I have a question regarding two-way encryption
data for specific columns.
Does anyone have a technique or recommendation for two-way encryption which somehow obfuscates the decrypt key so that it isn't easily retrievable from the database or the application source code? We've already considered (a) letting users hold the decrypt key and (b) obfuscating the decrypt key with the user's own (one-way encrypted) password, but neither of these approaches are viable for us.
Does anyone have a technique or recommendation for two-way encryption which somehow obfuscates the decrypt key so that it isn't easily retrievable from the database or the application source code? We've already considered (a) letting users hold the decrypt key and (b) obfuscating the decrypt key with the user's own (one-way encrypted) password, but neither of these approaches are viable for us.
