xref: /onnv-gate/usr/src/common/openssl/crypto/objects/objects.txt (revision 2139:6243c3338933)

# CCITT was renamed to ITU-T quite some time ago
0			: ITU-T			: itu-t
!Alias ccitt itu-t

1			: ISO			: iso

2			: JOINT-ISO-ITU-T	: joint-iso-itu-t
!Alias joint-iso-ccitt joint-iso-itu-t

iso 2			: member-body		: ISO Member Body

iso 3			: identified-organization

identified-organization 132	: certicom-arc

joint-iso-itu-t 23	: international-organizations	: International Organizations

international-organizations 43	: wap
wap 13			: wap-wsg

joint-iso-itu-t 5 1 5	: selected-attribute-types	: Selected Attribute Types

selected-attribute-types 55	: clearance

member-body 840		: ISO-US		: ISO US Member Body
ISO-US 10040		: X9-57			: X9.57
X9-57 4			: X9cm			: X9.57 CM ?

!Cname dsa
X9cm 1			: DSA			: dsaEncryption
X9cm 3			: DSA-SHA1		: dsaWithSHA1


ISO-US 10045		: ansi-X9-62		: ANSI X9.62
!module X9-62
!Alias id-fieldType ansi-X9-62 1
X9-62_id-fieldType 1		: prime-field
X9-62_id-fieldType 2		: characteristic-two-field
X9-62_characteristic-two-field 3 : id-characteristic-two-basis
X9-62_id-characteristic-two-basis 1 : onBasis
X9-62_id-characteristic-two-basis 2 : tpBasis
X9-62_id-characteristic-two-basis 3 : ppBasis
!Alias id-publicKeyType ansi-X9-62 2
X9-62_id-publicKeyType 1	: id-ecPublicKey
!Alias ellipticCurve ansi-X9-62 3
!Alias c-TwoCurve X9-62_ellipticCurve 0
X9-62_c-TwoCurve 1		: c2pnb163v1
X9-62_c-TwoCurve 2		: c2pnb163v2
X9-62_c-TwoCurve 3		: c2pnb163v3
X9-62_c-TwoCurve 4		: c2pnb176v1
X9-62_c-TwoCurve 5		: c2tnb191v1
X9-62_c-TwoCurve 6		: c2tnb191v2
X9-62_c-TwoCurve 7		: c2tnb191v3
X9-62_c-TwoCurve 8		: c2onb191v4
X9-62_c-TwoCurve 9		: c2onb191v5
X9-62_c-TwoCurve 10		: c2pnb208w1
X9-62_c-TwoCurve 11		: c2tnb239v1
X9-62_c-TwoCurve 12		: c2tnb239v2
X9-62_c-TwoCurve 13		: c2tnb239v3
X9-62_c-TwoCurve 14		: c2onb239v4
X9-62_c-TwoCurve 15		: c2onb239v5
X9-62_c-TwoCurve 16		: c2pnb272w1
X9-62_c-TwoCurve 17		: c2pnb304w1
X9-62_c-TwoCurve 18		: c2tnb359v1
X9-62_c-TwoCurve 19		: c2pnb368w1
X9-62_c-TwoCurve 20		: c2tnb431r1
!Alias primeCurve X9-62_ellipticCurve 1
X9-62_primeCurve 1	 	: prime192v1
X9-62_primeCurve 2	 	: prime192v2
X9-62_primeCurve 3	 	: prime192v3
X9-62_primeCurve 4	 	: prime239v1
X9-62_primeCurve 5	 	: prime239v2
X9-62_primeCurve 6	 	: prime239v3
X9-62_primeCurve 7	 	: prime256v1
!Alias id-ecSigType ansi-X9-62 4
!global
X9-62_id-ecSigType 1		: ecdsa-with-SHA1

# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
# (http://www.secg.org/)
!Alias secg_ellipticCurve certicom-arc 0
# SECG prime curves OIDs
secg-ellipticCurve 6		: secp112r1
secg-ellipticCurve 7		: secp112r2
secg-ellipticCurve 28		: secp128r1
secg-ellipticCurve 29		: secp128r2
secg-ellipticCurve 9		: secp160k1
secg-ellipticCurve 8		: secp160r1
secg-ellipticCurve 30		: secp160r2
secg-ellipticCurve 31		: secp192k1
# NOTE: the curve secp192r1 is the same as prime192v1 defined above
#       and is therefore omitted
secg-ellipticCurve 32		: secp224k1
secg-ellipticCurve 33		: secp224r1
secg-ellipticCurve 10		: secp256k1
# NOTE: the curve secp256r1 is the same as prime256v1 defined above
#       and is therefore omitted
secg-ellipticCurve 34		: secp384r1
secg-ellipticCurve 35		: secp521r1
# SECG characteristic two curves OIDs
secg-ellipticCurve 4		: sect113r1
secg-ellipticCurve 5		: sect113r2
secg-ellipticCurve 22		: sect131r1
secg-ellipticCurve 23		: sect131r2
secg-ellipticCurve 1		: sect163k1
secg-ellipticCurve 2		: sect163r1
secg-ellipticCurve 15		: sect163r2
secg-ellipticCurve 24		: sect193r1
secg-ellipticCurve 25		: sect193r2
secg-ellipticCurve 26		: sect233k1
secg-ellipticCurve 27		: sect233r1
secg-ellipticCurve 3		: sect239k1
secg-ellipticCurve 16		: sect283k1
secg-ellipticCurve 17		: sect283r1
secg-ellipticCurve 36		: sect409k1
secg-ellipticCurve 37		: sect409r1
secg-ellipticCurve 38		: sect571k1
secg-ellipticCurve 39		: sect571r1

# WAP/TLS curve OIDs (http://www.wapforum.org/)
!Alias wap-wsg-idm-ecid wap-wsg 4
wap-wsg-idm-ecid 1	: wap-wsg-idm-ecid-wtls1
wap-wsg-idm-ecid 3	: wap-wsg-idm-ecid-wtls3
wap-wsg-idm-ecid 4	: wap-wsg-idm-ecid-wtls4
wap-wsg-idm-ecid 5	: wap-wsg-idm-ecid-wtls5
wap-wsg-idm-ecid 6	: wap-wsg-idm-ecid-wtls6
wap-wsg-idm-ecid 7	: wap-wsg-idm-ecid-wtls7
wap-wsg-idm-ecid 8	: wap-wsg-idm-ecid-wtls8
wap-wsg-idm-ecid 9	: wap-wsg-idm-ecid-wtls9
wap-wsg-idm-ecid 10	: wap-wsg-idm-ecid-wtls10
wap-wsg-idm-ecid 11	: wap-wsg-idm-ecid-wtls11
wap-wsg-idm-ecid 12	: wap-wsg-idm-ecid-wtls12


ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
			: CAST5-ECB		: cast5-ecb
!Cname cast5-cfb64
			: CAST5-CFB		: cast5-cfb
!Cname cast5-ofb64
			: CAST5-OFB		: cast5-ofb
!Cname pbeWithMD5AndCast5-CBC
ISO-US 113533 7 66 12	:			: pbeWithMD5AndCast5CBC

ISO-US 113549		: rsadsi		: RSA Data Security, Inc.

rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS

pkcs 1			: pkcs1
pkcs1 1			:			: rsaEncryption
pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
# According to PKCS #1 version 2.1
pkcs1 11		: RSA-SHA256		: sha256WithRSAEncryption
pkcs1 12		: RSA-SHA384		: sha384WithRSAEncryption
pkcs1 13		: RSA-SHA512		: sha512WithRSAEncryption
pkcs1 14		: RSA-SHA224		: sha224WithRSAEncryption

pkcs 3			: pkcs3
pkcs3 1			:			: dhKeyAgreement

pkcs 5			: pkcs5
pkcs5 1			: PBE-MD2-DES		: pbeWithMD2AndDES-CBC
pkcs5 3			: PBE-MD5-DES		: pbeWithMD5AndDES-CBC
pkcs5 4			: PBE-MD2-RC2-64	: pbeWithMD2AndRC2-CBC
pkcs5 6			: PBE-MD5-RC2-64	: pbeWithMD5AndRC2-CBC
pkcs5 10		: PBE-SHA1-DES		: pbeWithSHA1AndDES-CBC
pkcs5 11		: PBE-SHA1-RC2-64	: pbeWithSHA1AndRC2-CBC
!Cname id_pbkdf2
pkcs5 12		:			: PBKDF2
!Cname pbes2
pkcs5 13		:			: PBES2
!Cname pbmac1
pkcs5 14		:			: PBMAC1

pkcs 7			: pkcs7
pkcs7 1			:			: pkcs7-data
!Cname pkcs7-signed
pkcs7 2			:			: pkcs7-signedData
!Cname pkcs7-enveloped
pkcs7 3			:			: pkcs7-envelopedData
!Cname pkcs7-signedAndEnveloped
pkcs7 4			:			: pkcs7-signedAndEnvelopedData
!Cname pkcs7-digest
pkcs7 5			:			: pkcs7-digestData
!Cname pkcs7-encrypted
pkcs7 6			:			: pkcs7-encryptedData

pkcs 9			: pkcs9
!module pkcs9
pkcs9 1			: 			: emailAddress
pkcs9 2			:			: unstructuredName
pkcs9 3			:			: contentType
pkcs9 4			:			: messageDigest
pkcs9 5			:			: signingTime
pkcs9 6			:			: countersignature
pkcs9 7			:			: challengePassword
pkcs9 8			:			: unstructuredAddress
!Cname extCertAttributes
pkcs9 9			:			: extendedCertificateAttributes
!global

!Cname ext-req
pkcs9 14		: extReq		: Extension Request

!Cname SMIMECapabilities
pkcs9 15		: SMIME-CAPS		: S/MIME Capabilities

# S/MIME
!Cname SMIME
pkcs9 16		: SMIME			: S/MIME
SMIME 0			: id-smime-mod
SMIME 1			: id-smime-ct
SMIME 2			: id-smime-aa
SMIME 3			: id-smime-alg
SMIME 4			: id-smime-cd
SMIME 5			: id-smime-spq
SMIME 6			: id-smime-cti

# S/MIME Modules
id-smime-mod 1		: id-smime-mod-cms
id-smime-mod 2		: id-smime-mod-ess
id-smime-mod 3		: id-smime-mod-oid
id-smime-mod 4		: id-smime-mod-msg-v3
id-smime-mod 5		: id-smime-mod-ets-eSignature-88
id-smime-mod 6		: id-smime-mod-ets-eSignature-97
id-smime-mod 7		: id-smime-mod-ets-eSigPolicy-88
id-smime-mod 8		: id-smime-mod-ets-eSigPolicy-97

# S/MIME Content Types
id-smime-ct 1		: id-smime-ct-receipt
id-smime-ct 2		: id-smime-ct-authData
id-smime-ct 3		: id-smime-ct-publishCert
id-smime-ct 4		: id-smime-ct-TSTInfo
id-smime-ct 5		: id-smime-ct-TDTInfo
id-smime-ct 6		: id-smime-ct-contentInfo
id-smime-ct 7		: id-smime-ct-DVCSRequestData
id-smime-ct 8		: id-smime-ct-DVCSResponseData

# S/MIME Attributes
id-smime-aa 1		: id-smime-aa-receiptRequest
id-smime-aa 2		: id-smime-aa-securityLabel
id-smime-aa 3		: id-smime-aa-mlExpandHistory
id-smime-aa 4		: id-smime-aa-contentHint
id-smime-aa 5		: id-smime-aa-msgSigDigest
# obsolete
id-smime-aa 6		: id-smime-aa-encapContentType
id-smime-aa 7		: id-smime-aa-contentIdentifier
# obsolete
id-smime-aa 8		: id-smime-aa-macValue
id-smime-aa 9		: id-smime-aa-equivalentLabels
id-smime-aa 10		: id-smime-aa-contentReference
id-smime-aa 11		: id-smime-aa-encrypKeyPref
id-smime-aa 12		: id-smime-aa-signingCertificate
id-smime-aa 13		: id-smime-aa-smimeEncryptCerts
id-smime-aa 14		: id-smime-aa-timeStampToken
id-smime-aa 15		: id-smime-aa-ets-sigPolicyId
id-smime-aa 16		: id-smime-aa-ets-commitmentType
id-smime-aa 17		: id-smime-aa-ets-signerLocation
id-smime-aa 18		: id-smime-aa-ets-signerAttr
id-smime-aa 19		: id-smime-aa-ets-otherSigCert
id-smime-aa 20		: id-smime-aa-ets-contentTimestamp
id-smime-aa 21		: id-smime-aa-ets-CertificateRefs
id-smime-aa 22		: id-smime-aa-ets-RevocationRefs
id-smime-aa 23		: id-smime-aa-ets-certValues
id-smime-aa 24		: id-smime-aa-ets-revocationValues
id-smime-aa 25		: id-smime-aa-ets-escTimeStamp
id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp
id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
id-smime-aa 28		: id-smime-aa-signatureType
id-smime-aa 29		: id-smime-aa-dvcs-dvc

# S/MIME Algorithm Identifiers
# obsolete
id-smime-alg 1		: id-smime-alg-ESDHwith3DES
# obsolete
id-smime-alg 2		: id-smime-alg-ESDHwithRC2
# obsolete
id-smime-alg 3		: id-smime-alg-3DESwrap
# obsolete
id-smime-alg 4		: id-smime-alg-RC2wrap
id-smime-alg 5		: id-smime-alg-ESDH
id-smime-alg 6		: id-smime-alg-CMS3DESwrap
id-smime-alg 7		: id-smime-alg-CMSRC2wrap

# S/MIME Certificate Distribution
id-smime-cd 1		: id-smime-cd-ldap

# S/MIME Signature Policy Qualifier
id-smime-spq 1		: id-smime-spq-ets-sqt-uri
id-smime-spq 2		: id-smime-spq-ets-sqt-unotice

# S/MIME Commitment Type Identifier
id-smime-cti 1		: id-smime-cti-ets-proofOfOrigin
id-smime-cti 2		: id-smime-cti-ets-proofOfReceipt
id-smime-cti 3		: id-smime-cti-ets-proofOfDelivery
id-smime-cti 4		: id-smime-cti-ets-proofOfSender
id-smime-cti 5		: id-smime-cti-ets-proofOfApproval
id-smime-cti 6		: id-smime-cti-ets-proofOfCreation

pkcs9 20		:			: friendlyName
pkcs9 21		:			: localKeyID
!Cname ms-csp-name
1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name
!Alias certTypes pkcs9 22
certTypes 1		:			: x509Certificate
certTypes 2		:			: sdsiCertificate
!Alias crlTypes pkcs9 23
crlTypes 1		:			: x509Crl

!Alias pkcs12 pkcs 12
!Alias pkcs12-pbeids pkcs12 1

!Cname pbe-WithSHA1And128BitRC4
pkcs12-pbeids 1		: PBE-SHA1-RC4-128	: pbeWithSHA1And128BitRC4
!Cname pbe-WithSHA1And40BitRC4
pkcs12-pbeids 2		: PBE-SHA1-RC4-40	: pbeWithSHA1And40BitRC4
!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
pkcs12-pbeids 3		: PBE-SHA1-3DES		: pbeWithSHA1And3-KeyTripleDES-CBC
!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
pkcs12-pbeids 4		: PBE-SHA1-2DES		: pbeWithSHA1And2-KeyTripleDES-CBC
!Cname pbe-WithSHA1And128BitRC2-CBC
pkcs12-pbeids 5		: PBE-SHA1-RC2-128	: pbeWithSHA1And128BitRC2-CBC
!Cname pbe-WithSHA1And40BitRC2-CBC
pkcs12-pbeids 6		: PBE-SHA1-RC2-40	: pbeWithSHA1And40BitRC2-CBC

!Alias pkcs12-Version1 pkcs12 10
!Alias pkcs12-BagIds pkcs12-Version1 1
pkcs12-BagIds 1		:			: keyBag
pkcs12-BagIds 2		:			: pkcs8ShroudedKeyBag
pkcs12-BagIds 3		:			: certBag
pkcs12-BagIds 4		:			: crlBag
pkcs12-BagIds 5		:			: secretBag
pkcs12-BagIds 6		:			: safeContentsBag

rsadsi 2 2		: MD2			: md2
rsadsi 2 4		: MD4			: md4
rsadsi 2 5		: MD5			: md5
			: MD5-SHA1		: md5-sha1
rsadsi 2 7		:			: hmacWithSHA1
rsadsi 3 2		: RC2-CBC		: rc2-cbc
			: RC2-ECB		: rc2-ecb
!Cname rc2-cfb64
			: RC2-CFB		: rc2-cfb
!Cname rc2-ofb64
			: RC2-OFB		: rc2-ofb
			: RC2-40-CBC		: rc2-40-cbc
			: RC2-64-CBC		: rc2-64-cbc
rsadsi 3 4		: RC4			: rc4
			: RC4-40		: rc4-40
rsadsi 3 7		: DES-EDE3-CBC		: des-ede3-cbc
rsadsi 3 8		: RC5-CBC		: rc5-cbc
			: RC5-ECB		: rc5-ecb
!Cname rc5-cfb64
			: RC5-CFB		: rc5-cfb
!Cname rc5-ofb64
			: RC5-OFB		: rc5-ofb

!Cname ms-ext-req
1 3 6 1 4 1 311 2 1 14	: msExtReq		: Microsoft Extension Request
!Cname ms-code-ind
1 3 6 1 4 1 311 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
!Cname ms-code-com
1 3 6 1 4 1 311 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
!Cname ms-ctl-sign
1 3 6 1 4 1 311 10 3 1	: msCTLSign		: Microsoft Trust List Signing
!Cname ms-sgc
1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
!Cname ms-efs
1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
!Cname ms-smartcard-login
1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
!Cname ms-upn
1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name

1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
			: IDEA-ECB		: idea-ecb
!Cname idea-cfb64
			: IDEA-CFB		: idea-cfb
!Cname idea-ofb64
			: IDEA-OFB		: idea-ofb

1 3 6 1 4 1 3029 1 2	: BF-CBC		: bf-cbc
			: BF-ECB		: bf-ecb
!Cname bf-cfb64
			: BF-CFB		: bf-cfb
!Cname bf-ofb64
			: BF-OFB		: bf-ofb

!Cname id-pkix
1 3 6 1 5 5 7		: PKIX

# PKIX Arcs
id-pkix 0		: id-pkix-mod
id-pkix 1		: id-pe
id-pkix 2		: id-qt
id-pkix 3		: id-kp
id-pkix 4		: id-it
id-pkix 5		: id-pkip
id-pkix 6		: id-alg
id-pkix 7		: id-cmc
id-pkix 8		: id-on
id-pkix 9		: id-pda
id-pkix 10		: id-aca
id-pkix 11		: id-qcs
id-pkix 12		: id-cct
id-pkix 21		: id-ppl
id-pkix 48		: id-ad

# PKIX Modules
id-pkix-mod 1		: id-pkix1-explicit-88
id-pkix-mod 2		: id-pkix1-implicit-88
id-pkix-mod 3		: id-pkix1-explicit-93
id-pkix-mod 4		: id-pkix1-implicit-93
id-pkix-mod 5		: id-mod-crmf
id-pkix-mod 6		: id-mod-cmc
id-pkix-mod 7		: id-mod-kea-profile-88
id-pkix-mod 8		: id-mod-kea-profile-93
id-pkix-mod 9		: id-mod-cmp
id-pkix-mod 10		: id-mod-qualified-cert-88
id-pkix-mod 11		: id-mod-qualified-cert-93
id-pkix-mod 12		: id-mod-attribute-cert
id-pkix-mod 13		: id-mod-timestamp-protocol
id-pkix-mod 14		: id-mod-ocsp
id-pkix-mod 15		: id-mod-dvcs
id-pkix-mod 16		: id-mod-cmp2000

# PKIX Private Extensions
!Cname info-access
id-pe 1			: authorityInfoAccess	: Authority Information Access
id-pe 2			: biometricInfo		: Biometric Info
id-pe 3			: qcStatements
id-pe 4			: ac-auditEntity
id-pe 5			: ac-targeting
id-pe 6			: aaControls
id-pe 7			: sbgp-ipAddrBlock
id-pe 8			: sbgp-autonomousSysNum
id-pe 9			: sbgp-routerIdentifier
id-pe 10		: ac-proxying
!Cname sinfo-access
id-pe 11		: subjectInfoAccess	: Subject Information Access
id-pe 14		: proxyCertInfo		: Proxy Certificate Information

# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1			: id-qt-cps		: Policy Qualifier CPS
id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice
id-qt 3			: textNotice

# PKIX key purpose identifiers
!Cname server-auth
id-kp 1			: serverAuth		: TLS Web Server Authentication
!Cname client-auth
id-kp 2			: clientAuth		: TLS Web Client Authentication
!Cname code-sign
id-kp 3			: codeSigning		: Code Signing
!Cname email-protect
id-kp 4			: emailProtection	: E-mail Protection
id-kp 5			: ipsecEndSystem	: IPSec End System
id-kp 6			: ipsecTunnel		: IPSec Tunnel
id-kp 7			: ipsecUser		: IPSec User
!Cname time-stamp
id-kp 8			: timeStamping		: Time Stamping
# From OCSP spec RFC2560
!Cname OCSP-sign
id-kp 9			: OCSPSigning		: OCSP Signing
id-kp 10		: DVCS			: dvcs

# CMP information types
id-it 1			: id-it-caProtEncCert
id-it 2			: id-it-signKeyPairTypes
id-it 3			: id-it-encKeyPairTypes
id-it 4			: id-it-preferredSymmAlg
id-it 5			: id-it-caKeyUpdateInfo
id-it 6			: id-it-currentCRL
id-it 7			: id-it-unsupportedOIDs
# obsolete
id-it 8			: id-it-subscriptionRequest
# obsolete
id-it 9			: id-it-subscriptionResponse
id-it 10		: id-it-keyPairParamReq
id-it 11		: id-it-keyPairParamRep
id-it 12		: id-it-revPassphrase
id-it 13		: id-it-implicitConfirm
id-it 14		: id-it-confirmWaitTime
id-it 15		: id-it-origPKIMessage

# CRMF registration
id-pkip 1		: id-regCtrl
id-pkip 2		: id-regInfo

# CRMF registration controls
id-regCtrl 1		: id-regCtrl-regToken
id-regCtrl 2		: id-regCtrl-authenticator
id-regCtrl 3		: id-regCtrl-pkiPublicationInfo
id-regCtrl 4		: id-regCtrl-pkiArchiveOptions
id-regCtrl 5		: id-regCtrl-oldCertID
id-regCtrl 6		: id-regCtrl-protocolEncrKey

# CRMF registration information
id-regInfo 1		: id-regInfo-utf8Pairs
id-regInfo 2		: id-regInfo-certReq

# algorithms
id-alg 1		: id-alg-des40
id-alg 2		: id-alg-noSignature
id-alg 3		: id-alg-dh-sig-hmac-sha1
id-alg 4		: id-alg-dh-pop

# CMC controls
id-cmc 1		: id-cmc-statusInfo
id-cmc 2		: id-cmc-identification
id-cmc 3		: id-cmc-identityProof
id-cmc 4		: id-cmc-dataReturn
id-cmc 5		: id-cmc-transactionId
id-cmc 6		: id-cmc-senderNonce
id-cmc 7		: id-cmc-recipientNonce
id-cmc 8		: id-cmc-addExtensions
id-cmc 9		: id-cmc-encryptedPOP
id-cmc 10		: id-cmc-decryptedPOP
id-cmc 11		: id-cmc-lraPOPWitness
id-cmc 15		: id-cmc-getCert
id-cmc 16		: id-cmc-getCRL
id-cmc 17		: id-cmc-revokeRequest
id-cmc 18		: id-cmc-regInfo
id-cmc 19		: id-cmc-responseInfo
id-cmc 21		: id-cmc-queryPending
id-cmc 22		: id-cmc-popLinkRandom
id-cmc 23		: id-cmc-popLinkWitness
id-cmc 24		: id-cmc-confirmCertAcceptance

# other names
id-on 1			: id-on-personalData

# personal data attributes
id-pda 1		: id-pda-dateOfBirth
id-pda 2		: id-pda-placeOfBirth
id-pda 3		: id-pda-gender
id-pda 4		: id-pda-countryOfCitizenship
id-pda 5		: id-pda-countryOfResidence

# attribute certificate attributes
id-aca 1		: id-aca-authenticationInfo
id-aca 2		: id-aca-accessIdentity
id-aca 3		: id-aca-chargingIdentity
id-aca 4		: id-aca-group
# attention : the following seems to be obsolete, replace by 'role'
id-aca 5		: id-aca-role
id-aca 6		: id-aca-encAttrs

# qualified certificate statements
id-qcs 1		: id-qcs-pkixQCSyntax-v1

# CMC content types
id-cct 1		: id-cct-crs
id-cct 2		: id-cct-PKIData
id-cct 3		: id-cct-PKIResponse

# Predefined Proxy Certificate policy languages
id-ppl 0		: id-ppl-anyLanguage	: Any language
id-ppl 1		: id-ppl-inheritAll	: Inherit all
id-ppl 2		: id-ppl-independent	: Independent

# access descriptors for authority info access extension
!Cname ad-OCSP
id-ad 1			: OCSP			: OCSP
!Cname ad-ca-issuers
id-ad 2			: caIssuers		: CA Issuers
!Cname ad-timeStamping
id-ad 3			: ad_timestamping	: AD Time Stamping
!Cname ad-dvcs
id-ad 4			: AD_DVCS		: ad dvcs


!Alias id-pkix-OCSP ad-OCSP
!module id-pkix-OCSP
!Cname basic
id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
id-pkix-OCSP 2		: Nonce			: OCSP Nonce
id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
id-pkix-OCSP 5		: noCheck		: OCSP No Check
id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status
id-pkix-OCSP 9		: valid
id-pkix-OCSP 10		: path
id-pkix-OCSP 11		: trustRoot		: Trust Root
!global

1 3 14 3 2		: algorithm		: algorithm
algorithm 3		: RSA-NP-MD5		: md5WithRSA
algorithm 6		: DES-ECB		: des-ecb
algorithm 7		: DES-CBC		: des-cbc
!Cname des-ofb64
algorithm 8		: DES-OFB		: des-ofb
!Cname des-cfb64
algorithm 9		: DES-CFB		: des-cfb
algorithm 11		: rsaSignature
!Cname dsa-2
algorithm 12		: DSA-old		: dsaEncryption-old
algorithm 13		: DSA-SHA		: dsaWithSHA
algorithm 15		: RSA-SHA		: shaWithRSAEncryption
!Cname des-ede-ecb
algorithm 17		: DES-EDE		: des-ede
!Cname des-ede3-ecb
			: DES-EDE3		: des-ede3
			: DES-EDE-CBC		: des-ede-cbc
!Cname des-ede-cfb64
			: DES-EDE-CFB		: des-ede-cfb
!Cname des-ede3-cfb64
			: DES-EDE3-CFB		: des-ede3-cfb
!Cname des-ede-ofb64
			: DES-EDE-OFB		: des-ede-ofb
!Cname des-ede3-ofb64
			: DES-EDE3-OFB		: des-ede3-ofb
			: DESX-CBC		: desx-cbc
algorithm 18		: SHA			: sha
algorithm 26		: SHA1			: sha1
!Cname dsaWithSHA1-2
algorithm 27		: DSA-SHA1-old		: dsaWithSHA1-old
algorithm 29		: RSA-SHA1-2		: sha1WithRSA

1 3 36 3 2 1		: RIPEMD160		: ripemd160
1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA

!Cname sxnet
1 3 101 1 4 1		: SXNetID		: Strong Extranet ID

2 5			: X500			: directory services (X.500)

X500 4			: X509
X509 3			: CN			: commonName
X509 4			: SN			: surname
X509 5			: 			: serialNumber
X509 6			: C			: countryName
X509 7			: L			: localityName
X509 8			: ST			: stateOrProvinceName
X509 9			:			: streetAddress
X509 10			: O			: organizationName
X509 11			: OU			: organizationalUnitName
X509 12			: 			: title
X509 13			: 			: description
X509 17			:			: postalCode
X509 41			: name			: name
X509 42			: GN			: givenName
X509 43			: 			: initials
X509 44			: 			: generationQualifier
X509 45			: 			: x500UniqueIdentifier
X509 46			: dnQualifier		: dnQualifier
X509 65			:			: pseudonym
X509 72			: role			: role

X500 8			: X500algorithms	: directory services - algorithms
X500algorithms 1 1	: RSA			: rsa
X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
X500algorithms 3 101	: MDC2			: mdc2

X500 29			: id-ce
!Cname subject-key-identifier
id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier
!Cname key-usage
id-ce 15		: keyUsage		: X509v3 Key Usage
!Cname private-key-usage-period
id-ce 16		: privateKeyUsagePeriod	: X509v3 Private Key Usage Period
!Cname subject-alt-name
id-ce 17		: subjectAltName	: X509v3 Subject Alternative Name
!Cname issuer-alt-name
id-ce 18		: issuerAltName		: X509v3 Issuer Alternative Name
!Cname basic-constraints
id-ce 19		: basicConstraints	: X509v3 Basic Constraints
!Cname crl-number
id-ce 20		: crlNumber		: X509v3 CRL Number
!Cname crl-reason
id-ce 21		: CRLReason		: X509v3 CRL Reason Code
!Cname invalidity-date
id-ce 24		: invalidityDate	: Invalidity Date
!Cname delta-crl
id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
!Cname name-constraints
id-ce 30		: nameConstraints	: X509v3 Name Constraints
!Cname crl-distribution-points
id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
!Cname certificate-policies
id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
!Cname any-policy
certificate-policies 0	: anyPolicy		: X509v3 Any Policy
!Cname policy-mappings
id-ce 33		: policyMappings	: X509v3 Policy Mappings
!Cname authority-key-identifier
id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
!Cname policy-constraints
id-ce 36		: policyConstraints	: X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
!Cname inhibit-any-policy
id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
!Cname target-information
id-ce 55		: targetInformation	: X509v3 AC Targeting
!Cname no-rev-avail
id-ce 56		: noRevAvail		: X509v3 No Revocation Available

!Cname netscape
2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
!Cname netscape-cert-extension
netscape 1		: nsCertExt		: Netscape Certificate Extension
!Cname netscape-data-type
netscape 2		: nsDataType		: Netscape Data Type
!Cname netscape-cert-type
netscape-cert-extension 1 : nsCertType		: Netscape Cert Type
!Cname netscape-base-url
netscape-cert-extension 2 : nsBaseUrl		: Netscape Base Url
!Cname netscape-revocation-url
netscape-cert-extension 3 : nsRevocationUrl	: Netscape Revocation Url
!Cname netscape-ca-revocation-url
netscape-cert-extension 4 : nsCaRevocationUrl	: Netscape CA Revocation Url
!Cname netscape-renewal-url
netscape-cert-extension 7 : nsRenewalUrl	: Netscape Renewal Url
!Cname netscape-ca-policy-url
netscape-cert-extension 8 : nsCaPolicyUrl	: Netscape CA Policy Url
!Cname netscape-ssl-server-name
netscape-cert-extension 12 : nsSslServerName	: Netscape SSL Server Name
!Cname netscape-comment
netscape-cert-extension 13 : nsComment		: Netscape Comment
!Cname netscape-cert-sequence
netscape-data-type 5	: nsCertSequence	: Netscape Certificate Sequence
!Cname ns-sgc
netscape 4 1		: nsSGC			: Netscape Server Gated Crypto

# iso(1)
iso 3			: ORG			: org
org 6			: DOD			: dod
dod 1			: IANA			: iana
!Alias internet iana

internet 1		: directory		: Directory
internet 2		: mgmt			: Management
internet 3		: experimental		: Experimental
internet 4		: private		: Private
internet 5		: security		: Security
internet 6		: snmpv2		: SNMPv2
# Documents refer to "internet 7" as "mail". This however leads to ambiguities
# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
# rfc822Mailbox. The short name is therefore here left out for a reason.
# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
# references are realized via long name "Mail" (with capital M).
internet 7		:			: Mail

Private 1		: enterprises		: Enterprises

# RFC 2247
Enterprises 1466 344	: dcobject		: dcObject

# RFC 1495
Mail 1			: mime-mhs		: MIME MHS
mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings
mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies
mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message
mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message

# What the hell are these OIDs, really?
!Cname rle-compression
1 1 1 1 666 1		: RLE			: run length compression
!Cname zlib-compression
1 1 1 1 666 2		: ZLIB			: zlib compression

# AES aka Rijndael

!Alias csor 2 16 840 1 101 3
!Alias nistAlgorithms csor 4
!Alias aes nistAlgorithms 1

aes 1			: AES-128-ECB		: aes-128-ecb
aes 2			: AES-128-CBC		: aes-128-cbc
!Cname aes-128-ofb128
aes 3			: AES-128-OFB		: aes-128-ofb
!Cname aes-128-cfb128
aes 4			: AES-128-CFB		: aes-128-cfb

aes 21			: AES-192-ECB		: aes-192-ecb
aes 22			: AES-192-CBC		: aes-192-cbc
!Cname aes-192-ofb128
aes 23			: AES-192-OFB		: aes-192-ofb
!Cname aes-192-cfb128
aes 24			: AES-192-CFB		: aes-192-cfb

aes 41			: AES-256-ECB		: aes-256-ecb
aes 42			: AES-256-CBC		: aes-256-cbc
!Cname aes-256-ofb128
aes 43			: AES-256-OFB		: aes-256-ofb
!Cname aes-256-cfb128
aes 44			: AES-256-CFB		: aes-256-cfb

# There are no OIDs for these modes...

			: AES-128-CFB1		: aes-128-cfb1
			: AES-192-CFB1		: aes-192-cfb1
			: AES-256-CFB1		: aes-256-cfb1
			: AES-128-CFB8		: aes-128-cfb8
			: AES-192-CFB8		: aes-192-cfb8
			: AES-256-CFB8		: aes-256-cfb8
			: DES-CFB1		: des-cfb1
			: DES-CFB8		: des-cfb8
			: DES-EDE3-CFB1		: des-ede3-cfb1
			: DES-EDE3-CFB8		: des-ede3-cfb8

# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1		: SHA256		: sha256
nist_hashalgs 2		: SHA384		: sha384
nist_hashalgs 3		: SHA512		: sha512
nist_hashalgs 4		: SHA224		: sha224

# Hold instruction CRL entry extension
!Cname hold-instruction-code
id-ce 23		: holdInstructionCode	: Hold Instruction Code
!Alias holdInstruction	X9-57 2
!Cname hold-instruction-none
holdInstruction 1	: holdInstructionNone	: Hold Instruction None
!Cname hold-instruction-call-issuer
holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
!Cname hold-instruction-reject
holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject

# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of
# them are also mentioned in RFC 2247
itu-t 9			: data
data 2342		: pss
pss 19200300		: ucl
ucl 100			: pilot
pilot 1			:			: pilotAttributeType
pilot 3			:			: pilotAttributeSyntax
pilot 4			:			: pilotObjectClass
pilot 10		:			: pilotGroups
pilotAttributeSyntax 4	:			: iA5StringSyntax
pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax
pilotObjectClass 3	:			: pilotObject
pilotObjectClass 4	:			: pilotPerson
pilotObjectClass 5	: account
pilotObjectClass 6	: document
pilotObjectClass 7	: room
pilotObjectClass 9	:			: documentSeries
pilotObjectClass 13	: domain		: Domain
pilotObjectClass 14	:			: rFC822localPart
pilotObjectClass 15	:			: dNSDomain
pilotObjectClass 17	:			: domainRelatedObject
pilotObjectClass 18	:			: friendlyCountry
pilotObjectClass 19	:			: simpleSecurityObject
pilotObjectClass 20	:			: pilotOrganization
pilotObjectClass 21	:			: pilotDSA
pilotObjectClass 22	:			: qualityLabelledData
pilotAttributeType 1	: UID			: userId
pilotAttributeType 2	:			: textEncodedORAddress
pilotAttributeType 3	: mail			: rfc822Mailbox
pilotAttributeType 4	: info
pilotAttributeType 5	:			: favouriteDrink
pilotAttributeType 6	:			: roomNumber
pilotAttributeType 7	: photo
pilotAttributeType 8	:			: userClass
pilotAttributeType 9	: host
pilotAttributeType 10	: manager
pilotAttributeType 11	:			: documentIdentifier
pilotAttributeType 12	:			: documentTitle
pilotAttributeType 13	:			: documentVersion
pilotAttributeType 14	:			: documentAuthor
pilotAttributeType 15	:			: documentLocation
pilotAttributeType 20	:			: homeTelephoneNumber
pilotAttributeType 21	: secretary
pilotAttributeType 22	:			: otherMailbox
pilotAttributeType 23	:			: lastModifiedTime
pilotAttributeType 24	:			: lastModifiedBy
pilotAttributeType 25	: DC			: domainComponent
pilotAttributeType 26	:			: aRecord
pilotAttributeType 27	:			: pilotAttributeType27
pilotAttributeType 28	:			: mXRecord
pilotAttributeType 29	:			: nSRecord
pilotAttributeType 30	:			: sOARecord
pilotAttributeType 31	:			: cNAMERecord
pilotAttributeType 37	:			: associatedDomain
pilotAttributeType 38	:			: associatedName
pilotAttributeType 39	:			: homePostalAddress
pilotAttributeType 40	:			: personalTitle
pilotAttributeType 41	:			: mobileTelephoneNumber
pilotAttributeType 42	:			: pagerTelephoneNumber
pilotAttributeType 43	:			: friendlyCountryName
# The following clashes with 2.5.4.45, so commented away
#pilotAttributeType 44	: uid			: uniqueIdentifier
pilotAttributeType 45	:			: organizationalStatus
pilotAttributeType 46	:			: janetMailbox
pilotAttributeType 47	:			: mailPreferenceOption
pilotAttributeType 48	:			: buildingName
pilotAttributeType 49	:			: dSAQuality
pilotAttributeType 50	:			: singleLevelQuality
pilotAttributeType 51	:			: subtreeMinimumQuality
pilotAttributeType 52	:			: subtreeMaximumQuality
pilotAttributeType 53	:			: personalSignature
pilotAttributeType 54	:			: dITRedirect
pilotAttributeType 55	: audio
pilotAttributeType 56	:			: documentPublisher

international-organizations 42	: id-set	: Secure Electronic Transactions

id-set 0		: set-ctype		: content types
id-set 1		: set-msgExt		: message extensions
id-set 3		: set-attr
id-set 5		: set-policy
id-set 7		: set-certExt		: certificate extensions
id-set 8		: set-brand

set-ctype 0		: setct-PANData
set-ctype 1		: setct-PANToken
set-ctype 2		: setct-PANOnly
set-ctype 3		: setct-OIData
set-ctype 4		: setct-PI
set-ctype 5		: setct-PIData
set-ctype 6		: setct-PIDataUnsigned
set-ctype 7		: setct-HODInput
set-ctype 8		: setct-AuthResBaggage
set-ctype 9		: setct-AuthRevReqBaggage
set-ctype 10		: setct-AuthRevResBaggage
set-ctype 11		: setct-CapTokenSeq
set-ctype 12		: setct-PInitResData
set-ctype 13		: setct-PI-TBS
set-ctype 14		: setct-PResData
set-ctype 16		: setct-AuthReqTBS
set-ctype 17		: setct-AuthResTBS
set-ctype 18		: setct-AuthResTBSX
set-ctype 19		: setct-AuthTokenTBS
set-ctype 20		: setct-CapTokenData
set-ctype 21		: setct-CapTokenTBS
set-ctype 22		: setct-AcqCardCodeMsg
set-ctype 23		: setct-AuthRevReqTBS
set-ctype 24		: setct-AuthRevResData
set-ctype 25		: setct-AuthRevResTBS
set-ctype 26		: setct-CapReqTBS
set-ctype 27		: setct-CapReqTBSX
set-ctype 28		: setct-CapResData
set-ctype 29		: setct-CapRevReqTBS
set-ctype 30		: setct-CapRevReqTBSX
set-ctype 31		: setct-CapRevResData
set-ctype 32		: setct-CredReqTBS
set-ctype 33		: setct-CredReqTBSX
set-ctype 34		: setct-CredResData
set-ctype 35		: setct-CredRevReqTBS
set-ctype 36		: setct-CredRevReqTBSX
set-ctype 37		: setct-CredRevResData
set-ctype 38		: setct-PCertReqData
set-ctype 39		: setct-PCertResTBS
set-ctype 40		: setct-BatchAdminReqData
set-ctype 41		: setct-BatchAdminResData
set-ctype 42		: setct-CardCInitResTBS
set-ctype 43		: setct-MeAqCInitResTBS
set-ctype 44		: setct-RegFormResTBS
set-ctype 45		: setct-CertReqData
set-ctype 46		: setct-CertReqTBS
set-ctype 47		: setct-CertResData
set-ctype 48		: setct-CertInqReqTBS
set-ctype 49		: setct-ErrorTBS
set-ctype 50		: setct-PIDualSignedTBE
set-ctype 51		: setct-PIUnsignedTBE
set-ctype 52		: setct-AuthReqTBE
set-ctype 53		: setct-AuthResTBE
set-ctype 54		: setct-AuthResTBEX
set-ctype 55		: setct-AuthTokenTBE
set-ctype 56		: setct-CapTokenTBE
set-ctype 57		: setct-CapTokenTBEX
set-ctype 58		: setct-AcqCardCodeMsgTBE
set-ctype 59		: setct-AuthRevReqTBE
set-ctype 60		: setct-AuthRevResTBE
set-ctype 61		: setct-AuthRevResTBEB
set-ctype 62		: setct-CapReqTBE
set-ctype 63		: setct-CapReqTBEX
set-ctype 64		: setct-CapResTBE
set-ctype 65		: setct-CapRevReqTBE
set-ctype 66		: setct-CapRevReqTBEX
set-ctype 67		: setct-CapRevResTBE
set-ctype 68		: setct-CredReqTBE
set-ctype 69		: setct-CredReqTBEX
set-ctype 70		: setct-CredResTBE
set-ctype 71		: setct-CredRevReqTBE
set-ctype 72		: setct-CredRevReqTBEX
set-ctype 73		: setct-CredRevResTBE
set-ctype 74		: setct-BatchAdminReqTBE
set-ctype 75		: setct-BatchAdminResTBE
set-ctype 76		: setct-RegFormReqTBE
set-ctype 77		: setct-CertReqTBE
set-ctype 78		: setct-CertReqTBEX
set-ctype 79		: setct-CertResTBE
set-ctype 80		: setct-CRLNotificationTBS
set-ctype 81		: setct-CRLNotificationResTBS
set-ctype 82		: setct-BCIDistributionTBS

set-msgExt 1		: setext-genCrypt	: generic cryptogram
set-msgExt 3		: setext-miAuth		: merchant initiated auth
set-msgExt 4		: setext-pinSecure
set-msgExt 5		: setext-pinAny
set-msgExt 7		: setext-track2
set-msgExt 8		: setext-cv		: additional verification

set-policy 0		: set-policy-root

set-certExt 0		: setCext-hashedRoot
set-certExt 1		: setCext-certType
set-certExt 2		: setCext-merchData
set-certExt 3		: setCext-cCertRequired
set-certExt 4		: setCext-tunneling
set-certExt 5		: setCext-setExt
set-certExt 6		: setCext-setQualf
set-certExt 7		: setCext-PGWYcapabilities
set-certExt 8		: setCext-TokenIdentifier
set-certExt 9		: setCext-Track2Data
set-certExt 10		: setCext-TokenType
set-certExt 11		: setCext-IssuerCapabilities

set-attr 0		: setAttr-Cert
set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities
set-attr 2		: setAttr-TokenType
set-attr 3		: setAttr-IssCap	: issuer capabilities

setAttr-Cert 0		: set-rootKeyThumb
setAttr-Cert 1		: set-addPolicy

setAttr-TokenType 1	: setAttr-Token-EMV
setAttr-TokenType 2	: setAttr-Token-B0Prime

setAttr-IssCap 3	: setAttr-IssCap-CVM
setAttr-IssCap 4	: setAttr-IssCap-T2
setAttr-IssCap 5	: setAttr-IssCap-Sig

setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram
setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2
setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2

setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature
setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature

set-brand 1		: set-brand-IATA-ATA
set-brand 30		: set-brand-Diners
set-brand 34		: set-brand-AmericanExpress
set-brand 35		: set-brand-JCB
set-brand 4		: set-brand-Visa
set-brand 5		: set-brand-MasterCard
set-brand 6011		: set-brand-Novus

rsadsi 3 10		: DES-CDMF		: des-cdmf
rsadsi 1 1 6		: rsaOAEPEncryptionSET

			: Oakley-EC2N-3		: ipsec3
			: Oakley-EC2N-4		: ipsec4