PGP replacement for shopping cart software?

Fri Sep 4 15:47:04 CEST 1998

On Fri, 4 Sep 1998, Samuel Liddicott wrote:

> I know a LOT of people running minivend (online shopping software) who are
> starving for some kind of PGP with which credit card info can be encrypted
> before being emailed.

I have a similar situation.  As a temporary bridge solution to a client's
shopping mechanism we needed a way to transport credit card data from the
live servers at the colocation center to the company's main office for
fulfillment. The interim shopping system was an email based one and so I
devised a simple set of perl scripts that use gpg to create an encrypted
message tunnel.  It is called CMT for Crypto Mail Transport.

CMT-Send: Script that receives plaintext email, encrypts them and forwards
them to CMT-Receive.

CMT-Receive: Script that receives encrypted email, decrypts them and
forwards them on to the true recipient.

CMA: A tool for storing messages in encrypted format with an offline
(floppy) keyring and a console application for printing messages.

CMT-Send is a local qmail email alias that email is delivered to.  It
encrypts the message with CMT-Receive's key and emails it to CMT-Receive. 
CMT-Receive accepts encrypted messages, decrypts them and forwards them on
to CMA.  CMA is an archiver that receives messages and encrypts them using
a second key whose private portion is stored offline. 

When the user wants to view a message, they login under a user that runs
the CMA UI.  The CMA UI prompts them to insert their key disk which it
then checks for validity.  Using that keyring they can then select
messages to be sent to the printer attached to the parallel port.

CMT is a useful encrypted message tunnel, albeit somewhat crude.  All told
the solution took about 10 hours to put together.

This solution, however, requires a unix server to be the inbound port of
the encrypted mail tunnel and a unix email server to be the outbound port
of the encrypted mail tunnel.  We recycled a 486 that was collecting dust
for the destination machine.  It is isolated from the network logically,
protected by a firewall and only accepts SMTP connections. 

C=)

--------------------------------------------------------------------------
       There is hardly a thing in the world that some man can not
             make a little worse and sell a little cheaper.
--------------------------------------------------------------------------
Caskey <caskey*technocage.com>       ///                pager.818.698.2306
TechnoCage Inc.                     ///|               gpg: 1024D/7BBB1485
--------------------------------------------------------------------------
  I didn't fight my way to the top of the food chain to be a vegetarian.