Hello i am developing an app that collects some private data from my clients. My clients wont like it if i am able to read the data. So the data is encrypted in cleint side with a key say "xyz",which is auto generated when client install the app/make a account and only with this key can someone read this data.
Now when the client login from a new device i want the client to generate the key, and use it to retrieve the data . How do i do that?
I cant save xyz in server since then i will have both key and encrypted data,
I cant generate xyz with password or User details since i will have them and i knows how to create the key from that data
Is there a way to achieve this without saying to client Trust me am truest worthy. Or make your own key!?
I would suggest you leave this up to the client. From their side, the key is much like a password (though you don't know what it is), and they can share it between their own devices by whatever means they like, whether it's email, text, via a password manager, simply retyping the key, etc. Beyond that, I'd suggest looking at services that do something similar and look at how they have dealt with this, for example Protonmail.ch.
Since this is a generic rather than a specific code-related question, you may be better off re-asking or moving this question on https://security.stackexchange.com.