GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
CentOS 4.8 |
i386 |
 |
xmlsec1(1) |
 |
xmlsec1 − sign, verify, encrypt and decrypt XML documents
xmlsec <command> [<options>] [<file>]
xmlsec is a command line tool for signing, verifying, encrypting and decrypting XML documents. The allowed <command> values are:
|
−−help |
display this help information and exit |
−−help−all
display help information for all commands/options and exit
−−help−<cmd>
display help information for command <cmd> and exit
−−version
print version information and exit
|
−−keys |
keys XML file manipulation |
|||
|
−−sign |
sign data and output XML document |
−−verify
verify signed document
−−sign−tmpl
create and sign dynamicaly generated signature template
−−encrypt
encrypt data and output XML document
−−decrypt
decrypt data from XML document
|
−−ignore−manifests |
do not process <dsig:Manifest> elements
|
−−store−references |
store and print the result of <dsig:Reference/> element processing just before calculating digest
|
−−store−signatures |
store and print the result of <dsig:Signature> processing just before calculating signature
|
−−enabled−reference−uris <list> |
comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <dsig:Reference> element
|
−−enable−visa3d−hack |
enables Visa3D protocol specific hack for URI attributes processing when we are trying not to use XPath/XPointer engine; this is a hack and I don’t know what else might be broken in your application when you use it (also check "--id-attr" option because you might need it)
|
−−binary−data <file> |
binary <file> to encrypt
|
−−xml−data <file> |
XML <file> to encrypt
|
−−enabled−cipher−reference−uris <list> |
comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <enc:CipherReference> element
|
−−session−key <keyKlass>-<keySize> |
generate new session <keyKlass> key of <keySize> bits size (for example, "--session des-192" generates a new 192 bits DES key for DES3 encryption)
|
−−output <filename> |
write result document to file <filename>
|
−−print−debug |
print debug information to stdout
|
−−print−xml−debug |
print debug information to stdout in xml format
|
−−dtd−file <file> |
load the specified file as the DTD
|
−−node−id <id> |
set the operation start point to the node with given <id>
|
−−node−name [<namespace-uri>:]<name> |
set the operation start point to the first node with given <name> and <namespace> URI
|
−−node−xpath <expr> |
set the operation start point to the first node selected by the specified XPath expression
|
−−id−attr[:<attr-name>] [<node-namespace-uri>:]<node-name> |
adds attributes <attr-name> (default value "id") from all nodes with<node-name> and namespace <node-namespace-uri> to the list of known ID attributes; this is a hack and if you can use DTD or schema to declare ID attributes instead (see "--dtd-file" option), I don’t know what else might be broken in your application when you use this hack
|
−−enabled−key−data <list> |
comma separated list of enabled key data (list of registered key data klasses is available with "--list-key-data" command); by default, all registered key data are enabled
|
−−enabled−retrieval−uris <list> |
comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the <dsig:RetrievalMethod> element.
|
−−gen−key[:<name>] <keyKlass>-<keySize> |
generate new <keyKlass> key of <keySize> bits size, set the key name to <name> and add the result to keys manager (for example, "--gen:mykey rsa-1024" generates a new 1024 bits RSA key and sets it’s name to "mykey")
|
−−keys−file <file> |
load keys from XML file
|
−−privkey−pem[:<name>] <file>[,<cafile>[,<cafile>[...]]] |
load private key from PEM file and certificates that verify this key
|
−−privkey−der[:<name>] <file>[,<cafile>[,<cafile>[...]]] |
load private key from DER file and certificates that verify this key
|
−−pkcs−pem[:<name>] <file>[,<cafile>[,<cafile>[...]]] |
load private key from PKCS8 PEM file and PEM certificates that verify this key
|
−−pkcs8−der[:<name>] <file>[,<cafile>[,<cafile>[...]]] |
load private key from PKCS8 DER file and DER certificates that verify this key
|
−−pubkey−pem[:<name>] <file> |
load public key from PEM file
|
−−pubkey−der[:<name>] <file> |
load public key from DER file
|
−−aeskey[:<name>] <file> |
load AES key from binary file <file>
|
−−deskey[:<name>] <file> |
load DES key from binary file <file>
|
−−hmackey[:<name>] <file> |
load HMAC key from binary file <file>
|
−−pwd <password> |
the password to use for reading keys and certs
|
−−pkcs12[:<name>] <file> |
load load private key from pkcs12 file <file>
|
−−pubkey−cert−pem[:<name>] <file> |
load public key from PEM cert file
|
−−pubkey−cert−der[:<name>] <file> |
load public key from DER cert file
|
−−trusted−pem <file> |
load trusted (root) certificate from PEM file <file>
|
−−untrusted−pem <file> |
load untrusted certificate from PEM file <file>
|
−−trusted−der <file> |
load trusted (root) certificate from DER file <file>
|
−−untrusted−der <file> |
load untrusted certificate from DER file <file>
|
−−verification−time <time> |
the local time in "YYYY-MM-DD HH:MM:SS" format used certificates verification
|
−−depth <number> |
maximum certificates chain depth
|
−−X509−skip−strict−checks |
skip strict checking of X509 data
|
−−crypto <name> |
the name of the crypto engine to use from the following list: openssl, gnutls, nss, mscrypto (if no crypto engine is specified then the default one is used)
|
−−crypto−config <path> |
path to crypto engine configuration
|
−−repeat <number> |
repeat the operation <number> times
|
−−disable−error−msgs |
do not print xmlsec error messages
|
−−print−crypto−error−msgs |
print errors stack at the end
|
−−help |
print help information about the command
Written by Aleksey Sanin <aleksey@aleksey.com>.
Report bugs to http://www.aleksey.com/xmlsec/bugs.html
Copyright
© 2002-2003 Aleksey Sanin.
This is free software: see the source for copying
information.
|
xmlsec1(1) | |