Scan attacks exploit facilities offered by scan chains to retrieve embedded secret data, in particular, secret keys used by the device for data encryption/decryption in mission mode. This paper presents a scan attack countermeasure based on the encryption of the data written to or read from the scan chains. The secret-key management system already embedded in the device is used to provide appropriate keys for encryption of data flowing on the scan chains. The goal of the proposed solution is to counteract the scan-related security threats while preserving test and diagnosis efficiency provided by conventional design-for-testability techniques, as well as to allow debugging capabilities in mission mode. The proposed solution can deal with both stuck-at and transition-faults test schemes as well as single and multiple scan chain configurations using test data compression schemes. We will show that the proposed scheme provides expected test/diagnostic and debug facilities as classical scan design with marginal impacts on area, test time and design flows, while successfully preventing control and observation of data flowing in the scan chains by unauthorized users.