Q: I'm installing PGP Desktop 9.9 in a fairly large office this week. The boss is hardly ever in the office and the secretary needs to read his email and send email on his behalf. How do you configure PGP Desktop in this situation?
The only option I see is importing the boss's private key into the secretary's PGP desktop but this doesn't feel right. Private keys should be private right? Are there other solutions or is this one the only way to go?
A: This is one way of doing it, but is not recommended because letting someone else have your private key lets them impersonate you (lets them make your digital signatures). But, if you want the secretary to be able to sign the email as if she were the boss, there isn't much other choice. If your concern is more that she be able to decrypt and read his email, you might want to consider making her key an ADK (Additional Decryption Key) for his key - you can read more about ADKs by searching for ADK in the User's Guide (page 76 in the current PGP Desktop User's Guide).