A group of accountants encrypt the emails they send to your company because they contain highly sensitive financial information.
Today you received a call from one of your users stating they are unable to decrypt any of the emails sent by the accountants. Which of the following steps will you take to resolve this issue?
a. Generate a new public and private key.
b. Disable email encryption.
c. Send your private key to the accountants.
d. Have the accounting company send their private key to you.
You encrypt a message using the recipient's public key and the recipient decrypts the message using his own private key. Only the public key can be known by an external agent. The private key is for the individual and is not expected to be shared. In the event that the recipient cannot decrypt the message, it is unsafe to send one's private key to him. He does not even need one's private key to decrypt the message, he needs his own private key.
The best thing to do is to generate another means of security by generating new public and private key so that the sender encrypts the message with the new public key and the receiver decrypts it using his new private key.
Option B is wrong because, if the encryption is removed, the aim, which is to secure the message from intruders is not achieved.
