[xmlsec] xmlsec command-line usage

Aleksey Sanin aleksey at aleksey.com
Thu May 7 08:01:21 PDT 2009

See my answers inline below.


> 1.       Does xmlsec support encryption of many parts of the document. I 
> used –node-name and the xpath flag but it found only the first encrypted 
> part.

You will need to run encryption multiple times for each selected
subtree manually.

> 2.       I have went over the regression testing directory and searched 
> for templates where the EncryptedKey is outside EncryptedData part, and 
> so on. Can you please give me a reference to such templates?

Are you talking about <RetrievalMethod> ? There are several examples,
just search for it :)

> 3.       I tried decrypting by xmlsec an instance generated using 
> xmlsec, and got an error on id pointer. I discovered that if I use 
> xml:id instead of xmlend:Id xmlsec decrypts it properly.

Section 3.2 from FAQ http://www.aleksey.com/xmlsec/faq.html :)

> 4.       I tried decrypting more than one EncryptedData element, 
> literally all EncryptedData elements in one pass, or find a way of 
> specifying number of times decryption will be executed in order to 
> decrypt all encrypted content. Is there such a configuration flag?

Nope. You will need to do decryption manually one-by-one.

More information about the xmlsec mailing list