I think we should move this discussion somewhere else, but I will add one more post on this subject:
@Trajectory:
No matter what you do someone is always going to find the secret master key. Attempting to hide it via security via obscurity is only going to make people try harder. I think that the only real way you could fully master this is if you somehow used the 64-bit processors AESDEC, AESDECLAST, AESENC, AESENCLAST, AESIMC, and AESKEYGENASSIST instructions to create your own algorithm (something that, as you've said before, you do not wish to do). Attempting to protect it by making two different versions will only piss people off because they have to implement their own encryption algorithm. This would, in turn, depopularize your product.
Your only choice then would be to:
Generate a random master seed using a combination of arandomly-generated seed value at compilation time stored as an internal variable compiled into the executable and referenceable by a constant such as master_dec_enc_key;
Use this key to then encrypt the data that the user wishes to encrypt; and
Use the decryption master key that, again, is stored in the executable, to decrypt the data.
Alternatively:
Use an already-provided OpenSSL AES-256-CBC encryption algorithm to manage all your encryption and decryption needs (I highly recommend this one); or
Do not include encryption whatsoever (highly not recommended).
"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." — Charles Babbage.
My Github