Not only is a good idea, it is most likely a requirement from your credit card processing company. Check with your lawyer, but I wouldn't be surprised if you are responsible for some sort of charges should numbers be stolen from you (if they are stored in a non secure way).
Since you will need the ability to decrypt the data, I would suggest using something like PGP.
The following is a function that takes in a card number, and returns by reference a string that has been pgp and base64 encoded. The base64 is only for internal reasons, and could easily be removed. Of course you will have to change things like file paths, and there are class variables and such that you'll have to change, but it should give you a good start.
function encrypt_card ( $card_no , $pgp_base64 ) {
$r = ''; // place holder for errors
// make the file system root variable available
global $FSROOT;
$pgp_temp = $FSROOT . "api/pgp/";
// card number with a single line feed
$file_contents = "$card_no\n";
$card_file = $pgp_temp . $this->kadv_uid;
$pgp_file = $card_file . ".asc";
if ( file_exists( $card_file ) ) {
$r[] = $this->prefix . 'ENCRYPT - CARD_FILE_EXISTS';
return $r;
}
$fp = fopen( $card_file , "w" );
$status = fwrite( $fp , $file_contents );
if ( !$status ) {
$r[] = $this->prefix . 'ENCRYPT - FILE_GENERATION_FAILED';
return $r;
}
fclose( $fp );
// encrypt the file using the key card_test
exec ( "/usr/local/bin/pgp -ea $card_file card_test" , $exec_array );
if ( $this->debug )
for ( $i = 0 ; $i < count($exec_array) ; $i++ ) {
print "DEBUG >> : " .$exec_array[$i]. "<BR>\n";
}
$fp = fopen( $pgp_file , "r" );
$pgp_info = fread( $fp , filesize( $pgp_file ) );
if ( $this->debug )
print "DEBUG >> pgp_info: " . $pgp_info . "<P>";
$pgp_base64 = base64_encode( $pgp_info );
if ( $this->debug )
print "DEBUG >> pgp_base64: " . $pgp_base64 . "<P>";
unlink( $card_file );
unlink( $pgp_file );
if ( $r )
return $r;
return '';
}
