Email Encription - gnupg ?

[DenverDave]

I have a potential new client with an existing website where customers enter credit card information into a unsecure form and then email the cc information to the client. I don't feel comfortable with this approach, but if I could deal with it, the rest of the website is easy.

I'm thinking that we need at a minimum a shared security certificate and an encryption utility such as www.gnupg.org

We'd enter the information on the secure form and email it to the client, not storing the credit card info anywhere on the server. Am I on the right track?

Can anyone point me to information about how to setup a shared secure server at IH? Will a shared secure server as opposed to our own certificate be adequate? What trade-offs are we making with a shared certificate? Transaction volume is about 1 per day.

How about with gnupg - has anyone done this? Where do I even start? I've installed phpbb and cubecart, is gnupg harder?

I've discussed payment gateways such as Paypal and others with the client and they strongly prefer to get the email.

Suggestions, comments, etc?
I found infomation about www.gnupg.org and was wondering if this is already installed at InsiderHosting?

Has anyone already done similar?

[gollux]

One shopping cart software I worked with had a perl interface which I used to capture all the order information with a perl program which then built the invoice text, encrypted it with blowfish encryption, and then sent it as an email with the order attached as a base64 encoded mime attachment.

Then on the other end, I built a perl program which was timed to pull the email off the mail server and decode it out into text files on the receiving computer.

This was all done because that was what was provided on the server, didn't have the option of installing GnuPGP. Hope the information wasn't too peripheral to the questions asked.

Anyone know where some explaination of how to generate an SMIME email using perl could be found?