tomholub
commented
3 years ago I'm not sure exactly what to do, but we should not break user's flow too much if this wasn't an email encryption related cert.
Open tomholub opened 3 years ago
tomholub
commented
3 years ago I'm not sure exactly what to do, but we should not break user's flow too much if this wasn't an email encryption related cert.
karlwilbur
commented
3 years ago Thanks, @tomholub. I'll see if I can find time to take a look at this and make some suggestions. At first glance, it see that having separate messaging for expired and other "not usable" certs:
Or maybe checking that KeyUtil.parse only returns PGP or S/MIME public keys.
I think it's going to be difficult to separate a valid X.509 used for S/MIME from a valid X.509 certificate used for SSL. However, in my case it was an armored certificate that begins with the -----BEGIN CERTIFICATE----- string vs the -----BEGIN PGP PUBLIC KEY BLOCK----- found in my GnuPG armored key.
Again, I can dig a little deeper if I can find some time in the upcoming weeks. I could very possibly be way off and should be looking elsewhere in the code; I'm not very familiar with FlowCrypt from a developer perspective.
I just encountered this when renewing my SSL certificate through Sectigo. Their email to me included the new certificate, as plain "ASCII armor" text, at the end of the body of the email.
In my case, the "This OpenPGP key is not usable" message was in regard to this text version of the SSL certificate which was contained within the email itself. Apparently FlowCrypt sees the included certificate string (
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----) and misidentifies it as an OpenPGP key and thus warns that it is not usable.For obvious reasons, I am not going to include the "not usable" "OpenPGP key".
@tomholub I don't know if this information is useful at all, but I want to provide it just in case.
Originally posted by @karlwilbur in https://github.com/FlowCrypt/flowcrypt-browser/issues/2109#issuecomment-754071862