XML Security Library
LibXML2
LibXSLT
OpenSSL

Download

Stable releases

The latest stable XML Security Library version is 1.3.3:

The previous releases are also available.

The releases signature key fingerprint is: 00FD D6A7 DFB8 1C88 F34B 9BF0 E63E CDEF 9E1D 829E (how to verify release tarball signature).

Source code on GitHub

XML Security Library source code is available on GitHub.

Requirements

The XML Security Library requires LibXML library, LibXSLT library (optional) and one of the following cryptographic libraries:

XMLSec library Cryptographic library Supported formats Notes
xmlsec-openssl
  • Private keys: pkcs12, pkcs8 (pem/der), unencrypted keys (pem/der)
  • Public keys: x509 certificates (pem/der), standalone keys (pem/der)
  • x509 certificates: pem/der
  • x509 CRLs: pem/der
  • xmlsec-openssl with OpenSSL 3.0.0 or greater is recommended (supports all REQUIRED and all RECOMMENDED XML Digital Signature 1.1 and XML Encryption 1.1 algorithms).
  • BoringSSL API is unstable and the latest versions might not work with XMLSec Library.
xmlsec-gnutls GnuTLS 3.6.13 or above
  • Private keys: pkcs12, pkcs8 (pem/der), unencrypted keys (pem/der)
  • Public keys: x509 certificates (pem/der), standalone keys (pem/der)
Supports multiple cryptographic backends, the exact features set for xmlsec-gnutls depends on the backend in use.
xmlsec-nss NSS (Mozilla cryptographic library) 3.35 or above
  • Private keys: pkcs12
  • Public keys: x509 certificates (pem/der), standalone keys (der)
  • x509 certificates: pem/der
  • x509 CRLs: der
Requires NSPR 4.25.0 or above
xmlsec-mscng Microsoft Cryptography API: Next Generation (requires Windows 7, Windows Server 2008 R2, or above)
  • Private keys: pkcs12
  • Public keys: x509 certificates (der)
  • x509 certificates: der
  • x509 CRLs: none
xmlsec-mscng is the recommended version on Windows platform.
xmlsec-mscrypto Microsoft CryptogAPI: (MSCrypto) (requires Windows XP, Windows Server 2003, or above)
  • Private keys: pkcs12
  • Public keys: x509 certificates (der)
  • x509 certificates: der
  • x509 CRLs: none
In maintenance mode starting from xmlsec 1.3.0, April 2023.
xmlsec-gcrypt LibGCrypt 1.4.0 or above
  • Private keys: limited unencrypted keys (der)
  • Public keys: limited standalone keys (der)
  • x509 certificates: none
  • x509 CRLs: none
Limited functionality without built-in x509 certificates support in LibGCrypt. In maintenance mode starting from xmlsec 1.3.0, April 2023.

The XML Digital Signature Interoperability report and XML Encryption Interoperability report provide detailed information about the features supported by each library.

Build and install

All steps are the usual Unix/Linux build steps (see readme file in xmlsec-<version>/win32 folder for Windows instructions):

gunzip -c xmlsec-<version>.tar.gz | tar xvf -
cd xmlsec-<version>
mkdir build
cd build
../configure --help
../configure [configure options]
make
make check
make install