SSL + PGP

New Message Reply About this list Date view Thread view Subject view Author view

Michael Bauer (mick@visi.com)
Wed, 28 Apr 1999 11:36:41 -0500 (CDT)


Howdy.

A non-profig org. I know of wants to be able to accept credit-card pledges
from members via the Web, but they don't have a lot of $$ to spend on the
project (i.e., they don't want to hire any 3rd party to accept the
credit-card pledges for them). Assuming their own web-server is secure,
what do you guys think about the following scenario?:

1. Member enters credit-card #, etc. in SSL-protected web form.

2. Form data is processed by PERL script that uses PGP (or is there a
PERL module that can do this?) to encrypt form data with accountant's
public key, mails encrypted data to accountant.

Is this a viable proposal, or is it too vulnerable to chosen-plaintext
or other cryptanalytical attacks? Or are we barking up the wrong tree
altogether? I'm convinced that with a little effort we can construct a
secure solution using established free/share-ware tools.

Thanks for any input,

Mick Bauer

/===========================\
| Michael D.(Mick) Bauer |
| Sr. Network Engineer |
| EXi Corporation |
| Roseville, MN |
| mbauer<at>exicorp.com |
\===========================/
                             


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:23