Anyone who wishes to sign messages or to receive encrypted messages must have a key pair. People may have more than one key pair. In fact, it is advisable to use separate key pairs for signing messages and receiving encrypted messages. As another example, someone might have a key pair affiliated with his or her work and a separate key pair for personal use. Other entities may also have key pairs, including electronic entities such as modems, workstations, web servers (web sites) and printers, as well as organizational entities such as a corporate department, a hotel registration desk, or a university registrar's office. Key pairs allow people and other entities to authenticate (see Question 2.2.2) and encrypt messages.
Corporations may require more than one key pair for communication. They may use one or more key pairs for encryption (with the keys stored under key escrow to safeguard the key in event of loss) and use a single non-escrowed key pair for authentication. The lengths of the encryption and authentication key pairs may be varied according to the desired security.