Learn about client-side encryption in Calendar

Calendar uses strong cryptographic standards to encrypt all data at rest and in transit between its facilities. With client-side encryption (CSE), your organization has control of encryption keys and the identity provider (IdP) used to access those keys to further strengthen the security of your events data.

When you add CSE to an event:

  • The description and Meet conference are client-side encrypted.
  • You can only add encrypted attachments.
  • Other fields, like the title or location, have only regular encryption.

Your organization might need to use CSE to help with:

  • Privacy: Your organization works with extremely sensitive intellectual property.
  • Regulatory compliance: Your organization operates in a highly regulated industry, like aerospace and defense, financial services, or government.

You can use CSE with these Google Workspace editions:

  • Education Plus
  • Education Standard
  • Workspace Enterprise Plus

Important: To use CSE, your administrator must connect Google Workspace to an external identity provider and encryption key service (IdP+KACL). Learn more about your administrator.

Learn about encryption

Encryption is the process of encoding information to protect your data. Only users who have Workspace Client-side encryption enabled by their administrator and have verified their identity can create events and view encrypted content.

Encrypted events can be decrypted by attendees or users in the organization if they have access to the encryption keys. Contact your administrator to learn more.

Tip: Your domain administrator has control over which groups and individuals can use encryption.

Access & encrypt events

  • You can only encrypt regular events.
    • Other events, such as focus time or appointment slots, don't support CSE.
  • To view client-side encrypted event descriptions, you must use Calendar.
  • Guests outside your organization must have the decryption keys to access encrypted contents.
  • For a new owner to decrypt an encrypted event description, the domain administrator must grant the new owner permission.

Some features aren't available with client-side encrypted events in Calendar, such as:

  • Search for event descriptions
  • Encrypt or decrypt events offline

Create an encrypted event

Important: You can only add CSE when you create an event.

  1. On your Android device, open the Google Calendar app Calendar.
  2. Tap Create Insert and then Event Event.
  3. Tap Add encryption and then Add encryption.
    • You may get a pop-up to authenticate with your IdP.
    • Tip: Always turn on CSE before you enter any event details. When you turn on CSE, event descriptions and unencrypted attachments are reset.
  4. Add event details like:
  5. Tap Save.

View an encrypted event as a guest

  1. On your Android device, open the Google Calendar app Calendar.
  2. Select the event.
    • If you get a prompt to verify your identity:
      1. Tap Sign in.
      2. Verify your identity with your IdP.

Find out if a calendar event is encrypted

In an event invitation, when CSE is on, you can find a shield icon next to:
  • “Join with Google Meet” button in a Google Calendar invite
  • Event description
  • Each attachment

Related resources

false
Search
Clear search
Close search
Google apps
Main menu
10962855968391646245
true
Search Help Center
true
true
true
true
true
88
false
false