I am developing the mvc4.net web application where i am using GPG encryption to file encryption.
Users will share public key along with emails using which public key is created with application.
user public key will be imported to application public key ring.
Now before importing the public key how to ensure that uploaded public key is created using given email id.How to validate the public key and email pair?
Thanks, Amol
This step (validating the association between the key material and the user's identity) is normally done by keysigning, a completely manual (and offline) process.
If you simply want to make sure that a user has access to a given mail address, you could use the standard "confirmation link" technique, but with the twist of encrypting it with the user's alleged public key. If (and only if) the user can read the mailbox and owns the corresponding secret key, he will be able to decipher the confirmation link.
