So, someone has asked you for a PGP/GPG public key. You just want them to send you documents to everything is legal. Why is he doing this? Isn't E-mail secure?

The problem is e-mail at the TCP/IP level is clear text. That is to say it is insecure. Just as the now unused HTTP is insecure. As the data goes from his computer to yours, it has to go through other computers a long the way, and at any point in this journey the email message can be read. So, if you are getting attachments with dates of birth, social insurance numbers, and other documents, this could be copied in transit and then used to steal identity. Of course you don't want this to happen.

GNU Privacy Guard

You can get an encryption tool at https://gnupg.org/ . With a few short steps, the documents can be encrypted in a way that is unreadable to any other except for you. Once installed, open a terminal (command line) to generate a key pair:

gpg --generate-key

The program will prompt you for your real name, email address and a passphrase. Remember your passphrase! It will generate a key pair for you quickly. Now put your public key in a file like this:

gpg --armor --export > PublicKey.txt

So now send PublicKey.txt to the prospective employee. This file is to be shared around and be used to encrypt files only you can decrypt. Later on, you'll get a file or files with the following extension: .pgp. For example: documents.zip.pgp. To decrypt the file:

gpg --decrypt-files documents.zip.gpg

You will type in your passphrase and then you will get documents.zip.

This article was meant to make things as simple as possible while still using the tool. There is much more information on how to use and why here.