Send Encrypted Emails to Users Who Don't Use Encryption

Prerequisites
You’ve already installed FlowCrypt and created a new private key or imported the existing private key you had used previously.
View the Send and Receive Overview guide to get more familiar with sending and receiving encrypted emails.

Not all recipients have OpenPGP software installed when you want to email them. Having encryption set up on both ends offers the most convenient experience, but there is also a mechanism to send encrypted emails to users who don’t use encryption: password-encrypted messages. The sender’s device encrypts the email, and our servers transfer the email in the encrypted form to deliver it to the recipient, who just needs to have the password to decrypt the email in the browser.

We expire and delete these emails within 90 days of sending for both free users and enterprise users who use Shared Tenant FES. We do this to protect users who may have used a weak password. However, Enterprise users who run their own server infrastructure can choose the expiration time.

On the other hand, emails sent between FlowCrypt or other OpenPGP software users (when the recipient’s public key is known) will be transferred directly through email providers like any other email, but encrypted, and will never expire.

Send a password-protected email

Follow these steps if you want to send a password-protected email:

1. Open https://mail.google.com in the same browser where you installed FlowCrypt.

browser gettingstarted clicksubjectattest

2.Click Secure Compose just above the standard Gmail Compose button. The Secure Compose window will show up:

browser sendingencryptedemailattachment clicksecurecompose

3. Add an email address. If the recipient doesn’t have FlowCrypt installed, the email address will be displayed in grey, suggesting that you should use a message password to send this email:

browser settingupFCwithprivatekey emailtononflowcryptuser

4. On the bottom of this window, enter the message password in the input field.

Don’t use the passphrase that you’ve chosen during the FlowCrypt setup process. Use a new one that you can share with others.

5. Once you’re done with your password, click Encrypt, Sign, and Send:

browser settingupFCwithprivatekey clickencryptandsendtononFCuser

How can you send your message password to the recipient?

This is a common case in practice:

I’ve sent an encrypted email. It had me choose a message password for the recipient to access the email. How do I inform the recipient of the email password securely?

Well, it depends on your use case and the relationship with the recipient. You can share it over a phone call - that’s the best option.

WhatsApp or Signal are great apps for this purpose because they are encrypted.

Don’t send message passwords over email.

For less sensitive things, you may choose to send the password over another medium, such as text, Skype, etc.

What’s next? Read the Open Password-Protected Email guide to see what it looks like when someone receives a password-protected email and how to open it.