1. For decrypt, cipher text contains the userId which was used for encryption.
Receiving use it to look up in keyring for private key.
2. Sign vs Encrypt:
As I mentioned above, messages are encrypted with the message recipient’s public key and decrypted with the corresponding private key. Message signing, on the other hand, uses the sender’s private key to sign (encrypt) the message, and his public key is used to read the signature (decrypt).
3. When receive the PGP message: it's important to do both:
- verify signature