FlowCrypt · ioanmo226 · Jan 7, 2025 · Jan 7, 2025
@@ -14,7 +14,7 @@
     <div id="pgp_block" class="pgp_pubkey" data-test="container-pgp-pubkey">
       <div class="line error_container hidden">
         <div class="error_info">
-          <span data-test="error-introduce-label">This OpenPGP key is not usable.</span>
+          <span class="error_introduce_label" data-test="error-introduce-label">This OpenPGP key is not usable.</span>
           <input class="input_error_email" disabled data-test="error-email-input" />
         </div>
 

@@ -13,6 +13,8 @@ import { Url } from '../../js/common/core/common.js';
 import { View } from '../../js/common/view.js';
 import { Xss } from '../../js/common/platform/xss.js';
 import { ContactStore } from '../../js/common/platform/store/contact-store.js';
+import { Buf } from '../../js/common/core/buf.js';
+import { OpenPGPKey } from '../../js/common/core/crypto/pgp/openpgp-key.js';
 
 // todo - this should use KeyImportUI for consistency.
 View.run(
@@ -71,7 +73,7 @@ View.run(
           !this.firstParsedPublicKey.usableForEncryption &&
           !this.firstParsedPublicKey.usableForSigning
         ) {
-          this.showKeyNotUsableError();
+          await this.showKeyNotUsableError();
         } else {
           let emailText = '';
           if (this.parsedPublicKeys.length === 1) {
@@ -116,7 +118,7 @@ View.run(
             frameId: this.frameId,
           });
         } else {
-          this.showKeyNotUsableError();
+          await this.showKeyNotUsableError();
         }
       }
       this.sendResizeMsg();
@@ -137,6 +139,25 @@ View.run(
       );
     };
 
+    private getErrorText = async () => {
+      let errorStr = '';
+      const { keys, errs } = await KeyUtil.readMany(Buf.fromUtfStr(this.armoredPubkey));
+      errorStr = errs.join('\n');
+      for (const key of keys) {
+        const errorMessage = await OpenPGPKey.checkPublicKeyError(key);
+        if (errorMessage) {
+          const match = new RegExp(/Error encrypting message: (.+)$/).exec(errorMessage);
+          // remove `error: error encrypting message: part`, so error message will begin directly from error reason
+          if (match) {
+            errorStr += match[1];
+          } else {
+            errorStr += errorMessage;
+          }
+        }
+      }
+      return errorStr;
+    };
+
     private sendResizeMsg = () => {
       const origHeight = $('#pgp_block').height();
       if (!origHeight) {
@@ -167,8 +188,9 @@ View.run(
       }
     };
 
-    private showKeyNotUsableError = () => {
+    private showKeyNotUsableError = async () => {
       $('.error_container').removeClass('hidden');
+      $('.error_introduce_label').html(`This OpenPGP key is not usable.<br/><small>(${await this.getErrorText()})</small>`); // xss-escaped
       $('.hide_if_error').hide();
       $('.fingerprints, .add_contact, #manual_import_warning').remove();
       const email = this.firstParsedPublicKey?.emails[0];

@@ -1446,6 +1446,10 @@ td {
   align-items: flex-start;
 }
 
+.pgp_neutral .error_container .error_info .error_introduce_label {
+  white-space: pre-line;
+}
+
 .pgp_neutral .error_container .error_info span {
   color: #a44;
   font-size: 14px;
@@ -1625,6 +1629,10 @@ td {
   display: none;
 }
 
+#pgp_block.pgp_pubkey .action_show_full {
+  width: 118px;
+}
+
 #pgp_block .three_dots {
   text-align: center;
   width: 25px;

@@ -428,6 +428,19 @@ export class OpenPGPKey {
     return nonDummyPrvPackets.every(p => p.isDecrypted());
   }
 
+  public static async checkPublicKeyError(pubkey: Key): Promise<string | undefined> {
+    try {
+      const key = await OpenPGPKey.extractExternalLibraryObjFromKey(pubkey);
+      await opgp.encrypt({
+        message: await opgp.createMessage({ text: OpenPGPKey.encryptionText }),
+        encryptionKeys: key.toPublic(),
+        format: 'armored',
+      });
+      return undefined;
+    } catch (err) {
+      return String(err);
+    }
+  }
   public static isFullyEncrypted(key: OpenPGP.PrivateKey): boolean {
     const nonDummyPrvPackets = OpenPGPKey.getPrvPackets(key);
     return nonDummyPrvPackets.every(p => !p.isDecrypted());

@@ -382,6 +382,7 @@ export const defineSettingsTests = (testVariant: TestVariant, testWithBrowser: T
         const firstFrameId = /frameId=.*?&/s.exec(framesUrls[0])![0];
         const errorFrame = await contactsFrame.getFrame(['pgp_pubkey.htm', firstFrameId]);
         await errorFrame.waitForContent('@error-introduce-label', 'This OpenPGP key is not usable.');
+        await errorFrame.waitForContent('@error-introduce-label', 'Could not verify primary key: dsa keys are considered too weak');
         await errorFrame.waitForInputValue('@error-email-input', '[email protected]');
       })
     );