Patrick Simcoe <patricksimcoe49@gmail.com> writes:
> Does anyone have a technique or recommendation for two-way encryption
> which somehow obfuscates the decrypt key so that it isn't easily
> retrievable from the database or the application source code? We've
> already considered (a) letting users hold the decrypt key and (b)
> obfuscating the decrypt key with the user's own (one-way encrypted)
> password, but neither of these approaches are viable for us.
How does your users interact with your database/application. Perhaps
some sort of public key encryption is usable in your case?
In that case the user can provide you with a non-secret public key that
you use to encrypt their data and then they'll be able to decrypt the
data using their private key.
Downsides to this approach:
1. You'll already have seen the unencrypted data prior to encrypting
it.
2. Public key cryptography is generally slower than using encryption
with symmetric keys, so if we are talking about large amounts of
data that might be a problem.
Perhaps you can tell us why the approaches you have come up with are not
viable to you?
Best regards
Jacob