xmlsec(1)
NAME
xmlsec - command line tool to sign and encrypt XML documents
SYNOPSIS
xmlsec [COMMAND] [OPTIONS] [FILE1] [FILE2] [....]
INTRODUCTION
The xmlsec program signs or encrypts XML files, specified on the com-
mand line as FILE1, FILE2, ... according to "XML Digital Signature" and
"XML Encryption" specifications.
The xmlsec program is included in XML Security Library.
COMMANDS
version
Prints version information for the xmlsec program.
help Prints general help information.
help-command
Prints help information for command.
keys Manages keys in XML keys file. The result keys file is written
to the FILE1, FILE2, ... files.
sign Signs XML documents FILE1, FILE2, ...
verify Verifies XML signature in the XML documents FILE1, FILE2, ...
encrypt
Encrypts data using templates from FILE1, FILE2, ... files.
decrypt
Decrypts encrypted XML documents FILE1, FILE2, ...
KEYS COMMAND OPTIONS
--gen-hmac name
Generates 24 bytes HMAC key and sets the key name to name.
--gen-rsa name
Generates RSA key and sets the key name to name.
--gen-dsa name
Generates DSA key and sets the key name to name.
--gen-des3 name
Generates Tripple DES key and sets the key name to name.
--gen-aes128 name
Generates AES 128 key and sets the key name to name.
--gen-aes192 name
Generates AES 192 key and sets the key name to name.
--gen-aes256 name
Generates AES 256 key and sets the key name to name.
--keys file
Loads keys from XML keys file.
--pubkey[:name] file
Loads public key from PEM file and sets the key name to name.
--privkey[:name] file[,cafile1[,cafile2[,...]]]
Loads private key from PEM file along with certificates chain in
PEM files cafile1, cafile2,... and sets the key name to name.
--pkcs12[:name] file
Loads private key and certificates chain from pkcs12 file and
sets the key name to name.
--pwd password
Sets the password to use for reading keys and certificates from
PEM files.
--hmackey[:name] file
Loads HMAC key from binary file and sets the key name to name.
SIGN COMMAND OPTIONS
--ignore-manifests
Instructs the xmlsec program to ignore <dsig:Manifest> elements.
--node-id id
Instructs the xmlsec program to sign only <dsig:Signature> ele-
ment with given id.
--keys file
Loads keys from XML keys file.
--pubkey[:name] file
Loads public key from PEM file and sets the key name to name.
--privkey[:name] file[,cafile1[,cafile2[,...]]]
Loads private key from PEM file along with certificates chain in
PEM files cafile1, cafile2,... and sets the key name to name.
--pkcs12[:name] file
Loads private key and certificates chain from pkcs12 file and
sets the key name to name.
--hmackey[:name] file
Loads HMAC key from binary file and sets the key name to name.
--pwd password
Sets the password to use for reading keys and certificates from
PEM files.
--allowed list
Specifies the set of the allowed key origins as a comma sepa-
rated list of the following values: "keymanager", "keyname",
"keyvalue", "retrieval-doc", "retrieval-remote", "enc-key",
"x509". By default, all key origins are allowed.
--session-key-hmac
Generates and uses for signature 24 bytes HMAC key.
--session-key-rsa
Generates and uses for signature RSA key.
--session-key-dsa
Generates and uses for signature DSA key.
--repeat number
Repeats the operation number times.
--fake-signatures
Disables actual signature calculation for performance testing.
VERIFY COMMAND OPTIONS
--output file
Writes the signed XML document to file.
--ignore-manifests
Instructs the xmlsec program to ignore <dsig:Manifest> elements.
--node-id id
Instructs the xmlsec program to sign only <dsig:Signature> ele-
ment with given id.
--print-result
Prints additional result information.
--print-references
Prints the pre-digested signature references.
--print-manifests
Prints the pre-digested manifests references.
--print-siganture
Prints the pre-signated data (<dsig:SignedInfo> element).
--print-all
Prints all available data.
--print-xml
Prints result in xml format.
--print-to-file file
Prints result to file file.
--keys file
Loads keys from XML keys file.
--pubkey[:name] file
Loads public key from PEM file and sets the key name to name.
--privkey[:name] file[,cafile1[,cafile2[,...]]]
Loads private key from PEM file along with certificates chain in
PEM files cafile1, cafile2,... and sets the key name to name.
--pkcs12[:name] file
Loads private key and certificates chain from pkcs12 file and
sets the key name to name.
--hmackey[:name] file
Loads HMAC key from binary file and sets the key name to name.
--pwd password
Sets the password to use for reading keys and certificates from
PEM files.
--allowed list
Specifies the set of the allowed key origins as a comma sepa-
rated list of the following values: "keymanager", "keyname",
"keyvalue", "retrieval-doc", "retrieval-remote", "enc-key",
"x509". By default, all key origins are allowed.
--trusted file
Loads trusted certificate from PEM file.
--untrusted file
Loads un-trusted certificate from PEM file.
--repeat number
Repeats the operation number times.
--fake-signatures
Disables actual signature calculation for performance testing.
ENCRYPT COMMAND OPTIONS
--output file
Writes the encrypted XML document to file.
--binary file
Encrypts binary file.
--xml file
Encrypts XML file.
--node-id id
Instructs the xmlsec program to encrypt only element with given
id.
--node-name [namespace-uri:]name
Instructs the xmlsec program to encrypt only element with given
namespace-uri and name.
--keys file
Loads keys from XML keys file.
--pubkey[:name] file
Loads public key from PEM file and sets the key name to name.
--privkey[:name] file[,cafile1[,cafile2[,...]]]
Loads private key from PEM file along with certificates chain in
PEM files cafile1, cafile2,... and sets the key name to name.
--pkcs12[:name] file
Loads private key and certificates chain from pkcs12 file and
sets the key name to name.
--hmackey[:name] file
Loads HMAC key from binary file and sets the key name to name.
--pwd password
Sets the password to use for reading keys and certificates from
PEM files.
--allowed list
Specifies the set of the allowed key origins as a comma sepa-
rated list of the following values: "keymanager", "keyname",
"keyvalue", "retrieval-doc", "retrieval-remote", "enc-key",
"x509". By default, all key origins are allowed.
--session-key-rsa
Generates and uses for encryption RSA key.
--session-key-des3
Generates and uses for encryption Tripple DES key.
--session-key-aes128
Generates and uses for encryption AES 128 key.
--session-key-aes192
Generates and uses for encryption AES 192 key.
--session-key-256
Generates and uses for encryption AES 256 key.
--repeat number
Repeats the operation number times.
DECRYPT COMMAND OPTIONS
--output file
Writes the decrypted XML document to file.
--node-id id
Instructs the xmlsec program to decrypt only element with given
id.
--keys file
Loads keys from XML keys file.
--pubkey[:name] file
Loads public key from PEM file and sets the key name to name.
--privkey[:name] file[,cafile1[,cafile2[,...]]]
Loads private key from PEM file along with certificates chain in
PEM files cafile1, cafile2,... and sets the key name to name.
--pkcs12[:name] file
Loads private key and certificates chain from pkcs12 file and
sets the key name to name.
--hmackey[:name] file
Loads HMAC key from binary file and sets the key name to name.
--pwd password
Sets the password to use for reading keys and certificates from
PEM files.
--allowed list
Specifies the set of the allowed key origins as a comma sepa-
rated list of the following values: "keymanager", "keyname",
"keyvalue", "retrieval-doc", "retrieval-remote", "enc-key",
"x509". By default, all key origins are allowed.
--trusted file
Loads trusted certificate from PEM file.
--untrusted file
Loads un-trusted certificate from PEM file.
--repeat number
Repeats the operation number times.
REPORTING BUGS
Report bugs to <xmlsec@aleksey.com>
MORE INFORMATION
XML Security Library: http://www.aleksey.com/xmlsec/
XML Digital Signature: http://www.w3.org/Signature/
XML Encrytpion: http://www.w3.org/Encryption/
AUTHOR
Aleksey Sanin <aleksey@aleksey.com>.
XMLSEC(1)
Man(1) output converted with
man2html