A private-public key pair is a combination of keys for use in cryptography. Each entity (for example, a service group) gets a private and public key. The public key is published, while the private key is kept secret by the owner. Often, the public key is contained in a certificate to make sure that a public key belongs to a certain owner.

When you want to send a secret message that only the receiver can read, use the public key of the intended receiver to encrypt the message. The message can only be decrypted by using the private key of the receiver. That way, nobody else can understand the message.

Private keys can be used to sign messages. When a message is signed using the private key, everyone can check if the message really is from the sender. This check can be done using the public key of the sender.