xmlsectool
is a Java command line tool that can download, check well-formedness, schema validity, and signature of an XML document. It can also create enveloped signatures of an XML document.
Warningnote |
---|
| This space describes the xmlsectool
| .x series of releases. The current stable release of xmlsectool
is V2 | .The previous stable release of xmlsectool
is V1.2.0. As of July 31, 2016 |
As of December 31, 2020, all security maintenance for xmlsectool V1XMLSecTool V2.20.0 has ceased. At that point V2V3.0.0, described here, became is the only supported release. |
All software, including archived releases, is available from http://shibboleth.net/downloads/tools/xmlsectool/. Each release is accompanied by a detached PGP signature using one of the keys listed in the project's PGP_KEYS file.
...
Warning |
---|
If you use --keystoreProvider to load a provider dynamically, you must not also load that provider statically through the java.security configuration file as this will cause two copies of the provider to be loaded. This will result in hard to debug errors, such as "Private keys must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding " or "No installed provider supports this key ". |
Here is an example command line fragment:
...
Warning |
---|
The sun.security.pkcs11.SunPKCS11 provider is not available for use in this way in Java 9 or later. You will instead receive the following error: ERROR CredentialHelper - Keystore provider class does not provide a String-argument constructor
|
The configuration file's contents might look like this:
...
Warning |
---|
If you modify the java.security file to statically load a provider, you must not also use the –keystoreProvider option to load it dynamically as this will cause two copies of the provider to be loaded. This will result in hard to debug errors, such as "Private keys must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding " or "No installed provider supports this key ". |
Using --keystore
instead of --pkcs11Config
...
Project details
Git Repository: githttps://git.shibboleth.net/git/xmlsectool
Issue Tracking: https://issues.shibboleth.net/jira/browse/XSTJ