Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service. Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy. Those applications are sometimes marketed under the misleading term "zero-knowledge".
Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client-side of the exchange. By remaining encrypted through each intermediary server, client-side encryption ensures that data retains privacy from the origin to the destination server. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.
Current academic scholarship as well as recommendations by industry professionals provide much support for developers to include client-side encryption to protect the confidentiality and integrity of information.
Examples of cloud storage services that provide client-side encryption are Tresorit, MEGA and SpiderOak. As of February 2016, neither Apple iCloud, or Dropbox provide client-side encryption. Google Drive and Google Docs released client-side encryption in 2021 thereby becoming the first cloud productivity suite ever and the first major cloud storage platform to productionize client-side encryption. Google followed up by releasing client-side encrypted versions of Google Meet, Google Calendar, and Gmail. As of January 2023, Google Workspace Client-side encryption is not yet available to free users.
- End-to-end encryption – the encryption of data between two different clients that are communicating with each other
- Homomorphic encryption
- Tunio Gaffer (2015). "Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security". Information Security Today. Auerbach Publications. Archived from the original on January 16, 2016. Retrieved February 21, 2016.
- "Spider Oak - Please stop describing your service as "Zero Knowledge" unless and ... | Hacker News". news.ycombinator.com. Retrieved 2018-07-16.
- "What is Client-side Encryption and Why Does It Matter?". Virtru. 2015-05-25. Retrieved 2021-05-05.
- Deka, Ganesh Chandra (31 October 2014). "3 Security Architecture for Cloud Computing". Handbook of Research on Securing Cloud-Based Databases with Biometric Applications. IGI Global. ISBN 978-1-4666-6560-6. Retrieved 21 February 2016.
- Tobias Ackermann (22 December 2012). IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. Springer Science & Business Media. pp. 136–. ISBN 978-3-658-01115-4. Retrieved 21 February 2016.
- "Communications of the Association for Information Systems 13:Article 24". Cloud Computing Sicherheit: Schutzziele, Taxonomie, Marktübersicht. Fraunhofer-Institut für Sichere Informationstechnologie SIT. 2009. ISBN 978-3-9813317-0-7. Retrieved 21 February 2016.
- "Does iCloud use client-side encryption?". Stack Overflow. 30 July 2012. Retrieved February 21, 2016.
- Tunio Zaffer (8 April 2015). "Client Side Encryption: The Latest Trend In Cloud Storage". Dataconomy. Retrieved February 21, 2016.
- "Can I specify my own private key for my Dropbox?". Retrieved February 21, 2016.
- "Client-side encryption and strengthened collaboration in Google Workspace". Google Workspace Blog. Retrieved 2023-01-24.
- "Client-side encryption for Gmail available in beta". Google Workspace Updates. Retrieved 2023-01-24.