when a certificate is not an s/mime cert, offer a less obtrusive rendering

[tomholub]

I just encountered this when renewing my SSL certificate through Sectigo. Their email to me included the new certificate, as plain "ASCII armor" text, at the end of the body of the email.

In my case, the "This OpenPGP key is not usable" message was in regard to this text version of the SSL certificate which was contained within the email itself. Apparently FlowCrypt sees the included certificate string (-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----) and misidentifies it as an OpenPGP key and thus warns that it is not usable.

For obvious reasons, I am not going to include the "not usable" "OpenPGP key".

@tomholub I don't know if this information is useful at all, but I want to provide it just in case.

Originally posted by @karlwilbur in #2109 (comment)

[tomholub]

I'm not sure exactly what to do, but we should not break user's flow too much if this wasn't an email encryption related cert.

[karlwilbur]

Thanks, @tomholub. I'll see if I can find time to take a look at this and make some suggestions. At first glance, it see that having separate messaging for expired and other "not usable" certs:

flowcrypt-browser/extension/chrome/elements/pgp_pubkey.ts

Lines 68 to 70 in f6c5e33

	if (!this.primaryPubKey.usableForEncryptionButExpired && !this.primaryPubKey.usableForSigningButExpired
	&& !this.primaryPubKey.usableForEncryption && !this.primaryPubKey.usableForSigning) {
	this.showKeyNotUsableError();

Or maybe checking that KeyUtil.parse only returns PGP or S/MIME public keys.

flowcrypt-browser/extension/chrome/elements/pgp_pubkey.ts

Line 43 in f6c5e33

this.publicKeys = [await KeyUtil.parse(this.armoredPubkey)];

I think it's going to be difficult to separate a valid X.509 used for S/MIME from a valid X.509 certificate used for SSL. However, in my case it was an armored certificate that begins with the -----BEGIN CERTIFICATE----- string vs the -----BEGIN PGP PUBLIC KEY BLOCK----- found in my GnuPG armored key.

flowcrypt-browser/extension/js/common/core/crypto/key.ts

Lines 135 to 144 in f6c5e33

	public static parseMany = async (text: string): Promise<Key[]> => {
	const keyType = KeyUtil.getKeyType(text);
	if (keyType === 'openpgp') {
	return await OpenPGPKey.parseMany(text);
	} else if (keyType === 'x509') {
	// TODO: No support for parsing multiple S/MIME keys for now
	return [await SmimeKey.parse(text)];
	}
	throw new UnexpectedKeyTypeError(`Key type is ${keyType}, expecting OpenPGP or x509 S/MIME`);
	}

Again, I can dig a little deeper if I can find some time in the upcoming weeks. I could very possibly be way off and should be looking elsewhere in the code; I'm not very familiar with FlowCrypt from a developer perspective.