Honest, there really is one time they need the public key. I'm not making it up -- I went to exchange messages with a vendor who didn't have my public key, and he wasn't able to decrypt my message because I signed it at the same time I encrypted it. I almost got the idea in my head it wasn't really the vendor anymore before I figured out the error.I suppose nobody bothers signing their messages though.