Perl code to generate secret key for HMAC SHA256 signing?

I'm planning to use code similar to Amazon AWS samples to authenticate signed API requests. So users will have something like:

use Digest::SHA qw(hmac_sha256_base64);
my $digest = hmac_sha256_base64 ($request, $self->{SecretKey});

and attach $digest as a parameter to their request URI. The server-side will use the same algorithm to create a digest from 开发者_开发问答the client URI and compare that to the value sent by the client.

What I can't find is Perl support for generating the SecretKey of the correct length to use when generating HMAC SHA256 digest.

For my Amazon AWS account I'm being given a 40 ASCII character base64 encoded string.

How do I generate a proper secret-key for my clients?

I suggest you use a PBKDF2 algorithm. PBKDF2 = "Password-based Key Derivation Function (#2)". It is defined in PKCS #5 (RFC 2898). This is the recommended way to derive a key from a password. You will need a salt, as well. A typical iteration count is 1000.

This page says it has a perl implementation of PBKDF2. I haven't tried it.

Apparently there is also a Crypto::PBKDF2, but it is saddled with dependencies you may not want.

EDIT

I just tried Anthony Thyssen's perl program for pbkdf2 - it works great. Simple, easy.