emic
2008-10-24 02:31:03 UTC
Question.
I have my customers send their credit card data using a SSL
certificate to my (shared) hosting server. ( Using a standard HTML
form )
So that part should be safe.
In this server I encrypt the data with my public key and email it to
me. The script that gets the creditcard data immediately unsets the
plaintext after encrypting it.
The PGP encoded data send to me ( over standard mail ) is only
readable to me using the private key stored only on my local USB
stick. So far so good I would say.
The encrypted data I only decrypt when I need it. ( I get the Credit
card data as a guarantee, and only use it when my customer fails on
me )
But suppose somebody hacks my account, and replaces the public key for
another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
Is there a way to detect that immediately ? (maybe in plaintext in the
encrypted file the public keyowner )
I have my customers send their credit card data using a SSL
certificate to my (shared) hosting server. ( Using a standard HTML
form )
So that part should be safe.
In this server I encrypt the data with my public key and email it to
me. The script that gets the creditcard data immediately unsets the
plaintext after encrypting it.
The PGP encoded data send to me ( over standard mail ) is only
readable to me using the private key stored only on my local USB
stick. So far so good I would say.
The encrypted data I only decrypt when I need it. ( I get the Credit
card data as a guarantee, and only use it when my customer fails on
me )
But suppose somebody hacks my account, and replaces the public key for
another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
Is there a way to detect that immediately ? (maybe in plaintext in the
encrypted file the public keyowner )