diff --git a/swig/README b/swig/README
index d71cdb2b5..80a441640 100644
--- a/swig/README
+++ b/swig/README
@@ -15,6 +15,8 @@ Please send questions to support@wolfssl.com
     make
     sudo make install
 
+   NOTE: if you want to use pbkdf pkcs #12 algorithm you should build CyaSSL with --enable-pwdbased:
+   ./configure --disable-shared --enable-pwdbased CFLAGS=-fpic
 
 2) start the example server from the root directory
     ./examples/server/server -d
@@ -41,4 +43,3 @@ Please send questions to support@wolfssl.com
     python library that isn't included by default
 7) The outputs _wolfssl.pyd and wolfssl.py are the wolfssl import library
 8) Can now run python runme.py from the swig directory
-
diff --git a/swig/pbkdf_pkcs12.py b/swig/pbkdf_pkcs12.py
new file mode 100644
index 000000000..586042ebe
--- /dev/null
+++ b/swig/pbkdf_pkcs12.py
@@ -0,0 +1,44 @@
+"""A simple example how to use PBKDF PKCS #12 algorithm."""
+
+import wolfssl
+import os
+import random
+import string
+
+
+PASSWORD_LENGTH = 16
+SALT_LENGTH = 8
+KEY_LENGTH = 16
+ITERATIONS = 256
+SHA256 = 2  # Hashtype, stands for Sha256 in wolfssl.
+
+
+def to_c_byte_array(content):
+    output = wolfssl.byteArray(len(content))
+    for i, ch in enumerate(content):
+        output[i] = ord(ch)
+    return output
+
+
+password = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(PASSWORD_LENGTH))
+salt = os.urandom(SALT_LENGTH)
+key = wolfssl.byteArray(KEY_LENGTH)
+
+# params:
+# key :: bytearray output
+# passwd :: bytearray password that is used to derive the key
+# pLen :: password length
+# salt :: bytearray salt
+# sLen :: salt length
+# iterations :: number of iterations
+# kLen :: key length
+# hashType :: int, SHA256 stands for 2
+# purpose :: int, not really sure what it does, 1 was used in the tests
+wolfssl.wc_PKCS12_PBKDF(key, to_c_byte_array(password), PASSWORD_LENGTH, to_c_byte_array(salt), SALT_LENGTH, ITERATIONS,
+                        KEY_LENGTH, SHA256, 1)
+key = wolfssl.cdata(key, KEY_LENGTH)
+assert len(key) == KEY_LENGTH, "Generated key has length %s, whereas should have length %s" % (len(key), KEY_LENGTH)
+
+print 'Generated key: %s\nfor password: %s' % (key, password)
+print 'Bytes:'
+print [b for b in key]
diff --git a/swig/wolfssl.i b/swig/wolfssl.i
index 286e263e4..ca1492269 100644
--- a/swig/wolfssl.i
+++ b/swig/wolfssl.i
@@ -23,6 +23,7 @@
 %{
     #include <wolfssl/ssl.h>
     #include <wolfssl/wolfcrypt/rsa.h>
+    #include <wolfssl/wolfcrypt/pwdbased.h>
 
     /* defn adds */
     char* wolfSSL_error_string(int err);
@@ -44,6 +45,9 @@ int             wolfSSL_Init(void);
 char*           wolfSSL_error_string(int);
 int             wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
 
+int         wc_PKCS12_PBKDF(unsigned char* output, const unsigned char* passwd, int pLen, const unsigned char* salt,
+                        int sLen, int iterations, int kLen, int hashType, int purpose);
+
 int         wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng);
 
 int         wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);