On 11/19/01, Kay Smoljak penned: >Hi Don, > >Warning: this email does contain a plug... > >We had a similar problem with a client who has a subscription site. We >created a custom tag - CFX_PWCARDCRYPT, which encrypts the number using >a 512, 1024 or 2048 bit RSA public key, which can safely be stored on >the server. To process the payments each month, the client goes to an >SSL page and enters his private key, which is only stored offline on his >personal computer (we even recommend it's stored on a floppy disk in his >safe, rather than on his machine). The numbers are then decrypted and >batch processed. The decrypted cc numbers and private key are *never* >stored anywhere on the server except in memory.
I use cfx_pwcardcrypt and built support for it into my authorize.net batch processing application. It works great. A good deal slower than PGP, but when comparing 50 bucks to 16,000 bucks, I can take the speed hit. :) It decrypts each card number in just under 1 second using 1024 bit encryption. My instructions (and the way I use it) are to keep the private key in a text file on my personal computer at home, named in such a way that nobody would know what it is, then copy and paste it into the login screen, storing it as a session variable so it's available until the administrator logs out or times out. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

