Each user generally has two public/private key pairs. One key pair is used to encrypt session keys and the other to create digital signatures. These are known as the key exchange key pair and the signature key pair, respectively. These key pairs are discussed in Generating Cryptographic Keys.
Note that, while key containers created by most CSPs will contain two key pairs, this is not required. Some CSPs do not store any key pairs, while others store additional ones. For more details, see Interfacing with a Cryptographic Service Provider (CSP).