The invention relates to the technical field of information security, and in particular relates to a method for realizing a security electronic mail based on a digital envelope. According to the invention, on the basis of the digital envelope technology based on PKI symmetric and asymmetric key algorithms, mail encryption and decryption information, user key information, data recovery information, mail ciphertext and other information are assembled into the digital envelope; and thus, encryption, decryption and data recovery of the electronic mail are realized. According to the invention, a session key is encrypted by obtaining all public key certificates of each receiver from a LDAP, such that interconnection and intercommunication of multiple certificates of one person are realized; when a mail blind copying function is started, mail information can be decrypted only by the private key of a blind copying user; therefore, the identity confidentiality of the blind copying user is ensured; in an emergency case that the private key of the user is lost or damaged, mail information can be decrypted without recovering the private key of the user through a KMC; and, by means of a high-grade security protection mechanism that the encrypted private key cannot be derived and a strict service approval signature mechanism, the security of recovered information is ensured from the perspectives of technologies and management.