Crypt::Passphrase::Argon2::AES - A peppered AES-encrypted Argon2 encoder for Crypt::Passphrase


 my $passphrase = Crypt::Passphrase->new(
     encoder => {
         module  => 'Argon2::AES',
         peppers => {
             1 => pack('H*', '0123456789ABCDEF...'),
             2 => pack('H*', 'FEDCBA9876543210...'),


This class implements peppering by encrypting the hash using AES (unlike Crypt::Passphrase::Pepper::Simple which hashes the input instead).



This constructor takes all arguments also taken by Crypt::Passphrase::Argon2, with the following additions:

  • peppers

    This is a map of identifier to pepper value. The identifiers should be (probably small) numbers, the values should be random binary strings that must be either 16, 24 or 32 bytes long.

  • active

    This is the identifier of the active pepper. By default it will be the identifier with the highest (numerical) value.

  • mode

    This is the mode that will be used with AES. Values values are 'ecb', 'cbc' (the default), 'cfb', 'ofb' and 'ctr'.

The salt_size is hard-coded to 16 bytes, and if mode equals cbc or ecb, the output_size must be a multiple of 16 bytes.


Leon Timmermans <>


This software is copyright (c) 2023 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.