In a nutshell, paired key encryption and decryption is one of the best ways to increase data security. Say an employee of a company needs to transfer a top-secret document to a fellow employee at another physical site. And say that the information was to be transfered over the Internet! Could this be accomplished in a way that would agravate melicious hackers to no end? You bet it could! First the sender would encrypt the secret file with the receivers public key. It's important to note at this point that there is no such thing as absolute security, only varying degrees. Still, the key can be made complex and incredibly hard to crack. Anyway, the file is now sent over the Internet to the destination a company site. The receiving employee needs to use his private key to decrypt the file. It is critical that the private key is never distributed to anyone else or across any insecure medium, such as the Internet. This is because the private key is the only key that is capable of easily decrypting the secret file, if the correct password is provided.

Digital signatures add to the security of paired key encryption. A signature is applied to a file as it is encrypted by mixing the file's contents and the sender's own private key. The receiver uses the sender's public key to varify the signature, as well as the actual contents of the file!

Even with all this, one attack is still possible. Say the a company employee got the receivers public key from a server off of the Internet. What if that key had been replaced with a milicious hacker's special version. Why the hacker could then decrypt the file with his own private key as it travels over the Internet. He might even be able to re-encrypt the file with the intended receiver's true public key so that no one would notice what had just happened! The solution to this is using a web of trust. Public keys can be signed by others. Then those others can have their public keys signed as well. In this way, webs of trust are developed where people vouch for each others public keys.

GnuPG is capable of generating key pairs of various sizes. It's minimum is 768 bits and, in the case of RSA keys, can go up to 4096 bits! Although the NSA could theoretically hack a key of this monsterous size, it would be fun to see them try with current and near-future technology. When I do my personal banking online a mere 128 bit RC4-MD5 encryption scheme is used! On the down side, larger keys require more time to create and use than smaller keys. The following is good practice when generating passwords that are tougher to break:
- Make the password long.
- Use a mix of upper and lower case letters.
- Insert numbers and symbols among the letters.
- Never use personal information such as birthdays!
- And never ever use a single plain English word!

It's important not to lose or unintentionally give the private key away once it is generated. If it's lost, any files encrypted with its public counter part are rendered useless. If security is compermised by the private key falling into another persons hands, the revoke certificate should be used. It's also generated at the same time as its associated key pairs.