This is a very brief guide to the way that public key cryptography works.
Public key cryptography works by making a transformation of the message into a coded version. The algorithm for this transformation and the "public key" which makes it unique for the particular receiver are publically available. The reverse transformation algorithm is also publically available, but it does not work without a "private key" and this is kept completely secret. It is not practical (this side of the heat death of the universe) to deduce the secret "private key" value from the "public key".
There are now several schemes for public key cryptography using different areas of mathematics. The most famous is RSA - and that is the one used by classic PGP.
RSA uses a pair of very large prime numbers, and uses the fact that factorising large numbers into primes can take a very long time because there are few shortcuts - you just have to try lots of divisions and hope. However, if you already know the prime numbers then you can do the factorisation very easily. Key generation involves selecting a suitable pair of numbers and usually involves using some random events to generate candidate values which are then tested to see if they appear (to all practical purposes) to be prime.
This key generation is done in the privacy of your own home for obvious security reasons. You publish the private key, based on the combination of the primes, but keep the primes safe on your machine.
There are other types of cryptography besides public key cryptography, and the DTI may have these in mind when their consultation paper proposed to license key generation, which is otherwise a very unlikely service for a TTP to offer.
Back to the discussion of key escrow
HTML problems? mailto: webmaster@happyday.demon.co.uk