The session key is encrypted with your public key. To decrypt it, the password itself is not sufficient – you need the private key (which in turn is encrypted with your current AxCrypt ID password). But you still need that private key. The password alone is not enough.
The reason for adding the encryption of the session key with your password is to ensure that even if you lose your private key for whatever reason, the file will still be decryptable as long as you know the original password thus keeping the original paradigm. If you know the password and have the software you can decrypt.
If we did not, you’ll need the third piece, the private key which is *not* stored in the file.
We try to keep so that the public-key based part of AxCrypt is for sharing and for convenience – but in the end the password is all that’s required.