| xsec-cipher.pod(1) | Apache XML Security | xsec-cipher.pod(1) |
xmlsec-cipher - Perform basic encryption and decryption of XML documents
xmlsec-cipher [-i] ([-d] | -de |
-ef | -ex) [-x]
[-o output] -k [kek] (filename [password]
| key-string)
input
xmlsec-cipher encrypts or decrypts an XML document following the XML Digital Signature and Encryption specifications using the Apache XML Security for C++ library. The default action is to decrypt the input file. Other operations can be selected with the -de, -ef, or -ex options. The result of the operation, whether encryption or decryption, will be printed to standard output.
Note that each option must be given as a separate argument.
If the first argument following the --key or -k option is the string "kek", the following key argument will be used as a Key EncryptionKey.
type specifies the key type and must be one of X509, RSA, AES128, AES192, AES256, AES128-GCM, AES192-GCM, AES256-GCM, or 3DES.
The remaining arguments depend on the key type. For X509, only a filename may be given and must contain an RSA KEK certificate. For RSA, a filename and password may specify an RSA private key file and its password (this must be a KEK). For the other key types, the last argument is the string to use as the key.
xmlsec-cipher exits with status 0 if the encryption or decryption operation was successful and with status 1 if it failed. If it cannot process the input file for some reason, it exits with status 2.
This manual page was written by Russ Allbery for Debian.
The authors hereby relinquish any claim to any copyright that they may have in this work, whether granted under contract or by operation of law or international treaty, and hereby commit to the public, at large, that they shall not, at any time in the future, seek to enforce any copyright in this work against any person or entity, or prevent any person or entity from copying, publishing, distributing or creating derivative works of this work.
| 2020-12-27 | 2.0.2 |