GnuPG and PGP use dual-key cryptography. You have two keys: a public key, and a private key. There is a private key stored on your computer. There is a public key which you can send along to anyone else. (Each key is basically a long prime number expressed as a hexadecimal and used to generate a text keystream.)

When a message is encrypted to your public key, you can decrypt it if you have access to GnuPG, your private key, and the password which protects access to your private key. Messages encrypted to your public key cannot be decrypted by anyone else unless they have access to your private key and password.

When you want to send a message to someone else, you need their public key. You can then send the encrypted message by e-mail or as an attachment. (You could even place the message on a web page and send the URL.)

There is another use for your private key and password. You can use it to sign a message. To verify the signature, anyone with your public key can validate that the signature was made with your private key and password.

So, briefly, your public key is used to encrypt messages to you. Your private key is used to decrypt messages and sign them. Your public key is also useful to validate your signature on messages.

If you are a Mac user, you will find some excellent documentation on the use of GnuPG on a Mac here.

If you are a Windows user, read our free tutorial on How to Start Using PGP/GPG to Encrypt Your Email.