There are two types of cryptographic keys: session keys and public/private key pairs.
Session Keys. Session keys are used primarily for data encryption/decryption and are used with symmetric encryption algorithms. That is, the same key is used for both encryption and decryption.
Most of the activity involving session keys relates to keeping them secret. It is important to keep the number of people who possess a particular session key as small as possible (one or two people is recommended).
Public/Private Key Pairs. Key pairs are composed of two components: the public key and the private key. The public key is made available (via an Internet server, e-mail, or some other means) to whomever needs or wants it, while the private key, on the other hand, is kept secret. Only the owner of the key pair is allowed to possess the private key.
If one of the keys (the public key) is used to encrypt a message, then the other key is required to decrypt it. Thus, if you want to send someone a message, you can encrypt the file by using their public key and be confident that no one else will be able to read the file.
If the private key is used to sign a message, then the other key must be used to validate the signature. For example, if you want to send someone a digitally signed message, you would sign the message with your private key, and the other person could verify your signature by using your public key.
Unfortunately, public-key algorithms are very slow and it is impractical to use them to encrypt large amounts of data. In practice, symmetric algorithms are used for encryption/decryption, while the public-key algorithms are used merely to encrypt the session keys. Similarly, it is not practical to use public-key signature algorithms to sign large messages. Instead, a hash is made of the message and the hash value is signed. For more details on hashing and signatures, see Hashes and Digital Signatures.