I think the file type actually does matter. Since Excel and other programs natively provide security, why not use that? I get that if you want a security person you need to ask specific questions, but perhaps you need to be more specific when looking for applicants. A killer JQuery person or data translation expert probably won't know PKI very well.
No - it has nothing to do with what the original poster asked:
We are looking to fill a senior developer/architect position in our firm. I am disappointed with the applicants thus far, and quite frankly it has me worried about the quality of developers/engineers available to us. For instance, today I asked an engineer with 20+ years of experience to describe to me the basic process of public/private key encryption. This engineer had no clue.
This is for a senior developer / software architect role. If I were in Ramone's position, I'd feel the same way. I learned the basics of PKI while an EE undergrad back in the early '80s - concentrating in telecommunications. It was in a required course. And I didn't really use that knowledge as a professional until the late '90s and I continue to use it to this day, even though I'm not a security professional (though I do design secure networks). Now, that being said, a developer today, to be a software architect, should at least be able to explain the basics of PKI at a cocktail-conversation level. They don't have to know what goes into the various SHA and RSA algorithms (I certainly don't know off the top of my head), but they should be able to talk about encrypting with someone's public key and the only way to decrypt is with that person's corresponding private key. Security 101 is probably part of every single CS curriculum, if not every IT-related one.
I asked another applicant a similar question: "Suppose you wanted to send me a file with very sensitive information, how would you encrypt it in such a way that I would decrypt it?" The person started off by asking me if it was an excel file, a PDF, etc
Now this response from the candidate I can understand. Remember this isn't the first interviewee who couldn't explain PKI. In this case, they may have been thinking "Excel and the PDF standard both support encryption - so I'd just answer that you password protect the file. If it's a plain-text file, you could use the password protection feature of any .zip archive utility, or better yet use PGP/GPG encryption if you know the recipient's public key". It may well be that Ramone was expecting something different when the candidate asked this, and on seeing the surprise on Ramone's face, lost his train of thought and got confused.
After all, the interview was apparently for a high level position writing code for Ramone's pool cleaning business. ;-)