“The thought is that it doesn’t matter what, at no time and under no circumstances does Gmail ever have the actual key. By no means,” Julien Duplant, a Google Workspace product supervisor, instructed Ars. “And we by no means have the decrypted content material. It’s solely occurring on that person’s gadget.”
Now, as as to if this constitutes true E2EE, it doubtless doesn’t, at the very least below stricter definitions which are generally used. To purists, E2EE implies that solely the sender and the recipient have the means essential to encrypt and decrypt the message. That’s not the case right here, because the individuals inside Bob’s group who deployed and handle the KACL have true custody of the important thing.
In different phrases, the precise encryption and decryption course of happens on the end-user gadgets, not on the group’s server or wherever else in between. That’s the half that Google says is E2EE. The keys, nevertheless, are managed by Bob’s group. Admins with full entry can listen in on the communications at any time.
The mechanism making all of this attainable is what Google calls CSE, quick for client-side encryption. It gives a easy programming interface that streamlines the method. Till now, CSE labored solely with S/MIME. What’s new here’s a mechanism for securely sharing a symmetric key between Bob’s group and Alice or anybody else Bob desires to e-mail.
The brand new function is of potential worth to organizations that should adjust to onerous rules mandating end-to-end encryption. It most undoubtedly isn’t appropriate for customers or anybody who desires sole management over the messages they ship. Privateness advocates, take observe.
