Page 1 of 1

RSA Encryption in PHP?

Posted: Mon Jun 14, 2004 3:17 pm
by mox
Anyone know if it's possible to encrypt/decrypt data with a RSA Encryption using PHP ?

I need to store Credit card numbers in a database and I need it to be really secure..

Encrypting/decrypting the credit cards numbers seems to be the best way.. + Other things..

I found some perl/c scripts that encrypt and decrypt RSA but I'd prefer to do it directly inside the PHP so I have no external 'accessories' that do the job for me.

Let me know if you guys know anything about that !

Thanks,
--Ben

Posted: Mon Jun 14, 2004 3:21 pm
by dull1554
look into the openssl functions, have not had much experience but i think you can obtain what you want through them.

Posted: Mon Jun 14, 2004 3:33 pm
by lostboy
encrypted or not, i would not store CC data on the web server...if you MUST keep the data, it should be placed in a machine behind the network firewall and not be exposed at all. Not matter how safe, secure encryption is, it can be broken...

I wouldn't store CC data at all, I would keep the transaction approvals etc from the payment gateway as proof, but not the card details. Have the customer re-enter it each time...if its a PITA to the customer, tough, tell them its safer...

Posted: Mon Jun 14, 2004 3:46 pm
by mox
The thing is that the client don't want to deal with a gateway.. they have a little restaurant and want to be able to get reservations from the internet

If a client make a reservation over the internet, they enter their credit card number and the guy in the restaurant will get a popup saying that there is a new reservation and will enter the credit card number in his machine and then delete the credit card record from the database

Posted: Mon Jun 14, 2004 3:47 pm
by lostboy
People gotta pay before they eat?

Posted: Mon Jun 14, 2004 4:58 pm
by feyd
why not just take name and number of persons, like a "normal" restaurant reservation over the phone..

Posted: Mon Jun 14, 2004 5:03 pm
by markl999
I suppose internet reservations could leave them open to abuse, i.e someone (falsely) books 15 tables.
Rather than have a credit card number as a show of 'good faith' you could just ask for name, number of people and an email address, then send an email asking them to visit/click a link to confirm *shrug*

Posted: Mon Jun 14, 2004 5:17 pm
by lostboy
Not to mention the waiters scamming the card numbers for other use....

markl999's suggestion is best

Posted: Mon Jun 14, 2004 6:29 pm
by mox
The client already have a system similar to that but have a lot of problems reaching the data for the credit cards

They don't want to change the way they do business.. they want to improve the system and that's why I'm here talking about that :)

What I need is a way to encrypt using RSA Encryption..

If it's not possible to do it directly using PHP I'll use a little c program or a perl script and everything will be okay.. but I'd prefer to do it using php code.

Thanks

Posted: Mon Jun 14, 2004 8:05 pm
by dull1554
openssl, look into it, im telling you, and who ever said that all encryption can be broken.....yopu better pray to god that no one ever breaks RSA encryption or the whole world is gonna go to hell in a hand basket.....

Posted: Mon Jun 14, 2004 9:59 pm
by infolock
lmao dull