understanding what gnugp can do

Jack McKinney jackmc-gnupg-users@lorentz.com
Mon, 23 Oct 2000 17:48:45 -0500 

--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Big Brother tells me that Armin Hartinger wrote:

> Jack,

>=20

> Seems that echo here on this NT box at work doesn't seem to have an optio=

n to omit

> the newline. So I tried something else... I put the passphrase into a tex=

tfile and

> just piped the output of this textfile into the command you described:


    Ah... didn't realize that it was an NT box.  In any event, reading
from a file is a better way to do it in the long run...


> C:\gpg>type pass.txt | gpg --passphrase-fd 0 -d test.gpg

>=20

> And it worked alright! (use cat on a *nix machine of course).

>=20

> Thanks for your great help! Another problem solved. And I'm confident tha=

t I get a

> decent solution now to work that my wife can process the decrypted orders.

> Let's just hope that the customers appreciate the security.


    As long as you don't let them know that the key is stored unencrypted
on the hard drive...


> How many % of stores you guys think send around plaintext emails of their=

 customers

> names CC#?


    Pretty low.  What I did was to public encrypt the card and store it into
a TEXT field in the db.  Then, the customer we did the web site for just
goes to an https page and enters the pass phrase before the https page disp=
lays
the card info.  Thus, the data is stored on the disk encrypted, and it is
transmitted to the admins encrypted (SSL).
    I couldn't do it without PGP or GPG... there is no way to stored the
data on the disk without also storing the key unless one uses public
encryption.  I imagine that most administrators transmit the credit cards
fairly securely, but that fewer consider encrypting the data for storage...

--
"Restore your inalienable human rights.       Jack McKinney
 Vote Libertarian.  http://www.lp.org         http://www.lorentz.com
 http://www.harrybrowne2000.org               jackmc@lorentz.com
                                              1024D/D68F2C07 4096g/38AEF076

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjn0wEwACgkQimeon9aPLAfI7QCfe3ZaR+Hv8pnMXZ9gpOsa9TI8
Z54AoL10Dta+M87Sq5lYrl18Sh4mjyWv
=VVQ6
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org