XMLSecTool
A command-line tool for signing and verifying XML documents using digital signatures.
Sign XML files with Xmlsectool
Prerequisites
- Run the AppViewX SIGN+ Installer to install the prerequisites required to use the AppViewX PKCS11 Provider with Xmlsectool.
- Download xmlsectool.
- Java_home path set.
- XML file that needs signing.
Note: This file natively runs on Linux and Mac OS.
However, Windows requires transferring software (eg.such as Putty) to connect
with a Linux terminal to run the .sh files.
Tool Usage and Steps
- Download xmlsectool zip file.
- Unzip the downloaded file.
- Sign in to your console.
- Copy the XML document to your Linux location.
- Set up the PKCS11 configuration file.
- Use the sign XML command.
- Use the verify XML command.
XML commands
Sign XML
file
Command:
./xmlsectool.sh --sign --pkcs11Config <path to PKCS11 config file> --keyAlias <keypair alias> --keyPassword NONE --inFile <name of xml file to be signed> --outFile <name of xml file after signing>Output
sample:
./xmlsectool.sh --sign --pkcs11Config pkcs11properties.cfg --keyAlias TestCert --keyPassword NONE --inFile UnsignedFileName.xml --outFile SignedFileName.xml
INFO XMLSecTool - Reading XML document from file UnsignedFileName.xml
INFO XMLSecTool - XML document parsed and is well-formed.
INFO XMLSecTool - XML document successfully signed
INFO XMLSecTool - XML document written to file /Users/Name/SignedFileName.xmlVerify signed XML
file
Command:
./xmlsectool.sh --verifySignature --pkcs11Config <path to PKCS11 config file> --keyAlias <keypair alias> --keyPassword NONE --inFile <name of xml file after signing>Output
sample:
./xmlsectool.sh --verifySignature --pkcs11Config pkcs11properties.cfg --keyAlias KeypairAliasExample --keyPassword NONE --inFile SignedFileName.xml
INFO XMLSecTool - Reading XML document from file 'SignedFileName.xml'
INFO XMLSecTool - XML document parsed and is well-formed.
INFO XMLSecTool - XML document signature verified.