Upon installation the program will create a secure key combination, a private key that remains on the user's computer, and a public key that is submitted to Encrypted::Mail's server. When a user attempts to send an email, Encrypted::Mail will automatically detect the presence of a stored public key on its server for the recipient of the message. If the recipient is already a user, Encrpyted::Mail will return the public key, and then encrypt the message header with the recipient's public key, ensuring that only that recipient is able to decode the message. Encrypted::Mail will sign the message with the sender's private key. The recipient's copy of the program will verify the signature with the sender's public key, using this key to encrypt the message. This process ensures the sender that only the recipient can decode the message, and verifies the sender's identity to the recipient.

If the sender enters a pass phrase, it will be added into the key and will be required for the recipient to decode the message. The pass phrase feature is required if the recipient does not use Encrypted::Mail.

The message body is encrypted using 512-bit asymmetric encryption. For message headers, public key encryption is used in addition to a custom key for the symmetric encryption. Information from the keys above is combined with the pass phrase key when a pass phrase is supplied.

SSL Encryption (used by Internet Explorer) uses 128-bit encryption keys, while government-standard encryption methods utilize 256-AES. The number of bits in a key indicate the “length” of the key. Longer keys (higher bit numbers) are more difficult to break than shorter keys. Encrypted::Mail uses 512-bit asymmetric encryption for the message body. Public key encryption and a custom key for the symmetric encryption are used in message headers. When utilized, the pass phrase feature provides an additional encryption key.