From gWebs Support Wiki
When two MailCloak users want to exchange encrypted emails, each user must first be able to encrypt outgoing messages.
To better explain, let's use the example of Alice and Bob.
For Alice to send Bob an encrypted email, Alice must first possess Bob's public key because Alice needs to encrypt her email to Bob using Bob's public key. When Bob receives Alice's email, he will then be able to decrypt it with his private key.
When Alice first installs MailCloak, she won't automatically have Bob's public key. Bob needs to send Alice his public key before they can start exchanging encrypted emails.
So this is a rough sketch of the key exchange process. It really is less complicated than it sounds.
- Alice sends Bob an unencrypted email with her public key attached. (Usually this first email is a request for the other user's public key. We call this an invitation.)
- Bob now has Alice's public key. At this point, Bob already can securely send Alice messages.
- Bob sends Alice an email that has been encrypted using Alice's public key with his own public key attached. (By default, MailCloak will automatically attach Bob's public key to all of his outgoing emails.)
- Alice now has Bob's public key.
- Alice sends Bob an email that has been encrypted using Bob's public key.
- Bob decrypts the email he received from Alice using his own private key.
Key exchange only needs to occur once. MailCloak has set up Cryptobot to help users get used to the key exchange process and to make sure they can send and receive encrypted emails.