From 81a59b76b17df82987b9add06d4fadf8888a9e06 Mon Sep 17 00:00:00 2001
From: Bart Butler <bart.c.butler@gmail.com>
Date: Tue, 5 Dec 2017 11:44:01 -0800
Subject: [PATCH] do not echo data back to caller for detached signing

---
 src/openpgp.js          | 10 +++++-----
 test/general/openpgp.js |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/openpgp.js b/src/openpgp.js
index 0129598e..4a7a9340 100644
--- a/src/openpgp.js
+++ b/src/openpgp.js
@@ -314,13 +314,13 @@ export function sign({ data, privateKeys, armor=true, detached=false}) {
       }
     } else {
       message = message.sign(privateKeys);
+      if (armor) {
+        result.data = message.armor();
+      } else {
+        result.message = message;
+      }
     }
 
-    if (armor) {
-      result.data = message.armor();
-    } else {
-      result.message = message;
-    }
     return result;
 
   }, 'Error signing cleartext message');
diff --git a/test/general/openpgp.js b/test/general/openpgp.js
index 0d31e93f..c7a6c4db 100644
--- a/test/general/openpgp.js
+++ b/test/general/openpgp.js
@@ -969,7 +969,7 @@ describe('OpenPGP.js public api tests', function() {
             publicKeys: publicKey.keys
           };
           return openpgp.sign(signOpt).then(function(signed) {
-            verifyOpt.message = openpgp.cleartext.readArmored(signed.data);
+            verifyOpt.message = new openpgp.cleartext.CleartextMessage(plaintext);
             verifyOpt.signature = openpgp.signature.readArmored(signed.signature);
             return openpgp.verify(verifyOpt);
           }).then(function(verified) {
@@ -1009,7 +1009,7 @@ describe('OpenPGP.js public api tests', function() {
             publicKeys: openpgp.key.readArmored(wrong_pubkey).keys
           };
           return openpgp.sign(signOpt).then(function(signed) {
-            verifyOpt.message = openpgp.cleartext.readArmored(signed.data);
+            verifyOpt.message = new openpgp.cleartext.CleartextMessage(plaintext);
             verifyOpt.signature = openpgp.signature.readArmored(signed.signature);
             return openpgp.verify(verifyOpt);
           }).then(function(verified) {
@@ -1051,7 +1051,7 @@ describe('OpenPGP.js public api tests', function() {
             publicKeys: publicKey.keys
           };
           return openpgp.sign(signOpt).then(function(signed) {
-            verifyOpt.message = signed.message;
+            verifyOpt.message = new openpgp.cleartext.CleartextMessage(plaintext);
             verifyOpt.signature = signed.signature;
             return openpgp.verify(verifyOpt);
           }).then(function(verified) {