Abstract: According to an aspect, a first digital system splits a cryptography key into a first key part (S1) and a second key part (S2), stores S1 in a policy-controlled storage which permits storage according to access policies and stores S2 in a local storage of the first digital system. Upon identifying a requirement in a second digital system for the cryptography key, the first digital system configures for the policy-controlled storage a first policy permitting access of S1 to the second digital system and then sends S2 directly to the second digital system. The second digital system reconstructs the cryptography key by retrieving S1 from the policy-controlled storage based on the first policy and forming the cryptography key from the retrieved S1 and S2 received from the first digital system. Thus, a cryptography key is securely stored and used, without having any single point of attack.

Abstract: According to an aspect, a first digital system splits a cryptography key into a first key part (S1) and a second key part (S2), stores S1 in a policy-controlled storage which permits storage according to access policies and stores S2 in a local storage of the first digital system. Upon identifying a requirement in a second digital system for the cryptography key, the first digital system configures for the policy-controlled storage a first policy permitting access of S1 to the second digital system and then sends S2 directly to the second digital system. The second digital system reconstructs the cryptography key by retrieving S1 from the policy-controlled storage based on the first policy and forming the cryptography key from the retrieved S1 and S2 received from the first digital system. Thus, a cryptography key is securely stored and used, without having any single point of attack.