Got a problem. Need to send data from my Linux web server to my windows machine encrypted. Thought I'd just use php and encrypt the string and send it by email BUT (and it's a big but) I don't have --with-mcrypt enabled on the php server and can't get it enabled without phoning Holland and then paying about £65 + VAT.
The crypt function doesn't look very secure and I'd have to install php on my windows machine to unencrypt it and I'm getting pushed for resources.
Can anyone think of any bright ideas? Doesn't have to be php I'm wide open to any suggestions.
Does it need to be a data stream or can it be in the form of file(s)? How about using scp, which is available through the ssh package?
Thanx for that. Not heard of SCP. Trouble is, can't leave the data on the server. Agreement with the credit card processing company is that data can only be held behind a fire wall and my web server isn't behind one. Need to send the data to my machine stright away. I've got SSL and OpenSSH and a server certificate from Thawte and a personal certificate on my machine. Is there another way to do this?
what about, using some rsa methods pgp for example? there r some guerillia versions working with 8192 bits, available for nearly every platform, u just got to use the commandline on both platforms. at the server let php use it to encrypt and on yar system home just use the ms-dos box and pgp to decrypt. but where is the problem installing a firewall? yar server would need it anyway. never place an unsecured server online.
What about GnuPG
I use Gnu PG on the server instead of PGP and use a PGP for my windows box which has a plugin for Eudora
GnuPG is the free version of PGP, it doesn't use any patented algorithms
I agree with what gargoyle was getting at, the first thing you should do is get your webserver behind a firewall. In my opinion, you need to have important data such as credit card numbers be secure from start to finish. encrypting it as you move it off the server is too late, the data could be intercepted before it ever reaches the point of encryption.
I'm not saying to give up on your plan to encrypt and move the data off of the server, I am just saying that this firewall issue should have a much higher priority.