XMLSEC1(1)
NAME
xmlsec1 - sign, verify, encrypt and decrypt XML documents
SYNOPSIS
xmlsec <command> [<options>] [<files>]
DESCRIPTION
xmlsec is a command line tool for signing, verifying, encrypting and
decrypting XML documents. The allowed <command> values are:
--help display this help information and exit
- --help-all
- display help information for all commands/options and exit
- --help-<cmd>
- display help information for command <cmd> and exit
- --version
- print version information and exit
- --keys keys XML file manipulation
- --sign sign data and output XML document
- --verify
- verify signed document
- --sign-tmpl
- create and sign dynamicaly generated signature template
- --encrypt
- encrypt data and output XML document
- --decrypt
- decrypt data from XML document
OPTIONS
- --ignore-manifests
- do not process <dsig:Manifest> elements
- --store-references
store and print the result of <dsig:Reference/> element processing just before calculating digest- --store-signatures
store and print the result of <dsig:Signature> processing just before calculating signature- --enabled-reference-uris <list>
comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <dsig:Reference> element- --enable-visa3d-hack
enables Visa3D protocol specific hack for URI attributes processing when we are trying not to use XPath/XPointer engine;
this is a hack and I don't know what else might be broken in your application when you use it (also check "--id-attr" option because you might need it)- --binary-data <file>
binary <file> to encrypt- --xml-data <file>
XML <file> to encrypt- --enabled-cipher-reference-uris <list>
comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <enc:CipherReference> element- --session-key <keyKlass>-<keySize>
generate new session <keyKlass> key of <keySize> bits size (for example, "--session des-192" generates a new 192 bits DES key for DES3 encryption)- --output <filename>
write result document to file <filename>- --print-debug
print debug information to stdout- --print-xml-debug
print debug information to stdout in xml format- --dtd-file <file>
load the specified file as the DTD- --node-id <id>
set the operation start point to the node with given <id>- --node-name [<namespace-uri>:]<name>
set the operation start point to the first node with given <name> and <namespace> URI- --node-xpath <expr>
set the operation start point to the first node selected by the specified XPath expression- --id-attr[:<attr-name>] [<node-namespace-uri>:]<node-name>
adds attributes <attr-name> (default value "id") from all nodes with<node-name> and namespace <node-namespace-uri> to the list of known ID attributes; this is a hack and if you can use DTD or schema to declare ID attributes instead (see "--dtd-file" option), I don't know what else might be broken in your application when you use this hack- --enabled-key-data <list>
comma separated list of enabled key data (list of registered key data klasses is available with "--list-key-data" command); by default, all registered key data are enabled- --enabled-retrieval-uris <list>
comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <dsig:RetrievalMethod> element.- --gen-key[:<name>] <keyKlass>-<keySize>
generate new <keyKlass> key of <keySize> bits size, set the key name to <name> and add the result to keys manager (for example, "--gen:mykey rsa-1024" generates a new 1024 bits RSA key and sets it's name to "mykey")- --keys-file <file>
load keys from XML file- --privkey-pem[:<name>] <file>[,<cafile>[,<cafile>[...]]]
load private key from PEM file and certificates that verify this key- --privkey-der[:<name>] <file>[,<cafile>[,<cafile>[...]]]
load private key from DER file and certificates that verify this key- --pkcs8-pem[:<name>] <file>[,<cafile>[,<cafile>[...]]]
load private key from PKCS8 PEM file and PEM certificates that verify this key- --pkcs8-der[:<name>] <file>[,<cafile>[,<cafile>[...]]]
load private key from PKCS8 DER file and DER certificates that verify this key- --pubkey-pem[:<name>] <file>
load public key from PEM file- --pubkey-der[:<name>] <file>
load public key from DER file- --aeskey[:<name>] <file>
load AES key from binary file <file>- --deskey[:<name>] <file>
load DES key from binary file <file>- --hmackey[:<name>] <file>
load HMAC key from binary file <file>- --pwd <password>
the password to use for reading keys and certs- --pkcs12[:<name>] <file>
load load private key from pkcs12 file <file>- --pubkey-cert-pem[:<name>] <file>
load public key from PEM cert file- --pubkey-cert-der[:<name>] <file>
load public key from DER cert file- --trusted-pem <file>
load trusted (root) certificate from PEM file <file>- --untrusted-pem <file>
load untrusted certificate from PEM file <file>- --trusted-der <file>
load trusted (root) certificate from DER file <file>- --untrusted-der <file>
load untrusted certificate from DER file <file>- --verification-time <time>
the local time in "YYYY-MM-DD HH:MM:SS" format used certificates verification- --depth <number>
maximum certificates chain depth- --X509-skip-strict-checks
skip strict checking of X509 data- --crypto <name>
the name of the crypto engine to use from the following list: openssl, gnutls, nss, mscrypto (if no crypto engine is specified then the default one is used)- --crypto-config <path>
path to crypto engine configuration- --repeat <number>
repeat the operation <number> times- --disable-error-msgs
do not print xmlsec error messages- --print-crypto-error-msgs
print errors stack at the end- --help
print help information about the command
AUTHOR
Written by Aleksey Sanin <aleksey@aleksey.com>.
REPORTING BUGS
Report bugs to http://www.aleksey.com/xmlsec/bugs.html
COPYRIGHT
- Copyright (C) 2002-2003 Aleksey Sanin.
This is free software: see the source for copying information.