Apache::AppSamurai::Session::Serialize::CryptBase64 - Storable, AES, and MIME::Base64 for session serializer


 use Apache::AppSamurai::Session::Serialize::CryptBase64;
 # You must choose a Crypt::CBC compatible cipher. (See the DESCRIPTION
 # section for the supported list.)  This can be done either by
 # setting a specific value (the recommended way):
 $s->{args}->{SerializeCipher} = 'Crypt::OpenSSL::AES';

 # ... or by using the find_cipher() utility method:
 $s->{args}->{SerializeCipher} = Apache::AppSamurai::Session::Serialize::CryptBase64::find_cipher

 # serialize and unserialze take a single hash reference with required
 # subhashes.  {args} must include two 256 bit hex string key/value pairs:
 # key = Session authentication key
 # ServerKey = Server key
 # (Examples keys are examples.  Don't use them!
 $s->{args}->{ServerKey} = "628b49d96dcde97a430dd4f597705899e09a968f793491e4b704cae33a40dc02";
 $s->{args}->{key} = "c44474038d459e40e4714afefa7bf8dae9f9834b22f5e8ec1dd434ecb62b512e";

 # serialize() operates on the ->{data} subhash
 $s->{data}->{test} = "Testy!";
 $zipped = Apache::Session::Serialize::Base64::serialize($s);

 # unserialize works on the ->{serialized} subhash
 $s->{serialized} = $zipped;
 $data = Apache::Session::Serialize::Base64::unserialize($s);


This module fulfils the serialization interface of Apache::Session and Apache::AppSamurai::Session. It serializes the data in the session object by use of Storable's nfreeze() function. Then, using the configured cipher module in {args}->{SerializeCipher}, the passed in {args}->{key}, (session authentication key), and the passed in {args}->{ServerKey}, (server key), it encrypts using the encrypt() method of Crypt::CBC. Finally, MIME::Base64 encode is used on the ciphertext for safe storage.

The unserialize method uses a combination of MIME::Base64's decode_base64, Crypt::CBC's decrypt, and Storable's thaw methods to decode, decrypt, and reconstitute the data.

The serialized data is ASCII text, suitable for storage in backing stores that don't handle binary data gracefully, such as Postgres. The following Crypt modules are currently supported:

 Crypt::Rijndael     - AES implementation
 Crypt::OpenSSL::AES - OpenSSL AES wrapper
 Crypt::Twofish      - Twofish implementation
 Crypt::Blowfish     - Blowfish implementation

The configured module must be installed before use. For efficiency, it is recommended that you staticly set the SerializeCipher argument when calling this module. That said, for convenience, a simple utility method, find_cipher() is provided.


Apache::AppSamurai::Session, Storable, MIME::Base64, Apache::Session, Crypt::CBC, Crypt::Rijndael, Crypt::OpenSSL::AES, Crypt::Twofish, Crypt::Blowfish


Paul M. Hirsch, <paul at>


See Apache::AppSamurai for information on bug submission and tracking.


See Apache::AppSamurai for support information.


Copyright 2008 Paul M. Hirsch, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.