|laziness, impatience, and hubris|
Searching on the same subject..
Currently I don't allow any CC number storage on my servers, but I have a client that want's to have them stored and then be able review over the web but not needing to automatically rebill.
(trying to persuade the client to use external resource for cc processing like all of my other clients.)
But..How does this sound...
I'm a bit (very big bit) ignorant on the pgp system so be forgiving.
Encrypt the CCnumber with one key and decrypt with another.
The encryption would take place on the server in a perl script, and the result stored in a data file on the server
The other key would not be on the server, it would reside on the remote clients pc.
The decryption would be done in a java routine on the client pc when viewing the data via https:
Any ideas on implementing this (pro's con's howto's?)