Web of trust may be a mechanism for determining the validity of public keys, particularly for pretty good privacy (PGP) users. Users posting new public keys typically have a trusted intermediary sign the new key. Once the intermediary verifies the identity of the person with the new key, the signature then verifies that the new key is genuine.
Before signing, the intermediary makes certain that the key contains the correct key fingerprint (actual code). After signing, other users who trust the signer can decide to trust all the keys signed by that person.