My general take is: “dictum ne agas: do not do a thing already done.”
You need to be able to avail yourself of CPAN, all the way. JSON (or XML..SOAP) is a good, reliable way to freeze and thaw a message. Encryption (public or private key) is also readily available. What you really want here is “an encrypted transport layer,” presumably in the form of a Perl object, that provides all the rest of your application with reliable, authenticated message-passing while concealing all of the plumbing behind a nice sheetrock™ wall. I'm sure that this has been done before.
Basically, “this is yet-another RPC requirement, nothing more.” Yeah, it's gotta be secure but “ hey, there's nothing new about that, either.” So you're looking at research-time, not coding time: “finding the right shelf.”