On Wed, Aug 11, 2004 at 08:23:42AM -0500, JupiterHost.Net wrote: > > > > >This sounds really awesome. Thanks. just what we need. > > > >Can one key decrypt the whole batch of cards? > > I didn't look to close but I'm thinking "no" since it was randomly > generated, and a single key for them all would again make it pointless > to do anything with it because all they need now is one piece of data to > see all the CC info. Instead of one per record. > > Just my .02 ;p > > Lee.M - JupiterHost.Net >
The blowfish keys are randomly generated for each transaction, but the RSA keys remain the same. Business::OnlinePayment::StoredTransaction::Unstore uses the RSA private key to decrypt each blowfish key, then uses that blowfish key to decrypt the transaction. Thus, as far as the module user is concerned the keys remain the same. If you want something that uses a separate key for each transaction, I have another module which effectively accomplishes this, but it's not ready for production yet. I'm not sure why you'd want this though, as it becomes a key management nightmare. BTW, I will be talking about a bunch of new tricks for credit card processing at YAPC::Europe this year, as well as, (just to bring the topic back to mod_perl) the experience I had building an MTA using Apache and mod_perl. mock -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
