The basis for encryption is to turn otherwise readable text into something that cannot be normally read, and therefore understood (without possessing the necessary tools to decode the message). By making the text unintelligible, encryption discourages anyone from reading or copying the payload while the message transfer is in-process.  Encryption adds confidentiality to the data content of the message and is based on two components: an algorithm and a key. An algorithm is a mathematical transformation that takes plain-text or other decipherable information and changes it into unintelligible cipher text. The process of reverting the encrypted data back to its original form is called decryption.  In order to encrypt the plain text, a key is used as input in conjunction with an encryption algorithm. An algorithm can use any one of a large number of possible keys. The number of possible keys each algorithm can support depends on the number of bits in the key. For instance, if the key length is 40, then 2 to the n, where n is the number of bits in the key, results in 1,000,000,000,000 possible key combinations, with each different key causing the algorithm to produce slightly different cipher output.

Sufficient key lengths must be chosen with regard to the value of the message content so that brute-force attacks are not worth the time or effort compared to the value of the data being sent.  Like all algorithms that use 40-bit keys, the RC2/40 algorithm is considered to be weak encryption by most cryptographers. Using weak cryptography offers little actual security over sending plain text and is never recommended unless the only alternative is no cryptography. When feasible, it is suggested that the strongest cryptographic method supported be used (e.g., TripleDES for S/MIME v2 or AES-128, AES-192 or AES-256 for S/MIME v3, XML encryption, and OpenPGP).

Since public-key encryption algorithms (e.g., RSA encryption) are mathematically complex and are therefore considered slow, they are generally not used to directly encrypt the data content. The actual method used is to create a symmetric key that is used to encrypt the data, and the symmetric key is then encrypted using the recipient's public-key. The encrypted data and symmetric key is then sent to the recipient. The recipient of the encrypted message then decrypts the symmetric key using his private key. After recovering the symmetric key, the recipient then decrypts the actual content payload.

A symmetric key can be randomly generated for each data transaction between trading partners. Symmetric keys generated on a per transaction basis are sometimes referred to as "session keys". Since a unique symmetric key is generated for each data transaction, and then discarded, symmetric key maintenance is not required. Each symmetric or "session" key is used only one time.