Protecting usage of key store content at a given user device of an end user includes receiving the key store content at the given user device. The key store content includes key materials encrypted using encryption credentials compatible with the given user device. The key store content is in a format compatible with the given user device. The encrypted key materials of the key store content are imported to a protected key store of the given user device, wherein all the key materials of the key store content are imported at one go. The key materials are stored at the protected key store in the encrypted form, and are non-exportable from the key store. Internally within the protected key store, one or more key store integrated services of the given user device are allowed to access the non-exportable key materials for use, via key references only.