I'm in a bit of a pickle, i have a server application that need to login in mail servers of users.
The users give me mailserver username/password and the server application will login the mailserver and do stuff at a certain interval.
This means that i do need the plain password, so i can't use security measurements to safely store the password.
From research it seems i need to use 2 way encryption (server can encrypt but also decrypt). Encryption is done by using an encryption key.
What is the best way to handle/store this encryption key?
One thing that came to mind is storing the encryption key on another server, so if my application server and database get hacked they still don't have the encryption key. Although if the application server has access to other server the hacker can simulate (decompile, compile) my application on my application server and get encryption key this way.
It's a hard problem!
That is the start of a good solution.
Do the encryption and decryption on the second server (encryption server). Pass the password to the encryption server for encryption and it returns the encrypted password to store in the DB. When the password is needed pass the encrypted password to the encryption server for decryption.
Have the encryption server monitor request activity, if an unusual number of requests are received sound an alarm and in extreme cases stop processing requests.
Make the second server very secure. No Internet access, minimal access accounts, 2-factor authentication.
The encryption server becomes a poor-man's HSM (Hardware Encryption Module).