At a publisher location, multiple encrypted documents are assembled into a distribution archive that is also encrypted. The distribution archive is then downloaded into a content server at an unsecure site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents, which are then stored, in encrypted form, in a local document database. When a user logs into the local content server, a secure content viewer is downloaded to the user's browser. The content viewer requests a selected document from the local server, which then forwards the encrypted document to the viewer. The viewer then computes a document identifier from the encrypted document content and requests a key from the server with the identifier. The server then returns the requested key and the viewer decrypts that document and presents it in a display area controlled by the viewer.