On Wed, 19 Sep 2001 10:57:22 -0400, "Chad McCue"
<[EMAIL PROTECTED]> wrote:
>I am trying to find the best way to encrypt a .txt file or just a
credit
>card number going onto that file. I looked at the encrypt function, but
>after I encrypt the credit card number, I am writing the results to a
>txt document for my client to access via ftp. I need my client to have
>the ability to decrypt the txt file or the credit card number. Any good
>suggestions for this?
Warning: this email contains a blatant plug!
Sounds like a perfect candidate for our tag, cfx_pwtextcrypt. It uses
RSA asymmetric encryption to encrypt the file on the server using the
public key. The client keeps his private key on his own computer. Rather
than download the file via FTP, he could go to a page on the site (which
could be password protected/running through SSL if you want to be really
secure), paste in his private key and decrypt the file. The decrypted
information could then be spat out to cfcontent for the client to
download. The decrypted information is never stored anywhere on the
server except in memory.
While you could do something similar using CF's encrypt function, that's
not really secure because anyone compromising your server would have
everything required to decrypt the files. That's why public key crypto
works so well - the private key and the public key are never kept
together.
Hope that helps - by the way you can get cfx_pwtextcrypt at
http://www.developer.perthweb.com.au if you are interested.
Regards,
Kay.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
