A key can be a public key of a supported system (ed25519)or a ID of a smart contract. Public and private keys are generated by an algorithm and are unique to one another. If an account has an ed25519 key associated with it, then the corresponding private key must sign any transaction to transfer cryptocurrency out of it and update its properties. You can have a single key on an account have the option of a list of keys.
There are three different list of key options you can enable:
Key list: a list of signatures required to authorize a transaction (multi-signature).
Threshold: a list with a set minimum number of signatures required (m of n signatures). Threshold signatures enable partial approval of transactions.
Nested: a complex hierarchy of signatures required, up to 4kb. This can include key lists or thresholds within a nest for modeling more advanced scenarios. The complex hierarchy can include a key list within a threshold key or a threshold key within a key list.
All transaction types support the above key structures. For a transaction to go through, signatures must match the threshold requirements.
Public/private key pairs are used to identify the user and sign transactions that are submitted to the network for consensus. The public key can be shared and is visible to other users in the network. The private key is kept secret to the owner and grants access for the owner to transfer available funds in their account. Private keys cannot be recovered once they are lost unless they were created with an associated recovery phrase that you have access to.