I’m at EuroBSDCon in Croatia teaching TLS and SMTP, so here’s a snippet from my TLS tutorial.
Let’s say I create a public key pair. I keep one key of the pair. The other key I give to my chief goon, Vizzini, before I dispatch him out into the world. Nobody else has either of these keys. My goon and I can use these keys to exchange messages that can be read only with the other key in the pair. I use my half to encrypt my messages to my goon. Hopefully I remember what I said, because once the message is encrypted, my key cannot decrypt my message. Fortunately, “Start a war and frame Guilder for it” is short enough that even I can remember it. Only the other key in the pair can decrypt that message. I mail my message. Anyone who snoops on that message sees only indecipherable gibberish.
When my message reaches my goons, they use their key to decrypt it. They can then use their key to encrypt a response, like “How about we kidnap the princess?” and send the encrypted message back to me. Only my half of the key can decrypt this message.
So far, so good.
Yes, the tutorial is based on TLS Mastery, which features the most apropos cover art of any book I have written.