diff --git a/src/modules/email/email-encryption.ts b/src/modules/email/email-encryption.ts
index 22521e9..5e0ea16 100644
--- a/src/modules/email/email-encryption.ts
+++ b/src/modules/email/email-encryption.ts
@@ -45,5 +45,8 @@ export function projectForCaller(
   return {
     encryptedPreview: envelope.encryptedPreview,
     wrappedKeys: envelope.wrappedKeys,
+    ...(envelope.attachmentWrappedKeys && {
+      attachmentWrappedKeys: envelope.attachmentWrappedKeys,
+    }),
   };
 }
diff --git a/src/modules/email/email.dto.ts b/src/modules/email/email.dto.ts
index c1da337..5e1753f 100644
--- a/src/modules/email/email.dto.ts
+++ b/src/modules/email/email.dto.ts
@@ -59,6 +59,12 @@ export class EncryptionBlockDto {
     description: 'De-identified wrapped keys, one per recipient',
   })
   wrappedKeys!: EncryptedWrappedKeyDto[];
+
+  @ApiProperty({
+    type: [EncryptedWrappedKeyDto],
+    description: 'De-identified attachment wrapped keys, one per recipient',
+  })
+  attachmentWrappedKeys!: EncryptedWrappedKeyDto[];
 }
 
 export class AttachmentRefDto {
@@ -218,6 +224,14 @@ export class EncryptedSummaryDto {
       'De-identified wrapped keys; the client trial-decrypts to read',
   })
   wrappedKeys!: EncryptedWrappedKeyDto[];
+
+  @ApiPropertyOptional({
+    type: [EncryptedWrappedKeyDto],
+    description:
+      'De-identified wrapped keys for the symmetric key that encrypts the ' +
+      "email's attachments. Present only when the email has encrypted attachments.",
+  })
+  attachmentWrappedKeys?: EncryptedWrappedKeyDto[];
 }
 
 export class EmailSummaryResponseDto {
diff --git a/src/modules/email/email.types.ts b/src/modules/email/email.types.ts
index 1fb3525..1008f6c 100644
--- a/src/modules/email/email.types.ts
+++ b/src/modules/email/email.types.ts
@@ -23,6 +23,7 @@ export interface Mailbox {
 export interface EncryptedSummaryFields {
   encryptedPreview: string;
   wrappedKeys: EncryptedWrappedKey[];
+  attachmentWrappedKeys?: EncryptedWrappedKey[];
 }
 
 export interface EmailSummary {
@@ -77,6 +78,7 @@ export interface EncryptionBlock {
   encryptedPreview: string;
   encryptedText: string;
   wrappedKeys: EncryptedWrappedKey[];
+  attachmentWrappedKeys?: EncryptedWrappedKey[];
 }
 
 export interface SendEmailDto {