Have a server with a master key that decrypts incoming mail, re-encrypts with board members' individual subkeys? If it *has* to be the same email account, does it support IMAP? If so, IMAP behaves like a folder; you can take stuff out, and put it back in again. A Python script could be written to scan over new mail, remove "master key" mail and deposit "subkey-re-encrypted" mail. When members access the mail, it will usually have been accessed, re-encrypted and replaced with one they can decrypt. If not, they'll have to wait a few minutes and try again. On Thu, 10 Oct 2013 17:38:00 +0200 Tomas Overdrive Petru <tpetru@gmail.com> wrote:

Hi all,

may I have a question?

I need to manage key for encrypt/sign of [not-only] e-mail communication for group of peoplewhich is partially dynamic. Basically it is some elected administrative board.

My ideawas to create some master key than subkeys and in case subkeys are revoced [member of admin-board was not elected,whole admin-board is re-elected etc.].

Problem is, that all of the members are using same email e.g. member@board.eg

As soon as member should not be able to read this email, his key should be disallowed to decrypt messages on this email.

Can I ask for some HowTo or just correct my point of view, because it seems definitely wrong.

Thx, ~ Over