encrypted credit card info in PHP/MySQL
i am providing a php/mysql app for a customer who insists on keeping cc info in the data base. i realize the short answer to my question is, "don't". however...
a few pionts:
-i am using php4 on a remote server with mcrypt 2.4
-i am using the twofish cipher in CBC mode
-i store the key in an include file above DOCUMENT_ROOT in a directory inaccessible via URL in a
file inacessible via URL - the file is "require'd" from php files (not readable as text) in
directories and files which (obviously) are accessible via URL
-i base64 encode the encrypted data and store it in a varchar(64), and base64 decode the data prior to
decrypting. twofish/CBC produces 64 byte base64 data from 16 character credit card numbers.
-i use a wrapper class to manipulate mcrypt from Stone PHP SafeCrypt, Copyright (c) 2006, John
Haugeland, viewable at http://blog.sc.tri-bit.com/archives/101
-the set of possible modes is
cbc cfb ctr ecb ncfb nofb ofb stream
-the set of possible ciphers is
cast-128 gost rijndael-128 twofish arcfour cast-256 loki97
rijndael-192 saferplus wake blowfish-compat des rijndael-256
serpent xtea blowfish enigma rc2 tripledes
-the default cipher/mode in the Stone wrapper is twofixh/CBC
-the whole application is behind https
my question is, can someone with approp knowledge comment on the security of the method suggested above and/or suggest other ciphers, modes, or methodology to safely meet my customer's requirement?
a few pionts:
-i am using php4 on a remote server with mcrypt 2.4
-i am using the twofish cipher in CBC mode
-i store the key in an include file above DOCUMENT_ROOT in a directory inaccessible via URL in a
file inacessible via URL - the file is "require'd" from php files (not readable as text) in
directories and files which (obviously) are accessible via URL
-i base64 encode the encrypted data and store it in a varchar(64), and base64 decode the data prior to
decrypting. twofish/CBC produces 64 byte base64 data from 16 character credit card numbers.
-i use a wrapper class to manipulate mcrypt from Stone PHP SafeCrypt, Copyright (c) 2006, John
Haugeland, viewable at http://blog.sc.tri-bit.com/archives/101
-the set of possible modes is
cbc cfb ctr ecb ncfb nofb ofb stream
-the set of possible ciphers is
cast-128 gost rijndael-128 twofish arcfour cast-256 loki97
rijndael-192 saferplus wake blowfish-compat des rijndael-256
serpent xtea blowfish enigma rc2 tripledes
-the default cipher/mode in the Stone wrapper is twofixh/CBC
-the whole application is behind https
my question is, can someone with approp knowledge comment on the security of the method suggested above and/or suggest other ciphers, modes, or methodology to safely meet my customer's requirement?
ASKER
rich-
the first link you left comes up blank. whats a php "ta"? any way you can refresh?
the schneier article is well referred. my intent (client approval pending, of course) is to delete the cc info after the complete transaction is complete. in this case, the "relationship" remains open for several weeks, as it is a kind of vacation reservation system (golfing and hotel reservations). so, after the vacation is over and all the dust settles, i plan to delete the cc#, exp date and cvc. we'll keep the snailmail and email info so we can solicit future biz. unfortunately, i need to keep the key on the server because i need to debit the card automagically several days prior to arrival at the vacation site. this info is (will be) listed in the privacy policy.
as you prob'ly noticed, encryption is not my expertise.
-is there any way to get a shorter encrypted cc number? the current combination of cipher/mode yields 64 bytes of enc'd text. i'd really like to make this smaller?
-can you comment about the Stone wrapper code? i find lots of ref's to it, but no real meat.
tnx
the first link you left comes up blank. whats a php "ta"? any way you can refresh?
the schneier article is well referred. my intent (client approval pending, of course) is to delete the cc info after the complete transaction is complete. in this case, the "relationship" remains open for several weeks, as it is a kind of vacation reservation system (golfing and hotel reservations). so, after the vacation is over and all the dust settles, i plan to delete the cc#, exp date and cvc. we'll keep the snailmail and email info so we can solicit future biz. unfortunately, i need to keep the key on the server because i need to debit the card automagically several days prior to arrival at the vacation site. this info is (will be) listed in the privacy policy.
as you prob'ly noticed, encryption is not my expertise.
-is there any way to get a shorter encrypted cc number? the current combination of cipher/mode yields 64 bytes of enc'd text. i'd really like to make this smaller?
-can you comment about the Stone wrapper code? i find lots of ref's to it, but no real meat.
tnx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is something to remember with storing CC and other user information, this is a great article:
http://www.schneier.com/blog/archives/2005/02/authentication.html
Typically I recommend people use 3rd parties to handle the E-commerce portion, but I think what you've listed above will be sufficient!
http://www.amazon.co.uk/MySQL-Web-Development-Luke-Welling/dp/0672317842
-rich