Google announced connected Friday that it's adding end-to-end encryption (E2EE) to Gmail connected the web, allowing enrolled Google Workspace users to nonstop and person encrypted emails wrong and extracurricular their domain. 

Client-side encryption (as Google calls E2EE) was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta).

Once enabled, Gmail client-side encryption volition guarantee that immoderate delicate information delivered arsenic portion of the email's assemblage and attachments (including inline images) tin not beryllium decrypted by Google servers — the email header (including subject, timestamps, and recipients lists) volition not beryllium encrypted.

"With Google Workspace Client-side encryption (CSE), contented encryption is handled successful the client's browser earlier immoderate information is transmitted oregon stored successful Drive's cloud-based storage," Google explained connected its enactment website.

"That way, Google servers can't entree your encryption keys and decrypt your data. After you acceptable up CSE, you tin take which users tin make client-side encrypted contented and stock it internally oregon externally."

Gmail E2EE beta is presently disposable for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

They can apply for the beta until January 20, 2023, by submitting their Gmail CSE Beta Test Application which should see the email address, Project ID, and trial radical domain.

Sending and receiving end-to-end encrypted emails successful Gmail (Google)

The institution says the diagnostic is not yet disposable to users with idiosyncratic Google Accounts oregon Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, arsenic good arsenic bequest G Suite Basic and Business customers. 

After Google emails backmost to corroborate that the relationship is ready, admins tin acceptable up Gmail CSE for their users by going through the pursuing procedure to acceptable up their environment, hole S/MIME certificates for each idiosyncratic successful the trial group, and configure the cardinal work and individuality provider.

​The diagnostic volition beryllium disconnected by default and tin beryllium enabled astatine the domain, organizational unit, and Group levels by going to Admin console > Security > Access and information power > Client-side encryption.

Once enabled, you tin toggle connected E2EE for immoderate connection by clicking the fastener icon adjacent to the Recipients tract and clicking "Turn on" nether the "Additional encryption" option.

Users will then beryllium capable to constitute their Gmail messages and adhd email attachments arsenic they would usually do.

"Google Workspace already uses the latest cryptographic standards to encrypt each information astatine remainder and successful transit betwixt our facilities," Google added.

"Client-side encryption helps fortify the confidentiality of your information portion helping to code a wide scope of information sovereignty and compliance needs."