$pgp->encrypt (%args)

%args can contain: 
* Data  - The plaintext to be encrypted. This should be a simple scala
+r containing an arbitrary amount of data. 

Data is optional; if unspecified, you should specify a filename (see F
+ilename, below).
[download]

$pgp->encrypt(Data=>$credit_card_number,Recipients=>$key_id,Armour => 
+1,);
[download]

# using IO::Scalar

tie *FH, 'IO::Scalar', \my $str = $somenumber;

# using open()

open(my $fh, '<', \my $str = $somenumber);
[download]

_________
broquaint

-derby

Yeah, this is the client's decision. If I had my druthers, it would use a merchant gateway right now. As it is, that will probably be something for them to upgrade to later on. Thanks for the link! :)

-fp

I want the passphrase to be kept secret, not available in the source code.

Only way around this is to put the passphrase in a seperate file which you read out of each time your program runs. The file should be only be readable by the username your software runs under. You can run the passphrase through SHA1 first and set that value as the passphrase, so at least the passphrase wouldn't be in plaintext.

I know, this isn't the best solution. It's mearly the only solution. In a perfect world, a human would manually enter the passphrase every time. This doesn't sound like an option for you, so I present this flawed but useable solution instead.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

Actually, you're referring to symmetric keys. I'm talking about asymmetric keys where the passphrase is embedded in the private key.

I've since managed to get it working properly, although the ciphertext has to be directed into a file, and that file read back in to decrypt. I expect this is due to some incompatibility (or my ignorance of) the formatting types between the terminal and Perl's handling of scalars. I don't think this will be a problem once I output the data to a db table.

For archival sakes, here are the scripts I've used for testing of encrypt() and decrypt():

#!/usr/bin/perl
# gpg.pl

use Crypt::OpenPGP;
 
my $string = $ARGV[0];
my $pgp = Crypt::OpenPGP->new;
my $ciphertext = $pgp->encrypt(
                        Data => $string,
                        Recipients => 'Test User',
                        Armour => 1,
);
 
open(OUT, ">testfile");
print OUT $ciphertext, "\n";
close(OUT);
[download]

------------------------

#!/usr/bin/perl
# gupg.pl

use Crypt::OpenPGP;
 
my $pgp = Crypt::OpenPGP->new;
my ($plaintext) = $pgp->decrypt(
                        Filename => 'testfile',
                        Passphrase => 'password',
);
 
die "Decryption failed: ", $pgp->errstr unless $plaintext;
print $plaintext, "\n";
[download]


Update:
I've managed to test and verify that writes/reads to database also work. Here is the updated code using Data to read in the ciphertext:

#!/usr/bin/perl
# gpg.pl

use Crypt::OpenPGP;
use DBI;
 
my $string = $ARGV[0];
my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password");
my $insert_stmt = 'insert into pgptable (card) values (?)';
my $sth = $dbh->prepare($insert_stmt);
 
my $pgp = Crypt::OpenPGP->new;
my $ciphertext = $pgp->encrypt(
                        Data => $string,
                        Recipients => 'Test User',
                        Armour => 1,
);
 
$sth->execute($ciphertext) || die $dbh->stderr;
[download]

-------------------------

#!/usr/bin/perl
# gupg.pl

use Crypt::OpenPGP;
use DBI;
 
my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password");
my $select_query = 'select card from pgptable where id=?';
my $sth = $dbh->prepare($select_query);
 
my $pgp = Crypt::OpenPGP->new;
$sth->execute('1') || die $dbh->stderr;
my $data = ($sth->fetchrow_hashref)->{'card'};
my ($plaintext) = $pgp->decrypt(
                        Data => $data,
                        Passphrase => 'passphrase',
);
 
die "Decryption failed: ", $pgp->errstr unless $plaintext;
print $plaintext, "\n";
[download]