Yeah, that's essentially what I meant. The validation could happen much like with PGP keys and passwords.