Mbed TLS is now part of TrustedFirmware.org.

Is there a plan to support PKCS#1, PKCS#7, PKCS#12 ?

Oct 23, 2012 02:32

In my project, I must sign a digital signature and verify another.
And, I don't want to use openssl to do this, so I found this - polarssl.
But now, there is no interface to do what I want.
So Is there a plan to support PKCS#1, PKCS#7, PKCS#12?

PKCS#1 - sign/verify interface.
PKCS#7 - sign/verify interface.
PKCS#12 - pfx file parser.
Oct 24, 2012 15:17
Paul Bakker

PKCS#1 is covered in RSA and give you both sign and verify functions with PKCS1 formatting.

PKCS#7 and PKCS#12 are not supported at the moment.
Sep 20, 2013 18:30

Is PKCS#12 supported in 1.28 or 1.30?

Sep 23, 2013 13:21
Paul Bakker

PKCS#12 will be added in 1.3.1 or 1.3.2.

Nov 13, 2013 17:23
Scott Porter

Has PKCS12 file support been added? If not, is there an ETA for it?

Please forgive me if I missed it, but I was looking through the release notes and commit history for 1.3.2 and 1.3.1 and did not see any updates. Thank you.

Nov 19, 2013 10:53
Paul Bakker

You are correct. It's not in there and we did promise earlier.

PKCS#12 really is a hell of a 'standard'. It's not pretty and it's ambiguous. And most software that generates PKCS#12 files use insecure ciphers (RC2 / single-DES).

We do understand the need for it from some people and we also don't want to include inherently insecure code. So we kind of a have mixed feelings here.

We have an initial implementation in an internal draft branch. We intend to finish it up and include it in a future release. We do want to do it right and allow secure-only-use-by-default and insecure-use-by-explicit-activation. At this point I cannot predict / promise a release date.

Mar 5, 2014 20:22
Scott Porter

Any update as to when this feature will be released?

Mar 14, 2014 16:05
Paul Bakker

Hi Scott,

Not yet. We are currently busy with some other big features that we feel have a higher priority. Based on current planning, the earliest we will start working on PKCS#12 will be June / July of this year.

Sep 25, 2017 15:48
Larry Harmon

Any update on PKCS#7 parsing?

Nov 8, 2017 14:44
Ron Eldor

Hi Larry,
Unfortunately, there is no update on this feature.
Mbed TLS Team member

Nov 22, 2017 02:50

Has PKCS12 file support been added?

Nov 22, 2017 16:20
Ron Eldor

HI ming,
Unfortunately, no update on this feature as well. Mbed TLS does support partial PKCS12, as mentioned in this post in pkcs12.c.
Mbed TLS Team member