At a high level, DecryptNaBox is a Client/Server platform where both the Client and Server consist of multiple services and adapters. KeyDecrypt role extends associated Certificate Authorities with Message Session Key Decryption (MSKDS) capabilities. In addition, KeyDecrypt includes the use of a Hardware Security Module (HSM) to ensure secure key handling and compliance with FIPS 140 Level 2 and Level 3 requirements.
Public key encryption uses the message session key to encrypt message content. The message session key is then encrypted with the associated certificate and added to the message header. DataDecrypt client role uses the decrypted message session key provided by the DecryptNaBox MSKDS to decrypt associated encrypted email content, as well as allows for the system to alter the message header to enable other capabilities.
Click on image to enlarge