The power of the PGP approach, which is instantiated as free software under the GPG (GNU Privacy Guard) name, is that it solves the problem of how to share a strong encryption key without it being compromised, because that session key could be used by any party to decrypt a message or encrypt new ones that can't be verified on their own. The PK portion lets you share the document's key safely.
But you can see the problem immediately, and the reason why PGP and its variants remains in low use a decade after my optimistic review. In order to use PGP, all your recipients need to have tools to manage finding and using public keys and to validate that they belong to the parties who claim them, and have access to email plug-ins that interact with your local private key and your storehouse of others' public keys to manage encryption and decryption.
In Part 2, I'll explain what's changed and how to put this into practice.
Sign up for CIO Asia eNewsletters.