Sorry I think you've misplaced your moral authority somewhere. I didn't ask for you to shame me and am perfectly capable of making a balanced choice between development costs, client requests, potential losses, and real security levels acheived. Something you can't since you don't know the whole story. So not shamed, thanks anyway.

To assuage your and other people's fears, this is a relatively low volume signup form for a seminar which shold run for a couple months on a virtual hosting site. It is mainly for domestic people who are not offered a credit card option, but the English page will have that option for a very small number of people, like maybe 5 or 10 people.

The information you provided was useful in that the point (with which I was already familiar in fact) was stressed that a machine you don't own is far less secure than one you do own behind a firewall.

My main question was about which modules were best, and I am also taking the additional information to heart and considering providing a client-side perl system to decrypt. However I will be discussing this with the project manager as I happen to be getting this as a low budget outsourced project which had this tacked on at the end, though if it goes well my system may be used for more projects in the future. And I am generally extremely responsible and the security advocate for this 50 person company.

Likely the decision will be to temporarily provide an online decrypt session function as I mentioned, where private key is inputted into a form over ssl by a manager, until transitioned out of that. (Probably this transition to be completed before actual launch if possible).

Typical risk management calculations make this the most intelligent course and I am willing to invest for free in providing an offline decrypt. It might even be a competitive advantage in the future too. However I have to consider the best way to package this for easy installation on a windows pc without me being there. It has been obvious to me for a long time that a real e-commerce site needs to do decryption offline and preferably with an air gap. This project wasn't really supposed to handle sensitive information but now I am trying to make a balanced decision. I probably will also suggest that a note is added to the English site that the user may fax card numbers to the office from overseas if they wish to do so instead, and explain how they may wish to just do all credit cards by fax instead as there is very little development budget.

If anyone can relate their experience with using Perl public key encryption modules, or about an easy way to accomplish this offline decrypt app it would be much appreciated. Just so you know where my thinking is, it would be nice to have a gui but I don't want to mess with Tk or WxPerl unless it is going to be very quick and I know it won't be. It might be more work but also I could imagine cygwin1.dll, a cygwin apache, and a perl cgi solution running on a local pc. But that may have too many potential setup problems (e.g. their firewall software, different cpus, temptation to spread data around several machines, etc.). So a simple application (maybe even a freeware utility which already can do this) would be best.

Thank you very much for your pointers and please rest assured that I'll do "the right thing". Despite this project actually being way over budget / under scheduled, (nothing new there). I think this information will be very useful to others who are in the same position. Any concrete information (code is also nice) on how to bring development time down to an absolute minimum on this without sacrificing security would be extremely helpful, as I prefer not to reinvent the wheel. Thanks again.

Sincerely,
Matt