Hi. First, I must warn you that generating keys on behalf of users is in general a very bad thing to do. Instead, you might want to provide a simple way for users to generate keys and get them certified. The biggest problem is that there is not an easy way to get a good set of random numbers on a server platform. On the other hand, users can get a great deal of randomness on their own client machines. If they can run netscape, then they can run PGP. Second, you might want to look at a paper that Jeff Schiller and I wrote for the 1995 Usenix conference on scaling the web of trust. The paper is available off my home page or via ftp: toxicwaste.mit.edu:/pub/pgpsign/scaleweb.{txt,PS} The sources to the keysigner are also in the same directory. Hope this helps. -derek Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available