Use of Password-Based Message Authentication Code 1 in PKCS #12 Syntax
RFC 9879, “Use of Password-Based Message Authentication Code 1 in PKCS #12 Syntax”, is an Informational document published in September 2025 by A. Kario. It updates RFC 7292, RFC 8018. It obsoletes RFC 9579. The canonical text is published by the RFC Editor.
Abstract
This document specifies additions and amendments to RFCs 7292 and 8018. It also obsoletes the RFC 9579. It defines a way to use the Password-Based Message Authentication Code 1 (PBMAC1), defined in RFC 8018, inside the PKCS #12 syntax. The purpose of this specification is to permit the use of more modern Password-Based Key Derivation Functions (PBKDFs) and allow for regulatory compliance.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9879 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9878 Updates to Private Header Extension Usage in Session Initiation Protocol Requests and Responses
- RFC 9877 Registration Data Access Protocol Extension for Geofeed Data
- RFC 9881 Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Module-Lattice-Based Digital Signature Algorithm
- RFC 9876 Updates to the IANA Registration Procedures for Constrained Application Protocol Content-Formats
- RFC 9882 Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax
- RFC 9875 HTTP Cache Groups
- RFC 9883 An Attribute for Statement of Possession of a Private Key
- RFC 9874 Best Practices for Deletion of Domain and Host Objects in the Extensible Provisioning Protocol