@NonNull
  @Override
  public InputDataResult execute(InputDataParcel input, final CryptoInputParcel cryptoInput) {

    final OperationLog log = new OperationLog();

    log.add(LogType.MSG_DATA, 0);

    Uri currentInputUri;

    DecryptVerifyResult decryptResult = null;

    PgpDecryptVerifyInputParcel decryptInput = input.getDecryptInput();

    if (!input.getMimeDecode() && decryptInput == null) {
      throw new AssertionError("no decryption or mime decoding, this is probably a bug");
    }

    if (decryptInput != null) {

      log.add(LogType.MSG_DATA_OPENPGP, 1);

      PgpDecryptVerifyOperation op =
          new PgpDecryptVerifyOperation(mContext, mProviderHelper, mProgressable);

      decryptInput.setInputUri(input.getInputUri());

      currentInputUri = TemporaryFileProvider.createFile(mContext);
      decryptInput.setOutputUri(currentInputUri);

      decryptResult = op.execute(decryptInput, cryptoInput);
      if (decryptResult.isPending()) {
        return new InputDataResult(log, decryptResult);
      }
      log.addByMerge(decryptResult, 1);

      if (!decryptResult.success()) {
        return new InputDataResult(InputDataResult.RESULT_ERROR, log);
      }

      // inform the storage provider about the mime type for this uri
      if (decryptResult.getDecryptionMetadata() != null) {
        OpenPgpMetadata meta = decryptResult.getDecryptionMetadata();
        TemporaryFileProvider.setName(mContext, currentInputUri, meta.getFilename());
        TemporaryFileProvider.setMimeType(mContext, currentInputUri, meta.getMimeType());
      }

    } else {
      currentInputUri = input.getInputUri();
    }

    // don't even attempt if we know the data isn't suitable for mime content, or if we have a
    // filename
    boolean skipMimeParsing = false;
    if (decryptResult != null && decryptResult.getDecryptionMetadata() != null) {
      OpenPgpMetadata metadata = decryptResult.getDecryptionMetadata();
      String fileName = metadata.getFilename();
      String contentType = metadata.getMimeType();
      if (!TextUtils.isEmpty(fileName)
          || contentType != null
              && !contentType.startsWith("multipart/")
              && !contentType.startsWith("text/")
              && !"application/octet-stream".equals(contentType)) {
        skipMimeParsing = true;
      }
    }

    // If we aren't supposed to attempt mime decode after decryption, we are done here
    if (skipMimeParsing || !input.getMimeDecode()) {

      log.add(LogType.MSG_DATA_SKIP_MIME, 1);

      ArrayList<Uri> uris = new ArrayList<>();
      uris.add(currentInputUri);
      ArrayList<OpenPgpMetadata> metadatas = new ArrayList<>();
      metadatas.add(decryptResult.getDecryptionMetadata());

      log.add(LogType.MSG_DATA_OK, 1);
      return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, uris, metadatas);
    }

    final MimeStreamParser parser = new MimeStreamParser((MimeConfig) null);

    final ArrayList<Uri> outputUris = new ArrayList<>();
    final ArrayList<OpenPgpMetadata> metadatas = new ArrayList<>();

    parser.setContentDecoding(true);
    parser.setRecurse();
    parser.setContentHandler(
        new AbstractContentHandler() {
          private boolean mFoundContentTypeHeader = false;
          private Uri uncheckedSignedDataUri;
          String mFilename;

          @Override
          public void startMultipart(BodyDescriptor bd) throws MimeException {
            if ("signed".equals(bd.getSubType())) {
              if (mSignedDataUri != null) {
                // recursive signed data is not supported, and will just be parsed as-is
                log.add(LogType.MSG_DATA_DETACHED_NESTED, 2);
                return;
              }
              log.add(LogType.MSG_DATA_DETACHED, 2);
              if (!outputUris.isEmpty()) {
                // we can't have previous data if we parse a detached signature!
                log.add(LogType.MSG_DATA_DETACHED_CLEAR, 3);
                outputUris.clear();
                metadatas.clear();
              }
              // this is signed data, we require the next part raw
              parser.setRaw();
            }
          }

          @Override
          public void raw(InputStream is) throws MimeException, IOException {

            if (uncheckedSignedDataUri != null) {
              throw new AssertionError(
                  "raw parts must only be received as first part of multipart/signed!");
            }

            log.add(LogType.MSG_DATA_DETACHED_RAW, 3);

            uncheckedSignedDataUri =
                TemporaryFileProvider.createFile(mContext, mFilename, "text/plain");
            OutputStream out =
                mContext.getContentResolver().openOutputStream(uncheckedSignedDataUri, "w");

            if (out == null) {
              throw new IOException("Error getting file for writing!");
            }

            int len;
            while ((len = is.read(buf)) > 0) {
              out.write(buf, 0, len);
            }

            out.close();
            // continue to next body part the usual way
            parser.setFlat();
          }

          @Override
          public void startHeader() throws MimeException {
            mFilename = null;
          }

          @Override
          public void endHeader() throws MimeException {
            if (!mFoundContentTypeHeader) {
              parser.stop();
            }
          }

          @Override
          public void field(Field field) throws MimeException {
            field = DefaultFieldParser.getParser().parse(field, DecodeMonitor.SILENT);
            if (field instanceof ContentDispositionField) {
              mFilename = ((ContentDispositionField) field).getFilename();
            }
            if (field instanceof ContentTypeField) {
              mFoundContentTypeHeader = true;
            }
          }

          private void bodySignature(BodyDescriptor bd, InputStream is)
              throws MimeException, IOException {

            if (!"application/pgp-signature".equals(bd.getMimeType())) {
              log.add(LogType.MSG_DATA_DETACHED_UNSUPPORTED, 3);
              uncheckedSignedDataUri = null;
              parser.setRecurse();
              return;
            }

            log.add(LogType.MSG_DATA_DETACHED_SIG, 3);

            ByteArrayOutputStream detachedSig = new ByteArrayOutputStream();

            int len, totalLength = 0;
            while ((len = is.read(buf)) > 0) {
              totalLength += len;
              detachedSig.write(buf, 0, len);
              if (totalLength > 4096) {
                throw new IOException("detached signature is unreasonably large!");
              }
            }
            detachedSig.close();

            PgpDecryptVerifyInputParcel decryptInput = new PgpDecryptVerifyInputParcel();
            decryptInput.setInputUri(uncheckedSignedDataUri);
            decryptInput.setDetachedSignature(detachedSig.toByteArray());

            PgpDecryptVerifyOperation op =
                new PgpDecryptVerifyOperation(mContext, mProviderHelper, mProgressable);
            DecryptVerifyResult verifyResult = op.execute(decryptInput, cryptoInput);

            log.addByMerge(verifyResult, 4);

            mSignedDataUri = uncheckedSignedDataUri;
            mSignedDataResult = verifyResult;

            // reset parser state
            uncheckedSignedDataUri = null;
            parser.setRecurse();
          }

          @Override
          public void body(BodyDescriptor bd, InputStream is) throws MimeException, IOException {

            // if we have signed data waiting, we expect a signature for checking
            if (uncheckedSignedDataUri != null) {
              bodySignature(bd, is);
              return;
            }

            // we read first, no need to create an output file if nothing was read!
            int len = is.read(buf);
            if (len < 0) {
              return;
            }

            // If mSignedDataUri is non-null, we already parsed a signature. If mSignedDataResult is
            // non-null
            // too, we are still in the same parsing stage, so this is trailing data - skip it!
            if (mSignedDataUri != null && mSignedDataResult != null) {
              log.add(LogType.MSG_DATA_DETACHED_TRAILING, 2);
              return;
            }

            log.add(LogType.MSG_DATA_MIME_PART, 2);

            String mimeType = bd.getMimeType();

            if (mFilename != null) {
              log.add(LogType.MSG_DATA_MIME_FILENAME, 3, mFilename);
              boolean isGenericMimeType =
                  ClipDescription.compareMimeTypes(mimeType, "application/octet-stream")
                      || ClipDescription.compareMimeTypes(mimeType, "application/x-download");
              if (isGenericMimeType) {
                String extension = MimeTypeMap.getFileExtensionFromUrl(mFilename);
                String extMimeType = MimeTypeMap.getSingleton().getMimeTypeFromExtension(extension);
                if (extMimeType != null) {
                  mimeType = extMimeType;
                  log.add(LogType.MSG_DATA_MIME_FROM_EXTENSION, 3);
                }
              }
            }
            log.add(LogType.MSG_DATA_MIME_TYPE, 3, mimeType);

            Uri uri = TemporaryFileProvider.createFile(mContext, mFilename, mimeType);
            OutputStream out = mContext.getContentResolver().openOutputStream(uri, "w");

            if (out == null) {
              throw new IOException("Error getting file for writing!");
            }

            // If this data looks like text, we pipe the incoming data into a charset
            // decoder, to see if the data is legal for the assumed charset.
            String charset = bd.getCharset();
            CharsetVerifier charsetVerifier = new CharsetVerifier(buf, mimeType, charset);

            int totalLength = 0;
            do {
              totalLength += len;
              out.write(buf, 0, len);
              charsetVerifier.readBytesFromBuffer(0, len);
            } while ((len = is.read(buf)) > 0);

            log.add(LogType.MSG_DATA_MIME_LENGTH, 3, Long.toString(totalLength));

            OpenPgpMetadata metadata;
            if (charsetVerifier.isDefinitelyBinary()) {
              metadata = new OpenPgpMetadata(mFilename, mimeType, 0L, totalLength);
            } else {
              if (charsetVerifier.isCharsetFaulty() && charsetVerifier.isCharsetGuessed()) {
                log.add(
                    LogType.MSG_DATA_MIME_CHARSET_UNKNOWN,
                    3,
                    charsetVerifier.getMaybeFaultyCharset());
              } else if (charsetVerifier.isCharsetFaulty()) {
                log.add(LogType.MSG_DATA_MIME_CHARSET_FAULTY, 3, charsetVerifier.getCharset());
              } else if (charsetVerifier.isCharsetGuessed()) {
                log.add(LogType.MSG_DATA_MIME_CHARSET_GUESS, 3, charsetVerifier.getCharset());
              } else {
                log.add(LogType.MSG_DATA_MIME_CHARSET, 3, charsetVerifier.getCharset());
              }

              metadata =
                  new OpenPgpMetadata(
                      mFilename,
                      charsetVerifier.getGuessedMimeType(),
                      0L,
                      totalLength,
                      charsetVerifier.getCharset());
            }

            out.close();
            outputUris.add(uri);
            metadatas.add(metadata);
          }
        });

    try {

      log.add(LogType.MSG_DATA_MIME, 1);

      try {

        // open current uri for input
        InputStream in = mContext.getContentResolver().openInputStream(currentInputUri);
        parser.parse(in);

        if (mSignedDataUri != null) {

          if (decryptResult != null) {
            decryptResult.setSignatureResult(mSignedDataResult.getSignatureResult());
          } else {
            decryptResult = mSignedDataResult;
          }

          // the actual content is the signed data now (and will be passed verbatim, if parsing
          // fails)
          currentInputUri = mSignedDataUri;
          in = mContext.getContentResolver().openInputStream(currentInputUri);
          // reset signed data result, to indicate to the parser that it is in the inner part
          mSignedDataResult = null;
          parser.parse(in);
        }
      } catch (MimeException e) {
        // a mime error likely means that this wasn't mime data, after all
        e.printStackTrace();
        log.add(LogType.MSG_DATA_MIME_BAD, 2);
      }

      // if we found data, return success
      if (!outputUris.isEmpty()) {
        log.add(LogType.MSG_DATA_MIME_OK, 2);

        log.add(LogType.MSG_DATA_OK, 1);
        return new InputDataResult(
            InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas);
      }

      // if no mime data parsed, just return the raw data as fallback
      log.add(LogType.MSG_DATA_MIME_NONE, 2);

      OpenPgpMetadata metadata;
      if (decryptResult != null) {
        metadata = decryptResult.getDecryptionMetadata();
      } else {
        // if we neither decrypted nor mime-decoded, should this be treated as an error?
        // either way, we know nothing about the data
        metadata = new OpenPgpMetadata();
      }

      outputUris.add(currentInputUri);
      metadatas.add(metadata);

      log.add(LogType.MSG_DATA_OK, 1);
      return new InputDataResult(
          InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas);

    } catch (FileNotFoundException e) {
      log.add(LogType.MSG_DATA_ERROR_IO, 2);
      return new InputDataResult(InputDataResult.RESULT_ERROR, log);
    } catch (IOException e) {
      e.printStackTrace();
      log.add(LogType.MSG_DATA_ERROR_IO, 2);
      return new InputDataResult(InputDataResult.RESULT_ERROR, log);
    }
  }
  /** Signs and/or encrypts data based on parameters of class */
  public PgpSignEncryptResult execute(
      PgpSignEncryptInputParcel input,
      CryptoInputParcel cryptoInput,
      InputData inputData,
      OutputStream outputStream) {

    int indent = 0;
    OperationLog log = new OperationLog();

    log.add(LogType.MSG_PSE, indent);
    indent += 1;

    boolean enableSignature = input.getSignatureMasterKeyId() != Constants.key.none;
    boolean enableEncryption =
        ((input.getEncryptionMasterKeyIds() != null && input.getEncryptionMasterKeyIds().length > 0)
            || input.getSymmetricPassphrase() != null);
    boolean enableCompression = (input.getCompressionId() != CompressionAlgorithmTags.UNCOMPRESSED);

    Log.d(
        Constants.TAG,
        "enableSignature:"
            + enableSignature
            + "\nenableEncryption:"
            + enableEncryption
            + "\nenableCompression:"
            + enableCompression
            + "\nenableAsciiArmorOutput:"
            + input.isEnableAsciiArmorOutput()
            + "\nisHiddenRecipients:"
            + input.isHiddenRecipients());

    // add additional key id to encryption ids (mostly to do self-encryption)
    if (enableEncryption && input.getAdditionalEncryptId() != Constants.key.none) {
      input.setEncryptionMasterKeyIds(
          Arrays.copyOf(
              input.getEncryptionMasterKeyIds(), input.getEncryptionMasterKeyIds().length + 1));
      input.getEncryptionMasterKeyIds()[input.getEncryptionMasterKeyIds().length - 1] =
          input.getAdditionalEncryptId();
    }

    ArmoredOutputStream armorOut = null;
    OutputStream out;
    if (input.isEnableAsciiArmorOutput()) {
      armorOut = new ArmoredOutputStream(new BufferedOutputStream(outputStream, 1 << 16));
      if (input.getVersionHeader() != null) {
        armorOut.setHeader("Version", input.getVersionHeader());
      }
      // if we have a charset, put it in the header
      if (input.getCharset() != null) {
        armorOut.setHeader("Charset", input.getCharset());
      }
      out = armorOut;
    } else {
      out = outputStream;
    }

    /* Get keys for signature generation for later usage */
    CanonicalizedSecretKey signingKey = null;
    if (enableSignature) {

      updateProgress(R.string.progress_extracting_signature_key, 0, 100);

      try {
        // fetch the indicated master key id (the one whose name we sign in)
        CanonicalizedSecretKeyRing signingKeyRing =
            mProviderHelper.getCanonicalizedSecretKeyRing(input.getSignatureMasterKeyId());

        // fetch the specific subkey to sign with, or just use the master key if none specified
        signingKey = signingKeyRing.getSecretKey(input.getSignatureSubKeyId());

        // Make sure we are allowed to sign here!
        if (!signingKey.canSign()) {
          log.add(LogType.MSG_PSE_ERROR_KEY_SIGN, indent);
          return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
        }

        switch (signingKey.getSecretKeyType()) {
          case DIVERT_TO_CARD:
          case PASSPHRASE_EMPTY:
            {
              if (!signingKey.unlock(new Passphrase())) {
                throw new AssertionError(
                    "PASSPHRASE_EMPTY/DIVERT_TO_CARD keyphrase not unlocked with empty passphrase."
                        + " This is a programming error!");
              }
              break;
            }

          case PIN:
          case PATTERN:
          case PASSPHRASE:
            {
              Passphrase localPassphrase = cryptoInput.getPassphrase();
              if (localPassphrase == null) {
                try {
                  localPassphrase =
                      getCachedPassphrase(signingKeyRing.getMasterKeyId(), signingKey.getKeyId());
                } catch (PassphraseCacheInterface.NoSecretKeyException ignored) {
                }
              }
              if (localPassphrase == null) {
                log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
                return new PgpSignEncryptResult(
                    log,
                    RequiredInputParcel.createRequiredSignPassphrase(
                        signingKeyRing.getMasterKeyId(),
                        signingKey.getKeyId(),
                        cryptoInput.getSignatureTime()),
                    cryptoInput);
              }
              if (!signingKey.unlock(localPassphrase)) {
                log.add(LogType.MSG_PSE_ERROR_BAD_PASSPHRASE, indent);
                return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
              }
              break;
            }

          case GNU_DUMMY:
            {
              log.add(LogType.MSG_PSE_ERROR_UNLOCK, indent);
              return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
            }
          default:
            {
              throw new AssertionError("Unhandled SecretKeyType! (should not happen)");
            }
        }

      } catch (ProviderHelper.NotFoundException e) {
        log.add(LogType.MSG_PSE_ERROR_SIGN_KEY, indent);
        return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
      } catch (PgpGeneralException e) {
        log.add(LogType.MSG_PSE_ERROR_UNLOCK, indent);
        return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
      }

      // Use preferred hash algo
      int requestedAlgorithm = input.getSignatureHashAlgorithm();
      ArrayList<Integer> supported = signingKey.getSupportedHashAlgorithms();
      if (requestedAlgorithm == PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED) {
        // get most preferred
        input.setSignatureHashAlgorithm(supported.get(0));
      } else if (!supported.contains(requestedAlgorithm)) {
        log.add(LogType.MSG_PSE_ERROR_HASH_ALGO, indent);
        return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
      }
    }
    updateProgress(R.string.progress_preparing_streams, 2, 100);

    /* Initialize PGPEncryptedDataGenerator for later usage */
    PGPEncryptedDataGenerator cPk = null;
    if (enableEncryption) {

      // Use preferred encryption algo
      int algo = input.getSymmetricEncryptionAlgorithm();
      if (algo == PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED) {
        // get most preferred
        // TODO: get from recipients
        algo = PgpConstants.sPreferredSymmetricAlgorithms.get(0);
      }
      // has Integrity packet enabled!
      JcePGPDataEncryptorBuilder encryptorBuilder =
          new JcePGPDataEncryptorBuilder(algo)
              .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME)
              .setWithIntegrityPacket(true);

      cPk = new PGPEncryptedDataGenerator(encryptorBuilder);

      if (input.getSymmetricPassphrase() != null) {
        // Symmetric encryption
        log.add(LogType.MSG_PSE_SYMMETRIC, indent);

        JcePBEKeyEncryptionMethodGenerator symmetricEncryptionGenerator =
            new JcePBEKeyEncryptionMethodGenerator(input.getSymmetricPassphrase().getCharArray());
        cPk.addMethod(symmetricEncryptionGenerator);
      } else {
        log.add(LogType.MSG_PSE_ASYMMETRIC, indent);

        // Asymmetric encryption
        for (long id : input.getEncryptionMasterKeyIds()) {
          try {
            CanonicalizedPublicKeyRing keyRing =
                mProviderHelper.getCanonicalizedPublicKeyRing(KeyRings.buildUnifiedKeyRingUri(id));
            Set<Long> encryptSubKeyIds = keyRing.getEncryptIds();
            for (Long subKeyId : encryptSubKeyIds) {
              CanonicalizedPublicKey key = keyRing.getPublicKey(subKeyId);
              cPk.addMethod(key.getPubKeyEncryptionGenerator(input.isHiddenRecipients()));
              log.add(
                  LogType.MSG_PSE_KEY_OK,
                  indent + 1,
                  KeyFormattingUtils.convertKeyIdToHex(subKeyId));
            }
            if (encryptSubKeyIds.isEmpty()) {
              log.add(
                  LogType.MSG_PSE_KEY_WARN, indent + 1, KeyFormattingUtils.convertKeyIdToHex(id));
              if (input.isFailOnMissingEncryptionKeyIds()) {
                return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
              }
            }
          } catch (ProviderHelper.NotFoundException e) {
            log.add(
                LogType.MSG_PSE_KEY_UNKNOWN, indent + 1, KeyFormattingUtils.convertKeyIdToHex(id));
            if (input.isFailOnMissingEncryptionKeyIds()) {
              return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
            }
          }
        }
      }
    }

    /* Initialize signature generator object for later usage */
    PGPSignatureGenerator signatureGenerator = null;
    if (enableSignature) {
      updateProgress(R.string.progress_preparing_signature, 4, 100);

      try {
        boolean cleartext =
            input.isCleartextSignature() && input.isEnableAsciiArmorOutput() && !enableEncryption;
        signatureGenerator =
            signingKey.getDataSignatureGenerator(
                input.getSignatureHashAlgorithm(),
                cleartext,
                cryptoInput.getCryptoData(),
                cryptoInput.getSignatureTime());
      } catch (PgpGeneralException e) {
        log.add(LogType.MSG_PSE_ERROR_NFC, indent);
        return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
      }
    }

    ProgressScaler progressScaler = new ProgressScaler(mProgressable, 8, 95, 100);
    PGPCompressedDataGenerator compressGen = null;
    OutputStream pOut;
    OutputStream encryptionOut = null;
    BCPGOutputStream bcpgOut;

    ByteArrayOutputStream detachedByteOut = null;
    ArmoredOutputStream detachedArmorOut = null;
    BCPGOutputStream detachedBcpgOut = null;

    try {

      if (enableEncryption) {
        /* actual encryption */
        updateProgress(R.string.progress_encrypting, 8, 100);
        log.add(enableSignature ? LogType.MSG_PSE_SIGCRYPTING : LogType.MSG_PSE_ENCRYPTING, indent);
        indent += 1;

        encryptionOut = cPk.open(out, new byte[1 << 16]);

        if (enableCompression) {
          log.add(LogType.MSG_PSE_COMPRESSING, indent);
          compressGen = new PGPCompressedDataGenerator(input.getCompressionId());
          bcpgOut = new BCPGOutputStream(compressGen.open(encryptionOut));
        } else {
          bcpgOut = new BCPGOutputStream(encryptionOut);
        }

        if (enableSignature) {
          signatureGenerator.generateOnePassVersion(false).encode(bcpgOut);
        }

        PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator();
        char literalDataFormatTag;
        if (input.isCleartextSignature()) {
          literalDataFormatTag = PGPLiteralData.UTF8;
        } else {
          literalDataFormatTag = PGPLiteralData.BINARY;
        }
        pOut =
            literalGen.open(
                bcpgOut,
                literalDataFormatTag,
                inputData.getOriginalFilename(),
                new Date(),
                new byte[1 << 16]);

        long alreadyWritten = 0;
        int length;
        byte[] buffer = new byte[1 << 16];
        InputStream in = inputData.getInputStream();
        while ((length = in.read(buffer)) > 0) {
          pOut.write(buffer, 0, length);

          // update signature buffer if signature is requested
          if (enableSignature) {
            signatureGenerator.update(buffer, 0, length);
          }

          alreadyWritten += length;
          if (inputData.getSize() > 0) {
            long progress = 100 * alreadyWritten / inputData.getSize();
            progressScaler.setProgress((int) progress, 100);
          }
        }

        literalGen.close();
        indent -= 1;

      } else if (enableSignature
          && input.isCleartextSignature()
          && input.isEnableAsciiArmorOutput()) {
        /* cleartext signature: sign-only of ascii text */

        updateProgress(R.string.progress_signing, 8, 100);
        log.add(LogType.MSG_PSE_SIGNING_CLEARTEXT, indent);

        // write -----BEGIN PGP SIGNED MESSAGE-----
        armorOut.beginClearText(input.getSignatureHashAlgorithm());

        InputStream in = inputData.getInputStream();
        final BufferedReader reader = new BufferedReader(new InputStreamReader(in));

        // update signature buffer with first line
        processLine(reader.readLine(), armorOut, signatureGenerator);

        // TODO: progress: fake annealing?
        while (true) {
          String line = reader.readLine();

          // end cleartext signature with newline, see http://tools.ietf.org/html/rfc4880#section-7
          if (line == null) {
            armorOut.write(NEW_LINE);
            break;
          }

          armorOut.write(NEW_LINE);

          // update signature buffer with input line
          signatureGenerator.update(NEW_LINE);
          processLine(line, armorOut, signatureGenerator);
        }

        armorOut.endClearText();

        pOut = new BCPGOutputStream(armorOut);
      } else if (enableSignature && input.isDetachedSignature()) {
        /* detached signature */

        updateProgress(R.string.progress_signing, 8, 100);
        log.add(LogType.MSG_PSE_SIGNING_DETACHED, indent);

        InputStream in = inputData.getInputStream();

        // handle output stream separately for detached signatures
        detachedByteOut = new ByteArrayOutputStream();
        OutputStream detachedOut = detachedByteOut;
        if (input.isEnableAsciiArmorOutput()) {
          detachedArmorOut =
              new ArmoredOutputStream(new BufferedOutputStream(detachedOut, 1 << 16));
          if (input.getVersionHeader() != null) {
            detachedArmorOut.setHeader("Version", input.getVersionHeader());
          }

          detachedOut = detachedArmorOut;
        }
        detachedBcpgOut = new BCPGOutputStream(detachedOut);

        long alreadyWritten = 0;
        int length;
        byte[] buffer = new byte[1 << 16];
        while ((length = in.read(buffer)) > 0) {
          // no output stream is written, no changed to original data!

          signatureGenerator.update(buffer, 0, length);

          alreadyWritten += length;
          if (inputData.getSize() > 0) {
            long progress = 100 * alreadyWritten / inputData.getSize();
            progressScaler.setProgress((int) progress, 100);
          }
        }

        pOut = null;
      } else if (enableSignature && !input.isCleartextSignature() && !input.isDetachedSignature()) {
        /* sign-only binary (files/data stream) */

        updateProgress(R.string.progress_signing, 8, 100);
        log.add(LogType.MSG_PSE_SIGNING, indent);

        InputStream in = inputData.getInputStream();

        if (enableCompression) {
          compressGen = new PGPCompressedDataGenerator(input.getCompressionId());
          bcpgOut = new BCPGOutputStream(compressGen.open(out));
        } else {
          bcpgOut = new BCPGOutputStream(out);
        }

        signatureGenerator.generateOnePassVersion(false).encode(bcpgOut);

        PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator();
        pOut =
            literalGen.open(
                bcpgOut,
                PGPLiteralData.BINARY,
                inputData.getOriginalFilename(),
                new Date(),
                new byte[1 << 16]);

        long alreadyWritten = 0;
        int length;
        byte[] buffer = new byte[1 << 16];
        while ((length = in.read(buffer)) > 0) {
          pOut.write(buffer, 0, length);

          signatureGenerator.update(buffer, 0, length);

          alreadyWritten += length;
          if (inputData.getSize() > 0) {
            long progress = 100 * alreadyWritten / inputData.getSize();
            progressScaler.setProgress((int) progress, 100);
          }
        }

        literalGen.close();
      } else {
        pOut = null;
        // TODO: Is this log right?
        log.add(LogType.MSG_PSE_CLEARSIGN_ONLY, indent);
      }

      if (enableSignature) {
        updateProgress(R.string.progress_generating_signature, 95, 100);
        try {
          if (detachedBcpgOut != null) {
            signatureGenerator.generate().encode(detachedBcpgOut);
          } else {
            signatureGenerator.generate().encode(pOut);
          }
        } catch (NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded e) {
          // this secret key diverts to a OpenPGP card, throw exception with hash that will be
          // signed
          log.add(LogType.MSG_PSE_PENDING_NFC, indent);
          return new PgpSignEncryptResult(
              log,
              RequiredInputParcel.createNfcSignOperation(
                  signingKey.getRing().getMasterKeyId(),
                  signingKey.getKeyId(),
                  e.hashToSign,
                  e.hashAlgo,
                  cryptoInput.getSignatureTime()),
              cryptoInput);
        }
      }

      // closing outputs
      // NOTE: closing needs to be done in the correct order!
      if (encryptionOut != null) {
        if (compressGen != null) {
          compressGen.close();
        }

        encryptionOut.close();
      }
      // Note: Closing ArmoredOutputStream does not close the underlying stream
      if (armorOut != null) {
        armorOut.close();
      }
      // Note: Closing ArmoredOutputStream does not close the underlying stream
      if (detachedArmorOut != null) {
        detachedArmorOut.close();
      }
      // Also closes detachedBcpgOut
      if (detachedByteOut != null) {
        detachedByteOut.close();
      }
      if (out != null) {
        out.close();
      }
      if (outputStream != null) {
        outputStream.close();
      }

    } catch (SignatureException e) {
      log.add(LogType.MSG_PSE_ERROR_SIG, indent);
      return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
    } catch (PGPException e) {
      log.add(LogType.MSG_PSE_ERROR_PGP, indent);
      return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
    } catch (IOException e) {
      log.add(LogType.MSG_PSE_ERROR_IO, indent);
      return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
    }

    updateProgress(R.string.progress_done, 100, 100);

    log.add(LogType.MSG_PSE_OK, indent);
    PgpSignEncryptResult result = new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_OK, log);
    if (detachedByteOut != null) {
      try {
        detachedByteOut.flush();
        detachedByteOut.close();
      } catch (IOException e) {
        // silently catch
      }
      result.setDetachedSignature(detachedByteOut.toByteArray());
    }
    return result;
  }