• Registered: 2025-04-14
  • Posts: 1

Topic: XMSS-signed certificates

Hi everyone,

I'm having trouble creating and signing certificates using XMSS keys.
I checked the source code of asn.c (https://github.com/wolfSSL/wolfssl/blob … /src/asn.c) and it seems like the MakeAnyCert function and therefore the wc_MakeCert_ex function don't support XMSS keys. I saw an older forked version where XMSS keys were accepted, was the support dropped? Is there any other way of creating and signing certificates using XMSS?

Best regards and thanks in advance!

Share

  • Registered: 2021-08-12
  • Posts: 129

Re: XMSS-signed certificates

Hi Sheondael,

My name is Anthony and I am a member of the wolfSSL team.  The wolfssl library has never supported XMSS in certificates.  The reason is because the use case for certificates would be for network protocols and XMSS is a stateful hash-based signature scheme.  The state makes it inappropriate for usage in network protocols. 

Where it is appropriate is in code and firmware signing.  As such we use it in our wolfBoot product.  In that case, no certificate is required.

That said, can you let us know your use case for XMSS in certificates?  Here at wolfSSL, we are always interested in how people are using our code and I would love to understand your need for XMSS in certificates.  Also, can you let us know your geographical location and whether this is out of professional, personal or academic interest?

Warm  regards, Anthony

Share