The code uses sha256 to hash the secret key, then uses aes-256 (aes
cipher with a 256-bit key) in cbc mode which means cipher block
chaining. This does not mean you are using a 256-bit key. If you hash
"1234" you have at BEST a 8 bit or so key. I would use a string that
is randomly generated using strong random sources and make it a long
string.
The cipher used is symmetric so if the server encrypts the cc number
it can also decrypt it. You probably do not want thatcas anyone who
can get your database probably has your code too.
Really, huge problems always occur when someone who knows little of
cryptosystems and how to apply them runs off and writes something.
This is now meant as an insult. I believe if you need this
functionality the questions you are asking lead me to believe you are
not yet ready to do it yourself.
--Michael