Since your goal is to encrypt the card number in the database you'll naturally need a 
way to decrypt it as well. At that point it seems your concern is that your database 
will be compromised. That can be avoided easily by creating a single private key and 
using your own algorithm to encrypt based on that key. The only catch is, if the code 
that does the encrypting is compromised, and the database is compromised, then the 
numbers are compromised. My basic point is, your need is not the same as what PGP 
addresses in that PGP addresses the more difficult problem of passing data between 2 
entities. Your requirement is very simple to address; 1. write a simple compiled 
module with an embedded key, 2. keep that key in a safe place, and 3. write another 
module to decrypt, all it needs is the key. This is similar to what was done with 
DVDs, just don't allow your encryption algorithms to be compromised. You can put the 
source code in the same place as your key, you can use a code scrambler when you 
compile, and you should already have your server secure already. Again, my point is, 
this is easy because the same entity that encrypts is doing the decrypt. Hope this 
helps.

<>< Ryan

-----Original Message-----
From: Doaldo Navai Junior [mailto:doaldo@;triunfo-bsb.com.br]
Sent: Wednesday, October 23, 2002 12:53 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [PHP-DB] Credit Card Info & Cryptography


Suppose I sell some products online and get user's credit card info via SSL
connection. Isn't there any method (free, preferably) of ASSYMETRIC  (Public
key) cryptography I can use with PHP to store this data in a db?? Or is
there any other good option instead of this?

TIA,
Doaldo



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to