Recently ive been working on a online catalogue e-commerce site. In this site, when a client sends his
credit card data for the first time in order to register, the data is sent through SSL to the server, where
it is pgp encrypted and sent as an encrypted email to the site's administrator's computer. So, the
credit card data is not stored in the server (only the rest of the personal data of the client). For my card
data processing function i ve been using the following code:
//the method here is that the card data are sent via an encrypted (by GPG) email to the mail server of
//the company's owner
Code: Select all
function process_card($username, $cardtype, $cardno, $month_expir, $year_expir, $cardholder)
{
echo "the card is processed";
return true;
$to_email = "luke@localhost";
// Tell gpg where to find the key ring
// On this system, user nobody's home directory is /tmp/
putenv("GNUPGHOME=/tmp/.gnupg");
//create a unique file name
$infile = tempnam("", "pgp");
$outfile = $infile.".asc";
$body="card data for the client with user name: $username";
$body .="<br>card type: $cardtype\r\n card no: $cardno\r\n Expiry month: $month_expir\r\n Expiry
year: $year_expir\r\n card holder: $cardholder";
//write the user's text to the file
$fp = fopen($infile, "w");
fwrite($fp, $body);
fclose($fp);
//set up our command
$command = "/usr/local/bin/gpg -a \\
--recipient 'somename<somename@somewhere.com>'
--encrypt -o $outfile $infile";
// execute our gpg command
system($command, $result);
//delete the unencrypted temp file
unlink($infile);
if($result==0)
{
$fp = fopen($outfile, "r");
if(!$fp||filesize ($outfile)==0)
{
$result = -1;
}
else
{
//read the encrypted file
$contents = fread ($fp, filesize ($outfile));
//delete the encrypted temp file
unlink($outfile);
mail($to_email, $title, $contents, "From: $from\n");
echo "<h1>your email was sent</h1>
<p>your card data were encrypted and sent
<p>thank you.";
return true;
}
}
if($result!=0)
{
echo "<h1>Error:</h1>
<p>Your card data could not be encrypted therefore they were not sent.";
return false;
}
}My question is simple: Which pgp version should I install in my system to check the code. I have
already downloaded the binary version of GnuPG for MS-Windows 95, 98, WNT, W2000 and XP (command line) as well as the 8.02 v. of pgp for win. Can I use the command line version or should I dowload another one?
Thanks in advance, Vasilis