Req. advice on automated gpg batch job and storage of private key/keyring offline
vedaal at hush.com
vedaal at hush.com
Mon Sep 15 19:13:00 CEST 2008
John French johnlfrench at gmail.com wrote on
Sun Sep 14 18:18:19 CEST 2008 :
>I want to keep the public key on the server to
>encrypt the card numbers when entered by account holders
>and prior to db storage
>When its time to run the cards
>against the cc merchant account,
>I'd like to go to a password protected ssl
>page on my site and enter (paste) the key as ASCII (armored)
>and allow the php script to decrypt the cc numbers, process them
and >exit, all in memory.
> If I remove the private keyring,
> gnupg complains about the keyring being missing
> and goes so far as to recreate it
i don't know much about php scripts on ssl sites,
but if you accept that part of your plan as 'secure',
then this may be a way of using gnupg to accomplish what you want:
[1] generate a keypair that you don't use for anything, and keep
the resulting public and secret keyrings on the server
(this will eliminate any error messages from gnupg, as well as
providing a secret keyring to be able to import into)
[2] when you are ready to decrypt, import the secret key from your
php script
[3] when you are done, remove the secret key from the keyring,
with this command:
gpg --delete-secret-key 0x'rest of numeric key id'
(the man.page says that for batch files, the key 'name' is not good
for this command)
again,
Robert's precautions/advice should be very seriously considered,
as you might face considerable legal responsibility if any part of
your procedure proves to be 'hackable' and the cc's numbers
revealed ...
vedaal
any ads or links below this message are added by hushmail without
my endorsement or awareness of the nature of the link
--
Self Storage Options - Click Here.
http://tagline.hushmail.com/fc/Ioyw6h4eNgQ9ILoxagFdzTG1UUIjiwvTxxBN6wbLuLD6gccATHlKeb/
More information about the Gnupg-users
mailing list