I sympathize with your problem, to wit, getting a data feed from a third party over which you have little or no control.

"The tentative plan is to provide them with a script that they can run against the source file to encrypt it and then we process it on our side."

You'd be asking for trouble if your script presumed any particular version of Perl or the presence of any non-standard (i.e., don't come with Perl) modules. You'll probably have enough trouble just getting them to run a script at all.

Good Luck!

Update: Oops! Forgot to mention, if you're planning to use crypt, you should be on the lookout for architecture- or OS-dependencies in its output.

dmm