Regular Email and Privacy
When you send an email, its contents are open for anybody to read. Email like sending a postcard: everybody who gets it in their hands can read it.
To keep data sent via email private, you need to encrypt it. Only the intended recipient will be able to decipher the message while anybody else sees but gibberish.
A Tale of Two Keys
Public key encryption is a special case of encryption. It operates using a combination of two keys:
- a private key and
- a public key,
which together form a pair of keys.
The private key is kept secret on your computer since it is used for decryption.
The public key, which is used for encryption, is given to anybody who wants to send encrypted mail to you.
Sending Public-Key Encrypted Mail
The sender's encryption program uses your public key in combination with the sender's private key to encipher the message.
Receiving Public-Key Encrypted Mail
When you receive the encrypted message, you need to decipher it.
Decryption of a message enciphered with a public key can only be done with the matching private key. This is why the two keys form a pair, and it is also why it is so important to keep the private key safe and to make sure it never gets into the wrong hands (or in any hands other than yours).
Why the Integrity of the Public Key is Essential
Another crucial point with public key encryption is the distribution of the public key.
Public key encryption is only safe and secure if the sender of an enciphered message can be sure that the public key used for encryption belongs to the recipient.
A third party can produce a public key with the recipient's name and give it to the sender, who uses the key to send important information in encrypted form. The enciphered message is intercepted by the third party, and since it was produced using their public key they have no problem deciphering it with their private key.
This is why it is mandatory that a public key is either given to you personally or authorized by a certificate authority.