Mark Ross <[EMAIL PROTECTED]> writes:
> Here's my goal: To take information via a form, encrypt it with a duel key
> encryption, and then write that encrypted message to a text file for latter
> use. I also need to do this in such a way so that the server admin's can't
> read it (I work for a credit union, and regulations are stiff).
It's not clear to me what all your goals are. Here are some questions
to ask:
1) Does anyone ever need to access the unencrypted data? (Eg, if you
are only trying to verify someone's identity, you might use a
one-way hash and compare the encrypted hash in future
transactions.)
2) If access to the unencrypted data is needed, when, where, and for
what reason is it needed?
3) Who needs to access the unencrypted data? The user submitting it
only? Certain personnel at your company?
4) Who must not access the unencrypted data? Just the server admins?
Everyone at your company? Everyone elsewhere?
5) Where can encryption keys be reliably stored? On the user's
computer? On another computer unavailable to the server admins?
> Do anyone have any advice on how I could go about encrypting the data? I've
> looked at PGP, and the various Perl modules, but the private key is coded
> into the script, and so admin's could get at the data.
Unless you don't need to decrypt the data (and use a one-way hash),
it's clear you can't store the encryption keys (at least not all of
them) on the server, since you don't want the server admins to have
access to them. Beyond that, I can't make further suggestions without
knowing more. This is really more of a security question than a perl
question, so I recommend that you consult a security expert regarding
your needs. Doing security right can be hard, and you probably don't
want to do it wrong.
> I'm not sure that this is even possible :-(
Depending on what you need to do, it's probably possible, but make
sure it's done well.
+ Richard J. Barbalace
