What is the best way to protect an encryption key?

Question

I am using few secret keys to encrypt sensible date. What is the best way/place to protect the keys ? In a file located on my server ? Within the SGBG databse itself ? Or ... ?

Answer 1

You must store keys in such a way to minimize risks of the key being exposed to unauthorized third parties, while still allowing efficient operation by systems which must use the key. If such a system (your "server") comes under hostile control, then you have lost anyway. So the question about where the key should be stored really makes sense only with regards to partial breaches, in which an attacker gains some access to a part of the server, not to the whole thing.

That's about the most that can be said generally. Context matters.

If your context is about some sort of Web server, powered by some programmatic framework (say, PHP) with a SQL database for data storage, then we may argue that a very common kind of partial breach is SQL injection, which primarily allows the attacker to get read-only (or read-write) access to (parts of) the database, without directly impacting the security of the server itself. In that sense, the database may be said to be "more exposed" than the rest of the server; correspondingly, the keys should not be stored in the database itself. However, remember that this is only a very generic assertion which does necessarily apply to your specific case. Context matters.

Still generically, we may state that if your operating system offers some facilities dedicated to the storage of secret values, then using them is probably a good idea. In a Windows system, this points to DPAPI. Whether it will actually help is unclear (it, again, depends on the context -- the context matters) but it should not make harm.