3 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
4 <title>Man page of XMLSEC1</title>
6 <body><table witdh="100%" valign="top"><tr valign="top">
7 <td valign="top" align="left" width="210">
8 <img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
10 <li><a href="index.html">Home</a></li>
11 <li><a href="download.html">Download</a></li>
12 <li><a href="news.html">News</a></li>
13 <li><a href="documentation.html">Documentation</a></li>
15 <li><a href="faq.html">FAQ</a></li>
16 <li><a href="api/xmlsec-notes.html">Tutorial</a></li>
17 <li><a href="api/xmlsec-reference.html">API reference</a></li>
18 <li><a href="api/xmlsec-examples.html">Examples</a></li>
20 <li><a href="xmldsig.html">XML Digital Signature</a></li>
21 <ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
22 <li><a href="xmlenc.html">XML Encryption</a></li>
23 <li><a href="c14n.html">XML Canonicalization</a></li>
24 <li><a href="bugs.html">Reporting Bugs</a></li>
25 <li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
26 <li><a href="related.html">Related</a></li>
27 <li><a href="authors.html">Authors</a></li>
32 <td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
36 <td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
40 <td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
42 <!--Links - start--><!--Links - end-->
45 <td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
47 <br><br><a href="#index">Index</a><a href="/cgi-bin/man/man2html">Return to Main Contents</a><hr>
48 <a name="lbAB"> </a><h2>NAME</h2>
49 <a name="lbAC"> </a><h2>SYNOPSIS</h2>
50 <b>xmlsec</b><i><command> </i><i><options></i><i><files></i><a name="lbAD"> </a><h2>DESCRIPTION</h2>
52 <dt><b>--help</b></dt>
53 <dd> display this help information and exit </dd>
54 <dt><b>--help-all</b></dt>
55 <dd> display help information for all commands/options and exit </dd>
57 <b>--help-</b><cmd></dt>
58 <dd> display help information for command <cmd> and exit </dd>
59 <dt><b>--version</b></dt>
60 <dd> print version information and exit </dd>
61 <dt><b>--keys</b></dt>
62 <dd> keys XML file manipulation </dd>
63 <dt><b>--sign</b></dt>
64 <dd> sign data and output XML document </dd>
65 <dt><b>--verify</b></dt>
66 <dd> verify signed document </dd>
67 <dt><b>--sign-tmpl</b></dt>
68 <dd> create and sign dynamicaly generated signature template </dd>
69 <dt><b>--encrypt</b></dt>
70 <dd> encrypt data and output XML document </dd>
71 <dt><b>--decrypt</b></dt>
72 <dd> decrypt data from XML document </dd>
74 <a name="lbAE"> </a><h2>OPTIONS</h2>
76 <dt> <b>--ignore-manifests</b> <dt></dt>
78 <dd> <dd>do not process <dsig:Manifest> elements </dd>
80 <dt> <b>--store-references</b> <dt></dt>
82 <dd> <dd>store and print the result of <dsig:Reference/> element processing just before calculating digest </dd>
84 <dt> <b>--store-signatures</b> <dt></dt>
86 <dd> <dd>store and print the result of <dsig:Signature> processing just before calculating signature </dd>
88 <dt> <b>--enabled-reference-uris</b> <list> <dt></dt>
90 <dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <dsig:Reference> element </dd>
92 <dt> <b>--enable-visa3d-hack</b> <dt></dt>
94 <dd> <dd>enables Visa3D protocol specific hack for URI attributes processing when we are trying not to use XPath/XPointer engine; this is a hack and I don't know what else might be broken in your application when you use it (also check "--id-attr" option because you might need it) </dd>
96 <dt> <b>--binary-data</b> <file> <dt></dt>
98 <dd> <dd>binary <file> to encrypt </dd>
100 <dt> <b>--xml-data</b> <file> <dt></dt>
102 <dd> <dd>XML <file> to encrypt </dd>
104 <dt> <b>--enabled-cipher-reference-uris</b> <list> <dt></dt>
106 <dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <enc:CipherReference> element </dd>
108 <dt> <b>--session-key</b> <keyKlass>-<keySize> <dt></dt>
110 <dd> <dd>generate new session <keyKlass> key of <keySize> bits size (for example, "--session des-192" generates a new 192 bits DES key for DES3 encryption) </dd>
112 <dt> <b>--output</b> <filename> <dt></dt>
114 <dd> <dd>write result document to file <filename> </dd>
116 <dt> <b>--print-debug</b> <dt></dt>
118 <dd> <dd>print debug information to stdout </dd>
120 <dt> <b>--print-xml-debug</b> <dt></dt>
122 <dd> <dd>print debug information to stdout in xml format </dd>
124 <dt> <b>--dtd-file</b> <file> <dt></dt>
126 <dd> <dd>load the specified file as the DTD </dd>
128 <dt> <b>--node-id</b> <id> <dt></dt>
130 <dd> <dd>set the operation start point to the node with given <id> </dd>
132 <dt> <b>--node-name</b> [<namespace-uri>:]<name> <dt></dt>
134 <dd> <dd>set the operation start point to the first node with given <name> and <namespace> URI </dd>
136 <dt> <b>--node-xpath</b> <expr> <dt></dt>
138 <dd> <dd>set the operation start point to the first node selected by the specified XPath expression </dd>
140 <dt> <b>--id-attr[</b>:<attr-name>] [<node-namespace-uri>:]<node-name> <dt></dt>
142 <dd> <dd>adds attributes <attr-name> (default value "id") from all nodes with<node-name> and namespace <node-namespace-uri> to the list of known ID attributes; this is a hack and if you can use DTD or schema to declare ID attributes instead (see "--dtd-file" option), I don't know what else might be broken in your application when you use this hack </dd>
144 <dt> <b>--enabled-key-data</b> <list> <dt></dt>
146 <dd> <dd>comma separated list of enabled key data (list of registered key data klasses is available with "--list-key-data" command); by default, all registered key data are enabled </dd>
148 <dt> <b>--enabled-retrieval-uris</b> <list> <dt></dt>
150 <dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <dsig:RetrievalMethod> element. </dd>
152 <dt> <b>--gen-key[</b>:<name>] <keyKlass>-<keySize> <dt></dt>
154 <dd> <dd>generate new <keyKlass> key of <keySize> bits size, set the key name to <name> and add the result to keys manager (for example, "--gen:mykey rsa-1024" generates a new 1024 bits RSA key and sets it's name to "mykey") </dd>
156 <dt> <b>--keys-file</b> <file> <dt></dt>
158 <dd> <dd>load keys from XML file </dd>
160 <dt> <b>--privkey-pem[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
162 <dd> <dd>load private key from PEM file and certificates that verify this key </dd>
164 <dt> <b>--privkey-der[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
166 <dd> <dd>load private key from DER file and certificates that verify this key </dd>
168 <dt> <b>--pkcs8-pem[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
170 <dd> <dd>load private key from PKCS8 PEM file and PEM certificates that verify this key </dd>
172 <dt> <b>--pkcs8-der[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
174 <dd> <dd>load private key from PKCS8 DER file and DER certificates that verify this key </dd>
176 <dt> <b>--pubkey-pem[</b>:<name>] <file> <dt></dt>
178 <dd> <dd>load public key from PEM file </dd>
180 <dt> <b>--pubkey-der[</b>:<name>] <file> <dt></dt>
182 <dd> <dd>load public key from DER file </dd>
184 <dt> <b>--aeskey[</b>:<name>] <file> <dt></dt>
186 <dd> <dd>load AES key from binary file <file> </dd>
188 <dt> <b>--deskey[</b>:<name>] <file> <dt></dt>
190 <dd> <dd>load DES key from binary file <file> </dd>
192 <dt> <b>--hmackey[</b>:<name>] <file> <dt></dt>
194 <dd> <dd>load HMAC key from binary file <file> </dd>
196 <dt> <b>--pwd</b> <password> <dt></dt>
198 <dd> <dd>the password to use for reading keys and certs </dd>
200 <dt> <b>--pkcs12[</b>:<name>] <file> <dt></dt>
202 <dd> <dd>load load private key from pkcs12 file <file> </dd>
204 <dt> <b>--pubkey-cert-pem[</b>:<name>] <file> <dt></dt>
206 <dd> <dd>load public key from PEM cert file </dd>
208 <dt> <b>--pubkey-cert-der[</b>:<name>] <file> <dt></dt>
210 <dd> <dd>load public key from DER cert file </dd>
212 <dt> <b>--trusted-pem</b> <file> <dt></dt>
214 <dd> <dd>load trusted (root) certificate from PEM file <file> </dd>
216 <dt> <b>--untrusted-pem</b> <file> <dt></dt>
218 <dd> <dd>load untrusted certificate from PEM file <file> </dd>
220 <dt> <b>--trusted-der</b> <file> <dt></dt>
222 <dd> <dd>load trusted (root) certificate from DER file <file> </dd>
224 <dt> <b>--untrusted-der</b> <file> <dt></dt>
226 <dd> <dd>load untrusted certificate from DER file <file> </dd>
228 <dt> <b>--verification-time</b> <time> <dt></dt>
230 <dd> <dd>the local time in "YYYY-MM-DD HH:MM:SS" format used certificates verification </dd>
232 <dt> <b>--depth</b> <number> <dt></dt>
234 <dd> <dd>maximum certificates chain depth </dd>
236 <dt> <b>--X509-skip-strict-checks</b> <dt></dt>
238 <dd> <dd>skip strict checking of X509 data </dd>
240 <dt> <b>--crypto</b> <name> <dt></dt>
242 <dd> <dd>the name of the crypto engine to use from the following list: openssl, gnutls, nss, mscrypto (if no crypto engine is specified then the default one is used) </dd>
244 <dt> <b>--crypto-config</b> <path> <dt></dt>
246 <dd> <dd>path to crypto engine configuration </dd>
248 <dt> <b>--repeat</b> <number> <dt></dt>
250 <dd> <dd>repeat the operation <number> times </dd>
252 <dt> <b>--disable-error-msgs</b> <dt></dt>
254 <dd> <dd>do not print xmlsec error messages </dd>
256 <dt> <b>--print-crypto-error-msgs</b> <dt></dt>
258 <dd> <dd>print errors stack at the end </dd>
260 <dt> <b>--help</b> <dt></dt>
262 <dd> <dd>print help information about the command </dd>
265 <a name="lbAF"> </a><h2>AUTHOR</h2>
266 <a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a><a name="lbAG"> </a><h2>REPORTING BUGS</h2>
267 <a href="http://www.aleksey.com/xmlsec/bugs.html">http://www.aleksey.com/xmlsec/bugs.html</a><a name="lbAH"> </a><h2>COPYRIGHT</h2>
270 <a name="index"> </a><h2>Index</h2>
272 <dt><a href="#lbAB">NAME</a></dt>
274 <dt><a href="#lbAC">SYNOPSIS</a></dt>
276 <dt><a href="#lbAD">DESCRIPTION</a></dt>
278 <dt><a href="#lbAE">OPTIONS</a></dt>
280 <dt><a href="#lbAF">AUTHOR</a></dt>
282 <dt><a href="#lbAG">REPORTING BUGS</a></dt>
284 <dt><a href="#lbAH">COPYRIGHT</a></dt>
288 <a href="/cgi-bin/man/man2html">man2html</a><br>
289 </td></tr></table></td>