1 files changed, 15 insertions, 7 deletions

diff --git a/src/mailman_pgp/pgp/mime.py b/src/mailman_pgp/pgp/mime.py
index 03177ab..32e2cab 100644
--- a/src/mailman_pgp/pgp/mime.py
+++ b/src/mailman_pgp/pgp/mime.py
@@ -24,7 +24,7 @@ from email.mime.application import MIMEApplication
 from email.utils import collapse_rfc2231_value
 
 from mailman.email.message import Message, MultipartDigestMessage
-from pgpy import PGPDetachedSignature, PGPMessage
+from pgpy import PGPMessage, PGPSignature, PGPDetachedSignature
 from pgpy.constants import HashAlgorithm, SymmetricKeyAlgorithm
 from public import public
 
@@ -358,16 +358,17 @@ class MIMEWrapper:
         return out
 
     def _encrypt(self, pmsg, *keys, cipher, **kwargs):
+        emsg = copy.copy(pmsg)
         if len(keys) == 1:
-            pmsg = keys[0].encrypt(pmsg, cipher=cipher, **kwargs)
+            emsg = keys[0].encrypt(emsg, cipher=cipher, **kwargs)
         else:
             session_key = cipher.gen_key()
             for key in keys:
-                pmsg = key.encrypt(pmsg, cipher=cipher,
+                emsg = key.encrypt(emsg, cipher=cipher,
                                    sessionkey=session_key,
                                    **kwargs)
             del session_key
-        return pmsg
+        return emsg
 
     def _wrap_encrypted(self, payload):
         out = MultipartDigestMessage('encrypted',
@@ -407,8 +408,11 @@ class MIMEWrapper:
         if len(keys) == 0:
             raise ValueError('At least one key necessary.')
 
-        payload = self.msg.as_string()
-        pmsg = PGPMessage.new(payload)
+        if self.is_signed():
+            pmsg = PGPMessage.new(next(iter(self.get_signed())))
+            pmsg |= next(iter(self.get_signature()))
+        else:
+            pmsg = PGPMessage.new(next(iter(self.get_payload())))
         pmsg = self._encrypt(pmsg, *keys, cipher=cipher, **kwargs)
         out = self._wrap_encrypted(pmsg)
         copy_headers(self.msg, out)
@@ -468,4 +472,8 @@ class MIMEWrapper:
 
         out = self.sign(key, hash)
         out_wrapped = MIMEWrapper(out)
-        return out_wrapped.encrypt(*keys, cipher=cipher, **kwargs)
+        pmsg = PGPMessage.new(next(out_wrapped.get_payload()))
+        pmsg = self._encrypt(pmsg, *keys, cipher=cipher, **kwargs)
+        out = self._wrap_encrypted(pmsg)
+        copy_headers(self.msg, out)
+        return out