Does anyone have any suggestions for a clean way to encrypt a string containing credit card numbers before mailing it using php?

Here are the solutions I've checked so far:

o Simply using pgp - won't work through php processing because the evil "safe mode" option is on.
o Using php's mcrypt functions - doesn't look like the mcrypt stuff is compiled into php.
o Using a Perl script with pgp - this should work, but I was just hoping to lazily avoid hassling with any traditional cgi scripts.

Thanks for any advice!

I haven't tried either of these. So I don't know how well they work. But you may want to check them out.

1) Credit Card Wizard: A utility to validate and encrypt credit card numbers for your order pages.
Located here:
http://www.infohiway.com/javascript/indexf.htm
Just go to Table of Contents and look under Online Catalogs and Sales.

2) Encrypt-It 1.0 SSL Communication Package
https://secure.astro-space.com/clients/hyperdes/lqidskin/encrypt-it/readme.htm

I think these are both free too.

Please post if either of these work for you - I'd be curious to know.

Roxie (aka MG Doran)

The only reliable and secure method of encrypting credit card data is to use PGP or another application that allows a strong RSA or DH key to be used.

I'm not sure how you would do this using PHP, although Justin might have a trick or two up his sleeve (?).

As you noted, the Perl PGP libraries should be able to handle this, although I haven't actually used them. Short of a PHP solution, using CGI is probably the best bet.

Rich

To MG Doran: I don't need to validate cards or get a SSL connection working - those things are already taken care of. I can offer some help with SSL connections if you're still curious about that, though.

To Rich: I think you're right and a Perl script is probably the way to go. I didn't know that Perl had PGP libraries - I was just going to try to backtick my way to the real executable. Using the libraries should make life easier, though.

Thanks!