The protection of sensitive data has become an important issue to users of computers. Sensitive data, such as corporate records, credit card numbers, personal data, or other sensitive information may be misappropriated if a computer is stolen, or if an unauthorized individual gains access to a computer network and copies information from some or all of its files or by monitoring and recording the network packets that are transmitted unprotected. Those authorized to access the sensitive information may not even know that the information has been copied.
To protect information, one type of security procedure involves encrypting the data, so that even if the data falls into the wrong hands, it cannot be read by a party unless the party obtains a “key” to decrypt the data.
In a distributed computing environment, data may be transmitted between computers, such as, e.g., a client computer and one or more server computers, or between peer computers in a peer-peer environment. To reduce the likelihood that an unauthorized party might obtain access to data passing between computers, it is desirable that encryption operations be controlled from the client so that users are in control of the encryption status of their files regardless of where the files are located. In a client-server environment, it is desirable that most encryption operations take place primarily on the client so that the server components or the server administrator(s) need not be a trusted component or a component that could intercept or subvert the system.