Why would you use something like PGP if you have to send your encryption key unencrypted to the party you are sending to? And if you leave this key out on something like Twitter for example, couldn’t law enforcement or a third party if they gained access to the other persons email still read the contents of the encrypted email by using this key? Doesn’t this defeate the purpose of using encryption?
In: Technology
This is a key difference between *symmetric encryption* amd *asymmetric encryption*. Symmetric encryption works like you say; there is one key used for both encryption and decryption. If someone has the key, they can encrypt new messages or decrypt old ones at will.
Asymmetric encryption works differently. There are two keys, and messages encrypted with one key can only be decrypted. If I have an encrypted message and the key that was used to enceypt it, I can’t do very much.
Public-key encryption is a kind of asymmetric encryption where you take one of these keys and call it “public”, amd call the other one “private”. Usually it doesn’t matter which key is public, as long as you are consistent about it, so key-generating software will just pick one and label it “public” for convenience. You take your public key and share it around as widely as possible, but you keep the private key a secret. This lets you do a couple of neat things.
Let’s say that you encrypt a message with your secret key. Anyone who has your public key can decrypt the message. As you point out, this is not very useful for secrecy, because anyone with your public key can decrypt it. But it’s actually useful for something else: the fact that your public key worked to decrypt the message proves that you, and only you, could have encrypted it (because only you have that key). This is called *signing* a message, and it lies at the heart of many authentication systems today.
But again, that is not very useful for secrecy. So how *do* we send a secret message with pubkic-key cryptography? The answer is that we don’t use our private key: we use *the other person’s* public key. That way, only their private key can decrypt the message. Since only they have that key, this provides secrecy. This is also why you have to share your public key: other people need it in order to send secret messages to you.
Latest Answers