The invention relates to the technical field of
information security, and in particular relates to a method for realizing a security
electronic mail based on a digital envelope. According to the invention, on the basis of the digital envelope technology based on PKI symmetric and asymmetric key algorithms, mail
encryption and decryption information, user key information,
data recovery information, mail
ciphertext and other information are assembled into the digital envelope; and thus,
encryption, decryption and
data recovery of the
electronic mail are realized. According to the invention, a
session key is encrypted by obtaining all public key certificates of each
receiver from a LDAP, such that
interconnection and intercommunication of multiple certificates of one person are realized; when a mail blind
copying function is started, mail information can be decrypted only by the private key of a blind
copying user; therefore, the identity
confidentiality of the blind
copying user is ensured; in an emergency case that the private key of the user is lost or damaged, mail information can be decrypted without recovering the private key of the user through a KMC; and, by means of a high-grade security
protection mechanism that the encrypted private key cannot be derived and a strict service approval signature mechanism, the security of recovered information is ensured from the perspectives of technologies and management.