Forum: Ruby How to send a secure email (maybe PGP)?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
7595ff5e64d9a309c29932d106959973?d=identicon&s=25 Human Dunnil (Guest)
on 2007-05-08 02:54
(Received via mailing list)
Hello,

In an application I have to send an email containing a Credit Card
number, but I don't know how to secure it!!!

Is there a ruby library or best practice for securing an email
content, I googled for it with no success.

Thanks in advance,
- Dunnil
F889bf17449ffbf62345d2b2d316a937?d=identicon&s=25 Michal Suchanek (Guest)
on 2007-05-08 11:52
(Received via mailing list)
On 08/05/07, Human Dunnil <h.dunnil@gmail.com> wrote:
> Hello,
>
> In an application I have to send an email containing a Credit Card
> number, but I don't know how to secure it!!!
>
> Is there a ruby library or best practice for securing an email
> content, I googled for it with no success.
>

There are some encryption functions in openssl. Hopefully the ruby
bindings and mime libraries could be used to compose an encrypted
message.

However, the critical part is that you have to get the key of the
receiver somehow and their mail client has to support the kind of
encryption you use.

You could probably guess the kind of encryption by looking at the key
(PGP vs the openssl certificates, I am not sure if there is any
other). However, you still need to collect the (public) keys.

Thanks

Michal
7b0e3a2c135e6f67edf3194ee501961d?d=identicon&s=25 Doug Phillips (Guest)
on 2007-05-09 00:36
(Received via mailing list)
> -----Original Message-----
> In an application I have to send an email containing a Credit
> Card number, but I don't know how to secure it!!!
>
> Is there a ruby library or best practice for securing an
> email content, I googled for it with no success.

There's a perl CGI called Soupermail that does this.  It uses a shell
exec call to PGP to encode a temporary file that contains the
information, then attaches that file to the email, or something like
that.

If you're looking for something, you could either use that, or use it as
an example.  I've used it several times on a number of consulting
projects, and it works great, so... Hope this helps :)

-Doug
This topic is locked and can not be replied to.