How does Google’s "on-device encryption" work?
I use Google to store some of my passwords and I noticed a "On-Device encryption" option in Google Chrome settings, that I had disabled. From what I understood, by allowing this, the password would first be encrypted on my devices and only the encrypted string would then be stored on Google servers. So I have turned that on, confirmed it in my mobile phone (Android), set it to use lock screen as a key and everything came through sucessfully - it's (supposedly) now enabled.
But I am not really sure, how and whether does it work. It didn't give me any kind of "master key". When I am using password autofill function of Google Chrome browser on PC or mobile phone, it still does not ask me for anything.
Also, the Google Chrome on PC still warns me about "compromised passwords", so the Google still has to see the raw unencrypted passwords (unless there is some offline DB of compromised passwords in Google Chrome)
According to https://support.google.com/accounts/answer/11350823?visit_id=638154166731283006-3135705296&p=settings_password_ode&rd=1 , there should be some kind of "master key":
Just remember that if you lose the key to your data, you could lose your passwords and passkeys too.
But what key are they referring to? Where can I find the key?
On mobile phone, the key gets probably applied by unlocking the phone with pattern or fingerprint. But what about PC? How does it decrypt the passwords?