Patent attributes
Examples are generally directed towards providing key decryption for pre-encrypted keys. On identifying a portion of encrypted data to be decrypted, a computing device obtains a pre-encrypted key from a key manager. The pre-encrypted key is a random number generated by the key manager. The computing device decrypts the pre-encrypted key with a client-side wrapping key to obtain an actual key. The computing device decrypts the portion of the encrypted data with the actual key. The key manager is an un-trusted key manager without access to the wrapping key or the actual key. An unauthorized party obtaining access to the encrypted data and the pre-encrypted key stored by the key manager does not provide enough information to enable decrypting the encrypted data without also obtaining access to the client-side wrapping key stored remotely from the key manager.
