I may be misunderstanding your question, but here is the answer if I understand you correctly.
This is all based on public key cryptography. In public key cryptography, there are actually 2 keys, a public key and a private key. Sites like get hub and the repose can store the public keys, while into while individual users keep their private key's secret. Anyone with the public key can verify a signature, but only an individual with the private key can create the equivalent signature.
The trick is to determine if a given public key corresponds to an individual. There are various methods to try to address that.
This is all based on public key cryptography. In public key cryptography, there are actually 2 keys, a public key and a private key. Sites like get hub and the repose can store the public keys, while into while individual users keep their private key's secret. Anyone with the public key can verify a signature, but only an individual with the private key can create the equivalent signature.
The trick is to determine if a given public key corresponds to an individual. There are various methods to try to address that.
I hope that helps!