simply put: You keep secret the private, give away the public. People sending you stuff use your public to ENcrypt, only you (with the private key) can DEcrypt, thus it's readable only to you. You send out ENcrypted with private key, anyone can DEcrypt it using your public key, thus it's _signed_ by you. In order to have a secure conversation, you both need a set of keys. You swap public keys, and always encrypt using the other person's key. If you want the other person to be sure it is you, you also _sign_ it using your private key. Thus they have to decrypt twice (not really, since signing is often more of a hash thing). Let's plan a keysigning party for Mid-October. Hey we can do it at the Wild Duck, get other people involved, and publicize it. I'll work on that. The more people who sign, even if not everyone signs everyone else's key, the better. It's a web of trust metric. Then we upload stuff to the main keyservers, and we end up with well trusted keys. > Could someone refresh me how public/private keys work again? I always > forget the details and wonder how it goes. > > At work with e-commerce sites, we encrypt a message with the clients > public key, output the file as armored ASCII, and send it in the > email. But what's the deal with the private key and sharing your > public key? Do they need both to decrypt it? Just the private?
