PGP does not depend on large, opaque organizations to act as trusted certificate authorities. In the world of PGP, anyone who has a public / private key pair can act as a certifying authority.
PGP keys are packaged in certificates. A name and an email address are included as well. Along with these items, your certificate will include any number of digital signatures by third parties. These signatures are effectively assertions that you are who you say you are.
In PGP, you give your public key away by giving someone your public certificate. Since other people have your public certificate, they could pass it on to someone else. Someone who has never met you personally.
When you acquire the public certificate of someone you have never met face-to-face, you will open it and find a public key, a name, and an email address. You might also find a number of assertions by other people that the key actually belongs to the name and email address included.
As already mentioned, these assertions are merely digital signatures. Signatures made by keys you have never seen before are worthless to you. But depending on whose certificate you are looking at, some of the signatures might have been made by keys you already know.
The question is, how much do you trust these people?
Keys are valid for use when we are sure they belong to the people who claim to be their owners. Our own keys, for example, are automatically valid. If we have met someone face-to-face and believe who they claim to be, we can accept their public certificate over Bluetooth or from a key server and certify it immediately. Keys we have certified ourselves are automatically considered valid. Because our signature has now been added to this person’s public certificate, he or she might ask you to send it back to him.
Trust is assigned to key owners. Keys are considered valid if enough people you know and trust assert that it is. Valid keys can safely be used to encrypt and sign data in the real world.
In PGP, there are two levels of trust: complete and marginal. By default, if you acquire a public certificate whose owner you don’t know personally and inside is a signature by someone you trust completely, you will consider the key in the certificate to be valid. Two such signatures are required by people you trust marginally. People you don’t trust at all, don’t count.
Users of PGP KeyRing are able to set their own thresholds.
By collecting other people’s keys, signing them, and passing them on, we create a Web of Trust. Because we each assign our own levels of trust to the keys we have seen before, the Web of Trust looks differently to each of us. As we collect, sign, and pass on more and more keys, the scope of our Web of Trust grows.
The nature of PGP is such that key owners hold and pass on key rings in their certificates. As the name implies, there is usually more than one key in the key ring. The first key is called the master key, and its primary (some would say only) use is to act as the owner’s identity. For example, it signs the user name and email included in the certificate.
Other keys included in the key ring are called subkeys. These are the keys PGP KeyRing actually uses for encrypting and signing data in the real world. The master key signs the subkeys as a proof that they actually belong in the certificate and are just as trustworthy as the master key.
When we assign trust to people in our Web of Trust, we are effectively trusting the master keys.
The idea behind this scheme is that we can replace our subkeys somewhat easily, but a compromised master key invalidates the entire key ring. Also, for those who are concerned about the integrity of their keys (that is to say, deducing what the private key is without ever having seen it), the master key receives far less exposure to the world than our subkeys. This is because our subkeys are used to encrypt and sign data in the real world, but our master keys are only seen by those who have our public certificate or the public certificate of someone we have certified.