Hush uses industry standard algorithms as specified by the Open PGP standard (RFC 2440) to ensure the security, privacy and authenticity of your email. With Hushmail, users need only create and remember their own passphrases, and the secure Hushmail server does the rest. Encryption and decryption are transparent to the user, making Hushmail the most user-friendly secure mail solution available. Through the Hush Encryption Engine™, the Hush key servers take care of Public/Private key exchange in a completely seamless fashion. When a user wishes to encrypt/decrypt data or verify/sign a signature, a connection is automatically made to a Hush Key Server to retrieve the necessary Public/Private Key. It's that simple! Only Hush's solution provides such a high level of security combined with total ease of use. The descriptions below will give you an overview of how the Hush system secures email.

2,048 bits of random numbers are converted into a pair of keys -- one private key and one public key. (What the public key locks, the private key unlocks, and vice-versa.) Every Hush user will have his or her unique pair of encryption keys. The user's passphrase encrypts and decrypts the user's private key. Without the passphrase, there is no way to access the private key.

The passphrase, combined with the AES algorithm, symmetrically encrypts the private key. A one-time message key, unique to each email that is sent, is used to encrypt and decrypt the email message itself.

The message key, which is a component of the AES algorithm, encrypts the email. The recipient's public key is used to encrypt the message key.

The message key is asymmetrically encrypted using the recipient's public key. Both the encrypted email and the encrypted message key are combined and sent to the recipient.

• The email may only be decrypted by using the one-time message key.
• The message key can only be decrypted by using the recipient's private key.
• The recipient's private key can only be decrypted by entering the recipient's personal passphrase.

The encrypted email and the encrypted message key are sent to the recipient. So, not only is the email securely coded before it is ever stored on a server, but the key to decode the email is also encoded. Further, the private key needed to decrypt this key is also encrypted. Only the recipient can retrieve their private key by entering their secret personal passphrase.

To sign up for a Hushmail free email account, click here.

If you would like a more detailed technical description of how Hushmail works please see our documentation page.