What I'm trying to make happen: my PoCo::IRC bot requests for you to sign a message with an RSA key, but the message has a random string for every time you identify (sort of like #bitcoin-otc's gribble bot, but using RSA instead of bitcoin).
I want it to say something like
<mybot> With the key for 'donkus', sign the message '2FrNGk7QoCKQecIz', pass through base64. It needs to anticipate the arrival of my signed message. Then I could reply back with my signed message in base64, and it would verify using the hard-coded public key in the script (presumably using Crypt::RSA). This exchange would take place over private messaging.
This is so I could create a bunch of bots to op me on my EFnet channel, and yes I know I can use Eggdrop but I'd sooner write my own perl script than configure all that junk.
I would record the request like this:
$requests{$user} = {
key_for => "donkus",
token => "2FrNGk7QoCKQecIz",
ts => time(),
};
That way, if a user re-requests authentication, the old one is clobbered.
I'd either use the ts field to periodically expire authentication requests, or I'd use a LRU cache of $user identifiers to limit the number of requests in play. If I really cared, I'd do both: have a relatively high LRU cache limit (say 100 requests) and a relatively low timeout of perhaps 2 minutes.
As messages from $user come in, I'd see if they matched the credentials in %requests. If so, they're in. If not, they remain out.