search

FlowCrypt / flowcrypt-browser

FlowCrypt Browser extension for Chrome and Firefox
https://flowcrypt.com
Other
373 stars 46 forks source link

Allow to select sender's signing key or at least OpenPGP or S/MIME type of message #4069

Open rrrooommmaaa opened 3 years ago

rrrooommmaaa commented 3 years ago

We currently only allow to select a sender's alias in recipients-inputs of compose.htm If I have both OpenPGP and x509 private keys, how can I select the type of message I'm sending? The type of message is of course auto-selected based on known recipient keys. However I would like to have more flexibility to select S/MIME in these situations: 1) I don't have any keys of the recipient and want to send a signed-only S/MIME message. 2) Recipient has both OpenPGP and S/MIME keys and I want to send (signed and) encrypted S/MIME message.

tomholub commented 3 years ago

Yes. This will require some thinking. For now, I'm ok with the limited support as we have it now, but as we gather some user feedback, we may have to do something here. At first, maybe an indicator of what kind of message is sent. Later, maybe a toggle (or put it into the send button chevron options)

rrrooommmaaa commented 3 years ago

PR #4074 adds some basic auto-detection logic based on sender and recipients list. However, if we have this chevron, we won't need to test all the possible edge cases. Also, this error will no longer be relevant Cannot use mixed OpenPGP (human@flowcrypt.com) and S/MIME (smime@recipient.com) public keys yet.If you need to email S/MIME recipient, do not add any OpenPGP recipient at the same time. As I understand, we generate a pwd-ecnryption message in case we don't have encryption keys of the needed type for all the recipients

tomholub commented 3 years ago

Also, this error will no longer be relevant Cannot use mixed OpenPGP (human@flowcrypt.com) and S/MIME (smime@recipient.com) public keys yet.If you need to email S/MIME recipient, do not add any OpenPGP recipient at the same time. As I understand, we generate a pwd-ecnryption message in case we don't have encryption keys of the needed type for all the recipients

This is complicated. I want to write Joe who has OpenPGP, then it's clear. I want to write Bill who has S/MIME, no problem.

But if I want to write both? Password protected message seems wrong because they both already have their pubkeys/certificates. I'd rather not allow it for now.

The best would be if we could abuse the email mime structure until both S/MIME and OpenPGP clients understand it, somehow. I don't know if that's possible. But that would be to investigate some other time. For now, let's keep them separate - I can write only S/MIME people or OpenPGP people, but not both in one email.