I have a requirement to encrypt a file, get it to an external partner who will then decrypt the file using a key.
My "basic" understanding is that I can generate the public and private keys, encode the file using the public key and our partner can decrypt using the private key we give them. But this sounds a bit strange to me that we would be sharing the private key. There is just one trusted partner.
Am I missing something?
Best Answer
You share your public key only and this is what they encrypt data with before they send it to you. You can also encrypt data for them with their public key before you send it to them.
The public key is just that [public] so anyone can safely have it to encrypt files but never the private as it always stays private with the person that needs to decrypt the files.
Typically you will configure your PGP software and generate a key pair. Essentially you will have a private key and a public key and this is the key pair.
You should keep the private key in a secure place with limited access, and you can share the public key with other entities that have PGP encryption/decryption functionality on their end that you wish to exchange files with this technology.
PGP File-Level Encryption Simple Analogy
It's like you give them the lock to lock the file (your public key) but only you have the key to unlock it (your private key).
Examples
They encrypt files with your public key and then send those files to some company that was not supposed to get the data. This company does not have the private key to decrypt this data so the data was not exposed.
You encrypt files with another entity's public key and then send them the files afterwards and only they can decrypt these files with their private key from their key pair.
You encrypt files with another entity's public key and then send the files to the wrong company but they cannot decrypt the data as they do not have the private key to do so and therefore no data is exposed.
Further Reading