If an end user loses a private encryption key or if a key's owner is unavailable, data encrypted with that key cannot be read unless a copy of the private key was archived when the key was created. The archived key can then be recovered and used to read the data.

A DRM agent manages key recovery through the DRM agent services page. Archived keys can be searched to view the details or to initiate a key recovery. Once a key recovery is initiated, a minimum number of designated DRM agents are required to authorize the recovery.