGORITHMS);
            hashedPacketsGen.setPrimaryUserID(false, primary);
            /* critical subpackets: we consider those important for a modern pgp implementation */
@ -1280,7 +1239,8 @@ public class PgpKeyOperation {
            PGPUserAttributeSubpacketVector vector)
                throws IOException, PGPException, SignatureException {
        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPrivateKey.getPublicKeyPacket().getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
                PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
@ -1299,7 +1259,8 @@ public class PgpKeyOperation {
            PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId)
        throws IOException, PGPException, SignatureException {
        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPrivateKey.getPublicKeyPacket().getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
                PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
        PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
@ -1313,7 +1274,7 @@ public class PgpKeyOperation {
            PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey, PGPPublicKey pKey)
            throws IOException, PGPException, SignatureException {
        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPublicKey.getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                masterPublicKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
        PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
@ -1357,7 +1318,7 @@ public class PgpKeyOperation {
            PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
            subHashedPacketsGen.setSignatureCreationTime(false, creationTime);
            PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                    pKey.getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                    pKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
            PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
            sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
@ -1378,7 +1339,7 @@ public class PgpKeyOperation {
        }
        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPublicKey.getAlgorithm(), SECRET_KEY_SIGNATURE_HASH_ALGO)
+                masterPublicKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
        sGen.init(PGPSignature.SUBKEY_BINDING, masterPrivateKey);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInput.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInput.java
@ -12,10 +12,10 @@ public class PgpSignEncryptInput {
    protected int mCompressionId = CompressionAlgorithmTags.UNCOMPRESSED;
    protected long[] mEncryptionMasterKeyIds = null;
    protected String mSymmetricPassphrase = null;
-    protected int mSymmetricEncryptionAlgorithm = Constants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED;
+    protected int mSymmetricEncryptionAlgorithm = PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED;
    protected long mSignatureMasterKeyId = Constants.key.none;
    protected Long mSignatureSubKeyId = null;
-    protected int mSignatureHashAlgorithm = Constants.OpenKeychainHashAlgorithmTags.USE_PREFERRED;
+    protected int mSignatureHashAlgorithm = PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED;
    protected String mSignaturePassphrase = null;
    protected long mAdditionalEncryptId = Constants.key.none;
    protected byte[] mNfcSignedHash = null;
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@ -208,9 +208,9 @@ public class PgpSignEncryptOperation extends BaseOperation {
            // Use preferred hash algo
            int requestedAlgorithm = input.getSignatureHashAlgorithm();
            LinkedList<Integer> supported = signingKey.getSupportedHashAlgorithms();
-            if (requestedAlgorithm == Constants.OpenKeychainHashAlgorithmTags.USE_PREFERRED) {
+            if (requestedAlgorithm == PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED) {
                // get most preferred
-                input.setSignatureHashAlgorithm(supported.getLast());
+                input.setSignatureHashAlgorithm(supported.getFirst());
            } else if (!supported.contains(requestedAlgorithm)) {
                log.add(LogType.MSG_PSE_ERROR_HASH_ALGO, indent);
                return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
@ -224,9 +224,10 @@ public class PgpSignEncryptOperation extends BaseOperation {
            // Use preferred encryption algo
            int algo = input.getSymmetricEncryptionAlgorithm();
-            if (algo == Constants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED) {
+            if (algo == PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED) {
                // get most preferred
-                algo = CanonicalizedSecretKey.getSupportedEncryptionAlgorithms().getLast();
+                // TODO: get from recipients
                algo = PgpConstants.PREFERRED_SYMMETRIC_ALGORITHMS[0];
            }
            // has Integrity packet enabled!
            JcePGPDataEncryptorBuilder encryptorBuilder =
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@ -1372,8 +1372,7 @@ public class ProviderHelper {
        UncachedKeyRing keyRing = UncachedKeyRing.decodeFromData(data);
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        String version = PgpHelper.getVersionForHeader(mContext);
+        keyRing.encodeArmored(bos, null);
        keyRing.encodeArmored(bos, version);
        String armoredKey = bos.toString("UTF-8");
        Log.d(Constants.TAG, "armoredKey:" + armoredKey);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@ -36,8 +36,10 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInput;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
@ -260,8 +262,8 @@ public class OpenPgpService extends RemoteService {
                    .setEnableAsciiArmorOutput(asciiArmor)
                    .setCleartextSignature(cleartextSign)
                    .setDetachedSignature(!cleartextSign)
-                    .setVersionHeader(PgpHelper.getVersionForHeader(this))
+                    .setVersionHeader(null)
-                    .setSignatureHashAlgorithm(Preferences.getPreferences(this).getDefaultHashAlgorithm())
+                    .setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
                    .setSignatureMasterKeyId(accSettings.getKeyId())
                    .setNfcState(nfcSignedHash, nfcCreationDate);
@ -358,9 +360,9 @@ public class OpenPgpService extends RemoteService {
            PgpSignEncryptInput pseInput = new PgpSignEncryptInput();
            pseInput.setEnableAsciiArmorOutput(asciiArmor)
-                    .setVersionHeader(PgpHelper.getVersionForHeader(this))
+                    .setVersionHeader(null)
                    .setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED)
-                    .setSymmetricEncryptionAlgorithm(Preferences.getPreferences(this).getDefaultEncryptionAlgorithm())
+                    .setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED)
                    .setEncryptionMasterKeyIds(keyIds)
                    .setFailOnMissingEncryptionKeyIds(true)
                    .setAdditionalEncryptId(accSettings.getKeyId()); // add acc key for encryption
@ -376,7 +378,7 @@ public class OpenPgpService extends RemoteService {
                }
                // sign and encrypt
-                pseInput.setSignatureHashAlgorithm(Preferences.getPreferences(this).getDefaultHashAlgorithm())
+                pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
                        .setSignatureMasterKeyId(accSettings.getKeyId())
                        .setNfcState(nfcSignedHash, nfcCreationDate);
            }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivityInterface.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivityInterface.java
@ -28,6 +28,7 @@ public interface EncryptActivityInterface {
    }
    public boolean isUseArmor();
    public boolean isUseCompression();
    public long getSignatureKey();
    public long[] getEncryptionKeys();
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
@ -25,11 +25,13 @@ import android.support.v4.app.Fragment;
 import android.view.Menu;
 import android.view.MenuItem;
 import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.api.OpenKeychainIntents;
 import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
 import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
 import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
@ -66,6 +68,7 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
    private long mSigningKeyId = Constants.key.none;
    private String mPassphrase = "";
    private boolean mUseArmor;
    private boolean mUseCompression;
    private boolean mDeleteAfterEncrypt = false;
    private boolean mShareAfterEncrypt = false;
    private ArrayList<Uri> mInputUris;
@ -81,6 +84,11 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
        return mUseArmor;
    }
    @Override
    public boolean isUseCompression() {
        return mUseCompression;
    }
    @Override
    public long getSignatureKey() {
        return mSigningKeyId;
@ -196,12 +204,13 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
        data.addInputUris(mInputUris);
        data.addOutputUris(mOutputUris);
-        data.setCompressionId(Preferences.getPreferences(this).getDefaultMessageCompression());
+        if (mUseCompression) {
-        data.setSymmetricEncryptionAlgorithm(Preferences.getPreferences(this).getDefaultEncryptionAlgorithm());
+            data.setCompressionId(CompressionAlgorithmTags.ZLIB);
-        data.setSignatureHashAlgorithm(Preferences.getPreferences(this).getDefaultHashAlgorithm());
+        } else {
-
+            data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
-        // Always use armor for messages
+        }
-        data.setEnableAsciiArmorOutput(mUseArmor);
+        data.setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
        data.setSignatureHashAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
        if (isModeSymmetric()) {
            Log.d(Constants.TAG, "Symmetric encryption enabled!");
@ -317,8 +326,6 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
        // Handle intent actions
        handleActions(getIntent());
        updateModeFragment();
        mUseArmor = Preferences.getPreferences(this).getDefaultAsciiArmor();
    }
    @Override
@ -329,7 +336,6 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
    @Override
    public boolean onCreateOptionsMenu(Menu menu) {
        getMenuInflater().inflate(R.menu.encrypt_file_activity, menu);
        menu.findItem(R.id.check_use_armor).setChecked(mUseArmor);
        return super.onCreateOptionsMenu(menu);
    }
@ -350,22 +356,31 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
            item.setChecked(!item.isChecked());
        }
        switch (item.getItemId()) {
-            case R.id.check_use_symmetric:
+            case R.id.check_use_symmetric: {
                mCurrentMode = item.isChecked() ? MODE_SYMMETRIC : MODE_ASYMMETRIC;
                updateModeFragment();
                notifyUpdate();
                break;
-            case R.id.check_use_armor:
+            }
            case R.id.check_use_armor: {
                mUseArmor = item.isChecked();
                notifyUpdate();
                break;
-            case R.id.check_delete_after_encrypt:
+            }
            case R.id.check_delete_after_encrypt: {
                mDeleteAfterEncrypt = item.isChecked();
                notifyUpdate();
                break;
-            default:
+            }
            case R.id.check_enable_compression: {
                mUseCompression = item.isChecked();
                notifyUpdate();
                break;
            }
            default: {
                return super.onOptionsItemSelected(item);
            }
        }
        return true;
    }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
@ -25,12 +25,14 @@ import android.support.v4.app.Fragment;
 import android.view.Menu;
 import android.view.MenuItem;
 import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.api.OpenKeychainIntents;
 import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
 import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
 import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
@ -70,6 +72,7 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
    private ArrayList<Uri> mInputUris;
    private ArrayList<Uri> mOutputUris;
    private String mMessage = "";
    private boolean mUseCompression;
    public boolean isModeSymmetric() {
        return MODE_SYMMETRIC == mCurrentMode;
@ -80,6 +83,11 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
        return true;
    }
    @Override
    public boolean isUseCompression() {
        return mUseCompression;
    }
    @Override
    public long getSignatureKey() {
        return mSigningKeyId;
@ -189,9 +197,13 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
        data.setBytes(mMessage.getBytes());
        data.setCleartextSignature(true);
-        data.setCompressionId(Preferences.getPreferences(this).getDefaultMessageCompression());
+        if (mUseCompression) {
-        data.setSymmetricEncryptionAlgorithm(Preferences.getPreferences(this).getDefaultEncryptionAlgorithm());
+            data.setCompressionId(CompressionAlgorithmTags.ZLIB);
-        data.setSignatureHashAlgorithm(Preferences.getPreferences(this).getDefaultHashAlgorithm());
+        } else {
            data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
        }
        data.setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
        data.setSignatureHashAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
        // Always use armor for messages
        data.setEnableAsciiArmorOutput(true);
@ -330,14 +342,21 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
            item.setChecked(!item.isChecked());
        }
        switch (item.getItemId()) {
-            case R.id.check_use_symmetric:
+            case R.id.check_use_symmetric: {
                mCurrentMode = item.isChecked() ? MODE_SYMMETRIC : MODE_ASYMMETRIC;
                updateModeFragment();
                notifyUpdate();
                break;
-            default:
+            }
            case R.id.check_enable_compression: {
                mUseCompression = item.isChecked();
                notifyUpdate();
                break;
            }
            default: {
                return super.onOptionsItemSelected(item);
            }
        }
        return true;
    }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsActivity.java
@ -91,12 +91,6 @@ public class SettingsActivity extends PreferenceActivity {
            initializePassphraseCacheTtl(
                    (IntegerListPreference) findPreference(Constants.Pref.PASSPHRASE_CACHE_TTL));
            initializeEncryptionAlgorithm(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_ENCRYPTION_ALGORITHM));
            initializeHashAlgorithm(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_HASH_ALGORITHM));
            int[] valueIds = new int[]{
                    CompressionAlgorithmTags.UNCOMPRESSED,
                    CompressionAlgorithmTags.ZIP,
@ -113,20 +107,6 @@ public class SettingsActivity extends PreferenceActivity {
                values[i] = "" + valueIds[i];
            }
            initializeMessageCompression(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_MESSAGE_COMPRESSION),
                    entries, values);
            initializeFileCompression(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_FILE_COMPRESSION),
                    entries, values);
            initializeAsciiArmor(
                    (CheckBoxPreference) findPreference(Constants.Pref.DEFAULT_ASCII_ARMOR));
            initializeWriteVersionHeader(
                    (CheckBoxPreference) findPreference(Constants.Pref.WRITE_VERSION_HEADER));
            initializeUseDefaultYubikeyPin(
                    (CheckBoxPreference) findPreference(Constants.Pref.USE_DEFAULT_YUBIKEY_PIN));
@ -263,12 +243,6 @@ public class SettingsActivity extends PreferenceActivity {
            initializePassphraseCacheTtl(
                    (IntegerListPreference) findPreference(Constants.Pref.PASSPHRASE_CACHE_TTL));
            initializeEncryptionAlgorithm(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_ENCRYPTION_ALGORITHM));
            initializeHashAlgorithm(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_HASH_ALGORITHM));
            int[] valueIds = new int[]{
                    CompressionAlgorithmTags.UNCOMPRESSED,
                    CompressionAlgorithmTags.ZIP,
@ -288,20 +262,6 @@ public class SettingsActivity extends PreferenceActivity {
                values[i] = "" + valueIds[i];
            }
            initializeMessageCompression(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_MESSAGE_COMPRESSION),
                    entries, values);
            initializeFileCompression(
                    (IntegerListPreference) findPreference(Constants.Pref.DEFAULT_FILE_COMPRESSION),
                    entries, values);
            initializeAsciiArmor(
                    (CheckBoxPreference) findPreference(Constants.Pref.DEFAULT_ASCII_ARMOR));
            initializeWriteVersionHeader(
                    (CheckBoxPreference) findPreference(Constants.Pref.WRITE_VERSION_HEADER));
            initializeUseDefaultYubikeyPin(
                    (CheckBoxPreference) findPreference(Constants.Pref.USE_DEFAULT_YUBIKEY_PIN));
@ -342,131 +302,6 @@ public class SettingsActivity extends PreferenceActivity {
                });
    }
    private static void initializeEncryptionAlgorithm(final IntegerListPreference mEncryptionAlgorithm) {
        int valueIds[] = {
                Constants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED,
                Constants.OpenKeychainSymmetricKeyAlgorithmTags.AES_256,
                Constants.OpenKeychainSymmetricKeyAlgorithmTags.AES_192,
                Constants.OpenKeychainSymmetricKeyAlgorithmTags.AES_128,
                Constants.OpenKeychainSymmetricKeyAlgorithmTags.TWOFISH,
        };
        String entries[] = {
                "Use preferred algorithm",
                "AES-256",
                "AES-192",
                "AES-128",
                "Twofish",
        };
        String values[] = new String[valueIds.length];
        for (int i = 0; i < values.length; ++i) {
            values[i] = "" + valueIds[i];
        }
        mEncryptionAlgorithm.setEntries(entries);
        mEncryptionAlgorithm.setEntryValues(values);
        mEncryptionAlgorithm.setValue("" + sPreferences.getDefaultEncryptionAlgorithm());
        mEncryptionAlgorithm.setSummary(mEncryptionAlgorithm.getEntry());
        mEncryptionAlgorithm
                .setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
                    public boolean onPreferenceChange(Preference preference, Object newValue) {
                        mEncryptionAlgorithm.setValue(newValue.toString());
                        mEncryptionAlgorithm.setSummary(mEncryptionAlgorithm.getEntry());
                        sPreferences.setDefaultEncryptionAlgorithm(Integer.parseInt(newValue
                                .toString()));
                        return false;
                    }
                });
    }
    private static void initializeHashAlgorithm(final IntegerListPreference mHashAlgorithm) {
        int[] valueIds = new int[]{
                Constants.OpenKeychainHashAlgorithmTags.USE_PREFERRED,
                Constants.OpenKeychainHashAlgorithmTags.SHA512,
                Constants.OpenKeychainHashAlgorithmTags.SHA384,
                Constants.OpenKeychainHashAlgorithmTags.SHA256,
                Constants.OpenKeychainHashAlgorithmTags.SHA224,
                Constants.OpenKeychainHashAlgorithmTags.RIPEMD160,
        };
        String[] entries = new String[]{
                "Use preferred algorithm",
                "SHA-512",
                "SHA-384",
                "SHA-256",
                "SHA-224",
                "RIPEMD-160"};
        String[] values = new String[valueIds.length];
        for (int i = 0; i < values.length; ++i) {
            values[i] = "" + valueIds[i];
        }
        mHashAlgorithm.setEntries(entries);
        mHashAlgorithm.setEntryValues(values);
        mHashAlgorithm.setValue("" + sPreferences.getDefaultHashAlgorithm());
        mHashAlgorithm.setSummary(mHashAlgorithm.getEntry());
        mHashAlgorithm.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
            public boolean onPreferenceChange(Preference preference, Object newValue) {
                mHashAlgorithm.setValue(newValue.toString());
                mHashAlgorithm.setSummary(mHashAlgorithm.getEntry());
                sPreferences.setDefaultHashAlgorithm(Integer.parseInt(newValue.toString()));
                return false;
            }
        });
    }
    private static void initializeMessageCompression(final IntegerListPreference mMessageCompression,
                                                     String[] entries, String[] values) {
        mMessageCompression.setEntries(entries);
        mMessageCompression.setEntryValues(values);
        mMessageCompression.setValue("" + sPreferences.getDefaultMessageCompression());
        mMessageCompression.setSummary(mMessageCompression.getEntry());
        mMessageCompression
                .setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
                    public boolean onPreferenceChange(Preference preference, Object newValue) {
                        mMessageCompression.setValue(newValue.toString());
                        mMessageCompression.setSummary(mMessageCompression.getEntry());
                        sPreferences.setDefaultMessageCompression(Integer.parseInt(newValue
                                .toString()));
                        return false;
                    }
                });
    }
    private static void initializeFileCompression
            (final IntegerListPreference mFileCompression, String[] entries, String[] values) {
        mFileCompression.setEntries(entries);
        mFileCompression.setEntryValues(values);
        mFileCompression.setValue("" + sPreferences.getDefaultFileCompression());
        mFileCompression.setSummary(mFileCompression.getEntry());
        mFileCompression.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
            public boolean onPreferenceChange(Preference preference, Object newValue) {
                mFileCompression.setValue(newValue.toString());
                mFileCompression.setSummary(mFileCompression.getEntry());
                sPreferences.setDefaultFileCompression(Integer.parseInt(newValue.toString()));
                return false;
            }
        });
    }
    private static void initializeAsciiArmor(final CheckBoxPreference mAsciiArmor) {
        mAsciiArmor.setChecked(sPreferences.getDefaultAsciiArmor());
        mAsciiArmor.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
            public boolean onPreferenceChange(Preference preference, Object newValue) {
                mAsciiArmor.setChecked((Boolean) newValue);
                sPreferences.setDefaultAsciiArmor((Boolean) newValue);
                return false;
            }
        });
    }
    private static void initializeWriteVersionHeader(final CheckBoxPreference mWriteVersionHeader) {
        mWriteVersionHeader.setChecked(sPreferences.getWriteVersionHeader());
        mWriteVersionHeader.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
            public boolean onPreferenceChange(Preference preference, Object newValue) {
                mWriteVersionHeader.setChecked((Boolean) newValue);
                sPreferences.setWriteVersionHeader((Boolean) newValue);
                return false;
            }
        });
    }
    private static void initializeSearchKeyserver(final CheckBoxPreference mSearchKeyserver) {
        Preferences.CloudSearchPrefs prefs = sPreferences.getCloudSearchPrefs();
        mSearchKeyserver.setChecked(prefs.searchKeyserver);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
@ -20,11 +20,7 @@ package org.sufficientlysecure.keychain.util;
 import android.content.Context;
 import android.content.SharedPreferences;
 import android.os.Build;
 import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.spongycastle.bcpg.HashAlgorithmTags;
 import org.spongycastle.openpgp.PGPEncryptedData;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.Constants.Pref;
@ -99,60 +95,6 @@ public class Preferences {
        editor.commit();
    }
    public int getDefaultEncryptionAlgorithm() {
        return mSharedPreferences.getInt(Constants.Pref.DEFAULT_ENCRYPTION_ALGORITHM,
                PGPEncryptedData.AES_256);
    }
    public void setDefaultEncryptionAlgorithm(int value) {
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putInt(Constants.Pref.DEFAULT_ENCRYPTION_ALGORITHM, value);
        editor.commit();
    }
    public int getDefaultHashAlgorithm() {
        return mSharedPreferences.getInt(Constants.Pref.DEFAULT_HASH_ALGORITHM,
                HashAlgorithmTags.SHA256);
    }
    public void setDefaultHashAlgorithm(int value) {
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putInt(Constants.Pref.DEFAULT_HASH_ALGORITHM, value);
        editor.commit();
    }
    public int getDefaultMessageCompression() {
        return mSharedPreferences.getInt(Constants.Pref.DEFAULT_MESSAGE_COMPRESSION,
                CompressionAlgorithmTags.ZLIB);
    }
    public void setDefaultMessageCompression(int value) {
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putInt(Constants.Pref.DEFAULT_MESSAGE_COMPRESSION, value);
        editor.commit();
    }
    public int getDefaultFileCompression() {
        return mSharedPreferences.getInt(Constants.Pref.DEFAULT_FILE_COMPRESSION,
                CompressionAlgorithmTags.UNCOMPRESSED);
    }
    public void setDefaultFileCompression(int value) {
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putInt(Constants.Pref.DEFAULT_FILE_COMPRESSION, value);
        editor.commit();
    }
    public boolean getDefaultAsciiArmor() {
        return mSharedPreferences.getBoolean(Constants.Pref.DEFAULT_ASCII_ARMOR, false);
    }
    public void setDefaultAsciiArmor(boolean value) {
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putBoolean(Constants.Pref.DEFAULT_ASCII_ARMOR, value);
        editor.commit();
    }
    public boolean getCachedConsolidate() {
        return mSharedPreferences.getBoolean(Pref.CACHED_CONSOLIDATE, false);
    }
@ -228,16 +170,6 @@ public class Preferences {
        editor.commit();
    }
    public void setWriteVersionHeader(boolean conceal) {
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putBoolean(Constants.Pref.WRITE_VERSION_HEADER, conceal);
        editor.commit();
    }
    public boolean getWriteVersionHeader() {
        return mSharedPreferences.getBoolean(Constants.Pref.WRITE_VERSION_HEADER, false);
    }
    public void setSearchKeyserver(boolean searchKeyserver) {
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putBoolean(Pref.SEARCH_KEYSERVER, searchKeyserver);
@ -299,32 +231,9 @@ public class Preferences {
                    }
                    setKeyServers(servers.toArray(new String[servers.size()]));
                    // migrate old uncompressed constant to new one
                    if (mSharedPreferences.getInt(Constants.Pref.DEFAULT_FILE_COMPRESSION, 0)
                            == 0x21070001) {
                        setDefaultFileCompression(CompressionAlgorithmTags.UNCOMPRESSED);
                    }
                    // migrate away from MD5
                    if (mSharedPreferences.getInt(Constants.Pref.DEFAULT_HASH_ALGORITHM, 0)
                            == HashAlgorithmTags.MD5) {
                        setDefaultHashAlgorithm(HashAlgorithmTags.SHA256);
                    }
                }
                // fall through
                case 4: {
                    // for compatibility: change from SHA512 to SHA256
                    if (mSharedPreferences.getInt(Constants.Pref.DEFAULT_HASH_ALGORITHM, 0)
                            == HashAlgorithmTags.SHA512) {
                        setDefaultHashAlgorithm(HashAlgorithmTags.SHA256);
                    }
                }
                // fall through
                case 5: {
                    // use preferred hash and encryption algo setting
                    setDefaultHashAlgorithm(Constants.OpenKeychainHashAlgorithmTags.USE_PREFERRED);
                    setDefaultEncryptionAlgorithm(Constants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
                }
            }
--- a/OpenKeychain/src/main/res/menu/encrypt_file_activity.xml
+++ b/OpenKeychain/src/main/res/menu/encrypt_file_activity.xml
@ -12,4 +12,9 @@
        android:id="@+id/check_delete_after_encrypt"
        android:title="@string/label_delete_after_encryption"
        android:checkable="true" />
    <item
        android:id="@+id/check_enable_compression"
        android:title="@string/label_enable_compression"
        android:checked="true"
        android:checkable="true" />
 </menu>
--- a/OpenKeychain/src/main/res/menu/encrypt_text_activity.xml
+++ b/OpenKeychain/src/main/res/menu/encrypt_text_activity.xml
@ -4,4 +4,9 @@
        android:id="@+id/check_use_symmetric"
        android:title="@string/label_symmetric"
        android:checkable="true" />
    <item
        android:id="@+id/check_enable_compression"
        android:title="@string/label_enable_compression"
        android:checked="true"
        android:checkable="true" />
 </menu>
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@ -161,6 +161,7 @@
    <string name="expiry_date_dialog_title">"Set expiry date"</string>
    <string name="label_first_keyserver_is_used">"(First keyserver listed is preferred)"</string>
    <string name="label_preferred">"preferred"</string>
    <string name="label_enable_compression">"Enable compression"</string>
    <string name="user_id_no_name">"&lt;no name&gt;"</string>
    <string name="none">"&lt;none&gt;"</string>
--- a/OpenKeychain/src/main/res/xml/adv_preferences.xml
+++ b/OpenKeychain/src/main/res/xml/adv_preferences.xml
@ -1,32 +1,4 @@
 <PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android">
    <PreferenceCategory android:title="@string/section_defaults">
        <CheckBoxPreference
            android:key="writeVersionHeader"
            android:persistent="false"
            android:title="@string/label_write_version_header"
            android:summary="@string/label_write_version_header_summary" />
        <org.sufficientlysecure.keychain.ui.widget.IntegerListPreference
            android:key="defaultEncryptionAlgorithm"
            android:persistent="false"
            android:title="@string/label_encryption_algorithm" />
        <org.sufficientlysecure.keychain.ui.widget.IntegerListPreference
            android:key="defaultHashAlgorithm"
            android:persistent="false"
            android:title="@string/label_hash_algorithm" />
        <org.sufficientlysecure.keychain.ui.widget.IntegerListPreference
            android:key="defaultMessageCompression"
            android:persistent="false"
            android:title="@string/label_message_compression" />
        <org.sufficientlysecure.keychain.ui.widget.IntegerListPreference
            android:key="defaultFileCompression"
            android:persistent="false"
            android:title="@string/label_file_compression" />
        <CheckBoxPreference
            android:key="defaultAsciiArmor"
            android:persistent="false"
            android:title="@string/label_ascii_armor" />
    </PreferenceCategory>
    <PreferenceCategory android:title="@string/section_passphrase_cache">
    <org.sufficientlysecure.keychain.ui.widget.IntegerListPreference
        android:entries="@array/passphrase_cache_ttl_entries"
        android:entryValues="@array/passphrase_cache_ttl_values"
@ -48,5 +20,4 @@
        android:persistent="false"
        android:defaultValue="false"
        android:title="@string/label_use_num_keypad_for_yubikey_pin" />
    </PreferenceCategory>
 </PreferenceScreen>
--- a/OpenKeychain/src/main/res/xml/preference_headers.xml
+++ b/OpenKeychain/src/main/res/xml/preference_headers.xml
@ -4,5 +4,5 @@
        android:title="@string/section_cloud_search" />
    <header
        android:fragment="org.sufficientlysecure.keychain.ui.SettingsActivity$AdvancedPrefsFragment"
-        android:title="@string/section_advanced" />
+        android:title="@string/section_passphrase_cache" />
 </preference-headers>