Google to roll out end-to-end encryption for Gmail users

Once enabled, Gmail client-side encryption will make sure that even the Google servers will not be able to decrypt any information sent as an attachment or as part of an email

By
Web Desk
|
Google to roll out end-to-end encryption for Gmail users

  • Google to introduce end-to-end encryption (E2EE) for Gmail on the web. 
  • Once enabled, even Google servers can't decrypt messages in mails.
  • Google Drive, Docs, Sheets, Slides, Meet, Calendar already have encyption enabled. 


Enrolled Google Workspace users will now be able to send and receive encrypted emails both inside and outside of their domain thanks to end-to-end encryption (E2EE) to Gmail on the web, Google announced on Friday.

Once enabled, Gmail client-side encryption will make sure that even the Google servers will not be able to decrypt any information sent as an attachment or as part of an email.

Users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar already had access to client-side encryption (what Google refers to as E2EE) (beta).

"With Google Workspace Client-side encryption (CSE), content encryption is handled in the client's browser before any data is transmitted or stored in Drive's cloud-based storage," Google said on its support website.

"That way, Google servers can't access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally."

Users can apply for the beta until January 20, 2023, by submitting their Gmail CSE Beta Test Application along with the email address, Project ID, and test group domain.

Gmail E2EE beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

The feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits. This is also true for legacy G Suite Basic and Business customers.

After Google emails back that the account is ready, admins can set up Gmail CSE for their users by going through the following procedure to set up their environment, prepare S/MIME certificates for each user in the test group, and configure the key service and identity provider.

​The feature will be off by default and can be enabled at the domain, organizational unit, and Group levels by going to Admin console > Security > Access and data control > Client-side encryption.

Once enabled, you can toggle on E2EE for any message by clicking the lock icon next to the Recipients field and clicking "Turn on" under the "Additional encryption" option.

Google to roll out end-to-end encryption for Gmail users

You can then compose your Gmail message and add email attachments as you would normally do.

"Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities," Google added.

"Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs."