Last Friday I tweeted
I was wrestling with trying to get an encryption key produced by CoreFTP work with my bank. In the end I used ssh-keygen to produce the keys. However every time I have to do something with public key encryption I get frustrated because I don't really understand what's going on.
I understand the basics: you generate two keys somehow and give people your public key. Then when they want to send you something encrypted they lock it with your public key and only you can read it, by unlocking it with your private key. A better analogy is that the public key is a padlock, which can only be unlocked with the private key. Someone puts a message for you in a box, and locks it with your padlock and then only you can unlock it and send it.
However when it comes to things like "certificates" and "thumbprints" and other words like that I got lost. Also, in researching the answer to that question I got confused by things like "RSA" and "SHA". Were they different versions of the same thing or were they different things?
I looked for a poster but couldn't find anything so I drew up my own. It's probably not very clear, but the reason I'm putting it here is in case someone wanted to tidy it up and check for accuracy and so make something useful for other people.