Google offers end-to-end encryption for Gmail on the web

Google announced Friday that it is adding end-to-end encryption (E2EE) to Gmail on the web, allowing registered Google Workspace users to send and receive encrypted email messages within and outside their domain.

Client-side encryption (as Google calls E2EE) was already available For users of Google Drive, Google Docs, Sheets & Slides, Google Meet, and Google Calendar (Beta).

Once enabled, client-side Gmail encryption will ensure that any sensitive data delivered as part of the email body and attachments (including inline images) cannot be decrypted by Google’s servers – the email header (including subject, timestamps, and recipient lists) is not encrypted.

“Using Google Workspace Client-side encryption (CSE), content encryption is handled in the client’s browser before any data is transmitted or stored in Drive’s cloud-based storage,” It is explained on its support site.

“This way, Google’s servers can’t access the encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally.”

Gmail E2EE beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

they can Apply for the trial version Until January 20, 2023, by submitting Gmail CSE Beta Test app Which should include the email address, project id, and experimental group domain.

The company says the feature is not yet available to users with personal Google or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits accounts, as well as legacy G Suite Basic and Business customers.

After sending Google emails again to confirm that the account is ready, admins can set up Gmail CSE for their users by following Next procedure To set up their environment, set up S/MIME certificates for each user in the test suite, and configure the master service and identity provider.

The feature will be turned off by default and can be enabled at the domain, organizational unit, and group levels by going to the Admin console > Security > Access and data control > Client-side encryption.

Once enabled, you can switch to E2EE for any message by clicking the padlock icon next to the recipients field and clicking “On” under the Additional Encryption option.

Users will then be able to compose their Gmail messages and add email attachments as they normally would.

Google Workspace already uses the latest encryption standards to encrypt all data in storage and transmission between our facilities. added.

“Client-side encryption helps enhance the confidentiality of your data while helping to address a wide range of data sovereignty and compliance needs.”