decryption: always request key passphrase based on key ID

passKitTests/Mocks/MockPGPInterface.swift

@@ -19,12 +19,16 @@ class MockPGPInterface: PGPInterface {
     var encryptResult = Data()
     var encryptError: Error?
 
+    /// When set, the mock calls `passPhraseForKey` with this key ID during `decrypt`,
+    /// simulating the PGP backend selecting a key and requesting its passphrase.
+    var selectedKeyForPassphrase: String?
+
     // MARK: - Call tracking
 
     struct DecryptCall {
         let encryptedData: Data
         let keyID: String?
-        let passphrase: String
+        let passPhraseForKey: (String) -> String
     }
 
     struct EncryptCall {
@@ -33,14 +37,18 @@ class MockPGPInterface: PGPInterface {
     }
 
     var decryptCalls: [DecryptCall] = []
+    var resolvedPassphrases: [String] = []
     var encryptCalls: [EncryptCall] = []
     var containsPublicKeyCalls: [String] = []
     var containsPrivateKeyCalls: [String] = []
 
     // MARK: - PGPInterface
 
-    func decrypt(encryptedData: Data, keyID: String?, passphrase: String) throws -> Data? {
-        decryptCalls.append(DecryptCall(encryptedData: encryptedData, keyID: keyID, passphrase: passphrase))
+    func decrypt(encryptedData: Data, keyID: String?, passPhraseForKey: @escaping (String) -> String) throws -> Data? {
+        decryptCalls.append(DecryptCall(encryptedData: encryptedData, keyID: keyID, passPhraseForKey: passPhraseForKey))
+        if let selectedKey = selectedKeyForPassphrase {
+            resolvedPassphrases.append(passPhraseForKey(selectedKey))
+        }
         if let error = decryptError {
             throw error
         }