Open roadmapcymbaldev-andrew opened 8 months ago
I'm in California (PST) and am generally available starting at 7:30AM. Send me a Meet/Zoom invitation and we can discuss you request.
Ross Scroggs @.***
On Jan 9, 2024, at 10:29 AM, roadmapcymbaldev-andrew @.***> wrote:
Is your feature request related to a problem? Please describe. Gmail now offers Client Side Encryption https://support.google.com/a/answer/10741897 (CSE) functionality for S/MIME email exchanges. To configure CSE, the Workspace admin must use the Gmail API to provision "wrapped" certificates for their users (refer to documentation here https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users). Google currently provides a sample Python script https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users&zippy=%2Coptional-use-googles-python-sample-script-to-upload-users-certificates-and-wrapped-private-keys-to-gmail for administrators to make these API calls.
Describe the solution you'd like It would be great if GAM could handle CSE Gmail provisioning by making the required Gmail (and key service) API calls. In order to accomplish this, a process needs to take an existing S/MIME certificate (P7 PEM format) for each user, make a call to the key service to "wrap" the certificate, and then make at least two Gmail API calls (one to create the keypair, one to enable it).
Describe alternatives you've considered Some of the key services may provide their own way to populate S/MIME certs for CSE.
Additional context users.settings.cse.keypairs https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.keypairs users.settings.cse.identities https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.identities — Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1672, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL7PCJ24HMTCZXBZ6TTYNWECDAVCNFSM6AAAAABBTRTRROVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3TEOJTGMYDMMY. You are receiving this because you are subscribed to this thread.
Sorry I missed this response until now. I will send an invite over.
On Thu, Jan 18, 2024 at 7:56 AM Ross Scroggs @.***> wrote:
I'm in California (PST) and am generally available starting at 7:30AM. Send me a Meet/Zoom invitation and we can discuss you request.
Ross
Ross Scroggs @.***
On Jan 9, 2024, at 10:29 AM, roadmapcymbaldev-andrew @.***> wrote:
Is your feature request related to a problem? Please describe. Gmail now offers Client Side Encryption < https://support.google.com/a/answer/10741897> (CSE) functionality for S/MIME email exchanges. To configure CSE, the Workspace admin must use the Gmail API to provision "wrapped" certificates for their users (refer to documentation here < https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users>). Google currently provides a sample Python script < https://support.google.com/a/answer/13069736?fl=1&sjid=15177673855952669729-NC#setup_users&zippy=%2Coptional-use-googles-python-sample-script-to-upload-users-certificates-and-wrapped-private-keys-to-gmail> for administrators to make these API calls.
Describe the solution you'd like It would be great if GAM could handle CSE Gmail provisioning by making the required Gmail (and key service) API calls. In order to accomplish this, a process needs to take an existing S/MIME certificate (P7 PEM format) for each user, make a call to the key service to "wrap" the certificate, and then make at least two Gmail API calls (one to create the keypair, one to enable it).
Describe alternatives you've considered Some of the key services may provide their own way to populate S/MIME certs for CSE.
Additional context users.settings.cse.keypairs < https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.keypairs>
users.settings.cse.identities < https://developers.google.com/gmail/api/reference/rest/v1/users.settings.cse.identities>
— Reply to this email directly, view it on GitHub < https://github.com/GAM-team/GAM/issues/1672>, or unsubscribe < https://github.com/notifications/unsubscribe-auth/ACCTYL7PCJ24HMTCZXBZ6TTYNWECDAVCNFSM6AAAAABBTRTRROVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3TEOJTGMYDMMY>.
You are receiving this because you are subscribed to this thread.
— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1672#issuecomment-1898755226, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7SF4B2TYR7KS7KVXTZ5CM3YPFAZ7AVCNFSM6AAAAABBTRTRROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJYG42TKMRSGY . You are receiving this because you authored the thread.Message ID: @.***>
Is your feature request related to a problem? Please describe. Gmail now offers Client Side Encryption (CSE) functionality for S/MIME email exchanges. To configure CSE, the Workspace admin must use the Gmail API to provision "wrapped" certificates for their users (refer to documentation here). Google currently provides a sample Python script for administrators to make these API calls.
Describe the solution you'd like It would be great if GAM could handle CSE Gmail provisioning by making the required Gmail (and key service) API calls. In order to accomplish this, a process needs to take an existing S/MIME certificate (P7 PEM format) for each user, make a call to the key service to "wrap" the certificate, and then make at least two Gmail API calls (one to create the keypair, one to enable it).
Describe alternatives you've considered Some of the key services may provide their own way to populate S/MIME certs for CSE.
Additional context users.settings.cse.keypairs users.settings.cse.identities