Invisibly Protecting your Digital Assets with Public Key Infrastructure - page 2
Keys are digital values used to encrypt and decrypt information. A PKI system uses keys in pairs. One key is private and kept secret by its owner. The other key is public and can be freely shared. When you encrypt a document with someone else's public key, only that person can decrypt it, since only he or she has the corresponding private key. This is how PKI provides privacy.
PKI keys are chosen and stored differently than computer passwords. First, a private key is created. The private key is a random binary number that is generated and used inside a computer or specialized hardware device. A private key is never chosen, seen, or created by its owner. Once the private key is determined, the corresponding public key is computed based on the value of the private key. PKI works because it is extraordinarily difficult--impractical by any currently available means--to go back the other way.
Keys can be as short or as long as needed. The length of keys is measured in bits. Long keys take more time to process, but offer correspondingly more protection. The most important considerations in choosing the length of the key are the overall value of the information to be protected and how long that information will have value. The greater the length of the key, the more computation would be required to determine the private key from the public key. A key should be long enough that the information would be worthless by the time the private key could be computed. As time goes by, and as computers become increasingly faster, it will be necessary to use correspondingly longer keys.