I would like my application (PHP, but that should not matter) to keep some data inside a shared repository (the APC user cache, however irrelevant). To avoid customers from reading through eachother's data Let me secure it per user.
I possibly could possess the user specify the type in his configuration apply for the applying, but I'd rather generate it instantly therefore the user does not need to bother.
With this I'd need a bit of data around the system that (almost) never changes and it is only readable through the current user. I'm able to then hash that, or something like that, to create the important thing. Does something of that nature appear in a default user account on the A linux systemunix?
You will find hidden folders in your home directory, simply named .appname. They may be read through the user.
How just producing a random key, and store it in ~/.yourappname?
Storing a type in
~/.yourApp works, so long as you place the permissions from the key file to 0600 and also the permissions from the
~/.yourApp directory to 0700.
Obviously you're depending on people being unable / prepared to use root use of access other users' key files. If that's an issue you will want to use some type of keystore where access is controlled with a master passphrase.
EDIT : in response to the OP's followup questions below:
Even so the actual passphrase should be saved around the system, or customers will need to come in by hand for each request (I suppose even storing it in memory is unsafe if you do not trust root).
It's all relative. If you're really paranoid, you do not keep key on any machine you don't totally control. However, many people are ready to trust that root is not jeopardized and (like a fallback) required some effort for somebody with root use of break a keystore. An unlocked copy of the keystore in memory may count as "safe enough". Certainly, lots of user keystore software appears to operate on that assumption.
Why must your directory be set to 0700? Even when it had been 0777, personal files within it with 0600 would be unreadable to others, right?
Partially general paranoia, partially belt-and-braces, partially an indication with other customers to "keep the nose from my private stuff", and partially to safeguard against someone by changing your key file. The final point might be critical ... or otherwise ... based on how the secret is utilized by the application.