Hey, it's me. I don't think this is a secure channel. How do I know it's really you? If you really are my contact at the Department of National Security, I want to give you some info about those dirty hippies, but I need to be careful and verify your identity. Those X-NET hackers seem to really know their stuff.
I've never used this Pretty Good Privacy thing before, and everyone says it's really hard. Good thing we have EasyVerify, that program you showed me that makes it easier to verify that a PGP key is legit by using colors instead of random letters and numbers. You told me that your PGP key is supposed to be "blue" and the name on it is "Dept of National Security Agent <firstname.lastname@example.org>".
So send me your PGP key. If it's "blue", then I know it really is you I'm talking to, and I'll send an encrypted response.