1

My LAMP website captures data including Credit Card details. I want to encrypt this data, attach it to an email to myself, and open it in Thunderbird. There I want to be able to decrypt and detach the data for use in MYOB.

I've had some success using mCrypt to encrypt a text file, attach it to an email and send it. I've installed Enigmail in Thunderbird, but cannot work out how to decrypt the attachment.

I can create Private/Public keys sing EnigMail/GnuPG, but cannot use the 3000+ character Public Key as the $key in mCrypt (too long - Max appears to be 56ish chars).

My knowledge in this area is weak, so I'm floundering around with arguments for mCrypt, and configuring EnigMail/GnuPG. So...

  1. Am I dreaming, or can I use matching arguments in mCrypt that EnigMail will be able to decrypt?

  2. Do I have to install some form of GnuPG (which is used by EnigMail) onto the Webserver (PHP, Apache, or operating system) that enables use of a $key that makes sense within mCrypt?

  3. Is the use of short key strings for $key in mCrypt basically just so decryption can be done within the same environment using the same string as the decryption $key?

  4. Is there a better way of sending secure data from a PHP environment to an email address as an attachment?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
  • *Do I have to install some form of GnuPG (which is used by EnigMail) onto the Webserver (PHP, Apache, or operating system)* ... yes as well as the public key you've generated for GPG/Enigmail on your local machine to encrypt the data on the server ... however unless you're prepared to go through the whole PCI compliance certification, **do not do store CC details anywhere even encrypted emails!** : https://www.pcisecuritystandards.org/ – CD001 Oct 02 '15 at 13:37
  • Oh - and you have to process eCommerce transactions on a separate **Internet Merchant Account** to phone/snail-mail transactions - well, unless you're processing phone/snail-mail orders through the IMA but that has a higher cost-per-transaction... essentially, avoid this whole situation unless you *really* know what you're doing. – CD001 Oct 02 '15 at 13:43
  • Points taken. I can live without CC details, but would still like to know how to send personal data via encrypted email. So is there a GnuPG based extension for PHP? Or are we talking OpSys level? –  Oct 02 '15 at 13:55
  • You can use PHP/GPG http://php.net/manual/en/ref.gnupg.php or simply open a pipline into memory with `popen()` and use GPG on the command line and have it output the encrypted block to an email – CD001 Oct 02 '15 at 13:57
  • mCrypt can't do OpenPGP. For basic explanation on how to use GnuPG with PHP, see the proposed duplicate. – Jens Erat Oct 02 '15 at 13:58
  • Given comments above, there is enough in the propsed duplicate for me to get on with. Thanks all. –  Oct 02 '15 at 14:29

0 Answers0