keysigning

Keysigning is a practice in public-key cryptography in which a person signs another individual's public key to attest that the key genuinely belongs to the stated identity. It is most commonly used in OpenPGP systems (such as GnuPG) and is a core component of the web of trust model.

The process typically involves identity verification, often in person or through trusted channels. The signer checks

Signed keys are distributed by uploading them to public key servers or by exchanging key files. Other

Keysigning is rooted in the web of trust rather than a centralized certificate authority. Trust is a

Caveats include varying identity verification standards, the risk of key compromise, and the need to revoke