Under most circumstances, you're not going to want to give your master private key to anyone, let alone use it on a daily basis:
The master key cannot be revoked: once exposed, there is no way to take it back.
The master key has no passphrase, and is effectively unprotected.
Lose your master key today, and everything you've ever encrypted with the corresponding public key - plus anything you make going forward with that key - can be decrypted by anyone with that key.
The solution to this is user decryption keys. They have none of the drawbacks above and can always be revoked. Use decryption keys are:
Tied to individual VSys Security users.
Protected with passphrases. A user key is useless without its corresponding passphrase.
Revocable: The key is protected with both the user's passphrase and a value stored in the database, but not the key file given to the user. If the user is disabled in VSys they can't log in. And if their key is revoked, the second half of the passphrase is deleted from the database. This lets you, for example, invalidate the user key for someone who lost theirs, then make them another one.
Create user decryption keys from the Advanced user decryption keys tool.
Right-click on the list and select Add user decryption key.
Name the key something descriptive; what it's called isn't particularly important in most cases.
Select the Encryption key that this user key will be associated with. Note that if you haven't already, you'll be required to provide a master or user private key at this step.
Choose the VSys Security user that this key is for.
Have the user type in their Passphrase and Verify passphrase.
Save the key to a file, usually a USB key provided to the user.
Save the new decryption key.
User decryption keys are only available if VSys Security is enabled.
Managing existing keys
Click on an existing user key to modify it. Note that you can only change the Description and Inactive properties- not the Encryption key or User at this point. Disable a key by marking it Inactive and saving it.
