Method and apparatus for obtaining a cryptographic key by dispatching a key request to a communications channel, receiving a response from one or more key sources, selecting a key source according to the received responses, preparing a requester credential, communicating the requester credential to the selected key source, receiving a source credential from the selected key source, receiving an encrypted key from the key source and decrypting the encrypted key source according to the received source credential, the requester credential and a pre-placed certificate.