From 0f4d81bf2c9a3843cca6c66b9fe5ee5c11220fe6 Mon Sep 17 00:00:00 2001
From: Bart Butler <bart.c.butler@gmail.com>
Date: Wed, 7 Feb 2018 18:16:54 -0800
Subject: [PATCH] add test for signing with multiple keys, align signature
 packet order with high-level API private key order

---
 src/message.js          |  4 ++--
 test/general/openpgp.js | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/src/message.js b/src/message.js
index 18208f75..ebe6b285 100644
--- a/src/message.js
+++ b/src/message.js
@@ -396,7 +396,7 @@ Message.prototype.sign = async function(privateKeys=[], signature=null) {
     }
   }
 
-  await Promise.all(privateKeys.map(async function (privateKey, i) {
+  await Promise.all(Array.from(privateKeys).reverse().map(async function (privateKey, i) {
     if (privateKey.isPublic()) {
       throw new Error('Need private key for signing');
     }
@@ -422,7 +422,7 @@ Message.prototype.sign = async function(privateKeys=[], signature=null) {
 
   packetlist.push(literalDataPacket);
 
-  await Promise.all(Array.from(privateKeys).reverse().map(async function(privateKey) {
+  await Promise.all(privateKeys.map(async function(privateKey) {
     var signaturePacket = new packet.Signature();
     var signingKeyPacket = privateKey.getSigningKeyPacket();
     if (!signingKeyPacket.isDecrypted) {
diff --git a/test/general/openpgp.js b/test/general/openpgp.js
index e7fcf2fa..83f50c44 100644
--- a/test/general/openpgp.js
+++ b/test/general/openpgp.js
@@ -1015,6 +1015,39 @@ describe('OpenPGP.js public api tests', function() {
           });
         });
 
+        it('should encrypt and decrypt/verify both signatures when signed with two private keys', function() {
+          var privKeyDE = openpgp.key.readArmored(priv_key_de).keys[0];
+          privKeyDE.decrypt(passphrase);
+
+          var pubKeyDE = openpgp.key.readArmored(pub_key_de).keys[0];
+
+          var encOpt = {
+            data: plaintext,
+            publicKeys: publicKey.keys,
+            privateKeys: [privateKey.keys[0], privKeyDE]
+          };
+
+          var decOpt = {
+            privateKey: privateKey.keys[0],
+            publicKeys: [publicKey.keys[0], pubKeyDE]
+          };
+
+          return openpgp.encrypt(encOpt).then(function(encrypted) {
+            decOpt.message = openpgp.message.readArmored(encrypted.data);
+            return openpgp.decrypt(decOpt);
+          }).then(function(decrypted) {
+            expect(decrypted.data).to.equal(plaintext);
+            expect(decrypted.signatures[0].valid).to.be.true;
+            expect(decrypted.signatures[0].keyid.toHex()).to.equal(privateKey.keys[0].getSigningKeyPacket().getKeyId().toHex());
+            expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
+            expect(decrypted.signatures[1].valid).to.be.true;
+            return privKeyDE.verifyPrimaryUser().then(() => {
+              expect(decrypted.signatures[1].keyid.toHex()).to.equal(privKeyDE.getSigningKeyPacket().getKeyId().toHex());
+              expect(decrypted.signatures[1].signature.packets.length).to.equal(1);
+              });
+          });
+        });
+
         it('should sign and verify cleartext data', function() {
           var signOpt = {
             data: plaintext,