Encrypting credit card numbers?

Discussion in 'Perl Misc' started by el_roachmeister@yahoo.com, Mar 21, 2005.

  1. Guest

    I have figured out how to encrypt cc' numbers using Perl's
    Crypt::Blowfish module. I am trying to I convert the enrypted numbers
    into text that can be copy/pasted into a web form.

    I was able to use "unpack" to convert the encrypted number into text.
    Now I can not figure out how to "pack" the unpacked number into the
    same encrypted number?! My code is posted below, which produces this
    output:

    -shell-2.05b$ perl -t crypt
    Original number is: 4242123456789012-March/11-2002
    Unpacked number is:
    6f162930ad78725a6f162930ad78725a6f162930ad78725a6f162930ad78725a
    Decrypted number is: 4242123456789012-March/11-2002
    o)0­xrZo)0­xrZo)0­xrZo)0­xrZ
    8º#~äS3@Bé
    08¡8º#~äS3@Bé
    08¡8º#~äS3@Bé
    08¡8º#~äS3@Bé
    08¡

    #############################################################

    #!/usr/bin/perl -Tw

    use strict;
    use warnings;
    use diagnostics;

    use Crypt::Blowfish;

    ###########################################

    my $key = pack("H16", "0123456789ABCDEF"); # min. 8 bytes

    our $BLOCKSIZE = 8;

    my $cc_number ='4242123456789012-March/11-2002'; # yes this is made up

    my ( $encrypted, $unpacked)= &encrypt ($key, $cc_number);
    my $decrypted = &decrypt ($key, $encrypted);

    print "Original number is: $cc_number\n";
    print "Unpacked number is: $unpacked\n" ;
    print "Decrypted number is: $decrypted\n";

    my $packed_from_unpack = &pack_number($unpacked);
    my $decrypted_from_packed = &decrypt ($key, $packed_from_unpack);

    print $packed_from_unpack . "\n";
    print $decrypted_from_packed . "\n";

    #############################################

    sub encrypt {

    my ($key,$dat) = @_;
    my $encrypted = '';
    my $unpacked = '';
    my $cipher = new Crypt::Blowfish $key;

    if ($BLOCKSIZE > 0) {
    my $l_dat = length($dat);
    for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
    my $tmp = substr($dat,$i,$BLOCKSIZE);
    my $tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces
    $encrypted .= $cipher->encrypt($tmp2);
    $unpacked .= unpack ("H16", $encrypted);

    }
    }
    else {
    $encrypted .= $cipher->encrypt($dat);
    $unpacked .= unpack ("H16", $encrypted);

    }
    return $encrypted, $unpacked;

    }

    sub decrypt {

    my ($key,$dat) = @_;
    my $dec = '';
    my $cipher = new Crypt::Blowfish $key;

    if ($BLOCKSIZE > 0) {
    my $l_dat = length($dat);
    for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
    my $tmp = substr($dat,$i,$BLOCKSIZE);
    $dec .= $cipher->decrypt($tmp);
    }
    }
    else {
    $dec .= $cipher->decrypt($dat);
    }
    $dec =~ s/\s+$//; #remove trailing spaces
    return $dec;
    }

    sub pack_number {

    my $dat = $_[0];
    my $packed='';
    my ($tmp, $tmp2);

    if ($BLOCKSIZE > 0) {
    my $l_dat = length($dat);
    for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
    $tmp = substr($dat,$i,$BLOCKSIZE);
    $tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces
    $packed .= pack ("H16", $tmp2);

    }
    }
    else {
    $packed .= pack ("H16", $tmp2);

    }

    return $packed;

    }

    1;
    , Mar 21, 2005
    #1
    1. Advertising

  2. wrote:

    > I have figured out how to encrypt cc' numbers using Perl's
    > Crypt::Blowfish module. I am trying to I convert the enrypted numbers
    > into text that can be copy/pasted into a web form.
    >
    > I was able to use "unpack" to convert the encrypted number into text.
    > Now I can not figure out how to "pack" the unpacked number into the
    > same encrypted number?! My code is posted below, which produces this
    > output:


    I though blowfish & RC4 were symmetric cyphers.

    I assume you are storing this information in a relational database.
    I would NOT convert to hex, or even use an obvious field name.

    gtoomey
    Gregory Toomey, Mar 21, 2005
    #2
    1. Advertising

  3. Guest

    ok, i figured it out, I had to change these two lines:

    $encrypted .= $cipher->encrypt($tmp2);
    $unpacked .= unpack ("H16", $encrypted);

    to:

    $encrypted .= $cipher->encrypt($tmp2);
    my $encrypted_temp = $cipher->encrypt($tmp2);
    $unpacked .= unpack ("H16", $encrypted_temp);

    The corrected code is pasted below for anyone who may find it useful:

    #!/usr/bin/perl -Tw

    use strict;
    use warnings;
    use diagnostics;

    use Crypt::Blowfish;

    ###########################################

    my $key = pack("H16", "0123456789ABCDEF"); # min. 8 bytes

    our $BLOCKSIZE = 8;

    my $cc_number ='4242123456789012-12-15/1984 Jack Sutton'; # yes this is
    made up

    my ( $encrypted, $unpacked)= &encrypt ($key, $cc_number);
    my $decrypted = &decrypt ($key, $encrypted);

    print "Original number is: $cc_number\n";
    print "Unpacked number is: $unpacked\n" ;
    print "Decrypted number is: $decrypted\n";

    my $packed_from_unpack = &pack_number($unpacked);

    my $decrypted_from_packed = &decrypt ($key, $packed_from_unpack);

    print "Decrypted from packed: $decrypted_from_packed" . "\n";

    #############################################

    sub encrypt {

    my ($key,$dat) = @_;
    my $encrypted = '';
    my $unpacked = '';
    my $cipher = new Crypt::Blowfish $key;

    if ($BLOCKSIZE > 0) {
    my $l_dat = length($dat);
    for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
    my $tmp = substr($dat,$i,$BLOCKSIZE);
    my $tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces
    if string not long enough
    $encrypted .= $cipher->encrypt($tmp2);
    my $encrypted_temp = $cipher->encrypt($tmp2);
    $unpacked .= unpack ("H16", $encrypted_temp);

    }
    }
    else {
    $encrypted .= $cipher->encrypt($dat);
    $unpacked .= unpack ("H16", $encrypted);

    }
    return $encrypted, $unpacked;
    }

    sub decrypt {

    my ($key,$dat) = @_;
    my $dec = '';
    my $cipher = new Crypt::Blowfish $key;

    if ($BLOCKSIZE > 0) {
    my $l_dat = length($dat);
    for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
    my $tmp = substr($dat,$i,$BLOCKSIZE);
    $dec .= $cipher->decrypt($tmp);
    }
    }
    else {
    $dec .= $cipher->decrypt($dat);
    }
    $dec =~ s/\s+$//; #remove trailing spaces
    return $dec;
    }

    sub pack_number {

    my $dat = $_[0];
    my $packed='';
    my ($tmp, $tmp2);

    if ($BLOCKSIZE > 0) {
    my $l_dat = length($dat);
    for (my $i=0; $i < $l_dat;$i+=$BLOCKSIZE) {
    $tmp = substr($dat,$i,$BLOCKSIZE);
    $tmp2 = sprintf("%-" . $BLOCKSIZE . "s",$tmp); #pad with spaces if
    string not long enough
    $packed .= pack ("H8", $tmp2);

    }
    }
    else {
    $packed .= pack ("H16", $tmp2);

    }

    return $packed;

    }

    1;
    , Mar 21, 2005
    #3
  4. Guest

    blowfish is a symmetric cipher. I do not plan to store the key on the
    server. The key will only be know to a few people. Those people will
    simply type their key and Hex encrypted number into a web form and the
    perl script will decrypt the Hex number into a plain text credit card
    number. This will all be done with SSL.

    Keep in mind this is all being done for some receptionists who are not
    the most computer literate. So the key would be something they can
    remember. They type it in once in the morning and then I'll use cookies
    to store it on their computer for 1-day expiry.

    Please criticize away! I am open to any suggestions, particularly if
    what I am doing is big no no for security.
    , Mar 21, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. redstar

    Credit card processing

    redstar, Jul 11, 2003, in forum: Perl
    Replies:
    0
    Views:
    1,026
    redstar
    Jul 11, 2003
  2. Florian Marinoiu

    Credit card integration

    Florian Marinoiu, Jul 15, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    424
  3. Grant

    Credit Card Validation

    Grant, Jul 16, 2003, in forum: ASP .Net
    Replies:
    6
    Views:
    555
    Cowboy \(Gregory A. Beamer\)
    Jul 21, 2003
  4. John
    Replies:
    5
    Views:
    636
    Scott Allen
    Dec 15, 2004
  5. cldmismgr

    regex replace credit card numbers with *

    cldmismgr, Sep 29, 2005, in forum: Perl Misc
    Replies:
    9
    Views:
    784
    A. Sinan Unur
    Sep 29, 2005
Loading...

Share This Page