Then encrypt the public key, or use an alias public key for users, or something else?