password encrypted file integrity check

[tomholub]

Once in a while, user will not be able to decrypt password encrypted message on the web, most likely because the message was uploaded with some glitches.

We should have a way to check that each message was uploaded correctly, some form of checksum from S3 that we're probably not checking.

Error decrypting message: CAST-128 keys must be 16 bytes

[tomholub]

Please investigate upload of files/attachments to S3. Look into AWS documentation. We seem to be uploading data to S3 without checking integrity of the uploaded file, and sometimes this causes us to upload a corrupted file.

You won't be able to reproduce it, but you should find a way how to make sure that we have uploaded the file properly.

[michael-volynets]

I'm facing a problem that, I suppose, needs some backend work.
I also think that this issue doesn't need any front-end work, except handling error if the file was corrupted while sending it to S3

About the problem:
Before we send a request to AWS S3, we send a request to our Backend at this endpoint message/presign_files, an example of a response is:

{
   "approvals":[
      {
         "base_url":"https://s3.eu-central-1.amazonaws.com/flowcrypt/",
         "length":76476,
         "fields":{
            "x-amz-algorithm":"<some string>",
            "x-amz-credential":"<some string>",
            "x-amz-date":"<date>",
            "x-amz-signature":"<signature>",
            "acl":"public-read",
            "key":"<key>",
            "policy":"<big policy string>",
            "Content-Type":"application/octet-stream"
         }
      }
   ]
}

Here I think we need:

• Update approvals.*.fields.policy field to accept a new header called Content-MD5 because currently when I'm trying to put it manually using JS, S3 throws me this error:

invalid according to policy: extra input fields: content-md5

• Add a new field called: Content-MD5 to approvals.*.fields, which is the Base64 string of MD5 Encoded file.

I think this should make it work.