Skip to main content

Sign XML files with Xmlsectool using PKCS11 library

Integrate the DigiCert​​®​​ Software Trust Manager PKCS11 library with Xmlsectool to sign XML files.

Before you begin

What you will need:

  • Download xmlsectool

  • Java_home path set

  • XML file that needs signing

  • Transferring software (Windows only)

    Note

    This file natively runs on Linux and Mac OS. However, Windows requires transferring software (eg.such as Putty) to connect with a Linux terminal to run the .sh files.

Let’s begin

  1. Download xmlsectool zip file.

  2. Unzip the downloaded file.

  3. Sign in to your console.

  4. Copy the XML document to your Linux location.

  5. Set up the PKCS11 configuration file.

  6. Use the sign XML command.

  7. Use the verify XML command.

XML commands

Sign XML file

Command

./xmlsectool.sh --sign --pkcs11Config <path to PKCS11 config file> --keyAlias  <keypair alias> --keyPassword NONE --inFile  <name of xml file to be signed> --outFile  <name of xml file after signing>

Output sample

./xmlsectool.sh --sign --pkcs11Config pkcs11properties.cfg --keyAlias  StageCertKp --keyPassword NONE --inFile  UnsignedFileName.xml --outFile  SignedFileName.xml
INFO XMLSecTool - Reading XML document from file UnsignedFileName.xml
INFO XMLSecTool - XML document parsed and is well-formed.
INFO XMLSecTool - XML document successfully signed
INFO XMLSecTool - XML document written to file /Users/Name/github.com/digicert/ssm/SignedFileName.xml

Verify signed XML file

Command

./xmlsectool.sh --verifySignature --pkcs11Config <path to PKCS11 config file> --keyAlias  <keypair alias> --keyPassword  NONE --inFile  <name of xml file after signing>

Output sample

./xmlsectool.sh --verifySignature --pkcs11Config pkcs11properties.cfg --keyAlias  KeypairAliasExample  --keyPassword  NONE --inFile  SignedFileName.xml
INFO XMLSecTool - Reading XML document from file 'SignedFileName.xml'
INFO XMLSecTool - XML document parsed and is well-formed.
INFO XMLSecTool - XML document signature verified.

Alternative command

xmlsectool.sh --verifySignature --certificate <certificate associated with keypair> --inFile <name of xml file after signing>

Output sample

./xmlsectool.sh --verifySignature --certificate CertificateName.crt --inFile SignedFileName.xml
INFO XMLSecTool - Reading XML document from file 'SignedFileName.xml'
INFO XMLSecTool - XML document parsed and is well-formed.
INFO XMLSecTool - XML document signature verified.