Logged In: YES 
user_id=805804

Of course, common public key algorithms should be used for this.

How about this:
Whoever uploads his/her public key will receive encrypted
mails from roundup and may decide that the tracker should
accept validly signed mails (for this account) only.

The tracker instance would need a public key, too, to be
able to receive encrypted messages.

A later version might be able to get a missing key from a
public keyserver when receiving a signed mail.

There appears to be a Python crypto project
(http://www.amk.ca/python/code/crypto) which might be useful ;-)