Not all recipients have OpenPGP software installed when you want to email them. Having encryption set up on both ends offers the most convenient experience, but there is also a mechanism to send encrypted messages to others: password encrypted messages.
Password encrypted messages will be encrypted on the sender’s device, transferred through our servers encrypted, and then delivered to your recipient’s browser. Your recipient will need to have the password to decrypt the message in their browser.
By default, we expire these messages within 3 days of sending, and then delete them from our servers not long after. This is done to protect users who may have used a weak password.
Conversely, messages sent between users who use FlowCrypt or other OpenPGP software (when recipient’s Public Key is known) will be transferred directly through email providers like any other email, except encrypted, and will never expire.
Sending a password protected message
For now, this functinality is only available in browser extensions for Chrome and Firefox. It is not yet available in iOS or Android apps.
Open https://mail.google.com in the same browser where you installed FlowCrypt.
Secure Compose just above the standard Gmail Compose button. The Secure Compose window will show up:
Add recipient email address. If the recipient does not have Flowcrypt installed, the email address will be displayed as grey, suggesting that a message password is needed to send this message.
On the bottom, enter a
one time password in the input field. Message password should be something that you can share with the recipient.
Do not use your Pass Phrase (that you chose during FlowCrypt Setup). Use some other password that you can share with others.
Encrypt and Send.
How to communicate a message password to recipient?
I sent an encrypted email. It had me choose a one time password for the recipient to use to access the email. How do I inform the recipient of the one time password in a secure way?
It depends on your use case and the relationship with the recipient. You could communicate it over a phone call - that’s about the best.
WhatsApp or Signal are great apps for this because they are encrypted.
For less sensitive things, you could send the password over some other medium such as text, Skype, etc.
Do not send one-time passwords over email.