Provided by: xml-security-c-utils_2.0.4-2build2_amd64 bug

NAME
       xmlsec-cipher - Perform basic encryption and decryption of XML documents


SYNOPSIS
       xmlsec-cipher [-i] ([-d] | -de | -ef | -ex) [-x]
           [-o output] -k [kek] (filename [password] | key-string)
           input


DESCRIPTION
       xmlsec-cipher encrypts or decrypts an XML document following the XML Digital Signature and Encryption
       specifications using the Apache XML Security for C++ library.  The default action is to decrypt the input
       file.  Other operations can be selected with the -de, -ef, or -ex options.  The result of the operation,
       whether encryption or decryption, will be printed to standard output.


OPTIONS
       Note that each option must be given as a separate argument.

       --decrypt, -d
           Reads  in the input file as an XML file, searches for an EncryptedData node, and decrypts the output,
           printing it to standard output.  This is the default operation and does not need to be specified.

       --decrypt-element, -de
           Reads in the input file as an XML file and prints it out with the fist encrypted element decrypted.

       --encrypt-file, -ef
           Reads the input file as raw data and creates an XML EncryptedData document as output, containing  the
           encrypted version of that input data.

       --encrypt-xml, -ex
           Parse  the  input  file  as  XML, find the document element, and encrypt the document, outputting the
           result as an XML EncryptedData document.

       (--key | -k) [kek] type filename [password]
       (--key | -k) [kek] type key-string
           Specifies the key to use for encryption or decryption.

           If the first argument following the --key or -k  option  is  the  string  "kek",  the  following  key
           argument will be used as a Key EncryptionKey.

           type  specifies  the  key  type  and  must  be  one of X509, RSA, AES128, AES192, AES256, AES128-GCM,
           AES192-GCM, AES256-GCM, or 3DES.

           The remaining arguments depend on the key type.  For X509, only a filename  may  be  given  and  must
           contain an RSA KEK certificate.  For RSA, a filename and password may specify an RSA private key file
           and  its  password (this must be a KEK).  For the other key types, the last argument is the string to
           use as the key.

       --xkms, -x
           The key specified after this argument on the command  line  is  interpreted  as  an  XKMS  RSAKeyPair
           encryption key.

       --interop, -i
           Use hte interop resolver for Baltimore interop examples.

       --out-file file, -o file
           Rather than printing the result to standard output, write it to the specified file.


RETURN STATUS
       xmlsec-cipher  exits  with  status  0  if  the encryption or decryption operation was successful and with
       status 1 if it failed.  If it cannot process the input file for some reason, it exits with status 2.


AUTHOR
       This manual page was written by Russ Allbery for Debian.


MANUAL LICENSE
       The authors hereby relinquish any claim to any copyright that they may have in this work, whether granted
       under contract or by operation of law or international treaty, and hereby commit to the public, at large,
       that they shall not, at any time in the future, seek to enforce any copyright in this  work  against  any
       person  or  entity,  or  prevent  any person or entity from copying, publishing, distributing or creating
       derivative works of this work.

2.0.4                                              2024-04-01                                 xsec-cipher.pod(1)