THe adminfunctionality for the PkiArmoury includes the ability to push the public halves of the principals to the PkiPublicKeystore. Further it has some more generic funtionality: CRUD Users CR Principals ( Nota Bene: principals can only be created. To delete a principal or change its key is to potentially loose all access to any data the old keys were used to encrypt. Potentially, principals could be marked as deprecated, but they should always be kept JustInCase ) CRUD Business Units Associate users with business units Associate users with principals