RSA, public and private keys

I am trying to make it so that on my project a user who enters a credit
card number will have that information encrypted. I am not, however,
very familiar with data encryption and public and private keys, so I am
not sure on how this data will be stores, whether it will be data stored
on the server in a table or whether it will be stored elsewhere, such as
the users computer? I was just wondering, 1) does ruby support data
encryption for public and private keys and could someone point me to
some good references, and 2) are there any good references out there for
how this all works. I understand the concept of public and private keys,
just not how the encrption part is working if you need to store data on
the users machine, as far as private keys. Or, if someone has done
encryption for sensitive data user other methods I would like to hear
about those too. Thanks for any and all help,

–Shandy

On Sep 4, 10:08 am, Shandy N. [email protected]
wrote:

I am trying to make it so that on my project a user who enters a credit
card number will have that information encrypted. I am not, however,
very familiar with data encryption and public and private keys, so I am
not sure on how this data will be stores, whether it will be data stored
on the server in a table or whether it will be stored elsewhere, such as
the users computer?

How it get’s stored is ou to your application. There are really at
least two security aspects here:

  1. How to let the user send sensitive information to the server
    without risking third parties from getting that information as
    it passes over the ‘internets’. The answer here is https which is the
    encrypted form of http. Public key encryption is used to encrypt the
    http traffic between client and server. The Net::Https in the standard
    ruby library supports this. There’s a brief discussion of how to use
    https with rails in AWDWR 2nd ed starting on page 612.

  2. How to secure such sensitive data on the server. IANAL, but I
    believe that there are potential legal liabilities if you store CC
    information and it gets compromised. One approach is not to sore the
    data, but pass it off to a CC processing service such as PayPal,
    Amazon FPS (when it goes production), or the like. If you want to
    store it then you should consider storing it in encrypted
    form on a server. It’s not well documented but I ruby ssl/https code
    supports internal encryption/decryption, see:
    http://blog.leetsoft.com/2006/03/14/simple-encryption. As this post
    points out, you still need to be concerned about compromise of
    the private key protecting this data. For real security, best practice
    is to store the data on a separate server behind a firewall which
    keeps the private key, and have the internet facing server communicate
    with this server using it’s ‘public’ key over an intranet or VPS.

I was just wondering, 1) does ruby support data

encryption for public and private keys and could someone point me to
some good references, and 2) are there any good references out there for
how this all works. I understand the concept of public and private keys,
just not how the encrption part is working if you need to store data on
the users machine, as far as private keys. Or, if someone has done
encryption for sensitive data user other methods I would like to hear
about those too. Thanks for any and all help,

For general enlightenment on public/private key usage, you might try
googling for pgp (or “Pretty good privacy”) which should give you what
you are looking for.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs