Hello !

Well, I am using user's password as Private Key to encrypt the user's sensitive data. Hence, the key is only known by user. I want to know/learn what is the best practice for keeping the private keys.

1) The way I am doing it, is it fine ?

2) Shall i store private keys in a file that is 1 level up to the public_html folder ?

3) What are the other options for this ?

Please guide !