A public key is linked to a private key. The public key (RSA) is distributed to the 'wild' and anyone who wants to send an encrypted file (generically speaking here), they will request the public key and encode against it. The cypertext is unreadable to anyone who gains access to the file, even if they have the public key.
The private key is needed to decode the file. As long as the private key is kept private, it is statically improbable that anyone will guess or hack the the key. Improbable, not impossible.
The real issue is keeping the private key private. Most cracks are done with social hacking. Extortion, loggers and monkey-in-the-middle public key conversion are other ways more probable than brute forcing the password or key.
In your comment to Brawndo you asked
what's the point of having a public
and private key then if both can
decrypt others? Why not both have the
same key?
What you are describing is Symmetric-key algorithms, which AES is one. The reason for public-private keys are that with Symmetric-key algorithms how do you pass a Symmetric key over unsecured networks, mail, phone or what not without the key being intercepted. Perhaps encrypting the key, but then how do you pass that key? With a public-private key combo, that becomes LESS relevant.
"In most cases, there's a greater
probability that the sun will burn out
before all the computers in the world
could factor in all of the information
needed to brute force a 256-bit key,"
said Jon Hansen, vice president of
marketing for AccessData Corp, the
Lindon, Utah, company that built the
software that powers DNA.