A method (and system) for storing information in a recoverable manner on an untrusted
system, includes sending, by a client, a request to a recovery server for recovery
of a failed database, determining whether the request is legitimate, based on the
determining, sending a local key to the client, decrypting by the client the failed
database with the local key, to recover the failed database, and re-encrypting
the recovered database with a new key.
