Google has announced end-to-end encryption for Gmail on the web, available in beta for Google Workspace Enterprise Plus, Education Plus and Education standard customers. Users can sign up for the beta program until January 20, 2023.
The company claims it can’t access users’ encryption keys and that they have full control over encryption keys and the identity service required to access said keys.
The feature is currently called Additional encryption and can be enabled on supported accounts by clicking the lock icon in the recipient field and selecting the appropriate option.
This isn’t the first Google service to get end-to-end encryption either. Google Drive, Docs, Sheets, Slides, Meet and Calendar, although Calender is in beta now.
However, getting the feature isn’t as simple as just applying for the beta program. It does require workspace users to set up their email environments by creating a new GCP project in the Google Cloud Console with the Gmail API enabled.
This new service account will need to be granted domain-wide access. Users will also need to generate S/MIME certifications for each user in the group who will test the new service, including both senders and receivers. You can find more information about the setup procedure in Google’s support article.
Once you’re done setting up, you can fill out the Google Form application to apply for end-to-end encryption, including your email, project ID and test group domain.
The encryption covers only the email body and attachments, including inline images. The email header isn’t encrypted, including the subject, timestamps and recipients lists.
While this may not be a complete solution, pushing end-to-end encryption on Workspace will help it stand against competitors like Proton, which offers full end-to-end encryption.