Secure key exchange and protected content distribution between a first entity and a second entity in a processing system may be accomplished by generating, by the first entity, a first key, encrypting the first key with a public key of a third entity, and storing the encrypted first key in the third entity. The second entity generates a second key, encrypts the second key with the public key of the third entity, and stores the encrypted second key in the third entity. The third entity decrypts the encrypted first key and the encrypted second key, using the third entity's private key to obtain the first key and the second key, encrypts the first key using the second key, and stores the first key encrypted by the second key in the third entity. The second entity then obtains the first key encrypted by the second key, and decrypts, using the second key, the first key encrypted by the second key. The first key may then be used to encrypt content sent to from the second entity to the first entity.