XML Security Library
LibXML2
LibXSLT
OpenSSL

Download

Stable releases.

The latest stable XML Security Library version is 1.3.0:

The previous releases are also available.

GIT

XML Security Library is available from the GitHub.

Requirements

The XML Security Library requires LibXML library, LibXSLT library (optional) and one of the following cryptographic libraries:

XMLSec library Cryptographic library Supported formats Notes
xmlsec-openssl
  • Private keys: pkcs12, pkcs8 (pem/der), unencrypted keys (pem/der)
  • Public keys: x509 certificates (pem/der), standalone keys (pem/der)
  • x509 certificates: pem/der
  • x509 CRLs: pem/der
  • xmlsec-openssl with OpenSSL 3.0.0 or greater is recommended (supports all REQUIRED and all RECOMMENDED XML Digital Signature 1.1 and XML Encryption 1.1 algorithms).
  • BoringSSL API is unstable and the latest versions might not work with XMLSec Library.
xmlsec-gnutls GnuTLS 3.6.13 or above
  • Private keys: pkcs12, pkcs8 (pem/der), unencrypted keys (pem/der)
  • Public keys: x509 certificates (pem/der), standalone keys (pem/der)
Supports multiple cryptographic backends, the exact features set for xmlsec-gnutls depends on the backend in use.
xmlsec-nss NSS (Mozilla cryptographic library) 3.49 or above
  • Private keys: pkcs12
  • Public keys: x509 certificates (der), standalone keys (der)
  • x509 certificates: der
  • x509 CRLs: der
Requires NSPR 4.25.0 or above
xmlsec-mscng Microsoft Cryptography API: Next Generation (requires Windows 7, Windows Server 2008 R2, or above)
  • Private keys: pkcs12
  • Public keys: x509 certificates (der)
  • x509 certificates: der
  • x509 CRLs: none
xmlsec-mscng is the recommended version on Windows platform.
xmlsec-mscrypto Microsoft CryptogAPI: (MSCrypto) (requires Windows XP, Windows Server 2003, or above)
  • Private keys: pkcs12
  • Public keys: x509 certificates (der)
  • x509 certificates: der
  • x509 CRLs: none
In maintenance mode starting from xmlsec 1.3.0, April 2023.
xmlsec-gcrypt LibGCrypt 1.4.0 or above
  • Private keys: limited unencrypted keys (der)
  • Public keys: limited standalone keys (der)
  • x509 certificates: none
  • x509 CRLs: none
Limited functionality without built-in x509 certificates support in LibGCrypt. In maintenance mode starting from xmlsec 1.3.0, April 2023.

The XML Digital Signature Interoperability report and XML Encryption Interoperability report provide detailed information about the features supported by each library.

Installation (source archive)

All steps are usual:

gunzip -c xmlsec1-xxx.tar.gz | tar xvf -
cd xmlsec1-xxxx
./configure --help
./configure [possible options]
make
make install
make check

The last step is optional and requires Internet connection to execute some tests.