Better API demo, open activity from service, discover crypto provider with packagemanager instead of register intent

16 files changed, 907 insertions, 304 deletions

diff --git a/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml b/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml
index 447734a52..ecc2b4ac5 100644
--- a/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml
+++ b/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml
@@ -15,58 +15,47 @@
             android:onClick="registerCryptoProvider"
             android:text="Register crypto provider" />
 
-        <Button
-            android:id="@+id/aidl_demo_select_secret_key"
-            android:layout_width="match_parent"
-            android:layout_height="wrap_content"
-            android:onClick="selectSecretKeyOnClick"
-            android:text="Select secret key" />
-
-        <Button
-            android:id="@+id/aidl_demo_select_encryption_key"
-            android:layout_width="match_parent"
-            android:layout_height="wrap_content"
-            android:onClick="selectEncryptionKeysOnClick"
-            android:text="Select encryption key(s)" />
-
         <EditText
-            android:id="@+id/aidl_demo_message"
+            android:id="@+id/crypto_provider_demo_message"
             android:layout_width="match_parent"
             android:layout_height="150dip"
             android:text="message"
             android:textAppearance="@android:style/TextAppearance.Small" />
 
         <EditText
-            android:id="@+id/aidl_demo_ciphertext"
+            android:id="@+id/crypto_provider_demo_ciphertext"
             android:layout_width="match_parent"
             android:layout_height="150dip"
-            android:text="ciphertext"
+            android:text="-----BEGIN PGP MESSAGE-----
+Charset: UTF-8
+Version: GnuPG v1.4.12 (GNU/Linux)
+Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
+
+hQEMAwCgOoTtKmfpAQgAlzmyQYCfkalCsAIxwtroHV9Bwz5LWY4GJNVrFBVddSFJ
+VkVxx/UDqtIS+TvL8RBG3Er3xFilTV+iBSDjSGIXHkSv6Z7Od69nKcQpJLNaCpDj
+/Ag7PsINLUzAvUdPto3ZMCwShe/uoD4e4Gr5BG8na/9W77tegufS2gUUlc5BAOZP
+GUlSPySJP2bpI/3U/R86Z2ByzFKeJIEKWBtBvMPmIgA5VPo0+mamTedRhOIrJM/R
+vUMM2HfLjAxcX9lYEw4aQGROOu1xpN9FPojQOO10imibZb+TEcxtSHwpj2vll1BP
+pXvtuR0E9OGVmRI9aBXiRTB2P9SJ6UPpR13m8FaLVtJPAa2xH4wA5Yr6uZ5x7LjO
+BtO8VErKgoUpO57BgU1ZsVFEcrGiobkreXabKIB+qC0qMJ6maoLlnOPi1IAvhU42
+z/7HBqqhcNiHc5JMs9+wmw==
+=00nh
+-----END PGP MESSAGE-----"
             android:textAppearance="@android:style/TextAppearance.Small" />
 
         <Button
-            android:id="@+id/aidl_demo_encrypt"
+            android:id="@+id/crypto_provider_demo_encrypt"
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:onClick="encryptOnClick"
             android:text="Encrypt" />
 
         <Button
-            android:id="@+id/aidl_demo_decrypt"
+            android:id="@+id/crypto_provider_demo_decrypt"
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:onClick="decryptOnClick"
             android:text="Decrypt" />
-
-        <TextView
-            android:layout_width="match_parent"
-            android:layout_height="match_parent"
-            android:text="APG Data:" />
-
-        <TextView
-            android:id="@+id/aidl_demo_data"
-            android:layout_width="match_parent"
-            android:layout_height="match_parent"
-            android:minLines="10" />
     </LinearLayout>
 
 </ScrollView>
\ No newline at end of file
diff --git a/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoError.aidl b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoError.aidl
new file mode 100644
index 000000000..7b67c8995
--- /dev/null
+++ b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoError.aidl
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.openintents.crypto;
+
+// Declare CryptoError so AIDL can find it and knows that it implements the parcelable protocol.
+parcelable CryptoError;
\ No newline at end of file
diff --git a/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoError.java b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoError.java
new file mode 100644
index 000000000..265fe2633
--- /dev/null
+++ b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoError.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.openintents.crypto;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+public class CryptoError implements Parcelable {
+    int errorId;
+    String message;
+
+    public CryptoError() {
+    }
+
+    public CryptoError(int errorId, String message) {
+        this.errorId = errorId;
+        this.message = message;
+    }
+
+    public CryptoError(CryptoError b) {
+        this.errorId = b.errorId;
+        this.message = b.message;
+    }
+
+    public int getErrorId() {
+        return errorId;
+    }
+
+    public void setErrorId(int errorId) {
+        this.errorId = errorId;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public int describeContents() {
+        return 0;
+    }
+
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeInt(errorId);
+        dest.writeString(message);
+    }
+
+    public static final Creator<CryptoError> CREATOR = new Creator<CryptoError>() {
+        public CryptoError createFromParcel(final Parcel source) {
+            CryptoError error = new CryptoError();
+            error.errorId = source.readInt();
+            error.message = source.readString();
+            return error;
+        }
+
+        public CryptoError[] newArray(final int size) {
+            return new CryptoError[size];
+        }
+    };
+}
diff --git a/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java
new file mode 100644
index 000000000..5df32dcf9
--- /dev/null
+++ b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.openintents.crypto;
+
+import org.openintents.crypto.ICryptoService;
+
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.ServiceConnection;
+import android.os.IBinder;
+import android.util.Log;
+
+public class CryptoServiceConnection {
+    private Context mApplicationContext;
+
+    private ICryptoService mService;
+    private boolean bound;
+    private String cryptoProviderPackageName;
+
+    private static final String TAG = "CryptoConnection";
+
+    public CryptoServiceConnection(Context context, String cryptoProviderPackageName) {
+        mApplicationContext = context.getApplicationContext();
+        this.cryptoProviderPackageName = cryptoProviderPackageName;
+    }
+
+    public ICryptoService getService() {
+        return mService;
+    }
+
+    private ServiceConnection mCryptoServiceConnection = new ServiceConnection() {
+        public void onServiceConnected(ComponentName name, IBinder service) {
+            mService = ICryptoService.Stub.asInterface(service);
+            Log.d(TAG, "connected to service");
+            bound = true;
+        }
+
+        public void onServiceDisconnected(ComponentName name) {
+            mService = null;
+            Log.d(TAG, "disconnected from service");
+            bound = false;
+        }
+    };
+
+    /**
+     * If not already bound, bind!
+     * 
+     * @return
+     */
+    public boolean bindToService() {
+        if (mService == null && !bound) { // if not already connected
+            try {
+                Log.d(TAG, "not bound yet");
+
+                Intent serviceIntent = new Intent();
+                serviceIntent.setAction("org.openintents.crypto.ICryptoService");
+                serviceIntent.setPackage(cryptoProviderPackageName); // TODO: test
+                mApplicationContext.bindService(serviceIntent, mCryptoServiceConnection,
+                        Context.BIND_AUTO_CREATE);
+
+                return true;
+            } catch (Exception e) {
+                Log.d(TAG, "Exception", e);
+                return false;
+            }
+        } else { // already connected
+            Log.d(TAG, "already bound... ");
+            return true;
+        }
+    }
+
+    public void unbindFromService() {
+        mApplicationContext.unbindService(mCryptoServiceConnection);
+    }
+
+}
diff --git a/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoSignatureResult.aidl b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoSignatureResult.aidl
new file mode 100644
index 000000000..1d39bac70
--- /dev/null
+++ b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoSignatureResult.aidl
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.openintents.crypto;
+
+// Declare CryptoSignatureResult so AIDL can find it and knows that it implements the parcelable protocol.
+parcelable CryptoSignatureResult;
\ No newline at end of file
diff --git a/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoSignatureResult.java b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoSignatureResult.java
new file mode 100644
index 000000000..e193b73b3
--- /dev/null
+++ b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoSignatureResult.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.openintents.crypto;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+public class CryptoSignatureResult implements Parcelable {
+    String signatureUserId;
+
+    boolean signature;
+    boolean signatureSuccess;
+    boolean signatureUnknown;
+
+    public CryptoSignatureResult() {
+
+    }
+
+    public CryptoSignatureResult(String signatureUserId, boolean signature,
+            boolean signatureSuccess, boolean signatureUnknown) {
+        this.signatureUserId = signatureUserId;
+
+        this.signature = signature;
+        this.signatureSuccess = signatureSuccess;
+        this.signatureUnknown = signatureUnknown;
+    }
+
+    public CryptoSignatureResult(CryptoSignatureResult b) {
+        this.signatureUserId = b.signatureUserId;
+
+        this.signature = b.signature;
+        this.signatureSuccess = b.signatureSuccess;
+        this.signatureUnknown = b.signatureUnknown;
+    }
+
+    public int describeContents() {
+        return 0;
+    }
+
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeString(signatureUserId);
+
+        dest.writeByte((byte) (signature ? 1 : 0));
+        dest.writeByte((byte) (signatureSuccess ? 1 : 0));
+        dest.writeByte((byte) (signatureUnknown ? 1 : 0));
+    }
+
+    public static final Creator<CryptoSignatureResult> CREATOR = new Creator<CryptoSignatureResult>() {
+        public CryptoSignatureResult createFromParcel(final Parcel source) {
+            CryptoSignatureResult vr = new CryptoSignatureResult();
+            vr.signatureUserId = source.readString();
+            vr.signature = source.readByte() == 1;
+            vr.signatureSuccess = source.readByte() == 1;
+            vr.signatureUnknown = source.readByte() == 1;
+            return vr;
+        }
+
+        public CryptoSignatureResult[] newArray(final int size) {
+            return new CryptoSignatureResult[size];
+        }
+    };
+}
diff --git a/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoCallback.aidl b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoCallback.aidl
new file mode 100644
index 000000000..80c741a9e
--- /dev/null
+++ b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoCallback.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.openintents.crypto;
+
+import org.openintents.crypto.CryptoSignatureResult;
+import org.openintents.crypto.CryptoError;
+
+interface ICryptoCallback {
+
+    oneway void onEncryptSignSuccess(in byte[] outputBytes);
+    
+    oneway void onDecryptVerifySuccess(in byte[] outputBytes, in CryptoSignatureResult signatureResult);
+
+
+    oneway void onError(in CryptoError error);
+}
\ No newline at end of file
diff --git a/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl
new file mode 100644
index 000000000..04c8eb30e
--- /dev/null
+++ b/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.openintents.crypto;
+
+import org.openintents.crypto.ICryptoCallback;
+
+/**
+ * All methods are oneway, which means they are asynchronous and non-blocking.
+ * Results are returned to the callback, which has to be implemented on client side.
+ */
+interface ICryptoService {
+       
+    /**
+     * Encrypt
+     * 
+     * @param inputBytes
+     *            Byte array you want to encrypt
+     * @param encryptionUserIds
+     *            User Ids (emails) of recipients
+     * @param callback
+     *            Callback where to return results
+     */
+    oneway void encrypt(in byte[] inputBytes, in String[] encryptionUserIds, in ICryptoCallback callback);
+    
+    /**
+     * Encrypt and sign
+     *
+     * @param inputBytes
+     *            Byte array you want to encrypt
+     * @param encryptionUserIds
+     *            User Ids (emails) of recipients
+     * @param signatureUserId
+     *            User Ids (email) of sender
+     * @param callback
+     *            Callback where to return results
+     */
+    oneway void encryptAndSign(in byte[] inputBytes, in String[] encryptionUserIds, String signatureUserId, in ICryptoCallback callback);
+    
+    /**
+     * Sign
+     *
+     * @param inputBytes
+     *            Byte array you want to encrypt
+     * @param signatureUserId
+     *            User Ids (email) of sender
+     * @param callback
+     *            Callback where to return results
+     */
+    oneway void sign(in byte[] inputBytes, String signatureUserId, in ICryptoCallback callback);
+    
+    /**
+     * Decrypts and verifies given input bytes. If no signature is present this method
+     * will only decrypt.
+     * 
+     * @param inputBytes
+     *            Byte array you want to decrypt and verify
+     * @param callback
+     *            Callback where to return results
+     */
+    oneway void decryptAndVerify(in byte[] inputBytes, in ICryptoCallback callback);    
+    
+}
\ No newline at end of file
diff --git a/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java b/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
index b915e2a76..03668fcab 100644
--- a/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
+++ b/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,30 +16,30 @@
 
 package org.sufficientlysecure.keychain.demo;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.openintents.crypto.CryptoError;
+import org.openintents.crypto.CryptoServiceConnection;
+import org.openintents.crypto.CryptoSignatureResult;
+import org.openintents.crypto.ICryptoCallback;
 import org.sufficientlysecure.keychain.demo.R;
 import org.sufficientlysecure.keychain.integration.Constants;
-import org.sufficientlysecure.keychain.integration.KeychainData;
-import org.sufficientlysecure.keychain.integration.KeychainIntentHelper;
-import org.sufficientlysecure.keychain.service.IKeychainApiService;
-import org.sufficientlysecure.keychain.service.IKeychainKeyService;
-import org.sufficientlysecure.keychain.service.handler.IKeychainDecryptHandler;
-import org.sufficientlysecure.keychain.service.handler.IKeychainEncryptHandler;
-import org.sufficientlysecure.keychain.service.handler.IKeychainGetDecryptionKeyIdHandler;
 
 import android.app.Activity;
 import android.app.AlertDialog;
-import android.content.ActivityNotFoundException;
-import android.content.ComponentName;
-import android.content.Context;
+import android.content.DialogInterface;
 import android.content.Intent;
-import android.content.ServiceConnection;
+import android.content.pm.ResolveInfo;
+import android.graphics.drawable.Drawable;
 import android.os.Bundle;
-import android.os.IBinder;
 import android.os.RemoteException;
 import android.util.Log;
 import android.view.View;
+import android.view.ViewGroup;
+import android.widget.ArrayAdapter;
+import android.widget.ListAdapter;
 import android.widget.TextView;
-import android.widget.Toast;
 
 public class CryptoProviderDemoActivity extends Activity {
     Activity mActivity;
@@ -48,19 +48,9 @@ public class CryptoProviderDemoActivity extends Activity {
     TextView mCiphertextTextView;
     TextView mDataTextView;
 
-    KeychainIntentHelper mKeychainIntentHelper;
-    KeychainData mKeychainData;
-
-    private IKeychainApiService service = null;
-    private ServiceConnection svcConn = new ServiceConnection() {
-        public void onServiceConnected(ComponentName className, IBinder binder) {
-            service = IKeychainApiService.Stub.asInterface(binder);
-        }
+    private CryptoServiceConnection mCryptoServiceConnection;
 
-        public void onServiceDisconnected(ComponentName className) {
-            service = null;
-        }
-    };
+    private static final String CRYPTO_SERVICE_INTENT = "org.openintents.crypto.ICryptoService";
 
     @Override
     public void onCreate(Bundle icicle) {
@@ -69,55 +59,49 @@ public class CryptoProviderDemoActivity extends Activity {
 
         mActivity = this;
 
-        mMessageTextView = (TextView) findViewById(R.id.aidl_demo_message);
-        mCiphertextTextView = (TextView) findViewById(R.id.aidl_demo_ciphertext);
+        mMessageTextView = (TextView) findViewById(R.id.crypto_provider_demo_message);
+        mCiphertextTextView = (TextView) findViewById(R.id.crypto_provider_demo_ciphertext);
         mDataTextView = (TextView) findViewById(R.id.aidl_demo_data);
 
-        mKeychainIntentHelper = new KeychainIntentHelper(mActivity);
-        mKeychainData = new KeychainData();
-
-        bindService(new Intent(IKeychainApiService.class.getName()), svcConn,
-                Context.BIND_AUTO_CREATE);
+        selectCryptoProvider();
     }
 
-    public void registerCryptoProvider(View view) {
-        try {
-            startActivityForResult(Intent.createChooser(new Intent("com.android.crypto.REGISTER"),
-                    "select crypto provider"), 123);
-        } catch (ActivityNotFoundException e) {
-            Toast.makeText(mActivity, "No app that handles com.android.crypto.REGISTER!",
-                    Toast.LENGTH_LONG).show();
-            Log.e(Constants.TAG, "No app that handles com.android.crypto.REGISTER!");
+    /**
+     * Callback from remote crypto service
+     */
+    final ICryptoCallback.Stub callback = new ICryptoCallback.Stub() {
+
+        @Override
+        public void onEncryptSignSuccess(byte[] outputBytes) throws RemoteException {
+            // not needed here
         }
-    }
 
-    @Override
-    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
-        if (requestCode == 123) {
-            if (resultCode == RESULT_OK) {
-                String packageName = data.getStringExtra("packageName");
-                Log.d(Constants.TAG, "packageName: " + packageName);
-            }
+        @Override
+        public void onDecryptVerifySuccess(byte[] outputBytes, CryptoSignatureResult signatureResult)
+                throws RemoteException {
+            Log.d(Constants.TAG, "onDecryptVerifySuccess");
+
+            // PgpData data = new PgpData();
+            // data.setDecryptedData(new String(outputBytes));
+            // mFragment.setMessageWithPgpData(data);
         }
 
-        // boolean result = mKeychainIntentHelper.onActivityResult(requestCode, resultCode, data,
-        // mKeychainData);
-        // if (result) {
-        // updateView();
-        // }
+        @Override
+        public void onError(CryptoError error) throws RemoteException {
+            Log.e(Constants.TAG, "onError getErrorId:" + error.getErrorId());
+            Log.e(Constants.TAG, "onError getErrorId:" + error.getMessage());
+        }
 
-        // continue with other activity results
-        super.onActivityResult(requestCode, resultCode, data);
-    }
+    };
 
     public void encryptOnClick(View view) {
         byte[] inputBytes = mMessageTextView.getText().toString().getBytes();
 
         try {
-            service.encryptAsymmetric(inputBytes, null, true, 0, mKeychainData.getPublicKeys(), 7,
-                    encryptHandler);
+            mCryptoServiceConnection.getService().encrypt(inputBytes,
+                    new String[] { "dominik@dominikschuermann.de" }, callback);
         } catch (RemoteException e) {
-            exceptionImplementation(-1, e.toString());
+            Log.e(Constants.TAG, "CryptoProviderDemo", e);
         }
     }
 
@@ -125,114 +109,109 @@ public class CryptoProviderDemoActivity extends Activity {
         byte[] inputBytes = mCiphertextTextView.getText().toString().getBytes();
 
         try {
-            service.decryptAndVerifyAsymmetric(inputBytes, null, null, decryptHandler);
+            mCryptoServiceConnection.getService().decryptAndVerify(inputBytes, callback);
         } catch (RemoteException e) {
-            exceptionImplementation(-1, e.toString());
-        }
-    }
-
-    private void updateView() {
-        if (mKeychainData.getDecryptedData() != null) {
-            mMessageTextView.setText(mKeychainData.getDecryptedData());
-        }
-        if (mKeychainData.getEncryptedData() != null) {
-            mCiphertextTextView.setText(mKeychainData.getEncryptedData());
+            Log.e(Constants.TAG, "CryptoProviderDemo", e);
         }
-        mDataTextView.setText(mKeychainData.toString());
     }
 
     @Override
     public void onDestroy() {
         super.onDestroy();
 
-        unbindService(svcConn);
-    }
-
-    private void exceptionImplementation(int exceptionId, String error) {
-        AlertDialog.Builder builder = new AlertDialog.Builder(this);
-        builder.setTitle("Exception!").setMessage(error).setPositiveButton("OK", null).show();
+        if (mCryptoServiceConnection != null) {
+            mCryptoServiceConnection.unbindFromService();
+        }
     }
 
-    private final IKeychainEncryptHandler.Stub encryptHandler = new IKeychainEncryptHandler.Stub() {
+    private static class CryptoProviderElement {
+        private String packageName;
+        private String simpleName;
+        private Drawable icon;
 
-        @Override
-        public void onException(final int exceptionId, final String message) throws RemoteException {
-            runOnUiThread(new Runnable() {
-                public void run() {
-                    exceptionImplementation(exceptionId, message);
-                }
-            });
+        public CryptoProviderElement(String packageName, String simpleName, Drawable icon) {
+            this.packageName = packageName;
+            this.simpleName = simpleName;
+            this.icon = icon;
         }
 
         @Override
-        public void onSuccess(final byte[] outputBytes, String outputUri) throws RemoteException {
-            runOnUiThread(new Runnable() {
-                public void run() {
-                    mKeychainData.setEncryptedData(new String(outputBytes));
-                    updateView();
-                }
-            });
+        public String toString() {
+            return simpleName;
         }
+    }
 
-    };
+    private void selectCryptoProvider() {
+        Intent intent = new Intent(CRYPTO_SERVICE_INTENT);
 
-    private final IKeychainDecryptHandler.Stub decryptHandler = new IKeychainDecryptHandler.Stub() {
+        final ArrayList<CryptoProviderElement> providerList = new ArrayList<CryptoProviderElement>();
 
-        @Override
-        public void onException(final int exceptionId, final String message) throws RemoteException {
-            runOnUiThread(new Runnable() {
-                public void run() {
-                    exceptionImplementation(exceptionId, message);
-                }
-            });
-        }
+        List<ResolveInfo> resInfo = getPackageManager().queryIntentServices(intent, 0);
+        if (!resInfo.isEmpty()) {
+            for (ResolveInfo resolveInfo : resInfo) {
+                if (resolveInfo.serviceInfo == null)
+                    continue;
 
-        @Override
-        public void onSuccess(final byte[] outputBytes, String outputUri, boolean signature,
-                long signatureKeyId, String signatureUserId, boolean signatureSuccess,
-                boolean signatureUnknown) throws RemoteException {
-            runOnUiThread(new Runnable() {
-                public void run() {
-                    mKeychainData.setDecryptedData(new String(outputBytes));
-                    updateView();
-                }
-            });
+                String packageName = resolveInfo.serviceInfo.packageName;
+                String simpleName = String.valueOf(resolveInfo.serviceInfo
+                        .loadLabel(getPackageManager()));
+                Drawable icon = resolveInfo.serviceInfo.loadIcon(getPackageManager());
+                providerList.add(new CryptoProviderElement(packageName, simpleName, icon));
+            }
 
-        }
+            AlertDialog.Builder alert = new AlertDialog.Builder(this);
+            alert.setTitle("Select Crypto Provider!");
+            alert.setCancelable(false);
 
-    };
+            if (!providerList.isEmpty()) {
 
-    private final IKeychainGetDecryptionKeyIdHandler.Stub helperHandler = new IKeychainGetDecryptionKeyIdHandler.Stub() {
+                // Init ArrayAdapter with Crypto Providers
+                ListAdapter adapter = new ArrayAdapter<CryptoProviderElement>(this,
+                        android.R.layout.select_dialog_item, android.R.id.text1, providerList) {
+                    public View getView(int position, View convertView, ViewGroup parent) {
+                        // User super class to create the View
+                        View v = super.getView(position, convertView, parent);
+                        TextView tv = (TextView) v.findViewById(android.R.id.text1);
 
-        @Override
-        public void onException(final int exceptionId, final String message) throws RemoteException {
-            runOnUiThread(new Runnable() {
-                public void run() {
-                    exceptionImplementation(exceptionId, message);
-                }
-            });
-        }
+                        // Put the image on the TextView
+                        tv.setCompoundDrawablesWithIntrinsicBounds(providerList.get(position).icon,
+                                null, null, null);
 
-        @Override
-        public void onSuccess(long arg0, boolean arg1) throws RemoteException {
-            // TODO Auto-generated method stub
+                        // Add margin between image and text (support various screen densities)
+                        int dp5 = (int) (5 * getResources().getDisplayMetrics().density + 0.5f);
+                        tv.setCompoundDrawablePadding(dp5);
 
-        }
+                        return v;
+                    }
+                };
 
-    };
+                alert.setSingleChoiceItems(adapter, -1, new DialogInterface.OnClickListener() {
 
-    /**
-     * Selection is done with Intents, not AIDL!
-     * 
-     * @param view
-     */
-    public void selectSecretKeyOnClick(View view) {
-        mKeychainIntentHelper.selectSecretKey();
-    }
+                    public void onClick(DialogInterface dialog, int position) {
+                        String packageName = providerList.get(position).packageName;
 
-    public void selectEncryptionKeysOnClick(View view) {
-        mKeychainIntentHelper.selectPublicKeys("user@example.com");
+                        // bind to service
+                        mCryptoServiceConnection = new CryptoServiceConnection(
+                                CryptoProviderDemoActivity.this, packageName);
+                        mCryptoServiceConnection.bindToService();
 
-    }
+                        dialog.dismiss();
+                    }
+                });
+            } else {
+                alert.setMessage("No Crypto Provider installed!");
+            }
+
+            alert.setNegativeButton(android.R.string.cancel, new DialogInterface.OnClickListener() {
 
+                public void onClick(DialogInterface dialog, int id) {
+                    dialog.cancel();
+                    finish();
+                }
+            });
+
+            AlertDialog ad = alert.create();
+            ad.show();
+        }
+    }
 }
diff --git a/OpenPGP-Keychain/AndroidManifest.xml b/OpenPGP-Keychain/AndroidManifest.xml
index 219cf2751..0b8ed515e 100644
--- a/OpenPGP-Keychain/AndroidManifest.xml
+++ b/OpenPGP-Keychain/AndroidManifest.xml
@@ -456,29 +456,18 @@
             android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider"
             android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" />
 
-        <!-- Crypto Provider other intents -->
+        <!-- Crypto Provider internal intents -->
+
         <activity
             android:name=".crypto_provider.CryptoActivity"
+            android:exported="false"
             android:label="TODO crypto activity"
             android:process=":crypto" >
-            <intent-filter>
-                <action android:name="org.sufficientlysecure.keychain.CRYPTO_CACHE_PASSPHRASE" />
 
-                <category android:name="android.intent.category.DEFAULT" />
-            </intent-filter>
+            <!-- Don't publish intents, they are only used internally! -->
         </activity>
 
         <!-- Crypto Provider API -->
-        <activity
-            android:name=".crypto_provider.RegisterActivity"
-            android:label="TODO reg"
-            android:process=":crypto" >
-            <intent-filter>
-                <action android:name="org.openintents.crypto.REGISTER" />
-
-                <category android:name="android.intent.category.DEFAULT" />
-            </intent-filter>
-        </activity>
 
         <service
             android:name="org.sufficientlysecure.keychain.crypto_provider.CryptoService"
@@ -487,6 +476,9 @@
             android:process=":crypto" >
             <intent-filter>
                 <action android:name="org.openintents.crypto.ICryptoService" />
+
+                <!-- Can only be used from OpenPGP Keychain (internal): -->
+                <action android:name="org.sufficientlysecure.keychain.crypto_provider.ICryptoServiceActivity" />
             </intent-filter>
 
             <meta-data
diff --git a/OpenPGP-Keychain/src/org/openintents/crypto/CryptoServiceConnection.java b/OpenPGP-Keychain/src/org/openintents/crypto/CryptoServiceConnection.java
index 5df32dcf9..d9e91f772 100644
--- a/OpenPGP-Keychain/src/org/openintents/crypto/CryptoServiceConnection.java
+++ b/OpenPGP-Keychain/src/org/openintents/crypto/CryptoServiceConnection.java
@@ -69,7 +69,7 @@ public class CryptoServiceConnection {
 
                 Intent serviceIntent = new Intent();
                 serviceIntent.setAction("org.openintents.crypto.ICryptoService");
-                serviceIntent.setPackage(cryptoProviderPackageName); // TODO: test
+                serviceIntent.setPackage(cryptoProviderPackageName);
                 mApplicationContext.bindService(serviceIntent, mCryptoServiceConnection,
                         Context.BIND_AUTO_CREATE);
 
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoActivity.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoActivity.java
index b1d248e42..7ffc42022 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoActivity.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoActivity.java
@@ -1,19 +1,36 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.sufficientlysecure.keychain.crypto_provider;
 
 import org.sufficientlysecure.keychain.Constants;
-import org.sufficientlysecure.keychain.Id;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.helper.PgpMain;
-import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.ui.dialog.PassphraseDialogFragment;
 import org.sufficientlysecure.keychain.util.Log;
 
 import com.actionbarsherlock.app.SherlockFragmentActivity;
 
-import android.app.Activity;
+import android.content.ComponentName;
+import android.content.Context;
 import android.content.Intent;
+import android.content.ServiceConnection;
 import android.os.Bundle;
 import android.os.Handler;
+import android.os.IBinder;
 import android.os.Message;
 import android.os.Messenger;
 import android.view.View;
@@ -22,21 +39,81 @@ import android.widget.Button;
 
 public class CryptoActivity extends SherlockFragmentActivity {
 
+    public static final String ACTION_REGISTER = "org.sufficientlysecure.keychain.REGISTER";
     public static final String ACTION_CACHE_PASSPHRASE = "org.sufficientlysecure.keychain.CRYPTO_CACHE_PASSPHRASE";
 
-    public static final String EXTRA_SECRET_KEY_ID = "secret_key_id";
+    public static final String EXTRA_SECRET_KEY_ID = "secretKeyId";
+    public static final String EXTRA_PACKAGE_NAME = "packageName";
+
+    private ICryptoServiceActivity mService;
+    private boolean mServiceBound;
+
+    private ServiceConnection mServiceActivityConnection = new ServiceConnection() {
+        public void onServiceConnected(ComponentName name, IBinder service) {
+            mService = ICryptoServiceActivity.Stub.asInterface(service);
+            Log.d(Constants.TAG, "connected to ICryptoServiceActivity");
+            mServiceBound = true;
+        }
+
+        public void onServiceDisconnected(ComponentName name) {
+            mService = null;
+            Log.d(Constants.TAG, "disconnected from ICryptoServiceActivity");
+            mServiceBound = false;
+        }
+    };
+
+    /**
+     * If not already bound, bind!
+     * 
+     * @return
+     */
+    public boolean bindToService() {
+        if (mService == null && !mServiceBound) { // if not already connected
+            try {
+                Log.d(Constants.TAG, "not bound yet");
+
+                Intent serviceIntent = new Intent();
+                serviceIntent.setAction("org.openintents.crypto.ICryptoService");
+                bindService(serviceIntent, mServiceActivityConnection, Context.BIND_AUTO_CREATE);
+
+                return true;
+            } catch (Exception e) {
+                Log.d(Constants.TAG, "Exception", e);
+                return false;
+            }
+        } else { // already connected
+            Log.d(Constants.TAG, "already bound... ");
+            return true;
+        }
+    }
+
+    public void unbindFromService() {
+        unbindService(mServiceActivityConnection);
+    }
 
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
 
+        Log.d(Constants.TAG, "onCreate…");
+
+        // bind to our own crypto service
+        bindToService();
+
         handleActions(getIntent());
     }
 
-    protected void handleActions(Intent intent) {
+    @Override
+    protected void onDestroy() {
+        super.onDestroy();
 
-        // TODO: Important: Check if calling package is in list!
+        // unbind from our crypto service
+        if (mServiceActivityConnection != null) {
+            unbindFromService();
+        }
+    }
 
+    protected void handleActions(Intent intent) {
         String action = intent.getAction();
         Bundle extras = intent.getExtras();
 
@@ -47,7 +124,35 @@ public class CryptoActivity extends SherlockFragmentActivity {
         /**
          * com.android.crypto actions
          */
-        if (ACTION_CACHE_PASSPHRASE.equals(action)) {
+        if (ACTION_REGISTER.equals(action)) {
+            final String packageName = extras.getString(EXTRA_PACKAGE_NAME);
+
+            setContentView(R.layout.register_crypto_consumer_activity);
+
+            Button allowButton = (Button) findViewById(R.id.register_crypto_consumer_allow);
+            Button disallowButton = (Button) findViewById(R.id.register_crypto_consumer_disallow);
+
+            allowButton.setOnClickListener(new OnClickListener() {
+
+                @Override
+                public void onClick(View v) {
+                    // ProviderHelper.addCryptoConsumer(RegisterActivity.this, callingPackageName);
+                    // Intent data = new Intent();
+
+                    setResult(RESULT_OK);
+                    finish();
+                }
+            });
+
+            disallowButton.setOnClickListener(new OnClickListener() {
+
+                @Override
+                public void onClick(View v) {
+                    setResult(RESULT_CANCELED);
+                    finish();
+                }
+            });
+        } else if (ACTION_CACHE_PASSPHRASE.equals(action)) {
             long secretKeyId = extras.getLong(EXTRA_SECRET_KEY_ID);
 
             showPassphraseDialog(secretKeyId);
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java
index a367c613f..10eb94c7f 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java
@@ -20,6 +20,9 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.TimeUnit;
 
 import org.openintents.crypto.CryptoError;
 import org.openintents.crypto.CryptoSignatureResult;
@@ -29,8 +32,10 @@ import org.sufficientlysecure.keychain.helper.PgpMain;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
+import org.sufficientlysecure.keychain.util.PausableThreadPoolExecutor;
 
 import org.openintents.crypto.ICryptoCallback;
 import org.openintents.crypto.ICryptoService;
@@ -38,6 +43,7 @@ import org.openintents.crypto.ICryptoService;
 import android.app.Service;
 import android.content.Context;
 import android.content.Intent;
+import android.os.Binder;
 import android.os.Bundle;
 import android.os.IBinder;
 import android.os.RemoteException;
@@ -45,11 +51,26 @@ import android.os.RemoteException;
 public class CryptoService extends Service {
     Context mContext;
 
+    // just one pool of 4 threads, pause on every user action needed
+    final ArrayBlockingQueue<Runnable> mPoolQueue = new ArrayBlockingQueue<Runnable>(20);
+    PausableThreadPoolExecutor mThreadPool = new PausableThreadPoolExecutor(2, 4, 10,
+            TimeUnit.SECONDS, mPoolQueue);
+
+    private ArrayList<String> mAllowedPackages;
+
+    // RemoteCallbackList<IInterface>
+
+    public static final String ACTION_SERVICE_ACTIVITY = "org.sufficientlysecure.keychain.crypto_provider.ICryptoServiceActivity";
+
     @Override
     public void onCreate() {
         super.onCreate();
         mContext = this;
         Log.d(Constants.TAG, "CryptoService, onCreate()");
+
+        // load allowed packages from database
+        mAllowedPackages = ProviderHelper.getCryptoConsumers(mContext);
+        Log.d(Constants.TAG, "allowed: " + mAllowedPackages);
     }
 
     @Override
@@ -60,7 +81,20 @@ public class CryptoService extends Service {
 
     @Override
     public IBinder onBind(Intent intent) {
-        return mBinder;
+        // return different binder for connections from internal service activity
+        if (ACTION_SERVICE_ACTIVITY.equals(intent.getAction())) {
+            String callingPackageName = intent.getPackage();
+
+            // this binder can only be used from OpenPGP Keychain
+            if (callingPackageName.equals(Constants.PACKAGE_NAME)) {
+                return mBinderServiceActivity;
+            } else {
+                Log.e(Constants.TAG, "This binder can only be used from " + Constants.PACKAGE_NAME);
+                return null;
+            }
+        } else {
+            return mBinder;
+        }
     }
 
     private synchronized void decryptAndVerifySafe(byte[] inputBytes, ICryptoCallback callback)
@@ -77,8 +111,8 @@ public class CryptoService extends Service {
             if (secretKeyId == Id.key.none) {
                 throw new PgpMain.PgpGeneralException(getString(R.string.error_noSecretKeyFound));
             }
-            
-            Log.d(Constants.TAG, "Got input:\n"+new String(inputBytes));
+
+            Log.d(Constants.TAG, "Got input:\n" + new String(inputBytes));
 
             Log.d(Constants.TAG, "secretKeyId " + secretKeyId);
 
@@ -86,13 +120,11 @@ public class CryptoService extends Service {
 
             if (passphrase == null) {
                 Log.d(Constants.TAG, "No passphrase! Activity required!");
-                // No passphrase cached for this ciphertext! Intent required to cache
-                // passphrase!
-                Intent intent = new Intent(CryptoActivity.ACTION_CACHE_PASSPHRASE);
-                intent.putExtra(CryptoActivity.EXTRA_SECRET_KEY_ID, secretKeyId);
-                // TODO: start activity bind to service from activity send back intent on success
-//                callback.onActivityRequired(intent);
-                return;
+
+                // start passphrase dialog
+                Bundle extras = new Bundle();
+                extras.putLong(CryptoActivity.EXTRA_SECRET_KEY_ID, secretKeyId);
+                pauseQueueAndStartCryptoActivity(CryptoActivity.ACTION_CACHE_PASSPHRASE, extras);
             }
 
             // if (signedOnly) {
@@ -162,37 +194,111 @@ public class CryptoService extends Service {
         }
 
         @Override
-        public void decryptAndVerify(byte[] inputBytes, ICryptoCallback callback)
+        public void decryptAndVerify(final byte[] inputBytes, final ICryptoCallback callback)
                 throws RemoteException {
-            decryptAndVerifySafe(inputBytes, callback);
+
+            Runnable r = new Runnable() {
+
+                @Override
+                public void run() {
+                    try {
+                        decryptAndVerifySafe(inputBytes, callback);
+                    } catch (RemoteException e) {
+                        Log.e(Constants.TAG, "CryptoService", e);
+                    }
+                }
+            };
+
+            checkAndEnqueue(r);
         }
 
     };
 
-    // /**
-    // * As we can not throw an exception through Android RPC, we assign identifiers to the
-    // exception
-    // * types.
-    // *
-    // * @param e
-    // * @return
-    // */
-    // private int getExceptionId(Exception e) {
-    // if (e instanceof NoSuchProviderException) {
-    // return 0;
-    // } else if (e instanceof NoSuchAlgorithmException) {
-    // return 1;
-    // } else if (e instanceof SignatureException) {
-    // return 2;
-    // } else if (e instanceof IOException) {
-    // return 3;
-    // } else if (e instanceof PgpGeneralException) {
-    // return 4;
-    // } else if (e instanceof PGPException) {
-    // return 5;
-    // } else {
-    // return -1;
-    // }
-    // }
+    private final ICryptoServiceActivity.Stub mBinderServiceActivity = new ICryptoServiceActivity.Stub() {
+
+        @Override
+        public void register(boolean success, String packageName) throws RemoteException {
+            if (success) {
+                // reload allowed packages
+                mAllowedPackages = ProviderHelper.getCryptoConsumers(mContext);
+
+                // resume threads
+                if (isCallerAllowed()) {
+                    mThreadPool.resume();
+                } else {
+                    // TODO: should not happen?
+                }
+            } else {
+                // TODO
+                mPoolQueue.clear();
+            }
+
+        }
+
+        @Override
+        public void cachePassphrase(boolean success, String passphrase) throws RemoteException {
+
+        }
+
+    };
+
+    private void checkAndEnqueue(Runnable r) {
+        if (isCallerAllowed()) {
+            mThreadPool.execute(r);
+
+            Log.d(Constants.TAG, "Enqueued runnable…");
+        } else {
+            Log.e(Constants.TAG, "Not allowed to use service! Starting register with activity!");
+            pauseQueueAndStartCryptoActivity(CryptoActivity.ACTION_REGISTER, null);
+            mThreadPool.execute(r);
+
+            Log.d(Constants.TAG, "Enqueued runnable…");
+        }
+    }
+
+    /**
+     * Checks if process that binds to this service (i.e. the package name corresponding to the
+     * process) is in the list of allowed package names.
+     * 
+     * @return true if process is allowed to use this service
+     */
+    private boolean isCallerAllowed() {
+        String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid());
+
+        // is calling package allowed to use this service?
+        for (int i = 0; i < callingPackages.length; i++) {
+            String currentPkg = callingPackages[i];
+            Log.d(Constants.TAG, "Caller packageName: " + currentPkg);
+
+            // check if package is allowed to use our service
+            if (mAllowedPackages.contains(currentPkg)) {
+                Log.d(Constants.TAG, "Caller is allowed! packageName: " + currentPkg);
+
+                return true;
+            } else if (Constants.PACKAGE_NAME.equals(currentPkg)) {
+                Log.d(Constants.TAG, "Caller is OpenPGP Keychain! -> allowed!");
+
+                return true;
+            }
+        }
+        
+        Log.d(Constants.TAG, "Caller is NOT allowed!");
+        return false;
+    }
+
+    private void pauseQueueAndStartCryptoActivity(String action, Bundle extras) {
+        mThreadPool.pause();
+
+        Log.d(Constants.TAG, "starting activity...");
+        Intent intent = new Intent(getBaseContext(), CryptoActivity.class);
+        intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+        // intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
+        // intent.addFlags(Intent.FLAG_ACTIVITY_NO_HISTORY);
+        intent.setAction(action);
+        if (extras != null) {
+            intent.putExtras(extras);
+        }
+        getApplication().startActivity(intent);
+    }
 
 }
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/ICryptoServiceActivity.aidl b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/ICryptoServiceActivity.aidl
new file mode 100644
index 000000000..51586cae6
--- /dev/null
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/ICryptoServiceActivity.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.sufficientlysecure.keychain.crypto_provider;
+
+
+interface ICryptoServiceActivity {
+       
+    
+    oneway void register(in boolean success, in String packageName);
+    
+    oneway void cachePassphrase(in boolean success, in String passphrase);
+   
+    
+}
\ No newline at end of file
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/RegisterActivity.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/RegisterActivity.java
deleted file mode 100644
index 39b29f9a0..000000000
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/RegisterActivity.java
+++ /dev/null
@@ -1,74 +0,0 @@
-package org.sufficientlysecure.keychain.crypto_provider;
-
-import org.sufficientlysecure.keychain.Constants;
-import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.util.Log;
-
-import android.app.Activity;
-import android.content.Intent;
-import android.os.Bundle;
-import android.view.View;
-import android.view.View.OnClickListener;
-import android.widget.Button;
-
-public class RegisterActivity extends Activity {
-
-    public static final String ACTION_REGISTER = "com.android.crypto.REGISTER";
-
-    public static final String EXTRA_PACKAGE_NAME = "packageName";
-
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-
-        handleActions(getIntent());
-    }
-
-    protected void handleActions(Intent intent) {
-        String action = intent.getAction();
-        Bundle extras = intent.getExtras();
-
-        if (extras == null) {
-            extras = new Bundle();
-        }
-
-        final String callingPackageName = this.getCallingPackage();
-
-        /**
-         * com.android.crypto actions
-         */
-        if (ACTION_REGISTER.equals(action)) {
-            setContentView(R.layout.register_crypto_consumer_activity);
-
-            Button allowButton = (Button) findViewById(R.id.register_crypto_consumer_allow);
-            Button disallowButton = (Button) findViewById(R.id.register_crypto_consumer_disallow);
-
-            allowButton.setOnClickListener(new OnClickListener() {
-
-                @Override
-                public void onClick(View v) {
-                    ProviderHelper.addCryptoConsumer(RegisterActivity.this, callingPackageName);
-                    Intent data = new Intent();
-                    data.putExtra(EXTRA_PACKAGE_NAME, "org.sufficientlysecure.keychain");
-
-                    setResult(RESULT_OK, data);
-                    finish();
-                }
-            });
-
-            disallowButton.setOnClickListener(new OnClickListener() {
-
-                @Override
-                public void onClick(View v) {
-                    setResult(RESULT_CANCELED);
-                    finish();
-                }
-            });
-
-        } else {
-            Log.e(Constants.TAG, "Please use com.android.crypto.REGISTER as intent action!");
-            finish();
-        }
-    }
-}
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/util/PausableThreadPoolExecutor.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/util/PausableThreadPoolExecutor.java
new file mode 100644
index 000000000..d6170a4e2
--- /dev/null
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/util/PausableThreadPoolExecutor.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.sufficientlysecure.keychain.util;
+
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.RejectedExecutionHandler;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.ReentrantLock;
+
+/**
+ * Example from
+ * http://docs.oracle.com/javase/1.5.0/docs/api/java/util/concurrent/ThreadPoolExecutor.html
+ */
+public class PausableThreadPoolExecutor extends ThreadPoolExecutor {
+
+    public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime,
+            TimeUnit unit, BlockingQueue<Runnable> workQueue, RejectedExecutionHandler handler) {
+        super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, handler);
+    }
+
+    public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime,
+            TimeUnit unit, BlockingQueue<Runnable> workQueue, ThreadFactory threadFactory,
+            RejectedExecutionHandler handler) {
+        super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory, handler);
+    }
+
+    public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime,
+            TimeUnit unit, BlockingQueue<Runnable> workQueue, ThreadFactory threadFactory) {
+        super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory);
+    }
+
+    public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime,
+            TimeUnit unit, BlockingQueue<Runnable> workQueue) {
+        super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue);
+    }
+
+    private boolean isPaused;
+    private ReentrantLock pauseLock = new ReentrantLock();
+    private Condition unpaused = pauseLock.newCondition();
+
+    protected void beforeExecute(Thread t, Runnable r) {
+        super.beforeExecute(t, r);
+        pauseLock.lock();
+        try {
+            while (isPaused)
+                unpaused.await();
+        } catch (InterruptedException ie) {
+            t.interrupt();
+        } finally {
+            pauseLock.unlock();
+        }
+    }
+
+    public void pause() {
+        pauseLock.lock();
+        try {
+            isPaused = true;
+        } finally {
+            pauseLock.unlock();
+        }
+    }
+
+    public void resume() {
+        pauseLock.lock();
+        try {
+            isPaused = false;
+            unpaused.signalAll();
+        } finally {
+            pauseLock.unlock();
+        }
+    }
+}
\ No newline at end of file