What is "signature.asc"?
Firstly, it is just a text file attachment and it is completely harmless. If you don't care about security or privacy you can safely ignore it. If you do care about security or privacy, the attached "signature.asc" is a digital signature that can be used to verify that the message that you are reading really came from me, Roman Kutlák, and that the content is what I have written.
Why?
It is actually relatively easy to tamper with someone's email. The most obvious way of doing so is to find a person's password and login into their email. The less obvious way is to hijack your email on the way from your mail server to your recipient's mail server and change the content (DNS Hijacking). Here is a nice article explaining how it works. This then leads to various frauds that can cost you hundreds of thousands of pounds. If you want to read some scary examples, google "Friday afternoon fraud".
How does it work?
You can secure your email by signing and encrypting it. First, you will need some tools to help you with creating a pair of "keys" (really just a long string of characters and numbers) that can be used by cryptographic algorithms. A good program for mac users is GPG Tools which integrates with Mail and automates signing and verifying emails. GPG will ask you what your email address is and it will create a private and a public key. You should backup the keys and make sure they are secure. If you encrypt your emails and then lose your private key, you won't be able to read them ever again.
The private key is used for signing your emails and the public key is used by recipients for verifying an email signature or encrypting emails for you. That means that if you want to send an encrypted email to your friend Bob, you will need his public key. You will also need it to verify that the email you got from Bob is actually from him and the content is what Bob sent, not what was substituted by a malicious person.
If you want to secure your emails so that you can be sure of the origin of the message or the content written within, look up PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard) -- an open source implementation of the OpenPGP standard. There are many plugins and extensions for email clients that you can install and they will manage signing and verifying signatures automatically.