Separate cryptographic keys for protecting different operations on data

What is claimed is: 1. A method, comprising: using a first key to protect a write operation on data by encrypting, by computer, the data with a data key; using a second key to protect a read operation on the data by decrypting the data with the data key and verifying a signature associated with the data with the second key; and using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key; wherein using the first key to protect the write operation further involves appending an amount of padding in the encrypted data to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; wherein the read operation is protected after performing the read operation with the remote storage mechanism; wherein an amount of padding is determined by performing a modulo operation on a length of the data with a block size and subtracting a result of the modulo operation from the block size; wherein the determined amount of padding is appended to the encrypted data. 2. The method of claim 1 , comprising generating the signature associated with the data with the first key. 3. The method of claim 1 , comprising generating the signature associated with the metadata with the third key. 4. The method of claim 1 , wherein the block size is used to encrypt the data. 5. The method of claim 1 , wherein the first and second keys are associated with at least one of a file, a set of files, and a user. 6. The method of claim 1 , wherein the data key is associated with at least one of a block and a file. 7. The method of claim 1 , comprising using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key. 8. The method of claim 7 , comprising verifying a signature associated with the metadata with the fourth key. 9. A system, comprising: a computer write-management apparatus configured to: use a first key to protect a write operation on data by an encryption of the data with a data key; and use a third key to protect a write operation on metadata for the data by an encryption of the metadata with a metadata key; and a computer read-management apparatus configured to: use a second key to protect a read operation on the data by a decryption of the data with the data key and a verification of a signature associated with the data with the second key; wherein using the first key to protect the write operation further involves an amount of padding in the encrypted data appended to the encrypted data; wherein the write operation is protected prior to the write operation being performed with a remote storage mechanism; wherein the read operation is protected after the read operation is performed with the remote storage mechanism; wherein an amount of padding is determined by a modulo operation being performed on a length of the data with a block size and a result of the modulo operation being subtracted from the block size; wherein the determined amount of padding is appended to the encrypted data. 10. The system of claim 9 , wherein the computer write-management apparatus is configured to generate the signature associated with the data with the first key. 11. The system of claim 9 , wherein the computer write-management apparatus is configured to generate the signature associated with the metadata with the third key. 12. The system of claim 9 , wherein the block size is used to encrypt the data. 13. The system of claim 9 , wherein the computer read-management apparatus is configured to use a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying a signature associated with the metadata with the fourth key. 14. The system of claim 9 , further comprising: a computer management apparatus configured to: provide the first key to the computer write-management apparatus; and provide the second key to the computer read-management apparatus. 15. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform: using a first key to protect a write operation on data by encrypting the data with a data key; and using a second key to protect a read operation on the data by decrypting the data with the data key and verifying a signature associated with the data with the second key; using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key; wherein using the first key to protect the write operation further involves appending an amount of padding in the encrypted data to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; wherein the read operation is protected after performing the read operation with the remote storage mechanism; wherein an amount of padding is determined by performing a modulo operation on a length of the data with a block size and subtracting a result of the modulo operation from the block size; wherein the determined amount of padding is appended to the encrypted data. 16. The non-transitory computer-readable storage medium of claim 15 , storing instructions that when executed by the computer cause the computer to perform generating the signature associated with the data with the first key. 17. The non-transitory computer-readable storage medium of claim 15 , storing instructions that when executed by the computer cause the computer to perform generating the signature associated with the metadata with the third key. 18. The non-transitory computer-readable storage medium of claim 15 , wherein the block size is used to encrypt the data. 19. The non-transitory computer-readable storage medium of claim 15 , wherein the first and second keys are associated with at least one of a file, a set of files, and a user, and wherein the data key is associated with at least one of a block and the file. 20. The non-transitory computer-readable storage medium of claim 15 , wherein using the first key to protect the write operation further involves appending an amount of padding in the encrypted data to the encrypted data.