Patent attributes
One embodiment of the present invention provides a system that facilitates making the files permanently unreadable. During operation, the system encrypts a file with a key K at a file manager and then stores the encrypted file in non-volatile storage. Next, the system stores the key K in a key database located in volatile storage at the file manager. The system then encrypts the key database, and stores the encrypted key database in non-volatile storage. Additionally, a key that can be used to decrypt the encrypted key database is maintained by a key manager, and is not maintained in non-volatile form by the file manager. In this way, if the file manager crashes, losing the contents of its volatile storage, the file manager must interact with the key manager to decrypt the encrypted key database.