Stateful Hash-Based Signatures (LMS and XMSS) in X.509 Certificates

wolfSSL now supports the stateful hash-based signature schemes LMS/HSS and XMSS/XMSS^MT in X.509 certificates, following RFC 9802.

What’s New

Both sides of the certificate lifecycle are covered:

  • Generation – Sign certificates and CSRs with an LMS/HSS or XMSS/XMSS^MT key, encoded exactly as RFC 9802 specifies.
  • Verification – Parse and verify certificate chains that use these schemes.

Following RFC 9802 means wolfSSL certificates interoperate with other compliant implementations in both directions.

Why It Matters

Hash-based signatures are among the most conservative post-quantum options: their security rests only on the underlying hash function. The stateful schemes add one advantage over stateless SLH-DSA — much smaller signatures — at the cost of state you must never reuse.

That trade-off makes them an ideal fit for CA certificates: a CA signs infrequently in a controlled environment where state is easy to manage, its keys are long-lived trust anchors, and the smaller signatures keep chain sizes down.

Availability

Available in wolfSSL today. Combined with wolfCrypt’s existing LMS and XMSS support, you have an end-to-end path from key generation through certificate issuance and verification.

Questions? Reach us at facts@wolfssl.com or support@wolfssl.com, or +1 425 245 8247.

Download from our download page or clone it from GitHub.