Hi there,
I would like Stalwart’s encryption-at-rest feature to support encrypting messages to multiple OpenPGP/GPG recipient keys.
Right now, it seems possible to register multiple public keys for an account, but only one can be selected for encryption-at-rest. My use case is that I have multiple hardware-backed GPG keys, for example one Nitrokey attached to my server and another one I use on my workstation/laptop. I would like newly stored emails to be decryptable with either hardware key, without having to export or duplicate any private key material.
OpenPGP already supports this model by encrypting the same session key to multiple recipients, and this works very well in tools like pass, where a password store can be readable by several keys.
Having similar multi-recipient support in Stalwart would make encryption-at-rest much more practical for users with multiple hardware tokens or separate recovery/admin keys.
Thanks!