• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Encrypting Credit Card Numbers - Two Way Encryption
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypting Credit Card Numbers - Two Way Encryption

  • Subject: Re: Encrypting Credit Card Numbers - Two Way Encryption
  • From: Kieran Kelleher <email@hidden>
  • Date: Thu, 20 May 2004 12:19:06 -0400
You can use a Secret Key function which uses the same key (password) to encrypt and decrypt. A common example is Blowfish algorithm or the govermnents DES algoritm. However this may be too insecure for credit cards.

I am planning to implement similar functionality and what I am thinking is that you need a public-private key pair such as a pair of RSA or DSA (better) keys. Then your app would use the public key to encrypt. Who ever has the private key could decrypt the credit card number. The strategy would be to put the last 4 digits in a seperate field before encrypting and NEVER have the private decrypting key available in the same app that has the public key for encrypting. Then for queries, simply use XXXX-XXXX-XXXX-nnnn using the nnnn that you previously had stored.

Only the app/person/computer that charges credit cards should have access to the private key.

Beware, the penalties are very steep if your strategy does not keep credit card numbers safe!

On May 20, 2004, at 3:59 AM, Jonathan Fleming wrote:

Hi Guys,
Quick one... what's the best system to use for 2-way encryption? I want to encrypt credit card numbers in the database (MSSQLServer2000) and then decrypt them when I need the app to pull them up in a query so I can see them.

For my passwords I use Sun's one-way encryption algorithm:
MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); etc, etc but as I said I need a system that let's me decypt later when needed.

Any examples or pointers welcome.

Thanks
Jonathan :^)

_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.




___________________________________
Kieran Kelleher
SmartleadsUSA,LLC
2656 West Lake Rd
Palm Harbor, FL 34684
email@hidden
727-785-0766 x33
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.

References: 
 >Encrypting Credit Card Numbers - Two Way Encryption (From: "Jonathan Fleming" <email@hidden>)

  • Prev by Date: Re: Rendezvous and WebObjects vs OpenJMS
  • Next by Date: NoClassDefFoundError from a frameworks, fails on MacOSX succeeds on Windows
  • Previous by thread: Re: Encrypting Credit Card Numbers - Two Way Encryption
  • Next by thread: Re: Encrypting Credit Card Numbers - Two Way Encryption
  • Index(es):
    • Date
    • Thread