It furthermore offers key management. It keeps the keys stored in a database, called keyring. There is a private keyring, containing secret keys (often only one), which is protected by a passphrase, and a public keyring (typically quite large), containing a collection of public keys.
In order to be sure, public keys really belong to the owner, the user would have to meet the person, check his ID and accept his public key on a floppy disk. As this is quite unrealistic, GnuPG (like PGP) provides a little help. First, there are fingerprints. A hash algorithm is run over the public key and a hash value, called ``fingerprint'' is displayed. This fingerprint consists of a couple of hex numbers and can easily be compared at a telephone line. If the fingerprint is correct, one can be quite sure that the key is authentic.