.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PBKDF2::Tiny 3pm" .TH PBKDF2::Tiny 3pm "2014-11-20" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PBKDF2::Tiny \- Minimalist PBKDF2 (RFC 2898) with HMAC\-SHA1 or HMAC\-SHA2 .SH "VERSION" .IX Header "VERSION" version 0.005 .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use PBKDF2::Tiny qw/derive verify/; \& \& my $dk = derive( \*(AqSHA\-1\*(Aq, $pass, $salt, $iters ); \& \& if ( verify( $dk, \*(AqSHA\-1\*(Aq, $pass, $salt, $iters ) ) { \& # password is correct \& } .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This module provides an \s-1RFC 2898\s0 compliant \s-1PBKDF2\s0 implementation using \s-1HMAC\-SHA1\s0 or \s-1HMAC\-SHA2\s0 in under 100 lines of code. If you are using Perl 5.10 or later, it uses only core Perl modules. If you are on an earlier version of Perl, you need Digest::SHA or Digest::SHA::PurePerl. .PP All documented functions are optionally exported. No functions are exported by default. .SH "FUNCTIONS" .IX Header "FUNCTIONS" .SS "derive" .IX Subsection "derive" .Vb 1 \& $dk = derive( $type, $password, $salt, $iterations, $dk_length ) .Ve .PP The \f(CW\*(C`derive\*(C'\fR function outputs a binary string with the derived key. The first argument indicates the digest function to use. It must be one of: \s-1SHA\-1, SHA\-224, SHA\-256, SHA\-384,\s0 or \s-1SHA\-512.\s0 .PP If a password or salt are not provided, they default to the empty string, so don't do that! \s-1RFC 2898\s0 recommends a random salt of at least 8 octets. If you need a cryptographically strong salt, consider Crypt::URandom. .PP The password and salt should encoded as octet strings. If not (i.e. if Perl's internal '\s-1UTF8\s0' flag is on), then an exception will be thrown. .PP The number of iterations defaults to 1000 if not provided. If the derived key length is not provided, it defaults to the output size of the digest function. .SS "derive_hex" .IX Subsection "derive_hex" Works just like \*(L"derive\*(R" but outputs a hex string. .SS "verify" .IX Subsection "verify" .Vb 1 \& $bool = verify( $dk, $type, $password, $salt, $iterations, $dk_length ); .Ve .PP The \f(CW\*(C`verify\*(C'\fR function checks that a given derived key (in binary form) matches the password and other parameters provided using a constant-time comparison function. .PP The first parameter is the derived key to check. The remaining parameters are the same as for \*(L"derive\*(R". .SS "verify_hex" .IX Subsection "verify_hex" Works just like \*(L"verify\*(R" but the derived key must be a hex string (without a leading \*(L"0x\*(R"). .SS "digest_fcn" .IX Subsection "digest_fcn" .Vb 2 \& ($fcn, $block_size, $digest_length) = digest_fcn(\*(AqSHA\-1\*(Aq); \& $digest = $fcn\->($data); .Ve .PP This function is used internally by PBKDF2::Tiny, but made available in case it's useful to someone. .PP Given one of the valid digest types, it returns a function reference that digests a string of data. It also returns block size and digest length for that digest type. .SS "hmac" .IX Subsection "hmac" .Vb 2 \& $key = $digest_fcn\->($key) if length($key) > $block_size; \& $hmac = hmac( $data, $key, $digest_fcn, $block_size ); .Ve .PP This function is used internally by PBKDF2::Tiny, but made available in case it's useful to someone. .PP The first two arguments are the data and key inputs to the \s-1HMAC\s0 function. Both should be encoded as octet strings, as underlying HMAC/digest functions may croak or may give unexpected results if Perl's internal \s-1UTF\-8\s0 flag is on. .PP \&\fBNote\fR: if the key is longer than the digest block size, it must be preprocessed using the digesting function. .PP The third and fourth arguments must be a digesting code reference (from \&\*(L"digest_fcn\*(R") and block size. .SH "SEE ALSO" .IX Header "SEE ALSO" .IP "\(bu" 4 Crypt::PBKDF2 .IP "\(bu" 4 Digest::PBDKF2 .SH "SUPPORT" .IX Header "SUPPORT" .SS "Bugs / Feature Requests" .IX Subsection "Bugs / Feature Requests" Please report any bugs or feature requests through the issue tracker at . You will be notified automatically of any progress on your issue. .SS "Source Code" .IX Subsection "Source Code" This is open source software. The code repository is available for public review and contribution under the terms of the license. .PP .PP .Vb 1 \& git clone https://github.com/dagolden/PBKDF2\-Tiny.git .Ve .SH "AUTHOR" .IX Header "AUTHOR" David Golden .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is Copyright (c) 2014 by David Golden. .PP This is free software, licensed under: .PP .Vb 1 \& The Apache License, Version 2.0, January 2004 .Ve