We receive credit card information (and we are using SSL) and we wouldThere are a variety of useful classes, including encryption, at http://www.acme.com.
simply like to encrypt the data before we place it in the database and
decrypt it after retrieving it.
I recommend you use the DES encryption.
Jef Poskanzer has also written RC4 (which is easy to implement), but you can't use it for legal reasons. The freely available RC4 was code that was leaked to the Internet a few years ago. There is no doubt that it's the real RC4 algorithm (it's byte-for-byte compatible), but RSA refuses to admit this.
The reason is that RC4 is not patented, it's a trade secret. So, by not admitting that the "Alleged RC4" (or ARC4) is true RC4, they protect their trademark. You can use this algorithm as long as you make no claims that it's related or comparable to RC4; otherwise you face the potential wrath of RSA's lawyers! Because you want to advertise your encryption algorithm, you'll need to use the DES algorithm.
Another tip: derivce your encryption key from a runtime value that needs to be typed in. You could pop up a dialog box on your console or submit it through a form.
Good luck,
-- Charles
