public PGP key management in a local network


for me it seems that is only possible to store public PGP keys at a local PC. Is there a way to put public keys in a network SHARE or in outlook contacts like SMIME certificates?


Addition: I mean the easiest distribution of the imported public key in a company so that it is not neccessary to import the mailed public keys on each PC…

Hi Zigg,

that is a good question.

There are a number of approaches and we still gather more input before we can really give you general recommendations. It depends on the size of your company.

A way that I believe will be increasingly used is to use the WKD publish part via your webserver, so clients will get the pubkeys automatically. (Right now you may need to tune some gpg parameters to activate the automatic retrieval part.)

Another way is to collect pubkeys, sign them and use the public keyservers.
Or provide a file, but this probably has to be imported by people on a regular basis.

Best Regards,

I found my own solution with redirecting “homedir”.

Only problem is that pubring.kbx crashes when a certificate is imported when muliple users have access to kleopatra at the same time.

But I am sure you know this problem. Will there be a solution?

Sharing a homedir with multiple users it not supported.
A better way would probably be to sync the pubring with a login script. Either Importing an export of a curated keyring or just to copy a curated keyring into the users home directory. The second solution would overwrite imports made by the user, so an export / import would be better.

And yes we are aware that this is a hassle, one of the next big changes to GnuPG will be a Keyring deamon that can control access to multiple keyrings. E.g. then you could have a system wide Keyring that is read only and a Users keyring.

Many thanks! :wink: