When you communicate with another person (or computer), you need a way to exchange information securely, so no one can intercept and read the information. Currently, the most advanced way to scramble (encrypt) data is through a system that uses key pairs. A key pair consists of a public and a private key. The keys are used similarly to keys in a lock, except the key pair requires one key to secure the lock and another to open the lock.

With key pairs, your software application uses one key to encrypt a document. The person who receives your encrypted document then must use the matching key to decrypt the message. The problem with this process is, how do you give someone the "key" to decrypt your message without allowing anyone else to get the key?

The solution is in the way the keys are used. When you request a Digital ID, your Web browser creates both a private key, that can only be used with the Digital ID you requested, and a public key, that becomes part of the Digital ID. The Web browser might ask you for a password to use when accessing the private key. It is very important that you choose a password that only you will know (not your birthday or other number or phrase someone is likely to guess).

After you receive and install a Digital ID, you distribute it to whoever needs it. The Digital ID that you send contains your public key. When someone needs to send you an encrypted message, they use your public key. When a message is encrypted with your public key, you are the only person who can decrypt the message because only you have the matching private key.

Likewise, when you want to send someone an encrypted message, you must first get their public key. You do this either by looking up their Digital ID in a directory, or you simply have them send you a signed e-mail message, which contains their Digital ID and public key. Then your e-mail application can automatically store the Digital ID until you need to use it.