pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
# According to PKCS #1 version 2.1
+pkcs1 7 : RSAES-OAEP : rsaesOaep
+pkcs1 8 : MGF1 : mgf1
+pkcs1 9 : PSPECIFIED : pSpecified
+pkcs1 10 : RSASSA-PSS : rsassaPss
+
pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
!Cname sinfo-access
id-pe 11 : subjectInfoAccess : Subject Information Access
id-pe 14 : proxyCertInfo : Proxy Certificate Information
+id-pe 24 : tlsfeature : TLS Feature
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
!Cname OCSP-sign
id-kp 9 : OCSPSigning : OCSP Signing
id-kp 10 : DVCS : dvcs
+!Cname ipsec-IKE
+id-kp 17 : ipsecIKE : ipsec Internet Key Exchange
+id-kp 18 : capwapAC : Ctrl/provision WAP Access
+id-kp 19 : capwapWTP : Ctrl/Provision WAP Termination
+!Cname sshClient
+id-kp 21 : secureShellClient : SSH Client
+!Cname sshServer
+id-kp 22 : secureShellServer : SSH Server
+id-kp 23 : sendRouter : Send Router
+id-kp 24 : sendProxiedRouter : Send Proxied Router
+id-kp 25 : sendOwner : Send Owner
+id-kp 26 : sendProxiedOwner : Send Proxied Owner
# CMP information types
id-it 1 : id-it-caProtEncCert
1 3 36 3 2 1 : RIPEMD160 : ripemd160
1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
+1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512 : blake2b512
+1 3 6 1 4 1 1722 12 2 2 8 : BLAKE2s256 : blake2s256
+
!Cname sxnet
1 3 101 1 4 1 : SXNetID : Strong Extranet ID
!Cname delta-crl
id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
!Cname issuing-distribution-point
-id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point
+id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distribution Point
!Cname certificate-issuer
id-ce 29 : certificateIssuer : X509v3 Certificate Issuer
!Cname name-constraints
mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message
mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
-# What the hell are these OIDs, really?
-!Cname rle-compression
-1 1 1 1 666 1 : RLE : run length compression
+# RFC 3274
!Cname zlib-compression
id-smime-alg 8 : ZLIB : zlib compression
: AES-128-CTR : aes-128-ctr
: AES-192-CTR : aes-192-ctr
: AES-256-CTR : aes-256-ctr
+ : AES-128-OCB : aes-128-ocb
+ : AES-192-OCB : aes-192-ocb
+ : AES-256-OCB : aes-256-ocb
+ : AES-128-XTS : aes-128-xts
+ : AES-256-XTS : aes-256-xts
: DES-CFB1 : des-cfb1
: DES-CFB8 : des-cfb8
: DES-EDE3-CFB1 : des-ede3-cfb1
pilotAttributeType 41 : : mobileTelephoneNumber
pilotAttributeType 42 : : pagerTelephoneNumber
pilotAttributeType 43 : : friendlyCountryName
-# The following clashes with 2.5.4.45, so commented away
-#pilotAttributeType 44 : uid : uniqueIdentifier
+pilotAttributeType 44 : uid : uniqueIdentifier
pilotAttributeType 45 : : organizationalStatus
pilotAttributeType 46 : : janetMailbox
pilotAttributeType 47 : : mailPreferenceOption
member-body 643 2 2 : cryptopro
member-body 643 2 9 : cryptocom
+member-body 643 7 1 : id-tc26
cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
: gost89-cnt
+ : gost89-cnt-12
+ : gost89-cbc
+ : gost89-ecb
+ : gost89-ctr
!Cname id-Gost28147-89-MAC
cryptopro 22 : gost-mac : GOST 28147-89 MAC
+ : gost-mac-12
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+# TC26 GOST OIDs
+
+id-tc26 1 : id-tc26-algorithms
+id-tc26-algorithms 1 : id-tc26-sign
+!Cname id-GostR3410-2012-256
+id-tc26-sign 1 : gost2012_256: GOST R 34.10-2012 with 256 bit modulus
+!Cname id-GostR3410-2012-512
+id-tc26-sign 2 : gost2012_512: GOST R 34.10-2012 with 512 bit modulus
+
+id-tc26-algorithms 2 : id-tc26-digest
+!Cname id-GostR3411-2012-256
+id-tc26-digest 2 : md_gost12_256: GOST R 34.11-2012 with 256 bit hash
+!Cname id-GostR3411-2012-512
+id-tc26-digest 3 : md_gost12_512: GOST R 34.11-2012 with 512 bit hash
+
+id-tc26-algorithms 3 : id-tc26-signwithdigest
+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+
+id-tc26-algorithms 4 : id-tc26-mac
+id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
+id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
+
+id-tc26-algorithms 5 : id-tc26-cipher
+
+id-tc26-algorithms 6 : id-tc26-agreement
+id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
+id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
+
+id-tc26 2 : id-tc26-constants
+
+id-tc26-constants 1 : id-tc26-sign-constants
+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+
+id-tc26-constants 2 : id-tc26-digest-constants
+id-tc26-constants 5 : id-tc26-cipher-constants
+id-tc26-cipher-constants 1 : id-tc26-gost-28147-constants
+id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+
+member-body 643 3 131 1 1 : INN : INN
+member-body 643 100 1 : OGRN : OGRN
+member-body 643 100 3 : SNILS : SNILS
+member-body 643 100 111 : subjectSignTool : Signing Tool of Subject
+member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer
+
+#GOST R34.13-2015 Grasshopper "Kuznechik"
+ : grasshopper-ecb
+ : grasshopper-ctr
+ : grasshopper-ofb
+ : grasshopper-cbc
+ : grasshopper-cfb
+ : grasshopper-mac
+
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb
!Cname camellia-128-cfb128
camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb
+camellia 6 : CAMELLIA-128-GCM : camellia-128-gcm
+camellia 7 : CAMELLIA-128-CCM : camellia-128-ccm
+camellia 9 : CAMELLIA-128-CTR : camellia-128-ctr
+camellia 10 : CAMELLIA-128-CMAC : camellia-128-cmac
camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb
!Cname camellia-192-ofb128
camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb
!Cname camellia-192-cfb128
camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb
+camellia 26 : CAMELLIA-192-GCM : camellia-192-gcm
+camellia 27 : CAMELLIA-192-CCM : camellia-192-ccm
+camellia 29 : CAMELLIA-192-CTR : camellia-192-ctr
+camellia 30 : CAMELLIA-192-CMAC : camellia-192-cmac
camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb
!Cname camellia-256-ofb128
camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb
!Cname camellia-256-cfb128
camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb
+camellia 46 : CAMELLIA-256-GCM : camellia-256-gcm
+camellia 47 : CAMELLIA-256-CCM : camellia-256-ccm
+camellia 49 : CAMELLIA-256-CTR : camellia-256-ctr
+camellia 50 : CAMELLIA-256-CMAC : camellia-256-cmac
# There are no OIDs for these modes...
: HMAC : hmac
# Nor CMAC either
: CMAC : cmac
+
+# Synthetic composite ciphersuites
+ : RC4-HMAC-MD5 : rc4-hmac-md5
+ : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1
+ : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
+ : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
+ : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
+ : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
+ : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
+ : ChaCha20-Poly1305 : chacha20-poly1305
+ : ChaCha20 : chacha20
+
+ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
+
+# RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
+# versionOne OBJECT IDENTIFIER ::= {
+# iso(1) identifified-organization(3) teletrust(36) algorithm(3)
+# signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
+# ellipticCurve(1) 1 }
+1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
+1 3 36 3 3 2 8 1 1 2 : brainpoolP160t1
+1 3 36 3 3 2 8 1 1 3 : brainpoolP192r1
+1 3 36 3 3 2 8 1 1 4 : brainpoolP192t1
+1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
+1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
+1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
+1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
+1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
+1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
+1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
+1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
+1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
+1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
+
+# ECDH schemes from RFC5753
+!Alias x9-63-scheme 1 3 133 16 840 63 0
+!Alias secg-scheme certicom-arc 1
+
+x9-63-scheme 2 : dhSinglePass-stdDH-sha1kdf-scheme
+secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
+secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
+secg-scheme 11 2 : dhSinglePass-stdDH-sha384kdf-scheme
+secg-scheme 11 3 : dhSinglePass-stdDH-sha512kdf-scheme
+
+x9-63-scheme 3 : dhSinglePass-cofactorDH-sha1kdf-scheme
+secg-scheme 14 0 : dhSinglePass-cofactorDH-sha224kdf-scheme
+secg-scheme 14 1 : dhSinglePass-cofactorDH-sha256kdf-scheme
+secg-scheme 14 2 : dhSinglePass-cofactorDH-sha384kdf-scheme
+secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
+# NIDs for use with lookup tables.
+ : dh-std-kdf
+ : dh-cofactor-kdf
+
+# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt)
+1 3 6 1 4 1 11129 2 4 2 : ct_precert_scts : CT Precertificate SCTs
+1 3 6 1 4 1 11129 2 4 3 : ct_precert_poison : CT Precertificate Poison
+1 3 6 1 4 1 11129 2 4 4 : ct_precert_signer : CT Precertificate Signer
+1 3 6 1 4 1 11129 2 4 5 : ct_cert_scts : CT Certificate SCTs
+
+# CABForum EV SSL Certificate Guidelines
+# (see https://cabforum.org/extended-validation/)
+# OIDs for Subject Jurisdiction of Incorporation or Registration
+1 3 6 1 4 1 311 60 2 1 1 : jurisdictionL : jurisdictionLocalityName
+1 3 6 1 4 1 311 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName
+1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName
+
+# SCRYPT algorithm
+1 3 6 1 4 1 11591 4 11 : id-scrypt
+
+# NID for TLS1 PRF
+ : TLS1-PRF : tls1-prf
+
+# NID for HKDF
+ : HKDF : hkdf
+
+# RFC 4556
+1 3 6 1 5 2 3 : id-pkinit
+id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
+id-pkinit 5 : pkInitKDC : Signing KDC Response
+
+# New curves from draft-josefsson-pkix-newcurves
+
+1 3 6 1 4 1 11591 15 1 : X25519
+1 3 6 1 4 1 11591 15 2 : X448
+
+# NIDs for cipher key exchange
+ : KxRSA : kx-rsa
+ : KxECDHE : kx-ecdhe
+ : KxDHE : kx-dhe
+ : KxECDHE-PSK : kx-ecdhe-psk
+ : KxDHE-PSK : kx-dhe-psk
+ : KxRSA_PSK : kx-rsa-psk
+ : KxPSK : kx-psk
+ : KxSRP : kx-srp
+ : KxGOST : kx-gost
+
+# NIDs for cipher authentication
+ : AuthRSA : auth-rsa
+ : AuthECDSA : auth-ecdsa
+ : AuthPSK : auth-psk
+ : AuthDSS : auth-dss
+ : AuthGOST01 : auth-gost01
+ : AuthGOST12 : auth-gost12
+ : AuthSRP : auth-srp
+ : AuthNULL : auth-null
+