PCI DSS does not require 1024 bit RSA to encrypt. Older versions of the specification mentioned AES and 3DES by name, but I believe newer versions just specify strong encryption. Most people are using AES 256.

Encrypting data at-rest with an asymmetric algorithm doesn t really work. Symmetric algorithms work best. This allows the application to access the card data when it needs to. This doesn t mean you have to show the data to the user ever again, it just means the data is there when you need to get to it. If you re storing credit card authorization information, you ll usually need the card number for settlement. (It really depends on the features your processor has. Some of the small-business level processors store the card for you, but this is infeasible for large scale processors like Paymentech and FDMS.)

The problem is that you will have to rotate your encryption keys periodically. This is usually what screws everyone up. If you roll your own encryption, you need to make sure that you can specify n number of keys that are accessible for as long as there is data encrypted with those keys. At any point in time, only one of those keys should be used for encryption. Unless you have a deep understanding of crypto and key management in terms of PCI, you might want to go with a commercial offering. Yes, these are expensive, but you have to determine the best course with a build or buy decision making process.

Ingrian (now SafeNet) has a decent offering for a network HSM. It will manage the keys for you and do the cryptographic operations. It may also be possible to use their DB level encryption integration so that you don t have to change your application at all. (Though DB level encryption is dubiously secure in my opinion.)

This is a very deep subject; I ve done a lot with PCI and suggest you hire someone to guide you through doing it properly. You ll spend a lot of money on false starts and redoing work, so get an auditor involved early to at least asses what you need and tell you how to implement the security properly.

You may have an easier time if you differentiate between data storage, access, and transmission.

Storage requires strong reversible encryption; the data is not useful unless you can retrieve it.

Access requires a user or process to authenticate itself before it is permitted to decrypt the data. Here s an example of a mechanism that would accomplish this:

1. Store the data with a secret key that is never directly exposed to any user. Of course, you ll need to store that key somewhere, and you must be able to retrieve it.
2. When each user chooses a password, use the password to encrypt a personal copy of the private key for that user. (Note: even though you re encrypting each copy of the key, security issues may arise from maintaining multiple copies of the same information.)
3. Do not store the user s password. Instead, hash it according to standard best practices (with salt, etc.) and store the hash.
4. When a user provides a password to log in, hash it and compare to your stored value. If they match, use the (plainitext) password to decrypt the key, which is then used to decrypt the actual data.

Transmit the data through a secure connection, such as SSL. It s reasonable (perhaps required) to allow users to access (and modify) their own data, as long as you continue to follow best practices.

Comments:

• An 8-digit password implies a key space of 10⁸ ~ 2²⁷ = 27 bits, which by today s standards is fairly terrible. If you can t encourage longer (or alphanumeric) passwords, you may want to consider additional layers.

• One advantage to the multiple-layer strategy (user provides a password that is used to encrypt the "actual" key) is that you can change the encryption key transparently to the user, thereby satisfying any key-rotation requirements..

• The standard admonition whenever you re designing a security solution is to remember that DIY security, even when following standards, is risky at best. You re almost always better off using an off-the-shelf package by a reputable vendor, or at least having a trained, certified security professional audit both your strategy and your implementation.

Good luck!