Skip to main content
Skip table of contents

Using Signum with XMLSec Tool

Instructions for using the 3rd party xmlsectool script for generating signatures for XML files.

Linux

This guide assumes the Signum Linux Agent and Java have been installed and configured.

Setting up XMLSec Tool

You can find and download the latest xmlsectool here.

Unzip archive

CODE 
unzip xmlsectool-#.#.#-bin.zip

Establish a JAVA_HOME environmental variable

CODE 
export JAVA_HOME="/usr/lib/jvm/open-jdk"

Configuration File

Create a configuration file, /etc/keyfactor/keyfactorpkcs11.cfg with the below properties.

CODE 
name = KeyfactorPKCS11
library = /usr/lib/libkeyfactorpkcs11.so
description = Keyfactor PKCS#11 interface for SmartCard

List the Key Objects

Use keytool to list the keys from the Keyfactor Signum PKCS11 provider.

CODE 
keytool -list -storetype PKCS11 -storepass NONE -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/keyfactor/keyfactorpkcs11.cfg
CODE 
Keystore type: PKCS11
Keystore provider: SunPKCS11-KeyfactorPKCS11
Your keystore contains 4 entries
170570A1D56FBB5A4CC780B69ACAEF94010D5DAA - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 1C:3B:0B:5E:B7:7F:29:29:87:4E:7D:BC:77:11:D9:7F:FF:06:0B:C3:F2:F9:DE:02:8E:72:C6:87:4E:CE:B2:94
3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 97:58:8B:1B:C4:D5:19:3C:C6:5F:3F:4A:73:11:53:17:98:D4:A7:E9:FD:A3:3D:88:B0:9F:09:EB:77:D9:23:F0
DE0BB605AC697DF1A99A3C675BC03DF0B83F49D0 - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 88:A0:C7:2B:6B:F6:3B:61:4C:4D:49:AB:CD:2F:C7:6A:B2:4F:50:63:27:B1:74:15:87:34:72:54:69:54:F1:A4
F78AE7871FEF1D0CF3EFFB58E9CC85F261438D2B - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): B4:D6:B2:C1:B9:A0:4A:55:D4:7B:37:AD:C2:3F:D3:7A:B0:77:60:B5:B3:30:87:11:8A:F4:26:2F:D4:2F:B7:89

Signing

CODE 
./xmlsectool.sh --sign --pkcs11Config /etc/keyfactor/keyfactorpkcs11.cfg --keyAlias "3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate" --keyPassword NONE --inFile sample.xml --outFile sample.xml.signed
INFO  XMLSecTool - Reading XML document from file 'sample.xml'
INFO  XMLSecTool - XML document parsed and is well-formed.
INFO  XMLSecTool - XML document successfully signed
INFO  XMLSecTool - XML document written to file xmlsectool-3.0.0/sample.xml.signed

Verification

CODE 
./xmlsectool.sh --verifySignature --pkcs11Config /etc/keyfactor/keyfactorpkcs11.cfg --keyAlias "3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate" --keyPassword NONE --inFile sample.xml.signed 
INFO  XMLSecTool - Reading XML document from file 'sample.xml.signed'
INFO  XMLSecTool - XML document parsed and is well-formed.
INFO  XMLSecTool - XML document signature verified.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close