OnWorks favicon

xsec-cipher - Online in the Cloud

Run xsec-cipher in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command xsec-cipher that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator



xmlsec-cipher - Perform basic encryption and decryption of XML documents


xmlsec-cipher [-i] ([-d] | -de | -ef | -ex) [-x]
[-o output] -k [kek] (filename [password] | key-string)


xmlsec-cipher encrypts or decrypts an XML document following the XML Digital Signature and
Encryption specifications using the Apache XML Security for C++ library. The default
action is to decrypt the input file. Other operations can be selected with the -de, -ef,
or -ex options. The result of the operation, whether encryption or decryption, will be
printed to standard output.


Note that each option must be given as a separate argument.

--decrypt, -d
Reads in the input file as an XML file, searches for an EncryptedData node, and
decrypts the output, printing it to standard output. This is the default operation
and does not need to be specified.

--decrypt-element, -de
Reads in the input file as an XML file and prints it out with the fist encrypted
element decrypted.

--encrypt-file, -ef
Reads the input file as raw data and creates an XML EncryptedData document as output,
containing the encrypted version of that input data.

--encrypt-xml, -ex
Parse the input file as XML, find the document element, and encrypt the document,
outputting the result as an XML EncryptedData document.

(--key | -k) [kek] type filename [password]
(--key | -k) [kek] type key-string
Specifies the key to use for encryption or decryption.

If the first argument following the --key or -k option is the string "kek", the
following key argument will be used as a Key EncryptionKey.

type specifies the key type and must be one of X509, RSA, AES128, AES192, AES256,
AES128-GCM, AES192-GCM, AES256-GCM, or 3DES.

The remaining arguments depend on the key type. For X509, only a filename may be
given and must contain an RSA KEK certificate. For RSA, a filename and password may
specify an RSA private key file and its password (this must be a KEK). For the other
key types, the last argument is the string to use as the key.

--xkms, -x
The key specified after this argument on the command line is interpreted as an XKMS
RSAKeyPair encryption key.

--interop, -i
Use hte interop resolver for Baltimore interop examples.

--out-file file, -o file
Rather than printing the result to standard output, write it to the specified file.


xmlsec-cipher exits with status 0 if the encryption or decryption operation was successful
and with status 1 if it failed. If it cannot process the input file for some reason, it
exits with status 2.

Use xsec-cipher online using onworks.net services

Free Servers & Workstations

Download Windows & Linux apps

Linux commands