NAME

    Crypt::Passphrase::Argon2::HSM - HSM encrypted Argon2 hashes for
    Crypt::Passphrase

SYNOPSIS

     my $passphrase = Crypt::Passphrase->new(
         encoder => {
             module   => 'Argon2::HSM',
             provider => '/usr/lib/pkcs11/some-pkcs11.so',
             active   => '3',
         },
     );

DESCRIPTION

    This class implements peppering by encrypting the hash using HSM. Note
    that it does not do the argon2 computation in the HSM.

METHODS

 new

    This constructor takes all arguments also taken by
    Crypt::Passphrase::Argon2, with the following additions:

      * provider

      The path to the PKCS11 provider. This is mandatory.

      * slot

      The slot used on the provider, this defaults to the first listed
      slot.

      * active

      This is the identifier of the active pepper. This is mandatory.

      * prefix

      The prefix that is used when looking up keys in the HSM. It defaults
      to 'pepper-'.

      * pin

      The PIN that is used for logging in, if any.

      * user_type

      The type of user you're logging in with. This defaults to 'user', and
      you're unlikely to want to change that.

      * cipher

      This is the cipher that's used for peppering. This can be any
      mechanism supporting encrypt/decrypt. The default is 'aes-cbc'.

AUTHOR

    Leon Timmermans <leont@cpan.org>

COPYRIGHT AND LICENSE

    This software is copyright (c) 2023 by Leon Timmermans.

    This is free software; you can redistribute it and/or modify it under
    the same terms as the Perl 5 programming language system itself.