Why use encryption for emails if you have to share the public key?

1.01K viewsOtherTechnology

Why would you use something like PGP if you have to send your encryption key unencrypted to the party you are sending to? And if you leave this key out on something like Twitter for example, couldn’t law enforcement or a third party if they gained access to the other persons email still read the contents of the encrypted email by using this key? Doesn’t this defeate the purpose of using encryption?

In: Technology

33 Answers

Anonymous 0 Comments

If you encrypt your message using your private key, anyone who knows your public key can decrypt and read your message. That means anyone can read your message – your message is not secret.

If you encrypt your message using another person’s public key, only those who know their private key can decrypt and read it. Presuming the other person has successfully kept control of their private key, then only the intended recipient can read your message – your message is secret.

When would you want to encrypt your message using your private key? When you need to prove the message was really sent by you. Suppose the encrypted message can be decrypted into a coherent plain text using your public key. In that case, the text must have been encrypted using the matching private key, which – presumably – only you know and control.

You would encrypt with both your private key and recipient’s public key in order to ensure that only the intended recepient can read the message and to prove to the recipient that it was you who originated the message, and not an imposter.

For using your private key as proof that the message was sent by you to function legally, there has to be an institution of mutual trust and a mechanism to keep the private key secret. The role of the institution of mutual trust is to keep a dictionary of people and their public keys, not unlike a public telephone book. A mechanism to keep the private key secret is usually a device designed and manufactured to a standard (i.e. a “qualified” device) that safely stores a private key and offers encryption service using that stored private key. An example of such a device is a smart card. If the two criteria are met, then you have what is called an undeniable qualified electronic signature.

Institution of mutual trust can be established by law or by a contract between two parties wishing to use digital signatures.

You are viewing 1 out of 33 answers, click here to view all answers.