[xmlsec] Command-line or library

Aleksey Sanin aleksey at aleksey.com
Thu May 14 11:05:39 PDT 2009

Hi Sébastien,

The library obviously provides more control over the
operations and you can tweak way more things than you
can do via command line tool. In particular, command line
tool is pretty weak in the keys/certs management area.
Basically, it uses the crypto library defaults and
there are no options to customize it.

Another issue is the fact that command line tool operates
on files while library can operate on documents in memory.
Having un-encrypted files on HDD might be a bad idea.

One of the options is to start from using the command line
tool and see if it meets your requirements. Most of the
work you will do (e.g. preparing templates) will be re-used
if you decide to switch to using the library itself later.


Sébastien Hinderer wrote:
> Dear all,
> I'm trying to implement a specification for encrypting digital talking
> books:
> http://www.daisy.org/projects/pdtb/
> Since the specification uses xml encryption, it is natural to think
> about xmlsec when implementing it.
> What I can't really figure out is: should I rather use xmlsec as a
> command-line tool and just develop a script that prepares the
> appropriate clear-text files and then runs xmlsec the appropriate way on
> all of them, or should I ratehr use xmlsec as a library inside the
> protector program ?
> In other words: what can be achieved with the library that could not be
> achived through the comand-line.
> For example: according to the abovementionned specification, all the xml
> content has to be encrypted with the same AES key, which is itself
> encrypted with an RSA public key and stored an "authorization object".
> The other XML files do not themselves contain the value of the AES key
> they have been encrypted with.
> Is this an example of something that cold be done only with the library
> and not through the command-line ?
> Any help will be greatly appreciated, since I'm getting a bit
> overwhelmed with these things.
> Many thanks in advance for any advice,
> Sébastien.
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list