There is a server on the network that contains all the public and private keys for all users and servers. This is called the public-key database and usually resides on the same machine as the network name-server. The private keys stored on this server are encrypted. The users' private keys are encrypted under the users' passwords. The server private keys are probably not encrypted under a password (although documentation on this was not found). Clients must trust that the private/public key pair given to them for a user is valid. Servers must trust that the user's public key that they obtain is also valid.