Why would you use something like PGP if you have to send your encryption key unencrypted to the party you are sending to? And if you leave this key out on something like Twitter for example, couldn’t law enforcement or a third party if they gained access to the other persons email still read the contents of the encrypted email by using this key? Doesn’t this defeate the purpose of using encryption?
In: Technology
The public key / private key paradigm doesn’t exactly work like this, but this analogy helps you understand it pretty well:
You want to send something to someone securely, but you don’t entirely trust them. So you send them the thing in a lock box that has space for two padlocks. When you send it to them, you lock it with your padlock in one of the places that a lock can be secured. You keep your key, and then you send it to them. When they receive the box, they then lock it with their padlock, in the other space. They keep their own key. then, they send the box back to you.
When you receive the box, you unlock and remove your padlock. the box is still secured with their padlock, which you don’t have the key for. You send the box back to them.
Finally, they unlock their own padlock, and they can open the box. They are able to access the secure contents of the box. you didn’t need to give them your key, and they didn’t need to give you theirs.
Latest Answers