Hi all. I guess this is on topic in a roundabout way. :) A while back I created a ColdFusion program that will create and upload batch files to authorizenet. I haven't pushed it hard since obviously it stores credit card and bank account numbers. I've since installed PGP and the CFX_PGP tag on my server and set up the program so when you enter a customer's information via signup form, through administration, or by importing an existing batch file, the credit card or bank account number is encrypted with a 3072 bit diffie-hellman/1024 DSS public key created for the merchant. When entering administration, through an SSL connection, the merchant enter's his password and PGP Passphrase, which is stored as a session variable. When creating the batch file, the numbers are decrypted with his private key using the session.passphrase, and written to the text file. After uploading to authnet, the file is deleted from the server. When he's done, he logs out which kills the session variable. My question to any PGP gurus is this: If the key pair is created using a passphrase of sufficient length that PGP says the quality is real good, how difficult in actuality would it be for someone to decrypt those numbers should they get ahold of the database. How difficult should they also grab the secure keyring on the server, if they don't have the passphrase. Would it be worth a hackers time? Or do you think they would they go somewhere else? Anybody see anything wrong with this setup? I've had alot of interest in the program, but I've even gone so far as to talk people out of using it that are going to have more than just a few accounts in the database. Thanks for any input. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 ------------------------------------------------------------------------------ Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
