|Table of Contents|
xmlsectool supports using credentials stored in PKCS#11 tokens such as cryptographic smart cards, both to sign and verify documents.
This configuration can be provided in one of two ways:
Statically, by editing the
java.securityfile within the Java runtime, or
Dynamically, by providing it to
xmlsectool supports both options, we strongly recommend dynamic configuration over static: because static configuration requires you to change a file within the Java runtime itself, the changes apply to every application using that runtime, require additional permissions on most systems, and may be erased whenever the runtime is updated.
We do not recommend mixing dynamic and static configuration (i.e., using
xmlsectool with Dynamic PKCS#11 Configuration