Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Sending Encrypted Data to an E-mail Account

by shaolindoman (Acolyte)
on Jun 21, 2004 at 16:09 UTC ( #368492=perlquestion: print w/ replies, xml ) Need Help??
shaolindoman has asked for the wisdom of the Perl Monks concerning the following question:

Hi all. I'm running into some trouble right now for the site I'm building. My boss wants me to have users input their billing info into fields (including credit card #) and then have it encrypted then sent to his e-mail. We do all the processing by and since there arn't many people buying things and he doesn't want to spring for more money then he has to at this time. So basiaclly my question is (and this may sound stupid) but how can I do browser enabled encryption? And what library should I use to send an e-mail to him. Anyone got any ideas?

Comment on Sending Encrypted Data to an E-mail Account
Re: Sending Encrypted Data to an E-mail Account
by pbeckingham (Parson) on Jun 21, 2004 at 16:16 UTC

    Using a secure server to capture the details and encrypt them will work for you, but then turning around and emailing the data over a plaintext wire protocol will undo some of that protection.

    Is the recipient (boss) email address within your domain, hosted internally, along with your site? I.e., does that email message have to leave the (hopefully) protected confines of your network and venture out into the bad world?

      Well, part of the problem is he doens't have the server set up yet. I've been developing the site on my local host server and he is waiting until I finish everything before he buys the server and sets all of that stuff up. And no, his e-mail is not within our domain and I don't think he would be willing to change because he uses his one e-mail right now for so many clients.

        Thanks for the details. In that case, the email needs to be encrypted. See the many excellent answers already posted.

Re: Sending Encrypted Data to an E-mail Account
by diotalevi (Canon) on Jun 21, 2004 at 16:16 UTC
Re: Sending Encrypted Data to an E-mail Account
by hardburn (Abbot) on Jun 21, 2004 at 16:29 UTC

    We do this all the time where I work. We use Crypt::OpenPGP to do the encryption server-side, then setup each person who needs to process a credit card with GnuPG (using a Win32 frontend called WinPT) and their own key for their e-mail address. You'll need to walk them through the key generation and how to do the decryption (just send a test order). Then give them a little lecture about how to keep the encryption keys secure.

    ----
    send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

Re: Sending Encrypted Data to an E-mail Account
by derby (Abbot) on Jun 21, 2004 at 17:06 UTC
    Four steps to Security (or how to be good until your boss looses his Excel spreadsheet by mailing it to his hotmail account for some *sure* work at home).

    1. Set up your secure server
    2. Process your data
    3. Encrypt your data (geez I'm a stats whore).
    4. Mail it.

    -derby

    Update: Yikes! browser enabled encryption ... don't even try. You're better off doing it at the server. If the boss complains, start throwing words around like fiduciary responsibility.

      Well my main reason for asking all of this to avoid packet sniffing. How would I get around packet sniffing if the user is sending over name/credit card/etc. intially when they are ordering something.
        Secure servers are the *real* way to get around packet sniffing. There are some attempts to do client-side public key encryption via javascript (giyf) but I sure would hate to be on the QA team for something like that.
        -derby

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://368492]
Approved by davido
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (17)
As of 2014-07-28 19:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (206 votes), past polls