“The concept is that it doesn’t matter what, at no time and under no circumstances does Gmail ever have the actual key. By no means,” Julien Duplant, a Google Workspace product supervisor, advised Ars. “And we by no means have the decrypted content material. It’s solely occurring on that person’s gadget.”
Now, as as to whether this constitutes true E2EE, it doubtless doesn’t, no less than beneath stricter definitions which can be generally used. To purists, E2EE signifies that solely the sender and the recipient have the means essential to encrypt and decrypt the message. That’s not the case right here, because the individuals inside Bob’s group who deployed and handle the KACL have true custody of the important thing.
In different phrases, the precise encryption and decryption course of happens on the end-user units, not on the group’s server or anyplace else in between. That’s the half that Google says is E2EE. The keys, nevertheless, are managed by Bob’s group. Admins with full entry can listen in on the communications at any time.
The mechanism making all of this doable is what Google calls CSE, quick for client-side encryption. It supplies a easy programming interface that streamlines the method. Till now, CSE labored solely with S/MIME. What’s new here’s a mechanism for securely sharing a symmetric key between Bob’s group and Alice or anybody else Bob desires to e mail.
The brand new function is of potential worth to organizations that should adjust to onerous laws mandating end-to-end encryption. It most positively isn’t appropriate for shoppers or anybody who desires sole management over the messages they ship. Privateness advocates, take be aware.
