It uses encryption that works with a pair of digital keys. Kinda like two different passwords.
One is considered the “private key” and the other the “public key”

As the names suggest, the privare key stays in the hands of the owner of the key pair while the public key can be shared with the public.

If something is encrypted with either of those keys, only the other key of that pair can decrypt it.

So a member of the public can use the public key to encrypt something, which then can only be decrypted by the owner of the private key. Noone else of the public can decrypt/read that message.

On the other hand, if the owner encrypts something with the private key, anyone in the public that got the public key can decrypt it.

So if you get a mail from someone which contains additional encrypted information (let’s call it a digital signature) and you can use the public key of that person to decrypt that signature, you can be sure it came from them (or their private key was stolen 😉)

The signature is also related to the content of the mail. So if the mail was tampered with you would see that.

So a pgp signature can verify the authenticity and integrity of a mail or any other digital media.