Password-protected message can't be rendered with FlowCrypt extension enabled

[martgil]

Description: A password-protected message link can't be rendered through the FlowCrypt extension is present.

There are scenarios that led to this issue such as:

• a FlowCrypt user received a password-protected message but the sender uses a dot aliased email for the recipient. example: the receiver original email is test@gmail.com in Gmail we can send an email to a dot alias te.st@gmail.com from which the email resolves to the original one which is the test@gmail.com

This will cause the FlowCrypt browser to think that the message is an encrypted message and will show an error message hence the message was a password-protected message.

Steps to reproduce: receiver email - test@gmail.com receiver email with dot mutation te.st@gmail.com user 1 - sender (flowcrypt user) user 2 - receiver (flowcrypt user)

1. user 1 send an email to user 2 using the email with dot mutation
2. user 2 received the message but the FlowCrypt extension says can't open or decrypt hence it was a password-protected message with a dedicated link.

Here are the two screenshots where the password-protected message can't be opened.

A message with the correct pub key: im able to read the encrypted message so I think it was indeed using the correct keys but I can be wrong here. A message with a wrong pub key (the message is now shown either):

Conclusion: The password-protected message can't be use inside of the FlowCrypt browser extension. Though, in the meantime. I could tell them to temporarily open the password-protected message by viewing it with the original content (see original)

[martgil]

@tomholub I think the extension wasn't aware for password-protected message for user without public key. the browser extension still looks for private key to decrypt the encrypted message in the attachment.

I believe we can solve this by checking message having the pattern $email$ has sent you a password-encrypted email. and skip rendering if this is detected in an encryptedMsg as attachment message.

steps to reproduce:

1. compose a password-protected message.
2. add the following recipients: user 1 - with available public key - message decrypts automatically for this one. user 2 - without public key - error says: "Your current key cannot open this message. If you have any other keys available, you should import them now." (the user may need to click "SEE ORIGINAL" to figure out that the message was actually a password-protected message with a link that is not obvious).

[tomholub]

I'll look into this a bit later - thanks for report.

Is this based on a concern from user? (enterprise or regular?) Or your own observation?

[martgil]

It is based on my observation - it is easier to replicate by following the steps from the most recent comment as I bump into it a while ago once again.

[tomholub]

I see. For now I think we will leave this as it is. We may re-evaluate in the future and make this more user friendly.

[martgil]

Ok sir, understood - thanks for looking into it.