The present invention relates to a static data encryption protection method and system. The method includes: registering the information of the server host where the client is located to the server; assigning a master key to the directory or file of the server host at the server, generating an encryption control strategy and downloading Send to the corresponding client; the client obtains the corresponding master key from the server according to the encryption control strategy; when writing data to the encrypted directory or file, a data key is randomly generated, and the directory or file is encrypted using the data key. Encrypt to obtain an encrypted file; use the master key to encrypt the data key to obtain the key ciphertext, and write the key ciphertext to the header of the encrypted file to complete the data writing. In the present invention, the client performs encryption and decryption operations of files, and the server implements server host management, key management, and control strategy management, etc., realizes transparent access to encrypted files, unified management of keys and strategies, and separates file management and use rights, improving file protection security.