@BeAware @Larvitz In short, each key is in 2 parts; the public and the private.
I (as a third party), can take your public key and use it to encrypt a message that only the matching private key can reveal.
You can also use multiple public keys to encrypt a message, so you can chat with multiple recipients at once.
Signing works on a similar premise, where you can sign a plain text message with your private key, and me (again as a third party), can use your public key to verify the plain text message was not altered.
The main unfortunate part is access to the private key; email clients like Thunderbird support it natively and transparently, (sending/receiving encrypted messages "just works"), but Mastodon being a web application, doesn't have access to your private key, so a desktop app would be required (or a browser plugin would be needed).