“The concept is that it doesn’t matter what, at no time and on no account does Gmail ever have the actual key. By no means,” Julien Duplant, a Google Workspace product supervisor, advised Ars. “And we by no means have the decrypted content material. It’s solely occurring on that consumer’s machine.”
Now, as as to if this constitutes true E2EE, it possible doesn’t, at the very least below stricter definitions which are generally used. To purists, E2EE signifies that solely the sender and the recipient have the means essential to encrypt and decrypt the message. That’s not the case right here, for the reason that folks inside Bob’s group who deployed and handle the KACL have true custody of the important thing.
In different phrases, the precise encryption and decryption course of happens on the end-user units, not on the group’s server or anyplace else in between. That’s the half that Google says is E2EE. The keys, nevertheless, are managed by Bob’s group. Admins with full entry can listen in on the communications at any time.
The mechanism making all of this potential is what Google calls CSE, brief for client-side encryption. It offers a easy programming interface that streamlines the method. Till now, CSE labored solely with S/MIME. What’s new here’s a mechanism for securely sharing a symmetric key between Bob’s group and Alice or anybody else Bob desires to e-mail.
The brand new function is of potential worth to organizations that should adjust to onerous rules mandating end-to-end encryption. It most undoubtedly isn’t appropriate for customers or anybody who desires sole management over the messages they ship. Privateness advocates, take notice.
“The concept is that it doesn’t matter what, at no time and on no account does Gmail ever have the actual key. By no means,” Julien Duplant, a Google Workspace product supervisor, advised Ars. “And we by no means have the decrypted content material. It’s solely occurring on that consumer’s machine.”
Now, as as to if this constitutes true E2EE, it possible doesn’t, at the very least below stricter definitions which are generally used. To purists, E2EE signifies that solely the sender and the recipient have the means essential to encrypt and decrypt the message. That’s not the case right here, for the reason that folks inside Bob’s group who deployed and handle the KACL have true custody of the important thing.
In different phrases, the precise encryption and decryption course of happens on the end-user units, not on the group’s server or anyplace else in between. That’s the half that Google says is E2EE. The keys, nevertheless, are managed by Bob’s group. Admins with full entry can listen in on the communications at any time.
The mechanism making all of this potential is what Google calls CSE, brief for client-side encryption. It offers a easy programming interface that streamlines the method. Till now, CSE labored solely with S/MIME. What’s new here’s a mechanism for securely sharing a symmetric key between Bob’s group and Alice or anybody else Bob desires to e-mail.
The brand new function is of potential worth to organizations that should adjust to onerous rules mandating end-to-end encryption. It most undoubtedly isn’t appropriate for customers or anybody who desires sole management over the messages they ship. Privateness advocates, take notice.
