Quote from: diggingit on May 06, 2013, 09:13 pmI have posted my public key and would appreciate it if someone sends me a message. Also, I see people post their keys on here and I'm able to copy those into my pgp program but I also see people post encrypted messages. Not sure how to decrypt those? I suppose I need the public key for that particular person??No. PGP keys are actually two keys. 1 is called the public key, the other is called the private or secret key.You can encrypt with the public key only.You can decrypt with the private key only. (not quite true, but it is for our purposes here right now)So if you don't have the other person's private key, you cannot decrypt a message which is encrypted with that same person's public key.Here is an analogy that may help clear your thinking about it, the other people too:-- On conceptualizing Public Key Cryptography --I will explain PGP encryption with a metaphorical riddle called "The Corrupt Russian Postal System".I find that this helps me to conceptualize issues with PGP.The Russian postal system is corrupt (definitely also in real life...), the rules are that any packagethat can be opened, is opened and the contents removed. Any letters are thrown away.Only locked strongboxes get through the postal system without being compromised.Our friend, Boris shall we say, is deeply in love with his girlfriend Natasha. So, Boris purchasesNatasha a diamond ring he knows she will love!However, we have a problem, because Boris lives in Moscow and Natasha lives in Vladivostok.Boris must use the Russian postal system!Although Boris can send Natasha a locked strongbox made of the best steel, it is worthless to do so if she cannot open the box herself. And if he sends the box open, or in something less secure than a locked steel box, it is going to be broken into! Quite a bind!So... what to do?Well, the steel strongbox has a metal hasp to each any number of padlocks may be attached.Boris puts the diamond ring (our message!) into the strongbox and attaches his padlock to the hasp of the strongbox.This padlock represents a PGP key.He sends the locked box to Natasha. Poor Natasha cannot of course open the box. However, she andBoris have discussed the issue over the telephone and she knows what to do.Natasha attaches her own padlock (her PGP key) to the metal hasp of the still locked strongbox and returns it through the Russian Postal System to Boris. Again, the padlock represents a PGP key.Finally, Boris receives the strongbox and he takes *off* his padlock. This represents Boris's key beingdecrypted. Now you see the shape of it. Boris sends back the box to Natasha, who can then remove her own padlock and rescue the diamond ring from the box! The Russian Postal System lies defeated by human ingenuity.Breakdown:The diamond ring is the message to be encrypted.The padlocks represent full PGP keys, both private and public keys of Boris/Natasha.The principal at work is that Boris does not *need* to have the real metal key of Natasha.Similarly, Natasha does not *need* to know/have Boris's real metal key. (the private key part)The knowledge that the padlocks are actually on the box, this is the public key part of the metaphor.We need to know the public key of each other to communicate successfully. Two public keys are necessaryfor two way encrypted communications.We do not, under ANY circumstances need to know each other's private keys.The Russian Postal System can examine our public keys for 1000 years or more, but they will neverbe able to obtain Boris nor Natasha's private keys to open the box.Similarly, the FBI and DEA can collect our PGP keys as much as they like, without knowing our privatekeys they lose the vast majority of their possible surveillance powers. That's why we are happy to postour public keys on SR. Anybody can use them to communicate to us (be warned!).This is the reason why Roberts stipulates that PGP encryption is not done on SR's servers, but on ourown machines. It is the correct choice. But we MUST use PGP encryption to complete our side of the deal with SR.