Sign and verify XML digital signatures from the command-line

Save time and run batch tasks for digital signatures and sign or verify any number of XML documents using the command line tool. The name of the executable is "valbuddy.exe" and it is located in the standard installation folder of XML ValidatorBuddy.

This page shows how to create the configuration files to sign and verify XML documents from the command line.

Using a certificate to sign XML documents

The following sample shows how to create a configuration file to sign all XML documents located in the folder "D:\Documents\xml\Sample Projects" The batch task will also scan any sub-folders (attribute subfolders="true" of the folder_settings elements). Use the type attribute of the "batch_unit" element and set the value to "dsigsign" to run the task to sign XML.

A certificate is set by its name. You need to set this name in the XML ValidatorBuddy desktop application. Please find more information on how to set the friendly name of a certificate at the help page. Just add the certificate to the XML ValidatorBuddy desktop application using the Options dialog and specify a name for it.

<?xml version="1.0" encoding="UTF-8"?>
<batch_settings>
    <batch_units>
        <log_document path="D:\Documents\xml\sign_sampleprojects_log.xml"/>
        <options notify_finish="false" omit_results="false" omit_time="false" run_as_test="false" save_logdoc="true" timeout="-1" use_xmldate_format="true"/>
        <batch_unit output_folder="D:\Documents\xml\Sample Projects signed" overwrite="true" type="dsigsign">
            <folder_settings folder="D:\Documents\xml\Sample Projects" subfolders="true"/>
            <file_extensions>
                <extension>xml</extension>
            </file_extensions>
            <parameters
                add_keyinfo="true" add_keyname="false" add_x509data="true"
                canonicalization="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
                certificate_name="xmlbuddy" output_postfix="_signed" sign="all" signature_type="enveloped">
                <transformations/>
            </parameters>
        </batch_unit>
    </batch_units>
</batch_settings>
            

The example above is using the "xmlbuddy" test certificate specified by the following attribute: certificate_name="xmlbuddy" at the parameters element. During the batch task a log document is created at D:\Documents\xml\sign_sampleprojects_log.xml. This log contains the results for all documents from the source folder.

Use the file_extensions element to set a list of file extensions which should be included on signing the XML documents.

Verify XML documents using a certificate

To run a verify operation on a complete folder the configuration XML would look like this:
<?xml version="1.0" encoding="UTF-8"?>
<batch_settings>
    <batch_units>
        <log_document path="D:\Documents\xml\verify_sampleprojects_log.xml"/>
        <options notify_finish="false" omit_results="false" omit_time="false" run_as_test="false" save_logdoc="true" timeout="-1" use_xmldate_format="true"/>
        <batch_unit type="dsigverify">
            <folder_settings folder="D:\Documents\xml\Sample Projects signed" subfolders="true"/>
            <file_extensions>
                <extension>xml</extension>
            </file_extensions>
            <parameters certificate_name="xmlbuddy"/>
        </batch_unit>
    </batch_units>
</batch_settings>

Set the value of the type attribute at the "batch_unit" element to "dsigverify" to run the task to verify the signatures of the XML documents. Again set the certificate to "xmlbuddy" using the certificate_name attribute at the parameters element.

Use the folder_settings element and the folder attribute to set the path to the XML documents to verify.

Copyright © 2017, xml-buddy.com, Vienna