identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5
identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1
+# "1.3.36.8.3.3"
+identified-organization 36 8 3 3 : x509ExtAdmission : Professional Information or basis for Admission
+
identified-organization 132 : certicom-arc
joint-iso-itu-t 23 : international-organizations : International Organizations
id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp
id-smime-aa 28 : id-smime-aa-signatureType
id-smime-aa 29 : id-smime-aa-dvcs-dvc
+id-smime-aa 47 : id-smime-aa-signingCertificateV2
# S/MIME Algorithm Identifiers
# obsolete
id-kp 24 : sendProxiedRouter : Send Proxied Router
id-kp 25 : sendOwner : Send Owner
id-kp 26 : sendProxiedOwner : Send Proxied Owner
+id-kp 27 : cmcCA : CMC Certificate Authority
+id-kp 28 : cmcRA : CMC Registration Authority
# CMP information types
id-it 1 : id-it-caProtEncCert
id-cmc 21 : id-cmc-queryPending
id-cmc 22 : id-cmc-popLinkRandom
id-cmc 23 : id-cmc-popLinkWitness
-id-cmc 24 : id-cmc-confirmCertAcceptance
+id-cmc 24 : id-cmc-confirmCertAcceptance
# other names
id-on 1 : id-on-personalData
X509 54 : dmdName :
X509 65 : : pseudonym
X509 72 : role : role
+X509 97 : : organizationIdentifier
+X509 98 : c3 : countryCode3c
+X509 99 : n3 : countryCode3n
+X509 100 : : dnsName
+
X500 8 : X500algorithms : directory services - algorithms
X500algorithms 1 1 : RSA : rsa
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
-# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and
+# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+# "Middle" names are specified to be id-sha256, id-sha384, etc., but
+# we adhere to unprefixed capitals for backward compatibility...
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1 : SHA256 : sha256
nist_hashalgs 2 : SHA384 : sha384
nist_hashalgs 3 : SHA512 : sha512
nist_hashalgs 4 : SHA224 : sha224
+nist_hashalgs 5 : SHA512-224 : sha512-224
+nist_hashalgs 6 : SHA512-256 : sha512-256
+nist_hashalgs 7 : SHA3-224 : sha3-224
+nist_hashalgs 8 : SHA3-256 : sha3-256
+nist_hashalgs 9 : SHA3-384 : sha3-384
+nist_hashalgs 10 : SHA3-512 : sha3-512
+nist_hashalgs 11 : SHAKE128 : shake128
+nist_hashalgs 12 : SHAKE256 : shake256
+nist_hashalgs 13 : id-hmacWithSHA3-224 : hmac-sha3-224
+nist_hashalgs 14 : id-hmacWithSHA3-256 : hmac-sha3-256
+nist_hashalgs 15 : id-hmacWithSHA3-384 : hmac-sha3-384
+nist_hashalgs 16 : id-hmacWithSHA3-512 : hmac-sha3-512
+# Below two are incomplete OIDs, to be uncommented when we figure out
+# how to handle them...
+# nist_hashalgs 17 : id-shake128-len : shake128-len
+# nist_hashalgs 18 : id-shake256-len : shake256-len
# OIDs for dsa-with-sha224 and dsa-with-sha256
!Alias dsa_with_sha2 nistAlgorithms 3
dsa_with_sha2 1 : dsa_with_SHA224
dsa_with_sha2 2 : dsa_with_SHA256
+# Above two belong below, but kept as they are for backward compatibility
+!Alias sigAlgs nistAlgorithms 3
+sigAlgs 3 : id-dsa-with-sha384 : dsa_with_SHA384
+sigAlgs 4 : id-dsa-with-sha512 : dsa_with_SHA512
+sigAlgs 5 : id-dsa-with-sha3-224 : dsa_with_SHA3-224
+sigAlgs 6 : id-dsa-with-sha3-256 : dsa_with_SHA3-256
+sigAlgs 7 : id-dsa-with-sha3-384 : dsa_with_SHA3-384
+sigAlgs 8 : id-dsa-with-sha3-512 : dsa_with_SHA3-512
+sigAlgs 9 : id-ecdsa-with-sha3-224 : ecdsa_with_SHA3-224
+sigAlgs 10 : id-ecdsa-with-sha3-256 : ecdsa_with_SHA3-256
+sigAlgs 11 : id-ecdsa-with-sha3-384 : ecdsa_with_SHA3-384
+sigAlgs 12 : id-ecdsa-with-sha3-512 : ecdsa_with_SHA3-512
+sigAlgs 13 : id-rsassa-pkcs1-v1_5-with-sha3-224 : RSA-SHA3-224
+sigAlgs 14 : id-rsassa-pkcs1-v1_5-with-sha3-256 : RSA-SHA3-256
+sigAlgs 15 : id-rsassa-pkcs1-v1_5-with-sha3-384 : RSA-SHA3-384
+sigAlgs 16 : id-rsassa-pkcs1-v1_5-with-sha3-512 : RSA-SHA3-512
# Hold instruction CRL entry extension
!Cname hold-instruction-code
# Definitions for Camellia cipher - ECB, CFB, OFB MODE
!Alias ntt-ds 0 3 4401 5
-!Alias camellia ntt-ds 3 1 9
+!Alias camellia ntt-ds 3 1 9
camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb
!Cname camellia-128-ofb128
: ARIA-192-CFB8 : aria-192-cfb8
: ARIA-256-CFB8 : aria-256-cfb8
+aria 37 : ARIA-128-CCM : aria-128-ccm
+aria 38 : ARIA-192-CCM : aria-192-ccm
+aria 39 : ARIA-256-CCM : aria-256-ccm
+aria 34 : ARIA-128-GCM : aria-128-gcm
+aria 35 : ARIA-192-GCM : aria-192-gcm
+aria 36 : ARIA-256-GCM : aria-256-gcm
+
# Definitions for SEED cipher - ECB, CBC, OFB mode
member-body 410 200004 : KISA : kisa
!Cname seed-ofb128
kisa 1 6 : SEED-OFB : seed-ofb
+
+# Definitions for SM4 cipher
+
+member-body 156 : ISO-CN : ISO CN Member Body
+ISO-CN 10197 : oscca
+oscca 1 : sm-scheme
+
+sm-scheme 104 1 : SM4-ECB : sm4-ecb
+sm-scheme 104 2 : SM4-CBC : sm4-cbc
+!Cname sm4-ofb128
+sm-scheme 104 3 : SM4-OFB : sm4-ofb
+!Cname sm4-cfb128
+sm-scheme 104 4 : SM4-CFB : sm4-cfb
+sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1
+sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8
+sm-scheme 104 7 : SM4-CTR : sm4-ctr
+
# There is no OID that just denotes "HMAC" oddly enough...
: HMAC : hmac
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
-1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
+1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
# ECDH schemes from RFC5753
!Alias x9-63-scheme 1 3 133 16 840 63 0
1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName
# SCRYPT algorithm
-1 3 6 1 4 1 11591 4 11 : id-scrypt
+!Cname id-scrypt
+1 3 6 1 4 1 11591 4 11 : id-scrypt : scrypt
# NID for TLS1 PRF
: TLS1-PRF : tls1-prf
id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
id-pkinit 5 : pkInitKDC : Signing KDC Response
-# New curves from draft-ietf-curdle-pkix-00
+# New algorithms from draft-ietf-curdle-pkix-04
1 3 101 110 : X25519
1 3 101 111 : X448
+1 3 101 112 : ED25519
+1 3 101 113 : ED448
+
# NIDs for cipher key exchange
: KxRSA : kx-rsa
: Poly1305 : poly1305
# NID for SipHash
: SipHash : siphash
+
+# NIDs for RFC7919 DH parameters
+ : ffdhe2048
+ : ffdhe3072
+ : ffdhe4096
+ : ffdhe6144
+ : ffdhe8192