“The thought is that it doesn’t matter what, at no time and under no circumstances does Gmail ever have the actual key. By no means,” Julien Duplant, a Google Workspace product supervisor, informed Ars. “And we by no means have the decrypted content material. It’s solely taking place on that consumer’s machine.”
Now, as as to if this constitutes true E2EE, it possible doesn’t, a minimum of below stricter definitions which are generally used. To purists, E2EE implies that solely the sender and the recipient have the means essential to encrypt and decrypt the message. That’s not the case right here, for the reason that folks inside Bob’s group who deployed and handle the KACL have true custody of the important thing.
In different phrases, the precise encryption and decryption course of happens on the end-user units, not on the group’s server or wherever else in between. That’s the half that Google says is E2EE. The keys, nonetheless, are managed by Bob’s group. Admins with full entry can listen in on the communications at any time.
The mechanism making all of this doable is what Google calls CSE, brief for client-side encryption. It supplies a easy programming interface that streamlines the method. Till now, CSE labored solely with S/MIME. What’s new here’s a mechanism for securely sharing a symmetric key between Bob’s group and Alice or anybody else Bob desires to electronic mail.
The brand new characteristic is of potential worth to organizations that should adjust to onerous rules mandating end-to-end encryption. It most undoubtedly isn’t appropriate for shoppers or anybody who desires sole management over the messages they ship. Privateness advocates, take be aware.
