I love that you are approaching this space. SSH keys are an under-valued identity credential. Most big companies i've worked at have a clumsy sync & storage system that I think you could sell to.
I'd encourage the next version using a more distributed approach (instead of a centralized credential DB & email token). A gpg signature or CA (using openssl) are alternative trust models that would provide trust without the DB
I'd encourage the next version using a more distributed approach (instead of a centralized credential DB & email token). A gpg signature or CA (using openssl) are alternative trust models that would provide trust without the DB