Abstract: A method and system are provided for encrypting objects that imposes limited or no key management responsibilities on end users or administrators, that works easily across organizational boundaries, and does not require the explicit installation of client software.