Skip to main content
Skip table of contents

Sign XML Files with with XMLsectool

To sign .xml files with Signum, use the 3rd party XMLsectool script to generate signatures for the files.

Prerequisites

Set up XMLSec Tool

Unzip the archive:

CODE 
unzip xmlsectool-#.#.#-bin.zip

Establish a JAVA_HOME environmental variable:

CODE 
export JAVA_HOME="/usr/lib/jvm/open-jdk"

Create Configuration File

Create a configuration file /etc/keyfactor/keyfactorpkcs11.cfg with the following properties:

CODE 
name = KeyfactorPKCS11
library = /usr/lib/libkeyfactorpkcs11.so
description = Keyfactor PKCS#11 interface for SmartCard

List Key Objects

Use keytool to list the keys from the Keyfactor Signum PKCS#11 provider:

CODE 
keytool -list -storetype PKCS11 -storepass NONE -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/keyfactor/keyfactorpkcs11.cfg
CODE 
Keystore type: PKCS11
Keystore provider: SunPKCS11-KeyfactorPKCS11
Your keystore contains 4 entries
170570A1D56FBB5A4CC780B69ACAEF94010D5DAA - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 1C:3B:0B:5E:B7:7F:29:29:87:4E:7D:BC:77:11:D9:7F:FF:06:0B:C3:F2:F9:DE:02:8E:72:C6:87:4E:CE:B2:94
3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 97:58:8B:1B:C4:D5:19:3C:C6:5F:3F:4A:73:11:53:17:98:D4:A7:E9:FD:A3:3D:88:B0:9F:09:EB:77:D9:23:F0
DE0BB605AC697DF1A99A3C675BC03DF0B83F49D0 - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 88:A0:C7:2B:6B:F6:3B:61:4C:4D:49:AB:CD:2F:C7:6A:B2:4F:50:63:27:B1:74:15:87:34:72:54:69:54:F1:A4
F78AE7871FEF1D0CF3EFFB58E9CC85F261438D2B - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): B4:D6:B2:C1:B9:A0:4A:55:D4:7B:37:AD:C2:3F:D3:7A:B0:77:60:B5:B3:30:87:11:8A:F4:26:2F:D4:2F:B7:89

Sign

Use the following command with the key information to sign the .xml file:

CODE 
./xmlsectool.sh --sign --pkcs11Config /etc/keyfactor/keyfactorpkcs11.cfg --keyAlias "3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate" --keyPassword NONE --inFile sample.xml --outFile sample.xml.signed
INFO  XMLSecTool - Reading XML document from file 'sample.xml'
INFO  XMLSecTool - XML document parsed and is well-formed.
INFO  XMLSecTool - XML document successfully signed
INFO  XMLSecTool - XML document written to file xmlsectool-3.0.0/sample.xml.signed

Verify

Use the following command to verify the signature:

CODE 
./xmlsectool.sh --verifySignature --pkcs11Config /etc/keyfactor/keyfactorpkcs11.cfg --keyAlias "3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate" --keyPassword NONE --inFile sample.xml.signed 
INFO  XMLSecTool - Reading XML document from file 'sample.xml.signed'
INFO  XMLSecTool - XML document parsed and is well-formed.
INFO  XMLSecTool - XML document signature verified.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close