The most important principle to keep in mind when using crypto is that you should never attempt to design your own cryptosystem. The world’s most brilliant cryptographers (including Phil Zimmerman and Ron Rivest) routinely create cryptosystems with serious security flaws in them. In order for a cryptosystem to be deemed “secure,” it must face intense scrutiny from the security community. Never rely on security through obscurity, or the fact that attackers may not have knowledge of your system. Remember that malicious insiders and determined attackers will attempt to attack your system.
The only things that should be “secret” when it comes to a secure cryptosystem are the keys themselves. Be sure to take appropriate steps to protect any keys that your systems use. Never store encryption keys in clear text along with the data that they protect. This is akin to locking your front door and placing the key under the doormat. It is the first place an attacker will look. Here are three common methods for protecting keys (from least secure to most secure):
Make sure that you only use algorithms, key strengths, and modes of operation that conform to industry best practices. Advanced encryption standard (AES) (with 128, 192, or 256-bit keys) is the standard for symmetric encryption. RSA and elliptical curve cryptography (ECC) with at least 2048-bit keys are the standard for asymmetric encryption. Be sure to avoid insecure modes of operation such as AES in Electronic Codebook (ECB) mode or RSA with no padding.