Keep readKeys when excluding

format.js

@@ -291,8 +291,9 @@ function makeEncryptionFormat() {
     const authorBFE = BFE.encode(authorId)
     const previousBFE = BFE.encode(opts.previous)
 
-    const groupKeys = keyring.group
-      .listSync()
+    const groups = keyring.group.listSync()
+    const excludedGroups = keyring.group.listSync({ excluded: true })
+    const groupKeys = [...groups, ...excludedGroups]
       .map(keyring.group.get)
       .map((groupInfo) => groupInfo.readKeys)
       .flat()

package.json

@@ -19,7 +19,7 @@
     "pull-defer": "^0.2.3",
     "pull-stream": "^3.6.14",
     "ssb-bfe": "^3.7.0",
-    "ssb-keyring": "^5.3.0",
+    "ssb-keyring": "https://gitlab.com/ahau/lib/ssb-keyring/-/archive/exclude-writekey/ssb-keyring-exclude-writekey.tar.gz",
     "ssb-private-group-keys": "^1.1.1",
     "ssb-ref": "^2.16.0",
     "ssb-uri2": "^2.4.1"

test/index.js

@@ -138,6 +138,45 @@ test('decrypt as group recipient', (t) => {
   })
 })
 
+test('decrypt as group recipient, still works after exclusion', (t) => {
+  const box2 = Box2()
+  const keys = ssbKeys.generate(null, 'alice', 'buttwoo-v1')
+
+  box2.setup({ keys }, () => {
+    const groupId = '%Lihvp+fMdt5CihjbOY6eZc0qCe0eKsrN2wfgXV2E3PM=.cloaked'
+    box2.addGroupInfo(groupId, {
+      key: Buffer.from(
+        '30720d8f9cbf37f6d7062826f6decac93e308060a8aaaa77e6a4747f40ee1a76',
+        'hex'
+      ),
+    })
+
+    const opts = {
+      keys,
+      content: { type: 'post', text: 'super secret' },
+      previous: null,
+      timestamp: 12345678900,
+      tag: buttwoo.tags.SSB_FEED,
+      hmacKey: null,
+      recps: [groupId, ssbKeys.generate(null, '2').id],
+    }
+
+    const plaintext = buttwoo.toPlaintextBuffer(opts)
+    t.true(Buffer.isBuffer(plaintext), 'plaintext is a buffer')
+
+    const ciphertext = box2.encrypt(plaintext, opts)
+
+    box2.excludeGroupInfo(groupId, (err) => {
+      if (err) t.fail(err)
+
+      const decrypted = box2.decrypt(ciphertext, { ...opts, author: keys.id })
+      t.deepEqual(decrypted, plaintext, 'decrypted plaintext is the same')
+
+      t.end()
+    })
+  })
+})
+
 test('cannot decrypt own DM after we changed our own DM keys', (t) => {
   const box2 = Box2()
   const keys = ssbKeys.generate(null, 'alice', 'buttwoo-v1')

test/tribes.js

@@ -12,6 +12,7 @@ const SecretStack = require('secret-stack')
 const caps = require('ssb-caps')
 const ref = require('ssb-ref')
 const pull = require('pull-stream')
+const { keySchemes } = require('private-group-spec')
 
 function readyDir(dir) {
   rimraf.sync(dir)
@@ -369,8 +370,12 @@ test('You can exclude info from a group', async (t) => {
 
   t.deepEquals(
     groupInfo,
-    { excluded: true },
-    'excluding group info just leaves excluded: true'
+    {
+      readKeys: [{ key: testkey, scheme: keySchemes.private_group }],
+      root: testRoot,
+      excluded: true,
+    },
+    'excluding group info removes writeKey and adds excluded: true'
   )
 
   const listNotExcluded = await pull(