Abstract: Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. An apparatus includes a lock module that receives a request to decrypt encrypted data that is stored in a data repository, the encrypted data encrypted using a first encryption key, and unlocks an encryption engine in response to the request. An encryption engine may be unlocked using a master key that is generated based on combination of a plurality of keys held by a plurality of key holders. An apparatus includes a decryption module that decrypts encrypted data using an encryption engine. Encrypted data may be decrypted using a first encryption key. An apparatus includes an encryption module that re-encrypts decrypted data using an encryption engine. Decrypted data may be re-encrypted with a second encryption key that is different than a first encryption key and stored in a data repository.

Abstract: Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. An apparatus includes a lock module that receives a request to decrypt encrypted data that is stored in a data repository, the encrypted data encrypted using a first encryption key, and unlocks an encryption engine in response to the request. An encryption engine may be unlocked using a master key that is generated based on combination of a plurality of keys held by a plurality of key holders. An apparatus includes a decryption module that decrypts encrypted data using an encryption engine. Encrypted data may be decrypted using a first encryption key. An apparatus includes an encryption module that re-encrypts decrypted data using an encryption engine. Decrypted data may be re-encrypted with a second encryption key that is different than a first encryption key and stored in a data repository.

Abstract: Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. A method includes receiving a plurality of keys for unlocking an encryption engine. Each key may be associated with a key holder. At least a subset of the plurality of keys are combined to generate a master key. An encryption engine is unlocked using the master key. Encrypted data is received at the encryption engine on a continuous basis. The encrypted data is encrypted using a first encryption key, and includes sensitive information for one or more users. The encrypted data is decrypted using the first encryption key. The decrypted data is re-encrypted using a second encryption key that is newer than the first encryption key.

Abstract: Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. A method includes receiving a plurality of keys for unlocking an encryption engine. Each key may be associated with a key holder. At least a subset of the plurality of keys are combined to generate a master key. An encryption engine is unlocked using the master key. Encrypted data is received at the encryption engine on a continuous basis. The encrypted data is encrypted using a first encryption key, and includes sensitive information for one or more users. The encrypted data is decrypted using the first encryption key. The decrypted data is re-encrypted using a second encryption key that is newer than the first encryption key.