configuration - Storing encryption keys for desktop application(Email Client)[Duplication] -

there many articles on stack-overflow , security.stackexchange on storing encryption keys, still confused, that's why decided ask again here.

basically, creating email client education purpose, in users can create account enter there email-id , password. looking secure way save information.

i

1. encrypting email-id , password
2. and storing encryption key on user pc because don't want user type in password every time sends , email

from reading have understood that,

1. i need store encryption key in separate location, difficult find hacker, problem here application written in python , open source application, hacker can view source code , path of directory key stored.
2. second solution can have master password used key, when user opens application first time after starting computer, application ask master password, can store key in ram.

looking @ articles on internet on topic repetition, sill learning make applications , last 2 days going in loop no success.

os: linux ubuntu 14.04

programming language/framework: python/gtk+

your understanding correct.

it's impossible prevent attacker access local key accessing password. obscuring path stored provides virtually 0 additional security - attacker know-how necessary perform decryption bypass such mechanism.

the secure way storing key (or key key) out of computer - in user's mind, in case of master password mechanism.

if end using master password, don't forget use proper key derivation function, ideally key-stretching mechanism, such pbkdf2 or bcrypt. never use password key directly (or simple hash of password.