All,
We are currently impelementing PGP KMS to use as a centralized location to manage our own private keys, as well as the public keys of our partners.
In our current keyring on our CommandLine server we have public keys which partners have provided us over the years, and work with our current processes because the local keyring does not perform the same checks as KMS does when managing keys.
Here are my two issues:
1.) We have public keys in our CL keyring without associated e-mail addresses; I cannot seem to import these in any way to the KMS
2.) We have partners with more than one public key tied to an identical e-mail address (for example, QA and Prod keys). I see no way to manage both of these keys by consumer or key alias or attribute, because they will always replace one another if the e-mail is the same.
I realize in an ideal world this would not be an issue, and goes against some principles of key management / distribution, but is there any known way to solve these problems without requiring our partners to generate new keys with unique e-mails?
Thanks,
-Tyler