use Tie::EncryptedHash;

    tie my %s, Tie::EncryptedHash, 'passwd';

    $s{foo}  = "plaintext";     # Normal field, stored in plaintext.
    print $s{foo};              # (plaintext)

    $s{_bar} = "signature";     # Fieldnames that begin in single
                                # underscore are encrypted.
    print $s{_bar};             # (signature)  Though, while the password 
                                # is set, they behave like normal fields.
    delete $s{__password};      # Delete password to disable access 
                                # to encrypting fields.
    print $s{_bar};             # (Blowfish NuRVFIr8UCAJu5AWY0w...)

    $s{__password} = 'passwd';  # Restore password to gain access.
    print $s{_bar};             # (signature)

    $s{_baz}{a}{b} = 42;        # Refs are fine, we encrypt them too.