Should I be concerned if a vendor tries to send me a PGP encrypted message that I do not have a key for? Vendor has a public key on the profile that I used to send him information, he responded with another PGP encrypted message. I don't have any key posted anywhere so I don't know what he would encrypt it with? His own key? But then I'd need HIS private key to see the message he's trying to send me lol. I think they don't understand how PGP works fully (or maybe I don't, please fill me in if that's the case)
You should have your own pgp public on your profile. He probably used someone else’s by mistake. If you don’t have your own up there you’re throwing secure communication out the window