Due to the popular demand for a method to securely email credit card and other order information for processing offline, I have created PGP Form Mail. PGP Form Mail allows you to collect credit card information from your customer and have the information emailed to you in encrypted form using PGP.

This information should be considered as a "tutorial in BETA mode." Once I have some feedback from the first brave souls to try this out, I will refine the tutorial and release it for production use here in the FutureQuest Aota section.

For information regarding the general, public distribution of the PGP Form Mail script, visit:
http://www.rsmarketing.com/pgp/

For information regarding the setup of PGP for use with the script on FutureQuest servers, visit:
http://www.rsmarketing.com/pgp/fq/fqsetup.html

If you encounter any problems, please post a follow-up here or send email to rich@rsmarketing.com.

Rich

[This message has been edited by Rich (edited 11-23-99)]

Maybe this is a dumb idea, but would it be cool if you had an admin table where we could add some numbers to the credit card number being sent. This way it would make it even more unique and harder.

Like for instance have some varibles like:

Number after 1st digit [ ]
Number after 2nd digit [2]
Number after 3rd digit [ ]
Number after 4th digit [ ]
Number after 5th digit [7]
Number after 6th digit [5]
and so on for all the digits..

and the numbers in the field would go in where they say then get encrypted.

so lets say that is the code the webmaster picked and some one ordered with the cc # 1234 5678 9123 4567 that would get converted to 122345765891234567 then that would get encrypted and we would get that number printed out and we would know to the digit after the 2nd one, the digit after the 5th one, and the digit after the 6th one.

And that could be improved upon via a simple script on our computer where we would tell it what crap numbers we used above and where and we would just enter in the number that was emailed and it would decode that with our code. We could then change these often and I bet that would be pretty darn tuff to unencode :)

Sound stupid, cool, impracticle, dont understand what I said? let me know what you think of this idea :)
[This message has been edited by elite (edited 11-29-99)]

of course you might want more than a single digit inbetween. And all of this would then be sent encrypted so it would in essence be double encrypted and you would be the only one with the key to the seond layer of encryption

What you have described is one method of "cyphering". I'm not sure if you meant that you would do this BEFORE encryption or INSTEAD of encryption.

If before, then it is unnecessary because the encryption methods used by PGP are the best there is--doing "more" will not help.

If you mean INSTEAD, then it is a bad idea. As good as you may think your cypher algorithm is, it will be VERY easily broken. In addition, since your script must contain the "key" you use, if I hack and get your script, I get the key too!

The nice thing about public key encryption is that the key that is used to encrypt the message is, well, public. But the only way to decrypt the message is with the secret, private key.

Rich

I meant before thats why I said you can have double encription :) And there is a saying you never can be to safe :)

I'm not sure I'd call it double encryption (which would involve two public and two private keys), but a simple cypher + encryption could certainly be done. I don't believe it would provide a significant increase in security, if any, but you should definately do it if it makes you feel better. :) In situations where there has been a non-technical breach of your secure key it could add one extra level of protection since the nontechie might not be able to figure out the code.

(This would be kind of like suddenly realizing, in horror, that one of your kids has gone to the ATM with your bank card. And then feeling better because you know they don't know the PIN.)

If you did something like this, I would recommend using something like a 4 digit PIN that you could memorize and just cycle it through the digits. Don't apply any cyphering to the first four digits, though, or it will be quite obvious what your 'PIN' is. This is because the first four digits define the card association (MasterCard=5449, etc.). Since I know it is a MasterCard (I've decrypted the message, remember?) I would quickly determine the PIN by comparing it to the known numbers. It's because of little "gotcha's" like this that I said earlier that any cypher you could imaginably apply will always be, in reality, much, much weaker than you will ever perceive it to be.

One of the powerful components to public key encryption is its perceived unbreakability. For example, until very recently, a 40-bit encryption was used for all https security between browsers and servers. It was estimated that 40-bit encryption would not be capable of being broken for a few more years. However, it was broken this year. So, 40-bits is now "no good" say the experts and the only thing that is now recommended is 128-bits (which they estimate will take about a trillion years to break). (As soon as someone breaks a code, it turns it from a keyed lock into a combination lock :) ) By the way, the PGP keys used for message encryption in PGP Form Mail are 2048-bits.

Rich
[This message has been edited by Rich (edited 11-29-99)]

lol like I said I know nothing about encription just thought it might be an added security shiled but I guess its not to much of one :( lol

how much of a benefit is the encryption if the mail form rests on a FQ server and the email is being sent to an FQ mailbox?
This is a tough question and is mostly probabilistic in nature. Since FQ mail is directly deposited into the mailbox, the exposure is much less than if it traveled over the Internet. However, the message must still be queued in the mail system for delivery and will be encrypted while "sitting" in these queues, and while sitting in your mailbox waiting for you to retrieve it, and until you delete it. Then, to actually retrieve it, the message must travel over the internet to arrive at your PC, so it would be protected during this transmission also. Using PGP Form Mail, no part of the message ever touches the hard drive in unencrypted form.

Rich

I LOVE the fact that this is available, thanks a lot, Rich.

Curious..how much of a benefit is the encryption if the mail form rests on a FQ server and the email is being sent to an FQ mailbox?