A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface. During licensing, the license issuing entity can use the interface to decrypt keys for assets and to sign licenses and rights labels such that the asset is protected and consumable by a host digital rights management platform. The interface thus provides an abstraction for key operations.