Page Comparison

Table of Contents

...

Warning
We do not recommend mixing dynamic and static configuration (i.e., using `--pkcs11Config` with a modified `java.security` file, as this can cause two copies of the provider to be loaded. This may result in hard to debug errors, such as "`Private keys must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding`" or "`No installed provider supports this key`".

Using `xmlsectool` with Dynamic PKCS#11 Configuration

...

As described in java.security, the above example augments the JDK's version of java.security; it might just contain a single line:

Code Block
security.provider.14=SunPKCS11 /path/to/config.cfg

Alternatively, you can override it completely by using "==" instead of "=" in the property definitionthe master version of java.security entirely by using == instead of = like this:

Code Block
JVMOPTS="-Djava.security.properties==local-java.security" /opt/xmlsectool/xmlsectool.sh --sign ...

I this case, local-java.security must include the complete configuration normally found in the master version of java.security.

Upgrading from a previous version of `xmlsectool`

...

Versions Compared

Old Version 20

New Version 21

Key

Using `xmlsectool` with Dynamic PKCS#11 Configuration

Upgrading from a previous version of `xmlsectool`

Page Comparison

Versions Compared

Old Version 20

New Version 21

Key

Using xmlsectool with Dynamic PKCS#11 Configuration

Upgrading from a previous version of xmlsectool

Using `xmlsectool` with Dynamic PKCS#11 Configuration

Upgrading from a previous version of `xmlsectool`