S/MIME certificate provisioning for Gmail CSE #1672
Assignees
Labels
Comments
|
I'm in California (PST) and am generally available starting at 7:30AM. Send me a Meet/Zoom invitation and we can discuss you request.
Ross
----
Ross Scroggs
***@***.***
… On Jan 9, 2024, at 10:29 AM, roadmapcymbaldev-andrew ***@***.***> wrote:
Is your feature request related to a problem? Please describe.
Gmail now offers Client Side Encryption <https://support.google.com/a/answer/10741897> (CSE) functionality for S/MIME email exchanges. To configure CSE, the Workspace admin must use the Gmail API to provision "wrapped" certificates for their users (refer to documentation here <https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users>). Google currently provides a sample Python script <https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users&zippy=%2Coptional-use-googles-python-sample-script-to-upload-users-certificates-and-wrapped-private-keys-to-gmail> for administrators to make these API calls.
Describe the solution you'd like
It would be great if GAM could handle CSE Gmail provisioning by making the required Gmail (and key service) API calls. In order to accomplish this, a process needs to take an existing S/MIME certificate (P7 PEM format) for each user, make a call to the key service to "wrap" the certificate, and then make at least two Gmail API calls (one to create the keypair, one to enable it).
Describe alternatives you've considered
Some of the key services may provide their own way to populate S/MIME certs for CSE.
Additional context
users.settings.cse.keypairs <https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.keypairs>
users.settings.cse.identities <https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.identities>
—
Reply to this email directly, view it on GitHub <#1672>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACCTYL7PCJ24HMTCZXBZ6TTYNWECDAVCNFSM6AAAAABBTRTRROVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3TEOJTGMYDMMY>.
You are receiving this because you are subscribed to this thread.
|
|
Sorry I missed this response until now. I will send an invite over.
On Thu, Jan 18, 2024 at 7:56 AM Ross Scroggs ***@***.***>
wrote:
… I'm in California (PST) and am generally available starting at 7:30AM.
Send me a Meet/Zoom invitation and we can discuss you request.
Ross
----
Ross Scroggs
***@***.***
> On Jan 9, 2024, at 10:29 AM, roadmapcymbaldev-andrew ***@***.***> wrote:
>
>
> Is your feature request related to a problem? Please describe.
> Gmail now offers Client Side Encryption <
https://support.google.com/a/answer/10741897> (CSE) functionality for
S/MIME email exchanges. To configure CSE, the Workspace admin must use the
Gmail API to provision "wrapped" certificates for their users (refer to
documentation here <
https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users>).
Google currently provides a sample Python script <
https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users&zippy=%2Coptional-use-googles-python-sample-script-to-upload-users-certificates-and-wrapped-private-keys-to-gmail>
for administrators to make these API calls.
>
> Describe the solution you'd like
> It would be great if GAM could handle CSE Gmail provisioning by making
the required Gmail (and key service) API calls. In order to accomplish
this, a process needs to take an existing S/MIME certificate (P7 PEM
format) for each user, make a call to the key service to "wrap" the
certificate, and then make at least two Gmail API calls (one to create the
keypair, one to enable it).
>
> Describe alternatives you've considered
> Some of the key services may provide their own way to populate S/MIME
certs for CSE.
>
> Additional context
> users.settings.cse.keypairs <
https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.keypairs>
> users.settings.cse.identities <
https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.identities>
> —
> Reply to this email directly, view it on GitHub <
#1672>, or unsubscribe <
https://github.com/notifications/unsubscribe-auth/ACCTYL7PCJ24HMTCZXBZ6TTYNWECDAVCNFSM6AAAAABBTRTRROVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3TEOJTGMYDMMY>.
> You are receiving this because you are subscribed to this thread.
>
—
Reply to this email directly, view it on GitHub
<#1672 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/A7SF4B2TYR7KS7KVXTZ5CM3YPFAZ7AVCNFSM6AAAAABBTRTRROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJYG42TKMRSGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Gmail now offers Client Side Encryption (CSE) functionality for S/MIME email exchanges. To configure CSE, the Workspace admin must use the Gmail API to provision "wrapped" certificates for their users (refer to documentation here). Google currently provides a sample Python script for administrators to make these API calls.
Describe the solution you'd like
It would be great if GAM could handle CSE Gmail provisioning by making the required Gmail (and key service) API calls. In order to accomplish this, a process needs to take an existing S/MIME certificate (P7 PEM format) for each user, make a call to the key service to "wrap" the certificate, and then make at least two Gmail API calls (one to create the keypair, one to enable it).
Describe alternatives you've considered
Some of the key services may provide their own way to populate S/MIME certs for CSE.
Additional context
users.settings.cse.keypairs
users.settings.cse.identities
The text was updated successfully, but these errors were encountered: