Sign XML files with Xmlsectool using PKCS11 library
Integrate the DigiCert® Software Trust Manager PKCS11 library with Xmlsectool to sign XML files.
Before you begin
What you will need:
Download xmlsectool
Java_home path set
XML file that needs signing
Transferring software (Windows only)
Note
This file natively runs on Linux and Mac OS. However, Windows requires transferring software (eg.such as Putty) to connect with a Linux terminal to run the .sh files.
Let’s begin
Download xmlsectool zip file.
Unzip the downloaded file.
Sign in to your console.
Copy the XML document to your Linux location.
Set up the PKCS11 configuration file.
Use the sign XML command.
Use the verify XML command.
XML commands
Sign XML file
Command
./xmlsectool.sh --sign --pkcs11Config <path to PKCS11 config file> --keyAlias <keypair alias> --keyPassword NONE --inFile <name of xml file to be signed> --outFile <name of xml file after signing>
Output sample
./xmlsectool.sh --sign --pkcs11Config pkcs11properties.cfg --keyAlias StageCertKp --keyPassword NONE --inFile UnsignedFileName.xml --outFile SignedFileName.xml INFO XMLSecTool - Reading XML document from file UnsignedFileName.xml INFO XMLSecTool - XML document parsed and is well-formed. INFO XMLSecTool - XML document successfully signed INFO XMLSecTool - XML document written to file /Users/Name/github.com/digicert/ssm/SignedFileName.xml
Verify signed XML file
Command
./xmlsectool.sh --verifySignature --pkcs11Config <path to PKCS11 config file> --keyAlias <keypair alias> --keyPassword NONE --inFile <name of xml file after signing>
Output sample
./xmlsectool.sh --verifySignature --pkcs11Config pkcs11properties.cfg --keyAlias KeypairAliasExample --keyPassword NONE --inFile SignedFileName.xml INFO XMLSecTool - Reading XML document from file 'SignedFileName.xml' INFO XMLSecTool - XML document parsed and is well-formed. INFO XMLSecTool - XML document signature verified.
Alternative command
xmlsectool.sh --verifySignature --certificate <certificate associated with keypair> --inFile <name of xml file after signing>
Output sample
./xmlsectool.sh --verifySignature --certificate CertificateName.crt --inFile SignedFileName.xml INFO XMLSecTool - Reading XML document from file 'SignedFileName.xml' INFO XMLSecTool - XML document parsed and is well-formed. INFO XMLSecTool - XML document signature verified.