openssl/crypto/objects/objects.txt

# CCITT was renamed to ITU-T quite some time ago
0			: ITU-T			: itu-t
!Alias ccitt itu-t

1			: ISO			: iso

2			: JOINT-ISO-ITU-T	: joint-iso-itu-t
!Alias joint-iso-ccitt joint-iso-itu-t

iso 2			: member-body		: ISO Member Body

iso 3			: identified-organization

# GMAC OID
iso 0 9797 3 4                          : GMAC          : gmac

# HMAC OIDs
identified-organization 6 1 5 5 8 1 1	: HMAC-MD5	: hmac-md5
identified-organization 6 1 5 5 8 1 2	: HMAC-SHA1	: hmac-sha1

# "1.3.36.8.3.3"
identified-organization 36 8 3 3	: x509ExtAdmission	: Professional Information or basis for Admission

identified-organization 132	: certicom-arc

identified-organization 111     : ieee
ieee 2 1619                     : ieee-siswg    : IEEE Security in Storage Working Group

joint-iso-itu-t 23	: international-organizations	: International Organizations

international-organizations 43	: wap
wap 1			: wap-wsg

joint-iso-itu-t 5 1 5	: selected-attribute-types	: Selected Attribute Types

selected-attribute-types 55	: clearance

member-body 840		: ISO-US		: ISO US Member Body
ISO-US 10040		: X9-57			: X9.57
X9-57 4			: X9cm			: X9.57 CM ?

member-body 156         : ISO-CN        : ISO CN Member Body
ISO-CN 10197            : oscca
oscca 1                 : sm-scheme

!Cname dsa
X9cm 1			: DSA			: dsaEncryption
X9cm 3			: DSA-SHA1		: dsaWithSHA1


ISO-US 10045		: ansi-X9-62		: ANSI X9.62
!module X9-62
!Alias id-fieldType ansi-X9-62 1
X9-62_id-fieldType 1		: prime-field
X9-62_id-fieldType 2		: characteristic-two-field
X9-62_characteristic-two-field 3 : id-characteristic-two-basis
X9-62_id-characteristic-two-basis 1 : onBasis
X9-62_id-characteristic-two-basis 2 : tpBasis
X9-62_id-characteristic-two-basis 3 : ppBasis
!Alias id-publicKeyType ansi-X9-62 2
X9-62_id-publicKeyType 1	: id-ecPublicKey
!Alias ellipticCurve ansi-X9-62 3
!Alias c-TwoCurve X9-62_ellipticCurve 0
X9-62_c-TwoCurve 1		: c2pnb163v1
X9-62_c-TwoCurve 2		: c2pnb163v2
X9-62_c-TwoCurve 3		: c2pnb163v3
X9-62_c-TwoCurve 4		: c2pnb176v1
X9-62_c-TwoCurve 5		: c2tnb191v1
X9-62_c-TwoCurve 6		: c2tnb191v2
X9-62_c-TwoCurve 7		: c2tnb191v3
X9-62_c-TwoCurve 8		: c2onb191v4
X9-62_c-TwoCurve 9		: c2onb191v5
X9-62_c-TwoCurve 10		: c2pnb208w1
X9-62_c-TwoCurve 11		: c2tnb239v1
X9-62_c-TwoCurve 12		: c2tnb239v2
X9-62_c-TwoCurve 13		: c2tnb239v3
X9-62_c-TwoCurve 14		: c2onb239v4
X9-62_c-TwoCurve 15		: c2onb239v5
X9-62_c-TwoCurve 16		: c2pnb272w1
X9-62_c-TwoCurve 17		: c2pnb304w1
X9-62_c-TwoCurve 18		: c2tnb359v1
X9-62_c-TwoCurve 19		: c2pnb368w1
X9-62_c-TwoCurve 20		: c2tnb431r1
!Alias primeCurve X9-62_ellipticCurve 1
X9-62_primeCurve 1	 	: prime192v1
X9-62_primeCurve 2	 	: prime192v2
X9-62_primeCurve 3	 	: prime192v3
X9-62_primeCurve 4	 	: prime239v1
X9-62_primeCurve 5	 	: prime239v2
X9-62_primeCurve 6	 	: prime239v3
X9-62_primeCurve 7	 	: prime256v1
!Alias id-ecSigType ansi-X9-62 4
!global
X9-62_id-ecSigType 1		: ecdsa-with-SHA1
X9-62_id-ecSigType 2		: ecdsa-with-Recommended
X9-62_id-ecSigType 3		: ecdsa-with-Specified
ecdsa-with-Specified 1		: ecdsa-with-SHA224
ecdsa-with-Specified 2		: ecdsa-with-SHA256
ecdsa-with-Specified 3		: ecdsa-with-SHA384
ecdsa-with-Specified 4		: ecdsa-with-SHA512

# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
# (http://www.secg.org/)
!Alias secg_ellipticCurve certicom-arc 0
# SECG prime curves OIDs
secg-ellipticCurve 6		: secp112r1
secg-ellipticCurve 7		: secp112r2
secg-ellipticCurve 28		: secp128r1
secg-ellipticCurve 29		: secp128r2
secg-ellipticCurve 9		: secp160k1
secg-ellipticCurve 8		: secp160r1
secg-ellipticCurve 30		: secp160r2
secg-ellipticCurve 31		: secp192k1
# NOTE: the curve secp192r1 is the same as prime192v1 defined above
#       and is therefore omitted
secg-ellipticCurve 32		: secp224k1
secg-ellipticCurve 33		: secp224r1
secg-ellipticCurve 10		: secp256k1
# NOTE: the curve secp256r1 is the same as prime256v1 defined above
#       and is therefore omitted
secg-ellipticCurve 34		: secp384r1
secg-ellipticCurve 35		: secp521r1
# SECG characteristic two curves OIDs
secg-ellipticCurve 4		: sect113r1
secg-ellipticCurve 5		: sect113r2
secg-ellipticCurve 22		: sect131r1
secg-ellipticCurve 23		: sect131r2
secg-ellipticCurve 1		: sect163k1
secg-ellipticCurve 2		: sect163r1
secg-ellipticCurve 15		: sect163r2
secg-ellipticCurve 24		: sect193r1
secg-ellipticCurve 25		: sect193r2
secg-ellipticCurve 26		: sect233k1
secg-ellipticCurve 27		: sect233r1
secg-ellipticCurve 3		: sect239k1
secg-ellipticCurve 16		: sect283k1
secg-ellipticCurve 17		: sect283r1
secg-ellipticCurve 36		: sect409k1
secg-ellipticCurve 37		: sect409r1
secg-ellipticCurve 38		: sect571k1
secg-ellipticCurve 39		: sect571r1

# WAP/TLS curve OIDs (http://www.wapforum.org/)
!Alias wap-wsg-idm-ecid wap-wsg 4
wap-wsg-idm-ecid 1	: wap-wsg-idm-ecid-wtls1
wap-wsg-idm-ecid 3	: wap-wsg-idm-ecid-wtls3
wap-wsg-idm-ecid 4	: wap-wsg-idm-ecid-wtls4
wap-wsg-idm-ecid 5	: wap-wsg-idm-ecid-wtls5
wap-wsg-idm-ecid 6	: wap-wsg-idm-ecid-wtls6
wap-wsg-idm-ecid 7	: wap-wsg-idm-ecid-wtls7
wap-wsg-idm-ecid 8	: wap-wsg-idm-ecid-wtls8
wap-wsg-idm-ecid 9	: wap-wsg-idm-ecid-wtls9
wap-wsg-idm-ecid 10	: wap-wsg-idm-ecid-wtls10
wap-wsg-idm-ecid 11	: wap-wsg-idm-ecid-wtls11
wap-wsg-idm-ecid 12	: wap-wsg-idm-ecid-wtls12


ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
			: CAST5-ECB		: cast5-ecb
!Cname cast5-cfb64
			: CAST5-CFB		: cast5-cfb
!Cname cast5-ofb64
			: CAST5-OFB		: cast5-ofb
!Cname pbeWithMD5AndCast5-CBC
ISO-US 113533 7 66 12	:			: pbeWithMD5AndCast5CBC

# Macs for CMP and CRMF
ISO-US 113533 7 66 13	: id-PasswordBasedMAC	: password based MAC
ISO-US 113533 7 66 30	: id-DHBasedMac		: Diffie-Hellman based MAC

ISO-US 113549		: rsadsi		: RSA Data Security, Inc.

rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS

pkcs 1			: pkcs1
pkcs1 1			:			: rsaEncryption
pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
# According to PKCS #1 version 2.1
pkcs1 7			: RSAES-OAEP		: rsaesOaep
pkcs1 8			: MGF1			: mgf1
pkcs1 9			: PSPECIFIED		: pSpecified
pkcs1 10		: RSASSA-PSS		: rsassaPss

pkcs1 11		: RSA-SHA256		: sha256WithRSAEncryption
pkcs1 12		: RSA-SHA384		: sha384WithRSAEncryption
pkcs1 13		: RSA-SHA512		: sha512WithRSAEncryption
pkcs1 14		: RSA-SHA224		: sha224WithRSAEncryption
pkcs1 15		: RSA-SHA512/224	: sha512-224WithRSAEncryption
pkcs1 16		: RSA-SHA512/256	: sha512-256WithRSAEncryption

pkcs 3			: pkcs3
pkcs3 1			:			: dhKeyAgreement

pkcs 5			: pkcs5
pkcs5 1			: PBE-MD2-DES		: pbeWithMD2AndDES-CBC
pkcs5 3			: PBE-MD5-DES		: pbeWithMD5AndDES-CBC
pkcs5 4			: PBE-MD2-RC2-64	: pbeWithMD2AndRC2-CBC
pkcs5 6			: PBE-MD5-RC2-64	: pbeWithMD5AndRC2-CBC
pkcs5 10		: PBE-SHA1-DES		: pbeWithSHA1AndDES-CBC
pkcs5 11		: PBE-SHA1-RC2-64	: pbeWithSHA1AndRC2-CBC
!Cname id_pbkdf2
pkcs5 12		:			: PBKDF2
!Cname pbes2
pkcs5 13		:			: PBES2
!Cname pbmac1
pkcs5 14		:			: PBMAC1

pkcs 7			: pkcs7
pkcs7 1			:			: pkcs7-data
!Cname pkcs7-signed
pkcs7 2			:			: pkcs7-signedData
!Cname pkcs7-enveloped
pkcs7 3			:			: pkcs7-envelopedData
!Cname pkcs7-signedAndEnveloped
pkcs7 4			:			: pkcs7-signedAndEnvelopedData
!Cname pkcs7-digest
pkcs7 5			:			: pkcs7-digestData
!Cname pkcs7-encrypted
pkcs7 6			:			: pkcs7-encryptedData

pkcs 9			: pkcs9
!module pkcs9
pkcs9 1			: 			: emailAddress
pkcs9 2			:			: unstructuredName
pkcs9 3			:			: contentType
pkcs9 4			:			: messageDigest
pkcs9 5			:			: signingTime
pkcs9 6			:			: countersignature
pkcs9 7			:			: challengePassword
pkcs9 8			:			: unstructuredAddress
!Cname extCertAttributes
pkcs9 9			:			: extendedCertificateAttributes
!global

!Cname ext-req
pkcs9 14		: extReq		: Extension Request

!Cname SMIMECapabilities
pkcs9 15		: SMIME-CAPS		: S/MIME Capabilities

# S/MIME
!Cname SMIME
pkcs9 16		: SMIME			: S/MIME
SMIME 0			: id-smime-mod
SMIME 1			: id-smime-ct
SMIME 2			: id-smime-aa
SMIME 3			: id-smime-alg
SMIME 4			: id-smime-cd
SMIME 5			: id-smime-spq
SMIME 6			: id-smime-cti

# S/MIME Modules
id-smime-mod 1		: id-smime-mod-cms
id-smime-mod 2		: id-smime-mod-ess
id-smime-mod 3		: id-smime-mod-oid
id-smime-mod 4		: id-smime-mod-msg-v3
id-smime-mod 5		: id-smime-mod-ets-eSignature-88
id-smime-mod 6		: id-smime-mod-ets-eSignature-97
id-smime-mod 7		: id-smime-mod-ets-eSigPolicy-88
id-smime-mod 8		: id-smime-mod-ets-eSigPolicy-97

# S/MIME Content Types
id-smime-ct 1		: id-smime-ct-receipt
id-smime-ct 2		: id-smime-ct-authData
id-smime-ct 3		: id-smime-ct-publishCert
id-smime-ct 4		: id-smime-ct-TSTInfo
id-smime-ct 5		: id-smime-ct-TDTInfo
id-smime-ct 6		: id-smime-ct-contentInfo
id-smime-ct 7		: id-smime-ct-DVCSRequestData
id-smime-ct 8		: id-smime-ct-DVCSResponseData
id-smime-ct 9		: id-smime-ct-compressedData
id-smime-ct 19		: id-smime-ct-contentCollection
id-smime-ct 23		: id-smime-ct-authEnvelopedData
id-smime-ct 24		: id-ct-routeOriginAuthz
id-smime-ct 26		: id-ct-rpkiManifest
id-smime-ct 27		: id-ct-asciiTextWithCRLF
id-smime-ct 28		: id-ct-xml
id-smime-ct 35		: id-ct-rpkiGhostbusters
id-smime-ct 36		: id-ct-resourceTaggedAttest
id-smime-ct 47		: id-ct-geofeedCSVwithCRLF
id-smime-ct 48		: id-ct-signedChecklist
id-smime-ct 49		: id-ct-ASPA
id-smime-ct 50		: id-ct-signedTAL

# S/MIME Attributes
id-smime-aa 1		: id-smime-aa-receiptRequest
id-smime-aa 2		: id-smime-aa-securityLabel
id-smime-aa 3		: id-smime-aa-mlExpandHistory
id-smime-aa 4		: id-smime-aa-contentHint
id-smime-aa 5		: id-smime-aa-msgSigDigest
# obsolete
id-smime-aa 6		: id-smime-aa-encapContentType
id-smime-aa 7		: id-smime-aa-contentIdentifier
# obsolete
id-smime-aa 8		: id-smime-aa-macValue
id-smime-aa 9		: id-smime-aa-equivalentLabels
id-smime-aa 10		: id-smime-aa-contentReference
id-smime-aa 11		: id-smime-aa-encrypKeyPref
id-smime-aa 12		: id-smime-aa-signingCertificate
id-smime-aa 13		: id-smime-aa-smimeEncryptCerts
id-smime-aa 14		: id-smime-aa-timeStampToken
id-smime-aa 15		: id-smime-aa-ets-sigPolicyId
id-smime-aa 16		: id-smime-aa-ets-commitmentType
id-smime-aa 17		: id-smime-aa-ets-signerLocation
id-smime-aa 18		: id-smime-aa-ets-signerAttr
id-smime-aa 19		: id-smime-aa-ets-otherSigCert
id-smime-aa 20		: id-smime-aa-ets-contentTimestamp
id-smime-aa 21		: id-smime-aa-ets-CertificateRefs
id-smime-aa 22		: id-smime-aa-ets-RevocationRefs
id-smime-aa 23		: id-smime-aa-ets-certValues
id-smime-aa 24		: id-smime-aa-ets-revocationValues
id-smime-aa 25		: id-smime-aa-ets-escTimeStamp
id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp
id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
id-smime-aa 28		: id-smime-aa-signatureType
id-smime-aa 29		: id-smime-aa-dvcs-dvc
id-smime-aa 44		: id-aa-ets-attrCertificateRefs
id-smime-aa 45		: id-aa-ets-attrRevocationRefs
id-smime-aa 47		: id-smime-aa-signingCertificateV2
id-smime-aa 48		: id-aa-ets-archiveTimestampV2

# S/MIME Algorithm Identifiers
# obsolete
id-smime-alg 1		: id-smime-alg-ESDHwith3DES
# obsolete
id-smime-alg 2		: id-smime-alg-ESDHwithRC2
# obsolete
id-smime-alg 3		: id-smime-alg-3DESwrap
# obsolete
id-smime-alg 4		: id-smime-alg-RC2wrap
id-smime-alg 5		: id-smime-alg-ESDH
id-smime-alg 6		: id-smime-alg-CMS3DESwrap
id-smime-alg 7		: id-smime-alg-CMSRC2wrap
id-smime-alg 9		: id-alg-PWRI-KEK

# S/MIME Certificate Distribution
id-smime-cd 1		: id-smime-cd-ldap

# S/MIME Signature Policy Qualifier
id-smime-spq 1		: id-smime-spq-ets-sqt-uri
id-smime-spq 2		: id-smime-spq-ets-sqt-unotice

# S/MIME Commitment Type Identifier
id-smime-cti 1		: id-smime-cti-ets-proofOfOrigin
id-smime-cti 2		: id-smime-cti-ets-proofOfReceipt
id-smime-cti 3		: id-smime-cti-ets-proofOfDelivery
id-smime-cti 4		: id-smime-cti-ets-proofOfSender
id-smime-cti 5		: id-smime-cti-ets-proofOfApproval
id-smime-cti 6		: id-smime-cti-ets-proofOfCreation

pkcs9 20		:			: friendlyName
pkcs9 21		:			: localKeyID
!Alias ms-corp 1 3 6 1 4 1 311
!Cname ms-csp-name
ms-corp 17 1	: CSPName		: Microsoft CSP Name
ms-corp 17 2	: LocalKeySet		: Microsoft Local Key set
!Alias certTypes pkcs9 22
certTypes 1		:			: x509Certificate
certTypes 2		:			: sdsiCertificate
!Alias crlTypes pkcs9 23
crlTypes 1		:			: x509Crl

pkcs9 52		: id-aa-CMSAlgorithmProtection

!Alias pkcs12 pkcs 12
!Alias pkcs12-pbeids pkcs12 1

!Cname pbe-WithSHA1And128BitRC4
pkcs12-pbeids 1		: PBE-SHA1-RC4-128	: pbeWithSHA1And128BitRC4
!Cname pbe-WithSHA1And40BitRC4
pkcs12-pbeids 2		: PBE-SHA1-RC4-40	: pbeWithSHA1And40BitRC4
!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
pkcs12-pbeids 3		: PBE-SHA1-3DES		: pbeWithSHA1And3-KeyTripleDES-CBC
!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
pkcs12-pbeids 4		: PBE-SHA1-2DES		: pbeWithSHA1And2-KeyTripleDES-CBC
!Cname pbe-WithSHA1And128BitRC2-CBC
pkcs12-pbeids 5		: PBE-SHA1-RC2-128	: pbeWithSHA1And128BitRC2-CBC
!Cname pbe-WithSHA1And40BitRC2-CBC
pkcs12-pbeids 6		: PBE-SHA1-RC2-40	: pbeWithSHA1And40BitRC2-CBC

!Alias pkcs12-Version1 pkcs12 10
!Alias pkcs12-BagIds pkcs12-Version1 1
pkcs12-BagIds 1		:			: keyBag
pkcs12-BagIds 2		:			: pkcs8ShroudedKeyBag
pkcs12-BagIds 3		:			: certBag
pkcs12-BagIds 4		:			: crlBag
pkcs12-BagIds 5		:			: secretBag
pkcs12-BagIds 6		:			: safeContentsBag

rsadsi 2 2		: MD2			: md2
rsadsi 2 4		: MD4			: md4
rsadsi 2 5		: MD5			: md5
			: MD5-SHA1		: md5-sha1
rsadsi 2 6		:			: hmacWithMD5
rsadsi 2 7		:			: hmacWithSHA1

sm-scheme 301           : SM2                   : sm2

sm-scheme 401           : SM3                   : sm3
sm-scheme 504           : RSA-SM3		: sm3WithRSAEncryption

sm-scheme 501           : SM2-SM3               : SM2-with-SM3

# From GM/T 0091-2020
sm3 3 1			:			: hmacWithSM3

# From RFC4231
rsadsi 2 8		:			: hmacWithSHA224
rsadsi 2 9		:			: hmacWithSHA256
rsadsi 2 10		:			: hmacWithSHA384
rsadsi 2 11		:			: hmacWithSHA512

# From RFC8018
rsadsi 2 12             :                       : hmacWithSHA512-224
rsadsi 2 13             :                       : hmacWithSHA512-256

rsadsi 3 2		: RC2-CBC		: rc2-cbc
			: RC2-ECB		: rc2-ecb
!Cname rc2-cfb64
			: RC2-CFB		: rc2-cfb
!Cname rc2-ofb64
			: RC2-OFB		: rc2-ofb
			: RC2-40-CBC		: rc2-40-cbc
			: RC2-64-CBC		: rc2-64-cbc
rsadsi 3 4		: RC4			: rc4
			: RC4-40		: rc4-40
rsadsi 3 7		: DES-EDE3-CBC		: des-ede3-cbc
rsadsi 3 8		: RC5-CBC		: rc5-cbc
			: RC5-ECB		: rc5-ecb
!Cname rc5-cfb64
			: RC5-CFB		: rc5-cfb
!Cname rc5-ofb64
			: RC5-OFB		: rc5-ofb

!Cname ms-ext-req
ms-corp 2 1 14	: msExtReq		: Microsoft Extension Request
!Cname ms-code-ind
ms-corp 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
!Cname ms-code-com
ms-corp 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
!Cname ms-ctl-sign
ms-corp 10 3 1	: msCTLSign		: Microsoft Trust List Signing
!Cname ms-sgc
ms-corp 10 3 3	: msSGC			: Microsoft Server Gated Crypto
!Cname ms-efs
ms-corp 10 3 4	: msEFS			: Microsoft Encrypted File System
!Cname ms-smartcard-login
ms-corp 20 2 2	: msSmartcardLogin	: Microsoft Smartcard Login
!Cname ms-upn
ms-corp 20 2 3	: msUPN			: Microsoft User Principal Name

ms-corp 25 2	: ms-ntds-sec-ext	: Microsoft NTDS CA Extension
ms-corp 25 2 1	: ms-ntds-obj-sid	: Microsoft NTDS AD objectSid
ms-corp 21 7	: ms-cert-templ		: Microsoft certificate template
ms-corp 21 10	: ms-app-policies	: Microsoft Application Policies Extension

1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
			: IDEA-ECB		: idea-ecb
!Cname idea-cfb64
			: IDEA-CFB		: idea-cfb
!Cname idea-ofb64
			: IDEA-OFB		: idea-ofb

1 3 6 1 4 1 3029 1 2	: BF-CBC		: bf-cbc
			: BF-ECB		: bf-ecb
!Cname bf-cfb64
			: BF-CFB		: bf-cfb
!Cname bf-ofb64
			: BF-OFB		: bf-ofb

!Cname id-pkix
1 3 6 1 5 5 7		: PKIX

# PKIX Arcs
id-pkix 0		: id-pkix-mod
id-pkix 1		: id-pe
id-pkix 2		: id-qt
id-pkix 3		: id-kp
id-pkix 4		: id-it
id-pkix 5		: id-pkip
id-pkix 6		: id-alg
id-pkix 7		: id-cmc
id-pkix 8		: id-on
id-pkix 9		: id-pda
id-pkix 10		: id-aca
id-pkix 11		: id-qcs
id-pkix 14		: id-cp
id-pkix 12		: id-cct
id-pkix 21		: id-ppl
id-pkix 48		: id-ad

# PKIX Modules
id-pkix-mod 1		: id-pkix1-explicit-88
id-pkix-mod 2		: id-pkix1-implicit-88
id-pkix-mod 3		: id-pkix1-explicit-93
id-pkix-mod 4		: id-pkix1-implicit-93
id-pkix-mod 5		: id-mod-crmf
id-pkix-mod 6		: id-mod-cmc
id-pkix-mod 7		: id-mod-kea-profile-88
id-pkix-mod 8		: id-mod-kea-profile-93
id-pkix-mod 9		: id-mod-cmp
id-pkix-mod 10		: id-mod-qualified-cert-88
id-pkix-mod 11		: id-mod-qualified-cert-93
id-pkix-mod 12		: id-mod-attribute-cert
id-pkix-mod 13		: id-mod-timestamp-protocol
id-pkix-mod 14		: id-mod-ocsp
id-pkix-mod 15		: id-mod-dvcs
id-pkix-mod 16		: id-mod-cmp2000
id-pkix-mod 50		: id-mod-cmp2000-02
id-pkix-mod 99		: id-mod-cmp2021-88
id-pkix-mod 100		: id-mod-cmp2021-02

# PKIX Private Extensions
!Cname info-access
id-pe 1			: authorityInfoAccess	: Authority Information Access
id-pe 2			: biometricInfo		: Biometric Info
id-pe 3			: qcStatements
id-pe 4			: ac-auditEntity
id-pe 5			: ac-targeting
id-pe 6			: aaControls
id-pe 7			: sbgp-ipAddrBlock
id-pe 8			: sbgp-autonomousSysNum
id-pe 9			: sbgp-routerIdentifier
id-pe 10		: ac-proxying
!Cname sinfo-access
id-pe 11		: subjectInfoAccess	: Subject Information Access
id-pe 14		: proxyCertInfo		: Proxy Certificate Information
id-pe 24		: tlsfeature		: TLS Feature
id-pe 28		: sbgp-ipAddrBlockv2
id-pe 29		: sbgp-autonomousSysNumv2

# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1			: id-qt-cps		: Policy Qualifier CPS
id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice
id-qt 3			: textNotice

# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
# PKIX key purpose identifiers
!Cname server-auth
id-kp 1			: serverAuth		: TLS Web Server Authentication
!Cname client-auth
id-kp 2			: clientAuth		: TLS Web Client Authentication
!Cname code-sign
id-kp 3			: codeSigning		: Code Signing
!Cname email-protect
id-kp 4			: emailProtection	: E-mail Protection
id-kp 5			: ipsecEndSystem	: IPSec End System
id-kp 6			: ipsecTunnel		: IPSec Tunnel
id-kp 7			: ipsecUser		: IPSec User
!Cname time-stamp
id-kp 8			: timeStamping		: Time Stamping
# From OCSP spec RFC2560
!Cname OCSP-sign
id-kp 9			: OCSPSigning		: OCSP Signing
id-kp 10		: DVCS			: dvcs
!Cname ipsec-IKE
id-kp 17                : ipsecIKE              : ipsec Internet Key Exchange
id-kp 18                : capwapAC              : Ctrl/provision WAP Access
id-kp 19                : capwapWTP             : Ctrl/Provision WAP Termination
!Cname sshClient
id-kp 21                : secureShellClient     : SSH Client
!Cname sshServer
id-kp 22                : secureShellServer     : SSH Server
id-kp 23                : sendRouter            : Send Router
id-kp 24                : sendProxiedRouter     : Send Proxied Router
id-kp 25                : sendOwner             : Send Owner
id-kp 26                : sendProxiedOwner      : Send Proxied Owner
id-kp 27                : cmcCA                 : CMC Certificate Authority
id-kp 28                : cmcRA                 : CMC Registration Authority
id-kp 29                : cmcArchive            : CMC Archive Server
id-kp 30                : id-kp-bgpsec-router 	: BGPsec Router
id-kp 31                : id-kp-BrandIndicatorforMessageIdentification : Brand Indicator for Message Identification
id-kp 32                : cmKGA                 : Certificate Management Key Generation Authority

# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4
# CMP information types
id-it 1			: id-it-caProtEncCert
id-it 2			: id-it-signKeyPairTypes
id-it 3			: id-it-encKeyPairTypes
id-it 4			: id-it-preferredSymmAlg
id-it 5			: id-it-caKeyUpdateInfo
id-it 6			: id-it-currentCRL
id-it 7			: id-it-unsupportedOIDs
# [Reserved and Obsolete]:
id-it 8			: id-it-subscriptionRequest
# [Reserved and Obsolete]:
id-it 9			: id-it-subscriptionResponse
id-it 10		: id-it-keyPairParamReq
id-it 11		: id-it-keyPairParamRep
id-it 12		: id-it-revPassphrase
id-it 13		: id-it-implicitConfirm
id-it 14		: id-it-confirmWaitTime
id-it 15		: id-it-origPKIMessage
id-it 16		: id-it-suppLangTags
id-it 17		: id-it-caCerts
id-it 18		: id-it-rootCaKeyUpdate
id-it 19		: id-it-certReqTemplate
id-it 20		: id-it-rootCaCert
id-it 21		: id-it-certProfile
id-it 22		: id-it-crlStatusList
id-it 23		: id-it-crls

# CRMF registration
id-pkip 1		: id-regCtrl
id-pkip 2		: id-regInfo

# CRMF registration controls
id-regCtrl 1		: id-regCtrl-regToken
id-regCtrl 2		: id-regCtrl-authenticator
id-regCtrl 3		: id-regCtrl-pkiPublicationInfo
id-regCtrl 4		: id-regCtrl-pkiArchiveOptions
id-regCtrl 5		: id-regCtrl-oldCertID
id-regCtrl 6		: id-regCtrl-protocolEncrKey
id-regCtrl 7		: id-regCtrl-altCertTemplate
# id-regCtrl 8		: id-regCtrl-wtlsTemplate	[Reserved and Obsolete]
# id-regCtrl 9		: id-regCtrl-regTokenUTF8	[Reserved and Obsolete]
# id-regCtrl 10		: id-regCtrl-authenticatorUTF8	[Reserved and Obsolete]
id-regCtrl 11		: id-regCtrl-algId
id-regCtrl 12		: id-regCtrl-rsaKeyLen

# CRMF registration information
id-regInfo 1		: id-regInfo-utf8Pairs
id-regInfo 2		: id-regInfo-certReq

# algorithms
id-alg 1		: id-alg-des40
id-alg 2		: id-alg-noSignature
id-alg 3		: id-alg-dh-sig-hmac-sha1
id-alg 4		: id-alg-dh-pop

# CMC controls
id-cmc 1		: id-cmc-statusInfo
id-cmc 2		: id-cmc-identification
id-cmc 3		: id-cmc-identityProof
id-cmc 4		: id-cmc-dataReturn
id-cmc 5		: id-cmc-transactionId
id-cmc 6		: id-cmc-senderNonce
id-cmc 7		: id-cmc-recipientNonce
id-cmc 8		: id-cmc-addExtensions
id-cmc 9		: id-cmc-encryptedPOP
id-cmc 10		: id-cmc-decryptedPOP
id-cmc 11		: id-cmc-lraPOPWitness
id-cmc 15		: id-cmc-getCert
id-cmc 16		: id-cmc-getCRL
id-cmc 17		: id-cmc-revokeRequest
id-cmc 18		: id-cmc-regInfo
id-cmc 19		: id-cmc-responseInfo
id-cmc 21		: id-cmc-queryPending
id-cmc 22		: id-cmc-popLinkRandom
id-cmc 23		: id-cmc-popLinkWitness
id-cmc 24		: id-cmc-confirmCertAcceptance

# other names
id-on 1			: id-on-personalData
id-on 3			: id-on-permanentIdentifier : Permanent Identifier
id-on 5			: id-on-xmppAddr : XmppAddr
id-on 7			: id-on-dnsSRV : SRVName
id-on 8			: id-on-NAIRealm : NAIRealm
id-on 9			: id-on-SmtpUTF8Mailbox : Smtp UTF8 Mailbox

# personal data attributes
id-pda 1		: id-pda-dateOfBirth
id-pda 2		: id-pda-placeOfBirth
id-pda 3		: id-pda-gender
id-pda 4		: id-pda-countryOfCitizenship
id-pda 5		: id-pda-countryOfResidence

# attribute certificate attributes
id-aca 1		: id-aca-authenticationInfo
id-aca 2		: id-aca-accessIdentity
id-aca 3		: id-aca-chargingIdentity
id-aca 4		: id-aca-group
# attention : the following seems to be obsolete, replace by 'role'
id-aca 5		: id-aca-role
id-aca 6		: id-aca-encAttrs

# qualified certificate statements
id-qcs 1		: id-qcs-pkixQCSyntax-v1

# PKIX Certificate Policies
id-cp 2			: ipAddr-asNumber
id-cp 3			: ipAddr-asNumberv2

# CMC content types
id-cct 1		: id-cct-crs
id-cct 2		: id-cct-PKIData
id-cct 3		: id-cct-PKIResponse

# Predefined Proxy Certificate policy languages
id-ppl 0		: id-ppl-anyLanguage	: Any language
id-ppl 1		: id-ppl-inheritAll	: Inherit all
id-ppl 2		: id-ppl-independent	: Independent

# access descriptors for authority info access extension
!Cname ad-OCSP
id-ad 1			: OCSP			: OCSP
!Cname ad-ca-issuers
id-ad 2			: caIssuers		: CA Issuers
!Cname ad-timeStamping
id-ad 3			: ad_timestamping	: AD Time Stamping
!Cname ad-dvcs
id-ad 4			: AD_DVCS		: ad dvcs
id-ad 5			: caRepository		: CA Repository
id-ad 10		: rpkiManifest		: RPKI Manifest
id-ad 11		: signedObject		: Signed Object
id-ad 13		: rpkiNotify		: RPKI Notify

!Alias id-pkix-OCSP ad-OCSP
!module id-pkix-OCSP
!Cname basic
id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
id-pkix-OCSP 2		: Nonce			: OCSP Nonce
id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
id-pkix-OCSP 5		: noCheck		: OCSP No Check
id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status
id-pkix-OCSP 9		: valid
id-pkix-OCSP 10		: path
id-pkix-OCSP 11		: trustRoot		: Trust Root
!global

1 3 14 3 2		: algorithm		: algorithm
algorithm 3		: RSA-NP-MD5		: md5WithRSA
algorithm 6		: DES-ECB		: des-ecb
algorithm 7		: DES-CBC		: des-cbc
!Cname des-ofb64
algorithm 8		: DES-OFB		: des-ofb
!Cname des-cfb64
algorithm 9		: DES-CFB		: des-cfb
algorithm 11		: rsaSignature
!Cname dsa-2
algorithm 12		: DSA-old		: dsaEncryption-old
algorithm 13		: DSA-SHA		: dsaWithSHA
algorithm 15		: RSA-SHA		: shaWithRSAEncryption
!Cname des-ede-ecb
algorithm 17		: DES-EDE		: des-ede
!Cname des-ede3-ecb
			: DES-EDE3		: des-ede3
			: DES-EDE-CBC		: des-ede-cbc
!Cname des-ede-cfb64
			: DES-EDE-CFB		: des-ede-cfb
!Cname des-ede3-cfb64
			: DES-EDE3-CFB		: des-ede3-cfb
!Cname des-ede-ofb64
			: DES-EDE-OFB		: des-ede-ofb
!Cname des-ede3-ofb64
			: DES-EDE3-OFB		: des-ede3-ofb
			: DESX-CBC		: desx-cbc
algorithm 18		: SHA			: sha
algorithm 26		: SHA1			: sha1
!Cname dsaWithSHA1-2
algorithm 27		: DSA-SHA1-old		: dsaWithSHA1-old
algorithm 29		: RSA-SHA1-2		: sha1WithRSA

1 3 36 3 2 1		: RIPEMD160		: ripemd160
1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA

1 3 6 1 4 1 1722 12 2 1 : BLAKE2BMAC	        : blake2bmac
1 3 6 1 4 1 1722 12 2 2 : BLAKE2SMAC   	        : blake2smac
blake2bmac 16           : BLAKE2b512            : blake2b512
blake2smac 8            : BLAKE2s256            : blake2s256

!Cname sxnet
1 3 101 1 4 1		: SXNetID		: Strong Extranet ID

2 5			: X500			: directory services (X.500)

X500 4			: X509
X509 3			: CN			: commonName
X509 4			: SN			: surname
X509 5			: 			: serialNumber
X509 6			: C			: countryName
X509 7			: L			: localityName
X509 8			: ST			: stateOrProvinceName
X509 9			: street		: streetAddress
X509 10			: O			: organizationName
X509 11			: OU			: organizationalUnitName
X509 12			: title			: title
X509 13			: 			: description
X509 14			: 			: searchGuide
X509 15			: 			: businessCategory
X509 16			: 			: postalAddress
X509 17			: 			: postalCode
X509 18			: 			: postOfficeBox
X509 19			: 			: physicalDeliveryOfficeName
X509 20			: 			: telephoneNumber
X509 21			: 			: telexNumber
X509 22			: 			: teletexTerminalIdentifier
X509 23			: 			: facsimileTelephoneNumber
X509 24			: 			: x121Address
X509 25			: 			: internationaliSDNNumber
X509 26			: 			: registeredAddress
X509 27			: 			: destinationIndicator
X509 28			: 			: preferredDeliveryMethod
X509 29			: 			: presentationAddress
X509 30			: 			: supportedApplicationContext
X509 31			: member		:
X509 32			: owner			:
X509 33			: 			: roleOccupant
X509 34			: seeAlso		:
X509 35			: 			: userPassword
X509 36			: 			: userCertificate
X509 37			: 			: cACertificate
X509 38			: 			: authorityRevocationList
X509 39			: 			: certificateRevocationList
X509 40			: 			: crossCertificatePair
X509 41			: name			: name
X509 42			: GN			: givenName
X509 43			: initials		: initials
X509 44			: 			: generationQualifier
X509 45			: 			: x500UniqueIdentifier
X509 46			: dnQualifier		: dnQualifier
X509 47			: 			: enhancedSearchGuide
X509 48			: 			: protocolInformation
X509 49			: 			: distinguishedName
X509 50			: 			: uniqueMember
X509 51			: 			: houseIdentifier
X509 52			: 			: supportedAlgorithms
X509 53			: 			: deltaRevocationList
X509 54			: dmdName		:
X509 65			:			: pseudonym
X509 72			: role			: role
X509 97                 :			: organizationIdentifier
X509 98			: c3			: countryCode3c
X509 99			: n3			: countryCode3n
X509 100		:			: dnsName


X500 8			: X500algorithms	: directory services - algorithms
X500algorithms 1 1	: RSA			: rsa
X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
X500algorithms 3 101	: MDC2			: mdc2

X500 29			: id-ce
!Cname subject-directory-attributes
id-ce 9			: subjectDirectoryAttributes : X509v3 Subject Directory Attributes
!Cname subject-key-identifier
id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier
!Cname key-usage
id-ce 15		: keyUsage		: X509v3 Key Usage
!Cname private-key-usage-period
id-ce 16		: privateKeyUsagePeriod	: X509v3 Private Key Usage Period
!Cname subject-alt-name
id-ce 17		: subjectAltName	: X509v3 Subject Alternative Name
!Cname issuer-alt-name
id-ce 18		: issuerAltName		: X509v3 Issuer Alternative Name
!Cname basic-constraints
id-ce 19		: basicConstraints	: X509v3 Basic Constraints
!Cname crl-number
id-ce 20		: crlNumber		: X509v3 CRL Number
!Cname crl-reason
id-ce 21		: CRLReason		: X509v3 CRL Reason Code
!Cname invalidity-date
id-ce 24		: invalidityDate	: Invalidity Date
!Cname delta-crl
id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
!Cname issuing-distribution-point
id-ce 28		: issuingDistributionPoint : X509v3 Issuing Distribution Point
!Cname certificate-issuer
id-ce 29		: certificateIssuer	: X509v3 Certificate Issuer
!Cname name-constraints
id-ce 30		: nameConstraints	: X509v3 Name Constraints
!Cname crl-distribution-points
id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
!Cname certificate-policies
id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
!Cname any-policy
certificate-policies 0	: anyPolicy		: X509v3 Any Policy
!Cname policy-mappings
id-ce 33		: policyMappings	: X509v3 Policy Mappings
!Cname authority-key-identifier
id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
!Cname policy-constraints
id-ce 36		: policyConstraints	: X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
!Cname authority-attribute-identifier
id-ce 38		: authorityAttributeIdentifier : X509v3 Authority Attribute Identifier
!Cname role-spec-cert-identifier
id-ce 39		: roleSpecCertIdentifier	: X509v3 Role Specification Certificate Identifier
!Cname basic-att-constraints
id-ce 41		: basicAttConstraints		: X509v3 Basic Attribute Certificate Constraints
!Cname delegated-name-constraints
id-ce 42 		: delegatedNameConstraints	: X509v3 Delegated Name Constraints
!Cname time-specification
id-ce 43		: timeSpecification			: X509v3 Time Specification
!Cname freshest-crl
id-ce 46		: freshestCRL		: X509v3 Freshest CRL
!Cname attribute-descriptor
id-ce 48		: attributeDescriptor		: X509v3 Attribute Descriptor
!Cname user-notice
id-ce 49		: userNotice				: X509v3 User Notice
!Cname soa-identifier
id-ce 50        : sOAIdentifier     : X509v3 Source of Authority Identifier
!Cname acceptable-cert-policies
id-ce 52		: acceptableCertPolicies	: X509v3 Acceptable Certification Policies
!Cname inhibit-any-policy
id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
!Cname target-information
id-ce 55		: targetInformation	: X509v3 AC Targeting
!Cname no-rev-avail
id-ce 56		: noRevAvail		: X509v3 No Revocation Available
!Cname acceptable-privilege-policies
id-ce 57		: acceptablePrivPolicies	: X509v3 Acceptable Privilege Policies
!Cname indirect-issuer
id-ce 61		: indirectIssuer			: X509v3 Indirect Issuer
!Cname no-assertion
id-ce 62        : noAssertion       : X509v3 No Assertion
!Cname id-aa-issuing-distribution-point
id-ce 63		: aAissuingDistributionPoint : X509v3 Attribute Authority Issuing Distribution Point
!Cname issued-on-behalf-of
id-ce 64		: issuedOnBehalfOf	: X509v3 Issued On Behalf Of
!Cname single-use
id-ce 65		: singleUse			: X509v3 Single Use
!Cname group-ac
id-ce 66		: groupAC			: X509v3 Group Attribute Certificate
!Cname allowed-attribute-assignments
id-ce 67		: allowedAttributeAssignments		: X509v3 Allowed Attribute Assignments
!Cname attribute-mappings
id-ce 68		: attributeMappings		: X509v3 Attribute Mappings
!Cname holder-name-constraints
id-ce 69		: holderNameConstraints	: X509v3 Holder Name Constraints
!Cname authorization-validation
id-ce 70		: authorizationValidation : X509v3 Authorization Validation
!Cname prot-restrict
id-ce 71		: protRestrict : X509v3 Protocol Restriction
!Cname subject-alt-public-key-info
id-ce 72		: subjectAltPublicKeyInfo : X509v3 Subject Alternative Public Key Info
!Cname alt-signature-algorithm
id-ce 73		: altSignatureAlgorithm : X509v3 Alternative Signature Algorithm
!Cname alt-signature-value
id-ce 74		: altSignatureValue : X509v3 Alternative Signature Value
!Cname associated-information
id-ce 75		: associatedInformation : X509v3 Associated Information

# From RFC5280
ext-key-usage 0		: anyExtendedKeyUsage	: Any Extended Key Usage


!Cname netscape
2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
!Cname netscape-cert-extension
netscape 1		: nsCertExt		: Netscape Certificate Extension
!Cname netscape-data-type
netscape 2		: nsDataType		: Netscape Data Type
!Cname netscape-cert-type
netscape-cert-extension 1 : nsCertType		: Netscape Cert Type
!Cname netscape-base-url
netscape-cert-extension 2 : nsBaseUrl		: Netscape Base Url
!Cname netscape-revocation-url
netscape-cert-extension 3 : nsRevocationUrl	: Netscape Revocation Url
!Cname netscape-ca-revocation-url
netscape-cert-extension 4 : nsCaRevocationUrl	: Netscape CA Revocation Url
!Cname netscape-renewal-url
netscape-cert-extension 7 : nsRenewalUrl	: Netscape Renewal Url
!Cname netscape-ca-policy-url
netscape-cert-extension 8 : nsCaPolicyUrl	: Netscape CA Policy Url
!Cname netscape-ssl-server-name
netscape-cert-extension 12 : nsSslServerName	: Netscape SSL Server Name
!Cname netscape-comment
netscape-cert-extension 13 : nsComment		: Netscape Comment
!Cname netscape-cert-sequence
netscape-data-type 5	: nsCertSequence	: Netscape Certificate Sequence
!Cname ns-sgc
netscape 4 1		: nsSGC			: Netscape Server Gated Crypto

# iso(1)
iso 3			: ORG			: org
org 6			: DOD			: dod
dod 1			: IANA			: iana
!Alias internet iana

internet 1		: directory		: Directory
internet 2		: mgmt			: Management
internet 3		: experimental		: Experimental
internet 4		: private		: Private
internet 5		: security		: Security
internet 6		: snmpv2		: SNMPv2
# Documents refer to "internet 7" as "mail". This however leads to ambiguities
# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
# rfc822Mailbox. The short name is therefore here left out for a reason.
# Subclasses of "mail", e.g. "MIME MHS" don't constitute a problem, as
# references are realized via long name "Mail" (with capital M).
internet 7		:			: Mail

Private 1		: enterprises		: Enterprises

# RFC 2247
Enterprises 1466 344	: dcobject		: dcObject

# RFC 1495
Mail 1			: mime-mhs		: MIME MHS
mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings
mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies
mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message
mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message

# RFC 3274
!Cname zlib-compression
id-smime-alg 8		: ZLIB			: zlib compression

# AES aka Rijndael

!Alias csor 2 16 840 1 101 3
!Alias nistAlgorithms csor 4
!Alias aes nistAlgorithms 1

aes 1			: AES-128-ECB		: aes-128-ecb
aes 2			: AES-128-CBC		: aes-128-cbc
!Cname aes-128-ofb128
aes 3			: AES-128-OFB		: aes-128-ofb
!Cname aes-128-cfb128
aes 4			: AES-128-CFB		: aes-128-cfb
aes 5			: id-aes128-wrap
aes 6			: id-aes128-GCM		: aes-128-gcm
aes 7			: id-aes128-CCM		: aes-128-ccm
aes 8			: id-aes128-wrap-pad

aes 21			: AES-192-ECB		: aes-192-ecb
aes 22			: AES-192-CBC		: aes-192-cbc
!Cname aes-192-ofb128
aes 23			: AES-192-OFB		: aes-192-ofb
!Cname aes-192-cfb128
aes 24			: AES-192-CFB		: aes-192-cfb
aes 25			: id-aes192-wrap
aes 26			: id-aes192-GCM		: aes-192-gcm
aes 27			: id-aes192-CCM		: aes-192-ccm
aes 28			: id-aes192-wrap-pad

aes 41			: AES-256-ECB		: aes-256-ecb
aes 42			: AES-256-CBC		: aes-256-cbc
!Cname aes-256-ofb128
aes 43			: AES-256-OFB		: aes-256-ofb
!Cname aes-256-cfb128
aes 44			: AES-256-CFB		: aes-256-cfb
aes 45			: id-aes256-wrap
aes 46			: id-aes256-GCM		: aes-256-gcm
aes 47			: id-aes256-CCM		: aes-256-ccm
aes 48			: id-aes256-wrap-pad

ieee-siswg 0 1 1        : AES-128-XTS		: aes-128-xts
ieee-siswg 0 1 2        : AES-256-XTS		: aes-256-xts

# There are no OIDs for these modes...

			: AES-128-CFB1		: aes-128-cfb1
			: AES-192-CFB1		: aes-192-cfb1
			: AES-256-CFB1		: aes-256-cfb1
			: AES-128-CFB8		: aes-128-cfb8
			: AES-192-CFB8		: aes-192-cfb8
			: AES-256-CFB8		: aes-256-cfb8
			: AES-128-CTR		: aes-128-ctr
			: AES-192-CTR		: aes-192-ctr
			: AES-256-CTR		: aes-256-ctr
			: AES-128-OCB		: aes-128-ocb
			: AES-192-OCB		: aes-192-ocb
			: AES-256-OCB		: aes-256-ocb
			: DES-CFB1		: des-cfb1
			: DES-CFB8		: des-cfb8
			: DES-EDE3-CFB1		: des-ede3-cfb1
			: DES-EDE3-CFB8		: des-ede3-cfb8

# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and
# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
# "Middle" names are specified to be id-sha256, id-sha384, etc., but
# we adhere to unprefixed capitals for backward compatibility...
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1		: SHA256		: sha256
nist_hashalgs 2		: SHA384		: sha384
nist_hashalgs 3		: SHA512		: sha512
nist_hashalgs 4		: SHA224		: sha224
nist_hashalgs 5		: SHA512-224		: sha512-224
nist_hashalgs 6		: SHA512-256		: sha512-256
nist_hashalgs 7		: SHA3-224		: sha3-224
nist_hashalgs 8		: SHA3-256		: sha3-256
nist_hashalgs 9		: SHA3-384		: sha3-384
nist_hashalgs 10	: SHA3-512		: sha3-512
nist_hashalgs 11	: SHAKE128		: shake128
nist_hashalgs 12	: SHAKE256		: shake256
nist_hashalgs 13	: id-hmacWithSHA3-224	: hmac-sha3-224
nist_hashalgs 14	: id-hmacWithSHA3-256	: hmac-sha3-256
nist_hashalgs 15	: id-hmacWithSHA3-384	: hmac-sha3-384
nist_hashalgs 16	: id-hmacWithSHA3-512	: hmac-sha3-512
# Below two are incomplete OIDs, to be uncommented when we figure out
# how to handle them...
# nist_hashalgs 17	: id-shake128-len	: shake128-len
# nist_hashalgs 18	: id-shake256-len	: shake256-len
nist_hashalgs 19        : KMAC128               : kmac128
nist_hashalgs 20        : KMAC256               : kmac256
# nist_hashalgs 21      : KMAC128-XOF           : kmac128-xof
# nist_hashalgs 22      : KMAC256-XOF           : kmac256-xof

# OIDs for dsa-with-sha224 and dsa-with-sha256
!Alias dsa_with_sha2 nistAlgorithms 3
dsa_with_sha2 1		: dsa_with_SHA224
dsa_with_sha2 2		: dsa_with_SHA256
# Above two belong below, but kept as they are for backward compatibility
!Alias sigAlgs nistAlgorithms 3
sigAlgs 3	: id-dsa-with-sha384	: dsa_with_SHA384
sigAlgs 4	: id-dsa-with-sha512	: dsa_with_SHA512
sigAlgs 5	: id-dsa-with-sha3-224	: dsa_with_SHA3-224
sigAlgs 6	: id-dsa-with-sha3-256	: dsa_with_SHA3-256
sigAlgs 7	: id-dsa-with-sha3-384	: dsa_with_SHA3-384
sigAlgs 8	: id-dsa-with-sha3-512	: dsa_with_SHA3-512
sigAlgs 9	: id-ecdsa-with-sha3-224	: ecdsa_with_SHA3-224
sigAlgs 10	: id-ecdsa-with-sha3-256	: ecdsa_with_SHA3-256
sigAlgs 11	: id-ecdsa-with-sha3-384	: ecdsa_with_SHA3-384
sigAlgs 12	: id-ecdsa-with-sha3-512	: ecdsa_with_SHA3-512
sigAlgs 13	: id-rsassa-pkcs1-v1_5-with-sha3-224	: RSA-SHA3-224
sigAlgs 14	: id-rsassa-pkcs1-v1_5-with-sha3-256	: RSA-SHA3-256
sigAlgs 15	: id-rsassa-pkcs1-v1_5-with-sha3-384	: RSA-SHA3-384
sigAlgs 16	: id-rsassa-pkcs1-v1_5-with-sha3-512	: RSA-SHA3-512

# Hold instruction CRL entry extension
!Cname hold-instruction-code
id-ce 23		: holdInstructionCode	: Hold Instruction Code
!Alias holdInstruction	X9-57 2
!Cname hold-instruction-none
holdInstruction 1	: holdInstructionNone	: Hold Instruction None
!Cname hold-instruction-call-issuer
holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
!Cname hold-instruction-reject
holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject

# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of
# them are also mentioned in RFC 2247
# OIDs specific to Electronic Signature Standard/CAdES are as specified in
# ETSI EN 319 122-1 V1.2.1 (2021-10):
# Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; 
# Part 1: Building blocks and CAdES baseline signatures
itu-t 4			: itu-t-identified-organization
itu-t-identified-organization 0: etsi
etsi 1733		: electronic-signature-standard
electronic-signature-standard 2: ess-attributes
ess-attributes 1	: id-aa-ets-mimeType
ess-attributes 2	: id-aa-ets-longTermValidation
ess-attributes 3	: id-aa-ets-SignaturePolicyDocument
ess-attributes 4	: id-aa-ets-archiveTimestampV3
ess-attributes 5	: id-aa-ATSHashIndex
etsi 19122		: cades
cades 1			: cades-attributes
cades-attributes 1	: id-aa-ets-signerAttrV2
cades-attributes 3	: id-aa-ets-sigPolicyStore
cades-attributes 4	: id-aa-ATSHashIndex-v2
cades-attributes 5	: id-aa-ATSHashIndex-v3
cades-attributes 6	: signedAssertion

itu-t 9			: data
data 2342		: pss
pss 19200300		: ucl
ucl 100			: pilot
pilot 1			:			: pilotAttributeType
pilot 3			:			: pilotAttributeSyntax
pilot 4			:			: pilotObjectClass
pilot 10		:			: pilotGroups
pilotAttributeSyntax 4	:			: iA5StringSyntax
pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax
pilotObjectClass 3	:			: pilotObject
pilotObjectClass 4	:			: pilotPerson
pilotObjectClass 5	: account
pilotObjectClass 6	: document
pilotObjectClass 7	: room
pilotObjectClass 9	:			: documentSeries
pilotObjectClass 13	: domain		: Domain
pilotObjectClass 14	:			: rFC822localPart
pilotObjectClass 15	:			: dNSDomain
pilotObjectClass 17	:			: domainRelatedObject
pilotObjectClass 18	:			: friendlyCountry
pilotObjectClass 19	:			: simpleSecurityObject
pilotObjectClass 20	:			: pilotOrganization
pilotObjectClass 21	:			: pilotDSA
pilotObjectClass 22	:			: qualityLabelledData
pilotAttributeType 1	: UID			: userId
pilotAttributeType 2	:			: textEncodedORAddress
pilotAttributeType 3	: mail			: rfc822Mailbox
pilotAttributeType 4	: info
pilotAttributeType 5	:			: favouriteDrink
pilotAttributeType 6	:			: roomNumber
pilotAttributeType 7	: photo
pilotAttributeType 8	:			: userClass
pilotAttributeType 9	: host
pilotAttributeType 10	: manager
pilotAttributeType 11	:			: documentIdentifier
pilotAttributeType 12	:			: documentTitle
pilotAttributeType 13	:			: documentVersion
pilotAttributeType 14	:			: documentAuthor
pilotAttributeType 15	:			: documentLocation
pilotAttributeType 20	:			: homeTelephoneNumber
pilotAttributeType 21	: secretary
pilotAttributeType 22	:			: otherMailbox
pilotAttributeType 23	:			: lastModifiedTime
pilotAttributeType 24	:			: lastModifiedBy
pilotAttributeType 25	: DC			: domainComponent
pilotAttributeType 26	:			: aRecord
pilotAttributeType 27	:			: pilotAttributeType27
pilotAttributeType 28	:			: mXRecord
pilotAttributeType 29	:			: nSRecord
pilotAttributeType 30	:			: sOARecord
pilotAttributeType 31	:			: cNAMERecord
pilotAttributeType 37	:			: associatedDomain
pilotAttributeType 38	:			: associatedName
pilotAttributeType 39	:			: homePostalAddress
pilotAttributeType 40	:			: personalTitle
pilotAttributeType 41	:			: mobileTelephoneNumber
pilotAttributeType 42	:			: pagerTelephoneNumber
pilotAttributeType 43	:			: friendlyCountryName
pilotAttributeType 44	: uid			: uniqueIdentifier
pilotAttributeType 45	:			: organizationalStatus
pilotAttributeType 46	:			: janetMailbox
pilotAttributeType 47	:			: mailPreferenceOption
pilotAttributeType 48	:			: buildingName
pilotAttributeType 49	:			: dSAQuality
pilotAttributeType 50	:			: singleLevelQuality
pilotAttributeType 51	:			: subtreeMinimumQuality
pilotAttributeType 52	:			: subtreeMaximumQuality
pilotAttributeType 53	:			: personalSignature
pilotAttributeType 54	:			: dITRedirect
pilotAttributeType 55	: audio
pilotAttributeType 56	:			: documentPublisher

international-organizations 42	: id-set	: Secure Electronic Transactions

id-set 0		: set-ctype		: content types
id-set 1		: set-msgExt		: message extensions
id-set 3		: set-attr
id-set 5		: set-policy
id-set 7		: set-certExt		: certificate extensions
id-set 8		: set-brand

set-ctype 0		: setct-PANData
set-ctype 1		: setct-PANToken
set-ctype 2		: setct-PANOnly
set-ctype 3		: setct-OIData
set-ctype 4		: setct-PI
set-ctype 5		: setct-PIData
set-ctype 6		: setct-PIDataUnsigned
set-ctype 7		: setct-HODInput
set-ctype 8		: setct-AuthResBaggage
set-ctype 9		: setct-AuthRevReqBaggage
set-ctype 10		: setct-AuthRevResBaggage
set-ctype 11		: setct-CapTokenSeq
set-ctype 12		: setct-PInitResData
set-ctype 13		: setct-PI-TBS
set-ctype 14		: setct-PResData
set-ctype 16		: setct-AuthReqTBS
set-ctype 17		: setct-AuthResTBS
set-ctype 18		: setct-AuthResTBSX
set-ctype 19		: setct-AuthTokenTBS
set-ctype 20		: setct-CapTokenData
set-ctype 21		: setct-CapTokenTBS
set-ctype 22		: setct-AcqCardCodeMsg
set-ctype 23		: setct-AuthRevReqTBS
set-ctype 24		: setct-AuthRevResData
set-ctype 25		: setct-AuthRevResTBS
set-ctype 26		: setct-CapReqTBS
set-ctype 27		: setct-CapReqTBSX
set-ctype 28		: setct-CapResData
set-ctype 29		: setct-CapRevReqTBS
set-ctype 30		: setct-CapRevReqTBSX
set-ctype 31		: setct-CapRevResData
set-ctype 32		: setct-CredReqTBS
set-ctype 33		: setct-CredReqTBSX
set-ctype 34		: setct-CredResData
set-ctype 35		: setct-CredRevReqTBS
set-ctype 36		: setct-CredRevReqTBSX
set-ctype 37		: setct-CredRevResData
set-ctype 38		: setct-PCertReqData
set-ctype 39		: setct-PCertResTBS
set-ctype 40		: setct-BatchAdminReqData
set-ctype 41		: setct-BatchAdminResData
set-ctype 42		: setct-CardCInitResTBS
set-ctype 43		: setct-MeAqCInitResTBS
set-ctype 44		: setct-RegFormResTBS
set-ctype 45		: setct-CertReqData
set-ctype 46		: setct-CertReqTBS
set-ctype 47		: setct-CertResData
set-ctype 48		: setct-CertInqReqTBS
set-ctype 49		: setct-ErrorTBS
set-ctype 50		: setct-PIDualSignedTBE
set-ctype 51		: setct-PIUnsignedTBE
set-ctype 52		: setct-AuthReqTBE
set-ctype 53		: setct-AuthResTBE
set-ctype 54		: setct-AuthResTBEX
set-ctype 55		: setct-AuthTokenTBE
set-ctype 56		: setct-CapTokenTBE
set-ctype 57		: setct-CapTokenTBEX
set-ctype 58		: setct-AcqCardCodeMsgTBE
set-ctype 59		: setct-AuthRevReqTBE
set-ctype 60		: setct-AuthRevResTBE
set-ctype 61		: setct-AuthRevResTBEB
set-ctype 62		: setct-CapReqTBE
set-ctype 63		: setct-CapReqTBEX
set-ctype 64		: setct-CapResTBE
set-ctype 65		: setct-CapRevReqTBE
set-ctype 66		: setct-CapRevReqTBEX
set-ctype 67		: setct-CapRevResTBE
set-ctype 68		: setct-CredReqTBE
set-ctype 69		: setct-CredReqTBEX
set-ctype 70		: setct-CredResTBE
set-ctype 71		: setct-CredRevReqTBE
set-ctype 72		: setct-CredRevReqTBEX
set-ctype 73		: setct-CredRevResTBE
set-ctype 74		: setct-BatchAdminReqTBE
set-ctype 75		: setct-BatchAdminResTBE
set-ctype 76		: setct-RegFormReqTBE
set-ctype 77		: setct-CertReqTBE
set-ctype 78		: setct-CertReqTBEX
set-ctype 79		: setct-CertResTBE
set-ctype 80		: setct-CRLNotificationTBS
set-ctype 81		: setct-CRLNotificationResTBS
set-ctype 82		: setct-BCIDistributionTBS

set-msgExt 1		: setext-genCrypt	: generic cryptogram
set-msgExt 3		: setext-miAuth		: merchant initiated auth
set-msgExt 4		: setext-pinSecure
set-msgExt 5		: setext-pinAny
set-msgExt 7		: setext-track2
set-msgExt 8		: setext-cv		: additional verification

set-policy 0		: set-policy-root

set-certExt 0		: setCext-hashedRoot
set-certExt 1		: setCext-certType
set-certExt 2		: setCext-merchData
set-certExt 3		: setCext-cCertRequired
set-certExt 4		: setCext-tunneling
set-certExt 5		: setCext-setExt
set-certExt 6		: setCext-setQualf
set-certExt 7		: setCext-PGWYcapabilities
set-certExt 8		: setCext-TokenIdentifier
set-certExt 9		: setCext-Track2Data
set-certExt 10		: setCext-TokenType
set-certExt 11		: setCext-IssuerCapabilities

set-attr 0		: setAttr-Cert
set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities
set-attr 2		: setAttr-TokenType
set-attr 3		: setAttr-IssCap	: issuer capabilities

setAttr-Cert 0		: set-rootKeyThumb
setAttr-Cert 1		: set-addPolicy

setAttr-TokenType 1	: setAttr-Token-EMV
setAttr-TokenType 2	: setAttr-Token-B0Prime

setAttr-IssCap 3	: setAttr-IssCap-CVM
setAttr-IssCap 4	: setAttr-IssCap-T2
setAttr-IssCap 5	: setAttr-IssCap-Sig

setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram
setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2
setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2

setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature
setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature

set-brand 1		: set-brand-IATA-ATA
set-brand 30		: set-brand-Diners
set-brand 34		: set-brand-AmericanExpress
set-brand 35		: set-brand-JCB
set-brand 4		: set-brand-Visa
set-brand 5		: set-brand-MasterCard
set-brand 6011		: set-brand-Novus

rsadsi 3 10		: DES-CDMF		: des-cdmf
rsadsi 1 1 6		: rsaOAEPEncryptionSET

			: Oakley-EC2N-3		: ipsec3
			: Oakley-EC2N-4		: ipsec4

iso 0 10118 3 0 55	: whirlpool

# GOST OIDs

member-body 643 2 2	: cryptopro
member-body 643 2 9	: cryptocom
member-body 643 7 1	: id-tc26

cryptopro 3		: id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
cryptopro 4		: id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
!Cname id-GostR3411-94
cryptopro 9		: md_gost94		: GOST R 34.11-94
cryptopro 10		: id-HMACGostR3411-94	: HMAC GOST 34.11-94
!Cname id-GostR3410-2001
cryptopro 19		: gost2001	: GOST R 34.10-2001
!Cname id-GostR3410-94
cryptopro 20		: gost94	: GOST R 34.10-94
!Cname id-Gost28147-89
cryptopro 21		: gost89 		: GOST 28147-89
			: gost89-cnt
			: gost89-cnt-12
			: gost89-cbc
			: gost89-ecb
			: gost89-ctr
!Cname id-Gost28147-89-MAC
cryptopro 22		: gost-mac	: GOST 28147-89 MAC
			: gost-mac-12
!Cname id-GostR3411-94-prf
cryptopro 23		: prf-gostr3411-94	: GOST R 34.11-94 PRF
cryptopro 98		: id-GostR3410-2001DH	: GOST R 34.10-2001 DH
cryptopro 99		: id-GostR3410-94DH	: GOST R 34.10-94 DH

cryptopro 14 1		: id-Gost28147-89-CryptoPro-KeyMeshing
cryptopro 14 0		: id-Gost28147-89-None-KeyMeshing

# GOST parameter set OIDs

cryptopro 30 0		: id-GostR3411-94-TestParamSet
cryptopro 30 1		: id-GostR3411-94-CryptoProParamSet

cryptopro 31 0		: id-Gost28147-89-TestParamSet
cryptopro 31 1		: id-Gost28147-89-CryptoPro-A-ParamSet
cryptopro 31 2		: id-Gost28147-89-CryptoPro-B-ParamSet
cryptopro 31 3		: id-Gost28147-89-CryptoPro-C-ParamSet
cryptopro 31 4		: id-Gost28147-89-CryptoPro-D-ParamSet
cryptopro 31 5		: id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet
cryptopro 31 6		: id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet
cryptopro 31 7		: id-Gost28147-89-CryptoPro-RIC-1-ParamSet

cryptopro 32 0		: id-GostR3410-94-TestParamSet
cryptopro 32 2		: id-GostR3410-94-CryptoPro-A-ParamSet
cryptopro 32 3		: id-GostR3410-94-CryptoPro-B-ParamSet
cryptopro 32 4		: id-GostR3410-94-CryptoPro-C-ParamSet
cryptopro 32 5		: id-GostR3410-94-CryptoPro-D-ParamSet

cryptopro 33 1		: id-GostR3410-94-CryptoPro-XchA-ParamSet
cryptopro 33 2		: id-GostR3410-94-CryptoPro-XchB-ParamSet
cryptopro 33 3		: id-GostR3410-94-CryptoPro-XchC-ParamSet

cryptopro 35 0		: id-GostR3410-2001-TestParamSet
cryptopro 35 1		: id-GostR3410-2001-CryptoPro-A-ParamSet
cryptopro 35 2		: id-GostR3410-2001-CryptoPro-B-ParamSet
cryptopro 35 3		: id-GostR3410-2001-CryptoPro-C-ParamSet

cryptopro 36 0		: id-GostR3410-2001-CryptoPro-XchA-ParamSet
cryptopro 36 1		: id-GostR3410-2001-CryptoPro-XchB-ParamSet

id-GostR3410-94 1	: id-GostR3410-94-a
id-GostR3410-94 2	: id-GostR3410-94-aBis
id-GostR3410-94 3	: id-GostR3410-94-b
id-GostR3410-94 4	: id-GostR3410-94-bBis

# Cryptocom LTD GOST OIDs

cryptocom 1 6 1		: id-Gost28147-89-cc	: GOST 28147-89 Cryptocom ParamSet
!Cname id-GostR3410-94-cc
cryptocom 1 5 3		: gost94cc	: GOST 34.10-94 Cryptocom
!Cname id-GostR3410-2001-cc
cryptocom 1 5 4		: gost2001cc	: GOST 34.10-2001 Cryptocom

cryptocom 1 3 3		: id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom
cryptocom 1 3 4		: id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom

cryptocom 1 8 1		: id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom

# TC26 GOST OIDs

id-tc26 1 		: id-tc26-algorithms
id-tc26-algorithms 1	: id-tc26-sign
!Cname id-GostR3410-2012-256
id-tc26-sign 1		: gost2012_256: GOST R 34.10-2012 with 256 bit modulus
!Cname id-GostR3410-2012-512
id-tc26-sign 2		: gost2012_512: GOST R 34.10-2012 with 512 bit modulus

id-tc26-algorithms 2	: id-tc26-digest
!Cname id-GostR3411-2012-256
id-tc26-digest 2	: md_gost12_256: GOST R 34.11-2012 with 256 bit hash
!Cname id-GostR3411-2012-512
id-tc26-digest 3	: md_gost12_512: GOST R 34.11-2012 with 512 bit hash

id-tc26-algorithms 3	: id-tc26-signwithdigest
id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)

id-tc26-algorithms 4	: id-tc26-mac
id-tc26-mac 1		: id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
id-tc26-mac 2		: id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit

id-tc26-algorithms 5	: id-tc26-cipher
id-tc26-cipher 1	:  id-tc26-cipher-gostr3412-2015-magma
id-tc26-cipher-gostr3412-2015-magma 1	: magma-ctr-acpkm
id-tc26-cipher-gostr3412-2015-magma 2	: magma-ctr-acpkm-omac
id-tc26-cipher 2	:  id-tc26-cipher-gostr3412-2015-kuznyechik
id-tc26-cipher-gostr3412-2015-kuznyechik 1	: kuznyechik-ctr-acpkm
id-tc26-cipher-gostr3412-2015-kuznyechik 2	: kuznyechik-ctr-acpkm-omac

id-tc26-algorithms 6	: id-tc26-agreement
id-tc26-agreement 1	: id-tc26-agreement-gost-3410-2012-256
id-tc26-agreement 2	: id-tc26-agreement-gost-3410-2012-512

id-tc26-algorithms 7	:	id-tc26-wrap
id-tc26-wrap 1	: id-tc26-wrap-gostr3412-2015-magma
id-tc26-wrap-gostr3412-2015-magma 1	: magma-kexp15
id-tc26-wrap 2	: id-tc26-wrap-gostr3412-2015-kuznyechik
id-tc26-wrap-gostr3412-2015-kuznyechik 1	: kuznyechik-kexp15

id-tc26 2 		: id-tc26-constants

id-tc26-constants 1	: id-tc26-sign-constants
id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants
id-tc26-gost-3410-2012-256-constants 1	: id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A
id-tc26-gost-3410-2012-256-constants 2	: id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B
id-tc26-gost-3410-2012-256-constants 3	: id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C
id-tc26-gost-3410-2012-256-constants 4	: id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D
id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
id-tc26-gost-3410-2012-512-constants 0	: id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
id-tc26-gost-3410-2012-512-constants 1	: id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
id-tc26-gost-3410-2012-512-constants 2	: id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
id-tc26-gost-3410-2012-512-constants 3	: id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C

id-tc26-constants 2     : id-tc26-digest-constants
id-tc26-constants 5     : id-tc26-cipher-constants
id-tc26-cipher-constants 1	: id-tc26-gost-28147-constants
id-tc26-gost-28147-constants 1	: id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set

member-body 643 3 131 1 1	: INN	: INN
member-body 643 100 1		: OGRN	: OGRN
member-body 643 100 3		: SNILS	: SNILS
member-body 643 100 5		: OGRNIP	: OGRNIP
member-body 643 100 111	: subjectSignTool	: Signing Tool of Subject
member-body 643 100 112	: issuerSignTool	: Signing Tool of Issuer
member-body 643 100 113  : classSignTool   : Class of Signing Tool
member-body 643 100 113 1 : classSignToolKC1 : Class of Signing Tool KC1
member-body 643 100 113 2 : classSignToolKC2 : Class of Signing Tool KC2
member-body 643 100 113 3 : classSignToolKC3 : Class of Signing Tool KC3
member-body 643 100 113 4 : classSignToolKB1 : Class of Signing Tool KB1
member-body 643 100 113 5 : classSignToolKB2 : Class of Signing Tool KB2
member-body 643 100 113 6 : classSignToolKA1 : Class of Signing Tool KA1

#GOST R34.13-2015 Grasshopper "Kuznechik"
			: kuznyechik-ecb
			: kuznyechik-ctr
			: kuznyechik-ofb
			: kuznyechik-cbc
			: kuznyechik-cfb
			: kuznyechik-mac

#GOST R34.13-2015 Magma
			: magma-ecb
			: magma-ctr
			: magma-ofb
			: magma-cbc
			: magma-cfb
			: magma-mac

# Definitions for Camellia cipher - CBC MODE

1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC		: camellia-128-cbc
1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC		: camellia-192-cbc
1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC		: camellia-256-cbc
1 2 392 200011 61 1 1 3 2 : id-camellia128-wrap
1 2 392 200011 61 1 1 3 3 : id-camellia192-wrap
1 2 392 200011 61 1 1 3 4 : id-camellia256-wrap

# Definitions for Camellia cipher - ECB, CFB, OFB MODE

!Alias ntt-ds 0 3 4401 5
!Alias camellia ntt-ds 3 1 9

camellia 1		: CAMELLIA-128-ECB		: camellia-128-ecb
!Cname camellia-128-ofb128
camellia 3		: CAMELLIA-128-OFB		: camellia-128-ofb
!Cname camellia-128-cfb128
camellia 4		: CAMELLIA-128-CFB		: camellia-128-cfb
camellia 6		: CAMELLIA-128-GCM		: camellia-128-gcm
camellia 7		: CAMELLIA-128-CCM		: camellia-128-ccm
camellia 9		: CAMELLIA-128-CTR		: camellia-128-ctr
camellia 10		: CAMELLIA-128-CMAC		: camellia-128-cmac

camellia 21		: CAMELLIA-192-ECB		: camellia-192-ecb
!Cname camellia-192-ofb128
camellia 23		: CAMELLIA-192-OFB		: camellia-192-ofb
!Cname camellia-192-cfb128
camellia 24		: CAMELLIA-192-CFB		: camellia-192-cfb
camellia 26		: CAMELLIA-192-GCM		: camellia-192-gcm
camellia 27		: CAMELLIA-192-CCM		: camellia-192-ccm
camellia 29		: CAMELLIA-192-CTR		: camellia-192-ctr
camellia 30		: CAMELLIA-192-CMAC		: camellia-192-cmac

camellia 41		: CAMELLIA-256-ECB		: camellia-256-ecb
!Cname camellia-256-ofb128
camellia 43		: CAMELLIA-256-OFB		: camellia-256-ofb
!Cname camellia-256-cfb128
camellia 44		: CAMELLIA-256-CFB		: camellia-256-cfb
camellia 46		: CAMELLIA-256-GCM		: camellia-256-gcm
camellia 47		: CAMELLIA-256-CCM		: camellia-256-ccm
camellia 49		: CAMELLIA-256-CTR		: camellia-256-ctr
camellia 50		: CAMELLIA-256-CMAC		: camellia-256-cmac

# There are no OIDs for these modes...

			: CAMELLIA-128-CFB1		: camellia-128-cfb1
			: CAMELLIA-192-CFB1		: camellia-192-cfb1
			: CAMELLIA-256-CFB1		: camellia-256-cfb1
			: CAMELLIA-128-CFB8		: camellia-128-cfb8
			: CAMELLIA-192-CFB8		: camellia-192-cfb8
			: CAMELLIA-256-CFB8		: camellia-256-cfb8

# Definitions for ARIA cipher

!Alias aria 1 2 410 200046 1 1
aria 1                  : ARIA-128-ECB                  : aria-128-ecb
aria 2                  : ARIA-128-CBC                  : aria-128-cbc
!Cname aria-128-cfb128
aria 3                  : ARIA-128-CFB                  : aria-128-cfb
!Cname aria-128-ofb128
aria 4                  : ARIA-128-OFB                  : aria-128-ofb
aria 5			: ARIA-128-CTR                  : aria-128-ctr

aria 6                  : ARIA-192-ECB                  : aria-192-ecb
aria 7                  : ARIA-192-CBC                  : aria-192-cbc
!Cname aria-192-cfb128
aria 8                  : ARIA-192-CFB                  : aria-192-cfb
!Cname aria-192-ofb128
aria 9                  : ARIA-192-OFB                  : aria-192-ofb
aria 10                 : ARIA-192-CTR                  : aria-192-ctr

aria 11                 : ARIA-256-ECB                  : aria-256-ecb
aria 12                 : ARIA-256-CBC                  : aria-256-cbc
!Cname aria-256-cfb128
aria 13                 : ARIA-256-CFB                  : aria-256-cfb
!Cname aria-256-ofb128
aria 14                 : ARIA-256-OFB                  : aria-256-ofb
aria 15                 : ARIA-256-CTR                  : aria-256-ctr

# There are no OIDs for these ARIA modes...
                        : ARIA-128-CFB1                 : aria-128-cfb1
                        : ARIA-192-CFB1                 : aria-192-cfb1
                        : ARIA-256-CFB1                 : aria-256-cfb1
                        : ARIA-128-CFB8                 : aria-128-cfb8
                        : ARIA-192-CFB8                 : aria-192-cfb8
                        : ARIA-256-CFB8                 : aria-256-cfb8

aria 37                 : ARIA-128-CCM                  : aria-128-ccm
aria 38                 : ARIA-192-CCM                  : aria-192-ccm
aria 39                 : ARIA-256-CCM                  : aria-256-ccm
aria 34                 : ARIA-128-GCM                  : aria-128-gcm
aria 35                 : ARIA-192-GCM                  : aria-192-gcm
aria 36                 : ARIA-256-GCM                  : aria-256-gcm

# Definitions for SEED cipher - ECB, CBC, OFB mode

member-body 410 200004  : KISA          : kisa
kisa 1 3                : SEED-ECB      : seed-ecb
kisa 1 4                : SEED-CBC      : seed-cbc
!Cname seed-cfb128
kisa 1 5                : SEED-CFB      : seed-cfb
!Cname seed-ofb128
kisa 1 6                : SEED-OFB      : seed-ofb


# Definitions for SM4 cipher

sm-scheme 104 1         : SM4-ECB             : sm4-ecb
sm-scheme 104 2         : SM4-CBC             : sm4-cbc
!Cname sm4-ofb128
sm-scheme 104 3         : SM4-OFB             : sm4-ofb
!Cname sm4-cfb128
sm-scheme 104 4         : SM4-CFB             : sm4-cfb
sm-scheme 104 5         : SM4-CFB1            : sm4-cfb1
sm-scheme 104 6         : SM4-CFB8            : sm4-cfb8
sm-scheme 104 7         : SM4-CTR             : sm4-ctr
sm-scheme 104 8         : SM4-GCM             : sm4-gcm
sm-scheme 104 9         : SM4-CCM             : sm4-ccm
sm-scheme 104 10        : SM4-XTS             : sm4-xts

# There is no OID that just denotes "HMAC" oddly enough...

			: HMAC				: hmac
# Nor CMAC either
			: CMAC				: cmac

# Synthetic composite ciphersuites
			: RC4-HMAC-MD5			: rc4-hmac-md5
			: AES-128-CBC-HMAC-SHA1		: aes-128-cbc-hmac-sha1
			: AES-192-CBC-HMAC-SHA1		: aes-192-cbc-hmac-sha1
			: AES-256-CBC-HMAC-SHA1		: aes-256-cbc-hmac-sha1
			: AES-128-CBC-HMAC-SHA256	: aes-128-cbc-hmac-sha256
			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
			: ChaCha20-Poly1305		: chacha20-poly1305
			: ChaCha20			: chacha20

ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH

# RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
# versionOne OBJECT IDENTIFIER ::= {
# iso(1) identified-organization(3) teletrust(36) algorithm(3)
# signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
# ellipticCurve(1) 1 }
1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
1 3 36 3 3 2 8 1 1 2 : brainpoolP160t1
1 3 36 3 3 2 8 1 1 3 : brainpoolP192r1
1 3 36 3 3 2 8 1 1 4 : brainpoolP192t1
1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
# Alternate NID to represent the TLSv1.3 brainpoolP256r1 group
                     : brainpoolP256r1tls13
1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
# Alternate NID to represent the TLSv1.3 brainpoolP384r1 group
                      : brainpoolP384r1tls13
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
# Alternate NID to represent the TLSv1.3 brainpoolP512r1 group
                      : brainpoolP512r1tls13
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1

# ECDH schemes from RFC5753
!Alias x9-63-scheme 1 3 133 16 840 63 0
!Alias secg-scheme certicom-arc 1

x9-63-scheme 2   : dhSinglePass-stdDH-sha1kdf-scheme
secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
secg-scheme 11 2 : dhSinglePass-stdDH-sha384kdf-scheme
secg-scheme 11 3 : dhSinglePass-stdDH-sha512kdf-scheme

x9-63-scheme 3   : dhSinglePass-cofactorDH-sha1kdf-scheme
secg-scheme 14 0 : dhSinglePass-cofactorDH-sha224kdf-scheme
secg-scheme 14 1 : dhSinglePass-cofactorDH-sha256kdf-scheme
secg-scheme 14 2 : dhSinglePass-cofactorDH-sha384kdf-scheme
secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
# NIDs for use with lookup tables.
                 : dh-std-kdf
                 : dh-cofactor-kdf

# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt)
1 3 6 1 4 1 11129 2 4 2	: ct_precert_scts		: CT Precertificate SCTs
1 3 6 1 4 1 11129 2 4 3	: ct_precert_poison		: CT Precertificate Poison
1 3 6 1 4 1 11129 2 4 4	: ct_precert_signer		: CT Precertificate Signer
1 3 6 1 4 1 11129 2 4 5	: ct_cert_scts			: CT Certificate SCTs

# CABForum EV SSL Certificate Guidelines
# (see https://cabforum.org/extended-validation/)
# OIDs for Subject Jurisdiction of Incorporation or Registration
ms-corp 60 2 1 1	: jurisdictionL		: jurisdictionLocalityName
ms-corp 60 2 1 2	: jurisdictionST	: jurisdictionStateOrProvinceName
ms-corp 60 2 1 3	: jurisdictionC		: jurisdictionCountryName

# SCRYPT algorithm
!Cname id-scrypt
1 3 6 1 4 1 11591 4 11		: id-scrypt         : scrypt

# NID for TLS1 PRF
                            : TLS1-PRF          : tls1-prf

# NID for HKDF
                            : HKDF              : hkdf

# NID for SSHKDF
                            : SSHKDF            : sshkdf

# NID for SSKDF
                            : SSKDF              : sskdf
# NID for X942KDF
                            : X942KDF            : x942kdf

# NID for X963-2001 KDF
                            : X963KDF            : x963kdf

# RFC 4556
1 3 6 1 5 2 3 : id-pkinit
id-pkinit 4                     : pkInitClientAuth      : PKINIT Client Auth
id-pkinit 5                     : pkInitKDC             : Signing KDC Response

# From RFC8410
1 3 101 110 : X25519
1 3 101 111 : X448
1 3 101 112 : ED25519
1 3 101 113 : ED448


# NIDs for cipher key exchange
                            : KxRSA        : kx-rsa
                            : KxECDHE      : kx-ecdhe
                            : KxDHE        : kx-dhe
                            : KxECDHE-PSK  : kx-ecdhe-psk
                            : KxDHE-PSK    : kx-dhe-psk
                            : KxRSA_PSK    : kx-rsa-psk
                            : KxPSK        : kx-psk
                            : KxSRP        : kx-srp
                            : KxGOST       : kx-gost
                            : KxGOST18     : kx-gost18
                            : KxANY        : kx-any

# NIDs for cipher authentication
                            : AuthRSA      : auth-rsa
                            : AuthECDSA    : auth-ecdsa
                            : AuthPSK      : auth-psk
                            : AuthDSS      : auth-dss
                            : AuthGOST01   : auth-gost01
                            : AuthGOST12   : auth-gost12
                            : AuthSRP      : auth-srp
                            : AuthNULL     : auth-null
                            : AuthANY      : auth-any
# NID for Poly1305
                            : Poly1305     : poly1305
# NID for SipHash
                            : SipHash      : siphash
# NIDs for RFC7919 DH parameters
                            : ffdhe2048
                            : ffdhe3072
                            : ffdhe4096
                            : ffdhe6144
                            : ffdhe8192
# NIDs for RFC3526 DH parameters
                            : modp_1536
                            : modp_2048
                            : modp_3072
                            : modp_4096
                            : modp_6144
                            : modp_8192

# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)

# DSTU OIDs
member-body 804   : ISO-UA
ISO-UA 2 1 1 1    : ua-pki
ua-pki 1 1 1      : dstu28147         : DSTU Gost 28147-2009
dstu28147 2       : dstu28147-ofb     : DSTU Gost 28147-2009 OFB mode
dstu28147 3       : dstu28147-cfb     : DSTU Gost 28147-2009 CFB mode
dstu28147 5       : dstu28147-wrap    : DSTU Gost 28147-2009 key wrap

ua-pki 1 1 2      : hmacWithDstu34311 : HMAC DSTU Gost 34311-95
ua-pki 1 2 1      : dstu34311         : DSTU Gost 34311-95

ua-pki 1 3 1 1    : dstu4145le        : DSTU 4145-2002 little endian
dstu4145le 1 1    : dstu4145be        : DSTU 4145-2002 big endian

# 1.2.804. 2.1.1.1 1.3.1.1  .2.6
#     UA    ua-pki  4145 le
# DSTU named curves
dstu4145le 2 0 : uacurve0 : DSTU curve 0
dstu4145le 2 1 : uacurve1 : DSTU curve 1
dstu4145le 2 2 : uacurve2 : DSTU curve 2
dstu4145le 2 3 : uacurve3 : DSTU curve 3
dstu4145le 2 4 : uacurve4 : DSTU curve 4
dstu4145le 2 5 : uacurve5 : DSTU curve 5
dstu4145le 2 6 : uacurve6 : DSTU curve 6
dstu4145le 2 7 : uacurve7 : DSTU curve 7
dstu4145le 2 8 : uacurve8 : DSTU curve 8
dstu4145le 2 9 : uacurve9 : DSTU curve 9
# NID for AES-SIV
                            : AES-128-SIV  : aes-128-siv
                            : AES-192-SIV  : aes-192-siv
                            : AES-256-SIV  : aes-256-siv


!Cname oracle
joint-iso-itu-t 16 840 1 113894 : oracle-organization : Oracle organization
# Jdk trustedKeyUsage attribute
oracle 746875 1 1 : oracle-jdk-trustedkeyusage : Trusted key usage (Oracle)

# NID for compression
                            : brotli : Brotli compression
			    : zstd : Zstandard compression