xmlsectool is a Java command line tool that can download, check well-formedness, schema validity, and signature of an XML document. It can also create enveloped signatures of an XML document.
| Note |
|---|
This space describes the xmlsectool V2.x series of releases. The current stable release of xmlsectool is V2 is V3.0.0. The previous stable release of xmlsectool is V1.2.0. As of July December 31, 20162020, all security maintenance for xmlsectool V1 V2.20.0 ceasedwill cease. At that point V2V3.0.0, described here, became will become the only supported release. |
All software, including archived releases, is available from http://shibboleth.net/downloads/tools/xmlsectool/. Each release is accompanied by a detached PGP signature using one of the keys listed in the project's PGP_KEYS file.
...
| Warning |
|---|
If you use --keystoreProvider to load a provider dynamically, you must not also load that provider statically through the java.security configuration file as this will cause two copies of the provider to be loaded. This will result in hard to debug errors, such as "Private keys must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding" or "No installed provider supports this key". |
Here is an example command line fragment:
...
| Warning |
|---|
If you modify the java.security file to statically load a provider, you must not also use the –keystoreProvider option to load it dynamically as this will cause two copies of the provider to be loaded. This will result in hard to debug errors, such as "Private keys must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding" or "No installed provider supports this key". |
Using --keystore instead of --pkcs11Config
...