NAME

Apache::CryptHash - Encrypted tokens for cookies

SYNOPSIS

use Apache::CryptHash;

DESCRIPTION

Creates an encrypted cookie-like string with a MAC (checksum) from a hash of critical and non-critical values. The MAC is created on only the critical values. Decryption will fail if the string has been altered and the MAC does not match when the string is decrypted.

Particularly useful when using COOKIES and will do all the hard work for Apache::AuthCookie

init()

Create class reference and set passcode to the value returned by Sys::Hostname::hostname;

  my $c = Apache::CryptHash->init;      # default passcode = hostname

init takes an optional parameter

  my $c = Apache::CryptHash->init('no');

  $c->passcode('no'}            # will turn encryptation off
                                # and put in Debug mode

Optionally, the passcode or debug may be set by

  $c->passcode('no')            # will turn encryptation off
                                # and put in Debug mode
  $c->passcode('newpasscode');  # change the passcode
name & passcode

Hash Header may be set to any string

  $c->name('some_string');      # default 'Secret'

Just remember to obey the rules for allowed characters in cookie strings for both name & passcode

encode()

Generate an encrypted cookie-like value from a hash. Optional invarient values may be specified for a MAC

  $c->encode(\%state, \@mac_keys).

Only the crypt secret and the mac_keys valuess are present in the MAC. What is returned is

  NAME:crypted_string (NAME.Debug:crypted_string)

where $c->pascode(somename) (default 'Secret')

decode($$$)

Decrypt and generate state hash from the encrypted hash

  $c->decode(\$cookie,\%state, \@mac_keys);

Return false if decode or MAC fails

md5_hex($)

Return the md5 hash of input string.

md5_b64($)

Return the md5 base 64 hash of input string.

checkMAC
  $c = Apache::CryptHash->init('some password');
  $c->checkMAC(\%state, \@mac_keys)

Does a comparison of the MAC in the %state vs the calculated value based on @mac_keys and returns a boolean result.

Don't forget to set the passcode or the check will fail!

SEE ALSO

Crypt::CapnMidNite Crypt::RC4 Digest::MD5 MIME::Base64

COPYRIGHT and LICENSE

  Copyright 2003 Michael Robinton, BizSystems.

This module is free software; you can redistribute it and/or modify it under the terms of either:

  a) the GNU General Public License as published by the Free Software
  Foundation; either version 1, or (at your option) any later version,
  
  or

  b) the "Artistic License" which comes with this module.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See either the GNU General Public License or the Artistic License for more details.

You should have received a copy of the Artistic License with this module, in the file ARTISTIC. If not, I'll be glad to provide one.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA