- Public key cryptography
Co-MailTM has been developed on the principles of public key cryptography. A user must have a key, which consists of two parts - public and private. The private key is kept with the user, and the public key is distributed between the user's correspondents. If anyone from the user's correspondents wants to write a secure letter to that user, he will encrypt the letter using the user's public key. When the email is received, the user decrypts it using the private key. No one can decrypt the message without the private key. It is not possible to retrieve the private key on the basis of the public key.
- Public and private keys generation process
Upon registration, the Co-Mail system generates a key for the user, which consists of two parts - private and public. The public key is stored on the Co-Mail public keys server and can be accessed without a password. The private key is immediately encrypted with the use of the user-selected password as a key to encrypt. Then the private key is stored on a special private keys server.
To retrieve the private key a user`s password needs to be entered. This accesses and decrypts the private key. Therefore, it is only possible to get the private key if the original password is known. The Co-Mail system does not store any passwords. So, if a password is lost or forgotten, there is no way to retrieve it.
- Delivering an encrypted message
If a message is sent within Co-Mail, the system analyses the "to:" field (which contains the address of a recipient), and retrieves the recipient's public key from the public keys server. Having retrieved that public key, the client's application, which is activated on the sender's PC, generates the session key - "K". The message is then encrypted using the "K" key as an encryption key. Then the "K" key itself is encrypted with the use of the sender's public key and is attached to the body of the encrypted message. When all operations are completed, the encrypted message is sent to the recipient's mailbox.
- Decryption process
To read the message, the recipient needs to sign in, which means entering his user name and password. The private keys server retrieves the recipient's private key, resulting in the decryption of the retrieved private key by using the password. When the recipient wants to read the message the system decrypts it. For that purpose it extracts the "K" key from the body of the message and decrypts it using the client's private key. The decrypted "K" key decrypts the body of the message which can be read.
- Emails delivered to non Co-Mail users
If a Co-Mail user sends a message to a non Co-Mail user, the system analyses the "To" field, and retrieves the public key from the public keys server. The message is encrypted in the usual way, but before leaving Co-Mail it gets decrypted through use of the private key.
- Emails coming from non Co-Mail users
If the sender of an email message is not a Co-Mail user, the server requests the recipient`s public key. When the public key is accessed, the system generates the random session "K" key. After that the message is encrypted by the "K" key, and then the "K" key is encrypted by the public key of the recipient, and is added to the body of the letter. The whole encrypted message is transmitted to the recipient's box.
