I'm not sure if this was a web developer position you were interviewing for, but your statement of "these developers are building sites that need to be secure" makes me think it is. Let me speak as a web developer who's been at this for over twenty years.
I've never once in my position needed to know public/private key encryption to secure files for my job. If you asked me right now how to do this, I'd have no clue. If my manager were to walk over to me now and tell me to do this, I'd need some time to familiarize myself with the process. This would mean using Google to find articles on the subject. Possibly with an addition of purchasing books on the topic or going for training, but mostly Google. I pride myself on my Google-Fu. It can be an invaluable skill to a developer.
How do I secure my websites without knowledge of public/private key encryption then? I know how to set up SSL certificates and send traffic via HTTPS. (Yes, this is a form of public/private key encryption, but I don't know the intricacies of it. I just know how to set it up.) I also know to sanitize my inputs so a user entering "LastName=Jones' 1=1; Delete From Users" in the URL won't delete all of our records. I know not to take user input and just spit it out on my webpage. I know to look for the edge cases where security could fail and protect against them. When I'm building websites/apps, I think "how would I break this if I were malicious" and then I protect against these attacks. Is my security 100% effective? I'm sure not. Nobody's is, but I take pride in securing my sites as much as I possibly can.
All without being able to recite Public/Private Key Encryption details on command. Unless the job directly requires this knowledge, I'd inquire as to why this was such a deal-breaking question and why you've come to the conclusion that so many developers are bad at what they do because they can't immediately recite the details of every technology you toss their way.