Google has released a beta version of client-side encryption (CSE), a feature that is similar to the gold standard for privacy in communication services, known as end-to-end encryption. The client-side encryption makes sensitive data in email bodies unreadable to anyone except the sender and receiver.
Customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard can apply to participate in the beta until January 20, 2023. Personal Google Accounts are not eligible. Administrators can enable the feature by navigating to Security > Access and data control > Client-side encryption from the Admin console.
“Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers,” the company said in a post. “Customers retain control over encryption keys and the identity service to access those keys.”
Some features, such as multi-send mode, signatures, Smart Compose, translation and summaries, Confidential mode, and so on, will not be available with CSE emails, according to Google. Furthermore, CSE on Gmail will not allow users to search the body of the encrypted message, and third-party add-ons will be unable to access the plain-text contents of the encrypted mail.
Client-side encryption differs from end-to-end encryption in that it protects data while it is in transit. It enables businesses to encrypt data on Google services using their own cryptographic keys. The data is decrypted on the client side with keys generated and managed by a cloud-based key management service. While End-to-end encryption (E2EE) is a communication method in which information is encrypted on the sender’s device and can only be decrypted on the recipient’s device using a key known only to the sender and the recipient.
The sources for this piece include an article in TheHackerNews.