.\"Generated by db2man.xsl. Don't modify this, modify the source. .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "XMLSEC" 1 "" "" "xmlsec Manual" .SH NAME xmlsec \- command line tool to sign and encrypt XML documents .SH "SYNOPSIS" .nf \fBxmlsec\fR [\fBCOMMAND\fR] [\fBOPTIONS\fR] [\fIFILE1\fR] [\fIFILE2\fR] [\fI....\fR] .fi .SH "INTRODUCTION" .PP The xmlsec program signs or encrypts XML files, specified on the command line as \fIFILE1\fR, \fIFILE2\fR, ... according to "XML Digital Signature" and "XML Encryption" specifications. .PP The xmlsec program is included in XML Security Library. .SH "COMMANDS" .TP \fBversion\fR Prints version information for the xmlsec program. .TP \fBhelp\fR Prints general help information. .TP \fBhelp-command\fR Prints help information for \fIcommand\fR. .TP \fBkeys\fR Manages keys in XML keys file. The result keys file is written to the \fIFILE1\fR, \fIFILE2\fR, \fI...\fR files. .TP \fBsign\fR Signs XML documents \fIFILE1\fR, \fIFILE2\fR, \fI...\fR .TP \fBverify\fR Verifies XML signature in the XML documents \fIFILE1\fR, \fIFILE2\fR, \fI...\fR .TP \fBencrypt\fR Encrypts data using templates from \fIFILE1\fR, \fIFILE2\fR, \fI...\fR files. .TP \fBdecrypt\fR Decrypts encrypted XML documents \fIFILE1\fR, \fIFILE2\fR, \fI...\fR .SH "KEYS COMMAND OPTIONS" .TP \fB--gen-hmac\fR \fIname\fR Generates 24 bytes HMAC key and sets the key name to \fIname\fR. .TP \fB--gen-rsa\fR \fIname\fR Generates RSA key and sets the key name to \fIname\fR. .TP \fB--gen-dsa\fR \fIname\fR Generates DSA key and sets the key name to \fIname\fR. .TP \fB--gen-des3\fR \fIname\fR Generates Tripple DES key and sets the key name to \fIname\fR. .TP \fB--gen-aes128\fR \fIname\fR Generates AES 128 key and sets the key name to \fIname\fR. .TP \fB--gen-aes192\fR \fIname\fR Generates AES 192 key and sets the key name to \fIname\fR. .TP \fB--gen-aes256\fR \fIname\fR Generates AES 256 key and sets the key name to \fIname\fR. .TP \fB--keys\fR \fIfile\fR Loads keys from XML keys \fIfile\fR. .TP \fB--pubkey\fR[:\fIname\fR] \fIfile\fR Loads public key from PEM \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--privkey\fR[:\fIname\fR] \fIfile\fR[,\fIcafile1\fR[,\fIcafile2\fR[,\fI...\fR]]] Loads private key from PEM \fIfile\fR along with certificates chain in PEM files \fIcafile1\fR, \fIcafile2\fR,\fI...\fR and sets the key name to \fIname\fR. .TP \fB--pkcs12\fR[:\fIname\fR] \fIfile\fR Loads private key and certificates chain from pkcs12 \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--pwd\fR \fIpassword\fR Sets the \fIpassword\fR to use for reading keys and certificates from PEM files. .TP \fB--hmackey\fR[:\fIname\fR] \fIfile\fR Loads HMAC key from binary file and sets the key name to \fIname\fR. .SH "SIGN COMMAND OPTIONS" .TP \fB--ignore-manifests\fR Instructs the xmlsec program to ignore elements. .TP \fB--node-id\fR \fIid\fR Instructs the xmlsec program to sign only element with given \fIid\fR. .TP \fB--keys\fR \fIfile\fR Loads keys from XML keys \fIfile\fR. .TP \fB--pubkey\fR[:\fIname\fR] \fIfile\fR Loads public key from PEM \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--privkey\fR[:\fIname\fR] \fIfile\fR[,\fIcafile1\fR[,\fIcafile2\fR[,\fI...\fR]]] Loads private key from PEM \fIfile\fR along with certificates chain in PEM files \fIcafile1\fR, \fIcafile2\fR,\fI...\fR and sets the key name to \fIname\fR. .TP \fB--pkcs12\fR[:\fIname\fR] \fIfile\fR Loads private key and certificates chain from pkcs12 \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--hmackey\fR[:\fIname\fR] \fIfile\fR Loads HMAC key from binary file and sets the key name to \fIname\fR. .TP \fB--pwd\fR \fIpassword\fR Sets the \fIpassword\fR to use for reading keys and certificates from PEM files. .TP \fB--allowed\fR \fIlist\fR Specifies the set of the allowed key origins as a comma separated \fIlist\fR of the following values: "keymanager", "keyname", "keyvalue", "retrieval-doc", "retrieval-remote", "enc-key", "x509". By default, all key origins are allowed. .TP \fB--session-key-hmac\fR Generates and uses for signature 24 bytes HMAC key. .TP \fB--session-key-rsa\fR Generates and uses for signature RSA key. .TP \fB--session-key-dsa\fR Generates and uses for signature DSA key. .TP \fB--repeat\fR \fInumber\fR Repeats the operation \fInumber\fR times. .TP \fB--fake-signatures\fR Disables actual signature calculation for performance testing. .SH "VERIFY COMMAND OPTIONS" .TP \fB--output\fR \fIfile\fR Writes the signed XML document to \fIfile\fR. .TP \fB--ignore-manifests\fR Instructs the xmlsec program to ignore elements. .TP \fB--node-id\fR \fIid\fR Instructs the xmlsec program to sign only element with given \fIid\fR. .TP \fB--print-result\fR Prints additional result information. .TP \fB--print-references\fR Prints the pre-digested signature references. .TP \fB--print-manifests\fR Prints the pre-digested manifests references. .TP \fB--print-siganture\fR Prints the pre-signated data ( element). .TP \fB--print-all\fR Prints all available data. .TP \fB--print-xml\fR Prints result in xml format. .TP \fB--print-to-file file\fR Prints result to file \fIfile\fR. .TP \fB--keys\fR \fIfile\fR Loads keys from XML keys \fIfile\fR. .TP \fB--pubkey\fR[:\fIname\fR] \fIfile\fR Loads public key from PEM \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--privkey\fR[:\fIname\fR] \fIfile\fR[,\fIcafile1\fR[,\fIcafile2\fR[,\fI...\fR]]] Loads private key from PEM \fIfile\fR along with certificates chain in PEM files \fIcafile1\fR, \fIcafile2\fR,\fI...\fR and sets the key name to \fIname\fR. .TP \fB--pkcs12\fR[:\fIname\fR] \fIfile\fR Loads private key and certificates chain from pkcs12 \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--hmackey\fR[:\fIname\fR] \fIfile\fR Loads HMAC key from binary file and sets the key name to \fIname\fR. .TP \fB--pwd\fR \fIpassword\fR Sets the \fIpassword\fR to use for reading keys and certificates from PEM files. .TP \fB--allowed\fR \fIlist\fR Specifies the set of the allowed key origins as a comma separated \fIlist\fR of the following values: "keymanager", "keyname", "keyvalue", "retrieval-doc", "retrieval-remote", "enc-key", "x509". By default, all key origins are allowed. .TP \fB--trusted\fR \fIfile\fR Loads trusted certificate from PEM \fIfile\fR. .TP \fB--untrusted\fR \fIfile\fR Loads un-trusted certificate from PEM \fIfile\fR. .TP \fB--repeat\fR \fInumber\fR Repeats the operation \fInumber\fR times. .TP \fB--fake-signatures\fR Disables actual signature calculation for performance testing. .SH "ENCRYPT COMMAND OPTIONS" .TP \fB--output\fR \fIfile\fR Writes the encrypted XML document to \fIfile\fR. .TP \fB--binary\fR \fIfile\fR Encrypts binary \fIfile\fR. .TP \fB--xml\fR \fIfile\fR Encrypts XML \fIfile\fR. .TP \fB--node-id\fR \fIid\fR Instructs the xmlsec program to encrypt only element with given \fIid\fR. .TP \fB--node-name\fR [\fInamespace-uri\fR:]\fIname\fR Instructs the xmlsec program to encrypt only element with given \fInamespace-uri\fR and \fIname\fR. .TP \fB--keys\fR \fIfile\fR Loads keys from XML keys \fIfile\fR. .TP \fB--pubkey\fR[:\fIname\fR] \fIfile\fR Loads public key from PEM \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--privkey\fR[:\fIname\fR] \fIfile\fR[,\fIcafile1\fR[,\fIcafile2\fR[,\fI...\fR]]] Loads private key from PEM \fIfile\fR along with certificates chain in PEM files \fIcafile1\fR, \fIcafile2\fR,\fI...\fR and sets the key name to \fIname\fR. .TP \fB--pkcs12\fR[:\fIname\fR] \fIfile\fR Loads private key and certificates chain from pkcs12 \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--hmackey\fR[:\fIname\fR] \fIfile\fR Loads HMAC key from binary file and sets the key name to \fIname\fR. .TP \fB--pwd\fR \fIpassword\fR Sets the \fIpassword\fR to use for reading keys and certificates from PEM files. .TP \fB--allowed\fR \fIlist\fR Specifies the set of the allowed key origins as a comma separated \fIlist\fR of the following values: "keymanager", "keyname", "keyvalue", "retrieval-doc", "retrieval-remote", "enc-key", "x509". By default, all key origins are allowed. .TP \fB--session-key-rsa\fR Generates and uses for encryption RSA key. .TP \fB--session-key-des3\fR Generates and uses for encryption Tripple DES key. .TP \fB--session-key-aes128\fR Generates and uses for encryption AES 128 key. .TP \fB--session-key-aes192\fR Generates and uses for encryption AES 192 key. .TP \fB--session-key-256\fR Generates and uses for encryption AES 256 key. .TP \fB--repeat\fR \fInumber\fR Repeats the operation \fInumber\fR times. .SH "DECRYPT COMMAND OPTIONS" .TP \fB--output\fR \fIfile\fR Writes the decrypted XML document to \fIfile\fR. .TP \fB--node-id\fR \fIid\fR Instructs the xmlsec program to decrypt only element with given \fIid\fR. .TP \fB--keys\fR \fIfile\fR Loads keys from XML keys \fIfile\fR. .TP \fB--pubkey\fR[:\fIname\fR] \fIfile\fR Loads public key from PEM \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--privkey\fR[:\fIname\fR] \fIfile\fR[,\fIcafile1\fR[,\fIcafile2\fR[,\fI...\fR]]] Loads private key from PEM \fIfile\fR along with certificates chain in PEM files \fIcafile1\fR, \fIcafile2\fR,\fI...\fR and sets the key name to \fIname\fR. .TP \fB--pkcs12\fR[:\fIname\fR] \fIfile\fR Loads private key and certificates chain from pkcs12 \fIfile\fR and sets the key name to \fIname\fR. .TP \fB--hmackey\fR[:\fIname\fR] \fIfile\fR Loads HMAC key from binary file and sets the key name to \fIname\fR. .TP \fB--pwd\fR \fIpassword\fR Sets the \fIpassword\fR to use for reading keys and certificates from PEM files. .TP \fB--allowed\fR \fIlist\fR Specifies the set of the allowed key origins as a comma separated \fIlist\fR of the following values: "keymanager", "keyname", "keyvalue", "retrieval-doc", "retrieval-remote", "enc-key", "x509". By default, all key origins are allowed. .TP \fB--trusted\fR \fIfile\fR Loads trusted certificate from PEM \fIfile\fR. .TP \fB--untrusted\fR \fIfile\fR Loads un-trusted certificate from PEM \fIfile\fR. .TP \fB--repeat\fR \fInumber\fR Repeats the operation \fInumber\fR times. .SH "REPORTING BUGS" .PP Report bugs to .SH "MORE INFORMATION" XML Security Library: \fIhttp://www.aleksey.com/xmlsec/\fR XML Digital Signature: \fIhttp://www.w3.org/Signature/\fR XML Encrytpion: \fIhttp://www.w3.org/Encryption/\fR .SH AUTHOR Aleksey Sanin .