Thread: Encryption

    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2001
    Location
    Bournemouth, England
    Posts
    28
    Rep Power
    0

    Question Encryption


    Hi all,

    Got a problem. Need to send data from my Linux web server to my windows machine encrypted. Thought I'd just use php and encrypt the string and send it by email BUT (and it's a big but) I don't have --with-mcrypt enabled on the php server and can't get it enabled without phoning Holland and then paying about £65 + VAT.

    The crypt function doesn't look very secure and I'd have to install php on my windows machine to unencrypt it and I'm getting pushed for resources.

    Can anyone think of any bright ideas? Doesn't have to be php I'm wide open to any suggestions.

    Thanx
    Mitchell
  2. #2
  3. No Profile Picture
    Señor Member
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Aug 2000
    Posts
    1,157
    Rep Power
    37
    Does it need to be a data stream or can it be in the form of file(s)? How about using scp, which is available through the ssh package?
    Michael
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2001
    Location
    Bournemouth, England
    Posts
    28
    Rep Power
    0

    Encryption


    Hi,

    Thanx for that. Not heard of SCP. Trouble is, can't leave the data on the server. Agreement with the credit card processing company is that data can only be held behind a fire wall and my web server isn't behind one. Need to send the data to my machine stright away. I've got SSL and OpenSSH and a server certificate from Thawte and a personal certificate on my machine. Is there another way to do this?

    Thanx

    Mitchell
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2001
    Posts
    14
    Rep Power
    0

    Question


    what about, using some rsa methods pgp for example? there r some guerillia versions working with 8192 bits, available for nearly every platform, u just got to use the commandline on both platforms. at the server let php use it to encrypt and on yar system home just use the ms-dos box and pgp to decrypt. but where is the problem installing a firewall? yar server would need it anyway. never place an unsecured server online.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2001
    Location
    Tauranga, NZ
    Posts
    349
    Rep Power
    14

    What about GnuPG


    I use Gnu PG on the server instead of PGP and use a PGP for my windows box which has a plugin for Eudora

    GnuPG is the free version of PGP, it doesn't use any patented algorithms
    http://www.gnupg.org
    http://www.pgpi.com
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2001
    Location
    Northern Ohio
    Posts
    74
    Rep Power
    14
    I agree with what gargoyle was getting at, the first thing you should do is get your webserver behind a firewall. In my opinion, you need to have important data such as credit card numbers be secure from start to finish. encrypting it as you move it off the server is too late, the data could be intercepted before it ever reaches the point of encryption.

    I'm not saying to give up on your plan to encrypt and move the data off of the server, I am just saying that this firewall issue should have a much higher priority.

IMN logo majestic logo threadwatch logo seochat tools logo