As the World Wide Web and the applications it supports
become ever more pervasive, online security is becoming more and more
important. Encryption and authentication are now de riguer on most Web sites, and users
demand strong security from the tools they use.

If you’re a Perl
application developer
, you’re — thanks to the Comprehensive Perl Archive
Network (CPAN) — already ahead of the pack. This is because CPAN has numerous
ready-made Perl modules to enable developers to efficiently perform common
tasks related to application security, user authentication and data encryption.
This document, points you to ten of the most important ones, describes how they
are use and provides you with a link so that you can get started (See Table A).

Note: You can
install CPAN modules directly from the Internet, by following the
instructions provided on their Web site.

Table A

Package Name

Description

URL

Crypt::GPG

This module provides an API to encrypt, sign and decrypt
files using public/private key authentication with the GNU Privacy Guard. It
uses an object-oriented interface to generate new key pairs, manipulate the
key database or to verify signed files.

Use this
module when you need to create perform GnuPG
encryption or decryption in a Perl application.

GPG

Crypt::Blowfish

This module provides an object-based interface to
encrypting and decrypting test using the Blowfish encryption algorithm.

Use this
module when you need to encrypt sensitive data (such as passwords) using the
Blowfish algorithm.

Blowfish

Crypt::RSA

This module provides an object-based interface to encrypt,
sign and decrypt files using RSA public/private key authentication. The API
includes methods to generate new keys and verify signatures.

Use this
module when you need to encrypt email or files using public/private key
authentication.

RSA

Crypt::IDEA

This module provides an object-based interface to
encrypting and decrypting test using IDEA block cipher encryption.

Use this
module when you need to encrypt sensitive data (such as passwords) using IDEA
encryption.

IDEA

Digest::MD5

This module provides a Perl interface to create MD5
message digests of files or string sequences.

Use this
module when you need to generate MD5 “fingerprints” of a file or
string.

MD5

Crypt::SaltedHash

This module provides an object-based API for one-way
encryption with a “salt” or seed value. This technique is similar
to that used in *NIX password files.

Use this
module when you need to protect a string with one-way encryption, or test the
contents of an encrypted string.

SaltedHash

Crypt::PassGen

This module provides an API to create pronounceable
passwords from a dictionary. It works by building a frequency file from the
dictionary and using that information in the password generation process.

Use this
module when you need to generate pronounceable usernames or passwords that
are easy to remember.

PassGen

Authen::PAM

This module provides an object-oriented interface to the
Linux Pluggable Authentication Module (PAM), a versatile mechanism for user
authentication. It can be used to access, verify and modify user credentials,
set and read environment variables, and work with PAM user sessions.

Use this
module when you need to interface with the Linux authentication system through
a Perl application — for example, to alter a user’s password.

PAM

Authen::Users

This module provides a framework to manage and
authenticate users with a password database (MySQL or SQLite).
It includes a number of well-thought-out functions designed to manage users,
organize users into groups, and manipulate the relationship between groups
and group members.

Use this
module if your Perl applications need a simple password database to manage
user/group accounts.

Users

Authen::PIN

This module is designed to create cryptographically-strong
numeric sequences from user-supplied templates. Internal verification digits
(based on checksums), counters and literals are all supported.

Use this
module when you need to create a hard-to-guess numeric PIN, or a number
sequence which supports internal verification.

 

PIN