# GMAC OID
iso 0 9797 3 4 : GMAC : gmac
-# There are no OIDs for these yet...
- : KMAC128 : kmac128
- : KMAC256 : kmac256
- : BLAKE2BMAC : blake2bmac
- : BLAKE2SMAC : blake2smac
-
# HMAC OIDs
identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5
identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1
id-smime-ct 9 : id-smime-ct-compressedData
id-smime-ct 19 : id-smime-ct-contentCollection
id-smime-ct 23 : id-smime-ct-authEnvelopedData
+id-smime-ct 24 : id-ct-routeOriginAuthz
+id-smime-ct 26 : id-ct-rpkiManifest
id-smime-ct 27 : id-ct-asciiTextWithCRLF
id-smime-ct 28 : id-ct-xml
+id-smime-ct 35 : id-ct-rpkiGhostbusters
+id-smime-ct 36 : id-ct-resourceTaggedAttest
+id-smime-ct 47 : id-ct-geofeedCSVwithCRLF
+id-smime-ct 48 : id-ct-signedChecklist
+id-smime-ct 49 : id-ct-ASPA
+id-smime-ct 50 : id-ct-signedTAL
+id-smime-ct 51 : id-ct-rpkiSignedPrefixList
# S/MIME Attributes
id-smime-aa 1 : id-smime-aa-receiptRequest
id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp
id-smime-aa 28 : id-smime-aa-signatureType
id-smime-aa 29 : id-smime-aa-dvcs-dvc
+id-smime-aa 44 : id-aa-ets-attrCertificateRefs
+id-smime-aa 45 : id-aa-ets-attrRevocationRefs
id-smime-aa 47 : id-smime-aa-signingCertificateV2
+id-smime-aa 48 : id-aa-ets-archiveTimestampV2
# S/MIME Algorithm Identifiers
# obsolete
pkcs9 20 : : friendlyName
pkcs9 21 : : localKeyID
+!Alias ms-corp 1 3 6 1 4 1 311
!Cname ms-csp-name
-1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name
-1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set
+ms-corp 17 1 : CSPName : Microsoft CSP Name
+ms-corp 17 2 : LocalKeySet : Microsoft Local Key set
!Alias certTypes pkcs9 22
certTypes 1 : : x509Certificate
certTypes 2 : : sdsiCertificate
!Alias crlTypes pkcs9 23
crlTypes 1 : : x509Crl
+pkcs9 52 : id-aa-CMSAlgorithmProtection
+
!Alias pkcs12 pkcs 12
!Alias pkcs12-pbeids pkcs12 1
sm-scheme 501 : SM2-SM3 : SM2-with-SM3
+# From GM/T 0091-2020
+sm3 3 1 : : hmacWithSM3
+
# From RFC4231
rsadsi 2 8 : : hmacWithSHA224
rsadsi 2 9 : : hmacWithSHA256
: RC5-OFB : rc5-ofb
!Cname ms-ext-req
-1 3 6 1 4 1 311 2 1 14 : msExtReq : Microsoft Extension Request
+ms-corp 2 1 14 : msExtReq : Microsoft Extension Request
!Cname ms-code-ind
-1 3 6 1 4 1 311 2 1 21 : msCodeInd : Microsoft Individual Code Signing
+ms-corp 2 1 21 : msCodeInd : Microsoft Individual Code Signing
!Cname ms-code-com
-1 3 6 1 4 1 311 2 1 22 : msCodeCom : Microsoft Commercial Code Signing
+ms-corp 2 1 22 : msCodeCom : Microsoft Commercial Code Signing
!Cname ms-ctl-sign
-1 3 6 1 4 1 311 10 3 1 : msCTLSign : Microsoft Trust List Signing
+ms-corp 10 3 1 : msCTLSign : Microsoft Trust List Signing
!Cname ms-sgc
-1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto
+ms-corp 10 3 3 : msSGC : Microsoft Server Gated Crypto
!Cname ms-efs
-1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System
+ms-corp 10 3 4 : msEFS : Microsoft Encrypted File System
!Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin
+ms-corp 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login
!Cname ms-upn
-1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name
+ms-corp 20 2 3 : msUPN : Microsoft User Principal Name
+
+ms-corp 25 2 : ms-ntds-sec-ext : Microsoft NTDS CA Extension
+ms-corp 25 2 1 : ms-ntds-obj-sid : Microsoft NTDS AD objectSid
+ms-corp 21 7 : ms-cert-templ : Microsoft certificate template
+ms-corp 21 10 : ms-app-policies : Microsoft Application Policies Extension
1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc
: IDEA-ECB : idea-ecb
id-pkix 9 : id-pda
id-pkix 10 : id-aca
id-pkix 11 : id-qcs
+id-pkix 14 : id-cp
id-pkix 12 : id-cct
id-pkix 21 : id-ppl
id-pkix 48 : id-ad
id-pkix-mod 14 : id-mod-ocsp
id-pkix-mod 15 : id-mod-dvcs
id-pkix-mod 16 : id-mod-cmp2000
+id-pkix-mod 50 : id-mod-cmp2000-02
+id-pkix-mod 99 : id-mod-cmp2021-88
+id-pkix-mod 100 : id-mod-cmp2021-02
# PKIX Private Extensions
!Cname info-access
id-pe 11 : subjectInfoAccess : Subject Information Access
id-pe 14 : proxyCertInfo : Proxy Certificate Information
id-pe 24 : tlsfeature : TLS Feature
+id-pe 28 : sbgp-ipAddrBlockv2
+id-pe 29 : sbgp-autonomousSysNumv2
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
id-qt 2 : id-qt-unotice : Policy Qualifier User Notice
id-qt 3 : textNotice
+# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
# PKIX key purpose identifiers
!Cname server-auth
id-kp 1 : serverAuth : TLS Web Server Authentication
id-kp 26 : sendProxiedOwner : Send Proxied Owner
id-kp 27 : cmcCA : CMC Certificate Authority
id-kp 28 : cmcRA : CMC Registration Authority
+id-kp 29 : cmcArchive : CMC Archive Server
+id-kp 30 : id-kp-bgpsec-router : BGPsec Router
+id-kp 31 : id-kp-BrandIndicatorforMessageIdentification : Brand Indicator for Message Identification
+id-kp 32 : cmKGA : Certificate Management Key Generation Authority
+# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4
# CMP information types
id-it 1 : id-it-caProtEncCert
id-it 2 : id-it-signKeyPairTypes
id-it 5 : id-it-caKeyUpdateInfo
id-it 6 : id-it-currentCRL
id-it 7 : id-it-unsupportedOIDs
-# obsolete
+# [Reserved and Obsolete]:
id-it 8 : id-it-subscriptionRequest
-# obsolete
+# [Reserved and Obsolete]:
id-it 9 : id-it-subscriptionResponse
id-it 10 : id-it-keyPairParamReq
id-it 11 : id-it-keyPairParamRep
id-it 14 : id-it-confirmWaitTime
id-it 15 : id-it-origPKIMessage
id-it 16 : id-it-suppLangTags
+id-it 17 : id-it-caCerts
+id-it 18 : id-it-rootCaKeyUpdate
+id-it 19 : id-it-certReqTemplate
+id-it 20 : id-it-rootCaCert
+id-it 21 : id-it-certProfile
+id-it 22 : id-it-crlStatusList
+id-it 23 : id-it-crls
# CRMF registration
id-pkip 1 : id-regCtrl
id-regCtrl 4 : id-regCtrl-pkiArchiveOptions
id-regCtrl 5 : id-regCtrl-oldCertID
id-regCtrl 6 : id-regCtrl-protocolEncrKey
+id-regCtrl 7 : id-regCtrl-altCertTemplate
+# id-regCtrl 8 : id-regCtrl-wtlsTemplate [Reserved and Obsolete]
+# id-regCtrl 9 : id-regCtrl-regTokenUTF8 [Reserved and Obsolete]
+# id-regCtrl 10 : id-regCtrl-authenticatorUTF8 [Reserved and Obsolete]
+id-regCtrl 11 : id-regCtrl-algId
+id-regCtrl 12 : id-regCtrl-rsaKeyLen
# CRMF registration information
id-regInfo 1 : id-regInfo-utf8Pairs
# other names
id-on 1 : id-on-personalData
id-on 3 : id-on-permanentIdentifier : Permanent Identifier
+id-on 5 : id-on-xmppAddr : XmppAddr
+id-on 7 : id-on-dnsSRV : SRVName
+id-on 8 : id-on-NAIRealm : NAIRealm
+id-on 9 : id-on-SmtpUTF8Mailbox : Smtp UTF8 Mailbox
# personal data attributes
id-pda 1 : id-pda-dateOfBirth
# qualified certificate statements
id-qcs 1 : id-qcs-pkixQCSyntax-v1
+# PKIX Certificate Policies
+id-cp 2 : ipAddr-asNumber
+id-cp 3 : ipAddr-asNumberv2
+
# CMC content types
id-cct 1 : id-cct-crs
id-cct 2 : id-cct-PKIData
!Cname ad-dvcs
id-ad 4 : AD_DVCS : ad dvcs
id-ad 5 : caRepository : CA Repository
-
+id-ad 10 : rpkiManifest : RPKI Manifest
+id-ad 11 : signedObject : Signed Object
+id-ad 13 : rpkiNotify : RPKI Notify
!Alias id-pkix-OCSP ad-OCSP
!module id-pkix-OCSP
1 3 36 3 2 1 : RIPEMD160 : ripemd160
1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
-1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512 : blake2b512
-1 3 6 1 4 1 1722 12 2 2 8 : BLAKE2s256 : blake2s256
+1 3 6 1 4 1 1722 12 2 1 : BLAKE2BMAC : blake2bmac
+1 3 6 1 4 1 1722 12 2 2 : BLAKE2SMAC : blake2smac
+blake2bmac 16 : BLAKE2b512 : blake2b512
+blake2smac 8 : BLAKE2s256 : blake2s256
!Cname sxnet
1 3 101 1 4 1 : SXNetID : Strong Extranet ID
id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
+!Cname authority-attribute-identifier
+id-ce 38 : authorityAttributeIdentifier : X509v3 Authority Attribute Identifier
+!Cname role-spec-cert-identifier
+id-ce 39 : roleSpecCertIdentifier : X509v3 Role Specification Certificate Identifier
+!Cname basic-att-constraints
+id-ce 41 : basicAttConstraints : X509v3 Basic Attribute Certificate Constraints
+!Cname delegated-name-constraints
+id-ce 42 : delegatedNameConstraints : X509v3 Delegated Name Constraints
+!Cname time-specification
+id-ce 43 : timeSpecification : X509v3 Time Specification
!Cname freshest-crl
id-ce 46 : freshestCRL : X509v3 Freshest CRL
+!Cname attribute-descriptor
+id-ce 48 : attributeDescriptor : X509v3 Attribute Descriptor
+!Cname user-notice
+id-ce 49 : userNotice : X509v3 User Notice
+!Cname soa-identifier
+id-ce 50 : sOAIdentifier : X509v3 Source of Authority Identifier
+!Cname acceptable-cert-policies
+id-ce 52 : acceptableCertPolicies : X509v3 Acceptable Certification Policies
!Cname inhibit-any-policy
id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy
!Cname target-information
id-ce 55 : targetInformation : X509v3 AC Targeting
!Cname no-rev-avail
id-ce 56 : noRevAvail : X509v3 No Revocation Available
+!Cname acceptable-privilege-policies
+id-ce 57 : acceptablePrivPolicies : X509v3 Acceptable Privilege Policies
+!Cname indirect-issuer
+id-ce 61 : indirectIssuer : X509v3 Indirect Issuer
+!Cname no-assertion
+id-ce 62 : noAssertion : X509v3 No Assertion
+!Cname id-aa-issuing-distribution-point
+id-ce 63 : aAissuingDistributionPoint : X509v3 Attribute Authority Issuing Distribution Point
+!Cname issued-on-behalf-of
+id-ce 64 : issuedOnBehalfOf : X509v3 Issued On Behalf Of
+!Cname single-use
+id-ce 65 : singleUse : X509v3 Single Use
+!Cname group-ac
+id-ce 66 : groupAC : X509v3 Group Attribute Certificate
+!Cname allowed-attribute-assignments
+id-ce 67 : allowedAttributeAssignments : X509v3 Allowed Attribute Assignments
+!Cname attribute-mappings
+id-ce 68 : attributeMappings : X509v3 Attribute Mappings
+!Cname holder-name-constraints
+id-ce 69 : holderNameConstraints : X509v3 Holder Name Constraints
+!Cname authorization-validation
+id-ce 70 : authorizationValidation : X509v3 Authorization Validation
+!Cname prot-restrict
+id-ce 71 : protRestrict : X509v3 Protocol Restriction
+!Cname subject-alt-public-key-info
+id-ce 72 : subjectAltPublicKeyInfo : X509v3 Subject Alternative Public Key Info
+!Cname alt-signature-algorithm
+id-ce 73 : altSignatureAlgorithm : X509v3 Alternative Signature Algorithm
+!Cname alt-signature-value
+id-ce 74 : altSignatureValue : X509v3 Alternative Signature Value
+!Cname associated-information
+id-ce 75 : associatedInformation : X509v3 Associated Information
# From RFC5280
ext-key-usage 0 : anyExtendedKeyUsage : Any Extended Key Usage
# how to handle them...
# nist_hashalgs 17 : id-shake128-len : shake128-len
# nist_hashalgs 18 : id-shake256-len : shake256-len
+nist_hashalgs 19 : KMAC128 : kmac128
+nist_hashalgs 20 : KMAC256 : kmac256
+# nist_hashalgs 21 : KMAC128-XOF : kmac128-xof
+# nist_hashalgs 22 : KMAC256-XOF : kmac256-xof
# OIDs for dsa-with-sha224 and dsa-with-sha256
!Alias dsa_with_sha2 nistAlgorithms 3
# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of
# them are also mentioned in RFC 2247
+# OIDs specific to Electronic Signature Standard/CAdES are as specified in
+# ETSI EN 319 122-1 V1.2.1 (2021-10):
+# Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
+# Part 1: Building blocks and CAdES baseline signatures
+itu-t 4 : itu-t-identified-organization
+itu-t-identified-organization 0: etsi
+etsi 1733 : electronic-signature-standard
+electronic-signature-standard 2: ess-attributes
+ess-attributes 1 : id-aa-ets-mimeType
+ess-attributes 2 : id-aa-ets-longTermValidation
+ess-attributes 3 : id-aa-ets-SignaturePolicyDocument
+ess-attributes 4 : id-aa-ets-archiveTimestampV3
+ess-attributes 5 : id-aa-ATSHashIndex
+etsi 19122 : cades
+cades 1 : cades-attributes
+cades-attributes 1 : id-aa-ets-signerAttrV2
+cades-attributes 3 : id-aa-ets-sigPolicyStore
+cades-attributes 4 : id-aa-ATSHashIndex-v2
+cades-attributes 5 : id-aa-ATSHashIndex-v3
+cades-attributes 6 : signedAssertion
+
itu-t 9 : data
data 2342 : pss
pss 19200300 : ucl
id-tc26-algorithms 5 : id-tc26-cipher
id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma
-id-tc26-cipher-gostr3412-2015-magma 1 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm
-id-tc26-cipher-gostr3412-2015-magma 2 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac
+id-tc26-cipher-gostr3412-2015-magma 1 : magma-ctr-acpkm
+id-tc26-cipher-gostr3412-2015-magma 2 : magma-ctr-acpkm-omac
id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik
-id-tc26-cipher-gostr3412-2015-kuznyechik 1 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm
-id-tc26-cipher-gostr3412-2015-kuznyechik 2 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac
+id-tc26-cipher-gostr3412-2015-kuznyechik 1 : kuznyechik-ctr-acpkm
+id-tc26-cipher-gostr3412-2015-kuznyechik 2 : kuznyechik-ctr-acpkm-omac
id-tc26-algorithms 6 : id-tc26-agreement
id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
id-tc26-algorithms 7 : id-tc26-wrap
id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma
-id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15
+id-tc26-wrap-gostr3412-2015-magma 1 : magma-kexp15
id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik
-id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15
+id-tc26-wrap-gostr3412-2015-kuznyechik 1 : kuznyechik-kexp15
id-tc26 2 : id-tc26-constants
member-body 643 3 131 1 1 : INN : INN
member-body 643 100 1 : OGRN : OGRN
member-body 643 100 3 : SNILS : SNILS
+member-body 643 100 5 : OGRNIP : OGRNIP
member-body 643 100 111 : subjectSignTool : Signing Tool of Subject
member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer
+member-body 643 100 113 : classSignTool : Class of Signing Tool
+member-body 643 100 113 1 : classSignToolKC1 : Class of Signing Tool KC1
+member-body 643 100 113 2 : classSignToolKC2 : Class of Signing Tool KC2
+member-body 643 100 113 3 : classSignToolKC3 : Class of Signing Tool KC3
+member-body 643 100 113 4 : classSignToolKB1 : Class of Signing Tool KB1
+member-body 643 100 113 5 : classSignToolKB2 : Class of Signing Tool KB2
+member-body 643 100 113 6 : classSignToolKA1 : Class of Signing Tool KA1
#GOST R34.13-2015 Grasshopper "Kuznechik"
- : grasshopper-ecb
- : grasshopper-ctr
- : grasshopper-ofb
- : grasshopper-cbc
- : grasshopper-cfb
- : grasshopper-mac
+ : kuznyechik-ecb
+ : kuznyechik-ctr
+ : kuznyechik-ofb
+ : kuznyechik-cbc
+ : kuznyechik-cfb
+ : kuznyechik-mac
#GOST R34.13-2015 Magma
: magma-ecb
sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1
sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8
sm-scheme 104 7 : SM4-CTR : sm4-ctr
+sm-scheme 104 8 : SM4-GCM : sm4-gcm
+sm-scheme 104 9 : SM4-CCM : sm4-ccm
+sm-scheme 104 10 : SM4-XTS : sm4-xts
# There is no OID that just denotes "HMAC" oddly enough...
1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
+# Alternate NID to represent the TLSv1.3 brainpoolP256r1 group
+ : brainpoolP256r1tls13
1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
+# Alternate NID to represent the TLSv1.3 brainpoolP384r1 group
+ : brainpoolP384r1tls13
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
+# Alternate NID to represent the TLSv1.3 brainpoolP512r1 group
+ : brainpoolP512r1tls13
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
# ECDH schemes from RFC5753
# CABForum EV SSL Certificate Guidelines
# (see https://cabforum.org/extended-validation/)
# OIDs for Subject Jurisdiction of Incorporation or Registration
-1 3 6 1 4 1 311 60 2 1 1 : jurisdictionL : jurisdictionLocalityName
-1 3 6 1 4 1 311 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName
-1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName
+ms-corp 60 2 1 1 : jurisdictionL : jurisdictionLocalityName
+ms-corp 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName
+ms-corp 60 2 1 3 : jurisdictionC : jurisdictionCountryName
# SCRYPT algorithm
!Cname id-scrypt
# NID for SSHKDF
: SSHKDF : sshkdf
+# NID for SSKDF
+ : SSKDF : sskdf
+# NID for X942KDF
+ : X942KDF : x942kdf
+
+# NID for X963-2001 KDF
+ : X963KDF : x963kdf
+
# RFC 4556
1 3 6 1 5 2 3 : id-pkinit
id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
: KxPSK : kx-psk
: KxSRP : kx-srp
: KxGOST : kx-gost
+ : KxGOST18 : kx-gost18
: KxANY : kx-any
# NIDs for cipher authentication
: ffdhe4096
: ffdhe6144
: ffdhe8192
+# NIDs for RFC3526 DH parameters
+ : modp_1536
+ : modp_2048
+ : modp_3072
+ : modp_4096
+ : modp_6144
+ : modp_8192
# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
: AES-128-SIV : aes-128-siv
: AES-192-SIV : aes-192-siv
: AES-256-SIV : aes-256-siv
+
+
+!Cname oracle
+joint-iso-itu-t 16 840 1 113894 : oracle-organization : Oracle organization
+# Jdk trustedKeyUsage attribute
+oracle 746875 1 1 : oracle-jdk-trustedkeyusage : Trusted key usage (Oracle)
+
+# NID for compression
+ : brotli : Brotli compression
+ : zstd : Zstandard compression