In my last job I was responsible for onboarding b2b clients to send us hr data through sftp with key authentication. We also recommended they encrypt with our public pgp key and sign with their private key.
Trying to explain the difference between ssh keys and pgp/gpg keys took up a good 20% of my time some weeks. Often, I was talking to tech companies, or companies with a reputation for technology... I don't think the majority of Windows admins understand public/private keys.
