diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c
index 4cfcfe62b..afccbb378 100644
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -942,76 +942,3 @@ hx509_cms_decrypt_encrypted(hx509_context context,
     free_CMSEncryptedData(&ed);
     return ret;
 }
-
-#if 0
-static int
-_hx509_pkcs12_string2key(unsigned char id, heim_oid *alg, const char *pw, 
-			 const heim_octet_string *salt, size_t keysize,
-			 unsigned int iterations,
-			 heim_octet_string *key)
-{
-    int i;
-
-    if (heim_oid_cmp(alg, oid_id_pbewithSHAAnd40BitRC2_CBC()) != 0)
-	return EINVAL;
-
-    printf("encryption type: ");
-    for (i = 0; i < alg->length; i++)
-	printf("%d%s", alg->components[i], i < alg->length - 1 ? "." : "");
-    printf("\n");
-
-    SHA_CTX hash;
-    unsigned char pwbuf[128];
-    unsigned char B[64];
-    size_t pwlen = strlen(pw);
-    size_t have_bytes = 0;
-    unsigned char *p, hashout[20];
-
-    key->data = malloc(keysize);
-    if (key->data == NULL)
-	return ENOMEM;
-    key->length = keysize;
-
-    for (i = 0; i < 64; i++)
-	pwbuf[i] = ((const unsigned char *)salt->data)[i % salt->length];
-
-    /* 
-     * XXX This should really utf8/locale-string -> BMP string, time
-     * to import libwind.
-     */
-    for (i = 0; i < 64; i += 2) {
-	pwbuf[i + 64] = 0;
-	pwbuf[i + 64 + 1] = pw[i % (pwlen + 1)]; /* include trailing zero */
-    }
-
-    p = key->data;
-    while (1) {
-
-	SHA1_Init(&hash);
-	for (i = 0; i < 64; i++)
-	    SHA_Update(&hash, &id, 1);
-	SHA1_Update(&hash, &pwbuf, 128);
-	SHA1_Final(hashout, &hash);
-	
-	for (i = 1; i < iterations; i++) {
-	    SHA1_Init(&hash);
-	    SHA1_Update(&hash, hashout, 20);
-	    SHA1_Final(hashout, &hash);
-	}
-	memcpy(p, hashout, max(20, keysize - have_bytes));
-	p += 20;
-	have_bytes += 20;
-
-	if (have_bytes > keysize)
-	    break;
-
-	for (i = 0; i < 64; i++)
-	    B[i] = hashout[i % 20];
-
-	/* */
-
-    }
-
-    return 0;
-}
-#endif