The system admin can always get the key out of your email and open whatever has been sent.
Completely incorrect as well. The public key can only be used for encryption, not decryption.
Oh, right, okay, having a "duh" moment. So you can send your public key via email, and ANYONE can send you an encrypted email, but ONLY to you. Because you have the private decryption key.
You are right, I follow now. That could work.
No problem. I'm not a crypto guy but we used PGP encrypted email for many years so I know the basic principles.
I've used it, but I was adding in the incorrect assumption that everything had to be done only on the sender's end. Which if you did that, encrypting with PGP and sending the key with it, anyone who intercepted would be able to read. But if the recipient can send the key too, then yeah, obviously that works great.
It's pretty easy to install and use nowadays, especially if you are just a couple of persons. You just install the add-on needed depending on your email client. Then you have to tell it what you want your passphrase to be and it will create your public and private key for you.
All you have to do then is email your public key to whomever you want to be able to receive secure emails from. And they'll do the same.
When you receive a secure email you have to enter your passphrase to read it.
Writing this I think the best way to use this for ordinary business use is to only send encrypted email when you are sending something sensitive, like passwords or stuff like that.
Problem with encrypted email (and also it's strength) is that you can't read it if you don't have your private key and passphrase. But it makes it complicated reading email on different devices and software unless you copy your private key everywhere and enter your passphrase on a number of insecure devices. Which defeats the security aspect of it.
So it works best on desktop clients and if you only encrypt when really needed, you are not much affected by the drawbacks. If you try to read an encrypted email on a devices that doesn't support it you'll just see an attachment that is just gibberish as my earlier post shows.