diff --git a/kdc/misc.c b/kdc/misc.c
index 1cc45a0ea..4c393cb3d 100644
--- a/kdc/misc.c
+++ b/kdc/misc.c
@@ -65,3 +65,46 @@ db_fetch(krb5_context context, krb5_principal principal)
     }
     return ent;
 }
+
+static des_key_schedule master_key;
+static int master_key_set;
+
+void
+set_master_key(EncryptionKey *key)
+{
+    if(key->keytype != KEYTYPE_DES || key->keyvalue.length != 8)
+	abort();
+    des_set_random_generator_seed(key->keyvalue.data);
+    des_set_key(key->keyvalue.data, master_key);
+    master_key_set = 1;
+}
+
+Key *
+unseal_key(Key *key)
+{
+    int i;
+    des_cblock iv;
+    int num = 0;
+    Key *new_key;
+
+    ALLOC(new_key);
+    copy_Key(key, new_key);
+    if(master_key_set){
+	memset(&iv, 0, sizeof(iv));
+	des_cfb64_encrypt(key->key.keyvalue.data, 
+			  new_key->key.keyvalue.data, 
+			  key->key.keyvalue.length, 
+			  master_key, &iv, &num, 0);
+    }
+    return new_key;
+}
+
+void
+free_key(Key *key)
+{
+    memset(key->key.keyvalue.data, 
+	   0,
+	   key->key.keyvalue.length);
+    free_Key(key);
+    free(key);
+}