Knowledgebase: Cart32: Version 7.0
Public-Private Encryption Keys Set Up
Posted by Matt Marler on 31 March 2010 10:59 AM
The price encryption key is for increased protection of credit card information. Cart32 generates a public and private key pair to encrypt the credit card data. The public key will be stored on the server and the private key will be stored on your computer in a file or in the registry. Only the public key is needed to encrypt the data, but both the public and private keys are needed to decrypt the data. By default, the credit card data is stored encrypted in the Cart32 database.

IF THE PRIVATE KEY IS LOST THE THEN THE CREDIT CARD DATA WILL NOT BE RETRIEVABLE. Please protect your private key. If it is lost there is nothing that can be done to retrieve the data. Your customers credit card data will be safe as long as the private key is in your care. To retrieve orders with public key encrypted credit card numbers you will need to use the same machine and browser that you used to generate the keys.

If you setup the keys, Cart32 will launch an object that will be used to generate the keys, save the private key to you hard drive and save the public key on the server. Internet Explorer 4 (with 128 bit encryption) and above is required for this to work.

Here are the steps that Cart32 takes in generating the key pair for use in the cart.

1. Navigate to the File -> Advanced tab of the cart administration.

2. Click the link that states, "Regenerate Public/Private Encryption Keys".

3. A prompt will display, "Regenerating the public/private keys will make your current credit data unreadable. Are you sure you want to regenerate the public/private keys?" click "OK".

4. You will be taken to a screen with information about Public/Private key encryption. Please read the message and click on the button that says, "Click Here to Continue With Key Generation".

5. Please read the message on this screen and click, "Next >".

6. Enter the first pass phrase (must be at least 7 characters long with at least one number and one letter) and click, "Next >".

7. Enter the second pass phrase (same character requirements, however it must be different) and click, "Next >".

8. Please wait for the keys to be generated, it may take a few minutes.

9. You will see a confirmation message declaring that the keys were successfully generated. Click on the button that says, "Click Here To Continue".

10. If you have orders already saved in the Cart32 administration, you will now have the option of converting the saved credit card information to the new key encryption method. Then you can continue on into the Cart32 web admin.

*Note: Step 10 only works if you were not using encryption keys before. It cannot convert orders from a previous key to a new key.

*Note: If you are using key encryption, in order to view orders with credit card numbers, you will need to use the same machine as you used to generate the keys. The orders will appear the same as before, but all of the decryption happens on your local machine instead of the server. That way the server only sees the encrypted value and never sees the actual credit number once it's saved in the orders database.
(15 vote(s))
Helpful
Not helpful

Comments (2)
Tom Harrington
15 November 2011 09:20 PM
I bought a new computer. How do I migrate the encryption key to the new machine?
Chris Stewart
18 November 2011 04:05 PM
Hi Tom, to enable public private key encryption on the new computer, you can either regenerate the keys through the File > Advanced tab, or you can refer to the following knowledgebase article:
https://support.cart32.com/index.php?/Knowledgebase/Article/View/152/0/how-to-view-orders-using-publicprivate-key-encryption-on-more-than-one-machine
Post a new comment
 
 
Full Name:
Email:
Comments: