Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at
Thu Jan 4 22:21:31 CET 2018

On 01/04/2018 12:25 AM, Andrew Gallagher wrote:
>> On 4 Jan 2018, at 04:42, Lou Wynn <lewisurn at> wrote:
>> It has a client key and uses it to log into the server, which is
>> similar to SSH key authentication, to retrieve the private key after
>> authentication.
> This bit confuses me. If you already store a private key locally, why use it to download a second private key? If you’re using a key escrow system then surely you just need to upload the private key once and keep a local copy?
> A
There is no key escrow in my design because a user's private key should
not be accessible to anyone else including the administrator. For an
organization, granting the administrator too much, unnecessary privilege
is dangerous especially when he leaves.

Let me try to explain it in another way. Each end user has an email key.
When she uses multiple email clients, each client plugin has a key pair
serving as the identity of the client plugin. The client plugin
registers itself on the server with its public key when the client
plugin is installed or initialized. This key belongs to the plugin and
is used for the plugin to log into the server. The administrator and/or
the end user can monitor how many client plugins the user uses. The
administrator may disable the login of a particular client plugin if it
is compromised such as an employee loses his computer.

In addition, the administrator may optionally set up a policy that
requires the user to choose a login password except for the public-key
authentication of the client plugin.

After a client plugin logs in successfully, the server sends the user's
encrypted email key to the client.


More information about the Gnupg-users mailing list