$ make KEYSTORE=~/Desktop/keystore.p12 KEYPASSWORD=*** keyInfoKeyName=AlphaWallet EntryToken.tsml
@colourful-land the above flags should be sufficient
xmlsectool --sign --keyInfoKeyName --digest SHA-256 --signatureAlgorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 --inFile EntryToken.canonicalized.xml --outFile EntryToken.tsml --keystore /Desktop/keystore.p12 --keystoreType PKCS12 --key 1 --keyPassword ***make KEYSTORE=/Desktop/keystore.p12 KEYPASSWORD=*** keyInfoKeyName=AlphaWallet EntryToken.tsml
xmlsectool --sign --keyInfoKeyName --digest SHA-256 --signatureAlgorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 --inFile EntryToken.canonicalized.xml --outFile EntryToken.tsml --keystore ~/Desktop/keystore.p12 --keystoreType PKCS12 --key 1 --keyPassword *** --signaturePosition LAST
Was passed main parameter 'SHA-256' but no main parameter was defined
XML Security Tool
Provides a command line interface for schema validating, signing, and signature validating an XML file.
==== Command Line Options ====
--help Prints this help information
Action Options - 'sign' and 'verifySignature' are mutually exclusive. At least one option is required.
--validateSchema Schema validate the document.
--sign Sign the XML document.
--verifySignature Check the signature on a signed document.
Data Input Options - 'inFile' and 'inUrl' are mutually exclusive, one is required.
--inFile Specifies the file from which the XML document will be read.
--inUrl Specifies the URL from which the XML document will be read. HTTPS certificates are not validated.
--base64DecodeInput Base64 decodes input. Useful when reading in data produced with the base64EncodeOutput option
--inflateInput Inflates a file created with the "deflate" compression algorithm. This property is ignored if inUrl is used. Instead the returned headers determine if content was deflated
--gunzipInput Inflates a file created with the "gzip" compression algorithm. This property is ignored if inUrl is used. Instead the returned headers determine if content was gzip'ed
--httpProxy HTTP proxy address used when fetching URL-based input files.
--httpProxyPort HTTP proxy port. (default: 80)
--httpProxyUsername Username used to authenticate to the HTTP proxy.
--httpProxyPassword Password used to authenticate to the HTTP proxy.
Schema Validation Option - 'xsd' (default) and 'relaxng' are mutually exclusive option.
--schemaDirectory Specifies a schema file or directory of schema files. Subdirectories are also read.
--xsd Indicates schema files are W3 XML Schema 1.0 files (.xsd).
--relaxng Indicates schema files are OASIS RELAX NG files (.rng).
Signature Creation Options
--referenceIdAttributeName Specifies the name of the attribute on the document element whose value is used as the URI reference of the signature. If omitted, a null reference URI is used.
--signaturePosition Specifies, by 1-based index, which element to place the signature BEFORE. 'FIRST' may be used to indicate that the signature goes BEFORE the first element. 'LAST' may be used to indicate that the signature goes AFTER the last element. (default value: FIRST)
--digest Specifies the name of the digest algorithm to use: SHA-1, SHA-256 (default), SHA-384, SHA-512. For RSA and EC credentials, dictates both the digest and signature algorithms.
--digestAlgorithm Specifies the URI of the digest algorithm to use; overrides --digest.
--signatureAlgorithm Specifies the URI of the signature algorithm to use; overrides --digest.
--keyInfoKeyName Specifies a key name to be included in the key info. Option may be used more than once.
--keyInfoCRL Specifies a file path for a CRL to be included in the key info. Option may be used more than once.
PEM/DER Encoded Certificate/Key Options - these options are mutually exclusive with the Keystore and PKCS#11 options. The 'certificate' option is required for signature verification. The 'certificate' and 'key' options are required for signing.
--certificate Specifies the file from which the signing, or validation, certificate is read.
--key Specifies the file from which the signing key is read.
--keyPassword Specifies the password for the signing key.
Keystore Certificate/Key Options - these options are mutually exclusive with the PEM/DER and PKCS#11 options. Options 'keystore', 'key', and 'keyPassword' are required.
--keystore Specifies the keystore file.
--keystorePassword Specifies the password for the keystore. If not provided then the key password is used.
--keystoreType Specifies the type of the keystore.
--keystoreProvider Specifies the keystore provider class to use instead of the default one for the JVM.
--key Specifies the key alias for the signing key is read.
--keyPassword Specifies the password for the signing key. Keystore password used if none is given.
PKCS#11 Device Certificate/Key Options - these options are mutually exclusive with the PEM/DER and Keystore options. Options 'pkcs11Config' and 'key' are required. Option 'keyPassword' required when signing and, with some PKCS#11 devices, during signature verification.
--pkcs11Config The PKCS#11 token configuration file.
--key Specifies the key alias for the signing key is read.
--keyPassword Specifies the pin for the signing key.
--keystoreProvider The fully qualified class name of the PKCS#11 keystore provider implementation. (e.g., sun.security.pkcs11.SunPKCS11)
Signature verification algorithm blacklist options:
--clearBlacklist Clear the algorithm blacklist.
--blacklistDigest Blacklist a digest by name (e.g., "SHA-1"). Can be used any number of times.
--whitelistDigest Whitelist a digest by name (e.g., "SHA-1"). Can be used any number of times.
--listBlacklist List the contents of the algorithm blacklist.
Data Output Options - Option 'outFile' is required.
--outFile Specifies the file to which the signed XML document will be written.
--base64EncodeOutput Base64 encode the output. Ensures signed content isn't corrupted.
--deflateOutput Deflate compresses the output.
--gzipOutput GZip compresses the output.
Logging Options - these options are mutually exclusive
--verbose Turn on verbose messages.
--quiet Do not write any messages to STDERR or STDOUT.
--logConfig Specifies a logback configuration file to use to configure logging.
make: *** [EntryToken.tsml] Error 1
--signaturePosition LAST
Was passed main parameter 'SHA-256' but no main parameter was defined
XML Security Tool
Provides a command line interface for schema validating, signing, and signature validating an XML file.
==== Command Line Options ====
--help Prints this help information
Action Options - 'sign' and 'verifySignature' are mutually exclusive. At least one option is required.
--validateSchema Schema validate the document.
--sign Sign the XML document.
--verifySignature Check the signature on a signed document.
Data Input Options - 'inFile' and 'inUrl' are mutually exclusive, one is required.
--inFile Specifies the file from which the XML document will be read.
--inUrl Specifies the URL from which the XML document will be read. HTTPS certificates are not validated.
--base64DecodeInput Base64 decodes input. Useful when reading in data produced with the base64EncodeOutput option
--inflateInput Inflates a file created with the "deflate" compression algorithm. This property is ignored if inUrl is used. Instead the returned headers determine if content was deflated
--gunzipInput Inflates a file created with the "gzip" compression algorithm. This property is ignored if inUrl is used. Instead the returned headers determine if content was gzip'ed
--httpProxy HTTP proxy address used when fetching URL-based input files.
--httpProxyPort HTTP proxy port. (default: 80)
--httpProxyUsername Username used to authenticate to the HTTP proxy.
--httpProxyPassword Password used to authenticate to the HTTP proxy.
Schema Validation Option - 'xsd' (default) and 'relaxng' are mutually exclusive option.
--schemaDirectory Specifies a schema file or directory of schema files. Subdirectories are also read.
--xsd Indicates schema files are W3 XML Schema 1.0 files (.xsd).
--relaxng Indicates schema files are OASIS RELAX NG files (.rng).
Signature Creation Options
--referenceIdAttributeName Specifies the name of the attribute on the document element whose value is used as the URI reference of the signature. If omitted, a null reference URI is used.
--signaturePosition Specifies, by 1-based index, which element to place the signature BEFORE. 'FIRST' may be used to indicate that the signature goes BEFORE the first element. 'LAST' may be used to indicate that the signature goes AFTER the last element. (default value: FIRST)
--digest Specifies the name of the digest algorithm to use: SHA-1, SHA-256 (default), SHA-384, SHA-512. For RSA and EC credentials, dictates both the digest and signature algorithms.
--digestAlgorithm Specifies the URI of the digest algorithm to use; overrides --digest.
--signatureAlgorithm Specifies the URI of the signature algorithm to use; overrides --digest.
--keyInfoKeyName Specifies a key name to be included in the key info. Option may be used more than once.
--keyInfoCRL Specifies a file path for a CRL to be included in the key info. Option may be used more than once.
PEM/DER Encoded Certificate/Key Options - these options are mutually exclusive with the Keystore and PKCS#11 options. The 'certificate' option is required for signature verification. The 'certificate' and 'key' options are required for signing.
--certificate Specifies the file from which the signing, or validation, certificate is read.
--key Specifies the file from which the signing key is read.
--keyPassword Specifies the password for the signing key.
Keystore Certificate/Key Options - these options are mutually exclusive with the PEM/DER and PKCS#11 options. Options 'keystore', 'key', and 'keyPassword' are required.
--keystore Specifies the keystore file.
--keystorePassword Specifies the password for the keystore. If not provided then the key password is used.
--keystoreType Specifies the type of the keystore.
--keystoreProvider Specifies the keystore provider class to use instead of the default one for the JVM.
--key Specifies the key alias for the signing key is read.
--keyPassword Specifies the password for the signing key. Keystore password used if none is given.
PKCS#11 Device Certificate/Key Options - these options are mutually exclusive with the PEM/DER and Keystore options. Options 'pkcs11Config' and 'key' are required. Option 'keyPassword' required when signing and, with some PKCS#11 devices, during signature verification.
--pkcs11Config The PKCS#11 token configuration file.
--key Specifies the key alias for the signing key is read.
--keyPassword Specifies the pin for the signing key.
--keystoreProvider The fully qualified class name of the PKCS#11 keystore provider implementation. (e.g., sun.security.pkcs11.SunPKCS11)
Signature verification algorithm blacklist options:
--clearBlacklist Clear the algorithm blacklist.
--blacklistDigest Blacklist a digest by name (e.g., "SHA-1"). Can be used any number of times.
--whitelistDigest Whitelist a digest by name (e.g., "SHA-1"). Can be used any number of times.
--listBlacklist List the contents of the algorithm blacklist.
Data Output Options - Option 'outFile' is required.
--outFile Specifies the file to which the signed XML document will be written.
--base64EncodeOutput Base64 encode the output. Ensures signed content isn't corrupted.
--deflateOutput Deflate compresses the output.
--gzipOutput GZip compresses the output.
Logging Options - these options are mutually exclusive
--verbose Turn on verbose messages.
--quiet Do not write any messages to STDERR or STDOUT.
--logConfig Specifies a logback configuration file to use to configure logging.
make: *** [EntryToken.tsml] Error 1