Why would you use something like PGP if you have to send your encryption key unencrypted to the party you are sending to? And if you leave this key out on something like Twitter for example, couldn’t law enforcement or a third party if they gained access to the other persons email still read the contents of the encrypted email by using this key? Doesn’t this defeate the purpose of using encryption?
In: Technology
Asymmetric encryption involves creating a pair of keys. Anything encrypted by one key can only be decrypted by the paired key. The same key cannot be used to decrypt anything that it encrypts. In order to exchange encrypted data, we dub one key the “public key” and the other the “private key”
So, to have an encrypted email exchange, you give your public key to whoever you want to email you. In turn, they send you their public key. Any email that they encrypt with it can only be decrypted by you because only you have the private key. It doesn’t matter if anyone else has the same public key. Conversely, when you email them, you use their public key, and only they will be able to decrypt it.
It should be noted that you should not be using your private key to send encrypted data you intend for only the recipient to read, since anyone with your public key could read it. You can use your private key to verify you are the one sending it. This happens by first encrypting the data using your recipient’s public key to encrypt the email you are sending. You then encrypt that with your private key. Your recipient will then decrypt with your public key. Since the public key can only decrypt what has been encrypted with the private key, they know it comes from you. They will then decrypt what was decrypted with your public key with their private key so they can read the email.
Latest Answers