Below are a few tips to keep in mind when using PGP certificates to encrypt and decrypt data exchanged with external parties.
- In key-based encryption, each party involved has both a private and public key.
- You share your public key with other parties but not your private key. You never use your public key yourself, it’s for other parties.
- You always DEcrypt data with YOUR PRIVATE key.
- You always ENcrypt data with the other party’s PUBLIC key.
- You give the other party YOUR PUBLIC key so they can encrypt data that only you can decrypt.
- A signature (like a signature on a handwritten document) is a means for the recipient to verify the authenticity of the sender. So when another party signs and sends you a message, you use their key (i.e. the PUBLIC key they shared with you) to verify their signature. When you send a message to someone else, you will sign it with YOUR key (i.e. your PRIVATE key). When they receive it, they will verify that signature against your public key that you shared with them.
Additional reading: http://www.pgpi.org/doc/pgpintro/
14 people found this helpful