Current way to setup a user:
* As an admin if I create a new user I have to enter a password.
* And with server-side encryption on this password is then instantly used to create the user's key pair.
* This way the admin gets to know and tell the user his password.
* The user then has to login, change the password, create new keys, log out and log in.
This process has many disadvantages.
How about a different way? Like …
* Admin can create user without entering a password.
* Admin can send user and e-mail invitation with a cryptic link to a setup page where the user himself can then enter a password of his choice.
* The key pair is then created directly with that password and the user is logged in.