Encryption is the process of transforming data into a form unreadable by anyone without a secret key. In order to read an encrypted message, the encrypted text must be decrypted back into plain text. This is done via the use of an encryption algorithm plus a secret key. There are two basic types of cryptography: symmetric key and public key.
Symmetric key algorithms are the quickest and most commonly used type of encryption. These algorithms require that the sender and receiver of a message share a secret key. Each side must know what the secret key is in order for this to work. In symmetric key cryptography, the algorithm used to scramble a message needn't be kept secret. It's the unscrambling function - the secret key - that needs to be safeguarded. Examples of symmetric key algorithms include Data Encryption Standard (DES), RC2, RC4, IDEA, and SkipJack.
In public key cryptography, there is no shared secret key. Instead, two keys, called key pairs, are created at the same time. These key pairs are mathematically related and are created by using very, very large prime numbers. By knowing one side of the pair, you cannot realistically determine the other number in the key pair. The pair contains a public key and a private key. The public key is the key that you give out; the private key is the key that you keep to yourself, usually on the machine that generated the key. If a private key is used to encrypt a message, only the public key can decrypt the message; if a public key is used to encrypt a message, only the private key can decrypt the message. Public key cryptography is much slower than symmetric key cryptography, so it isn't effective for bulk encryption.
The combined use of digital certificates and digital signatures is referred to as Public Key Infrastructure, or PKI.
Digital certificates are data records about individuals or businesses that are issued by widely trusted entities. Banks are competing to act as such trusted entities online in the role of Certificate Authority, or CA.
The software certificates issued by CAs typically provide the bearer with the means to digitally "sign off" on electronic transactions. These "signatures" have nothing to do with physical signatures. They are actually encryption routines intended to make online transactions legally binding because they effectively guarantee that the transacting parties are who they say they are and that their correspondence wasn't interfered with in transit.
The chance of cracking the encryption cycle (signature) is almost impossible. The more likely danger is that the certificate, containing the signature, will make its way into the wrong hands, either by being issued in error or by being stolen.