I am creating an application that will store passwords, which the user can retrieve and see. The passwords are for a hardware device, so checking against hashes are out of the question.
What I need to know is:
-
How do I encrypt and decrypt a password in PHP?
-
What is the safest algorithm to encrypt the passwords with?
-
Where do I store the private key?
-
Instead of storing the private key, is it a good idea to require users to enter the private key any time they need a password decrypted? (Users of this application can be trusted)
-
In what ways can the password be stolen and decrypted? What do I need to be aware of?
