On Friday, Google announced that it will be adding end-to-end encryption (E2EE) to Gmail on the web, according to BleepingComputer.
The encryption upgrade will allow enrolled Google Workspace users to send and receive encrypted emails. This will be allowed within and outside their domain.
CSE is Available in Other Google Features
According to TechRadar, Google plans to roll out client-side encryption (CSE) to Gmail. CSE was already available for those using Google Drive, Google Docs, Slides, and Google Meet. Currently, Google Calendar is testing the said functionality in beta.
Once activated, the client-side encryption in Gmail will ensure that Google servers cannot decrypt any sensitive data delivered as part of the email's body and attachments.
However, the email header, including the subject, timestamps, and recipients lists, will not be encrypted.
Google explained on its support website that users can still use their own encryption keys to encrypt their organization's data. This is in addition to using the default encryption provided by Google Workspace.
With CSE, the encryption of content is handled in the client's browser before any data is transmitted or stored in Drive's cloud-based storage.
Through this, your encryption cannot be accessed by Google servers. Likewise, they cannot decrypt your data.
According to Google, once you set up CSE, you will have the ability to choose which users can create client-side encrypted content. Likewise, you can share it internally or externally.
Currently, Gmail E2EE beta is already available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.
Application for beta is until January 20, 2023. It can be done by submitting the Gmail CSE Beta Test Application. This should have the email address, Project ID, and test group domain.
Read Also: Gmail's New Interface is Becoming Available to All Users
How to Enable the CSE Feature?
The new feature in Gmail is not available to everyone. According to the company, it is not yet available to users with personal Google Accounts or Google Workspace Essentials.
Likewise, it is not available to users of Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.
Once Google emails back to you to confirm that the account is ready, admins will be able to set up Gmail CSE for their users. This can be done by preparing the S/MIME certificates for each user in the test group and configuring the key service and identity provider.
By default, the feature will be off. The feature can be enabled at the domain, Group levels, and organizational unit. To do this, simply do the steps the follow:
- Go to the Admin console.
- Afterward, go to Security.
- Then, proceed to Access and data control.
- Then, go to Client-side encryption.
- After enabling the feature, toggle on E2EE for any message.
- Click the lock icon next to the Recipients field.
- Finally, click "Turn on" under Additional encryption
After all these steps, you will be able to create your Gmail messages. Similarly, you will be able to add email attachments as you would normally do.
According to Google, Workspace uses the latest cryptographic standards to encrypt all data. CSE helps strengthen the confidentiality of your data.
Related Article: The New Gmail Interface with Additional Features is Now Permanent