added downloading feature

Author: Incharajayaram

Email_client/QuMail.EmailProtocol/Controllers/EmailController.cs

@@ -640,6 +640,16 @@ public async Task<IActionResult> DecryptToPqc2(Guid emailId)
             if (TryParseEnvelope(email.Subject, out var otpSubjectEnvelope))
             {
                 pqcSubject = await DecryptOTPAsync(otpSubjectEnvelope);
+                // Check if OTP decryption failed
+                if (pqcSubject == "OTP decryption failed" || pqcSubject == "Decryption failed")
+                {
+                    _logger.LogError("OTP decryption failed for subject");
+                    return BadRequest(new {
+                        success = false,
+                        message = "Failed to decrypt email: OTP decryption failed for subject",
+                        detail = "The OTP service may be unavailable or the encryption key may have expired"
+                    });
+                }
             }
             else
             {
@@ -650,6 +660,16 @@ public async Task<IActionResult> DecryptToPqc2(Guid emailId)
             if (TryParseEnvelope(email.Body, out var otpBodyEnvelope))
             {
                 pqcBody = await DecryptOTPAsync(otpBodyEnvelope);
+                // Check if OTP decryption failed
+                if (pqcBody == "OTP decryption failed" || pqcBody == "Decryption failed")
+                {
+                    _logger.LogError("OTP decryption failed for body");
+                    return BadRequest(new {
+                        success = false,
+                        message = "Failed to decrypt email: OTP decryption failed for body",
+                        detail = "The OTP service may be unavailable or the encryption key may have expired"
+                    });
+                }
             }
             else
             {
@@ -757,10 +777,19 @@ public async Task<IActionResult> DecryptToPqc(Guid emailId)
             // PHASE 1: Decrypt OTP layer (outermost)
             _logger.LogInformation("Decrypting OTP layer for subject and body");
             string aesSubject, aesBody;
+            bool subjectDecryptionFailed = false;
+            bool bodyDecryptionFailed = false;
 
             if (TryParseEnvelope(email.Subject, out var otpSubjectEnvelope))
             {
                 aesSubject = await DecryptOTPAsync(otpSubjectEnvelope);
+                // Check if OTP decryption failed
+                if (aesSubject == "OTP decryption failed" || aesSubject == "Decryption failed")
+                {
+                    _logger.LogWarning("OTP decryption failed for subject, using fallback message");
+                    aesSubject = "[Decryption Failed - OTP key may have expired]";
+                    subjectDecryptionFailed = true;
+                }
             }
             else
             {
@@ -771,38 +800,65 @@ public async Task<IActionResult> DecryptToPqc(Guid emailId)
             if (TryParseEnvelope(email.Body, out var otpBodyEnvelope))
             {
                 aesBody = await DecryptOTPAsync(otpBodyEnvelope);
+                // Check if OTP decryption failed
+                if (aesBody == "OTP decryption failed" || aesBody == "Decryption failed")
+                {
+                    _logger.LogWarning("OTP decryption failed for body, using fallback message");
+                    aesBody = "[Decryption Failed - OTP key may have expired. The encryption key for this message is no longer available.]";
+                    bodyDecryptionFailed = true;
+                }
             }
             else
             {
                 _logger.LogWarning("Failed to parse OTP envelope for body");
                 aesBody = email.Body;
             }
 
-            // PHASE 2: Decrypt AES layer (middle)
+            // PHASE 2: Decrypt AES layer (middle) - skip if OTP decryption failed
             _logger.LogInformation("Decrypting AES layer for subject and body");
             string pqcSubject, pqcBody;
 
-            if (TryParseAESEnvelope(aesSubject, out var aesSubjectEnvelope))
+            if (!subjectDecryptionFailed && TryParseAESEnvelope(aesSubject, out var aesSubjectEnvelope))
             {
                 pqcSubject = await DecryptAESAsync(aesSubjectEnvelope);
+                // Check if AES decryption failed
+                if (pqcSubject.StartsWith("AES decryption failed"))
+                {
+                    _logger.LogWarning("AES decryption failed for subject, using fallback message");
+                    pqcSubject = "[Decryption Failed - AES decryption error]";
+                    subjectDecryptionFailed = true;
+                }
             }
             else
             {
-                _logger.LogWarning("Failed to parse AES envelope for subject");
+                if (!subjectDecryptionFailed)
+                {
+                    _logger.LogWarning("Failed to parse AES envelope for subject");
+                }
                 pqcSubject = aesSubject;
             }
 
-            if (TryParseAESEnvelope(aesBody, out var aesBodyEnvelope))
+            if (!bodyDecryptionFailed && TryParseAESEnvelope(aesBody, out var aesBodyEnvelope))
             {
                 pqcBody = await DecryptAESAsync(aesBodyEnvelope);
+                // Check if AES decryption failed
+                if (pqcBody.StartsWith("AES decryption failed"))
+                {
+                    _logger.LogWarning("AES decryption failed for body, using fallback message");
+                    pqcBody = "[Decryption Failed - AES decryption error. The encryption key for this message is no longer available.]";
+                    bodyDecryptionFailed = true;
+                }
             }
             else
             {
-                _logger.LogWarning("Failed to parse AES envelope for body");
+                if (!bodyDecryptionFailed)
+                {
+                    _logger.LogWarning("Failed to parse AES envelope for body");
+                }
                 pqcBody = aesBody;
             }
 
-            // PHASE 3: Decrypt attachments from OTP+AES layers to PQC layer
+            // PHASE 3: Decrypt attachments from OTP+AES layers to PQC layer - continue even if some fail
             _logger.LogInformation("Decrypting attachments for PQC_3_LAYER email");
             string? pqcAttachmentsJson = null;
             if (!string.IsNullOrWhiteSpace(email.Attachments))
@@ -813,29 +869,64 @@ public async Task<IActionResult> DecryptToPqc(Guid emailId)
                     if (attachmentsList != null && attachmentsList.Count > 0)
                     {
                         var decryptedAttachments = new List<object>();
-                        foreach (var item in attachmentsList)
+                        for (int idx = 0; idx < attachmentsList.Count; idx++)
                         {
-                            var fileName = item.ContainsKey("fileName") ? item["fileName"]?.ToString() : null;
-                            var contentType = item.ContainsKey("contentType") ? item["contentType"]?.ToString() : null;
-                            var envelope = item.ContainsKey("envelope") ? item["envelope"]?.ToString() : null;
-
-                            if (!string.IsNullOrWhiteSpace(fileName) && !string.IsNullOrWhiteSpace(envelope))
+                            try
                             {
-                                // Decrypt OTP layer first
-                                if (TryParseEnvelope(envelope, out var otpEnvelope))
+                                var item = attachmentsList[idx];
+                                var fileName = item.ContainsKey("fileName") ? item["fileName"]?.ToString() : null;
+                                var contentType = item.ContainsKey("contentType") ? item["contentType"]?.ToString() : null;
+                                var envelope = item.ContainsKey("envelope") ? item["envelope"]?.ToString() : null;
+
+                                if (!string.IsNullOrWhiteSpace(fileName) && !string.IsNullOrWhiteSpace(envelope))
                                 {
-                                    var aesEnvelope = await DecryptOTPAsync(otpEnvelope);
+                                    _logger.LogInformation("Processing attachment {Index}: {FileName}", idx, fileName);
 
-                                    // Then decrypt AES layer to get PQC envelope
-                                    if (TryParseAESEnvelope(aesEnvelope, out var aesEnvelopeObj))
+                                    // Decrypt OTP layer first
+                                    if (TryParseEnvelope(envelope, out var otpEnvelope))
                                     {
-                                        var pqcEnvelope = await DecryptAESAsync(aesEnvelopeObj);
-                                        decryptedAttachments.Add(new { fileName, contentType, pqcEnvelope });
+                                        var aesEnvelope = await DecryptOTPAsync(otpEnvelope);
+
+                                        // Check if OTP decryption failed
+                                        if (aesEnvelope == "OTP decryption failed" || aesEnvelope == "Decryption failed")
+                                        {
+                                            _logger.LogWarning("OTP decryption failed for attachment {Index}: {FileName}, skipping", idx, fileName);
+                                            continue;
+                                        }
+
+                                        // Then decrypt AES layer to get PQC envelope
+                                        if (TryParseAESEnvelope(aesEnvelope, out var aesEnvelopeObj))
+                                        {
+                                            var pqcEnvelope = await DecryptAESAsync(aesEnvelopeObj);
+
+                                            // Check if AES decryption failed
+                                            if (pqcEnvelope.StartsWith("AES decryption failed"))
+                                            {
+                                                _logger.LogWarning("AES decryption failed for attachment {Index}: {FileName}, skipping", idx, fileName);
+                                                continue;
+                                            }
+
+                                            decryptedAttachments.Add(new { fileName, contentType, pqcEnvelope });
+                                            _logger.LogInformation("Successfully decrypted attachment {Index}: {FileName}", idx, fileName);
+                                        }
+                                        else
+                                        {
+                                            _logger.LogWarning("Failed to parse AES envelope for attachment {Index}: {FileName}", idx, fileName);
+                                        }
+                                    }
+                                    else
+                                    {
+                                        _logger.LogWarning("Failed to parse OTP envelope for attachment {Index}: {FileName}", idx, fileName);
                                     }
                                 }
                             }
+                            catch (Exception attEx)
+                            {
+                                _logger.LogError(attEx, "Failed to decrypt individual attachment {Index}, continuing with others", idx);
+                            }
                         }
                         pqcAttachmentsJson = JsonSerializer.Serialize(decryptedAttachments, _jsonOptions);
+                        _logger.LogInformation("Successfully decrypted {Count} out of {Total} attachments", decryptedAttachments.Count, attachmentsList.Count);
                     }
                 }
                 catch (Exception ex)

Email_client/QuMail.EmailProtocol/Controllers/PQCController.cs

@@ -17,15 +17,18 @@ public class PQCController : ControllerBase
 {
     private readonly Level3KyberPQC _kyberPQC;
     private readonly Level3PQCEmailService _pqcEmailService;
+    private readonly Level3HybridEncryption _hybridEncryption;
     private readonly AuthDbContext _context;
 
     public PQCController(
         Level3KyberPQC kyberPQC,
         Level3PQCEmailService pqcEmailService,
+        Level3HybridEncryption hybridEncryption,
         AuthDbContext context)
     {
         _kyberPQC = kyberPQC ?? throw new ArgumentNullException(nameof(kyberPQC));
         _pqcEmailService = pqcEmailService ?? throw new ArgumentNullException(nameof(pqcEmailService));
+        _hybridEncryption = hybridEncryption ?? throw new ArgumentNullException(nameof(hybridEncryption));
         _context = context ?? throw new ArgumentNullException(nameof(context));
     }
 
@@ -157,17 +160,34 @@ public IActionResult DecryptEmail([FromBody] PQCDecryptRequest request)
                 });
             }
 
-            // Try to decrypt with the provided encryptedKeyId
-            // If it fails and the encryptedKeyId looks like a plain keyId (starts with "PQC-"),
-            // we'll handle it as a legacy email
+            // Route to appropriate decryption method based on UseAES flag
+            // UseAES=true: 3-layer encryption (PQC + AES + OTP) using Level3HybridEncryption
+            // UseAES=false: 2-layer encryption (PQC + OTP) using Level3PQCEmailService
             string decrypted;
             try
             {
-                decrypted = _pqcEmailService.DecryptEmail(
-                    request.EncryptedBody,
-                    request.PQCCiphertext,
-                    request.EncryptedKeyId,
-                    request.PrivateKey);
+                if (request.UseAES)
+                {
+                    // 3-layer decryption path (PQC + AES + OTP)
+                    Console.WriteLine("[PQCController] Using 3-layer decryption (PQC + AES + OTP)");
+                    decrypted = _hybridEncryption.DecryptAsync(
+                        request.EncryptedBody,
+                        request.PQCCiphertext,
+                        request.EncryptedKeyId,
+                        request.PrivateKey,
+                        request.Algorithm ?? "Kyber512",
+                        usedAES: true).Result;
+                }
+                else
+                {
+                    // 2-layer decryption path (PQC + OTP)
+                    Console.WriteLine("[PQCController] Using 2-layer decryption (PQC + OTP)");
+                    decrypted = _pqcEmailService.DecryptEmail(
+                        request.EncryptedBody,
+                        request.PQCCiphertext,
+                        request.EncryptedKeyId,
+                        request.PrivateKey);
+                }
             }
             catch (Exception) when (request.EncryptedKeyId?.StartsWith("PQC-") == true)
             {
@@ -435,6 +455,8 @@ public class PQCDecryptRequest
     public string PQCCiphertext { get; set; } = string.Empty;
     public string EncryptedKeyId { get; set; } = string.Empty; // NEW: Required for KeyManager
     public string PrivateKey { get; set; } = string.Empty;
+    public string? Algorithm { get; set; } // NEW: PQC algorithm used (Kyber512/Kyber1024)
+    public bool UseAES { get; set; } = false; // NEW: True for 3-layer (PQC+AES+OTP), false for 2-layer (PQC+OTP)
 }
 
 public class ValidateKeyRequest

frontend/lib/screens/compose_screen.dart

@@ -57,7 +57,7 @@ class _ComposeScreenState extends State<ComposeScreen> {
       final recipientEmail = _toController.text.trim();
       if (recipientEmail.isNotEmpty) {
         try {
-          final resp = await http.get(Uri.parse('http://localhost:5001/api/email/pqc/public-key/${Uri.encodeComponent(recipientEmail)}'));
+          final resp = await http.get(Uri.parse('https://quantum.pointblank.club/api/email/pqc/public-key/${Uri.encodeComponent(recipientEmail)}'));
           if (resp.statusCode == 200) {
             final data = jsonDecode(resp.body) as Map<String, dynamic>;
             final pk = (data['data'] as Map<String, dynamic>)['publicKey'] as String;