The secret key is generated by a strong random source, sometimes augmented by the additional use of a CSPRNG like ChaCha - which is basically a cryptographic hash function, this CSPRNG is used by the Linux kernel and others in addition to random input from other sources, to provide a reasonably high volume of random bits for security purposes.

The public key is derived from this private key via the use of scalar math with Elliptic Curve Digital Signature Algorithm methods (ECDSA) and the secp256k1 elliptic curve group, which is a bunch of deterministically generated prime numbers (chosen by satoshi because of its deterministic generation method, unlike many other EC groups which are a little massaged).

The public key from this is 512 bytes long, made of two coordinates each 256 bits long, and normally is "compressed" to 257 bits, as due to the symmetry of elliptic curves, only the sign (smallest/least significant bit) of the second coordinate matters.

Then, following the method devised in BIP-340, if the public key generated is odd (would have a 1 bit at position 257) the private key is inverted, all 1s become 0 and vice versa. This will then generate a public key that is 256 bits long, the purpose of this was to eliminate the overflow into a 33rd byte that is normal for ECDSA public keys, and wasteful on the limited bitcoin block.

Thus we have a 256 bit secret key and a 256 bit public key, these are encoded as hexadecimal (1 character per 4 bits) for the hex, or prefixed with nsec/npub and the key is encoded with base32, which provides 5 bits per 1 character.