I'm implementing a way for users to share messages with other users. All users and admin-users have a unique key pair. A message can be sent from one user to multiple users.
Admin-users, who always have access to all messages, in case a user loses his password, and then makes a new password (with a forgot-password email link), the admin-user can decrypt the message with the admin-user private key and encrypt it with the users new public key.
Is there a way to automate this process, securely of course?
I was thinking sending a mail to a local-server (not connected to the webserver), so the local server can login to the site as admin-user and give the user access, when they changed their passwords.