When the user initiates a transaction with a server:
The keyserver randomly generates a conversation key.
The kernel uses the conversation key to encrypt the client's time stamp (among other things).
The keyserver looks up the server's public key in the public-key database (see the publickey(4) man page).
The keyserver uses the client's secret key and the server's public key to create a common key.
The keyserver encrypts the conversation key with the common key.