Are there any security downsides in encrypting a given key with itself using AES in CBC mode, and using an IV (of course)?
The principles are respected: the key is secret, and the IV is public (as this does not affect security of encryption).
However, a potential attacker will know (as he can access the source code), that the string is encrypted using itself as the key.
My judgment does not see any problems, but I'm trying to make sure.
Thank you.
EDIT - details of the task, I hope I'll be able to pass them across clearly, it's not yet very clear for myself:
My system uses encryption to store certain values in MySQL tables. Encryption is performed on the PHP code (not the MySQL built-in AES). Obviously, I need a secret key, which needs to be setup by the system admin, just ONCE, at system setup. This is critical, because changing the key after any encrypted data has been saved as such, will make that data un-decryptable.
Admin can setup secret key by simply editing a PHP script file via FTP (or whatever). But that's not what I want.
What I want is having a install script, during which the admin choses the secret key, which gets encrypted with itself and stored into a table. Granted, a valid point that has been made below, is that you'd need the key to decrypt the key... I didn't get as far in my reasoning, I was at the stage of investigating if encrypting a key with itself as key is still a secure thing.
If you have any ideas regarding the above, it'll be much appreciated.
Thanks.