[palmer]

Even if I used a company computer (not required) and the company backup (required in most cases), my private key remains encrypted in my browser store. My company cannot decrypt it from a backup of my drive / browser store.

As far as logging in, it doesn't matter if they require a domain login or not (I decided not to use domain login since I didn't need it). That's because the stores with the private keys are protected with a user's master key that the domain admins cannot access.

On government networks that I am familiar with, they use almost all Windows and domain logins with double encryption of the master key. Here's a doc explaining the implications: https://eca.orc.com/wp-content/uploads/ECA_Docs/IE_Instructions/Password_Tips.pdf Read "Seventh".

[ConservativeMind]

You are fooling yourself if you believe the administrators of your key management, of your network, and of your computer, cannot reset or utilize your existing information. Additionally, your email is not guaranteed to be encrypted and inaccessible within your computer or network.