Well, I am using user's password as Private Key to encrypt the user's sensitive data. Hence, the key is only known by user. I want to know/learn what is the best practice for keeping the private keys.
1) The way I am doing it, is it fine ?
2) Shall i store private keys in a file that is 1 level up to the public_html folder ?
3) What are the other options for this ?
Please guide !