4 files changed, 16 insertions, 6 deletions

diff --git a/openvpn/src/openvpn/options.c b/openvpn/src/openvpn/options.c
index b83c1de6..b3a41d7b 100644
--- a/openvpn/src/openvpn/options.c
+++ b/openvpn/src/openvpn/options.c
@@ -2732,7 +2732,7 @@ options_postprocess_filechecks (struct options *options)
                              "--extra-certs");
 
 #ifdef MANAGMENT_EXTERNAL_KEY
-	if(!(options->management_flags | MF_EXTERNAL_KEY))
+	if(!(options->management_flags & MF_EXTERNAL_KEY))
 #endif
   errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->priv_key_file, R_OK,
                              "--key");
diff --git a/res/values/strings.xml b/res/values/strings.xml
index ba4f6b02..d6b55458 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -220,6 +220,7 @@
     <string name="keppstatus_summary">Keep the notification displayed after the connection is established to show traffic statistics.</string>
     <string name="keepstatus">Show Traffic Statistics</string>
     <string name="mobile_info">Running on %1$s (%2$s) %3$s, Android API %4$d</string>
-    <string name="error_rsa_sign">Error signing with Android keystore key %s</string>
+    <string name="error_rsa_sign">Error signing with Android keystore key %1$s: %2$s</string>
+    <string name="keychain_jellybeans">Reading from Android Keystore does not work in Jelly Beans (Google change the way private keys are returned)</string>
 </resources>
 
diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
index e1b37342..69129eb1 100644
--- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java
+++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
@@ -403,9 +403,12 @@ public class OpenVpnManagementThread implements Runnable {
 	private void processSignCommand(String b64data) {

 		PrivateKey privkey = mProfile.getKeystoreKey();

 		Exception err =null;

+		

 		try{

 			byte[] data = Base64.decode(b64data, Base64.DEFAULT);

-			Cipher rsasinger = javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1PADDING");

+

+			Cipher rsasinger = Cipher.getInstance("RSA/ECB/PKCS1PADDING");

+

 			rsasinger.init(Cipher.ENCRYPT_MODE, privkey);

 

 			byte[] signed_bytes = rsasinger.doFinal(data);

@@ -425,8 +428,9 @@ public class OpenVpnManagementThread implements Runnable {
 			err =e;

 		}

 		if(err !=null) {

-			OpenVPN.logError(R.string.error_rsa_sign,err.getLocalizedMessage());

+			OpenVPN.logError(R.string.error_rsa_sign,err.getClass().toString(),err.getLocalizedMessage());

 		}

+

 	}

 

 }

diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index 8b758b3b..54eaae88 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -24,6 +24,7 @@ import org.spongycastle.util.io.pem.PemWriter;
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.ApplicationInfo;
+import android.os.Build;
 import android.security.KeyChain;
 import android.security.KeyChainException;
 
@@ -551,8 +552,12 @@ public class VpnProfile implements  Serializable{
 
 	//! Return an error if somethign is wrong
 	int checkProfile() {
-		if((mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) && mAlias==null) 
-			return R.string.no_keystore_cert_selected;
+		if(mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) {
+			if(mAlias==null) 
+				return R.string.no_keystore_cert_selected;
+			if(Build.VERSION.SDK_INT == 16)
+				return R.string.keychain_jellybeans;
+		}
 
 		if(!mUsePull) {
 			if(mIPv4Address == null || cidrToIPAndNetmask(mIPv4Address) == null)