On 11/19/01, Kay Smoljak penned:
>Hi Don,
>
>Warning: this email does contain a plug...
>
>We had a similar problem with a client who has a subscription site. We
>created a custom tag - CFX_PWCARDCRYPT, which encrypts the number using
>a 512, 1024 or 2048 bit RSA public key, which can safely be stored on
>the server. To process the payments each month, the client goes to an
>SSL page and enters his private key, which is only stored offline on his
>personal computer (we even recommend it's stored on a floppy disk in his
>safe, rather than on his machine). The numbers are then decrypted and
>batch processed. The decrypted cc numbers and private key are *never*
>stored anywhere on the server except in memory.

I use cfx_pwcardcrypt and built support for it into my authorize.net 
batch processing application. It works great. A good deal slower than 
PGP, but when comparing 50 bucks to 16,000 bucks, I can take the 
speed hit. :) It decrypts each card number in just under 1 second 
using 1024 bit encryption.

My instructions (and the way I use it) are to keep the private key in 
a text file on my personal computer at home, named in such a way that 
nobody would know what it is, then copy and paste it into the login 
screen, storing it as a session variable so it's available until the 
administrator logs out or times out.
-- 

Bud Schneehagen - Tropical Web Creations

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to