In today's business environment, data is often created and exchanged in electronic form. Keeping electronic data confidential and secure is a challenging endeavor. To these ends, electronic data is often encrypted at a source location before being transmitted to a destination location. Encryption is the process of converting data into a disguised code. Access to a secret key or password is required in order to decrypt the data at the destination location. Encrypted data is sometimes referred to as cipher text and unencrypted data is sometimes referred to as plain text.
Sometimes the secret key or the password gets lost. Recovering from a lost key value or a lost password does not have a general solution. In many cases, the encrypted data cannot be recovered after a key is lost. If specific hardware is related to the encrypted data, then it is possible to have a key recovered from a key store using a hash value of the hardware's serial number. For example, encrypted disk files may be recovered by using the serial number of the disk. Of course, the encryption system must be designed with key recovery in mind in order to have the alternative access method to the key store. In purely software solutions, systems that recover lost key stores or lost passwords are unknown.
Keys (key values or key material) are often hidden or wrapped for security reasons. The most general way to wrap (hide) key material is to encrypt the key material using a master key that is stored elsewhere. When wrapping involves a specific piece of hardware, sometimes a serial number (or other unique hardware identifier) is used as the basis (such as its hashed value) to wrap the key. However, when the system is completely software oriented, without a direct tie to an available unique identifier, an outside master key is frequently used. That master key value may itself be wrapped, which requires a second master key. At some point, there is at least one master key that must be obfuscated. In general, the master key obfuscation is not as secure as encrypted key wrapping.