You can use a password based key, which is a similar approach to the PGP method, create a key somehow (random clicks, random numbers etc.), encrypt it with a password and store it somewhere. When the user wants to access the DB, he enters the password, which is the key for the DB decryption key file and then you get the clear password for the DB.
The main idea is to remove the key from the machine itself, and pass it to the user, and meanwhile generate a unique key for each user (computer), so if I have the SW on my computer, I still don't have the key to another's DB.
