TR,

Yes, as I see it, the way to go is asymmetric encryption with the decrypting being done "offline". This adds the complication of installing a small desktop app (and the user having to paste the encrypted info into it while processing each order). I think it is worth it for some clients who are very concerned about security. The standard algorithm is RSA with the keys being sufficiently big (1024 bits). The encryption exponent should not be too small as well (mine uses 65537, the largest known fermat prime, which is a common recommendation). If anybody sees another method that is easier for the cart owner, I would be very interested in getting a discussion started. My current approach might not be optimal.

Cheers