Page 1 of 1
RSA Encryption in PHP?
Posted: Mon Jun 14, 2004 3:17 pm
by mox
Anyone know if it's possible to encrypt/decrypt data with a RSA Encryption using PHP ?
I need to store Credit card numbers in a database and I need it to be really secure..
Encrypting/decrypting the credit cards numbers seems to be the best way.. + Other things..
I found some perl/c scripts that encrypt and decrypt RSA but I'd prefer to do it directly inside the PHP so I have no external 'accessories' that do the job for me.
Let me know if you guys know anything about that !
Thanks,
--Ben
Posted: Mon Jun 14, 2004 3:21 pm
by dull1554
look into the openssl functions, have not had much experience but i think you can obtain what you want through them.
Posted: Mon Jun 14, 2004 3:33 pm
by lostboy
encrypted or not, i would not store CC data on the web server...if you MUST keep the data, it should be placed in a machine behind the network firewall and not be exposed at all. Not matter how safe, secure encryption is, it can be broken...
I wouldn't store CC data at all, I would keep the transaction approvals etc from the payment gateway as proof, but not the card details. Have the customer re-enter it each time...if its a PITA to the customer, tough, tell them its safer...
Posted: Mon Jun 14, 2004 3:46 pm
by mox
The thing is that the client don't want to deal with a gateway.. they have a little restaurant and want to be able to get reservations from the internet
If a client make a reservation over the internet, they enter their credit card number and the guy in the restaurant will get a popup saying that there is a new reservation and will enter the credit card number in his machine and then delete the credit card record from the database
Posted: Mon Jun 14, 2004 3:47 pm
by lostboy
People gotta pay before they eat?
Posted: Mon Jun 14, 2004 4:58 pm
by feyd
why not just take name and number of persons, like a "normal" restaurant reservation over the phone..
Posted: Mon Jun 14, 2004 5:03 pm
by markl999
I suppose internet reservations could leave them open to abuse, i.e someone (falsely) books 15 tables.
Rather than have a credit card number as a show of 'good faith' you could just ask for name, number of people and an email address, then send an email asking them to visit/click a link to confirm *shrug*
Posted: Mon Jun 14, 2004 5:17 pm
by lostboy
Not to mention the waiters scamming the card numbers for other use....
markl999's suggestion is best
Posted: Mon Jun 14, 2004 6:29 pm
by mox
The client already have a system similar to that but have a lot of problems reaching the data for the credit cards
They don't want to change the way they do business.. they want to improve the system and that's why I'm here talking about that
What I need is a way to encrypt using RSA Encryption..
If it's not possible to do it directly using PHP I'll use a little c program or a perl script and everything will be okay.. but I'd prefer to do it using php code.
Thanks
Posted: Mon Jun 14, 2004 8:05 pm
by dull1554
openssl, look into it, im telling you, and who ever said that all encryption can be broken.....yopu better pray to god that no one ever breaks RSA encryption or the whole world is gonna go to hell in a hand basket.....
Posted: Mon Jun 14, 2004 9:59 pm
by infolock
lmao dull