I need to store credit card numbers in my server's database (server co-located elsewhere). I want to keep the public key on the server to encrypt the card numbers when entered by account holders and prior to db storage. I have to keep the cc number on record for recurring billing purposes. It makes me feel more secure to keep the private key and private keyring (passphrase or not) off the server. When its time to run the cards against the cc merchant account, I'd like to go to a password protected ssl page on my site and enter (paste) the key as ASCII (armored) and allow the php script to decrypt the cc numbers, process them and exit, all in memory. Is there a way to go about this? I've been testing and can't decide on a good way to accomplish this task. If I remove th eprivate keyring, I have noticed that gnupg complains about the keyring being missing and goes so far as to recreate it. I have thought that it may be best to keep the private keyring on the server and password protected but empty (not sure this is possible, haven't tested), and from my php/ssl script, send the ASCII armored private key and keyring passcode. The script would import the key, run the decryption and remove the key from the keyring as the last step. It password protection on the keyring would keep the key safe if the script bombed while the private key was on the ring. Can anyone offer advice or procedures on a good safe way to accomplish this task? Thanks
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
