dumpasn1-20191022/0000755000175000017500000000000013560525736013372 5ustar mathieumathieudumpasn1-20191022/dumpasn1.cfg0000644000175000017500000073410313553476302015607 0ustar mathieumathieu# dumpasn1 Object Identifier configuration file, available from # http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. Last updated 11 # June 2018, or 20180611 if you want it that way. This file is read by # dumpasn1.c and is used to display information on Object Identifiers found # in ASN.1 objects. This is merely a list of things that you might # conceivably find in use somewhere, and should in no way be taken as a # guide to which OIDs to use - many of these will never been seen in the # wild, or should be shot on sight if encountered. # # The format of this file is as follows: # # - All blank lines and lines beginning with a '#' are ignored. # # - OIDs are described by a set of attributes, of which at least the 'OID' # and 'Description' must be present. Optional attributes are a 'Comment' # and a 'Warning' (to indicate that dumpasn1 will display a warning if # this OID is encountered). # # - Attributes are listed one per line. The first attribute should be an # 'OID' attribute since this is used to denote the start of a new OID # description. The other attributes may be given in any order. # # - Offical attribute names vary widely depending on who's creating them. # In an attempt to avoid a confusing mass of naming styles (in particular # the more recent fashion trend of naming OIDs following formulae like # standard-group-name-algorithm-mechanism-subalgorithm-more-standards- # more-algorithms-I'd-like-to-thank-the-academy-etc rather than older forms # like rsaWithSHA1 has lead to extremely noisy and hard-to-decipher names), # this file aims for consistency by normalising the naming for attributes, # however this means that the name used here may not entirely match the # actual name. # # See the rest of this file for examples of what an OID description should # look like. # Deutsche Telekom/Telesec OID = 0 2 262 1 10 Comment = Deutsche Telekom Description = Telesec OID = 0 2 262 1 10 0 Comment = Telesec Description = extension OID = 0 2 262 1 10 1 Comment = Telesec Description = mechanism OID = 0 2 262 1 10 1 0 Comment = Telesec mechanism Description = authentication OID = 0 2 262 1 10 1 0 1 Comment = Telesec authentication Description = passwordAuthentication OID = 0 2 262 1 10 1 0 2 Comment = Telesec authentication Description = protectedPasswordAuthentication OID = 0 2 262 1 10 1 0 3 Comment = Telesec authentication Description = oneWayX509Authentication OID = 0 2 262 1 10 1 0 4 Comment = Telesec authentication Description = twoWayX509Authentication OID = 0 2 262 1 10 1 0 5 Comment = Telesec authentication Description = threeWayX509Authentication OID = 0 2 262 1 10 1 0 6 Comment = Telesec authentication Description = oneWayISO9798Authentication OID = 0 2 262 1 10 1 0 7 Comment = Telesec authentication Description = twoWayISO9798Authentication OID = 0 2 262 1 10 1 0 8 Comment = Telesec authentication Description = telekomAuthentication OID = 0 2 262 1 10 1 1 Comment = Telesec mechanism Description = signature OID = 0 2 262 1 10 1 1 1 Comment = Telesec mechanism Description = md4WithRSAAndISO9697 OID = 0 2 262 1 10 1 1 2 Comment = Telesec mechanism Description = md4WithRSAAndTelesecSignatureStandard OID = 0 2 262 1 10 1 1 3 Comment = Telesec mechanism Description = md5WithRSAAndISO9697 OID = 0 2 262 1 10 1 1 4 Comment = Telesec mechanism Description = md5WithRSAAndTelesecSignatureStandard # PKCS #1 signature with RIPEMD-160 OID = 0 2 262 1 10 1 1 5 Comment = Telesec mechanism Description = ripemd160WithRSAAndTelekomSignatureStandard # RIPEMD-160 with raw RSA (ie no padding, just 160 bytes encrypted) signature OID = 0 2 262 1 10 1 1 9 Comment = Telesec signature Description = hbciRsaSignature OID = 0 2 262 1 10 1 2 Comment = Telesec mechanism Description = encryption # Specially recommended by the NSA for German use OID = 0 2 262 1 10 1 2 0 Comment = Telesec encryption Description = none OID = 0 2 262 1 10 1 2 1 Comment = Telesec encryption Description = rsaTelesec OID = 0 2 262 1 10 1 2 2 Comment = Telesec encryption Description = des OID = 0 2 262 1 10 1 2 2 1 Comment = Telesec encryption Description = desECB OID = 0 2 262 1 10 1 2 2 2 Comment = Telesec encryption Description = desCBC OID = 0 2 262 1 10 1 2 2 3 Comment = Telesec encryption Description = desOFB OID = 0 2 262 1 10 1 2 2 4 Comment = Telesec encryption Description = desCFB8 OID = 0 2 262 1 10 1 2 2 5 Comment = Telesec encryption Description = desCFB64 OID = 0 2 262 1 10 1 2 3 Comment = Telesec encryption Description = des3 OID = 0 2 262 1 10 1 2 3 1 Comment = Telesec encryption Description = des3ECB OID = 0 2 262 1 10 1 2 3 2 Comment = Telesec encryption Description = des3CBC OID = 0 2 262 1 10 1 2 3 3 Comment = Telesec encryption Description = des3OFB OID = 0 2 262 1 10 1 2 3 4 Comment = Telesec encryption Description = des3CFB8 OID = 0 2 262 1 10 1 2 3 5 Comment = Telesec encryption Description = des3CFB64 OID = 0 2 262 1 10 1 2 4 Comment = Telesec encryption Description = magenta OID = 0 2 262 1 10 1 2 5 Comment = Telesec encryption Description = idea OID = 0 2 262 1 10 1 2 5 1 Comment = Telesec encryption Description = ideaECB OID = 0 2 262 1 10 1 2 5 2 Comment = Telesec encryption Description = ideaCBC OID = 0 2 262 1 10 1 2 5 3 Comment = Telesec encryption Description = ideaOFB OID = 0 2 262 1 10 1 2 5 4 Comment = Telesec encryption Description = ideaCFB8 OID = 0 2 262 1 10 1 2 5 5 Comment = Telesec encryption Description = ideaCFB64 OID = 0 2 262 1 10 1 3 Comment = Telesec mechanism Description = oneWayFunction OID = 0 2 262 1 10 1 3 1 Comment = Telesec one-way function Description = md4 OID = 0 2 262 1 10 1 3 2 Comment = Telesec one-way function Description = md5 OID = 0 2 262 1 10 1 3 3 Comment = Telesec one-way function Description = sqModNX509 OID = 0 2 262 1 10 1 3 4 Comment = Telesec one-way function Description = sqModNISO OID = 0 2 262 1 10 1 3 5 Comment = Telesec one-way function Description = ripemd128 OID = 0 2 262 1 10 1 3 6 Comment = Telesec one-way function Description = hashUsingBlockCipher OID = 0 2 262 1 10 1 3 7 Comment = Telesec one-way function Description = mac OID = 0 2 262 1 10 1 3 8 Comment = Telesec one-way function Description = ripemd160 OID = 0 2 262 1 10 1 4 Comment = Telesec mechanism Description = fecFunction OID = 0 2 262 1 10 1 4 1 Comment = Telesec mechanism Description = reedSolomon OID = 0 2 262 1 10 2 Comment = Telesec Description = module OID = 0 2 262 1 10 2 0 Comment = Telesec module Description = algorithms OID = 0 2 262 1 10 2 1 Comment = Telesec module Description = attributeTypes OID = 0 2 262 1 10 2 2 Comment = Telesec module Description = certificateTypes OID = 0 2 262 1 10 2 3 Comment = Telesec module Description = messageTypes OID = 0 2 262 1 10 2 4 Comment = Telesec module Description = plProtocol OID = 0 2 262 1 10 2 5 Comment = Telesec module Description = smeAndComponentsOfSme OID = 0 2 262 1 10 2 6 Comment = Telesec module Description = fec OID = 0 2 262 1 10 2 7 Comment = Telesec module Description = usefulDefinitions OID = 0 2 262 1 10 2 8 Comment = Telesec module Description = stefiles OID = 0 2 262 1 10 2 9 Comment = Telesec module Description = sadmib OID = 0 2 262 1 10 2 10 Comment = Telesec module Description = electronicOrder OID = 0 2 262 1 10 2 11 Comment = Telesec module Description = telesecTtpAsymmetricApplication OID = 0 2 262 1 10 2 12 Comment = Telesec module Description = telesecTtpBasisApplication OID = 0 2 262 1 10 2 13 Comment = Telesec module Description = telesecTtpMessages OID = 0 2 262 1 10 2 14 Comment = Telesec module Description = telesecTtpTimeStampApplication OID = 0 2 262 1 10 3 Comment = Telesec Description = objectClass OID = 0 2 262 1 10 3 0 Comment = Telesec object class Description = telesecOtherName OID = 0 2 262 1 10 3 1 Comment = Telesec object class Description = directory OID = 0 2 262 1 10 3 2 Comment = Telesec object class Description = directoryType OID = 0 2 262 1 10 3 3 Comment = Telesec object class Description = directoryGroup OID = 0 2 262 1 10 3 4 Comment = Telesec object class Description = directoryUser OID = 0 2 262 1 10 3 5 Comment = Telesec object class Description = symmetricKeyEntry OID = 0 2 262 1 10 4 Comment = Telesec Description = package OID = 0 2 262 1 10 5 Comment = Telesec Description = parameter OID = 0 2 262 1 10 6 Comment = Telesec Description = nameBinding OID = 0 2 262 1 10 7 Comment = Telesec Description = attribute OID = 0 2 262 1 10 7 0 Comment = Telesec attribute Description = applicationGroupIdentifier OID = 0 2 262 1 10 7 1 Comment = Telesec attribute Description = certificateType OID = 0 2 262 1 10 7 2 Comment = Telesec attribute Description = telesecCertificate OID = 0 2 262 1 10 7 3 Comment = Telesec attribute Description = certificateNumber OID = 0 2 262 1 10 7 4 Comment = Telesec attribute Description = certificateRevocationList OID = 0 2 262 1 10 7 5 Comment = Telesec attribute Description = creationDate OID = 0 2 262 1 10 7 6 Comment = Telesec attribute Description = issuer OID = 0 2 262 1 10 7 7 Comment = Telesec attribute Description = namingAuthority OID = 0 2 262 1 10 7 8 Comment = Telesec attribute Description = publicKeyDirectory OID = 0 2 262 1 10 7 9 Comment = Telesec attribute Description = securityDomain OID = 0 2 262 1 10 7 10 Comment = Telesec attribute Description = subject OID = 0 2 262 1 10 7 11 Comment = Telesec attribute Description = timeOfRevocation OID = 0 2 262 1 10 7 12 Comment = Telesec attribute Description = userGroupReference OID = 0 2 262 1 10 7 13 Comment = Telesec attribute Description = validity OID = 0 2 262 1 10 7 14 Comment = Telesec attribute Description = zert93 # It really is called that OID = 0 2 262 1 10 7 15 Comment = Telesec attribute Description = securityMessEnv OID = 0 2 262 1 10 7 16 Comment = Telesec attribute Description = anonymizedPublicKeyDirectory OID = 0 2 262 1 10 7 17 Comment = Telesec attribute Description = telesecGivenName OID = 0 2 262 1 10 7 18 Comment = Telesec attribute Description = nameAdditions OID = 0 2 262 1 10 7 19 Comment = Telesec attribute Description = telesecPostalCode OID = 0 2 262 1 10 7 20 Comment = Telesec attribute Description = nameDistinguisher OID = 0 2 262 1 10 7 21 Comment = Telesec attribute Description = telesecCertificateList OID = 0 2 262 1 10 7 22 Comment = Telesec attribute Description = teletrustCertificateList OID = 0 2 262 1 10 7 23 Comment = Telesec attribute Description = x509CertificateList OID = 0 2 262 1 10 7 24 Comment = Telesec attribute Description = timeOfIssue OID = 0 2 262 1 10 7 25 Comment = Telesec attribute Description = physicalCardNumber OID = 0 2 262 1 10 7 26 Comment = Telesec attribute Description = fileType OID = 0 2 262 1 10 7 27 Comment = Telesec attribute Description = ctlFileIsArchive OID = 0 2 262 1 10 7 28 Comment = Telesec attribute Description = emailAddress OID = 0 2 262 1 10 7 29 Comment = Telesec attribute Description = certificateTemplateList OID = 0 2 262 1 10 7 30 Comment = Telesec attribute Description = directoryName OID = 0 2 262 1 10 7 31 Comment = Telesec attribute Description = directoryTypeName OID = 0 2 262 1 10 7 32 Comment = Telesec attribute Description = directoryGroupName OID = 0 2 262 1 10 7 33 Comment = Telesec attribute Description = directoryUserName OID = 0 2 262 1 10 7 34 Comment = Telesec attribute Description = revocationFlag OID = 0 2 262 1 10 7 35 Comment = Telesec attribute Description = symmetricKeyEntryName OID = 0 2 262 1 10 7 36 Comment = Telesec attribute Description = glNumber OID = 0 2 262 1 10 7 37 Comment = Telesec attribute Description = goNumber OID = 0 2 262 1 10 7 38 Comment = Telesec attribute Description = gKeyData OID = 0 2 262 1 10 7 39 Comment = Telesec attribute Description = zKeyData OID = 0 2 262 1 10 7 40 Comment = Telesec attribute Description = ktKeyData OID = 0 2 262 1 10 7 41 Comment = Telesec attribute Description = ktKeyNumber OID = 0 2 262 1 10 7 51 Comment = Telesec attribute Description = timeOfRevocationGen OID = 0 2 262 1 10 7 52 Comment = Telesec attribute Description = liabilityText OID = 0 2 262 1 10 8 Comment = Telesec Description = attributeGroup OID = 0 2 262 1 10 9 Comment = Telesec Description = action OID = 0 2 262 1 10 10 Comment = Telesec Description = notification OID = 0 2 262 1 10 11 Comment = Telesec Description = snmp-mibs OID = 0 2 262 1 10 11 1 Comment = Telesec SNMP MIBs Description = securityApplication OID = 0 2 262 1 10 12 Comment = Telesec Description = certAndCrlExtensionDefinitions # ISIS-MTT SigG-Profile: Indicates that an attribute certificate # exists, which limits the usability of this public key certificate. OID = 0 2 262 1 10 12 0 Comment = Telesec cert/CRL extension Description = liabilityLimitationFlag OID = 0 2 262 1 10 12 1 Comment = Telesec cert/CRL extension Description = telesecCertIdExt OID = 0 2 262 1 10 12 2 Comment = Telesec cert/CRL extension Description = Telesec policyIdentifier OID = 0 2 262 1 10 12 3 Comment = Telesec cert/CRL extension Description = telesecPolicyQualifierID OID = 0 2 262 1 10 12 4 Comment = Telesec cert/CRL extension Description = telesecCRLFilteredExt OID = 0 2 262 1 10 12 5 Comment = Telesec cert/CRL extension Description = telesecCRLFilterExt OID = 0 2 262 1 10 12 6 Comment = Telesec cert/CRL extension Description = telesecNamingAuthorityExt # BSI e-Pass (TR-03110/TR-03111). TA = Terminal Authentication (Passport # PKI with monthly global cert updates), CA = Chip Authentication # (Auth using static [EC]DH), PACE = Password Authenticated Connection # Establishment, RI = Restricted Information Protocol, Eid = eID # Smartcard Application, PT = Privileged Terminal, IS = Inspection # System, AT = Authentication Terminal, ST = Signature Terminal. OID = 0 4 0 127 0 7 Comment = BSI TR-03110/TR-03111 Description = bsi OID = 0 4 0 127 0 7 1 Comment = BSI TR-03111 Description = bsiEcc OID = 0 4 0 127 0 7 1 1 Comment = BSI TR-03111 Description = bsifieldType OID = 0 4 0 127 0 7 1 1 1 Comment = BSI TR-03111 Description = bsiPrimeField OID = 0 4 0 127 0 7 1 1 2 Comment = BSI TR-03111 Description = bsiCharacteristicTwoField OID = 0 4 0 127 0 7 1 1 2 2 Comment = BSI TR-03111 Description = bsiECTLVKeyFormat OID = 0 4 0 127 0 7 1 1 2 2 1 Comment = BSI TR-03111 Description = bsiECTLVPublicKey OID = 0 4 0 127 0 7 1 1 2 3 Comment = BSI TR-03111 Description = bsiCharacteristicTwoBasis OID = 0 4 0 127 0 7 1 1 2 3 1 Comment = BSI TR-03111 Description = bsiGnBasis OID = 0 4 0 127 0 7 1 1 2 3 2 Comment = BSI TR-03111 Description = bsiTpBasis OID = 0 4 0 127 0 7 1 1 2 3 3 Comment = BSI TR-03111 Description = bsiPpBasis OID = 0 4 0 127 0 7 1 1 4 1 Comment = BSI TR-03111 Description = bsiEcdsaSignatures OID = 0 4 0 127 0 7 1 1 4 1 1 Comment = BSI TR-03111 Description = bsiEcdsaWithSHA1 OID = 0 4 0 127 0 7 1 1 4 1 2 Comment = BSI TR-03111 Description = bsiEcdsaWithSHA224 OID = 0 4 0 127 0 7 1 1 4 1 3 Comment = BSI TR-03111 Description = bsiEcdsaWithSHA256 OID = 0 4 0 127 0 7 1 1 4 1 4 Comment = BSI TR-03111 Description = bsiEcdsaWithSHA384 OID = 0 4 0 127 0 7 1 1 4 1 5 Comment = BSI TR-03111 Description = bsiEcdsaWithSHA512 OID = 0 4 0 127 0 7 1 1 4 1 6 Comment = BSI TR-03111 Description = bsiEcdsaWithRIPEMD160 OID = 0 4 0 127 0 7 1 1 5 1 1 Comment = BSI TR-03111 Description = bsiEckaEgX963KDF OID = 0 4 0 127 0 7 1 1 5 1 1 1 Comment = BSI TR-03111 Description = bsiEckaEgX963KDFWithSHA1 OID = 0 4 0 127 0 7 1 1 5 1 1 2 Comment = BSI TR-03111 Description = bsiEckaEgX963KDFWithSHA224 OID = 0 4 0 127 0 7 1 1 5 1 1 3 Comment = BSI TR-03111 Description = bsiEckaEgX963KDFWithSHA256 OID = 0 4 0 127 0 7 1 1 5 1 1 4 Comment = BSI TR-03111 Description = bsiEckaEgX963KDFWithSHA384 OID = 0 4 0 127 0 7 1 1 5 1 1 5 Comment = BSI TR-03111 Description = bsiEckaEgX963KDFWithSHA512 OID = 0 4 0 127 0 7 1 1 5 1 1 6 Comment = BSI TR-03111 Description = bsiEckaEgX963KDFWithRIPEMD160 OID = 0 4 0 127 0 7 1 1 5 1 2 Comment = BSI TR-03111 Description = bsiEckaEgSessionKDF OID = 0 4 0 127 0 7 1 1 5 1 2 1 Comment = BSI TR-03111 Description = bsiEckaEgSessionKDFWith3DES OID = 0 4 0 127 0 7 1 1 5 1 2 2 Comment = BSI TR-03111 Description = bsiEckaEgSessionKDFWithAES128 OID = 0 4 0 127 0 7 1 1 5 1 2 3 Comment = BSI TR-03111 Description = bsiEckaEgSessionKDFWithAES192 OID = 0 4 0 127 0 7 1 1 5 1 2 4 Comment = BSI TR-03111 Description = bsiEckaEgSessionKDFWithAES256 OID = 0 4 0 127 0 7 1 1 5 2 Comment = BSI TR-03111 Description = bsiEckaDH OID = 0 4 0 127 0 7 1 1 5 2 1 Comment = BSI TR-03111 Description = bsiEckaDHX963KDF OID = 0 4 0 127 0 7 1 1 5 2 1 1 Comment = BSI TR-03111 Description = bsiEckaDHX963KDFWithSHA1 OID = 0 4 0 127 0 7 1 1 5 2 1 2 Comment = BSI TR-03111 Description = bsiEckaDHX963KDFWithSHA224 OID = 0 4 0 127 0 7 1 1 5 2 1 3 Comment = BSI TR-03111 Description = bsiEckaDHX963KDFWithSHA256 OID = 0 4 0 127 0 7 1 1 5 2 1 4 Comment = BSI TR-03111 Description = bsiEckaDHX963KDFWithSHA384 OID = 0 4 0 127 0 7 1 1 5 2 1 5 Comment = BSI TR-03111 Description = bsiEckaDHX963KDFWithSHA512 OID = 0 4 0 127 0 7 1 1 5 2 1 6 Comment = BSI TR-03111 Description = bsiEckaDHX963KDFWithRIPEMD160 OID = 0 4 0 127 0 7 1 1 5 2 2 Comment = BSI TR-03111 Description = bsiEckaDHSessionKDF OID = 0 4 0 127 0 7 1 1 5 2 2 1 Comment = BSI TR-03111 Description = bsiEckaDHSessionKDFWith3DES OID = 0 4 0 127 0 7 1 1 5 2 2 2 Comment = BSI TR-03111 Description = bsiEckaDHSessionKDFWithAES128 OID = 0 4 0 127 0 7 1 1 5 2 2 3 Comment = BSI TR-03111 Description = bsiEckaDHSessionKDFWithAES192 OID = 0 4 0 127 0 7 1 1 5 2 2 4 Comment = BSI TR-03111 Description = bsiEckaDHSessionKDFWithAES256 OID = 0 4 0 127 0 7 1 2 Comment = BSI TR-03111 Description = bsiEcKeyType OID = 0 4 0 127 0 7 1 2 1 Comment = BSI TR-03111 Description = bsiEcPublicKey OID = 0 4 0 127 0 7 1 5 1 Comment = BSI TR-03111 Description = bsiKaeg OID = 0 4 0 127 0 7 1 5 1 1 Comment = BSI TR-03111 Description = bsiKaegWithX963KDF OID = 0 4 0 127 0 7 1 5 1 2 Comment = BSI TR-03111 Description = bsiKaegWith3DESKDF OID = 0 4 0 127 0 7 2 2 1 Comment = BSI TR-03110. Formerly known as bsiCA, now moved to ...2.2.3.x Description = bsiPK OID = 0 4 0 127 0 7 2 2 1 1 Comment = BSI TR-03110. Formerly known as bsiCA_DH, now moved to ...2.2.3.x Description = bsiPK_DH OID = 0 4 0 127 0 7 2 2 1 2 Comment = BSI TR-03110. Formerly known as bsiCA_ECDH, now moved to ...2.2.3.x Description = bsiPK_ECDH OID = 0 4 0 127 0 7 2 2 2 Comment = BSI TR-03110 Description = bsiTA OID = 0 4 0 127 0 7 2 2 2 1 Comment = BSI TR-03110 Description = bsiTA_RSA OID = 0 4 0 127 0 7 2 2 2 1 1 Comment = BSI TR-03110 Description = bsiTA_RSAv1_5_SHA1 OID = 0 4 0 127 0 7 2 2 2 1 2 Comment = BSI TR-03110 Description = bsiTA_RSAv1_5_SHA256 OID = 0 4 0 127 0 7 2 2 2 1 3 Comment = BSI TR-03110 Description = bsiTA_RSAPSS_SHA1 OID = 0 4 0 127 0 7 2 2 2 1 4 Comment = BSI TR-03110 Description = bsiTA_RSAPSS_SHA256 OID = 0 4 0 127 0 7 2 2 2 1 5 Comment = BSI TR-03110 Description = bsiTA_RSAv1_5_SHA512 OID = 0 4 0 127 0 7 2 2 2 1 6 Comment = BSI TR-03110 Description = bsiTA_RSAPSS_SHA512 OID = 0 4 0 127 0 7 2 2 2 2 Comment = BSI TR-03110 Description = bsiTA_ECDSA OID = 0 4 0 127 0 7 2 2 2 2 1 Comment = BSI TR-03110 Description = bsiTA_ECDSA_SHA1 OID = 0 4 0 127 0 7 2 2 2 2 2 Comment = BSI TR-03110 Description = bsiTA_ECDSA_SHA224 OID = 0 4 0 127 0 7 2 2 2 2 3 Comment = BSI TR-03110 Description = bsiTA_ECDSA_SHA256 OID = 0 4 0 127 0 7 2 2 2 2 4 Comment = BSI TR-03110 Description = bsiTA_ECDSA_SHA384 OID = 0 4 0 127 0 7 2 2 2 2 5 Comment = BSI TR-03110 Description = bsiTA_ECDSA_SHA512 OID = 0 4 0 127 0 7 2 2 3 Comment = BSI TR-03110 Description = bsiCA OID = 0 4 0 127 0 7 2 2 3 1 Comment = BSI TR-03110 Description = bsiCA_DH OID = 0 4 0 127 0 7 2 2 3 1 1 Comment = BSI TR-03110 Description = bsiCA_DH_3DES_CBC_CBC OID = 0 4 0 127 0 7 2 2 3 1 2 Comment = BSI TR-03110 Description = bsiCA_DH_AES_CBC_CMAC_128 OID = 0 4 0 127 0 7 2 2 3 1 3 Comment = BSI TR-03110 Description = bsiCA_DH_AES_CBC_CMAC_192 OID = 0 4 0 127 0 7 2 2 3 1 4 Comment = BSI TR-03110 Description = bsiCA_DH_AES_CBC_CMAC_256 OID = 0 4 0 127 0 7 2 2 3 2 Comment = BSI TR-03110 Description = bsiCA_ECDH OID = 0 4 0 127 0 7 2 2 3 2 1 Comment = BSI TR-03110 Description = bsiCA_ECDH_3DES_CBC_CBC OID = 0 4 0 127 0 7 2 2 3 2 2 Comment = BSI TR-03110 Description = bsiCA_ECDH_AES_CBC_CMAC_128 OID = 0 4 0 127 0 7 2 2 3 2 3 Comment = BSI TR-03110 Description = bsiCA_ECDH_AES_CBC_CMAC_192 OID = 0 4 0 127 0 7 2 2 3 2 4 Comment = BSI TR-03110 Description = bsiCA_ECDH_AES_CBC_CMAC_256 OID = 0 4 0 127 0 7 2 2 4 Comment = BSI TR-03110 Description = bsiPACE OID = 0 4 0 127 0 7 2 2 4 1 Comment = BSI TR-03110 Description = bsiPACE_DH_GM OID = 0 4 0 127 0 7 2 2 4 1 1 Comment = BSI TR-03110 Description = bsiPACE_DH_GM_3DES_CBC_CBC OID = 0 4 0 127 0 7 2 2 4 1 2 Comment = BSI TR-03110 Description = bsiPACE_DH_GM_AES_CBC_CMAC_128 OID = 0 4 0 127 0 7 2 2 4 1 3 Comment = BSI TR-03110 Description = bsiPACE_DH_GM_AES_CBC_CMAC_192 OID = 0 4 0 127 0 7 2 2 4 1 4 Comment = BSI TR-03110 Description = bsiPACE_DH_GM_AES_CBC_CMAC_256 OID = 0 4 0 127 0 7 2 2 4 2 Comment = BSI TR-03110 Description = bsiPACE_ECDH_GM OID = 0 4 0 127 0 7 2 2 4 2 1 Comment = BSI TR-03110 Description = bsiPACE_ECDH_GM_3DES_CBC_CBC OID = 0 4 0 127 0 7 2 2 4 2 2 Comment = BSI TR-03110 Description = bsiPACE_ECDH_GM_AES_CBC_CMAC_128 OID = 0 4 0 127 0 7 2 2 4 2 3 Comment = BSI TR-03110 Description = bsiPACE_ECDH_GM_AES_CBC_CMAC_192 OID = 0 4 0 127 0 7 2 2 4 2 4 Comment = BSI TR-03110 Description = bsiPACE_ECDH_GM_AES_CBC_CMAC_256 OID = 0 4 0 127 0 7 2 2 4 3 Comment = BSI TR-03110 Description = bsiPACE_DH_IM OID = 0 4 0 127 0 7 2 2 4 3 1 Comment = BSI TR-03110 Description = bsiPACE_DH_IM_3DES_CBC_CBC OID = 0 4 0 127 0 7 2 2 4 3 2 Comment = BSI TR-03110 Description = bsiPACE_DH_IM_AES_CBC_CMAC_128 OID = 0 4 0 127 0 7 2 2 4 3 3 Comment = BSI TR-03110 Description = bsiPACE_DH_IM_AES_CBC_CMAC_192 OID = 0 4 0 127 0 7 2 2 4 3 4 Comment = BSI TR-03110 Description = bsiPACE_DH_IM_AES_CBC_CMAC_256 OID = 0 4 0 127 0 7 2 2 4 4 Comment = BSI TR-03110 Description = bsiPACE_ECDH_IM OID = 0 4 0 127 0 7 2 2 4 4 1 Comment = BSI TR-03110 Description = bsiPACE_ECDH_IM_3DES_CBC_CBC OID = 0 4 0 127 0 7 2 2 4 4 2 Comment = BSI TR-03110 Description = bsiPACE_ECDH_IM_AES_CBC_CMAC_128 OID = 0 4 0 127 0 7 2 2 4 4 3 Comment = BSI TR-03110 Description = bsiPACE_ECDH_IM_AES_CBC_CMAC_192 OID = 0 4 0 127 0 7 2 2 4 4 4 Comment = BSI TR-03110 Description = bsiPACE_ECDH_IM_AES_CBC_CMAC_256 OID = 0 4 0 127 0 7 2 2 5 Comment = BSI TR-03110 Description = bsiRI OID = 0 4 0 127 0 7 2 2 5 1 Comment = BSI TR-03110 Description = bsiRI_DH OID = 0 4 0 127 0 7 2 2 5 1 1 Comment = BSI TR-03110 Description = bsiRI_DH_SHA1 OID = 0 4 0 127 0 7 2 2 5 1 2 Comment = BSI TR-03110 Description = bsiRI_DH_SHA224 OID = 0 4 0 127 0 7 2 2 5 1 3 Comment = BSI TR-03110 Description = bsiRI_DH_SHA256 OID = 0 4 0 127 0 7 2 2 5 1 4 Comment = BSI TR-03110 Description = bsiRI_DH_SHA384 OID = 0 4 0 127 0 7 2 2 5 1 5 Comment = BSI TR-03110 Description = bsiRI_DH_SHA512 OID = 0 4 0 127 0 7 2 2 5 2 Comment = BSI TR-03110 Description = bsiRI_ECDH OID = 0 4 0 127 0 7 2 2 5 2 1 Comment = BSI TR-03110 Description = bsiRI_ECDH_SHA1 OID = 0 4 0 127 0 7 2 2 5 2 2 Comment = BSI TR-03110 Description = bsiRI_ECDH_SHA224 OID = 0 4 0 127 0 7 2 2 5 2 3 Comment = BSI TR-03110 Description = bsiRI_ECDH_SHA256 OID = 0 4 0 127 0 7 2 2 5 2 4 Comment = BSI TR-03110 Description = bsiRI_ECDH_SHA384 OID = 0 4 0 127 0 7 2 2 5 2 5 Comment = BSI TR-03110 Description = bsiRI_ECDH_SHA512 OID = 0 4 0 127 0 7 2 2 6 Comment = BSI TR-03110 Description = bsiCardInfo OID = 0 4 0 127 0 7 2 2 7 Comment = BSI TR-03110 Description = bsiEidSecurity OID = 0 4 0 127 0 7 2 2 8 Comment = BSI TR-03110 Description = bsiPT OID = 0 4 0 127 0 7 3 1 2 Comment = BSI TR-03110 Description = bsiEACRoles OID = 0 4 0 127 0 7 3 1 2 1 Comment = BSI TR-03110 Description = bsiEACRolesIS OID = 0 4 0 127 0 7 3 1 2 2 Comment = BSI TR-03110 Description = bsiEACRolesAT OID = 0 4 0 127 0 7 3 1 2 3 Comment = BSI TR-03110 Description = bsiEACRolesST OID = 0 4 0 127 0 7 3 1 3 Comment = BSI TR-03110 Description = bsiTAv2ce OID = 0 4 0 127 0 7 3 1 3 1 Comment = BSI TR-03110 Description = bsiTAv2ceDescription OID = 0 4 0 127 0 7 3 1 3 1 1 Comment = BSI TR-03110 Description = bsiTAv2ceDescriptionPlainText OID = 0 4 0 127 0 7 3 1 3 1 2 Comment = BSI TR-03110 Description = bsiTAv2ceDescriptionIA5String OID = 0 4 0 127 0 7 3 1 3 1 3 Comment = BSI TR-03110 Description = bsiTAv2ceDescriptionOctetString OID = 0 4 0 127 0 7 3 1 3 2 Comment = BSI TR-03110 Description = bsiTAv2ceTerminalSector OID = 0 4 0 127 0 7 3 1 4 Comment = BSI TR-03110 Description = bsiAuxData OID = 0 4 0 127 0 7 3 1 4 1 Comment = BSI TR-03110 Description = bsiAuxDataBirthday OID = 0 4 0 127 0 7 3 1 4 2 Comment = BSI TR-03110 Description = bsiAuxDataExpireDate OID = 0 4 0 127 0 7 3 1 4 3 Comment = BSI TR-03110 Description = bsiAuxDataCommunityID OID = 0 4 0 127 0 7 3 1 5 Comment = BSI TR-03110 Description = bsiDefectList OID = 0 4 0 127 0 7 3 1 5 1 Comment = BSI TR-03110 Description = bsiDefectAuthDefect OID = 0 4 0 127 0 7 3 1 5 1 1 Comment = BSI TR-03110 Description = bsiDefectCertRevoked OID = 0 4 0 127 0 7 3 1 5 1 2 Comment = BSI TR-03110 Description = bsiDefectCertReplaced OID = 0 4 0 127 0 7 3 1 5 1 3 Comment = BSI TR-03110 Description = bsiDefectChipAuthKeyRevoked OID = 0 4 0 127 0 7 3 1 5 1 4 Comment = BSI TR-03110 Description = bsiDefectActiveAuthKeyRevoked OID = 0 4 0 127 0 7 3 1 5 2 Comment = BSI TR-03110 Description = bsiDefectEPassportDefect OID = 0 4 0 127 0 7 3 1 5 2 1 Comment = BSI TR-03110 Description = bsiDefectEPassportDGMalformed OID = 0 4 0 127 0 7 3 1 5 2 2 Comment = BSI TR-03110 Description = bsiDefectSODInvalid OID = 0 4 0 127 0 7 3 1 5 3 Comment = BSI TR-03110 Description = bsiDefectEIDDefect OID = 0 4 0 127 0 7 3 1 5 3 1 Comment = BSI TR-03110 Description = bsiDefectEIDDGMalformed OID = 0 4 0 127 0 7 3 1 5 3 2 Comment = BSI TR-03110 Description = bsiDefectEIDIntegrity OID = 0 4 0 127 0 7 3 1 5 4 Comment = BSI TR-03110 Description = bsiDefectDocumentDefect OID = 0 4 0 127 0 7 3 1 5 4 1 Comment = BSI TR-03110 Description = bsiDefectCardSecurityMalformed OID = 0 4 0 127 0 7 3 1 5 4 2 Comment = BSI TR-03110 Description = bsiDefectChipSecurityMalformed OID = 0 4 0 127 0 7 3 1 5 4 3 Comment = BSI TR-03110 Description = bsiDefectPowerDownReq OID = 0 4 0 127 0 7 3 1 6 Comment = BSI TR-03110 Description = bsiListContentDescription OID = 0 4 0 127 0 7 3 2 1 Comment = BSI TR-03110 Description = bsiSecurityObject OID = 0 4 0 127 0 7 3 2 2 Comment = BSI TR-03110 Description = bsiBlackList OID = 0 4 0 127 0 7 3 4 2 2 Comment = BSI TR-03109 Description = bsiSignedUpdateDeviceAdmin OID = 0 4 0 127 0 7 4 1 1 1 Comment = BSI TR-03109 Description = bsiCertReqMsgs OID = 0 4 0 127 0 7 4 1 1 2 Comment = BSI TR-03109 Description = bsiCertReqMsgswithOuterSignature OID = 0 4 0 127 0 7 4 1 1 3 Comment = BSI TR-03109 Description = bsiAuthorizedCertReqMsgs OID = 0 4 0 127 0 7 4 1 2 2 Comment = BSI TR-03109 Description = bsiSignedRevReqs # ETSI TS 101 862 V1.3.3 (2006-01), Qualified certificate profile OID = 0 4 0 1862 Comment = ETSI TS 101 862 qualified certificates Description = etsiQcsProfile OID = 0 4 0 1862 1 Comment = ETSI TS 101 862 qualified certificates Description = etsiQcs OID = 0 4 0 1862 1 1 Comment = ETSI TS 101 862 qualified certificates Description = etsiQcsCompliance OID = 0 4 0 1862 1 2 Comment = ETSI TS 101 862 qualified certificates Description = etsiQcsLimitValue OID = 0 4 0 1862 1 3 Comment = ETSI TS 101 862 qualified certificates Description = etsiQcsRetentionPeriod OID = 0 4 0 1862 1 4 Comment = ETSI TS 101 862 qualified certificates Description = etsiQcsQcSSCD # RFC 1274 (X.500 attribute collection from the UK, thus the weird OID). OID = 0 9 2342 19200300 100 1 1 Comment = Some oddball X.500 attribute collection Description = userID OID = 0 9 2342 19200300 100 1 3 Comment = Some oddball X.500 attribute collection Description = rfc822Mailbox # RFC 2247, How to Kludge an FQDN as a DN (or words to that effect), another # fine product of the UK (also present in the above mentioned RFC 1274). OID = 0 9 2342 19200300 100 1 25 Comment = Men are from Mars, this OID is from Pluto Description = domainComponent # ISO standards OID = 1 0 10118 3 0 49 Comment = ISO 10118-3 hash function Description = ripemd160 OID = 1 0 10118 3 0 50 Comment = ISO 10118-3 hash function Description = ripemd128 OID = 1 0 10118 3 0 55 Comment = ISO 10118-3 hash function Description = whirlpool OID = 1 0 18033 2 Comment = ISO 18033-2 Description = iso18033-2 OID = 1 0 18033 2 2 Comment = ISO 18033-2 algorithms Description = kem OID = 1 0 18033 2 2 4 Comment = ISO 18033-2 KEM algorithms Description = kemRSA # Queensland Government PKI OID = 1 2 36 1 3 1 1 1 Comment = Queensland Government PKI Description = qgpki OID = 1 2 36 1 3 1 1 1 1 Comment = QGPKI policies Description = qgpkiPolicies OID = 1 2 36 1 3 1 1 1 1 1 Comment = QGPKI policy Description = qgpkiMedIntermedCA OID = 1 2 36 1 3 1 1 1 1 1 1 Comment = QGPKI policy Description = qgpkiMedIntermedIndividual OID = 1 2 36 1 3 1 1 1 1 1 2 Comment = QGPKI policy Description = qgpkiMedIntermedDeviceControl OID = 1 2 36 1 3 1 1 1 1 1 3 Comment = QGPKI policy Description = qgpkiMedIntermedDevice OID = 1 2 36 1 3 1 1 1 1 1 4 Comment = QGPKI policy Description = qgpkiMedIntermedAuthorisedParty OID = 1 2 36 1 3 1 1 1 1 1 5 Comment = QGPKI policy Description = qgpkiMedIntermedDeviceSystem OID = 1 2 36 1 3 1 1 1 1 2 Comment = QGPKI policy Description = qgpkiMedIssuingCA OID = 1 2 36 1 3 1 1 1 1 2 1 Comment = QGPKI policy Description = qgpkiMedIssuingIndividual OID = 1 2 36 1 3 1 1 1 1 2 2 Comment = QGPKI policy Description = qgpkiMedIssuingDeviceControl OID = 1 2 36 1 3 1 1 1 1 2 3 Comment = QGPKI policy Description = qgpkiMedIssuingDevice OID = 1 2 36 1 3 1 1 1 1 2 4 Comment = QGPKI policy Description = qgpkiMedIssuingAuthorisedParty OID = 1 2 36 1 3 1 1 1 1 2 5 Comment = QGPKI policy Description = qgpkiMedIssuingClientAuth OID = 1 2 36 1 3 1 1 1 1 2 6 Comment = QGPKI policy Description = qgpkiMedIssuingServerAuth OID = 1 2 36 1 3 1 1 1 1 2 7 Comment = QGPKI policy Description = qgpkiMedIssuingDataProt OID = 1 2 36 1 3 1 1 1 1 2 8 Comment = QGPKI policy Description = qgpkiMedIssuingTokenAuth OID = 1 2 36 1 3 1 1 1 1 3 Comment = QGPKI policy Description = qgpkiBasicIntermedCA OID = 1 2 36 1 3 1 1 1 1 3 1 Comment = QGPKI policy Description = qgpkiBasicIntermedDeviceSystem OID = 1 2 36 1 3 1 1 1 1 4 Comment = QGPKI policy Description = qgpkiBasicIssuingCA OID = 1 2 36 1 3 1 1 1 1 4 1 Comment = QGPKI policy Description = qgpkiBasicIssuingClientAuth OID = 1 2 36 1 3 1 1 1 1 4 2 Comment = QGPKI policy Description = qgpkiBasicIssuingServerAuth OID = 1 2 36 1 3 1 1 1 1 4 3 Comment = QGPKI policy Description = qgpkiBasicIssuingDataSigning OID = 1 2 36 1 3 1 1 1 2 Comment = QGPKI assurance level Description = qgpkiAssuranceLevel OID = 1 2 36 1 3 1 1 1 2 1 Comment = QGPKI assurance level Description = qgpkiAssuranceRudimentary OID = 1 2 36 1 3 1 1 1 2 2 Comment = QGPKI assurance level Description = qgpkiAssuranceBasic OID = 1 2 36 1 3 1 1 1 2 3 Comment = QGPKI assurance level Description = qgpkiAssuranceMedium OID = 1 2 36 1 3 1 1 1 2 4 Comment = QGPKI assurance level Description = qgpkiAssuranceHigh OID = 1 2 36 1 3 1 1 1 3 Comment = QGPKI policies Description = qgpkiCertFunction OID = 1 2 36 1 3 1 1 1 3 1 Comment = QGPKI policies Description = qgpkiFunctionIndividual OID = 1 2 36 1 3 1 1 1 3 2 Comment = QGPKI policies Description = qgpkiFunctionDevice OID = 1 2 36 1 3 1 1 1 3 3 Comment = QGPKI policies Description = qgpkiFunctionAuthorisedParty OID = 1 2 36 1 3 1 1 1 3 4 Comment = QGPKI policies Description = qgpkiFunctionDeviceControl OID = 1 2 36 1 3 1 2 Comment = Queensland Police PKI Description = qpspki OID = 1 2 36 1 3 1 2 1 Comment = Queensland Police PKI Description = qpspkiPolicies OID = 1 2 36 1 3 1 2 1 2 Comment = Queensland Police PKI Description = qpspkiPolicyBasic OID = 1 2 36 1 3 1 2 1 3 Comment = Queensland Police PKI Description = qpspkiPolicyMedium OID = 1 2 36 1 3 1 2 1 4 Comment = Queensland Police PKI Description = qpspkiPolicyHigh OID = 1 2 36 1 3 1 3 2 Comment = Queensland Transport PKI Description = qtmrpki OID = 1 2 36 1 3 1 3 2 1 Comment = Queensland Transport PKI Description = qtmrpkiPolicies OID = 1 2 36 1 3 1 3 2 2 Comment = Queensland Transport PKI Description = qtmrpkiPurpose OID = 1 2 36 1 3 1 3 2 2 1 Comment = Queensland Transport PKI purpose Description = qtmrpkiIndividual OID = 1 2 36 1 3 1 3 2 2 2 Comment = Queensland Transport PKI purpose Description = qtmrpkiDeviceControl OID = 1 2 36 1 3 1 3 2 2 3 Comment = Queensland Transport PKI purpose Description = qtmrpkiDevice OID = 1 2 36 1 3 1 3 2 2 4 Comment = Queensland Transport PKI purpose Description = qtmrpkiAuthorisedParty OID = 1 2 36 1 3 1 3 2 2 5 Comment = Queensland Transport PKI purpose Description = qtmrpkiDeviceSystem OID = 1 2 36 1 3 1 3 2 3 Comment = Queensland Transport PKI Description = qtmrpkiDevice OID = 1 2 36 1 3 1 3 2 3 1 Comment = Queensland Transport PKI device Description = qtmrpkiDriverLicense OID = 1 2 36 1 3 1 3 2 3 2 Comment = Queensland Transport PKI device Description = qtmrpkiIndustryAuthority OID = 1 2 36 1 3 1 3 2 3 3 Comment = Queensland Transport PKI device Description = qtmrpkiMarineLicense OID = 1 2 36 1 3 1 3 2 3 4 Comment = Queensland Transport PKI device Description = qtmrpkiAdultProofOfAge OID = 1 2 36 1 3 1 3 2 3 5 Comment = Queensland Transport PKI device Description = qtmrpkiSam OID = 1 2 36 1 3 1 3 2 4 Comment = Queensland Transport PKI Description = qtmrpkiAuthorisedParty OID = 1 2 36 1 3 1 3 2 4 1 Comment = Queensland Transport PKI authorised party Description = qtmrpkiTransportInspector OID = 1 2 36 1 3 1 3 2 4 2 Comment = Queensland Transport PKI authorised party Description = qtmrpkiPoliceOfficer OID = 1 2 36 1 3 1 3 2 4 3 Comment = Queensland Transport PKI authorised party Description = qtmrpkiSystem OID = 1 2 36 1 3 1 3 2 4 4 Comment = Queensland Transport PKI authorised party Description = qtmrpkiLiquorLicensingInspector OID = 1 2 36 1 3 1 3 2 4 5 Comment = Queensland Transport PKI authorised party Description = qtmrpkiMarineEnforcementOfficer # Australian Government OID = 1 2 36 1 333 1 Comment = Australian Government corporate taxpayer ID Description = australianBusinessNumber # Signet # # Australia uses the corporate tax identifier (ABN) as de facto unique # identifiers in OIDs, thus the bizarre fourth value. See also Certs # Australia below and other Australian corporate OIDs. OID = 1 2 36 68980861 1 1 2 Comment = Signet CA Description = signetPersonal OID = 1 2 36 68980861 1 1 3 Comment = Signet CA Description = signetBusiness OID = 1 2 36 68980861 1 1 4 Comment = Signet CA Description = signetLegal OID = 1 2 36 68980861 1 1 10 Comment = Signet CA Description = signetPilot OID = 1 2 36 68980861 1 1 11 Comment = Signet CA Description = signetIntraNet OID = 1 2 36 68980861 1 1 20 Comment = Signet CA Description = signetPolicy # Certificates Australia. OID = 1 2 36 75878867 1 100 1 1 Comment = Certificates Australia CA Description = certificatesAustraliaPolicy # China GM Standards Committee OID = 1 2 156 10197 1 Comment = China GM Standards Committee Description = gmtCryptographicAlgorithm OID = 1 2 156 10197 1 100 Comment = China GM Standards Committee Description = gmtBlockCipher OID = 1 2 156 10197 1 102 Comment = China GM Standards Committee Description = sm1Cipher OID = 1 2 156 10197 1 103 Comment = China GM Standards Committee Description = ssf33Cipher OID = 1 2 156 10197 1 104 Comment = China GM Standards Committee Description = sm4Cipher OID = 1 2 156 10197 1 200 Comment = China GM Standards Committee Description = gmtStreamCipher OID = 1 2 156 10197 1 201 Comment = China GM Standards Committee Description = zucCipher OID = 1 2 156 10197 1 300 Comment = China GM Standards Committee Description = gmtPublicKeyCryptography OID = 1 2 156 10197 1 301 Comment = China GM Standards Committee Description = sm2ECC OID = 1 2 156 10197 1 301 1 Comment = China GM Standards Committee Description = sm2-1DigitalSignature OID = 1 2 156 10197 1 301 2 Comment = China GM Standards Committee Description = sm2-2KeyExchange OID = 1 2 156 10197 1 301 3 Comment = China GM Standards Committee Description = sm2-3PublicKeyEncryption OID = 1 2 156 10197 1 302 Comment = China GM Standards Committee Description = gmtSM9IBE OID = 1 2 156 10197 1 302 1 Comment = China GM Standards Committee Description = sm9-1DigitalSignature OID = 1 2 156 10197 1 302 2 Comment = China GM Standards Committee Description = sm9-2KeyExchange OID = 1 2 156 10197 1 302 3 Comment = China GM Standards Committee Description = sm9-3PublicKeyEncryption OID = 1 2 156 10197 1 400 Comment = China GM Standards Committee Description = gmtHashAlgorithm OID = 1 2 156 10197 1 401 Comment = China GM Standards Committee Description = sm3Hash OID = 1 2 156 10197 1 401 1 Comment = China GM Standards Committee Description = sm3HashWithoutKey OID = 1 2 156 10197 1 401 2 Comment = China GM Standards Committee Description = sm3HashWithKey OID = 1 2 156 10197 1 500 Comment = China GM Standards Committee Description = gmtDigestSigning OID = 1 2 156 10197 1 501 Comment = China GM Standards Committee Description = sm2withSM3 OID = 1 2 156 10197 1 504 Comment = China GM Standards Committee Description = rsaWithSM3 OID = 1 2 156 10197 4 3 Comment = China GM Standards Committee Description = gmtCertificateAuthority OID = 1 2 156 10197 6 Comment = China GM Standards Committee Description = gmtStandardClass OID = 1 2 156 10197 6 1 Comment = China GM Standards Committee Description = gmtFoundationClass OID = 1 2 156 10197 6 1 1 Comment = China GM Standards Committee Description = gmtAlgorithmClass OID = 1 2 156 10197 6 1 1 1 Comment = China GM Standards Committee Description = zucStandard OID = 1 2 156 10197 6 1 1 2 Comment = China GM Standards Committee Description = sm4Standard OID = 1 2 156 10197 6 1 1 3 Comment = China GM Standards Committee Description = sm2Standard OID = 1 2 156 10197 6 1 1 4 Comment = China GM Standards Committee Description = sm3Standard OID = 1 2 156 10197 6 1 2 Comment = China GM Standards Committee Description = gmtIDClass OID = 1 2 156 10197 6 1 2 1 Comment = China GM Standards Committee Description = gmtCryptoID OID = 1 2 156 10197 6 1 3 Comment = China GM Standards Committee Description = gmtOperationModes OID = 1 2 156 10197 6 1 4 Comment = China GM Standards Committee Description = gmtSecurityMechanism OID = 1 2 156 10197 6 1 4 1 Comment = China GM Standards Committee Description = gmtSM2Specification OID = 1 2 156 10197 6 1 4 2 Comment = China GM Standards Committee Description = gmtSM2CryptographicMessageSyntax OID = 1 2 156 10197 6 2 Comment = China GM Standards Committee Description = gmtDeviceClass OID = 1 2 156 10197 6 3 Comment = China GM Standards Committee Description = gmtServiceClass OID = 1 2 156 10197 6 4 Comment = China GM Standards Committee Description = gmtInfrastructure OID = 1 2 156 10197 6 5 Comment = China GM Standards Committee Description = gmtTestingClass OID = 1 2 156 10197 6 5 1 Comment = China GM Standards Committee Description = gmtRandomTestingClass OID = 1 2 156 10197 6 6 Comment = China GM Standards Committee Description = gmtManagementClass # Mitsubishi OID = 1 2 392 200011 61 1 1 1 Comment = Mitsubishi security algorithm Description = mitsubishiSecurityAlgorithm OID = 1 2 392 200011 61 1 1 1 1 Comment = Mitsubishi security algorithm Description = misty1-cbc # Korean Information Security Agency OID = 1 2 410 200004 1 Comment = KISA algorithm Description = kisaAlgorithm OID = 1 2 410 200004 1 1 Comment = Korean DSA Description = kcdsa OID = 1 2 410 200004 1 2 Comment = Korean hash algorithm Description = has160 OID = 1 2 410 200004 1 3 Comment = Korean SEED algorithm, ECB mode Description = seedECB OID = 1 2 410 200004 1 4 Comment = Korean SEED algorithm, CBC mode Description = seedCBC OID = 1 2 410 200004 1 5 Comment = Korean SEED algorithm, OFB mode Description = seedOFB OID = 1 2 410 200004 1 6 Comment = Korean SEED algorithm, CFB mode Description = seedCFB OID = 1 2 410 200004 1 7 Comment = Korean SEED algorithm, MAC mode Description = seedMAC OID = 1 2 410 200004 1 8 Comment = Korean signature algorithm Description = kcdsaWithHAS160 OID = 1 2 410 200004 1 9 Comment = Korean signature algorithm Description = kcdsaWithSHA1 OID = 1 2 410 200004 1 10 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithHAS160AndSEED-ECB OID = 1 2 410 200004 1 11 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithHAS160AndSEED-CBC OID = 1 2 410 200004 1 12 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithHAS160AndSEED-CFB OID = 1 2 410 200004 1 13 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithHAS160AndSEED-OFB OID = 1 2 410 200004 1 14 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithSHA1AndSEED-ECB OID = 1 2 410 200004 1 15 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithSHA1AndSEED-CBC OID = 1 2 410 200004 1 16 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithSHA1AndSEED-CFB OID = 1 2 410 200004 1 17 Comment = Korean SEED algorithm, PBE key derivation Description = pbeWithSHA1AndSEED-OFB OID = 1 2 410 200004 1 20 Comment = Korean signature algorithm Description = rsaWithHAS160 OID = 1 2 410 200004 1 21 Comment = Korean DSA Description = kcdsa1 OID = 1 2 410 200004 2 Comment = KISA NPKI certificate policies Description = npkiCP OID = 1 2 410 200004 2 1 Comment = KISA NPKI certificate policies Description = npkiSignaturePolicy OID = 1 2 410 200004 3 Comment = KISA NPKI key usage Description = npkiKP OID = 1 2 410 200004 4 Comment = KISA NPKI attribute Description = npkiAT OID = 1 2 410 200004 5 Comment = KISA NPKI licensed CA Description = npkiLCA OID = 1 2 410 200004 5 1 Comment = KISA NPKI licensed CA Description = npkiSignKorea OID = 1 2 410 200004 5 2 Comment = KISA NPKI licensed CA Description = npkiSignGate OID = 1 2 410 200004 5 3 Comment = KISA NPKI licensed CA Description = npkiNcaSign OID = 1 2 410 200004 6 Comment = KISA NPKI otherName Description = npkiON OID = 1 2 410 200004 7 Comment = KISA NPKI application Description = npkiAPP OID = 1 2 410 200004 7 1 Comment = KISA NPKI application Description = npkiSMIME OID = 1 2 410 200004 7 1 1 Comment = KISA NPKI application Description = npkiSMIMEAlgo OID = 1 2 410 200004 7 1 1 1 Comment = KISA NPKI application Description = npkiCmsSEEDWrap OID = 1 2 410 200004 10 Comment = KISA NPKI Description = npki OID = 1 2 410 200004 10 1 Comment = KISA NPKI attribute Description = npkiAttribute OID = 1 2 410 200004 10 1 1 Comment = KISA NPKI attribute Description = npkiIdentifyData # Duplicates 1 2 410 200004 10 1 1 4 OID = 1 2 410 200004 10 1 1 1 Comment = KISA NPKI attribute Description = npkiVID OID = 1 2 410 200004 10 1 1 2 Comment = KISA NPKI attribute Description = npkiEncryptedVID OID = 1 2 410 200004 10 1 1 3 Comment = KISA NPKI attribute Description = npkiRandomNum # Duplicates 1 2 410 200004 10 1 1 1 OID = 1 2 410 200004 10 1 1 4 Comment = KISA NPKI attribute Description = npkiVID # Korean National Security Research Institute OID = 1 2 410 200046 1 1 Comment = ARIA algorithm modes Description = aria1AlgorithmModes OID = 1 2 410 200046 1 1 1 Comment = ARIA algorithm modes Description = aria128-ecb OID = 1 2 410 200046 1 1 2 Comment = ARIA algorithm modes Description = aria128-cbc OID = 1 2 410 200046 1 1 3 Comment = ARIA algorithm modes Description = aria128-cfb OID = 1 2 410 200046 1 1 4 Comment = ARIA algorithm modes Description = aria128-ofb OID = 1 2 410 200046 1 1 5 Comment = ARIA algorithm modes Description = aria128-ctr OID = 1 2 410 200046 1 1 6 Comment = ARIA algorithm modes Description = aria192-ecb OID = 1 2 410 200046 1 1 7 Comment = ARIA algorithm modes Description = aria192-cbc OID = 1 2 410 200046 1 1 8 Comment = ARIA algorithm modes Description = aria192-cfb OID = 1 2 410 200046 1 1 9 Comment = ARIA algorithm modes Description = aria192-ofb OID = 1 2 410 200046 1 1 10 Comment = ARIA algorithm modes Description = aria192-ctr OID = 1 2 410 200046 1 1 11 Comment = ARIA algorithm modes Description = aria256-ecb OID = 1 2 410 200046 1 1 12 Comment = ARIA algorithm modes Description = aria256-cbc OID = 1 2 410 200046 1 1 13 Comment = ARIA algorithm modes Description = aria256-cfb OID = 1 2 410 200046 1 1 14 Comment = ARIA algorithm modes Description = aria256-ofb OID = 1 2 410 200046 1 1 15 Comment = ARIA algorithm modes Description = aria256-ctr OID = 1 2 410 200046 1 1 21 Comment = ARIA algorithm modes Description = aria128-cmac OID = 1 2 410 200046 1 1 22 Comment = ARIA algorithm modes Description = aria192-cmac OID = 1 2 410 200046 1 1 23 Comment = ARIA algorithm modes Description = aria256-cmac OID = 1 2 410 200046 1 1 31 Comment = ARIA algorithm modes Description = aria128-ocb2 OID = 1 2 410 200046 1 1 32 Comment = ARIA algorithm modes Description = aria192-ocb2 OID = 1 2 410 200046 1 1 33 Comment = ARIA algorithm modes Description = aria256-ocb2 OID = 1 2 410 200046 1 1 34 Comment = ARIA algorithm modes Description = aria128-gcm OID = 1 2 410 200046 1 1 35 Comment = ARIA algorithm modes Description = aria192-gcm OID = 1 2 410 200046 1 1 36 Comment = ARIA algorithm modes Description = aria256-gcm OID = 1 2 410 200046 1 1 37 Comment = ARIA algorithm modes Description = aria128-ccm OID = 1 2 410 200046 1 1 38 Comment = ARIA algorithm modes Description = aria192-ccm OID = 1 2 410 200046 1 1 39 Comment = ARIA algorithm modes Description = aria256-ccm OID = 1 2 410 200046 1 1 40 Comment = ARIA algorithm modes Description = aria128-keywrap OID = 1 2 410 200046 1 1 41 Comment = ARIA algorithm modes Description = aria192-keywrap OID = 1 2 410 200046 1 1 42 Comment = ARIA algorithm modes Description = aria256-keywrap OID = 1 2 410 200046 1 1 43 Comment = ARIA algorithm modes Description = aria128-keywrapWithPad OID = 1 2 410 200046 1 1 44 Comment = ARIA algorithm modes Description = aria192-keywrapWithPad OID = 1 2 410 200046 1 1 45 Comment = ARIA algorithm modes Description = aria256-keywrapWithPad # GOST algorithm identifiers, assigned by CryptoPRO (tm) in RFCs and # implementations OID = 1 2 643 2 2 3 Comment = GOST R 34.10-2001 + GOST R 34.11-94 signature Description = gostSignature OID = 1 2 643 2 2 4 Comment = GOST R 34.10-94 + GOST R 34.11-94 signature. Obsoleted by GOST R 34.10-2001 Description = gost94Signature Warning OID = 1 2 643 2 2 19 Comment = GOST R 34.10-2001 (ECC) public key Description = gostPublicKey OID = 1 2 643 2 2 20 Comment = GOST R 34.10-94 public key. Obsoleted by GOST R 34.10-2001 Description = gost94PublicKey Warning OID = 1 2 643 2 2 21 Comment = GOST 28147-89 (symmetric key block cipher) Description = gostCipher OID = 1 2 643 2 2 31 0 Comment = Test params for GOST 28147-89 Description = testCipherParams OID = 1 2 643 2 2 31 1 Comment = CryptoPro params A (default, variant 'Verba-O') for GOST 28147-89 Description = cryptoProCipherA OID = 1 2 643 2 2 31 2 Comment = CryptoPro params B (variant 1) for GOST 28147-89 Description = cryptoProCipherB OID = 1 2 643 2 2 31 3 Comment = CryptoPro params C (variant 2) for GOST 28147-89 Description = cryptoProCipherC OID = 1 2 643 2 2 31 4 Comment = CryptoPro params D (variant 3) for GOST 28147-89 Description = cryptoProCipherD OID = 1 2 643 2 2 31 5 Comment = Oscar-1.1 params for GOST 28147-89 Description = oscar11Cipher OID = 1 2 643 2 2 31 6 Comment = Oscar-1.0 params for GOST 28147-89 Description = oscar10Cipher OID = 1 2 643 2 2 31 7 Comment = RIC-1 params for GOST 28147-89 Description = ric1Cipher OID = 1 2 643 2 2 31 12 Comment = TC26 params 2 for GOST 28147-89 Description = tc26CipherA OID = 1 2 643 2 2 31 13 Comment = TC26 params 1 for GOST 28147-89 Description = tc26CipherB OID = 1 2 643 2 2 31 14 Comment = TC26 params 3 for GOST 28147-89 Description = tc26CipherC OID = 1 2 643 2 2 31 15 Comment = TC26 params 4 for GOST 28147-89 Description = tc26CipherD OID = 1 2 643 2 2 31 16 Comment = TC26 params 5 for GOST 28147-89 Description = tc26CipherE OID = 1 2 643 2 2 31 17 Comment = TC26 params 6 for GOST 28147-89 Description = tc26CipherF OID = 1 2 643 7 1 2 5 1 1 Comment = TC26 params Z for GOST 28147-89 Description = tc26CipherZ OID = 1 2 643 2 2 9 Comment = GOST R 34.11-94 digest Description = gostDigest OID = 1 2 643 2 2 30 0 Comment = Test params for GOST R 34.11-94 Description = testDigestParams OID = 1 2 643 2 2 30 1 Comment = CryptoPro digest params A (default, variant 'Verba-O') for GOST R 34.11-94 Description = cryptoProDigestA OID = 1 2 643 2 2 30 2 Comment = CryptoPro digest params B (variant 1) for GOST R 34.11-94 Description = cryptoProDigestB OID = 1 2 643 2 2 30 3 Comment = CryptoPro digest params C (variant 2) for GOST R 34.11-94 Description = cryptoProDigestC OID = 1 2 643 2 2 30 4 Comment = CryptoPro digest params D (variant 3) for GOST R 34.11-94 Description = cryptoProDigestD OID = 1 2 643 2 2 32 2 Comment = CryptoPro sign params A (default, variant 'Verba-O') for GOST R 34.10-94 Description = cryptoPro94SignA OID = 1 2 643 2 2 32 3 Comment = CryptoPro sign params B (variant 1) for GOST R 34.10-94 Description = cryptoPro94SignB OID = 1 2 643 2 2 32 4 Comment = CryptoPro sign params C (variant 2) for GOST R 34.10-94 Description = cryptoPro94SignC OID = 1 2 643 2 2 32 5 Comment = CryptoPro sign params D (variant 3) for GOST R 34.10-94 Description = cryptoPro94SignD OID = 1 2 643 2 2 33 1 Comment = CryptoPro sign params XA (variant 1) for GOST R 34.10-94 Description = cryptoPro94SignXA OID = 1 2 643 2 2 33 2 Comment = CryptoPro sign params XB (variant 2) for GOST R 34.10-94 Description = cryptoPro94SignXB OID = 1 2 643 2 2 33 3 Comment = CryptoPro sign params XC (variant 3) for GOST R 34.10-94 Description = cryptoPro94SignXC OID = 1 2 643 2 2 35 0 Comment = Test elliptic curve for GOST R 34.10-2001 Description = testSignParams OID = 1 2 643 2 2 35 1 Comment = CryptoPro ell.curve A for GOST R 34.10-2001 Description = cryptoProSignA OID = 1 2 643 2 2 35 2 Comment = CryptoPro ell.curve B for GOST R 34.10-2001 Description = cryptoProSignB OID = 1 2 643 2 2 35 3 Comment = CryptoPro ell.curve C for GOST R 34.10-2001 Description = cryptoProSignC OID = 1 2 643 2 2 36 0 Comment = CryptoPro ell.curve XA for GOST R 34.10-2001 Description = cryptoProSignXA OID = 1 2 643 2 2 36 1 Comment = CryptoPro ell.curve XB for GOST R 34.10-2001 Description = cryptoProSignXB OID = 1 2 643 7 1 2 1 1 1 Comment = CryptoPro ell.curve A for GOST R 34.10-2012 256 bit Description = cryptoPro2012Sign256A OID = 1 2 643 7 1 2 1 2 1 Comment = CryptoPro ell.curve A (default) for GOST R 34.10-2012 512 bit Description = cryptoPro2012Sign512A OID = 1 2 643 7 1 2 1 2 2 Comment = CryptoPro ell.curve B for GOST R 34.10-2012 512 bit Description = cryptoPro2012Sign512B OID = 1 2 643 7 1 2 1 2 3 Comment = CryptoPro ell.curve C for GOST R 34.10-2012 512 bit Description = cryptoPro2012Sign512C OID = 1 2 643 2 2 14 0 Comment = Do not mesh state of GOST 28147-89 cipher Description = nullMeshing OID = 1 2 643 2 2 14 1 Comment = CryptoPro meshing of state of GOST 28147-89 cipher Description = cryptoProMeshing OID = 1 2 643 2 2 10 Comment = HMAC with GOST R 34.11-94 Description = hmacGost OID = 1 2 643 2 2 13 0 Comment = Wrap key using GOST 28147-89 key Description = gostWrap OID = 1 2 643 2 2 13 1 Comment = Wrap key using diversified GOST 28147-89 key Description = cryptoProWrap OID = 1 2 643 2 2 96 Comment = Wrap key using ECC DH on GOST R 34.10-2001 keys (VKO) Description = cryptoProECDHWrap OID = 1 2 643 7 1 1 1 1 Comment = GOST R 34.10-2012 256 bit public key Description = gost2012PublicKey256 OID = 1 2 643 7 1 1 1 2 Comment = GOST R 34.10-2012 512 bit public key Description = gost2012PublicKey512 OID = 1 2 643 7 1 1 2 2 Comment = GOST R 34.11-2012 256 bit digest Description = gost2012Digest256 OID = 1 2 643 7 1 1 2 3 Comment = GOST R 34.11-2012 512 bit digest Description = gost2012Digest512 OID = 1 2 643 7 1 1 3 2 Comment = GOST R 34.10-2012 256 bit signature Description = gost2012Signature256 OID = 1 2 643 7 1 1 3 3 Comment = GOST R 34.10-2012 512 bit signature Description = gost2012Signature512 OID = 1 2 643 7 1 1 6 1 Comment = CryptoPro ECC DH algorithm for GOST R 34.10-2012 256 bit key Description = cryptoProECDH256 OID = 1 2 643 7 1 1 6 2 Comment = CryptoPro ECC DH algorithm for GOST R 34.10-2012 512 bit key Description = cryptoProECDH512 # SEIS OID = 1 2 752 34 1 Comment = SEIS Project Description = seis-cp OID = 1 2 752 34 1 1 Comment = SEIS Project certificate policies Description = SEIS high-assurance policyIdentifier OID = 1 2 752 34 1 2 Comment = SEIS Project certificate policies Description = SEIS GAK policyIdentifier OID = 1 2 752 34 2 Comment = SEIS Project Description = SEIS pe OID = 1 2 752 34 3 Comment = SEIS Project Description = SEIS at OID = 1 2 752 34 3 1 Comment = SEIS Project attribute Description = SEIS at-personalIdentifier # ANSI X9.57 OID = 1 2 840 10040 1 Comment = ANSI X9.57 Description = module OID = 1 2 840 10040 1 1 Comment = ANSI X9.57 module Description = x9f1-cert-mgmt OID = 1 2 840 10040 2 Comment = ANSI X9.57 Description = holdinstruction OID = 1 2 840 10040 2 1 Comment = ANSI X9.57 hold instruction Description = holdinstruction-none OID = 1 2 840 10040 2 2 Comment = ANSI X9.57 hold instruction Description = callissuer OID = 1 2 840 10040 2 3 Comment = ANSI X9.57 hold instruction Description = reject OID = 1 2 840 10040 2 4 Comment = ANSI X9.57 hold instruction Description = pickupToken OID = 1 2 840 10040 3 Comment = ANSI X9.57 Description = attribute OID = 1 2 840 10040 3 1 Comment = ANSI X9.57 attribute Description = countersignature OID = 1 2 840 10040 3 2 Comment = ANSI X9.57 attribute Description = attribute-cert OID = 1 2 840 10040 4 Comment = ANSI X9.57 Description = algorithm OID = 1 2 840 10040 4 1 Comment = ANSI X9.57 algorithm Description = dsa OID = 1 2 840 10040 4 2 Comment = ANSI X9.57 algorithm Description = dsa-match OID = 1 2 840 10040 4 3 Comment = ANSI X9.57 algorithm Description = dsaWithSha1 # ANSI X9.62 OID = 1 2 840 10045 1 Comment = ANSI X9.62. This OID is also assigned as ecdsa-with-SHA1 Description = fieldType OID = 1 2 840 10045 1 1 Comment = ANSI X9.62 field type Description = prime-field OID = 1 2 840 10045 1 2 Comment = ANSI X9.62 field type Description = characteristic-two-field OID = 1 2 840 10045 1 2 3 Comment = ANSI X9.62 field type Description = characteristic-two-basis OID = 1 2 840 10045 1 2 3 1 Comment = ANSI X9.62 field basis Description = onBasis OID = 1 2 840 10045 1 2 3 2 Comment = ANSI X9.62 field basis Description = tpBasis OID = 1 2 840 10045 1 2 3 3 Comment = ANSI X9.62 field basis Description = ppBasis # The definition for the following OID is somewhat confused, and is given as # keyType, publicKeyType, and public-key-type, all within 4 lines of text. # ecPublicKey is defined using the ID publicKeyType, so this is what's used # here. OID = 1 2 840 10045 2 Comment = ANSI X9.62 Description = publicKeyType OID = 1 2 840 10045 2 1 Comment = ANSI X9.62 public key type Description = ecPublicKey OID = 1 2 840 10045 3 0 1 Comment = ANSI X9.62 named elliptic curve Description = c2pnb163v1 OID = 1 2 840 10045 3 0 2 Comment = ANSI X9.62 named elliptic curve Description = c2pnb163v2 OID = 1 2 840 10045 3 0 3 Comment = ANSI X9.62 named elliptic curve Description = c2pnb163v3 OID = 1 2 840 10045 3 0 5 Comment = ANSI X9.62 named elliptic curve Description = c2tnb191v1 OID = 1 2 840 10045 3 0 6 Comment = ANSI X9.62 named elliptic curve Description = c2tnb191v2 OID = 1 2 840 10045 3 0 7 Comment = ANSI X9.62 named elliptic curve Description = c2tnb191v3 OID = 1 2 840 10045 3 0 10 Comment = ANSI X9.62 named elliptic curve Description = c2pnb208w1 OID = 1 2 840 10045 3 0 11 Comment = ANSI X9.62 named elliptic curve Description = c2tnb239v1 OID = 1 2 840 10045 3 0 12 Comment = ANSI X9.62 named elliptic curve Description = c2tnb239v2 OID = 1 2 840 10045 3 0 13 Comment = ANSI X9.62 named elliptic curve Description = c2tnb239v3 OID = 1 2 840 10045 3 0 16 Comment = ANSI X9.62 named elliptic curve Description = c2pnb272w1 OID = 1 2 840 10045 3 0 18 Comment = ANSI X9.62 named elliptic curve Description = c2tnb359v1 OID = 1 2 840 10045 3 0 19 Comment = ANSI X9.62 named elliptic curve Description = c2pnb368w1 OID = 1 2 840 10045 3 0 20 Comment = ANSI X9.62 named elliptic curve Description = c2tnb431r1 OID = 1 2 840 10045 3 1 1 Comment = ANSI X9.62 named elliptic curve Description = prime192v1 OID = 1 2 840 10045 3 1 2 Comment = ANSI X9.62 named elliptic curve Description = prime192v2 OID = 1 2 840 10045 3 1 3 Comment = ANSI X9.62 named elliptic curve Description = prime192v3 OID = 1 2 840 10045 3 1 4 Comment = ANSI X9.62 named elliptic curve Description = prime239v1 OID = 1 2 840 10045 3 1 5 Comment = ANSI X9.62 named elliptic curve Description = prime239v2 OID = 1 2 840 10045 3 1 6 Comment = ANSI X9.62 named elliptic curve Description = prime239v3 OID = 1 2 840 10045 3 1 7 Comment = ANSI X9.62 named elliptic curve Description = prime256v1 OID = 1 2 840 10045 4 1 Comment = ANSI X9.62 ECDSA algorithm with SHA1 Description = ecdsaWithSHA1 OID = 1 2 840 10045 4 2 Comment = ANSI X9.62 ECDSA algorithm with Recommended Description = ecdsaWithRecommended OID = 1 2 840 10045 4 3 Comment = ANSI X9.62 ECDSA algorithm with Specified Description = ecdsaWithSpecified OID = 1 2 840 10045 4 3 1 Comment = ANSI X9.62 ECDSA algorithm with SHA224 Description = ecdsaWithSHA224 OID = 1 2 840 10045 4 3 2 Comment = ANSI X9.62 ECDSA algorithm with SHA256 Description = ecdsaWithSHA256 OID = 1 2 840 10045 4 3 3 Comment = ANSI X9.62 ECDSA algorithm with SHA384 Description = ecdsaWithSHA384 OID = 1 2 840 10045 4 3 4 Comment = ANSI X9.62 ECDSA algorithm with SHA512 Description = ecdsaWithSHA512 # ANSI X9.42 OID = 1 2 840 10046 1 Comment = ANSI X9.42 Description = fieldType OID = 1 2 840 10046 1 1 Comment = ANSI X9.42 field type Description = gf-prime OID = 1 2 840 10046 2 Comment = ANSI X9.42 Description = numberType OID = 1 2 840 10046 2 1 Comment = ANSI X9.42 number type Description = dhPublicKey OID = 1 2 840 10046 3 Comment = ANSI X9.42 Description = scheme OID = 1 2 840 10046 3 1 Comment = ANSI X9.42 scheme Description = dhStatic OID = 1 2 840 10046 3 2 Comment = ANSI X9.42 scheme Description = dhEphem OID = 1 2 840 10046 3 3 Comment = ANSI X9.42 scheme Description = dhHybrid1 OID = 1 2 840 10046 3 4 Comment = ANSI X9.42 scheme Description = dhHybrid2 OID = 1 2 840 10046 3 5 Comment = ANSI X9.42 scheme Description = mqv2 OID = 1 2 840 10046 3 6 Comment = ANSI X9.42 scheme Description = mqv1 # ASTM 31.20 OID = 1 2 840 10065 2 2 Comment = ASTM 31.20 Description = ? OID = 1 2 840 10065 2 3 Comment = ASTM 31.20 Description = healthcareLicense OID = 1 2 840 10065 2 3 1 1 Comment = ASTM 31.20 healthcare license type Description = license? # IEC 62351-8 OID = 1 2 840 10070 Comment = IEC 62351 Description = iec62351 OID = 1 2 840 10070 8 Comment = IEC 62351-8 Description = iec62351_8 OID = 1 2 840 10070 8 1 Comment = IEC 62351-8 Description = iecUserRoles # Nortel Secure Networks/Entrust OID = 1 2 840 113533 7 Description = nsn OID = 1 2 840 113533 7 65 Description = nsn-ce OID = 1 2 840 113533 7 65 0 Comment = Nortel Secure Networks ce Description = entrustVersInfo OID = 1 2 840 113533 7 66 Description = nsn-alg OID = 1 2 840 113533 7 66 3 Comment = Nortel Secure Networks alg Description = cast3CBC OID = 1 2 840 113533 7 66 10 Comment = Nortel Secure Networks alg Description = cast5CBC OID = 1 2 840 113533 7 66 11 Comment = Nortel Secure Networks alg Description = cast5MAC OID = 1 2 840 113533 7 66 12 Comment = Nortel Secure Networks alg Description = pbeWithMD5AndCAST5-CBC OID = 1 2 840 113533 7 66 13 Comment = Nortel Secure Networks alg Description = passwordBasedMac OID = 1 2 840 113533 7 67 Description = nsn-oc OID = 1 2 840 113533 7 67 0 Comment = Nortel Secure Networks oc Description = entrustUser OID = 1 2 840 113533 7 68 Description = nsn-at OID = 1 2 840 113533 7 68 0 Comment = Nortel Secure Networks at Description = entrustCAInfo OID = 1 2 840 113533 7 68 10 Comment = Nortel Secure Networks at Description = attributeCertificate # PKCS #1 OID = 1 2 840 113549 1 1 Description = pkcs-1 OID = 1 2 840 113549 1 1 1 Comment = PKCS #1 Description = rsaEncryption OID = 1 2 840 113549 1 1 2 Comment = PKCS #1 Description = md2WithRSAEncryption OID = 1 2 840 113549 1 1 3 Comment = PKCS #1 Description = md4WithRSAEncryption OID = 1 2 840 113549 1 1 4 Comment = PKCS #1 Description = md5WithRSAEncryption OID = 1 2 840 113549 1 1 5 Comment = PKCS #1 Description = sha1WithRSAEncryption OID = 1 2 840 113549 1 1 7 Comment = PKCS #1 Description = rsaOAEP # This is also used with PSS so it's given the more general label 'pkcs1-XXX' # rather than 'rsaOAEP-XXX'. OID = 1 2 840 113549 1 1 8 Comment = PKCS #1 Description = pkcs1-MGF OID = 1 2 840 113549 1 1 9 Comment = PKCS #1 Description = rsaOAEP-pSpecified OID = 1 2 840 113549 1 1 10 Comment = PKCS #1 Description = rsaPSS OID = 1 2 840 113549 1 1 11 Comment = PKCS #1 Description = sha256WithRSAEncryption OID = 1 2 840 113549 1 1 12 Comment = PKCS #1 Description = sha384WithRSAEncryption OID = 1 2 840 113549 1 1 13 Comment = PKCS #1 Description = sha512WithRSAEncryption OID = 1 2 840 113549 1 1 14 Comment = PKCS #1 Description = sha224WithRSAEncryption # There is some confusion over the identity of the following OID. The OAEP # one is more recent but independant vendors have already used the RIPEMD # one, however it's likely that the SET usage will claim to be more # authoritative so we report it as that. OID = 1 2 840 113549 1 1 6 Comment = PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption Description = rsaOAEPEncryptionSET # ripemd160WithRSAEncryption (1 2 840 113549 1 1 6) # BSAFE/PKCS #2 (obsolete) OID = 1 2 840 113549 1 2 Comment = Obsolete BSAFE OID Description = bsafeRsaEncr Warning # PKCS #3 OID = 1 2 840 113549 1 3 Description = pkcs-3 OID = 1 2 840 113549 1 3 1 Comment = PKCS #3 Description = dhKeyAgreement # PKCS #5 OID = 1 2 840 113549 1 5 Description = pkcs-5 OID = 1 2 840 113549 1 5 1 Comment = PKCS #5 Description = pbeWithMD2AndDES-CBC OID = 1 2 840 113549 1 5 3 Comment = PKCS #5 Description = pbeWithMD5AndDES-CBC OID = 1 2 840 113549 1 5 4 Comment = PKCS #5 Description = pbeWithMD2AndRC2-CBC OID = 1 2 840 113549 1 5 6 Comment = PKCS #5 Description = pbeWithMD5AndRC2-CBC OID = 1 2 840 113549 1 5 9 Comment = PKCS #5, used in BSAFE only Description = pbeWithMD5AndXOR Warning OID = 1 2 840 113549 1 5 10 Comment = PKCS #5 Description = pbeWithSHAAndDES-CBC OID = 1 2 840 113549 1 5 12 Comment = PKCS #5 v2.0 Description = pkcs5PBKDF2 OID = 1 2 840 113549 1 5 13 Comment = PKCS #5 v2.0 Description = pkcs5PBES2 OID = 1 2 840 113549 1 5 14 Comment = PKCS #5 v2.0 Description = pkcs5PBMAC1 # PKCS #7 OID = 1 2 840 113549 1 7 Description = pkcs-7 OID = 1 2 840 113549 1 7 1 Comment = PKCS #7 Description = data OID = 1 2 840 113549 1 7 2 Comment = PKCS #7 Description = signedData OID = 1 2 840 113549 1 7 3 Comment = PKCS #7 Description = envelopedData OID = 1 2 840 113549 1 7 4 Comment = PKCS #7 Description = signedAndEnvelopedData OID = 1 2 840 113549 1 7 5 Comment = PKCS #7 Description = digestedData OID = 1 2 840 113549 1 7 6 Comment = PKCS #7 Description = encryptedData OID = 1 2 840 113549 1 7 7 Comment = PKCS #7 experimental Description = dataWithAttributes Warning OID = 1 2 840 113549 1 7 8 Comment = PKCS #7 experimental Description = encryptedPrivateKeyInfo Warning # PKCS #9 OID = 1 2 840 113549 1 9 Description = pkcs-9 OID = 1 2 840 113549 1 9 1 Comment = PKCS #9. Deprecated, use an altName extension instead Description = emailAddress OID = 1 2 840 113549 1 9 2 Comment = PKCS #9 Description = unstructuredName OID = 1 2 840 113549 1 9 3 Comment = PKCS #9 Description = contentType OID = 1 2 840 113549 1 9 4 Comment = PKCS #9 Description = messageDigest OID = 1 2 840 113549 1 9 5 Comment = PKCS #9 Description = signingTime OID = 1 2 840 113549 1 9 6 Comment = PKCS #9 Description = countersignature OID = 1 2 840 113549 1 9 7 Comment = PKCS #9 Description = challengePassword OID = 1 2 840 113549 1 9 8 Comment = PKCS #9 Description = unstructuredAddress OID = 1 2 840 113549 1 9 9 Comment = PKCS #9 Description = extendedCertificateAttributes OID = 1 2 840 113549 1 9 10 Comment = PKCS #9 experimental Description = issuerAndSerialNumber Warning OID = 1 2 840 113549 1 9 11 Comment = PKCS #9 experimental Description = passwordCheck Warning OID = 1 2 840 113549 1 9 12 Comment = PKCS #9 experimental Description = publicKey Warning OID = 1 2 840 113549 1 9 13 Comment = PKCS #9 Description = signingDescription OID = 1 2 840 113549 1 9 14 Comment = PKCS #9 via CRMF Description = extensionRequest # PKCS #9 for use with S/MIME OID = 1 2 840 113549 1 9 15 Comment = PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name Description = sMIMECapabilities OID = 1 2 840 113549 1 9 15 1 Comment = sMIMECapabilities Description = preferSignedData OID = 1 2 840 113549 1 9 15 2 Comment = sMIMECapabilities Description = canNotDecryptAny OID = 1 2 840 113549 1 9 15 3 Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 1) instead Description = receiptRequest Warning OID = 1 2 840 113549 1 9 15 4 Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 1 1) instead Description = receipt Warning OID = 1 2 840 113549 1 9 15 5 Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 4) instead Description = contentHints Warning OID = 1 2 840 113549 1 9 15 6 Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 3) instead Description = mlExpansionHistory Warning OID = 1 2 840 113549 1 9 16 Comment = PKCS #9 Description = id-sMIME OID = 1 2 840 113549 1 9 16 0 Comment = id-sMIME Description = id-mod OID = 1 2 840 113549 1 9 16 0 1 Comment = S/MIME Modules Description = id-mod-cms OID = 1 2 840 113549 1 9 16 0 2 Comment = S/MIME Modules Description = id-mod-ess OID = 1 2 840 113549 1 9 16 0 3 Comment = S/MIME Modules Description = id-mod-oid OID = 1 2 840 113549 1 9 16 0 4 Comment = S/MIME Modules Description = id-mod-msg-v3 OID = 1 2 840 113549 1 9 16 0 5 Comment = S/MIME Modules Description = id-mod-ets-eSignature-88 OID = 1 2 840 113549 1 9 16 0 6 Comment = S/MIME Modules Description = id-mod-ets-eSignature-97 OID = 1 2 840 113549 1 9 16 0 7 Comment = S/MIME Modules Description = id-mod-ets-eSigPolicy-88 OID = 1 2 840 113549 1 9 16 0 8 Comment = S/MIME Modules Description = id-mod-ets-eSigPolicy-88 # S/MIME content types OID = 1 2 840 113549 1 9 16 1 Comment = S/MIME Description = contentType OID = 1 2 840 113549 1 9 16 1 1 Comment = S/MIME Content Types Description = receipt OID = 1 2 840 113549 1 9 16 1 2 Comment = S/MIME Content Types Description = authData OID = 1 2 840 113549 1 9 16 1 3 Comment = S/MIME Content Types Description = publishCert OID = 1 2 840 113549 1 9 16 1 4 Comment = S/MIME Content Types Description = tSTInfo OID = 1 2 840 113549 1 9 16 1 5 Comment = S/MIME Content Types Description = tDTInfo OID = 1 2 840 113549 1 9 16 1 6 Comment = S/MIME Content Types Description = contentInfo OID = 1 2 840 113549 1 9 16 1 7 Comment = S/MIME Content Types Description = dVCSRequestData OID = 1 2 840 113549 1 9 16 1 8 Comment = S/MIME Content Types Description = dVCSResponseData OID = 1 2 840 113549 1 9 16 1 9 Comment = S/MIME Content Types Description = compressedData OID = 1 2 840 113549 1 9 16 1 10 Comment = S/MIME Content Types Description = scvpCertValRequest OID = 1 2 840 113549 1 9 16 1 11 Comment = S/MIME Content Types Description = scvpCertValResponse OID = 1 2 840 113549 1 9 16 1 12 Comment = S/MIME Content Types Description = scvpValPolRequest OID = 1 2 840 113549 1 9 16 1 13 Comment = S/MIME Content Types Description = scvpValPolResponse OID = 1 2 840 113549 1 9 16 1 14 Comment = S/MIME Content Types Description = attrCertEncAttrs OID = 1 2 840 113549 1 9 16 1 15 Comment = S/MIME Content Types Description = tSReq OID = 1 2 840 113549 1 9 16 1 16 Comment = S/MIME Content Types Description = firmwarePackage OID = 1 2 840 113549 1 9 16 1 17 Comment = S/MIME Content Types Description = firmwareLoadReceipt OID = 1 2 840 113549 1 9 16 1 18 Comment = S/MIME Content Types Description = firmwareLoadError OID = 1 2 840 113549 1 9 16 1 19 Comment = S/MIME Content Types Description = contentCollection OID = 1 2 840 113549 1 9 16 1 20 Comment = S/MIME Content Types Description = contentWithAttrs OID = 1 2 840 113549 1 9 16 1 21 Comment = S/MIME Content Types Description = encKeyWithID OID = 1 2 840 113549 1 9 16 1 22 Comment = S/MIME Content Types Description = encPEPSI OID = 1 2 840 113549 1 9 16 1 23 Comment = S/MIME Content Types Description = authEnvelopedData OID = 1 2 840 113549 1 9 16 1 24 Comment = S/MIME Content Types Description = routeOriginAttest OID = 1 2 840 113549 1 9 16 1 25 Comment = S/MIME Content Types Description = symmetricKeyPackage OID = 1 2 840 113549 1 9 16 1 26 Comment = S/MIME Content Types Description = rpkiManifest OID = 1 2 840 113549 1 9 16 1 27 Comment = S/MIME Content Types Description = asciiTextWithCRLF OID = 1 2 840 113549 1 9 16 1 28 Comment = S/MIME Content Types Description = xml OID = 1 2 840 113549 1 9 16 1 29 Comment = S/MIME Content Types Description = pdf OID = 1 2 840 113549 1 9 16 1 30 Comment = S/MIME Content Types Description = postscript OID = 1 2 840 113549 1 9 16 1 31 Comment = S/MIME Content Types Description = timestampedData OID = 1 2 840 113549 1 9 16 1 32 Comment = S/MIME Content Types Description = asAdjacencyAttest Warning OID = 1 2 840 113549 1 9 16 1 33 Comment = S/MIME Content Types Description = rpkiTrustAnchor OID = 1 2 840 113549 1 9 16 1 34 Comment = S/MIME Content Types Description = trustAnchorList # S/MIME attributes OID = 1 2 840 113549 1 9 16 2 Comment = S/MIME Description = authenticatedAttributes OID = 1 2 840 113549 1 9 16 2 1 Comment = S/MIME Authenticated Attributes Description = receiptRequest OID = 1 2 840 113549 1 9 16 2 2 Comment = S/MIME Authenticated Attributes Description = securityLabel OID = 1 2 840 113549 1 9 16 2 3 Comment = S/MIME Authenticated Attributes Description = mlExpandHistory OID = 1 2 840 113549 1 9 16 2 4 Comment = S/MIME Authenticated Attributes Description = contentHint OID = 1 2 840 113549 1 9 16 2 5 Comment = S/MIME Authenticated Attributes Description = msgSigDigest OID = 1 2 840 113549 1 9 16 2 6 Comment = S/MIME Authenticated Attributes. Obsolete Description = encapContentType Warning OID = 1 2 840 113549 1 9 16 2 7 Comment = S/MIME Authenticated Attributes Description = contentIdentifier OID = 1 2 840 113549 1 9 16 2 8 Comment = S/MIME Authenticated Attributes. Obsolete Description = macValue Warning OID = 1 2 840 113549 1 9 16 2 9 Comment = S/MIME Authenticated Attributes Description = equivalentLabels OID = 1 2 840 113549 1 9 16 2 10 Comment = S/MIME Authenticated Attributes Description = contentReference OID = 1 2 840 113549 1 9 16 2 11 Comment = S/MIME Authenticated Attributes Description = encrypKeyPref OID = 1 2 840 113549 1 9 16 2 12 Comment = S/MIME Authenticated Attributes Description = signingCertificate OID = 1 2 840 113549 1 9 16 2 13 Comment = S/MIME Authenticated Attributes Description = smimeEncryptCerts OID = 1 2 840 113549 1 9 16 2 14 Comment = S/MIME Authenticated Attributes Description = timeStampToken OID = 1 2 840 113549 1 9 16 2 15 Comment = S/MIME Authenticated Attributes Description = sigPolicyId OID = 1 2 840 113549 1 9 16 2 16 Comment = S/MIME Authenticated Attributes Description = commitmentType OID = 1 2 840 113549 1 9 16 2 17 Comment = S/MIME Authenticated Attributes Description = signerLocation OID = 1 2 840 113549 1 9 16 2 18 Comment = S/MIME Authenticated Attributes Description = signerAttr OID = 1 2 840 113549 1 9 16 2 19 Comment = S/MIME Authenticated Attributes Description = otherSigCert OID = 1 2 840 113549 1 9 16 2 20 Comment = S/MIME Authenticated Attributes Description = contentTimestamp OID = 1 2 840 113549 1 9 16 2 21 Comment = S/MIME Authenticated Attributes Description = certificateRefs OID = 1 2 840 113549 1 9 16 2 22 Comment = S/MIME Authenticated Attributes Description = revocationRefs OID = 1 2 840 113549 1 9 16 2 23 Comment = S/MIME Authenticated Attributes Description = certValues OID = 1 2 840 113549 1 9 16 2 24 Comment = S/MIME Authenticated Attributes Description = revocationValues OID = 1 2 840 113549 1 9 16 2 25 Comment = S/MIME Authenticated Attributes Description = escTimeStamp OID = 1 2 840 113549 1 9 16 2 26 Comment = S/MIME Authenticated Attributes Description = certCRLTimestamp OID = 1 2 840 113549 1 9 16 2 27 Comment = S/MIME Authenticated Attributes Description = archiveTimeStamp OID = 1 2 840 113549 1 9 16 2 28 Comment = S/MIME Authenticated Attributes Description = signatureType OID = 1 2 840 113549 1 9 16 2 29 Comment = S/MIME Authenticated Attributes Description = dvcsDvc OID = 1 2 840 113549 1 9 16 2 30 Comment = S/MIME Authenticated Attributes Description = cekReference OID = 1 2 840 113549 1 9 16 2 31 Comment = S/MIME Authenticated Attributes Description = maxCEKDecrypts OID = 1 2 840 113549 1 9 16 2 32 Comment = S/MIME Authenticated Attributes Description = kekDerivationAlg OID = 1 2 840 113549 1 9 16 2 33 Comment = S/MIME Authenticated Attributes. Obsolete Description = intendedRecipients Warning OID = 1 2 840 113549 1 9 16 2 34 Comment = S/MIME Authenticated Attributes Description = cmcUnsignedData OID = 1 2 840 113549 1 9 16 2 35 Comment = S/MIME Authenticated Attributes Description = fwPackageID OID = 1 2 840 113549 1 9 16 2 36 Comment = S/MIME Authenticated Attributes Description = fwTargetHardwareIDs OID = 1 2 840 113549 1 9 16 2 37 Comment = S/MIME Authenticated Attributes Description = fwDecryptKeyID OID = 1 2 840 113549 1 9 16 2 38 Comment = S/MIME Authenticated Attributes Description = fwImplCryptAlgs OID = 1 2 840 113549 1 9 16 2 39 Comment = S/MIME Authenticated Attributes Description = fwWrappedFirmwareKey OID = 1 2 840 113549 1 9 16 2 40 Comment = S/MIME Authenticated Attributes Description = fwCommunityIdentifiers OID = 1 2 840 113549 1 9 16 2 41 Comment = S/MIME Authenticated Attributes Description = fwPkgMessageDigest OID = 1 2 840 113549 1 9 16 2 42 Comment = S/MIME Authenticated Attributes Description = fwPackageInfo OID = 1 2 840 113549 1 9 16 2 43 Comment = S/MIME Authenticated Attributes Description = fwImplCompressAlgs OID = 1 2 840 113549 1 9 16 2 44 Comment = S/MIME Authenticated Attributes Description = etsAttrCertificateRefs OID = 1 2 840 113549 1 9 16 2 45 Comment = S/MIME Authenticated Attributes Description = etsAttrRevocationRefs OID = 1 2 840 113549 1 9 16 2 46 Comment = S/MIME Authenticated Attributes Description = binarySigningTime OID = 1 2 840 113549 1 9 16 2 47 Comment = S/MIME Authenticated Attributes Description = signingCertificateV2 OID = 1 2 840 113549 1 9 16 2 48 Comment = S/MIME Authenticated Attributes Description = etsArchiveTimeStampV2 OID = 1 2 840 113549 1 9 16 2 49 Comment = S/MIME Authenticated Attributes Description = erInternal OID = 1 2 840 113549 1 9 16 2 50 Comment = S/MIME Authenticated Attributes Description = erExternal OID = 1 2 840 113549 1 9 16 2 51 Comment = S/MIME Authenticated Attributes Description = multipleSignatures # S/MIME algorithms OID = 1 2 840 113549 1 9 16 3 1 Comment = S/MIME Algorithms. Obsolete Description = esDHwith3DES Warning OID = 1 2 840 113549 1 9 16 3 2 Comment = S/MIME Algorithms. Obsolete Description = esDHwithRC2 Warning OID = 1 2 840 113549 1 9 16 3 3 Comment = S/MIME Algorithms. Obsolete Description = 3desWrap Warning OID = 1 2 840 113549 1 9 16 3 4 Comment = S/MIME Algorithms. Obsolete Description = rc2Wrap Warning OID = 1 2 840 113549 1 9 16 3 5 Comment = S/MIME Algorithms Description = esDH OID = 1 2 840 113549 1 9 16 3 6 Comment = S/MIME Algorithms Description = cms3DESwrap OID = 1 2 840 113549 1 9 16 3 7 Comment = S/MIME Algorithms Description = cmsRC2wrap OID = 1 2 840 113549 1 9 16 3 8 Comment = S/MIME Algorithms Description = zlib OID = 1 2 840 113549 1 9 16 3 9 Comment = S/MIME Algorithms Description = pwriKEK OID = 1 2 840 113549 1 9 16 3 10 Comment = S/MIME Algorithms Description = ssDH OID = 1 2 840 113549 1 9 16 3 11 Comment = S/MIME Algorithms Description = hmacWith3DESwrap OID = 1 2 840 113549 1 9 16 3 12 Comment = S/MIME Algorithms Description = hmacWithAESwrap OID = 1 2 840 113549 1 9 16 3 13 Comment = S/MIME Algorithms. Experimental Description = md5XorExperiment Warning OID = 1 2 840 113549 1 9 16 3 14 Comment = S/MIME Algorithms Description = rsaKEM OID = 1 2 840 113549 1 9 16 3 15 Comment = S/MIME Algorithms Description = authEnc128 OID = 1 2 840 113549 1 9 16 3 16 Comment = S/MIME Algorithms Description = authEnc256 OID = 1 2 840 113549 1 9 16 3 17 Comment = S/MIME Algorithms Description = hssLmsHashSig OID = 1 2 840 113549 1 9 16 3 18 Comment = S/MIME Algorithms Description = chaCha20Poly1305 OID = 1 2 840 113549 1 9 16 3 19 Comment = S/MIME Algorithms Description = ecdhHKDF-SHA256 OID = 1 2 840 113549 1 9 16 3 20 Comment = S/MIME Algorithms Description = ecdhHKDF-SHA384 OID = 1 2 840 113549 1 9 16 3 21 Comment = S/MIME Algorithms Description = ecdhHKDF-SHA512 OID = 1 2 840 113549 1 9 16 3 22 Comment = S/MIME Algorithms Description = aesSIV-CMAC-256 OID = 1 2 840 113549 1 9 16 3 23 Comment = S/MIME Algorithms Description = aesSIV-CMAC-384 OID = 1 2 840 113549 1 9 16 3 24 Comment = S/MIME Algorithms Description = aesSIV-CMAC-512 OID = 1 2 840 113549 1 9 16 3 25 Comment = S/MIME Algorithms Description = aesSIV-CMAC-wrap256 OID = 1 2 840 113549 1 9 16 3 26 Comment = S/MIME Algorithms Description = aesSIV-CMAC-wrap384 OID = 1 2 840 113549 1 9 16 3 27 Comment = S/MIME Algorithms Description = aesSIV-CMAC-wrap512 OID = 1 2 840 113549 1 9 16 3 28 Comment = S/MIME Algorithms Description = hkdfWithSha256 OID = 1 2 840 113549 1 9 16 3 29 Comment = S/MIME Algorithms Description = hkdfWithSha384 OID = 1 2 840 113549 1 9 16 3 30 Comment = S/MIME Algorithms Description = hkdfWithSha512 # S/MIME miscellaneous OID = 1 2 840 113549 1 9 16 4 1 Comment = S/MIME Certificate Distribution Description = certDist-ldap OID = 1 2 840 113549 1 9 16 5 1 Comment = S/MIME Signature Policy Qualifiers Description = sigPolicyQualifier-spuri x OID = 1 2 840 113549 1 9 16 5 2 Comment = S/MIME Signature Policy Qualifiers Description = sigPolicyQualifier-spUserNotice OID = 1 2 840 113549 1 9 16 6 1 Comment = S/MIME Commitment Type Identifiers Description = proofOfOrigin OID = 1 2 840 113549 1 9 16 6 2 Comment = S/MIME Commitment Type Identifiers Description = proofOfReceipt OID = 1 2 840 113549 1 9 16 6 3 Comment = S/MIME Commitment Type Identifiers Description = proofOfDelivery OID = 1 2 840 113549 1 9 16 6 4 Comment = S/MIME Commitment Type Identifiers Description = proofOfSender OID = 1 2 840 113549 1 9 16 6 5 Comment = S/MIME Commitment Type Identifiers Description = proofOfApproval OID = 1 2 840 113549 1 9 16 6 6 Comment = S/MIME Commitment Type Identifiers Description = proofOfCreation OID = 1 2 840 113549 1 9 16 8 1 Comment = S/MIME Symmetric Key Distribution Attributes Description = glUseKEK OID = 1 2 840 113549 1 9 16 8 2 Comment = S/MIME Symmetric Key Distribution Attributes Description = glDelete OID = 1 2 840 113549 1 9 16 8 3 Comment = S/MIME Symmetric Key Distribution Attributes Description = glAddMember OID = 1 2 840 113549 1 9 16 8 4 Comment = S/MIME Symmetric Key Distribution Attributes Description = glDeleteMember OID = 1 2 840 113549 1 9 16 8 5 Comment = S/MIME Symmetric Key Distribution Attributes Description = glRekey OID = 1 2 840 113549 1 9 16 8 6 Comment = S/MIME Symmetric Key Distribution Attributes Description = glAddOwner OID = 1 2 840 113549 1 9 16 8 7 Comment = S/MIME Symmetric Key Distribution Attributes Description = glRemoveOwner OID = 1 2 840 113549 1 9 16 8 8 Comment = S/MIME Symmetric Key Distribution Attributes Description = glkCompromise OID = 1 2 840 113549 1 9 16 8 9 Comment = S/MIME Symmetric Key Distribution Attributes Description = glkRefresh OID = 1 2 840 113549 1 9 16 8 10 Comment = S/MIME Symmetric Key Distribution Attributes. Obsolete Description = glFailInfo Warning OID = 1 2 840 113549 1 9 16 8 11 Comment = S/MIME Symmetric Key Distribution Attributes Description = glaQueryRequest OID = 1 2 840 113549 1 9 16 8 12 Comment = S/MIME Symmetric Key Distribution Attributes Description = glaQueryResponse OID = 1 2 840 113549 1 9 16 8 13 Comment = S/MIME Symmetric Key Distribution Attributes Description = glProvideCert OID = 1 2 840 113549 1 9 16 8 14 Comment = S/MIME Symmetric Key Distribution Attributes Description = glUpdateCert OID = 1 2 840 113549 1 9 16 8 15 Comment = S/MIME Symmetric Key Distribution Attributes Description = glKey OID = 1 2 840 113549 1 9 16 9 Comment = S/MIME Description = signatureTypeIdentifier OID = 1 2 840 113549 1 9 16 9 1 Comment = S/MIME Signature Type Identifier Description = originatorSig OID = 1 2 840 113549 1 9 16 9 2 Comment = S/MIME Signature Type Identifier Description = domainSig OID = 1 2 840 113549 1 9 16 9 3 Comment = S/MIME Signature Type Identifier Description = additionalAttributesSig OID = 1 2 840 113549 1 9 16 9 4 Comment = S/MIME Signature Type Identifier Description = reviewSig OID = 1 2 840 113549 1 9 16 11 Comment = S/MIME Description = capabilities OID = 1 2 840 113549 1 9 16 11 1 Comment = S/MIME Capability Description = preferBinaryInside OID = 1 2 840 113549 1 9 16 12 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcAttributes OID = 1 2 840 113549 1 9 16 12 1 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcManufacturer OID = 1 2 840 113549 1 9 16 12 2 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcSerialNo OID = 1 2 840 113549 1 9 16 12 3 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcModel OID = 1 2 840 113549 1 9 16 12 4 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcIssueno OID = 1 2 840 113549 1 9 16 12 5 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcDevicebinding OID = 1 2 840 113549 1 9 16 12 6 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcDevicestartdate OID = 1 2 840 113549 1 9 16 12 7 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcDeviceexpirydate OID = 1 2 840 113549 1 9 16 12 8 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcModuleid OID = 1 2 840 113549 1 9 16 12 9 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeyid OID = 1 2 840 113549 1 9 16 12 10 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcAlgorithm OID = 1 2 840 113549 1 9 16 12 11 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcIssuer OID = 1 2 840 113549 1 9 16 12 12 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeyprofileid OID = 1 2 840 113549 1 9 16 12 13 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeyreference OID = 1 2 840 113549 1 9 16 12 14 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcFriendlyname OID = 1 2 840 113549 1 9 16 12 15 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcAlgorithmparams OID = 1 2 840 113549 1 9 16 12 16 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcCounter OID = 1 2 840 113549 1 9 16 12 17 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcTime OID = 1 2 840 113549 1 9 16 12 18 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcTimeinterval OID = 1 2 840 113549 1 9 16 12 19 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcTimedrift OID = 1 2 840 113549 1 9 16 12 20 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcValuemac OID = 1 2 840 113549 1 9 16 12 21 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeystartdate OID = 1 2 840 113549 1 9 16 12 22 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeyexpirydate OID = 1 2 840 113549 1 9 16 12 23 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcNooftransactions OID = 1 2 840 113549 1 9 16 12 24 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeyusages OID = 1 2 840 113549 1 9 16 12 25 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcPinpolicy OID = 1 2 840 113549 1 9 16 12 26 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcDeviceuserid OID = 1 2 840 113549 1 9 16 12 27 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeyuserid # PKCS #9 for use with PKCS #12 OID = 1 2 840 113549 1 9 20 Comment = PKCS #9 via PKCS #12 Description = friendlyName (for PKCS #12) OID = 1 2 840 113549 1 9 21 Comment = PKCS #9 via PKCS #12 Description = localKeyID (for PKCS #12) OID = 1 2 840 113549 1 9 22 Comment = PKCS #9 via PKCS #12 Description = certTypes (for PKCS #12) OID = 1 2 840 113549 1 9 22 1 Comment = PKCS #9 via PKCS #12 Description = x509Certificate (for PKCS #12) OID = 1 2 840 113549 1 9 22 2 Comment = PKCS #9 via PKCS #12 Description = sdsiCertificate (for PKCS #12) OID = 1 2 840 113549 1 9 23 Comment = PKCS #9 via PKCS #12 Description = crlTypes (for PKCS #12) OID = 1 2 840 113549 1 9 23 1 Comment = PKCS #9 via PKCS #12 Description = x509Crl (for PKCS #12) # PKCS #9, another set of branches used for accumulating further cruft OID = 1 2 840 113549 1 9 24 Comment = PKCS #9/RFC 2985 Description = pkcs9objectClass OID = 1 2 840 113549 1 9 25 Comment = PKCS #9/RFC 2985 Description = pkcs9attributes OID = 1 2 840 113549 1 9 25 1 Comment = PKCS #9/RFC 2985 attribute Description = pkcs15Token OID = 1 2 840 113549 1 9 25 2 Comment = PKCS #9/RFC 2985 attribute Description = encryptedPrivateKeyInfo OID = 1 2 840 113549 1 9 25 3 Comment = PKCS #9/RFC 2985 attribute Description = randomNonce OID = 1 2 840 113549 1 9 25 4 Comment = PKCS #9/RFC 2985 attribute Description = sequenceNumber OID = 1 2 840 113549 1 9 25 5 Comment = PKCS #9/RFC 2985 attribute Description = pkcs7PDU OID = 1 2 840 113549 1 9 26 Comment = PKCS #9/RFC 2985 Description = pkcs9syntax OID = 1 2 840 113549 1 9 27 Comment = PKCS #9/RFC 2985 Description = pkcs9matchingRules # Miscellaneous further RFCs using the 1 2 840 113549 1 9 ... arc OID = 1 2 840 113549 1 9 52 Comment = RFC 6211 Description = cmsAlgorithmProtection # PKCS #12. Note that current PKCS #12 implementations tend to be strange and # peculiar, with implementors misusing OIDs or basing their work on earlier PFX # drafts or defining their own odd OIDs. In addition the PFX/PKCS #12 spec # itself is full of errors and inconsistencies and a number of OIDs have been # redefined in different drafts (often multiple times), which doesn't make the # implementors job any easier. OID = 1 2 840 113549 1 12 Description = pkcs-12 OID = 1 2 840 113549 1 12 1 Comment = This OID was formerly assigned as PKCS #12 modeID Description = pkcs-12-PbeIds OID = 1 2 840 113549 1 12 1 1 Comment = PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OfflineTransportMode Description = pbeWithSHAAnd128BitRC4 OID = 1 2 840 113549 1 12 1 2 Comment = PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OnlineTransportMode Description = pbeWithSHAAnd40BitRC4 OID = 1 2 840 113549 1 12 1 3 Comment = PKCS #12 PbeIds Description = pbeWithSHAAnd3-KeyTripleDES-CBC OID = 1 2 840 113549 1 12 1 4 Comment = PKCS #12 PbeIds Description = pbeWithSHAAnd2-KeyTripleDES-CBC OID = 1 2 840 113549 1 12 1 5 Comment = PKCS #12 PbeIds Description = pbeWithSHAAnd128BitRC2-CBC OID = 1 2 840 113549 1 12 1 6 Comment = PKCS #12 PbeIds Description = pbeWithSHAAnd40BitRC2-CBC OID = 1 2 840 113549 1 12 2 Comment = Deprecated Description = pkcs-12-ESPVKID Warning OID = 1 2 840 113549 1 12 2 1 Comment = PKCS #12 ESPVKID. Deprecated, use (1 2 840 113549 1 12 3 5) instead Description = pkcs-12-PKCS8KeyShrouding Warning # The following appear to have been redefined yet again at 12 10 in the latest # PKCS #12 spec. OID = 1 2 840 113549 1 12 3 Description = pkcs-12-BagIds OID = 1 2 840 113549 1 12 3 1 Comment = PKCS #12 BagIds Description = pkcs-12-keyBagId OID = 1 2 840 113549 1 12 3 2 Comment = PKCS #12 BagIds Description = pkcs-12-certAndCRLBagId OID = 1 2 840 113549 1 12 3 3 Comment = PKCS #12 BagIds Description = pkcs-12-secretBagId OID = 1 2 840 113549 1 12 3 4 Comment = PKCS #12 BagIds Description = pkcs-12-safeContentsId OID = 1 2 840 113549 1 12 3 5 Comment = PKCS #12 BagIds Description = pkcs-12-pkcs-8ShroudedKeyBagId OID = 1 2 840 113549 1 12 4 Comment = Deprecated Description = pkcs-12-CertBagID Warning OID = 1 2 840 113549 1 12 4 1 Comment = PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-X509CertCRLBag Description = pkcs-12-X509CertCRLBagID OID = 1 2 840 113549 1 12 4 2 Comment = PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-SDSICertBag Description = pkcs-12-SDSICertBagID # The following are from PFX. The ... 5 1 values have been reassigned to OIDs # with incompatible algorithms at ... 1, the 5 2 values seem to have vanished. OID = 1 2 840 113549 1 12 5 Description = pkcs-12-OID Warning OID = 1 2 840 113549 1 12 5 1 Comment = PKCS #12 OID. Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead Description = pkcs-12-PBEID Warning OID = 1 2 840 113549 1 12 5 1 1 Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 1) instead Description = pkcs-12-PBEWithSha1And128BitRC4 Warning OID = 1 2 840 113549 1 12 5 1 2 Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 2) instead Description = pkcs-12-PBEWithSha1And40BitRC4 Warning OID = 1 2 840 113549 1 12 5 1 3 Comment = PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead Description = pkcs-12-PBEWithSha1AndTripleDESCBC Warning OID = 1 2 840 113549 1 12 5 1 4 Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 5) instead Description = pkcs-12-PBEWithSha1And128BitRC2CBC Warning OID = 1 2 840 113549 1 12 5 1 5 Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 6) instead Description = pkcs-12-PBEWithSha1And40BitRC2CBC Warning OID = 1 2 840 113549 1 12 5 1 6 Comment = PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead Description = pkcs-12-PBEWithSha1AndRC4 Warning OID = 1 2 840 113549 1 12 5 1 7 Comment = PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead Description = pkcs-12-PBEWithSha1AndRC2CBC Warning OID = 1 2 840 113549 1 12 5 2 Comment = PKCS #12 OID. Deprecated, use the conventional PKCS #1 OIDs instead Description = pkcs-12-EnvelopingID OID = 1 2 840 113549 1 12 5 2 1 Comment = PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead Description = pkcs-12-RSAEncryptionWith128BitRC4 Warning OID = 1 2 840 113549 1 12 5 2 2 Comment = PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead Description = pkcs-12-RSAEncryptionWith40BitRC4 Warning OID = 1 2 840 113549 1 12 5 2 3 Comment = PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead Description = pkcs-12-RSAEncryptionWithTripleDES Warning OID = 1 2 840 113549 1 12 5 3 Comment = PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead Description = pkcs-12-SignatureID Warning OID = 1 2 840 113549 1 12 5 3 1 Comment = PKCS #12 OID SignatureID. Deprecated, use the conventional PKCS #1 OIDs instead Description = pkcs-12-RSASignatureWithSHA1Digest Warning # Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different # order than the last redefinition at ... 12 3. OID = 1 2 840 113549 1 12 10 Description = pkcs-12Version1 OID = 1 2 840 113549 1 12 10 1 Description = pkcs-12BadIds OID = 1 2 840 113549 1 12 10 1 1 Comment = PKCS #12 BagIds Description = pkcs-12-keyBag OID = 1 2 840 113549 1 12 10 1 2 Comment = PKCS #12 BagIds Description = pkcs-12-pkcs-8ShroudedKeyBag OID = 1 2 840 113549 1 12 10 1 3 Comment = PKCS #12 BagIds Description = pkcs-12-certBag OID = 1 2 840 113549 1 12 10 1 4 Comment = PKCS #12 BagIds Description = pkcs-12-crlBag OID = 1 2 840 113549 1 12 10 1 5 Comment = PKCS #12 BagIds Description = pkcs-12-secretBag OID = 1 2 840 113549 1 12 10 1 6 Comment = PKCS #12 BagIds Description = pkcs-12-safeContentsBag # PKCS #15 OID = 1 2 840 113549 1 15 1 Comment = PKCS #15 Description = pkcs15modules OID = 1 2 840 113549 1 15 2 Comment = PKCS #15 Description = pkcs15attributes OID = 1 2 840 113549 1 15 3 Comment = PKCS #15 Description = pkcs15contentType OID = 1 2 840 113549 1 15 3 1 Comment = PKCS #15 content type Description = pkcs15content # RSADSI digest algorithms OID = 1 2 840 113549 2 Description = digestAlgorithm OID = 1 2 840 113549 2 2 Comment = RSADSI digestAlgorithm Description = md2 OID = 1 2 840 113549 2 4 Comment = RSADSI digestAlgorithm Description = md4 OID = 1 2 840 113549 2 5 Comment = RSADSI digestAlgorithm Description = md5 OID = 1 2 840 113549 2 7 Comment = RSADSI digestAlgorithm Description = hmacWithSHA1 OID = 1 2 840 113549 2 8 Comment = RSADSI digestAlgorithm Description = hmacWithSHA224 OID = 1 2 840 113549 2 9 Comment = RSADSI digestAlgorithm Description = hmacWithSHA256 OID = 1 2 840 113549 2 10 Comment = RSADSI digestAlgorithm Description = hmacWithSHA384 OID = 1 2 840 113549 2 11 Comment = RSADSI digestAlgorithm Description = hmacWithSHA512 # RSADSI encryption algorithms OID = 1 2 840 113549 3 Description = encryptionAlgorithm OID = 1 2 840 113549 3 2 Comment = RSADSI encryptionAlgorithm Description = rc2CBC OID = 1 2 840 113549 3 3 Comment = RSADSI encryptionAlgorithm Description = rc2ECB OID = 1 2 840 113549 3 4 Comment = RSADSI encryptionAlgorithm Description = rc4 OID = 1 2 840 113549 3 5 Comment = RSADSI encryptionAlgorithm Description = rc4WithMAC OID = 1 2 840 113549 3 6 Comment = RSADSI encryptionAlgorithm Description = desx-CBC OID = 1 2 840 113549 3 7 Comment = RSADSI encryptionAlgorithm Description = des-EDE3-CBC OID = 1 2 840 113549 3 8 Comment = RSADSI encryptionAlgorithm Description = rc5CBC OID = 1 2 840 113549 3 9 Comment = RSADSI encryptionAlgorithm Description = rc5-CBCPad OID = 1 2 840 113549 3 10 Comment = RSADSI encryptionAlgorithm. Formerly called CDMFCBCPad Description = desCDMF # Identrus OID = 1 2 840 114021 1 6 1 Comment = Identrus Description = Identrus unknown policyIdentifier OID = 1 2 840 114021 4 1 Comment = Identrus Description = identrusOCSP # Microsoft (both 1 2 840 and 1 3 6 1 4 1 arcs) OID = 1 2 840 113556 1 2 241 Comment = Microsoft Exchange Server - attribute Description = deliveryMechanism OID = 1 2 840 113556 1 2 281 Comment = Microsoft Cert Template - attribute Description = ntSecurityDescriptor OID = 1 2 840 113556 1 3 0 Comment = Microsoft Exchange Server - object class Description = site-Addressing OID = 1 2 840 113556 1 3 13 Comment = Microsoft Exchange Server - object class Description = classSchema OID = 1 2 840 113556 1 3 14 Comment = Microsoft Exchange Server - object class Description = attributeSchema OID = 1 2 840 113556 1 3 17 Comment = Microsoft Exchange Server - object class Description = mailbox-Agent OID = 1 2 840 113556 1 3 22 Comment = Microsoft Exchange Server - object class Description = mailbox OID = 1 2 840 113556 1 3 23 Comment = Microsoft Exchange Server - object class Description = container OID = 1 2 840 113556 1 3 46 Comment = Microsoft Exchange Server - object class Description = mailRecipient OID = 1 2 840 113556 1 4 145 Comment = Microsoft Cert Template - attribute Description = revision OID = 1 2 840 113556 1 4 1327 Comment = Microsoft Cert Template - attribute Description = pKIDefaultKeySpec OID = 1 2 840 113556 1 4 1328 Comment = Microsoft Cert Template - attribute Description = pKIKeyUsage OID = 1 2 840 113556 1 4 1329 Comment = Microsoft Cert Template - attribute Description = pKIMaxIssuingDepth OID = 1 2 840 113556 1 4 1330 Comment = Microsoft Cert Template - attribute Description = pKICriticalExtensions OID = 1 2 840 113556 1 4 1331 Comment = Microsoft Cert Template - attribute Description = pKIExpirationPeriod OID = 1 2 840 113556 1 4 1332 Comment = Microsoft Cert Template - attribute Description = pKIOverlapPeriod OID = 1 2 840 113556 1 4 1333 Comment = Microsoft Cert Template - attribute Description = pKIExtendedKeyUsage OID = 1 2 840 113556 1 4 1334 Comment = Microsoft Cert Template - attribute Description = pKIDefaultCSPs OID = 1 2 840 113556 1 4 1335 Comment = Microsoft Cert Template - attribute Description = pKIEnrollmentAccess OID = 1 2 840 113556 1 4 1429 Comment = Microsoft Cert Template - attribute Description = msPKI-RA-Signature OID = 1 2 840 113556 1 4 1430 Comment = Microsoft Cert Template - attribute Description = msPKI-Enrollment-Flag OID = 1 2 840 113556 1 4 1431 Comment = Microsoft Cert Template - attribute Description = msPKI-Private-Key-Flag OID = 1 2 840 113556 1 4 1432 Comment = Microsoft Cert Template - attribute Description = msPKI-Certificate-Name-Flag OID = 1 2 840 113556 1 4 1433 Comment = Microsoft Cert Template - attribute Description = msPKI-Minimal-Key-Size OID = 1 2 840 113556 1 4 1434 Comment = Microsoft Cert Template - attribute Description = msPKI-Template-Schema-Version OID = 1 2 840 113556 1 4 1435 Comment = Microsoft Cert Template - attribute Description = msPKI-Template-Minor-Revision OID = 1 2 840 113556 1 4 1436 Comment = Microsoft Cert Template - attribute Description = msPKI-Cert-Template-OID OID = 1 2 840 113556 1 4 1437 Comment = Microsoft Cert Template - attribute Description = msPKI-Supersede-Templates OID = 1 2 840 113556 1 4 1438 Comment = Microsoft Cert Template - attribute Description = msPKI-RA-Policies OID = 1 2 840 113556 1 4 1439 Comment = Microsoft Cert Template - attribute Description = msPKI-Certificate-Policy OID = 1 2 840 113556 1 4 1674 Comment = Microsoft Cert Template - attribute Description = msPKI-Certificate-Application-Policy OID = 1 2 840 113556 1 4 1675 Comment = Microsoft Cert Template - attribute Description = msPKI-RA-Application-Policies OID = 1 2 840 113556 4 3 Comment = Microsoft Description = microsoftExcel OID = 1 2 840 113556 4 4 Comment = Microsoft Description = titledWithOID OID = 1 2 840 113556 4 5 Comment = Microsoft Description = microsoftPowerPoint # Adobe OID = 1 2 840 113583 1 Comment = Adobe Acrobat Description = adobeAcrobat OID = 1 2 840 113583 1 1 Comment = Adobe Acrobat security Description = acrobatSecurity OID = 1 2 840 113583 1 1 1 Comment = Adobe Acrobat security Description = pdfPassword OID = 1 2 840 113583 1 1 2 Comment = Adobe Acrobat security Description = pdfDefaultSigningCredential OID = 1 2 840 113583 1 1 3 Comment = Adobe Acrobat security Description = pdfDefaultEncryptionCredential OID = 1 2 840 113583 1 1 4 Comment = Adobe Acrobat security Description = pdfPasswordTimeout OID = 1 2 840 113583 1 1 5 Comment = Adobe Acrobat security Description = pdfAuthenticDocumentsTrust OID = 1 2 840 113583 1 1 6 Comment = Adobe Acrobat security Description = pdfDynamicContentTrust Warning OID = 1 2 840 113583 1 1 7 Comment = Adobe Acrobat security Description = pdfUbiquityTrust OID = 1 2 840 113583 1 1 8 Comment = Adobe Acrobat security Description = pdfRevocationInfoArchival OID = 1 2 840 113583 1 1 9 Comment = Adobe Acrobat security Description = pdfX509Extension OID = 1 2 840 113583 1 1 9 1 Comment = Adobe Acrobat security Description = pdfTimeStamp OID = 1 2 840 113583 1 1 9 2 Comment = Adobe Acrobat security Description = pdfArchiveRevInfo OID = 1 2 840 113583 1 1 10 Comment = Adobe Acrobat security Description = pdfPPLKLiteCredential OID = 1 2 840 113583 1 2 Comment = Adobe Acrobat CPS Description = acrobatCPS OID = 1 2 840 113583 1 2 1 Comment = Adobe Acrobat CPS Description = pdfAuthenticDocumentsCPS OID = 1 2 840 113583 1 2 2 Comment = Adobe Acrobat CPS Description = pdfTestCPS OID = 1 2 840 113583 1 2 3 Comment = Adobe Acrobat CPS Description = pdfUbiquityCPS OID = 1 2 840 113583 1 2 4 Comment = Adobe Acrobat CPS Description = pdfAdhocCPS OID = 1 2 840 113583 1 7 Comment = Adobe Acrobat ubiquity Description = acrobatUbiquity OID = 1 2 840 113583 1 7 1 Comment = Adobe Acrobat ubiquity Description = pdfUbiquitySubRights # The following arc is explicitly reserved for extensions that don't fall # under 1 2 840 113583 1 1 9. In other words someone at Adobe either made # an editing error or codified an OID-encoding error. OID = 1 2 840 113583 1 9 Comment = Adobe Acrobat X.509 extension Description = acrobatExtension # Another Adobe(?) OID = 1 2 840 113628 114 1 7 Comment = Adobe Description = adobePKCS7 # Apple OID = 1 2 840 113635 100 Comment = Apple Description = appleDataSecurity OID = 1 2 840 113635 100 1 Comment = Apple Description = appleTrustPolicy OID = 1 2 840 113635 100 1 1 Comment = Apple trust policy Description = appleISignTP OID = 1 2 840 113635 100 1 2 Comment = Apple trust policy Description = appleX509Basic OID = 1 2 840 113635 100 1 3 Comment = Apple trust policy Description = appleSSLPolicy OID = 1 2 840 113635 100 1 4 Comment = Apple trust policy Description = appleLocalCertGenPolicy OID = 1 2 840 113635 100 1 5 Comment = Apple trust policy Description = appleCSRGenPolicy OID = 1 2 840 113635 100 1 6 Comment = Apple trust policy Description = appleCRLPolicy OID = 1 2 840 113635 100 1 7 Comment = Apple trust policy Description = appleOCSPPolicy OID = 1 2 840 113635 100 1 8 Comment = Apple trust policy Description = appleSMIMEPolicy OID = 1 2 840 113635 100 1 9 Comment = Apple trust policy Description = appleEAPPolicy OID = 1 2 840 113635 100 1 10 Comment = Apple trust policy Description = appleSWUpdateSigningPolicy OID = 1 2 840 113635 100 1 11 Comment = Apple trust policy Description = appleIPSecPolicy OID = 1 2 840 113635 100 1 12 Comment = Apple trust policy Description = appleIChatPolicy OID = 1 2 840 113635 100 1 13 Comment = Apple trust policy Description = appleResourceSignPolicy OID = 1 2 840 113635 100 1 14 Comment = Apple trust policy Description = applePKINITClientPolicy OID = 1 2 840 113635 100 1 15 Comment = Apple trust policy Description = applePKINITServerPolicy OID = 1 2 840 113635 100 1 16 Comment = Apple trust policy Description = appleCodeSigningPolicy OID = 1 2 840 113635 100 1 17 Comment = Apple trust policy Description = applePackageSigningPolicy OID = 1 2 840 113635 100 2 Comment = Apple Description = appleSecurityAlgorithm OID = 1 2 840 113635 100 2 1 Comment = Apple security algorithm Description = appleFEE OID = 1 2 840 113635 100 2 2 Comment = Apple security algorithm Description = appleASC OID = 1 2 840 113635 100 2 3 Comment = Apple security algorithm Description = appleFEE_MD5 OID = 1 2 840 113635 100 2 4 Comment = Apple security algorithm Description = appleFEE_SHA1 OID = 1 2 840 113635 100 2 5 Comment = Apple security algorithm Description = appleFEED OID = 1 2 840 113635 100 2 6 Comment = Apple security algorithm Description = appleFEEDEXP OID = 1 2 840 113635 100 2 7 Comment = Apple security algorithm Description = appleECDSA OID = 1 2 840 113635 100 3 Comment = Apple Description = appleDotMacCertificate # There are lots more subtypes under the following arcs, who knows # what they're used for or whether they've ever been used at all. OID = 1 2 840 113635 100 3 1 Comment = Apple dotMac certificate Description = appleDotMacCertificateRequest OID = 1 2 840 113635 100 3 2 Comment = Apple dotMac certificate Description = appleDotMacCertificateExtension OID = 1 2 840 113635 100 3 3 Comment = Apple dotMac certificate Description = appleDotMacCertificateRequestValues OID = 1 2 840 113635 100 4 Comment = Apple Description = appleExtendedKeyUsage OID = 1 2 840 113635 100 4 1 Comment = Apple extended key usage Description = appleCodeSigning OID = 1 2 840 113635 100 4 1 1 Comment = Apple extended key usage Description = appleCodeSigningDevelopment OID = 1 2 840 113635 100 4 1 2 Comment = Apple extended key usage Description = appleSoftwareUpdateSigning OID = 1 2 840 113635 100 4 1 3 Comment = Apple extended key usage Description = appleCodeSigningThirdParty OID = 1 2 840 113635 100 4 1 4 Comment = Apple extended key usage Description = appleResourceSigning OID = 1 2 840 113635 100 4 2 Comment = Apple extended key usage Description = appleIChatSigning OID = 1 2 840 113635 100 4 3 Comment = Apple extended key usage Description = appleIChatEncryption OID = 1 2 840 113635 100 4 4 Comment = Apple extended key usage Description = appleSystemIdentity OID = 1 2 840 113635 100 4 5 Comment = Apple extended key usage Description = appleCryptoEnv OID = 1 2 840 113635 100 4 5 1 Comment = Apple extended key usage Description = appleCryptoProductionEnv OID = 1 2 840 113635 100 4 5 2 Comment = Apple extended key usage Description = appleCryptoMaintenanceEnv OID = 1 2 840 113635 100 4 5 3 Comment = Apple extended key usage Description = appleCryptoTestEnv OID = 1 2 840 113635 100 4 5 4 Comment = Apple extended key usage Description = appleCryptoDevelopmentEnv OID = 1 2 840 113635 100 4 6 Comment = Apple extended key usage Description = appleCryptoQoS OID = 1 2 840 113635 100 4 6 1 Comment = Apple extended key usage Description = appleCryptoTier0QoS OID = 1 2 840 113635 100 4 6 2 Comment = Apple extended key usage Description = appleCryptoTier1QoS OID = 1 2 840 113635 100 4 6 3 Comment = Apple extended key usage Description = appleCryptoTier2QoS OID = 1 2 840 113635 100 4 6 4 Comment = Apple extended key usage Description = appleCryptoTier3QoS OID = 1 2 840 113635 100 5 Comment = Apple Description = appleCertificatePolicies OID = 1 2 840 113635 100 5 1 Comment = Apple Description = appleCertificatePolicyID OID = 1 2 840 113635 100 5 2 Comment = Apple Description = appleDotMacCertificatePolicyID OID = 1 2 840 113635 100 5 3 Comment = Apple Description = appleADCCertificatePolicyID OID = 1 2 840 113635 100 6 Comment = Apple Description = appleCertificateExtensions OID = 1 2 840 113635 100 6 1 Comment = Apple certificate extension Description = appleCertificateExtensionCodeSigning OID = 1 2 840 113635 100 6 1 1 Comment = Apple certificate extension Description = appleCertificateExtensionAppleSigning OID = 1 2 840 113635 100 6 1 2 Comment = Apple certificate extension Description = appleCertificateExtensionADCDeveloperSigning OID = 1 2 840 113635 100 6 1 3 Comment = Apple certificate extension Description = appleCertificateExtensionADCAppleSigning # More Microsoft under the IETF arc OID = 1 3 6 1 4 1 311 2 1 4 Comment = Microsoft code signing Description = spcIndirectDataContext OID = 1 3 6 1 4 1 311 2 1 10 Comment = Microsoft code signing. Also known as policyLink Description = spcAgencyInfo OID = 1 3 6 1 4 1 311 2 1 11 Comment = Microsoft code signing Description = spcStatementType OID = 1 3 6 1 4 1 311 2 1 12 Comment = Microsoft code signing Description = spcSpOpusInfo OID = 1 3 6 1 4 1 311 2 1 14 Comment = Microsoft Description = certReqExtensions OID = 1 3 6 1 4 1 311 2 1 15 Comment = Microsoft code signing Description = spcPEImageData OID = 1 3 6 1 4 1 311 2 1 18 Comment = Microsoft code signing Description = spcRawFileData OID = 1 3 6 1 4 1 311 2 1 19 Comment = Microsoft code signing Description = spcStructuredStorageData OID = 1 3 6 1 4 1 311 2 1 20 Comment = Microsoft code signing. Formerly "link extension" aka "glue extension" Description = spcJavaClassData (type 1) OID = 1 3 6 1 4 1 311 2 1 21 Comment = Microsoft Description = individualCodeSigning OID = 1 3 6 1 4 1 311 2 1 22 Comment = Microsoft Description = commercialCodeSigning OID = 1 3 6 1 4 1 311 2 1 25 Comment = Microsoft code signing. Also known as "glue extension" Description = spcLink (type 2) OID = 1 3 6 1 4 1 311 2 1 26 Comment = Microsoft code signing Description = spcMinimalCriteriaInfo OID = 1 3 6 1 4 1 311 2 1 27 Comment = Microsoft code signing Description = spcFinancialCriteriaInfo OID = 1 3 6 1 4 1 311 2 1 28 Comment = Microsoft code signing. Also known as "glue extension" Description = spcLink (type 3) OID = 1 3 6 1 4 1 311 2 1 29 Comment = Microsoft code signing Description = spcHashInfoObjID OID = 1 3 6 1 4 1 311 2 1 30 Comment = Microsoft code signing Description = spcSipInfoObjID OID = 1 3 6 1 4 1 311 2 2 Comment = Microsoft CTL Description = ctl OID = 1 3 6 1 4 1 311 2 2 1 Comment = Microsoft CTL Description = ctlTrustedCodesigningCAList OID = 1 3 6 1 4 1 311 2 2 2 Comment = Microsoft CTL Description = ctlTrustedClientAuthCAList OID = 1 3 6 1 4 1 311 2 2 3 Comment = Microsoft CTL Description = ctlTrustedServerAuthCAList OID = 1 3 6 1 4 1 311 3 2 1 Comment = Microsoft code signing Description = timestampRequest OID = 1 3 6 1 4 1 311 10 1 Comment = Microsoft contentType Description = certTrustList OID = 1 3 6 1 4 1 311 10 1 1 Comment = Microsoft contentType Description = sortedCtl OID = 1 3 6 1 4 1 311 10 2 Comment = Microsoft Description = nextUpdateLocation OID = 1 3 6 1 4 1 311 10 3 1 Comment = Microsoft enhanced key usage Description = certTrustListSigning OID = 1 3 6 1 4 1 311 10 3 2 Comment = Microsoft enhanced key usage Description = timeStampSigning OID = 1 3 6 1 4 1 311 10 3 3 Comment = Microsoft enhanced key usage Description = serverGatedCrypto OID = 1 3 6 1 4 1 311 10 3 3 1 Comment = Microsoft Description = serialized OID = 1 3 6 1 4 1 311 10 3 4 Comment = Microsoft enhanced key usage Description = encryptedFileSystem OID = 1 3 6 1 4 1 311 10 3 5 Comment = Microsoft enhanced key usage Description = whqlCrypto OID = 1 3 6 1 4 1 311 10 3 6 Comment = Microsoft enhanced key usage Description = nt5Crypto OID = 1 3 6 1 4 1 311 10 3 7 Comment = Microsoft enhanced key usage Description = oemWHQLCrypto OID = 1 3 6 1 4 1 311 10 3 8 Comment = Microsoft enhanced key usage Description = embeddedNTCrypto OID = 1 3 6 1 4 1 311 10 3 9 Comment = Microsoft enhanced key usage Description = rootListSigner OID = 1 3 6 1 4 1 311 10 3 10 Comment = Microsoft enhanced key usage Description = qualifiedSubordination OID = 1 3 6 1 4 1 311 10 3 11 Comment = Microsoft enhanced key usage Description = keyRecovery OID = 1 3 6 1 4 1 311 10 3 12 Comment = Microsoft enhanced key usage Description = documentSigning OID = 1 3 6 1 4 1 311 10 3 13 Comment = Microsoft enhanced key usage Description = lifetimeSigning OID = 1 3 6 1 4 1 311 10 3 14 Comment = Microsoft enhanced key usage Description = mobileDeviceSoftware OID = 1 3 6 1 4 1 311 10 3 15 Comment = Microsoft enhanced key usage Description = smartDisplay OID = 1 3 6 1 4 1 311 10 3 16 Comment = Microsoft enhanced key usage Description = cspSignature OID = 1 3 6 1 4 1 311 10 3 4 1 Comment = Microsoft enhanced key usage Description = efsRecovery OID = 1 3 6 1 4 1 311 10 4 1 Comment = Microsoft attribute Description = yesnoTrustAttr OID = 1 3 6 1 4 1 311 10 5 1 Comment = Microsoft enhanced key usage Description = drm OID = 1 3 6 1 4 1 311 10 5 2 Comment = Microsoft enhanced key usage Description = drmIndividualization OID = 1 3 6 1 4 1 311 10 6 1 Comment = Microsoft enhanced key usage Description = licenses OID = 1 3 6 1 4 1 311 10 6 2 Comment = Microsoft enhanced key usage Description = licenseServer OID = 1 3 6 1 4 1 311 10 7 1 Comment = Microsoft attribute Description = keyidRdn OID = 1 3 6 1 4 1 311 10 8 1 Comment = Microsoft attribute Description = removeCertificate OID = 1 3 6 1 4 1 311 10 9 1 Comment = Microsoft attribute Description = crossCertDistPoints OID = 1 3 6 1 4 1 311 10 10 1 Comment = Microsoft Description = cmcAddAttributes OID = 1 3 6 1 4 1 311 10 11 Comment = Microsoft Description = certPropIdPrefix OID = 1 3 6 1 4 1 311 10 11 4 Comment = Microsoft Description = certMd5HashPropId OID = 1 3 6 1 4 1 311 10 11 20 Comment = Microsoft Description = certKeyIdentifierPropId OID = 1 3 6 1 4 1 311 10 11 28 Comment = Microsoft Description = certIssuerSerialNumberMd5HashPropId OID = 1 3 6 1 4 1 311 10 11 29 Comment = Microsoft Description = certSubjectNameMd5HashPropId OID = 1 3 6 1 4 1 311 10 12 1 Comment = Microsoft attribute Description = anyApplicationPolicy OID = 1 3 6 1 4 1 311 12 Comment = Microsoft attribute Description = catalog OID = 1 3 6 1 4 1 311 12 1 1 Comment = Microsoft attribute Description = catalogList OID = 1 3 6 1 4 1 311 12 1 2 Comment = Microsoft attribute Description = catalogListMember OID = 1 3 6 1 4 1 311 12 2 1 Comment = Microsoft attribute Description = catalogNameValueObjID OID = 1 3 6 1 4 1 311 12 2 2 Comment = Microsoft attribute Description = catalogMemberInfoObjID # Certificate signing a renewal request OID = 1 3 6 1 4 1 311 13 1 Comment = Microsoft attribute Description = renewalCertificate # Name-and-value string pairs OID = 1 3 6 1 4 1 311 13 2 1 Comment = Microsoft attribute Description = enrolmentNameValuePair # CAPI cert enrolment CSP, contains a BMPString describing the CAPI level and # a BIT STRING blob containing a key spec OID = 1 3 6 1 4 1 311 13 2 2 Comment = Microsoft attribute Description = enrolmentCSP # Windows OS version OID = 1 3 6 1 4 1 311 13 2 3 Comment = Microsoft attribute Description = osVersion # This is just the normal issuerAndSerialNumber but with a MS-specific OID. # Apparently it's used for CryptEncode/DecodeObject, whatever that is. OID = 1 3 6 1 4 1 311 16 4 Comment = Microsoft attribute Description = microsoftRecipientInfo OID = 1 3 6 1 4 1 311 17 1 Comment = Microsoft attribute Description = pkcs12KeyProviderNameAttr OID = 1 3 6 1 4 1 311 17 2 Comment = Microsoft attribute Description = localMachineKeyset OID = 1 3 6 1 4 1 311 17 3 Comment = Microsoft attribute Description = pkcs12ExtendedAttributes OID = 1 3 6 1 4 1 311 20 1 Comment = Microsoft Description = autoEnrollCtlUsage OID = 1 3 6 1 4 1 311 20 2 Comment = Microsoft CAPICOM certificate template, V1 Description = enrollCerttypeExtension OID = 1 3 6 1 4 1 311 20 2 1 Comment = Microsoft enhanced key usage Description = enrollmentAgent OID = 1 3 6 1 4 1 311 20 2 2 Comment = Microsoft enhanced key usage Description = smartcardLogon OID = 1 3 6 1 4 1 311 20 2 3 Comment = Microsoft UPN Description = universalPrincipalName OID = 1 3 6 1 4 1 311 20 3 Comment = Microsoft Description = certManifold # Win2K CA certificate key/cert counter, high 16 bits = key index, low 16 bits # = cert index. Key index is inc'd when a CA gets a new key, cert index is # inc'd when a CA gets a new cert (ie recertifies a current key). This # extension has two purposes, as a hint to rebuild key/cert lists when a Win2K # CA is restored, and as a poster boy for the kind of crap that people are # shovelling into certs that has no place there OID = 1 3 6 1 4 1 311 21 1 Comment = Microsoft attribute. Also known as certsrvCaVersion Description = cAKeyCertIndexPair OID = 1 3 6 1 4 1 311 21 2 Comment = Microsoft Description = certSrvPreviousCertHash OID = 1 3 6 1 4 1 311 21 3 Comment = Microsoft Description = crlVirtualBase OID = 1 3 6 1 4 1 311 21 4 Comment = Microsoft Description = crlNextPublish # EKU: Encryption certificate for sending the private key to the CA OID = 1 3 6 1 4 1 311 21 5 Comment = Microsoft extended key usage Description = caExchange Warning # EKU: keyRecovery OID = 1 3 6 1 4 1 311 21 6 Comment = Microsoft extended key usage Description = keyRecovery Warning OID = 1 3 6 1 4 1 311 21 7 Comment = Microsoft CAPICOM certificate template, V2 Description = certificateTemplate # This one is at least as bad as cAKeyCertIndexPair: The first part of # the arc, 1 3 6 1 4 1 311 21 8, is fixed, then 6 32-bit values are # randomly generated and appended to create the full semi-random OID. # Obviously it's not possible to usefully display these things... # Comment = Microsoft braindamage # Description = autoEnrollEFS (1 3 6 1 4 1 311 21 8 x x x x x x) OID = 1 3 6 1 4 1 311 21 9 Comment = Microsoft Description = rdnDummySigner OID = 1 3 6 1 4 1 311 21 10 Comment = Microsoft Description = applicationCertPolicies OID = 1 3 6 1 4 1 311 21 11 Comment = Microsoft Description = applicationPolicyMappings OID = 1 3 6 1 4 1 311 21 12 Comment = Microsoft Description = applicationPolicyConstraints # Encrypted private key OID = 1 3 6 1 4 1 311 21 13 Comment = Microsoft attribute Description = archivedKey OID = 1 3 6 1 4 1 311 21 14 Comment = Microsoft Description = crlSelfCDP OID = 1 3 6 1 4 1 311 21 15 Comment = Microsoft Description = requireCertChainPolicy OID = 1 3 6 1 4 1 311 21 16 Comment = Microsoft Description = archivedKeyCertHash OID = 1 3 6 1 4 1 311 21 17 Comment = Microsoft Description = issuedCertHash OID = 1 3 6 1 4 1 311 21 19 Comment = Microsoft Description = dsEmailReplication # Identity of the client application/ActiveX control, user, and machine # that generated the request OID = 1 3 6 1 4 1 311 21 20 Comment = Microsoft attribute Description = requestClientInfo # Hash of private key OID = 1 3 6 1 4 1 311 21 21 Comment = Microsoft attribute Description = encryptedKeyHash OID = 1 3 6 1 4 1 311 21 22 Comment = Microsoft Description = certsrvCrossCaVersion OID = 1 3 6 1 4 1 311 25 1 Comment = Microsoft Description = ntdsReplication OID = 1 3 6 1 4 1 311 31 1 Comment = Microsoft attribute Description = productUpdate # EKU: Health (= proof of compliance with system security policy) certificate # (This may also be a policy OID rather than an EKU OID) OID = 1 3 6 1 4 1 311 47 1 1 Comment = Microsoft extended key usage Description = systemHealth # EKU: Extended health (= proof of compliance with system security policy) # certificate This is an interesting example of the triumph of politics # over security, the "Health" key usage is meant to indicate compliance with # a system or corporate security policy, and this key usage is for systems # that don't comply with the policy but that need a "Health" certificate # anyway OID = 1 3 6 1 4 1 311 47 1 3 Comment = Microsoft extended key usage Description = systemHealthLoophole OID = 1 3 6 1 4 1 311 60 1 1 Comment = Microsoft policy attribute Description = rootProgramFlags OID = 1 3 6 1 4 1 311 61 1 1 Comment = Microsoft enhanced key usage Description = kernelModeCodeSigning OID = 1 3 6 1 4 1 311 60 2 1 1 Comment = Microsoft (???) Description = jurisdictionOfIncorporationL OID = 1 3 6 1 4 1 311 60 2 1 2 Comment = Microsoft (???) Description = jurisdictionOfIncorporationSP OID = 1 3 6 1 4 1 311 60 2 1 3 Comment = Microsoft (???) Description = jurisdictionOfIncorporationC OID = 1 3 6 1 4 1 311 88 Comment = Microsoft attribute Description = capiCom OID = 1 3 6 1 4 1 311 88 1 Comment = Microsoft attribute Description = capiComVersion OID = 1 3 6 1 4 1 311 88 2 Comment = Microsoft attribute Description = capiComAttribute OID = 1 3 6 1 4 1 311 88 2 1 Comment = Microsoft attribute Description = capiComDocumentName OID = 1 3 6 1 4 1 311 88 2 2 Comment = Microsoft attribute Description = capiComDocumentDescription OID = 1 3 6 1 4 1 311 88 3 Comment = Microsoft attribute Description = capiComEncryptedData OID = 1 3 6 1 4 1 311 88 3 1 Comment = Microsoft attribute Description = capiComEncryptedContent # Ascom Systech OID = 1 3 6 1 4 1 188 7 1 1 Comment = Ascom Systech Description = ascom OID = 1 3 6 1 4 1 188 7 1 1 1 Comment = Ascom Systech Description = ideaECB OID = 1 3 6 1 4 1 188 7 1 1 2 Comment = Ascom Systech Description = ideaCBC OID = 1 3 6 1 4 1 188 7 1 1 3 Comment = Ascom Systech Description = ideaCFB OID = 1 3 6 1 4 1 188 7 1 1 4 Comment = Ascom Systech Description = ideaOFB # UNINETT OID = 1 3 6 1 4 1 2428 10 1 1 Comment = UNINETT PCA Description = UNINETT policyIdentifier # ICE-TEL OID = 1 3 6 1 4 1 2712 10 Comment = ICE-TEL CA Description = ICE-TEL policyIdentifier OID = 1 3 6 1 4 1 2786 1 1 1 Comment = ICE-TEL CA policy Description = ICE-TEL Italian policyIdentifier # cryptlib OID = 1 3 6 1 4 1 3029 1 1 1 Comment = cryptlib encryption algorithm Description = blowfishECB OID = 1 3 6 1 4 1 3029 1 1 2 Comment = cryptlib encryption algorithm Description = blowfishCBC OID = 1 3 6 1 4 1 3029 1 1 3 Comment = cryptlib encryption algorithm Description = blowfishCFB OID = 1 3 6 1 4 1 3029 1 1 4 Comment = cryptlib encryption algorithm Description = blowfishOFB OID = 1 3 6 1 4 1 3029 1 2 1 Comment = cryptlib public-key algorithm Description = elgamal OID = 1 3 6 1 4 1 3029 1 2 1 1 Comment = cryptlib public-key algorithm Description = elgamalWithSHA-1 OID = 1 3 6 1 4 1 3029 1 2 1 2 Comment = cryptlib public-key algorithm Description = elgamalWithRIPEMD-160 OID = 1 3 6 1 4 1 3029 3 1 1 Comment = cryptlib attribute type Description = cryptlibPresenceCheck OID = 1 3 6 1 4 1 3029 3 1 2 Comment = cryptlib attribute type Description = pkiBoot OID = 1 3 6 1 4 1 3029 3 1 4 Comment = cryptlib attribute type Description = crlExtReason OID = 1 3 6 1 4 1 3029 3 1 5 Comment = cryptlib attribute type Description = keyFeatures OID = 1 3 6 1 4 1 3029 4 1 Comment = cryptlib Description = cryptlibContent OID = 1 3 6 1 4 1 3029 4 1 1 Comment = cryptlib content type Description = cryptlibConfigData OID = 1 3 6 1 4 1 3029 4 1 2 Comment = cryptlib content type Description = cryptlibUserIndex OID = 1 3 6 1 4 1 3029 4 1 3 Comment = cryptlib content type Description = cryptlibUserInfo OID = 1 3 6 1 4 1 3029 4 1 4 Comment = cryptlib content type Description = rtcsRequest OID = 1 3 6 1 4 1 3029 4 1 5 Comment = cryptlib content type Description = rtcsResponse OID = 1 3 6 1 4 1 3029 4 1 6 Comment = cryptlib content type Description = rtcsResponseExt OID = 1 3 6 1 4 1 3029 42 11172 1 Comment = cryptlib special MPEG-of-cat OID Description = mpeg-1 # Hex OID = 06 0A 2B 06 01 04 01 97 36 DD 24 36, TSA policy that's needed # because TSP requires a policy OID in responses. This is the 'snooze # policy, "Anything that arrives, we sign". OID = 1 3 6 1 4 1 3029 54 11940 54 Comment = cryptlib TSA policy Description = TSA policy "Anything that arrives, we sign" # Hex OID = 06 0C 2B 06 01 04 01 97 55 58 59 5A 5A 59, last values are # 'xyzzy'. OID = 1 3 6 1 4 1 3029 88 89 90 90 89 Comment = cryptlib certificate policy Description = xYZZY policyIdentifier # PGP Inc. OID = 1 3 6 1 4 1 3401 8 1 1 Comment = PGP key information Description = pgpExtension # EDI messaging for TMN Interactive Agents OID = 1 3 6 1 4 1 3576 7 Comment = TMN EDI for Interactive Agents Description = eciaAscX12Edi OID = 1 3 6 1 4 1 3576 7 1 Comment = TMN EDI for Interactive Agents Description = plainEDImessage OID = 1 3 6 1 4 1 3576 7 2 Comment = TMN EDI for Interactive Agents Description = signedEDImessage OID = 1 3 6 1 4 1 3576 7 5 Comment = TMN EDI for Interactive Agents Description = integrityEDImessage OID = 1 3 6 1 4 1 3576 7 65 Comment = TMN EDI for Interactive Agents Description = iaReceiptMessage OID = 1 3 6 1 4 1 3576 7 97 Comment = TMN EDI for Interactive Agents Description = iaStatusMessage OID = 1 3 6 1 4 1 3576 8 Comment = TMN EDI for Interactive Agents Description = eciaEdifact OID = 1 3 6 1 4 1 3576 9 Comment = TMN EDI for Interactive Agents Description = eciaNonEdi # Globalsign OID = 1 3 6 1 4 1 4146 Comment = Globalsign Description = Globalsign OID = 1 3 6 1 4 1 4146 1 Comment = Globalsign Description = globalsignPolicy # Present in the EV policy OID collection at the end of this list #OID = 1 3 6 1 4 1 4146 1 1 #Comment = Globalsign policy #Description = globalsignEVPolicy OID = 1 3 6 1 4 1 4146 1 10 Comment = Globalsign policy Description = globalsignDVPolicy OID = 1 3 6 1 4 1 4146 1 20 Comment = Globalsign policy Description = globalsignOVPolicy OID = 1 3 6 1 4 1 4146 1 30 Comment = Globalsign policy Description = globalsignTSAPolicy OID = 1 3 6 1 4 1 4146 1 40 Comment = Globalsign policy Description = globalsignClientCertPolicy OID = 1 3 6 1 4 1 4146 1 50 Comment = Globalsign policy Description = globalsignCodeSignPolicy OID = 1 3 6 1 4 1 4146 1 60 Comment = Globalsign policy Description = globalsignRootSignPolicy OID = 1 3 6 1 4 1 4146 1 70 Comment = Globalsign policy Description = globalsignTrustedRootPolicy OID = 1 3 6 1 4 1 4146 1 80 Comment = Globalsign policy Description = globalsignEDIClientPolicy OID = 1 3 6 1 4 1 4146 1 81 Comment = Globalsign policy Description = globalsignEDIServerPolicy OID = 1 3 6 1 4 1 4146 1 90 Comment = Globalsign policy Description = globalsignTPMRootPolicy OID = 1 3 6 1 4 1 4146 1 95 Comment = Globalsign policy Description = globalsignOCSPPolicy # EdelWeb, http://timestamping.edelweb.fr OID = 1 3 6 1 4 1 5309 1 Comment = EdelWeb policy Description = edelWebPolicy OID = 1 3 6 1 4 1 5309 1 2 Comment = EdelWeb policy Description = edelWebCustomerPolicy OID = 1 3 6 1 4 1 5309 1 2 1 Comment = EdelWeb policy Description = edelWebClepsydrePolicy OID = 1 3 6 1 4 1 5309 1 2 2 Comment = EdelWeb policy Description = edelWebExperimentalTSAPolicy OID = 1 3 6 1 4 1 5309 1 2 3 Comment = EdelWeb policy Description = edelWebOpenEvidenceTSAPolicy # Timeproof (www.timeproof.de) OID = 1 3 6 1 4 1 5472 Comment = enterprise Description = timeproof OID = 1 3 6 1 4 1 5472 1 Comment = timeproof Description = tss OID = 1 3 6 1 4 1 5472 1 1 Comment = timeproof TSS Description = tss80 OID = 1 3 6 1 4 1 5472 1 2 Comment = timeproof TSS Description = tss380 OID = 1 3 6 1 4 1 5472 1 3 Comment = timeproof TSS Description = tss400 # MEDePass OID = 1 3 6 1 4 1 5770 0 3 Comment = MEDePass Description = secondaryPractices OID = 1 3 6 1 4 1 5770 0 4 Comment = MEDePass Description = physicianIdentifiers # Comodo (formerly WoTrust) CA OID = 1 3 6 1 4 1 6449 1 2 1 3 1 Comment = Comodo CA Description = comodoPolicy OID = 1 3 6 1 4 1 6449 1 2 2 15 Comment = WoTrust (Comodo) CA Description = wotrustPolicy # This is actually called "unknownKeyUsage" but that's rather misleading, # since it's used for Comodo's Certified Delivery Service receive facility # we label it as such. OID = 1 3 6 1 4 1 6449 1 3 5 2 Comment = Comodo CA Description = comodoCertifiedDeliveryService OID = 1 3 6 1 4 1 6449 2 1 1 Comment = Comodo CA Description = comodoTimestampingPolicy # TU Darmstadt ValidityModel # http://www.cdc.informatik.tu-darmstadt.de/TI/Forschung/FlexiPKI/validitymodel/index.html OID = 1 3 6 1 4 1 8301 3 5 1 Comment = TU Darmstadt ValidityModel Description = validityModelChain OID = 1 3 6 1 4 1 8301 3 5 2 Comment = ValidityModel Description = validityModelShell # Chilean Government OID = 1 3 6 1 4 1 8231 1 Comment = Chilean Government national unique roll number Description = rolUnicoNacional # GNU (GPG) Project OID = 1 3 6 1 4 1 11591 Comment = GNU Project (see http://www.gnupg.org/oids.html) Description = gnu OID = 1 3 6 1 4 1 11591 1 Comment = GNU Radius Description = gnuRadius OID = 1 3 6 1 4 1 11591 3 Comment = GNU Radar Description = gnuRadar OID = 1 3 6 1 4 1 11591 4 11 Comment = GNU Generic Security Service Description = scrypt OID = 1 3 6 1 4 1 11591 12 Comment = GNU digest algorithm Description = gnuDigestAlgorithm OID = 1 3 6 1 4 1 11591 12 2 Comment = GNU digest algorithm Description = tiger OID = 1 3 6 1 4 1 11591 13 Comment = GNU encryption algorithm Description = gnuEncryptionAlgorithm OID = 1 3 6 1 4 1 11591 13 2 Comment = GNU encryption algorithm Description = serpent OID = 1 3 6 1 4 1 11591 13 2 1 Comment = GNU encryption algorithm Description = serpent128_ECB OID = 1 3 6 1 4 1 11591 13 2 2 Comment = GNU encryption algorithm Description = serpent128_CBC OID = 1 3 6 1 4 1 11591 13 2 3 Comment = GNU encryption algorithm Description = serpent128_OFB OID = 1 3 6 1 4 1 11591 13 2 4 Comment = GNU encryption algorithm Description = serpent128_CFB OID = 1 3 6 1 4 1 11591 13 2 21 Comment = GNU encryption algorithm Description = serpent192_ECB OID = 1 3 6 1 4 1 11591 13 2 22 Comment = GNU encryption algorithm Description = serpent192_CBC OID = 1 3 6 1 4 1 11591 13 2 23 Comment = GNU encryption algorithm Description = serpent192_OFB OID = 1 3 6 1 4 1 11591 13 2 24 Comment = GNU encryption algorithm Description = serpent192_CFB OID = 1 3 6 1 4 1 11591 13 2 41 Comment = GNU encryption algorithm Description = serpent256_ECB OID = 1 3 6 1 4 1 11591 13 2 42 Comment = GNU encryption algorithm Description = serpent256_CBC OID = 1 3 6 1 4 1 11591 13 2 43 Comment = GNU encryption algorithm Description = serpent256_OFB OID = 1 3 6 1 4 1 11591 13 2 44 Comment = GNU encryption algorithm Description = serpent256_CFB OID = 1 3 6 1 4 1 11591 15 1 Comment = GNU encryption algorithm Description = curve25519 OID = 1 3 6 1 4 1 11591 15 2 Comment = GNU encryption algorithm Description = curve448 OID = 1 3 6 1 4 1 11591 15 3 Comment = GNU encryption algorithm Description = curve25519ph OID = 1 3 6 1 4 1 11591 15 4 Comment = GNU encryption algorithm Description = curve448ph # Northrop Grumman Mission Systems OID = 1 3 6 1 4 1 16334 509 1 1 Comment = Northrop Grumman extended key usage Description = Northrop Grumman extKeyUsage? OID = 1 3 6 1 4 1 16334 509 2 1 Comment = Northrop Grumman policy Description = ngcClass1 OID = 1 3 6 1 4 1 16334 509 2 2 Comment = Northrop Grumman policy Description = ngcClass2 OID = 1 3 6 1 4 1 16334 509 2 3 Comment = Northrop Grumman policy Description = ngcClass3 # Safenet OID = 1 3 6 1 4 1 23629 1 4 2 1 1 Comment = SafeNet Description = safenetUsageLimit OID = 1 3 6 1 4 1 23629 1 4 2 1 2 Comment = SafeNet Description = safenetEndDate OID = 1 3 6 1 4 1 23629 1 4 2 1 3 Comment = SafeNet Description = safenetStartDate OID = 1 3 6 1 4 1 23629 1 4 2 1 4 Comment = SafeNet Description = safenetAdminCert OID = 1 3 6 1 4 1 23629 1 4 2 2 1 Comment = SafeNet Description = safenetKeyDigest # RFC 4556 / Kerberos OID = 1 3 6 1 5 2 3 1 Comment = Kerberos Description = authData OID = 1 3 6 1 5 2 3 2 Comment = Kerberos Description = dHKeyData OID = 1 3 6 1 5 2 3 3 Comment = Kerberos Description = rkeyData OID = 1 3 6 1 5 2 3 4 Comment = Kerberos Description = keyPurposeClientAuth OID = 1 3 6 1 5 2 3 5 Comment = Kerberos Description = keyPurposeKdc OID = 1 3 6 1 5 2 3 6 Comment = Kerberos Description = kdf # PKIX OID = 1 3 6 1 5 5 7 Description = pkix OID = 1 3 6 1 5 5 7 0 12 Comment = PKIX Description = attributeCert OID = 1 3 6 1 5 5 7 1 Comment = PKIX Description = privateExtension OID = 1 3 6 1 5 5 7 1 1 Comment = PKIX private extension Description = authorityInfoAccess OID = 1 3 6 1 5 5 7 1 2 Comment = PKIX private extension Description = biometricInfo OID = 1 3 6 1 5 5 7 1 3 Comment = PKIX private extension Description = qcStatements OID = 1 3 6 1 5 5 7 1 4 Comment = PKIX private extension Description = acAuditIdentity OID = 1 3 6 1 5 5 7 1 5 Comment = PKIX private extension Description = acTargeting OID = 1 3 6 1 5 5 7 1 6 Comment = PKIX private extension Description = acAaControls OID = 1 3 6 1 5 5 7 1 7 Comment = PKIX private extension Description = ipAddrBlocks OID = 1 3 6 1 5 5 7 1 8 Comment = PKIX private extension Description = autonomousSysIds OID = 1 3 6 1 5 5 7 1 9 Comment = PKIX private extension Description = routerIdentifier OID = 1 3 6 1 5 5 7 1 10 Comment = PKIX private extension Description = acProxying OID = 1 3 6 1 5 5 7 1 11 Comment = PKIX private extension Description = subjectInfoAccess OID = 1 3 6 1 5 5 7 1 12 Comment = PKIX private extension Description = logoType OID = 1 3 6 1 5 5 7 1 13 Comment = PKIX private extension Description = wlanSSID OID = 1 3 6 1 5 5 7 1 14 Comment = PKIX private extension Description = proxyCertInfo OID = 1 3 6 1 5 5 7 1 15 Comment = PKIX private extension Description = acPolicies OID = 1 3 6 1 5 5 7 1 16 Comment = PKIX private extension Description = certificateWarranty # Never used, and the name is confusing. #OID = 1 3 6 1 5 5 7 1 17 #Comment = PKIX private extension #Description = sim OID = 1 3 6 1 5 5 7 1 18 Comment = PKIX private extension Description = cmsContentConstraints OID = 1 3 6 1 5 5 7 1 19 Comment = PKIX private extension Description = otherCerts OID = 1 3 6 1 5 5 7 1 20 Comment = PKIX private extension Description = wrappedApexContinKey OID = 1 3 6 1 5 5 7 1 21 Comment = PKIX private extension Description = clearanceConstraints OID = 1 3 6 1 5 5 7 1 22 Comment = PKIX private extension Description = skiSemantics OID = 1 3 6 1 5 5 7 1 23 Comment = PKIX private extension Description = noSecrecyAfforded OID = 1 3 6 1 5 5 7 1 24 Comment = PKIX private extension Description = tlsFeature OID = 1 3 6 1 5 5 7 1 25 Comment = PKIX private extension Description = manufacturerUsageDescription OID = 1 3 6 1 5 5 7 1 26 Comment = PKIX private extension Description = tnAuthList OID = 1 3 6 1 5 5 7 1 27 Comment = PKIX private extension Description = jwtClaimConstraints OID = 1 3 6 1 5 5 7 1 28 Comment = PKIX private extension Description = ipAddrBlocksV2 OID = 1 3 6 1 5 5 7 1 29 Comment = PKIX private extension Description = autonomousSysIdsV2 OID = 1 3 6 1 5 5 7 1 30 Comment = PKIX private extension Description = manufacturerUsageDescriptionSigner OID = 1 3 6 1 5 5 7 1 31 Comment = PKIX private extension Description = acmeIdentifier OID = 1 3 6 1 5 5 7 2 Comment = PKIX Description = policyQualifierIds OID = 1 3 6 1 5 5 7 2 1 Comment = PKIX policy qualifier Description = cps OID = 1 3 6 1 5 5 7 2 2 Comment = PKIX policy qualifier Description = unotice OID = 1 3 6 1 5 5 7 2 3 Comment = PKIX policy qualifier Description = textNotice OID = 1 3 6 1 5 5 7 3 Comment = PKIX Description = keyPurpose OID = 1 3 6 1 5 5 7 3 1 Comment = PKIX key purpose Description = serverAuth OID = 1 3 6 1 5 5 7 3 2 Comment = PKIX key purpose Description = clientAuth OID = 1 3 6 1 5 5 7 3 3 Comment = PKIX key purpose Description = codeSigning OID = 1 3 6 1 5 5 7 3 4 Comment = PKIX key purpose Description = emailProtection OID = 1 3 6 1 5 5 7 3 5 Comment = PKIX key purpose Description = ipsecEndSystem Warning OID = 1 3 6 1 5 5 7 3 6 Comment = PKIX key purpose Description = ipsecTunnel Warning OID = 1 3 6 1 5 5 7 3 7 Comment = PKIX key purpose Description = ipsecUser Warning OID = 1 3 6 1 5 5 7 3 8 Comment = PKIX key purpose Description = timeStamping OID = 1 3 6 1 5 5 7 3 9 Comment = PKIX key purpose Description = ocspSigning OID = 1 3 6 1 5 5 7 3 10 Comment = PKIX key purpose Description = dvcs OID = 1 3 6 1 5 5 7 3 11 Comment = PKIX key purpose Description = sbgpCertAAServerAuth Warning OID = 1 3 6 1 5 5 7 3 12 Comment = PKIX key purpose Description = scvpResponder Warning OID = 1 3 6 1 5 5 7 3 13 Comment = PKIX key purpose Description = eapOverPPP OID = 1 3 6 1 5 5 7 3 14 Comment = PKIX key purpose Description = eapOverLAN OID = 1 3 6 1 5 5 7 3 15 Comment = PKIX key purpose Description = scvpServer OID = 1 3 6 1 5 5 7 3 16 Comment = PKIX key purpose Description = scvpClient OID = 1 3 6 1 5 5 7 3 17 Comment = PKIX key purpose Description = ipsecIKE OID = 1 3 6 1 5 5 7 3 18 Comment = PKIX key purpose Description = capwapAC OID = 1 3 6 1 5 5 7 3 19 Comment = PKIX key purpose Description = capwapWTP OID = 1 3 6 1 5 5 7 3 20 Comment = PKIX key purpose Description = sipDomain OID = 1 3 6 1 5 5 7 3 21 Comment = PKIX key purpose Description = secureShellClient OID = 1 3 6 1 5 5 7 3 22 Comment = PKIX key purpose Description = secureShellServer OID = 1 3 6 1 5 5 7 3 23 Comment = PKIX key purpose Description = sendRouter OID = 1 3 6 1 5 5 7 3 24 Comment = PKIX key purpose Description = sendProxiedRouter OID = 1 3 6 1 5 5 7 3 25 Comment = PKIX key purpose Description = sendOwner OID = 1 3 6 1 5 5 7 3 26 Comment = PKIX key purpose Description = sendProxiedOwner OID = 1 3 6 1 5 5 7 3 27 Comment = PKIX key purpose Description = cmcCA OID = 1 3 6 1 5 5 7 3 28 Comment = PKIX key purpose Description = cmcRA OID = 1 3 6 1 5 5 7 3 29 Comment = PKIX key purpose Description = cmcArchive OID = 1 3 6 1 5 5 7 3 30 Comment = PKIX key purpose Description = bgpsecRouter OID = 1 3 6 1 5 5 7 4 Comment = PKIX Description = cmpInformationTypes OID = 1 3 6 1 5 5 7 4 1 Comment = PKIX CMP information Description = caProtEncCert OID = 1 3 6 1 5 5 7 4 2 Comment = PKIX CMP information Description = signKeyPairTypes OID = 1 3 6 1 5 5 7 4 3 Comment = PKIX CMP information Description = encKeyPairTypes OID = 1 3 6 1 5 5 7 4 4 Comment = PKIX CMP information Description = preferredSymmAlg OID = 1 3 6 1 5 5 7 4 5 Comment = PKIX CMP information Description = caKeyUpdateInfo OID = 1 3 6 1 5 5 7 4 6 Comment = PKIX CMP information Description = currentCRL OID = 1 3 6 1 5 5 7 4 7 Comment = PKIX CMP information Description = unsupportedOIDs OID = 1 3 6 1 5 5 7 4 10 Comment = PKIX CMP information Description = keyPairParamReq OID = 1 3 6 1 5 5 7 4 11 Comment = PKIX CMP information Description = keyPairParamRep OID = 1 3 6 1 5 5 7 4 12 Comment = PKIX CMP information Description = revPassphrase OID = 1 3 6 1 5 5 7 4 13 Comment = PKIX CMP information Description = implicitConfirm OID = 1 3 6 1 5 5 7 4 14 Comment = PKIX CMP information Description = confirmWaitTime OID = 1 3 6 1 5 5 7 4 15 Comment = PKIX CMP information Description = origPKIMessage OID = 1 3 6 1 5 5 7 4 16 Comment = PKIX CMP information Description = suppLangTags OID = 1 3 6 1 5 5 7 5 Comment = PKIX Description = crmfRegistration OID = 1 3 6 1 5 5 7 5 1 Comment = PKIX CRMF registration Description = regCtrl OID = 1 3 6 1 5 5 7 5 1 1 Comment = PKIX CRMF registration control Description = regToken OID = 1 3 6 1 5 5 7 5 1 2 Comment = PKIX CRMF registration control Description = authenticator OID = 1 3 6 1 5 5 7 5 1 3 Comment = PKIX CRMF registration control Description = pkiPublicationInfo OID = 1 3 6 1 5 5 7 5 1 4 Comment = PKIX CRMF registration control Description = pkiArchiveOptions OID = 1 3 6 1 5 5 7 5 1 5 Comment = PKIX CRMF registration control Description = oldCertID OID = 1 3 6 1 5 5 7 5 1 6 Comment = PKIX CRMF registration control Description = protocolEncrKey OID = 1 3 6 1 5 5 7 5 1 7 Comment = PKIX CRMF registration control Description = altCertTemplate OID = 1 3 6 1 5 5 7 5 1 8 Comment = PKIX CRMF registration control Description = wtlsTemplate OID = 1 3 6 1 5 5 7 5 2 Comment = PKIX CRMF registration Description = utf8Pairs OID = 1 3 6 1 5 5 7 5 2 1 Comment = PKIX CRMF registration control Description = utf8Pairs OID = 1 3 6 1 5 5 7 5 2 2 Comment = PKIX CRMF registration control Description = certReq OID = 1 3 6 1 5 5 7 6 Comment = PKIX Description = algorithms OID = 1 3 6 1 5 5 7 6 1 Comment = PKIX algorithm Description = des40 OID = 1 3 6 1 5 5 7 6 2 Comment = PKIX algorithm Description = noSignature OID = 1 3 6 1 5 5 7 6 3 Comment = PKIX algorithm Description = dhSigHmacSha1 OID = 1 3 6 1 5 5 7 6 4 Comment = PKIX algorithm Description = dhPop OID = 1 3 6 1 5 5 7 6 5 Comment = PKIX algorithm Description = dhPopSha224 OID = 1 3 6 1 5 5 7 6 6 Comment = PKIX algorithm Description = dhPopSha256 OID = 1 3 6 1 5 5 7 6 7 Comment = PKIX algorithm Description = dhPopSha384 OID = 1 3 6 1 5 5 7 6 8 Comment = PKIX algorithm Description = dhPopSha512 OID = 1 3 6 1 5 5 7 6 15 Comment = PKIX algorithm Description = dhPopStaticSha224HmacSha224 OID = 1 3 6 1 5 5 7 6 16 Comment = PKIX algorithm Description = dhPopStaticSha256HmacSha256 OID = 1 3 6 1 5 5 7 6 17 Comment = PKIX algorithm Description = dhPopStaticSha384HmacSha384 OID = 1 3 6 1 5 5 7 6 18 Comment = PKIX algorithm Description = dhPopStaticSha512HmacSha512 OID = 1 3 6 1 5 5 7 6 25 Comment = PKIX algorithm Description = ecdhPopStaticSha224HmacSha224 OID = 1 3 6 1 5 5 7 6 26 Comment = PKIX algorithm Description = ecdhPopStaticSha256HmacSha256 OID = 1 3 6 1 5 5 7 6 27 Comment = PKIX algorithm Description = ecdhPopStaticSha384HmacSha384 OID = 1 3 6 1 5 5 7 6 28 Comment = PKIX algorithm Description = ecdhPopStaticSha512HmacSha512 OID = 1 3 6 1 5 5 7 7 Comment = PKIX Description = cmcControls OID = 1 3 6 1 5 5 7 8 Comment = PKIX Description = otherNames OID = 1 3 6 1 5 5 7 8 1 Comment = PKIX other name Description = personalData OID = 1 3 6 1 5 5 7 8 2 Comment = PKIX other name Description = userGroup OID = 1 3 6 1 5 5 7 8 5 Comment = PKIX other name Description = xmppAddr OID = 1 3 6 1 5 5 7 9 Comment = PKIX qualified certificates Description = personalData OID = 1 3 6 1 5 5 7 9 1 Comment = PKIX personal data Description = dateOfBirth OID = 1 3 6 1 5 5 7 9 2 Comment = PKIX personal data Description = placeOfBirth OID = 1 3 6 1 5 5 7 9 3 Comment = PKIX personal data Description = gender OID = 1 3 6 1 5 5 7 9 4 Comment = PKIX personal data Description = countryOfCitizenship OID = 1 3 6 1 5 5 7 9 5 Comment = PKIX personal data Description = countryOfResidence OID = 1 3 6 1 5 5 7 10 Comment = PKIX Description = attributeCertificate OID = 1 3 6 1 5 5 7 10 1 Comment = PKIX attribute certificate extension Description = authenticationInfo OID = 1 3 6 1 5 5 7 10 2 Comment = PKIX attribute certificate extension Description = accessIdentity OID = 1 3 6 1 5 5 7 10 3 Comment = PKIX attribute certificate extension Description = chargingIdentity OID = 1 3 6 1 5 5 7 10 4 Comment = PKIX attribute certificate extension Description = group OID = 1 3 6 1 5 5 7 10 5 Comment = PKIX attribute certificate extension Description = role OID = 1 3 6 1 5 5 7 10 6 Comment = PKIX attribute-certificate extension Description = wlanSSID OID = 1 3 6 1 5 5 7 11 Comment = PKIX qualified certificates Description = personalData OID = 1 3 6 1 5 5 7 11 1 Comment = PKIX qualified certificates Description = pkixQCSyntax-v1 OID = 1 3 6 1 5 5 7 14 2 Comment = PKIX policies Description = resourceCertificatePolicy OID = 1 3 6 1 5 5 7 20 Comment = PKIX qualified certificates Description = logo OID = 1 3 6 1 5 5 7 20 1 Comment = PKIX Description = logoLoyalty OID = 1 3 6 1 5 5 7 20 2 Comment = PKIX Description = logoBackground # OCSP OID = 1 3 6 1 5 5 7 48 1 Comment = PKIX Description = ocsp OID = 1 3 6 1 5 5 7 48 1 1 Comment = OCSP Description = ocspBasic OID = 1 3 6 1 5 5 7 48 1 2 Comment = OCSP Description = ocspNonce OID = 1 3 6 1 5 5 7 48 1 3 Comment = OCSP Description = ocspCRL OID = 1 3 6 1 5 5 7 48 1 4 Comment = OCSP Description = ocspResponse OID = 1 3 6 1 5 5 7 48 1 5 Comment = OCSP Description = ocspNoCheck OID = 1 3 6 1 5 5 7 48 1 6 Comment = OCSP Description = ocspArchiveCutoff OID = 1 3 6 1 5 5 7 48 1 7 Comment = OCSP Description = ocspServiceLocator # Subject/AuthorityInfo types (OCSP is already listed above) OID = 1 3 6 1 5 5 7 48 2 Comment = PKIX subject/authority info access descriptor Description = caIssuers OID = 1 3 6 1 5 5 7 48 3 Comment = PKIX subject/authority info access descriptor Description = timeStamping OID = 1 3 6 1 5 5 7 48 4 Comment = PKIX subject/authority info access descriptor Description = dvcs OID = 1 3 6 1 5 5 7 48 5 Comment = PKIX subject/authority info access descriptor Description = caRepository OID = 1 3 6 1 5 5 7 48 7 Comment = PKIX subject/authority info access descriptor Description = signedObjectRepository OID = 1 3 6 1 5 5 7 48 10 Comment = PKIX subject/authority info access descriptor Description = rpkiManifest OID = 1 3 6 1 5 5 7 48 11 Comment = PKIX subject/authority info access descriptor Description = signedObject # ISAKMP OID = 1 3 6 1 5 5 8 1 1 Comment = ISAKMP HMAC algorithm Description = hmacMD5 OID = 1 3 6 1 5 5 8 1 2 Comment = ISAKMP HMAC algorithm Description = hmacSHA OID = 1 3 6 1 5 5 8 1 3 Comment = ISAKMP HMAC algorithm Description = hmacTiger OID = 1 3 6 1 5 5 8 2 2 Comment = IKE ??? Description = iKEIntermediate # DEC (via ECMA) OID = 1 3 12 2 1011 7 1 Comment = DASS algorithm Description = decEncryptionAlgorithm OID = 1 3 12 2 1011 7 1 2 Comment = DASS encryption algorithm Description = decDEA OID = 1 3 12 2 1011 7 2 Comment = DASS algorithm Description = decHashAlgorithm OID = 1 3 12 2 1011 7 2 1 Comment = DASS hash algorithm Description = decMD2 OID = 1 3 12 2 1011 7 2 2 Comment = DASS hash algorithm Description = decMD4 OID = 1 3 12 2 1011 7 3 Comment = DASS algorithm Description = decSignatureAlgorithm OID = 1 3 12 2 1011 7 3 1 Comment = DASS signature algorithm Description = decMD2withRSA OID = 1 3 12 2 1011 7 3 2 Comment = DASS signature algorithm Description = decMD4withRSA OID = 1 3 12 2 1011 7 3 3 Comment = DASS signature algorithm Description = decDEAMAC # NIST Open Systems Environment (OSE) Implementor's Workshop (OIW), # specialising in oddball and partially-defunct OIDs OID = 1 3 14 2 26 5 Comment = Unsure about this OID Description = sha OID = 1 3 14 3 2 1 1 Comment = X.509. Unsure about this OID Description = rsa OID = 1 3 14 3 2 2 Comment = Oddball OIW OID Description = md4WitRSA OID = 1 3 14 3 2 3 Comment = Oddball OIW OID Description = md5WithRSA OID = 1 3 14 3 2 4 Comment = Oddball OIW OID Description = md4WithRSAEncryption OID = 1 3 14 3 2 2 1 Comment = X.509. Deprecated Description = sqmod-N Warning OID = 1 3 14 3 2 3 1 Comment = X.509. Deprecated Description = sqmod-NwithRSA Warning OID = 1 3 14 3 2 6 Description = desECB OID = 1 3 14 3 2 7 Description = desCBC OID = 1 3 14 3 2 8 Description = desOFB OID = 1 3 14 3 2 9 Description = desCFB OID = 1 3 14 3 2 10 Description = desMAC OID = 1 3 14 3 2 11 Comment = ISO 9796-2, also X9.31 Part 1 Description = rsaSignature OID = 1 3 14 3 2 12 Comment = OIW?, supposedly from an incomplete version of SDN.701 (doesn't match final SDN.701) Description = dsa Warning OID = 1 3 14 3 2 13 Comment = Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27) # Their response was that they know it's wrong, but noone uses SHA0 so it won't # cause any problems, right? Description = dsaWithSHA Warning # The various mdWithRSASignature OIDs are for the ANSI X9.31 draft and use # ISO 9796-2 padding rules. This work was derailed during the PKP brouhaha and # is still in progress (and probably will remain so) OID = 1 3 14 3 2 14 Comment = Oddball OIW OID using 9796-2 padding rules Description = mdc2WithRSASignature OID = 1 3 14 3 2 15 Comment = Oddball OIW OID using 9796-2 padding rules Description = shaWithRSASignature OID = 1 3 14 3 2 16 Comment = Oddball OIW OID. Deprecated, use a plain DH OID instead Description = dhWithCommonModulus Warning OID = 1 3 14 3 2 17 Comment = Oddball OIW OID. Mode is ECB Description = desEDE OID = 1 3 14 3 2 18 Comment = Oddball OIW OID Description = sha OID = 1 3 14 3 2 19 Comment = Oddball OIW OID, DES-based hash, planned for X9.31 Part 2 Description = mdc-2 OID = 1 3 14 3 2 20 Comment = Oddball OIW OID. Deprecated, use a plain DSA OID instead Description = dsaCommon Warning OID = 1 3 14 3 2 21 Comment = Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead Description = dsaCommonWithSHA Warning OID = 1 3 14 3 2 22 Comment = Oddball OIW OID Description = rsaKeyTransport OID = 1 3 14 3 2 23 Comment = Oddball OIW OID Description = keyed-hash-seal OID = 1 3 14 3 2 24 Comment = Oddball OIW OID using 9796-2 padding rules Description = md2WithRSASignature OID = 1 3 14 3 2 25 Comment = Oddball OIW OID using 9796-2 padding rules Description = md5WithRSASignature OID = 1 3 14 3 2 26 Comment = OIW Description = sha1 # Yet another multiply-assigned OID OID = 1 3 14 3 2 27 Comment = OIW. This OID may also be assigned as ripemd-160 Description = dsaWithSHA1 OID = 1 3 14 3 2 28 Comment = OIW Description = dsaWithCommonSHA1 OID = 1 3 14 3 2 29 Comment = Oddball OIW OID Description = sha-1WithRSAEncryption OID = 1 3 14 3 3 1 Comment = Oddball OIW OID Description = simple-strong-auth-mechanism OID = 1 3 14 7 2 1 1 Comment = Unsure about this OID Description = ElGamal OID = 1 3 14 7 2 3 1 Comment = Unsure about this OID Description = md2WithRSA OID = 1 3 14 7 2 3 2 Comment = Unsure about this OID Description = md2WithElGamal # Teletrust OID = 1 3 36 1 Comment = Teletrust document Description = document OID = 1 3 36 1 1 Comment = Teletrust document Description = finalVersion OID = 1 3 36 1 2 Comment = Teletrust document Description = draft OID = 1 3 36 2 Comment = Teletrust sio Description = sio OID = 1 3 36 2 1 Comment = Teletrust sio Description = sedu OID = 1 3 36 3 Comment = Teletrust algorithm Description = algorithm OID = 1 3 36 3 1 Comment = Teletrust algorithm Description = encryptionAlgorithm OID = 1 3 36 3 1 1 Comment = Teletrust encryption algorithm Description = des OID = 1 3 36 3 1 1 1 Comment = Teletrust encryption algorithm Description = desECB_pad OID = 1 3 36 3 1 1 1 1 Comment = Teletrust encryption algorithm Description = desECB_ISOpad OID = 1 3 36 3 1 1 2 1 Comment = Teletrust encryption algorithm Description = desCBC_pad OID = 1 3 36 3 1 1 2 1 1 Comment = Teletrust encryption algorithm Description = desCBC_ISOpad OID = 1 3 36 3 1 3 Comment = Teletrust encryption algorithm Description = des_3 OID = 1 3 36 3 1 3 1 1 Comment = Teletrust encryption algorithm. EDE triple DES Description = des_3ECB_pad OID = 1 3 36 3 1 3 1 1 1 Comment = Teletrust encryption algorithm. EDE triple DES Description = des_3ECB_ISOpad OID = 1 3 36 3 1 3 2 1 Comment = Teletrust encryption algorithm. EDE triple DES Description = des_3CBC_pad OID = 1 3 36 3 1 3 2 1 1 Comment = Teletrust encryption algorithm. EDE triple DES Description = des_3CBC_ISOpad OID = 1 3 36 3 1 2 Comment = Teletrust encryption algorithm Description = idea OID = 1 3 36 3 1 2 1 Comment = Teletrust encryption algorithm Description = ideaECB OID = 1 3 36 3 1 2 1 1 Comment = Teletrust encryption algorithm Description = ideaECB_pad OID = 1 3 36 3 1 2 1 1 1 Comment = Teletrust encryption algorithm Description = ideaECB_ISOpad OID = 1 3 36 3 1 2 2 Comment = Teletrust encryption algorithm Description = ideaCBC OID = 1 3 36 3 1 2 2 1 Comment = Teletrust encryption algorithm Description = ideaCBC_pad OID = 1 3 36 3 1 2 2 1 1 Comment = Teletrust encryption algorithm Description = ideaCBC_ISOpad OID = 1 3 36 3 1 2 3 Comment = Teletrust encryption algorithm Description = ideaOFB OID = 1 3 36 3 1 2 4 Comment = Teletrust encryption algorithm Description = ideaCFB OID = 1 3 36 3 1 4 Comment = Teletrust encryption algorithm Description = rsaEncryption OID = 1 3 36 3 1 4 512 17 Comment = Teletrust encryption algorithm Description = rsaEncryptionWithlmod512expe17 OID = 1 3 36 3 1 5 Comment = Teletrust encryption algorithm Description = bsi-1 OID = 1 3 36 3 1 5 1 Comment = Teletrust encryption algorithm Description = bsi_1ECB_pad OID = 1 3 36 3 1 5 2 Comment = Teletrust encryption algorithm Description = bsi_1CBC_pad OID = 1 3 36 3 1 5 2 1 Comment = Teletrust encryption algorithm Description = bsi_1CBC_PEMpad OID = 1 3 36 3 2 Comment = Teletrust algorithm Description = hashAlgorithm OID = 1 3 36 3 2 1 Comment = Teletrust hash algorithm Description = ripemd160 OID = 1 3 36 3 2 2 Comment = Teletrust hash algorithm Description = ripemd128 OID = 1 3 36 3 2 3 Comment = Teletrust hash algorithm Description = ripemd256 OID = 1 3 36 3 2 4 Comment = Teletrust hash algorithm Description = mdc2singleLength OID = 1 3 36 3 2 5 Comment = Teletrust hash algorithm Description = mdc2doubleLength OID = 1 3 36 3 3 Comment = Teletrust algorithm Description = signatureAlgorithm OID = 1 3 36 3 3 1 Comment = Teletrust signature algorithm Description = rsaSignature OID = 1 3 36 3 3 1 1 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1 # What *were* they thinking? OID = 1 3 36 3 3 1 1 512 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l512_l2 OID = 1 3 36 3 3 1 1 640 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l640_l2 OID = 1 3 36 3 3 1 1 768 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l768_l2 OID = 1 3 36 3 3 1 1 896 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l896_l2 OID = 1 3 36 3 3 1 1 1024 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l1024_l2 OID = 1 3 36 3 3 1 1 512 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l512_l3 OID = 1 3 36 3 3 1 1 640 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l640_l3 OID = 1 3 36 3 3 1 1 768 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l768_l3 OID = 1 3 36 3 3 1 1 896 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l896_l3 OID = 1 3 36 3 3 1 1 1024 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l1024_l3 OID = 1 3 36 3 3 1 1 512 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l512_l5 OID = 1 3 36 3 3 1 1 640 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l640_l5 OID = 1 3 36 3 3 1 1 768 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l768_l5 OID = 1 3 36 3 3 1 1 896 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l896_l5 OID = 1 3 36 3 3 1 1 1024 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l1024_l5 OID = 1 3 36 3 3 1 1 512 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l512_l9 OID = 1 3 36 3 3 1 1 640 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l640_l9 OID = 1 3 36 3 3 1 1 768 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l768_l9 OID = 1 3 36 3 3 1 1 896 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l896_l9 OID = 1 3 36 3 3 1 1 1024 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l1024_l9 OID = 1 3 36 3 3 1 1 512 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l512_l11 OID = 1 3 36 3 3 1 1 640 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l640_l11 OID = 1 3 36 3 3 1 1 768 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l768_l11 OID = 1 3 36 3 3 1 1 896 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l896_l11 OID = 1 3 36 3 3 1 1 1024 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithsha1_l1024_l11 OID = 1 3 36 3 3 1 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160 OID = 1 3 36 3 3 1 2 512 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l512_l2 OID = 1 3 36 3 3 1 2 640 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l640_l2 OID = 1 3 36 3 3 1 2 768 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l768_l2 OID = 1 3 36 3 3 1 2 896 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l896_l2 OID = 1 3 36 3 3 1 2 1024 2 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l1024_l2 OID = 1 3 36 3 3 1 2 512 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l512_l3 OID = 1 3 36 3 3 1 2 640 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l640_l3 OID = 1 3 36 3 3 1 2 768 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l768_l3 OID = 1 3 36 3 3 1 2 896 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l896_l3 OID = 1 3 36 3 3 1 2 1024 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l1024_l3 OID = 1 3 36 3 3 1 2 512 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l512_l5 OID = 1 3 36 3 3 1 2 640 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l640_l5 OID = 1 3 36 3 3 1 2 768 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l768_l5 OID = 1 3 36 3 3 1 2 896 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l896_l5 OID = 1 3 36 3 3 1 2 1024 5 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l1024_l5 OID = 1 3 36 3 3 1 2 512 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l512_l9 OID = 1 3 36 3 3 1 2 640 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l640_l9 OID = 1 3 36 3 3 1 2 768 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l768_l9 OID = 1 3 36 3 3 1 2 896 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l896_l9 OID = 1 3 36 3 3 1 2 1024 9 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l1024_l9 OID = 1 3 36 3 3 1 2 512 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l512_l11 OID = 1 3 36 3 3 1 2 640 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l640_l11 OID = 1 3 36 3 3 1 2 768 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l768_l11 OID = 1 3 36 3 3 1 2 896 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l896_l11 OID = 1 3 36 3 3 1 2 1024 11 Comment = Teletrust signature algorithm Description = rsaSignatureWithripemd160_l1024_l11 OID = 1 3 36 3 3 1 3 Comment = Teletrust signature algorithm Description = rsaSignatureWithrimpemd128 OID = 1 3 36 3 3 1 4 Comment = Teletrust signature algorithm Description = rsaSignatureWithrimpemd256 OID = 1 3 36 3 3 2 Comment = Teletrust signature algorithm Description = ecsieSign OID = 1 3 36 3 3 2 1 Comment = Teletrust signature algorithm Description = ecsieSignWithsha1 OID = 1 3 36 3 3 2 2 Comment = Teletrust signature algorithm Description = ecsieSignWithripemd160 OID = 1 3 36 3 3 2 3 Comment = Teletrust signature algorithm Description = ecsieSignWithmd2 OID = 1 3 36 3 3 2 4 Comment = Teletrust signature algorithm Description = ecsieSignWithmd5 # Brainpool ECC Curves. Note that these fall under the Teletrust ECC # signature algorithm arc (ecsieSign, 1 3 36 3 3 2) but they're listed # separately here because they were standardised under the Brainpool # initiative. OID = 1 3 36 3 3 2 8 1 1 1 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP160r1 OID = 1 3 36 3 3 2 8 1 1 2 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP160t1 OID = 1 3 36 3 3 2 8 1 1 3 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP192r1 OID = 1 3 36 3 3 2 8 1 1 4 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP192t1 OID = 1 3 36 3 3 2 8 1 1 5 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP224r1 OID = 1 3 36 3 3 2 8 1 1 6 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP224t1 OID = 1 3 36 3 3 2 8 1 1 7 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP256r1 OID = 1 3 36 3 3 2 8 1 1 8 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP256t1 OID = 1 3 36 3 3 2 8 1 1 9 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP320r1 OID = 1 3 36 3 3 2 8 1 1 10 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP320t1 OID = 1 3 36 3 3 2 8 1 1 11 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP384r1 OID = 1 3 36 3 3 2 8 1 1 12 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP384t1 OID = 1 3 36 3 3 2 8 1 1 13 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP512r1 OID = 1 3 36 3 3 2 8 1 1 14 Comment = ECC Brainpool Standard Curves and Curve Generation Description = brainpoolP512t1 OID = 1 3 36 3 4 Comment = Teletrust algorithm Description = signatureScheme OID = 1 3 36 3 4 1 Comment = Teletrust signature scheme Description = sigS_ISO9796-1 OID = 1 3 36 3 4 2 Comment = Teletrust signature scheme Description = sigS_ISO9796-2 OID = 1 3 36 3 4 2 1 Comment = Teletrust signature scheme. Unsure what this is supposed to be Description = sigS_ISO9796-2Withred OID = 1 3 36 3 4 2 2 Comment = Teletrust signature scheme. Unsure what this is supposed to be Description = sigS_ISO9796-2Withrsa OID = 1 3 36 3 4 2 3 Comment = Teletrust signature scheme. 9796-2 with random number in padding field Description = sigS_ISO9796-2Withrnd OID = 1 3 36 4 Comment = Teletrust attribute Description = attribute OID = 1 3 36 5 Comment = Teletrust policy Description = policy OID = 1 3 36 6 Comment = Teletrust API Description = api OID = 1 3 36 6 1 Comment = Teletrust API Description = manufacturer-specific_api OID = 1 3 36 6 1 1 Comment = Teletrust API Description = utimaco-api OID = 1 3 36 6 2 Comment = Teletrust API Description = functionality-specific_api OID = 1 3 36 7 Comment = Teletrust key management Description = keymgmnt OID = 1 3 36 7 1 Comment = Teletrust key management Description = keyagree OID = 1 3 36 7 1 1 Comment = Teletrust key management Description = bsiPKE OID = 1 3 36 7 2 Comment = Teletrust key management Description = keytrans OID = 1 3 36 7 2 1 Comment = Teletrust key management. 9796-2 with key stored in hash field Description = encISO9796-2Withrsa OID = 1 3 36 8 1 1 Comment = Teletrust policy Description = Teletrust SigGConform policyIdentifier OID = 1 3 36 8 2 1 Comment = Teletrust extended key usage Description = directoryService OID = 1 3 36 8 3 1 Comment = Teletrust attribute Description = dateOfCertGen OID = 1 3 36 8 3 2 Comment = Teletrust attribute Description = procuration OID = 1 3 36 8 3 3 Comment = Teletrust attribute Description = admission OID = 1 3 36 8 3 4 Comment = Teletrust attribute Description = monetaryLimit OID = 1 3 36 8 3 5 Comment = Teletrust attribute Description = declarationOfMajority OID = 1 3 36 8 3 6 Comment = Teletrust attribute Description = integratedCircuitCardSerialNumber OID = 1 3 36 8 3 7 Comment = Teletrust attribute Description = pKReference OID = 1 3 36 8 3 8 Comment = Teletrust attribute Description = restriction OID = 1 3 36 8 3 9 Comment = Teletrust attribute Description = retrieveIfAllowed OID = 1 3 36 8 3 10 Comment = Teletrust attribute Description = requestedCertificate # The following are left in German because there's no clear # equivalent for many of the terms in English. Tut mir sorry. # (Note that they actually genderise the OIDs, which is quite # bizarre since they're simply role identifiers. Being # courteous, they let the, um, female OIDs go first). OID = 1 3 36 8 3 11 Comment = Teletrust attribute Description = namingAuthorities OID = 1 3 36 8 3 11 1 Comment = Teletrust naming authorities Description = rechtWirtschaftSteuern OID = 1 3 36 8 3 11 1 1 Comment = Teletrust ProfessionInfo Description = rechtsanwaeltin OID = 1 3 36 8 3 11 1 2 Comment = Teletrust ProfessionInfo Description = rechtsanwalt OID = 1 3 36 8 3 11 1 3 Comment = Teletrust ProfessionInfo Description = rechtsBeistand OID = 1 3 36 8 3 11 1 4 Comment = Teletrust ProfessionInfo Description = steuerBeraterin OID = 1 3 36 8 3 11 1 5 Comment = Teletrust ProfessionInfo Description = steuerBerater OID = 1 3 36 8 3 11 1 6 Comment = Teletrust ProfessionInfo Description = steuerBevollmaechtigte OID = 1 3 36 8 3 11 1 7 Comment = Teletrust ProfessionInfo Description = steuerBevollmaechtigter OID = 1 3 36 8 3 11 1 8 Comment = Teletrust ProfessionInfo Description = notarin OID = 1 3 36 8 3 11 1 9 Comment = Teletrust ProfessionInfo Description = notar OID = 1 3 36 8 3 11 1 10 Comment = Teletrust ProfessionInfo Description = notarVertreterin OID = 1 3 36 8 3 11 1 11 Comment = Teletrust ProfessionInfo Description = notarVertreter OID = 1 3 36 8 3 11 1 12 Comment = Teletrust ProfessionInfo Description = notariatsVerwalterin OID = 1 3 36 8 3 11 1 13 Comment = Teletrust ProfessionInfo Description = notariatsVerwalter OID = 1 3 36 8 3 11 1 14 Comment = Teletrust ProfessionInfo Description = wirtschaftsPrueferin OID = 1 3 36 8 3 11 1 15 Comment = Teletrust ProfessionInfo Description = wirtschaftsPruefer OID = 1 3 36 8 3 11 1 16 Comment = Teletrust ProfessionInfo Description = vereidigteBuchprueferin OID = 1 3 36 8 3 11 1 17 Comment = Teletrust ProfessionInfo Description = vereidigterBuchpruefer OID = 1 3 36 8 3 11 1 18 Comment = Teletrust ProfessionInfo Description = patentAnwaeltin OID = 1 3 36 8 3 11 1 19 Comment = Teletrust ProfessionInfo Description = patentAnwalt OID = 1 3 36 8 3 12 Comment = Teletrust OCSP attribute (obsolete) Description = certInDirSince Warning OID = 1 3 36 8 3 13 Comment = Teletrust OCSP attribute Description = certHash OID = 1 3 36 8 3 14 Comment = Teletrust attribute Description = nameAtBirth OID = 1 3 36 8 3 15 Comment = Teletrust attribute Description = additionalInformation OID = 1 3 36 8 4 1 Comment = Teletrust OtherName attribute Description = personalData OID = 1 3 36 8 4 8 Comment = Teletrust attribute certificate attribute Description = restriction OID = 1 3 36 8 5 1 1 1 Comment = Teletrust signature algorithm Description = rsaIndicateSHA1 OID = 1 3 36 8 5 1 1 2 Comment = Teletrust signature algorithm Description = rsaIndicateRIPEMD160 OID = 1 3 36 8 5 1 1 3 Comment = Teletrust signature algorithm Description = rsaWithSHA1 OID = 1 3 36 8 5 1 1 4 Comment = Teletrust signature algorithm Description = rsaWithRIPEMD160 OID = 1 3 36 8 5 1 2 1 Comment = Teletrust signature algorithm Description = dsaExtended OID = 1 3 36 8 5 1 2 2 Comment = Teletrust signature algorithm Description = dsaWithRIPEMD160 OID = 1 3 36 8 6 1 Comment = Teletrust signature attributes Description = cert OID = 1 3 36 8 6 2 Comment = Teletrust signature attributes Description = certRef OID = 1 3 36 8 6 3 Comment = Teletrust signature attributes Description = attrCert OID = 1 3 36 8 6 4 Comment = Teletrust signature attributes Description = attrRef OID = 1 3 36 8 6 5 Comment = Teletrust signature attributes Description = fileName OID = 1 3 36 8 6 6 Comment = Teletrust signature attributes Description = storageTime OID = 1 3 36 8 6 7 Comment = Teletrust signature attributes Description = fileSize OID = 1 3 36 8 6 8 Comment = Teletrust signature attributes Description = location OID = 1 3 36 8 6 9 Comment = Teletrust signature attributes Description = sigNumber OID = 1 3 36 8 6 10 Comment = Teletrust signature attributes Description = autoGen OID = 1 3 36 8 7 1 1 Comment = Teletrust presentation types Description = ptAdobeILL OID = 1 3 36 8 7 1 2 Comment = Teletrust presentation types Description = ptAmiPro OID = 1 3 36 8 7 1 3 Comment = Teletrust presentation types Description = ptAutoCAD OID = 1 3 36 8 7 1 4 Comment = Teletrust presentation types Description = ptBinary OID = 1 3 36 8 7 1 5 Comment = Teletrust presentation types Description = ptBMP OID = 1 3 36 8 7 1 6 Comment = Teletrust presentation types Description = ptCGM OID = 1 3 36 8 7 1 7 Comment = Teletrust presentation types Description = ptCorelCRT OID = 1 3 36 8 7 1 8 Comment = Teletrust presentation types Description = ptCorelDRW OID = 1 3 36 8 7 1 9 Comment = Teletrust presentation types Description = ptCorelEXC OID = 1 3 36 8 7 1 10 Comment = Teletrust presentation types Description = ptCorelPHT OID = 1 3 36 8 7 1 11 Comment = Teletrust presentation types Description = ptDraw OID = 1 3 36 8 7 1 12 Comment = Teletrust presentation types Description = ptDVI OID = 1 3 36 8 7 1 13 Comment = Teletrust presentation types Description = ptEPS OID = 1 3 36 8 7 1 14 Comment = Teletrust presentation types Description = ptExcel OID = 1 3 36 8 7 1 15 Comment = Teletrust presentation types Description = ptGEM OID = 1 3 36 8 7 1 16 Comment = Teletrust presentation types Description = ptGIF OID = 1 3 36 8 7 1 17 Comment = Teletrust presentation types Description = ptHPGL OID = 1 3 36 8 7 1 18 Comment = Teletrust presentation types Description = ptJPEG OID = 1 3 36 8 7 1 19 Comment = Teletrust presentation types Description = ptKodak OID = 1 3 36 8 7 1 20 Comment = Teletrust presentation types Description = ptLaTeX OID = 1 3 36 8 7 1 21 Comment = Teletrust presentation types Description = ptLotus OID = 1 3 36 8 7 1 22 Comment = Teletrust presentation types Description = ptLotusPIC OID = 1 3 36 8 7 1 23 Comment = Teletrust presentation types Description = ptMacPICT OID = 1 3 36 8 7 1 24 Comment = Teletrust presentation types Description = ptMacWord OID = 1 3 36 8 7 1 25 Comment = Teletrust presentation types Description = ptMSWfD OID = 1 3 36 8 7 1 26 Comment = Teletrust presentation types Description = ptMSWord OID = 1 3 36 8 7 1 27 Comment = Teletrust presentation types Description = ptMSWord2 OID = 1 3 36 8 7 1 28 Comment = Teletrust presentation types Description = ptMSWord6 OID = 1 3 36 8 7 1 29 Comment = Teletrust presentation types Description = ptMSWord8 OID = 1 3 36 8 7 1 30 Comment = Teletrust presentation types Description = ptPDF OID = 1 3 36 8 7 1 31 Comment = Teletrust presentation types Description = ptPIF OID = 1 3 36 8 7 1 32 Comment = Teletrust presentation types Description = ptPostscript OID = 1 3 36 8 7 1 33 Comment = Teletrust presentation types Description = ptRTF OID = 1 3 36 8 7 1 34 Comment = Teletrust presentation types Description = ptSCITEX OID = 1 3 36 8 7 1 35 Comment = Teletrust presentation types Description = ptTAR OID = 1 3 36 8 7 1 36 Comment = Teletrust presentation types Description = ptTarga OID = 1 3 36 8 7 1 37 Comment = Teletrust presentation types Description = ptTeX OID = 1 3 36 8 7 1 38 Comment = Teletrust presentation types Description = ptText OID = 1 3 36 8 7 1 39 Comment = Teletrust presentation types Description = ptTIFF OID = 1 3 36 8 7 1 40 Comment = Teletrust presentation types Description = ptTIFF-FC OID = 1 3 36 8 7 1 41 Comment = Teletrust presentation types Description = ptUID OID = 1 3 36 8 7 1 42 Comment = Teletrust presentation types Description = ptUUEncode OID = 1 3 36 8 7 1 43 Comment = Teletrust presentation types Description = ptWMF OID = 1 3 36 8 7 1 44 Comment = Teletrust presentation types Description = ptWordPerfect OID = 1 3 36 8 7 1 45 Comment = Teletrust presentation types Description = ptWPGrph # Thawte OID = 1 3 101 1 4 Comment = Thawte Description = thawte-ce OID = 1 3 101 1 4 1 Comment = Thawte certificate extension Description = strongExtranet # Symantec, who seem to have taken over the Thawte arc via Verisign. OID = 1 3 101 110 Comment = ECDH 25519 key agreement algorithm Description = curveX25519 OID = 1 3 101 111 Comment = ECDH 448 key agreement algorithm Description = curveX448 OID = 1 3 101 112 Comment = EdDSA 25519 signature algorithm Description = curveEd25519 OID = 1 3 101 113 Comment = EdDSA 448 signature algorithm Description = curveEd448 OID = 1 3 101 114 Comment = EdDSA 25519 pre-hash signature algorithm Description = curveEd25519ph OID = 1 3 101 115 Comment = EdDSA 448 pre-hash signature algorithm Description = curveEd448ph # SECG (Standards for Efficient Cryptography Group), who are just # Certicom "All your curves are belong to us" named elliptic curves OID = 1 3 132 0 1 Comment = SECG (Certicom) named elliptic curve Description = sect163k1 OID = 1 3 132 0 2 Comment = SECG (Certicom) named elliptic curve Description = sect163r1 OID = 1 3 132 0 3 Comment = SECG (Certicom) named elliptic curve Description = sect239k1 OID = 1 3 132 0 4 Comment = SECG (Certicom) named elliptic curve Description = sect113r1 OID = 1 3 132 0 5 Comment = SECG (Certicom) named elliptic curve Description = sect113r2 OID = 1 3 132 0 6 Comment = SECG (Certicom) named elliptic curve Description = secp112r1 OID = 1 3 132 0 7 Comment = SECG (Certicom) named elliptic curve Description = secp112r2 OID = 1 3 132 0 8 Comment = SECG (Certicom) named elliptic curve Description = secp160r1 OID = 1 3 132 0 9 Comment = SECG (Certicom) named elliptic curve Description = secp160k1 OID = 1 3 132 0 10 Comment = SECG (Certicom) named elliptic curve Description = secp256k1 OID = 1 3 132 0 15 Comment = SECG (Certicom) named elliptic curve Description = sect163r2 OID = 1 3 132 0 16 Comment = SECG (Certicom) named elliptic curve Description = sect283k1 OID = 1 3 132 0 17 Comment = SECG (Certicom) named elliptic curve Description = sect283r1 OID = 1 3 132 0 22 Comment = SECG (Certicom) named elliptic curve Description = sect131r1 OID = 1 3 132 0 23 Comment = SECG (Certicom) named elliptic curve Description = sect131r2 OID = 1 3 132 0 24 Comment = SECG (Certicom) named elliptic curve Description = sect193r1 OID = 1 3 132 0 25 Comment = SECG (Certicom) named elliptic curve Description = sect193r2 OID = 1 3 132 0 26 Comment = SECG (Certicom) named elliptic curve Description = sect233k1 OID = 1 3 132 0 27 Comment = SECG (Certicom) named elliptic curve Description = sect233r1 OID = 1 3 132 0 28 Comment = SECG (Certicom) named elliptic curve Description = secp128r1 OID = 1 3 132 0 29 Comment = SECG (Certicom) named elliptic curve Description = secp128r2 OID = 1 3 132 0 30 Comment = SECG (Certicom) named elliptic curve Description = secp160r2 OID = 1 3 132 0 31 Comment = SECG (Certicom) named elliptic curve Description = secp192k1 OID = 1 3 132 0 32 Comment = SECG (Certicom) named elliptic curve Description = secp224k1 OID = 1 3 132 0 33 Comment = SECG (Certicom) named elliptic curve Description = secp224r1 OID = 1 3 132 0 34 Comment = SECG (Certicom) named elliptic curve Description = secp384r1 OID = 1 3 132 0 35 Comment = SECG (Certicom) named elliptic curve Description = secp521r1 OID = 1 3 132 0 36 Comment = SECG (Certicom) named elliptic curve Description = sect409k1 OID = 1 3 132 0 37 Comment = SECG (Certicom) named elliptic curve Description = sect409r1 OID = 1 3 132 0 38 Comment = SECG (Certicom) named elliptic curve Description = sect571k1 OID = 1 3 132 0 39 Comment = SECG (Certicom) named elliptic curve Description = sect571r1 OID = 1 3 132 1 11 1 Comment = SECG (Certicom) elliptic curve key agreement Description = ecdhX963KDF-SHA256 OID = 1 3 132 1 11 2 Comment = SECG (Certicom) elliptic curve key agreement Description = ecdhX963KDF-SHA384 OID = 1 3 132 1 11 3 Comment = SECG (Certicom) elliptic curve key agreement Description = ecdhX963KDF-SHA512 # X9.44 OID = 1 3 133 16 840 9 44 Comment = X9.44 Description = x944 OID = 1 3 133 16 840 9 44 1 Comment = X9.44 Description = x944Components OID = 1 3 133 16 840 9 44 1 1 Comment = X9.44 Description = x944Kdf2 OID = 1 3 133 16 840 9 44 1 2 Comment = X9.44 Description = x944Kdf3 # X9.84 OID = 1 3 133 16 840 9 84 Comment = X9.84 Description = x984 OID = 1 3 133 16 840 9 84 0 Comment = X9.84 Description = x984Module OID = 1 3 133 16 840 9 84 0 1 Comment = X9.84 Module Description = x984Biometrics OID = 1 3 133 16 840 9 84 0 2 Comment = X9.84 Module Description = x984CMS OID = 1 3 133 16 840 9 84 0 3 Comment = X9.84 Module Description = x984Identifiers OID = 1 3 133 16 840 9 84 1 Comment = X9.84 Description = x984Biometric OID = 1 3 133 16 840 9 84 1 0 Comment = X9.84 Biometric Description = biometricUnknownType OID = 1 3 133 16 840 9 84 1 1 Comment = X9.84 Biometric Description = biometricBodyOdor OID = 1 3 133 16 840 9 84 1 2 Comment = X9.84 Biometric Description = biometricDNA OID = 1 3 133 16 840 9 84 1 3 Comment = X9.84 Biometric Description = biometricEarShape OID = 1 3 133 16 840 9 84 1 4 Comment = X9.84 Biometric Description = biometricFacialFeatures OID = 1 3 133 16 840 9 84 1 5 Comment = X9.84 Biometric Description = biometricFingerImage OID = 1 3 133 16 840 9 84 1 6 Comment = X9.84 Biometric Description = biometricFingerGeometry OID = 1 3 133 16 840 9 84 1 7 Comment = X9.84 Biometric Description = biometricHandGeometry OID = 1 3 133 16 840 9 84 1 8 Comment = X9.84 Biometric Description = biometricIrisFeatures OID = 1 3 133 16 840 9 84 1 9 Comment = X9.84 Biometric Description = biometricKeystrokeDynamics OID = 1 3 133 16 840 9 84 1 10 Comment = X9.84 Biometric Description = biometricPalm OID = 1 3 133 16 840 9 84 1 11 Comment = X9.84 Biometric Description = biometricRetina OID = 1 3 133 16 840 9 84 1 12 Comment = X9.84 Biometric Description = biometricSignature OID = 1 3 133 16 840 9 84 1 13 Comment = X9.84 Biometric Description = biometricSpeechPattern OID = 1 3 133 16 840 9 84 1 14 Comment = X9.84 Biometric Description = biometricThermalImage OID = 1 3 133 16 840 9 84 1 15 Comment = X9.84 Biometric Description = biometricVeinPattern OID = 1 3 133 16 840 9 84 1 16 Comment = X9.84 Biometric Description = biometricThermalFaceImage OID = 1 3 133 16 840 9 84 1 17 Comment = X9.84 Biometric Description = biometricThermalHandImage OID = 1 3 133 16 840 9 84 1 18 Comment = X9.84 Biometric Description = biometricLipMovement OID = 1 3 133 16 840 9 84 1 19 Comment = X9.84 Biometric Description = biometricGait OID = 1 3 133 16 840 9 84 3 Comment = X9.84 Description = x984MatchingMethod OID = 1 3 133 16 840 9 84 4 Comment = X9.84 Description = x984FormatOwner OID = 1 3 133 16 840 9 84 4 0 Comment = X9.84 Format Owner Description = x984CbeffOwner OID = 1 3 133 16 840 9 84 4 1 Comment = X9.84 Format Owner Description = x984IbiaOwner OID = 1 3 133 16 840 9 84 4 1 1 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerSAFLINK OID = 1 3 133 16 840 9 84 4 1 2 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerBioscrypt OID = 1 3 133 16 840 9 84 4 1 3 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerVisionics OID = 1 3 133 16 840 9 84 4 1 4 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerInfineonTechnologiesAG OID = 1 3 133 16 840 9 84 4 1 5 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerIridianTechnologies OID = 1 3 133 16 840 9 84 4 1 6 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerVeridicom OID = 1 3 133 16 840 9 84 4 1 7 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerCyberSIGN OID = 1 3 133 16 840 9 84 4 1 8 Comment = X9.84 IBIA Format Owner Description = ibiaOwnereCryp OID = 1 3 133 16 840 9 84 4 1 9 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerFingerprintCardsAB OID = 1 3 133 16 840 9 84 4 1 10 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerSecuGen OID = 1 3 133 16 840 9 84 4 1 11 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerPreciseBiometric OID = 1 3 133 16 840 9 84 4 1 12 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerIdentix OID = 1 3 133 16 840 9 84 4 1 13 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerDERMALOG OID = 1 3 133 16 840 9 84 4 1 14 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerLOGICO OID = 1 3 133 16 840 9 84 4 1 15 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerNIST OID = 1 3 133 16 840 9 84 4 1 16 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerA3Vision OID = 1 3 133 16 840 9 84 4 1 17 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerNEC OID = 1 3 133 16 840 9 84 4 1 18 Comment = X9.84 IBIA Format Owner Description = ibiaOwnerSTMicroelectronics # X.520. X.500v4 added encrypted versions of most of these attributes # at n+2 (i.e. foo = 2 4 5 1, encryptedFoo = 2 4 5 1 2), this smells # like a horrible kludge for something and probably isn't used, so we # don't define them all here. OID = 2 5 4 0 Comment = X.520 DN component Description = objectClass OID = 2 5 4 1 Comment = X.520 DN component Description = aliasedEntryName OID = 2 5 4 2 Comment = X.520 DN component Description = knowledgeInformation OID = 2 5 4 3 Comment = X.520 DN component Description = commonName OID = 2 5 4 4 Comment = X.520 DN component Description = surname OID = 2 5 4 5 Comment = X.520 DN component Description = serialNumber OID = 2 5 4 6 Comment = X.520 DN component Description = countryName OID = 2 5 4 7 Comment = X.520 DN component Description = localityName OID = 2 5 4 7 1 Comment = X.520 DN component Description = collectiveLocalityName OID = 2 5 4 8 Comment = X.520 DN component Description = stateOrProvinceName OID = 2 5 4 8 1 Comment = X.520 DN component Description = collectiveStateOrProvinceName OID = 2 5 4 9 Comment = X.520 DN component Description = streetAddress OID = 2 5 4 9 1 Comment = X.520 DN component Description = collectiveStreetAddress OID = 2 5 4 10 Comment = X.520 DN component Description = organizationName OID = 2 5 4 10 1 Comment = X.520 DN component Description = collectiveOrganizationName OID = 2 5 4 11 Comment = X.520 DN component Description = organizationalUnitName OID = 2 5 4 11 1 Comment = X.520 DN component Description = collectiveOrganizationalUnitName OID = 2 5 4 12 Comment = X.520 DN component Description = title OID = 2 5 4 13 Comment = X.520 DN component Description = description OID = 2 5 4 14 Comment = X.520 DN component Description = searchGuide OID = 2 5 4 15 Comment = X.520 DN component Description = businessCategory OID = 2 5 4 16 Comment = X.520 DN component Description = postalAddress OID = 2 5 4 16 1 Comment = X.520 DN component Description = collectivePostalAddress OID = 2 5 4 17 Comment = X.520 DN component Description = postalCode OID = 2 5 4 17 1 Comment = X.520 DN component Description = collectivePostalCode OID = 2 5 4 18 Comment = X.520 DN component Description = postOfficeBox OID = 2 5 4 18 1 Comment = X.520 DN component Description = collectivePostOfficeBox OID = 2 5 4 19 Comment = X.520 DN component Description = physicalDeliveryOfficeName OID = 2 5 4 19 1 Comment = X.520 DN component Description = collectivePhysicalDeliveryOfficeName OID = 2 5 4 20 Comment = X.520 DN component Description = telephoneNumber OID = 2 5 4 20 1 Comment = X.520 DN component Description = collectiveTelephoneNumber OID = 2 5 4 21 Comment = X.520 DN component Description = telexNumber OID = 2 5 4 21 1 Comment = X.520 DN component Description = collectiveTelexNumber OID = 2 5 4 22 Comment = X.520 DN component Description = teletexTerminalIdentifier OID = 2 5 4 22 1 Comment = X.520 DN component Description = collectiveTeletexTerminalIdentifier OID = 2 5 4 23 Comment = X.520 DN component Description = facsimileTelephoneNumber OID = 2 5 4 23 1 Comment = X.520 DN component Description = collectiveFacsimileTelephoneNumber OID = 2 5 4 24 Comment = X.520 DN component Description = x121Address OID = 2 5 4 25 Comment = X.520 DN component Description = internationalISDNNumber OID = 2 5 4 25 1 Comment = X.520 DN component Description = collectiveInternationalISDNNumber OID = 2 5 4 26 Comment = X.520 DN component Description = registeredAddress OID = 2 5 4 27 Comment = X.520 DN component Description = destinationIndicator OID = 2 5 4 28 Comment = X.520 DN component Description = preferredDeliveryMehtod OID = 2 5 4 29 Comment = X.520 DN component Description = presentationAddress OID = 2 5 4 30 Comment = X.520 DN component Description = supportedApplicationContext OID = 2 5 4 31 Comment = X.520 DN component Description = member OID = 2 5 4 32 Comment = X.520 DN component Description = owner OID = 2 5 4 33 Comment = X.520 DN component Description = roleOccupant OID = 2 5 4 34 Comment = X.520 DN component Description = seeAlso OID = 2 5 4 35 Comment = X.520 DN component Description = userPassword OID = 2 5 4 36 Comment = X.520 DN component Description = userCertificate OID = 2 5 4 37 Comment = X.520 DN component Description = caCertificate OID = 2 5 4 38 Comment = X.520 DN component Description = authorityRevocationList OID = 2 5 4 39 Comment = X.520 DN component Description = certificateRevocationList OID = 2 5 4 40 Comment = X.520 DN component Description = crossCertificatePair OID = 2 5 4 41 Comment = X.520 DN component Description = name OID = 2 5 4 42 Comment = X.520 DN component Description = givenName OID = 2 5 4 43 Comment = X.520 DN component Description = initials OID = 2 5 4 44 Comment = X.520 DN component Description = generationQualifier OID = 2 5 4 45 Comment = X.520 DN component Description = uniqueIdentifier OID = 2 5 4 46 Comment = X.520 DN component Description = dnQualifier OID = 2 5 4 47 Comment = X.520 DN component Description = enhancedSearchGuide OID = 2 5 4 48 Comment = X.520 DN component Description = protocolInformation OID = 2 5 4 49 Comment = X.520 DN component Description = distinguishedName OID = 2 5 4 50 Comment = X.520 DN component Description = uniqueMember OID = 2 5 4 51 Comment = X.520 DN component Description = houseIdentifier OID = 2 5 4 52 Comment = X.520 DN component Description = supportedAlgorithms OID = 2 5 4 53 Comment = X.520 DN component Description = deltaRevocationList OID = 2 5 4 54 Comment = X.520 DN component Description = dmdName OID = 2 5 4 55 Comment = X.520 DN component Description = clearance OID = 2 5 4 56 Comment = X.520 DN component Description = defaultDirQop OID = 2 5 4 57 Comment = X.520 DN component Description = attributeIntegrityInfo OID = 2 5 4 58 Comment = X.520 DN component Description = attributeCertificate OID = 2 5 4 59 Comment = X.520 DN component Description = attributeCertificateRevocationList OID = 2 5 4 60 Comment = X.520 DN component Description = confKeyInfo OID = 2 5 4 61 Comment = X.520 DN component Description = aACertificate OID = 2 5 4 62 Comment = X.520 DN component Description = attributeDescriptorCertificate OID = 2 5 4 63 Comment = X.520 DN component Description = attributeAuthorityRevocationList OID = 2 5 4 64 Comment = X.520 DN component Description = familyInformation OID = 2 5 4 65 Comment = X.520 DN component Description = pseudonym OID = 2 5 4 66 Comment = X.520 DN component Description = communicationsService OID = 2 5 4 67 Comment = X.520 DN component Description = communicationsNetwork OID = 2 5 4 68 Comment = X.520 DN component Description = certificationPracticeStmt OID = 2 5 4 69 Comment = X.520 DN component Description = certificatePolicy OID = 2 5 4 70 Comment = X.520 DN component Description = pkiPath OID = 2 5 4 71 Comment = X.520 DN component Description = privPolicy OID = 2 5 4 72 Comment = X.520 DN component Description = role OID = 2 5 4 73 Comment = X.520 DN component Description = delegationPath OID = 2 5 4 74 Comment = X.520 DN component Description = protPrivPolicy OID = 2 5 4 75 Comment = X.520 DN component Description = xMLPrivilegeInfo OID = 2 5 4 76 Comment = X.520 DN component Description = xmlPrivPolicy OID = 2 5 4 82 Comment = X.520 DN component Description = permission # X.500 object classes OID = 2 5 6 0 Comment = X.520 objectClass Description = top OID = 2 5 6 1 Comment = X.520 objectClass Description = alias OID = 2 5 6 2 Comment = X.520 objectClass Description = country OID = 2 5 6 3 Comment = X.520 objectClass Description = locality OID = 2 5 6 4 Comment = X.520 objectClass Description = organization OID = 2 5 6 5 Comment = X.520 objectClass Description = organizationalUnit OID = 2 5 6 6 Comment = X.520 objectClass Description = person OID = 2 5 6 7 Comment = X.520 objectClass Description = organizationalPerson OID = 2 5 6 8 Comment = X.520 objectClass Description = organizationalRole OID = 2 5 6 9 Comment = X.520 objectClass Description = groupOfNames OID = 2 5 6 10 Comment = X.520 objectClass Description = residentialPerson OID = 2 5 6 11 Comment = X.520 objectClass Description = applicationProcess OID = 2 5 6 12 Comment = X.520 objectClass Description = applicationEntity OID = 2 5 6 13 Comment = X.520 objectClass Description = dSA OID = 2 5 6 14 Comment = X.520 objectClass Description = device OID = 2 5 6 15 Comment = X.520 objectClass Description = strongAuthenticationUser OID = 2 5 6 16 Comment = X.520 objectClass Description = certificateAuthority OID = 2 5 6 17 Comment = X.520 objectClass Description = groupOfUniqueNames OID = 2 5 6 21 Comment = X.520 objectClass Description = pkiUser OID = 2 5 6 22 Comment = X.520 objectClass Description = pkiCA # X.500 algorithms OID = 2 5 8 1 1 Comment = X.500 algorithms. Ambiguous, since no padding rules specified Description = rsa Warning # X.509. Some of the smaller values are from early X.509 drafts with # cross-pollination from X9.55 and are now deprecated. Alternative OIDs are # marked if these are known. In some cases there are multiple generations of # superseded OIDs OID = 2 5 29 1 Comment = X.509 extension. Deprecated, use 2 5 29 35 instead Description = authorityKeyIdentifier Warning OID = 2 5 29 2 Comment = X.509 extension. Obsolete, use keyUsage/extKeyUsage instead Description = keyAttributes Warning OID = 2 5 29 3 Comment = X.509 extension. Deprecated, use 2 5 29 32 instead Description = certificatePolicies Warning OID = 2 5 29 4 Comment = X.509 extension. Obsolete, use keyUsage/extKeyUsage instead Description = keyUsageRestriction Warning OID = 2 5 29 5 Comment = X.509 extension. Deprecated, use 2 5 29 33 instead Description = policyMapping Warning OID = 2 5 29 6 Comment = X.509 extension. Obsolete, use nameConstraints instead Description = subtreesConstraint Warning OID = 2 5 29 7 Comment = X.509 extension. Deprecated, use 2 5 29 17 instead Description = subjectAltName Warning OID = 2 5 29 8 Comment = X.509 extension. Deprecated, use 2 5 29 18 instead Description = issuerAltName Warning OID = 2 5 29 9 Comment = X.509 extension Description = subjectDirectoryAttributes OID = 2 5 29 10 Comment = X.509 extension. Deprecated, use 2 5 29 19 instead Description = basicConstraints Warning OID = 2 5 29 11 Comment = X.509 extension. Deprecated, use 2 5 29 30 instead Description = nameConstraints Warning OID = 2 5 29 12 Comment = X.509 extension. Deprecated, use 2 5 29 36 instead Description = policyConstraints Warning OID = 2 5 29 13 Comment = X.509 extension. Deprecated, use 2 5 29 19 instead Description = basicConstraints Warning OID = 2 5 29 14 Comment = X.509 extension Description = subjectKeyIdentifier OID = 2 5 29 15 Comment = X.509 extension Description = keyUsage OID = 2 5 29 16 Comment = X.509 extension Description = privateKeyUsagePeriod OID = 2 5 29 17 Comment = X.509 extension Description = subjectAltName OID = 2 5 29 18 Comment = X.509 extension Description = issuerAltName OID = 2 5 29 19 Comment = X.509 extension Description = basicConstraints OID = 2 5 29 20 Comment = X.509 extension Description = cRLNumber OID = 2 5 29 21 Comment = X.509 extension Description = cRLReason OID = 2 5 29 22 Comment = X.509 extension. Deprecated, alternative OID uncertain Description = expirationDate Warning OID = 2 5 29 23 Comment = X.509 extension Description = instructionCode OID = 2 5 29 24 Comment = X.509 extension Description = invalidityDate OID = 2 5 29 25 Comment = X.509 extension. Deprecated, use 2 5 29 31 instead Description = cRLDistributionPoints Warning OID = 2 5 29 26 Comment = X.509 extension. Deprecated, use 2 5 29 28 instead Description = issuingDistributionPoint Warning OID = 2 5 29 27 Comment = X.509 extension Description = deltaCRLIndicator OID = 2 5 29 28 Comment = X.509 extension Description = issuingDistributionPoint OID = 2 5 29 29 Comment = X.509 extension Description = certificateIssuer OID = 2 5 29 30 Comment = X.509 extension Description = nameConstraints OID = 2 5 29 31 Comment = X.509 extension Description = cRLDistributionPoints OID = 2 5 29 32 Comment = X.509 extension Description = certificatePolicies OID = 2 5 29 32 0 Comment = X.509 certificate policy Description = anyPolicy OID = 2 5 29 33 Comment = X.509 extension Description = policyMappings OID = 2 5 29 34 Comment = X.509 extension. Deprecated, use 2 5 29 36 instead Description = policyConstraints Warning OID = 2 5 29 35 Comment = X.509 extension Description = authorityKeyIdentifier OID = 2 5 29 36 Comment = X.509 extension Description = policyConstraints OID = 2 5 29 37 Comment = X.509 extension Description = extKeyUsage OID = 2 5 29 37 0 Comment = X.509 extended key usage Description = anyExtendedKeyUsage OID = 2 5 29 38 Comment = X.509 extension Description = authorityAttributeIdentifier OID = 2 5 29 39 Comment = X.509 extension Description = roleSpecCertIdentifier OID = 2 5 29 40 Comment = X.509 extension Description = cRLStreamIdentifier OID = 2 5 29 41 Comment = X.509 extension Description = basicAttConstraints OID = 2 5 29 42 Comment = X.509 extension Description = delegatedNameConstraints OID = 2 5 29 43 Comment = X.509 extension Description = timeSpecification OID = 2 5 29 44 Comment = X.509 extension Description = cRLScope OID = 2 5 29 45 Comment = X.509 extension Description = statusReferrals OID = 2 5 29 46 Comment = X.509 extension Description = freshestCRL OID = 2 5 29 47 Comment = X.509 extension Description = orderedList OID = 2 5 29 48 Comment = X.509 extension Description = attributeDescriptor OID = 2 5 29 49 Comment = X.509 extension Description = userNotice OID = 2 5 29 50 Comment = X.509 extension Description = sOAIdentifier OID = 2 5 29 51 Comment = X.509 extension Description = baseUpdateTime OID = 2 5 29 52 Comment = X.509 extension Description = acceptableCertPolicies OID = 2 5 29 53 Comment = X.509 extension Description = deltaInfo OID = 2 5 29 54 Comment = X.509 extension Description = inhibitAnyPolicy OID = 2 5 29 55 Comment = X.509 extension Description = targetInformation OID = 2 5 29 56 Comment = X.509 extension Description = noRevAvail OID = 2 5 29 57 Comment = X.509 extension Description = acceptablePrivilegePolicies OID = 2 5 29 58 Comment = X.509 extension Description = toBeRevoked OID = 2 5 29 59 Comment = X.509 extension Description = revokedGroups OID = 2 5 29 60 Comment = X.509 extension Description = expiredCertsOnCRL OID = 2 5 29 61 Comment = X.509 extension Description = indirectIssuer OID = 2 5 29 62 Comment = X.509 extension Description = noAssertion OID = 2 5 29 63 Comment = X.509 extension Description = aAissuingDistributionPoint OID = 2 5 29 64 Comment = X.509 extension Description = issuedOnBehalfOf OID = 2 5 29 65 Comment = X.509 extension Description = singleUse OID = 2 5 29 66 Comment = X.509 extension Description = groupAC OID = 2 5 29 67 Comment = X.509 extension Description = allowedAttAss OID = 2 5 29 68 Comment = X.509 extension Description = attributeMappings OID = 2 5 29 69 Comment = X.509 extension Description = holderNameConstraints # Spanish Government? OID = 2 16 724 1 2 2 4 1 Comment = Spanish Government PKI? Description = personalDataInfo # DMS OID = 2 16 840 1 101 2 1 1 1 Comment = SDN.700 INFOSEC algorithms Description = sdnsSignatureAlgorithm OID = 2 16 840 1 101 2 1 1 2 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1. Description = fortezzaSignatureAlgorithm OID = 2 16 840 1 101 2 1 1 3 Comment = SDN.700 INFOSEC algorithms Description = sdnsConfidentialityAlgorithm OID = 2 16 840 1 101 2 1 1 4 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm Description = fortezzaConfidentialityAlgorithm OID = 2 16 840 1 101 2 1 1 5 Comment = SDN.700 INFOSEC algorithms Description = sdnsIntegrityAlgorithm OID = 2 16 840 1 101 2 1 1 6 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm Description = fortezzaIntegrityAlgorithm OID = 2 16 840 1 101 2 1 1 7 Comment = SDN.700 INFOSEC algorithms Description = sdnsTokenProtectionAlgorithm OID = 2 16 840 1 101 2 1 1 8 Comment = SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm Description = fortezzaTokenProtectionAlgorithm OID = 2 16 840 1 101 2 1 1 9 Comment = SDN.700 INFOSEC algorithms Description = sdnsKeyManagementAlgorithm OID = 2 16 840 1 101 2 1 1 10 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm Description = fortezzaKeyManagementAlgorithm OID = 2 16 840 1 101 2 1 1 11 Comment = SDN.700 INFOSEC algorithms Description = sdnsKMandSigAlgorithm OID = 2 16 840 1 101 2 1 1 12 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm Description = fortezzaKMandSigAlgorithm OID = 2 16 840 1 101 2 1 1 13 Comment = SDN.700 INFOSEC algorithms Description = suiteASignatureAlgorithm OID = 2 16 840 1 101 2 1 1 14 Comment = SDN.700 INFOSEC algorithms Description = suiteAConfidentialityAlgorithm OID = 2 16 840 1 101 2 1 1 15 Comment = SDN.700 INFOSEC algorithms Description = suiteAIntegrityAlgorithm OID = 2 16 840 1 101 2 1 1 16 Comment = SDN.700 INFOSEC algorithms Description = suiteATokenProtectionAlgorithm OID = 2 16 840 1 101 2 1 1 17 Comment = SDN.700 INFOSEC algorithms Description = suiteAKeyManagementAlgorithm OID = 2 16 840 1 101 2 1 1 18 Comment = SDN.700 INFOSEC algorithms Description = suiteAKMandSigAlgorithm OID = 2 16 840 1 101 2 1 1 19 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm Description = fortezzaUpdatedSigAlgorithm OID = 2 16 840 1 101 2 1 1 20 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms Description = fortezzaKMandUpdSigAlgorithms OID = 2 16 840 1 101 2 1 1 21 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm Description = fortezzaUpdatedIntegAlgorithm OID = 2 16 840 1 101 2 1 1 22 Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm Description = keyExchangeAlgorithm OID = 2 16 840 1 101 2 1 1 23 Comment = SDN.700 INFOSEC algorithms Description = fortezzaWrap80Algorithm OID = 2 16 840 1 101 2 1 1 24 Comment = SDN.700 INFOSEC algorithms Description = kEAKeyEncryptionAlgorithm OID = 2 16 840 1 101 2 1 2 1 Comment = SDN.700 INFOSEC format Description = rfc822MessageFormat OID = 2 16 840 1 101 2 1 2 2 Comment = SDN.700 INFOSEC format Description = emptyContent OID = 2 16 840 1 101 2 1 2 3 Comment = SDN.700 INFOSEC format Description = cspContentType OID = 2 16 840 1 101 2 1 2 42 Comment = SDN.700 INFOSEC format Description = mspRev3ContentType OID = 2 16 840 1 101 2 1 2 48 Comment = SDN.700 INFOSEC format Description = mspContentType OID = 2 16 840 1 101 2 1 2 49 Comment = SDN.700 INFOSEC format Description = mspRekeyAgentProtocol OID = 2 16 840 1 101 2 1 2 50 Comment = SDN.700 INFOSEC format Description = mspMMP OID = 2 16 840 1 101 2 1 2 66 Comment = SDN.700 INFOSEC format Description = mspRev3-1ContentType OID = 2 16 840 1 101 2 1 2 72 Comment = SDN.700 INFOSEC format Description = forwardedMSPMessageBodyPart OID = 2 16 840 1 101 2 1 2 73 Comment = SDN.700 INFOSEC format Description = mspForwardedMessageParameters OID = 2 16 840 1 101 2 1 2 74 Comment = SDN.700 INFOSEC format Description = forwardedCSPMsgBodyPart OID = 2 16 840 1 101 2 1 2 75 Comment = SDN.700 INFOSEC format Description = cspForwardedMessageParameters OID = 2 16 840 1 101 2 1 2 76 Comment = SDN.700 INFOSEC format Description = mspMMP2 OID = 2 16 840 1 101 2 1 2 78 2 Comment = SDN.700 INFOSEC format and RFC 6032 Description = encryptedKeyPackage OID = 2 16 840 1 101 2 1 2 78 3 Comment = SDN.700 INFOSEC format and RFC 7191 Description = keyPackageReceipt OID = 2 16 840 1 101 2 1 2 78 6 Comment = SDN.700 INFOSEC format and RFC 7191 Description = keyPackageError OID = 2 16 840 1 101 2 1 3 1 Comment = SDN.700 INFOSEC policy Description = sdnsSecurityPolicy OID = 2 16 840 1 101 2 1 3 2 Comment = SDN.700 INFOSEC policy Description = sdnsPRBAC OID = 2 16 840 1 101 2 1 3 3 Comment = SDN.700 INFOSEC policy Description = mosaicPRBAC OID = 2 16 840 1 101 2 1 3 10 Comment = SDN.700 INFOSEC policy Description = siSecurityPolicy OID = 2 16 840 1 101 2 1 3 10 0 Comment = SDN.700 INFOSEC policy (obsolete) Description = siNASP Warning OID = 2 16 840 1 101 2 1 3 10 1 Comment = SDN.700 INFOSEC policy (obsolete) Description = siELCO Warning OID = 2 16 840 1 101 2 1 3 10 2 Comment = SDN.700 INFOSEC policy (obsolete) Description = siTK Warning OID = 2 16 840 1 101 2 1 3 10 3 Comment = SDN.700 INFOSEC policy (obsolete) Description = siDSAP Warning OID = 2 16 840 1 101 2 1 3 10 4 Comment = SDN.700 INFOSEC policy (obsolete) Description = siSSSS Warning OID = 2 16 840 1 101 2 1 3 10 5 Comment = SDN.700 INFOSEC policy (obsolete) Description = siDNASP Warning OID = 2 16 840 1 101 2 1 3 10 6 Comment = SDN.700 INFOSEC policy (obsolete) Description = siBYEMAN Warning OID = 2 16 840 1 101 2 1 3 10 7 Comment = SDN.700 INFOSEC policy (obsolete) Description = siREL-US Warning OID = 2 16 840 1 101 2 1 3 10 8 Comment = SDN.700 INFOSEC policy (obsolete) Description = siREL-AUS Warning OID = 2 16 840 1 101 2 1 3 10 9 Comment = SDN.700 INFOSEC policy (obsolete) Description = siREL-CAN Warning OID = 2 16 840 1 101 2 1 3 10 10 Comment = SDN.700 INFOSEC policy (obsolete) Description = siREL_UK Warning OID = 2 16 840 1 101 2 1 3 10 11 Comment = SDN.700 INFOSEC policy (obsolete) Description = siREL-NZ Warning OID = 2 16 840 1 101 2 1 3 10 12 Comment = SDN.700 INFOSEC policy (obsolete) Description = siGeneric Warning OID = 2 16 840 1 101 2 1 3 11 Comment = SDN.700 INFOSEC policy Description = genser OID = 2 16 840 1 101 2 1 3 11 0 Comment = SDN.700 INFOSEC policy (obsolete) Description = genserNations Warning OID = 2 16 840 1 101 2 1 3 11 1 Comment = SDN.700 INFOSEC policy (obsolete) Description = genserComsec Warning OID = 2 16 840 1 101 2 1 3 11 2 Comment = SDN.700 INFOSEC policy (obsolete) Description = genserAcquisition Warning OID = 2 16 840 1 101 2 1 3 11 3 Comment = SDN.700 INFOSEC policy Description = genserSecurityCategories OID = 2 16 840 1 101 2 1 3 11 3 0 Comment = SDN.700 INFOSEC GENSER policy Description = genserTagSetName OID = 2 16 840 1 101 2 1 3 12 Comment = SDN.700 INFOSEC policy Description = defaultSecurityPolicy OID = 2 16 840 1 101 2 1 3 13 Comment = SDN.700 INFOSEC policy Description = capcoMarkings OID = 2 16 840 1 101 2 1 3 13 0 Comment = SDN.700 INFOSEC policy CAPCO markings Description = capcoSecurityCategories OID = 2 16 840 1 101 2 1 3 13 0 1 Comment = SDN.700 INFOSEC policy CAPCO markings Description = capcoTagSetName1 OID = 2 16 840 1 101 2 1 3 13 0 2 Comment = SDN.700 INFOSEC policy CAPCO markings Description = capcoTagSetName2 OID = 2 16 840 1 101 2 1 3 13 0 3 Comment = SDN.700 INFOSEC policy CAPCO markings Description = capcoTagSetName3 OID = 2 16 840 1 101 2 1 3 13 0 4 Comment = SDN.700 INFOSEC policy CAPCO markings Description = capcoTagSetName4 OID = 2 16 840 1 101 2 1 5 1 Comment = SDN.700 INFOSEC attributes (superseded) Description = sdnsKeyManagementCertificate Warning OID = 2 16 840 1 101 2 1 5 2 Comment = SDN.700 INFOSEC attributes (superseded) Description = sdnsUserSignatureCertificate Warning OID = 2 16 840 1 101 2 1 5 3 Comment = SDN.700 INFOSEC attributes (superseded) Description = sdnsKMandSigCertificate Warning OID = 2 16 840 1 101 2 1 5 4 Comment = SDN.700 INFOSEC attributes (superseded) Description = fortezzaKeyManagementCertificate Warning OID = 2 16 840 1 101 2 1 5 5 Comment = SDN.700 INFOSEC attributes (superseded) Description = fortezzaKMandSigCertificate Warning OID = 2 16 840 1 101 2 1 5 6 Comment = SDN.700 INFOSEC attributes (superseded) Description = fortezzaUserSignatureCertificate Warning OID = 2 16 840 1 101 2 1 5 7 Comment = SDN.700 INFOSEC attributes (superseded) Description = fortezzaCASignatureCertificate Warning OID = 2 16 840 1 101 2 1 5 8 Comment = SDN.700 INFOSEC attributes (superseded) Description = sdnsCASignatureCertificate Warning OID = 2 16 840 1 101 2 1 5 10 Comment = SDN.700 INFOSEC attributes (superseded) Description = auxiliaryVector Warning OID = 2 16 840 1 101 2 1 5 11 Comment = SDN.700 INFOSEC attributes Description = mlReceiptPolicy OID = 2 16 840 1 101 2 1 5 12 Comment = SDN.700 INFOSEC attributes Description = mlMembership OID = 2 16 840 1 101 2 1 5 13 Comment = SDN.700 INFOSEC attributes Description = mlAdministrators OID = 2 16 840 1 101 2 1 5 14 Comment = SDN.700 INFOSEC attributes Description = alid OID = 2 16 840 1 101 2 1 5 20 Comment = SDN.700 INFOSEC attributes Description = janUKMs OID = 2 16 840 1 101 2 1 5 21 Comment = SDN.700 INFOSEC attributes Description = febUKMs OID = 2 16 840 1 101 2 1 5 22 Comment = SDN.700 INFOSEC attributes Description = marUKMs OID = 2 16 840 1 101 2 1 5 23 Comment = SDN.700 INFOSEC attributes Description = aprUKMs OID = 2 16 840 1 101 2 1 5 24 Comment = SDN.700 INFOSEC attributes Description = mayUKMs OID = 2 16 840 1 101 2 1 5 25 Comment = SDN.700 INFOSEC attributes Description = junUKMs OID = 2 16 840 1 101 2 1 5 26 Comment = SDN.700 INFOSEC attributes Description = julUKMs OID = 2 16 840 1 101 2 1 5 27 Comment = SDN.700 INFOSEC attributes Description = augUKMs OID = 2 16 840 1 101 2 1 5 28 Comment = SDN.700 INFOSEC attributes Description = sepUKMs OID = 2 16 840 1 101 2 1 5 29 Comment = SDN.700 INFOSEC attributes Description = octUKMs OID = 2 16 840 1 101 2 1 5 30 Comment = SDN.700 INFOSEC attributes Description = novUKMs OID = 2 16 840 1 101 2 1 5 31 Comment = SDN.700 INFOSEC attributes Description = decUKMs OID = 2 16 840 1 101 2 1 5 40 Comment = SDN.700 INFOSEC attributes Description = metaSDNSckl OID = 2 16 840 1 101 2 1 5 41 Comment = SDN.700 INFOSEC attributes Description = sdnsCKL OID = 2 16 840 1 101 2 1 5 42 Comment = SDN.700 INFOSEC attributes Description = metaSDNSsignatureCKL OID = 2 16 840 1 101 2 1 5 43 Comment = SDN.700 INFOSEC attributes Description = sdnsSignatureCKL OID = 2 16 840 1 101 2 1 5 44 Comment = SDN.700 INFOSEC attributes Description = sdnsCertificateRevocationList OID = 2 16 840 1 101 2 1 5 45 Comment = SDN.700 INFOSEC attributes (superseded) Description = fortezzaCertificateRevocationList Warning OID = 2 16 840 1 101 2 1 5 46 Comment = SDN.700 INFOSEC attributes Description = fortezzaCKL OID = 2 16 840 1 101 2 1 5 47 Comment = SDN.700 INFOSEC attributes Description = alExemptedAddressProcessor OID = 2 16 840 1 101 2 1 5 48 Comment = SDN.700 INFOSEC attributes (obsolete) Description = guard Warning OID = 2 16 840 1 101 2 1 5 49 Comment = SDN.700 INFOSEC attributes (obsolete) Description = algorithmsSupported Warning OID = 2 16 840 1 101 2 1 5 50 Comment = SDN.700 INFOSEC attributes (obsolete) Description = suiteAKeyManagementCertificate Warning OID = 2 16 840 1 101 2 1 5 51 Comment = SDN.700 INFOSEC attributes (obsolete) Description = suiteAKMandSigCertificate Warning OID = 2 16 840 1 101 2 1 5 52 Comment = SDN.700 INFOSEC attributes (obsolete) Description = suiteAUserSignatureCertificate Warning OID = 2 16 840 1 101 2 1 5 53 Comment = SDN.700 INFOSEC attributes Description = prbacInfo OID = 2 16 840 1 101 2 1 5 54 Comment = SDN.700 INFOSEC attributes Description = prbacCAConstraints OID = 2 16 840 1 101 2 1 5 55 Comment = SDN.700 INFOSEC attributes Description = sigOrKMPrivileges OID = 2 16 840 1 101 2 1 5 56 Comment = SDN.700 INFOSEC attributes Description = commPrivileges OID = 2 16 840 1 101 2 1 5 57 Comment = SDN.700 INFOSEC attributes Description = labeledAttribute OID = 2 16 840 1 101 2 1 5 58 Comment = SDN.700 INFOSEC attributes (obsolete) Description = policyInformationFile Warning OID = 2 16 840 1 101 2 1 5 59 Comment = SDN.700 INFOSEC attributes Description = secPolicyInformationFile OID = 2 16 840 1 101 2 1 5 60 Comment = SDN.700 INFOSEC attributes Description = cAClearanceConstraint OID = 2 16 840 1 101 2 1 5 65 Comment = SDN.700 INFOSEC attributes and RFC 7191 Description = keyPkgIdAndReceiptReq OID = 2 16 840 1 101 2 1 5 66 Comment = SDN.700 INFOSEC attributes and RFC 6032 Description = contentDecryptKeyID OID = 2 16 840 1 101 2 1 5 70 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kpCrlPointers OID = 2 16 840 1 101 2 1 5 71 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kpKeyProvinceV2 OID = 2 16 840 1 101 2 1 5 72 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kpManifest OID = 2 16 840 1 101 2 1 7 1 Comment = SDN.700 INFOSEC extensions Description = cspExtns OID = 2 16 840 1 101 2 1 7 1 0 Comment = SDN.700 INFOSEC extensions Description = cspCsExtn OID = 2 16 840 1 101 2 1 8 1 Comment = SDN.700 INFOSEC security category Description = mISSISecurityCategories OID = 2 16 840 1 101 2 1 8 2 Comment = SDN.700 INFOSEC security category Description = standardSecurityLabelPrivileges OID = 2 16 840 1 101 2 1 8 3 1 Comment = SDN.700 INFOSEC security category from RFC 7906 Description = enumeratedPermissiveAttrs OID = 2 16 840 1 101 2 1 8 3 3 Comment = SDN.700 INFOSEC security category from RFC 7906 Description = informativeAttrs OID = 2 16 840 1 101 2 1 8 3 4 Comment = SDN.700 INFOSEC security category from RFC 7906 Description = enumeratedRestrictiveAttrs OID = 2 16 840 1 101 2 1 10 1 Comment = SDN.700 INFOSEC privileges Description = sigPrivileges OID = 2 16 840 1 101 2 1 10 2 Comment = SDN.700 INFOSEC privileges Description = kmPrivileges OID = 2 16 840 1 101 2 1 10 3 Comment = SDN.700 INFOSEC privileges Description = namedTagSetPrivilege OID = 2 16 840 1 101 2 1 11 1 Comment = SDN.700 INFOSEC certificate policy Description = ukDemo OID = 2 16 840 1 101 2 1 11 2 Comment = SDN.700 INFOSEC certificate policy Description = usDODClass2 OID = 2 16 840 1 101 2 1 11 3 Comment = SDN.700 INFOSEC certificate policy Description = usMediumPilot OID = 2 16 840 1 101 2 1 11 4 Comment = SDN.700 INFOSEC certificate policy Description = usDODClass4 OID = 2 16 840 1 101 2 1 11 5 Comment = SDN.700 INFOSEC certificate policy Description = usDODClass3 OID = 2 16 840 1 101 2 1 11 6 Comment = SDN.700 INFOSEC certificate policy Description = usDODClass5 OID = 2 16 840 1 101 2 1 12 0 Comment = SDN.700 INFOSEC test objects Description = testSecurityPolicy OID = 2 16 840 1 101 2 1 12 0 1 Comment = SDN.700 INFOSEC test objects Description = tsp1 OID = 2 16 840 1 101 2 1 12 0 1 0 Comment = SDN.700 INFOSEC test objects Description = tsp1SecurityCategories OID = 2 16 840 1 101 2 1 12 0 1 0 0 Comment = SDN.700 INFOSEC test objects Description = tsp1TagSetZero OID = 2 16 840 1 101 2 1 12 0 1 0 1 Comment = SDN.700 INFOSEC test objects Description = tsp1TagSetOne OID = 2 16 840 1 101 2 1 12 0 1 0 2 Comment = SDN.700 INFOSEC test objects Description = tsp1TagSetTwo OID = 2 16 840 1 101 2 1 12 0 2 Comment = SDN.700 INFOSEC test objects Description = tsp2 OID = 2 16 840 1 101 2 1 12 0 2 0 Comment = SDN.700 INFOSEC test objects Description = tsp2SecurityCategories OID = 2 16 840 1 101 2 1 12 0 2 0 0 Comment = SDN.700 INFOSEC test objects Description = tsp2TagSetZero OID = 2 16 840 1 101 2 1 12 0 2 0 1 Comment = SDN.700 INFOSEC test objects Description = tsp2TagSetOne OID = 2 16 840 1 101 2 1 12 0 2 0 2 Comment = SDN.700 INFOSEC test objects Description = tsp2TagSetTwo # At least someone there has a sense of humour :-) OID = 2 16 840 1 101 2 1 12 0 3 Comment = SDN.700 INFOSEC test objects Description = kafka OID = 2 16 840 1 101 2 1 12 0 3 0 Comment = SDN.700 INFOSEC test objects Description = kafkaSecurityCategories OID = 2 16 840 1 101 2 1 12 0 3 0 1 Comment = SDN.700 INFOSEC test objects Description = kafkaTagSetName1 OID = 2 16 840 1 101 2 1 12 0 3 0 2 Comment = SDN.700 INFOSEC test objects Description = kafkaTagSetName2 OID = 2 16 840 1 101 2 1 12 0 3 0 3 Comment = SDN.700 INFOSEC test objects Description = kafkaTagSetName3 OID = 2 16 840 1 101 2 1 12 1 1 Comment = SDN.700 INFOSEC test objects Description = tcp1 OID = 2 16 840 1 101 2 1 13 1 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyAlgorithm OID = 2 16 840 1 101 2 1 13 3 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaTSECNomenclature OID = 2 16 840 1 101 2 1 13 5 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyDistPeriod OID = 2 16 840 1 101 2 1 13 6 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyValidityPeriod OID = 2 16 840 1 101 2 1 13 7 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyDuration OID = 2 16 840 1 101 2 1 13 11 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaSplitID OID = 2 16 840 1 101 2 1 13 12 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyPkgType OID = 2 16 840 1 101 2 1 13 13 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyPurpose OID = 2 16 840 1 101 2 1 13 14 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyUse OID = 2 16 840 1 101 2 1 13 15 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaTransportKey OID = 2 16 840 1 101 2 1 13 16 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyPkgReceiversV2 OID = 2 16 840 1 101 2 1 13 19 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaOtherCertFormats OID = 2 16 840 1 101 2 1 13 20 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaUsefulCerts OID = 2 16 840 1 101 2 1 13 21 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaKeyWrapAlgorithm OID = 2 16 840 1 101 2 1 13 22 Comment = SDN.700 INFOSEC attributes and RFC 7906 Description = kmaSigUsageV3 OID = 2 16 840 1 101 2 1 16 0 Comment = SDN.700 INFOSEC attributes and RFC 7191 Description = dn OID = 2 16 840 1 101 2 1 22 Comment = RFC 7906 key attribute error codes Description = errorCodes OID = 2 16 840 1 101 2 1 22 1 Comment = RFC 7906 key attribute error codes Description = missingKeyType OID = 2 16 840 1 101 2 1 22 2 Comment = RFC 7906 key attribute error codes Description = privacyMarkTooLong OID = 2 16 840 1 101 2 1 22 3 Comment = RFC 7906 key attribute error codes Description = unrecognizedSecurityPolicy # NIST (?) OID = 2 16 840 1 101 3 1 Comment = CSOR GAK Description = slabel Warning OID = 2 16 840 1 101 3 2 Comment = NIST Description = pki Warning OID = 2 16 840 1 101 3 2 1 Comment = NIST policies Description = NIST policyIdentifier Warning OID = 2 16 840 1 101 3 2 1 3 1 Comment = Federal Bridge CA Policy Description = fbcaRudimentaryPolicy OID = 2 16 840 1 101 3 2 1 3 2 Comment = Federal Bridge CA Policy Description = fbcaBasicPolicy OID = 2 16 840 1 101 3 2 1 3 3 Comment = Federal Bridge CA Policy Description = fbcaMediumPolicy OID = 2 16 840 1 101 3 2 1 3 4 Comment = Federal Bridge CA Policy Description = fbcaHighPolicy OID = 2 16 840 1 101 3 2 1 48 1 Comment = NIST PKITS policies Description = nistTestPolicy1 OID = 2 16 840 1 101 3 2 1 48 2 Comment = NIST PKITS policies Description = nistTestPolicy2 OID = 2 16 840 1 101 3 2 1 48 3 Comment = NIST PKITS policies Description = nistTestPolicy3 OID = 2 16 840 1 101 3 2 1 48 4 Comment = NIST PKITS policies Description = nistTestPolicy4 OID = 2 16 840 1 101 3 2 1 48 5 Comment = NIST PKITS policies Description = nistTestPolicy5 OID = 2 16 840 1 101 3 2 1 48 6 Comment = NIST PKITS policies Description = nistTestPolicy6 OID = 2 16 840 1 101 3 2 2 Comment = CSOR GAK extended key usage Description = gak Warning OID = 2 16 840 1 101 3 2 2 1 Comment = CSOR GAK extended key usage Description = kRAKey Warning OID = 2 16 840 1 101 3 2 3 Comment = CSOR GAK extensions Description = extensions Warning OID = 2 16 840 1 101 3 2 3 1 Comment = CSOR GAK extensions Description = kRTechnique Warning OID = 2 16 840 1 101 3 2 3 2 Comment = CSOR GAK extensions Description = kRecoveryCapable Warning OID = 2 16 840 1 101 3 2 3 3 Comment = CSOR GAK extensions Description = kR Warning OID = 2 16 840 1 101 3 2 4 Comment = CSOR GAK Description = keyRecoverySchemes Warning OID = 2 16 840 1 101 3 2 5 Comment = CSOR GAK Description = krapola Warning OID = 2 16 840 1 101 3 3 Comment = CSOR GAK Description = arpa Warning # CSOR (NIST) Algorithms OID = 2 16 840 1 101 3 4 Comment = NIST Algorithm Description = nistAlgorithm OID = 2 16 840 1 101 3 4 1 Comment = NIST Algorithm Description = aes OID = 2 16 840 1 101 3 4 1 1 Comment = NIST Algorithm Description = aes128-ECB OID = 2 16 840 1 101 3 4 1 2 Comment = NIST Algorithm Description = aes128-CBC OID = 2 16 840 1 101 3 4 1 3 Comment = NIST Algorithm Description = aes128-OFB OID = 2 16 840 1 101 3 4 1 4 Comment = NIST Algorithm Description = aes128-CFB OID = 2 16 840 1 101 3 4 1 5 Comment = NIST Algorithm Description = aes128-wrap OID = 2 16 840 1 101 3 4 1 6 Comment = NIST Algorithm Description = aes128-GCM OID = 2 16 840 1 101 3 4 1 7 Comment = NIST Algorithm Description = aes128-CCM OID = 2 16 840 1 101 3 4 1 8 Comment = NIST Algorithm Description = aes128-wrap-pad OID = 2 16 840 1 101 3 4 1 21 Comment = NIST Algorithm Description = aes192-ECB OID = 2 16 840 1 101 3 4 1 22 Comment = NIST Algorithm Description = aes192-CBC OID = 2 16 840 1 101 3 4 1 23 Comment = NIST Algorithm Description = aes192-OFB OID = 2 16 840 1 101 3 4 1 24 Comment = NIST Algorithm Description = aes192-CFB OID = 2 16 840 1 101 3 4 1 25 Comment = NIST Algorithm Description = aes192-wrap OID = 2 16 840 1 101 3 4 1 26 Comment = NIST Algorithm Description = aes192-GCM OID = 2 16 840 1 101 3 4 1 27 Comment = NIST Algorithm Description = aes192-CCM OID = 2 16 840 1 101 3 4 1 28 Comment = NIST Algorithm Description = aes192-wrap-pad OID = 2 16 840 1 101 3 4 1 41 Comment = NIST Algorithm Description = aes256-ECB OID = 2 16 840 1 101 3 4 1 42 Comment = NIST Algorithm Description = aes256-CBC OID = 2 16 840 1 101 3 4 1 43 Comment = NIST Algorithm Description = aes256-OFB OID = 2 16 840 1 101 3 4 1 44 Comment = NIST Algorithm Description = aes256-CFB OID = 2 16 840 1 101 3 4 1 45 Comment = NIST Algorithm Description = aes256-wrap OID = 2 16 840 1 101 3 4 1 46 Comment = NIST Algorithm Description = aes256-GCM OID = 2 16 840 1 101 3 4 1 47 Comment = NIST Algorithm Description = aes256-CCM OID = 2 16 840 1 101 3 4 1 48 Comment = NIST Algorithm Description = aes256-wrap-pad OID = 2 16 840 1 101 3 4 2 Comment = NIST Algorithm Description = hashAlgos OID = 2 16 840 1 101 3 4 2 1 Comment = NIST Algorithm Description = sha-256 OID = 2 16 840 1 101 3 4 2 2 Comment = NIST Algorithm Description = sha-384 OID = 2 16 840 1 101 3 4 2 3 Comment = NIST Algorithm Description = sha-512 OID = 2 16 840 1 101 3 4 2 4 Comment = NIST Algorithm Description = sha-224 OID = 2 16 840 1 101 3 4 2 11 Comment = NIST Algorithm Description = shake128 OID = 2 16 840 1 101 3 4 2 12 Comment = NIST Algorithm Description = shake256 OID = 2 16 840 1 101 3 4 2 17 Comment = NIST Algorithm Description = shake128len OID = 2 16 840 1 101 3 4 2 18 Comment = NIST Algorithm Description = shake256len OID = 2 16 840 1 101 3 4 2 19 Comment = NIST Algorithm Description = kmacShake128 OID = 2 16 840 1 101 3 4 2 20 Comment = NIST Algorithm Description = kmacShake256 # The spec for these is incorrect, listing both as ... 1. Presumably one # of them is meant to be ...2. OID = 2 16 840 1 101 3 4 3 1 Comment = NIST Algorithm Description = dsaWithSha224 OID = 2 16 840 1 101 3 4 3 2 Comment = NIST Algorithm Description = dsaWithSha256 # Novell OID = 2 16 840 1 113719 1 2 8 Comment = Novell Description = novellAlgorithm OID = 2 16 840 1 113719 1 2 8 22 Comment = Novell encryption algorithm Description = desCbcIV8 OID = 2 16 840 1 113719 1 2 8 23 Comment = Novell encryption algorithm Description = desCbcPadIV8 OID = 2 16 840 1 113719 1 2 8 24 Comment = Novell encryption algorithm Description = desEDE2CbcIV8 OID = 2 16 840 1 113719 1 2 8 25 Comment = Novell encryption algorithm Description = desEDE2CbcPadIV8 OID = 2 16 840 1 113719 1 2 8 26 Comment = Novell encryption algorithm Description = desEDE3CbcIV8 OID = 2 16 840 1 113719 1 2 8 27 Comment = Novell encryption algorithm Description = desEDE3CbcPadIV8 OID = 2 16 840 1 113719 1 2 8 28 Comment = Novell encryption algorithm Description = rc5CbcPad OID = 2 16 840 1 113719 1 2 8 29 Comment = Novell signature algorithm Description = md2WithRSAEncryptionBSafe1 OID = 2 16 840 1 113719 1 2 8 30 Comment = Novell signature algorithm Description = md5WithRSAEncryptionBSafe1 OID = 2 16 840 1 113719 1 2 8 31 Comment = Novell signature algorithm Description = sha1WithRSAEncryptionBSafe1 OID = 2 16 840 1 113719 1 2 8 32 Comment = Novell digest algorithm Description = lmDigest OID = 2 16 840 1 113719 1 2 8 40 Comment = Novell digest algorithm Description = md2 OID = 2 16 840 1 113719 1 2 8 50 Comment = Novell digest algorithm Description = md5 OID = 2 16 840 1 113719 1 2 8 51 Comment = Novell signature algorithm Description = ikeHmacWithSHA1-RSA OID = 2 16 840 1 113719 1 2 8 52 Comment = Novell signature algorithm Description = ikeHmacWithMD5-RSA OID = 2 16 840 1 113719 1 2 8 69 Comment = Novell encryption algorithm Description = rc2CbcPad OID = 2 16 840 1 113719 1 2 8 82 Comment = Novell digest algorithm Description = sha-1 OID = 2 16 840 1 113719 1 2 8 92 Comment = Novell encryption algorithm Description = rc2BSafe1Cbc OID = 2 16 840 1 113719 1 2 8 95 Comment = Novell digest algorithm Description = md4 OID = 2 16 840 1 113719 1 2 8 130 Comment = Novell keyed hash Description = md4Packet OID = 2 16 840 1 113719 1 2 8 131 Comment = Novell encryption algorithm Description = rsaEncryptionBsafe1 OID = 2 16 840 1 113719 1 2 8 132 Comment = Novell encryption algorithm Description = nwPassword OID = 2 16 840 1 113719 1 2 8 133 Comment = Novell encryption algorithm Description = novellObfuscate-1 OID = 2 16 840 1 113719 1 9 Comment = Novell Description = pki OID = 2 16 840 1 113719 1 9 4 Comment = Novell PKI Description = pkiAttributeType OID = 2 16 840 1 113719 1 9 4 1 Comment = Novell PKI attribute type Description = securityAttributes OID = 2 16 840 1 113719 1 9 4 2 Comment = Novell PKI attribute type Description = relianceLimit # Netscape OID = 2 16 840 1 113730 1 Comment = Netscape Description = cert-extension OID = 2 16 840 1 113730 1 1 Comment = Netscape certificate extension Description = netscape-cert-type OID = 2 16 840 1 113730 1 2 Comment = Netscape certificate extension Description = netscape-base-url OID = 2 16 840 1 113730 1 3 Comment = Netscape certificate extension Description = netscape-revocation-url OID = 2 16 840 1 113730 1 4 Comment = Netscape certificate extension Description = netscape-ca-revocation-url OID = 2 16 840 1 113730 1 7 Comment = Netscape certificate extension Description = netscape-cert-renewal-url OID = 2 16 840 1 113730 1 8 Comment = Netscape certificate extension Description = netscape-ca-policy-url OID = 2 16 840 1 113730 1 9 Comment = Netscape certificate extension Description = HomePage-url OID = 2 16 840 1 113730 1 10 Comment = Netscape certificate extension Description = EntityLogo OID = 2 16 840 1 113730 1 11 Comment = Netscape certificate extension Description = UserPicture OID = 2 16 840 1 113730 1 12 Comment = Netscape certificate extension Description = netscape-ssl-server-name OID = 2 16 840 1 113730 1 13 Comment = Netscape certificate extension Description = netscape-comment OID = 2 16 840 1 113730 2 Comment = Netscape Description = data-type OID = 2 16 840 1 113730 2 1 Comment = Netscape data type Description = dataGIF OID = 2 16 840 1 113730 2 2 Comment = Netscape data type Description = dataJPEG OID = 2 16 840 1 113730 2 3 Comment = Netscape data type Description = dataURL OID = 2 16 840 1 113730 2 4 Comment = Netscape data type Description = dataHTML OID = 2 16 840 1 113730 2 5 Comment = Netscape data type Description = certSequence OID = 2 16 840 1 113730 2 6 Comment = Netscape certificate extension Description = certURL OID = 2 16 840 1 113730 3 Comment = Netscape Description = directory OID = 2 16 840 1 113730 3 1 Comment = Netscape directory Description = ldapDefinitions OID = 2 16 840 1 113730 3 1 1 Comment = Netscape LDAP definitions Description = carLicense OID = 2 16 840 1 113730 3 1 2 Comment = Netscape LDAP definitions Description = departmentNumber OID = 2 16 840 1 113730 3 1 3 Comment = Netscape LDAP definitions Description = employeeNumber OID = 2 16 840 1 113730 3 1 4 Comment = Netscape LDAP definitions Description = employeeType OID = 2 16 840 1 113730 3 1 216 Comment = Netscape LDAP definitions Description = userPKCS12 OID = 2 16 840 1 113730 3 2 2 Comment = Netscape LDAP definitions Description = inetOrgPerson OID = 2 16 840 1 113730 4 1 Comment = Netscape Description = serverGatedCrypto # Verisign # Country, zip, date of birth (age), and gender of cert owner (CZAG) in # obfuscated form OID = 2 16 840 1 113733 1 6 3 Comment = Verisign extension Description = verisignCZAG # Text string used in certs issued to Netscape InBox customers OID = 2 16 840 1 113733 1 6 6 Comment = Verisign extension Description = verisignInBox OID = 2 16 840 1 113733 1 6 11 Comment = Verisign extension Description = verisignOnsiteJurisdictionHash OID = 2 16 840 1 113733 1 6 13 Comment = Verisign extension Description = Unknown Verisign VPN extension # Contains DUN, among other things OID = 2 16 840 1 113733 1 6 15 Comment = Verisign extension Description = verisignServerID OID = 2 16 840 1 113733 1 7 1 1 Comment = Verisign policy Description = verisignCertPolicies95Qualifier1 OID = 2 16 840 1 113733 1 7 1 1 1 Comment = Verisign policy (obsolete) Description = verisignCPSv1notice # DN contains non-verified subscriber information OID = 2 16 840 1 113733 1 7 1 1 2 Comment = Verisign policy (obsolete) Description = verisignCPSv1nsi OID = 2 16 840 1 113733 1 8 1 Comment = Verisign Description = verisignISSStrongCrypto # SCEP OID = 2 16 840 1 113733 1 Comment = Verisign extension Description = pki OID = 2 16 840 1 113733 1 9 Comment = Verisign PKI extension Description = pkcs7Attribute OID = 2 16 840 1 113733 1 9 2 Comment = Verisign PKCS #7 attribute Description = messageType OID = 2 16 840 1 113733 1 9 3 Comment = Verisign PKCS #7 attribute Description = pkiStatus OID = 2 16 840 1 113733 1 9 4 Comment = Verisign PKCS #7 attribute Description = failInfo OID = 2 16 840 1 113733 1 9 5 Comment = Verisign PKCS #7 attribute Description = senderNonce OID = 2 16 840 1 113733 1 9 6 Comment = Verisign PKCS #7 attribute Description = recipientNonce OID = 2 16 840 1 113733 1 9 7 Comment = Verisign PKCS #7 attribute Description = transID # Supposedly the attribute for X.509v3 extensions in PKCS #10 requests, # but everyone seems to use the RSA OID instead OID = 2 16 840 1 113733 1 9 8 Comment = Verisign PKCS #7 attribute. Use PKCS #9 extensionRequest instead Description = extensionReq Warning # Intel. Intel's BIOS-signing certificates contain the following OID # values: # # 2 16 840 1 113741 2 1 3 1 # 2 16 840 1 113741 3 1 1 1 1 2 1 # 2 16 840 1 113741 3 1 1 1 2 1 1 # 2 16 840 1 113741 3 1 1 2 2 1 1 # 2 16 840 1 113741 3 1 1 2 1 1 1 1 # # None of these are documented anywhere, in fact the entire '3' arc isn't # documented. OID = 2 16 840 1 113741 2 Comment = Intel CDSA Description = intelCDSA # DigiCert OID = 2 16 840 1 114412 1 Comment = Digicert CA policy Description = digiCertNonEVCerts OID = 2 16 840 1 114412 1 1 Comment = Digicert CA policy Description = digiCertOVCert OID = 2 16 840 1 114412 1 2 Comment = Digicert CA policy Description = digiCertDVCert OID = 2 16 840 1 114412 1 11 Comment = Digicert CA policy Description = digiCertFederatedDeviceCert OID = 2 16 840 1 114412 1 3 0 1 Comment = Digicert CA policy Description = digiCertGlobalCAPolicy OID = 2 16 840 1 114412 1 3 0 2 Comment = Digicert CA policy Description = digiCertHighAssuranceEVCAPolicy OID = 2 16 840 1 114412 1 3 0 3 Comment = Digicert CA policy Description = digiCertGlobalRootCAPolicy OID = 2 16 840 1 114412 1 3 0 4 Comment = Digicert CA policy Description = digiCertAssuredIDRootCAPolicy OID = 2 16 840 1 114412 2 2 Comment = Digicert CA policy Description = digiCertEVCert OID = 2 16 840 1 114412 2 3 Comment = Digicert CA policy Description = digiCertObjectSigningCert OID = 2 16 840 1 114412 2 3 1 Comment = Digicert CA policy Description = digiCertCodeSigningCert OID = 2 16 840 1 114412 2 3 2 Comment = Digicert CA policy Description = digiCertEVCodeSigningCert OID = 2 16 840 1 114412 2 3 11 Comment = Digicert CA policy Description = digiCertKernelCodeSigningCert OID = 2 16 840 1 114412 2 3 21 Comment = Digicert CA policy Description = digiCertDocumentSigningCert OID = 2 16 840 1 114412 2 4 Comment = Digicert CA policy Description = digiCertClientCert OID = 2 16 840 1 114412 2 4 1 1 Comment = Digicert CA policy Description = digiCertLevel1PersonalClientCert OID = 2 16 840 1 114412 2 4 1 2 Comment = Digicert CA policy Description = digiCertLevel1EnterpriseClientCert OID = 2 16 840 1 114412 2 4 2 Comment = Digicert CA policy Description = digiCertLevel2ClientCert OID = 2 16 840 1 114412 2 4 3 1 Comment = Digicert CA policy Description = digiCertLevel3USClientCert OID = 2 16 840 1 114412 2 4 3 2 Comment = Digicert CA policy Description = digiCertLevel3CBPClientCert OID = 2 16 840 1 114412 2 4 4 1 Comment = Digicert CA policy Description = digiCertLevel4USClientCert OID = 2 16 840 1 114412 2 4 4 2 Comment = Digicert CA policy Description = digiCertLevel4CBPClientCert OID = 2 16 840 1 114412 2 4 5 1 Comment = Digicert CA policy Description = digiCertPIVHardwareCert OID = 2 16 840 1 114412 2 4 5 2 Comment = Digicert CA policy Description = digiCertPIVCardAuthCert OID = 2 16 840 1 114412 2 4 5 3 Comment = Digicert CA policy Description = digiCertPIVContentSigningCert OID = 2 16 840 1 114412 4 31 Comment = Digicert CA policy Description = digiCertGridClassicCert OID = 2 16 840 1 114412 4 31 5 Comment = Digicert CA policy Description = digiCertGridIntegratedCert # There's another arc for grid stuff around 2 16 840 1 114412 31 * # so the following probably isn't a typo. OID = 2 16 840 1 114412 31 4 31 1 Comment = Digicert CA policy Description = digiCertGridHostCert # SET OID = 2 23 42 0 Comment = SET Description = contentType OID = 2 23 42 0 0 Comment = SET contentType Description = panData OID = 2 23 42 0 1 Comment = SET contentType Description = panToken OID = 2 23 42 0 2 Comment = SET contentType Description = panOnly # And on and on and on for another 80-odd OIDs that I'm not going to type in OID = 2 23 42 1 Comment = SET Description = msgExt OID = 2 23 42 2 Comment = SET Description = field OID = 2 23 42 2 0 Comment = SET field Description = fullName OID = 2 23 42 2 1 Comment = SET field Description = givenName OID = 2 23 42 2 2 Comment = SET field Description = familyName OID = 2 23 42 2 3 Comment = SET field Description = birthFamilyName OID = 2 23 42 2 4 Comment = SET field Description = placeName OID = 2 23 42 2 5 Comment = SET field Description = identificationNumber OID = 2 23 42 2 6 Comment = SET field Description = month OID = 2 23 42 2 7 Comment = SET field Description = date OID = 2 23 42 2 8 Comment = SET field Description = address OID = 2 23 42 2 9 Comment = SET field Description = telephone OID = 2 23 42 2 10 Comment = SET field Description = amount OID = 2 23 42 2 11 Comment = SET field Description = accountNumber OID = 2 23 42 2 12 Comment = SET field Description = passPhrase OID = 2 23 42 3 Comment = SET Description = attribute OID = 2 23 42 3 0 Comment = SET attribute Description = cert OID = 2 23 42 3 0 0 Comment = SET cert attribute Description = rootKeyThumb OID = 2 23 42 3 0 1 Comment = SET cert attribute Description = additionalPolicy OID = 2 23 42 4 Comment = SET Description = algorithm OID = 2 23 42 5 Comment = SET Description = policy OID = 2 23 42 5 0 Comment = SET policy Description = root OID = 2 23 42 6 Comment = SET Description = module OID = 2 23 42 7 Comment = SET Description = certExt OID = 2 23 42 7 0 Comment = SET cert extension Description = hashedRootKey OID = 2 23 42 7 1 Comment = SET cert extension Description = certificateType OID = 2 23 42 7 2 Comment = SET cert extension Description = merchantData OID = 2 23 42 7 3 Comment = SET cert extension Description = cardCertRequired OID = 2 23 42 7 4 Comment = SET cert extension Description = tunneling OID = 2 23 42 7 5 Comment = SET cert extension Description = setExtensions OID = 2 23 42 7 6 Comment = SET cert extension Description = setQualifier OID = 2 23 42 8 Comment = SET Description = brand OID = 2 23 42 8 1 Comment = SET brand Description = IATA-ATA OID = 2 23 42 8 4 Comment = SET brand Description = VISA OID = 2 23 42 8 5 Comment = SET brand Description = MasterCard OID = 2 23 42 8 30 Comment = SET brand Description = Diners OID = 2 23 42 8 34 Comment = SET brand Description = AmericanExpress OID = 2 23 42 8 6011 Comment = SET brand Description = Novus OID = 2 23 42 9 Comment = SET Description = vendor OID = 2 23 42 9 0 Comment = SET vendor Description = GlobeSet OID = 2 23 42 9 1 Comment = SET vendor Description = IBM OID = 2 23 42 9 2 Comment = SET vendor Description = CyberCash OID = 2 23 42 9 3 Comment = SET vendor Description = Terisa OID = 2 23 42 9 4 Comment = SET vendor Description = RSADSI OID = 2 23 42 9 5 Comment = SET vendor Description = VeriFone OID = 2 23 42 9 6 Comment = SET vendor Description = TrinTech OID = 2 23 42 9 7 Comment = SET vendor Description = BankGate OID = 2 23 42 9 8 Comment = SET vendor Description = GTE OID = 2 23 42 9 9 Comment = SET vendor Description = CompuSource OID = 2 23 42 9 10 Comment = SET vendor Description = Griffin OID = 2 23 42 9 11 Comment = SET vendor Description = Certicom OID = 2 23 42 9 12 Comment = SET vendor Description = OSS OID = 2 23 42 9 13 Comment = SET vendor Description = TenthMountain OID = 2 23 42 9 14 Comment = SET vendor Description = Antares OID = 2 23 42 9 15 Comment = SET vendor Description = ECC OID = 2 23 42 9 16 Comment = SET vendor Description = Maithean OID = 2 23 42 9 17 Comment = SET vendor Description = Netscape OID = 2 23 42 9 18 Comment = SET vendor Description = Verisign OID = 2 23 42 9 19 Comment = SET vendor Description = BlueMoney OID = 2 23 42 9 20 Comment = SET vendor Description = Lacerte OID = 2 23 42 9 21 Comment = SET vendor Description = Fujitsu OID = 2 23 42 9 22 Comment = SET vendor Description = eLab OID = 2 23 42 9 23 Comment = SET vendor Description = Entrust OID = 2 23 42 9 24 Comment = SET vendor Description = VIAnet OID = 2 23 42 9 25 Comment = SET vendor Description = III OID = 2 23 42 9 26 Comment = SET vendor Description = OpenMarket OID = 2 23 42 9 27 Comment = SET vendor Description = Lexem OID = 2 23 42 9 28 Comment = SET vendor Description = Intertrader OID = 2 23 42 9 29 Comment = SET vendor Description = Persimmon OID = 2 23 42 9 30 Comment = SET vendor Description = NABLE OID = 2 23 42 9 31 Comment = SET vendor Description = espace-net OID = 2 23 42 9 32 Comment = SET vendor Description = Hitachi OID = 2 23 42 9 33 Comment = SET vendor Description = Microsoft OID = 2 23 42 9 34 Comment = SET vendor Description = NEC OID = 2 23 42 9 35 Comment = SET vendor Description = Mitsubishi OID = 2 23 42 9 36 Comment = SET vendor Description = NCR OID = 2 23 42 9 37 Comment = SET vendor Description = e-COMM OID = 2 23 42 9 38 Comment = SET vendor Description = Gemplus OID = 2 23 42 10 Comment = SET Description = national OID = 2 23 42 10 392 Comment = SET national Description = Japan # WAP OID = 2 23 43 1 4 Comment = WAP WTLS Description = wTLS-ECC OID = 2 23 43 1 4 1 Comment = WAP WTLS Description = wTLS-ECC-curve1 OID = 2 23 43 1 4 6 Comment = WAP WTLS Description = wTLS-ECC-curve6 OID = 2 23 43 1 4 8 Comment = WAP WTLS Description = wTLS-ECC-curve8 OID = 2 23 43 1 4 9 Comment = WAP WTLS Description = wTLS-ECC-curve9 # TCPA OID = 2 23 133 Comment = TCPA Description = tCPA OID = 2 23 133 1 Comment = TCPA Description = tcpaSpecVersion OID = 2 23 133 2 Comment = TCPA Description = tcpaAttribute OID = 2 23 133 2 1 Comment = TCPA Attribute Description = tcpaTpmManufacturer OID = 2 23 133 2 2 Comment = TCPA Attribute Description = tcpaTpmModel OID = 2 23 133 2 3 Comment = TCPA Attribute Description = tcpaTpmVersion OID = 2 23 133 2 4 Comment = TCPA Attribute Description = tcpaPlatformManufacturer OID = 2 23 133 2 5 Comment = TCPA Attribute Description = tcpaPlatformModel OID = 2 23 133 2 6 Comment = TCPA Attribute Description = tcpaPlatformVersion OID = 2 23 133 2 7 Comment = TCPA Attribute Description = tcpaComponentManufacturer OID = 2 23 133 2 8 Comment = TCPA Attribute Description = tcpaComponentModel OID = 2 23 133 2 9 Comment = TCPA Attribute Description = tcpaComponentVersion OID = 2 23 133 2 10 Comment = TCPA Attribute Description = tcpaSecurityQualities OID = 2 23 133 2 11 Comment = TCPA Attribute Description = tcpaTpmProtectionProfile OID = 2 23 133 2 12 Comment = TCPA Attribute Description = tcpaTpmSecurityTarget OID = 2 23 133 2 13 Comment = TCPA Attribute Description = tcpaFoundationProtectionProfile OID = 2 23 133 2 14 Comment = TCPA Attribute Description = tcpaFoundationSecurityTarget OID = 2 23 133 2 15 Comment = TCPA Attribute Description = tcpaTpmIdLabel OID = 2 23 133 3 Comment = TCPA Description = tcpaProtocol OID = 2 23 133 3 1 Comment = TCPA Protocol Description = tcpaPrttTpmIdProtocol # PostSignum. OID = 2 23 134 1 4 2 1 Comment = PostSignum CA Description = postSignumRootQCA OID = 2 23 134 1 2 2 3 Comment = PostSignum CA Description = postSignumPublicCA OID = 2 23 134 1 2 1 8 210 Comment = PostSignum CA Description = postSignumCommercialServerPolicy # ICAO. Technically this OID is called "SOD" but displaying that as a name # will just bugger up people's understanding of the data. Newer versions of # the spec call it ldsSecurityObject but that's a bit too vague to indicate # what it really is. OID = 2 23 136 1 1 1 Comment = ICAO MRTD Description = mRTDSignatureData # Draft SET. These were invented for testing in pre-1.0 drafts but have # been used nonetheless by implementors OID = 2 54 1775 2 Comment = SET. Deprecated, use (2 23 42 7 0) instead Description = hashedRootKey Warning OID = 2 54 1775 3 Comment = SET. Deprecated, use (2 23 42 7 0) instead Description = certificateType Warning OID = 2 54 1775 4 Comment = SET. Deprecated, use (2 23 42 7 0) instead Description = merchantData Warning OID = 2 54 1775 5 Comment = SET. Deprecated, use (2 23 42 7 0) instead Description = cardCertRequired Warning OID = 2 54 1775 6 Comment = SET. Deprecated, use (2 23 42 7 0) instead Description = tunneling Warning OID = 2 54 1775 7 Comment = SET. Deprecated, use (2 23 42 7 0) instead Description = setQualifier Warning OID = 2 54 1775 99 Comment = SET. Deprecated, use (2 23 42 7 0) instead Description = setData Warning # EV certificate policies. There's no official record of what all the EV # policy OIDs are, it seems to be defined as "whatever the browsers will # accept as EV". This is taken from # http://en.wikipedia.org/wiki/Extended_Validation_Certificate, there's also # a list in Chromium, the ev_root_ca_metadata list, but this contains # errors (e.g. the value "1.3.6.1.4.1.6449.1.2.1.5.1" [sic] is recorded as # being for both AddTrust and Comodo). # # The OIDs are collected here in owner-name alphabetical order rather than # scattering them throughout this list in OID order to make it easier to # track what's already present. OID = 1 2 40 0 17 1 22 Comment = A-Trust CA Root Description = A-Trust EV policy # This appears to be an error in Chromium's ev_root_ca_metadata. # OTOH this OID was also used by UTN-Userfirst, which is now # Comodo. #OID = 1 3 6 1 4 1 6449 1 2 1 5 1 #Comment = AddTrust External CA Root #Description = AddTrust EV policy OID = 1 3 6 1 4 1 34697 2 1 Comment = AffirmTrust Commercial Description = AffirmTrust EV policy OID = 1 3 6 1 4 1 34697 2 2 Comment = AffirmTrust Networking Description = AffirmTrust EV policy OID = 1 3 6 1 4 1 34697 2 3 Comment = AffirmTrust Premium Description = AffirmTrust EV policy OID = 1 3 6 1 4 1 34697 2 4 Comment = AffirmTrust Premium ECC Description = AffirmTrust EV policy OID = 2 16 578 1 26 1 3 3 Comment = BuyPass Class 3 EV Description = BuyPass EV policy OID = 1 3 6 1 4 1 17326 10 14 2 1 2 Comment = Camerfirma CA Root Description = Camerfirma EV policy OID = 1 3 6 1 4 1 17326 10 8 12 1 2 Comment = Camerfirma CA Root Description = Camerfirma EV policy OID = 1 3 6 1 4 1 22234 2 5 2 3 1 Comment = CertPlus Class 2 Primary CA (formerly Keynectis) Description = CertPlus EV policy OID = 1 3 6 1 4 1 6449 1 2 1 5 1 Comment = COMODO Certification Authority Description = Comodo EV policy OID = 1 3 6 1 4 1 6334 1 100 1 Comment = Cybertrust Global Root (now Verizon Business) Description = Cybertrust EV policy OID = 1 3 6 1 4 1 4788 2 202 1 Comment = D-TRUST Root Class 3 CA 2 EV 2009 Description = D-TRUST EV policy OID = 2 16 840 1 114412 2 1 Comment = DigiCert High Assurance EV Root CA Description = DigiCert EV policy OID = 2 16 528 1 1001 1 1 1 12 6 1 1 1 Comment = DigiNotar Root CA Description = DigiNotar EV policy OID = 2 16 840 1 114028 10 1 2 Comment = Entrust Root Certification Authority Description = Entrust EV policy OID = 1 3 6 1 4 1 14370 1 6 Comment = GeoTrust Primary Certification Authority (formerly Equifax) Description = GeoTrust EV policy OID = 1 3 6 1 4 1 4146 1 1 Comment = GlobalSign Description = GlobalSign EV policy OID = 2 16 840 1 114413 1 7 23 3 Comment = GoDaddy Class 2 Certification Authority (formerly ValiCert) Description = GoDaddy EV policy OID = 1 3 6 1 4 1 14777 6 1 1 Comment = Certificado de Servidor Seguro SSL EV Description = Izenpe EV policy OID = 1 3 6 1 4 1 14777 6 1 2 Comment = Certificado de Sede Electronica EV Description = Izenpe EV policy OID = 1 3 6 1 4 1 782 1 2 1 8 1 Comment = Network Solutions Certificate Authority Description = Network Solutions EV policy OID = 1 3 6 1 4 1 8024 0 2 100 1 2 Comment = QuoVadis Root CA 2 Description = QuoVadis EV policy OID = 1 2 392 200091 100 721 1 Comment = Security Communication RootCA1 Description = Security Communication (SECOM) EV policy OID = 2 16 840 1 114414 1 7 23 3 Comment = Starfield Class 2 Certification Authority Description = Starfield EV policy OID = 1 3 6 1 4 1 23223 1 1 1 Comment = StartCom Certification Authority Description = StartCom EV policy OID = 2 16 756 1 89 1 2 1 1 Comment = SwissSign Gold CA - G2 Description = SwissSign EV policy OID = 1 3 6 1 4 1 7879 13 24 1 Comment = T-TeleSec GlobalRoot Class 3 Description = T-TeleSec EV policy OID = 2 16 840 1 113733 1 7 48 1 Comment = Thawte Premium Server CA Description = Thawte EV policy OID = 2 16 840 1 114404 1 1 2 4 1 Comment = TrustWave CA, formerly SecureTrust, before that XRamp Description = TrustWave EV policy OID = 1 3 6 1 4 1 40869 1 1 22 3 Comment = TWCA Root Certification Authority Description = TWCA EV policy OID = 2 16 840 1 113733 1 7 23 6 Comment = VeriSign Class 3 Public Primary Certification Authority Description = VeriSign EV policy OID = 2 16 840 1 114171 500 9 Comment = Wells Fargo WellsSecure Public Root Certificate Authority Description = Wells Fargo EV policy # End of Fahnenstange dumpasn1-20191022/dumpasn1.c0000644000175000017500000031072713553764740015302 0ustar mathieumathieu/* ASN.1 data display code, copyright Peter Gutmann , based on ASN.1 dump program by David Kemp, with contributions from various people including Matthew Hamrick, Bruno Couillard, Hallvard Furuseth, Geoff Thorpe, David Boyce, John Hughes, 'Life is hard, and then you die', Hans-Olof Hermansson, Tor Rustad, Kjetil Barvik, James Sweeny, Chris Ridd, David Lemley, John Tobey, James Manger, Igor Perminov, and several other people whose names I've misplaced. Available from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c. Last updated 22 October 2019 (version 20191022, if you prefer it that way, see also UPDATE_STRING below). To build under Windows, use 'cl /MD dumpasn1.c'. To build on OS390 or z/OS, use '/bin/c89 -D OS390 -o dumpasn1 dumpasn1.c'. This code grew slowly over time without much design or planning, and with extra features being tacked on as required. It's not representative of my normal coding style, and should only be used as a debugging/diagnostic tool and not in a production environment (I'm not sure how you'd use it in production anyway, but felt I should point that out). cryptlib, http://www.cs.auckland.ac.nz/~pgut001/cryptlib/, does a much better job of checking ASN.1 than this does, since dumpasn1 is a display program written to accept the widest possible range of input and not a compliance checker. In other words it will bend over backwards to even accept invalid data, since a common use for it is to try and locate encoding problems that lead to invalid encoded data. While it will warn about some types of common errors, the fact that dumpasn1 will display an ASN.1 data item doesn't mean that the item is valid. dumpasn1 requires a config file dumpasn1.cfg to be present in the same location as the program itself or in a standard directory where binaries live (it will run without it but will display a warning message, you can configure the path either by hardcoding it in or using an environment variable as explained further down). The config file is available from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. This code assumes that the input data is binary, having come from a MIME- aware mailer or been piped through a decoding utility if the original format used base64 encoding. If you need to decode it, it's recommended that you use a utility like uudeview, which will strip virtually any kind of encoding (MIME, PEM, PGP, whatever) to recover the binary original. You can use this code in whatever way you want, as long as you don't try to claim you wrote it. (Someone asked for clarification on what this means, treat it as a very mild form of the BSD license in which you're not required to include LONG LEGAL DISCLAIMERS IN ALL CAPS but just a small note in a corner somewhere (e.g. the back of a manual) that you're using the dumpasn1 code. If you do use it, please make sure you're using a recent version, I occasionally see screen shots from incredibly ancient versions that are nowhere near as good as what current versions produce. Finally, see the note earlier about this being purely a debugging tool and not production-quality code). Editing notes: Tabs to 4, phasers to malky (and in case anyone wants to complain about that, see "Program Indentation and Comprehensiblity", Richard Miara, Joyce Musselman, Juan Navarro, and Ben Shneiderman, Communications of the ACM, Vol.26, No.11 (November 1983), p.861) */ #include #include #include #include #include #include #ifdef OS390 #include #endif /* OS390 */ /* The update string, printed as part of the help screen */ #define UPDATE_STRING "22 October 2019" /* Useful defines */ #ifndef TRUE #define FALSE 0 #define TRUE ( !FALSE ) #endif /* TRUE */ #ifndef BYTE typedef unsigned char BYTE; #endif /* BYTE */ /* Tandem Guardian NonStop Kernel options */ #ifdef __TANDEM #pragma nolist /* Spare us the source listing, no GUI... */ #pragma nowarn (1506) /* Implicit type conversion: int to char etc */ #endif /* __TANDEM */ /* SunOS 4.x doesn't define seek codes or exit codes or FILENAME_MAX (it does define _POSIX_MAX_PATH, but in funny locations and to different values depending on which include file you use). Strictly speaking this code isn't right since we need to use PATH_MAX, however not all systems define this, some use _POSIX_PATH_MAX, and then there are all sorts of variations and other defines that you have to check, which require about a page of code to cover each OS, so we just use max( FILENAME_MAX, 512 ) which should work for everything */ #ifndef SEEK_SET #define SEEK_SET 0 #define SEEK_CUR 2 #endif /* No fseek() codes defined */ #ifndef EXIT_FAILURE #define EXIT_FAILURE 1 #define EXIT_SUCCESS ( !EXIT_FAILURE ) #endif /* No exit() codes defined */ #ifndef FILENAME_MAX #define FILENAME_MAX 512 #else #if FILENAME_MAX < 128 #undef FILENAME_MAX #define FILENAME_MAX 512 #endif /* FILENAME_MAX < 128 */ #endif /* FILENAME_MAX */ /* Under Windows we can do special-case handling for paths and Unicode strings (although in practice it can't really handle much except latin-1) */ #if ( defined( _WINDOWS ) || defined( WIN32 ) || defined( _WIN32 ) || \ defined( __WIN32__ ) ) #include #include /* For _setmode() */ #include /* For _setmode() codes */ #ifndef _O_U16TEXT #define _O_U16TEXT 0x20000 /* _setmode() code */ #endif /* !_O_U16TEXT */ #define __WIN32__ #endif /* Win32 */ /* Under Unix we can do special-case handling for paths and Unicode strings. Detecting Unix systems is a bit tricky but the following should find most versions. This define implicitly assumes that the system has wchar_t support, but this is almost always the case except for very old systems, so it's best to default to allow-all rather than deny-all */ #if defined( linux ) || defined( __linux__ ) || defined( sun ) || \ defined( __bsdi__ ) || defined( __FreeBSD__ ) || defined( __NetBSD__ ) || \ defined( __OpenBSD__ ) || defined( __hpux ) || defined( _M_XENIX ) || \ defined( __osf__ ) || defined( _AIX ) || defined( __MACH__ ) #define __UNIX__ #endif /* Every commonly-used Unix */ #if defined( linux ) || defined( __linux__ ) #ifndef __USE_ISOC99 #define __USE_ISOC99 #endif /* __USE_ISOC99 */ #include #endif /* Linux */ /* For IBM mainframe OSes we use the Posix environment, so it looks like Unix */ #ifdef OS390 #define __OS390__ #define __UNIX__ #endif /* OS390 / z/OS */ /* Tandem NSK: Don't tangle with Tandem OSS, which is almost UNIX */ #ifdef __TANDEM #ifdef _GUARDIAN_TARGET #define __TANDEM_NSK__ #else #define __UNIX__ #endif /* _GUARDIAN_TARGET */ #endif /* __TANDEM */ /* Some OSes don't define the min() macro */ #ifndef min #define min(a,b) ( ( a ) < ( b ) ? ( a ) : ( b ) ) #endif /* !min */ /* Macros to avoid problems with sign extension */ #define byteToInt( x ) ( ( BYTE ) ( x ) ) /* Turn off pointless VC++ warnings */ #ifdef _MSC_VER #pragma warning( disable: 4018 ) #pragma warning( disable: 4996 ) #endif /* VC++ */ /* When we dump a nested data object encapsulated within a larger object, the length is initially set to a magic value which is adjusted to the actual length once we start parsing the object */ #define LENGTH_MAGIC 177545L /* Tag classes */ #define CLASS_MASK 0xC0 /* Bits 8 and 7 */ #define UNIVERSAL 0x00 /* 0 = Universal (defined by ITU X.680) */ #define APPLICATION 0x40 /* 1 = Application */ #define CONTEXT 0x80 /* 2 = Context-specific */ #define PRIVATE 0xC0 /* 3 = Private */ /* Encoding type */ #define FORM_MASK 0x20 /* Bit 6 */ #define PRIMITIVE 0x00 /* 0 = primitive */ #define CONSTRUCTED 0x20 /* 1 = constructed */ /* Universal tags */ #define TAG_MASK 0x1F /* Bits 5 - 1 */ #define EOC 0x00 /* 0: End-of-contents octets */ #define BOOLEAN 0x01 /* 1: Boolean */ #define INTEGER 0x02 /* 2: Integer */ #define BITSTRING 0x03 /* 2: Bit string */ #define OCTETSTRING 0x04 /* 4: Byte string */ #define NULLTAG 0x05 /* 5: NULL */ #define OID 0x06 /* 6: Object Identifier */ #define OBJDESCRIPTOR 0x07 /* 7: Object Descriptor */ #define EXTERNAL 0x08 /* 8: External */ #define REAL 0x09 /* 9: Real */ #define ENUMERATED 0x0A /* 10: Enumerated */ #define EMBEDDED_PDV 0x0B /* 11: Embedded Presentation Data Value */ #define UTF8STRING 0x0C /* 12: UTF8 string */ #define SEQUENCE 0x10 /* 16: Sequence/sequence of */ #define SET 0x11 /* 17: Set/set of */ #define NUMERICSTRING 0x12 /* 18: Numeric string */ #define PRINTABLESTRING 0x13 /* 19: Printable string (ASCII subset) */ #define T61STRING 0x14 /* 20: T61/Teletex string */ #define VIDEOTEXSTRING 0x15 /* 21: Videotex string */ #define IA5STRING 0x16 /* 22: IA5/ASCII string */ #define UTCTIME 0x17 /* 23: UTC time */ #define GENERALIZEDTIME 0x18 /* 24: Generalized time */ #define GRAPHICSTRING 0x19 /* 25: Graphic string */ #define VISIBLESTRING 0x1A /* 26: Visible string (ASCII subset) */ #define GENERALSTRING 0x1B /* 27: General string */ #define UNIVERSALSTRING 0x1C /* 28: Universal string */ #define BMPSTRING 0x1E /* 30: Basic Multilingual Plane/Unicode string */ /* Length encoding */ #define LEN_XTND 0x80 /* Indefinite or long form */ #define LEN_MASK 0x7F /* Bits 7 - 1 */ /* The maximum complexity level for an object, meaning nesting level of data, before we declare an error and exit. Given that this is ASN.1, which encourages the design of ridiculously-complex objects, we set a fairly high bound before we bail out (cryptlib uses 50 which handles all known certificate and CMS object types, so 80 provides a fairly safe margin) */ #define MAX_NESTING_LEVEL 80 /* Various special-case operations to perform on strings */ typedef enum { STR_NONE, /* No special handling */ STR_UTCTIME, /* Check it's UTCTime */ STR_GENERALIZED, /* Check it's GeneralizedTime */ STR_PRINTABLE, /* Check it's a PrintableString */ STR_IA5, /* Check it's an IA5String */ STR_LATIN1, /* Read and display string as latin-1 */ STR_UTF8, /* Read and display string as UTF8 */ STR_BMP, /* Read and display string as Unicode */ STR_BMP_REVERSED /* STR_BMP with incorrect endianness */ } STR_OPTION; /* Structure to hold info on an ASN.1 item */ typedef struct { int id; /* Tag class + primitive/constructed */ int tag; /* Tag */ long length; /* Data length */ int indefinite; /* Item has indefinite length */ int nonCanonical; /* Non-canonical length encoding used */ BYTE header[ 16 ]; /* Tag+length data */ int headerSize; /* Size of tag+length */ } ASN1_ITEM; /* Configuration options */ static int printDots = FALSE; /* Whether to print dots to align columns */ static int doPure = FALSE; /* Print data without LHS info column */ static int doDumpHeader = FALSE; /* Dump tag+len in hex (level = 0, 1, 2) */ static int extraOIDinfo = FALSE; /* Print extra information about OIDs */ static int doHexValues = FALSE; /* Display size, offset in hex not dec.*/ static int useStdin = FALSE; /* Take input from stdin */ static int zeroLengthAllowed = FALSE;/* Zero-length items allowed */ static int dumpText = FALSE; /* Dump text alongside hex data */ static int printAllData = FALSE; /* Whether to print all data in long blocks */ static int checkEncaps = TRUE; /* Print encaps.data in BIT/OCTET STRINGs */ static int checkCharset = TRUE; /* Check val.of char strs.hidden in OCTET STRs */ #ifndef __OS390__ static int reverseBitString = TRUE; /* Print BIT STRINGs in natural order */ #else static int reverseBitString = FALSE;/* Natural order on OS390 is the same as ASN.1 */ #endif /* __OS390__ */ static int rawTimeString = FALSE; /* Print raw time strings */ static int shallowIndent = FALSE; /* Perform shallow indenting */ static int outputWidth = 80; /* 80-column display */ static int maxNestLevel = MAX_NESTING_LEVEL;/* Maximum nesting level for which to display output */ static int doOutlineOnly = FALSE; /* Only display constructed-object outline */ /* Formatting information used for the fixed informational column to the left of the displayed data */ static int infoWidth = 4; static const char *indentStringTbl[] = { NULL, NULL, NULL, " : ", /* "xxx xxx: " (3) */ " : ", /* "xxxx xxxx: " (4) */ " : ", /* "xxxxx xxxxx: " (5) */ " : ", /* "xxxxxx xxxxxx: " (6) */ " : ", /* "xxxxxxx xxxxxxx: " (7) */ " : ", /* "xxxxxxxx xxxxxxxx: " (8) */ "", "", "", "" }; static const char *lenTbl[] = { NULL, NULL, NULL, "%3ld %3ld: ", "%4ld %4ld: ", "%5ld %5ld: ", "%6ld %6ld: ", "%7ld %7ld: ", "%8ld %8ld: ", "", "", "", "" }; static const char *lenIndefTbl[] = { NULL, NULL, NULL, "%3ld NDF: ", "%4ld NDEF: ", "%5ld INDEF: ", "%6ld INDEF : ", "%7ld INDEF : ", "%8ld INDEF : ", "", "", "", "" }; static const char *lenHexTbl[] = { NULL, NULL, NULL, "%03lX %3lX: ", "%04lX %4lX: ", "%05lX %5lX: ", "%06lX %6lX: ", "%07lX %7lX: ", "%08lX %8lX: ", "", "", "", "" }; static const char *lenHexIndefTbl[] = { NULL, NULL, NULL, "%03lX NDF: ", "%04lX NDEF: ", "%05lX INDEF: ", "%06lX INDEF : ", "%07lX INDEF : ", "%08lX INDEF : ", "", "", "", "" }; #define INDENT_SIZE ( infoWidth + 1 + infoWidth + 1 + 1 ) #define INDENT_STRING indentStringTbl[ infoWidth ] #define LEN lenTbl[ infoWidth ] #define LEN_INDEF lenIndefTbl[ infoWidth ] #define LEN_HEX lenHexTbl[ infoWidth ] #define LEN_HEX_INDEF lenHexIndefTbl[ infoWidth ] /* Error and warning information */ static int noErrors = 0; /* Number of errors found */ static int noWarnings = 0; /* Number of warnings */ /* Position in the input stream */ static int fPos = 0; /* Absolute position in data */ /* The output stream */ static FILE *output; /* Output stream */ /* OID data sizes. Because of Microsoft's "encode random noise and call it an OID" approach, we maintain two size limits, a sane one and one capable of holding the random-noise OID data, which we warn about */ #define MAX_OID_SIZE 40 #define MAX_SANE_OID_SIZE 32 /* Information on an ASN.1 Object Identifier */ typedef struct tagOIDINFO { struct tagOIDINFO *next; /* Next item in list */ BYTE oid[ MAX_OID_SIZE ]; int oidLength; char *comment, *description; /* Name, rank, serial number */ int warn; /* Whether to warn if OID encountered */ } OIDINFO; static OIDINFO *oidList = NULL; /* If the config file isn't present in the current directory, we search the following paths (this is needed for Unix with dumpasn1 somewhere in the path, since this doesn't set up argv[0] to the full path). Anything beginning with a '$' uses the appropriate environment variable. In addition under Unix we also walk down $PATH looking for it */ #ifdef __TANDEM_NSK__ #define CONFIG_NAME "asn1cfg" #else #define CONFIG_NAME "dumpasn1.cfg" #endif /* __TANDEM_NSK__ */ #if defined( __TANDEM_NSK__ ) static const char *configPaths[] = { "$system.security", "$system.system", NULL }; #elif defined( __WIN32__ ) static const char *configPaths[] = { /* Windoze absolute paths (yeah, this code has been around for awhile, why do you ask?) */ "c:\\windows\\", "c:\\winnt\\", /* It's my program, I'm allowed to hardcode in strange paths that no-one else uses */ "c:\\program files\\bin\\", "c:\\program files (x86)\\bin\\", /* This one seems to be popular as well */ "c:\\program files\\utilities\\", "c:\\program files (x86)\\utilities\\", /* General environment-based paths */ "$DUMPASN1_PATH/", NULL }; #elif defined( __OS390__ ) static const char *configPaths[] = { /* General environment-based paths */ "$DUMPASN1_PATH/", NULL }; #else static const char *configPaths[] = { #ifndef DEBIAN /* Unix absolute paths */ "/usr/bin/", "/usr/local/bin/", "/etc/dumpasn1/", /* Unix environment-based paths */ "$HOME/", "$HOME/bin/", /* It's my program, I'm allowed to hardcode in strange paths that no-one else uses */ "$HOME/BIN/", #else /* Debian has specific places where you're supposed to dump things. Note the dot after $HOME, since config files are supposed to start with a dot for Debian */ "$HOME/.", "/etc/dumpasn1/", #endif /* DEBIAN-specific paths */ /* General environment-based paths */ "$DUMPASN1_PATH/", NULL }; #endif /* OS-specific search paths */ #define isEnvTerminator( c ) \ ( ( ( c ) == '/' ) || ( ( c ) == '.' ) || ( ( c ) == '$' ) || \ ( ( c ) == '\0' ) || ( ( c ) == '~' ) ) /**************************************************************************** * * * Object Identification/Description Routines * * * ****************************************************************************/ /* Return descriptive strings for universal tags */ static char *idstr( const int tagID ) { switch( tagID ) { case EOC: return( "End-of-contents octets" ); case BOOLEAN: return( "BOOLEAN" ); case INTEGER: return( "INTEGER" ); case BITSTRING: return( "BIT STRING" ); case OCTETSTRING: return( "OCTET STRING" ); case NULLTAG: return( "NULL" ); case OID: return( "OBJECT IDENTIFIER" ); case OBJDESCRIPTOR: return( "ObjectDescriptor" ); case EXTERNAL: return( "EXTERNAL" ); case REAL: return( "REAL" ); case ENUMERATED: return( "ENUMERATED" ); case EMBEDDED_PDV: return( "EMBEDDED PDV" ); case UTF8STRING: return( "UTF8String" ); case SEQUENCE: return( "SEQUENCE" ); case SET: return( "SET" ); case NUMERICSTRING: return( "NumericString" ); case PRINTABLESTRING: return( "PrintableString" ); case T61STRING: return( "TeletexString" ); case VIDEOTEXSTRING: return( "VideotexString" ); case IA5STRING: return( "IA5String" ); case UTCTIME: return( "UTCTime" ); case GENERALIZEDTIME: return( "GeneralizedTime" ); case GRAPHICSTRING: return( "GraphicString" ); case VISIBLESTRING: return( "VisibleString" ); case GENERALSTRING: return( "GeneralString" ); case UNIVERSALSTRING: return( "UniversalString" ); case BMPSTRING: return( "BMPString" ); default: return( "Unknown (Reserved)" ); } } /* Return information on an object identifier */ static OIDINFO *getOIDinfo( const BYTE *oid, const int oidLength ) { const BYTE oidByte = oid[ 1 ]; OIDINFO *oidPtr; for( oidPtr = oidList; oidPtr != NULL; oidPtr = oidPtr->next ) { if( oidLength != oidPtr->oidLength - 2 ) continue; /* Quick-reject check */ if( oidByte != oidPtr->oid[ 2 + 1 ] ) continue; /* Quick-reject check */ if( !memcmp( oidPtr->oid + 2, oid, oidLength ) ) return( oidPtr ); } return( NULL ); } /* Add an OID attribute */ static int addAttribute( char **buffer, char *attribute ) { if( ( *buffer = ( char * ) malloc( strlen( attribute ) + 1 ) ) == NULL ) { puts( "Out of memory." ); return( FALSE ); } strcpy( *buffer, attribute ); return( TRUE ); } /* Table to identify valid string chars (taken from cryptlib). Note that IA5String also allows control chars, but we warn about these since finding them in a certificate is a sign that there's something seriously wrong */ #define P 1 /* PrintableString */ #define I 2 /* IA5String */ #define PI 3 /* IA5String and PrintableString */ static int charFlags[] = { /* 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ! " # $ % & ' ( ) * + , - . / */ PI, I, I, I, I, I, I, PI, PI, PI, I, PI, PI, PI, PI, PI, /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, PI, I, PI, /* @ A B C D E F G H I J K L M N O */ I, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, /* P Q R S T U V W X Y Z [ \ ] ^ _ */ PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, I, I, I, /* ` a b c d e f g h i j k l m n o */ I, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, /* p q r s t u v w x y z { | } ~ DL */ PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, I, I, 0 }; static int isPrintable( int ch ) { if( ch >= 128 || !( charFlags[ ch ] & P ) ) return( FALSE ); return( TRUE ); } static int isIA5( int ch ) { if( ch >= 128 || !( charFlags[ ch ] & I ) ) return( FALSE ); return( TRUE ); } /**************************************************************************** * * * Config File Read Routines * * * ****************************************************************************/ /* Files coming from DOS/Windows systems may have a ^Z (the CP/M EOF char) at the end, so we need to filter this out */ #define CPM_EOF 0x1A /* ^Z = CPM EOF char */ /* The maximum input line length */ #define MAX_LINESIZE 512 /* Read a line of text from the config file */ static int lineNo; static int readLine( FILE *file, char *buffer ) { int bufCount = 0, ch; /* Skip whitespace */ while( ( ( ch = getc( file ) ) == ' ' || ch == '\t' ) && !feof( file ) ); /* Get a line into the buffer */ while( ch != '\r' && ch != '\n' && ch != CPM_EOF && !feof( file ) ) { /* Check for an illegal char in the data. Note that we don't just check for chars with high bits set because these are legal in non-ASCII strings */ if( !isprint( ch ) ) { printf( "Bad character '%c' in config file line %d.\n", ch, lineNo ); return( FALSE ); } /* Check to see if it's a comment line */ if( ch == '#' && !bufCount ) { /* Skip comment section and trailing whitespace */ while( ch != '\r' && ch != '\n' && ch != CPM_EOF && !feof( file ) ) ch = getc( file ); break; } /* Make sure that the line is of the correct length */ if( bufCount > MAX_LINESIZE ) { printf( "Config file line %d too long.\n", lineNo ); return( FALSE ); } else if( ch ) /* Can happen if we read a binary file */ buffer[ bufCount++ ] = ch; /* Get next character */ ch = getc( file ); } /* If we've just passed a CR, check for a following LF */ if( ch == '\r' ) { if( ( ch = getc( file ) ) != '\n' ) ungetc( ch, file ); } /* Skip trailing whitespace and add der terminador */ while( bufCount > 0 && ( ( ch = buffer[ bufCount - 1 ] ) == ' ' || ch == '\t' ) ) bufCount--; buffer[ bufCount ] = '\0'; /* Handle special-case of ^Z if file came off an MSDOS system */ if( ch == CPM_EOF ) { while( !feof( file ) ) { /* Keep going until we hit the true EOF (or some sort of error) */ ( void ) getc( file ); } } return( ferror( file ) ? FALSE : TRUE ); } /* Process an OID specified as space-separated decimal or hex digits */ static int processOID( OIDINFO *oidInfo, char *string ) { BYTE binaryOID[ MAX_OID_SIZE ]; long value; int firstValue = -1, valueIndex = 0, oidIndex = 3; memset( binaryOID, 0, MAX_OID_SIZE ); binaryOID[ 0 ] = OID; while( *string && oidIndex < MAX_OID_SIZE ) { if( oidIndex >= MAX_OID_SIZE - 4 ) { printf( "Excessively long OID in config file line %d.\n", lineNo ); return( FALSE ); } if( sscanf( string, "%8ld", &value ) != 1 || value < 0 ) { printf( "Invalid value in config file line %d.\n", lineNo ); return( FALSE ); } if( valueIndex == 0 ) { firstValue = value; valueIndex++; } else { if( valueIndex == 1 ) { if( firstValue < 0 || firstValue > 2 || value < 0 || \ ( ( firstValue < 2 && value > 39 ) || \ ( firstValue == 2 && value > 175 ) ) ) { printf( "Invalid value in config file line %d.\n", lineNo ); return( FALSE ); } binaryOID[ 2 ] = ( firstValue * 40 ) + ( int ) value; valueIndex++; } else { int hasHighBits = FALSE; if( value >= 0x200000L ) /* 2^21 */ { binaryOID[ oidIndex++ ] = 0x80 | ( int ) ( value >> 21 ); value %= 0x200000L; hasHighBits = TRUE; } if( ( value >= 0x4000 ) || hasHighBits ) /* 2^14 */ { binaryOID[ oidIndex++ ] = 0x80 | ( int ) ( value >> 14 ); value %= 0x4000; hasHighBits = TRUE; } if( ( value >= 0x80 ) || hasHighBits ) /* 2^7 */ { binaryOID[ oidIndex++ ] = 0x80 | ( int ) ( value >> 7 ); value %= 128; } binaryOID[ oidIndex++ ] = ( int ) value; } } while( *string && isdigit( byteToInt( *string ) ) ) string++; if( *string && *string++ != ' ' ) { printf( "Invalid OID string in config file line %d.\n", lineNo ); return( FALSE ); } } binaryOID[ 1 ] = oidIndex - 2; memcpy( oidInfo->oid, binaryOID, oidIndex ); oidInfo->oidLength = oidIndex; return( TRUE ); } static int processHexOID( OIDINFO *oidInfo, char *string ) { int value, index = 0; while( *string && index < MAX_OID_SIZE - 1 ) { if( sscanf( string, "%4x", &value ) != 1 || value < 0 || value > 255 ) { printf( "Invalid hex value in config file line %d.\n", lineNo ); return( FALSE ); } oidInfo->oid[ index++ ] = value; string += 2; if( *string && *string++ != ' ' ) { printf( "Invalid hex string in config file line %d.\n", lineNo ); return( FALSE ); } } oidInfo->oid[ index ] = 0; oidInfo->oidLength = index; if( index >= MAX_OID_SIZE - 1 ) { printf( "OID value in config file line %d too long.\n", lineNo ); return( FALSE ); } return( TRUE ); } /* Read a config file */ static int readConfig( const char *path, const int isDefaultConfig ) { OIDINFO dummyOID = { NULL, "Dummy", 0, "Dummy", "Dummy", 1 }, *oidPtr; FILE *file; int seenHexOID = FALSE; char buffer[ MAX_LINESIZE ]; int status; /* Try and open the config file */ if( ( file = fopen( path, "rb" ) ) == NULL ) { /* If we can't open the default config file, issue a warning but continue anyway */ if( isDefaultConfig ) { puts( "Cannot open config file 'dumpasn1.cfg', which should be in the same" ); puts( "directory as the dumpasn1 program, a standard system directory, or" ); puts( "in a location pointed to by the DUMPASN1_PATH environment variable." ); puts( "Operation will continue without the ability to display Object " ); puts( "Identifier information." ); puts( "" ); puts( "If the config file is located elsewhere, you can set the environment" ); puts( "variable DUMPASN1_PATH to the path to the file." ); return( TRUE ); } printf( "Cannot open config file '%s'.\n", path ); return( FALSE ); } /* Add the new config entries at the appropriate point in the OID list */ if( oidList == NULL ) oidPtr = &dummyOID; else for( oidPtr = oidList; oidPtr->next != NULL; oidPtr = oidPtr->next ); /* Read each line in the config file */ lineNo = 1; while( ( status = readLine( file, buffer ) ) == TRUE && !feof( file ) ) { /* If it's a comment line, skip it */ if( !*buffer ) { lineNo++; continue; } /* Check for an attribute tag */ if( !strncmp( buffer, "OID = ", 6 ) ) { /* Make sure that all of the required attributes for the current OID are present */ if( oidPtr->description == NULL ) { printf( "OID ending on config file line %d has no " "description attribute.\n", lineNo - 1 ); return( FALSE ); } /* Allocate storage for the new OID */ if( ( oidPtr->next = ( OIDINFO * ) malloc( sizeof( OIDINFO ) ) ) == NULL ) { puts( "Out of memory." ); return( FALSE ); } oidPtr = oidPtr->next; if( oidList == NULL ) oidList = oidPtr; memset( oidPtr, 0, sizeof( OIDINFO ) ); /* Add the new OID */ if( !strncmp( buffer + 6, "06", 2 ) ) { seenHexOID = TRUE; if( !processHexOID( oidPtr, buffer + 6 ) ) return( FALSE ); } else { if( !processOID( oidPtr, buffer + 6 ) ) return( FALSE ); } /* Check that this OID isn't already present in the OID list. This is a quick-and-dirty n^2 algorithm so it's not enabled by default */ #if 0 { OIDINFO *oidCursor; for( oidCursor = oidList; oidCursor->next != NULL; oidCursor = oidCursor->next ) { if( oidCursor->oidLength == oidPtr->oidLength && \ !memcmp( oidCursor->oid, oidPtr->oid, oidCursor->oidLength ) ) { printf( "Duplicate OID '%s' at line %d.\n", buffer, lineNo ); } } } #endif /* 0 */ } else if( !strncmp( buffer, "Description = ", 14 ) ) { if( oidPtr->description != NULL ) { printf( "Duplicate OID description in config file line %d.\n", lineNo ); return( FALSE ); } if( !addAttribute( &oidPtr->description, buffer + 14 ) ) return( FALSE ); } else if( !strncmp( buffer, "Comment = ", 10 ) ) { if( oidPtr->comment != NULL ) { printf( "Duplicate OID comment in config file line %d.\n", lineNo ); return( FALSE ); } if( !addAttribute( &oidPtr->comment, buffer + 10 ) ) return( FALSE ); } else if( !strncmp( buffer, "Warning", 7 ) ) { if( oidPtr->warn ) { printf( "Duplicate OID warning in config file line %d.\n", lineNo ); return( FALSE ); } oidPtr->warn = TRUE; } else { printf( "Unrecognised attribute '%s', line %d.\n", buffer, lineNo ); return( FALSE ); } lineNo++; } fclose( file ); /* If we're processing an old-style config file, tell the user to upgrade */ if( seenHexOID ) { puts( "\nWarning: Use of old-style hex OIDs detected in " "configuration file, please\n update your dumpasn1 " "configuration file.\n" ); } return( status ); } /* Check for the existence of a config file path (access() isn't available on all systems) */ static int testConfigPath( const char *path ) { FILE *file; /* Try and open the config file */ if( ( file = fopen( path, "rb" ) ) == NULL ) return( FALSE ); fclose( file ); return( TRUE ); } /* Build a config path by substituting environment strings for $NAMEs */ static void buildConfigPath( char *path, const char *pathTemplate ) { char pathBuffer[ FILENAME_MAX ], newPath[ FILENAME_MAX ]; int pathLen, pathPos = 0, newPathPos = 0; /* Add the config file name at the end */ strcpy( pathBuffer, pathTemplate ); strcat( pathBuffer, CONFIG_NAME ); pathLen = strlen( pathBuffer ); while( pathPos < pathLen ) { char *strPtr; int substringSize; /* Find the next $ and copy the data before it to the new path */ if( ( strPtr = strstr( pathBuffer + pathPos, "$" ) ) != NULL ) substringSize = ( int ) ( ( strPtr - pathBuffer ) - pathPos ); else substringSize = pathLen - pathPos; if( substringSize > 0 ) { memcpy( newPath + newPathPos, pathBuffer + pathPos, substringSize ); } newPathPos += substringSize; pathPos += substringSize; /* Get the environment string for the $NAME */ if( strPtr != NULL ) { char envName[ MAX_LINESIZE ], *envString; int i; /* Skip the '$', find the end of the $NAME, and copy the name into an internal buffer */ pathPos++; /* Skip the $ */ for( i = 0; !isEnvTerminator( pathBuffer[ pathPos + i ] ); i++ ); memcpy( envName, pathBuffer + pathPos, i ); envName[ i ] = '\0'; /* Get the env.string and copy it over */ if( ( envString = getenv( envName ) ) != NULL ) { const int envStrLen = strlen( envString ); if( newPathPos + envStrLen < FILENAME_MAX - 2 ) { memcpy( newPath + newPathPos, envString, envStrLen ); newPathPos += envStrLen; } } pathPos += i; } } newPath[ newPathPos ] = '\0'; /* Add der terminador */ /* Copy the new path to the output */ strcpy( path, newPath ); } /* Read the global config file */ static int readGlobalConfig( const char *path ) { char buffer[ FILENAME_MAX ]; char *searchPos = ( char * ) path, *namePos, *lastPos = NULL; #ifdef __UNIX__ char *envPath; #endif /* __UNIX__ */ #ifdef __WIN32__ char filePath[ _MAX_PATH ]; DWORD count; #endif /* __WIN32__ */ int i; /* First, try and find the config file in the same directory as the executable by walking down the path until we find the last occurrence of the program name. This requires that argv[0] be set up properly, which isn't the case if Unix search paths are being used and is a bit hit-and-miss under Windows where the contents of argv[0] depend on how the program is being executed. To avoid this we perform some Windows-specific processing to try and find the path to the executable if we can't otherwise find it */ do { namePos = lastPos; lastPos = strstr( searchPos, "dumpasn1" ); if( lastPos == NULL ) lastPos = strstr( searchPos, "DUMPASN1" ); searchPos = lastPos + 1; } while( lastPos != NULL ); #ifdef __UNIX__ if( namePos == NULL && ( namePos = strrchr( path, '/' ) ) != NULL ) { const int endPos = ( int ) ( namePos - path ) + 1; /* If the executable isn't called dumpasn1, we won't be able to find it with the above code, fall back to looking for directory separators. This requires a system where the only separator is the directory separator (ie it doesn't work for Windows or most mainframe environments) */ if( endPos < FILENAME_MAX - 13 ) { memcpy( buffer, path, endPos ); strcpy( buffer + endPos, CONFIG_NAME ); if( testConfigPath( buffer ) ) return( readConfig( buffer, TRUE ) ); } /* That didn't work, try the absolute locations and $PATH */ namePos = NULL; } #endif /* __UNIX__ */ if( strlen( path ) < FILENAME_MAX - 13 && namePos != NULL ) { strcpy( buffer, path ); strcpy( buffer + ( int ) ( namePos - ( char * ) path ), CONFIG_NAME ); if( testConfigPath( buffer ) ) return( readConfig( buffer, TRUE ) ); } /* Now try each of the possible absolute locations for the config file */ for( i = 0; configPaths[ i ] != NULL; i++ ) { buildConfigPath( buffer, configPaths[ i ] ); if( testConfigPath( buffer ) ) return( readConfig( buffer, TRUE ) ); } #ifdef __UNIX__ /* On Unix systems we can also search for the config file on $PATH */ if( ( envPath = getenv( "PATH" ) ) != NULL ) { char *pathPtr = strtok( envPath, ":" ); do { sprintf( buffer, "%s/%s", pathPtr, CONFIG_NAME ); if( testConfigPath( buffer ) ) return( readConfig( buffer, TRUE ) ); pathPtr = strtok( NULL, ":" ); } while( pathPtr != NULL ); } #endif /* __UNIX__ */ #ifdef __WIN32__ /* Under Windows we can use GetModuleFileName() to find the location of the program */ count = GetModuleFileName ( NULL, filePath, _MAX_PATH ); if( count > 0 ) { char *progNameStart = strrchr( filePath, '\\' ); if( progNameStart != NULL && \ ( progNameStart - filePath ) < _MAX_PATH - 13 ) { /* Replace the program name with the config file name */ strcpy( progNameStart + 1, CONFIG_NAME ); if( testConfigPath( filePath ) ) return( readConfig( filePath, TRUE ) ); } } #endif /*__WIN32__*/ /* Default to just the config name (which should fail as it was the first entry in configPaths[]). readConfig() will display the appropriate warning */ return( readConfig( CONFIG_NAME, TRUE ) ); } /* Free the in-memory config data */ static void freeConfig( void ) { OIDINFO *oidPtr = oidList; while( oidPtr != NULL ) { OIDINFO *oidCursor = oidPtr; oidPtr = oidPtr->next; if( oidCursor->comment != NULL ) free( oidCursor->comment ); if( oidCursor->description != NULL ) free( oidCursor->description ); free( oidCursor ); } } /**************************************************************************** * * * Output/Formatting Routines * * * ****************************************************************************/ #ifdef __OS390__ static int asciiToEbcdic( const int ch ) { char convBuffer[ 2 ]; convBuffer[ 0 ] = ch; convBuffer[ 1 ] = '\0'; __atoe( convBuffer ); /* Convert ASCII to EBCDIC for 390 */ return( convBuffer[ 0 ] ); } #endif /* __OS390__ */ /* Output formatted text */ static int printString( const int level, const char *format, ... ) { va_list argPtr; int length; if( level >= maxNestLevel ) return( 0 ); va_start( argPtr, format ); length = vfprintf( output, format, argPtr ); va_end( argPtr ); return( length ); } /* Indent a string by the appropriate amount */ static void doIndent( const int level ) { int i; if( level >= maxNestLevel ) return; for( i = 0; i < level; i++ ) { fprintf( output, printDots ? ". " : \ shallowIndent ? " " : " " ); } } /* Complain about an error in the ASN.1 object */ static void complain( const char *message, const int messageParam, const int level ) { if( level < maxNestLevel ) { if( !doPure ) fprintf( output, "%s", INDENT_STRING ); doIndent( level + 1 ); } fputs( "Error: ", output ); fprintf( output, message, messageParam ); fputs( ".\n", output ); noErrors++; } static void complainLength( const ASN1_ITEM *item, const int level ) { #if 0 /* This is a general error so we don't indent the message to the level of the item */ #else if( level < maxNestLevel ) { if( !doPure ) fprintf( output, "%s", INDENT_STRING ); doIndent( level + 1 ); } #endif /* 0 */ fprintf( output, "Error: %s has invalid length %ld.\n", idstr( item->tag ), item->length ); noErrors++; } static void complainLengthCanonical( const ASN1_ITEM *item, const int level ) { int i; #if 0 /* This is a general error so we don't indent the message to the level of the item */ #else if( level < maxNestLevel ) { if( !doPure ) fprintf( output, "%s", INDENT_STRING ); doIndent( level + 1 ); } #endif /* 0 */ fputs( "Error: Length '", output ); for( i = item->nonCanonical; i < item->headerSize; i++ ) { fprintf( output, "%02X", item->header[ i ] ); if( i < item->headerSize - 1 ) fputc( ' ', output ); } fputs( "' has non-canonical encoding.\n", output ); noErrors++; } static void complainInt( const BYTE *intValue, const int level ) { if( level < maxNestLevel ) { if( !doPure ) fprintf( output, "%s", INDENT_STRING ); doIndent( level + 1 ); } fprintf( output, "Error: Integer '%02X %02X ...' has non-DER encoding.\n", intValue[ 0 ], intValue[ 1 ] ); noErrors++; } static void complainEOF( const int level, const int missingBytes ) { printString( level, "%c", '\n' ); complain( ( missingBytes > 1 ) ? \ "Unexpected EOF, %d bytes missing" : \ "Unexpected EOF, 1 byte missing", missingBytes, level ); } /* Adjust the nesting-level value to make sure that we don't go off the edge of the screen via doIndent() when we're displaying a text or hex dump of data */ static int adjustLevel( const int level, const int maxLevel ) { /* If we've been passed a very large pseudo-level to disable output then we don't try and override this */ if( level >= 1000 ) return( level ); /* If we've exceeded the maximum level for display, cap the value at maxLevel to make sure that we don't end up indenting output off the edge of the screen */ if( level > maxLevel ) return( maxLevel ); return( level ); } #if defined( __WIN32__ ) || defined( __UNIX__ ) || defined( __OS390__ ) /* Try and display to display a Unicode character. This is pretty hit and miss, and if it fails nothing is displayed. To try and detect this we use wcstombs() to see if anything can be displayed, if it can't we drop back to trying to display the data as non-Unicode */ static int displayUnicode( const wchar_t wCh, const int level ) { char outBuf[ 8 ]; int outLen; /* Check whether we can display this character */ outLen = wcstombs( outBuf, &wCh, 8 ); if( outLen < 1 ) { /* Tell the caller that this can't be displayed as Unicode */ return( FALSE ); } #if defined( __WIN32__ ) if( level < maxNestLevel ) { int oldmode; /* To output Unicode to the Win32 console we need to switch the output stream to Unicode-16 mode, but the following may also depend on which code page is currently set for the console, which font is being used, and the phase of the moon (including the moons for Mars and Jupiter) */ fflush( output ); oldmode = _setmode( fileno( output ), _O_U16TEXT ); fputwc( wCh, output ); _setmode( fileno( output ), oldmode ); } #elif defined( __UNIX__ ) && !( defined( __MACH__ ) || defined( __OpenBSD__ ) ) /* Unix environments are even more broken than Win32, like Win32 the output differentiates between char and widechar output, but there's no easy way to deal with this. In theory fwide() can set it, but it's a one-way function, once we've set it a particular way we can't go back (exactly what level of braindamage it takes to have an implementation function like this is a mystery). Other sources suggest using setlocale() tricks, printf() with "%lc" or "%ls" as the format specifier, and others, but none of these seem to work properly either */ if( level < maxNestLevel ) { #if 0 setlocale( LC_ALL, "" ); fputwc( wCh, output ); #elif 1 /* This (and the "%ls" variant below) seem to be the least broken options */ fprintf( output, "%lc", wCh ); #elif 0 wchar_t wChString[ 2 ]; wChString[ 0 ] = wCh; wChString[ 1 ] = 0; fprintf( output, "%ls", wChString ); #else if( fwide( output, 1 ) > 0 ) { fputwc( wCh, output ); fwide( output, -1 ); } else fputc( wCh, output ); #endif } #else #ifdef __OS390__ if( level < maxNestLevel ) { char *p; /* This could use some improvement */ for( p = outBuf; *p != '\0'; p++ ) *p = asciiToEbcdic( *p ); } #endif /* IBM ASCII -> EBCDIC conversion */ printString( level, "%s", outBuf ); #endif /* OS-specific charset handling */ return( TRUE ); } #endif /* __WIN32__ || __UNIX__ || __OS390__ */ /* Display an integer value */ static void printValue( FILE *inFile, const int valueLength, const int level ) { BYTE intBuffer[ 2 ]; long value; int warnNegative = FALSE, warnNonDER = FALSE, i; value = getc( inFile ); if( value == EOF ) { complainEOF( level, valueLength ); return; } if( value & 0x80 ) warnNegative = TRUE; for( i = 0; i < valueLength - 1; i++ ) { const int ch = getc( inFile ); if( ch == EOF ) { complainEOF( level, valueLength - i ); return; } /* Check for the first 9 bits being identical */ if( i == 0 ) { if( ( value == 0x00 ) && ( ( ch & 0x80 ) == 0x00 ) ) warnNonDER = TRUE; if( ( value == 0xFF ) && ( ( ch & 0x80 ) == 0x80 ) ) warnNonDER = TRUE; if( warnNonDER ) { intBuffer[ 0 ] = ( int ) value; intBuffer[ 1 ] = ch; } } value = ( value << 8 ) | ch; } fPos += valueLength; /* Display the integer value and any associated warnings. Note that this will display an incorrectly-encoded integer as a negative value rather than the unsigned value that was probably intended to emphasise that it's incorrect */ printString( level, " %ld\n", value ); if( warnNonDER ) complainInt( intBuffer, level ); if( warnNegative ) complain( "Integer is encoded as a negative value", 0, level ); } /* Dump data as a string of hex digits up to a maximum of 128 bytes */ static void dumpHex( FILE *inFile, long length, int level, const int isInteger ) { const int lineLength = ( dumpText ) ? 8 : 16; const int displayHeaderLength = ( ( doPure ) ? 0 : INDENT_SIZE ) + 2; BYTE intBuffer[ 2 ]; char printable[ 9 ]; long noBytes = length; int warnPadding = FALSE, warnNegative = isInteger, singleLine = FALSE; int displayLength = displayHeaderLength, prevCh = -1, i; memset( printable, 0, 9 ); displayLength += ( length < lineLength ) ? ( length * 3 ) : \ ( lineLength * 3 ); /* Check if the size of the displayed data (LHS status info + hex data) plus the indent-level of spaces will fit into a single line behind the initial label, e.g. "INTEGER" */ if( displayHeaderLength + ( level * 2 ) + ( length * 3 ) < outputWidth ) singleLine = TRUE; /* By default we only output a maximum of 128 bytes to avoid dumping huge amounts of data, however if what's left is a partial lines' worth then we output that as well to avoid displaying a line of text indicating that less than a lines' worth of data remains to be displayed */ if( noBytes >= 128 + lineLength && !printAllData ) noBytes = 128; /* Make sure that the indent level doesn't push the text off the edge of the screen */ level = adjustLevel( level, ( outputWidth - displayLength ) / 2 ); for( i = 0; i < noBytes; i++ ) { int ch; if( !( i % lineLength ) ) { if( singleLine ) printString( level, "%c", ' ' ); else { if( dumpText ) { /* If we're dumping text alongside the hex data, print the accumulated text string */ printString( level, "%s", " " ); printString( level, "%s", printable ); } printString( level, "%c", '\n' ); if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 1 ); } } ch = getc( inFile ); if( ch == EOF ) { complainEOF( level, length - i ); return; } printString( level, "%s%02X", ( i % lineLength ) ? " " : "", ch ); printable[ i % 8 ] = ( ch >= ' ' && ch < 127 ) ? ch : '.'; fPos++; /* If we need to check for negative values, check this now */ if( i == 0 ) { prevCh = ch; if( !( ch & 0x80 ) ) warnNegative = FALSE; } if( i == 1 ) { /* Check for the first 9 bits being identical */ if( ( prevCh == 0x00 ) && ( ( ch & 0x80 ) == 0x00 ) ) warnPadding = TRUE; if( ( prevCh == 0xFF ) && ( ( ch & 0x80 ) == 0x80 ) ) warnPadding = TRUE; if( warnPadding ) { intBuffer[ 0 ] = prevCh; intBuffer[ 1 ] = ch; } } } if( dumpText ) { /* Print any remaining text */ i %= lineLength; printable[ i ] = '\0'; while( i < lineLength ) { printString( level, "%s", " " ); i++; } printString( level, "%s", " " ); printString( level, "%s", printable ); } if( length >= 128 + lineLength && !printAllData ) { length -= 128; printString( level, "%c", '\n' ); if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 5 ); printString( level, "[ Another %ld bytes skipped ]", length ); fPos += length; if( useStdin ) { int ch; while( length-- ) { ch = getc( inFile ); if( ch == EOF ) { complainEOF( level, length - i ); return; } } } else fseek( inFile, length, SEEK_CUR ); } printString( level, "%c", '\n' ); if( isInteger ) { if( warnPadding ) complainInt( intBuffer, level ); if( warnNegative ) complain( "Integer is encoded as a negative value", 0, level ); } } /* Convert a binary OID to its string equivalent */ static int oidToString( char *textOID, int *textOIDlength, const BYTE *oid, const int oidLength ) { BYTE uuidBuffer[ 32 ]; long value; int length = 0, uuidBufPos = -1, uuidBitCount = 5, i; int validEncoding = TRUE, isUUID = FALSE; for( i = 0, value = 0; i < oidLength; i++ ) { const BYTE data = oid[ i ]; const long valTmp = value << 7; /* Pick apart the encoding. We keep going after hitting an encoding error at the start of an arc because the overall length is bounded and we may still be able to recover something worth printing */ if( length > 128 - 32 ) { /* Excessively long OID, add a continuation marker and exit */ length += sprintf( textOID + length, "..." ); validEncoding = FALSE; break; } if( value == 0 && data == 0x80 ) { /* Invalid leading zero value, 0x80 & 0x7F == 0 */ validEncoding = FALSE; } if( isUUID ) { value = 1; /* Set up dummy value since we're bypassing normal read */ if( uuidBitCount == 0 ) uuidBuffer[ uuidBufPos ] = data << 1; else { if( uuidBufPos >= 0 ) uuidBuffer[ uuidBufPos ] |= ( data & 0x7F ) >> ( 7 - uuidBitCount ); uuidBufPos++; if( uuidBitCount < 7 ) uuidBuffer[ uuidBufPos ] = data << ( uuidBitCount + 1 ); } uuidBitCount++; if( uuidBitCount > 7 ) uuidBitCount = 0; if( !( data & 0x80 ) ) { /* The following check isn't completely accurate since we could have less than 16 bytes present if there are leading zeroes, however to handle this properly we'd have to decode the entire value as a bignum and then format it appropriately, and given the fact that the use of these things is practically nonexistent it's probably not worth the code space to deal with this */ if( uuidBufPos != 16 ) { validEncoding = FALSE; break; } length += sprintf( textOID + length, " { %02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x }", uuidBuffer[ 0 ], uuidBuffer[ 1 ], uuidBuffer[ 2 ], uuidBuffer[ 3 ], uuidBuffer[ 4 ], uuidBuffer[ 5 ], uuidBuffer[ 6 ], uuidBuffer[ 7 ], uuidBuffer[ 8 ], uuidBuffer[ 9 ], uuidBuffer[ 10 ], uuidBuffer[ 11 ], uuidBuffer[ 12 ], uuidBuffer[ 13 ], uuidBuffer[ 14 ], uuidBuffer[ 15 ] ); value = 0; } continue; } if( value >= ( LONG_MAX >> 7 ) || \ valTmp >= LONG_MAX - ( data & 0x7F ) ) { validEncoding = FALSE; break; } value = valTmp | ( data & 0x7F ); if( value < 0 || value > LONG_MAX / 2 ) { validEncoding = FALSE; break; } if( !( data & 0x80 ) ) { if( length == 0 ) { long x, y; /* The first two levels are encoded into one byte since the root level has only 3 nodes (40*x + y), however if x = joint-iso-itu-t(2) then y may be > 39, so we have to add special-case handling for this */ x = value / 40; y = value % 40; if( x > 2 ) { /* Handle special case for large y if x == 2 */ y += ( x - 2 ) * 40; x = 2; } if( x < 0 || x > 2 || y < 0 || \ ( ( x < 2 && y > 39 ) || \ ( x == 2 && ( y > 50 && y != 100 ) ) ) ) { /* If x = 0 or 1 then y has to be 0...39, for x = 3 it can take any value but there are no known assigned values over 50 except for one contrived example in X.690 which sets y = 100, so if we see something outside this range it's most likely an encoding error rather than some bizarre new ID that's just appeared */ validEncoding = FALSE; break; } length = sprintf( textOID, "%ld %ld", x, y ); /* A totally stupid ITU facility lets people register UUIDs as OIDs (see http://www.itu.int/ITU-T/asn1/uuid.html), if we find one of these, which live under the arc '2 25' = 0x69 we have to continue decoding the OID as a UUID instead of a standard OID */ if( data == 0x69 ) isUUID = TRUE; } else length += sprintf( textOID + length, " %ld", value ); value = 0; } } if( value != 0 ) { /* We stopped in the middle of a continued value */ validEncoding = FALSE; } textOID[ length ] = '\0'; *textOIDlength = length; return( validEncoding ); } /* Dump a bitstring, reversing the bits into the standard order in the process */ static void dumpBitString( FILE *inFile, const int length, const int unused, const int level ) { unsigned int bitString = 0, currentBitMask = 0x80, remainderMask = 0xFF; int bitFlag, value = 0, noBits, bitNo = -1, i; char *errorStr = NULL; if( unused < 0 || unused > 7 ) complain( "Invalid number %d of unused bits", unused, level ); noBits = ( length * 8 ) - unused; /* ASN.1 bitstrings start at bit 0, so we need to reverse the order of the bits if necessary */ if( length > 0 ) { bitString = fgetc( inFile ); if( bitString == EOF ) { noBits = 0; errorStr = "Truncated BIT STRING data"; } fPos++; } for( i = noBits - 8; i > 0; i -= 8 ) { const int ch = fgetc( inFile ); if( ch == EOF ) { errorStr = "Truncated BIT STRING data"; break; } bitString = ( bitString << 8 ) | ch; currentBitMask <<= 8; remainderMask = ( remainderMask << 8 ) | 0xFF; fPos++; } if( errorStr != NULL ) { printString( level, "%c", '\n' ); complain( errorStr, 0, level ); return; } if( reverseBitString ) { for( i = 0, bitFlag = 1; i < noBits; i++ ) { if( bitString & currentBitMask ) value |= bitFlag; if( !( bitString & remainderMask ) && errorStr == NULL ) { /* The last valid bit should be a one bit */ errorStr = "Spurious zero bits in bitstring"; } bitFlag <<= 1; bitString <<= 1; } if( noBits < sizeof( int ) && \ ( ( remainderMask << noBits ) & value ) && \ errorStr != NULL ) { /* There shouldn't be any bits set after the last valid one. We have to do the noBits check to avoid a fencepost error when there's exactly 32 bits */ errorStr = "Spurious one bits in bitstring"; } } else value = bitString; /* Now that it's in the right order, dump it. If there's only one bit set (which is often the case for bit flags) we also print the bit number to save users having to count the zeroes to figure out which flag is set */ printString( level, "%c", '\n' ); if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 1 ); printString( level, "%c", '\'' ); if( reverseBitString ) currentBitMask = 1 << ( noBits - 1 ); for( i = 0; i < noBits; i++ ) { if( value & currentBitMask ) { bitNo = ( bitNo == -1 ) ? ( noBits - 1 ) - i : -2; printString( level, "%c", '1' ); } else printString( level, "%c", '0' ); currentBitMask >>= 1; } if( bitNo >= 0 ) printString( level, "'B (bit %d)\n", bitNo ); else printString( level, "%s", "'B\n" ); if( errorStr != NULL ) complain( errorStr, 0, level ); } /* Display data as a text string up to a maximum of 240 characters (8 lines of 48 chars to match the hex limit of 8 lines of 16 bytes) with special treatement for control characters and other odd things that can turn up in BMPString and UniversalString types. If the string is less than 40 chars in length, we try to print it on the same line as the rest of the text (even if it wraps), otherwise we break it up into 48-char chunks in a somewhat less nice text-dump format */ static void displayString( FILE *inFile, long length, int level, const STR_OPTION strOption ) { char timeStr[ 64 ]; long noBytes = length; int lineLength = 48, i; int firstTime = TRUE, doTimeStr = FALSE, warnIA5 = FALSE; int warnPrintable = FALSE, warnTime = FALSE, warnBMP = FALSE; if( noBytes > 384 && !printAllData ) noBytes = 384; /* Only output a maximum of 384 bytes */ if( strOption == STR_UTCTIME || strOption == STR_GENERALIZED ) { if( ( strOption == STR_UTCTIME && length != 13 ) || \ ( strOption == STR_GENERALIZED && length != 15 ) ) warnTime = TRUE; else doTimeStr = rawTimeString ? FALSE : TRUE; } if( !doTimeStr && length <= 40 ) printString( level, "%s", " '" ); /* Print string on same line */ level = adjustLevel( level, ( doPure ) ? 15 : 8 ); for( i = 0; i < noBytes; i++ ) { int ch; /* If the string is longer than 40 chars, break it up into multiple sections */ if( length > 40 && !( i % lineLength ) ) { if( !firstTime ) printString( level, "%c", '\'' ); printString( level, "%c", '\n' ); if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 1 ); printString( level, "%c", '\'' ); firstTime = FALSE; } ch = getc( inFile ); if( ch == EOF ) { complainEOF( level, noBytes - i ); return; } #if defined( __WIN32__ ) || defined( __UNIX__ ) || defined( __OS390__ ) if( strOption == STR_BMP ) { if( i == noBytes - 1 && ( noBytes & 1 ) ) { /* Odd-length BMP string, complain */ warnBMP = TRUE; } else { const wchar_t wCh = ( ch << 8 ) | getc( inFile ); if( displayUnicode( wCh, level ) ) { lineLength++; i++; /* We've read two characters for a wchar_t */ fPos += 2; continue; } /* The value can't be displayed as Unicode, fall back to displaying it as normal text */ ungetc( wCh & 0xFF, inFile ); } } if( strOption == STR_UTF8 && ( ch & 0x80 ) ) { const int secondCh = getc( inFile ); wchar_t wCh; /* It's a multibyte UTF8 character, read it as a widechar */ if( ( ch & 0xE0 ) == 0xC0 ) /* 111xxxxx -> 110xxxxx */ { /* 2-byte character in the range 0x80...0x7FF */ wCh = ( ( ch & 0x1F ) << 6 ) | ( secondCh & 0x3F ); i++; /* We've read 2 characters */ fPos += 2; } else { if( ( ch & 0xF0 ) == 0xE0 ) /* 1111xxxx -> 1110xxxx */ { const int thirdCh = getc( inFile ); /* 3-byte character in the range 0x800...0xFFFF */ wCh = ( ( ch & 0x1F ) << 12 ) | \ ( ( secondCh & 0x3F ) << 6 ) | \ ( thirdCh & 0x3F ); } else wCh = '.'; i += 2; /* We've read 3 characters */ fPos += 3; } if( !displayUnicode( wCh, level ) ) printString( level, "%c", '.' ); lineLength++; continue; } #endif /* __WIN32__ || __UNIX__ || __OS390__ */ switch( strOption ) { case STR_PRINTABLE: case STR_IA5: case STR_LATIN1: if( strOption == STR_PRINTABLE && !isPrintable( ch ) ) warnPrintable = TRUE; if( strOption == STR_IA5 && !isIA5( ch ) ) warnIA5 = TRUE; if( strOption == STR_LATIN1 ) { if( !isprint( ch & 0x7F ) ) ch = '.'; /* Convert non-ASCII to placeholders */ } else { if( !isprint( ch ) ) ch = '.'; /* Convert non-ASCII to placeholders */ } #ifdef __OS390__ ch = asciiToEbcdic( ch ); #endif /* __OS390__ */ break; case STR_UTCTIME: case STR_GENERALIZED: if( !isdigit( ch ) && ch != 'Z' ) { warnTime = TRUE; if( !isprint( ch ) ) ch = '.'; /* Convert non-ASCII to placeholders */ } #ifdef __OS390__ ch = asciiToEbcdic( ch ); #endif /* __OS390__ */ break; case STR_BMP_REVERSED: if( i == noBytes - 1 && ( noBytes & 1 ) ) { /* Odd-length BMP string, complain */ warnBMP = TRUE; } /* Wrong-endianness BMPStrings (Microsoft Unicode) can't be handled through the usual widechar-handling mechanism above since the first widechar looks like an ASCII char followed by a null terminator, so we just treat them as ASCII chars, skipping the following zero byte. This is safe since the code that detects reversed BMPStrings has already checked that every second byte is zero */ getc( inFile ); i++; fPos++; /* Fall through */ default: if( !isprint( ch ) ) ch = '.'; /* Convert control chars to placeholders */ #ifdef __OS390__ ch = asciiToEbcdic( ch ); #endif /* __OS390__ */ } if( doTimeStr ) timeStr[ i ] = ch; else printString( level, "%c", ch ); fPos++; } if( length > 384 && !printAllData ) { length -= 384; printString( level, "%s", "'\n" ); if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 5 ); printString( level, "[ Another %ld characters skipped ]", length ); fPos += length; while( length-- ) { int ch = getc( inFile ); if( ch == EOF ) { complainEOF( level, length ); return; } if( strOption == STR_PRINTABLE && !isPrintable( ch ) ) warnPrintable = TRUE; if( strOption == STR_IA5 && !isIA5( ch ) ) warnIA5 = TRUE; } } else { if( doTimeStr ) { const char *timeStrPtr = ( strOption == STR_UTCTIME ) ? \ timeStr : timeStr + 2; printString( level, " %c%c/%c%c/", timeStrPtr[ 4 ], timeStrPtr[ 5 ], timeStrPtr[ 2 ], timeStrPtr[ 3 ] ); if( strOption == STR_UTCTIME ) { printString( level, "%s", ( timeStr[ 0 ] < '5' ) ? "20" : "19" ); } else { printString( level, "%c%c", timeStr[ 0 ], timeStr[ 1 ] ); } printString( level, "%c%c %c%c:%c%c:%c%c GMT", timeStrPtr[ 0 ], timeStrPtr[ 1 ], timeStrPtr[ 6 ], timeStrPtr[ 7 ], timeStrPtr[ 8 ], timeStrPtr[ 9 ], timeStrPtr[ 10 ], timeStrPtr[ 11 ] ); } else printString( level, "%c", '\'' ); } printString( level, "%c", '\n' ); /* Display any problems we encountered */ if( warnPrintable ) complain( "PrintableString contains illegal character(s)", 0, level ); if( warnIA5 ) complain( "IA5String contains illegal character(s)", 0, level ); if( warnTime ) complain( "Time is encoded incorrectly", 0, level ); if( warnBMP ) complain( "BMPString has missing final byte/half character", 0, level ); } /**************************************************************************** * * * ASN.1 Parsing Routines * * * ****************************************************************************/ /* Get an ASN.1 object's tag and length. Returns TRUE for an item available, FALSE for end-of-data, and a negative value for an invalid data */ static int getItem( FILE *inFile, ASN1_ITEM *item ) { int tag, length, index = 0; memset( item, 0, sizeof( ASN1_ITEM ) ); item->indefinite = FALSE; tag = item->header[ index++ ] = fgetc( inFile ); if( tag == EOF ) return( FALSE ); fPos++; item->id = tag & ~TAG_MASK; tag &= TAG_MASK; if( tag == TAG_MASK ) { int value; /* Long tag encoded as sequence of 7-bit values. This doesn't try to handle tags > INT_MAX, it'd be pretty peculiar ASN.1 if it had to use tags this large */ tag = 0; do { value = fgetc( inFile ); if( value == EOF ) return( FALSE ); tag = ( tag << 7 ) | ( value & 0x7F ); item->header[ index++ ] = value; fPos++; } while( value & LEN_XTND && index < 5 && !feof( inFile ) ); if( index >= 5 ) return( FALSE ); } item->tag = tag; length = fgetc( inFile ); if( length == EOF ) return( FALSE ); fPos++; item->header[ index++ ] = length; item->headerSize = index; if( length & LEN_XTND ) { const int lengthStart = index; int i; length &= LEN_MASK; if( length > 4 ) { /* Impossible length value, probably because we've run into the weeds */ return( -1 ); } item->headerSize += length; item->length = 0; if( !length ) item->indefinite = TRUE; for( i = 0; i < length; i++ ) { int ch = fgetc( inFile ); if( ch == EOF ) { fPos += length - i; return( FALSE ); } item->length = ( item->length << 8 ) | ch; item->header[ i + index ] = ch; } fPos += length; /* Check for the length being less then 128, which means it shouldn't be encoded as a long length */ if( !item->indefinite && item->length < 128 ) item->nonCanonical = lengthStart; /* Check for the first 9 bits of the length being identical and if they are, remember where the encoded non-canonical length starts */ if( item->headerSize - lengthStart > 1 ) { if( ( item->header[ lengthStart ] == 0x00 ) && \ ( ( item->header[ lengthStart + 1 ] & 0x80 ) == 0x00 ) ) item->nonCanonical = lengthStart - 1; if( ( item->header[ lengthStart ] == 0xFF ) && \ ( ( item->header[ lengthStart + 1 ] & 0x80 ) == 0x80 ) ) item->nonCanonical = lengthStart - 1; } } else item->length = length; return( TRUE ); } /* Check whether a BIT STRING or OCTET STRING encapsulates another object */ static int checkEncapsulate( FILE *inFile, const int length ) { ASN1_ITEM nestedItem; const int currentPos = fPos; int diffPos, status; /* If we're not looking for encapsulated objects, return */ if( !checkEncaps ) return( FALSE ); /* An item of length < 2 can never have encapsulated data. Even for length 2 it can only be an encapsulated NULL, which is somewhat odd, but no doubt there's some PKI protocol somewhere that does this */ if( length < 2 ) return( FALSE ); /* Read the details of the next item in the input stream */ status = getItem( inFile, &nestedItem ); diffPos = fPos - currentPos; fPos = currentPos; fseek( inFile, -diffPos, SEEK_CUR ); if( status <= 0 ) return( FALSE ); /* If it's not a standard tag class, don't try and dig down into it */ if( ( nestedItem.id & CLASS_MASK ) != UNIVERSAL && \ ( nestedItem.id & CLASS_MASK ) != CONTEXT ) return( FALSE ); /* There is one special-case situation that overrides the check below, which is when the nested content is indefinite-length. This is rather tricky to check for because we'd need to read some distance ahead into the stream to be able to safely decide whether we've got true nested content or a false positive, for now we require that the nested content has to be a SEQUENCE containing valid ASN.1 at the start, giving about 24 bits of checking. There's a small risk of false negatives for encapsulated primitive items, but since they're primitive it should be relatively easy to make out the contents inside the OCTET STRING */ if( nestedItem.tag == SEQUENCE && nestedItem.indefinite ) { /* Skip the indefinite-length SEQUENCE and make sure that it's followed by a valid item */ status = getItem( inFile, &nestedItem ); if( status > 0 ) status = getItem( inFile, &nestedItem ); diffPos = fPos - currentPos; fPos = currentPos; fseek( inFile, -diffPos, SEEK_CUR ); if( status <= 0 ) return( FALSE ); /* If the tag on the nest item looks vaguely valid, assume that we've go nested content */ if( ( nestedItem.tag <= 0 || nestedItem.tag > 0x31 ) || \ ( nestedItem.length >= length ) ) return( FALSE ); return( TRUE ); } /* If it doesn't fit exactly within the current item it's not an encapsulated object */ if( nestedItem.length != length - diffPos ) return( FALSE ); /* If it doesn't have a valid-looking tag, don't try and go any further */ if( nestedItem.tag <= 0 || nestedItem.tag > 0x31 ) return( FALSE ); /* Now things get a bit complicated because it's possible to get some (very rare) false positives, for example if a NUMERICSTRING of exactly the right length is nested within an OCTET STRING, since numeric values all look like constructed tags of some kind. To handle this we look for nested constructed items that should really be primitive */ if( ( nestedItem.id & FORM_MASK ) == PRIMITIVE ) return( TRUE ); /* It's constructed, make sure that it's something for which it makes sense as a constructed object. At worst this will give some false negatives for really wierd objects (nested constructed strings inside OCTET STRINGs), but these should probably never occur anyway */ if( nestedItem.tag == SEQUENCE || \ nestedItem.tag == SET ) return( TRUE ); return( FALSE ); } /* Check whether a zero-length item is OK */ static int zeroLengthOK( const ASN1_ITEM *item ) { /* An implicitly-tagged NULL can have a zero length. An occurrence of this type of item is almost always an error, however OCSP uses a weird status encoding that encodes result values in tags and then has to use a NULL value to indicate that there's nothing there except the tag that encodes the status, so we allow this as well if zero-length content is explicitly enabled */ if( zeroLengthAllowed && ( item->id & CLASS_MASK ) == CONTEXT ) return( TRUE ); /* If we can't recognise the type from the tag, reject it */ if( ( item->id & CLASS_MASK ) != UNIVERSAL ) return( FALSE ); /* The following types are zero-length by definition */ if( item->tag == EOC || item->tag == NULLTAG ) return( TRUE ); /* A real with a value of zero has zero length */ if( item->tag == REAL ) return( TRUE ); /* Everything after this point requires input from the user to say that zero-length data is OK (usually it's not, so we flag it as a problem) */ if( !zeroLengthAllowed ) return( FALSE ); /* String types can have zero length except for the Unrestricted Character String type ([UNIVERSAL 29]) which has to have at least one octet for the CH-A/CH-B index */ if( item->tag == OCTETSTRING || item->tag == NUMERICSTRING || \ item->tag == PRINTABLESTRING || item->tag == T61STRING || \ item->tag == VIDEOTEXSTRING || item->tag == VISIBLESTRING || \ item->tag == IA5STRING || item->tag == GRAPHICSTRING || \ item->tag == GENERALSTRING || item->tag == UNIVERSALSTRING || \ item->tag == BMPSTRING || item->tag == UTF8STRING || \ item->tag == OBJDESCRIPTOR ) return( TRUE ); /* SEQUENCE and SET can be zero if there are absent optional/default components */ if( item->tag == SEQUENCE || item->tag == SET ) return( TRUE ); return( FALSE ); } /* Check whether the next item looks like text */ static STR_OPTION checkForText( FILE *inFile, const int length ) { char buffer[ 16 ]; int isBMP = FALSE, isUnicode = FALSE; int sampleLength = min( length, 16 ), i; /* If the sample is very short, we're more careful about what we accept */ if( sampleLength < 4 ) { /* If the sample size is too small, don't try anything */ if( sampleLength <= 2 ) return( STR_NONE ); /* For samples of 3-4 characters we only allow ASCII text. These short strings are used in some places (eg PKCS #12 files) as IDs */ sampleLength = fread( buffer, 1, sampleLength, inFile ); if( sampleLength <= 0 ) return( STR_NONE ); fseek( inFile, -sampleLength, SEEK_CUR ); for( i = 0; i < sampleLength; i++ ) { const int ch = byteToInt( buffer[ i ] ); if( !( isalpha( ch ) || isdigit( ch ) || isspace( ch ) ) ) return( STR_NONE ); } return( STR_IA5 ); } /* Check for ASCII-looking text */ sampleLength = fread( buffer, 1, sampleLength, inFile ); if( sampleLength <= 0 ) return( STR_NONE ); fseek( inFile, -sampleLength, SEEK_CUR ); if( isdigit( byteToInt( buffer[ 0 ] ) ) && \ ( length == 13 || length == 15 ) && \ buffer[ length - 1 ] == 'Z' ) { /* It looks like a time string, make sure that it really is one */ for( i = 0; i < length - 1; i++ ) { if( !isdigit( byteToInt( buffer[ i ] ) ) ) break; } if( i == length - 1 ) return( ( length == 13 ) ? STR_UTCTIME : STR_GENERALIZED ); } for( i = 0; i < sampleLength; i++ ) { /* If even bytes are zero, it could be a BMPString. Initially we set isBMP to FALSE, if it looks like a BMPString we set it to TRUE, if we then encounter a nonzero byte it's neither an ASCII nor a BMPString */ if( !( i & 1 ) ) { if( !buffer[ i ] ) { /* If we thought we were in a Unicode string but we've found a zero byte where it'd occur in a BMP string, it's neither a Unicode nor BMP string */ if( isUnicode ) return( STR_NONE ); /* We've collapsed the eigenstate (in an earlier incarnation isBMP could take values of -1, 0, or 1, with 0 being undecided, in which case this comment made a bit more sense) */ if( i < sampleLength - 2 ) { /* If the last char(s) are zero but preceding ones weren't, don't treat it as a BMP string. This can happen when storing a null-terminated string if the implementation gets the length wrong and stores the null as well */ isBMP = TRUE; } continue; } else { /* If we thought we were in a BMPString but we've found a nonzero byte where there should be a zero, it's neither an ASCII nor BMP string */ if( isBMP ) return( STR_NONE ); } } else { /* Just to make it tricky, Microsoft stuff Unicode strings into some places (to avoid having to convert them to BMPStrings, presumably) so we have to check for these as well */ if( !buffer[ i ] ) { if( isBMP ) return( STR_NONE ); isUnicode = TRUE; continue; } else { if( isUnicode ) return( STR_NONE ); } } if( buffer[ i ] < 0x20 || buffer[ i ] > 0x7E ) return( STR_NONE ); } /* It looks like a text string */ return( isUnicode ? STR_BMP_REVERSED : isBMP ? STR_BMP : STR_IA5 ); } /* Dump the header bytes for an object, useful for vgrepping the original object from a hex dump */ static void dumpHeader( FILE *inFile, const ASN1_ITEM *item, const int level ) { int extraLen = 24 - item->headerSize, i; /* Dump the tag and length bytes */ if( !doPure ) printString( level, "%s", " " ); printString( level, "<%02X", *item->header ); for( i = 1; i < item->headerSize; i++ ) printString( level, " %02X", item->header[ i ] ); /* If we're asked for more, dump enough extra data to make up 24 bytes. This is somewhat ugly since it assumes we can seek backwards over the data, which means it won't always work on streams */ if( extraLen > 0 && doDumpHeader > 1 ) { /* Make sure that we don't print too much data. This doesn't work for indefinite-length data, we don't try and guess the length with this since it involves picking apart what we're printing */ if( extraLen > item->length && !item->indefinite ) extraLen = ( int ) item->length; for( i = 0; i < extraLen; i++ ) { const int ch = fgetc( inFile ); if( ch == EOF ) { /* Exit loop and get fseek() offset correct */ extraLen = i; break; } printString( level, " %02X", ch ); } fseek( inFile, -extraLen, SEEK_CUR ); } printString( level, "%s", ">\n" ); } /* Print a constructed ASN.1 object */ static int printAsn1( FILE *inFile, const int level, long length, const int isIndefinite ); static void markConstructed( const int level, const ASN1_ITEM *item ) { /* If it's a type that's not normally constructed, tag it as such */ if( item->id == BOOLEAN || item->id == INTEGER || \ item->id == BITSTRING || item->id == OCTETSTRING || \ item->id == ENUMERATED || item->id == UTF8STRING || \ ( item->id >= NUMERICSTRING && item->id <= BMPSTRING ) ) printString( level, "%s", " (constructed)" ); } static void printConstructed( FILE *inFile, int level, const ASN1_ITEM *item ) { int result; /* Special case for zero-length objects */ if( !item->length && !item->indefinite ) { printString( level, "%s", " {}\n" ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; } printString( level, "%s", " {\n" ); if( item->nonCanonical ) complainLengthCanonical( item, level ); result = printAsn1( inFile, level + 1, item->length, item->indefinite ); if( result ) { fprintf( output, "Error: Inconsistent object length, %d byte%s " "difference.\n", result, ( result > 1 ) ? "s" : "" ); noErrors++; } if( !doPure ) printString( level, "%s", INDENT_STRING ); printString( level, "%s", ( printDots ) ? ". " : " " ); doIndent( level ); printString( level, "%s", "}\n" ); } /* Print a single ASN.1 object */ static void printASN1object( FILE *inFile, ASN1_ITEM *item, int level ) { OIDINFO *oidInfo; STR_OPTION stringType; BYTE buffer[ MAX_OID_SIZE ]; const int nonOutlineObject = \ ( doOutlineOnly && ( item->id & FORM_MASK ) != CONSTRUCTED ) ? \ TRUE : FALSE; if( ( item->id & CLASS_MASK ) != UNIVERSAL ) { static const char *const classtext[] = { "UNIVERSAL ", "APPLICATION ", "", "PRIVATE " }; /* Print the object type */ if( !nonOutlineObject ) { printString( level, "[%s%d]", classtext[ ( item->id & CLASS_MASK ) >> 6 ], item->tag ); } /* Perform a sanity check */ if( ( item->tag != NULLTAG ) && ( item->length < 0 ) ) { int i; fflush( stdout ); fprintf( stderr, "\nError: Object has bad length field, tag = %02X, " "length = %lX, value =", item->tag, item->length ); fprintf( stderr, "<%02X", *item->header ); for( i = 1; i < item->headerSize; i++ ) fprintf( stderr, " %02X", item->header[ i ] ); fputs( ">.\n", stderr ); exit( EXIT_FAILURE ); } if( !item->length && !item->indefinite && !zeroLengthOK( item ) ) { printString( level, "%c", '\n' ); complain( "Object has zero length", 0, level ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; } /* If it's constructed, print the various fields in it */ if( ( item->id & FORM_MASK ) == CONSTRUCTED ) { markConstructed( level, item ); printConstructed( inFile, level, item ); return; } /* It'sprimitive, if we're only displaying the ASN.1 in outline form, supress the display by dumping it with a nesting level that ensures it won't get output (this clears the data from the input without displaying it) */ if( nonOutlineObject ) { dumpHex( inFile, item->length, 1000, FALSE ); if( item->nonCanonical ) complainLengthCanonical( item, level ); printString( level, "%c", '\n' ); return; } /* It's primitive, if it's a seekable stream try and determine whether it's text so we can display it as such */ if( !useStdin && \ ( stringType = checkForText( inFile, item->length ) ) != STR_NONE ) { /* It looks like a text string, dump it as text */ displayString( inFile, item->length, level, stringType ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; } /* This could be anything, dump it as hex data */ dumpHex( inFile, item->length, level, FALSE ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; } /* Print the object type */ if( !doOutlineOnly || ( item->id & FORM_MASK ) == CONSTRUCTED ) printString( level, "%s", idstr( item->tag ) ); /* Perform a sanity check */ if( ( item->tag != NULLTAG ) && ( item->length < 0 ) ) { int i; fflush( stdout ); fprintf( stderr, "\nError: Object has bad length field, tag = %02X, " "length = %lX, value =", item->tag, item->length ); fprintf( stderr, "<%02X", *item->header ); for( i = 1; i < item->headerSize; i++ ) fprintf( stderr, " %02X", item->header[ i ] ); fputs( ">.\n", stderr ); exit( EXIT_FAILURE ); } /* If it's constructed, print the various fields in it */ if( ( item->id & FORM_MASK ) == CONSTRUCTED ) { markConstructed( level, item ); printConstructed( inFile, level, item ); return; } /* It's primitive */ if( doOutlineOnly ) { /* If we're only displaying the ASN.1 in outline form, set an artificially high nesting level that ensures it won't get output (this clears the data from the input without displaying it) */ level = 1000; } if( !item->length && !zeroLengthOK( item ) ) { printString( level, "%c", '\n' ); complain( "Object has zero length", 0, level ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; } switch( item->tag ) { case BOOLEAN: { int ch; if( item->length != 1 ) complainLength( item, level ); ch = getc( inFile ); if( ch == EOF ) { complainEOF( level, 1 ); return; } printString( level, " %s\n", ch ? "TRUE" : "FALSE" ); if( ch != 0 && ch != 0xFF ) { complain( "BOOLEAN '%02X' has non-DER encoding", ch, level ); } if( item->nonCanonical ) complainLengthCanonical( item, level ); fPos++; break; } case INTEGER: case ENUMERATED: if( item->length > 4 ) { dumpHex( inFile, item->length, level, TRUE ); if( item->nonCanonical ) complainLengthCanonical( item, level ); } else { printValue( inFile, item->length, level ); if( item->nonCanonical ) complainLengthCanonical( item, level ); } break; case BITSTRING: { int ch; if( item->length < 2 ) complainLength( item, level ); if( ( ch = getc( inFile ) ) != 0 ) { if( ch == EOF ) { complainEOF( level, item->length ); return; } printString( level, " %d unused bit%s", ch, ( ch != 1 ) ? "s" : "" ); } fPos++; if( !--item->length && !ch ) { printString( level, "%c", '\n' ); complain( "Object has zero length", 0, level ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; } if( item->length <= sizeof( int ) ) { /* It's short enough to be a bit flag, dump it as a sequence of bits */ dumpBitString( inFile, ( int ) item->length, ch, level ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; } /* Fall through to dump it as an octet string */ } case OCTETSTRING: if( checkEncapsulate( inFile, item->length ) ) { /* It's something encapsulated inside the string, print it as a constructed item */ printString( level, "%s", ", encapsulates" ); printConstructed( inFile, level, item ); break; } if( !useStdin && !dumpText && \ ( stringType = checkForText( inFile, item->length ) ) != STR_NONE ) { /* If we'd be doing a straight hex dump and it looks like encapsulated text, display it as such. If the user has overridden character set type checking and it's a string type for which we normally perform type checking, we reset its type to none */ displayString( inFile, item->length, level, \ ( !checkCharset && ( stringType == STR_IA5 || \ stringType == STR_PRINTABLE ) ) ? \ STR_NONE : stringType ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; } dumpHex( inFile, item->length, level, FALSE ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case OID: { char textOID[ 128 ]; int length, isValid; /* Hierarchical Object Identifier */ if( item->length <= 0 || item->length >= MAX_OID_SIZE ) { fflush( stdout ); fprintf( stderr, "\nError: Object identifier length %ld too " "large.\n", item->length ); exit( EXIT_FAILURE ); } length = fread( buffer, 1, ( size_t ) item->length, inFile ); fPos += item->length; if( item->length < 3 ) { fputs( ".\n", output ); complainLength( item, level ); break; } if( length < item->length ) { fputs( ".\n", output ); complain( "Invalid OID data", 0, level ); break; } if( ( oidInfo = getOIDinfo( buffer, ( int ) item->length ) ) != NULL ) { /* Convert the binary OID to text form */ isValid = oidToString( textOID, &length, buffer, ( int ) item->length ); /* Check if LHS status info + indent + "OID " string + oid name + "(" + oid value + ")" will wrap */ if( ( ( doPure ) ? 0 : INDENT_SIZE ) + ( level * 2 ) + 18 + \ strlen( oidInfo->description ) + 2 + length >= outputWidth ) { printString( level, "%c", '\n' ); if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 1 ); } else printString( level, "%c", ' ' ); printString( level, "%s (%s)\n", oidInfo->description, textOID ); /* Display extra comments about the OID if required */ if( extraOIDinfo && oidInfo->comment != NULL ) { if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 1 ); printString( level, "(%s)\n", oidInfo->comment ); } if( !isValid ) complain( "OID has invalid encoding", 0, level ); if( item->nonCanonical ) complainLengthCanonical( item, level ); /* If there's a warning associated with this OID, remember that there was a problem */ if( oidInfo->warn ) noWarnings++; break; } /* Print the OID as a text string */ isValid = oidToString( textOID, &length, buffer, ( int ) item->length ); printString( level, " '%s'\n", textOID ); if( isValid ) { if( item->length > MAX_SANE_OID_SIZE ) { /* This typically only occurs with Microsoft's "encode random noise and call it an OID" values, so we warn about the fact that it's not really an OID */ complain( "OID contains random garbage", 0, level ); } } else complain( "OID has invalid encoding", 0, level ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; } case EOC: printString( level, "<> %c", '\n' ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case NULLTAG: printString( level, "%c", '\n' ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case OBJDESCRIPTOR: case GRAPHICSTRING: case VISIBLESTRING: case GENERALSTRING: case UNIVERSALSTRING: case NUMERICSTRING: case VIDEOTEXSTRING: case PRINTABLESTRING: displayString( inFile, item->length, level, STR_PRINTABLE ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case UTF8STRING: displayString( inFile, item->length, level, STR_UTF8 ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case BMPSTRING: displayString( inFile, item->length, level, STR_BMP ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case UTCTIME: displayString( inFile, item->length, level, STR_UTCTIME ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case GENERALIZEDTIME: displayString( inFile, item->length, level, STR_GENERALIZED ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case IA5STRING: displayString( inFile, item->length, level, STR_IA5 ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case T61STRING: displayString( inFile, item->length, level, STR_LATIN1 ); if( item->nonCanonical ) complainLengthCanonical( item, level ); break; case SEQUENCE: printString( level, "%c", '\n' ); complain( "SEQUENCE has invalid primitive encoding", 0, level ); break; case SET: printString( level, "%c", '\n' ); complain( "SET has invalid primitive encoding", 0, level ); break; default: printString( level, "%c", '\n' ); if( !doPure ) printString( level, "%s", INDENT_STRING ); doIndent( level + 1 ); printString( level, "%s", "Unrecognised primitive, hex value is:"); dumpHex( inFile, item->length, level, FALSE ); if( item->nonCanonical ) complainLengthCanonical( item, level ); noErrors++; /* Treat it as an error */ } } /* Print a complex ASN.1 object */ static long processObjectStart( FILE *inFile, const ASN1_ITEM *item ) { long length = LENGTH_MAGIC; /* If the length isn't known and the item has a definite length, set the length to the item's length */ if( !item->indefinite ) { length = item->headerSize + item->length; /* We can also adjust the width of the informational data column to maximise the amount of screen real estate (for lengths less than the default of four) or get rid of oversized columns (for lengths greater than four) */ if( length < 1000 ) infoWidth = 3; else if( length > 9999999 ) infoWidth = 8; else if( length > 999999 ) infoWidth = 7; else if( length > 99999 ) infoWidth = 6; else if( length > 9999 ) infoWidth = 5; } /* If the input isn't seekable, turn off some options that require the use of fseek(). This check isn't perfect (some streams are slightly seekable due to buffering) but it's better than nothing */ if( fseek( inFile, -item->headerSize, SEEK_CUR ) ) { useStdin = TRUE; checkEncaps = FALSE; puts( "Warning: Input is non-seekable, some functionality has been " "disabled." ); return( length ); } /* If it looks like we've been given a text file, typically due to the input being base64-encoded, check whether it is all text */ if( ( isalnum( item->header[ 0 ] ) && isalnum( item->header[ 1 ] ) ) || \ ( item->header[ 0 ] == '-' && item->header[ 1 ] == '-' ) ) { BYTE buffer[ 4 ]; int count, i; count = fread( buffer, 1, 4, inFile ); for( i = 0; i < count; i++ ) { if( buffer[ i ] != '-' && !isalnum( buffer[ i ] ) ) break; } if( i >= 4 && \ item->header[ 0 ] == 0x30 || item->header[ 0 ] == 0x31 ) { /* Special-case handling for situations that would produce a false positive, items containing nested SEQUENCE (0x30)/SET (0x31) of an appropriate length will look like ASCII since the encoding is 0x30 0xXX 0x30 0xXX 0x30 0xXX, e.g. "0g0e0c", so we check for the pattern [0|1] alnum [0|1] alnum ... */ if( buffer[ 2 ] == 0x30 || buffer[ 2 ] == 0x31 ) { /* It's at least 0x30 0xXX 0x30 0xXX, assume it's binary. This can lead to a minute number of false negatives, but that's OK since (a) it's no any normal encoding format for ASN.1 binary data and (b) all it'll do is produce an attempt to decode text as ASN.1 */ i = 0; } } if( i >= 4 ) { fputs( "Error: This file appears to be a base64-encoded text " "file, not binary data.\n", stderr ); fputs( " In order to display it you first need to decode " "it into its\n", stderr ); fputs( " binary form.\n", stderr ); exit( EXIT_FAILURE ); } fseek( inFile, -4, SEEK_CUR ); } /* Undo the fseek() that we used to determine whether the input was seekable */ fseek( inFile, item->headerSize, SEEK_CUR ); return( length ); } static int printAsn1( FILE *inFile, const int level, long length, const int isIndefinite ) { ASN1_ITEM item; long lastPos = fPos; int seenEOC = FALSE, status; /* Bail out on suspiciously complex data */ if( level > MAX_NESTING_LEVEL ) { complain( "Object contains more than %d levels of nesting", MAX_NESTING_LEVEL, level ); exit( EXIT_FAILURE ); } /* Special-case for zero-length objects */ if( !length && !isIndefinite ) return( 0 ); while( ( status = getItem( inFile, &item ) ) > 0 ) { int nonOutlineObject = FALSE; /* Perform various special checks the first time that we're called */ if( length == LENGTH_MAGIC ) length = processObjectStart( inFile, &item ); /* Dump the header as hex data if requested */ if( doDumpHeader ) dumpHeader( inFile, &item, level ); /* If we're displaying the ASN.1 outline only and it's not a constructed object, don't display anything */ if( doOutlineOnly && ( item.id & FORM_MASK ) != CONSTRUCTED ) nonOutlineObject = TRUE; /* Print the offset and length, unless we're in pure ASN.1-only output mode or we're displaying the outline only and it's not a constructed object */ if( item.header[ 0 ] == EOC ) { seenEOC = TRUE; if( !isIndefinite) complain( "Spurious EOC in definite-length item", 0, level ); } if( !doPure && !nonOutlineObject ) { if( item.indefinite ) { printString( level, ( doHexValues ) ? \ LEN_HEX_INDEF : LEN_INDEF, lastPos ); } else { if( !seenEOC ) { printString( level, ( doHexValues ) ? \ LEN_HEX : LEN, lastPos, item.length ); } } } /* Print details on the item */ if( !seenEOC ) { if( !nonOutlineObject ) doIndent( level ); printASN1object( inFile, &item, level ); } /* If it was an indefinite-length object (no length was ever set) and we've come back to the top level, exit */ if( length == LENGTH_MAGIC ) return( 0 ); length -= fPos - lastPos; lastPos = fPos; if( isIndefinite ) { if( seenEOC ) return( 0 ); } else { if( length <= 0 ) { if( length < 0 ) return( ( int ) -length ); return( 0 ); } else { if( length == 1 ) { const int ch = fgetc( inFile ); /* If we've run out of input but there should be more present, let the caller know */ if( ch == EOF ) return( 1 ); /* No object can be one byte long, try and recover. This only works sometimes because it can be caused by spurious data in an OCTET STRING hole or an incorrect length encoding. The following workaround tries to recover from spurious data by skipping the byte if it's zero or a non-basic-ASN.1 tag, but keeping it if it could be valid ASN.1 */ if( ch > 0 && ch <= 0x31 ) ungetc( ch, inFile ); else { fPos++; return( 1 ); } } } } } if( status == -1 ) { int i; fflush( stdout ); fprintf( stderr, "\nError: Invalid data encountered at position " "%d:", fPos ); for( i = 0; i < item.headerSize; i++ ) fprintf( stderr, " %02X", item.header[ i ] ); fprintf( stderr, ".\n" ); exit( EXIT_FAILURE ); } /* If we see an EOF and there's supposed to be more data present, complain */ if( length && length != LENGTH_MAGIC ) { fprintf( output, "Error: Inconsistent object length, %ld byte%s " "difference.\n", length, ( length > 1 ) ? "s" : "" ); noErrors++; } return( 0 ); } /* Show usage and exit */ static void usageExit( void ) { puts( "DumpASN1 - ASN.1 object dump/syntax check program." ); puts( "Copyright Peter Gutmann 1997 - 2016. Last updated " UPDATE_STRING "." ); puts( "" ); puts( "Usage: dumpasn1 [-acdefghilmoprstuvwxz] " ); puts( " Input options:" ); puts( " - = Take input from stdin (some options may not work properly)" ); puts( " - = Start bytes into the file" ); puts( " -- = End of arg list" ); puts( " -c = Read Object Identifier info from alternate config file" ); puts( " (values will override equivalents in global config file)" ); puts( "" ); puts( " Output options:" ); puts( " -f = Dump object at offset - to file (allows data to be" ); puts( " extracted from encapsulating objects)" ); puts( " -w = Set width of output, default = 80 columns" ); puts( "" ); puts( " Display options:" ); puts( " -a = Print all data in long data blocks, not just the first 128 bytes" ); puts( " -d = Print dots to show column alignment" ); puts( " -g = Display ASN.1 structure outline only (no primitive objects)" ); puts( " -h = Hex dump object header (tag+length) before the decoded output" ); puts( " -hh = Same as -h but display more of the object as hex data" ); puts( " -i = Use shallow indenting, for deeply-nested objects" ); puts( " -l = Long format, display extra info about Object Identifiers" ); puts( " -m = Maximum nesting level for which to display content" ); puts( " -p = Pure ASN.1 output without encoding information" ); puts( " -t = Display text values next to hex dump of data" ); puts( " -v = Verbose mode, equivalent to -ahlt" ); puts( "" ); puts( " Format options:" ); puts( " -e = Don't print encapsulated data inside OCTET/BIT STRINGs" ); puts( " -r = Print bits in BIT STRING as encoded in reverse order" ); puts( " -u = Don't format UTCTime/GeneralizedTime string data" ); puts( " -x = Display size and offset in hex not decimal" ); puts( "" ); puts( " Checking options:" ); puts( " -o = Don't check validity of character strings hidden in octet strings" ); puts( " -s = Syntax check only, don't dump ASN.1 structures" ); puts( " -z = Allow zero-length items" ); puts( "" ); puts( "Warnings generated by deprecated OIDs require the use of '-l' to be displayed." ); puts( "Program return code is the number of errors found or EXIT_SUCCESS." ); exit( EXIT_FAILURE ); } int main( int argc, char *argv[] ) { FILE *inFile, *outFile = NULL; #ifdef __WIN32__ CONSOLE_SCREEN_BUFFER_INFO csbiInfo; #endif /* __WIN32__ */ #ifdef __OS390__ char pathPtr[ FILENAME_MAX ]; #else char *pathPtr = argv[ 0 ]; #endif /* __OS390__ */ long offset = 0; int moreArgs = TRUE, doCheckOnly = FALSE; #ifdef __OS390__ memset( pathPtr, '\0', sizeof( pathPtr ) ); getcwd( pathPtr, sizeof( pathPtr ) ); strcat( pathPtr, "/" ); #endif /* __OS390__ */ /* Skip the program name */ argv++; argc--; /* Display usage if no args given */ if( argc < 1 ) usageExit(); output = stdout; /* Needs to be assigned at runtime */ /* Get the output width. Under Unix there's no safe way to do this, so we default to 80 columns */ #ifdef __WIN32__ if( GetConsoleScreenBufferInfo( GetStdHandle( STD_OUTPUT_HANDLE ), &csbiInfo ) ) outputWidth = csbiInfo.dwSize.X; #endif /* __WIN32__ */ /* Check for arguments */ while( argc && *argv[ 0 ] == '-' && moreArgs ) { char *argPtr = argv[ 0 ] + 1; if( !*argPtr ) useStdin = TRUE; while( *argPtr ) { if( isdigit( byteToInt( *argPtr ) ) ) { offset = atol( argPtr ); break; } switch( toupper( byteToInt( *argPtr ) ) ) { case '-': moreArgs = FALSE; /* GNU-style end-of-args flag */ break; case 'A': printAllData = TRUE; break; case 'C': if( !readConfig( argPtr + 1, FALSE ) ) exit( EXIT_FAILURE ); while( argPtr[ 1 ] ) argPtr++; /* Skip rest of arg */ break; case 'D': printDots = TRUE; break; case 'E': checkEncaps = FALSE; break; case 'F': if( ( outFile = fopen( argPtr + 1, "wb" ) ) == NULL ) { perror( argPtr + 1 ); exit( EXIT_FAILURE ); } while( argPtr[ 1 ] ) argPtr++; /* Skip rest of arg */ break; case 'G': doOutlineOnly = TRUE; break; case 'H': doDumpHeader++; break; case 'I': shallowIndent = TRUE; break; case 'L': extraOIDinfo = TRUE; break; case 'M': maxNestLevel = atoi( argPtr + 1 ); if( maxNestLevel < 1 || maxNestLevel > MAX_NESTING_LEVEL ) { puts( "Invalid maximum nesting level." ); exit( EXIT_FAILURE ); } while( argPtr[ 1 ] ) argPtr++; /* Skip rest of arg */ break; case 'O': checkCharset = FALSE; break; case 'P': doPure = TRUE; break; case 'R': reverseBitString = !reverseBitString; break; case 'S': doCheckOnly = TRUE; #if defined( __WIN32__ ) /* Under Windows we can't fclose( stdout ) because the VC++ runtime reassigns the stdout handle to the next open file (which is valid) but then scribbles stdout garbage all over it for files larger than about 16K (which isn't), so we have to make sure that the stdout handle is pointed to something somewhere */ ( void ) freopen( "nul", "w", stdout ); #elif defined( __UNIX__ ) /* Safety feature in case any Unix libc is as broken as the Win32 version */ ( void ) freopen( "/dev/null", "w", stdout ); #else fclose( stdout ); #endif /* OS-specific bypassing of stdout */ break; case 'T': dumpText = TRUE; break; case 'U': rawTimeString = TRUE; break; case 'V': printAllData = doDumpHeader = TRUE; extraOIDinfo = dumpText = TRUE; break; case 'W': outputWidth = atoi( argPtr + 1 ); if( outputWidth < 40 || outputWidth > 500 ) { puts( "Invalid output width." ); exit( EXIT_FAILURE ); } while( argPtr[ 1 ] ) argPtr++; /* Skip rest of arg */ break; case 'X': doHexValues = TRUE; break; case 'Z': zeroLengthAllowed = TRUE; break; default: printf( "Unknown argument '%c'.\n", *argPtr ); return( EXIT_SUCCESS ); } argPtr++; } argv++; argc--; } /* We can't use options that perform an fseek() if reading from stdin */ if( useStdin && ( doDumpHeader || outFile != NULL ) ) { puts( "Can't use -f or -h when taking input from stdin" ); exit( EXIT_FAILURE ); } /* Check args and read the config file. We don't bother weeding out dups during the read because (a) the linear search would make the process n^2, (b) during the dump process the search will terminate on the first match so dups aren't that serious, and (c) there should be very few dups present */ if( argc != 1 && !useStdin ) usageExit(); if( !readGlobalConfig( pathPtr ) ) exit( EXIT_FAILURE ); /* Dump the given file */ if( useStdin ) inFile = stdin; else { if( ( inFile = fopen( argv[ 0 ], "rb" ) ) == NULL ) { perror( argv[ 0 ] ); freeConfig(); exit( EXIT_FAILURE ); } } if( useStdin ) { while( offset-- ) getc( inFile ); } else fseek( inFile, offset, SEEK_SET ); if( outFile != NULL ) { ASN1_ITEM item; long length; int i, status; /* Make sure that there's something there, and that it has a definite length */ status = getItem( inFile, &item ); if( status == -1 ) { puts( "Non-ASN.1 data encountered." ); freeConfig(); exit( EXIT_FAILURE ); } if( status == 0 ) { puts( "Nothing to read." ); freeConfig(); exit( EXIT_FAILURE ); } if( item.indefinite ) { puts( "Cannot process indefinite-length item." ); freeConfig(); exit( EXIT_FAILURE ); } /* Copy the item across, first the header and then the data */ for( i = 0; i < item.headerSize; i++ ) putc( item.header[ i ], outFile ); for( length = 0; length < item.length && !feof( inFile ); length++ ) putc( getc( inFile ), outFile ); fclose( outFile ); fseek( inFile, offset, SEEK_SET ); } printAsn1( inFile, 0, LENGTH_MAGIC, 0 ); if( !useStdin && offset == 0 ) { BYTE buffer[ 16 ]; long position = ftell( inFile ); /* If we're dumping a standalone ASN.1 object and there's further data appended to it, warn the user of its existence. This is a bit hit-and-miss since there may or may not be additional EOCs present, dumpasn1 always stops once it knows that the data should end (without trying to read any trailing EOCs) because data from some sources has the EOCs truncated, and most apps know that they have to stop at min( data_end, EOCs ). To avoid false positives, we skip at least 4 EOCs worth of data and if there's still more present, we complain */ ( void ) fread( buffer, 1, 8, inFile ); /* Skip 4 EOCs */ if( !feof( inFile ) ) { fprintf( output, "Warning: Further data follows ASN.1 data at " "position %ld.\n", position ); noWarnings++; } } fclose( inFile ); freeConfig(); /* Print a summary of warnings/errors if it's required or appropriate */ if( !doPure ) { fflush( stdout ); if( !doCheckOnly ) fputc( '\n', stderr ); fprintf( stderr, "%d warning%s, %d error%s.\n", noWarnings, ( noWarnings != 1 ) ? "s" : "", noErrors, ( noErrors != 1 ) ? "s" : "" ); } return( ( noErrors ) ? noErrors : EXIT_SUCCESS ); }