Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

email security

Status
Not open for further replies.
judi

judi

Programmer
Jan 13, 2001
35
US
My ecommerce site is in PHP and it's working fine. I'm going to use a Quick SSL and I understand it all. But I still have one problem.

My client wants the credit card# and all the info emailed to them and they will do the transaction from their office. I can't figure out how to email the info and have it secured. I know that PHP has the mcrypt_encrypt function, so I can encrypt the email to be sent. But how does it get unencripted? My client doesn't have PHP on their system. I guess I can use an encrypting algorithm in the PHP code and then write a C or VB compiled program they can run on their computer to unencrypt it. But I can't believe there isn't a better way to do it since I'm sure I'm not the only one who is doing an ecommerce site like this.

Is there a better way to do this? Any suggestions would be appreciated.

 
Sort by date Sort by votes
I suggest you have a look at PGP encryption. It is basically free and a good way to secure the information;
Here's some code from the PHP site for encryption using PGP:
Code: 
<?PHP
function pgp_encrypt($keyring_location, $public_key_id, $plain_text) {

       $key_id = EscapeShellArg($public_key_id);
       putenv("PGPPATH=$keyring_location");

       // encrypt the message
       $pipe = popen("pgpe -r $key_id -af", "r");             
       fwrite($pipe, $plain_text);
       $encrypted_text = '';
       while($s = fgets($pipe, 1024)) {
               // read from the pipe
               $encrypted_text .= $s;
       }
       pclose($pipe);

       return $encrypted_text;
}

$message = pgp_encrypt("/home/username/.pgp", "to@domain.com", "dummy text to be encrypted");
print nl2br($message);

?>
 
Upvote 0 Downvote
Thanks for this. But how does it get un-encrypted on my client's side? That's where I'm having the trouble. She doesn't have PHP on her computer. Will I have to write a little compiled program?
 
Upvote 0 Downvote
All standard e-mail clients offer PGP support. You generate a key pair and the key is installed at the clients e-mail software. That's how they decrypt it. There is no PHP involved at all.
All you need to do is to install the PGP software on the clients machine.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
257
Chris Miller
Chris Miller
EdLentz
  • Locked
  • Question
Partial link in email
Replies
1
Views
206
spamjim
spamjim
ersatz
  • Locked
  • Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
469
ersatz
ersatz
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
164
PeDa
PeDa
cmayo
  • Locked
  • Question
Piping email to PHP - how does PHP read STDIN?
Replies
0
Views
135
cmayo
cmayo

Part and Inventory Search

Sponsor

Back
Top