gpg --list-sigs
. Email as many people who have signed the key as possible, preferably at different organizations (or at least different domains). Ask them to confirm that they have signed the key in question. You should attach, at best, marginal trust to the responses you receive in this manner (if you receive any).gpg --verify
, please check the following first: