diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java
index 5ce6de1ee..fcb6db169 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java
@@ -43,6 +43,8 @@ class ManageSecurityTokenContract {
 
         void onClickLoadFile();
         void onFileSelected(Uri fileUri);
+        void onStoragePermissionGranted();
+        void onStoragePermissionDenied();
 
         void onClickResetToken();
         void onClickConfirmReset();
@@ -70,5 +72,7 @@ class ManageSecurityTokenContract {
         void showConfirmResetDialog();
 
         void showDisplayLogActivity(OperationResult result);
+
+        void requestStoragePermission();
     }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java
index 60a438708..55186001b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java
@@ -18,11 +18,16 @@
 package org.sufficientlysecure.keychain.ui.token;
 
 
+import android.Manifest;
+import android.annotation.TargetApi;
 import android.app.Activity;
 import android.content.DialogInterface;
 import android.content.Intent;
+import android.content.pm.PackageManager;
 import android.net.Uri;
+import android.os.Build.VERSION_CODES;
 import android.os.Bundle;
+import android.support.annotation.NonNull;
 import android.support.annotation.Nullable;
 import android.support.annotation.StringRes;
 import android.support.v4.app.Fragment;
@@ -73,6 +78,7 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
     private static final String ARG_URL = "key_uri";
     public static final int REQUEST_CODE_OPEN_FILE = 0;
     public static final int REQUEST_CODE_RESET = 1;
+    public static final int PERMISSION_READ_STORAGE = 0;
 
     ManageSecurityTokenMvpPresenter presenter;
     private ViewGroup statusLayoutGroup;
@@ -308,6 +314,27 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
         startActivity(intent);
     }
 
+    @TargetApi(VERSION_CODES.JELLY_BEAN)
+    @Override
+    public void requestStoragePermission() {
+        requestPermissions(new String[] { Manifest.permission.READ_EXTERNAL_STORAGE }, PERMISSION_READ_STORAGE);
+    }
+
+    @Override
+    public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions,
+            @NonNull int[] grantResults) {
+        if (requestCode != PERMISSION_READ_STORAGE) {
+            return;
+        }
+
+        boolean permissionWasGranted = grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED;
+        if (permissionWasGranted) {
+            presenter.onStoragePermissionGranted();
+        } else {
+            presenter.onStoragePermissionDenied();
+        }
+    }
+
     @Override
     public void onActivityResult(int requestCode, int resultCode, Intent data) {
         switch (requestCode) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java
index 685d77a6f..3eb6cb526 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java
@@ -36,6 +36,7 @@ import org.sufficientlysecure.keychain.ui.token.PublicKeyRetrievalLoader.KeyRetr
 import org.sufficientlysecure.keychain.ui.token.PublicKeyRetrievalLoader.KeyserverRetrievalLoader;
 import org.sufficientlysecure.keychain.ui.token.PublicKeyRetrievalLoader.LocalKeyLookupLoader;
 import org.sufficientlysecure.keychain.ui.token.PublicKeyRetrievalLoader.UriKeyRetrievalLoader;
+import org.sufficientlysecure.keychain.ui.util.PermissionsUtil;
 
 
 class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {
@@ -65,6 +66,7 @@ class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {
     private Long masterKeyId;
 
     private OperationLog log;
+    private Uri selectedContentUri;
 
     ManageSecurityTokenPresenter(Context context, byte[] tokenFingerprints, byte[] tokenAid,
             String tokenUserId, String tokenUrl, LoaderManager loaderManager) {
@@ -278,6 +280,17 @@ class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {
 
     @Override
     public void onFileSelected(Uri contentUri) {
+        boolean hasReadPermission = PermissionsUtil.checkReadPermission(context, contentUri);
+        if (!hasReadPermission) {
+            selectedContentUri = contentUri;
+            view.requestStoragePermission();
+            return;
+        }
+
+        startLoadingFile(contentUri);
+    }
+
+    private void startLoadingFile(Uri contentUri) {
         view.resetStatusLines();
         view.statusLineAdd(StatusLine.SEARCH_CONTENT_URI);
 
@@ -286,6 +299,18 @@ class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {
         loaderManager.restartLoader(LOADER_CONTENT_URI, args, loaderCallbacks);
     }
 
+    @Override
+    public void onStoragePermissionGranted() {
+        Uri contentUri = selectedContentUri;
+        selectedContentUri = null;
+        startLoadingFile(contentUri);
+    }
+
+    @Override
+    public void onStoragePermissionDenied() {
+        selectedContentUri = null;
+    }
+
     @Override
     public void onClickViewLog() {
         OperationResult result = new GenericOperationResult(GenericOperationResult.RESULT_OK, log);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/PermissionsUtil.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/PermissionsUtil.java
index 435240859..0a004746f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/PermissionsUtil.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/PermissionsUtil.java
@@ -62,7 +62,7 @@ public class PermissionsUtil {
         return result;
     }
 
-    private static boolean checkReadPermission(Context context, Uri uri) {
+    public static boolean checkReadPermission(Context context, Uri uri) {
         if (!ContentResolver.SCHEME_FILE.equals(uri.getScheme())) {
             return true;
         }