In this paper, the Bell Labs key recovery scheme is extensively modified to enable a user to request on-line key recovery service when the file decryption key is forgotten or lost. New practical and important requirements of key recovery are also considered in the proposed schemes, for example, the key recovery server and any intruder over the communication channel should not learn the key to be reconstructed. Furthermore, the necessary authenticity and secrecy between a user and the key recovery server should be provided.