Sometimes it's desirable to have a single PGP key that can be shared with an external party to secure email for the whole organization or company. This setup applies to configurations where PGP Desktop is used at the end of the secure email-conversation.

1. Under Consumers/Groups click the desired group, click "View" at "Keys"

2. Click "Add Group Keys"

3. Generate or import the desired Group Key here. Important note: "The Group key must not have email-addresses!!!"

4. Under Consumers/Groups click the desired group, click "View" at "Permissions"

5. The 2 at least required permissions are: "Can encrypt with managed key Company.key" and "Can decrypt with managed key Company.key"

6. Share the company key with the external sender. The external sender is required to configure a mail rule that either matches the email addresses of members of the Consumer Group or the recipient email domain and to encrypt with the company key for them.

 Limitations:

- This setup does not suffice for S/MIME communications, since an S/MIME certificate has to have an email address attribute

- This PGP key can externally only be used if a policy set controls the use of this key, since this key can't be matched by a contained email address

- This is an unsupported feature which also might go away in future releases