In recent releases, Debian has been using strong crypto to validate downloaded packages.
This is commonly called "secure apt" (or "apt-secure") and was implemented in Apt version 0.6 in 2003, which Debian migrated to in 2005.
For details on the format of the files Debian repositories please refer to the Repository Format page.
However care should be taken with key IDs, especially the short 8 character ID as it is possible to generate collisions.
apt-key is a program that is used to manage a keyring of gpg keys for secure apt.
Public key cryptography is based on pairs of keys, a public key and a private key.
The public key is given out to the world; the private key must be kept a secret.
None of this is new in secure apt, but it does provide the foundation.