Authen::TypeKey::Sign - TypeKey authentication signature generation


    use Authen::TypeKey::Sign;
    my $tk = Authen::TypeKey::Sign->new;
    my $user = { name=>'foo', nick=>'Dr. Foo', 
        email=>'drfoo@spectre.evilorg' };
    my $querystring = $tk->sign($user) or die $tk->errstr;


Authen::TypeKey::Sign is an implementation of the TypeKey authentication signature process. For information on the TypeKey protocol and using TypeKey in other applications, see



Create a new Authen::TypeKey::Sign object.

$tk->token([ $typekey_token ])

Get/set the TypeKey token used when creating the original sign-in link. This is required to successfully validate the signature in TypeKey 1.1 and higher, which includes the token in the plaintext.

This must be set before calling sign.

$tk->key( [$keyfile|\%key|$dsa_key_obj] )

Gets/sets the DSA key. If no parameter is passed it returns the key as a Crypt::DSA::Key object. With a parameter it also sets the key. The parameter may be one of the following:

  • Crypt::DSA::Key object

    A reference to a populated Crypt::DSA::Key object.

  • HASH reference

    A HASH reference containing keys of p, g, q, pub_key, and priv_key carrying the applicable values as per DSA key generation standard.

  • Filename

    A SCALAR containing the full path and filename of a text file containing the DSA keys including the private key. The format consists of five keys (p, g, q, pub_key, and priv_key) and their applicable values as per the DSA key generation standard. One per line. Keys and values are delimited by an equal sign.


    You can use the typekeygen utility script to generate this file.

    This must be set before calling sign.


Generates a TypeKey signature and returns a HTTP query string on success that can be used in its response to a TypeKey-enabled client. The method takes a required parameter of either a HASH reference or an object that supports a param method such as CGI or Apache::Request. The following hash keys are recognized:

  • name

    The unique username of the TypeKey user. Required.

  • nick

    The user's display name. Required.

  • email

    The user's email address. Required. If hide_email is set to true, sign will automatically encode the email address as a SHA-1 hash of the string mailto:<email>.

Elements for ts (timestamp) and token will be handled by the sign method. ts will be set to the current time (seconds since epoch). If using TypeKey Protocol version 1.1 or higher, token will be the value set using the token method.

If generation is unsuccessful, sign will return undef, and the error message can be found in $tk->errstr.

$tk->version([ $version ])

Get/set the version of the TypeKey protocol to use. The default version if 1.1.


Get/set whether the TypeKey signature should "hide" the email address by encoding the value as a SHA-1 hash. Default is true (1).


Authen::TypeKey, Apache::AuthTypeKey, typekeygen


Crypt::DSA Crypt::DSA::Key Crypt::DSA::Signature MIME::Base64 Getopt::Long 2.33+ Pod::Usage


The software is released under the Artistic License. The terms of the Artistic License are described at


TypeKey is a trademark of Six Apart Ltd. TypeKey Authentication Protocol is Copyright 2004 Six Apart Ltd, All rights reserved.

Except where otherwise noted, Authen::TypeKey::Sign is Copyright 2004, Timothy Appnel, All rights reserved.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 283:

'=end' without a target?