Confidential data in the body of the email is now undecryptable by Google.
Google announced the launch of Client-Side Encryption (CSE) beta, which allows mail users to send and receive encrypted emails within and outside their domain.
Client-side encryption in Gmail will be available in beta for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. Users can apply for beta testing until January 20, 2023. CSE is not available for personal Google Accounts.
“The use of client-side encryption in Gmail ensures that sensitive data in the email body and attachments cannot be decrypted by Google servers. Customers retain control over the encryption keys and the identity service to access those keys,” Google said in the announcement.
The Google Drive app for PC, Android, and iOS already supports client-side encryption. According to Google, this feature will be integrated into the Meet and Calendar mobile apps in a future release.
Google Workspace Client-Side Encryption (CSE) allows you to encrypt content in your client browser before data is transmitted or stored in the Drive cloud storage. The company has indicated that it cannot access users' encryption keys.
It is important to note that client-side encryption (CSE) is different from end-to-end encryption (E2EE).
Client-side encryption allows organizations to encrypt data using their own cryptographic keys. The data is decrypted on the client side using keys that are generated and managed by a cloud-based key management service.
This means that the data is protected from unauthorized access, even from the side of the server or service provider. However, the organization or administrator has control over the keys and can monitor users' encrypted files or revoke a user's access to keys, even if they were generated by the user.
And with end-to-end encryption, the information is encrypted on the sender's device and can only be decrypted on the recipient's device using a key known only to the sender and recipient.