PGP verification underpins every trust decision on WeTheNorth. Understanding what the check actually proves matters before running it as a habit.
Two guarantees
A PGP signature over a message proves two things simultaneously.
First. The message was signed by the holder of the private key corresponding to the public key you have. In other words, the message came from a specific identity.
Second. The message has not been altered since signing. If a single byte in the envelope changes after the signature is applied, the signature fails to verify.
Why this matters for a mirror address
A mirror address on its own is a 56-character string. There is no way to know from the string alone whether it points at the real WeTheNorth or at a phishing clone. But if the address is inside a signed rotation from the operator, and that signature verifies against the operator public key you already have on your keyring, then the address is provably from the operator.
Why the check needs a trust anchor
The verification is only as trustworthy as the public key you use to verify against. If you imported a phishing operator's key at the beginning, every phishing rotation from that operator will verify successfully.
The anchor is the operator public key, fetched once from at least two independent sources (the pinned Dread profile and the /pgp path on a mirror you already trust), cross-checked, and then never re-fetched. Everything downstream is anchored to that first import.
Why the operator private key matters
If the operator's private key is ever leaked or seized, the attacker can sign anything under it including a fake rotation, and it will verify. This is the one attack the PGP model does not defend against on its own. The operator's operational security around the private key is a separate concern.