I hope you folks don't mind this duplication of posting. I am sort of reposting a question here that I posted over at openacs.org, as I know that some of you that could help don't really hang out over there.
The post over there is: http://openacs.org/forums/message-view?message_id=120984 But it reads like this: A client wants to store, well you know, credit card data in the database. Here's what I am thinking of doing, and I'd like your help in making what I do actually useful. I created two functions: cc_encrypt and cc_decrypt that use openssl to encrypt and decrypt a string. I then plan on storing the encrypted binary string in the database (along with data detailing the encryption parameters apart from the password.) openssl bf -pass pass:${password} will use the blowfish cipher to encrypt stdin, sending it to stdout using the password. openssl bf -pass pass:${password} -in infile -out outfile will use the blowfish cipher to encrypt infile, sending it to stdout using the password. and openssl ... -d will decrypt The complete functions are here: http://openacs.org/forums/message-view?message_id=120985 But the relevant snippet is: set plainfilename [ns_mktemp /tmp/cc-XXXXXX] set plainfd [open $plainfilename w] puts -nonewline $plainfd $plaintext close $plainfd set cryptfilename ${plainfilename}.crypt exec openssl bf -pass pass:${passphrase} -in $plainfilename -out $cryptfilename file delete $plainfilename set cryptfd [open $cryptfilename r] fconfigure $cryptfd -translation binary set crypt [read $cryptfd] close $cryptfd file delete $cryptfilename Question one: What's a good cipher to use? blowfish, des3, ...? Question two: So this encrypts the database but now I have this $password floating around. The password can be set with an environment variable, a string as I show here, or a file somewhere in the filesystem. Is there a reasonable secure and easy to implement way to manage this password? Question three: I have gotten this working using the temp file approach, but I would like to get rid of the temporary files both for file hygiene and privacy concerns. The problem is that openssl creates binary strings, and I can't figure out how to make a binary process pipeline (to use the Welch terminology (p110 of PPiTaT) out of exec, or out of |open. Can anyone help? What magical incantation can I use to get rid of the temp files? Question four: assuming the password can be managed, and that I can get rid of the temp files, what are the security implications of this? Thanks for your help, Jerry -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
