Abstract: A computer system and method manages encryption keys for data. The system and method generates a session key and encrypts given data with the session key. The system and method generates a key encryption key based on a secret initial vector, or password. The session key is encrypted using the key encryption key. The encrypted data and the encrypted session key are then interleaved according to a set of indices created by a one-way transform. The one-way transform takes as its input the initial vector, the length of the encrypted session key and the length of the encrypted data. The data is recovered by a party knowing the initial vector using the one-way transform to determine the location of the encrypted session key in the interleaved data. The session key is decrypted which allows the data to be decrypted.