Public Key Infrastructure (PKI) is the foundation for applications like email encryption, file encryption, smart card authentication and more.
A Certificate Authority Server issues certificates that are stored on a client computer or on a smart card. The certificate ties an identity to a public key. The user keeps the matching private key securely stored on his computer or on a smart card.
The public key is part of the certificate. The public key is used for encryption. The private key is used for decryption. Only the holder of the private key can decrypt and read the encrypted email.