Hi, I'd like to add two questions of my own as I need to do two encryptions in an app I am building (asap) now.

The needs are encrypting forms and encrypting some credit card numbers.

1. Encrypted Forms. This is mainly to obfuscate so that a casual cafe user can't read user data, as SSL is used if delicate info is needed.

I have a module I built for myself, Quickcrypt.pm which I've used in a couple of recent projects to encrypt multipage form data. Part of it I made after looking at the EncryptForm module on CPAN. I freeze a hash, websafe pack it, encrypt with CBC (Blowfish) and drop it into a hidden input field on the next HTML::Template generated page.

As I understand the thread, it would be totally unsafe to use RC4, in particular that would allow someone to detect the server's password and potentially use that later to get other people's session info. Whereas Blowfish would be okay, or better yet AES. Presumably changing server password every few months also not needed with Blowfish/AES keyspace sizes. Is this correct? Some machines only RC4 worked.

2. "A few Credit Cards". Highest priority question for me. I have a seminar signup system which will accept credit cards for the overseas users. In the future if everyone was allowed to do so I could have hundreds of credit cards per seminar.

The idea is that user data will be stored in a CSV text file but the credit card number will be encrypted. Site management staff can download all or part of the CSV and have it open in Excel, with the credit card numbers still encrypted. Or, they can first type in a password, which will then cause the credit card number column in the spreadsheet to be completely decrypted and you can view the plaintext of the spreadsheet including cc#'s in Excel just fine.

This would seem to require a public key system. Which module would be best? Consider this system must run on an old perl on a cheap provider, I can compile modules though would rather not have to build openssl if not crucial. While I only expect under 20 cc#s this time, in the future I might want to have thousands. I wonder if the pure perl modules I see on CPAN here would be fast enough to decrypt them before browser timeout.

So right now I would like to find the easiest to install/use package to solve this answer and do more later if I need faster. I've used perl/openssl for live credit card authorization in the past, it's a bit much for now. I'm thinking about Crypt::OpenPGP. Thanks for your help.

In reply to **Another 2 questions: Encrypting forms and credit card numbers by mattr
in thread Safe symmetric encryption - Crypt::CBC + Crypt::Blowfish? by diotalevi

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":