Revision control
Copy as Markdown
Other Tools
# Regenerate with ./src/scripts/oids.py oids > src/lib/asn1/oid_maps.cpp
# AND ./src/scripts/oids.py dn_ub > src/lib/x509/x509_dn_ub.cpp
# (if you modified something under [dn]
# AND ./src/scripts/oids.py pads > src/lib/pk_pad/padding.cpp
# (if you modified something under [signature]
# Public key types
[pubkey]
1.2.840.113549.1.1.1 = RSA
2.5.8.1.1 = RSA
1.2.840.10040.4.1 = DSA
1.2.840.10046.2.1 = DH
1.3.6.1.4.1.3029.1.2.1 = ElGamal
1.3.6.1.4.1.25258.1.3 = McEliece
1.3.101.110 = Curve25519
1.3.101.112 = Ed25519
# XMSS
1.3.6.1.4.1.25258.1.5 = XMSS-draft6
1.3.6.1.4.1.25258.1.8 = XMSS-draft12
# draft-vangeest-x509-hash-sigs-03
0.4.0.127.0.15.1.1.13.0 = XMSS
# X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5)
1.2.840.10045.2.1 = ECDSA
1.3.132.1.12 = ECDH
1.2.156.10197.1.301.1 = SM2_Sig
1.2.156.10197.1.301.1 = SM2
1.2.156.10197.1.301.2 = SM2_Kex
1.2.156.10197.1.301.3 = SM2_Enc
1.3.36.3.3.2.5.2.1 = ECGDSA
# EC-KCDSA mechanism (Elliptic Curve KCDSA)
1.0.14888.3.0.5 = ECKCDSA
1.2.643.2.2.19 = GOST-34.10
1.2.643.7.1.1.1.1 = GOST-34.10-2012-256
1.2.643.7.1.1.1.2 = GOST-34.10-2012-512
# OpenPGP (RFC4880bis)
1.3.6.1.4.1.11591.15.1 = OpenPGP.Ed25519
1.3.6.1.4.1.3029.1.5.1 = OpenPGP.Curve25519
[cipher]
# Cipher modes
1.3.14.3.2.7 = DES/CBC
1.2.840.113549.3.7 = TripleDES/CBC
1.2.840.113533.7.66.10 = CAST-128/CBC
2.16.840.1.101.3.4.1.2 = AES-128/CBC
2.16.840.1.101.3.4.1.22 = AES-192/CBC
2.16.840.1.101.3.4.1.42 = AES-256/CBC
1.2.410.200004.1.4 = SEED/CBC
1.2.156.10197.1.104.2 = SM4/CBC
1.2.840.113549.1.9.16.3.18 = ChaCha20Poly1305
2.16.840.1.101.3.4.1.6 = AES-128/GCM
2.16.840.1.101.3.4.1.26 = AES-192/GCM
2.16.840.1.101.3.4.1.46 = AES-256/GCM
2.16.840.1.101.3.4.1.7 = AES-128/CCM
2.16.840.1.101.3.4.1.27 = AES-192/CCM
2.16.840.1.101.3.4.1.47 = AES-256/CCM
1.2.392.200011.61.1.1.1.2 = Camellia-128/CBC
1.2.392.200011.61.1.1.1.3 = Camellia-192/CBC
1.2.392.200011.61.1.1.1.4 = Camellia-256/CBC
0.3.4401.5.3.1.9.6 = Camellia-128/GCM
0.3.4401.5.3.1.9.26 = Camellia-192/GCM
0.3.4401.5.3.1.9.46 = Camellia-256/GCM
1.2.156.10197.1.104.8 = SM4/GCM
1.3.6.1.4.1.25258.3.1 = Serpent/CBC
1.3.6.1.4.1.25258.3.2 = Threefish-512/CBC
1.3.6.1.4.1.25258.3.3 = Twofish/CBC
1.3.6.1.4.1.25258.3.101 = Serpent/GCM
1.3.6.1.4.1.25258.3.102 = Twofish/GCM
1.3.6.1.4.1.25258.3.2.1 = AES-128/OCB
1.3.6.1.4.1.25258.3.2.2 = AES-192/OCB
1.3.6.1.4.1.25258.3.2.3 = AES-256/OCB
1.3.6.1.4.1.25258.3.2.4 = Serpent/OCB
1.3.6.1.4.1.25258.3.2.5 = Twofish/OCB
1.3.6.1.4.1.25258.3.2.6 = Camellia-128/OCB
1.3.6.1.4.1.25258.3.2.7 = Camellia-192/OCB
1.3.6.1.4.1.25258.3.2.8 = Camellia-256/OCB
1.2.156.10197.1.104.100 = SM4/OCB
1.3.6.1.4.1.25258.3.4.1 = AES-128/SIV
1.3.6.1.4.1.25258.3.4.2 = AES-192/SIV
1.3.6.1.4.1.25258.3.4.3 = AES-256/SIV
1.3.6.1.4.1.25258.3.4.4 = Serpent/SIV
1.3.6.1.4.1.25258.3.4.5 = Twofish/SIV
1.3.6.1.4.1.25258.3.4.6 = Camellia-128/SIV
1.3.6.1.4.1.25258.3.4.7 = Camellia-192/SIV
1.3.6.1.4.1.25258.3.4.8 = Camellia-256/SIV
1.3.6.1.4.1.25258.3.4.9 = SM4/SIV
[hash]
# Hash functions
1.2.840.113549.2.5 = MD5
1.3.6.1.4.1.11591.12.2 = Tiger(24,3)
1.2.156.10197.1.401 = SM3
1.3.14.3.2.26 = SHA-160
1.3.36.3.2.1 = RIPEMD-160
1.2.643.7.1.1.2.2 = Streebog-256
1.2.643.7.1.1.2.3 = Streebog-512
# From NIST:
2.16.840.1.101.3.4.2.1 = SHA-256
2.16.840.1.101.3.4.2.2 = SHA-384
2.16.840.1.101.3.4.2.3 = SHA-512
2.16.840.1.101.3.4.2.4 = SHA-224
2.16.840.1.101.3.4.2.6 = SHA-512-256
2.16.840.1.101.3.4.2.7 = SHA-3(224)
2.16.840.1.101.3.4.2.8 = SHA-3(256)
2.16.840.1.101.3.4.2.9 = SHA-3(384)
2.16.840.1.101.3.4.2.10 = SHA-3(512)
2.16.840.1.101.3.4.2.11 = SHAKE-128
2.16.840.1.101.3.4.2.12 = SHAKE-256
[mac]
# MACs
1.2.840.113549.2.7 = HMAC(SHA-160)
1.2.840.113549.2.8 = HMAC(SHA-224)
1.2.840.113549.2.9 = HMAC(SHA-256)
1.2.840.113549.2.10 = HMAC(SHA-384)
1.2.840.113549.2.11 = HMAC(SHA-512)
1.2.840.113549.2.13 = HMAC(SHA-512-256)
[keywrap]
# Keywrap algorithms
1.2.840.113549.1.9.16.3.6 = KeyWrap.TripleDES
1.2.840.113533.7.66.15 = KeyWrap.CAST-128
2.16.840.1.101.3.4.1.5 = KeyWrap.AES-128
2.16.840.1.101.3.4.1.25 = KeyWrap.AES-192
2.16.840.1.101.3.4.1.45 = KeyWrap.AES-256
[compression]
1.2.840.113549.1.9.16.3.8 = Compression.Zlib
# Signature algos
[signature]
1.2.840.113549.1.1.4 = RSA/EMSA3(MD5)
1.2.840.113549.1.1.5 = RSA/EMSA3(SHA-160)
1.2.840.113549.1.1.8 = MGF1
1.2.840.113549.1.1.10 = RSA/EMSA4
1.2.840.113549.1.1.11 = RSA/EMSA3(SHA-256)
1.2.840.113549.1.1.12 = RSA/EMSA3(SHA-384)
1.2.840.113549.1.1.13 = RSA/EMSA3(SHA-512)
1.2.840.113549.1.1.14 = RSA/EMSA3(SHA-224)
1.2.840.113549.1.1.16 = RSA/EMSA3(SHA-512-256)
1.3.36.3.3.1.2 = RSA/EMSA3(RIPEMD-160)
1.2.156.10197.1.501 = SM2_Sig/SM3
1.2.156.10197.1.504 = RSA/EMSA3(SM3)
1.2.840.10040.4.3 = DSA/EMSA1(SHA-160)
2.16.840.1.101.3.4.3.1 = DSA/EMSA1(SHA-224)
2.16.840.1.101.3.4.3.2 = DSA/EMSA1(SHA-256)
2.16.840.1.101.3.4.3.3 = DSA/EMSA1(SHA-384)
2.16.840.1.101.3.4.3.4 = DSA/EMSA1(SHA-512)
2.16.840.1.101.3.4.3.5 = DSA/EMSA1(SHA-3(224))
2.16.840.1.101.3.4.3.6 = DSA/EMSA1(SHA-3(256))
2.16.840.1.101.3.4.3.7 = DSA/EMSA1(SHA-3(384))
2.16.840.1.101.3.4.3.8 = DSA/EMSA1(SHA-3(512))
2.16.840.1.101.3.4.3.9 = ECDSA/EMSA1(SHA-3(224))
2.16.840.1.101.3.4.3.10 = ECDSA/EMSA1(SHA-3(256))
2.16.840.1.101.3.4.3.11 = ECDSA/EMSA1(SHA-3(384))
2.16.840.1.101.3.4.3.12 = ECDSA/EMSA1(SHA-3(512))
2.16.840.1.101.3.4.3.13 = RSA/EMSA3(SHA-3(224))
2.16.840.1.101.3.4.3.14 = RSA/EMSA3(SHA-3(256))
2.16.840.1.101.3.4.3.15 = RSA/EMSA3(SHA-3(384))
2.16.840.1.101.3.4.3.16 = RSA/EMSA3(SHA-3(512))
1.2.840.10045.4.1 = ECDSA/EMSA1(SHA-160)
1.2.840.10045.4.3.1 = ECDSA/EMSA1(SHA-224)
1.2.840.10045.4.3.2 = ECDSA/EMSA1(SHA-256)
1.2.840.10045.4.3.3 = ECDSA/EMSA1(SHA-384)
1.2.840.10045.4.3.4 = ECDSA/EMSA1(SHA-512)
1.3.36.3.3.2.5.4.1 = ECGDSA/EMSA1(RIPEMD-160)
1.3.36.3.3.2.5.4.2 = ECGDSA/EMSA1(SHA-160)
1.3.36.3.3.2.5.4.3 = ECGDSA/EMSA1(SHA-224)
1.3.36.3.3.2.5.4.4 = ECGDSA/EMSA1(SHA-256)
1.3.36.3.3.2.5.4.5 = ECGDSA/EMSA1(SHA-384)
1.3.36.3.3.2.5.4.6 = ECGDSA/EMSA1(SHA-512)
1.2.410.200004.1.100.4.3 = ECKCDSA/EMSA1(SHA-1)
1.2.410.200004.1.100.4.4 = ECKCDSA/EMSA1(SHA-224)
1.2.410.200004.1.100.4.5 = ECKCDSA/EMSA1(SHA-256)
1.2.643.2.2.3 = GOST-34.10/EMSA1(GOST-R-34.11-94)
1.2.643.7.1.1.3.2 = GOST-34.10-2012-256/EMSA1(Streebog-256)
1.2.643.7.1.1.3.3 = GOST-34.10-2012-512/EMSA1(Streebog-512)
1.3.6.1.4.1.25258.1.6.1 = GOST-34.10-2012-256/EMSA1(SHA-256)
# Encryption algos
[encryption]
1.2.840.113549.1.1.7 = RSA/OAEP
# DN with upper bounds from RFC 5280, Appendix A
[dn]
2.5.4.3 = X520.CommonName = 64
2.5.4.4 = X520.Surname = 40
2.5.4.5 = X520.SerialNumber = 64
2.5.4.6 = X520.Country = 3
2.5.4.7 = X520.Locality = 128
2.5.4.8 = X520.State = 128
2.5.4.9 = X520.StreetAddress = 128
2.5.4.10 = X520.Organization = 64
2.5.4.11 = X520.OrganizationalUnit = 64
2.5.4.12 = X520.Title = 64
# the following three types are naming attributes of type "X520name" and inherit its bound
2.5.4.42 = X520.GivenName = 32768
2.5.4.43 = X520.Initials = 32768
2.5.4.44 = X520.GenerationalQualifier = 32768
2.5.4.46 = X520.DNQualifier = 64
2.5.4.65 = X520.Pseudonym = 128
[pbe]
1.2.840.113549.1.5.12 = PKCS5.PBKDF2
1.2.840.113549.1.5.13 = PBES2
1.2.840.113549.1.5.13 = PBE-PKCS5v20
1.3.6.1.4.1.11591.4.11 = Scrypt
[pkcs9]
1.2.840.113549.1.9.1 = PKCS9.EmailAddress
1.2.840.113549.1.9.2 = PKCS9.UnstructuredName
1.2.840.113549.1.9.3 = PKCS9.ContentType
1.2.840.113549.1.9.4 = PKCS9.MessageDigest
1.2.840.113549.1.9.7 = PKCS9.ChallengePassword
1.2.840.113549.1.9.14 = PKCS9.ExtensionRequest
[pkix]
2.5.29.14 = X509v3.SubjectKeyIdentifier
2.5.29.15 = X509v3.KeyUsage
2.5.29.16 = X509v3.PrivateKeyUsagePeriod
2.5.29.17 = X509v3.SubjectAlternativeName
2.5.29.18 = X509v3.IssuerAlternativeName
2.5.29.19 = X509v3.BasicConstraints
2.5.29.20 = X509v3.CRLNumber
2.5.29.21 = X509v3.ReasonCode
2.5.29.23 = X509v3.HoldInstructionCode
2.5.29.24 = X509v3.InvalidityDate
2.5.29.28 = X509v3.CRLIssuingDistributionPoint
2.5.29.30 = X509v3.NameConstraints
2.5.29.31 = X509v3.CRLDistributionPoints
2.5.29.32 = X509v3.CertificatePolicies
2.5.29.35 = X509v3.AuthorityKeyIdentifier
2.5.29.36 = X509v3.PolicyConstraints
2.5.29.37 = X509v3.ExtendedKeyUsage
1.3.6.1.5.5.7.1.1 = PKIX.AuthorityInformationAccess
2.5.29.32.0 = X509v3.AnyPolicy
1.2.643.100.111 = GOST.SubjectSigningTool
1.2.643.100.112 = GOST.IssuerSigningTool
1.2.643.100.1 = GOST.OGRN
1.2.643.3.131.1.1 = GOST.INN
1.3.6.1.5.5.7.3.1 = PKIX.ServerAuth
1.3.6.1.5.5.7.3.2 = PKIX.ClientAuth
1.3.6.1.5.5.7.3.3 = PKIX.CodeSigning
1.3.6.1.5.5.7.3.4 = PKIX.EmailProtection
1.3.6.1.5.5.7.3.5 = PKIX.IPsecEndSystem
1.3.6.1.5.5.7.3.6 = PKIX.IPsecTunnel
1.3.6.1.5.5.7.3.7 = PKIX.IPsecUser
1.3.6.1.5.5.7.3.8 = PKIX.TimeStamping
1.3.6.1.5.5.7.3.9 = PKIX.OCSPSigning
1.3.6.1.5.5.7.8.5 = PKIX.XMPPAddr
1.3.6.1.5.5.7.48.1 = PKIX.OCSP
1.3.6.1.5.5.7.48.1.1 = PKIX.OCSP.BasicResponse
1.3.6.1.5.5.7.48.2 = PKIX.CertificateAuthorityIssuers
1.3.6.1.4.1.311.20.2.2 = Microsoft SmartcardLogon
1.3.6.1.4.1.311.20.2.3 = Microsoft UPN
2.16.840.1.113730.1.13 = Certificate Comment
# ECC param sets
[ecc_param]
1.3.132.0.8 = secp160r1
1.3.132.0.9 = secp160k1
1.3.132.0.10 = secp256k1
1.3.132.0.30 = secp160r2
1.3.132.0.31 = secp192k1
1.3.132.0.32 = secp224k1
1.3.132.0.33 = secp224r1
1.3.132.0.34 = secp384r1
1.3.132.0.35 = secp521r1
1.3.6.1.4.1.8301.3.1.2.9.0.38 = secp521r1
1.2.840.10045.3.1.1 = secp192r1
1.2.840.10045.3.1.2 = x962_p192v2
1.2.840.10045.3.1.3 = x962_p192v3
1.2.840.10045.3.1.4 = x962_p239v1
1.2.840.10045.3.1.5 = x962_p239v2
1.2.840.10045.3.1.6 = x962_p239v3
1.2.840.10045.3.1.7 = secp256r1
1.2.156.10197.1.301 = sm2p256v1
1.3.36.3.3.2.8.1.1.1 = brainpool160r1
1.3.36.3.3.2.8.1.1.3 = brainpool192r1
1.3.36.3.3.2.8.1.1.5 = brainpool224r1
1.3.36.3.3.2.8.1.1.7 = brainpool256r1
1.3.36.3.3.2.8.1.1.9 = brainpool320r1
1.3.36.3.3.2.8.1.1.11 = brainpool384r1
1.3.36.3.3.2.8.1.1.13 = brainpool512r1
1.2.250.1.223.101.256.1 = frp256v1
1.2.643.7.1.2.1.1.1 = gost_256A
1.2.643.7.1.2.1.1.2 = gost_256B
1.2.643.7.1.2.1.2.1 = gost_512A
1.2.643.7.1.2.1.2.2 = gost_512B
1.2.643.2.2.35.1 = gost_256A
1.2.643.2.2.36.0 = gost_256A