Why would you use something like PGP if you have to send your encryption key unencrypted to the party you are sending to? And if you leave this key out on something like Twitter for example, couldn’t law enforcement or a third party if they gained access to the other persons email still read the contents of the encrypted email by using this key? Doesn’t this defeate the purpose of using encryption?
In: Technology
The public key is like a lock. Imagine you have a bunch of them.
You want to send a small box to someone and don‘t want other people to open it. You lock it with one of the locks (equal to encrypt it with the public key). Now only the owner who has the key to said lock can open the box again (that would be the private key that isnt shared). Even you yourself who locked the box cant unlock it again and so cant anybody else. By itself the lock is worthless and you could give some of the locks to random strangers, but all they could do is lock some boxes.
The owner of the private key gets the box and can unlock it. He can see the content of the box that you locked. Now he wants to send you something back.
As it happens he also has a bunch of locks paying around. And only you have the key for it. So now he can put something in the box, lock it (equal again to encrypt it with a public key) and send it over to you. If it gets intercepted nobody can open it, only you who has the key to the lock can open it (using your private key to decrypt).
This way you both can communicate encrypted and even if a public key gets shared, its worthless. Infact its used so multiple people can send you encrypted messages and all you have to do is give out one and the same public key (equal to you sending out multiple locks to different people, all locks can be opened by the same key)
Giving your public key to everybody is like sending people a padlock (public key) only you have the key of, and you keep the key (your private key). Everybody can lock (encrypt) a box (message), but once they’ve done, you’re the only one who can open (decrypt) it. Whenever you think about public key/private key, think of padlock/opening key, rather than two distinct keys.
Because anything encrypted with a public key can only be decrypted with the private key.
So if you send me a message encrypted with my public key, only I can read it. When I respond to you, I use your public key to encrypt it and only you can decrypt it with your private key.
So on what scenario can anyone else ever read my mail if I’m the only one with the private key?
Latest Answers