Key decryption (e.g., an AES key) and key derivation are intrinsically sensitive processes. An attacker may seek to retrieve the value of an encrypted key (Kencrypted) using a hostile application, a software security hole or by directly reading its value from an external memory. Once Kencrypted is known, the value of the encryption key (K) can be obtained from Kencrypted by performing the reverse operation used to generate Kencrypted. In key derivation, a key for a given need or application (KAPP) is derived. An attacker may seek to retrieve the value of KAPP using a hostile application, a software security hole or by directly reading its value by snooping data transferred on a bus. Preventing exposure of K, KAPP or other sensitive data is desirable.