pgp gpg signatures and the like

PGP and GPG are, respectively:

• Pretty Good Privacy, an open standard software design and architecture for encryption using the public key / private key model. (link)
• GnuPG aka Gnu Privacy Guard, a Free Software / Open Source implementation of the PGP standard. (link)

The key to it all is key exchange. You may exchange keys in a number of ways:

• By sending it via e-mail to a 'correspondence partner'. 
• By publishing the key on a website for everyone to access.
• By uploading a key to a keyserver.

Q: Someone has sent me an email and it has an attachment 'signature.asc' so that is that all about?
A: A dot '.asc' file simply indicates that the file contains plain (ASCII) text. An ASC file

• A so-called 'inline armour' signature file '*.asc' is a static file containing a public key. 
• A PGP/MIME signature file is a bit like a checksum, it is the result of a unique calculation based on the message content and the sender's PGP key. In this case the '.asc' file contains the output of a function that uses the original document content, the sender's private key, the time etc. This works by virtue of the fact that any particular digital file has a numeric/binary representation, basically a very long number, and can therefore have math performed on it.

Q: You visit a website and where each contact person includes a seemingly random string of 40 hexadecimal characters labelled 'GPG key' otherwise known as the 'fingerprint'.
A: A fingerprint links to a downloadable version of a public key, a file such as 'somefilename.asc' containing more random  letters and numbers e.g. file contents looking somewhat like the following

----BEGIN PGP PUBLIC KEY BLOCK-----
fall34saLKU877lkdkmQENBE8e3CIBCACeeMFj0mrmp66lKg4u1yBCxZLKd6gbjOjAW6JoCmIBemOnH3yR6f4XQwpO3wcvuK1NAyV6XvjN7kg/eRwjzjKr3Ro9k+l7kk2EuTSAwEX2rudWEXdr5OCFob6ag4osic8+jajM/VAFYw3S1tPW+Jmf8FddcpXyy9yeKsDYDYbFKUPOvNwoH2qHPY4wTVi2QcsDuaHjRCqi
-----END PGP PUBLIC KEY BLOCK-----

Q: Can you suggest basic exercises to follow to learn how to use PGP signing and encryption?
A: Try attaining the following goals in order of increasing difficulty...

1. Install PGP / GPG or use webmail extension/add-on like Mailvelope (works for Chrome or Firefox only), you should then be able to verify other people's signatures and collect their public keys.
2. Generate your own key files, and store them locally initially.
3. Sign an email (doesn't encrypt the content) and send it to me (like I did above) so I can verify the signature.
4. I think signing is also a way of sharing your public key via email. After which I should be able to encrypt something intended for you.
5. Practice encrypting/decrypting
6. Publish your public key on a key server to make accessing your public key easier.

Notes:

Using Mailvelope for in browser webmail (Chrome and Firefox).