iso 3 : identified-organization
+# GMAC OID
+iso 0 9797 3 4 : GMAC : gmac
+
# HMAC OIDs
identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5
identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1
+# "1.3.36.8.3.3"
+identified-organization 36 8 3 3 : x509ExtAdmission : Professional Information or basis for Admission
+
identified-organization 132 : certicom-arc
+identified-organization 111 : ieee
+ieee 2 1619 : ieee-siswg : IEEE Security in Storage Working Group
+
joint-iso-itu-t 23 : international-organizations : International Organizations
international-organizations 43 : wap
ISO-US 10040 : X9-57 : X9.57
X9-57 4 : X9cm : X9.57 CM ?
+member-body 156 : ISO-CN : ISO CN Member Body
+ISO-CN 10197 : oscca
+oscca 1 : sm-scheme
+
!Cname dsa
X9cm 1 : DSA : dsaEncryption
X9cm 3 : DSA-SHA1 : dsaWithSHA1
pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
+pkcs1 15 : RSA-SHA512/224 : sha512-224WithRSAEncryption
+pkcs1 16 : RSA-SHA512/256 : sha512-256WithRSAEncryption
pkcs 3 : pkcs3
pkcs3 1 : : dhKeyAgreement
id-smime-ct 7 : id-smime-ct-DVCSRequestData
id-smime-ct 8 : id-smime-ct-DVCSResponseData
id-smime-ct 9 : id-smime-ct-compressedData
+id-smime-ct 19 : id-smime-ct-contentCollection
+id-smime-ct 23 : id-smime-ct-authEnvelopedData
+id-smime-ct 24 : id-ct-routeOriginAuthz
+id-smime-ct 26 : id-ct-rpkiManifest
id-smime-ct 27 : id-ct-asciiTextWithCRLF
+id-smime-ct 28 : id-ct-xml
+id-smime-ct 35 : id-ct-rpkiGhostbusters
+id-smime-ct 36 : id-ct-resourceTaggedAttest
+id-smime-ct 47 : id-ct-geofeedCSVwithCRLF
+id-smime-ct 48 : id-ct-signedChecklist
+id-smime-ct 49 : id-ct-ASPA
+id-smime-ct 50 : id-ct-signedTAL
+id-smime-ct 51 : id-ct-rpkiSignedPrefixList
# S/MIME Attributes
id-smime-aa 1 : id-smime-aa-receiptRequest
id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp
id-smime-aa 28 : id-smime-aa-signatureType
id-smime-aa 29 : id-smime-aa-dvcs-dvc
+id-smime-aa 44 : id-aa-ets-attrCertificateRefs
+id-smime-aa 45 : id-aa-ets-attrRevocationRefs
+id-smime-aa 47 : id-smime-aa-signingCertificateV2
+id-smime-aa 48 : id-aa-ets-archiveTimestampV2
# S/MIME Algorithm Identifiers
# obsolete
pkcs9 20 : : friendlyName
pkcs9 21 : : localKeyID
+!Alias ms-corp 1 3 6 1 4 1 311
!Cname ms-csp-name
-1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name
-1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set
+ms-corp 17 1 : CSPName : Microsoft CSP Name
+ms-corp 17 2 : LocalKeySet : Microsoft Local Key set
!Alias certTypes pkcs9 22
certTypes 1 : : x509Certificate
certTypes 2 : : sdsiCertificate
!Alias crlTypes pkcs9 23
crlTypes 1 : : x509Crl
+pkcs9 52 : id-aa-CMSAlgorithmProtection
+
!Alias pkcs12 pkcs 12
!Alias pkcs12-pbeids pkcs12 1
rsadsi 2 6 : : hmacWithMD5
rsadsi 2 7 : : hmacWithSHA1
+sm-scheme 301 : SM2 : sm2
+
+sm-scheme 401 : SM3 : sm3
+sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption
+
+sm-scheme 501 : SM2-SM3 : SM2-with-SM3
+
+# From GM/T 0091-2020
+sm3 3 1 : : hmacWithSM3
+
# From RFC4231
rsadsi 2 8 : : hmacWithSHA224
rsadsi 2 9 : : hmacWithSHA256
rsadsi 2 10 : : hmacWithSHA384
rsadsi 2 11 : : hmacWithSHA512
+# From RFC8018
+rsadsi 2 12 : : hmacWithSHA512-224
+rsadsi 2 13 : : hmacWithSHA512-256
+
rsadsi 3 2 : RC2-CBC : rc2-cbc
: RC2-ECB : rc2-ecb
!Cname rc2-cfb64
: RC5-OFB : rc5-ofb
!Cname ms-ext-req
-1 3 6 1 4 1 311 2 1 14 : msExtReq : Microsoft Extension Request
+ms-corp 2 1 14 : msExtReq : Microsoft Extension Request
!Cname ms-code-ind
-1 3 6 1 4 1 311 2 1 21 : msCodeInd : Microsoft Individual Code Signing
+ms-corp 2 1 21 : msCodeInd : Microsoft Individual Code Signing
!Cname ms-code-com
-1 3 6 1 4 1 311 2 1 22 : msCodeCom : Microsoft Commercial Code Signing
+ms-corp 2 1 22 : msCodeCom : Microsoft Commercial Code Signing
!Cname ms-ctl-sign
-1 3 6 1 4 1 311 10 3 1 : msCTLSign : Microsoft Trust List Signing
+ms-corp 10 3 1 : msCTLSign : Microsoft Trust List Signing
!Cname ms-sgc
-1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto
+ms-corp 10 3 3 : msSGC : Microsoft Server Gated Crypto
!Cname ms-efs
-1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System
+ms-corp 10 3 4 : msEFS : Microsoft Encrypted File System
!Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin
+ms-corp 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login
!Cname ms-upn
-1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name
+ms-corp 20 2 3 : msUPN : Microsoft User Principal Name
+
+ms-corp 25 2 : ms-ntds-sec-ext : Microsoft NTDS CA Extension
+ms-corp 25 2 1 : ms-ntds-obj-sid : Microsoft NTDS AD objectSid
+ms-corp 21 7 : ms-cert-templ : Microsoft certificate template
+ms-corp 21 10 : ms-app-policies : Microsoft Application Policies Extension
1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc
: IDEA-ECB : idea-ecb
id-pkix 9 : id-pda
id-pkix 10 : id-aca
id-pkix 11 : id-qcs
+id-pkix 14 : id-cp
id-pkix 12 : id-cct
id-pkix 21 : id-ppl
id-pkix 48 : id-ad
id-pkix-mod 14 : id-mod-ocsp
id-pkix-mod 15 : id-mod-dvcs
id-pkix-mod 16 : id-mod-cmp2000
+id-pkix-mod 50 : id-mod-cmp2000-02
+id-pkix-mod 99 : id-mod-cmp2021-88
+id-pkix-mod 100 : id-mod-cmp2021-02
# PKIX Private Extensions
!Cname info-access
!Cname sinfo-access
id-pe 11 : subjectInfoAccess : Subject Information Access
id-pe 14 : proxyCertInfo : Proxy Certificate Information
+id-pe 24 : tlsfeature : TLS Feature
+id-pe 28 : sbgp-ipAddrBlockv2
+id-pe 29 : sbgp-autonomousSysNumv2
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
id-qt 2 : id-qt-unotice : Policy Qualifier User Notice
id-qt 3 : textNotice
+# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
# PKIX key purpose identifiers
!Cname server-auth
id-kp 1 : serverAuth : TLS Web Server Authentication
!Cname OCSP-sign
id-kp 9 : OCSPSigning : OCSP Signing
id-kp 10 : DVCS : dvcs
-
+!Cname ipsec-IKE
+id-kp 17 : ipsecIKE : ipsec Internet Key Exchange
+id-kp 18 : capwapAC : Ctrl/provision WAP Access
+id-kp 19 : capwapWTP : Ctrl/Provision WAP Termination
+!Cname sshClient
+id-kp 21 : secureShellClient : SSH Client
+!Cname sshServer
+id-kp 22 : secureShellServer : SSH Server
+id-kp 23 : sendRouter : Send Router
+id-kp 24 : sendProxiedRouter : Send Proxied Router
+id-kp 25 : sendOwner : Send Owner
+id-kp 26 : sendProxiedOwner : Send Proxied Owner
+id-kp 27 : cmcCA : CMC Certificate Authority
+id-kp 28 : cmcRA : CMC Registration Authority
+id-kp 29 : cmcArchive : CMC Archive Server
+id-kp 30 : id-kp-bgpsec-router : BGPsec Router
+id-kp 31 : id-kp-BrandIndicatorforMessageIdentification : Brand Indicator for Message Identification
+id-kp 32 : cmKGA : Certificate Management Key Generation Authority
+
+# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4
# CMP information types
id-it 1 : id-it-caProtEncCert
id-it 2 : id-it-signKeyPairTypes
id-it 5 : id-it-caKeyUpdateInfo
id-it 6 : id-it-currentCRL
id-it 7 : id-it-unsupportedOIDs
-# obsolete
+# [Reserved and Obsolete]:
id-it 8 : id-it-subscriptionRequest
-# obsolete
+# [Reserved and Obsolete]:
id-it 9 : id-it-subscriptionResponse
id-it 10 : id-it-keyPairParamReq
id-it 11 : id-it-keyPairParamRep
id-it 14 : id-it-confirmWaitTime
id-it 15 : id-it-origPKIMessage
id-it 16 : id-it-suppLangTags
+id-it 17 : id-it-caCerts
+id-it 18 : id-it-rootCaKeyUpdate
+id-it 19 : id-it-certReqTemplate
+id-it 20 : id-it-rootCaCert
+id-it 21 : id-it-certProfile
+id-it 22 : id-it-crlStatusList
+id-it 23 : id-it-crls
# CRMF registration
id-pkip 1 : id-regCtrl
id-regCtrl 4 : id-regCtrl-pkiArchiveOptions
id-regCtrl 5 : id-regCtrl-oldCertID
id-regCtrl 6 : id-regCtrl-protocolEncrKey
+id-regCtrl 7 : id-regCtrl-altCertTemplate
+# id-regCtrl 8 : id-regCtrl-wtlsTemplate [Reserved and Obsolete]
+# id-regCtrl 9 : id-regCtrl-regTokenUTF8 [Reserved and Obsolete]
+# id-regCtrl 10 : id-regCtrl-authenticatorUTF8 [Reserved and Obsolete]
+id-regCtrl 11 : id-regCtrl-algId
+id-regCtrl 12 : id-regCtrl-rsaKeyLen
# CRMF registration information
id-regInfo 1 : id-regInfo-utf8Pairs
id-cmc 21 : id-cmc-queryPending
id-cmc 22 : id-cmc-popLinkRandom
id-cmc 23 : id-cmc-popLinkWitness
-id-cmc 24 : id-cmc-confirmCertAcceptance
+id-cmc 24 : id-cmc-confirmCertAcceptance
# other names
id-on 1 : id-on-personalData
id-on 3 : id-on-permanentIdentifier : Permanent Identifier
+id-on 5 : id-on-xmppAddr : XmppAddr
+id-on 7 : id-on-dnsSRV : SRVName
+id-on 8 : id-on-NAIRealm : NAIRealm
+id-on 9 : id-on-SmtpUTF8Mailbox : Smtp UTF8 Mailbox
# personal data attributes
id-pda 1 : id-pda-dateOfBirth
# qualified certificate statements
id-qcs 1 : id-qcs-pkixQCSyntax-v1
+# PKIX Certificate Policies
+id-cp 2 : ipAddr-asNumber
+id-cp 3 : ipAddr-asNumberv2
+
# CMC content types
id-cct 1 : id-cct-crs
id-cct 2 : id-cct-PKIData
!Cname ad-dvcs
id-ad 4 : AD_DVCS : ad dvcs
id-ad 5 : caRepository : CA Repository
-
+id-ad 10 : rpkiManifest : RPKI Manifest
+id-ad 11 : signedObject : Signed Object
+id-ad 13 : rpkiNotify : RPKI Notify
!Alias id-pkix-OCSP ad-OCSP
!module id-pkix-OCSP
1 3 36 3 2 1 : RIPEMD160 : ripemd160
1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
+1 3 6 1 4 1 1722 12 2 1 : BLAKE2BMAC : blake2bmac
+1 3 6 1 4 1 1722 12 2 2 : BLAKE2SMAC : blake2smac
+blake2bmac 16 : BLAKE2b512 : blake2b512
+blake2smac 8 : BLAKE2s256 : blake2s256
+
!Cname sxnet
1 3 101 1 4 1 : SXNetID : Strong Extranet ID
X509 54 : dmdName :
X509 65 : : pseudonym
X509 72 : role : role
+X509 97 : : organizationIdentifier
+X509 98 : c3 : countryCode3c
+X509 99 : n3 : countryCode3n
+X509 100 : : dnsName
+
X500 8 : X500algorithms : directory services - algorithms
X500algorithms 1 1 : RSA : rsa
!Cname delta-crl
id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
!Cname issuing-distribution-point
-id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point
+id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distribution Point
!Cname certificate-issuer
id-ce 29 : certificateIssuer : X509v3 Certificate Issuer
!Cname name-constraints
id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
+!Cname authority-attribute-identifier
+id-ce 38 : authorityAttributeIdentifier : X509v3 Authority Attribute Identifier
+!Cname role-spec-cert-identifier
+id-ce 39 : roleSpecCertIdentifier : X509v3 Role Specification Certificate Identifier
+!Cname basic-att-constraints
+id-ce 41 : basicAttConstraints : X509v3 Basic Attribute Certificate Constraints
+!Cname delegated-name-constraints
+id-ce 42 : delegatedNameConstraints : X509v3 Delegated Name Constraints
+!Cname time-specification
+id-ce 43 : timeSpecification : X509v3 Time Specification
!Cname freshest-crl
id-ce 46 : freshestCRL : X509v3 Freshest CRL
+!Cname attribute-descriptor
+id-ce 48 : attributeDescriptor : X509v3 Attribute Descriptor
+!Cname user-notice
+id-ce 49 : userNotice : X509v3 User Notice
+!Cname soa-identifier
+id-ce 50 : sOAIdentifier : X509v3 Source of Authority Identifier
+!Cname acceptable-cert-policies
+id-ce 52 : acceptableCertPolicies : X509v3 Acceptable Certification Policies
!Cname inhibit-any-policy
id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy
!Cname target-information
id-ce 55 : targetInformation : X509v3 AC Targeting
!Cname no-rev-avail
id-ce 56 : noRevAvail : X509v3 No Revocation Available
+!Cname acceptable-privilege-policies
+id-ce 57 : acceptablePrivPolicies : X509v3 Acceptable Privilege Policies
+!Cname indirect-issuer
+id-ce 61 : indirectIssuer : X509v3 Indirect Issuer
+!Cname no-assertion
+id-ce 62 : noAssertion : X509v3 No Assertion
+!Cname id-aa-issuing-distribution-point
+id-ce 63 : aAissuingDistributionPoint : X509v3 Attribute Authority Issuing Distribution Point
+!Cname issued-on-behalf-of
+id-ce 64 : issuedOnBehalfOf : X509v3 Issued On Behalf Of
+!Cname single-use
+id-ce 65 : singleUse : X509v3 Single Use
+!Cname group-ac
+id-ce 66 : groupAC : X509v3 Group Attribute Certificate
+!Cname allowed-attribute-assignments
+id-ce 67 : allowedAttributeAssignments : X509v3 Allowed Attribute Assignments
+!Cname attribute-mappings
+id-ce 68 : attributeMappings : X509v3 Attribute Mappings
+!Cname holder-name-constraints
+id-ce 69 : holderNameConstraints : X509v3 Holder Name Constraints
+!Cname authorization-validation
+id-ce 70 : authorizationValidation : X509v3 Authorization Validation
+!Cname prot-restrict
+id-ce 71 : protRestrict : X509v3 Protocol Restriction
+!Cname subject-alt-public-key-info
+id-ce 72 : subjectAltPublicKeyInfo : X509v3 Subject Alternative Public Key Info
+!Cname alt-signature-algorithm
+id-ce 73 : altSignatureAlgorithm : X509v3 Alternative Signature Algorithm
+!Cname alt-signature-value
+id-ce 74 : altSignatureValue : X509v3 Alternative Signature Value
+!Cname associated-information
+id-ce 75 : associatedInformation : X509v3 Associated Information
# From RFC5280
ext-key-usage 0 : anyExtendedKeyUsage : Any Extended Key Usage
# Documents refer to "internet 7" as "mail". This however leads to ambiguities
# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
# rfc822Mailbox. The short name is therefore here left out for a reason.
-# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# Subclasses of "mail", e.g. "MIME MHS" don't constitute a problem, as
# references are realized via long name "Mail" (with capital M).
internet 7 : : Mail
mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message
mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
-# What the hell are these OIDs, really?
-!Cname rle-compression
-1 1 1 1 666 1 : RLE : run length compression
+# RFC 3274
!Cname zlib-compression
id-smime-alg 8 : ZLIB : zlib compression
aes 47 : id-aes256-CCM : aes-256-ccm
aes 48 : id-aes256-wrap-pad
+ieee-siswg 0 1 1 : AES-128-XTS : aes-128-xts
+ieee-siswg 0 1 2 : AES-256-XTS : aes-256-xts
+
# There are no OIDs for these modes...
: AES-128-CFB1 : aes-128-cfb1
: AES-128-CTR : aes-128-ctr
: AES-192-CTR : aes-192-ctr
: AES-256-CTR : aes-256-ctr
- : AES-128-XTS : aes-128-xts
- : AES-256-XTS : aes-256-xts
+ : AES-128-OCB : aes-128-ocb
+ : AES-192-OCB : aes-192-ocb
+ : AES-256-OCB : aes-256-ocb
: DES-CFB1 : des-cfb1
: DES-CFB8 : des-cfb8
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
-# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and
+# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+# "Middle" names are specified to be id-sha256, id-sha384, etc., but
+# we adhere to unprefixed capitals for backward compatibility...
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1 : SHA256 : sha256
nist_hashalgs 2 : SHA384 : sha384
nist_hashalgs 3 : SHA512 : sha512
nist_hashalgs 4 : SHA224 : sha224
+nist_hashalgs 5 : SHA512-224 : sha512-224
+nist_hashalgs 6 : SHA512-256 : sha512-256
+nist_hashalgs 7 : SHA3-224 : sha3-224
+nist_hashalgs 8 : SHA3-256 : sha3-256
+nist_hashalgs 9 : SHA3-384 : sha3-384
+nist_hashalgs 10 : SHA3-512 : sha3-512
+nist_hashalgs 11 : SHAKE128 : shake128
+nist_hashalgs 12 : SHAKE256 : shake256
+nist_hashalgs 13 : id-hmacWithSHA3-224 : hmac-sha3-224
+nist_hashalgs 14 : id-hmacWithSHA3-256 : hmac-sha3-256
+nist_hashalgs 15 : id-hmacWithSHA3-384 : hmac-sha3-384
+nist_hashalgs 16 : id-hmacWithSHA3-512 : hmac-sha3-512
+# Below two are incomplete OIDs, to be uncommented when we figure out
+# how to handle them...
+# nist_hashalgs 17 : id-shake128-len : shake128-len
+# nist_hashalgs 18 : id-shake256-len : shake256-len
+nist_hashalgs 19 : KMAC128 : kmac128
+nist_hashalgs 20 : KMAC256 : kmac256
+# nist_hashalgs 21 : KMAC128-XOF : kmac128-xof
+# nist_hashalgs 22 : KMAC256-XOF : kmac256-xof
# OIDs for dsa-with-sha224 and dsa-with-sha256
!Alias dsa_with_sha2 nistAlgorithms 3
dsa_with_sha2 1 : dsa_with_SHA224
dsa_with_sha2 2 : dsa_with_SHA256
+# Above two belong below, but kept as they are for backward compatibility
+!Alias sigAlgs nistAlgorithms 3
+sigAlgs 3 : id-dsa-with-sha384 : dsa_with_SHA384
+sigAlgs 4 : id-dsa-with-sha512 : dsa_with_SHA512
+sigAlgs 5 : id-dsa-with-sha3-224 : dsa_with_SHA3-224
+sigAlgs 6 : id-dsa-with-sha3-256 : dsa_with_SHA3-256
+sigAlgs 7 : id-dsa-with-sha3-384 : dsa_with_SHA3-384
+sigAlgs 8 : id-dsa-with-sha3-512 : dsa_with_SHA3-512
+sigAlgs 9 : id-ecdsa-with-sha3-224 : ecdsa_with_SHA3-224
+sigAlgs 10 : id-ecdsa-with-sha3-256 : ecdsa_with_SHA3-256
+sigAlgs 11 : id-ecdsa-with-sha3-384 : ecdsa_with_SHA3-384
+sigAlgs 12 : id-ecdsa-with-sha3-512 : ecdsa_with_SHA3-512
+sigAlgs 13 : id-rsassa-pkcs1-v1_5-with-sha3-224 : RSA-SHA3-224
+sigAlgs 14 : id-rsassa-pkcs1-v1_5-with-sha3-256 : RSA-SHA3-256
+sigAlgs 15 : id-rsassa-pkcs1-v1_5-with-sha3-384 : RSA-SHA3-384
+sigAlgs 16 : id-rsassa-pkcs1-v1_5-with-sha3-512 : RSA-SHA3-512
# Hold instruction CRL entry extension
!Cname hold-instruction-code
# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of
# them are also mentioned in RFC 2247
+# OIDs specific to Electronic Signature Standard/CAdES are as specified in
+# ETSI EN 319 122-1 V1.2.1 (2021-10):
+# Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
+# Part 1: Building blocks and CAdES baseline signatures
+itu-t 4 : itu-t-identified-organization
+itu-t-identified-organization 0: etsi
+etsi 1733 : electronic-signature-standard
+electronic-signature-standard 2: ess-attributes
+ess-attributes 1 : id-aa-ets-mimeType
+ess-attributes 2 : id-aa-ets-longTermValidation
+ess-attributes 3 : id-aa-ets-SignaturePolicyDocument
+ess-attributes 4 : id-aa-ets-archiveTimestampV3
+ess-attributes 5 : id-aa-ATSHashIndex
+etsi 19122 : cades
+cades 1 : cades-attributes
+cades-attributes 1 : id-aa-ets-signerAttrV2
+cades-attributes 3 : id-aa-ets-sigPolicyStore
+cades-attributes 4 : id-aa-ATSHashIndex-v2
+cades-attributes 5 : id-aa-ATSHashIndex-v3
+cades-attributes 6 : signedAssertion
+
itu-t 9 : data
data 2342 : pss
pss 19200300 : ucl
pilotAttributeType 41 : : mobileTelephoneNumber
pilotAttributeType 42 : : pagerTelephoneNumber
pilotAttributeType 43 : : friendlyCountryName
-# The following clashes with 2.5.4.45, so commented away
-#pilotAttributeType 44 : uid : uniqueIdentifier
+pilotAttributeType 44 : uid : uniqueIdentifier
pilotAttributeType 45 : : organizationalStatus
pilotAttributeType 46 : : janetMailbox
pilotAttributeType 47 : : mailPreferenceOption
member-body 643 2 2 : cryptopro
member-body 643 2 9 : cryptocom
+member-body 643 7 1 : id-tc26
cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
: gost89-cnt
+ : gost89-cnt-12
+ : gost89-cbc
+ : gost89-ecb
+ : gost89-ctr
!Cname id-Gost28147-89-MAC
cryptopro 22 : gost-mac : GOST 28147-89 MAC
+ : gost-mac-12
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+# TC26 GOST OIDs
+
+id-tc26 1 : id-tc26-algorithms
+id-tc26-algorithms 1 : id-tc26-sign
+!Cname id-GostR3410-2012-256
+id-tc26-sign 1 : gost2012_256: GOST R 34.10-2012 with 256 bit modulus
+!Cname id-GostR3410-2012-512
+id-tc26-sign 2 : gost2012_512: GOST R 34.10-2012 with 512 bit modulus
+
+id-tc26-algorithms 2 : id-tc26-digest
+!Cname id-GostR3411-2012-256
+id-tc26-digest 2 : md_gost12_256: GOST R 34.11-2012 with 256 bit hash
+!Cname id-GostR3411-2012-512
+id-tc26-digest 3 : md_gost12_512: GOST R 34.11-2012 with 512 bit hash
+
+id-tc26-algorithms 3 : id-tc26-signwithdigest
+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+
+id-tc26-algorithms 4 : id-tc26-mac
+id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
+id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
+
+id-tc26-algorithms 5 : id-tc26-cipher
+id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma
+id-tc26-cipher-gostr3412-2015-magma 1 : magma-ctr-acpkm
+id-tc26-cipher-gostr3412-2015-magma 2 : magma-ctr-acpkm-omac
+id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik
+id-tc26-cipher-gostr3412-2015-kuznyechik 1 : kuznyechik-ctr-acpkm
+id-tc26-cipher-gostr3412-2015-kuznyechik 2 : kuznyechik-ctr-acpkm-omac
+
+id-tc26-algorithms 6 : id-tc26-agreement
+id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
+id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
+
+id-tc26-algorithms 7 : id-tc26-wrap
+id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma
+id-tc26-wrap-gostr3412-2015-magma 1 : magma-kexp15
+id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik
+id-tc26-wrap-gostr3412-2015-kuznyechik 1 : kuznyechik-kexp15
+
+id-tc26 2 : id-tc26-constants
+
+id-tc26-constants 1 : id-tc26-sign-constants
+id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants
+id-tc26-gost-3410-2012-256-constants 1 : id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A
+id-tc26-gost-3410-2012-256-constants 2 : id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B
+id-tc26-gost-3410-2012-256-constants 3 : id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C
+id-tc26-gost-3410-2012-256-constants 4 : id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D
+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+id-tc26-gost-3410-2012-512-constants 3 : id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C
+
+id-tc26-constants 2 : id-tc26-digest-constants
+id-tc26-constants 5 : id-tc26-cipher-constants
+id-tc26-cipher-constants 1 : id-tc26-gost-28147-constants
+id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+
+member-body 643 3 131 1 1 : INN : INN
+member-body 643 100 1 : OGRN : OGRN
+member-body 643 100 3 : SNILS : SNILS
+member-body 643 100 5 : OGRNIP : OGRNIP
+member-body 643 100 111 : subjectSignTool : Signing Tool of Subject
+member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer
+member-body 643 100 113 : classSignTool : Class of Signing Tool
+member-body 643 100 113 1 : classSignToolKC1 : Class of Signing Tool KC1
+member-body 643 100 113 2 : classSignToolKC2 : Class of Signing Tool KC2
+member-body 643 100 113 3 : classSignToolKC3 : Class of Signing Tool KC3
+member-body 643 100 113 4 : classSignToolKB1 : Class of Signing Tool KB1
+member-body 643 100 113 5 : classSignToolKB2 : Class of Signing Tool KB2
+member-body 643 100 113 6 : classSignToolKA1 : Class of Signing Tool KA1
+
+#GOST R34.13-2015 Grasshopper "Kuznechik"
+ : kuznyechik-ecb
+ : kuznyechik-ctr
+ : kuznyechik-ofb
+ : kuznyechik-cbc
+ : kuznyechik-cfb
+ : kuznyechik-mac
+
+#GOST R34.13-2015 Magma
+ : magma-ecb
+ : magma-ctr
+ : magma-ofb
+ : magma-cbc
+ : magma-cfb
+ : magma-mac
+
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
# Definitions for Camellia cipher - ECB, CFB, OFB MODE
!Alias ntt-ds 0 3 4401 5
-!Alias camellia ntt-ds 3 1 9
+!Alias camellia ntt-ds 3 1 9
camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb
!Cname camellia-128-ofb128
camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb
!Cname camellia-128-cfb128
camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb
+camellia 6 : CAMELLIA-128-GCM : camellia-128-gcm
+camellia 7 : CAMELLIA-128-CCM : camellia-128-ccm
+camellia 9 : CAMELLIA-128-CTR : camellia-128-ctr
+camellia 10 : CAMELLIA-128-CMAC : camellia-128-cmac
camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb
!Cname camellia-192-ofb128
camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb
!Cname camellia-192-cfb128
camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb
+camellia 26 : CAMELLIA-192-GCM : camellia-192-gcm
+camellia 27 : CAMELLIA-192-CCM : camellia-192-ccm
+camellia 29 : CAMELLIA-192-CTR : camellia-192-ctr
+camellia 30 : CAMELLIA-192-CMAC : camellia-192-cmac
camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb
!Cname camellia-256-ofb128
camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb
!Cname camellia-256-cfb128
camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb
+camellia 46 : CAMELLIA-256-GCM : camellia-256-gcm
+camellia 47 : CAMELLIA-256-CCM : camellia-256-ccm
+camellia 49 : CAMELLIA-256-CTR : camellia-256-ctr
+camellia 50 : CAMELLIA-256-CMAC : camellia-256-cmac
# There are no OIDs for these modes...
: CAMELLIA-192-CFB8 : camellia-192-cfb8
: CAMELLIA-256-CFB8 : camellia-256-cfb8
+# Definitions for ARIA cipher
+
+!Alias aria 1 2 410 200046 1 1
+aria 1 : ARIA-128-ECB : aria-128-ecb
+aria 2 : ARIA-128-CBC : aria-128-cbc
+!Cname aria-128-cfb128
+aria 3 : ARIA-128-CFB : aria-128-cfb
+!Cname aria-128-ofb128
+aria 4 : ARIA-128-OFB : aria-128-ofb
+aria 5 : ARIA-128-CTR : aria-128-ctr
+
+aria 6 : ARIA-192-ECB : aria-192-ecb
+aria 7 : ARIA-192-CBC : aria-192-cbc
+!Cname aria-192-cfb128
+aria 8 : ARIA-192-CFB : aria-192-cfb
+!Cname aria-192-ofb128
+aria 9 : ARIA-192-OFB : aria-192-ofb
+aria 10 : ARIA-192-CTR : aria-192-ctr
+
+aria 11 : ARIA-256-ECB : aria-256-ecb
+aria 12 : ARIA-256-CBC : aria-256-cbc
+!Cname aria-256-cfb128
+aria 13 : ARIA-256-CFB : aria-256-cfb
+!Cname aria-256-ofb128
+aria 14 : ARIA-256-OFB : aria-256-ofb
+aria 15 : ARIA-256-CTR : aria-256-ctr
+
+# There are no OIDs for these ARIA modes...
+ : ARIA-128-CFB1 : aria-128-cfb1
+ : ARIA-192-CFB1 : aria-192-cfb1
+ : ARIA-256-CFB1 : aria-256-cfb1
+ : ARIA-128-CFB8 : aria-128-cfb8
+ : ARIA-192-CFB8 : aria-192-cfb8
+ : ARIA-256-CFB8 : aria-256-cfb8
+
+aria 37 : ARIA-128-CCM : aria-128-ccm
+aria 38 : ARIA-192-CCM : aria-192-ccm
+aria 39 : ARIA-256-CCM : aria-256-ccm
+aria 34 : ARIA-128-GCM : aria-128-gcm
+aria 35 : ARIA-192-GCM : aria-192-gcm
+aria 36 : ARIA-256-GCM : aria-256-gcm
+
# Definitions for SEED cipher - ECB, CBC, OFB mode
member-body 410 200004 : KISA : kisa
!Cname seed-ofb128
kisa 1 6 : SEED-OFB : seed-ofb
+
+# Definitions for SM4 cipher
+
+sm-scheme 104 1 : SM4-ECB : sm4-ecb
+sm-scheme 104 2 : SM4-CBC : sm4-cbc
+!Cname sm4-ofb128
+sm-scheme 104 3 : SM4-OFB : sm4-ofb
+!Cname sm4-cfb128
+sm-scheme 104 4 : SM4-CFB : sm4-cfb
+sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1
+sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8
+sm-scheme 104 7 : SM4-CTR : sm4-ctr
+sm-scheme 104 8 : SM4-GCM : sm4-gcm
+sm-scheme 104 9 : SM4-CCM : sm4-ccm
+sm-scheme 104 10 : SM4-XTS : sm4-xts
+
# There is no OID that just denotes "HMAC" oddly enough...
: HMAC : hmac
: AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
+ : ChaCha20-Poly1305 : chacha20-poly1305
+ : ChaCha20 : chacha20
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
# RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
# versionOne OBJECT IDENTIFIER ::= {
-# iso(1) identifified-organization(3) teletrust(36) algorithm(3)
+# iso(1) identified-organization(3) teletrust(36) algorithm(3)
# signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
# ellipticCurve(1) 1 }
1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
+# Alternate NID to represent the TLSv1.3 brainpoolP256r1 group
+ : brainpoolP256r1tls13
1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
+# Alternate NID to represent the TLSv1.3 brainpoolP384r1 group
+ : brainpoolP384r1tls13
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
-1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
+# Alternate NID to represent the TLSv1.3 brainpoolP512r1 group
+ : brainpoolP512r1tls13
+1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
+
+# ECDH schemes from RFC5753
+!Alias x9-63-scheme 1 3 133 16 840 63 0
+!Alias secg-scheme certicom-arc 1
+
+x9-63-scheme 2 : dhSinglePass-stdDH-sha1kdf-scheme
+secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
+secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
+secg-scheme 11 2 : dhSinglePass-stdDH-sha384kdf-scheme
+secg-scheme 11 3 : dhSinglePass-stdDH-sha512kdf-scheme
+
+x9-63-scheme 3 : dhSinglePass-cofactorDH-sha1kdf-scheme
+secg-scheme 14 0 : dhSinglePass-cofactorDH-sha224kdf-scheme
+secg-scheme 14 1 : dhSinglePass-cofactorDH-sha256kdf-scheme
+secg-scheme 14 2 : dhSinglePass-cofactorDH-sha384kdf-scheme
+secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
+# NIDs for use with lookup tables.
+ : dh-std-kdf
+ : dh-cofactor-kdf
+
+# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt)
+1 3 6 1 4 1 11129 2 4 2 : ct_precert_scts : CT Precertificate SCTs
+1 3 6 1 4 1 11129 2 4 3 : ct_precert_poison : CT Precertificate Poison
+1 3 6 1 4 1 11129 2 4 4 : ct_precert_signer : CT Precertificate Signer
+1 3 6 1 4 1 11129 2 4 5 : ct_cert_scts : CT Certificate SCTs
+
+# CABForum EV SSL Certificate Guidelines
+# (see https://cabforum.org/extended-validation/)
+# OIDs for Subject Jurisdiction of Incorporation or Registration
+ms-corp 60 2 1 1 : jurisdictionL : jurisdictionLocalityName
+ms-corp 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName
+ms-corp 60 2 1 3 : jurisdictionC : jurisdictionCountryName
+
+# SCRYPT algorithm
+!Cname id-scrypt
+1 3 6 1 4 1 11591 4 11 : id-scrypt : scrypt
+
+# NID for TLS1 PRF
+ : TLS1-PRF : tls1-prf
+
+# NID for HKDF
+ : HKDF : hkdf
+
+# NID for SSHKDF
+ : SSHKDF : sshkdf
+
+# NID for SSKDF
+ : SSKDF : sskdf
+# NID for X942KDF
+ : X942KDF : x942kdf
+
+# NID for X963-2001 KDF
+ : X963KDF : x963kdf
+
+# RFC 4556
+1 3 6 1 5 2 3 : id-pkinit
+id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
+id-pkinit 5 : pkInitKDC : Signing KDC Response
+
+# From RFC8410
+1 3 101 110 : X25519
+1 3 101 111 : X448
+1 3 101 112 : ED25519
+1 3 101 113 : ED448
+
+
+# NIDs for cipher key exchange
+ : KxRSA : kx-rsa
+ : KxECDHE : kx-ecdhe
+ : KxDHE : kx-dhe
+ : KxECDHE-PSK : kx-ecdhe-psk
+ : KxDHE-PSK : kx-dhe-psk
+ : KxRSA_PSK : kx-rsa-psk
+ : KxPSK : kx-psk
+ : KxSRP : kx-srp
+ : KxGOST : kx-gost
+ : KxGOST18 : kx-gost18
+ : KxANY : kx-any
+
+# NIDs for cipher authentication
+ : AuthRSA : auth-rsa
+ : AuthECDSA : auth-ecdsa
+ : AuthPSK : auth-psk
+ : AuthDSS : auth-dss
+ : AuthGOST01 : auth-gost01
+ : AuthGOST12 : auth-gost12
+ : AuthSRP : auth-srp
+ : AuthNULL : auth-null
+ : AuthANY : auth-any
+# NID for Poly1305
+ : Poly1305 : poly1305
+# NID for SipHash
+ : SipHash : siphash
+# NIDs for RFC7919 DH parameters
+ : ffdhe2048
+ : ffdhe3072
+ : ffdhe4096
+ : ffdhe6144
+ : ffdhe8192
+# NIDs for RFC3526 DH parameters
+ : modp_1536
+ : modp_2048
+ : modp_3072
+ : modp_4096
+ : modp_6144
+ : modp_8192
+
+# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
+
+# DSTU OIDs
+member-body 804 : ISO-UA
+ISO-UA 2 1 1 1 : ua-pki
+ua-pki 1 1 1 : dstu28147 : DSTU Gost 28147-2009
+dstu28147 2 : dstu28147-ofb : DSTU Gost 28147-2009 OFB mode
+dstu28147 3 : dstu28147-cfb : DSTU Gost 28147-2009 CFB mode
+dstu28147 5 : dstu28147-wrap : DSTU Gost 28147-2009 key wrap
+
+ua-pki 1 1 2 : hmacWithDstu34311 : HMAC DSTU Gost 34311-95
+ua-pki 1 2 1 : dstu34311 : DSTU Gost 34311-95
+
+ua-pki 1 3 1 1 : dstu4145le : DSTU 4145-2002 little endian
+dstu4145le 1 1 : dstu4145be : DSTU 4145-2002 big endian
+
+# 1.2.804. 2.1.1.1 1.3.1.1 .2.6
+# UA ua-pki 4145 le
+# DSTU named curves
+dstu4145le 2 0 : uacurve0 : DSTU curve 0
+dstu4145le 2 1 : uacurve1 : DSTU curve 1
+dstu4145le 2 2 : uacurve2 : DSTU curve 2
+dstu4145le 2 3 : uacurve3 : DSTU curve 3
+dstu4145le 2 4 : uacurve4 : DSTU curve 4
+dstu4145le 2 5 : uacurve5 : DSTU curve 5
+dstu4145le 2 6 : uacurve6 : DSTU curve 6
+dstu4145le 2 7 : uacurve7 : DSTU curve 7
+dstu4145le 2 8 : uacurve8 : DSTU curve 8
+dstu4145le 2 9 : uacurve9 : DSTU curve 9
+# NID for AES-SIV
+ : AES-128-SIV : aes-128-siv
+ : AES-192-SIV : aes-192-siv
+ : AES-256-SIV : aes-256-siv
+
+
+!Cname oracle
+joint-iso-itu-t 16 840 1 113894 : oracle-organization : Oracle organization
+# Jdk trustedKeyUsage attribute
+oracle 746875 1 1 : oracle-jdk-trustedkeyusage : Trusted key usage (Oracle)
+
+# NID for compression
+ : brotli : Brotli compression
+ : zstd : Zstandard compression
projects / openssl.git / blobdiff