Credit card

The code uses sha256 to hash the secret key, then uses aes-256 (aes
cipher with a 256-bit key) in cbc mode which means cipher block
chaining. This does not mean you are using a 256-bit key. If you hash
"1234" you have at BEST a 8 bit or so key. I would use a string that
is randomly generated using strong random sources and make it a long
string.

The cipher used is symmetric so if the server encrypts the cc number
it can also decrypt it. You probably do not want thatcas anyone who
can get your database probably has your code too.

Really, huge problems always occur when someone who knows little of
cryptosystems and how to apply them runs off and writes something.
This is now meant as an insult. I believe if you need this
functionality the questions you are asking lead me to believe you are
not yet ready to do it yourself.

--Michael

I agree with Michael above. Start by reading "Applied Cryptography" by Bruce Schneier (http://www.schneier.com/).

Best regards, Ricardo

There are certain laws and guidelines about storing credit cards. First, any credit card that is stored on your machine that is stolen without being a certified server runs the risk of not being covered by insurance and you could be held liable.

Just don’t store credit card numbers. Store the transaction ID, it’s just as good to do pre-auths, purchases, and returns, but you won’t be able to do 1-click ordering with saved credit cards. If do you, then research it more on Google for PCI Compliance.

Nathaniel.