diff options
Diffstat (limited to 'man/xmlsec1.1')
| -rw-r--r-- | man/xmlsec1.1 | 269 |
1 files changed, 269 insertions, 0 deletions
diff --git a/man/xmlsec1.1 b/man/xmlsec1.1 new file mode 100644 index 00000000..d9414c12 --- /dev/null +++ b/man/xmlsec1.1 @@ -0,0 +1,269 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.38.2. +.TH XMLSEC1 "1" "May 2011" "xmlsec1 1.2.18 (openssl)" "User Commands" +.SH NAME +xmlsec1 \- sign, verify, encrypt and decrypt XML documents +.SH SYNOPSIS +.B xmlsec +\fI<command> \fR[\fI<options>\fR] [\fI<files>\fR] +.SH DESCRIPTION +xmlsec is a command line tool for signing, verifying, encrypting and +decrypting XML documents. The allowed <command> values are: +.TP +\fB\-\-help\fR +display this help information and exit +.TP +\fB\-\-help\-all\fR +display help information for all commands/options and exit +.TP +\fB\-\-help\-\fR<cmd> +display help information for command <cmd> and exit +.TP +\fB\-\-version\fR +print version information and exit +.TP +\fB\-\-keys\fR +keys XML file manipulation +.TP +\fB\-\-sign\fR +sign data and output XML document +.TP +\fB\-\-verify\fR +verify signed document +.TP +\fB\-\-sign\-tmpl\fR +create and sign dynamicaly generated signature template +.TP +\fB\-\-encrypt\fR +encrypt data and output XML document +.TP +\fB\-\-decrypt\fR +decrypt data from XML document +.SH OPTIONS +.HP +\fB\-\-ignore\-manifests\fR +.IP +do not process <dsig:Manifest> elements +.HP +\fB\-\-store\-references\fR +.IP +store and print the result of <dsig:Reference/> element processing +just before calculating digest +.HP +\fB\-\-store\-signatures\fR +.IP +store and print the result of <dsig:Signature> processing +just before calculating signature +.HP +\fB\-\-enabled\-reference\-uris\fR <list> +.IP +comma separated list of of the following values: +"empty", "same\-doc", "local","remote" to restrict possible URI +attribute values for the <dsig:Reference> element +.HP +\fB\-\-enable\-visa3d\-hack\fR +.IP +enables Visa3D protocol specific hack for URI attributes processing +when we are trying not to use XPath/XPointer engine; this is a hack +and I don't know what else might be broken in your application when +you use it (also check "\-\-id\-attr" option because you might need it) +.HP +\fB\-\-binary\-data\fR <file> +.IP +binary <file> to encrypt +.HP +\fB\-\-xml\-data\fR <file> +.IP +XML <file> to encrypt +.HP +\fB\-\-enabled\-cipher\-reference\-uris\fR <list> +.IP +comma separated list of of the following values: +"empty", "same\-doc", "local","remote" to restrict possible URI +attribute values for the <enc:CipherReference> element +.HP +\fB\-\-session\-key\fR <keyKlass>\-<keySize> +.IP +generate new session <keyKlass> key of <keySize> bits size +(for example, "\-\-session des\-192" generates a new 192 bits +DES key for DES3 encryption) +.HP +\fB\-\-output\fR <filename> +.IP +write result document to file <filename> +.HP +\fB\-\-print\-debug\fR +.IP +print debug information to stdout +.HP +\fB\-\-print\-xml\-debug\fR +.IP +print debug information to stdout in xml format +.HP +\fB\-\-dtd\-file\fR <file> +.IP +load the specified file as the DTD +.HP +\fB\-\-node\-id\fR <id> +.IP +set the operation start point to the node with given <id> +.HP +\fB\-\-node\-name\fR [<namespace\-uri>:]<name> +.IP +set the operation start point to the first node +with given <name> and <namespace> URI +.HP +\fB\-\-node\-xpath\fR <expr> +.IP +set the operation start point to the first node +selected by the specified XPath expression +.HP +\fB\-\-id\-attr[\fR:<attr\-name>] [<node\-namespace\-uri>:]<node\-name> +.IP +adds attributes <attr\-name> (default value "id") from all nodes +with<node\-name> and namespace <node\-namespace\-uri> to the list of +known ID attributes; this is a hack and if you can use DTD or schema +to declare ID attributes instead (see "\-\-dtd\-file" option), +I don't know what else might be broken in your application when +you use this hack +.HP +\fB\-\-enabled\-key\-data\fR <list> +.IP +comma separated list of enabled key data (list of +registered key data klasses is available with "\-\-list\-key\-data" +command); by default, all registered key data are enabled +.HP +\fB\-\-enabled\-retrieval\-uris\fR <list> +.IP +comma separated list of of the following values: +"empty", "same\-doc", "local","remote" to restrict possible URI +attribute values for the <dsig:RetrievalMethod> element. +.HP +\fB\-\-gen\-key[\fR:<name>] <keyKlass>\-<keySize> +.IP +generate new <keyKlass> key of <keySize> bits size, +set the key name to <name> and add the result to keys +manager (for example, "\-\-gen:mykey rsa\-1024" generates +a new 1024 bits RSA key and sets it's name to "mykey") +.HP +\fB\-\-keys\-file\fR <file> +.IP +load keys from XML file +.HP +\fB\-\-privkey\-pem[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]] +.IP +load private key from PEM file and certificates +that verify this key +.HP +\fB\-\-privkey\-der[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]] +.IP +load private key from DER file and certificates +that verify this key +.HP +\fB\-\-pkcs8\-pem[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]] +.IP +load private key from PKCS8 PEM file and PEM certificates +that verify this key +.HP +\fB\-\-pkcs8\-der[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]] +.IP +load private key from PKCS8 DER file and DER certificates +that verify this key +.HP +\fB\-\-pubkey\-pem[\fR:<name>] <file> +.IP +load public key from PEM file +.HP +\fB\-\-pubkey\-der[\fR:<name>] <file> +.IP +load public key from DER file +.HP +\fB\-\-aeskey[\fR:<name>] <file> +.IP +load AES key from binary file <file> +.HP +\fB\-\-deskey[\fR:<name>] <file> +.IP +load DES key from binary file <file> +.HP +\fB\-\-hmackey[\fR:<name>] <file> +.IP +load HMAC key from binary file <file> +.HP +\fB\-\-pwd\fR <password> +.IP +the password to use for reading keys and certs +.HP +\fB\-\-pkcs12[\fR:<name>] <file> +.IP +load load private key from pkcs12 file <file> +.HP +\fB\-\-pubkey\-cert\-pem[\fR:<name>] <file> +.IP +load public key from PEM cert file +.HP +\fB\-\-pubkey\-cert\-der[\fR:<name>] <file> +.IP +load public key from DER cert file +.HP +\fB\-\-trusted\-pem\fR <file> +.IP +load trusted (root) certificate from PEM file <file> +.HP +\fB\-\-untrusted\-pem\fR <file> +.IP +load untrusted certificate from PEM file <file> +.HP +\fB\-\-trusted\-der\fR <file> +.IP +load trusted (root) certificate from DER file <file> +.HP +\fB\-\-untrusted\-der\fR <file> +.IP +load untrusted certificate from DER file <file> +.HP +\fB\-\-verification\-time\fR <time> +.IP +the local time in "YYYY\-MM\-DD HH:MM:SS" format +used certificates verification +.HP +\fB\-\-depth\fR <number> +.IP +maximum certificates chain depth +.HP +\fB\-\-X509\-skip\-strict\-checks\fR +.IP +skip strict checking of X509 data +.HP +\fB\-\-crypto\fR <name> +.IP +the name of the crypto engine to use from the following +list: openssl, mscrypto, nss, gnutls, gcrypt (if no crypto engine is +specified then the default one is used) +.HP +\fB\-\-crypto\-config\fR <path> +.IP +path to crypto engine configuration +.HP +\fB\-\-repeat\fR <number> +.IP +repeat the operation <number> times +.HP +\fB\-\-disable\-error\-msgs\fR +.IP +do not print xmlsec error messages +.HP +\fB\-\-print\-crypto\-error\-msgs\fR +.IP +print errors stack at the end +.HP +\fB\-\-help\fR +.IP +print help information about the command +.SH AUTHOR +Written by Aleksey Sanin <aleksey@aleksey.com>. +.SH "REPORTING BUGS" +Report bugs to http://www.aleksey.com/xmlsec/bugs.html +.SH COPYRIGHT +Copyright \(co 2002\-2003 Aleksey Sanin. +.br +This is free software: see the source for copying information. |