encryption and credit cards

Most things will use OpenSSL. This is because OpenSSL is the lowest level anyone should be going to for this. Anyone who re-implements an encryption algorithm is doing the bad thing.

From whom are you trying to hide the credit cards, though? From anyone who has full access to the machine? From someone who might get a database dump? What about getting your application code as well? Do you want one-way encryption and want to only decrypt if the data is removed from the machine?

Encryption comes in two flavors: shared key and private key. The shared key version uses the same key to encrypt as it does to decrypt, while public key uses a different (but related) key for each step.

If you are wanting to store the credit card so that your application can later decrypt it, anyone who gets that key can also decrypt anything you are trying to hide. Thus, if you host your application and someone gets the source code for your application and the database dump, game over. If you are not worried about this, you should be.

If on the other hand you are only decrypting in "emergency cases" such as when someone contests a charge and you need their actual number, you can choose public key. The server encrypts the data, Base64 encodes it, and stores it in the database. If you need to get it, you get that encrypted value and copy it to your desktop, where you run the Ruby script to decrypt it. This is probably the most secure you can get without adding in hardware. You just never, ever store your private (decrypt) key on the web server.

Often I use a very, very simplistic "encryption" just to mask the contents of data, such that my debugging won't reveal it. For example, I've stored passwords in the clear for a whole set of automated API scripts, none of which needed to be 100% secure, but used ROT-13. Why? So "select * from..." did not reveal the contents.

So, it comes down to, who are you trying to hide the CC numbers from, and what is the threat model?

--Michael

So, it comes down to, who are you trying to hide the CC numbers from, and what is the threat model?

--Michael

We would be trying to hide the CC numbers from everyone basically. My app is used to create a user profile which would include collecting credit card info, which would be used to make a hotel reservation, for example. The plan as of now is to store these CC numbers in their encrpted form in a database. Right now I am thinking about having an asymetric encryption method so that if the database gets hacked and the app gets hacked they know how to encrypt the CC numbers but not decrypt them and then, also, they will only have the encrypted credit cards numbers. Not really having ever written anything that involved encryption, I need to make sure that I am doing this correctly, especially with such sensitive information as a Credit Card number.

Google for "PCI Compliance". There are some serious rules you need to follow if you're going to store credit card data.

If you can avoid having to store the data you'll sleep a lot better at night :slight_smile: You may want to talk to braintree (or similar) about their offerings. http://www.braintreepaymentsolutions.com/

In a nutshell, you get a cc card in a form and before saving it, give it to braintree. Braintree gives you back a token. You save the token. And from that point on you simply say things like "bill this token $10". You never have to touch the credit card again -- nor can you get it back via the API either.

-philip