view release on metacpan or  search on metacpan

lib/Crypt/PostgreSQL.pm  view on Meta::CPAN

=cut

sub encrypt_scram {
    my($password, $salt) = @_;
    if(!defined $salt){
        $salt = Crypt::URandom::urandom(16);
    }elsif(length($salt) != 16){
        croak 'The salt length must be 16!';
    }
    my $iterations = 4096;
    my $digest_key = pbkdf2($password, $salt, $iterations, 'SHA256', 32);
    my $client_key = hmac('SHA256', $digest_key ,'Client Key');
    my $b64_client_key = sha256_b64($client_key);
    my $b64_server_key = hmac_b64('SHA256', $digest_key, 'Server Key');
    my $b64_salt = encode_base64($salt, '');
    return "SCRAM-SHA-256\$$iterations:$b64_salt\$$b64_client_key:$b64_server_key";
}


=head1 SECURITY

Report security vulnerabilities **privately** to the maintainer at
E<lt>gdo@leader.itE<gt>. See the F<SECURITY.md> file in this distribution's
root directory for the full policy (coordinated disclosure, optional CC to the
L<CPAN Security Group|https://security.metacpan.org/> at
E<lt>cpan-security@security.metacpan.orgE<gt>). Do not file security issues on