Manual Pages for Linux CentOS command on man xmlsec1
XMLSEC1(1) User Commands XMLSEC1(1)
NAME
xmlsec1 - sign, verify, encrypt and decrypt XML documents
SYNOPSIS
xmlsec [] []
DESCRIPTION
xmlsec is a command line tool for signing, verifying, encrypting and
decrypting XML documents. The allowed values are:
help display this help information and exit
help-all
display help information for all commands/options and exit
help-
display help information for command and exit
version
print version information and exit
keys keys XML file manipulation
sign sign data and output XML document
verify
verify signed document
sign-tmpl
create and sign dynamicaly generated signature template
encrypt
encrypt data and output XML document
decrypt
decrypt data from XML document
OPTIONS
ignore-manifests
do not process elements
store-references
store and print the result of element process‐
ing just before calculating digest
store-signatures
store and print the result of processing just
before calculating signature
enabled-reference-uris
comma separated list of of the following values: "empty",
"same-doc", "local","remote" to restrict possible URI attribute
values for the element
enable-visa3d-hack
enables Visa3D protocol specific hack for URI attributes pro‐
cessing when we are trying not to use XPath/XPointer engine;
this is a hack and I don't know what else might be broken in
your application when you use it (also check "id-attr" option
because you might need it)
binary-data
binary to encrypt
xml-data
XML to encrypt
enabled-cipher-reference-uris
comma separated list of of the following values: "empty",
"same-doc", "local","remote" to restrict possible URI attribute
values for the element
session-key -
generate new session key of bits size (for
example, "session des-192" generates a new 192 bits DES key
for DES3 encryption)
output
write result document to file
print-debug
print debug information to stdout
print-xml-debug
print debug information to stdout in xml format
dtd-file
load the specified file as the DTD
node-id
set the operation start point to the node with given
node-name [:]
set the operation start point to the first node with given
and URI
node-xpath
set the operation start point to the first node selected by the
specified XPath expression
id-attr[:] [:]
adds attributes (default value "id") from all nodes
with and namespace to the list
of known ID attributes; this is a hack and if you can use DTD or
schema to declare ID attributes instead (see "dtd-file"
option), I don't know what else might be broken in your applica‐
tion when you use this hack
enabled-key-data
comma separated list of enabled key data (list of registered key
data klasses is available with "list-key-data" command); by
default, all registered key data are enabled
enabled-retrieval-uris
comma separated list of of the following values: "empty",
"same-doc", "local","remote" to restrict possible URI attribute
values for the element.
gen-key[:] -
generate new key of bits size, set the key
name to and add the result to keys manager (for example,
"gen:mykey rsa-1024" generates a new 1024 bits RSA key and
sets it's name to "mykey")
keys-file
load keys from XML file
privkey-pem[:] [,[,[...]]]
load private key from PEM file and certificates that verify this
key
privkey-der[:] [,[,[...]]]
load private key from DER file and certificates that verify this
key
pkcs8-pem[:] [,[,[...]]]
load private key from PKCS8 PEM file and PEM certificates that
verify this key
pkcs8-der[:] [,[,[...]]]
load private key from PKCS8 DER file and DER certificates that
verify this key
pubkey-pem[:]
load public key from PEM file
pubkey-der[:]
load public key from DER file
aeskey[:]
load AES key from binary file
deskey[:]
load DES key from binary file
hmackey[:]
load HMAC key from binary file
pwd
the password to use for reading keys and certs
pkcs12[:]
load load private key from pkcs12 file
pubkey-cert-pem[:]
load public key from PEM cert file
pubkey-cert-der[:]
load public key from DER cert file
trusted-pem
load trusted (root) certificate from PEM file
untrusted-pem
load untrusted certificate from PEM file
trusted-der
load trusted (root) certificate from DER file
untrusted-der
load untrusted certificate from DER file