identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5
identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1
+# "1.3.36.8.3.3"
+identified-organization 36 8 3 3 : x509ExtAdmission : Professional Information or basis for Admission
+
identified-organization 132 : certicom-arc
joint-iso-itu-t 23 : international-organizations : International Organizations
id-smime-ct 7 : id-smime-ct-DVCSRequestData
id-smime-ct 8 : id-smime-ct-DVCSResponseData
id-smime-ct 9 : id-smime-ct-compressedData
+id-smime-ct 19 : id-smime-ct-contentCollection
+id-smime-ct 23 : id-smime-ct-authEnvelopedData
id-smime-ct 27 : id-ct-asciiTextWithCRLF
+id-smime-ct 28 : id-ct-xml
# S/MIME Attributes
id-smime-aa 1 : id-smime-aa-receiptRequest
id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp
id-smime-aa 28 : id-smime-aa-signatureType
id-smime-aa 29 : id-smime-aa-dvcs-dvc
+id-smime-aa 47 : id-smime-aa-signingCertificateV2
# S/MIME Algorithm Identifiers
# obsolete
!Cname sinfo-access
id-pe 11 : subjectInfoAccess : Subject Information Access
id-pe 14 : proxyCertInfo : Proxy Certificate Information
+id-pe 24 : tlsfeature : TLS Feature
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
!Cname OCSP-sign
id-kp 9 : OCSPSigning : OCSP Signing
id-kp 10 : DVCS : dvcs
+!Cname ipsec-IKE
+id-kp 17 : ipsecIKE : ipsec Internet Key Exchange
+id-kp 18 : capwapAC : Ctrl/provision WAP Access
+id-kp 19 : capwapWTP : Ctrl/Provision WAP Termination
+!Cname sshClient
+id-kp 21 : secureShellClient : SSH Client
+!Cname sshServer
+id-kp 22 : secureShellServer : SSH Server
+id-kp 23 : sendRouter : Send Router
+id-kp 24 : sendProxiedRouter : Send Proxied Router
+id-kp 25 : sendOwner : Send Owner
+id-kp 26 : sendProxiedOwner : Send Proxied Owner
# CMP information types
id-it 1 : id-it-caProtEncCert
1 3 36 3 2 1 : RIPEMD160 : ripemd160
1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
+1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512 : blake2b512
+1 3 6 1 4 1 1722 12 2 2 8 : BLAKE2s256 : blake2s256
+
!Cname sxnet
1 3 101 1 4 1 : SXNetID : Strong Extranet ID
X509 54 : dmdName :
X509 65 : : pseudonym
X509 72 : role : role
+X509 97 : : organizationIdentifier
+X509 98 : c3 : countryCode3c
+X509 99 : n3 : countryCode3n
+X509 100 : : dnsName
+
X500 8 : X500algorithms : directory services - algorithms
X500algorithms 1 1 : RSA : rsa
mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message
mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
-# What the hell are these OIDs, really?
-!Cname rle-compression
-1 1 1 1 666 1 : RLE : run length compression
+# RFC 3274
!Cname zlib-compression
id-smime-alg 8 : ZLIB : zlib compression
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
-# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and
+# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+# "Middle" names are specified to be id-sha256, id-sha384, etc., but
+# we adhere to unprefixed capitals for backward compatibility...
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1 : SHA256 : sha256
nist_hashalgs 2 : SHA384 : sha384
nist_hashalgs 3 : SHA512 : sha512
nist_hashalgs 4 : SHA224 : sha224
+nist_hashalgs 5 : SHA512-224 : sha512-224
+nist_hashalgs 6 : SHA512-256 : sha512-256
+nist_hashalgs 7 : SHA3-224 : sha3-224
+nist_hashalgs 8 : SHA3-256 : sha3-256
+nist_hashalgs 9 : SHA3-384 : sha3-384
+nist_hashalgs 10 : SHA3-512 : sha3-512
+nist_hashalgs 11 : SHAKE128 : shake128
+nist_hashalgs 12 : SHAKE256 : shake256
+nist_hashalgs 13 : id-hmacWithSHA3-224 : hmac-sha3-224
+nist_hashalgs 14 : id-hmacWithSHA3-256 : hmac-sha3-256
+nist_hashalgs 15 : id-hmacWithSHA3-384 : hmac-sha3-384
+nist_hashalgs 16 : id-hmacWithSHA3-512 : hmac-sha3-512
+# Below two are incomplete OIDs, to be uncommented when we figure out
+# how to handle them...
+# nist_hashalgs 17 : id-shake128-len : shake128-len
+# nist_hashalgs 18 : id-shake256-len : shake256-len
# OIDs for dsa-with-sha224 and dsa-with-sha256
!Alias dsa_with_sha2 nistAlgorithms 3
dsa_with_sha2 1 : dsa_with_SHA224
dsa_with_sha2 2 : dsa_with_SHA256
+# Above two belong below, but kept as they are for backward compatibility
+!Alias sigAlgs nistAlgorithms 3
+sigAlgs 3 : id-dsa-with-sha384 : dsa_with_SHA384
+sigAlgs 4 : id-dsa-with-sha512 : dsa_with_SHA512
+sigAlgs 5 : id-dsa-with-sha3-224 : dsa_with_SHA3-224
+sigAlgs 6 : id-dsa-with-sha3-256 : dsa_with_SHA3-256
+sigAlgs 7 : id-dsa-with-sha3-384 : dsa_with_SHA3-384
+sigAlgs 8 : id-dsa-with-sha3-512 : dsa_with_SHA3-512
+sigAlgs 9 : id-ecdsa-with-sha3-224 : ecdsa_with_SHA3-224
+sigAlgs 10 : id-ecdsa-with-sha3-256 : ecdsa_with_SHA3-256
+sigAlgs 11 : id-ecdsa-with-sha3-384 : ecdsa_with_SHA3-384
+sigAlgs 12 : id-ecdsa-with-sha3-512 : ecdsa_with_SHA3-512
+sigAlgs 13 : id-rsassa-pkcs1-v1_5-with-sha3-224 : RSA-SHA3-224
+sigAlgs 14 : id-rsassa-pkcs1-v1_5-with-sha3-256 : RSA-SHA3-256
+sigAlgs 15 : id-rsassa-pkcs1-v1_5-with-sha3-384 : RSA-SHA3-284
+sigAlgs 16 : id-rsassa-pkcs1-v1_5-with-sha3-512 : RSA-SHA3-512
# Hold instruction CRL entry extension
!Cname hold-instruction-code
member-body 643 2 2 : cryptopro
member-body 643 2 9 : cryptocom
+member-body 643 7 1 : id-tc26
cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
: gost89-cnt
+ : gost89-cnt-12
+ : gost89-cbc
+ : gost89-ecb
+ : gost89-ctr
!Cname id-Gost28147-89-MAC
cryptopro 22 : gost-mac : GOST 28147-89 MAC
+ : gost-mac-12
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+# TC26 GOST OIDs
+
+id-tc26 1 : id-tc26-algorithms
+id-tc26-algorithms 1 : id-tc26-sign
+!Cname id-GostR3410-2012-256
+id-tc26-sign 1 : gost2012_256: GOST R 34.10-2012 with 256 bit modulus
+!Cname id-GostR3410-2012-512
+id-tc26-sign 2 : gost2012_512: GOST R 34.10-2012 with 512 bit modulus
+
+id-tc26-algorithms 2 : id-tc26-digest
+!Cname id-GostR3411-2012-256
+id-tc26-digest 2 : md_gost12_256: GOST R 34.11-2012 with 256 bit hash
+!Cname id-GostR3411-2012-512
+id-tc26-digest 3 : md_gost12_512: GOST R 34.11-2012 with 512 bit hash
+
+id-tc26-algorithms 3 : id-tc26-signwithdigest
+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+
+id-tc26-algorithms 4 : id-tc26-mac
+id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
+id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
+
+id-tc26-algorithms 5 : id-tc26-cipher
+
+id-tc26-algorithms 6 : id-tc26-agreement
+id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
+id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
+
+id-tc26 2 : id-tc26-constants
+
+id-tc26-constants 1 : id-tc26-sign-constants
+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+
+id-tc26-constants 2 : id-tc26-digest-constants
+id-tc26-constants 5 : id-tc26-cipher-constants
+id-tc26-cipher-constants 1 : id-tc26-gost-28147-constants
+id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+
+member-body 643 3 131 1 1 : INN : INN
+member-body 643 100 1 : OGRN : OGRN
+member-body 643 100 3 : SNILS : SNILS
+member-body 643 100 111 : subjectSignTool : Signing Tool of Subject
+member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer
+
+#GOST R34.13-2015 Grasshopper "Kuznechik"
+ : grasshopper-ecb
+ : grasshopper-ctr
+ : grasshopper-ofb
+ : grasshopper-cbc
+ : grasshopper-cfb
+ : grasshopper-mac
+
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
: CAMELLIA-192-CFB8 : camellia-192-cfb8
: CAMELLIA-256-CFB8 : camellia-256-cfb8
+# Definitions for ARIA cipher
+
+!Alias aria 1 2 410 200046 1 1
+aria 1 : ARIA-128-ECB : aria-128-ecb
+aria 2 : ARIA-128-CBC : aria-128-cbc
+!Cname aria-128-cfb128
+aria 3 : ARIA-128-CFB : aria-128-cfb
+!Cname aria-128-ofb128
+aria 4 : ARIA-128-OFB : aria-128-ofb
+aria 5 : ARIA-128-CTR : aria-128-ctr
+
+aria 6 : ARIA-192-ECB : aria-192-ecb
+aria 7 : ARIA-192-CBC : aria-192-cbc
+!Cname aria-192-cfb128
+aria 8 : ARIA-192-CFB : aria-192-cfb
+!Cname aria-192-ofb128
+aria 9 : ARIA-192-OFB : aria-192-ofb
+aria 10 : ARIA-192-CTR : aria-192-ctr
+
+aria 11 : ARIA-256-ECB : aria-256-ecb
+aria 12 : ARIA-256-CBC : aria-256-cbc
+!Cname aria-256-cfb128
+aria 13 : ARIA-256-CFB : aria-256-cfb
+!Cname aria-256-ofb128
+aria 14 : ARIA-256-OFB : aria-256-ofb
+aria 15 : ARIA-256-CTR : aria-256-ctr
+
+# There are no OIDs for these ARIA modes...
+ : ARIA-128-CFB1 : aria-128-cfb1
+ : ARIA-192-CFB1 : aria-192-cfb1
+ : ARIA-256-CFB1 : aria-256-cfb1
+ : ARIA-128-CFB8 : aria-128-cfb8
+ : ARIA-192-CFB8 : aria-192-cfb8
+ : ARIA-256-CFB8 : aria-256-cfb8
+
# Definitions for SEED cipher - ECB, CBC, OFB mode
member-body 410 200004 : KISA : kisa
: AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
+ : ChaCha20-Poly1305 : chacha20-poly1305
+ : ChaCha20 : chacha20
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
1 3 6 1 4 1 311 60 2 1 1 : jurisdictionL : jurisdictionLocalityName
1 3 6 1 4 1 311 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName
1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName
+
+# SCRYPT algorithm
+1 3 6 1 4 1 11591 4 11 : id-scrypt
+
+# NID for TLS1 PRF
+ : TLS1-PRF : tls1-prf
+
+# NID for HKDF
+ : HKDF : hkdf
+
+# RFC 4556
+1 3 6 1 5 2 3 : id-pkinit
+id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
+id-pkinit 5 : pkInitKDC : Signing KDC Response
+
+# New algorithms from draft-ietf-curdle-pkix-04
+1 3 101 110 : X25519
+1 3 101 111 : X448
+1 3 101 112 : ED25519
+1 3 101 113 : ED448
+
+
+# NIDs for cipher key exchange
+ : KxRSA : kx-rsa
+ : KxECDHE : kx-ecdhe
+ : KxDHE : kx-dhe
+ : KxECDHE-PSK : kx-ecdhe-psk
+ : KxDHE-PSK : kx-dhe-psk
+ : KxRSA_PSK : kx-rsa-psk
+ : KxPSK : kx-psk
+ : KxSRP : kx-srp
+ : KxGOST : kx-gost
+ : KxANY : kx-any
+
+# NIDs for cipher authentication
+ : AuthRSA : auth-rsa
+ : AuthECDSA : auth-ecdsa
+ : AuthPSK : auth-psk
+ : AuthDSS : auth-dss
+ : AuthGOST01 : auth-gost01
+ : AuthGOST12 : auth-gost12
+ : AuthSRP : auth-srp
+ : AuthNULL : auth-null
+ : AuthANY : auth-any
+# NID for Poly1305
+ : Poly1305 : poly1305
+# NID for SipHash
+ : SipHash : siphash