Secure email server S-Mail^® has been developed on the principles of public key cryptography, which uses a pair of asymmetric keys (public and private) for encryption/decryption. The public key is freely distributed to all interested parties, and can only be used to encrypt data. The private key is available to a mailbox owner only, and it is used to decrypt messages.

If anyone from the user's correspondents wants to write a secure letter to that user of our secure email server, he will encrypt the letter using the user's public key. When the email is received, the user decrypts it using the private key. No one can decrypt the message without the private key. It is not possible to ascertain the private key from the public key.

Upon registration, the S-Mail secure email server generates private and public keys for the user. The public key is stored on the S-Mail public key server and can be accessed without a password. The private key is immediately encrypted with the use of a user-selected password. The private key is then stored on a secure private key server. To access and decrypt the private key, a user's password is required. Therefore, it is only possible to get the private key if the original password is known. To secure your correspondence, the S-Mail secure email server does not store any passwords.

If a message is sent within the S-Mail secure email server, the system analyzes the "To:" field (which contains the address of the recipient), and retrieves the recipient's public key from the public key server. Having retrieved that public key, the client's application, which is activated on the sender's PC, generates the session key, known as the "K" key. The message is then encrypted using the "K" key as an encryption key. Then, the "K" key itself is encrypted with the use of the sender's public key and is attached to the body of the encrypted message. When all operations are completed, the encrypted message is sent by our secure email server to the recipient's mailbox.

To read the message, the recipient needs to sign in, using his/her user name and password. The private key server retrieves the recipient's private key which is then decrypted on the user's PC using the password. When the recipient wants to read the message, the system decrypts it by extracting the "K" key from the body of the message and decrypting it using the recipient's private key. The decrypted "K" key decrypts the body of the message which can then be read.

If an S-Mail secure email server user sends a message to a non S-Mail user, the system analyses the "To" field, and retrieves the public key from the public keys server. The message is encrypted in the usual way, but before leaving the S-Mail secure email server it gets decrypted through use of the system private key. The message is sent unencrypted.

If the sender of an email message is not an S-Mail user, the secure email server requests the recipient's public key. When the public key is accessed, the system generates the random session "K" key. After that the message is encrypted by the "K" key, the "K" key is encrypted by the public key of the recipient, and then added to the body of the letter. Finally, the whole encrypted message is transmitted to the recipient's box.