From a7cc71e35e49a31fd0065dfef96d394bbc09bed6 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Mon, 19 Aug 2019 13:27:52 +0200
Subject: [PATCH] Throw when trying to encrypt a key that's already encrypted
 (#950)

---
 src/packet/secret_key.js |  4 ++++
 test/general/key.js      | 10 ++++++++++
 test/general/packet.js   |  2 ++
 3 files changed, 16 insertions(+)

diff --git a/src/packet/secret_key.js b/src/packet/secret_key.js
index accb225b..6fd38b1f 100644
--- a/src/packet/secret_key.js
+++ b/src/packet/secret_key.js
@@ -273,6 +273,10 @@ SecretKey.prototype.encrypt = async function (passphrase) {
     return false;
   }
 
+  if (!this.isDecrypted()) {
+    throw new Error('Key packet is already encrypted');
+  }
+
   if (this.isDecrypted() && !passphrase) {
     this.s2k_usage = 0;
     return false;
diff --git a/test/general/key.js b/test/general/key.js
index f6e6d09f..9a2efa49 100644
--- a/test/general/key.js
+++ b/test/general/key.js
@@ -2840,4 +2840,14 @@ VYGdb3eNlV8CfoEC
       expect(key.users[1].userId).to.be.null;
     });
   });
+
+  it("Should throw when trying to encrypt a key that's already encrypted", async function() {
+    await expect((async function() {
+      let { privateKeyArmored } = await openpgp.generateKey({ userIds: [{ email: 'hello@user.com' }], passphrase: 'pass', numBits: openpgp.util.getWebCryptoAll() ? 2048 : 512 });
+      let { keys: [k] } = await openpgp.key.readArmored(privateKeyArmored);
+      await k.decrypt('pass');
+      await k.encrypt('pass');
+      await k.encrypt('pass');
+    })()).to.be.rejectedWith('Key packet is already encrypted');
+  });
 });
diff --git a/test/general/packet.js b/test/general/packet.js
index 6451aaf1..3a1f4294 100644
--- a/test/general/packet.js
+++ b/test/general/packet.js
@@ -843,6 +843,7 @@ V+HOQJQxXJkVRYa3QrFUehiMzTeqqMdgC6ZqJy7+
 
       key[0].params = mpi;
       key[0].algorithm = "rsa_sign";
+      key[0].isEncrypted = false;
       await key[0].encrypt('hello');
 
       const raw = key.write();
@@ -874,6 +875,7 @@ V+HOQJQxXJkVRYa3QrFUehiMzTeqqMdgC6ZqJy7+
 
       key[0].params = mpi;
       key[0].algorithm = "rsa_sign";
+      key[0].isEncrypted = false;
       await key[0].encrypt('hello');
 
       const raw = key.write();