Client-side encryption

Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service. Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy.

Applications utilizing client-side encryption are sometimes marketed under the misleading or incorrect term "zero-knowledge", but this is a misnomer, as the term zero-knowledge describes something entirely different in the context of cryptography.

Details
Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client-side of the exchange. By remaining encrypted through each intermediary server, client-side encryption ensures that data retains privacy from the origin to the destination server. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.

Current recommendations by industry professionals as well as academic scholars offer great vocal support for developers to include client-side encryption to protect the confidentiality and integrity of information.

Examples of services that use client-side encryption by default

 * Tresorit
 * MEGA
 * Cryptee
 * Cryptomator

Examples of services that optionally support client-side encryption

 * Apple iCloud offers optional client-side encryption when "Advanced Data Protection for iCloud" is enabled.
 * Google Drive, Google Docs , Google Meet , Google Calendar , and Gmail — However, as of Jul 2024, optional client-side encryption features are only available to paid users.

Examples of services that do not support client-side encryption

 * Dropbox

Examples of client-side encrypted services that no longer exist

 * SpiderOak Backup