It’s not that simple. The user has to hold the key. And with cloud you want it to all be accessible from all of a users devices. And with a public service you can’t count on the user to be savvy enough to use their certificates.
Of course the fix to that is that the key is stored in the account.
But then Google has the key and can decrypt it.
So then the key itself has to be encrypted. And with what? The users weak ass-password?
All encryption has to begin with something that’s known, and the weaker that initial secret, the weaker the entire system below it.
It’s not that simple. The user has to hold the key. And with cloud you want it to all be accessible from all of a users devices. And with a public service you can’t count on the user to be savvy enough to use their certificates.
Of course the fix to that is that the key is stored in the account.
But then Google has the key and can decrypt it.
So then the key itself has to be encrypted. And with what? The users weak ass-password?
All encryption has to begin with something that’s known, and the weaker that initial secret, the weaker the entire system below it.