I’m currently finishing up a php program that backs up multiple Google Calendars which requires me to store email addresses and their passwords. I’m using AES encryption (I’m not using a hash because I need two way encryption) and although all passwords are encrypted with the same key, each password has its own iv which is stored in the database with it.
I know there is no 100% guaranteed way to keep the data safe if someone can gain full access over my system but I was hoping for some suggestions of storage methods/storage places that makes life difficult for potential hackers. Currently, I’ve considered putting the key in a file only the sole administrator has access to or setting an environmental variable.
if the system would be compromised (or having physical access to your hd), than an attacker can gain the access to your secret key.
I think the better solution is to hold somewhere in the fs an encrypted version of your key, protected with a passphrase to be entered manually everytime your secret keys are needed. Something like gpg key-ring.