Systems and methods for encrypting and decrypting a data encryption key are provided. A data encryption key used to encrypt data is encrypted using a first asymmetric key and a policy. The policy includes rules that correspond to attributes. A second asymmetric key is associated with the attributes. To decrypt the encrypted data encryption key, the attributes are used to identify the second asymmetric key. The attributes are also used to pass the rules in the policy included in the encrypted data encryption key. If the attributes pass the rules in the policy, the encrypted data encryption key is decrypted. The decrypted data encryption key can then decrypt the encrypted data.
展开▼