Open martgil opened 2 years ago
@tomholub I think the extension wasn't aware for password-protected message for user without public key. the browser extension still looks for private key to decrypt the encrypted message in the attachment.
I believe we can solve this by checking message having the pattern $email$ has sent you a password-encrypted email.
and skip rendering if this is detected in an encryptedMsg as attachment message.
steps to reproduce:
I'll look into this a bit later - thanks for report.
Is this based on a concern from user? (enterprise or regular?) Or your own observation?
It is based on my observation - it is easier to replicate by following the steps from the most recent comment as I bump into it a while ago once again.
I see. For now I think we will leave this as it is. We may re-evaluate in the future and make this more user friendly.
Ok sir, understood - thanks for looking into it.
Description: A password-protected message link can't be rendered through the FlowCrypt extension is present.
There are scenarios that led to this issue such as:
test@gmail.com
in Gmail we can send an email to a dot aliaste.st@gmail.com
from which the email resolves to the original one which is thetest@gmail.com
This will cause the FlowCrypt browser to think that the message is an encrypted message and will show an error message hence the message was a password-protected message.
Steps to reproduce: receiver email -
test@gmail.com
receiver email with dot mutationte.st@gmail.com
user 1 - sender (flowcrypt user) user 2 - receiver (flowcrypt user)Here are the two screenshots where the password-protected message can't be opened.
A message with the correct pub key:
im able to read the encrypted message so I think it was indeed using the correct keys
but I can be wrong here. A message with a wrong pub key (the message is now shown either):Conclusion: The password-protected message can't be use inside of the FlowCrypt browser extension. Though, in the meantime. I could tell them to temporarily open the password-protected message by viewing it with the original content
(see original)