When you create a PGP, you get 2 keys, one is public, the other is private. The private one you keep to yourself and don't share with anyone, the public one you let others know by uploading it to pgp servers.
And the way it is used in messages is if you want to send a message to someone which you want no one else to see then you encrypt the message with that person's public key and only they can read it by decrypting the message with their private key and password. Its not a messenger, its just a good way of encrypting the messages.
Isn't it that aside from Public key and Private Key there's also this pass phrase that needs to be secured? Is it possible to sign and verify a PGP message without those pass phrase?
It is possible to remove the passphrase from the private key but this is not recommended. However this is usually the case for automated setups where there is nobody to enter the passphrase. You could also store the passphrase in a configuration file but from a security standpoint it does not make much difference to not using a passphrase at all.
