Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
What constitutes a "legal" digital signature for a web form (not a document)?
OPTION 1: I worked on a project where a doctor makes notes on the health of a patient. When the web form is submitted a PDF is generated and digitally signed with a digital .CER certificate and the PDF is saved to the file system. Each doctor had their own .CER file and password which was a real PITA to maintain and the overhead of generating, storing, and backing up PDF's is quite high.
There are also third-party solutions like CoSign which allow the user to authenticate to CoSign as the form submits and, if properly authenticated, somehow digitally signs that form. I believe all of these solutions require an export to various types of documents and then storage of the document and require the end signer to have an account with CoSign. That isn't going to work...
All of these signatures require the data to be stored in a document which is not ideal for many projects.
OPTION 2: I went to the Microsoft store at the Mall of America and purchased a new Surface (to be later returned :/ ) and when checking out they gave me a tablet (ironically it wasn't a Surface) and a pen and I jotted down my signature. Another example is the Square app which also requires the user to jot down their signature on a touchscreen of some sort. I would assume the signature is stored as an image somewhere in a database but does that constitute a "legal" document?
I've worked at a small medical device company which had their doctors evaluate tests on the web and digitally "sign" their evaluation, but all that did was upload an image of their signature saved in the database.
OPTION 3: Yet another way I've seen this done is when filling out my FAFSA for college tuition aid back in the day. They'd ask you to review the terms, yada yada, and then at the bottom I had to type in my full legal name "as it appears above" and the submit the form. What are they doing behind the curtains??
The project I'm working on is a simple one-page contract for a construction company which explains all of the services to be rendered and requires a signature and date. The electronic version of this form would collect all of the required data in a web form and save it to a data store.
My initial reaction was to provide a <canvas> based HTML5 element that can be signed on an iPad or something. Does the data need to be exported to a document and then signed using a digital signature or can the data be legal and "signed" in the data store?
You're asking several questions, only one of which is the legality question.
Disclosure up front: I work for CoSign.
First question:
Signing a web form digitally vs signing a document (PDF, etc)
Yes, this is a common application for digital signatures. CoSign supports it. The usual technique is to first express the web form as an XML file. Then digitally sign the XML file. CoSign's SAPI api directly supports digitally signing XML files according to the W3 standard. Learn more from the SAPI programmers guide. Available from the CoSign Developers site.
Verifying the digitally signed XML file You need the ability to cryptographically verify the digitally signed XML file. You can use CoSign for this or there are many other apps which will also verify the XML files. Google for "verify xml digital signature" to see a long list. Independent verification of the digital signature's identity, intent and the document's integrity are the key advantages of using standard digital signatures.
Second question:
Any way around the high costs of personal copies of digital certs for digital signing?
Issuing, tracking, maintaining, replacing and retiring personal digital certs has a very high cost, as you've discovered. This is a common (and large) downside to digital signatures using hw certs issued to the individual signers (smart cards, usb tokens, etc). The way around the problem is to centrally store the certs as CoSign and some others do. CoSign automatically synchronizes with Active Directory / LDAP etc to get rid of the support and maintenance costs of the individual hw certs.
Third question:
Do outside signers need their own account on the CoSign box? That wouldn't work.
In the case of outside signers (someone outside of the organization, such as a customer/client/patient who only signs once in a great while), the signing account can be created programmatically, the XML doc signed and then the account is deleted. This is not an uncommon case. The CoSign SAPI api supports account creation/maintenance/deletion for this purpose.
Fourth question:
Is it true that "All of these signatures require the data to be stored in a document which is not ideal for many projects?"
No. You can digitally sign XML docs as I explain above. Signing XML docs created from web forms is also done by Microsoft's InfoPath form system, by the IBM Forms system and by others. It is a common application for digital signatures.
Fifth question:
What are Square and other web form signing apps doing?"
In many cases they are doing ""Electronic signatures" not "Digital signatures."
Briefly, an electronic signature is a graphic representation of a person's signature. That's all that's in the document. So the document by itself has no assurance of integrity or non-reputability. Ie, someone can change the document (eg by strategically adding the word "not") and the signature would still look the same.
To add strength to the inherently weak electronic signatures, the various electronic signature services will store the document on their servers, thus providing their corporate assurance of the document's integrity etc. Your option 3 may be in this category. Square, your option 2 may also be an electronic signature. In their case, Square itself is providing the assurance that nothing was changed after signing.
Electronic signatures are generally legal in the US but you should consult a lawyer for details. It is also the case that many organizations won't accept electronic signatures due to their reliance on a third party for verification (the vendor). Electronically signed documents can't be independently verified--you need to rely on the vendor. For example, drug companies cannot submit their paperwork to the FDA with electronic signatures, digital signatures are required. Outside of the US, electronic signatures are often not acceptable again due to the inherent weakness of the technology.
Digital Signatures A document or XML file, or anything else can be digitally signed. The digital signature guarantees, through cryptography techniques, that the document was not altered (integrity), signature is non-reputable (signer identification) and the signer's statement of intent at the time of signing. Digitally signed files can be verified by anyone using verification software or apps available from many places. Digital signatures adhere to open standards, electronic signatures do not.
What constitutes a "legal" digital signature for a web form (not a document)?
There's the matter of existing laws and practices, and there's the matter of what they should have been if the law is written by someone not ignorant of the nature of electronic signature, digital signature, and digital data.
In my opinion, electronic signature (an image of a hand-drawn signature) should never be considered legally binding, it is trivial to forge an electronically signed data, or to create a forged data that contains the image of the signature. They can and are often used in low security situation, however they are worth nothing to assert the authenticity or integrity of data. They can be somewhat secure in a very limited situation, such as when there is a trusted, tamper-proof device to collect the hand drawn signature like EFTPOS or trusted tablets, the consumer's and (usually) the merchant's tablets should not be considered trusted device.
Digital signature, on the other hand, uses cryptographic techniques to embed a signature that can be automatically verified to assert the authenticity of the document/data. It's a very strong guarantee as long as the security of the private key is kept private and no flaws are discovered with the signature algorithm. In my opinion, this is the only form of electronic signature that should be considered legally binding in every situations, assuming all parties understands digital signature.
It is possible to have a trusted third party, acting as a notary, that asserts the authenticity of a document or web form submission. The security of this system depends on the reputation of the notary, it can be legally binding when done by a trusted notary using a proper trustworthy protocol. Some electronic notary employs some form of digital signature, so their assertion adds an extra layer of guarantee on top of those provided by digital signature alone.
Many jurisdictions allow weaker forms of electronic signature for certain kind transactions. Check your local laws, consult a lawyer that is well versed in electronic transactions when in doubt about using weaker form of signature. Use digital signature properly to remove any shred of doubts.
Any finite length binary stream can be signed, it didn't have to be in a document. However, to have an embedded signature as opposed to external signature, the data contained have to have support for containing the signature.
Related
I have a (university) project where I basically write and read text out of an NFC tag with Android devices in order to store one's balance in the card (which can be used on the cafeteria, for example).
Right now, I'm using NTAG213 doing the below code:
ndef.connect();
NdefRecord mimeRecord = NdefRecord.createMime("text/plain", messageEncrypted.getBytes(Charset.forName("US-ASCII")));
ndef.writeNdefMessage(new NdefMessage(mimeRecord));
ndef.close();
As you can notice, I'm using application level encryption to encrypt the message (messageEncrypted) before writing it to the tag (AES-256 encrypt with 'com.scottyab:aescrypt:0.0.1' library - with a very big password key that uses also the tag UID as part of it).
So far so good - only I can understand the data on the tag.
On my research, I've found that when it comes to security Ultralight C > NTAG213.
Question 1) When using application level encryption, why (is it?) is MIFARE Ultralight C safer then NTAG213?
Question 2) I'm pretty sure I can guarantee security using AES encryption, but I don't want people (besides me) messing with the stored data (formatting tag or writing info there). I see that the only way of preventing that (please, correct me if I'm wrong) is to set a password for the tag. However, both NTAG213 and Ultralight C have only an 32-bit password. Is it good enough? Is there another way of preventing someone (besides me) writing data?
Question 3) Which other security measures can I use on such tags to enforce security (tag and application layer)?
Question 4) When you compare tag security (MIFARE DESFire > Ultralight > NTAG213 > MIFARE Classic), what is really being compared? The ease of one cracking the (native tag's) encryption or the ease of one store (anything) on the tag without permission?
Question 5) I see a bunch of other techs (MIFARE DESFire, ICODE SLIX, Infineon Cipurse) that are more secure, which makes me wonder if the tech I'm using (NTAG213 or Ultralight C) is good enough for storing someones balance. Would you (and that's a personal opinion) say that NTAG213 with application level encryption and 32-bit password good enough for this type of application? And how long would it take someone to actually break its security?
When using application level encryption, why is Ultralight C safer then NTAG213? Is that even true?
First of all, "safer" depends on what your actual protection goals are. Since you want to store a balance (cash money!) on the card, you would probably want to (at least) protect towards the following goals:
Users must not be able to print their own money by setting an arbitrary balance on their card.
Users must not be able to duplicate their card and, consequently, their money balance.
Users must not be able to print their own money by restoring (roll-back) their card to a previous balance after payment.
Users must not be able to print their own money by replaying a top-up procedure.
Users must not be able to evade payment by tearing their card during a payment transaction.
Users must not be able to generate an arbitrary (and potentially higher) balance on their card by tearing their card during a top-up procedure.
In addition, you might not want to trust operators (the persons accepting payments and performing top-up) as well. In a system where one group of operators performs only top-up and the other performs only payment transactions, the latter group should probably not be allowed to ever "create" money. Particularly, you have to make yourself very clear about whether you fully trust the (Android) devices that you use in the field to perform these operations and whether you trust operators (e.g. that they don't perform any attacks against these devices).
Moreover, there might be privacy aspects that you need to consider (e.g. if the balance is freely readable, if users are identifiable, etc.)
So let's look into what you "application level encryption" adds in terms of security:
Since users do not know the encryption key, they are probably not able to generate an arbitrary balance on their card. However, this heavily depends on the format of your balance (in unencrypted form). Users can make arbitrary modifications to the cipher text with result in "random" modifications of the plain text. Consequently, users may be able to modify the balance value despite encryption. Digital signature/message authentication codes are they path that you would probably want to take to overcome this.
Since the encryption key (assuming encryption would be sufficient, which it probably is not) depends on the UID of the tag, you may be safe against cloning of cards (+ balance). However, be aware that the UID is just a freely readable identifier. It is by no means authenticated itself and may be clonable as well. See Serials on NFC Tags - truly unique? cloneable?.
The encrypted value does not protect you from users restoring their balance to a previously recorded value after payment. This type of vulnerability has been found before (particularly in MIFARE Ultralight based systems), see, for instance, Benninger, C., Sobell, M. (2012): NFC for free rides and rooms (on your phone). In: Presentation at EUSecWest 2012.
Since you write the complete value during a top-up procedure (i.e. there is no specific "increment balance" command), you are probably safe against users replaying a top-up (except for the roll-back aspect of this).
Effects of tearing are probably rather limited if your system only allows for attended payment/top-up.
So let's see what additional features NTAG213 would have that you could use to secure your system:
UID is unique on genuine tags. This does not help much, see Serials on NFC Tags - truly unique? cloneable?.
Originality signature: same as above, the originality signature is also just a static, freely readable value. Consequently, it's just as well susceptible to cloning.
The one-way counter might be a tool to help you in protecting against roll-back (by including the counter value into the signature). This still would not prevent cloning onto a tag platform that allows to generate arbitrary counter values. Moreover, the counter is not easily controllable and will change its value if the user tries to read the tag. Consequently, it's questionable if an implementation based on that value would be reliable.
Unlike MIFARE Ultralight, NTAG213 does not have a usable one-time programmable area (since that's already used by the capability container). Consequently, you can't implement a one-time deductible balance based on that.
The password protection feature could help you in authenticating tags (by performing password verification) and in protecting the value stored on the tag (by making the value only readable/writable after password verification). However, the password is transmitted in clear text (may be subject to sniffing, particularly in (but not limited to) unattended scenarios) and there is no cryptographic binding between the password and the actual read/write.
MIFARE Ultralight C would add the following:
The OTP bytes can be used. If it's an option to make the tags one-time usable (i.e. they start with a specific balance that can only be deducted from and not topped-up), then using the OTP bytes to represent the balance would be an option. Note that there's still lots of things that you could do wrong with that, e.g. Beccaro, M., Collura, M. (2013): OTP circumventing in MIFARE ULTRALIGHT: Who says free rides?. In: Presentation at DEFCON 21
The authentication is much improved. The 3DES authentication scheme seems to be sufficiently secure to prevent sniffing the key. However, read/write commands are also not cryptographically bound to the authentication step. Consequently, an attacker might be able to let a genuine payment terminal + genuine tag perform authentication, but redirect read/write to somewhere else. This might (particularly) be a problem in an unattended scenario.
I'm pretty sure I can guarantee security using AES encryption.
See above. This is probably not true.
I don't want people messing with the stored data. I see that the only way of preventing that is to set a password for the tag.
A password/authentication key may help, but be aware of the limitations due to authentication being decoupled from read/write on these tag platforms.
Both NTAG213 and Ultralight C have only a 32-bit password.
This is not true. NTAG213 has a 32-bit password. MIFARE Ultralight C uses a more sophisticated mutual 2K-3DES authentication mechanism with a 112-bit key.
When you compare tag security, what is really being compared?
Authentication mechanisms (algorithms, key sizes)
Communication security (e.g. is the communication itself encrypted/authenticated using a session key derived from the authentication step?)
Access control (e.g. are there separate keys for top-up and payment?)
Are there dedicated mechanisms for balance management (e.g. value fields, dedicated increment/decrement operations)? And, consequently, are ther mechanisms to protect agains tearing attacks?
And probably more ...
I see a bunch of other techs that are more secure, which makes me wonder if the tech I'm using is good enough for storing someones balance.
You specific system is flawed in many ways. In my opinion MIFARE Ultralight/NTAG203/NTAG21x are definitely not a good choice for a an offline system storing cash money on the cards.
MIFARE Ultralight C may be suitable with some precautions. I would definitely refrain from using that in unattended scenarios, and I would probably use an online system tracking the balance and monitoring for inconsistencies.
Anything that uses symmetric cryptography and storing the cryptographic keys in a terminal would certainly require precautions against malicious operators. It's probably fairly easy for an operator (with some knowledge) to extract keys from an app and generate their own money.
I guess your question is too broad and not for all subquestions this section of SO is the most appropriate one.
By focusing on cryptographic strength you miss something: if the low level security of the token can be easily attacked, nobody needs to crack your key.
A simple dump and later restore (after some payments) corresponds to printing money
If the token contains the money directly (instead of only identifying the wallet, which is stored on a background system), you need a far more secure system to avoid financial damage. This involves dynamically encrypted communication but continues with substantial further topics.
I hope this is not too broad a question (if it is, I'm happy to narrow down the scope).
We have created a small CRM web application, and we want to protect user's data (we will never be storing credit card details, but will be storing emails).
We're new to the whole SSL/HTTPS thing. Does anyone have any recommendations on which certificate types to go for? I have seen them ranging from £12 to £1200!
Thanks in advance!
Expensive certificate issuers generally charge you for the work they do when they validate that you actually are you. They will i.e. call you on phone, check you up in business registers etc. The rationality behind this is that an attacker may be able to trick a cheaper certificate issuer to give him an SSL certificate with your name. It is difficult for an attacker to get an false, expensive certificate.
However, the problem here is that it is practically impossible for the end user to see any difference between an expensive and a cheap certificate. You buying an expensive certificate does not in any way prevent the attacker from tricking the cheap issuer into giving him a ceritificate.
So unless you have very consious users that can actually see the difference between your expensive certificate and an impersonators cheap falsification there is no technical reason to buy an expensive certificate.
A special type of cerificates is called EV certificates. They are more expensive and will generate a green background or similar signal in your browsers address bar. This can make a difference if your users will notice it.
Another issue is that many of the cheap issuers actually are subsidiaries of the more expensive companies and will in fact give you the exact same certificate. I.e. the certificate you get from Rapidssl used to be the same as one you can get from the more expensive Geotrust (this may have changed).
A last note. Make sure that the certificate issuer is actually recognized by a majority of all browsers. This is not a problem as long as you use a reasonably well known issuer.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 months ago.
Improve this question
If you search for code signing online you will get a plethora of hits regarding where to go to get your code signed with a digital cert, but no articles or documentation on when you should get your code signed or why this might be necessary. So I pose these questions:
What use cases exist where a developer or a development team want/need to have their code signed?
What types of code can/should be signed? JavaScript? Java? C++? Are there different types of codesigning for each language/platform?
Is the code signed as raw source or the compiled binary?
Thanks in advance.
I suppose theoretically any code in any language can be signed, either as the source but more commonly the compiled binary.
Main use case that comes to mind with me is with Mobile applications (Android for this instance). You have to sign the code before publishing. You also have to keep the key store file so if you make any updates to the application and want to upload it you sign it with the same key. This is because Android checks a number of things when upgrading an application the main one being that the code signing is the same for the old and new, which as long as the key store file and its password is kept secret enough, proves it came from the same source. If someone were to modify the code in some way, the signing verification would fail.
In a nutshell signing code lets the end user / machine know where the code came from. And in the case of upgrading makes it difficult/impossible to modify code and have others download it.
Apple goes nuts with code signing for iOS and I don't fully grasp all the details but you have to get the certificates (yes more than 1) from Apple and sign with them. If you want to put the app on a testing device you need yet another certificate to sign with and install it on the device, other wise you have to get it on the App Store (subject to Apple's approval) where they probably sign it with some private key for iOS devices to know its Apple approved.
every time you need to ensure that code is from trusted source and no one modifies it (signing usually comes with checksum). it's very common. programming libraries, software distribution, software upgrades. when you need to patent the code you should sign it and get a trusted timestamp. when you create a bank and give access to it through internet, you send your webpages to the users via SSL = you are encrypting and signing them. and probably many many more
What use cases exist where a developer or a development team want/need to have their code signed?
Digital signatures mean different things on different platforms. If you're writing Windows desktop software then the biggest initial benefit of signing your executables is to get rid of that nasty "Unknown Publisher" warning that Windows has been showing users since Windows XP SP2. On other platforms (Some mobile, Java, Flash, Office VBA Macros etc) signed code is required in order to elevate permissions.
You can make a Windows program self-check its own digital signature to make sure it is valid, which means the EXE hasn't changed at all since it was signed. Most use that as another layer of protection against malware and piracy.
Check out this too :
http://blog.ksoftware.net/2011/07/what-is-authenticode/
What types of code can/should be signed? JavaScript? Java? C++? Are there different types of codesigning for each language/platform?
In theory it is possible to digitally sign any document but most of the time when people are talking about code signing they're talking about MS Authenticode (attaching digital signatures to any PE format file (EXE, DLL, COM, etc) or signing executables for OSX/iOS.
There are different types of signing on different platforms but most will use the same certificate.
Is the code signed as raw source or the compiled binary?
In most contexts, a binary.
Scenario
I want to design a server which loads plug-in assemblies from third party vendors. The third party vendor needs to follow some contract while implementing plug-in assemblies. The third party plug-in assemblies needs to be copied to a specified deployment folder of the server. The server will dynamically load the plug-in assemblies.The server needs to load only those assemblies which are from a trusted source.
Possible Solution
As one of the solution, the server could rely on digital certificate technology. The server should load only those assemblies which are digitally signed with a trusted root certificate authority. I am planning to derive test cases from the following diagram:
The leaf node (highlighted in purple) denotes the possible test cases.
I need to get ideas/feedback on the following:
Whether the above mechanism based on digital certificates is good enough for the above mentioned scenario?
What are other alternatives in addition to digital certificate technology?
Are there any test cases missing that have not been considered (based on the above diagram)?
Thanks.
Just some random thoughts.
While not the only way to do this (off the top of my head you could for example use a HMAC with specific keys, or just a public key algorithm such as RSA or DSA on their own) it is probably the best way to achieve what you want to do with the minimum of effort.
Of course I would presume you would act as the CA in this scenario and any third-party could get a certificate signed from you? If not, and would just go for say a Verisign cert etc. you might want to consider checking the key usage and enhanced key usage fields of the certificate to ensure it is suitable for signing binaries (to stop someone for example using an SSL cert).
As pointed out in the above comment you want to check any certificate revocation lists, although that might be covered in signed versus unsigned. You probably also want a distinct test case between a file which is unsigned completely, a file which is signed but incorrectly (say public keys don't match) and one which is signed but invalidated, e.g. the signature is not timestamped by a trusted authority and the certificate has expired, or the CRL stuff.
Also are you excluding the possibility where the signing cert is the CA? It is a dumb thing to have but technically there is nothing wrong with doing so. You could even just skip the whole CA stuff and get a third party to generate their own self-signed cert and send that to the administrator of the server who would add it to the list of valid certificates for use. The only reason for the CA is they are supposed to check the details of the person who wants it, depending on how you plan to use this system than might not be necessary.
I am working in PHP on a Linux server with MySQL.
I have a requirement (that I have attempted to talk them out of) to collect credit card information from users so that our company can use the card numbers to hold hotel rooms for a conference. We will not be charging the cards ourselves at all, but instead just sending them to the hotel. I then need to be able to download a CSV file and each time someone signs up an email to go to the admin with all the information.
I tried to explain that this wasn't secure, but several other developers have done this for them in the past before I was working here.
My question is; is there anyway to make this secure? If not are there any third party options to make this happen?
EDIT:
I appreciate everyone who has posted so far, it has simply made me want to attempt to do this less and less. If you could add to your answers simple explanations, oriented at non-tech people, it would be greatly appreciated, in fact site source and links would help me a great deal. I haven't found any sites that would explain this in a non-tech way.
First of, I am not a lawyer. I have implemented CC-handling code several times previously, but I am only familiar with Danish laws and regulations, so your mileage may vary.
As far as I know, there are restrictions in place (law and regulations from the CC providers) that you need to be aware of. I don't know where you are in the world, but in many countries you need to be PCI certified to handle credit card data and that is an extremely onerous, expensive and on-going process.
Other countries, or states, may have notification rules in play that requires you to pay the cost of notifying the card holder if security is broken - and unless you are very careful, it is not unlikely.
In general, I would recommend against that procedure. You may risk being liable for any costs if it goes wrong.
It's really a bad idea to be storing card details. You're opening yourself up for a world of pain in the form of PCI-DSS audits. It is not as simple as 'use encryption', you need to have processes in place to securely manage the encryption keys, schedule key rotation, securely log access and so on and on... Storing card details is absolutely something you want to avoid.
If you have to have something in place, then the best option may be for you (as a company) to take payments from the credit cards to your own merchant account, then pay the hotels separately (from your bank account/whatever). You act as a proxy for the client making the payment to the hotel.
Most payment gateways allow you to store the card details securely, and charge at a later date (using a token id returned by the gateway), which will likely be useful here. But you wont be able to retrieve the card details to pass them through to the hotel in any way, which is why you would need to take payment, then organise a separate payment to the hotel.
Its still quite an undertaking though because a lot of areas of PCI-DSS will come into play even with this simplified solution.
You asked, so here is more information:
PCI-DSS is the Payment Card Industry Data Security Standard. It's a set of guidelines which basically apply to any company that 'touches' cardholder data, in particular the card number. Touching it literally means any handling of the data, even just having it pass through your network without it ever being persisted to disk is enough to mandate that you must comply, (though it is significantly easier if you don't persist the details to disk)
You didn't yet state which part of the world you're in, or how these card details are captured (internet/telephone/in person). These details are significant to how you can achieve compliance.
Start by taking a look at the PCI-DSS SAQ (Self Assessment Questionnaires). These SAQ's are the minimum requirements for companies that do not store cardholder details to disk, and should give a good impression of the security that needs to be in place across the network and policies that should be applied across the company.
As I said, if you're thinking of storing card details then things get more complicated, because as a general rule the SAQ is no longer good enough. You need to enrol the assistance of a QSA (Qualified Security Assessor) who will visit and advise on best practice for data storage and the various other points that come into play. For this level of compliance you're looking at yearly audits (carried out by the QSA), and quarterly network scans. Take a look at the audit procedures to get a detailed look at what is involved. In particular take a look at section 3 and do not underestimate the difficulty of implementing proper key management.
In summary, full PCI compliance will be very costly. Even for a company which already has pretty strong security policies the cost of bringing in a QSA and running quarterly scans and yearly audits alone will likely cost $thousands.
This is very insecure and I think you're correct for opposing it. That said...
Some ideas:
Can the hotel give you a rate/group code that you can disseminate to your users directly? Perhaps you could even give them a link that goes right to the hotel's reservation page, with the code already filled in.
Don't even think about implementing this unless you can do it on an SSL-enabled site.
Don't save the CC number anywhere,
just generate the email and toss the
number out. This alleviates you from having to worry about a ton of very difficult application / server security issues.
Encrypt the email with GPG or
equivalent so that it's protected in
transit and can only be read by the intended recipient.
I suggest you follow the Card Industry PCI compliance closely at least. Here is a PDF document.
As someone who has worked on a system like this, it is 100% illegal to store any credit card information in plain text. You must encrypt all of the data and you are not allowed to know any piece of the keys. It is quite the catch 22, the only way to validate data is to guess as sad as that sounds. This is the exact reason why accidental charges occur.
As others have said here, it's a fact that storing credit card information requires you to be certified. You can ask for information to process the transaction but keeping it on storage of any kind is a big no-no.
Fortunately sites like authorize.net, braintree.com, paypal.com, etc will let you interact with their APIs in such a way that you get a "Customer Vault ID" for each entity you'd like to make transactions for.
These 3rd parties store all the sensitive information in a 100% legit way. And whenever you would like to make a transaction using their saved information, you interact with the service using their "Vault ID".
I've used authorize.net, BrainTree and PayPal. Most recently it was BrainTree and had some good success with them. I would not recommend PayPal unless you need the brand recognition or you just want to do a direct transfer whereby you bypass asking them for account information of any kind (because they already entered it in PayPal).
Make sure your server is as secure as possible and prove that it isn't already compromised. None of this will really work well if you have a compromised server.
Use SSL to protect this information during transit.
Encrypt these details immediately upon receipt. This will help protect it at rest. If possible, encrypt it with a public key for a key pair where the private key (used for decryption) is not on your server. This could easily be that you place this information into the body of the email that you're required to send, then encrypt the body with public-key encryption where your client has the private key. (You could use PGP here). In this way, the data is help on your server as briefly as possible, then once off your server, is accessible only by your client. If you use a symmetric encryption algorithm, then your key will necessarily also be on your server somewhere (on disk, in memory, etc.), which could be obtained and used by an attacker to regain access to the details.
This isn't an endorsement, per se, but I have used this before in similar situations with good results: http://www.pgp.com/products/commandline/
Remember that there are always security holes, but you'll be raising a large barrier against attacks with these steps. I might also add that you look into a system integrity solution like Trip Wire from the immediate build of your server. And of course, ensure that all of your passwords are strong.
If you send the file via email, be sure to use secured connexions (HTTPS / IMAP or POP3 over SSL, SMTP over SSL) on both sending and receiving computers and have the file encrypted prior sending. You can encrypt your mail and attachment via OpenPGP, too. Also, ensure the security between the two mail servers (sending and receiving), or simply use the same domain for sending and receiving email addresses. Do not use the password-feature of a ZIP file or related comrpessing container, since they are usually cryptographically weak.
If you send it on a filesystem (ie. USB pendrive), be sure to use a crypted one (ie. TrueCrypt).
Be sure to have a secured computer where the download and upload takes part (encrypted partition where the download/upload takes place, no spywares on the system, passworded system, firewalled).