How to implement public key encryption for a webapp?
I've posted this over at Stack Overflow but I think it's best suited here:
I'm making a web app where users will upload sensitive data (private finances records), so I want to encrypt one column in one table that holds the value.
If I understood correctly, I need to use a public key approach (instead of symmetric) because I want only for the users that created the data to be able to access it.
So, I need to generate a public a private key, using a password, and then encrypt the file using the public key.
Then I can decrypt it using the private key and the password. So I have a couple of questions:
Where should the the public/private key and the password stored? I know I can store the public in the server since it doesn't need to be really secure: it's just used to encrypt, but where do I store the private key and password? Some resources I've read said store in the device but it doesn't make sense in the case right?
I need to create a pair of public/private key and password for every user right?
At which point do this keys/password need to be created? During user creation?
