At the first start the portal server generates a random value of 32 bytes length using a pseudo random number generator based on the Micali-Schnorr-algorithm.
This value together with a fixed string is the input for a SHA-256-hash value calculation. The result is used as AES key. All documents loaded into the portal by the user as well as the content of the messages are encrypted upon reception with this key in cipher block chaining mode (CBC). Each CBC stream starts with an initialization vector generated by the above mentioned random generator.
During the communication between browser and portal all of the data is completely secured by TLS-encryption using an RSA cipher suite in combination with AES or 3DES. Documents and messages are never stored or transmitted in plain text.