Google: Client-Side Encryption Added To Gmail And Calendar

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 01, 2023 05:42 am PST

After testing the functionality in late 2022, Google has now made client-side encryption (CSE) for Gmail and Calendar generally available. According to Google’s Ganesh Chilakapati and Andy Wen, the data privacy restrictions allow “even more businesses to take charge of their data and the single party selecting who has access to it.”

To achieve this, users can arrange meeting events and send and receive emails that are encrypted “before it reaches Google servers” to other members of their organizations or other third parties.

In order to decrypt client-side encrypted files and emails exported using the business’s Data Export tool or Google Vault, the company is also making a decrypter tool for Windows accessible in beta. Future releases of the decrypter are anticipated for Linux and macOS.

The update comes after CSE was made available for other products like Google Drive, Docs, Slides, Sheets, and Meet. The tech giant claimed the solution would protect sensitive data from third parties, including Google, and lessen the “strain of compliance” on businesses and government agencies.

Client Side Encryption Of Gmail and Calendar

Customers of Workspace Enterprise Plus, Education Standard, and Education Plus have access to the feature on a worldwide scale. Personal Google Accounts are excluded.

It should be emphasized that client-side encryption is distinct from end-to-end encryption (E2EE), as Google Workspace users with super administrator capabilities have authority over the encryption keys generated and can turn the option on or off.

It differs from Pretty Good Privacy (PGP), which uses public-key cryptography to achieve CSE’s advantages but necessitates key exchanges between users before email transmission. It transfers the responsibility for establishing and managing the keys to the users, which increases complexity.

Although Google introduced a confidential mode to assist in shielding private information from unauthorized access when sending messages and attachments, the most recent update is the incorporation of CSE into Gmail.


Last week, Google revealed that Workspace users can now usually access client-side encryption (CSE) for Gmail and Calendar. Google had already made CSE accessible for services like Calendar (beta), Docs, Drive, Meet, Sheets, and Slides. In December 2022, it began rolling out CSE for Gmail in beta for a small number of Workspace customers.

For all supported services, the capability is currently generally accessible to Workspace Enterprise Plus, Education Standard, and Education Plus users. Client-side encryption offers Workspace customers an extra degree of data safety while also assisting them in complying with regulatory requirements.

“The development of CSE capabilities across Google Workspace contributes greatly to lowering the compliance burden for businesses and public sector organizations. It increases businesses’ trust in the fact that no one, not even Google or foreign governments, can access their private information, according to Google.

While Google Workspace encrypts data while it is in storage and while it is being transferred, CSE gives clients complete control over their encryption keys and the identity management service used to access those keys.

Google says that starting today, users may write and receive emails or schedule meetings with internal and external parties with confidence that their sensitive data, such as inline photos and attachments, has been secured before it reaches Google servers.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x