Wadozo is exactly right -- to be clear, when the vendor generated his public key and then put it up on his profile for customers to use, the program at the same time generated the matching private key that can decrypt messages encrypted with the public key. They're a pair of keys (that's why they're called key pairs) :)So he doesn't get any key at all. He has it already. Either that, or nobody will ever be decrypting your address, hah.