I have been updating a website and adding encryption to encrypt customer data (name, address & email) when it is stored in the MySQL database. The details are as follows:
To get things up and running (development only at the moment), I have stored the encryption key in the same row as the customer data.
Each customer has their own encryption key
When data is accessed (on their profile page for example), it is unencrypted using their key
My question is where really is the best place to store the key? Keeping it where it is isn't really an option I wouldn't have thought, as if the database was compromised, then the attacker would have both the encrypted data and the key.
One thought I has was storing and retrieving the keys on a remote server via web-services and via the firewalls, ensuring that only the main web-server can access the remote server.