Re: Encrypting Credit Card Numbers - Two Way Encryption
Re: Encrypting Credit Card Numbers - Two Way Encryption
- Subject: Re: Encrypting Credit Card Numbers - Two Way Encryption
- From: "Jonathan Fleming" <email@hidden>
- Date: Thu, 20 May 2004 22:44:20 +0100
Yes Kieran, I've been reading up on this - Java Cryptography Extensions
(JCE) here: http://www.informit.com/guides/content.asp?g=java&seqNum=28 and
followed the links through to:
One-Way Encryption -- (
http://www.informit.com/guides/content.asp?g=java&seqNum=29 );
Symmetric Encryption -- (
http://www.informit.com/guides/content.asp?g=java&seqNum=30 );
Public Key Infrastructure -- (PKI) (
http://www.informit.com/guides/content.asp?g=java&seqNum=31 ).
The information here is very good and gives sample code too.
Jonathan :^)
From: Kieran Kelleher <email@hidden>
To: Jonathan Fleming <email@hidden>
CC: email@hidden
Subject: Re: Encrypting Credit Card Numbers - Two Way Encryption
Date: Thu, 20 May 2004 12:19:06 -0400
You can use a Secret Key function which uses the same key (password) to
encrypt and decrypt. A common example is Blowfish algorithm or the
govermnents DES algoritm. However this may be too insecure for credit
cards.
I am planning to implement similar functionality and what I am thinking is
that you need a public-private key pair such as a pair of RSA or DSA
(better) keys. Then your app would use the public key to encrypt. Who ever
has the private key could decrypt the credit card number. The strategy
would be to put the last 4 digits in a seperate field before encrypting and
NEVER have the private decrypting key available in the same app that has
the public key for encrypting. Then for queries, simply use
XXXX-XXXX-XXXX-nnnn using the nnnn that you previously had stored.
Only the app/person/computer that charges credit cards should have access
to the private key.
Beware, the penalties are very steep if your strategy does not keep credit
card numbers safe!
On May 20, 2004, at 3:59 AM, Jonathan Fleming wrote:
Hi Guys,
Quick one... what's the best system to use for 2-way encryption? I want to
encrypt credit card numbers in the database (MSSQLServer2000) and then
decrypt them when I need the app to pull them up in a query so I can see
them.
For my passwords I use Sun's one-way encryption algorithm:
MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
etc, etc but as I said I need a system that let's me decypt later when
needed.
Any examples or pointers welcome.
Thanks
Jonathan :^)
_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now!
http://toolbar.msn.co.uk/
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
___________________________________
Kieran Kelleher
SmartleadsUSA,LLC
2656 West Lake Rd
Palm Harbor, FL 34684
email@hidden
727-785-0766 x33
_________________________________________________________________
Get a FREE connection, FREE modem and one month's FREE line rental, plus a
US or European flight when you sign up for BT Broadband!
http://www.msn.co.uk/specials/btbroadband
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.