Just wondering if there is a way to implement a public key
infrastructure like PGP WITHOUT having to install PGP on the
server. We are on a shared host and want to send encrypted emails
to one single e-mail client (for collecting credit card info)
I think you are going to need to install PGP on the server,
or some CFX or Java libraries (basically the same thing). I think
CF8 has the hooks built in for PGP but it requires additional
licensing and most likely, your hosting provider has not purchased
these (it's a fairly heafty investment).
You did not give much details into why your emailing cc info
but you may want to research tokenization technologies as some of
these would eliminate the need for PGP -- tokens do not need to be
encrypted and emailing them is not a security concern. We offer our
i4Go product which tokenizes the cc information before your site
sees it -- your site only sees the token, card type and expiration
date. All this information can be emailed and the recipient can use
this information to authorize and post payments. Our solution
requires the later functions use our gateway services, other
tokenization options will probably have the same restrictions.
If you are unable to install PGP on your server and are
willing to use a single-passcode encryption solution, you can
always use one of the built-in CF strong encryption standards (AES,
perhaps) and then come up with a solution for decrypting the AES
data on the client side.
Although this question is really old, I think I should still answer this because someone else might come across this page for help. Well the short answer is, you can use any online PGP encryption tool like this one.