/ 
Crypt-Perl-0.18
/ Crypt::Perl::PKCS10::Attribute::challengePassword
Security Advisories (2)
CVE-2020-17478 (2020-08-10)

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

CVE-2020-13895 (2020-06-07)

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

NAME

Crypt::Perl::PKCS10::Attribute::challengePassword

SYNOPSIS

my $chpw = Crypt::Perl::PKCS10::Attribute::challengePassword->new($passwd);

SECURITY

This attribute stores a phrase UNENCRYPTED in the CSR. Don’t put anything in here that you consider sensitive!

It’s likely that you don’t need this attribute. Check with your Certificate Authority to find out for sure sure if you need to include this in your CSR.

DESCRIPTION

Instances of this class represent a challengePassword attribute of a PKCS #10 Certificate Signing Request (CSR).

You probably don’t need to instantiate this class directly; instead, you can instantiate it implicitly by listing out arguments to Crypt::Perl::PKCS10’s constructor. See that module’s SYNOPSIS for an example.