Cryptographic keys may be used to protect data. Data may be encrypted with a key, which prevents anyone from reading the data unless they have access to the key. The key is managed in a way that prevents unauthorized entities from accessing the key. In addition to using keys to encrypt and decrypt data, keys may be used for other purposes, such as authentication, digital signatures, generation of pseudo-random numbers, or any other cryptographic computation that uses keys.
There are various mechanisms that bind a key to an entity. A specific user is an example of an entity to which a key may be bound. For example, the Data Protection Application Programming Interface (DPAPI) can associate a key with a particular user's logon credentials. With DPAPI, when a key is bound to a user, the key is accessible only when that user is logged into the machine on which access to the key is sought.
There are various scenarios in which it may make sense to bind a key to some target other than a specific user.