Timed-release encryption, first mentioned by May and discussed by Rivest, Shamir, and Wanger, is a cryptographic primitive which enables us to ``send a message into the future.'' We take a simple approach, called public-key encryption with masking, in order to realize this requirement. In our model, the sender first encrypts a plaintext and ``masks'' the ciphertext, then send it the receiver. Given a masked ciphertext, not only the person who does not have a secret key but also the secret-key holder (the receiver) cannot know the plaintext underlying the masked ciphertext. If the sender wants the receiver to decrypt the ciphertext, the sender makes some actions to reveal the mask of the masked ciphertext. Then, the secret-key holder can decrypt the unmasked ciphertext. However, the person who does not have a secret key cannot still get any information about the plaintext underlying the unmasked ciphertext. Moreover, the sender cannot change the message underlying the (un)masked ciphertext after sending the masked ciphertext. In this paper, we formalize the model of public-key encryption with masking, and also propose its concrete scheme.