High Level Architecture
The Google Workspace CSE library enables encryption operations within the client, storing only encrypted data and encrypted keys on the Google Workspace servers. End user authentication is provided by a third-party identity provider.
Google Workspace CSE allows the users to secure:
-
Calls over Google Meet
-
Docs, Sheets, and Slides data inside a Drive
-
Google Calendar events
-
Gmail (Google email) messages
Content is secured with an external encryption key maintained by the KACLS.
High Level Architecture
The following diagram shows the high level architecture:
Architecture for Gmail
The following diagram shows the high level architecture for Google Workspace CSE for Gmail:
Architecture for Key Migration
The following diagram shows the Google CSE key migration workflow:
