Well here are two options:
The elegant but somewhat painful method:
1. The client generates an encrypted credit card using the secret. The
client opens an ssl session with the server and uploads the encrypted credit
card to the server (this proc can be automated at the client machine so your
client doesn't need to go through many steps).
2. When retrieving information, the client to opens an ssl session with the
server, sends the private key manually (via ssl) to the server, and have the
server process the decryption in memory.
The above requires the client to both upload the credit card and the secret
key to the server. The reference information you can use to locate the
correct credit card could be the client's name or login name or address,
etc. etc.
The no so elegant but works almost all of the time method:
1. You enter the encrypted credit card number into the server database.
2. Client opens an SSL session with the server and submits the secret key
(via ssl) to the server. server decrypts the credit card in memory and
performs a Mod 10 check on the result (if it fails the mod 10, the decrypt
didn't work because it isn't a valid credit card #). Another way to verify
decryption is to store the last 1 digit of the credit card number and verify
that against the decrypted card. The best way, if you're attached to a
payment gateway, is to verify the validity of the card via the merchant bank
(this can be done at no charge to the customer, but it costs the merchant a
min. fee -- usually around $.25).
Of course the best thing to do is to authenticate the client to the server
and ask the server to retrieve only the record pertaining to that client via
a covert channel (the trusted information kind, not the cia/nsa kind).
Phillip
-----Original Message-----
From: owner-cypherpunks@Algebra.COM
[mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Jim Choate
Sent: Wednesday, January 24, 2001 6:15 PM
To: austin-cpunks@einstein.ssz.com
Cc: cypherpunks@einstein.ssz.com
Subject: APM: GnuPG and Perl GnuPG Interface for (En/De)cryption
Question (fwd)
____________________________________________________________________
Before a larger group can see the virtue of an idea, a
smaller group must first understand it.
"Stranger Suns"
George Zebrowski
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage@ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
---------- Forwarded message ----------
Date: Wed, 24 Jan 2001 16:56:02 -0600
From: David Bluestein II