PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Is there a plan to support PKCS#1, PKCS#7, PKCS#12 ?


Oct 23, 2012 02:32
moonfruit

In my project, I must sign a digital signature and verify another.
And, I don't want to use openssl to do this, so I found this - polarssl.
But now, there is no interface to do what I want.
So Is there a plan to support PKCS#1, PKCS#7, PKCS#12?

PKCS#1 - sign/verify interface.
PKCS#7 - sign/verify interface.
PKCS#12 - pfx file parser.
 
Oct 24, 2012 15:17
Paul Bakker

PKCS#1 is covered in RSA and give you both sign and verify functions with PKCS1 formatting.

PKCS#7 and PKCS#12 are not supported at the moment.
 
Sep 20, 2013 18:30
wheelz

Is PKCS#12 supported in 1.28 or 1.30?

 
Sep 23, 2013 13:21
Paul Bakker

PKCS#12 will be added in 1.3.1 or 1.3.2.

 
Nov 13, 2013 17:23
Scott Porter

Has PKCS12 file support been added? If not, is there an ETA for it?

Please forgive me if I missed it, but I was looking through the release notes and commit history for 1.3.2 and 1.3.1 and did not see any updates. Thank you.

 
Nov 19, 2013 10:53
Paul Bakker

You are correct. It's not in there and we did promise earlier.

PKCS#12 really is a hell of a 'standard'. It's not pretty and it's ambiguous. And most software that generates PKCS#12 files use insecure ciphers (RC2 / single-DES).

We do understand the need for it from some people and we also don't want to include inherently insecure code. So we kind of a have mixed feelings here.

We have an initial implementation in an internal draft branch. We intend to finish it up and include it in a future release. We do want to do it right and allow secure-only-use-by-default and insecure-use-by-explicit-activation. At this point I cannot predict / promise a release date.

 
Mar 5, 2014 20:22
Scott Porter

Any update as to when this feature will be released?

 
Mar 14, 2014 16:05
Paul Bakker

Hi Scott,

Not yet. We are currently busy with some other big features that we feel have a higher priority. Based on current planning, the earliest we will start working on PKCS#12 will be June / July of this year.

 
Sep 25, 2017 15:48
Larry Harmon

Any update on PKCS#7 parsing?

 
Nov 8, 2017 14:44
Ron Eldor

Hi Larry,
Unfortunately, there is no update on this feature.
Regards,
Mbed TLS Team member
Ron

 
Nov 22, 2017 02:50
ming

Has PKCS12 file support been added?

 
Nov 22, 2017 16:20
Ron Eldor

HI ming,
Unfortunately, no update on this feature as well. Mbed TLS does support partial PKCS12, as mentioned in this post in pkcs12.c.
Regards,
Mbed TLS Team member
Ron