1 files changed, 27 insertions, 20 deletions

diff --git a/src/mailman_pgp/pgp/mime.py b/src/mailman_pgp/pgp/mime.py
index 47ed192..81208bd 100644
--- a/src/mailman_pgp/pgp/mime.py
+++ b/src/mailman_pgp/pgp/mime.py
@@ -165,20 +165,7 @@ class MIMEWrapper:
         }
         return 'pgp-' + algs[hash_algo]
 
-    def sign(self, key, hash=None):
-        """
-        Sign a message with key.
-
-        :param key: The key to sign with.
-        :type key: pgpy.PGPKey
-        :param hash:
-        :type hash: HashAlgorithm
-        :return: The signed message.
-        :rtype: mailman.email.message.Message
-        """
-        payload = self.msg.as_string()
-        signature = key.sign(payload, hash=hash)
-
+    def _wrap_signed(self, msg, signature):
         micalg = self._micalg(signature.hash_algorithm)
         out = MultipartDigestMessage('signed', micalg=micalg,
                                      protocol=MIMEWrapper._signed_type)
@@ -193,11 +180,26 @@ class MIMEWrapper:
         second_part.add_header('content-disposition', 'attachment',
                                filename='signature.asc')
 
-        out.attach(copy.deepcopy(self.msg))
+        out.attach(copy.deepcopy(msg))
         out.attach(second_part)
-        copy_headers(self.msg, out)
+        copy_headers(msg, out)
         return out
 
+    def sign(self, key, hash=None):
+        """
+        Sign a message with key.
+
+        :param key: The key to sign with.
+        :type key: pgpy.PGPKey
+        :param hash:
+        :type hash: HashAlgorithm
+        :return: The signed message.
+        :rtype: mailman.email.message.Message
+        """
+        payload = self.msg.as_string()
+        signature = key.sign(payload, hash=hash)
+        return self._wrap_signed(self.msg, signature)
+
     def decrypt(self, key):
         """
         Decrypt this message with key.
@@ -214,9 +216,11 @@ class MIMEWrapper:
 
         dmsg = decrypted.message
         if isinstance(dmsg, bytearray):
-            dmsg = dmsg.decode('utf-8')
+            dmsg = dmsg.decode(decrypted.charset or 'utf-8')
 
         out = message_from_string(dmsg, _class=Message)
+        if decrypted.is_signed:
+            out = self._wrap_signed(out, decrypted.signatures.pop())
         copy_headers(self.msg, out)
         return out
 
@@ -252,7 +256,6 @@ class MIMEWrapper:
                                filename='encrypted.asc')
         out.attach(first_part)
         out.attach(second_part)
-        copy_headers(self.msg, out)
         return out
 
     def encrypt(self, *keys, cipher=SymmetricKeyAlgorithm.AES256):
@@ -272,7 +275,9 @@ class MIMEWrapper:
         payload = self.msg.as_string()
         pmsg = PGPMessage.new(payload)
         pmsg = self._encrypt(pmsg, *keys, cipher=cipher)
-        return self._wrap_encrypted(pmsg)
+        out =  self._wrap_encrypted(pmsg)
+        copy_headers(self.msg, out)
+        return out
 
     def sign_encrypt(self, key, *keys, hash=None,
                      cipher=SymmetricKeyAlgorithm.AES256):
@@ -299,7 +304,9 @@ class MIMEWrapper:
         pmsg = PGPMessage.new(payload)
         pmsg |= key.sign(pmsg, hash=hash)
         pmsg = self._encrypt(pmsg, *keys, cipher=cipher)
-        return self._wrap_encrypted(pmsg)
+        out = self._wrap_encrypted(pmsg)
+        copy_headers(self.msg, out)
+        return out
 
     def sign_then_encrypt(self, key, *keys, hash=None,
                           cipher=SymmetricKeyAlgorithm.AES256):