Taliban, I'm referring to standard public key cryptosystems. Each user has a private key (stored locally, so only they know it) and a public key that everyone can know about. A user signs a message using his private key. Other users can check the signature with the user's public key. There is no need for any user to ever reveal their private key to anyone.

In RSA, signatures are typically implemented by encrypting a hash of the signed file with the user's private key. To verify a signature, other users decrypt the signature block and check that it matches the hash of the signed file.

Note that actually encrypting data (such as mail messages in PGP) simply reverses this process. A sender encrypts his message with the receipient's public key. The recipient decrypts the message with her private key.

Note that in both cases, the security-sensitive operation (signing and decrypting) is done using the private key, which is never revealed to anyone.