RSA Encryption in PHP?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mox
Forum Newbie
Posts: 7
Joined: Mon Jun 14, 2004 3:17 pm

RSA Encryption in PHP?

Post by mox »

Anyone know if it's possible to encrypt/decrypt data with a RSA Encryption using PHP ?

I need to store Credit card numbers in a database and I need it to be really secure..

Encrypting/decrypting the credit cards numbers seems to be the best way.. + Other things..

I found some perl/c scripts that encrypt and decrypt RSA but I'd prefer to do it directly inside the PHP so I have no external 'accessories' that do the job for me.

Let me know if you guys know anything about that !

Thanks,
--Ben
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

look into the openssl functions, have not had much experience but i think you can obtain what you want through them.
lostboy
Forum Contributor
Posts: 329
Joined: Mon Dec 30, 2002 8:12 pm
Location: toronto,canada

Post by lostboy »

encrypted or not, i would not store CC data on the web server...if you MUST keep the data, it should be placed in a machine behind the network firewall and not be exposed at all. Not matter how safe, secure encryption is, it can be broken...

I wouldn't store CC data at all, I would keep the transaction approvals etc from the payment gateway as proof, but not the card details. Have the customer re-enter it each time...if its a PITA to the customer, tough, tell them its safer...
mox
Forum Newbie
Posts: 7
Joined: Mon Jun 14, 2004 3:17 pm

Post by mox »

The thing is that the client don't want to deal with a gateway.. they have a little restaurant and want to be able to get reservations from the internet

If a client make a reservation over the internet, they enter their credit card number and the guy in the restaurant will get a popup saying that there is a new reservation and will enter the credit card number in his machine and then delete the credit card record from the database
lostboy
Forum Contributor
Posts: 329
Joined: Mon Dec 30, 2002 8:12 pm
Location: toronto,canada

Post by lostboy »

People gotta pay before they eat?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

why not just take name and number of persons, like a "normal" restaurant reservation over the phone..
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

I suppose internet reservations could leave them open to abuse, i.e someone (falsely) books 15 tables.
Rather than have a credit card number as a show of 'good faith' you could just ask for name, number of people and an email address, then send an email asking them to visit/click a link to confirm *shrug*
lostboy
Forum Contributor
Posts: 329
Joined: Mon Dec 30, 2002 8:12 pm
Location: toronto,canada

Post by lostboy »

Not to mention the waiters scamming the card numbers for other use....

markl999's suggestion is best
mox
Forum Newbie
Posts: 7
Joined: Mon Jun 14, 2004 3:17 pm

Post by mox »

The client already have a system similar to that but have a lot of problems reaching the data for the credit cards

They don't want to change the way they do business.. they want to improve the system and that's why I'm here talking about that :)

What I need is a way to encrypt using RSA Encryption..

If it's not possible to do it directly using PHP I'll use a little c program or a perl script and everything will be okay.. but I'd prefer to do it using php code.

Thanks
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

openssl, look into it, im telling you, and who ever said that all encryption can be broken.....yopu better pray to god that no one ever breaks RSA encryption or the whole world is gonna go to hell in a hand basket.....
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

lmao dull
Post Reply