Improved verification of messages

Wed, 13 Sep 2000 01:06:52 -0700 (PDT)

I'm currently planning to set up a web shop where
customers will be able to enter their credit card and
other details via SSL, and at the server the details
will be encrypted using GnuPG and a public key.

This public key will only be used for orders, so it
will not be distributed to anyone - in fact it will
have 500 permissions on the server so that no-one
except my user-id and root ought to be able to read
the key. The corresponding private key will NOT be
stored on the server.

The encrypted details will then be emailed to me and I
will use the private key on my local PC to decrypt the

This is about as secure as I can envisage, but if
someone does happen to get a copy of the public key
from the server, then they *may* be able to forge an
encrypted order (with perhaps lower prices for some of
the articles).

So, I need an added level of security so that I can be
sure that an order email REALLY came from the shopping
cart script and not from someone who managed to get a 
copy of the public key.

Is it possible to get this added level of security?



Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!

Archive is at - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to