[groovybits]

PGP is a two-party system. The sender has a public/private keypair, and the recipient has a public/private keypair.

The sender encrypts a message with the sender's priv key and the recipient's pub key.

The recipient decrypts the message with the the sender's pub key and the recipient's priv key.

> Almost all of the transactional emails I have received (receipts, confirmation numbers, etc) are probably unencrypted, right?

Totally up to your email provider and a sender's email provider. Your provider may choose to send/accept email over TLS, which is also encrypted. Gmail, for example, does this.

[jolmg]

> The sender encrypts a message with the sender's priv key and the recipient's pub key.

You just need the recipient's public key to encrypt. Are you thinking about the sender adding a cryptographic signature, too?

> The recipient decrypts the message with the the sender's pub key and the recipient's priv key.

You don't need the sender's public key, just the recipient's private key to decrypt. Though, if there's also a cryptographic signature from the sender, then you would need the sender's public key to verify the signature.

[groovybits]

I was attempting to explain in a simplified manner, since OP said that they did not know much about email encryption. But if you want to be semi-technical about it:

Both the sender's and recipient's public keys are required to calculate a shared secret. That shared secret is then used to encrypt the message. The recipient's priv key is used to decrypt the message.

Edit: Validating a digital signature is typically part of the process when using all-in-one software (eg: Thunderbird's Enigmail extension). That is why I mention the use of private keys. Again, an oversimplification on my part in response to OP's statement "Is encryption on emails that I have received controlled by the sender?", which is false.

See: https://tools.ietf.org/html/rfc4880#section-2.1

[thomastjeffery]

Yes, that is the detail that was glossed over.

The difficult part is for the sender to get a copy of the recipient's public key. In practice, a sender will always sign with their private key, since they can just send a copy of their public key with the message.

I think GP thought it necessary to give a complete example, but not a complete explanation.