Encrypting credit card numbers?

E

el_roachmeister

I have figured out how to encrypt cc' numbers using Perl's
Crypt::Blowfish module. I am trying to I convert the enrypted numbers
into text that can be copy/pasted into a web form.

I was able to use "unpack" to convert the encrypted number into text.
Now I can not figure out how to "pack" the unpacked number into the
same encrypted number?! My code is posted below, which produces this
output:

-shell-2.05b$ perl -t crypt
Original number is: 4242123456789012-March/11-2002
Unpacked number is:
6f162930ad78725a6f162930ad78725a6f162930ad78725a6f162930ad78725a
Decrypted number is: 4242123456789012-March/11-2002
o)0­xrZo)0­xrZo)0­xrZo)0­xrZ
8º#~äS3@Bé
08¡8º#~äS3@Bé
08¡8º#~äS3@Bé
08¡8º#~äS3@Bé
08¡

#############################################################

#!/usr/bin/perl -Tw

use strict;
use warnings;
use diagnostics;

use Crypt::Blowfish;

###########################################

my $key = pack("H16", "0123456789ABCDEF"); # min. 8 bytes

our $BLOCKSIZE = 8;

my $cc_number ='4242123456789012-March/11-2002'; # yes this is made up

my ( $encrypted, $unpacked)= &encrypt ($key, $cc_number);
my $decrypted = &decrypt ($key, $encrypted);

print "Original number is: $cc_number\n";
print "Unpacked number is: $unpacked\n" ;
print "Decrypted number is: $decrypted\n";

my $packed_from_unpack = &pack_number($unpacked);
my $decrypted_from_packed = &decrypt ($key, $packed_from_unpack);

print $packed_from_unpack . "\n";
print $decrypted_from_packed . "\n";

#############################################

sub encrypt {

my ($key,$dat) = @_;
my $encrypted = '';
my $unpacked = '';
my $cipher = new Crypt::Blowfish $key;

if ($BLOCKSIZE > 0) {
my $l_dat = length($dat);
for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
my $tmp = substr($dat,$i,$BLOCKSIZE);
my $tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces
$encrypted .= $cipher->encrypt($tmp2);
$unpacked .= unpack ("H16", $encrypted);

}
}
else {
$encrypted .= $cipher->encrypt($dat);
$unpacked .= unpack ("H16", $encrypted);

}
return $encrypted, $unpacked;

}

sub decrypt {

my ($key,$dat) = @_;
my $dec = '';
my $cipher = new Crypt::Blowfish $key;

if ($BLOCKSIZE > 0) {
my $l_dat = length($dat);
for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
my $tmp = substr($dat,$i,$BLOCKSIZE);
$dec .= $cipher->decrypt($tmp);
}
}
else {
$dec .= $cipher->decrypt($dat);
}
$dec =~ s/\s+$//; #remove trailing spaces
return $dec;
}

sub pack_number {

my $dat = $_[0];
my $packed='';
my ($tmp, $tmp2);

if ($BLOCKSIZE > 0) {
my $l_dat = length($dat);
for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
$tmp = substr($dat,$i,$BLOCKSIZE);
$tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces
$packed .= pack ("H16", $tmp2);

}
}
else {
$packed .= pack ("H16", $tmp2);

}

return $packed;

}

1;
 
G

Gregory Toomey

I have figured out how to encrypt cc' numbers using Perl's
Crypt::Blowfish module. I am trying to I convert the enrypted numbers
into text that can be copy/pasted into a web form.

I was able to use "unpack" to convert the encrypted number into text.
Now I can not figure out how to "pack" the unpacked number into the
same encrypted number?! My code is posted below, which produces this
output:
Click to expand...

I though blowfish & RC4 were symmetric cyphers.

I assume you are storing this information in a relational database.
I would NOT convert to hex, or even use an obvious field name.

gtoomey
 
E

el_roachmeister

ok, i figured it out, I had to change these two lines:

$encrypted .= $cipher->encrypt($tmp2);
$unpacked .= unpack ("H16", $encrypted);

to:

$encrypted .= $cipher->encrypt($tmp2);
my $encrypted_temp = $cipher->encrypt($tmp2);
$unpacked .= unpack ("H16", $encrypted_temp);

The corrected code is pasted below for anyone who may find it useful:

#!/usr/bin/perl -Tw

use strict;
use warnings;
use diagnostics;

use Crypt::Blowfish;

###########################################

my $key = pack("H16", "0123456789ABCDEF"); # min. 8 bytes

our $BLOCKSIZE = 8;

my $cc_number ='4242123456789012-12-15/1984 Jack Sutton'; # yes this is
made up

my ( $encrypted, $unpacked)= &encrypt ($key, $cc_number);
my $decrypted = &decrypt ($key, $encrypted);

print "Original number is: $cc_number\n";
print "Unpacked number is: $unpacked\n" ;
print "Decrypted number is: $decrypted\n";

my $packed_from_unpack = &pack_number($unpacked);

my $decrypted_from_packed = &decrypt ($key, $packed_from_unpack);

print "Decrypted from packed: $decrypted_from_packed" . "\n";

#############################################

sub encrypt {

my ($key,$dat) = @_;
my $encrypted = '';
my $unpacked = '';
my $cipher = new Crypt::Blowfish $key;

if ($BLOCKSIZE > 0) {
my $l_dat = length($dat);
for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
my $tmp = substr($dat,$i,$BLOCKSIZE);
my $tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces
if string not long enough
$encrypted .= $cipher->encrypt($tmp2);
my $encrypted_temp = $cipher->encrypt($tmp2);
$unpacked .= unpack ("H16", $encrypted_temp);

}
}
else {
$encrypted .= $cipher->encrypt($dat);
$unpacked .= unpack ("H16", $encrypted);

}
return $encrypted, $unpacked;
}

sub decrypt {

my ($key,$dat) = @_;
my $dec = '';
my $cipher = new Crypt::Blowfish $key;

if ($BLOCKSIZE > 0) {
my $l_dat = length($dat);
for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
my $tmp = substr($dat,$i,$BLOCKSIZE);
$dec .= $cipher->decrypt($tmp);
}
}
else {
$dec .= $cipher->decrypt($dat);
}
$dec =~ s/\s+$//; #remove trailing spaces
return $dec;
}

sub pack_number {

my $dat = $_[0];
my $packed='';
my ($tmp, $tmp2);

if ($BLOCKSIZE > 0) {
my $l_dat = length($dat);
for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
$tmp = substr($dat,$i,$BLOCKSIZE);
$tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces if
string not long enough
$packed .= pack ("H8", $tmp2);

}
}
else {
$packed .= pack ("H16", $tmp2);

}

return $packed;

}

1;
 
E

el_roachmeister

blowfish is a symmetric cipher. I do not plan to store the key on the
server. The key will only be know to a few people. Those people will
simply type their key and Hex encrypted number into a web form and the
perl script will decrypt the Hex number into a plain text credit card
number. This will all be done with SSL.

Keep in mind this is all being done for some receptionists who are not
the most computer literate. So the key would be something they can
remember. They type it in once in the morning and then I'll use cookies
to store it on their computer for 1-day expiry.

Please criticize away! I am open to any suggestions, particularly if
what I am doing is big no no for security.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

encrypt with perl, decrypt with ruby, 3 days and counting... 2
Making Perl Crypt::CBC work with PHP mcrypt_cbc() 1
Encrypting files 5
Blowfish and Rails 0
encryption 2
substr() hassle, *n*x vs. Win32 4
Padding Problem with Blowfish and Crypt::CBC and Java Cipher 6
Abysmal performance of Net::SFTP (and I have GMP & Pari) 8

Members online

No members online now.
Total: 271 (members: 1, guests: 270)
Robots: 462

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top