In an encryption storage apparatus (data storage apparatus) (1), when entered an allocation request signal (a1), a key management section (7) outputs a generation request signal (b) to a random number generation section (3). The random number generation section (3) generates a pseudorandom number as an encryption key (c) at the entering timing of the generation request signal (b), and the key management section (7) causes a volatile key storage section (4) to store the encryption key (c) and returns a corresponding key number (a2) to a user side. When the user enters an encryption instructing signal (a3) and the key number (a2) to the key management section (7), the key management section (7) reads out the corresponding encryption key (c), and an encryption section (5) converts entered data (d1) into encrypted data (d2) and stores the encrypted data (d2) in a nonvolatile storage section (2). When the user enters decryption instructing signal (a4) and the key number (a2) to the key management section (7), the key management section (7) reads out the corresponding encryption key (c) and a decryption section (6) converts the encrypted data (d2) to decrypted data (d3). This can prevent non-interested persons from recognizing stored data in a nonvolatile storage apparatus in chain manner.