Certain data storage devices utilize a full disc encryption technique in which an encryption key is used to encrypt data on a storage medium. In data storage devices that incorporate firmware and hardware for key-based encryption, it is desirable to provide a mechanism for user data recovery while also protecting the data from being read by others. A secret, such as a passcode, password, or an enabling key, can be used in a variety of ways to recover the encryption key. However, if the passcode is lost, there must be some way for a user to recover it. Also, if the data must be read in its encrypted form, the user would require a copy of the encryption key to recover the data.
Systems are known in which a password is encrypted and a decryption service is used to decrypt the password. However, these systems generally require that the password and/or encryption key be transmitted over a network to the user.