I don't know exactly how Nostr works, but I think it's similar: you have a pair of keys: 1 public, 1 private. The public key you distribute and it's associated to your email address(es). People, in person, validate that your public key is the one you say it is, then they can sign your key. This validates that your identity is what you say it is. Then when sending an email you'll sign it (using your private key). Other people, (ie, the person receiving yolr email) can validate using your public key that the email is from you and hasn't been altered. You can also encrypt the email using tee recipient's public key, which can only be decrypted with their private key.

It's been a long time since I read about this, so not everything I said might be 100% accurate. I used to use it with my geeky friends, but (like I said) normies don't use it.

PGP (the original algorythm) has a cool story, because the person who wrote it was arrested over it. He went to a conference in Russia and encryption was protected like weapons at the time. So disclosing PGP to Russian was considered treason or something like that. Later I think the algorythm was published in a book, so it couldn't be restricted (because of the 1st ammendment).

GPG is just the GNU (FLOSS) implementation of the PGP algorhythm.