I have successfully set up our development server to send GPG encrypted emails from a PHP script. The user is asked for his/her public key which is then imported into GPG and a fingerprint is saved against this user for later encryption. All is well!
But now I need to deploy this onto the production servers - note multiple web servers - and this is putting me in a bit of a bother because I don't know how to share keys across them. To make this clearer, user A logs in on the website and server #1 is used to serve the pages. He/she enters his/her public key which will be stored in the central database. Some time later, user A logs back in on the website but now is on server #2. An action is taken and an email is sent from server #2 but no key can be found in the local GPG as it was saved on server #1.
So really my question is to ask which way is more suitable to achieve this, bearing in mind that I have 3 web servers at present + 1 central database server. I am running Ubuntu 14.04 on all of them.
1) Should I export all the keys to a public place when I receive them? Is that safe/allowed or frowned upon?
2) Is there a mechanism to get the keys replicated on the other servers?
3) Can I use a central key repository on one of my servers?
Sorry if this sounds like a daft question - thanks a lot!