GnuPG signing key

Importing the key  
gpg --import friend.gpg
Check the fingerprint with your friend (PHYSICALLY !! with identity card)
gpg --fingerprint yourfriend
If it's ok, sign the key (!set a level)
gpg --sign-key yourfriend
Send the signed key to him and to the keyserver
gpg --armor --export yourfriend

Too complex ? : http://aplit.org/damien/gpgsig/