Skip to content

Leont/crypt-passphrase-hsm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits

lib/Crypt/Passphrase

lib/Crypt/Passphrase

 
 

t

t

 
 

.gitignore

.gitignore

 
 

Build.PL

Build.PL

 
 

Changes

Changes

 
 

LICENSE

LICENSE

 
 

MANIFEST

MANIFEST

 
 

MANIFEST.SKIP

MANIFEST.SKIP

 
 

META.json

META.json

 
 

META.yml

META.yml

 
 

README

README

 
 

dist.json

dist.json

 
 

metamerge.yml

metamerge.yml

 
 

Repository files navigation

NAME

    Crypt::Passphrase::HSM - A hasher using hardware for Crypt::Passphrase

SYNOPSIS

     my $passphrase = Crypt::Passphrase->new(
         encoder => {
             module   => 'HSM',
             provider => '/usr/lib/pkcs11/some-pkcs11.so',
             active   => '3',
         },
     );

DESCRIPTION

    This module wraps hashes the password using an hmac. By using
    identifiers for the peppers, it allows for easy rotation of peppers.
    Unlike traditional mechanisms it relies fully depends on the secrecy of
    the peppers in the HSM instead of computational difficulty, as such the
    key size should probably equal the output size.

METHODS

 new(%args)

    This creates a new encoder. It takes the following named arguments:

      * provider

      The path to the PKCS11 provider. This is mandatory.

      * slot

      The slot used on the provider, this defaults to the first listed
      slot.

      * active

      This is the identifier of the active pepper. This is mandatory.

      * prefix

      The prefix that is used when looking up keys in the HSM. It defaults
      to 'pepper-'.

      * pin

      The PIN that is used for logging in, if any.

      * user_type

      The type of user you're logging in with. This defaults to 'user', and
      you're unlikely to want to change that.

      * algorithm

      This is the algorithm that's used for hashing. It supports any
      mechanism on your HSM that can sign and verify, common values are
      'sha1-hmac', 'sha224-hmac', 'sha256-hmac', 'sha384-hmac', and
      'sha512-hmac' (the default).

 hash_password($password)

    This hashes the $password in the HSM using the given algorithm.

 verify_password($password, $hash)

    Verify a password with the HSM.

 needs_rehash($hash)

    This will check if the hash needs a rehash.

 crypt_subtypes

    This returns the supported algorithms.

AUTHOR

    Leon Timmermans <leont@cpan.org>

COPYRIGHT AND LICENSE

    This software is copyright (c) 2023 by Leon Timmermans.

    This is free software; you can redistribute it and/or modify it under
    the same terms as the Perl 5 programming language system itself.

About

A pepper-wrapper using hardware for Crypt::Passphrase

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

7 tags

Packages

No packages published

Languages