You would have send a message from your profile that his profile is authorized. In pgp this is called signing other people’s keys

There is no way to know who a private key and who doesn’t, this is the nature of it. That’s why each person has their own.