SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Guru DenverDave's Avatar
    Join Date
    Feb 2001
    Location
    Denver, Colorado
    Posts
    630
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Email Encription - gnupg ?

    I have a potential new client with an existing website where customers enter credit card information into a unsecure form and then email the cc information to the client. I don't feel comfortable with this approach, but if I could deal with it, the rest of the website is easy.

    I'm thinking that we need at a minimum a shared security certificate and an encryption utility such as www.gnupg.org

    We'd enter the information on the secure form and email it to the client, not storing the credit card info anywhere on the server. Am I on the right track?

    Can anyone point me to information about how to setup a shared secure server at IH? Will a shared secure server as opposed to our own certificate be adequate? What trade-offs are we making with a shared certificate? Transaction volume is about 1 per day.

    How about with gnupg - has anyone done this? Where do I even start? I've installed phpbb and cubecart, is gnupg harder?

    I've discussed payment gateways such as Paypal and others with the client and they strongly prefer to get the email.

    Suggestions, comments, etc?
    I found infomation about www.gnupg.org and was wondering if this is already installed at InsiderHosting?

    Has anyone already done similar?

  2. #2
    SitePoint Evangelist gollux's Avatar
    Join Date
    Feb 2005
    Location
    Oregon, USA
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One shopping cart software I worked with had a perl interface which I used to capture all the order information with a perl program which then built the invoice text, encrypted it with blowfish encryption, and then sent it as an email with the order attached as a base64 encoded mime attachment.

    Then on the other end, I built a perl program which was timed to pull the email off the mail server and decode it out into text files on the receiving computer.

    This was all done because that was what was provided on the server, didn't have the option of installing GnuPGP. Hope the information wasn't too peripheral to the questions asked.

    Anyone know where some explaination of how to generate an SMIME email using perl could be found?
    Released under the Fiasco Labs Digital Damnation Copywright,
    it's yours to make whatever the 7734 you want with it.

    (c) 2005 Fiasco Labs All Wrongs Reserved


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •