PGP is a software that allowes you to communicate with other entities in a secure way. The basic technology that underlies PGP is a public key cryptosystem.
The insight is probably not that important here. I would rather focus on some operational facts which should be considered:
If you installed PGP and created your Secret Key, make sure you use a passphrase to protect it. This phrase is used every time you are going to use the key either to encrypt/sign or decrypt/verify something. With a passphrase in place, your Private Key is encrypted with this phrase and an attacker (thief of the key) needs to brute force attack the key in order to find the right passphrase. This already suggests that you use a sufficiently large passphrase that bruteforce attacking will take some time.
Create a copy of the key and store it in a safe place! Whenever you loose your key, there is no chance to get it back anyhow. There is no possibility to recover it from the public key for example. A loss of your key would mean that you would have to generate a new one and distribute the new public key to all your communication parties.
Don't give your privaet key to anybody else! Your key is your key. Keep it like that. Your private key is the key to your encrypted emails! Keep that in mind!
I would suggest that you make your key valid for a certain period of time only. I think of a year. Think of it!
