in cryptography, a value associated with a particular person and used to decrypt messages from that person or encrypt messages to him/her
A public key is always associated with a single private key, and can be used to verify digital signatures generated using that private key.
The second lock -- your private key -- only comes off with your public key.
Like, what if I tricked you into thinking that my public key was your boss's public key?
You'd encrypt the message with your private key and my public key.
I typed, then encrypted it to my public key and mailed it off.
Then I came to one that was only encrypted to my public key.
Because if they can decrypt it with your public key, it can only have been encrypted with your private key.
I signed it and encrypted it with my private key and the public key Masha had provided.
So instead of just encrypting the message with your private key, you also encrypt it with your boss's public key.
The first lock -- the boss's public key -- only comes off when combined with your boss's private key.
Now, the easiest way to fix this is to really widely advertise your public key.