My comment was incomplete. Am wondering what is the best way to do secure messaging for a new system. I think PGP would be good. But will the encrypted private and public key both be stored in the database? Then using the user's password decrypt the private key. Does that sound good or is there a better way to do it?