Versions Compared

Old Version 21

changes.mady.by.user Ian Young

Saved on

compared with

New Version 22

changes.mady.by.user Ian Young

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Warning

We do not recommend mixing dynamic and static configuration (i.e., using --pkcs11Config with a modified java.security file, as this can cause two copies of the provider to be loaded. This may result in hard to debug errors, such as "Private keys must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding" or "No installed provider supports this key".

Using xmlsectool with Dynamic PKCS#11 Configuration

...

Code Block
languagenone
...xmlsectool.sh --sign --pkcs11Config /path/to/config.cfg \
   --keykeyAlias key2048 --keyPassword 1234 \
   --inFile unsigned.xml --outFile signed.xml

...

Code Block
languagenone
...xmlsectool.sh --verifySignature --pkcs11Config /path/to/config.cfg \
   --keykeyAlias key2048 --keyPassword 1234 \
   --inFile signed.xml

...

Code Block
languagenone
...xmlsectool.sh --sign --keystore /dev/null --keystoreType PKCS11 \
   --keykeyAlias key2048 --keyPassword 1234 \
   --inFile unsigned.xml --outFile signed.xml

...