1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
|
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>XML Security Library</title>
<link rel="stylesheet" href="css/main.css">
</head>
<body><table width="100%" valign="top"><tr valign="top">
<td valign="top" align="left" width="210">
<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
<ul>
<li><a href="index.html">Home</a></li>
<li><a href="download.html">Download</a></li>
<ul><li><a href="https://github.com/lsh123/xmlsec">GitHub</a></li></ul>
<li><a href="news.html">News</a></li>
<li><a href="documentation.html">Documentation</a></li>
<ul>
<li><a href="faq.html">FAQ</a></li>
<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
<li><a href="api/xmlsec-reference.html">API reference</a></li>
<li><a href="api/xmlsec-examples.html">Examples</a></li>
</ul>
<li><a href="xmldsig.html">XML Digital Signature</a></li>
<li><a href="xmlenc.html">XML Encryption</a></li>
<li><a href="c14n.html">XML Canonicalization</a></li>
<li><a href="bugs.html">Reporting Bugs</a></li>
<li><a href="mailing-list.html">Mailing list</a></li>
<li><a href="related.html">Related</a></li>
<li><a href="authors.html">Authors</a></li>
</ul>
<table width="100%">
<tr>
<td width="15"></td>
<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
</tr>
<tr>
<td width="15"></td>
<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
</tr>
<tr>
<td width="15"></td>
<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
</tr>
<!--Links - start--><!--Links - end-->
</table>
</td>
<td valign="top"><table width="80%" valign="top" style="margin-left:10px;"><tr><td valign="top" align="left" id="xmlsecContent">
<div align="center">
<h1>XML Security Library</h1>
</div>
<p>
XML Security Library is a C library based on <a href="http://xmlsoft.org/">LibXML2</a>.
The library supports major XML security standards:
</p>
<ul>
<li><a href="xmldsig.html">XML Signature</a></li>
<li><a href="xmlenc.html">XML Encryption</a></li>
<li>
<a href="http://www.w3.org/TR/xml-c14n">Canonical XML</a> (part of the
<a href="http://xmlsoft.org">LibXML2</a>)</li>
<li>
<a href="http://www.w3.org/TR/xml-exc-c14n">Exclusive Canonical XML</a>
(part of the <a href="http://xmlsoft.org">LibXML2</a>)</li>
</ul>
<p>
XML Security Library is released under the
<a href="http://www.opensource.org/licenses/mit-license.html">MIT Licence</a>
see the Copyright file in the distribution for details.<br><br></p>
<p><b>News</b></p>
<ul>
<li>February 11, 2025<br>
The <a href="download.html">XML Security Library 1.3.7</a> release includes the following changes:
<ul>
<li>(xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.</li>
<li>(xmlsec-core) Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.</li>
<li>(xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).</li>
<li>(xmlsec-openssl) Fixed excess padding in ECDSA signature generation.</li>
<li>(xmlsec-openssl) Fixed build warnings for BoringSSL / AWS-LC.</li>
<li>(xmlsec-nss) Fixed certificates search in NSS DB.</li>
<li>(xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.</li>
<li>(xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".</li>
<li>Several other small fixes (see <a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
</ul>
</li>
<br>
<li>October 22, 2024<br>
The <a href="download.html">XML Security Library 1.3.6</a> release includes the following changes:
<ul>
<li>(xmlsec-openssl) Fixed build if OpenSSL 3.0 doesn't have engines support enabled.</li>
<li>(xmlsec-mscng, xmlsec-mscrypto) Added support for multiple trusted certs with the same subject.</li>
<li>(windows) Disabled iconv support by default (use 'iconv=yes' option for 'configure.js' to re-enable it).</li>
<li>Several other small fixes (see <a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
</ul>
</li>
<br>
<li>July 19, 2024<br>
The <a href="download.html">XML Security Library 1.3.5 and legacy 1.2.41</a> releases include the following changes:
<ul>
<li>(xmlsec-mscng,xmlsec-mscrypto) Improved certificates verification.</li>
<li>(xmlsec-gnutls) Added support for self-signed certificates.</li>
<li>(xmlsec-core) Fix deprecated functions in LibXML2 2.13.1 including disabling HTTP support
by default (use ''--enable-http' option to re-enable it).</li>
<li>Several other small fixes (see <a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
</ul>
</li>
<br>
<li>July 11, 2024<br>
The legacy <a href="https://www.aleksey.com/xmlsec/download/xmlsec1-1.2.40.tar.gz">XML Security Library 1.2.40</a> release includes the following changes:
<ul>
<li>(xmlsec-core) Fixed functions deprecated in LibXML2 2.13.1 (including disabling HTTP support by default).</li>
<li>(xmlsec-nss) Increased keys size in all tests to support NSS 3.101.</li>
<li>(windows) Added "ftp" and "http" flags in 'configure.js' (both are disabled by default).</li>
<li>Several other small fixes (<a href="https://github.com/lsh123/xmlsec/commits/xmlsec-1_2_x">more details</a>).</li>
</ul>
</li>
<br>
<li>April 9, 2024<br>
The <a href="download.html">XML Security Library 1.3.4</a> release includes the following changes:
<br>
<br>
<ul>
<li>(xmlsec-openssl) Support cert dates before unix epoch start.</li>
<li>(xmlsec-openssl) Fix build for LibreSSL or BoringSSL.</li>
<li>(xmlsec-nss) Ensure NSS algorithms are initialized.</li>
<li>Several other small fixes (see <a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
</ul>
</li>
<br>
<li>January 4, 2024<br>
The <a href="download.html">XML Security Library 1.3.3</a> release includes the following changes:
<br>
<br>
<ul>
<li>
(xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option
for the xmlsec command line utility or update the 'keyInfoCtx.enabledKeyData' parameter if you need to re-enable these nodes
(also see <a href="faq.html#section_3_5">question 3.5 in the FAQ</a>).
</li>
<li>(xmlsec-core) Removed '--enable-size-t' ('size_t' for MSVC builds) option and made 'xmlSecSize' to always be the same as 'size_t'.</li>
<li>(xmlsec-core) Removed previously deprecated functions, defines, etc.</li>
<li>(xmlsec-core) Fixed build for libxml2 v2.12.0.</li>
<li>
(xmlsec-openssl) Removed support for OpenSSL 1.1.0 (<a href="https://endoflife.date/openssl">end of life in Aug 2016</a>).
The minimum OpenSSL supported version is 1.1.1; the version 3.0.0 or greater is recommended.
</li>
<li>(xmlsec-nss) Added runtime check for the enabled algorithms in NSS.</li>
<li>(xmlsec-mscrypto) Removed NT4 support.</li>
<li>Several other small fixes (see <a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
</ul>
</li>
<br>
<li>December 12, 2023<br>
The legacy <a href="download/">XML Security Library 1.2.39</a> release includes the following changes:
<ul>
<li>Added options to enable/disable local files, HTTP, and FTP support. FTP is disabled by default.</li>
<li>Several other small fixes (<a href="https://github.com/lsh123/xmlsec/commits/xmlsec-1_2_x">more details</a>).</li>
</ul>
</li>
<br>
<li>October 31, 2023<br>
The <a href="download.html">XML Security Library 1.3.2</a> release includes the following changes:
<br>
<br>
<ul>
<li>(xmlsec-openssl) Fixed padding for GOST 2001 and 2012 signatures.</li>
<li>(xmlsec-nss) Added support for reading PEM certificates.</li>
<li>(xmlsec-nss) Added a check to ensure that the key certificate matches the key.</li>
<li>(xmlsec-nss) Added support for xmlsec command line tool '--verify-keys' option.</li>
<li>(xmlsec-gnutls) Added support for GOST R 34.11-94, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit digest algorithms.</li>
<li>(xmlsec-gnutls) Added support for GOST R 34.10-2001, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit signature algorithms.</li>
<li>(xmlsec-gnutls) Added support for xmlsec command line tool '--verify-keys' option.</li>
<li>(xmlsec-gnutls) Added check to ensure that the key certificat matches the key.</li>
<li>(xmlsec-mscng) Added support for xmlsec command line tool '--verify-keys' option.</li>
<li>(xmlsec-mscng) Replaced windows.h includes with wincrypt.h includes where possible.</li>
<li>(xmlsec-mscrypto) Replaced windows.h includes with wincrypt.h includes where possible.</li>
<li>(xmlsec command line tool) Added '--base64-line-size' option to control the base64 encoding line size.</li>
<li>(MSVC build) Added 'ftp' and 'http' options to control FTP and HTTP support. FTP support is disabled by default.</li>
<li>(MinGW build) The xmlsec-mscrypto is moved down in the default crypto library selection list as it is now
in maintanance mode (use '--with-default-crypto' option to force the selection).
</li>
<li>(MinGW build) Fixed the static libraries build with "--enable-static-linking" option.</li>
<li>Several other small fixes (see <a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
</ul>
</li>
<br>
<li>July 5, 2023<br>
The legacy <a href="download/">XML Security Library 1.2.38</a> release includes the following changes:
<br>
<br>
<ul>
<li>Fixed static linking with MinGW.</li>
<li>(xmlsec-mscng) Fixed block ciphers key size.</li>
<li>Several other small fixes (<a href="https://github.com/lsh123/xmlsec/commits/xmlsec-1_2_x">more details</a>).</li>
</ul>
</li>
<br>
<li>June 6, 2023<br>
The <a href="download.html">XML Security Library 1.3.1</a> release includes the following changes:
<br>
<br>
<ul>
<li>Added "--with-libltdl" option for ./configure to allow custom libltdl installations and deprecated "--enable-crypto-dl" option.</li>
<li>Added support for cclang compiler on non-MacOSX platforms.</li>
<li>(xmlsec-openssl) Restored support for LibreSSL and bumped minimum required version to 3.5.0.</li>
<li>(xmlsec-nss) Restored minimum supported NSS version to 3.35.</li>
<li>Several other small fixes (<a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
</ul>
</li>
<br>
<li>
April 12, 2023<br>
The <a href="download.html">XML Security Library 1.3.0</a> release includes the following changes:
<br>
<br>
<ul>
<li>
<b>core xmlsec and all xmlsec-crypto libraries:</b>
<ul>
<li>(<b>ABI breaking change</b>) Added support for the <a href="https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfoReference">KeyInfoReference Element</a>.</li>
<li>(<b>ABI breaking change</b>) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to
restore the old behaviour (note that support for xmlSecSize being different from size_t will be removed in the future).</li>
<li>(<b>API breaking change</b>) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode,
set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
</li>
<li>(<b>API breaking change</b>) The KeyName element content is now trimmed before key search is performed.</li>
<li>(<b>API breaking change</b>) Disabled FTP support by default. Use "--enable-ftp" configure option to restore it. Also added
"--enable-http" and "--enable-files" configure options to control support for loading files over HTTP or locally.</li>
<li>(<b>API/ABI breaking change</b>) Disabled MD5 digest method by default. Use "--enable-md5" configure options ("legacy-crypto" option on Windows) to re-enable MD5.</li>
<li>(<b>ABI breaking change</b>) Added "failureReason" file to xmlSecDSigCtx and xmlEncCtx to provide more granular operation failure reason.</li>
<li>(<b>ABI breaking change</b>) Removed deprecated functions.</li>
<li>Added support for loading keys through <a href="https://www.openssl.org/docs/man3.0/man7/ossl_store.html">ossl-store</a> interface (e.g.
for using keys from an HSM). Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' command line options for XMLSec utility.</li>
<li>Added ability to control transforms binary chunk size to improve performance (see '--transform-binary-chunk-size' command line option for XMLSec utility).</li>
<li>Fixed all potentially unsafe integer conversions and all the other warnings.</li>
<li>Added <a href="https://www.w3.org/TR/2012/NOTE-xmldsig-core1-interop-20121113/">XML Signature 1.1 interop (2012)</a>
and <a href="https://www.w3.org/TR/2012/NOTE-xmlenc-core1-interop-20121113/">XML Encryption 1.1 interop (2012)</a> tests.
</li>
</ul>
</li>
<li>
<b>xmlsec-openssl library:</b>
<ul>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#name-sha-3-algorithms">SHA3 digests</a>.</li>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#name-ecdsa-sha-ecdsa-ripemd160-e">ECDSA-SHA3 signatures</a>.</li>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#section-2.3.10">RSA PSS signatures (withtout parameters)</a>.</li>
<li>
Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-ConcatKDF">ConcatKDF key</a> and
<a href="https://www.w3.org/TR/xmlenc-core1/#sec-PBKDF2">PBKDF2</a> derivation algorithms.
</li>
<li>(<b>ABI breaking change</b>) Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES">ECDH-ES Key Agreement algorithm</a>.</li>
<li>(<b>ABI breaking change</b>) Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-DHKeyAgreementExplicitKDF">DH-ES Key Agreement algorithm</a> with explicit KDF.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP">MGF1 algorithm to RSA OAEP key transport</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-X509Data">X509Digest</a> element and ability to lookup keys using other X509Data elements.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-DEREncodedKeyValue">DEREncodedKeyValue</a> element.</li>
<li>Automatically set key name from PKCS12 key name.</li>
<li>Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0.</li>
</ul>
</li>
<li>
<b>xmlsec-nss library:</b>
<ul>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#section-2.3.10">RSA PSS signatures (withtout parameters)</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP">RSA OAEP key transport including MGF1 algorithms</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM">AES GCM ciphers</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-PBKDF2">PBKDF2</a> derivation algorithm.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-X509Data">X509Digest</a> element and ability to lookup keys using other X509Data elements.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-DEREncodedKeyValue">DEREncodedKeyValue</a> element.</li>
<li>Automatically set key name from PKCS12 key name.</li>
</ul>
</li>
<li>
<b>xmlsec-gnutls library:</b>
<ul>
<li>(<b>API/ABI breaking change</b>) Removed dependency on xmlsec-gcrypt and libgcrypt libraries (including API functions) to enable support for different GnuTLS backends.</li>
<li>Bumped minimal GnuTLS version to 3.6.13.</li>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#name-sha-3-algorithms">SHA3 digests</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-ECDSA">ECDSA signatures</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP">DSA-SHA256 signatures</a>.</li>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#section-2.3.10">RSA PSS signatures (withtout parameters)</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-RSA-1_5">RSA PKCS 1.5 key transport</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM">AES GCM ciphers</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-PBKDF2">PBKDF2</a> derivation algorithm.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-X509Data">X509Digest</a> element and ability to lookup keys using other X509Data elements.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-DEREncodedKeyValue">DEREncodedKeyValue</a> element.</li>
<li>Automatically set key name from PKCS12 key name.</li>
</ul>
</li>
<li>
<b>xmlsec-mscng library:</b>
<ul>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#section-2.3.10">RSA PSS signatures (withtout parameters)</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP">MGF1 algorithm to RSA OAEP key transport</a>.</li>
<li>(<b>ABI breaking change</b>) Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES">ECDH-ES Key Agreement algorithm</a>.</li>
<li>
Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-ConcatKDF">ConcatKDF key</a> and
<a href="https://www.w3.org/TR/xmlenc-core1/#sec-PBKDF2">PBKDF2</a> derivation algorithms.
</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-X509Data">X509Digest</a> element for keys and certificates lookup from the system stores (only SHA1 is supported).</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-DEREncodedKeyValue">DEREncodedKeyValue</a> element.</li>
<li>Automatically set key name from PKCS12 key name.</li>
</ul>
</li>
<li>
<b>xmlsec-mscrypto library:</b>
<ul>
<li>In maintenance mode starting from this release.</li>
<li>Disabled by default support for NT4. Use "nt4=yes" configure option on Windows to re-enable it.</li>
</ul>
</li>
<li>
<b>xmlsec-gcrypt library:</b>
<ul>
<li>In maintenance mode starting from this release.</li>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#name-sha-3-algorithms">SHA3 digests</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-ECDSA">ECDSA signatures</a>.</li>
<li>Added support for <a href="https://www.ietf.org/rfc/rfc9231.html#section-2.3.10">RSA PSS signatures (withtout parameters)</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-RSA-1_5">RSA PKCS 1.5 key transport</a>.</li>
<li>Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP">RSA OAEP key transport including MGF1 algorithms</a>.</li>
</ul>
</li>
<li>
<b>xmlsec command line utility:</b>
<ul>
<li>(<b>API breaking change</b>) The XMLSec command line utility is using 'strict' key search mode by default. To restore the old 'lax'
key search mode, use the new '--lax-key-search' option.</li>
<li>(<b>API breaking change</b>) The XMLSec command line utility is no longer prints detailed errors by default. To restore the detailed
errors, use the new '--verbose' option.</li>
<li>Added '--transform-binary-chunk-size' option to control transforms binary chunk size (increasing the chunk size should improve performance
at the expense of memory usage.
</li>
<li>Added support for loading keys through <a href="https://www.openssl.org/docs/man3.0/man7/ossl_store.html">ossl-store</a> interface (e.g.
for using keys from an HSM). Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' command line options for XMLSec utility.</li>
<li>Added '--enabled-key-info-reference-uris' option to control processing of the
the <a href="https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfoReference">KeyInfoReference Element</a>.
</li>
<li>Added '--pbkdf2-key' option for loading PBKDF2 keys.</li>
<li>Added '--concatkdf-key' option for loading ConcatKDF keys.</li>
<li>Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.</li>
<li>Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.</li>
<li>Added '--crl-pem' and '--crl-der' options to load CRLs.</li>
<li>Added '--verify-keys' option to verify key's certificate before loading into Keys Manager (only supported for OpenSSL currently).</li>
<li>Enabled templatized output filenames to facilitate batch operations on multiple input files.</li>
</ul>
</li>
</ul>
<p>Detailed information about supported algorithms can be found here: <a href="xmldsig.html">XMLDsig</a> and <a href="xmlenc.html">XMLEnc</a>
interoperability reports.</p>
</li>
<br>
</ul>
<br><br><a href="news.html">News page</a>
</td></tr></table></td>
</tr></table></body>
</html>
|
