We use open standards
Hushmail uses industry standard algorithms as specified by the Open PGP Standard (RFC 2440) to ensure the security, privacy and authenticity of your email. We also protect all webmail traffic with HTTPS.
With Hushmail, all you need to remember is your passphrase. Hushmail takes care of everything else in the background. This seamless and transparent encryption process makes Hushmail one of the most user-friendly secure email solutions available.
The Hush Encryption Engine is the component that handles public and private key exchange for Hushmail. When you encrypt or decrypt a message, or create or verify a digital signature, the Hush Encryption Engine communicates with our key server to request any needed public or private keys. Hushmail then uses the encryption keys to perform the encryption operations.
It’s that simple! Only Hushmail provides such a high level of security combined with total ease of use. Here’s how it works:
2,048 bits of random numbers are converted into a pair of keys — one private key and one public key. (What the public key locks, the private key unlocks, and vice-versa.) Every Hush user will have his or her unique pair of encryption keys. The user’s passphrase encrypts and decrypts the user’s private key. Without the passphrase, there is no way to access the private key.
The passphrase, combined with the AES algorithm, symmetrically encrypts the private key. A one-time message key, unique to each email that is sent, is used to encrypt and decrypt the email message itself.
The message key, which is a component of the AES algorithm, encrypts the email. The recipient’s public key is used to encrypt the message key.
The message key is asymmetrically encrypted using the recipient’s public key. Both the encrypted email and the encrypted message key are combined and sent to the recipient.
- The email may only be decrypted by using the one-time message key.
- The message key can only be decrypted by using the recipient’s private key.
- The recipient’s private key can only be decrypted by entering the recipient’s personal passphrase.
The encrypted email and the encrypted message key are sent to the recipient. So, not only is the email securely coded before it is ever stored on a server, but the key to decode the email is also encoded. Further, the private key needed to decrypt this key is also encrypted. Only the recipient can retrieve their private key by entering their secret personal passphrase.