The trick is that there exist encryption schemes such as RSA which allow a private and public key. The way it works it that you generate both, keep the private key a secret and share the public key with the world. The private key only decrypts messages signed with the public one and the public one only decrypts messages encrypted with the public key. This means the public can send you messages only you can read and you can send messages that are verifiable to have come from you because they can be decrypted by the public key. From here you can use AES, which is symmetric, same key for encryption and decryption, to share the same key between both people. This is actually how https Internet security works. Your OS /browser keeps track of certain public keys that can be used to verify domains as being legit.
flux124 t1_je6mt6t wrote
Reply to comment by Zharken in ELI5: When a third party app says they offer "end to end encryption," what does that mean? by [deleted]
The trick is that there exist encryption schemes such as RSA which allow a private and public key. The way it works it that you generate both, keep the private key a secret and share the public key with the world. The private key only decrypts messages signed with the public one and the public one only decrypts messages encrypted with the public key. This means the public can send you messages only you can read and you can send messages that are verifiable to have come from you because they can be decrypted by the public key. From here you can use AES, which is symmetric, same key for encryption and decryption, to share the same key between both people. This is actually how https Internet security works. Your OS /browser keeps track of certain public keys that can be used to verify domains as being legit.