How Does Web of Trust Work?
- Web of Trust requires public key cryptography and digital signatures for its operation.
- You can sign certificates with your private key, and anyone who has your public key will be able to view what you signed and users who trust your identity and credentials can also sign your certificate. This develops a trust network.
- When a new user enters the Web of Trust network, they must find someone to sign their certificates. The person signing must validate the signee’s identity in some way, whether through a virtual encounter or a key signing party. The signer must additionally authenticate the key fingerprint, a unique identifying code linked with the signee’s public key, and verify that it is posted to the key servers following the signing.
What is Web of Trust?
Web of Trust in cryptography is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to verify the legitimacy of a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which is entirely dependent on a certificate authority (or a hierarchy of them). As with computer networks, there are several separate webs of trust, and any user (via their public key certificate) can participate in and connect multiple webs.