openssl/crypto/objects/objects.txt
Jonathan M. Wilbur 9216859f7b feat: support auditIdentity X.509v3 extension
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24754)
2024-08-26 10:38:44 +01:00

1871 lines
67 KiB
Plaintext

# CCITT was renamed to ITU-T quite some time ago
0 : ITU-T : itu-t
!Alias ccitt itu-t
1 : ISO : iso
2 : JOINT-ISO-ITU-T : joint-iso-itu-t
!Alias joint-iso-ccitt joint-iso-itu-t
iso 2 : member-body : ISO Member Body
iso 3 : identified-organization
# GMAC OID
iso 0 9797 3 4 : GMAC : gmac
# HMAC OIDs
identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5
identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1
# "1.3.36.8.3.3"
identified-organization 36 8 3 3 : x509ExtAdmission : Professional Information or basis for Admission
identified-organization 132 : certicom-arc
identified-organization 111 : ieee
ieee 2 1619 : ieee-siswg : IEEE Security in Storage Working Group
joint-iso-itu-t 23 : international-organizations : International Organizations
international-organizations 43 : wap
wap 1 : wap-wsg
joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types
selected-attribute-types 55 : clearance
member-body 840 : ISO-US : ISO US Member Body
ISO-US 10040 : X9-57 : X9.57
X9-57 4 : X9cm : X9.57 CM ?
member-body 156 : ISO-CN : ISO CN Member Body
ISO-CN 10197 : oscca
oscca 1 : sm-scheme
!Cname dsa
X9cm 1 : DSA : dsaEncryption
X9cm 3 : DSA-SHA1 : dsaWithSHA1
ISO-US 10045 : ansi-X9-62 : ANSI X9.62
!module X9-62
!Alias id-fieldType ansi-X9-62 1
X9-62_id-fieldType 1 : prime-field
X9-62_id-fieldType 2 : characteristic-two-field
X9-62_characteristic-two-field 3 : id-characteristic-two-basis
X9-62_id-characteristic-two-basis 1 : onBasis
X9-62_id-characteristic-two-basis 2 : tpBasis
X9-62_id-characteristic-two-basis 3 : ppBasis
!Alias id-publicKeyType ansi-X9-62 2
X9-62_id-publicKeyType 1 : id-ecPublicKey
!Alias ellipticCurve ansi-X9-62 3
!Alias c-TwoCurve X9-62_ellipticCurve 0
X9-62_c-TwoCurve 1 : c2pnb163v1
X9-62_c-TwoCurve 2 : c2pnb163v2
X9-62_c-TwoCurve 3 : c2pnb163v3
X9-62_c-TwoCurve 4 : c2pnb176v1
X9-62_c-TwoCurve 5 : c2tnb191v1
X9-62_c-TwoCurve 6 : c2tnb191v2
X9-62_c-TwoCurve 7 : c2tnb191v3
X9-62_c-TwoCurve 8 : c2onb191v4
X9-62_c-TwoCurve 9 : c2onb191v5
X9-62_c-TwoCurve 10 : c2pnb208w1
X9-62_c-TwoCurve 11 : c2tnb239v1
X9-62_c-TwoCurve 12 : c2tnb239v2
X9-62_c-TwoCurve 13 : c2tnb239v3
X9-62_c-TwoCurve 14 : c2onb239v4
X9-62_c-TwoCurve 15 : c2onb239v5
X9-62_c-TwoCurve 16 : c2pnb272w1
X9-62_c-TwoCurve 17 : c2pnb304w1
X9-62_c-TwoCurve 18 : c2tnb359v1
X9-62_c-TwoCurve 19 : c2pnb368w1
X9-62_c-TwoCurve 20 : c2tnb431r1
!Alias primeCurve X9-62_ellipticCurve 1
X9-62_primeCurve 1 : prime192v1
X9-62_primeCurve 2 : prime192v2
X9-62_primeCurve 3 : prime192v3
X9-62_primeCurve 4 : prime239v1
X9-62_primeCurve 5 : prime239v2
X9-62_primeCurve 6 : prime239v3
X9-62_primeCurve 7 : prime256v1
!Alias id-ecSigType ansi-X9-62 4
!global
X9-62_id-ecSigType 1 : ecdsa-with-SHA1
X9-62_id-ecSigType 2 : ecdsa-with-Recommended
X9-62_id-ecSigType 3 : ecdsa-with-Specified
ecdsa-with-Specified 1 : ecdsa-with-SHA224
ecdsa-with-Specified 2 : ecdsa-with-SHA256
ecdsa-with-Specified 3 : ecdsa-with-SHA384
ecdsa-with-Specified 4 : ecdsa-with-SHA512
# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
# (http://www.secg.org/)
!Alias secg_ellipticCurve certicom-arc 0
# SECG prime curves OIDs
secg-ellipticCurve 6 : secp112r1
secg-ellipticCurve 7 : secp112r2
secg-ellipticCurve 28 : secp128r1
secg-ellipticCurve 29 : secp128r2
secg-ellipticCurve 9 : secp160k1
secg-ellipticCurve 8 : secp160r1
secg-ellipticCurve 30 : secp160r2
secg-ellipticCurve 31 : secp192k1
# NOTE: the curve secp192r1 is the same as prime192v1 defined above
# and is therefore omitted
secg-ellipticCurve 32 : secp224k1
secg-ellipticCurve 33 : secp224r1
secg-ellipticCurve 10 : secp256k1
# NOTE: the curve secp256r1 is the same as prime256v1 defined above
# and is therefore omitted
secg-ellipticCurve 34 : secp384r1
secg-ellipticCurve 35 : secp521r1
# SECG characteristic two curves OIDs
secg-ellipticCurve 4 : sect113r1
secg-ellipticCurve 5 : sect113r2
secg-ellipticCurve 22 : sect131r1
secg-ellipticCurve 23 : sect131r2
secg-ellipticCurve 1 : sect163k1
secg-ellipticCurve 2 : sect163r1
secg-ellipticCurve 15 : sect163r2
secg-ellipticCurve 24 : sect193r1
secg-ellipticCurve 25 : sect193r2
secg-ellipticCurve 26 : sect233k1
secg-ellipticCurve 27 : sect233r1
secg-ellipticCurve 3 : sect239k1
secg-ellipticCurve 16 : sect283k1
secg-ellipticCurve 17 : sect283r1
secg-ellipticCurve 36 : sect409k1
secg-ellipticCurve 37 : sect409r1
secg-ellipticCurve 38 : sect571k1
secg-ellipticCurve 39 : sect571r1
# WAP/TLS curve OIDs (http://www.wapforum.org/)
!Alias wap-wsg-idm-ecid wap-wsg 4
wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1
wap-wsg-idm-ecid 3 : wap-wsg-idm-ecid-wtls3
wap-wsg-idm-ecid 4 : wap-wsg-idm-ecid-wtls4
wap-wsg-idm-ecid 5 : wap-wsg-idm-ecid-wtls5
wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6
wap-wsg-idm-ecid 7 : wap-wsg-idm-ecid-wtls7
wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8
wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9
wap-wsg-idm-ecid 10 : wap-wsg-idm-ecid-wtls10
wap-wsg-idm-ecid 11 : wap-wsg-idm-ecid-wtls11
wap-wsg-idm-ecid 12 : wap-wsg-idm-ecid-wtls12
ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc
: CAST5-ECB : cast5-ecb
!Cname cast5-cfb64
: CAST5-CFB : cast5-cfb
!Cname cast5-ofb64
: CAST5-OFB : cast5-ofb
!Cname pbeWithMD5AndCast5-CBC
ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC
# Macs for CMP and CRMF
ISO-US 113533 7 66 13 : id-PasswordBasedMAC : password based MAC
ISO-US 113533 7 66 30 : id-DHBasedMac : Diffie-Hellman based MAC
ISO-US 113549 : rsadsi : RSA Data Security, Inc.
rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS
pkcs 1 : pkcs1
pkcs1 1 : : rsaEncryption
pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
# According to PKCS #1 version 2.1
pkcs1 7 : RSAES-OAEP : rsaesOaep
pkcs1 8 : MGF1 : mgf1
pkcs1 9 : PSPECIFIED : pSpecified
pkcs1 10 : RSASSA-PSS : rsassaPss
pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
pkcs1 15 : RSA-SHA512/224 : sha512-224WithRSAEncryption
pkcs1 16 : RSA-SHA512/256 : sha512-256WithRSAEncryption
pkcs 3 : pkcs3
pkcs3 1 : : dhKeyAgreement
pkcs 5 : pkcs5
pkcs5 1 : PBE-MD2-DES : pbeWithMD2AndDES-CBC
pkcs5 3 : PBE-MD5-DES : pbeWithMD5AndDES-CBC
pkcs5 4 : PBE-MD2-RC2-64 : pbeWithMD2AndRC2-CBC
pkcs5 6 : PBE-MD5-RC2-64 : pbeWithMD5AndRC2-CBC
pkcs5 10 : PBE-SHA1-DES : pbeWithSHA1AndDES-CBC
pkcs5 11 : PBE-SHA1-RC2-64 : pbeWithSHA1AndRC2-CBC
!Cname id_pbkdf2
pkcs5 12 : : PBKDF2
!Cname pbes2
pkcs5 13 : : PBES2
!Cname pbmac1
pkcs5 14 : : PBMAC1
pkcs 7 : pkcs7
pkcs7 1 : : pkcs7-data
!Cname pkcs7-signed
pkcs7 2 : : pkcs7-signedData
!Cname pkcs7-enveloped
pkcs7 3 : : pkcs7-envelopedData
!Cname pkcs7-signedAndEnveloped
pkcs7 4 : : pkcs7-signedAndEnvelopedData
!Cname pkcs7-digest
pkcs7 5 : : pkcs7-digestData
!Cname pkcs7-encrypted
pkcs7 6 : : pkcs7-encryptedData
pkcs 9 : pkcs9
!module pkcs9
pkcs9 1 : : emailAddress
pkcs9 2 : : unstructuredName
pkcs9 3 : : contentType
pkcs9 4 : : messageDigest
pkcs9 5 : : signingTime
pkcs9 6 : : countersignature
pkcs9 7 : : challengePassword
pkcs9 8 : : unstructuredAddress
!Cname extCertAttributes
pkcs9 9 : : extendedCertificateAttributes
!global
!Cname ext-req
pkcs9 14 : extReq : Extension Request
!Cname SMIMECapabilities
pkcs9 15 : SMIME-CAPS : S/MIME Capabilities
# S/MIME
!Cname SMIME
pkcs9 16 : SMIME : S/MIME
SMIME 0 : id-smime-mod
SMIME 1 : id-smime-ct
SMIME 2 : id-smime-aa
SMIME 3 : id-smime-alg
SMIME 4 : id-smime-cd
SMIME 5 : id-smime-spq
SMIME 6 : id-smime-cti
# S/MIME Modules
id-smime-mod 1 : id-smime-mod-cms
id-smime-mod 2 : id-smime-mod-ess
id-smime-mod 3 : id-smime-mod-oid
id-smime-mod 4 : id-smime-mod-msg-v3
id-smime-mod 5 : id-smime-mod-ets-eSignature-88
id-smime-mod 6 : id-smime-mod-ets-eSignature-97
id-smime-mod 7 : id-smime-mod-ets-eSigPolicy-88
id-smime-mod 8 : id-smime-mod-ets-eSigPolicy-97
# S/MIME Content Types
id-smime-ct 1 : id-smime-ct-receipt
id-smime-ct 2 : id-smime-ct-authData
id-smime-ct 3 : id-smime-ct-publishCert
id-smime-ct 4 : id-smime-ct-TSTInfo
id-smime-ct 5 : id-smime-ct-TDTInfo
id-smime-ct 6 : id-smime-ct-contentInfo
id-smime-ct 7 : id-smime-ct-DVCSRequestData
id-smime-ct 8 : id-smime-ct-DVCSResponseData
id-smime-ct 9 : id-smime-ct-compressedData
id-smime-ct 19 : id-smime-ct-contentCollection
id-smime-ct 23 : id-smime-ct-authEnvelopedData
id-smime-ct 24 : id-ct-routeOriginAuthz
id-smime-ct 26 : id-ct-rpkiManifest
id-smime-ct 27 : id-ct-asciiTextWithCRLF
id-smime-ct 28 : id-ct-xml
id-smime-ct 35 : id-ct-rpkiGhostbusters
id-smime-ct 36 : id-ct-resourceTaggedAttest
id-smime-ct 47 : id-ct-geofeedCSVwithCRLF
id-smime-ct 48 : id-ct-signedChecklist
id-smime-ct 49 : id-ct-ASPA
id-smime-ct 50 : id-ct-signedTAL
id-smime-ct 51 : id-ct-rpkiSignedPrefixList
# S/MIME Attributes
id-smime-aa 1 : id-smime-aa-receiptRequest
id-smime-aa 2 : id-smime-aa-securityLabel
id-smime-aa 3 : id-smime-aa-mlExpandHistory
id-smime-aa 4 : id-smime-aa-contentHint
id-smime-aa 5 : id-smime-aa-msgSigDigest
# obsolete
id-smime-aa 6 : id-smime-aa-encapContentType
id-smime-aa 7 : id-smime-aa-contentIdentifier
# obsolete
id-smime-aa 8 : id-smime-aa-macValue
id-smime-aa 9 : id-smime-aa-equivalentLabels
id-smime-aa 10 : id-smime-aa-contentReference
id-smime-aa 11 : id-smime-aa-encrypKeyPref
id-smime-aa 12 : id-smime-aa-signingCertificate
id-smime-aa 13 : id-smime-aa-smimeEncryptCerts
id-smime-aa 14 : id-smime-aa-timeStampToken
id-smime-aa 15 : id-smime-aa-ets-sigPolicyId
id-smime-aa 16 : id-smime-aa-ets-commitmentType
id-smime-aa 17 : id-smime-aa-ets-signerLocation
id-smime-aa 18 : id-smime-aa-ets-signerAttr
id-smime-aa 19 : id-smime-aa-ets-otherSigCert
id-smime-aa 20 : id-smime-aa-ets-contentTimestamp
id-smime-aa 21 : id-smime-aa-ets-CertificateRefs
id-smime-aa 22 : id-smime-aa-ets-RevocationRefs
id-smime-aa 23 : id-smime-aa-ets-certValues
id-smime-aa 24 : id-smime-aa-ets-revocationValues
id-smime-aa 25 : id-smime-aa-ets-escTimeStamp
id-smime-aa 26 : id-smime-aa-ets-certCRLTimestamp
id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp
id-smime-aa 28 : id-smime-aa-signatureType
id-smime-aa 29 : id-smime-aa-dvcs-dvc
id-smime-aa 44 : id-aa-ets-attrCertificateRefs
id-smime-aa 45 : id-aa-ets-attrRevocationRefs
id-smime-aa 47 : id-smime-aa-signingCertificateV2
id-smime-aa 48 : id-aa-ets-archiveTimestampV2
# S/MIME Algorithm Identifiers
# obsolete
id-smime-alg 1 : id-smime-alg-ESDHwith3DES
# obsolete
id-smime-alg 2 : id-smime-alg-ESDHwithRC2
# obsolete
id-smime-alg 3 : id-smime-alg-3DESwrap
# obsolete
id-smime-alg 4 : id-smime-alg-RC2wrap
id-smime-alg 5 : id-smime-alg-ESDH
id-smime-alg 6 : id-smime-alg-CMS3DESwrap
id-smime-alg 7 : id-smime-alg-CMSRC2wrap
id-smime-alg 9 : id-alg-PWRI-KEK
# S/MIME Certificate Distribution
id-smime-cd 1 : id-smime-cd-ldap
# S/MIME Signature Policy Qualifier
id-smime-spq 1 : id-smime-spq-ets-sqt-uri
id-smime-spq 2 : id-smime-spq-ets-sqt-unotice
# S/MIME Commitment Type Identifier
id-smime-cti 1 : id-smime-cti-ets-proofOfOrigin
id-smime-cti 2 : id-smime-cti-ets-proofOfReceipt
id-smime-cti 3 : id-smime-cti-ets-proofOfDelivery
id-smime-cti 4 : id-smime-cti-ets-proofOfSender
id-smime-cti 5 : id-smime-cti-ets-proofOfApproval
id-smime-cti 6 : id-smime-cti-ets-proofOfCreation
pkcs9 20 : : friendlyName
pkcs9 21 : : localKeyID
!Alias ms-corp 1 3 6 1 4 1 311
!Cname ms-csp-name
ms-corp 17 1 : CSPName : Microsoft CSP Name
ms-corp 17 2 : LocalKeySet : Microsoft Local Key set
!Alias certTypes pkcs9 22
certTypes 1 : : x509Certificate
certTypes 2 : : sdsiCertificate
!Alias crlTypes pkcs9 23
crlTypes 1 : : x509Crl
pkcs9 52 : id-aa-CMSAlgorithmProtection
!Alias pkcs12 pkcs 12
!Alias pkcs12-pbeids pkcs12 1
!Cname pbe-WithSHA1And128BitRC4
pkcs12-pbeids 1 : PBE-SHA1-RC4-128 : pbeWithSHA1And128BitRC4
!Cname pbe-WithSHA1And40BitRC4
pkcs12-pbeids 2 : PBE-SHA1-RC4-40 : pbeWithSHA1And40BitRC4
!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
pkcs12-pbeids 3 : PBE-SHA1-3DES : pbeWithSHA1And3-KeyTripleDES-CBC
!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
pkcs12-pbeids 4 : PBE-SHA1-2DES : pbeWithSHA1And2-KeyTripleDES-CBC
!Cname pbe-WithSHA1And128BitRC2-CBC
pkcs12-pbeids 5 : PBE-SHA1-RC2-128 : pbeWithSHA1And128BitRC2-CBC
!Cname pbe-WithSHA1And40BitRC2-CBC
pkcs12-pbeids 6 : PBE-SHA1-RC2-40 : pbeWithSHA1And40BitRC2-CBC
!Alias pkcs12-Version1 pkcs12 10
!Alias pkcs12-BagIds pkcs12-Version1 1
pkcs12-BagIds 1 : : keyBag
pkcs12-BagIds 2 : : pkcs8ShroudedKeyBag
pkcs12-BagIds 3 : : certBag
pkcs12-BagIds 4 : : crlBag
pkcs12-BagIds 5 : : secretBag
pkcs12-BagIds 6 : : safeContentsBag
rsadsi 2 2 : MD2 : md2
rsadsi 2 4 : MD4 : md4
rsadsi 2 5 : MD5 : md5
: MD5-SHA1 : md5-sha1
rsadsi 2 6 : : hmacWithMD5
rsadsi 2 7 : : hmacWithSHA1
sm-scheme 301 : SM2 : sm2
sm-scheme 401 : SM3 : sm3
sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption
sm-scheme 501 : SM2-SM3 : SM2-with-SM3
# From GM/T 0091-2020
sm3 3 1 : : hmacWithSM3
# From RFC4231
rsadsi 2 8 : : hmacWithSHA224
rsadsi 2 9 : : hmacWithSHA256
rsadsi 2 10 : : hmacWithSHA384
rsadsi 2 11 : : hmacWithSHA512
# From RFC8018
rsadsi 2 12 : : hmacWithSHA512-224
rsadsi 2 13 : : hmacWithSHA512-256
rsadsi 3 2 : RC2-CBC : rc2-cbc
: RC2-ECB : rc2-ecb
!Cname rc2-cfb64
: RC2-CFB : rc2-cfb
!Cname rc2-ofb64
: RC2-OFB : rc2-ofb
: RC2-40-CBC : rc2-40-cbc
: RC2-64-CBC : rc2-64-cbc
rsadsi 3 4 : RC4 : rc4
: RC4-40 : rc4-40
rsadsi 3 7 : DES-EDE3-CBC : des-ede3-cbc
rsadsi 3 8 : RC5-CBC : rc5-cbc
: RC5-ECB : rc5-ecb
!Cname rc5-cfb64
: RC5-CFB : rc5-cfb
!Cname rc5-ofb64
: RC5-OFB : rc5-ofb
!Cname ms-ext-req
ms-corp 2 1 14 : msExtReq : Microsoft Extension Request
!Cname ms-code-ind
ms-corp 2 1 21 : msCodeInd : Microsoft Individual Code Signing
!Cname ms-code-com
ms-corp 2 1 22 : msCodeCom : Microsoft Commercial Code Signing
!Cname ms-ctl-sign
ms-corp 10 3 1 : msCTLSign : Microsoft Trust List Signing
!Cname ms-sgc
ms-corp 10 3 3 : msSGC : Microsoft Server Gated Crypto
!Cname ms-efs
ms-corp 10 3 4 : msEFS : Microsoft Encrypted File System
!Cname ms-smartcard-login
ms-corp 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login
!Cname ms-upn
ms-corp 20 2 3 : msUPN : Microsoft User Principal Name
ms-corp 25 2 : ms-ntds-sec-ext : Microsoft NTDS CA Extension
ms-corp 25 2 1 : ms-ntds-obj-sid : Microsoft NTDS AD objectSid
ms-corp 21 7 : ms-cert-templ : Microsoft certificate template
ms-corp 21 10 : ms-app-policies : Microsoft Application Policies Extension
1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc
: IDEA-ECB : idea-ecb
!Cname idea-cfb64
: IDEA-CFB : idea-cfb
!Cname idea-ofb64
: IDEA-OFB : idea-ofb
1 3 6 1 4 1 3029 1 2 : BF-CBC : bf-cbc
: BF-ECB : bf-ecb
!Cname bf-cfb64
: BF-CFB : bf-cfb
!Cname bf-ofb64
: BF-OFB : bf-ofb
!Cname id-pkix
1 3 6 1 5 5 7 : PKIX
# PKIX Arcs
id-pkix 0 : id-pkix-mod
id-pkix 1 : id-pe
id-pkix 2 : id-qt
id-pkix 3 : id-kp
id-pkix 4 : id-it
id-pkix 5 : id-pkip
id-pkix 6 : id-alg
id-pkix 7 : id-cmc
id-pkix 8 : id-on
id-pkix 9 : id-pda
id-pkix 10 : id-aca
id-pkix 11 : id-qcs
id-pkix 14 : id-cp
id-pkix 12 : id-cct
id-pkix 21 : id-ppl
id-pkix 48 : id-ad
# PKIX Modules
id-pkix-mod 1 : id-pkix1-explicit-88
id-pkix-mod 2 : id-pkix1-implicit-88
id-pkix-mod 3 : id-pkix1-explicit-93
id-pkix-mod 4 : id-pkix1-implicit-93
id-pkix-mod 5 : id-mod-crmf
id-pkix-mod 6 : id-mod-cmc
id-pkix-mod 7 : id-mod-kea-profile-88
id-pkix-mod 8 : id-mod-kea-profile-93
id-pkix-mod 9 : id-mod-cmp
id-pkix-mod 10 : id-mod-qualified-cert-88
id-pkix-mod 11 : id-mod-qualified-cert-93
id-pkix-mod 12 : id-mod-attribute-cert
id-pkix-mod 13 : id-mod-timestamp-protocol
id-pkix-mod 14 : id-mod-ocsp
id-pkix-mod 15 : id-mod-dvcs
id-pkix-mod 16 : id-mod-cmp2000
id-pkix-mod 50 : id-mod-cmp2000-02
id-pkix-mod 99 : id-mod-cmp2021-88
id-pkix-mod 100 : id-mod-cmp2021-02
# PKIX Private Extensions
!Cname info-access
id-pe 1 : authorityInfoAccess : Authority Information Access
id-pe 2 : biometricInfo : Biometric Info
id-pe 3 : qcStatements
id-pe 4 : ac-auditEntity : X509v3 Audit Identity
id-pe 5 : ac-targeting
id-pe 6 : aaControls
id-pe 7 : sbgp-ipAddrBlock
id-pe 8 : sbgp-autonomousSysNum
id-pe 9 : sbgp-routerIdentifier
id-pe 10 : ac-proxying
!Cname sinfo-access
id-pe 11 : subjectInfoAccess : Subject Information Access
id-pe 14 : proxyCertInfo : Proxy Certificate Information
id-pe 24 : tlsfeature : TLS Feature
id-pe 28 : sbgp-ipAddrBlockv2
id-pe 29 : sbgp-autonomousSysNumv2
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
id-qt 2 : id-qt-unotice : Policy Qualifier User Notice
id-qt 3 : textNotice
# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
# PKIX key purpose identifiers
!Cname server-auth
id-kp 1 : serverAuth : TLS Web Server Authentication
!Cname client-auth
id-kp 2 : clientAuth : TLS Web Client Authentication
!Cname code-sign
id-kp 3 : codeSigning : Code Signing
!Cname email-protect
id-kp 4 : emailProtection : E-mail Protection
id-kp 5 : ipsecEndSystem : IPSec End System
id-kp 6 : ipsecTunnel : IPSec Tunnel
id-kp 7 : ipsecUser : IPSec User
!Cname time-stamp
id-kp 8 : timeStamping : Time Stamping
# From OCSP spec RFC2560
!Cname OCSP-sign
id-kp 9 : OCSPSigning : OCSP Signing
id-kp 10 : DVCS : dvcs
!Cname ipsec-IKE
id-kp 17 : ipsecIKE : ipsec Internet Key Exchange
id-kp 18 : capwapAC : Ctrl/provision WAP Access
id-kp 19 : capwapWTP : Ctrl/Provision WAP Termination
!Cname sshClient
id-kp 21 : secureShellClient : SSH Client
!Cname sshServer
id-kp 22 : secureShellServer : SSH Server
id-kp 23 : sendRouter : Send Router
id-kp 24 : sendProxiedRouter : Send Proxied Router
id-kp 25 : sendOwner : Send Owner
id-kp 26 : sendProxiedOwner : Send Proxied Owner
id-kp 27 : cmcCA : CMC Certificate Authority
id-kp 28 : cmcRA : CMC Registration Authority
id-kp 29 : cmcArchive : CMC Archive Server
id-kp 30 : id-kp-bgpsec-router : BGPsec Router
id-kp 31 : id-kp-BrandIndicatorforMessageIdentification : Brand Indicator for Message Identification
id-kp 32 : cmKGA : Certificate Management Key Generation Authority
# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4
# CMP information types
id-it 1 : id-it-caProtEncCert
id-it 2 : id-it-signKeyPairTypes
id-it 3 : id-it-encKeyPairTypes
id-it 4 : id-it-preferredSymmAlg
id-it 5 : id-it-caKeyUpdateInfo
id-it 6 : id-it-currentCRL
id-it 7 : id-it-unsupportedOIDs
# [Reserved and Obsolete]:
id-it 8 : id-it-subscriptionRequest
# [Reserved and Obsolete]:
id-it 9 : id-it-subscriptionResponse
id-it 10 : id-it-keyPairParamReq
id-it 11 : id-it-keyPairParamRep
id-it 12 : id-it-revPassphrase
id-it 13 : id-it-implicitConfirm
id-it 14 : id-it-confirmWaitTime
id-it 15 : id-it-origPKIMessage
id-it 16 : id-it-suppLangTags
id-it 17 : id-it-caCerts
id-it 18 : id-it-rootCaKeyUpdate
id-it 19 : id-it-certReqTemplate
id-it 20 : id-it-rootCaCert
id-it 21 : id-it-certProfile
id-it 22 : id-it-crlStatusList
id-it 23 : id-it-crls
# CRMF registration
id-pkip 1 : id-regCtrl
id-pkip 2 : id-regInfo
# CRMF registration controls
id-regCtrl 1 : id-regCtrl-regToken
id-regCtrl 2 : id-regCtrl-authenticator
id-regCtrl 3 : id-regCtrl-pkiPublicationInfo
id-regCtrl 4 : id-regCtrl-pkiArchiveOptions
id-regCtrl 5 : id-regCtrl-oldCertID
id-regCtrl 6 : id-regCtrl-protocolEncrKey
id-regCtrl 7 : id-regCtrl-altCertTemplate
# id-regCtrl 8 : id-regCtrl-wtlsTemplate [Reserved and Obsolete]
# id-regCtrl 9 : id-regCtrl-regTokenUTF8 [Reserved and Obsolete]
# id-regCtrl 10 : id-regCtrl-authenticatorUTF8 [Reserved and Obsolete]
id-regCtrl 11 : id-regCtrl-algId
id-regCtrl 12 : id-regCtrl-rsaKeyLen
# CRMF registration information
id-regInfo 1 : id-regInfo-utf8Pairs
id-regInfo 2 : id-regInfo-certReq
# algorithms
id-alg 1 : id-alg-des40
id-alg 2 : id-alg-noSignature
id-alg 3 : id-alg-dh-sig-hmac-sha1
id-alg 4 : id-alg-dh-pop
# CMC controls
id-cmc 1 : id-cmc-statusInfo
id-cmc 2 : id-cmc-identification
id-cmc 3 : id-cmc-identityProof
id-cmc 4 : id-cmc-dataReturn
id-cmc 5 : id-cmc-transactionId
id-cmc 6 : id-cmc-senderNonce
id-cmc 7 : id-cmc-recipientNonce
id-cmc 8 : id-cmc-addExtensions
id-cmc 9 : id-cmc-encryptedPOP
id-cmc 10 : id-cmc-decryptedPOP
id-cmc 11 : id-cmc-lraPOPWitness
id-cmc 15 : id-cmc-getCert
id-cmc 16 : id-cmc-getCRL
id-cmc 17 : id-cmc-revokeRequest
id-cmc 18 : id-cmc-regInfo
id-cmc 19 : id-cmc-responseInfo
id-cmc 21 : id-cmc-queryPending
id-cmc 22 : id-cmc-popLinkRandom
id-cmc 23 : id-cmc-popLinkWitness
id-cmc 24 : id-cmc-confirmCertAcceptance
# other names
id-on 1 : id-on-personalData
id-on 3 : id-on-permanentIdentifier : Permanent Identifier
id-on 4 : id-on-hardwareModuleName : Hardware Module Name
id-on 5 : id-on-xmppAddr : XmppAddr
id-on 7 : id-on-dnsSRV : SRVName
id-on 8 : id-on-NAIRealm : NAIRealm
id-on 9 : id-on-SmtpUTF8Mailbox : Smtp UTF8 Mailbox
# personal data attributes
id-pda 1 : id-pda-dateOfBirth
id-pda 2 : id-pda-placeOfBirth
id-pda 3 : id-pda-gender
id-pda 4 : id-pda-countryOfCitizenship
id-pda 5 : id-pda-countryOfResidence
# attribute certificate attributes
id-aca 1 : id-aca-authenticationInfo
id-aca 2 : id-aca-accessIdentity
id-aca 3 : id-aca-chargingIdentity
id-aca 4 : id-aca-group
# attention : the following seems to be obsolete, replace by 'role'
id-aca 5 : id-aca-role
id-aca 6 : id-aca-encAttrs
# qualified certificate statements
id-qcs 1 : id-qcs-pkixQCSyntax-v1
# PKIX Certificate Policies
id-cp 2 : ipAddr-asNumber
id-cp 3 : ipAddr-asNumberv2
# CMC content types
id-cct 1 : id-cct-crs
id-cct 2 : id-cct-PKIData
id-cct 3 : id-cct-PKIResponse
# Predefined Proxy Certificate policy languages
id-ppl 0 : id-ppl-anyLanguage : Any language
id-ppl 1 : id-ppl-inheritAll : Inherit all
id-ppl 2 : id-ppl-independent : Independent
# access descriptors for authority info access extension
!Cname ad-OCSP
id-ad 1 : OCSP : OCSP
!Cname ad-ca-issuers
id-ad 2 : caIssuers : CA Issuers
!Cname ad-timeStamping
id-ad 3 : ad_timestamping : AD Time Stamping
!Cname ad-dvcs
id-ad 4 : AD_DVCS : ad dvcs
id-ad 5 : caRepository : CA Repository
id-ad 10 : rpkiManifest : RPKI Manifest
id-ad 11 : signedObject : Signed Object
id-ad 13 : rpkiNotify : RPKI Notify
!Alias id-pkix-OCSP ad-OCSP
!module id-pkix-OCSP
!Cname basic
id-pkix-OCSP 1 : basicOCSPResponse : Basic OCSP Response
id-pkix-OCSP 2 : Nonce : OCSP Nonce
id-pkix-OCSP 3 : CrlID : OCSP CRL ID
id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses
id-pkix-OCSP 5 : noCheck : OCSP No Check
id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff
id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator
id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status
id-pkix-OCSP 9 : valid
id-pkix-OCSP 10 : path
id-pkix-OCSP 11 : trustRoot : Trust Root
!global
1 3 14 3 2 : algorithm : algorithm
algorithm 3 : RSA-NP-MD5 : md5WithRSA
algorithm 6 : DES-ECB : des-ecb
algorithm 7 : DES-CBC : des-cbc
!Cname des-ofb64
algorithm 8 : DES-OFB : des-ofb
!Cname des-cfb64
algorithm 9 : DES-CFB : des-cfb
algorithm 11 : rsaSignature
!Cname dsa-2
algorithm 12 : DSA-old : dsaEncryption-old
algorithm 13 : DSA-SHA : dsaWithSHA
algorithm 15 : RSA-SHA : shaWithRSAEncryption
!Cname des-ede-ecb
algorithm 17 : DES-EDE : des-ede
!Cname des-ede3-ecb
: DES-EDE3 : des-ede3
: DES-EDE-CBC : des-ede-cbc
!Cname des-ede-cfb64
: DES-EDE-CFB : des-ede-cfb
!Cname des-ede3-cfb64
: DES-EDE3-CFB : des-ede3-cfb
!Cname des-ede-ofb64
: DES-EDE-OFB : des-ede-ofb
!Cname des-ede3-ofb64
: DES-EDE3-OFB : des-ede3-ofb
: DESX-CBC : desx-cbc
algorithm 18 : SHA : sha
algorithm 26 : SHA1 : sha1
!Cname dsaWithSHA1-2
algorithm 27 : DSA-SHA1-old : dsaWithSHA1-old
algorithm 29 : RSA-SHA1-2 : sha1WithRSA
1 3 36 3 2 1 : RIPEMD160 : ripemd160
1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
1 3 6 1 4 1 1722 12 2 1 : BLAKE2BMAC : blake2bmac
1 3 6 1 4 1 1722 12 2 2 : BLAKE2SMAC : blake2smac
blake2bmac 16 : BLAKE2b512 : blake2b512
blake2smac 8 : BLAKE2s256 : blake2s256
!Cname sxnet
1 3 101 1 4 1 : SXNetID : Strong Extranet ID
2 5 : X500 : directory services (X.500)
X500 4 : X509
X509 3 : CN : commonName
X509 4 : SN : surname
X509 5 : : serialNumber
X509 6 : C : countryName
X509 7 : L : localityName
X509 8 : ST : stateOrProvinceName
X509 9 : street : streetAddress
X509 10 : O : organizationName
X509 11 : OU : organizationalUnitName
X509 12 : title : title
X509 13 : : description
X509 14 : : searchGuide
X509 15 : : businessCategory
X509 16 : : postalAddress
X509 17 : : postalCode
X509 18 : : postOfficeBox
X509 19 : : physicalDeliveryOfficeName
X509 20 : : telephoneNumber
X509 21 : : telexNumber
X509 22 : : teletexTerminalIdentifier
X509 23 : : facsimileTelephoneNumber
X509 24 : : x121Address
X509 25 : : internationaliSDNNumber
X509 26 : : registeredAddress
X509 27 : : destinationIndicator
X509 28 : : preferredDeliveryMethod
X509 29 : : presentationAddress
X509 30 : : supportedApplicationContext
X509 31 : member :
X509 32 : owner :
X509 33 : : roleOccupant
X509 34 : seeAlso :
X509 35 : : userPassword
X509 36 : : userCertificate
X509 37 : : cACertificate
X509 38 : : authorityRevocationList
X509 39 : : certificateRevocationList
X509 40 : : crossCertificatePair
X509 41 : name : name
X509 42 : GN : givenName
X509 43 : initials : initials
X509 44 : : generationQualifier
X509 45 : : x500UniqueIdentifier
X509 46 : dnQualifier : dnQualifier
X509 47 : : enhancedSearchGuide
X509 48 : : protocolInformation
X509 49 : : distinguishedName
X509 50 : : uniqueMember
X509 51 : : houseIdentifier
X509 52 : : supportedAlgorithms
X509 53 : : deltaRevocationList
X509 54 : dmdName :
X509 65 : : pseudonym
X509 72 : role : role
X509 97 : : organizationIdentifier
X509 98 : c3 : countryCode3c
X509 99 : n3 : countryCode3n
X509 100 : : dnsName
X500 8 : X500algorithms : directory services - algorithms
X500algorithms 1 1 : RSA : rsa
X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA
X500algorithms 3 101 : MDC2 : mdc2
X500 29 : id-ce
!Cname subject-directory-attributes
id-ce 9 : subjectDirectoryAttributes : X509v3 Subject Directory Attributes
!Cname subject-key-identifier
id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier
!Cname key-usage
id-ce 15 : keyUsage : X509v3 Key Usage
!Cname private-key-usage-period
id-ce 16 : privateKeyUsagePeriod : X509v3 Private Key Usage Period
!Cname subject-alt-name
id-ce 17 : subjectAltName : X509v3 Subject Alternative Name
!Cname issuer-alt-name
id-ce 18 : issuerAltName : X509v3 Issuer Alternative Name
!Cname basic-constraints
id-ce 19 : basicConstraints : X509v3 Basic Constraints
!Cname crl-number
id-ce 20 : crlNumber : X509v3 CRL Number
!Cname crl-reason
id-ce 21 : CRLReason : X509v3 CRL Reason Code
!Cname invalidity-date
id-ce 24 : invalidityDate : Invalidity Date
!Cname delta-crl
id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
!Cname issuing-distribution-point
id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distribution Point
!Cname certificate-issuer
id-ce 29 : certificateIssuer : X509v3 Certificate Issuer
!Cname name-constraints
id-ce 30 : nameConstraints : X509v3 Name Constraints
!Cname crl-distribution-points
id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
!Cname certificate-policies
id-ce 32 : certificatePolicies : X509v3 Certificate Policies
!Cname any-policy
certificate-policies 0 : anyPolicy : X509v3 Any Policy
!Cname policy-mappings
id-ce 33 : policyMappings : X509v3 Policy Mappings
!Cname authority-key-identifier
id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
!Cname policy-constraints
id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
!Cname authority-attribute-identifier
id-ce 38 : authorityAttributeIdentifier : X509v3 Authority Attribute Identifier
!Cname role-spec-cert-identifier
id-ce 39 : roleSpecCertIdentifier : X509v3 Role Specification Certificate Identifier
!Cname basic-att-constraints
id-ce 41 : basicAttConstraints : X509v3 Basic Attribute Certificate Constraints
!Cname delegated-name-constraints
id-ce 42 : delegatedNameConstraints : X509v3 Delegated Name Constraints
!Cname time-specification
id-ce 43 : timeSpecification : X509v3 Time Specification
!Cname freshest-crl
id-ce 46 : freshestCRL : X509v3 Freshest CRL
!Cname attribute-descriptor
id-ce 48 : attributeDescriptor : X509v3 Attribute Descriptor
!Cname user-notice
id-ce 49 : userNotice : X509v3 User Notice
!Cname soa-identifier
id-ce 50 : sOAIdentifier : X509v3 Source of Authority Identifier
!Cname acceptable-cert-policies
id-ce 52 : acceptableCertPolicies : X509v3 Acceptable Certification Policies
!Cname inhibit-any-policy
id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy
!Cname target-information
id-ce 55 : targetInformation : X509v3 AC Targeting
!Cname no-rev-avail
id-ce 56 : noRevAvail : X509v3 No Revocation Available
!Cname acceptable-privilege-policies
id-ce 57 : acceptablePrivPolicies : X509v3 Acceptable Privilege Policies
!Cname indirect-issuer
id-ce 61 : indirectIssuer : X509v3 Indirect Issuer
!Cname no-assertion
id-ce 62 : noAssertion : X509v3 No Assertion
!Cname id-aa-issuing-distribution-point
id-ce 63 : aAissuingDistributionPoint : X509v3 Attribute Authority Issuing Distribution Point
!Cname issued-on-behalf-of
id-ce 64 : issuedOnBehalfOf : X509v3 Issued On Behalf Of
!Cname single-use
id-ce 65 : singleUse : X509v3 Single Use
!Cname group-ac
id-ce 66 : groupAC : X509v3 Group Attribute Certificate
!Cname allowed-attribute-assignments
id-ce 67 : allowedAttributeAssignments : X509v3 Allowed Attribute Assignments
!Cname attribute-mappings
id-ce 68 : attributeMappings : X509v3 Attribute Mappings
!Cname holder-name-constraints
id-ce 69 : holderNameConstraints : X509v3 Holder Name Constraints
!Cname authorization-validation
id-ce 70 : authorizationValidation : X509v3 Authorization Validation
!Cname prot-restrict
id-ce 71 : protRestrict : X509v3 Protocol Restriction
!Cname subject-alt-public-key-info
id-ce 72 : subjectAltPublicKeyInfo : X509v3 Subject Alternative Public Key Info
!Cname alt-signature-algorithm
id-ce 73 : altSignatureAlgorithm : X509v3 Alternative Signature Algorithm
!Cname alt-signature-value
id-ce 74 : altSignatureValue : X509v3 Alternative Signature Value
!Cname associated-information
id-ce 75 : associatedInformation : X509v3 Associated Information
# From RFC5280
ext-key-usage 0 : anyExtendedKeyUsage : Any Extended Key Usage
!Cname netscape
2 16 840 1 113730 : Netscape : Netscape Communications Corp.
!Cname netscape-cert-extension
netscape 1 : nsCertExt : Netscape Certificate Extension
!Cname netscape-data-type
netscape 2 : nsDataType : Netscape Data Type
!Cname netscape-cert-type
netscape-cert-extension 1 : nsCertType : Netscape Cert Type
!Cname netscape-base-url
netscape-cert-extension 2 : nsBaseUrl : Netscape Base Url
!Cname netscape-revocation-url
netscape-cert-extension 3 : nsRevocationUrl : Netscape Revocation Url
!Cname netscape-ca-revocation-url
netscape-cert-extension 4 : nsCaRevocationUrl : Netscape CA Revocation Url
!Cname netscape-renewal-url
netscape-cert-extension 7 : nsRenewalUrl : Netscape Renewal Url
!Cname netscape-ca-policy-url
netscape-cert-extension 8 : nsCaPolicyUrl : Netscape CA Policy Url
!Cname netscape-ssl-server-name
netscape-cert-extension 12 : nsSslServerName : Netscape SSL Server Name
!Cname netscape-comment
netscape-cert-extension 13 : nsComment : Netscape Comment
!Cname netscape-cert-sequence
netscape-data-type 5 : nsCertSequence : Netscape Certificate Sequence
!Cname ns-sgc
netscape 4 1 : nsSGC : Netscape Server Gated Crypto
# iso(1)
iso 3 : ORG : org
org 6 : DOD : dod
dod 1 : IANA : iana
!Alias internet iana
internet 1 : directory : Directory
internet 2 : mgmt : Management
internet 3 : experimental : Experimental
internet 4 : private : Private
internet 5 : security : Security
internet 6 : snmpv2 : SNMPv2
# Documents refer to "internet 7" as "mail". This however leads to ambiguities
# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
# rfc822Mailbox. The short name is therefore here left out for a reason.
# Subclasses of "mail", e.g. "MIME MHS" don't constitute a problem, as
# references are realized via long name "Mail" (with capital M).
internet 7 : : Mail
Private 1 : enterprises : Enterprises
# RFC 2247
Enterprises 1466 344 : dcobject : dcObject
# Wi-SUN Assigned Value Registry
Enterprises 45605 1 : id-kp-wisun-fan-device : Wi-SUN Alliance Field Area Network (FAN)
# RFC 1495
Mail 1 : mime-mhs : MIME MHS
mime-mhs 1 : mime-mhs-headings : mime-mhs-headings
mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies
mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message
mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
# RFC 3274
!Cname zlib-compression
id-smime-alg 8 : ZLIB : zlib compression
# AES aka Rijndael
!Alias csor 2 16 840 1 101 3
!Alias nistAlgorithms csor 4
!Alias aes nistAlgorithms 1
aes 1 : AES-128-ECB : aes-128-ecb
aes 2 : AES-128-CBC : aes-128-cbc
!Cname aes-128-ofb128
aes 3 : AES-128-OFB : aes-128-ofb
!Cname aes-128-cfb128
aes 4 : AES-128-CFB : aes-128-cfb
aes 5 : id-aes128-wrap
aes 6 : id-aes128-GCM : aes-128-gcm
aes 7 : id-aes128-CCM : aes-128-ccm
aes 8 : id-aes128-wrap-pad
aes 21 : AES-192-ECB : aes-192-ecb
aes 22 : AES-192-CBC : aes-192-cbc
!Cname aes-192-ofb128
aes 23 : AES-192-OFB : aes-192-ofb
!Cname aes-192-cfb128
aes 24 : AES-192-CFB : aes-192-cfb
aes 25 : id-aes192-wrap
aes 26 : id-aes192-GCM : aes-192-gcm
aes 27 : id-aes192-CCM : aes-192-ccm
aes 28 : id-aes192-wrap-pad
aes 41 : AES-256-ECB : aes-256-ecb
aes 42 : AES-256-CBC : aes-256-cbc
!Cname aes-256-ofb128
aes 43 : AES-256-OFB : aes-256-ofb
!Cname aes-256-cfb128
aes 44 : AES-256-CFB : aes-256-cfb
aes 45 : id-aes256-wrap
aes 46 : id-aes256-GCM : aes-256-gcm
aes 47 : id-aes256-CCM : aes-256-ccm
aes 48 : id-aes256-wrap-pad
ieee-siswg 0 1 1 : AES-128-XTS : aes-128-xts
ieee-siswg 0 1 2 : AES-256-XTS : aes-256-xts
# There are no OIDs for these modes...
: AES-128-CFB1 : aes-128-cfb1
: AES-192-CFB1 : aes-192-cfb1
: AES-256-CFB1 : aes-256-cfb1
: AES-128-CFB8 : aes-128-cfb8
: AES-192-CFB8 : aes-192-cfb8
: AES-256-CFB8 : aes-256-cfb8
: AES-128-CTR : aes-128-ctr
: AES-192-CTR : aes-192-ctr
: AES-256-CTR : aes-256-ctr
: AES-128-OCB : aes-128-ocb
: AES-192-OCB : aes-192-ocb
: AES-256-OCB : aes-256-ocb
: DES-CFB1 : des-cfb1
: DES-CFB8 : des-cfb8
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and
# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
# "Middle" names are specified to be id-sha256, id-sha384, etc., but
# we adhere to unprefixed capitals for backward compatibility...
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1 : SHA256 : sha256
nist_hashalgs 2 : SHA384 : sha384
nist_hashalgs 3 : SHA512 : sha512
nist_hashalgs 4 : SHA224 : sha224
nist_hashalgs 5 : SHA512-224 : sha512-224
nist_hashalgs 6 : SHA512-256 : sha512-256
nist_hashalgs 7 : SHA3-224 : sha3-224
nist_hashalgs 8 : SHA3-256 : sha3-256
nist_hashalgs 9 : SHA3-384 : sha3-384
nist_hashalgs 10 : SHA3-512 : sha3-512
nist_hashalgs 11 : SHAKE128 : shake128
nist_hashalgs 12 : SHAKE256 : shake256
nist_hashalgs 13 : id-hmacWithSHA3-224 : hmac-sha3-224
nist_hashalgs 14 : id-hmacWithSHA3-256 : hmac-sha3-256
nist_hashalgs 15 : id-hmacWithSHA3-384 : hmac-sha3-384
nist_hashalgs 16 : id-hmacWithSHA3-512 : hmac-sha3-512
# Below two are incomplete OIDs, to be uncommented when we figure out
# how to handle them...
# nist_hashalgs 17 : id-shake128-len : shake128-len
# nist_hashalgs 18 : id-shake256-len : shake256-len
nist_hashalgs 19 : KMAC128 : kmac128
nist_hashalgs 20 : KMAC256 : kmac256
# nist_hashalgs 21 : KMAC128-XOF : kmac128-xof
# nist_hashalgs 22 : KMAC256-XOF : kmac256-xof
# OIDs for dsa-with-sha224 and dsa-with-sha256
!Alias dsa_with_sha2 nistAlgorithms 3
dsa_with_sha2 1 : dsa_with_SHA224
dsa_with_sha2 2 : dsa_with_SHA256
# Above two belong below, but kept as they are for backward compatibility
!Alias sigAlgs nistAlgorithms 3
sigAlgs 3 : id-dsa-with-sha384 : dsa_with_SHA384
sigAlgs 4 : id-dsa-with-sha512 : dsa_with_SHA512
sigAlgs 5 : id-dsa-with-sha3-224 : dsa_with_SHA3-224
sigAlgs 6 : id-dsa-with-sha3-256 : dsa_with_SHA3-256
sigAlgs 7 : id-dsa-with-sha3-384 : dsa_with_SHA3-384
sigAlgs 8 : id-dsa-with-sha3-512 : dsa_with_SHA3-512
sigAlgs 9 : id-ecdsa-with-sha3-224 : ecdsa_with_SHA3-224
sigAlgs 10 : id-ecdsa-with-sha3-256 : ecdsa_with_SHA3-256
sigAlgs 11 : id-ecdsa-with-sha3-384 : ecdsa_with_SHA3-384
sigAlgs 12 : id-ecdsa-with-sha3-512 : ecdsa_with_SHA3-512
sigAlgs 13 : id-rsassa-pkcs1-v1_5-with-sha3-224 : RSA-SHA3-224
sigAlgs 14 : id-rsassa-pkcs1-v1_5-with-sha3-256 : RSA-SHA3-256
sigAlgs 15 : id-rsassa-pkcs1-v1_5-with-sha3-384 : RSA-SHA3-384
sigAlgs 16 : id-rsassa-pkcs1-v1_5-with-sha3-512 : RSA-SHA3-512
# Hold instruction CRL entry extension
!Cname hold-instruction-code
id-ce 23 : holdInstructionCode : Hold Instruction Code
!Alias holdInstruction X9-57 2
!Cname hold-instruction-none
holdInstruction 1 : holdInstructionNone : Hold Instruction None
!Cname hold-instruction-call-issuer
holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer
!Cname hold-instruction-reject
holdInstruction 3 : holdInstructionReject : Hold Instruction Reject
# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of
# them are also mentioned in RFC 2247
# OIDs specific to Electronic Signature Standard/CAdES are as specified in
# ETSI EN 319 122-1 V1.2.1 (2021-10):
# Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
# Part 1: Building blocks and CAdES baseline signatures
itu-t 4 : itu-t-identified-organization
itu-t-identified-organization 0: etsi
etsi 1733 : electronic-signature-standard
electronic-signature-standard 2: ess-attributes
ess-attributes 1 : id-aa-ets-mimeType
ess-attributes 2 : id-aa-ets-longTermValidation
ess-attributes 3 : id-aa-ets-SignaturePolicyDocument
ess-attributes 4 : id-aa-ets-archiveTimestampV3
ess-attributes 5 : id-aa-ATSHashIndex
etsi 19122 : cades
cades 1 : cades-attributes
cades-attributes 1 : id-aa-ets-signerAttrV2
cades-attributes 3 : id-aa-ets-sigPolicyStore
cades-attributes 4 : id-aa-ATSHashIndex-v2
cades-attributes 5 : id-aa-ATSHashIndex-v3
cades-attributes 6 : signedAssertion
itu-t 9 : data
data 2342 : pss
pss 19200300 : ucl
ucl 100 : pilot
pilot 1 : : pilotAttributeType
pilot 3 : : pilotAttributeSyntax
pilot 4 : : pilotObjectClass
pilot 10 : : pilotGroups
pilotAttributeSyntax 4 : : iA5StringSyntax
pilotAttributeSyntax 5 : : caseIgnoreIA5StringSyntax
pilotObjectClass 3 : : pilotObject
pilotObjectClass 4 : : pilotPerson
pilotObjectClass 5 : account
pilotObjectClass 6 : document
pilotObjectClass 7 : room
pilotObjectClass 9 : : documentSeries
pilotObjectClass 13 : domain : Domain
pilotObjectClass 14 : : rFC822localPart
pilotObjectClass 15 : : dNSDomain
pilotObjectClass 17 : : domainRelatedObject
pilotObjectClass 18 : : friendlyCountry
pilotObjectClass 19 : : simpleSecurityObject
pilotObjectClass 20 : : pilotOrganization
pilotObjectClass 21 : : pilotDSA
pilotObjectClass 22 : : qualityLabelledData
pilotAttributeType 1 : UID : userId
pilotAttributeType 2 : : textEncodedORAddress
pilotAttributeType 3 : mail : rfc822Mailbox
pilotAttributeType 4 : info
pilotAttributeType 5 : : favouriteDrink
pilotAttributeType 6 : : roomNumber
pilotAttributeType 7 : photo
pilotAttributeType 8 : : userClass
pilotAttributeType 9 : host
pilotAttributeType 10 : manager
pilotAttributeType 11 : : documentIdentifier
pilotAttributeType 12 : : documentTitle
pilotAttributeType 13 : : documentVersion
pilotAttributeType 14 : : documentAuthor
pilotAttributeType 15 : : documentLocation
pilotAttributeType 20 : : homeTelephoneNumber
pilotAttributeType 21 : secretary
pilotAttributeType 22 : : otherMailbox
pilotAttributeType 23 : : lastModifiedTime
pilotAttributeType 24 : : lastModifiedBy
pilotAttributeType 25 : DC : domainComponent
pilotAttributeType 26 : : aRecord
pilotAttributeType 27 : : pilotAttributeType27
pilotAttributeType 28 : : mXRecord
pilotAttributeType 29 : : nSRecord
pilotAttributeType 30 : : sOARecord
pilotAttributeType 31 : : cNAMERecord
pilotAttributeType 37 : : associatedDomain
pilotAttributeType 38 : : associatedName
pilotAttributeType 39 : : homePostalAddress
pilotAttributeType 40 : : personalTitle
pilotAttributeType 41 : : mobileTelephoneNumber
pilotAttributeType 42 : : pagerTelephoneNumber
pilotAttributeType 43 : : friendlyCountryName
pilotAttributeType 44 : uid : uniqueIdentifier
pilotAttributeType 45 : : organizationalStatus
pilotAttributeType 46 : : janetMailbox
pilotAttributeType 47 : : mailPreferenceOption
pilotAttributeType 48 : : buildingName
pilotAttributeType 49 : : dSAQuality
pilotAttributeType 50 : : singleLevelQuality
pilotAttributeType 51 : : subtreeMinimumQuality
pilotAttributeType 52 : : subtreeMaximumQuality
pilotAttributeType 53 : : personalSignature
pilotAttributeType 54 : : dITRedirect
pilotAttributeType 55 : audio
pilotAttributeType 56 : : documentPublisher
international-organizations 42 : id-set : Secure Electronic Transactions
id-set 0 : set-ctype : content types
id-set 1 : set-msgExt : message extensions
id-set 3 : set-attr
id-set 5 : set-policy
id-set 7 : set-certExt : certificate extensions
id-set 8 : set-brand
set-ctype 0 : setct-PANData
set-ctype 1 : setct-PANToken
set-ctype 2 : setct-PANOnly
set-ctype 3 : setct-OIData
set-ctype 4 : setct-PI
set-ctype 5 : setct-PIData
set-ctype 6 : setct-PIDataUnsigned
set-ctype 7 : setct-HODInput
set-ctype 8 : setct-AuthResBaggage
set-ctype 9 : setct-AuthRevReqBaggage
set-ctype 10 : setct-AuthRevResBaggage
set-ctype 11 : setct-CapTokenSeq
set-ctype 12 : setct-PInitResData
set-ctype 13 : setct-PI-TBS
set-ctype 14 : setct-PResData
set-ctype 16 : setct-AuthReqTBS
set-ctype 17 : setct-AuthResTBS
set-ctype 18 : setct-AuthResTBSX
set-ctype 19 : setct-AuthTokenTBS
set-ctype 20 : setct-CapTokenData
set-ctype 21 : setct-CapTokenTBS
set-ctype 22 : setct-AcqCardCodeMsg
set-ctype 23 : setct-AuthRevReqTBS
set-ctype 24 : setct-AuthRevResData
set-ctype 25 : setct-AuthRevResTBS
set-ctype 26 : setct-CapReqTBS
set-ctype 27 : setct-CapReqTBSX
set-ctype 28 : setct-CapResData
set-ctype 29 : setct-CapRevReqTBS
set-ctype 30 : setct-CapRevReqTBSX
set-ctype 31 : setct-CapRevResData
set-ctype 32 : setct-CredReqTBS
set-ctype 33 : setct-CredReqTBSX
set-ctype 34 : setct-CredResData
set-ctype 35 : setct-CredRevReqTBS
set-ctype 36 : setct-CredRevReqTBSX
set-ctype 37 : setct-CredRevResData
set-ctype 38 : setct-PCertReqData
set-ctype 39 : setct-PCertResTBS
set-ctype 40 : setct-BatchAdminReqData
set-ctype 41 : setct-BatchAdminResData
set-ctype 42 : setct-CardCInitResTBS
set-ctype 43 : setct-MeAqCInitResTBS
set-ctype 44 : setct-RegFormResTBS
set-ctype 45 : setct-CertReqData
set-ctype 46 : setct-CertReqTBS
set-ctype 47 : setct-CertResData
set-ctype 48 : setct-CertInqReqTBS
set-ctype 49 : setct-ErrorTBS
set-ctype 50 : setct-PIDualSignedTBE
set-ctype 51 : setct-PIUnsignedTBE
set-ctype 52 : setct-AuthReqTBE
set-ctype 53 : setct-AuthResTBE
set-ctype 54 : setct-AuthResTBEX
set-ctype 55 : setct-AuthTokenTBE
set-ctype 56 : setct-CapTokenTBE
set-ctype 57 : setct-CapTokenTBEX
set-ctype 58 : setct-AcqCardCodeMsgTBE
set-ctype 59 : setct-AuthRevReqTBE
set-ctype 60 : setct-AuthRevResTBE
set-ctype 61 : setct-AuthRevResTBEB
set-ctype 62 : setct-CapReqTBE
set-ctype 63 : setct-CapReqTBEX
set-ctype 64 : setct-CapResTBE
set-ctype 65 : setct-CapRevReqTBE
set-ctype 66 : setct-CapRevReqTBEX
set-ctype 67 : setct-CapRevResTBE
set-ctype 68 : setct-CredReqTBE
set-ctype 69 : setct-CredReqTBEX
set-ctype 70 : setct-CredResTBE
set-ctype 71 : setct-CredRevReqTBE
set-ctype 72 : setct-CredRevReqTBEX
set-ctype 73 : setct-CredRevResTBE
set-ctype 74 : setct-BatchAdminReqTBE
set-ctype 75 : setct-BatchAdminResTBE
set-ctype 76 : setct-RegFormReqTBE
set-ctype 77 : setct-CertReqTBE
set-ctype 78 : setct-CertReqTBEX
set-ctype 79 : setct-CertResTBE
set-ctype 80 : setct-CRLNotificationTBS
set-ctype 81 : setct-CRLNotificationResTBS
set-ctype 82 : setct-BCIDistributionTBS
set-msgExt 1 : setext-genCrypt : generic cryptogram
set-msgExt 3 : setext-miAuth : merchant initiated auth
set-msgExt 4 : setext-pinSecure
set-msgExt 5 : setext-pinAny
set-msgExt 7 : setext-track2
set-msgExt 8 : setext-cv : additional verification
set-policy 0 : set-policy-root
set-certExt 0 : setCext-hashedRoot
set-certExt 1 : setCext-certType
set-certExt 2 : setCext-merchData
set-certExt 3 : setCext-cCertRequired
set-certExt 4 : setCext-tunneling
set-certExt 5 : setCext-setExt
set-certExt 6 : setCext-setQualf
set-certExt 7 : setCext-PGWYcapabilities
set-certExt 8 : setCext-TokenIdentifier
set-certExt 9 : setCext-Track2Data
set-certExt 10 : setCext-TokenType
set-certExt 11 : setCext-IssuerCapabilities
set-attr 0 : setAttr-Cert
set-attr 1 : setAttr-PGWYcap : payment gateway capabilities
set-attr 2 : setAttr-TokenType
set-attr 3 : setAttr-IssCap : issuer capabilities
setAttr-Cert 0 : set-rootKeyThumb
setAttr-Cert 1 : set-addPolicy
setAttr-TokenType 1 : setAttr-Token-EMV
setAttr-TokenType 2 : setAttr-Token-B0Prime
setAttr-IssCap 3 : setAttr-IssCap-CVM
setAttr-IssCap 4 : setAttr-IssCap-T2
setAttr-IssCap 5 : setAttr-IssCap-Sig
setAttr-IssCap-CVM 1 : setAttr-GenCryptgrm : generate cryptogram
setAttr-IssCap-T2 1 : setAttr-T2Enc : encrypted track 2
setAttr-IssCap-T2 2 : setAttr-T2cleartxt : cleartext track 2
setAttr-IssCap-Sig 1 : setAttr-TokICCsig : ICC or token signature
setAttr-IssCap-Sig 2 : setAttr-SecDevSig : secure device signature
set-brand 1 : set-brand-IATA-ATA
set-brand 30 : set-brand-Diners
set-brand 34 : set-brand-AmericanExpress
set-brand 35 : set-brand-JCB
set-brand 4 : set-brand-Visa
set-brand 5 : set-brand-MasterCard
set-brand 6011 : set-brand-Novus
rsadsi 3 10 : DES-CDMF : des-cdmf
rsadsi 1 1 6 : rsaOAEPEncryptionSET
: Oakley-EC2N-3 : ipsec3
: Oakley-EC2N-4 : ipsec4
iso 0 10118 3 0 55 : whirlpool
# GOST OIDs
member-body 643 2 2 : cryptopro
member-body 643 2 9 : cryptocom
member-body 643 7 1 : id-tc26
cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
!Cname id-GostR3411-94
cryptopro 9 : md_gost94 : GOST R 34.11-94
cryptopro 10 : id-HMACGostR3411-94 : HMAC GOST 34.11-94
!Cname id-GostR3410-2001
cryptopro 19 : gost2001 : GOST R 34.10-2001
!Cname id-GostR3410-94
cryptopro 20 : gost94 : GOST R 34.10-94
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
: gost89-cnt
: gost89-cnt-12
: gost89-cbc
: gost89-ecb
: gost89-ctr
!Cname id-Gost28147-89-MAC
cryptopro 22 : gost-mac : GOST 28147-89 MAC
: gost-mac-12
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
cryptopro 99 : id-GostR3410-94DH : GOST R 34.10-94 DH
cryptopro 14 1 : id-Gost28147-89-CryptoPro-KeyMeshing
cryptopro 14 0 : id-Gost28147-89-None-KeyMeshing
# GOST parameter set OIDs
cryptopro 30 0 : id-GostR3411-94-TestParamSet
cryptopro 30 1 : id-GostR3411-94-CryptoProParamSet
cryptopro 31 0 : id-Gost28147-89-TestParamSet
cryptopro 31 1 : id-Gost28147-89-CryptoPro-A-ParamSet
cryptopro 31 2 : id-Gost28147-89-CryptoPro-B-ParamSet
cryptopro 31 3 : id-Gost28147-89-CryptoPro-C-ParamSet
cryptopro 31 4 : id-Gost28147-89-CryptoPro-D-ParamSet
cryptopro 31 5 : id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet
cryptopro 31 6 : id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet
cryptopro 31 7 : id-Gost28147-89-CryptoPro-RIC-1-ParamSet
cryptopro 32 0 : id-GostR3410-94-TestParamSet
cryptopro 32 2 : id-GostR3410-94-CryptoPro-A-ParamSet
cryptopro 32 3 : id-GostR3410-94-CryptoPro-B-ParamSet
cryptopro 32 4 : id-GostR3410-94-CryptoPro-C-ParamSet
cryptopro 32 5 : id-GostR3410-94-CryptoPro-D-ParamSet
cryptopro 33 1 : id-GostR3410-94-CryptoPro-XchA-ParamSet
cryptopro 33 2 : id-GostR3410-94-CryptoPro-XchB-ParamSet
cryptopro 33 3 : id-GostR3410-94-CryptoPro-XchC-ParamSet
cryptopro 35 0 : id-GostR3410-2001-TestParamSet
cryptopro 35 1 : id-GostR3410-2001-CryptoPro-A-ParamSet
cryptopro 35 2 : id-GostR3410-2001-CryptoPro-B-ParamSet
cryptopro 35 3 : id-GostR3410-2001-CryptoPro-C-ParamSet
cryptopro 36 0 : id-GostR3410-2001-CryptoPro-XchA-ParamSet
cryptopro 36 1 : id-GostR3410-2001-CryptoPro-XchB-ParamSet
id-GostR3410-94 1 : id-GostR3410-94-a
id-GostR3410-94 2 : id-GostR3410-94-aBis
id-GostR3410-94 3 : id-GostR3410-94-b
id-GostR3410-94 4 : id-GostR3410-94-bBis
# Cryptocom LTD GOST OIDs
cryptocom 1 6 1 : id-Gost28147-89-cc : GOST 28147-89 Cryptocom ParamSet
!Cname id-GostR3410-94-cc
cryptocom 1 5 3 : gost94cc : GOST 34.10-94 Cryptocom
!Cname id-GostR3410-2001-cc
cryptocom 1 5 4 : gost2001cc : GOST 34.10-2001 Cryptocom
cryptocom 1 3 3 : id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom
cryptocom 1 3 4 : id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom
cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
# TC26 GOST OIDs
id-tc26 1 : id-tc26-algorithms
id-tc26-algorithms 1 : id-tc26-sign
!Cname id-GostR3410-2012-256
id-tc26-sign 1 : gost2012_256: GOST R 34.10-2012 with 256 bit modulus
!Cname id-GostR3410-2012-512
id-tc26-sign 2 : gost2012_512: GOST R 34.10-2012 with 512 bit modulus
id-tc26-algorithms 2 : id-tc26-digest
!Cname id-GostR3411-2012-256
id-tc26-digest 2 : md_gost12_256: GOST R 34.11-2012 with 256 bit hash
!Cname id-GostR3411-2012-512
id-tc26-digest 3 : md_gost12_512: GOST R 34.11-2012 with 512 bit hash
id-tc26-algorithms 3 : id-tc26-signwithdigest
id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
id-tc26-algorithms 4 : id-tc26-mac
id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
id-tc26-algorithms 5 : id-tc26-cipher
id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma
id-tc26-cipher-gostr3412-2015-magma 1 : magma-ctr-acpkm
id-tc26-cipher-gostr3412-2015-magma 2 : magma-ctr-acpkm-omac
id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik
id-tc26-cipher-gostr3412-2015-kuznyechik 1 : kuznyechik-ctr-acpkm
id-tc26-cipher-gostr3412-2015-kuznyechik 2 : kuznyechik-ctr-acpkm-omac
id-tc26-algorithms 6 : id-tc26-agreement
id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
id-tc26-algorithms 7 : id-tc26-wrap
id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma
id-tc26-wrap-gostr3412-2015-magma 1 : magma-kexp15
id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik
id-tc26-wrap-gostr3412-2015-kuznyechik 1 : kuznyechik-kexp15
id-tc26 2 : id-tc26-constants
id-tc26-constants 1 : id-tc26-sign-constants
id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants
id-tc26-gost-3410-2012-256-constants 1 : id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A
id-tc26-gost-3410-2012-256-constants 2 : id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B
id-tc26-gost-3410-2012-256-constants 3 : id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C
id-tc26-gost-3410-2012-256-constants 4 : id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D
id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
id-tc26-gost-3410-2012-512-constants 3 : id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C
id-tc26-constants 2 : id-tc26-digest-constants
id-tc26-constants 5 : id-tc26-cipher-constants
id-tc26-cipher-constants 1 : id-tc26-gost-28147-constants
id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
member-body 643 3 131 1 1 : INN : INN
member-body 643 100 1 : OGRN : OGRN
member-body 643 100 3 : SNILS : SNILS
member-body 643 100 5 : OGRNIP : OGRNIP
member-body 643 100 111 : subjectSignTool : Signing Tool of Subject
member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer
member-body 643 100 113 : classSignTool : Class of Signing Tool
member-body 643 100 113 1 : classSignToolKC1 : Class of Signing Tool KC1
member-body 643 100 113 2 : classSignToolKC2 : Class of Signing Tool KC2
member-body 643 100 113 3 : classSignToolKC3 : Class of Signing Tool KC3
member-body 643 100 113 4 : classSignToolKB1 : Class of Signing Tool KB1
member-body 643 100 113 5 : classSignToolKB2 : Class of Signing Tool KB2
member-body 643 100 113 6 : classSignToolKA1 : Class of Signing Tool KA1
#GOST R34.13-2015 Grasshopper "Kuznechik"
: kuznyechik-ecb
: kuznyechik-ctr
: kuznyechik-ofb
: kuznyechik-cbc
: kuznyechik-cfb
: kuznyechik-mac
#GOST R34.13-2015 Magma
: magma-ecb
: magma-ctr
: magma-ofb
: magma-cbc
: magma-cfb
: magma-mac
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc
1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc
1 2 392 200011 61 1 1 3 2 : id-camellia128-wrap
1 2 392 200011 61 1 1 3 3 : id-camellia192-wrap
1 2 392 200011 61 1 1 3 4 : id-camellia256-wrap
# Definitions for Camellia cipher - ECB, CFB, OFB MODE
!Alias ntt-ds 0 3 4401 5
!Alias camellia ntt-ds 3 1 9
camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb
!Cname camellia-128-ofb128
camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb
!Cname camellia-128-cfb128
camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb
camellia 6 : CAMELLIA-128-GCM : camellia-128-gcm
camellia 7 : CAMELLIA-128-CCM : camellia-128-ccm
camellia 9 : CAMELLIA-128-CTR : camellia-128-ctr
camellia 10 : CAMELLIA-128-CMAC : camellia-128-cmac
camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb
!Cname camellia-192-ofb128
camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb
!Cname camellia-192-cfb128
camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb
camellia 26 : CAMELLIA-192-GCM : camellia-192-gcm
camellia 27 : CAMELLIA-192-CCM : camellia-192-ccm
camellia 29 : CAMELLIA-192-CTR : camellia-192-ctr
camellia 30 : CAMELLIA-192-CMAC : camellia-192-cmac
camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb
!Cname camellia-256-ofb128
camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb
!Cname camellia-256-cfb128
camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb
camellia 46 : CAMELLIA-256-GCM : camellia-256-gcm
camellia 47 : CAMELLIA-256-CCM : camellia-256-ccm
camellia 49 : CAMELLIA-256-CTR : camellia-256-ctr
camellia 50 : CAMELLIA-256-CMAC : camellia-256-cmac
# There are no OIDs for these modes...
: CAMELLIA-128-CFB1 : camellia-128-cfb1
: CAMELLIA-192-CFB1 : camellia-192-cfb1
: CAMELLIA-256-CFB1 : camellia-256-cfb1
: CAMELLIA-128-CFB8 : camellia-128-cfb8
: CAMELLIA-192-CFB8 : camellia-192-cfb8
: CAMELLIA-256-CFB8 : camellia-256-cfb8
# Definitions for ARIA cipher
!Alias aria 1 2 410 200046 1 1
aria 1 : ARIA-128-ECB : aria-128-ecb
aria 2 : ARIA-128-CBC : aria-128-cbc
!Cname aria-128-cfb128
aria 3 : ARIA-128-CFB : aria-128-cfb
!Cname aria-128-ofb128
aria 4 : ARIA-128-OFB : aria-128-ofb
aria 5 : ARIA-128-CTR : aria-128-ctr
aria 6 : ARIA-192-ECB : aria-192-ecb
aria 7 : ARIA-192-CBC : aria-192-cbc
!Cname aria-192-cfb128
aria 8 : ARIA-192-CFB : aria-192-cfb
!Cname aria-192-ofb128
aria 9 : ARIA-192-OFB : aria-192-ofb
aria 10 : ARIA-192-CTR : aria-192-ctr
aria 11 : ARIA-256-ECB : aria-256-ecb
aria 12 : ARIA-256-CBC : aria-256-cbc
!Cname aria-256-cfb128
aria 13 : ARIA-256-CFB : aria-256-cfb
!Cname aria-256-ofb128
aria 14 : ARIA-256-OFB : aria-256-ofb
aria 15 : ARIA-256-CTR : aria-256-ctr
# There are no OIDs for these ARIA modes...
: ARIA-128-CFB1 : aria-128-cfb1
: ARIA-192-CFB1 : aria-192-cfb1
: ARIA-256-CFB1 : aria-256-cfb1
: ARIA-128-CFB8 : aria-128-cfb8
: ARIA-192-CFB8 : aria-192-cfb8
: ARIA-256-CFB8 : aria-256-cfb8
aria 37 : ARIA-128-CCM : aria-128-ccm
aria 38 : ARIA-192-CCM : aria-192-ccm
aria 39 : ARIA-256-CCM : aria-256-ccm
aria 34 : ARIA-128-GCM : aria-128-gcm
aria 35 : ARIA-192-GCM : aria-192-gcm
aria 36 : ARIA-256-GCM : aria-256-gcm
# Definitions for SEED cipher - ECB, CBC, OFB mode
member-body 410 200004 : KISA : kisa
kisa 1 3 : SEED-ECB : seed-ecb
kisa 1 4 : SEED-CBC : seed-cbc
!Cname seed-cfb128
kisa 1 5 : SEED-CFB : seed-cfb
!Cname seed-ofb128
kisa 1 6 : SEED-OFB : seed-ofb
# Definitions for SM4 cipher
sm-scheme 104 1 : SM4-ECB : sm4-ecb
sm-scheme 104 2 : SM4-CBC : sm4-cbc
!Cname sm4-ofb128
sm-scheme 104 3 : SM4-OFB : sm4-ofb
!Cname sm4-cfb128
sm-scheme 104 4 : SM4-CFB : sm4-cfb
sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1
sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8
sm-scheme 104 7 : SM4-CTR : sm4-ctr
sm-scheme 104 8 : SM4-GCM : sm4-gcm
sm-scheme 104 9 : SM4-CCM : sm4-ccm
sm-scheme 104 10 : SM4-XTS : sm4-xts
# There is no OID that just denotes "HMAC" oddly enough...
: HMAC : hmac
# Nor CMAC either
: CMAC : cmac
# Synthetic composite ciphersuites
: RC4-HMAC-MD5 : rc4-hmac-md5
: AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1
: AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
: AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
: AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
: ChaCha20-Poly1305 : chacha20-poly1305
: ChaCha20 : chacha20
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
# RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
# versionOne OBJECT IDENTIFIER ::= {
# iso(1) identified-organization(3) teletrust(36) algorithm(3)
# signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
# ellipticCurve(1) 1 }
1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
1 3 36 3 3 2 8 1 1 2 : brainpoolP160t1
1 3 36 3 3 2 8 1 1 3 : brainpoolP192r1
1 3 36 3 3 2 8 1 1 4 : brainpoolP192t1
1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
# Alternate NID to represent the TLSv1.3 brainpoolP256r1 group
: brainpoolP256r1tls13
1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
# Alternate NID to represent the TLSv1.3 brainpoolP384r1 group
: brainpoolP384r1tls13
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
# Alternate NID to represent the TLSv1.3 brainpoolP512r1 group
: brainpoolP512r1tls13
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
# ECDH schemes from RFC5753
!Alias x9-63-scheme 1 3 133 16 840 63 0
!Alias secg-scheme certicom-arc 1
x9-63-scheme 2 : dhSinglePass-stdDH-sha1kdf-scheme
secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
secg-scheme 11 2 : dhSinglePass-stdDH-sha384kdf-scheme
secg-scheme 11 3 : dhSinglePass-stdDH-sha512kdf-scheme
x9-63-scheme 3 : dhSinglePass-cofactorDH-sha1kdf-scheme
secg-scheme 14 0 : dhSinglePass-cofactorDH-sha224kdf-scheme
secg-scheme 14 1 : dhSinglePass-cofactorDH-sha256kdf-scheme
secg-scheme 14 2 : dhSinglePass-cofactorDH-sha384kdf-scheme
secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
# NIDs for use with lookup tables.
: dh-std-kdf
: dh-cofactor-kdf
# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt)
1 3 6 1 4 1 11129 2 4 2 : ct_precert_scts : CT Precertificate SCTs
1 3 6 1 4 1 11129 2 4 3 : ct_precert_poison : CT Precertificate Poison
1 3 6 1 4 1 11129 2 4 4 : ct_precert_signer : CT Precertificate Signer
1 3 6 1 4 1 11129 2 4 5 : ct_cert_scts : CT Certificate SCTs
# CABForum EV SSL Certificate Guidelines
# (see https://cabforum.org/extended-validation/)
# OIDs for Subject Jurisdiction of Incorporation or Registration
ms-corp 60 2 1 1 : jurisdictionL : jurisdictionLocalityName
ms-corp 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName
ms-corp 60 2 1 3 : jurisdictionC : jurisdictionCountryName
# SCRYPT algorithm
!Cname id-scrypt
1 3 6 1 4 1 11591 4 11 : id-scrypt : scrypt
# NID for TLS1 PRF
: TLS1-PRF : tls1-prf
# NID for HKDF
: HKDF : hkdf
# NID for SSHKDF
: SSHKDF : sshkdf
# NID for SSKDF
: SSKDF : sskdf
# NID for X942KDF
: X942KDF : x942kdf
# NID for X963-2001 KDF
: X963KDF : x963kdf
# RFC 4556
1 3 6 1 5 2 3 : id-pkinit
id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
id-pkinit 5 : pkInitKDC : Signing KDC Response
# From RFC8410
1 3 101 110 : X25519
1 3 101 111 : X448
1 3 101 112 : ED25519
1 3 101 113 : ED448
# NIDs for cipher key exchange
: KxRSA : kx-rsa
: KxECDHE : kx-ecdhe
: KxDHE : kx-dhe
: KxECDHE-PSK : kx-ecdhe-psk
: KxDHE-PSK : kx-dhe-psk
: KxRSA_PSK : kx-rsa-psk
: KxPSK : kx-psk
: KxSRP : kx-srp
: KxGOST : kx-gost
: KxGOST18 : kx-gost18
: KxANY : kx-any
# NIDs for cipher authentication
: AuthRSA : auth-rsa
: AuthECDSA : auth-ecdsa
: AuthPSK : auth-psk
: AuthDSS : auth-dss
: AuthGOST01 : auth-gost01
: AuthGOST12 : auth-gost12
: AuthSRP : auth-srp
: AuthNULL : auth-null
: AuthANY : auth-any
# NID for Poly1305
: Poly1305 : poly1305
# NID for SipHash
: SipHash : siphash
# NIDs for RFC7919 DH parameters
: ffdhe2048
: ffdhe3072
: ffdhe4096
: ffdhe6144
: ffdhe8192
# NIDs for RFC3526 DH parameters
: modp_1536
: modp_2048
: modp_3072
: modp_4096
: modp_6144
: modp_8192
# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
# DSTU OIDs
member-body 804 : ISO-UA
ISO-UA 2 1 1 1 : ua-pki
ua-pki 1 1 1 : dstu28147 : DSTU Gost 28147-2009
dstu28147 2 : dstu28147-ofb : DSTU Gost 28147-2009 OFB mode
dstu28147 3 : dstu28147-cfb : DSTU Gost 28147-2009 CFB mode
dstu28147 5 : dstu28147-wrap : DSTU Gost 28147-2009 key wrap
ua-pki 1 1 2 : hmacWithDstu34311 : HMAC DSTU Gost 34311-95
ua-pki 1 2 1 : dstu34311 : DSTU Gost 34311-95
ua-pki 1 3 1 1 : dstu4145le : DSTU 4145-2002 little endian
dstu4145le 1 1 : dstu4145be : DSTU 4145-2002 big endian
# 1.2.804. 2.1.1.1 1.3.1.1 .2.6
# UA ua-pki 4145 le
# DSTU named curves
dstu4145le 2 0 : uacurve0 : DSTU curve 0
dstu4145le 2 1 : uacurve1 : DSTU curve 1
dstu4145le 2 2 : uacurve2 : DSTU curve 2
dstu4145le 2 3 : uacurve3 : DSTU curve 3
dstu4145le 2 4 : uacurve4 : DSTU curve 4
dstu4145le 2 5 : uacurve5 : DSTU curve 5
dstu4145le 2 6 : uacurve6 : DSTU curve 6
dstu4145le 2 7 : uacurve7 : DSTU curve 7
dstu4145le 2 8 : uacurve8 : DSTU curve 8
dstu4145le 2 9 : uacurve9 : DSTU curve 9
# NID for AES-SIV
: AES-128-SIV : aes-128-siv
: AES-192-SIV : aes-192-siv
: AES-256-SIV : aes-256-siv
!Cname oracle
joint-iso-itu-t 16 840 1 113894 : oracle-organization : Oracle organization
# Jdk trustedKeyUsage attribute
oracle 746875 1 1 : oracle-jdk-trustedkeyusage : Trusted key usage (Oracle)
# NID for compression
: brotli : Brotli compression
: zstd : Zstandard compression