-1 2 : ISO member bodies
-1 2 840 : US (ANSI)
-1 2 840 113549 : rsadsi : RSA Data Security, Inc.
-1 2 840 113549 1 : pkcs : RSA Data Security, Inc. PKCS
-1 2 840 113549 1 1 1 : rsaEncryption
-1 2 840 113549 1 1 2 : md2withRSAEncryption
-1 2 840 113549 1 1 4 : md5withRSAEncryption
-1 2 840 113549 1 7 : pkcs-7
-1 2 840 113549 1 7 1 : pkcs-7-data
-1 2 840 113549 1 7 2 : pkcs-7-signedData
-1 2 840 113549 1 7 3 : pkcs-7-envelopedData
-1 2 840 113549 1 7 4 : pkcs-7-signedAndEnvelopedData
-1 2 840 113549 1 7 5 : pkcs-7-digestData
-1 2 840 113549 1 7 6 : pkcs-7-encryptedData
-1 2 840 113549 2 2 : md2
-1 2 840 113549 2 4 : md4
-1 2 840 113549 2 5 : md5
-1 2 840 113549 3 4 : rc4
-1 2 840 113549 5 1 : pbeWithMD2AndDES_CBC
-1 2 840 113549 5 3 : pbeWithMD5AndDES_CBC
-2 5 : X500 : directory services (X.500)
-2 5 4 : X509
-2 5 4 3 : commonName
-2 5 4 6 : countryName
-2 5 4 7 : localityName
-2 5 4 8 : stateOrProvinceName
-2 5 4 10 : organizationName
-2 5 4 11 : organizationalUnitName
-2 5 8 : directory services - algorithms
-2 5 8 1 1 : rsa
-
-algorithm 18 : sha
-encryptionAlgorithm 1 : rsa
+# CCITT was renamed to ITU-T quite some time ago
+0 : ITU-T : itu-t
+!Alias ccitt itu-t
+
+1 : ISO : iso
+
+2 : JOINT-ISO-ITU-T : joint-iso-itu-t
+!Alias joint-iso-ccitt joint-iso-itu-t
+
+iso 2 : member-body : ISO Member Body
+
+iso 3 : identified-organization
+
+identified-organization 132 : certicom-arc
+
+joint-iso-itu-t 23 : international-organizations : International Organizations
+
+international-organizations 43 : wap
+wap 13 : wap-wsg
+
+joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types
+
+selected-attribute-types 55 : clearance
+
+member-body 840 : ISO-US : ISO US Member Body
+ISO-US 10040 : X9-57 : X9.57
+X9-57 4 : X9cm : X9.57 CM ?
+
+!Cname dsa
+X9cm 1 : DSA : dsaEncryption
+X9cm 3 : DSA-SHA1 : dsaWithSHA1
+
+
+ISO-US 10045 : ansi-X9-62 : ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1 : prime-field
+X9-62_id-fieldType 2 : characteristic-two-field
+X9-62_characteristic-two-field 3 : id-characteristic-two-basis
+X9-62_id-characteristic-two-basis 1 : onBasis
+X9-62_id-characteristic-two-basis 2 : tpBasis
+X9-62_id-characteristic-two-basis 3 : ppBasis
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1 : id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+X9-62_c-TwoCurve 1 : c2pnb163v1
+X9-62_c-TwoCurve 2 : c2pnb163v2
+X9-62_c-TwoCurve 3 : c2pnb163v3
+X9-62_c-TwoCurve 4 : c2pnb176v1
+X9-62_c-TwoCurve 5 : c2tnb191v1
+X9-62_c-TwoCurve 6 : c2tnb191v2
+X9-62_c-TwoCurve 7 : c2tnb191v3
+X9-62_c-TwoCurve 8 : c2onb191v4
+X9-62_c-TwoCurve 9 : c2onb191v5
+X9-62_c-TwoCurve 10 : c2pnb208w1
+X9-62_c-TwoCurve 11 : c2tnb239v1
+X9-62_c-TwoCurve 12 : c2tnb239v2
+X9-62_c-TwoCurve 13 : c2tnb239v3
+X9-62_c-TwoCurve 14 : c2onb239v4
+X9-62_c-TwoCurve 15 : c2onb239v5
+X9-62_c-TwoCurve 16 : c2pnb272w1
+X9-62_c-TwoCurve 17 : c2pnb304w1
+X9-62_c-TwoCurve 18 : c2tnb359v1
+X9-62_c-TwoCurve 19 : c2pnb368w1
+X9-62_c-TwoCurve 20 : c2tnb431r1
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1 : prime192v1
+X9-62_primeCurve 2 : prime192v2
+X9-62_primeCurve 3 : prime192v3
+X9-62_primeCurve 4 : prime239v1
+X9-62_primeCurve 5 : prime239v2
+X9-62_primeCurve 6 : prime239v3
+X9-62_primeCurve 7 : prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1 : ecdsa-with-SHA1
+X9-62_id-ecSigType 2 : ecdsa-with-Recommended
+X9-62_id-ecSigType 3 : ecdsa-with-Specified
+ecdsa-with-Specified 1 : ecdsa-with-SHA224
+ecdsa-with-Specified 2 : ecdsa-with-SHA256
+ecdsa-with-Specified 3 : ecdsa-with-SHA384
+ecdsa-with-Specified 4 : ecdsa-with-SHA512
+
+# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
+# (http://www.secg.org/)
+!Alias secg_ellipticCurve certicom-arc 0
+# SECG prime curves OIDs
+secg-ellipticCurve 6 : secp112r1
+secg-ellipticCurve 7 : secp112r2
+secg-ellipticCurve 28 : secp128r1
+secg-ellipticCurve 29 : secp128r2
+secg-ellipticCurve 9 : secp160k1
+secg-ellipticCurve 8 : secp160r1
+secg-ellipticCurve 30 : secp160r2
+secg-ellipticCurve 31 : secp192k1
+# NOTE: the curve secp192r1 is the same as prime192v1 defined above
+# and is therefore omitted
+secg-ellipticCurve 32 : secp224k1
+secg-ellipticCurve 33 : secp224r1
+secg-ellipticCurve 10 : secp256k1
+# NOTE: the curve secp256r1 is the same as prime256v1 defined above
+# and is therefore omitted
+secg-ellipticCurve 34 : secp384r1
+secg-ellipticCurve 35 : secp521r1
+# SECG characteristic two curves OIDs
+secg-ellipticCurve 4 : sect113r1
+secg-ellipticCurve 5 : sect113r2
+secg-ellipticCurve 22 : sect131r1
+secg-ellipticCurve 23 : sect131r2
+secg-ellipticCurve 1 : sect163k1
+secg-ellipticCurve 2 : sect163r1
+secg-ellipticCurve 15 : sect163r2
+secg-ellipticCurve 24 : sect193r1
+secg-ellipticCurve 25 : sect193r2
+secg-ellipticCurve 26 : sect233k1
+secg-ellipticCurve 27 : sect233r1
+secg-ellipticCurve 3 : sect239k1
+secg-ellipticCurve 16 : sect283k1
+secg-ellipticCurve 17 : sect283r1
+secg-ellipticCurve 36 : sect409k1
+secg-ellipticCurve 37 : sect409r1
+secg-ellipticCurve 38 : sect571k1
+secg-ellipticCurve 39 : sect571r1
+
+# WAP/TLS curve OIDs (http://www.wapforum.org/)
+!Alias wap-wsg-idm-ecid wap-wsg 4
+wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1
+wap-wsg-idm-ecid 3 : wap-wsg-idm-ecid-wtls3
+wap-wsg-idm-ecid 4 : wap-wsg-idm-ecid-wtls4
+wap-wsg-idm-ecid 5 : wap-wsg-idm-ecid-wtls5
+wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6
+wap-wsg-idm-ecid 7 : wap-wsg-idm-ecid-wtls7
+wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8
+wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9
+wap-wsg-idm-ecid 10 : wap-wsg-idm-ecid-wtls10
+wap-wsg-idm-ecid 11 : wap-wsg-idm-ecid-wtls11
+wap-wsg-idm-ecid 12 : wap-wsg-idm-ecid-wtls12
+
+
+ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc
+ : CAST5-ECB : cast5-ecb
+!Cname cast5-cfb64
+ : CAST5-CFB : cast5-cfb
+!Cname cast5-ofb64
+ : CAST5-OFB : cast5-ofb
+!Cname pbeWithMD5AndCast5-CBC
+ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC
+
+ISO-US 113549 : rsadsi : RSA Data Security, Inc.
+
+rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS
+
+pkcs 1 : pkcs1
+pkcs1 1 : : rsaEncryption
+pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
+pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
+pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
+pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
+# According to PKCS #1 version 2.1
+pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
+pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
+pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
+pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
+
+pkcs 3 : pkcs3
+pkcs3 1 : : dhKeyAgreement
+
+pkcs 5 : pkcs5
+pkcs5 1 : PBE-MD2-DES : pbeWithMD2AndDES-CBC
+pkcs5 3 : PBE-MD5-DES : pbeWithMD5AndDES-CBC
+pkcs5 4 : PBE-MD2-RC2-64 : pbeWithMD2AndRC2-CBC
+pkcs5 6 : PBE-MD5-RC2-64 : pbeWithMD5AndRC2-CBC
+pkcs5 10 : PBE-SHA1-DES : pbeWithSHA1AndDES-CBC
+pkcs5 11 : PBE-SHA1-RC2-64 : pbeWithSHA1AndRC2-CBC
+!Cname id_pbkdf2
+pkcs5 12 : : PBKDF2
+!Cname pbes2
+pkcs5 13 : : PBES2
+!Cname pbmac1
+pkcs5 14 : : PBMAC1
+
+pkcs 7 : pkcs7
+pkcs7 1 : : pkcs7-data
+!Cname pkcs7-signed
+pkcs7 2 : : pkcs7-signedData
+!Cname pkcs7-enveloped
+pkcs7 3 : : pkcs7-envelopedData
+!Cname pkcs7-signedAndEnveloped
+pkcs7 4 : : pkcs7-signedAndEnvelopedData
+!Cname pkcs7-digest
+pkcs7 5 : : pkcs7-digestData
+!Cname pkcs7-encrypted
+pkcs7 6 : : pkcs7-encryptedData
+
+pkcs 9 : pkcs9
+!module pkcs9
+pkcs9 1 : : emailAddress
+pkcs9 2 : : unstructuredName
+pkcs9 3 : : contentType
+pkcs9 4 : : messageDigest
+pkcs9 5 : : signingTime
+pkcs9 6 : : countersignature
+pkcs9 7 : : challengePassword
+pkcs9 8 : : unstructuredAddress
+!Cname extCertAttributes
+pkcs9 9 : : extendedCertificateAttributes
+!global
+
+!Cname ext-req
+pkcs9 14 : extReq : Extension Request
+
+!Cname SMIMECapabilities
+pkcs9 15 : SMIME-CAPS : S/MIME Capabilities
+
+# S/MIME
+!Cname SMIME
+pkcs9 16 : SMIME : S/MIME
+SMIME 0 : id-smime-mod
+SMIME 1 : id-smime-ct
+SMIME 2 : id-smime-aa
+SMIME 3 : id-smime-alg
+SMIME 4 : id-smime-cd
+SMIME 5 : id-smime-spq
+SMIME 6 : id-smime-cti
+
+# S/MIME Modules
+id-smime-mod 1 : id-smime-mod-cms
+id-smime-mod 2 : id-smime-mod-ess
+id-smime-mod 3 : id-smime-mod-oid
+id-smime-mod 4 : id-smime-mod-msg-v3
+id-smime-mod 5 : id-smime-mod-ets-eSignature-88
+id-smime-mod 6 : id-smime-mod-ets-eSignature-97
+id-smime-mod 7 : id-smime-mod-ets-eSigPolicy-88
+id-smime-mod 8 : id-smime-mod-ets-eSigPolicy-97
+
+# S/MIME Content Types
+id-smime-ct 1 : id-smime-ct-receipt
+id-smime-ct 2 : id-smime-ct-authData
+id-smime-ct 3 : id-smime-ct-publishCert
+id-smime-ct 4 : id-smime-ct-TSTInfo
+id-smime-ct 5 : id-smime-ct-TDTInfo
+id-smime-ct 6 : id-smime-ct-contentInfo
+id-smime-ct 7 : id-smime-ct-DVCSRequestData
+id-smime-ct 8 : id-smime-ct-DVCSResponseData
+
+# S/MIME Attributes
+id-smime-aa 1 : id-smime-aa-receiptRequest
+id-smime-aa 2 : id-smime-aa-securityLabel
+id-smime-aa 3 : id-smime-aa-mlExpandHistory
+id-smime-aa 4 : id-smime-aa-contentHint
+id-smime-aa 5 : id-smime-aa-msgSigDigest
+# obsolete
+id-smime-aa 6 : id-smime-aa-encapContentType
+id-smime-aa 7 : id-smime-aa-contentIdentifier
+# obsolete
+id-smime-aa 8 : id-smime-aa-macValue
+id-smime-aa 9 : id-smime-aa-equivalentLabels
+id-smime-aa 10 : id-smime-aa-contentReference
+id-smime-aa 11 : id-smime-aa-encrypKeyPref
+id-smime-aa 12 : id-smime-aa-signingCertificate
+id-smime-aa 13 : id-smime-aa-smimeEncryptCerts
+id-smime-aa 14 : id-smime-aa-timeStampToken
+id-smime-aa 15 : id-smime-aa-ets-sigPolicyId
+id-smime-aa 16 : id-smime-aa-ets-commitmentType
+id-smime-aa 17 : id-smime-aa-ets-signerLocation
+id-smime-aa 18 : id-smime-aa-ets-signerAttr
+id-smime-aa 19 : id-smime-aa-ets-otherSigCert
+id-smime-aa 20 : id-smime-aa-ets-contentTimestamp
+id-smime-aa 21 : id-smime-aa-ets-CertificateRefs
+id-smime-aa 22 : id-smime-aa-ets-RevocationRefs
+id-smime-aa 23 : id-smime-aa-ets-certValues
+id-smime-aa 24 : id-smime-aa-ets-revocationValues
+id-smime-aa 25 : id-smime-aa-ets-escTimeStamp
+id-smime-aa 26 : id-smime-aa-ets-certCRLTimestamp
+id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp
+id-smime-aa 28 : id-smime-aa-signatureType
+id-smime-aa 29 : id-smime-aa-dvcs-dvc
+
+# S/MIME Algorithm Identifiers
+# obsolete
+id-smime-alg 1 : id-smime-alg-ESDHwith3DES
+# obsolete
+id-smime-alg 2 : id-smime-alg-ESDHwithRC2
+# obsolete
+id-smime-alg 3 : id-smime-alg-3DESwrap
+# obsolete
+id-smime-alg 4 : id-smime-alg-RC2wrap
+id-smime-alg 5 : id-smime-alg-ESDH
+id-smime-alg 6 : id-smime-alg-CMS3DESwrap
+id-smime-alg 7 : id-smime-alg-CMSRC2wrap
+
+# S/MIME Certificate Distribution
+id-smime-cd 1 : id-smime-cd-ldap
+
+# S/MIME Signature Policy Qualifier
+id-smime-spq 1 : id-smime-spq-ets-sqt-uri
+id-smime-spq 2 : id-smime-spq-ets-sqt-unotice
+
+# S/MIME Commitment Type Identifier
+id-smime-cti 1 : id-smime-cti-ets-proofOfOrigin
+id-smime-cti 2 : id-smime-cti-ets-proofOfReceipt
+id-smime-cti 3 : id-smime-cti-ets-proofOfDelivery
+id-smime-cti 4 : id-smime-cti-ets-proofOfSender
+id-smime-cti 5 : id-smime-cti-ets-proofOfApproval
+id-smime-cti 6 : id-smime-cti-ets-proofOfCreation
+
+pkcs9 20 : : friendlyName
+pkcs9 21 : : localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name
+!Alias certTypes pkcs9 22
+certTypes 1 : : x509Certificate
+certTypes 2 : : sdsiCertificate
+!Alias crlTypes pkcs9 23
+crlTypes 1 : : x509Crl
+
+!Alias pkcs12 pkcs 12
+!Alias pkcs12-pbeids pkcs12 1
+
+!Cname pbe-WithSHA1And128BitRC4
+pkcs12-pbeids 1 : PBE-SHA1-RC4-128 : pbeWithSHA1And128BitRC4
+!Cname pbe-WithSHA1And40BitRC4
+pkcs12-pbeids 2 : PBE-SHA1-RC4-40 : pbeWithSHA1And40BitRC4
+!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
+pkcs12-pbeids 3 : PBE-SHA1-3DES : pbeWithSHA1And3-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
+pkcs12-pbeids 4 : PBE-SHA1-2DES : pbeWithSHA1And2-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And128BitRC2-CBC
+pkcs12-pbeids 5 : PBE-SHA1-RC2-128 : pbeWithSHA1And128BitRC2-CBC
+!Cname pbe-WithSHA1And40BitRC2-CBC
+pkcs12-pbeids 6 : PBE-SHA1-RC2-40 : pbeWithSHA1And40BitRC2-CBC
+
+!Alias pkcs12-Version1 pkcs12 10
+!Alias pkcs12-BagIds pkcs12-Version1 1
+pkcs12-BagIds 1 : : keyBag
+pkcs12-BagIds 2 : : pkcs8ShroudedKeyBag
+pkcs12-BagIds 3 : : certBag
+pkcs12-BagIds 4 : : crlBag
+pkcs12-BagIds 5 : : secretBag
+pkcs12-BagIds 6 : : safeContentsBag
+
+rsadsi 2 2 : MD2 : md2
+rsadsi 2 4 : MD4 : md4
+rsadsi 2 5 : MD5 : md5
+ : MD5-SHA1 : md5-sha1
+rsadsi 2 6 : : hmacWithMD5
+rsadsi 2 7 : : hmacWithSHA1
+
+# From RFC4231
+rsadsi 2 8 : : hmacWithSHA224
+rsadsi 2 9 : : hmacWithSHA256
+rsadsi 2 10 : : hmacWithSHA384
+rsadsi 2 11 : : hmacWithSHA512
+
+rsadsi 3 2 : RC2-CBC : rc2-cbc
+ : RC2-ECB : rc2-ecb
+!Cname rc2-cfb64
+ : RC2-CFB : rc2-cfb
+!Cname rc2-ofb64
+ : RC2-OFB : rc2-ofb
+ : RC2-40-CBC : rc2-40-cbc
+ : RC2-64-CBC : rc2-64-cbc
+rsadsi 3 4 : RC4 : rc4
+ : RC4-40 : rc4-40
+rsadsi 3 7 : DES-EDE3-CBC : des-ede3-cbc
+rsadsi 3 8 : RC5-CBC : rc5-cbc
+ : RC5-ECB : rc5-ecb
+!Cname rc5-cfb64
+ : RC5-CFB : rc5-cfb
+!Cname rc5-ofb64
+ : RC5-OFB : rc5-ofb
+
+!Cname ms-ext-req
+1 3 6 1 4 1 311 2 1 14 : msExtReq : Microsoft Extension Request
+!Cname ms-code-ind
+1 3 6 1 4 1 311 2 1 21 : msCodeInd : Microsoft Individual Code Signing
+!Cname ms-code-com
+1 3 6 1 4 1 311 2 1 22 : msCodeCom : Microsoft Commercial Code Signing
+!Cname ms-ctl-sign
+1 3 6 1 4 1 311 10 3 1 : msCTLSign : Microsoft Trust List Signing
+!Cname ms-sgc
+1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto
+!Cname ms-efs
+1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System
+!Cname ms-smartcard-login
+1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin
+!Cname ms-upn
+1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name
+
+1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc
+ : IDEA-ECB : idea-ecb
+!Cname idea-cfb64
+ : IDEA-CFB : idea-cfb
+!Cname idea-ofb64
+ : IDEA-OFB : idea-ofb
+
+1 3 6 1 4 1 3029 1 2 : BF-CBC : bf-cbc
+ : BF-ECB : bf-ecb
+!Cname bf-cfb64
+ : BF-CFB : bf-cfb
+!Cname bf-ofb64
+ : BF-OFB : bf-ofb
+
+!Cname id-pkix
+1 3 6 1 5 5 7 : PKIX
+
+# PKIX Arcs
+id-pkix 0 : id-pkix-mod
+id-pkix 1 : id-pe
+id-pkix 2 : id-qt
+id-pkix 3 : id-kp
+id-pkix 4 : id-it
+id-pkix 5 : id-pkip
+id-pkix 6 : id-alg
+id-pkix 7 : id-cmc
+id-pkix 8 : id-on
+id-pkix 9 : id-pda
+id-pkix 10 : id-aca
+id-pkix 11 : id-qcs
+id-pkix 12 : id-cct
+id-pkix 21 : id-ppl
+id-pkix 48 : id-ad
+
+# PKIX Modules
+id-pkix-mod 1 : id-pkix1-explicit-88
+id-pkix-mod 2 : id-pkix1-implicit-88
+id-pkix-mod 3 : id-pkix1-explicit-93
+id-pkix-mod 4 : id-pkix1-implicit-93
+id-pkix-mod 5 : id-mod-crmf
+id-pkix-mod 6 : id-mod-cmc
+id-pkix-mod 7 : id-mod-kea-profile-88
+id-pkix-mod 8 : id-mod-kea-profile-93
+id-pkix-mod 9 : id-mod-cmp
+id-pkix-mod 10 : id-mod-qualified-cert-88
+id-pkix-mod 11 : id-mod-qualified-cert-93
+id-pkix-mod 12 : id-mod-attribute-cert
+id-pkix-mod 13 : id-mod-timestamp-protocol
+id-pkix-mod 14 : id-mod-ocsp
+id-pkix-mod 15 : id-mod-dvcs
+id-pkix-mod 16 : id-mod-cmp2000
+
+# PKIX Private Extensions
+!Cname info-access
+id-pe 1 : authorityInfoAccess : Authority Information Access
+id-pe 2 : biometricInfo : Biometric Info
+id-pe 3 : qcStatements
+id-pe 4 : ac-auditEntity
+id-pe 5 : ac-targeting
+id-pe 6 : aaControls
+id-pe 7 : sbgp-ipAddrBlock
+id-pe 8 : sbgp-autonomousSysNum
+id-pe 9 : sbgp-routerIdentifier
+id-pe 10 : ac-proxying
+!Cname sinfo-access
+id-pe 11 : subjectInfoAccess : Subject Information Access
+id-pe 14 : proxyCertInfo : Proxy Certificate Information
+
+# PKIX policyQualifiers for Internet policy qualifiers
+id-qt 1 : id-qt-cps : Policy Qualifier CPS
+id-qt 2 : id-qt-unotice : Policy Qualifier User Notice
+id-qt 3 : textNotice
+
+# PKIX key purpose identifiers
+!Cname server-auth
+id-kp 1 : serverAuth : TLS Web Server Authentication
+!Cname client-auth
+id-kp 2 : clientAuth : TLS Web Client Authentication
+!Cname code-sign
+id-kp 3 : codeSigning : Code Signing
+!Cname email-protect
+id-kp 4 : emailProtection : E-mail Protection
+id-kp 5 : ipsecEndSystem : IPSec End System
+id-kp 6 : ipsecTunnel : IPSec Tunnel
+id-kp 7 : ipsecUser : IPSec User
+!Cname time-stamp
+id-kp 8 : timeStamping : Time Stamping
+# From OCSP spec RFC2560
+!Cname OCSP-sign
+id-kp 9 : OCSPSigning : OCSP Signing
+id-kp 10 : DVCS : dvcs
+
+# CMP information types
+id-it 1 : id-it-caProtEncCert
+id-it 2 : id-it-signKeyPairTypes
+id-it 3 : id-it-encKeyPairTypes
+id-it 4 : id-it-preferredSymmAlg
+id-it 5 : id-it-caKeyUpdateInfo
+id-it 6 : id-it-currentCRL
+id-it 7 : id-it-unsupportedOIDs
+# obsolete
+id-it 8 : id-it-subscriptionRequest
+# obsolete
+id-it 9 : id-it-subscriptionResponse
+id-it 10 : id-it-keyPairParamReq
+id-it 11 : id-it-keyPairParamRep
+id-it 12 : id-it-revPassphrase
+id-it 13 : id-it-implicitConfirm
+id-it 14 : id-it-confirmWaitTime
+id-it 15 : id-it-origPKIMessage
+
+# CRMF registration
+id-pkip 1 : id-regCtrl
+id-pkip 2 : id-regInfo
+
+# CRMF registration controls
+id-regCtrl 1 : id-regCtrl-regToken
+id-regCtrl 2 : id-regCtrl-authenticator
+id-regCtrl 3 : id-regCtrl-pkiPublicationInfo
+id-regCtrl 4 : id-regCtrl-pkiArchiveOptions
+id-regCtrl 5 : id-regCtrl-oldCertID
+id-regCtrl 6 : id-regCtrl-protocolEncrKey
+
+# CRMF registration information
+id-regInfo 1 : id-regInfo-utf8Pairs
+id-regInfo 2 : id-regInfo-certReq
+
+# algorithms
+id-alg 1 : id-alg-des40
+id-alg 2 : id-alg-noSignature
+id-alg 3 : id-alg-dh-sig-hmac-sha1
+id-alg 4 : id-alg-dh-pop
+
+# CMC controls
+id-cmc 1 : id-cmc-statusInfo
+id-cmc 2 : id-cmc-identification
+id-cmc 3 : id-cmc-identityProof
+id-cmc 4 : id-cmc-dataReturn
+id-cmc 5 : id-cmc-transactionId
+id-cmc 6 : id-cmc-senderNonce
+id-cmc 7 : id-cmc-recipientNonce
+id-cmc 8 : id-cmc-addExtensions
+id-cmc 9 : id-cmc-encryptedPOP
+id-cmc 10 : id-cmc-decryptedPOP
+id-cmc 11 : id-cmc-lraPOPWitness
+id-cmc 15 : id-cmc-getCert
+id-cmc 16 : id-cmc-getCRL
+id-cmc 17 : id-cmc-revokeRequest
+id-cmc 18 : id-cmc-regInfo
+id-cmc 19 : id-cmc-responseInfo
+id-cmc 21 : id-cmc-queryPending
+id-cmc 22 : id-cmc-popLinkRandom
+id-cmc 23 : id-cmc-popLinkWitness
+id-cmc 24 : id-cmc-confirmCertAcceptance
+
+# other names
+id-on 1 : id-on-personalData
+
+# personal data attributes
+id-pda 1 : id-pda-dateOfBirth
+id-pda 2 : id-pda-placeOfBirth
+id-pda 3 : id-pda-gender
+id-pda 4 : id-pda-countryOfCitizenship
+id-pda 5 : id-pda-countryOfResidence
+
+# attribute certificate attributes
+id-aca 1 : id-aca-authenticationInfo
+id-aca 2 : id-aca-accessIdentity
+id-aca 3 : id-aca-chargingIdentity
+id-aca 4 : id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
+id-aca 5 : id-aca-role
+id-aca 6 : id-aca-encAttrs
+
+# qualified certificate statements
+id-qcs 1 : id-qcs-pkixQCSyntax-v1
+
+# CMC content types
+id-cct 1 : id-cct-crs
+id-cct 2 : id-cct-PKIData
+id-cct 3 : id-cct-PKIResponse
+
+# Predefined Proxy Certificate policy languages
+id-ppl 0 : id-ppl-anyLanguage : Any language
+id-ppl 1 : id-ppl-inheritAll : Inherit all
+id-ppl 2 : id-ppl-independent : Independent
+
+# access descriptors for authority info access extension
+!Cname ad-OCSP
+id-ad 1 : OCSP : OCSP
+!Cname ad-ca-issuers
+id-ad 2 : caIssuers : CA Issuers
+!Cname ad-timeStamping
+id-ad 3 : ad_timestamping : AD Time Stamping
+!Cname ad-dvcs
+id-ad 4 : AD_DVCS : ad dvcs
+
+
+!Alias id-pkix-OCSP ad-OCSP
+!module id-pkix-OCSP
+!Cname basic
+id-pkix-OCSP 1 : basicOCSPResponse : Basic OCSP Response
+id-pkix-OCSP 2 : Nonce : OCSP Nonce
+id-pkix-OCSP 3 : CrlID : OCSP CRL ID
+id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses
+id-pkix-OCSP 5 : noCheck : OCSP No Check
+id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff
+id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator
+id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status
+id-pkix-OCSP 9 : valid
+id-pkix-OCSP 10 : path
+id-pkix-OCSP 11 : trustRoot : Trust Root
+!global
+
+1 3 14 3 2 : algorithm : algorithm
+algorithm 3 : RSA-NP-MD5 : md5WithRSA
+algorithm 6 : DES-ECB : des-ecb
+algorithm 7 : DES-CBC : des-cbc
+!Cname des-ofb64
+algorithm 8 : DES-OFB : des-ofb
+!Cname des-cfb64
+algorithm 9 : DES-CFB : des-cfb
algorithm 11 : rsaSignature
+!Cname dsa-2
+algorithm 12 : DSA-old : dsaEncryption-old
+algorithm 13 : DSA-SHA : dsaWithSHA
+algorithm 15 : RSA-SHA : shaWithRSAEncryption
+!Cname des-ede-ecb
+algorithm 17 : DES-EDE : des-ede
+!Cname des-ede3-ecb
+ : DES-EDE3 : des-ede3
+ : DES-EDE-CBC : des-ede-cbc
+!Cname des-ede-cfb64
+ : DES-EDE-CFB : des-ede-cfb
+!Cname des-ede3-cfb64
+ : DES-EDE3-CFB : des-ede3-cfb
+!Cname des-ede-ofb64
+ : DES-EDE-OFB : des-ede-ofb
+!Cname des-ede3-ofb64
+ : DES-EDE3-OFB : des-ede3-ofb
+ : DESX-CBC : desx-cbc
+algorithm 18 : SHA : sha
+algorithm 26 : SHA1 : sha1
+!Cname dsaWithSHA1-2
+algorithm 27 : DSA-SHA1-old : dsaWithSHA1-old
+algorithm 29 : RSA-SHA1-2 : sha1WithRSA
+
+1 3 36 3 2 1 : RIPEMD160 : ripemd160
+1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
+
+!Cname sxnet
+1 3 101 1 4 1 : SXNetID : Strong Extranet ID
+
+2 5 : X500 : directory services (X.500)
+
+X500 4 : X509
+X509 3 : CN : commonName
+X509 4 : SN : surname
+X509 5 : : serialNumber
+X509 6 : C : countryName
+X509 7 : L : localityName
+X509 8 : ST : stateOrProvinceName
+X509 9 : : streetAddress
+X509 10 : O : organizationName
+X509 11 : OU : organizationalUnitName
+X509 12 : : title
+X509 13 : : description
+X509 17 : : postalCode
+X509 41 : name : name
+X509 42 : GN : givenName
+X509 43 : : initials
+X509 44 : : generationQualifier
+X509 45 : : x500UniqueIdentifier
+X509 46 : dnQualifier : dnQualifier
+X509 65 : : pseudonym
+X509 72 : role : role
+
+X500 8 : X500algorithms : directory services - algorithms
+X500algorithms 1 1 : RSA : rsa
+X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA
+X500algorithms 3 101 : MDC2 : mdc2
+
+X500 29 : id-ce
+!Cname subject-directory-attributes
+id-ce 9 : subjectDirectoryAttributes : X509v3 Subject Directory Attributes
+!Cname subject-key-identifier
+id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier
+!Cname key-usage
+id-ce 15 : keyUsage : X509v3 Key Usage
+!Cname private-key-usage-period
+id-ce 16 : privateKeyUsagePeriod : X509v3 Private Key Usage Period
+!Cname subject-alt-name
+id-ce 17 : subjectAltName : X509v3 Subject Alternative Name
+!Cname issuer-alt-name
+id-ce 18 : issuerAltName : X509v3 Issuer Alternative Name
+!Cname basic-constraints
+id-ce 19 : basicConstraints : X509v3 Basic Constraints
+!Cname crl-number
+id-ce 20 : crlNumber : X509v3 CRL Number
+!Cname crl-reason
+id-ce 21 : CRLReason : X509v3 CRL Reason Code
+!Cname invalidity-date
+id-ce 24 : invalidityDate : Invalidity Date
+!Cname delta-crl
+id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
+!Cname issuing-distribution-point
+id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point
+!Cname certificate-issuer
+id-ce 29 : certificateIssuer : X509v3 Certificate Issuer
+!Cname name-constraints
+id-ce 30 : nameConstraints : X509v3 Name Constraints
+!Cname crl-distribution-points
+id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
+!Cname certificate-policies
+id-ce 32 : certificatePolicies : X509v3 Certificate Policies
+!Cname any-policy
+certificate-policies 0 : anyPolicy : X509v3 Any Policy
+!Cname policy-mappings
+id-ce 33 : policyMappings : X509v3 Policy Mappings
+!Cname authority-key-identifier
+id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36 : policyConstraints : X509v3 Policy Constraints
+!Cname ext-key-usage
+id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
+!Cname inhibit-any-policy
+id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy
+!Cname target-information
+id-ce 55 : targetInformation : X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56 : noRevAvail : X509v3 No Revocation Available
+
+!Cname netscape
+2 16 840 1 113730 : Netscape : Netscape Communications Corp.
+!Cname netscape-cert-extension
+netscape 1 : nsCertExt : Netscape Certificate Extension
+!Cname netscape-data-type
+netscape 2 : nsDataType : Netscape Data Type
+!Cname netscape-cert-type
+netscape-cert-extension 1 : nsCertType : Netscape Cert Type
+!Cname netscape-base-url
+netscape-cert-extension 2 : nsBaseUrl : Netscape Base Url
+!Cname netscape-revocation-url
+netscape-cert-extension 3 : nsRevocationUrl : Netscape Revocation Url
+!Cname netscape-ca-revocation-url
+netscape-cert-extension 4 : nsCaRevocationUrl : Netscape CA Revocation Url
+!Cname netscape-renewal-url
+netscape-cert-extension 7 : nsRenewalUrl : Netscape Renewal Url
+!Cname netscape-ca-policy-url
+netscape-cert-extension 8 : nsCaPolicyUrl : Netscape CA Policy Url
+!Cname netscape-ssl-server-name
+netscape-cert-extension 12 : nsSslServerName : Netscape SSL Server Name
+!Cname netscape-comment
+netscape-cert-extension 13 : nsComment : Netscape Comment
+!Cname netscape-cert-sequence
+netscape-data-type 5 : nsCertSequence : Netscape Certificate Sequence
+!Cname ns-sgc
+netscape 4 1 : nsSGC : Netscape Server Gated Crypto
+
+# iso(1)
+iso 3 : ORG : org
+org 6 : DOD : dod
+dod 1 : IANA : iana
+!Alias internet iana
+
+internet 1 : directory : Directory
+internet 2 : mgmt : Management
+internet 3 : experimental : Experimental
+internet 4 : private : Private
+internet 5 : security : Security
+internet 6 : snmpv2 : SNMPv2
+# Documents refer to "internet 7" as "mail". This however leads to ambiguities
+# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# rfc822Mailbox. The short name is therefore here left out for a reason.
+# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# references are realized via long name "Mail" (with capital M).
+internet 7 : : Mail
+
+Private 1 : enterprises : Enterprises
+
+# RFC 2247
+Enterprises 1466 344 : dcobject : dcObject
+
+# RFC 1495
+Mail 1 : mime-mhs : MIME MHS
+mime-mhs 1 : mime-mhs-headings : mime-mhs-headings
+mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies
+mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message
+mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
+
+# What the hell are these OIDs, really?
+!Cname rle-compression
+1 1 1 1 666 1 : RLE : run length compression
+!Cname zlib-compression
+1 1 1 1 666 2 : ZLIB : zlib compression
+
+# AES aka Rijndael
+
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+
+aes 1 : AES-128-ECB : aes-128-ecb
+aes 2 : AES-128-CBC : aes-128-cbc
+!Cname aes-128-ofb128
+aes 3 : AES-128-OFB : aes-128-ofb
+!Cname aes-128-cfb128
+aes 4 : AES-128-CFB : aes-128-cfb
+
+aes 21 : AES-192-ECB : aes-192-ecb
+aes 22 : AES-192-CBC : aes-192-cbc
+!Cname aes-192-ofb128
+aes 23 : AES-192-OFB : aes-192-ofb
+!Cname aes-192-cfb128
+aes 24 : AES-192-CFB : aes-192-cfb
+
+aes 41 : AES-256-ECB : aes-256-ecb
+aes 42 : AES-256-CBC : aes-256-cbc
+!Cname aes-256-ofb128
+aes 43 : AES-256-OFB : aes-256-ofb
+!Cname aes-256-cfb128
+aes 44 : AES-256-CFB : aes-256-cfb
+
+# There are no OIDs for these modes...
+
+ : AES-128-CFB1 : aes-128-cfb1
+ : AES-192-CFB1 : aes-192-cfb1
+ : AES-256-CFB1 : aes-256-cfb1
+ : AES-128-CFB8 : aes-128-cfb8
+ : AES-192-CFB8 : aes-192-cfb8
+ : AES-256-CFB8 : aes-256-cfb8
+ : DES-CFB1 : des-cfb1
+ : DES-CFB8 : des-cfb8
+ : DES-EDE3-CFB1 : des-ede3-cfb1
+ : DES-EDE3-CFB8 : des-ede3-cfb8
+
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+!Alias nist_hashalgs nistAlgorithms 2
+nist_hashalgs 1 : SHA256 : sha256
+nist_hashalgs 2 : SHA384 : sha384
+nist_hashalgs 3 : SHA512 : sha512
+nist_hashalgs 4 : SHA224 : sha224
+
+# OIDs for dsa-with-sha224 and dsa-with-sha256
+!Alias dsa_with_sha2 nistAlgorithms 3
+dsa_with_sha2 1 : dsa_with_SHA224
+dsa_with_sha2 2 : dsa_with_SHA256
+
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23 : holdInstructionCode : Hold Instruction Code
+!Alias holdInstruction X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1 : holdInstructionNone : Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3 : holdInstructionReject : Hold Instruction Reject
+
+# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of
+# them are also mentioned in RFC 2247
+itu-t 9 : data
+data 2342 : pss
+pss 19200300 : ucl
+ucl 100 : pilot
+pilot 1 : : pilotAttributeType
+pilot 3 : : pilotAttributeSyntax
+pilot 4 : : pilotObjectClass
+pilot 10 : : pilotGroups
+pilotAttributeSyntax 4 : : iA5StringSyntax
+pilotAttributeSyntax 5 : : caseIgnoreIA5StringSyntax
+pilotObjectClass 3 : : pilotObject
+pilotObjectClass 4 : : pilotPerson
+pilotObjectClass 5 : account
+pilotObjectClass 6 : document
+pilotObjectClass 7 : room
+pilotObjectClass 9 : : documentSeries
+pilotObjectClass 13 : domain : Domain
+pilotObjectClass 14 : : rFC822localPart
+pilotObjectClass 15 : : dNSDomain
+pilotObjectClass 17 : : domainRelatedObject
+pilotObjectClass 18 : : friendlyCountry
+pilotObjectClass 19 : : simpleSecurityObject
+pilotObjectClass 20 : : pilotOrganization
+pilotObjectClass 21 : : pilotDSA
+pilotObjectClass 22 : : qualityLabelledData
+pilotAttributeType 1 : UID : userId
+pilotAttributeType 2 : : textEncodedORAddress
+pilotAttributeType 3 : mail : rfc822Mailbox
+pilotAttributeType 4 : info
+pilotAttributeType 5 : : favouriteDrink
+pilotAttributeType 6 : : roomNumber
+pilotAttributeType 7 : photo
+pilotAttributeType 8 : : userClass
+pilotAttributeType 9 : host
+pilotAttributeType 10 : manager
+pilotAttributeType 11 : : documentIdentifier
+pilotAttributeType 12 : : documentTitle
+pilotAttributeType 13 : : documentVersion
+pilotAttributeType 14 : : documentAuthor
+pilotAttributeType 15 : : documentLocation
+pilotAttributeType 20 : : homeTelephoneNumber
+pilotAttributeType 21 : secretary
+pilotAttributeType 22 : : otherMailbox
+pilotAttributeType 23 : : lastModifiedTime
+pilotAttributeType 24 : : lastModifiedBy
+pilotAttributeType 25 : DC : domainComponent
+pilotAttributeType 26 : : aRecord
+pilotAttributeType 27 : : pilotAttributeType27
+pilotAttributeType 28 : : mXRecord
+pilotAttributeType 29 : : nSRecord
+pilotAttributeType 30 : : sOARecord
+pilotAttributeType 31 : : cNAMERecord
+pilotAttributeType 37 : : associatedDomain
+pilotAttributeType 38 : : associatedName
+pilotAttributeType 39 : : homePostalAddress
+pilotAttributeType 40 : : personalTitle
+pilotAttributeType 41 : : mobileTelephoneNumber
+pilotAttributeType 42 : : pagerTelephoneNumber
+pilotAttributeType 43 : : friendlyCountryName
+# The following clashes with 2.5.4.45, so commented away
+#pilotAttributeType 44 : uid : uniqueIdentifier
+pilotAttributeType 45 : : organizationalStatus
+pilotAttributeType 46 : : janetMailbox
+pilotAttributeType 47 : : mailPreferenceOption
+pilotAttributeType 48 : : buildingName
+pilotAttributeType 49 : : dSAQuality
+pilotAttributeType 50 : : singleLevelQuality
+pilotAttributeType 51 : : subtreeMinimumQuality
+pilotAttributeType 52 : : subtreeMaximumQuality
+pilotAttributeType 53 : : personalSignature
+pilotAttributeType 54 : : dITRedirect
+pilotAttributeType 55 : audio
+pilotAttributeType 56 : : documentPublisher
+
+international-organizations 42 : id-set : Secure Electronic Transactions
+
+id-set 0 : set-ctype : content types
+id-set 1 : set-msgExt : message extensions
+id-set 3 : set-attr
+id-set 5 : set-policy
+id-set 7 : set-certExt : certificate extensions
+id-set 8 : set-brand
+
+set-ctype 0 : setct-PANData
+set-ctype 1 : setct-PANToken
+set-ctype 2 : setct-PANOnly
+set-ctype 3 : setct-OIData
+set-ctype 4 : setct-PI
+set-ctype 5 : setct-PIData
+set-ctype 6 : setct-PIDataUnsigned
+set-ctype 7 : setct-HODInput
+set-ctype 8 : setct-AuthResBaggage
+set-ctype 9 : setct-AuthRevReqBaggage
+set-ctype 10 : setct-AuthRevResBaggage
+set-ctype 11 : setct-CapTokenSeq
+set-ctype 12 : setct-PInitResData
+set-ctype 13 : setct-PI-TBS
+set-ctype 14 : setct-PResData
+set-ctype 16 : setct-AuthReqTBS
+set-ctype 17 : setct-AuthResTBS
+set-ctype 18 : setct-AuthResTBSX
+set-ctype 19 : setct-AuthTokenTBS
+set-ctype 20 : setct-CapTokenData
+set-ctype 21 : setct-CapTokenTBS
+set-ctype 22 : setct-AcqCardCodeMsg
+set-ctype 23 : setct-AuthRevReqTBS
+set-ctype 24 : setct-AuthRevResData
+set-ctype 25 : setct-AuthRevResTBS
+set-ctype 26 : setct-CapReqTBS
+set-ctype 27 : setct-CapReqTBSX
+set-ctype 28 : setct-CapResData
+set-ctype 29 : setct-CapRevReqTBS
+set-ctype 30 : setct-CapRevReqTBSX
+set-ctype 31 : setct-CapRevResData
+set-ctype 32 : setct-CredReqTBS
+set-ctype 33 : setct-CredReqTBSX
+set-ctype 34 : setct-CredResData
+set-ctype 35 : setct-CredRevReqTBS
+set-ctype 36 : setct-CredRevReqTBSX
+set-ctype 37 : setct-CredRevResData
+set-ctype 38 : setct-PCertReqData
+set-ctype 39 : setct-PCertResTBS
+set-ctype 40 : setct-BatchAdminReqData
+set-ctype 41 : setct-BatchAdminResData
+set-ctype 42 : setct-CardCInitResTBS
+set-ctype 43 : setct-MeAqCInitResTBS
+set-ctype 44 : setct-RegFormResTBS
+set-ctype 45 : setct-CertReqData
+set-ctype 46 : setct-CertReqTBS
+set-ctype 47 : setct-CertResData
+set-ctype 48 : setct-CertInqReqTBS
+set-ctype 49 : setct-ErrorTBS
+set-ctype 50 : setct-PIDualSignedTBE
+set-ctype 51 : setct-PIUnsignedTBE
+set-ctype 52 : setct-AuthReqTBE
+set-ctype 53 : setct-AuthResTBE
+set-ctype 54 : setct-AuthResTBEX
+set-ctype 55 : setct-AuthTokenTBE
+set-ctype 56 : setct-CapTokenTBE
+set-ctype 57 : setct-CapTokenTBEX
+set-ctype 58 : setct-AcqCardCodeMsgTBE
+set-ctype 59 : setct-AuthRevReqTBE
+set-ctype 60 : setct-AuthRevResTBE
+set-ctype 61 : setct-AuthRevResTBEB
+set-ctype 62 : setct-CapReqTBE
+set-ctype 63 : setct-CapReqTBEX
+set-ctype 64 : setct-CapResTBE
+set-ctype 65 : setct-CapRevReqTBE
+set-ctype 66 : setct-CapRevReqTBEX
+set-ctype 67 : setct-CapRevResTBE
+set-ctype 68 : setct-CredReqTBE
+set-ctype 69 : setct-CredReqTBEX
+set-ctype 70 : setct-CredResTBE
+set-ctype 71 : setct-CredRevReqTBE
+set-ctype 72 : setct-CredRevReqTBEX
+set-ctype 73 : setct-CredRevResTBE
+set-ctype 74 : setct-BatchAdminReqTBE
+set-ctype 75 : setct-BatchAdminResTBE
+set-ctype 76 : setct-RegFormReqTBE
+set-ctype 77 : setct-CertReqTBE
+set-ctype 78 : setct-CertReqTBEX
+set-ctype 79 : setct-CertResTBE
+set-ctype 80 : setct-CRLNotificationTBS
+set-ctype 81 : setct-CRLNotificationResTBS
+set-ctype 82 : setct-BCIDistributionTBS
+
+set-msgExt 1 : setext-genCrypt : generic cryptogram
+set-msgExt 3 : setext-miAuth : merchant initiated auth
+set-msgExt 4 : setext-pinSecure
+set-msgExt 5 : setext-pinAny
+set-msgExt 7 : setext-track2
+set-msgExt 8 : setext-cv : additional verification
+
+set-policy 0 : set-policy-root
+
+set-certExt 0 : setCext-hashedRoot
+set-certExt 1 : setCext-certType
+set-certExt 2 : setCext-merchData
+set-certExt 3 : setCext-cCertRequired
+set-certExt 4 : setCext-tunneling
+set-certExt 5 : setCext-setExt
+set-certExt 6 : setCext-setQualf
+set-certExt 7 : setCext-PGWYcapabilities
+set-certExt 8 : setCext-TokenIdentifier
+set-certExt 9 : setCext-Track2Data
+set-certExt 10 : setCext-TokenType
+set-certExt 11 : setCext-IssuerCapabilities
+
+set-attr 0 : setAttr-Cert
+set-attr 1 : setAttr-PGWYcap : payment gateway capabilities
+set-attr 2 : setAttr-TokenType
+set-attr 3 : setAttr-IssCap : issuer capabilities
+
+setAttr-Cert 0 : set-rootKeyThumb
+setAttr-Cert 1 : set-addPolicy
+
+setAttr-TokenType 1 : setAttr-Token-EMV
+setAttr-TokenType 2 : setAttr-Token-B0Prime
+
+setAttr-IssCap 3 : setAttr-IssCap-CVM
+setAttr-IssCap 4 : setAttr-IssCap-T2
+setAttr-IssCap 5 : setAttr-IssCap-Sig
+
+setAttr-IssCap-CVM 1 : setAttr-GenCryptgrm : generate cryptogram
+setAttr-IssCap-T2 1 : setAttr-T2Enc : encrypted track 2
+setAttr-IssCap-T2 2 : setAttr-T2cleartxt : cleartext track 2
+
+setAttr-IssCap-Sig 1 : setAttr-TokICCsig : ICC or token signature
+setAttr-IssCap-Sig 2 : setAttr-SecDevSig : secure device signature
+
+set-brand 1 : set-brand-IATA-ATA
+set-brand 30 : set-brand-Diners
+set-brand 34 : set-brand-AmericanExpress
+set-brand 35 : set-brand-JCB
+set-brand 4 : set-brand-Visa
+set-brand 5 : set-brand-MasterCard
+set-brand 6011 : set-brand-Novus
+
+rsadsi 3 10 : DES-CDMF : des-cdmf
+rsadsi 1 1 6 : rsaOAEPEncryptionSET
+
+ : Oakley-EC2N-3 : ipsec3
+ : Oakley-EC2N-4 : ipsec4
+
+iso 0 10118 3 0 55 : whirlpool
+
+# GOST OIDs
+
+member-body 643 2 2 : cryptopro
+member-body 643 2 9 : cryptocom
+
+cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
+cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
+!Cname id-GostR3411-94
+cryptopro 9 : md_gost94 : GOST R 34.11-94
+cryptopro 10 : id-HMACGostR3411-94 : HMAC GOST 34.11-94
+!Cname id-GostR3410-2001
+cryptopro 19 : gost2001 : GOST R 34.10-2001
+!Cname id-GostR3410-94
+cryptopro 20 : gost94 : GOST R 34.10-94
+!Cname id-Gost28147-89
+cryptopro 21 : gost89 : GOST 28147-89
+cryptopro 22 : id-Gost28147-89-MAC : GOST 28147-89 MAC
+!Cname id-GostR3411-94-prf
+cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
+cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
+cryptopro 99 : id-GostR3410-94DH : GOST R 34.10-94 DH
+
+cryptopro 14 1 : id-Gost28147-89-CryptoPro-KeyMeshing
+cryptopro 14 0 : id-Gost28147-89-None-KeyMeshing
+
+# GOST parameter set OIDs
+
+cryptopro 30 0 : id-GostR3411-94-TestParamSet
+cryptopro 30 1 : id-GostR3411-94-CryptoProParamSet
+
+cryptopro 31 0 : id-Gost28147-89-TestParamSet
+cryptopro 31 1 : id-Gost28147-89-CryptoPro-A-ParamSet
+cryptopro 31 2 : id-Gost28147-89-CryptoPro-B-ParamSet
+cryptopro 31 3 : id-Gost28147-89-CryptoPro-C-ParamSet
+cryptopro 31 4 : id-Gost28147-89-CryptoPro-D-ParamSet
+cryptopro 31 5 : id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet
+cryptopro 31 6 : id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet
+cryptopro 31 7 : id-Gost28147-89-CryptoPro-RIC-1-ParamSet
+
+cryptopro 32 0 : id-GostR3410-94-TestParamSet
+cryptopro 32 2 : id-GostR3410-94-CryptoPro-A-ParamSet
+cryptopro 32 3 : id-GostR3410-94-CryptoPro-B-ParamSet
+cryptopro 32 4 : id-GostR3410-94-CryptoPro-C-ParamSet
+cryptopro 32 5 : id-GostR3410-94-CryptoPro-D-ParamSet
+
+cryptopro 33 1 : id-GostR3410-94-CryptoPro-XchA-ParamSet
+cryptopro 33 2 : id-GostR3410-94-CryptoPro-XchB-ParamSet
+cryptopro 33 3 : id-GostR3410-94-CryptoPro-XchC-ParamSet
+
+cryptopro 35 0 : id-GostR3410-2001-TestParamSet
+cryptopro 35 1 : id-GostR3410-2001-CryptoPro-A-ParamSet
+cryptopro 35 2 : id-GostR3410-2001-CryptoPro-B-ParamSet
+cryptopro 35 3 : id-GostR3410-2001-CryptoPro-C-ParamSet
+
+cryptopro 36 0 : id-GostR3410-2001-CryptoPro-XchA-ParamSet
+cryptopro 36 1 : id-GostR3410-2001-CryptoPro-XchB-ParamSet
+
+id-GostR3410-94 1 : id-GostR3410-94-a
+id-GostR3410-94 2 : id-GostR3410-94-aBis
+id-GostR3410-94 3 : id-GostR3410-94-b
+id-GostR3410-94 4 : id-GostR3410-94-bBis
+
+# Cryptocom LTD GOST OIDs
+
+cryptocom 1 6 1 : id-Gost28147-89-cc : GOST 28147-89 Cryptocom ParamSet
+!Cname id-GostR3410-94-cc
+cryptocom 1 5 3 : gost94cc : GOST 34.10-94 Cryptocom
+!Cname id-GostR3410-2001-cc
+cryptocom 1 5 4 : gost2001cc : GOST 34.10-2001 Cryptocom
+
+cryptocom 1 3 3 : id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom
+cryptocom 1 3 4 : id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom
+
+cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+
+# Definitions for Camellia cipher - CBC MODE
+
+1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
+1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc
+1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc
+
+# Definitions for Camellia cipher - ECB, CFB, OFB MODE
+
+!Alias ntt-ds 0 3 4401 5
+!Alias camellia ntt-ds 3 1 9
+
+camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb
+!Cname camellia-128-ofb128
+camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb
+!Cname camellia-128-cfb128
+camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb
+
+camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb
+!Cname camellia-192-ofb128
+camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb
+!Cname camellia-192-cfb128
+camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb
+
+camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb
+!Cname camellia-256-ofb128
+camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb
+!Cname camellia-256-cfb128
+camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb
+
+# There are no OIDs for these modes...
-algorithm 6 : desECB
-algorithm 7 : desCBC
-algorithm 8 : desOFB
-algorithm 9 : desCFB
-algorithm 17 : desEDE2
+ : CAMELLIA-128-CFB1 : camellia-128-cfb1
+ : CAMELLIA-192-CFB1 : camellia-192-cfb1
+ : CAMELLIA-256-CFB1 : camellia-256-cfb1
+ : CAMELLIA-128-CFB8 : camellia-128-cfb8
+ : CAMELLIA-192-CFB8 : camellia-192-cfb8
+ : CAMELLIA-256-CFB8 : camellia-256-cfb8
projects / openssl.git / blobdiff