Developer

10 things: The most useful Perl modules for cryptography and authentication

This document lists 10 of the most important ready-made application security, user authentication, and data encryption Perl modules.

As the World Wide Web and the applications it supports become ever more pervasive, online security is becoming more and more important. Encryption and authentication are now de riguer on most Web sites, and users demand strong security from the tools they use.

If you're a Perl application developer, you're -- thanks to the Comprehensive Perl Archive Network (CPAN) -- already ahead of the pack. This is because CPAN has numerous ready-made Perl modules to enable developers to efficiently perform common tasks related to application security, user authentication and data encryption. This document, points you to ten of the most important ones, describes how they are use and provides you with a link so that you can get started (See Table A).

Note: You can install CPAN modules directly from the Internet, by following the instructions provided on their Web site.

Table A


Package Name

Description

URL

Crypt::GPG

This module provides an API to encrypt, sign and decrypt files using public/private key authentication with the GNU Privacy Guard. It uses an object-oriented interface to generate new key pairs, manipulate the key database or to verify signed files.

Use this module when you need to create perform GnuPG encryption or decryption in a Perl application.

GPG

Crypt::Blowfish

This module provides an object-based interface to encrypting and decrypting test using the Blowfish encryption algorithm.

Use this module when you need to encrypt sensitive data (such as passwords) using the Blowfish algorithm.

Blowfish

Crypt::RSA

This module provides an object-based interface to encrypt, sign and decrypt files using RSA public/private key authentication. The API includes methods to generate new keys and verify signatures.

Use this module when you need to encrypt email or files using public/private key authentication.

RSA

Crypt::IDEA

This module provides an object-based interface to encrypting and decrypting test using IDEA block cipher encryption.

Use this module when you need to encrypt sensitive data (such as passwords) using IDEA encryption.

IDEA

Digest::MD5

This module provides a Perl interface to create MD5 message digests of files or string sequences.

Use this module when you need to generate MD5 "fingerprints" of a file or string.

MD5

Crypt::SaltedHash

This module provides an object-based API for one-way encryption with a "salt" or seed value. This technique is similar to that used in *NIX password files.

Use this module when you need to protect a string with one-way encryption, or test the contents of an encrypted string.

SaltedHash

Crypt::PassGen

This module provides an API to create pronounceable passwords from a dictionary. It works by building a frequency file from the dictionary and using that information in the password generation process.

Use this module when you need to generate pronounceable usernames or passwords that are easy to remember.

PassGen

Authen::PAM

This module provides an object-oriented interface to the Linux Pluggable Authentication Module (PAM), a versatile mechanism for user authentication. It can be used to access, verify and modify user credentials, set and read environment variables, and work with PAM user sessions.

Use this module when you need to interface with the Linux authentication system through a Perl application -- for example, to alter a user's password.

PAM

Authen::Users

This module provides a framework to manage and authenticate users with a password database (MySQL or SQLite). It includes a number of well-thought-out functions designed to manage users, organize users into groups, and manipulate the relationship between groups and group members.

Use this module if your Perl applications need a simple password database to manage user/group accounts.

Users

Authen::PIN

This module is designed to create cryptographically-strong numeric sequences from user-supplied templates. Internal verification digits (based on checksums), counters and literals are all supported.

Use this module when you need to create a hard-to-guess numeric PIN, or a number sequence which supports internal verification.

 

PIN

0 comments

Editor's Picks