From 6b882a3918590b9c0f45643323adae9862eedde5 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko <807634+merlokk@users.noreply.github.com> Date: Sun, 25 Nov 2018 17:56:12 +0200 Subject: [PATCH] Fido U2F complete (#716) * add pkwrite * asn1print * asn1dump and CA * added PrintAndLogEx for merge commits between repo easier than now * changelog --- CHANGELOG.md | 1 + client/Makefile | 2 + client/cmdhffido.c | 191 ++- client/crypto/asn1dump.c | 353 ++++++ client/crypto/asn1dump.h | 21 + client/crypto/asn1utils.c | 29 +- client/crypto/asn1utils.h | 2 +- client/crypto/libpcrypto.c | 26 + client/crypto/libpcrypto.h | 2 + client/crypto/oids.json | 2325 +++++++++++++++++++++++++++++++++++ client/emv/emvjson.c | 17 + client/emv/emvjson.h | 1 + client/fido/additional_ca.c | 63 + client/fido/additional_ca.h | 21 + client/obj/fido/.dummy | 0 client/ui.c | 72 ++ client/ui.h | 4 + client/util.c | 29 + client/util.h | 43 + common/mbedtls/Makefile | 1 + common/mbedtls/pkwrite.c | 517 ++++++++ 21 files changed, 3703 insertions(+), 17 deletions(-) create mode 100644 client/crypto/asn1dump.c create mode 100644 client/crypto/asn1dump.h create mode 100644 client/crypto/oids.json create mode 100644 client/fido/additional_ca.c create mode 100644 client/fido/additional_ca.h create mode 100644 client/obj/fido/.dummy create mode 100644 common/mbedtls/pkwrite.c diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b134562..b0073f34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ### Changed - Changed hf mfp security. Now it works in all the modes. (drHatson) +- `hf fido` - show/check DER certificate and signatures (Merlok) ### Fixed diff --git a/client/Makefile b/client/Makefile index a049ae5a..5ed4ea49 100644 --- a/client/Makefile +++ b/client/Makefile @@ -109,8 +109,10 @@ CMDSRCS = $(SRC_SMARTCARD) \ crapto1/crypto1.c\ crypto/libpcrypto.c\ crypto/asn1utils.c\ + crypto/asn1dump.c\ cliparser/argtable3.c\ cliparser/cliparser.c\ + fido/additional_ca.c \ mfkey.c\ loclass/cipher.c \ loclass/cipherutils.c \ diff --git a/client/cmdhffido.c b/client/cmdhffido.c index fd97ace5..e2d6c091 100644 --- a/client/cmdhffido.c +++ b/client/cmdhffido.c @@ -39,6 +39,12 @@ #include "emv/emvjson.h" #include "emv/dump.h" #include "cliparser/cliparser.h" +#include "crypto/asn1utils.h" +#include "crypto/libpcrypto.h" +#include "fido/additional_ca.h" +#include "mbedtls/x509_crt.h" +#include "mbedtls/x509.h" +#include "mbedtls/pk.h" static int CmdHelp(const char *Cmd); @@ -201,8 +207,9 @@ int CmdHFFidoRegister(const char *cmd) { void* argtable[] = { arg_param_begin, arg_lit0("aA", "apdu", "show APDU reqests and responses"), - arg_lit0("vV", "verbose", "show technical data"), + arg_litn("vV", "verbose", 0, 2, "show technical data. vv - show full certificates data"), arg_lit0("pP", "plain", "send plain ASCII to challenge and application parameters instead of HEX"), + arg_lit0("tT", "tlv", "Show DER certificate contents in TLV representation"), arg_str0("jJ", "json", "fido.json", "JSON input / output file name for parameters."), arg_str0(NULL, NULL, "", NULL), arg_str0(NULL, NULL, "", NULL), @@ -212,11 +219,13 @@ int CmdHFFidoRegister(const char *cmd) { bool APDULogging = arg_get_lit(1); bool verbose = arg_get_lit(2); + bool verbose2 = arg_get_lit(2) > 1; bool paramsPlain = arg_get_lit(3); + bool showDERTLV = arg_get_lit(4); char fname[250] = {0}; bool err; - root = OpenJson(4, fname, argtable, &err); + root = OpenJson(5, fname, argtable, &err); if(err) return 1; if (root) { @@ -227,13 +236,13 @@ int CmdHFFidoRegister(const char *cmd) { if (paramsPlain) { memset(cdata, 0x00, 32); - CLIGetStrWithReturn(5, cdata, &chlen); + CLIGetStrWithReturn(6, cdata, &chlen); if (chlen && chlen > 16) { PrintAndLog("ERROR: challenge parameter length in ASCII mode must be less than 16 chars instead of: %d", chlen); return 1; } } else { - CLIGetHexWithReturn(5, cdata, &chlen); + CLIGetHexWithReturn(6, cdata, &chlen); if (chlen && chlen != 32) { PrintAndLog("ERROR: challenge parameter length must be 32 bytes only."); return 1; @@ -245,13 +254,13 @@ int CmdHFFidoRegister(const char *cmd) { if (paramsPlain) { memset(adata, 0x00, 32); - CLIGetStrWithReturn(6, adata, &applen); + CLIGetStrWithReturn(7, adata, &applen); if (applen && applen > 16) { PrintAndLog("ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", applen); return 1; } } else { - CLIGetHexWithReturn(6, adata, &applen); + CLIGetHexWithReturn(7, adata, &applen); if (applen && applen != 32) { PrintAndLog("ERROR: application parameter length must be 32 bytes only."); return 1; @@ -302,7 +311,7 @@ int CmdHFFidoRegister(const char *cmd) { if (APDULogging) PrintAndLog("---------------------------------------------------------------"); PrintAndLog("data len: %d", len); - if (verbose) { + if (verbose2) { PrintAndLog("--------------data----------------------"); dump_buffer((const unsigned char *)buf, len, NULL, 0); PrintAndLog("--------------data----------------------"); @@ -319,20 +328,119 @@ int CmdHFFidoRegister(const char *cmd) { int derp = 67 + keyHandleLen; int derLen = (buf[derp + 2] << 8) + buf[derp + 3] + 4; - // needs to decode DER certificate - if (verbose) { - PrintAndLog("DER certificate[%d]:------------------DER-------------------", derLen); - dump_buffer_simple((const unsigned char *)&buf[67 + keyHandleLen], derLen, NULL); + if (verbose2) { + PrintAndLog("DER certificate[%d]:\n------------------DER-------------------", derLen); + dump_buffer_simple((const unsigned char *)&buf[derp], derLen, NULL); PrintAndLog("\n----------------DER---------------------"); } else { + if (verbose) + PrintAndLog("------------------DER-------------------"); PrintAndLog("DER certificate[%d]: %s...", derLen, sprint_hex(&buf[derp], 20)); } + // check and print DER certificate + uint8_t public_key[65] = {0}; + + // print DER certificate in TLV view + if (showDERTLV) { + PrintAndLog("----------------DER TLV-----------------"); + asn1_print(&buf[derp], derLen, " "); + PrintAndLog("----------------DER TLV-----------------"); + } + + // load CA's + mbedtls_x509_crt cacert; + mbedtls_x509_crt_init(&cacert); + res = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) additional_ca_pem, additional_ca_pem_len); + if (res < 0) { + PrintAndLog("ERROR: CA parse certificate returned -0x%x - %s", -res, ecdsa_get_error(res)); + } + if (verbose) + PrintAndLog("CA load OK. %d skipped", res); + + // load DER certificate from authenticator's data + mbedtls_x509_crt cert; + mbedtls_x509_crt_init(&cert); + res = mbedtls_x509_crt_parse_der(&cert, &buf[derp], derLen); + if (res) { + PrintAndLog("ERROR: DER parse returned 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res)); + } + + // get certificate info + char linfo[300] = {0}; + if (verbose) { + mbedtls_x509_crt_info(linfo, sizeof(linfo), " ", &cert); + PrintAndLog("DER certificate info:\n%s", linfo); + } + + // verify certificate + uint32_t verifyflags = 0; + res = mbedtls_x509_crt_verify(&cert, &cacert, NULL, NULL, &verifyflags, NULL, NULL); + if (res) { + PrintAndLog("ERROR: DER verify returned 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res)); + } else { + PrintAndLog("Certificate OK."); + } + + if (verbose) { + memset(linfo, 0x00, sizeof(linfo)); + mbedtls_x509_crt_verify_info(linfo, sizeof(linfo), " ", verifyflags); + PrintAndLog("Verification info:\n%s", linfo); + } + + // get public key + res = ecdsa_public_key_from_pk(&cert.pk, public_key, sizeof(public_key)); + if (res) { + PrintAndLog("ERROR: getting public key from certificate 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res)); + } else { + if (verbose) + PrintAndLog("Got a public key from certificate:\n%s", sprint_hex_inrow(public_key, 65)); + } + + if (verbose) + PrintAndLog("------------------DER-------------------"); + + mbedtls_x509_crt_free(&cert); + mbedtls_x509_crt_free(&cacert); + // get hash int hashp = 1 + 65 + 1 + keyHandleLen + derLen; PrintAndLog("Hash[%d]: %s", len - hashp, sprint_hex(&buf[hashp], len - hashp)); - + // check ANSI X9.62 format ECDSA signature (on P-256) + uint8_t rval[300] = {0}; + uint8_t sval[300] = {0}; + res = ecdsa_asn1_get_signature(&buf[hashp], len - hashp, rval, sval); + if (!res) { + if (verbose) { + PrintAndLog(" r: %s", sprint_hex(rval, 32)); + PrintAndLog(" s: %s", sprint_hex(sval, 32)); + } + + uint8_t xbuf[4096] = {0}; + size_t xbuflen = 0; + res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, + "\x00", 1, + &data[32], 32, // application parameter + &data[0], 32, // challenge parameter + &buf[67], keyHandleLen, // keyHandle + &buf[1], 65, // user public key + NULL, 0); + //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); + res = ecdsa_signature_verify(public_key, xbuf, xbuflen, &buf[hashp], len - hashp); + if (res) { + if (res == -0x4e00) { + PrintAndLog("Signature is NOT VALID."); + } else { + PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res)); + } + } else { + PrintAndLog("Signature is OK."); + } + + } else { + PrintAndLog("Invalid signature. res=%d.", res); + } PrintAndLog("\nauth command: "); printf("hf fido auth %s%s", paramsPlain?"-p ":"", sprint_hex_inrow(&buf[67], keyHandleLen)); @@ -345,6 +453,7 @@ int CmdHFFidoRegister(const char *cmd) { if (root) { JsonSaveBufAsHex(root, "ChallengeParam", data, 32); JsonSaveBufAsHex(root, "ApplicationParam", &data[32], 32); + JsonSaveBufAsHexCompact(root, "PublicKey", &buf[1], 65); JsonSaveInt(root, "KeyHandleLen", keyHandleLen); JsonSaveBufAsHexCompact(root, "KeyHandle", &buf[67], keyHandleLen); JsonSaveBufAsHexCompact(root, "DER", &buf[67 + keyHandleLen], derLen); @@ -366,6 +475,8 @@ int CmdHFFidoRegister(const char *cmd) { int CmdHFFidoAuthenticate(const char *cmd) { uint8_t data[512] = {0}; uint8_t hdata[250] = {0}; + bool public_key_loaded = false; + uint8_t public_key[65] = {0}; int hdatalen = 0; uint8_t keyHandleLen = 0; json_t *root = NULL; @@ -385,6 +496,7 @@ int CmdHFFidoAuthenticate(const char *cmd) { arg_lit0("uU", "user", "mode: enforce-user-presence-and-sign"), arg_lit0("cC", "check", "mode: check-only"), arg_str0("jJ", "json", "fido.json", "JSON input / output file name for parameters."), + arg_str0("kK", "key", "public key to verify signature", NULL), arg_str0(NULL, NULL, "", NULL), arg_str0(NULL, NULL, "", NULL), arg_str0(NULL, NULL, "", NULL), @@ -393,7 +505,7 @@ int CmdHFFidoAuthenticate(const char *cmd) { CLIExecWithReturn(cmd, argtable, true); bool APDULogging = arg_get_lit(1); - //bool verbose = arg_get_lit(2); + bool verbose = arg_get_lit(2); bool paramsPlain = arg_get_lit(3); uint8_t controlByte = 0x08; if (arg_get_lit(5)) @@ -413,9 +525,22 @@ int CmdHFFidoAuthenticate(const char *cmd) { JsonLoadBufAsHex(root, "$.KeyHandle", &data[65], 512 - 67, &jlen); keyHandleLen = jlen & 0xff; data[64] = keyHandleLen; + JsonLoadBufAsHex(root, "$.PublicKey", public_key, 65, &jlen); + public_key_loaded = (jlen > 0); } + // public key CLIGetHexWithReturn(8, hdata, &hdatalen); + if (hdatalen && hdatalen != 130) { + PrintAndLog("ERROR: public key length must be 65 bytes only."); + return 1; + } + if (hdatalen) { + memmove(public_key, hdata, hdatalen); + public_key_loaded = true; + } + + CLIGetHexWithReturn(9, hdata, &hdatalen); if (hdatalen > 255) { PrintAndLog("ERROR: application parameter length must be less than 255."); return 1; @@ -434,7 +559,7 @@ int CmdHFFidoAuthenticate(const char *cmd) { return 1; } } else { - CLIGetHexWithReturn(9, hdata, &hdatalen); + CLIGetHexWithReturn(10, hdata, &hdatalen); if (hdatalen && hdatalen != 32) { PrintAndLog("ERROR: challenge parameter length must be 32 bytes only."); return 1; @@ -445,7 +570,7 @@ int CmdHFFidoAuthenticate(const char *cmd) { if (paramsPlain) { memset(hdata, 0x00, 32); - CLIGetStrWithReturn(10, hdata, &hdatalen); + CLIGetStrWithReturn(11, hdata, &hdatalen); if (hdatalen && hdatalen > 16) { PrintAndLog("ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", hdatalen); return 1; @@ -509,6 +634,42 @@ int CmdHFFidoAuthenticate(const char *cmd) { PrintAndLog("Counter: %d", cntr); PrintAndLog("Hash[%d]: %s", len - 5, sprint_hex(&buf[5], len - 5)); + // check ANSI X9.62 format ECDSA signature (on P-256) + uint8_t rval[300] = {0}; + uint8_t sval[300] = {0}; + res = ecdsa_asn1_get_signature(&buf[5], len - 5, rval, sval); + if (!res) { + if (verbose) { + PrintAndLog(" r: %s", sprint_hex(rval, 32)); + PrintAndLog(" s: %s", sprint_hex(sval, 32)); + } + if (public_key_loaded) { + uint8_t xbuf[4096] = {0}; + size_t xbuflen = 0; + res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, + &data[32], 32, // application parameter + &buf[0], 1, // user presence + &buf[1], 4, // counter + data, 32, // challenge parameter + NULL, 0); + //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); + res = ecdsa_signature_verify(public_key, xbuf, xbuflen, &buf[5], len - 5); + if (res) { + if (res == -0x4e00) { + PrintAndLog("Signature is NOT VALID."); + } else { + PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res)); + } + } else { + PrintAndLog("Signature is OK."); + } + } else { + PrintAndLog("No public key provided. can't check signature."); + } + } else { + PrintAndLog("Invalid signature. res=%d.", res); + } + if (root) { JsonSaveBufAsHex(root, "ChallengeParam", data, 32); JsonSaveBufAsHex(root, "ApplicationParam", &data[32], 32); diff --git a/client/crypto/asn1dump.c b/client/crypto/asn1dump.c new file mode 100644 index 00000000..60799fc8 --- /dev/null +++ b/client/crypto/asn1dump.c @@ -0,0 +1,353 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// asn.1 dumping +//----------------------------------------------------------------------------- + +#include "asn1dump.h" +#include +#include +#include +#include +#include +#include +#include +#include "emv/emv_tags.h" +#include "emv/dump.h" +#include "emv/emvjson.h" +#include "util.h" +#include "proxmark3.h" + +#define PRINT_INDENT(level) {for (int i = 0; i < (level); i++) fprintf(f, " ");} + +enum asn1_tag_t { + ASN1_TAG_GENERIC, + ASN1_TAG_BOOLEAN, + ASN1_TAG_INTEGER, + ASN1_TAG_STRING, + ASN1_TAG_OCTET_STRING, + ASN1_TAG_UTC_TIME, + ASN1_TAG_STR_TIME, + ASN1_TAG_OBJECT_ID, +}; + +struct asn1_tag { + tlv_tag_t tag; + char *name; + enum asn1_tag_t type; + const void *data; +}; + +static const struct asn1_tag asn1_tags[] = { + // internal + { 0x00 , "Unknown ???" }, + + // ASN.1 + { 0x01, "BOOLEAN", ASN1_TAG_BOOLEAN }, + { 0x02, "INTEGER", ASN1_TAG_INTEGER }, + { 0x03, "BIT STRING" }, + { 0x04, "OCTET STRING", ASN1_TAG_OCTET_STRING}, + { 0x05, "NULL" }, + { 0x06, "OBJECT IDENTIFIER", ASN1_TAG_OBJECT_ID }, + { 0x07, "OBJECT DESCRIPTOR" }, + { 0x08, "EXTERNAL" }, + { 0x09, "REAL" }, + { 0x0A, "ENUMERATED" }, + { 0x0B, "EMBEDDED_PDV" }, + { 0x0C, "UTF8String", ASN1_TAG_STRING }, + { 0x10, "SEQUENCE" }, + { 0x11, "SET" }, + { 0x12, "NumericString", ASN1_TAG_STRING }, + { 0x13, "PrintableString", ASN1_TAG_STRING }, + { 0x14, "T61String" }, + { 0x15, "VideotexString" }, + { 0x16, "IA5String" }, + { 0x17, "UTCTime", ASN1_TAG_UTC_TIME }, + { 0x18, "GeneralizedTime", ASN1_TAG_STR_TIME }, + { 0x19, "GraphicString" }, + { 0x1A, "VisibleString", ASN1_TAG_STRING }, + { 0x1B, "GeneralString", ASN1_TAG_STRING }, + { 0x1C, "UniversalString", ASN1_TAG_STRING }, + { 0x1E, "BMPString" }, + { 0x30, "SEQUENCE" }, + { 0x31, "SET" }, + { 0xa0, "[0]" }, + { 0xa1, "[1]" }, + { 0xa2, "[2]" }, + { 0xa3, "[3]" }, + { 0xa4, "[4]" }, + { 0xa5, "[5]" }, +}; + +static int asn1_sort_tag(tlv_tag_t tag) { + return (int)(tag >= 0x100 ? tag : tag << 8); +} + +static int asn1_tlv_compare(const void *a, const void *b) { + const struct tlv *tlv = a; + const struct asn1_tag *tag = b; + + return asn1_sort_tag(tlv->tag) - (asn1_sort_tag(tag->tag)); +} + +static const struct asn1_tag *asn1_get_tag(const struct tlv *tlv) { + struct asn1_tag *tag = bsearch(tlv, asn1_tags, sizeof(asn1_tags) / sizeof(asn1_tags[0]), + sizeof(asn1_tags[0]), asn1_tlv_compare); + + return tag ? tag : &asn1_tags[0]; +} + +static void asn1_tag_dump_str_time(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level, bool longyear, bool *needdump){ + int len = tlv->len; + *needdump = false; + + int startindx = longyear ? 4 : 2; + + if (len > 4) { + fprintf(f, "\tvalue: '"); + while (true) { + // year + if (!longyear) + fprintf(f, "20"); + fwrite(tlv->value, 1, longyear ? 4 : 2, f); + fprintf(f, "-"); + if (len < startindx + 2) + break; + // month + fwrite(&tlv->value[startindx], 1, 2, f); + fprintf(f, "-"); + if (len < startindx + 4) + break; + // day + fwrite(&tlv->value[startindx + 2], 1, 2, f); + fprintf(f, " "); + if (len < startindx + 6) + break; + // hour + fwrite(&tlv->value[startindx + 4], 1, 2, f); + fprintf(f, ":"); + if (len < startindx + 8) + break; + // min + fwrite(&tlv->value[startindx + 6], 1, 2, f); + fprintf(f, ":"); + if (len < startindx + 10) + break; + // sec + fwrite(&tlv->value[startindx + 8], 1, 2, f); + if (len < startindx + 11) + break; + // time zone + fprintf(f, " zone: %.*s", len - 10 - (longyear ? 4 : 2), &tlv->value[startindx + 10]); + + break; + } + fprintf(f, "'\n"); + } else { + fprintf(f, "\n"); + *needdump = true; + } +} + +static void asn1_tag_dump_string(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level){ + fprintf(f, "\tvalue: '"); + fwrite(tlv->value, 1, tlv->len, f); + fprintf(f, "'\n"); +} + +static void asn1_tag_dump_octet_string(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level, bool *needdump){ + *needdump = false; + for (int i = 0; i < tlv->len; i++) + if (!isspace(tlv->value[i]) && !isprint(tlv->value[i])){ + *needdump = true; + break; + } + + if (*needdump) { + fprintf(f, "'\n"); + } else { + fprintf(f, "\t\t"); + asn1_tag_dump_string(tlv, tag, f, level); + } +} + +static unsigned long asn1_value_integer(const struct tlv *tlv, unsigned start, unsigned end) { + unsigned long ret = 0; + int i; + + if (end > tlv->len * 2) + return ret; + if (start >= end) + return ret; + + if (start & 1) { + ret += tlv->value[start/2] & 0xf; + i = start + 1; + } else + i = start; + + for (; i < end - 1; i += 2) { + ret *= 10; + ret += tlv->value[i/2] >> 4; + ret *= 10; + ret += tlv->value[i/2] & 0xf; + } + + if (end & 1) { + ret *= 10; + ret += tlv->value[end/2] >> 4; + } + + return ret; +} + +static void asn1_tag_dump_boolean(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level) { + PRINT_INDENT(level); + if (tlv->len > 0) { + fprintf(f, "\tvalue: %s\n", tlv->value[0]?"true":"false"); + } else { + fprintf(f, "n/a\n"); + } +} + +static void asn1_tag_dump_integer(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level) { + PRINT_INDENT(level); + if (tlv->len == 4) { + int32_t val = 0; + for (int i = 0; i < tlv->len; i++) + val = (val << 8) + tlv->value[i]; + fprintf(f, "\tvalue4b: %d\n", val); + return; + } + fprintf(f, "\tvalue: %lu\n", asn1_value_integer(tlv, 0, tlv->len * 2)); +} + +static char *asn1_oid_description(const char *oid, bool with_group_desc) { + json_error_t error; + json_t *root = NULL; + char fname[300] = {0}; + static char res[300]; + memset(res, 0x00, sizeof(res)); + + strcpy(fname, get_my_executable_directory()); + strcat(fname, "crypto/oids.json"); + if (access(fname, F_OK) < 0) { + strcpy(fname, get_my_executable_directory()); + strcat(fname, "oids.json"); + if (access(fname, F_OK) < 0) { + goto error; // file not found + } + } + + // load `oids.json` + root = json_load_file(fname, 0, &error); + + if (!root || !json_is_object(root)) { + goto error; + } + + json_t *elm = json_object_get(root, oid); + if (!elm) { + goto error; + } + + if (JsonLoadStr(elm, "$.d", res)) + goto error; + + char strext[300] = {0}; + if (!JsonLoadStr(elm, "$.c", strext)) { + strcat(res, " ("); + strcat(res, strext); + strcat(res, ")"); + } + + json_decref(root); + return res; + +error: + if (root) + json_decref(root); + return NULL; +} + +static void asn1_tag_dump_object_id(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level) { + PRINT_INDENT(level); + mbedtls_asn1_buf asn1_buf; + asn1_buf.len = tlv->len; + asn1_buf.p = (uint8_t *)tlv->value; + char pstr[300]; + mbedtls_oid_get_numeric_string(pstr, sizeof(pstr), &asn1_buf); + fprintf(f, " %s", pstr); + + char *jsondesc = asn1_oid_description(pstr, true); + if (jsondesc) { + fprintf(f, " - %s", jsondesc); + } else { + const char *ppstr; + mbedtls_oid_get_attr_short_name(&asn1_buf, &ppstr); + if (ppstr && strnlen(ppstr, 1)) { + fprintf(f, " (%s)\n", ppstr); + return; + } + mbedtls_oid_get_sig_alg_desc(&asn1_buf, &ppstr); + if (ppstr && strnlen(ppstr, 1)) { + fprintf(f, " (%s)\n", ppstr); + return; + } + mbedtls_oid_get_extended_key_usage(&asn1_buf, &ppstr); + if (ppstr && strnlen(ppstr, 1)) { + fprintf(f, " (%s)\n", ppstr); + return; + } + } + fprintf(f, "\n"); +} + +bool asn1_tag_dump(const struct tlv *tlv, FILE *f, int level, bool *candump) { + if (!tlv) { + fprintf(f, "NULL\n"); + return false; + } + + const struct asn1_tag *tag = asn1_get_tag(tlv); + + PRINT_INDENT(level); + fprintf(f, "--%2hx[%02zx] '%s':", tlv->tag, tlv->len, tag->name); + + switch (tag->type) { + case ASN1_TAG_GENERIC: + fprintf(f, "\n"); + break; + case ASN1_TAG_STRING: + asn1_tag_dump_string(tlv, tag, f, level); + *candump = false; + break; + case ASN1_TAG_OCTET_STRING: + asn1_tag_dump_octet_string(tlv, tag, f, level, candump); + break; + case ASN1_TAG_BOOLEAN: + asn1_tag_dump_boolean(tlv, tag, f, level); + *candump = false; + break; + case ASN1_TAG_INTEGER: + asn1_tag_dump_integer(tlv, tag, f, level); + *candump = false; + break; + case ASN1_TAG_UTC_TIME: + asn1_tag_dump_str_time(tlv, tag, f, level, false, candump); + break; + case ASN1_TAG_STR_TIME: + asn1_tag_dump_str_time(tlv, tag, f, level, true, candump); + break; + case ASN1_TAG_OBJECT_ID: + asn1_tag_dump_object_id(tlv, tag, f, level); + *candump = false; + break; + }; + + return true; +} diff --git a/client/crypto/asn1dump.h b/client/crypto/asn1dump.h new file mode 100644 index 00000000..1aadf487 --- /dev/null +++ b/client/crypto/asn1dump.h @@ -0,0 +1,21 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// asn.1 dumping +//----------------------------------------------------------------------------- +#ifndef ASN1DUMP_H +#define ASN1DUMP_H + +#include +#include +#include +#include +#include "emv/tlv.h" + +extern bool asn1_tag_dump(const struct tlv *tlv, FILE *f, int level, bool *candump); + +#endif /* asn1utils.h */ diff --git a/client/crypto/asn1utils.c b/client/crypto/asn1utils.c index 2a3fe698..f48c2e12 100644 --- a/client/crypto/asn1utils.c +++ b/client/crypto/asn1utils.c @@ -9,7 +9,14 @@ //----------------------------------------------------------------------------- #include "asn1utils.h" +#include +#include #include +#include "emv/tlv.h" +#include "emv/dump.h" +#include "asn1dump.h" +#include "util.h" +#include "ui.h" // PrintAndLog int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval) { if (!signature || !signaturelen || !rval || !sval) @@ -55,7 +62,27 @@ exit: return res; } -int asn1_print(uint8_t *asn1buf, int level) { +static bool print_cb(void *data, const struct tlv *tlv, int level, bool is_leaf) { + bool candump = true; + asn1_tag_dump(tlv, stdout, level, &candump); + if (is_leaf && candump) { + dump_buffer(tlv->value, tlv->len, stdout, level); + } + + return true; +} + +int asn1_print(uint8_t *asn1buf, size_t asn1buflen, char *indent) { + + struct tlvdb *t = NULL; + t = tlvdb_parse_multi(asn1buf, asn1buflen); + if (t) { + tlvdb_visit(t, print_cb, NULL, 0); + tlvdb_free(t); + } else { + PrintAndLogEx(ERR, "Can't parse data as TLV tree."); + return 1; + } return 0; } diff --git a/client/crypto/asn1utils.h b/client/crypto/asn1utils.h index 2b00f450..19f8ded7 100644 --- a/client/crypto/asn1utils.h +++ b/client/crypto/asn1utils.h @@ -15,7 +15,7 @@ #include #include -extern int asn1_print(uint8_t *asn1buf, int level); +extern int asn1_print(uint8_t *asn1buf, size_t asn1buflen, char *indent); extern int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval); #endif /* asn1utils.h */ diff --git a/client/crypto/libpcrypto.c b/client/crypto/libpcrypto.c index 030be15a..896048bf 100644 --- a/client/crypto/libpcrypto.c +++ b/client/crypto/libpcrypto.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -208,6 +209,31 @@ char *ecdsa_get_error(int ret) { return retstr; } +int ecdsa_public_key_from_pk(mbedtls_pk_context *pk, uint8_t *key, size_t keylen) { + int res = 0; + size_t realkeylen = 0; + if (keylen < 65) + return 1; + + mbedtls_ecdsa_context ctx; + mbedtls_ecdsa_init(&ctx); + + res = mbedtls_ecp_group_load(&ctx.grp, MBEDTLS_ECP_DP_SECP256R1); // secp256r1 + if (res) + goto exit; + + res = mbedtls_ecdsa_from_keypair(&ctx, mbedtls_pk_ec(*pk) ); + if (res) + goto exit; + + res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &realkeylen, key, keylen); + if (realkeylen != 65) + res = 2; +exit: + mbedtls_ecdsa_free(&ctx); + return res; +} + int ecdsa_signature_create(uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen) { int res; *signaturelen = 0; diff --git a/client/crypto/libpcrypto.h b/client/crypto/libpcrypto.h index 8d4b4a0d..7ac6c3b0 100644 --- a/client/crypto/libpcrypto.h +++ b/client/crypto/libpcrypto.h @@ -14,6 +14,7 @@ #include #include #include +#include extern int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length); extern int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length); @@ -23,6 +24,7 @@ extern int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, in extern int sha256hash(uint8_t *input, int length, uint8_t *hash); extern int ecdsa_key_create(uint8_t * key_d, uint8_t *key_xy); +extern int ecdsa_public_key_from_pk(mbedtls_pk_context *pk, uint8_t *key, size_t keylen); extern int ecdsa_signature_create(uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen); extern int ecdsa_signature_verify(uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen); extern char *ecdsa_get_error(int ret); diff --git a/client/crypto/oids.json b/client/crypto/oids.json new file mode 100644 index 00000000..75d963d3 --- /dev/null +++ b/client/crypto/oids.json @@ -0,0 +1,2325 @@ +{ +"copyright": "https://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg", + +"1.3.6.1.4.1.41482": { "d": "Yubico", "c": "FIDO Alliance" }, +"1.3.6.1.4.1.45724": { "d": "FIDO Alliance, Inc.", "c": "FIDO Alliance" }, +"1.3.6.1.4.1.41482.2": { "d": "Device ID", "c": "Yubico" }, +"1.3.6.1.4.1.45724.2.1.1": { "d": "FIDO U2F Transports", "c": "FIDO Alliance" }, +"1.3.6.1.4.1.45724.1.1.4": { "d": "Authenticator Attestation GUID", "c": "FIDO Alliance" }, + +"0.2.262.1.10": { "d": "Telesec", "c": "Deutsche Telekom" }, +"0.2.262.1.10.0": { "d": "extension", "c": "Telesec" }, +"0.2.262.1.10.1": { "d": "mechanism", "c": "Telesec" }, +"0.2.262.1.10.1.0": { "d": "authentication", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.0.1": { "d": "passwordAuthentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.0.2": { "d": "protectedPasswordAuthentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.0.3": { "d": "oneWayX509Authentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.0.4": { "d": "twoWayX509Authentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.0.5": { "d": "threeWayX509Authentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.0.6": { "d": "oneWayISO9798Authentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.0.7": { "d": "twoWayISO9798Authentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.0.8": { "d": "telekomAuthentication", "c": "Telesec authentication" }, +"0.2.262.1.10.1.1": { "d": "signature", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.1.1": { "d": "md4WithRSAAndISO9697", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.1.2": { "d": "md4WithRSAAndTelesecSignatureStandard", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.1.3": { "d": "md5WithRSAAndISO9697", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.1.4": { "d": "md5WithRSAAndTelesecSignatureStandard", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.1.5": { "d": "ripemd160WithRSAAndTelekomSignatureStandard", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.1.9": { "d": "hbciRsaSignature", "c": "Telesec signature" }, +"0.2.262.1.10.1.2": { "d": "encryption", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.2.0": { "d": "none", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.1": { "d": "rsaTelesec", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.2": { "d": "des", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.2.1": { "d": "desECB", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.2.2": { "d": "desCBC", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.2.3": { "d": "desOFB", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.2.4": { "d": "desCFB8", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.2.5": { "d": "desCFB64", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.3": { "d": "des3", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.3.1": { "d": "des3ECB", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.3.2": { "d": "des3CBC", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.3.3": { "d": "des3OFB", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.3.4": { "d": "des3CFB8", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.3.5": { "d": "des3CFB64", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.4": { "d": "magenta", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.5": { "d": "idea", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.5.1": { "d": "ideaECB", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.5.2": { "d": "ideaCBC", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.5.3": { "d": "ideaOFB", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.5.4": { "d": "ideaCFB8", "c": "Telesec encryption" }, +"0.2.262.1.10.1.2.5.5": { "d": "ideaCFB64", "c": "Telesec encryption" }, +"0.2.262.1.10.1.3": { "d": "oneWayFunction", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.3.1": { "d": "md4", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.3.2": { "d": "md5", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.3.3": { "d": "sqModNX509", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.3.4": { "d": "sqModNISO", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.3.5": { "d": "ripemd128", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.3.6": { "d": "hashUsingBlockCipher", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.3.7": { "d": "mac", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.3.8": { "d": "ripemd160", "c": "Telesec one-way function" }, +"0.2.262.1.10.1.4": { "d": "fecFunction", "c": "Telesec mechanism" }, +"0.2.262.1.10.1.4.1": { "d": "reedSolomon", "c": "Telesec mechanism" }, +"0.2.262.1.10.2": { "d": "module", "c": "Telesec" }, +"0.2.262.1.10.2.0": { "d": "algorithms", "c": "Telesec module" }, +"0.2.262.1.10.2.1": { "d": "attributeTypes", "c": "Telesec module" }, +"0.2.262.1.10.2.2": { "d": "certificateTypes", "c": "Telesec module" }, +"0.2.262.1.10.2.3": { "d": "messageTypes", "c": "Telesec module" }, +"0.2.262.1.10.2.4": { "d": "plProtocol", "c": "Telesec module" }, +"0.2.262.1.10.2.5": { "d": "smeAndComponentsOfSme", "c": "Telesec module" }, +"0.2.262.1.10.2.6": { "d": "fec", "c": "Telesec module" }, +"0.2.262.1.10.2.7": { "d": "usefulDefinitions", "c": "Telesec module" }, +"0.2.262.1.10.2.8": { "d": "stefiles", "c": "Telesec module" }, +"0.2.262.1.10.2.9": { "d": "sadmib", "c": "Telesec module" }, +"0.2.262.1.10.2.10": { "d": "electronicOrder", "c": "Telesec module" }, +"0.2.262.1.10.2.11": { "d": "telesecTtpAsymmetricApplication", "c": "Telesec module" }, +"0.2.262.1.10.2.12": { "d": "telesecTtpBasisApplication", "c": "Telesec module" }, +"0.2.262.1.10.2.13": { "d": "telesecTtpMessages", "c": "Telesec module" }, +"0.2.262.1.10.2.14": { "d": "telesecTtpTimeStampApplication", "c": "Telesec module" }, +"0.2.262.1.10.3": { "d": "objectClass", "c": "Telesec" }, +"0.2.262.1.10.3.0": { "d": "telesecOtherName", "c": "Telesec object class" }, +"0.2.262.1.10.3.1": { "d": "directory", "c": "Telesec object class" }, +"0.2.262.1.10.3.2": { "d": "directoryType", "c": "Telesec object class" }, +"0.2.262.1.10.3.3": { "d": "directoryGroup", "c": "Telesec object class" }, +"0.2.262.1.10.3.4": { "d": "directoryUser", "c": "Telesec object class" }, +"0.2.262.1.10.3.5": { "d": "symmetricKeyEntry", "c": "Telesec object class" }, +"0.2.262.1.10.4": { "d": "package", "c": "Telesec" }, +"0.2.262.1.10.5": { "d": "parameter", "c": "Telesec" }, +"0.2.262.1.10.6": { "d": "nameBinding", "c": "Telesec" }, +"0.2.262.1.10.7": { "d": "attribute", "c": "Telesec" }, +"0.2.262.1.10.7.0": { "d": "applicationGroupIdentifier", "c": "Telesec attribute" }, +"0.2.262.1.10.7.1": { "d": "certificateType", "c": "Telesec attribute" }, +"0.2.262.1.10.7.2": { "d": "telesecCertificate", "c": "Telesec attribute" }, +"0.2.262.1.10.7.3": { "d": "certificateNumber", "c": "Telesec attribute" }, +"0.2.262.1.10.7.4": { "d": "certificateRevocationList", "c": "Telesec attribute" }, +"0.2.262.1.10.7.5": { "d": "creationDate", "c": "Telesec attribute" }, +"0.2.262.1.10.7.6": { "d": "issuer", "c": "Telesec attribute" }, +"0.2.262.1.10.7.7": { "d": "namingAuthority", "c": "Telesec attribute" }, +"0.2.262.1.10.7.8": { "d": "publicKeyDirectory", "c": "Telesec attribute" }, +"0.2.262.1.10.7.9": { "d": "securityDomain", "c": "Telesec attribute" }, +"0.2.262.1.10.7.10": { "d": "subject", "c": "Telesec attribute" }, +"0.2.262.1.10.7.11": { "d": "timeOfRevocation", "c": "Telesec attribute" }, +"0.2.262.1.10.7.12": { "d": "userGroupReference", "c": "Telesec attribute" }, +"0.2.262.1.10.7.13": { "d": "validity", "c": "Telesec attribute" }, +"0.2.262.1.10.7.14": { "d": "zert93", "c": "Telesec attribute" }, +"0.2.262.1.10.7.15": { "d": "securityMessEnv", "c": "Telesec attribute" }, +"0.2.262.1.10.7.16": { "d": "anonymizedPublicKeyDirectory", "c": "Telesec attribute" }, +"0.2.262.1.10.7.17": { "d": "telesecGivenName", "c": "Telesec attribute" }, +"0.2.262.1.10.7.18": { "d": "nameAdditions", "c": "Telesec attribute" }, +"0.2.262.1.10.7.19": { "d": "telesecPostalCode", "c": "Telesec attribute" }, +"0.2.262.1.10.7.20": { "d": "nameDistinguisher", "c": "Telesec attribute" }, +"0.2.262.1.10.7.21": { "d": "telesecCertificateList", "c": "Telesec attribute" }, +"0.2.262.1.10.7.22": { "d": "teletrustCertificateList", "c": "Telesec attribute" }, +"0.2.262.1.10.7.23": { "d": "x509CertificateList", "c": "Telesec attribute" }, +"0.2.262.1.10.7.24": { "d": "timeOfIssue", "c": "Telesec attribute" }, +"0.2.262.1.10.7.25": { "d": "physicalCardNumber", "c": "Telesec attribute" }, +"0.2.262.1.10.7.26": { "d": "fileType", "c": "Telesec attribute" }, +"0.2.262.1.10.7.27": { "d": "ctlFileIsArchive", "c": "Telesec attribute" }, +"0.2.262.1.10.7.28": { "d": "emailAddress", "c": "Telesec attribute" }, +"0.2.262.1.10.7.29": { "d": "certificateTemplateList", "c": "Telesec attribute" }, +"0.2.262.1.10.7.30": { "d": "directoryName", "c": "Telesec attribute" }, +"0.2.262.1.10.7.31": { "d": "directoryTypeName", "c": "Telesec attribute" }, +"0.2.262.1.10.7.32": { "d": "directoryGroupName", "c": "Telesec attribute" }, +"0.2.262.1.10.7.33": { "d": "directoryUserName", "c": "Telesec attribute" }, +"0.2.262.1.10.7.34": { "d": "revocationFlag", "c": "Telesec attribute" }, +"0.2.262.1.10.7.35": { "d": "symmetricKeyEntryName", "c": "Telesec attribute" }, +"0.2.262.1.10.7.36": { "d": "glNumber", "c": "Telesec attribute" }, +"0.2.262.1.10.7.37": { "d": "goNumber", "c": "Telesec attribute" }, +"0.2.262.1.10.7.38": { "d": "gKeyData", "c": "Telesec attribute" }, +"0.2.262.1.10.7.39": { "d": "zKeyData", "c": "Telesec attribute" }, +"0.2.262.1.10.7.40": { "d": "ktKeyData", "c": "Telesec attribute" }, +"0.2.262.1.10.7.41": { "d": "ktKeyNumber", "c": "Telesec attribute" }, +"0.2.262.1.10.7.51": { "d": "timeOfRevocationGen", "c": "Telesec attribute" }, +"0.2.262.1.10.7.52": { "d": "liabilityText", "c": "Telesec attribute" }, +"0.2.262.1.10.8": { "d": "attributeGroup", "c": "Telesec" }, +"0.2.262.1.10.9": { "d": "action", "c": "Telesec" }, +"0.2.262.1.10.10": { "d": "notification", "c": "Telesec" }, +"0.2.262.1.10.11": { "d": "snmp-mibs", "c": "Telesec" }, +"0.2.262.1.10.11.1": { "d": "securityApplication", "c": "Telesec SNMP MIBs" }, +"0.2.262.1.10.12": { "d": "certAndCrlExtensionDefinitions", "c": "Telesec" }, +"0.2.262.1.10.12.0": { "d": "liabilityLimitationFlag", "c": "Telesec cert/CRL extension" }, +"0.2.262.1.10.12.1": { "d": "telesecCertIdExt", "c": "Telesec cert/CRL extension" }, +"0.2.262.1.10.12.2": { "d": "Telesec policyIdentifier", "c": "Telesec cert/CRL extension" }, +"0.2.262.1.10.12.3": { "d": "telesecPolicyQualifierID", "c": "Telesec cert/CRL extension" }, +"0.2.262.1.10.12.4": { "d": "telesecCRLFilteredExt", "c": "Telesec cert/CRL extension" }, +"0.2.262.1.10.12.5": { "d": "telesecCRLFilterExt", "c": "Telesec cert/CRL extension" }, +"0.2.262.1.10.12.6": { "d": "telesecNamingAuthorityExt", "c": "Telesec cert/CRL extension" }, +"0.4.0.127.0.7": { "d": "bsi", "c": "BSI TR-03110/TR-03111" }, +"0.4.0.127.0.7.1": { "d": "bsiEcc", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1": { "d": "bsifieldType", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.1": { "d": "bsiPrimeField", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.2": { "d": "bsiCharacteristicTwoField", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.2.2": { "d": "bsiECTLVKeyFormat", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.2.2.1": { "d": "bsiECTLVPublicKey", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.2.3": { "d": "bsiCharacteristicTwoBasis", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.2.3.1": { "d": "bsiGnBasis", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.2.3.2": { "d": "bsiTpBasis", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.2.3.3": { "d": "bsiPpBasis", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.4.1": { "d": "bsiEcdsaSignatures", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.4.1.1": { "d": "bsiEcdsaWithSHA1", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.4.1.2": { "d": "bsiEcdsaWithSHA224", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.4.1.3": { "d": "bsiEcdsaWithSHA256", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.4.1.4": { "d": "bsiEcdsaWithSHA384", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.4.1.5": { "d": "bsiEcdsaWithSHA512", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.4.1.6": { "d": "bsiEcdsaWithRIPEMD160", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.1": { "d": "bsiEckaEgX963KDF", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.1.1": { "d": "bsiEckaEgX963KDFWithSHA1", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.1.2": { "d": "bsiEckaEgX963KDFWithSHA224", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.1.3": { "d": "bsiEckaEgX963KDFWithSHA256", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.1.4": { "d": "bsiEckaEgX963KDFWithSHA384", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.1.5": { "d": "bsiEckaEgX963KDFWithSHA512", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.1.6": { "d": "bsiEckaEgX963KDFWithRIPEMD160", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.2": { "d": "bsiEckaEgSessionKDF", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.2.1": { "d": "bsiEckaEgSessionKDFWith3DES", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.2.2": { "d": "bsiEckaEgSessionKDFWithAES128", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.2.3": { "d": "bsiEckaEgSessionKDFWithAES192", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.1.2.4": { "d": "bsiEckaEgSessionKDFWithAES256", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2": { "d": "bsiEckaDH", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.1": { "d": "bsiEckaDHX963KDF", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.1.1": { "d": "bsiEckaDHX963KDFWithSHA1", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.1.2": { "d": "bsiEckaDHX963KDFWithSHA224", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.1.3": { "d": "bsiEckaDHX963KDFWithSHA256", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.1.4": { "d": "bsiEckaDHX963KDFWithSHA384", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.1.5": { "d": "bsiEckaDHX963KDFWithSHA512", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.1.6": { "d": "bsiEckaDHX963KDFWithRIPEMD160", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.2": { "d": "bsiEckaDHSessionKDF", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.2.1": { "d": "bsiEckaDHSessionKDFWith3DES", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.2.2": { "d": "bsiEckaDHSessionKDFWithAES128", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.2.3": { "d": "bsiEckaDHSessionKDFWithAES192", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.1.5.2.2.4": { "d": "bsiEckaDHSessionKDFWithAES256", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.2": { "d": "bsiEcKeyType", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.2.1": { "d": "bsiEcPublicKey", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.5.1": { "d": "bsiKaeg", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.5.1.1": { "d": "bsiKaegWithX963KDF", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.1.5.1.2": { "d": "bsiKaegWith3DESKDF", "c": "BSI TR-03111" }, +"0.4.0.127.0.7.2.2.1": { "d": "bsiPK", "c": "BSI TR-03110. Formerly known as bsiCA, now moved to ...2.2.3.x" }, +"0.4.0.127.0.7.2.2.1.1": { "d": "bsiPK_DH", "c": "BSI TR-03110. Formerly known as bsiCA_DH, now moved to ...2.2.3.x" }, +"0.4.0.127.0.7.2.2.1.2": { "d": "bsiPK_ECDH", "c": "BSI TR-03110. Formerly known as bsiCA_ECDH, now moved to ...2.2.3.x" }, +"0.4.0.127.0.7.2.2.2": { "d": "bsiTA", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.1": { "d": "bsiTA_RSA", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.1.1": { "d": "bsiTA_RSAv1_5_SHA1", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.1.2": { "d": "bsiTA_RSAv1_5_SHA256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.1.3": { "d": "bsiTA_RSAPSS_SHA1", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.1.4": { "d": "bsiTA_RSAPSS_SHA256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.1.5": { "d": "bsiTA_RSAv1_5_SHA512", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.1.6": { "d": "bsiTA_RSAPSS_SHA512", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.2": { "d": "bsiTA_ECDSA", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.2.1": { "d": "bsiTA_ECDSA_SHA1", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.2.2": { "d": "bsiTA_ECDSA_SHA224", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.2.3": { "d": "bsiTA_ECDSA_SHA256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.2.4": { "d": "bsiTA_ECDSA_SHA384", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.2.2.5": { "d": "bsiTA_ECDSA_SHA512", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3": { "d": "bsiCA", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.1": { "d": "bsiCA_DH", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.1.1": { "d": "bsiCA_DH_3DES_CBC_CBC", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.1.2": { "d": "bsiCA_DH_AES_CBC_CMAC_128", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.1.3": { "d": "bsiCA_DH_AES_CBC_CMAC_192", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.1.4": { "d": "bsiCA_DH_AES_CBC_CMAC_256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.2": { "d": "bsiCA_ECDH", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.2.1": { "d": "bsiCA_ECDH_3DES_CBC_CBC", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.2.2": { "d": "bsiCA_ECDH_AES_CBC_CMAC_128", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.2.3": { "d": "bsiCA_ECDH_AES_CBC_CMAC_192", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.3.2.4": { "d": "bsiCA_ECDH_AES_CBC_CMAC_256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4": { "d": "bsiPACE", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.1": { "d": "bsiPACE_DH_GM", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.1.1": { "d": "bsiPACE_DH_GM_3DES_CBC_CBC", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.1.2": { "d": "bsiPACE_DH_GM_AES_CBC_CMAC_128", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.1.3": { "d": "bsiPACE_DH_GM_AES_CBC_CMAC_192", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.1.4": { "d": "bsiPACE_DH_GM_AES_CBC_CMAC_256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.2": { "d": "bsiPACE_ECDH_GM", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.2.1": { "d": "bsiPACE_ECDH_GM_3DES_CBC_CBC", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.2.2": { "d": "bsiPACE_ECDH_GM_AES_CBC_CMAC_128", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.2.3": { "d": "bsiPACE_ECDH_GM_AES_CBC_CMAC_192", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.2.4": { "d": "bsiPACE_ECDH_GM_AES_CBC_CMAC_256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.3": { "d": "bsiPACE_DH_IM", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.3.1": { "d": "bsiPACE_DH_IM_3DES_CBC_CBC", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.3.2": { "d": "bsiPACE_DH_IM_AES_CBC_CMAC_128", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.3.3": { "d": "bsiPACE_DH_IM_AES_CBC_CMAC_192", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.3.4": { "d": "bsiPACE_DH_IM_AES_CBC_CMAC_256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.4": { "d": "bsiPACE_ECDH_IM", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.4.1": { "d": "bsiPACE_ECDH_IM_3DES_CBC_CBC", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.4.2": { "d": "bsiPACE_ECDH_IM_AES_CBC_CMAC_128", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.4.3": { "d": "bsiPACE_ECDH_IM_AES_CBC_CMAC_192", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.4.4.4": { "d": "bsiPACE_ECDH_IM_AES_CBC_CMAC_256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5": { "d": "bsiRI", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.1": { "d": "bsiRI_DH", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.1.1": { "d": "bsiRI_DH_SHA1", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.1.2": { "d": "bsiRI_DH_SHA224", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.1.3": { "d": "bsiRI_DH_SHA256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.1.4": { "d": "bsiRI_DH_SHA384", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.1.5": { "d": "bsiRI_DH_SHA512", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.2": { "d": "bsiRI_ECDH", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.2.1": { "d": "bsiRI_ECDH_SHA1", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.2.2": { "d": "bsiRI_ECDH_SHA224", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.2.3": { "d": "bsiRI_ECDH_SHA256", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.2.4": { "d": "bsiRI_ECDH_SHA384", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.5.2.5": { "d": "bsiRI_ECDH_SHA512", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.6": { "d": "bsiCardInfo", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.7": { "d": "bsiEidSecurity", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.2.2.8": { "d": "bsiPT", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.2": { "d": "bsiEACRoles", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.2.1": { "d": "bsiEACRolesIS", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.2.2": { "d": "bsiEACRolesAT", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.2.3": { "d": "bsiEACRolesST", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.3": { "d": "bsiTAv2ce", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.3.1": { "d": "bsiTAv2ceDescription", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.3.1.1": { "d": "bsiTAv2ceDescriptionPlainText", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.3.1.2": { "d": "bsiTAv2ceDescriptionIA5String", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.3.1.3": { "d": "bsiTAv2ceDescriptionOctetString", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.3.2": { "d": "bsiTAv2ceTerminalSector", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.4": { "d": "bsiAuxData", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.4.1": { "d": "bsiAuxDataBirthday", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.4.2": { "d": "bsiAuxDataExpireDate", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.4.3": { "d": "bsiAuxDataCommunityID", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5": { "d": "bsiDefectList", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.1": { "d": "bsiDefectAuthDefect", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.1.1": { "d": "bsiDefectCertRevoked", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.1.2": { "d": "bsiDefectCertReplaced", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.1.3": { "d": "bsiDefectChipAuthKeyRevoked", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.1.4": { "d": "bsiDefectActiveAuthKeyRevoked", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.2": { "d": "bsiDefectEPassportDefect", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.2.1": { "d": "bsiDefectEPassportDGMalformed", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.2.2": { "d": "bsiDefectSODInvalid", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.3": { "d": "bsiDefectEIDDefect", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.3.1": { "d": "bsiDefectEIDDGMalformed", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.3.2": { "d": "bsiDefectEIDIntegrity", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.4": { "d": "bsiDefectDocumentDefect", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.4.1": { "d": "bsiDefectCardSecurityMalformed", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.4.2": { "d": "bsiDefectChipSecurityMalformed", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.5.4.3": { "d": "bsiDefectPowerDownReq", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.1.6": { "d": "bsiListContentDescription", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.2.1": { "d": "bsiSecurityObject", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.2.2": { "d": "bsiBlackList", "c": "BSI TR-03110" }, +"0.4.0.127.0.7.3.4.2.2": { "d": "bsiSignedUpdateDeviceAdmin", "c": "BSI TR-03109" }, +"0.4.0.127.0.7.4.1.1.1": { "d": "bsiCertReqMsgs", "c": "BSI TR-03109" }, +"0.4.0.127.0.7.4.1.1.2": { "d": "bsiCertReqMsgswithOuterSignature", "c": "BSI TR-03109" }, +"0.4.0.127.0.7.4.1.1.3": { "d": "bsiAuthorizedCertReqMsgs", "c": "BSI TR-03109" }, +"0.4.0.127.0.7.4.1.2.2": { "d": "bsiSignedRevReqs", "c": "BSI TR-03109" }, +"0.4.0.1862": { "d": "etsiQcsProfile", "c": "ETSI TS 101 862 qualified certificates" }, +"0.4.0.1862.1": { "d": "etsiQcs", "c": "ETSI TS 101 862 qualified certificates" }, +"0.4.0.1862.1.1": { "d": "etsiQcsCompliance", "c": "ETSI TS 101 862 qualified certificates" }, +"0.4.0.1862.1.2": { "d": "etsiQcsLimitValue", "c": "ETSI TS 101 862 qualified certificates" }, +"0.4.0.1862.1.3": { "d": "etsiQcsRetentionPeriod", "c": "ETSI TS 101 862 qualified certificates" }, +"0.4.0.1862.1.4": { "d": "etsiQcsQcSSCD", "c": "ETSI TS 101 862 qualified certificates" }, +"0.9.2342.19200300.100.1.1": { "d": "userID", "c": "Some oddball X.500 attribute collection" }, +"0.9.2342.19200300.100.1.3": { "d": "rfc822Mailbox", "c": "Some oddball X.500 attribute collection" }, +"0.9.2342.19200300.100.1.25": { "d": "domainComponent", "c": "Men are from Mars, this OID is from Pluto" }, +"1.0.10118.3.0.49": { "d": "ripemd160", "c": "ISO 10118-3 hash function" }, +"1.0.10118.3.0.50": { "d": "ripemd128", "c": "ISO 10118-3 hash function" }, +"1.0.10118.3.0.55": { "d": "whirlpool", "c": "ISO 10118-3 hash function" }, +"1.2.36.1.3.1.1.1": { "d": "qgpki", "c": "Queensland Government PKI" }, +"1.2.36.1.3.1.1.1.1": { "d": "qgpkiPolicies", "c": "QGPKI policies" }, +"1.2.36.1.3.1.1.1.1.1": { "d": "qgpkiMedIntermedCA", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.1.1": { "d": "qgpkiMedIntermedIndividual", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.1.2": { "d": "qgpkiMedIntermedDeviceControl", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.1.3": { "d": "qgpkiMedIntermedDevice", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.1.4": { "d": "qgpkiMedIntermedAuthorisedParty", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.1.5": { "d": "qgpkiMedIntermedDeviceSystem", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2": { "d": "qgpkiMedIssuingCA", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.1": { "d": "qgpkiMedIssuingIndividual", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.2": { "d": "qgpkiMedIssuingDeviceControl", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.3": { "d": "qgpkiMedIssuingDevice", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.4": { "d": "qgpkiMedIssuingAuthorisedParty", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.5": { "d": "qgpkiMedIssuingClientAuth", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.6": { "d": "qgpkiMedIssuingServerAuth", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.7": { "d": "qgpkiMedIssuingDataProt", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.2.8": { "d": "qgpkiMedIssuingTokenAuth", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.3": { "d": "qgpkiBasicIntermedCA", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.3.1": { "d": "qgpkiBasicIntermedDeviceSystem", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.4": { "d": "qgpkiBasicIssuingCA", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.4.1": { "d": "qgpkiBasicIssuingClientAuth", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.4.2": { "d": "qgpkiBasicIssuingServerAuth", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.1.4.3": { "d": "qgpkiBasicIssuingDataSigning", "c": "QGPKI policy" }, +"1.2.36.1.3.1.1.1.2": { "d": "qgpkiAssuranceLevel", "c": "QGPKI assurance level" }, +"1.2.36.1.3.1.1.1.2.1": { "d": "qgpkiAssuranceRudimentary", "c": "QGPKI assurance level" }, +"1.2.36.1.3.1.1.1.2.2": { "d": "qgpkiAssuranceBasic", "c": "QGPKI assurance level" }, +"1.2.36.1.3.1.1.1.2.3": { "d": "qgpkiAssuranceMedium", "c": "QGPKI assurance level" }, +"1.2.36.1.3.1.1.1.2.4": { "d": "qgpkiAssuranceHigh", "c": "QGPKI assurance level" }, +"1.2.36.1.3.1.1.1.3": { "d": "qgpkiCertFunction", "c": "QGPKI policies" }, +"1.2.36.1.3.1.1.1.3.1": { "d": "qgpkiFunctionIndividual", "c": "QGPKI policies" }, +"1.2.36.1.3.1.1.1.3.2": { "d": "qgpkiFunctionDevice", "c": "QGPKI policies" }, +"1.2.36.1.3.1.1.1.3.3": { "d": "qgpkiFunctionAuthorisedParty", "c": "QGPKI policies" }, +"1.2.36.1.3.1.1.1.3.4": { "d": "qgpkiFunctionDeviceControl", "c": "QGPKI policies" }, +"1.2.36.1.3.1.2": { "d": "qpspki", "c": "Queensland Police PKI" }, +"1.2.36.1.3.1.2.1": { "d": "qpspkiPolicies", "c": "Queensland Police PKI" }, +"1.2.36.1.3.1.2.1.2": { "d": "qpspkiPolicyBasic", "c": "Queensland Police PKI" }, +"1.2.36.1.3.1.2.1.3": { "d": "qpspkiPolicyMedium", "c": "Queensland Police PKI" }, +"1.2.36.1.3.1.2.1.4": { "d": "qpspkiPolicyHigh", "c": "Queensland Police PKI" }, +"1.2.36.1.3.1.3.2": { "d": "qtmrpki", "c": "Queensland Transport PKI" }, +"1.2.36.1.3.1.3.2.1": { "d": "qtmrpkiPolicies", "c": "Queensland Transport PKI" }, +"1.2.36.1.3.1.3.2.2": { "d": "qtmrpkiPurpose", "c": "Queensland Transport PKI" }, +"1.2.36.1.3.1.3.2.2.1": { "d": "qtmrpkiIndividual", "c": "Queensland Transport PKI purpose" }, +"1.2.36.1.3.1.3.2.2.2": { "d": "qtmrpkiDeviceControl", "c": "Queensland Transport PKI purpose" }, +"1.2.36.1.3.1.3.2.2.3": { "d": "qtmrpkiDevice", "c": "Queensland Transport PKI purpose" }, +"1.2.36.1.3.1.3.2.2.4": { "d": "qtmrpkiAuthorisedParty", "c": "Queensland Transport PKI purpose" }, +"1.2.36.1.3.1.3.2.2.5": { "d": "qtmrpkiDeviceSystem", "c": "Queensland Transport PKI purpose" }, +"1.2.36.1.3.1.3.2.3": { "d": "qtmrpkiDevice", "c": "Queensland Transport PKI" }, +"1.2.36.1.3.1.3.2.3.1": { "d": "qtmrpkiDriverLicense", "c": "Queensland Transport PKI device" }, +"1.2.36.1.3.1.3.2.3.2": { "d": "qtmrpkiIndustryAuthority", "c": "Queensland Transport PKI device" }, +"1.2.36.1.3.1.3.2.3.3": { "d": "qtmrpkiMarineLicense", "c": "Queensland Transport PKI device" }, +"1.2.36.1.3.1.3.2.3.4": { "d": "qtmrpkiAdultProofOfAge", "c": "Queensland Transport PKI device" }, +"1.2.36.1.3.1.3.2.3.5": { "d": "qtmrpkiSam", "c": "Queensland Transport PKI device" }, +"1.2.36.1.3.1.3.2.4": { "d": "qtmrpkiAuthorisedParty", "c": "Queensland Transport PKI" }, +"1.2.36.1.3.1.3.2.4.1": { "d": "qtmrpkiTransportInspector", "c": "Queensland Transport PKI authorised party" }, +"1.2.36.1.3.1.3.2.4.2": { "d": "qtmrpkiPoliceOfficer", "c": "Queensland Transport PKI authorised party" }, +"1.2.36.1.3.1.3.2.4.3": { "d": "qtmrpkiSystem", "c": "Queensland Transport PKI authorised party" }, +"1.2.36.1.3.1.3.2.4.4": { "d": "qtmrpkiLiquorLicensingInspector", "c": "Queensland Transport PKI authorised party" }, +"1.2.36.1.3.1.3.2.4.5": { "d": "qtmrpkiMarineEnforcementOfficer", "c": "Queensland Transport PKI authorised party" }, +"1.2.36.1.333.1": { "d": "australianBusinessNumber", "c": "Australian Government corporate taxpayer ID" }, +"1.2.36.68980861.1.1.2": { "d": "signetPersonal", "c": "Signet CA" }, +"1.2.36.68980861.1.1.3": { "d": "signetBusiness", "c": "Signet CA" }, +"1.2.36.68980861.1.1.4": { "d": "signetLegal", "c": "Signet CA" }, +"1.2.36.68980861.1.1.10": { "d": "signetPilot", "c": "Signet CA" }, +"1.2.36.68980861.1.1.11": { "d": "signetIntraNet", "c": "Signet CA" }, +"1.2.36.68980861.1.1.20": { "d": "signetPolicy", "c": "Signet CA" }, +"1.2.36.75878867.1.100.1.1": { "d": "certificatesAustraliaPolicy", "c": "Certificates Australia CA" }, +"1.2.156.10197.1": { "d": "gmtCryptographicAlgorithm", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.100": { "d": "gmtBlockCipher", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.102": { "d": "sm1Cipher", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.103": { "d": "ssf33Cipher", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.104": { "d": "sm4Cipher", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.200": { "d": "gmtStreamCipher", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.201": { "d": "zucCipher", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.300": { "d": "gmtPublicKeyCryptography", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.301": { "d": "sm2ECC", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.301.1": { "d": "sm2-1DigitalSignature", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.301.2": { "d": "sm2-2KeyExchange", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.301.3": { "d": "sm2-3PublicKeyEncryption", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.302": { "d": "gmtSM9IBE", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.302.1": { "d": "sm9-1DigitalSignature", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.302.2": { "d": "sm9-2KeyExchange", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.302.3": { "d": "sm9-3PublicKeyEncryption", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.400": { "d": "gmtHashAlgorithm", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.401": { "d": "sm3Hash", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.401.1": { "d": "sm3HashWithoutKey", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.401.2": { "d": "sm3HashWithKey", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.500": { "d": "gmtDigestSigning", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.501": { "d": "sm2withSM3", "c": "China GM Standards Committee" }, +"1.2.156.10197.1.504": { "d": "rsaWithSM3", "c": "China GM Standards Committee" }, +"1.2.156.10197.4.3": { "d": "gmtCertificateAuthority", "c": "China GM Standards Committee" }, +"1.2.156.10197.6": { "d": "gmtStandardClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1": { "d": "gmtFoundationClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.1": { "d": "gmtAlgorithmClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.1.1": { "d": "zucStandard", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.1.2": { "d": "sm4Standard", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.1.3": { "d": "sm2Standard", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.1.4": { "d": "sm3Standard", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.2": { "d": "gmtIDClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.2.1": { "d": "gmtCryptoID", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.3": { "d": "gmtOperationModes", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.4": { "d": "gmtSecurityMechanism", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.4.1": { "d": "gmtSM2Specification", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.1.4.2": { "d": "gmtSM2CryptographicMessageSyntax", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.2": { "d": "gmtDeviceClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.3": { "d": "gmtServiceClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.4": { "d": "gmtInfrastructure", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.5": { "d": "gmtTestingClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.5.1": { "d": "gmtRandomTestingClass", "c": "China GM Standards Committee" }, +"1.2.156.10197.6.6": { "d": "gmtManagementClass", "c": "China GM Standards Committee" }, +"1.2.392.200011.61.1.1.1": { "d": "mitsubishiSecurityAlgorithm", "c": "Mitsubishi security algorithm" }, +"1.2.392.200011.61.1.1.1.1": { "d": "misty1-cbc", "c": "Mitsubishi security algorithm" }, +"1.2.410.200004.1": { "d": "kisaAlgorithm", "c": "KISA algorithm" }, +"1.2.410.200004.1.1": { "d": "kcdsa", "c": "Korean DSA" }, +"1.2.410.200004.1.2": { "d": "has160", "c": "Korean hash algorithm" }, +"1.2.410.200004.1.3": { "d": "seedECB", "c": "Korean SEED algorithm, ECB mode" }, +"1.2.410.200004.1.4": { "d": "seedCBC", "c": "Korean SEED algorithm, CBC mode" }, +"1.2.410.200004.1.5": { "d": "seedOFB", "c": "Korean SEED algorithm, OFB mode" }, +"1.2.410.200004.1.6": { "d": "seedCFB", "c": "Korean SEED algorithm, CFB mode" }, +"1.2.410.200004.1.7": { "d": "seedMAC", "c": "Korean SEED algorithm, MAC mode" }, +"1.2.410.200004.1.8": { "d": "kcdsaWithHAS160", "c": "Korean signature algorithm" }, +"1.2.410.200004.1.9": { "d": "kcdsaWithSHA1", "c": "Korean signature algorithm" }, +"1.2.410.200004.1.10": { "d": "pbeWithHAS160AndSEED-ECB", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.11": { "d": "pbeWithHAS160AndSEED-CBC", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.12": { "d": "pbeWithHAS160AndSEED-CFB", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.13": { "d": "pbeWithHAS160AndSEED-OFB", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.14": { "d": "pbeWithSHA1AndSEED-ECB", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.15": { "d": "pbeWithSHA1AndSEED-CBC", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.16": { "d": "pbeWithSHA1AndSEED-CFB", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.17": { "d": "pbeWithSHA1AndSEED-OFB", "c": "Korean SEED algorithm, PBE key derivation" }, +"1.2.410.200004.1.20": { "d": "rsaWithHAS160", "c": "Korean signature algorithm" }, +"1.2.410.200004.1.21": { "d": "kcdsa1", "c": "Korean DSA" }, +"1.2.410.200004.2": { "d": "npkiCP", "c": "KISA NPKI certificate policies" }, +"1.2.410.200004.2.1": { "d": "npkiSignaturePolicy", "c": "KISA NPKI certificate policies" }, +"1.2.410.200004.3": { "d": "npkiKP", "c": "KISA NPKI key usage" }, +"1.2.410.200004.4": { "d": "npkiAT", "c": "KISA NPKI attribute" }, +"1.2.410.200004.5": { "d": "npkiLCA", "c": "KISA NPKI licensed CA" }, +"1.2.410.200004.5.1": { "d": "npkiSignKorea", "c": "KISA NPKI licensed CA" }, +"1.2.410.200004.5.2": { "d": "npkiSignGate", "c": "KISA NPKI licensed CA" }, +"1.2.410.200004.5.3": { "d": "npkiNcaSign", "c": "KISA NPKI licensed CA" }, +"1.2.410.200004.6": { "d": "npkiON", "c": "KISA NPKI otherName" }, +"1.2.410.200004.7": { "d": "npkiAPP", "c": "KISA NPKI application" }, +"1.2.410.200004.7.1": { "d": "npkiSMIME", "c": "KISA NPKI application" }, +"1.2.410.200004.7.1.1": { "d": "npkiSMIMEAlgo", "c": "KISA NPKI application" }, +"1.2.410.200004.7.1.1.1": { "d": "npkiCmsSEEDWrap", "c": "KISA NPKI application" }, +"1.2.410.200004.10": { "d": "npki", "c": "KISA NPKI" }, +"1.2.410.200004.10.1": { "d": "npkiAttribute", "c": "KISA NPKI attribute" }, +"1.2.410.200004.10.1.1": { "d": "npkiIdentifyData", "c": "KISA NPKI attribute" }, +"1.2.410.200004.10.1.1.1": { "d": "npkiVID", "c": "KISA NPKI attribute" }, +"1.2.410.200004.10.1.1.2": { "d": "npkiEncryptedVID", "c": "KISA NPKI attribute" }, +"1.2.410.200004.10.1.1.3": { "d": "npkiRandomNum", "c": "KISA NPKI attribute" }, +"1.2.410.200004.10.1.1.4": { "d": "npkiVID", "c": "KISA NPKI attribute" }, +"1.2.410.200046.1.1": { "d": "aria1AlgorithmModes", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.1": { "d": "aria128-ecb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.2": { "d": "aria128-cbc", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.3": { "d": "aria128-cfb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.4": { "d": "aria128-ofb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.5": { "d": "aria128-ctr", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.6": { "d": "aria192-ecb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.7": { "d": "aria192-cbc", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.8": { "d": "aria192-cfb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.9": { "d": "aria192-ofb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.10": { "d": "aria192-ctr", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.11": { "d": "aria256-ecb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.12": { "d": "aria256-cbc", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.13": { "d": "aria256-cfb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.14": { "d": "aria256-ofb", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.15": { "d": "aria256-ctr", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.21": { "d": "aria128-cmac", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.22": { "d": "aria192-cmac", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.23": { "d": "aria256-cmac", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.31": { "d": "aria128-ocb2", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.32": { "d": "aria192-ocb2", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.33": { "d": "aria256-ocb2", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.34": { "d": "aria128-gcm", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.35": { "d": "aria192-gcm", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.36": { "d": "aria256-gcm", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.37": { "d": "aria128-ccm", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.38": { "d": "aria192-ccm", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.39": { "d": "aria256-ccm", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.40": { "d": "aria128-keywrap", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.41": { "d": "aria192-keywrap", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.42": { "d": "aria256-keywrap", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.43": { "d": "aria128-keywrapWithPad", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.44": { "d": "aria192-keywrapWithPad", "c": "ARIA algorithm modes" }, +"1.2.410.200046.1.1.45": { "d": "aria256-keywrapWithPad", "c": "ARIA algorithm modes" }, +"1.2.643.2.2.3": { "d": "gostSignature", "c": "GOST R 34.10-2001 + GOST R 34.11-94 signature" }, +"1.2.643.2.2.4": { "d": "gost94Signature", "c": "GOST R 34.10-94 + GOST R 34.11-94 signature. Obsoleted by GOST R 34.10-2001", "w": true }, +"1.2.643.2.2.19": { "d": "gostPublicKey", "c": "GOST R 34.10-2001 (ECC) public key" }, +"1.2.643.2.2.20": { "d": "gost94PublicKey", "c": "GOST R 34.10-94 public key. Obsoleted by GOST R 34.10-2001", "w": true }, +"1.2.643.2.2.21": { "d": "gostCipher", "c": "GOST 28147-89 (symmetric key block cipher)" }, +"1.2.643.2.2.31.0": { "d": "testCipherParams", "c": "Test params for GOST 28147-89" }, +"1.2.643.2.2.31.1": { "d": "cryptoProCipherA", "c": "CryptoPro params A (default, variant 'Verba-O') for GOST 28147-89" }, +"1.2.643.2.2.31.2": { "d": "cryptoProCipherB", "c": "CryptoPro params B (variant 1) for GOST 28147-89" }, +"1.2.643.2.2.31.3": { "d": "cryptoProCipherC", "c": "CryptoPro params C (variant 2) for GOST 28147-89" }, +"1.2.643.2.2.31.4": { "d": "cryptoProCipherD", "c": "CryptoPro params D (variant 3) for GOST 28147-89" }, +"1.2.643.2.2.31.5": { "d": "oscar11Cipher", "c": "Oscar-1.1 params for GOST 28147-89" }, +"1.2.643.2.2.31.6": { "d": "oscar10Cipher", "c": "Oscar-1.0 params for GOST 28147-89" }, +"1.2.643.2.2.31.7": { "d": "ric1Cipher", "c": "RIC-1 params for GOST 28147-89" }, +"1.2.643.2.2.31.12": { "d": "tc26CipherA", "c": "TC26 params 2 for GOST 28147-89" }, +"1.2.643.2.2.31.13": { "d": "tc26CipherB", "c": "TC26 params 1 for GOST 28147-89" }, +"1.2.643.2.2.31.14": { "d": "tc26CipherC", "c": "TC26 params 3 for GOST 28147-89" }, +"1.2.643.2.2.31.15": { "d": "tc26CipherD", "c": "TC26 params 4 for GOST 28147-89" }, +"1.2.643.2.2.31.16": { "d": "tc26CipherE", "c": "TC26 params 5 for GOST 28147-89" }, +"1.2.643.2.2.31.17": { "d": "tc26CipherF", "c": "TC26 params 6 for GOST 28147-89" }, +"1.2.643.7.1.2.5.1.1": { "d": "tc26CipherZ", "c": "TC26 params Z for GOST 28147-89" }, +"1.2.643.2.2.9": { "d": "gostDigest", "c": "GOST R 34.11-94 digest" }, +"1.2.643.2.2.30.0": { "d": "testDigestParams", "c": "Test params for GOST R 34.11-94" }, +"1.2.643.2.2.30.1": { "d": "cryptoProDigestA", "c": "CryptoPro digest params A (default, variant 'Verba-O') for GOST R 34.11-94" }, +"1.2.643.2.2.30.2": { "d": "cryptoProDigestB", "c": "CryptoPro digest params B (variant 1) for GOST R 34.11-94" }, +"1.2.643.2.2.30.3": { "d": "cryptoProDigestC", "c": "CryptoPro digest params C (variant 2) for GOST R 34.11-94" }, +"1.2.643.2.2.30.4": { "d": "cryptoProDigestD", "c": "CryptoPro digest params D (variant 3) for GOST R 34.11-94" }, +"1.2.643.2.2.32.2": { "d": "cryptoPro94SignA", "c": "CryptoPro sign params A (default, variant 'Verba-O') for GOST R 34.10-94" }, +"1.2.643.2.2.32.3": { "d": "cryptoPro94SignB", "c": "CryptoPro sign params B (variant 1) for GOST R 34.10-94" }, +"1.2.643.2.2.32.4": { "d": "cryptoPro94SignC", "c": "CryptoPro sign params C (variant 2) for GOST R 34.10-94" }, +"1.2.643.2.2.32.5": { "d": "cryptoPro94SignD", "c": "CryptoPro sign params D (variant 3) for GOST R 34.10-94" }, +"1.2.643.2.2.33.1": { "d": "cryptoPro94SignXA", "c": "CryptoPro sign params XA (variant 1) for GOST R 34.10-94" }, +"1.2.643.2.2.33.2": { "d": "cryptoPro94SignXB", "c": "CryptoPro sign params XB (variant 2) for GOST R 34.10-94" }, +"1.2.643.2.2.33.3": { "d": "cryptoPro94SignXC", "c": "CryptoPro sign params XC (variant 3) for GOST R 34.10-94" }, +"1.2.643.2.2.35.0": { "d": "testSignParams", "c": "Test elliptic curve for GOST R 34.10-2001" }, +"1.2.643.2.2.35.1": { "d": "cryptoProSignA", "c": "CryptoPro ell.curve A for GOST R 34.10-2001" }, +"1.2.643.2.2.35.2": { "d": "cryptoProSignB", "c": "CryptoPro ell.curve B for GOST R 34.10-2001" }, +"1.2.643.2.2.35.3": { "d": "cryptoProSignC", "c": "CryptoPro ell.curve C for GOST R 34.10-2001" }, +"1.2.643.2.2.36.0": { "d": "cryptoProSignXA", "c": "CryptoPro ell.curve XA for GOST R 34.10-2001" }, +"1.2.643.2.2.36.1": { "d": "cryptoProSignXB", "c": "CryptoPro ell.curve XB for GOST R 34.10-2001" }, +"1.2.643.7.1.2.1.1.1": { "d": "cryptoPro2012Sign256A", "c": "CryptoPro ell.curve A for GOST R 34.10-2012 256 bit" }, +"1.2.643.7.1.2.1.2.1": { "d": "cryptoPro2012Sign512A", "c": "CryptoPro ell.curve A (default) for GOST R 34.10-2012 512 bit" }, +"1.2.643.7.1.2.1.2.2": { "d": "cryptoPro2012Sign512B", "c": "CryptoPro ell.curve B for GOST R 34.10-2012 512 bit" }, +"1.2.643.7.1.2.1.2.3": { "d": "cryptoPro2012Sign512C", "c": "CryptoPro ell.curve C for GOST R 34.10-2012 512 bit" }, +"1.2.643.2.2.14.0": { "d": "nullMeshing", "c": "Do not mesh state of GOST 28147-89 cipher" }, +"1.2.643.2.2.14.1": { "d": "cryptoProMeshing", "c": "CryptoPro meshing of state of GOST 28147-89 cipher" }, +"1.2.643.2.2.10": { "d": "hmacGost", "c": "HMAC with GOST R 34.11-94" }, +"1.2.643.2.2.13.0": { "d": "gostWrap", "c": "Wrap key using GOST 28147-89 key" }, +"1.2.643.2.2.13.1": { "d": "cryptoProWrap", "c": "Wrap key using diversified GOST 28147-89 key" }, +"1.2.643.2.2.96": { "d": "cryptoProECDHWrap", "c": "Wrap key using ECC DH on GOST R 34.10-2001 keys (VKO)" }, +"1.2.643.7.1.1.1.1": { "d": "gost2012PublicKey256", "c": "GOST R 34.10-2012 256 bit public key" }, +"1.2.643.7.1.1.1.2": { "d": "gost2012PublicKey512", "c": "GOST R 34.10-2012 512 bit public key" }, +"1.2.643.7.1.1.2.2": { "d": "gost2012Digest256", "c": "GOST R 34.11-2012 256 bit digest" }, +"1.2.643.7.1.1.2.3": { "d": "gost2012Digest512", "c": "GOST R 34.11-2012 512 bit digest" }, +"1.2.643.7.1.1.3.2": { "d": "gost2012Signature256", "c": "GOST R 34.10-2012 256 bit signature" }, +"1.2.643.7.1.1.3.3": { "d": "gost2012Signature512", "c": "GOST R 34.10-2012 512 bit signature" }, +"1.2.643.7.1.1.6.1": { "d": "cryptoProECDH256", "c": "CryptoPro ECC DH algorithm for GOST R 34.10-2012 256 bit key" }, +"1.2.643.7.1.1.6.2": { "d": "cryptoProECDH512", "c": "CryptoPro ECC DH algorithm for GOST R 34.10-2012 512 bit key" }, +"1.2.752.34.1": { "d": "seis-cp", "c": "SEIS Project" }, +"1.2.752.34.1.1": { "d": "SEIS high-assurance policyIdentifier", "c": "SEIS Project certificate policies" }, +"1.2.752.34.1.2": { "d": "SEIS GAK policyIdentifier", "c": "SEIS Project certificate policies" }, +"1.2.752.34.2": { "d": "SEIS pe", "c": "SEIS Project" }, +"1.2.752.34.3": { "d": "SEIS at", "c": "SEIS Project" }, +"1.2.752.34.3.1": { "d": "SEIS at-personalIdentifier", "c": "SEIS Project attribute" }, +"1.2.840.10040.1": { "d": "module", "c": "ANSI X9.57" }, +"1.2.840.10040.1.1": { "d": "x9f1-cert-mgmt", "c": "ANSI X9.57 module" }, +"1.2.840.10040.2": { "d": "holdinstruction", "c": "ANSI X9.57" }, +"1.2.840.10040.2.1": { "d": "holdinstruction-none", "c": "ANSI X9.57 hold instruction" }, +"1.2.840.10040.2.2": { "d": "callissuer", "c": "ANSI X9.57 hold instruction" }, +"1.2.840.10040.2.3": { "d": "reject", "c": "ANSI X9.57 hold instruction" }, +"1.2.840.10040.2.4": { "d": "pickupToken", "c": "ANSI X9.57 hold instruction" }, +"1.2.840.10040.3": { "d": "attribute", "c": "ANSI X9.57" }, +"1.2.840.10040.3.1": { "d": "countersignature", "c": "ANSI X9.57 attribute" }, +"1.2.840.10040.3.2": { "d": "attribute-cert", "c": "ANSI X9.57 attribute" }, +"1.2.840.10040.4": { "d": "algorithm", "c": "ANSI X9.57" }, +"1.2.840.10040.4.1": { "d": "dsa", "c": "ANSI X9.57 algorithm" }, +"1.2.840.10040.4.2": { "d": "dsa-match", "c": "ANSI X9.57 algorithm" }, +"1.2.840.10040.4.3": { "d": "dsaWithSha1", "c": "ANSI X9.57 algorithm" }, +"1.2.840.10045.1": { "d": "fieldType", "c": "ANSI X9.62. This OID is also assigned as ecdsa-with-SHA1" }, +"1.2.840.10045.1.1": { "d": "prime-field", "c": "ANSI X9.62 field type" }, +"1.2.840.10045.1.2": { "d": "characteristic-two-field", "c": "ANSI X9.62 field type" }, +"1.2.840.10045.1.2.3": { "d": "characteristic-two-basis", "c": "ANSI X9.62 field type" }, +"1.2.840.10045.1.2.3.1": { "d": "onBasis", "c": "ANSI X9.62 field basis" }, +"1.2.840.10045.1.2.3.2": { "d": "tpBasis", "c": "ANSI X9.62 field basis" }, +"1.2.840.10045.1.2.3.3": { "d": "ppBasis", "c": "ANSI X9.62 field basis" }, +"1.2.840.10045.2": { "d": "publicKeyType", "c": "ANSI X9.62" }, +"1.2.840.10045.2.1": { "d": "ecPublicKey", "c": "ANSI X9.62 public key type" }, +"1.2.840.10045.3.0.1": { "d": "c2pnb163v1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.2": { "d": "c2pnb163v2", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.3": { "d": "c2pnb163v3", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.5": { "d": "c2tnb191v1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.6": { "d": "c2tnb191v2", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.7": { "d": "c2tnb191v3", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.10": { "d": "c2pnb208w1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.11": { "d": "c2tnb239v1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.12": { "d": "c2tnb239v2", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.13": { "d": "c2tnb239v3", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.16": { "d": "c2pnb272w1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.18": { "d": "c2tnb359v1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.19": { "d": "c2pnb368w1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.0.20": { "d": "c2tnb431r1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.1.1": { "d": "prime192v1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.1.2": { "d": "prime192v2", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.1.3": { "d": "prime192v3", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.1.4": { "d": "prime239v1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.1.5": { "d": "prime239v2", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.1.6": { "d": "prime239v3", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.3.1.7": { "d": "prime256v1", "c": "ANSI X9.62 named elliptic curve" }, +"1.2.840.10045.4.1": { "d": "ecdsaWithSHA1", "c": "ANSI X9.62 ECDSA algorithm with SHA1" }, +"1.2.840.10045.4.2": { "d": "ecdsaWithRecommended", "c": "ANSI X9.62 ECDSA algorithm with Recommended" }, +"1.2.840.10045.4.3": { "d": "ecdsaWithSpecified", "c": "ANSI X9.62 ECDSA algorithm with Specified" }, +"1.2.840.10045.4.3.1": { "d": "ecdsaWithSHA224", "c": "ANSI X9.62 ECDSA algorithm with SHA224" }, +"1.2.840.10045.4.3.2": { "d": "ecdsaWithSHA256", "c": "ANSI X9.62 ECDSA algorithm with SHA256" }, +"1.2.840.10045.4.3.3": { "d": "ecdsaWithSHA384", "c": "ANSI X9.62 ECDSA algorithm with SHA384" }, +"1.2.840.10045.4.3.4": { "d": "ecdsaWithSHA512", "c": "ANSI X9.62 ECDSA algorithm with SHA512" }, +"1.2.840.10046.1": { "d": "fieldType", "c": "ANSI X9.42" }, +"1.2.840.10046.1.1": { "d": "gf-prime", "c": "ANSI X9.42 field type" }, +"1.2.840.10046.2": { "d": "numberType", "c": "ANSI X9.42" }, +"1.2.840.10046.2.1": { "d": "dhPublicKey", "c": "ANSI X9.42 number type" }, +"1.2.840.10046.3": { "d": "scheme", "c": "ANSI X9.42" }, +"1.2.840.10046.3.1": { "d": "dhStatic", "c": "ANSI X9.42 scheme" }, +"1.2.840.10046.3.2": { "d": "dhEphem", "c": "ANSI X9.42 scheme" }, +"1.2.840.10046.3.3": { "d": "dhHybrid1", "c": "ANSI X9.42 scheme" }, +"1.2.840.10046.3.4": { "d": "dhHybrid2", "c": "ANSI X9.42 scheme" }, +"1.2.840.10046.3.5": { "d": "mqv2", "c": "ANSI X9.42 scheme" }, +"1.2.840.10046.3.6": { "d": "mqv1", "c": "ANSI X9.42 scheme" }, +"1.2.840.10065.2.2": { "d": "?", "c": "ASTM 31.20" }, +"1.2.840.10065.2.3": { "d": "healthcareLicense", "c": "ASTM 31.20" }, +"1.2.840.10065.2.3.1.1": { "d": "license?", "c": "ASTM 31.20 healthcare license type" }, +"1.2.840.10070": { "d": "iec62351", "c": "IEC 62351" }, +"1.2.840.10070.8": { "d": "iec62351_8", "c": "IEC 62351-8" }, +"1.2.840.10070.8.1": { "d": "iecUserRoles", "c": "IEC 62351-8" }, +"1.2.840.113533.7": { "d": "nsn", "c": "" }, +"1.2.840.113533.7.65": { "d": "nsn-ce", "c": "" }, +"1.2.840.113533.7.65.0": { "d": "entrustVersInfo", "c": "Nortel Secure Networks ce" }, +"1.2.840.113533.7.66": { "d": "nsn-alg", "c": "" }, +"1.2.840.113533.7.66.3": { "d": "cast3CBC", "c": "Nortel Secure Networks alg" }, +"1.2.840.113533.7.66.10": { "d": "cast5CBC", "c": "Nortel Secure Networks alg" }, +"1.2.840.113533.7.66.11": { "d": "cast5MAC", "c": "Nortel Secure Networks alg" }, +"1.2.840.113533.7.66.12": { "d": "pbeWithMD5AndCAST5-CBC", "c": "Nortel Secure Networks alg" }, +"1.2.840.113533.7.66.13": { "d": "passwordBasedMac", "c": "Nortel Secure Networks alg" }, +"1.2.840.113533.7.67": { "d": "nsn-oc", "c": "" }, +"1.2.840.113533.7.67.0": { "d": "entrustUser", "c": "Nortel Secure Networks oc" }, +"1.2.840.113533.7.68": { "d": "nsn-at", "c": "" }, +"1.2.840.113533.7.68.0": { "d": "entrustCAInfo", "c": "Nortel Secure Networks at" }, +"1.2.840.113533.7.68.10": { "d": "attributeCertificate", "c": "Nortel Secure Networks at" }, +"1.2.840.113549.1.1": { "d": "pkcs-1", "c": "" }, +"1.2.840.113549.1.1.1": { "d": "rsaEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.2": { "d": "md2WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.3": { "d": "md4WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.4": { "d": "md5WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.5": { "d": "sha1WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.7": { "d": "rsaOAEP", "c": "PKCS #1" }, +"1.2.840.113549.1.1.8": { "d": "pkcs1-MGF", "c": "PKCS #1" }, +"1.2.840.113549.1.1.9": { "d": "rsaOAEP-pSpecified", "c": "PKCS #1" }, +"1.2.840.113549.1.1.10": { "d": "rsaPSS", "c": "PKCS #1" }, +"1.2.840.113549.1.1.11": { "d": "sha256WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.12": { "d": "sha384WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.13": { "d": "sha512WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.14": { "d": "sha224WithRSAEncryption", "c": "PKCS #1" }, +"1.2.840.113549.1.1.6": { "d": "rsaOAEPEncryptionSET", "c": "PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption" }, +"1.2.840.113549.1.2": { "d": "bsafeRsaEncr", "c": "Obsolete BSAFE OID", "w": true }, +"1.2.840.113549.1.3": { "d": "pkcs-3", "c": "" }, +"1.2.840.113549.1.3.1": { "d": "dhKeyAgreement", "c": "PKCS #3" }, +"1.2.840.113549.1.5": { "d": "pkcs-5", "c": "" }, +"1.2.840.113549.1.5.1": { "d": "pbeWithMD2AndDES-CBC", "c": "PKCS #5" }, +"1.2.840.113549.1.5.3": { "d": "pbeWithMD5AndDES-CBC", "c": "PKCS #5" }, +"1.2.840.113549.1.5.4": { "d": "pbeWithMD2AndRC2-CBC", "c": "PKCS #5" }, +"1.2.840.113549.1.5.6": { "d": "pbeWithMD5AndRC2-CBC", "c": "PKCS #5" }, +"1.2.840.113549.1.5.9": { "d": "pbeWithMD5AndXOR", "c": "PKCS #5, used in BSAFE only", "w": true }, +"1.2.840.113549.1.5.10": { "d": "pbeWithSHAAndDES-CBC", "c": "PKCS #5" }, +"1.2.840.113549.1.5.12": { "d": "pkcs5PBKDF2", "c": "PKCS #5 v2.0" }, +"1.2.840.113549.1.5.13": { "d": "pkcs5PBES2", "c": "PKCS #5 v2.0" }, +"1.2.840.113549.1.5.14": { "d": "pkcs5PBMAC1", "c": "PKCS #5 v2.0" }, +"1.2.840.113549.1.7": { "d": "pkcs-7", "c": "" }, +"1.2.840.113549.1.7.1": { "d": "data", "c": "PKCS #7" }, +"1.2.840.113549.1.7.2": { "d": "signedData", "c": "PKCS #7" }, +"1.2.840.113549.1.7.3": { "d": "envelopedData", "c": "PKCS #7" }, +"1.2.840.113549.1.7.4": { "d": "signedAndEnvelopedData", "c": "PKCS #7" }, +"1.2.840.113549.1.7.5": { "d": "digestedData", "c": "PKCS #7" }, +"1.2.840.113549.1.7.6": { "d": "encryptedData", "c": "PKCS #7" }, +"1.2.840.113549.1.7.7": { "d": "dataWithAttributes", "c": "PKCS #7 experimental", "w": true }, +"1.2.840.113549.1.7.8": { "d": "encryptedPrivateKeyInfo", "c": "PKCS #7 experimental", "w": true }, +"1.2.840.113549.1.9": { "d": "pkcs-9", "c": "" }, +"1.2.840.113549.1.9.1": { "d": "emailAddress", "c": "PKCS #9. Deprecated, use an altName extension instead" }, +"1.2.840.113549.1.9.2": { "d": "unstructuredName", "c": "PKCS #9" }, +"1.2.840.113549.1.9.3": { "d": "contentType", "c": "PKCS #9" }, +"1.2.840.113549.1.9.4": { "d": "messageDigest", "c": "PKCS #9" }, +"1.2.840.113549.1.9.5": { "d": "signingTime", "c": "PKCS #9" }, +"1.2.840.113549.1.9.6": { "d": "countersignature", "c": "PKCS #9" }, +"1.2.840.113549.1.9.7": { "d": "challengePassword", "c": "PKCS #9" }, +"1.2.840.113549.1.9.8": { "d": "unstructuredAddress", "c": "PKCS #9" }, +"1.2.840.113549.1.9.9": { "d": "extendedCertificateAttributes", "c": "PKCS #9" }, +"1.2.840.113549.1.9.10": { "d": "issuerAndSerialNumber", "c": "PKCS #9 experimental", "w": true }, +"1.2.840.113549.1.9.11": { "d": "passwordCheck", "c": "PKCS #9 experimental", "w": true }, +"1.2.840.113549.1.9.12": { "d": "publicKey", "c": "PKCS #9 experimental", "w": true }, +"1.2.840.113549.1.9.13": { "d": "signingDescription", "c": "PKCS #9" }, +"1.2.840.113549.1.9.14": { "d": "extensionRequest", "c": "PKCS #9 via CRMF" }, +"1.2.840.113549.1.9.15": { "d": "sMIMECapabilities", "c": "PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name" }, +"1.2.840.113549.1.9.15.1": { "d": "preferSignedData", "c": "sMIMECapabilities" }, +"1.2.840.113549.1.9.15.2": { "d": "canNotDecryptAny", "c": "sMIMECapabilities" }, +"1.2.840.113549.1.9.15.3": { "d": "receiptRequest", "c": "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 1) instead", "w": true }, +"1.2.840.113549.1.9.15.4": { "d": "receipt", "c": "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 1 1) instead", "w": true }, +"1.2.840.113549.1.9.15.5": { "d": "contentHints", "c": "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 4) instead", "w": true }, +"1.2.840.113549.1.9.15.6": { "d": "mlExpansionHistory", "c": "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 3) instead", "w": true }, +"1.2.840.113549.1.9.16": { "d": "id-sMIME", "c": "PKCS #9" }, +"1.2.840.113549.1.9.16.0": { "d": "id-mod", "c": "id-sMIME" }, +"1.2.840.113549.1.9.16.0.1": { "d": "id-mod-cms", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.0.2": { "d": "id-mod-ess", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.0.3": { "d": "id-mod-oid", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.0.4": { "d": "id-mod-msg-v3", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.0.5": { "d": "id-mod-ets-eSignature-88", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.0.6": { "d": "id-mod-ets-eSignature-97", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.0.7": { "d": "id-mod-ets-eSigPolicy-88", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.0.8": { "d": "id-mod-ets-eSigPolicy-88", "c": "S/MIME Modules" }, +"1.2.840.113549.1.9.16.1": { "d": "contentType", "c": "S/MIME" }, +"1.2.840.113549.1.9.16.1.1": { "d": "receipt", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.2": { "d": "authData", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.3": { "d": "publishCert", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.4": { "d": "tSTInfo", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.5": { "d": "tDTInfo", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.6": { "d": "contentInfo", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.7": { "d": "dVCSRequestData", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.8": { "d": "dVCSResponseData", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.9": { "d": "compressedData", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.10": { "d": "scvpCertValRequest", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.11": { "d": "scvpCertValResponse", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.12": { "d": "scvpValPolRequest", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.13": { "d": "scvpValPolResponse", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.14": { "d": "attrCertEncAttrs", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.15": { "d": "tSReq", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.16": { "d": "firmwarePackage", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.17": { "d": "firmwareLoadReceipt", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.18": { "d": "firmwareLoadError", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.19": { "d": "contentCollection", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.20": { "d": "contentWithAttrs", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.21": { "d": "encKeyWithID", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.22": { "d": "encPEPSI", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.23": { "d": "authEnvelopedData", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.24": { "d": "routeOriginAttest", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.25": { "d": "symmetricKeyPackage", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.26": { "d": "rpkiManifest", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.27": { "d": "asciiTextWithCRLF", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.28": { "d": "xml", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.29": { "d": "pdf", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.30": { "d": "postscript", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.31": { "d": "timestampedData", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.32": { "d": "asAdjacencyAttest", "c": "S/MIME Content Types", "w": true }, +"1.2.840.113549.1.9.16.1.33": { "d": "rpkiTrustAnchor", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.1.34": { "d": "trustAnchorList", "c": "S/MIME Content Types" }, +"1.2.840.113549.1.9.16.2": { "d": "authenticatedAttributes", "c": "S/MIME" }, +"1.2.840.113549.1.9.16.2.1": { "d": "receiptRequest", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.2": { "d": "securityLabel", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.3": { "d": "mlExpandHistory", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.4": { "d": "contentHint", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.5": { "d": "msgSigDigest", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.6": { "d": "encapContentType", "c": "S/MIME Authenticated Attributes. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.2.7": { "d": "contentIdentifier", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.8": { "d": "macValue", "c": "S/MIME Authenticated Attributes. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.2.9": { "d": "equivalentLabels", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.10": { "d": "contentReference", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.11": { "d": "encrypKeyPref", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.12": { "d": "signingCertificate", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.13": { "d": "smimeEncryptCerts", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.14": { "d": "timeStampToken", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.15": { "d": "sigPolicyId", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.16": { "d": "commitmentType", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.17": { "d": "signerLocation", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.18": { "d": "signerAttr", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.19": { "d": "otherSigCert", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.20": { "d": "contentTimestamp", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.21": { "d": "certificateRefs", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.22": { "d": "revocationRefs", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.23": { "d": "certValues", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.24": { "d": "revocationValues", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.25": { "d": "escTimeStamp", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.26": { "d": "certCRLTimestamp", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.27": { "d": "archiveTimeStamp", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.28": { "d": "signatureType", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.29": { "d": "dvcsDvc", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.30": { "d": "cekReference", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.31": { "d": "maxCEKDecrypts", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.32": { "d": "kekDerivationAlg", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.33": { "d": "intendedRecipients", "c": "S/MIME Authenticated Attributes. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.2.34": { "d": "cmcUnsignedData", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.35": { "d": "fwPackageID", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.36": { "d": "fwTargetHardwareIDs", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.37": { "d": "fwDecryptKeyID", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.38": { "d": "fwImplCryptAlgs", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.39": { "d": "fwWrappedFirmwareKey", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.40": { "d": "fwCommunityIdentifiers", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.41": { "d": "fwPkgMessageDigest", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.42": { "d": "fwPackageInfo", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.43": { "d": "fwImplCompressAlgs", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.44": { "d": "etsAttrCertificateRefs", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.45": { "d": "etsAttrRevocationRefs", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.46": { "d": "binarySigningTime", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.47": { "d": "signingCertificateV2", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.48": { "d": "etsArchiveTimeStampV2", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.49": { "d": "erInternal", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.50": { "d": "erExternal", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.2.51": { "d": "multipleSignatures", "c": "S/MIME Authenticated Attributes" }, +"1.2.840.113549.1.9.16.3.1": { "d": "esDHwith3DES", "c": "S/MIME Algorithms. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.3.2": { "d": "esDHwithRC2", "c": "S/MIME Algorithms. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.3.3": { "d": "3desWrap", "c": "S/MIME Algorithms. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.3.4": { "d": "rc2Wrap", "c": "S/MIME Algorithms. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.3.5": { "d": "esDH", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.6": { "d": "cms3DESwrap", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.7": { "d": "cmsRC2wrap", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.8": { "d": "zlib", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.9": { "d": "pwriKEK", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.10": { "d": "ssDH", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.11": { "d": "hmacWith3DESwrap", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.12": { "d": "hmacWithAESwrap", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.13": { "d": "md5XorExperiment", "c": "S/MIME Algorithms. Experimental", "w": true }, +"1.2.840.113549.1.9.16.3.14": { "d": "rsaKEM", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.15": { "d": "authEnc128", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.16": { "d": "authEnc256", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.19": { "d": "ecdhHKDF-SHA256", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.20": { "d": "ecdhHKDF-SHA384", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.3.21": { "d": "ecdhHKDF-SHA512", "c": "S/MIME Algorithms" }, +"1.2.840.113549.1.9.16.4.1": { "d": "certDist-ldap", "c": "S/MIME Certificate Distribution" }, +"1.2.840.113549.1.9.16.5.1": { "d": "sigPolicyQualifier-spuri x", "c": "S/MIME Signature Policy Qualifiers" }, +"1.2.840.113549.1.9.16.5.2": { "d": "sigPolicyQualifier-spUserNotice", "c": "S/MIME Signature Policy Qualifiers" }, +"1.2.840.113549.1.9.16.6.1": { "d": "proofOfOrigin", "c": "S/MIME Commitment Type Identifiers" }, +"1.2.840.113549.1.9.16.6.2": { "d": "proofOfReceipt", "c": "S/MIME Commitment Type Identifiers" }, +"1.2.840.113549.1.9.16.6.3": { "d": "proofOfDelivery", "c": "S/MIME Commitment Type Identifiers" }, +"1.2.840.113549.1.9.16.6.4": { "d": "proofOfSender", "c": "S/MIME Commitment Type Identifiers" }, +"1.2.840.113549.1.9.16.6.5": { "d": "proofOfApproval", "c": "S/MIME Commitment Type Identifiers" }, +"1.2.840.113549.1.9.16.6.6": { "d": "proofOfCreation", "c": "S/MIME Commitment Type Identifiers" }, +"1.2.840.113549.1.9.16.8.1": { "d": "glUseKEK", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.2": { "d": "glDelete", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.3": { "d": "glAddMember", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.4": { "d": "glDeleteMember", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.5": { "d": "glRekey", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.6": { "d": "glAddOwner", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.7": { "d": "glRemoveOwner", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.8": { "d": "glkCompromise", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.9": { "d": "glkRefresh", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.10": { "d": "glFailInfo", "c": "S/MIME Symmetric Key Distribution Attributes. Obsolete", "w": true }, +"1.2.840.113549.1.9.16.8.11": { "d": "glaQueryRequest", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.12": { "d": "glaQueryResponse", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.13": { "d": "glProvideCert", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.14": { "d": "glUpdateCert", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.8.15": { "d": "glKey", "c": "S/MIME Symmetric Key Distribution Attributes" }, +"1.2.840.113549.1.9.16.9": { "d": "signatureTypeIdentifier", "c": "S/MIME" }, +"1.2.840.113549.1.9.16.9.1": { "d": "originatorSig", "c": "S/MIME Signature Type Identifier" }, +"1.2.840.113549.1.9.16.9.2": { "d": "domainSig", "c": "S/MIME Signature Type Identifier" }, +"1.2.840.113549.1.9.16.9.3": { "d": "additionalAttributesSig", "c": "S/MIME Signature Type Identifier" }, +"1.2.840.113549.1.9.16.9.4": { "d": "reviewSig", "c": "S/MIME Signature Type Identifier" }, +"1.2.840.113549.1.9.16.11": { "d": "capabilities", "c": "S/MIME" }, +"1.2.840.113549.1.9.16.11.1": { "d": "preferBinaryInside", "c": "S/MIME Capability" }, +"1.2.840.113549.1.9.20": { "d": "friendlyName (for PKCS #12)", "c": "PKCS #9 via PKCS #12" }, +"1.2.840.113549.1.9.21": { "d": "localKeyID (for PKCS #12)", "c": "PKCS #9 via PKCS #12" }, +"1.2.840.113549.1.9.22": { "d": "certTypes (for PKCS #12)", "c": "PKCS #9 via PKCS #12" }, +"1.2.840.113549.1.9.22.1": { "d": "x509Certificate (for PKCS #12)", "c": "PKCS #9 via PKCS #12" }, +"1.2.840.113549.1.9.22.2": { "d": "sdsiCertificate (for PKCS #12)", "c": "PKCS #9 via PKCS #12" }, +"1.2.840.113549.1.9.23": { "d": "crlTypes (for PKCS #12)", "c": "PKCS #9 via PKCS #12" }, +"1.2.840.113549.1.9.23.1": { "d": "x509Crl (for PKCS #12)", "c": "PKCS #9 via PKCS #12" }, +"1.2.840.113549.1.9.24": { "d": "pkcs9objectClass", "c": "PKCS #9/RFC 2985" }, +"1.2.840.113549.1.9.25": { "d": "pkcs9attributes", "c": "PKCS #9/RFC 2985" }, +"1.2.840.113549.1.9.25.1": { "d": "pkcs15Token", "c": "PKCS #9/RFC 2985 attribute" }, +"1.2.840.113549.1.9.25.2": { "d": "encryptedPrivateKeyInfo", "c": "PKCS #9/RFC 2985 attribute" }, +"1.2.840.113549.1.9.25.3": { "d": "randomNonce", "c": "PKCS #9/RFC 2985 attribute" }, +"1.2.840.113549.1.9.25.4": { "d": "sequenceNumber", "c": "PKCS #9/RFC 2985 attribute" }, +"1.2.840.113549.1.9.25.5": { "d": "pkcs7PDU", "c": "PKCS #9/RFC 2985 attribute" }, +"1.2.840.113549.1.9.26": { "d": "pkcs9syntax", "c": "PKCS #9/RFC 2985" }, +"1.2.840.113549.1.9.27": { "d": "pkcs9matchingRules", "c": "PKCS #9/RFC 2985" }, +"1.2.840.113549.1.9.52": { "d": "cmsAlgorithmProtection", "c": "RFC 6211" }, +"1.2.840.113549.1.12": { "d": "pkcs-12", "c": "" }, +"1.2.840.113549.1.12.1": { "d": "pkcs-12-PbeIds", "c": "This OID was formerly assigned as PKCS #12 modeID" }, +"1.2.840.113549.1.12.1.1": { "d": "pbeWithSHAAnd128BitRC4", "c": "PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OfflineTransportMode" }, +"1.2.840.113549.1.12.1.2": { "d": "pbeWithSHAAnd40BitRC4", "c": "PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OnlineTransportMode" }, +"1.2.840.113549.1.12.1.3": { "d": "pbeWithSHAAnd3-KeyTripleDES-CBC", "c": "PKCS #12 PbeIds" }, +"1.2.840.113549.1.12.1.4": { "d": "pbeWithSHAAnd2-KeyTripleDES-CBC", "c": "PKCS #12 PbeIds" }, +"1.2.840.113549.1.12.1.5": { "d": "pbeWithSHAAnd128BitRC2-CBC", "c": "PKCS #12 PbeIds" }, +"1.2.840.113549.1.12.1.6": { "d": "pbeWithSHAAnd40BitRC2-CBC", "c": "PKCS #12 PbeIds" }, +"1.2.840.113549.1.12.2": { "d": "pkcs-12-ESPVKID", "c": "Deprecated", "w": true }, +"1.2.840.113549.1.12.2.1": { "d": "pkcs-12-PKCS8KeyShrouding", "c": "PKCS #12 ESPVKID. Deprecated, use (1 2 840 113549 1 12 3 5) instead", "w": true }, +"1.2.840.113549.1.12.3": { "d": "pkcs-12-BagIds", "c": "" }, +"1.2.840.113549.1.12.3.1": { "d": "pkcs-12-keyBagId", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.3.2": { "d": "pkcs-12-certAndCRLBagId", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.3.3": { "d": "pkcs-12-secretBagId", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.3.4": { "d": "pkcs-12-safeContentsId", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.3.5": { "d": "pkcs-12-pkcs-8ShroudedKeyBagId", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.4": { "d": "pkcs-12-CertBagID", "c": "Deprecated", "w": true }, +"1.2.840.113549.1.12.4.1": { "d": "pkcs-12-X509CertCRLBagID", "c": "PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-X509CertCRLBag" }, +"1.2.840.113549.1.12.4.2": { "d": "pkcs-12-SDSICertBagID", "c": "PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-SDSICertBag" }, +"1.2.840.113549.1.12.5": { "d": "pkcs-12-OID", "c": "", "w": true }, +"1.2.840.113549.1.12.5.1": { "d": "pkcs-12-PBEID", "c": "PKCS #12 OID. Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead", "w": true }, +"1.2.840.113549.1.12.5.1.1": { "d": "pkcs-12-PBEWithSha1And128BitRC4", "c": "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 1) instead", "w": true }, +"1.2.840.113549.1.12.5.1.2": { "d": "pkcs-12-PBEWithSha1And40BitRC4", "c": "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 2) instead", "w": true }, +"1.2.840.113549.1.12.5.1.3": { "d": "pkcs-12-PBEWithSha1AndTripleDESCBC", "c": "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead", "w": true }, +"1.2.840.113549.1.12.5.1.4": { "d": "pkcs-12-PBEWithSha1And128BitRC2CBC", "c": "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 5) instead", "w": true }, +"1.2.840.113549.1.12.5.1.5": { "d": "pkcs-12-PBEWithSha1And40BitRC2CBC", "c": "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 6) instead", "w": true }, +"1.2.840.113549.1.12.5.1.6": { "d": "pkcs-12-PBEWithSha1AndRC4", "c": "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead", "w": true }, +"1.2.840.113549.1.12.5.1.7": { "d": "pkcs-12-PBEWithSha1AndRC2CBC", "c": "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead", "w": true }, +"1.2.840.113549.1.12.5.2": { "d": "pkcs-12-EnvelopingID", "c": "PKCS #12 OID. Deprecated, use the conventional PKCS #1 OIDs instead" }, +"1.2.840.113549.1.12.5.2.1": { "d": "pkcs-12-RSAEncryptionWith128BitRC4", "c": "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", "w": true }, +"1.2.840.113549.1.12.5.2.2": { "d": "pkcs-12-RSAEncryptionWith40BitRC4", "c": "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", "w": true }, +"1.2.840.113549.1.12.5.2.3": { "d": "pkcs-12-RSAEncryptionWithTripleDES", "c": "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", "w": true }, +"1.2.840.113549.1.12.5.3": { "d": "pkcs-12-SignatureID", "c": "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", "w": true }, +"1.2.840.113549.1.12.5.3.1": { "d": "pkcs-12-RSASignatureWithSHA1Digest", "c": "PKCS #12 OID SignatureID. Deprecated, use the conventional PKCS #1 OIDs instead", "w": true }, +"1.2.840.113549.1.12.10": { "d": "pkcs-12Version1", "c": "" }, +"1.2.840.113549.1.12.10.1": { "d": "pkcs-12BadIds", "c": "" }, +"1.2.840.113549.1.12.10.1.1": { "d": "pkcs-12-keyBag", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.10.1.2": { "d": "pkcs-12-pkcs-8ShroudedKeyBag", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.10.1.3": { "d": "pkcs-12-certBag", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.10.1.4": { "d": "pkcs-12-crlBag", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.10.1.5": { "d": "pkcs-12-secretBag", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.12.10.1.6": { "d": "pkcs-12-safeContentsBag", "c": "PKCS #12 BagIds" }, +"1.2.840.113549.1.15.1": { "d": "pkcs15modules", "c": "PKCS #15" }, +"1.2.840.113549.1.15.2": { "d": "pkcs15attributes", "c": "PKCS #15" }, +"1.2.840.113549.1.15.3": { "d": "pkcs15contentType", "c": "PKCS #15" }, +"1.2.840.113549.1.15.3.1": { "d": "pkcs15content", "c": "PKCS #15 content type" }, +"1.2.840.113549.2": { "d": "digestAlgorithm", "c": "" }, +"1.2.840.113549.2.2": { "d": "md2", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.2.4": { "d": "md4", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.2.5": { "d": "md5", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.2.7": { "d": "hmacWithSHA1", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.2.8": { "d": "hmacWithSHA224", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.2.9": { "d": "hmacWithSHA256", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.2.10": { "d": "hmacWithSHA384", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.2.11": { "d": "hmacWithSHA512", "c": "RSADSI digestAlgorithm" }, +"1.2.840.113549.3": { "d": "encryptionAlgorithm", "c": "" }, +"1.2.840.113549.3.2": { "d": "rc2CBC", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.3": { "d": "rc2ECB", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.4": { "d": "rc4", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.5": { "d": "rc4WithMAC", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.6": { "d": "desx-CBC", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.7": { "d": "des-EDE3-CBC", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.8": { "d": "rc5CBC", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.9": { "d": "rc5-CBCPad", "c": "RSADSI encryptionAlgorithm" }, +"1.2.840.113549.3.10": { "d": "desCDMF", "c": "RSADSI encryptionAlgorithm. Formerly called CDMFCBCPad" }, +"1.2.840.114021.1.6.1": { "d": "Identrus unknown policyIdentifier", "c": "Identrus" }, +"1.2.840.114021.4.1": { "d": "identrusOCSP", "c": "Identrus" }, +"1.2.840.113556.1.2.241": { "d": "deliveryMechanism", "c": "Microsoft Exchange Server - attribute" }, +"1.2.840.113556.1.2.281": { "d": "ntSecurityDescriptor", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.3.0": { "d": "site-Addressing", "c": "Microsoft Exchange Server - object class" }, +"1.2.840.113556.1.3.13": { "d": "classSchema", "c": "Microsoft Exchange Server - object class" }, +"1.2.840.113556.1.3.14": { "d": "attributeSchema", "c": "Microsoft Exchange Server - object class" }, +"1.2.840.113556.1.3.17": { "d": "mailbox-Agent", "c": "Microsoft Exchange Server - object class" }, +"1.2.840.113556.1.3.22": { "d": "mailbox", "c": "Microsoft Exchange Server - object class" }, +"1.2.840.113556.1.3.23": { "d": "container", "c": "Microsoft Exchange Server - object class" }, +"1.2.840.113556.1.3.46": { "d": "mailRecipient", "c": "Microsoft Exchange Server - object class" }, +"1.2.840.113556.1.4.145": { "d": "revision", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1327": { "d": "pKIDefaultKeySpec", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1328": { "d": "pKIKeyUsage", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1329": { "d": "pKIMaxIssuingDepth", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1330": { "d": "pKICriticalExtensions", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1331": { "d": "pKIExpirationPeriod", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1332": { "d": "pKIOverlapPeriod", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1333": { "d": "pKIExtendedKeyUsage", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1334": { "d": "pKIDefaultCSPs", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1335": { "d": "pKIEnrollmentAccess", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1429": { "d": "msPKI-RA-Signature", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1430": { "d": "msPKI-Enrollment-Flag", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1431": { "d": "msPKI-Private-Key-Flag", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1432": { "d": "msPKI-Certificate-Name-Flag", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1433": { "d": "msPKI-Minimal-Key-Size", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1434": { "d": "msPKI-Template-Schema-Version", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1435": { "d": "msPKI-Template-Minor-Revision", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1436": { "d": "msPKI-Cert-Template-OID", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1437": { "d": "msPKI-Supersede-Templates", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1438": { "d": "msPKI-RA-Policies", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1439": { "d": "msPKI-Certificate-Policy", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1674": { "d": "msPKI-Certificate-Application-Policy", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.1.4.1675": { "d": "msPKI-RA-Application-Policies", "c": "Microsoft Cert Template - attribute" }, +"1.2.840.113556.4.3": { "d": "microsoftExcel", "c": "Microsoft" }, +"1.2.840.113556.4.4": { "d": "titledWithOID", "c": "Microsoft" }, +"1.2.840.113556.4.5": { "d": "microsoftPowerPoint", "c": "Microsoft" }, +"1.2.840.113583.1": { "d": "adobeAcrobat", "c": "Adobe Acrobat" }, +"1.2.840.113583.1.1": { "d": "acrobatSecurity", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.1": { "d": "pdfPassword", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.2": { "d": "pdfDefaultSigningCredential", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.3": { "d": "pdfDefaultEncryptionCredential", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.4": { "d": "pdfPasswordTimeout", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.5": { "d": "pdfAuthenticDocumentsTrust", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.6": { "d": "pdfDynamicContentTrust", "c": "Adobe Acrobat security", "w": true }, +"1.2.840.113583.1.1.7": { "d": "pdfUbiquityTrust", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.8": { "d": "pdfRevocationInfoArchival", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.9": { "d": "pdfX509Extension", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.9.1": { "d": "pdfTimeStamp", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.9.2": { "d": "pdfArchiveRevInfo", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.1.10": { "d": "pdfPPLKLiteCredential", "c": "Adobe Acrobat security" }, +"1.2.840.113583.1.2": { "d": "acrobatCPS", "c": "Adobe Acrobat CPS" }, +"1.2.840.113583.1.2.1": { "d": "pdfAuthenticDocumentsCPS", "c": "Adobe Acrobat CPS" }, +"1.2.840.113583.1.2.2": { "d": "pdfTestCPS", "c": "Adobe Acrobat CPS" }, +"1.2.840.113583.1.2.3": { "d": "pdfUbiquityCPS", "c": "Adobe Acrobat CPS" }, +"1.2.840.113583.1.2.4": { "d": "pdfAdhocCPS", "c": "Adobe Acrobat CPS" }, +"1.2.840.113583.1.7": { "d": "acrobatUbiquity", "c": "Adobe Acrobat ubiquity" }, +"1.2.840.113583.1.7.1": { "d": "pdfUbiquitySubRights", "c": "Adobe Acrobat ubiquity" }, +"1.2.840.113583.1.9": { "d": "acrobatExtension", "c": "Adobe Acrobat X.509 extension" }, +"1.2.840.113628.114.1.7": { "d": "adobePKCS7", "c": "Adobe" }, +"1.2.840.113635.100": { "d": "appleDataSecurity", "c": "Apple" }, +"1.2.840.113635.100.1": { "d": "appleTrustPolicy", "c": "Apple" }, +"1.2.840.113635.100.1.1": { "d": "appleISignTP", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.2": { "d": "appleX509Basic", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.3": { "d": "appleSSLPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.4": { "d": "appleLocalCertGenPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.5": { "d": "appleCSRGenPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.6": { "d": "appleCRLPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.7": { "d": "appleOCSPPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.8": { "d": "appleSMIMEPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.9": { "d": "appleEAPPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.10": { "d": "appleSWUpdateSigningPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.11": { "d": "appleIPSecPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.12": { "d": "appleIChatPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.13": { "d": "appleResourceSignPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.14": { "d": "applePKINITClientPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.15": { "d": "applePKINITServerPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.16": { "d": "appleCodeSigningPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.1.17": { "d": "applePackageSigningPolicy", "c": "Apple trust policy" }, +"1.2.840.113635.100.2": { "d": "appleSecurityAlgorithm", "c": "Apple" }, +"1.2.840.113635.100.2.1": { "d": "appleFEE", "c": "Apple security algorithm" }, +"1.2.840.113635.100.2.2": { "d": "appleASC", "c": "Apple security algorithm" }, +"1.2.840.113635.100.2.3": { "d": "appleFEE_MD5", "c": "Apple security algorithm" }, +"1.2.840.113635.100.2.4": { "d": "appleFEE_SHA1", "c": "Apple security algorithm" }, +"1.2.840.113635.100.2.5": { "d": "appleFEED", "c": "Apple security algorithm" }, +"1.2.840.113635.100.2.6": { "d": "appleFEEDEXP", "c": "Apple security algorithm" }, +"1.2.840.113635.100.2.7": { "d": "appleECDSA", "c": "Apple security algorithm" }, +"1.2.840.113635.100.3": { "d": "appleDotMacCertificate", "c": "Apple" }, +"1.2.840.113635.100.3.1": { "d": "appleDotMacCertificateRequest", "c": "Apple dotMac certificate" }, +"1.2.840.113635.100.3.2": { "d": "appleDotMacCertificateExtension", "c": "Apple dotMac certificate" }, +"1.2.840.113635.100.3.3": { "d": "appleDotMacCertificateRequestValues", "c": "Apple dotMac certificate" }, +"1.2.840.113635.100.4": { "d": "appleExtendedKeyUsage", "c": "Apple" }, +"1.2.840.113635.100.4.1": { "d": "appleCodeSigning", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.1.1": { "d": "appleCodeSigningDevelopment", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.1.2": { "d": "appleSoftwareUpdateSigning", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.1.3": { "d": "appleCodeSigningThirdParty", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.1.4": { "d": "appleResourceSigning", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.2": { "d": "appleIChatSigning", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.3": { "d": "appleIChatEncryption", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.4": { "d": "appleSystemIdentity", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.5": { "d": "appleCryptoEnv", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.5.1": { "d": "appleCryptoProductionEnv", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.5.2": { "d": "appleCryptoMaintenanceEnv", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.5.3": { "d": "appleCryptoTestEnv", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.5.4": { "d": "appleCryptoDevelopmentEnv", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.6": { "d": "appleCryptoQoS", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.6.1": { "d": "appleCryptoTier0QoS", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.6.2": { "d": "appleCryptoTier1QoS", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.6.3": { "d": "appleCryptoTier2QoS", "c": "Apple extended key usage" }, +"1.2.840.113635.100.4.6.4": { "d": "appleCryptoTier3QoS", "c": "Apple extended key usage" }, +"1.2.840.113635.100.5": { "d": "appleCertificatePolicies", "c": "Apple" }, +"1.2.840.113635.100.5.1": { "d": "appleCertificatePolicyID", "c": "Apple" }, +"1.2.840.113635.100.5.2": { "d": "appleDotMacCertificatePolicyID", "c": "Apple" }, +"1.2.840.113635.100.5.3": { "d": "appleADCCertificatePolicyID", "c": "Apple" }, +"1.2.840.113635.100.6": { "d": "appleCertificateExtensions", "c": "Apple" }, +"1.2.840.113635.100.6.1": { "d": "appleCertificateExtensionCodeSigning", "c": "Apple certificate extension" }, +"1.2.840.113635.100.6.1.1": { "d": "appleCertificateExtensionAppleSigning", "c": "Apple certificate extension" }, +"1.2.840.113635.100.6.1.2": { "d": "appleCertificateExtensionADCDeveloperSigning", "c": "Apple certificate extension" }, +"1.2.840.113635.100.6.1.3": { "d": "appleCertificateExtensionADCAppleSigning", "c": "Apple certificate extension" }, +"1.3.6.1.4.1.311.2.1.4": { "d": "spcIndirectDataContext", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.10": { "d": "spcAgencyInfo", "c": "Microsoft code signing. Also known as policyLink" }, +"1.3.6.1.4.1.311.2.1.11": { "d": "spcStatementType", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.12": { "d": "spcSpOpusInfo", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.14": { "d": "certReqExtensions", "c": "Microsoft" }, +"1.3.6.1.4.1.311.2.1.15": { "d": "spcPEImageData", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.18": { "d": "spcRawFileData", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.19": { "d": "spcStructuredStorageData", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.20": { "d": "spcJavaClassData (type 1)", "c": "Microsoft code signing. Formerly \"link extension\" aka \"glue extension\"" }, +"1.3.6.1.4.1.311.2.1.21": { "d": "individualCodeSigning", "c": "Microsoft" }, +"1.3.6.1.4.1.311.2.1.22": { "d": "commercialCodeSigning", "c": "Microsoft" }, +"1.3.6.1.4.1.311.2.1.25": { "d": "spcLink (type 2)", "c": "Microsoft code signing. Also known as \"glue extension\"" }, +"1.3.6.1.4.1.311.2.1.26": { "d": "spcMinimalCriteriaInfo", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.27": { "d": "spcFinancialCriteriaInfo", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.28": { "d": "spcLink (type 3)", "c": "Microsoft code signing. Also known as \"glue extension\"" }, +"1.3.6.1.4.1.311.2.1.29": { "d": "spcHashInfoObjID", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.1.30": { "d": "spcSipInfoObjID", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.2.2": { "d": "ctl", "c": "Microsoft CTL" }, +"1.3.6.1.4.1.311.2.2.1": { "d": "ctlTrustedCodesigningCAList", "c": "Microsoft CTL" }, +"1.3.6.1.4.1.311.2.2.2": { "d": "ctlTrustedClientAuthCAList", "c": "Microsoft CTL" }, +"1.3.6.1.4.1.311.2.2.3": { "d": "ctlTrustedServerAuthCAList", "c": "Microsoft CTL" }, +"1.3.6.1.4.1.311.3.2.1": { "d": "timestampRequest", "c": "Microsoft code signing" }, +"1.3.6.1.4.1.311.10.1": { "d": "certTrustList", "c": "Microsoft contentType" }, +"1.3.6.1.4.1.311.10.1.1": { "d": "sortedCtl", "c": "Microsoft contentType" }, +"1.3.6.1.4.1.311.10.2": { "d": "nextUpdateLocation", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.3.1": { "d": "certTrustListSigning", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.2": { "d": "timeStampSigning", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.3": { "d": "serverGatedCrypto", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.3.1": { "d": "serialized", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.3.4": { "d": "encryptedFileSystem", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.5": { "d": "whqlCrypto", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.6": { "d": "nt5Crypto", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.7": { "d": "oemWHQLCrypto", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.8": { "d": "embeddedNTCrypto", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.9": { "d": "rootListSigner", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.10": { "d": "qualifiedSubordination", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.11": { "d": "keyRecovery", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.12": { "d": "documentSigning", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.13": { "d": "lifetimeSigning", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.14": { "d": "mobileDeviceSoftware", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.15": { "d": "smartDisplay", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.16": { "d": "cspSignature", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.3.4.1": { "d": "efsRecovery", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.4.1": { "d": "yesnoTrustAttr", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.10.5.1": { "d": "drm", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.5.2": { "d": "drmIndividualization", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.6.1": { "d": "licenses", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.6.2": { "d": "licenseServer", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.10.7.1": { "d": "keyidRdn", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.10.8.1": { "d": "removeCertificate", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.10.9.1": { "d": "crossCertDistPoints", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.10.10.1": { "d": "cmcAddAttributes", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.11": { "d": "certPropIdPrefix", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.11.4": { "d": "certMd5HashPropId", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.11.20": { "d": "certKeyIdentifierPropId", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.11.28": { "d": "certIssuerSerialNumberMd5HashPropId", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.11.29": { "d": "certSubjectNameMd5HashPropId", "c": "Microsoft" }, +"1.3.6.1.4.1.311.10.12.1": { "d": "anyApplicationPolicy", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.12": { "d": "catalog", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.12.1.1": { "d": "catalogList", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.12.1.2": { "d": "catalogListMember", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.12.2.1": { "d": "catalogNameValueObjID", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.12.2.2": { "d": "catalogMemberInfoObjID", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.13.1": { "d": "renewalCertificate", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.13.2.1": { "d": "enrolmentNameValuePair", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.13.2.2": { "d": "enrolmentCSP", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.13.2.3": { "d": "osVersion", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.16.4": { "d": "microsoftRecipientInfo", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.17.1": { "d": "pkcs12KeyProviderNameAttr", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.17.2": { "d": "localMachineKeyset", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.17.3": { "d": "pkcs12ExtendedAttributes", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.20.1": { "d": "autoEnrollCtlUsage", "c": "Microsoft" }, +"1.3.6.1.4.1.311.20.2": { "d": "enrollCerttypeExtension", "c": "Microsoft CAPICOM certificate template, V1" }, +"1.3.6.1.4.1.311.20.2.1": { "d": "enrollmentAgent", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.20.2.2": { "d": "smartcardLogon", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.20.2.3": { "d": "universalPrincipalName", "c": "Microsoft UPN" }, +"1.3.6.1.4.1.311.20.3": { "d": "certManifold", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.1": { "d": "cAKeyCertIndexPair", "c": "Microsoft attribute. Also known as certsrvCaVersion" }, +"1.3.6.1.4.1.311.21.2": { "d": "certSrvPreviousCertHash", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.3": { "d": "crlVirtualBase", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.4": { "d": "crlNextPublish", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.5": { "d": "caExchange", "c": "Microsoft extended key usage", "w": true }, +"1.3.6.1.4.1.311.21.6": { "d": "keyRecovery", "c": "Microsoft extended key usage", "w": true }, +"1.3.6.1.4.1.311.21.7": { "d": "certificateTemplate", "c": "Microsoft CAPICOM certificate template, V2" }, +"1.3.6.1.4.1.311.21.9": { "d": "rdnDummySigner", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.10": { "d": "applicationCertPolicies", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.11": { "d": "applicationPolicyMappings", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.12": { "d": "applicationPolicyConstraints", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.13": { "d": "archivedKey", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.21.14": { "d": "crlSelfCDP", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.15": { "d": "requireCertChainPolicy", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.16": { "d": "archivedKeyCertHash", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.17": { "d": "issuedCertHash", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.19": { "d": "dsEmailReplication", "c": "Microsoft" }, +"1.3.6.1.4.1.311.21.20": { "d": "requestClientInfo", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.21.21": { "d": "encryptedKeyHash", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.21.22": { "d": "certsrvCrossCaVersion", "c": "Microsoft" }, +"1.3.6.1.4.1.311.25.1": { "d": "ntdsReplication", "c": "Microsoft" }, +"1.3.6.1.4.1.311.31.1": { "d": "productUpdate", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.47.1.1": { "d": "systemHealth", "c": "Microsoft extended key usage" }, +"1.3.6.1.4.1.311.47.1.3": { "d": "systemHealthLoophole", "c": "Microsoft extended key usage" }, +"1.3.6.1.4.1.311.60.1.1": { "d": "rootProgramFlags", "c": "Microsoft policy attribute" }, +"1.3.6.1.4.1.311.61.1.1": { "d": "kernelModeCodeSigning", "c": "Microsoft enhanced key usage" }, +"1.3.6.1.4.1.311.60.2.1.1": { "d": "jurisdictionOfIncorporationL", "c": "Microsoft (???)" }, +"1.3.6.1.4.1.311.60.2.1.2": { "d": "jurisdictionOfIncorporationSP", "c": "Microsoft (???)" }, +"1.3.6.1.4.1.311.60.2.1.3": { "d": "jurisdictionOfIncorporationC", "c": "Microsoft (???)" }, +"1.3.6.1.4.1.311.88": { "d": "capiCom", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.88.1": { "d": "capiComVersion", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.88.2": { "d": "capiComAttribute", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.88.2.1": { "d": "capiComDocumentName", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.88.2.2": { "d": "capiComDocumentDescription", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.88.3": { "d": "capiComEncryptedData", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.311.88.3.1": { "d": "capiComEncryptedContent", "c": "Microsoft attribute" }, +"1.3.6.1.4.1.188.7.1.1": { "d": "ascom", "c": "Ascom Systech" }, +"1.3.6.1.4.1.188.7.1.1.1": { "d": "ideaECB", "c": "Ascom Systech" }, +"1.3.6.1.4.1.188.7.1.1.2": { "d": "ideaCBC", "c": "Ascom Systech" }, +"1.3.6.1.4.1.188.7.1.1.3": { "d": "ideaCFB", "c": "Ascom Systech" }, +"1.3.6.1.4.1.188.7.1.1.4": { "d": "ideaOFB", "c": "Ascom Systech" }, +"1.3.6.1.4.1.2428.10.1.1": { "d": "UNINETT policyIdentifier", "c": "UNINETT PCA" }, +"1.3.6.1.4.1.2712.10": { "d": "ICE-TEL policyIdentifier", "c": "ICE-TEL CA" }, +"1.3.6.1.4.1.2786.1.1.1": { "d": "ICE-TEL Italian policyIdentifier", "c": "ICE-TEL CA policy" }, +"1.3.6.1.4.1.3029.1.1.1": { "d": "blowfishECB", "c": "cryptlib encryption algorithm" }, +"1.3.6.1.4.1.3029.1.1.2": { "d": "blowfishCBC", "c": "cryptlib encryption algorithm" }, +"1.3.6.1.4.1.3029.1.1.3": { "d": "blowfishCFB", "c": "cryptlib encryption algorithm" }, +"1.3.6.1.4.1.3029.1.1.4": { "d": "blowfishOFB", "c": "cryptlib encryption algorithm" }, +"1.3.6.1.4.1.3029.1.2.1": { "d": "elgamal", "c": "cryptlib public-key algorithm" }, +"1.3.6.1.4.1.3029.1.2.1.1": { "d": "elgamalWithSHA-1", "c": "cryptlib public-key algorithm" }, +"1.3.6.1.4.1.3029.1.2.1.2": { "d": "elgamalWithRIPEMD-160", "c": "cryptlib public-key algorithm" }, +"1.3.6.1.4.1.3029.3.1.1": { "d": "cryptlibPresenceCheck", "c": "cryptlib attribute type" }, +"1.3.6.1.4.1.3029.3.1.2": { "d": "pkiBoot", "c": "cryptlib attribute type" }, +"1.3.6.1.4.1.3029.3.1.4": { "d": "crlExtReason", "c": "cryptlib attribute type" }, +"1.3.6.1.4.1.3029.3.1.5": { "d": "keyFeatures", "c": "cryptlib attribute type" }, +"1.3.6.1.4.1.3029.4.1": { "d": "cryptlibContent", "c": "cryptlib" }, +"1.3.6.1.4.1.3029.4.1.1": { "d": "cryptlibConfigData", "c": "cryptlib content type" }, +"1.3.6.1.4.1.3029.4.1.2": { "d": "cryptlibUserIndex", "c": "cryptlib content type" }, +"1.3.6.1.4.1.3029.4.1.3": { "d": "cryptlibUserInfo", "c": "cryptlib content type" }, +"1.3.6.1.4.1.3029.4.1.4": { "d": "rtcsRequest", "c": "cryptlib content type" }, +"1.3.6.1.4.1.3029.4.1.5": { "d": "rtcsResponse", "c": "cryptlib content type" }, +"1.3.6.1.4.1.3029.4.1.6": { "d": "rtcsResponseExt", "c": "cryptlib content type" }, +"1.3.6.1.4.1.3029.42.11172.1": { "d": "mpeg-1", "c": "cryptlib special MPEG-of-cat OID" }, +"1.3.6.1.4.1.3029.54.11940.54": { "d": "TSA policy \"Anything that arrives, we sign\"", "c": "cryptlib TSA policy" }, +"1.3.6.1.4.1.3029.88.89.90.90.89": { "d": "xYZZY policyIdentifier", "c": "cryptlib certificate policy" }, +"1.3.6.1.4.1.3401.8.1.1": { "d": "pgpExtension", "c": "PGP key information" }, +"1.3.6.1.4.1.3576.7": { "d": "eciaAscX12Edi", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.3576.7.1": { "d": "plainEDImessage", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.3576.7.2": { "d": "signedEDImessage", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.3576.7.5": { "d": "integrityEDImessage", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.3576.7.65": { "d": "iaReceiptMessage", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.3576.7.97": { "d": "iaStatusMessage", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.3576.8": { "d": "eciaEdifact", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.3576.9": { "d": "eciaNonEdi", "c": "TMN EDI for Interactive Agents" }, +"1.3.6.1.4.1.4146": { "d": "Globalsign", "c": "Globalsign" }, +"1.3.6.1.4.1.4146.1": { "d": "globalsignPolicy", "c": "Globalsign" }, +"1.3.6.1.4.1.4146.1.10": { "d": "globalsignDVPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.20": { "d": "globalsignOVPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.30": { "d": "globalsignTSAPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.40": { "d": "globalsignClientCertPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.50": { "d": "globalsignCodeSignPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.60": { "d": "globalsignRootSignPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.70": { "d": "globalsignTrustedRootPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.80": { "d": "globalsignEDIClientPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.81": { "d": "globalsignEDIServerPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.90": { "d": "globalsignTPMRootPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.4146.1.95": { "d": "globalsignOCSPPolicy", "c": "Globalsign policy" }, +"1.3.6.1.4.1.5309.1": { "d": "edelWebPolicy", "c": "EdelWeb policy" }, +"1.3.6.1.4.1.5309.1.2": { "d": "edelWebCustomerPolicy", "c": "EdelWeb policy" }, +"1.3.6.1.4.1.5309.1.2.1": { "d": "edelWebClepsydrePolicy", "c": "EdelWeb policy" }, +"1.3.6.1.4.1.5309.1.2.2": { "d": "edelWebExperimentalTSAPolicy", "c": "EdelWeb policy" }, +"1.3.6.1.4.1.5309.1.2.3": { "d": "edelWebOpenEvidenceTSAPolicy", "c": "EdelWeb policy" }, +"1.3.6.1.4.1.5472": { "d": "timeproof", "c": "enterprise" }, +"1.3.6.1.4.1.5472.1": { "d": "tss", "c": "timeproof" }, +"1.3.6.1.4.1.5472.1.1": { "d": "tss80", "c": "timeproof TSS" }, +"1.3.6.1.4.1.5472.1.2": { "d": "tss380", "c": "timeproof TSS" }, +"1.3.6.1.4.1.5472.1.3": { "d": "tss400", "c": "timeproof TSS" }, +"1.3.6.1.4.1.5770.0.3": { "d": "secondaryPractices", "c": "MEDePass" }, +"1.3.6.1.4.1.5770.0.4": { "d": "physicianIdentifiers", "c": "MEDePass" }, +"1.3.6.1.4.1.6449.1.2.1.3.1": { "d": "comodoPolicy", "c": "Comodo CA" }, +"1.3.6.1.4.1.6449.1.2.2.15": { "d": "wotrustPolicy", "c": "WoTrust (Comodo) CA" }, +"1.3.6.1.4.1.6449.1.3.5.2": { "d": "comodoCertifiedDeliveryService", "c": "Comodo CA" }, +"1.3.6.1.4.1.6449.2.1.1": { "d": "comodoTimestampingPolicy", "c": "Comodo CA" }, +"1.3.6.1.4.1.8301.3.5.1": { "d": "validityModelChain", "c": "TU Darmstadt ValidityModel" }, +"1.3.6.1.4.1.8301.3.5.2": { "d": "validityModelShell", "c": "ValidityModel" }, +"1.3.6.1.4.1.8231.1": { "d": "rolUnicoNacional", "c": "Chilean Government national unique roll number" }, +"1.3.6.1.4.1.11591": { "d": "gnu", "c": "GNU Project (see http://www.gnupg.org/oids.html)" }, +"1.3.6.1.4.1.11591.1": { "d": "gnuRadius", "c": "GNU Radius" }, +"1.3.6.1.4.1.11591.3": { "d": "gnuRadar", "c": "GNU Radar" }, +"1.3.6.1.4.1.11591.12": { "d": "gnuDigestAlgorithm", "c": "GNU digest algorithm" }, +"1.3.6.1.4.1.11591.12.2": { "d": "tiger", "c": "GNU digest algorithm" }, +"1.3.6.1.4.1.11591.13": { "d": "gnuEncryptionAlgorithm", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2": { "d": "serpent", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.1": { "d": "serpent128_ECB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.2": { "d": "serpent128_CBC", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.3": { "d": "serpent128_OFB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.4": { "d": "serpent128_CFB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.21": { "d": "serpent192_ECB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.22": { "d": "serpent192_CBC", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.23": { "d": "serpent192_OFB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.24": { "d": "serpent192_CFB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.41": { "d": "serpent256_ECB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.42": { "d": "serpent256_CBC", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.43": { "d": "serpent256_OFB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.13.2.44": { "d": "serpent256_CFB", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.15.1": { "d": "curve25519", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.15.2": { "d": "curve448", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.15.3": { "d": "curve25519ph", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.11591.15.4": { "d": "curve448ph", "c": "GNU encryption algorithm" }, +"1.3.6.1.4.1.16334.509.1.1": { "d": "Northrop Grumman extKeyUsage?", "c": "Northrop Grumman extended key usage" }, +"1.3.6.1.4.1.16334.509.2.1": { "d": "ngcClass1", "c": "Northrop Grumman policy" }, +"1.3.6.1.4.1.16334.509.2.2": { "d": "ngcClass2", "c": "Northrop Grumman policy" }, +"1.3.6.1.4.1.16334.509.2.3": { "d": "ngcClass3", "c": "Northrop Grumman policy" }, +"1.3.6.1.4.1.23629.1.4.2.1.1": { "d": "safenetUsageLimit", "c": "SafeNet" }, +"1.3.6.1.4.1.23629.1.4.2.1.2": { "d": "safenetEndDate", "c": "SafeNet" }, +"1.3.6.1.4.1.23629.1.4.2.1.3": { "d": "safenetStartDate", "c": "SafeNet" }, +"1.3.6.1.4.1.23629.1.4.2.1.4": { "d": "safenetAdminCert", "c": "SafeNet" }, +"1.3.6.1.4.1.23629.1.4.2.2.1": { "d": "safenetKeyDigest", "c": "SafeNet" }, +"1.3.6.1.5.5.7": { "d": "pkix", "c": "" }, +"1.3.6.1.5.5.7.0.12": { "d": "attributeCert", "c": "PKIX" }, +"1.3.6.1.5.5.7.1": { "d": "privateExtension", "c": "PKIX" }, +"1.3.6.1.5.5.7.1.1": { "d": "authorityInfoAccess", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.2": { "d": "biometricInfo", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.3": { "d": "qcStatements", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.4": { "d": "acAuditIdentity", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.5": { "d": "acTargeting", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.6": { "d": "acAaControls", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.7": { "d": "ipAddrBlocks", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.8": { "d": "autonomousSysIds", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.9": { "d": "routerIdentifier", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.10": { "d": "acProxying", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.11": { "d": "subjectInfoAccess", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.12": { "d": "logoType", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.1.13": { "d": "wlanSSID", "c": "PKIX private extension" }, +"1.3.6.1.5.5.7.2": { "d": "policyQualifierIds", "c": "PKIX" }, +"1.3.6.1.5.5.7.2.1": { "d": "cps", "c": "PKIX policy qualifier" }, +"1.3.6.1.5.5.7.2.2": { "d": "unotice", "c": "PKIX policy qualifier" }, +"1.3.6.1.5.5.7.2.3": { "d": "textNotice", "c": "PKIX policy qualifier" }, +"1.3.6.1.5.5.7.3": { "d": "keyPurpose", "c": "PKIX" }, +"1.3.6.1.5.5.7.3.1": { "d": "serverAuth", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.2": { "d": "clientAuth", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.3": { "d": "codeSigning", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.4": { "d": "emailProtection", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.5": { "d": "ipsecEndSystem", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.6": { "d": "ipsecTunnel", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.7": { "d": "ipsecUser", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.8": { "d": "timeStamping", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.9": { "d": "ocspSigning", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.10": { "d": "dvcs", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.11": { "d": "sbgpCertAAServerAuth", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.13": { "d": "eapOverPPP", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.3.14": { "d": "eapOverLAN", "c": "PKIX key purpose" }, +"1.3.6.1.5.5.7.4": { "d": "cmpInformationTypes", "c": "PKIX" }, +"1.3.6.1.5.5.7.4.1": { "d": "caProtEncCert", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.2": { "d": "signKeyPairTypes", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.3": { "d": "encKeyPairTypes", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.4": { "d": "preferredSymmAlg", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.5": { "d": "caKeyUpdateInfo", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.6": { "d": "currentCRL", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.7": { "d": "unsupportedOIDs", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.10": { "d": "keyPairParamReq", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.11": { "d": "keyPairParamRep", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.12": { "d": "revPassphrase", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.13": { "d": "implicitConfirm", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.14": { "d": "confirmWaitTime", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.15": { "d": "origPKIMessage", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.4.16": { "d": "suppLangTags", "c": "PKIX CMP information" }, +"1.3.6.1.5.5.7.5": { "d": "crmfRegistration", "c": "PKIX" }, +"1.3.6.1.5.5.7.5.1": { "d": "regCtrl", "c": "PKIX CRMF registration" }, +"1.3.6.1.5.5.7.5.1.1": { "d": "regToken", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.1.2": { "d": "authenticator", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.1.3": { "d": "pkiPublicationInfo", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.1.4": { "d": "pkiArchiveOptions", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.1.5": { "d": "oldCertID", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.1.6": { "d": "protocolEncrKey", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.1.7": { "d": "altCertTemplate", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.1.8": { "d": "wtlsTemplate", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.2": { "d": "utf8Pairs", "c": "PKIX CRMF registration" }, +"1.3.6.1.5.5.7.5.2.1": { "d": "utf8Pairs", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.5.2.2": { "d": "certReq", "c": "PKIX CRMF registration control" }, +"1.3.6.1.5.5.7.6": { "d": "algorithms", "c": "PKIX" }, +"1.3.6.1.5.5.7.6.1": { "d": "des40", "c": "PKIX algorithm" }, +"1.3.6.1.5.5.7.6.2": { "d": "noSignature", "c": "PKIX algorithm" }, +"1.3.6.1.5.5.7.6.3": { "d": "dh-sig-hmac-sha1", "c": "PKIX algorithm" }, +"1.3.6.1.5.5.7.6.4": { "d": "dh-pop", "c": "PKIX algorithm" }, +"1.3.6.1.5.5.7.7": { "d": "cmcControls", "c": "PKIX" }, +"1.3.6.1.5.5.7.8": { "d": "otherNames", "c": "PKIX" }, +"1.3.6.1.5.5.7.8.1": { "d": "personalData", "c": "PKIX other name" }, +"1.3.6.1.5.5.7.8.2": { "d": "userGroup", "c": "PKIX other name" }, +"1.3.6.1.5.5.7.8.5": { "d": "xmppAddr", "c": "PKIX other name" }, +"1.3.6.1.5.5.7.9": { "d": "personalData", "c": "PKIX qualified certificates" }, +"1.3.6.1.5.5.7.9.1": { "d": "dateOfBirth", "c": "PKIX personal data" }, +"1.3.6.1.5.5.7.9.2": { "d": "placeOfBirth", "c": "PKIX personal data" }, +"1.3.6.1.5.5.7.9.3": { "d": "gender", "c": "PKIX personal data" }, +"1.3.6.1.5.5.7.9.4": { "d": "countryOfCitizenship", "c": "PKIX personal data" }, +"1.3.6.1.5.5.7.9.5": { "d": "countryOfResidence", "c": "PKIX personal data" }, +"1.3.6.1.5.5.7.10": { "d": "attributeCertificate", "c": "PKIX" }, +"1.3.6.1.5.5.7.10.1": { "d": "authenticationInfo", "c": "PKIX attribute certificate extension" }, +"1.3.6.1.5.5.7.10.2": { "d": "accessIdentity", "c": "PKIX attribute certificate extension" }, +"1.3.6.1.5.5.7.10.3": { "d": "chargingIdentity", "c": "PKIX attribute certificate extension" }, +"1.3.6.1.5.5.7.10.4": { "d": "group", "c": "PKIX attribute certificate extension" }, +"1.3.6.1.5.5.7.10.5": { "d": "role", "c": "PKIX attribute certificate extension" }, +"1.3.6.1.5.5.7.10.6": { "d": "wlanSSID", "c": "PKIX attribute-certificate extension" }, +"1.3.6.1.5.5.7.11": { "d": "personalData", "c": "PKIX qualified certificates" }, +"1.3.6.1.5.5.7.11.1": { "d": "pkixQCSyntax-v1", "c": "PKIX qualified certificates" }, +"1.3.6.1.5.5.7.14.2": { "d": "resourceCertificatePolicy", "c": "PKIX policies" }, +"1.3.6.1.5.5.7.20": { "d": "logo", "c": "PKIX qualified certificates" }, +"1.3.6.1.5.5.7.20.1": { "d": "logoLoyalty", "c": "PKIX" }, +"1.3.6.1.5.5.7.20.2": { "d": "logoBackground", "c": "PKIX" }, +"1.3.6.1.5.5.7.48.1": { "d": "ocsp", "c": "PKIX" }, +"1.3.6.1.5.5.7.48.1.1": { "d": "ocspBasic", "c": "OCSP" }, +"1.3.6.1.5.5.7.48.1.2": { "d": "ocspNonce", "c": "OCSP" }, +"1.3.6.1.5.5.7.48.1.3": { "d": "ocspCRL", "c": "OCSP" }, +"1.3.6.1.5.5.7.48.1.4": { "d": "ocspResponse", "c": "OCSP" }, +"1.3.6.1.5.5.7.48.1.5": { "d": "ocspNoCheck", "c": "OCSP" }, +"1.3.6.1.5.5.7.48.1.6": { "d": "ocspArchiveCutoff", "c": "OCSP" }, +"1.3.6.1.5.5.7.48.1.7": { "d": "ocspServiceLocator", "c": "OCSP" }, +"1.3.6.1.5.5.7.48.2": { "d": "caIssuers", "c": "PKIX subject/authority info access descriptor" }, +"1.3.6.1.5.5.7.48.3": { "d": "timeStamping", "c": "PKIX subject/authority info access descriptor" }, +"1.3.6.1.5.5.7.48.4": { "d": "dvcs", "c": "PKIX subject/authority info access descriptor" }, +"1.3.6.1.5.5.7.48.5": { "d": "caRepository", "c": "PKIX subject/authority info access descriptor" }, +"1.3.6.1.5.5.7.48.7": { "d": "signedObjectRepository", "c": "PKIX subject/authority info access descriptor" }, +"1.3.6.1.5.5.7.48.10": { "d": "rpkiManifest", "c": "PKIX subject/authority info access descriptor" }, +"1.3.6.1.5.5.7.48.11": { "d": "signedObject", "c": "PKIX subject/authority info access descriptor" }, +"1.3.6.1.5.5.8.1.1": { "d": "hmacMD5", "c": "ISAKMP HMAC algorithm" }, +"1.3.6.1.5.5.8.1.2": { "d": "hmacSHA", "c": "ISAKMP HMAC algorithm" }, +"1.3.6.1.5.5.8.1.3": { "d": "hmacTiger", "c": "ISAKMP HMAC algorithm" }, +"1.3.6.1.5.5.8.2.2": { "d": "iKEIntermediate", "c": "IKE ???" }, +"1.3.12.2.1011.7.1": { "d": "decEncryptionAlgorithm", "c": "DASS algorithm" }, +"1.3.12.2.1011.7.1.2": { "d": "decDEA", "c": "DASS encryption algorithm" }, +"1.3.12.2.1011.7.2": { "d": "decHashAlgorithm", "c": "DASS algorithm" }, +"1.3.12.2.1011.7.2.1": { "d": "decMD2", "c": "DASS hash algorithm" }, +"1.3.12.2.1011.7.2.2": { "d": "decMD4", "c": "DASS hash algorithm" }, +"1.3.12.2.1011.7.3": { "d": "decSignatureAlgorithm", "c": "DASS algorithm" }, +"1.3.12.2.1011.7.3.1": { "d": "decMD2withRSA", "c": "DASS signature algorithm" }, +"1.3.12.2.1011.7.3.2": { "d": "decMD4withRSA", "c": "DASS signature algorithm" }, +"1.3.12.2.1011.7.3.3": { "d": "decDEAMAC", "c": "DASS signature algorithm" }, +"1.3.14.2.26.5": { "d": "sha", "c": "Unsure about this OID" }, +"1.3.14.3.2.1.1": { "d": "rsa", "c": "X.509. Unsure about this OID" }, +"1.3.14.3.2.2": { "d": "md4WitRSA", "c": "Oddball OIW OID" }, +"1.3.14.3.2.3": { "d": "md5WithRSA", "c": "Oddball OIW OID" }, +"1.3.14.3.2.4": { "d": "md4WithRSAEncryption", "c": "Oddball OIW OID" }, +"1.3.14.3.2.2.1": { "d": "sqmod-N", "c": "X.509. Deprecated", "w": true }, +"1.3.14.3.2.3.1": { "d": "sqmod-NwithRSA", "c": "X.509. Deprecated", "w": true }, +"1.3.14.3.2.6": { "d": "desECB", "c": "" }, +"1.3.14.3.2.7": { "d": "desCBC", "c": "" }, +"1.3.14.3.2.8": { "d": "desOFB", "c": "" }, +"1.3.14.3.2.9": { "d": "desCFB", "c": "" }, +"1.3.14.3.2.10": { "d": "desMAC", "c": "" }, +"1.3.14.3.2.11": { "d": "rsaSignature", "c": "ISO 9796-2, also X9.31 Part 1" }, +"1.3.14.3.2.12": { "d": "dsa", "c": "OIW?, supposedly from an incomplete version of SDN.701 (doesn't match final SDN.701)", "w": true }, +"1.3.14.3.2.13": { "d": "dsaWithSHA", "c": "Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27)", "w": true }, +"1.3.14.3.2.14": { "d": "mdc2WithRSASignature", "c": "Oddball OIW OID using 9796-2 padding rules" }, +"1.3.14.3.2.15": { "d": "shaWithRSASignature", "c": "Oddball OIW OID using 9796-2 padding rules" }, +"1.3.14.3.2.16": { "d": "dhWithCommonModulus", "c": "Oddball OIW OID. Deprecated, use a plain DH OID instead", "w": true }, +"1.3.14.3.2.17": { "d": "desEDE", "c": "Oddball OIW OID. Mode is ECB" }, +"1.3.14.3.2.18": { "d": "sha", "c": "Oddball OIW OID" }, +"1.3.14.3.2.19": { "d": "mdc-2", "c": "Oddball OIW OID, DES-based hash, planned for X9.31 Part 2" }, +"1.3.14.3.2.20": { "d": "dsaCommon", "c": "Oddball OIW OID. Deprecated, use a plain DSA OID instead", "w": true }, +"1.3.14.3.2.21": { "d": "dsaCommonWithSHA", "c": "Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead", "w": true }, +"1.3.14.3.2.22": { "d": "rsaKeyTransport", "c": "Oddball OIW OID" }, +"1.3.14.3.2.23": { "d": "keyed-hash-seal", "c": "Oddball OIW OID" }, +"1.3.14.3.2.24": { "d": "md2WithRSASignature", "c": "Oddball OIW OID using 9796-2 padding rules" }, +"1.3.14.3.2.25": { "d": "md5WithRSASignature", "c": "Oddball OIW OID using 9796-2 padding rules" }, +"1.3.14.3.2.26": { "d": "sha1", "c": "OIW" }, +"1.3.14.3.2.27": { "d": "dsaWithSHA1", "c": "OIW. This OID may also be assigned as ripemd-160" }, +"1.3.14.3.2.28": { "d": "dsaWithCommonSHA1", "c": "OIW" }, +"1.3.14.3.2.29": { "d": "sha-1WithRSAEncryption", "c": "Oddball OIW OID" }, +"1.3.14.3.3.1": { "d": "simple-strong-auth-mechanism", "c": "Oddball OIW OID" }, +"1.3.14.7.2.1.1": { "d": "ElGamal", "c": "Unsure about this OID" }, +"1.3.14.7.2.3.1": { "d": "md2WithRSA", "c": "Unsure about this OID" }, +"1.3.14.7.2.3.2": { "d": "md2WithElGamal", "c": "Unsure about this OID" }, +"1.3.36.1": { "d": "document", "c": "Teletrust document" }, +"1.3.36.1.1": { "d": "finalVersion", "c": "Teletrust document" }, +"1.3.36.1.2": { "d": "draft", "c": "Teletrust document" }, +"1.3.36.2": { "d": "sio", "c": "Teletrust sio" }, +"1.3.36.2.1": { "d": "sedu", "c": "Teletrust sio" }, +"1.3.36.3": { "d": "algorithm", "c": "Teletrust algorithm" }, +"1.3.36.3.1": { "d": "encryptionAlgorithm", "c": "Teletrust algorithm" }, +"1.3.36.3.1.1": { "d": "des", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.1.1": { "d": "desECB_pad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.1.1.1": { "d": "desECB_ISOpad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.1.2.1": { "d": "desCBC_pad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.1.2.1.1": { "d": "desCBC_ISOpad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.3": { "d": "des_3", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.3.1.1": { "d": "des_3ECB_pad", "c": "Teletrust encryption algorithm. EDE triple DES" }, +"1.3.36.3.1.3.1.1.1": { "d": "des_3ECB_ISOpad", "c": "Teletrust encryption algorithm. EDE triple DES" }, +"1.3.36.3.1.3.2.1": { "d": "des_3CBC_pad", "c": "Teletrust encryption algorithm. EDE triple DES" }, +"1.3.36.3.1.3.2.1.1": { "d": "des_3CBC_ISOpad", "c": "Teletrust encryption algorithm. EDE triple DES" }, +"1.3.36.3.1.2": { "d": "idea", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.1": { "d": "ideaECB", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.1.1": { "d": "ideaECB_pad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.1.1.1": { "d": "ideaECB_ISOpad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.2": { "d": "ideaCBC", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.2.1": { "d": "ideaCBC_pad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.2.1.1": { "d": "ideaCBC_ISOpad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.3": { "d": "ideaOFB", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.2.4": { "d": "ideaCFB", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.4": { "d": "rsaEncryption", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.4.512.17": { "d": "rsaEncryptionWithlmod512expe17", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.5": { "d": "bsi-1", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.5.1": { "d": "bsi_1ECB_pad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.5.2": { "d": "bsi_1CBC_pad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.1.5.2.1": { "d": "bsi_1CBC_PEMpad", "c": "Teletrust encryption algorithm" }, +"1.3.36.3.2": { "d": "hashAlgorithm", "c": "Teletrust algorithm" }, +"1.3.36.3.2.1": { "d": "ripemd160", "c": "Teletrust hash algorithm" }, +"1.3.36.3.2.2": { "d": "ripemd128", "c": "Teletrust hash algorithm" }, +"1.3.36.3.2.3": { "d": "ripemd256", "c": "Teletrust hash algorithm" }, +"1.3.36.3.2.4": { "d": "mdc2singleLength", "c": "Teletrust hash algorithm" }, +"1.3.36.3.2.5": { "d": "mdc2doubleLength", "c": "Teletrust hash algorithm" }, +"1.3.36.3.3": { "d": "signatureAlgorithm", "c": "Teletrust algorithm" }, +"1.3.36.3.3.1": { "d": "rsaSignature", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.1.1": { "d": "rsaSignatureWithsha1", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.1.1.1024.11": { "d": "rsaSignatureWithsha1_l1024_l11", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.1.2": { "d": "rsaSignatureWithripemd160", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.1.2.1024.11": { "d": "rsaSignatureWithripemd160_l1024_l11", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.1.3": { "d": "rsaSignatureWithrimpemd128", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.1.4": { "d": "rsaSignatureWithrimpemd256", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.2": { "d": "ecsieSign", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.2.1": { "d": "ecsieSignWithsha1", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.2.2": { "d": "ecsieSignWithripemd160", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.2.3": { "d": "ecsieSignWithmd2", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.2.4": { "d": "ecsieSignWithmd5", "c": "Teletrust signature algorithm" }, +"1.3.36.3.3.2.8.1.1.1": { "d": "brainpoolP160r1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.2": { "d": "brainpoolP160t1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.3": { "d": "brainpoolP192r1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.4": { "d": "brainpoolP192t1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.5": { "d": "brainpoolP224r1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.6": { "d": "brainpoolP224t1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.7": { "d": "brainpoolP256r1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.8": { "d": "brainpoolP256t1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.9": { "d": "brainpoolP320r1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.10": { "d": "brainpoolP320t1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.11": { "d": "brainpoolP384r1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.12": { "d": "brainpoolP384t1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.13": { "d": "brainpoolP512r1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.3.2.8.1.1.14": { "d": "brainpoolP512t1", "c": "ECC Brainpool Standard Curves and Curve Generation" }, +"1.3.36.3.4": { "d": "signatureScheme", "c": "Teletrust algorithm" }, +"1.3.36.3.4.1": { "d": "sigS_ISO9796-1", "c": "Teletrust signature scheme" }, +"1.3.36.3.4.2": { "d": "sigS_ISO9796-2", "c": "Teletrust signature scheme" }, +"1.3.36.3.4.2.1": { "d": "sigS_ISO9796-2Withred", "c": "Teletrust signature scheme. Unsure what this is supposed to be" }, +"1.3.36.3.4.2.2": { "d": "sigS_ISO9796-2Withrsa", "c": "Teletrust signature scheme. Unsure what this is supposed to be" }, +"1.3.36.3.4.2.3": { "d": "sigS_ISO9796-2Withrnd", "c": "Teletrust signature scheme. 9796-2 with random number in padding field" }, +"1.3.36.4": { "d": "attribute", "c": "Teletrust attribute" }, +"1.3.36.5": { "d": "policy", "c": "Teletrust policy" }, +"1.3.36.6": { "d": "api", "c": "Teletrust API" }, +"1.3.36.6.1": { "d": "manufacturer-specific_api", "c": "Teletrust API" }, +"1.3.36.6.1.1": { "d": "utimaco-api", "c": "Teletrust API" }, +"1.3.36.6.2": { "d": "functionality-specific_api", "c": "Teletrust API" }, +"1.3.36.7": { "d": "keymgmnt", "c": "Teletrust key management" }, +"1.3.36.7.1": { "d": "keyagree", "c": "Teletrust key management" }, +"1.3.36.7.1.1": { "d": "bsiPKE", "c": "Teletrust key management" }, +"1.3.36.7.2": { "d": "keytrans", "c": "Teletrust key management" }, +"1.3.36.7.2.1": { "d": "encISO9796-2Withrsa", "c": "Teletrust key management. 9796-2 with key stored in hash field" }, +"1.3.36.8.1.1": { "d": "Teletrust SigGConform policyIdentifier", "c": "Teletrust policy" }, +"1.3.36.8.2.1": { "d": "directoryService", "c": "Teletrust extended key usage" }, +"1.3.36.8.3.1": { "d": "dateOfCertGen", "c": "Teletrust attribute" }, +"1.3.36.8.3.2": { "d": "procuration", "c": "Teletrust attribute" }, +"1.3.36.8.3.3": { "d": "admission", "c": "Teletrust attribute" }, +"1.3.36.8.3.4": { "d": "monetaryLimit", "c": "Teletrust attribute" }, +"1.3.36.8.3.5": { "d": "declarationOfMajority", "c": "Teletrust attribute" }, +"1.3.36.8.3.6": { "d": "integratedCircuitCardSerialNumber", "c": "Teletrust attribute" }, +"1.3.36.8.3.7": { "d": "pKReference", "c": "Teletrust attribute" }, +"1.3.36.8.3.8": { "d": "restriction", "c": "Teletrust attribute" }, +"1.3.36.8.3.9": { "d": "retrieveIfAllowed", "c": "Teletrust attribute" }, +"1.3.36.8.3.10": { "d": "requestedCertificate", "c": "Teletrust attribute" }, +"1.3.36.8.3.11": { "d": "namingAuthorities", "c": "Teletrust attribute" }, +"1.3.36.8.3.11.1": { "d": "rechtWirtschaftSteuern", "c": "Teletrust naming authorities" }, +"1.3.36.8.3.11.1.1": { "d": "rechtsanwaeltin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.2": { "d": "rechtsanwalt", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.3": { "d": "rechtsBeistand", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.4": { "d": "steuerBeraterin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.5": { "d": "steuerBerater", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.6": { "d": "steuerBevollmaechtigte", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.7": { "d": "steuerBevollmaechtigter", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.8": { "d": "notarin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.9": { "d": "notar", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.10": { "d": "notarVertreterin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.11": { "d": "notarVertreter", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.12": { "d": "notariatsVerwalterin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.13": { "d": "notariatsVerwalter", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.14": { "d": "wirtschaftsPrueferin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.15": { "d": "wirtschaftsPruefer", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.16": { "d": "vereidigteBuchprueferin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.17": { "d": "vereidigterBuchpruefer", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.18": { "d": "patentAnwaeltin", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.11.1.19": { "d": "patentAnwalt", "c": "Teletrust ProfessionInfo" }, +"1.3.36.8.3.12": { "d": "certInDirSince", "c": "Teletrust OCSP attribute (obsolete)", "w": true }, +"1.3.36.8.3.13": { "d": "certHash", "c": "Teletrust OCSP attribute" }, +"1.3.36.8.3.14": { "d": "nameAtBirth", "c": "Teletrust attribute" }, +"1.3.36.8.3.15": { "d": "additionalInformation", "c": "Teletrust attribute" }, +"1.3.36.8.4.1": { "d": "personalData", "c": "Teletrust OtherName attribute" }, +"1.3.36.8.4.8": { "d": "restriction", "c": "Teletrust attribute certificate attribute" }, +"1.3.36.8.5.1.1.1": { "d": "rsaIndicateSHA1", "c": "Teletrust signature algorithm" }, +"1.3.36.8.5.1.1.2": { "d": "rsaIndicateRIPEMD160", "c": "Teletrust signature algorithm" }, +"1.3.36.8.5.1.1.3": { "d": "rsaWithSHA1", "c": "Teletrust signature algorithm" }, +"1.3.36.8.5.1.1.4": { "d": "rsaWithRIPEMD160", "c": "Teletrust signature algorithm" }, +"1.3.36.8.5.1.2.1": { "d": "dsaExtended", "c": "Teletrust signature algorithm" }, +"1.3.36.8.5.1.2.2": { "d": "dsaWithRIPEMD160", "c": "Teletrust signature algorithm" }, +"1.3.36.8.6.1": { "d": "cert", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.2": { "d": "certRef", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.3": { "d": "attrCert", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.4": { "d": "attrRef", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.5": { "d": "fileName", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.6": { "d": "storageTime", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.7": { "d": "fileSize", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.8": { "d": "location", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.9": { "d": "sigNumber", "c": "Teletrust signature attributes" }, +"1.3.36.8.6.10": { "d": "autoGen", "c": "Teletrust signature attributes" }, +"1.3.36.8.7.1.1": { "d": "ptAdobeILL", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.2": { "d": "ptAmiPro", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.3": { "d": "ptAutoCAD", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.4": { "d": "ptBinary", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.5": { "d": "ptBMP", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.6": { "d": "ptCGM", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.7": { "d": "ptCorelCRT", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.8": { "d": "ptCorelDRW", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.9": { "d": "ptCorelEXC", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.10": { "d": "ptCorelPHT", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.11": { "d": "ptDraw", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.12": { "d": "ptDVI", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.13": { "d": "ptEPS", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.14": { "d": "ptExcel", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.15": { "d": "ptGEM", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.16": { "d": "ptGIF", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.17": { "d": "ptHPGL", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.18": { "d": "ptJPEG", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.19": { "d": "ptKodak", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.20": { "d": "ptLaTeX", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.21": { "d": "ptLotus", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.22": { "d": "ptLotusPIC", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.23": { "d": "ptMacPICT", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.24": { "d": "ptMacWord", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.25": { "d": "ptMSWfD", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.26": { "d": "ptMSWord", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.27": { "d": "ptMSWord2", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.28": { "d": "ptMSWord6", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.29": { "d": "ptMSWord8", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.30": { "d": "ptPDF", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.31": { "d": "ptPIF", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.32": { "d": "ptPostscript", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.33": { "d": "ptRTF", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.34": { "d": "ptSCITEX", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.35": { "d": "ptTAR", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.36": { "d": "ptTarga", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.37": { "d": "ptTeX", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.38": { "d": "ptText", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.39": { "d": "ptTIFF", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.40": { "d": "ptTIFF-FC", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.41": { "d": "ptUID", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.42": { "d": "ptUUEncode", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.43": { "d": "ptWMF", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.44": { "d": "ptWordPerfect", "c": "Teletrust presentation types" }, +"1.3.36.8.7.1.45": { "d": "ptWPGrph", "c": "Teletrust presentation types" }, +"1.3.101.1.4": { "d": "thawte-ce", "c": "Thawte" }, +"1.3.101.1.4.1": { "d": "strongExtranet", "c": "Thawte certificate extension" }, +"1.3.101.110": { "d": "curveX25519", "c": "ECDH 25519 key agreement algorithm" }, +"1.3.101.111": { "d": "curveX448", "c": "ECDH 448 key agreement algorithm" }, +"1.3.101.112": { "d": "curveEd25519", "c": "EdDSA 25519 signature algorithm" }, +"1.3.101.113": { "d": "curveEd448", "c": "EdDSA 448 signature algorithm" }, +"1.3.101.114": { "d": "curveEd25519ph", "c": "EdDSA 25519 pre-hash signature algorithm" }, +"1.3.101.115": { "d": "curveEd448ph", "c": "EdDSA 448 pre-hash signature algorithm" }, +"1.3.132.0.1": { "d": "sect163k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.2": { "d": "sect163r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.3": { "d": "sect239k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.4": { "d": "sect113r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.5": { "d": "sect113r2", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.6": { "d": "secp112r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.7": { "d": "secp112r2", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.8": { "d": "secp160r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.9": { "d": "secp160k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.10": { "d": "secp256k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.15": { "d": "sect163r2", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.16": { "d": "sect283k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.17": { "d": "sect283r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.22": { "d": "sect131r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.23": { "d": "sect131r2", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.24": { "d": "sect193r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.25": { "d": "sect193r2", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.26": { "d": "sect233k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.27": { "d": "sect233r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.28": { "d": "secp128r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.29": { "d": "secp128r2", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.30": { "d": "secp160r2", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.31": { "d": "secp192k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.32": { "d": "secp224k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.33": { "d": "secp224r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.34": { "d": "secp384r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.35": { "d": "secp521r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.36": { "d": "sect409k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.37": { "d": "sect409r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.38": { "d": "sect571k1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.0.39": { "d": "sect571r1", "c": "SECG (Certicom) named elliptic curve" }, +"1.3.132.1.11.1": { "d": "ecdhX963KDF-SHA256", "c": "SECG (Certicom) elliptic curve key agreement" }, +"1.3.132.1.11.2": { "d": "ecdhX963KDF-SHA384", "c": "SECG (Certicom) elliptic curve key agreement" }, +"1.3.132.1.11.3": { "d": "ecdhX963KDF-SHA512", "c": "SECG (Certicom) elliptic curve key agreement" }, +"1.3.133.16.840.9.84": { "d": "x984", "c": "X9.84" }, +"1.3.133.16.840.9.84.0": { "d": "x984Module", "c": "X9.84" }, +"1.3.133.16.840.9.84.0.1": { "d": "x984Biometrics", "c": "X9.84 Module" }, +"1.3.133.16.840.9.84.0.2": { "d": "x984CMS", "c": "X9.84 Module" }, +"1.3.133.16.840.9.84.0.3": { "d": "x984Identifiers", "c": "X9.84 Module" }, +"1.3.133.16.840.9.84.1": { "d": "x984Biometric", "c": "X9.84" }, +"1.3.133.16.840.9.84.1.0": { "d": "biometricUnknownType", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.1": { "d": "biometricBodyOdor", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.2": { "d": "biometricDNA", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.3": { "d": "biometricEarShape", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.4": { "d": "biometricFacialFeatures", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.5": { "d": "biometricFingerImage", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.6": { "d": "biometricFingerGeometry", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.7": { "d": "biometricHandGeometry", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.8": { "d": "biometricIrisFeatures", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.9": { "d": "biometricKeystrokeDynamics", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.10": { "d": "biometricPalm", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.11": { "d": "biometricRetina", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.12": { "d": "biometricSignature", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.13": { "d": "biometricSpeechPattern", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.14": { "d": "biometricThermalImage", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.15": { "d": "biometricVeinPattern", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.16": { "d": "biometricThermalFaceImage", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.17": { "d": "biometricThermalHandImage", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.18": { "d": "biometricLipMovement", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.1.19": { "d": "biometricGait", "c": "X9.84 Biometric" }, +"1.3.133.16.840.9.84.3": { "d": "x984MatchingMethod", "c": "X9.84" }, +"1.3.133.16.840.9.84.4": { "d": "x984FormatOwner", "c": "X9.84" }, +"1.3.133.16.840.9.84.4.0": { "d": "x984CbeffOwner", "c": "X9.84 Format Owner" }, +"1.3.133.16.840.9.84.4.1": { "d": "x984IbiaOwner", "c": "X9.84 Format Owner" }, +"1.3.133.16.840.9.84.4.1.1": { "d": "ibiaOwnerSAFLINK", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.2": { "d": "ibiaOwnerBioscrypt", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.3": { "d": "ibiaOwnerVisionics", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.4": { "d": "ibiaOwnerInfineonTechnologiesAG", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.5": { "d": "ibiaOwnerIridianTechnologies", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.6": { "d": "ibiaOwnerVeridicom", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.7": { "d": "ibiaOwnerCyberSIGN", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.8": { "d": "ibiaOwnereCryp", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.9": { "d": "ibiaOwnerFingerprintCardsAB", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.10": { "d": "ibiaOwnerSecuGen", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.11": { "d": "ibiaOwnerPreciseBiometric", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.12": { "d": "ibiaOwnerIdentix", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.13": { "d": "ibiaOwnerDERMALOG", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.14": { "d": "ibiaOwnerLOGICO", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.15": { "d": "ibiaOwnerNIST", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.16": { "d": "ibiaOwnerA3Vision", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.17": { "d": "ibiaOwnerNEC", "c": "X9.84 IBIA Format Owner" }, +"1.3.133.16.840.9.84.4.1.18": { "d": "ibiaOwnerSTMicroelectronics", "c": "X9.84 IBIA Format Owner" }, +"2.5.4.0": { "d": "objectClass", "c": "X.520 DN component" }, +"2.5.4.1": { "d": "aliasedEntryName", "c": "X.520 DN component" }, +"2.5.4.2": { "d": "knowledgeInformation", "c": "X.520 DN component" }, +"2.5.4.3": { "d": "commonName", "c": "X.520 DN component" }, +"2.5.4.4": { "d": "surname", "c": "X.520 DN component" }, +"2.5.4.5": { "d": "serialNumber", "c": "X.520 DN component" }, +"2.5.4.6": { "d": "countryName", "c": "X.520 DN component" }, +"2.5.4.7": { "d": "localityName", "c": "X.520 DN component" }, +"2.5.4.7.1": { "d": "collectiveLocalityName", "c": "X.520 DN component" }, +"2.5.4.8": { "d": "stateOrProvinceName", "c": "X.520 DN component" }, +"2.5.4.8.1": { "d": "collectiveStateOrProvinceName", "c": "X.520 DN component" }, +"2.5.4.9": { "d": "streetAddress", "c": "X.520 DN component" }, +"2.5.4.9.1": { "d": "collectiveStreetAddress", "c": "X.520 DN component" }, +"2.5.4.10": { "d": "organizationName", "c": "X.520 DN component" }, +"2.5.4.10.1": { "d": "collectiveOrganizationName", "c": "X.520 DN component" }, +"2.5.4.11": { "d": "organizationalUnitName", "c": "X.520 DN component" }, +"2.5.4.11.1": { "d": "collectiveOrganizationalUnitName", "c": "X.520 DN component" }, +"2.5.4.12": { "d": "title", "c": "X.520 DN component" }, +"2.5.4.13": { "d": "description", "c": "X.520 DN component" }, +"2.5.4.14": { "d": "searchGuide", "c": "X.520 DN component" }, +"2.5.4.15": { "d": "businessCategory", "c": "X.520 DN component" }, +"2.5.4.16": { "d": "postalAddress", "c": "X.520 DN component" }, +"2.5.4.16.1": { "d": "collectivePostalAddress", "c": "X.520 DN component" }, +"2.5.4.17": { "d": "postalCode", "c": "X.520 DN component" }, +"2.5.4.17.1": { "d": "collectivePostalCode", "c": "X.520 DN component" }, +"2.5.4.18": { "d": "postOfficeBox", "c": "X.520 DN component" }, +"2.5.4.18.1": { "d": "collectivePostOfficeBox", "c": "X.520 DN component" }, +"2.5.4.19": { "d": "physicalDeliveryOfficeName", "c": "X.520 DN component" }, +"2.5.4.19.1": { "d": "collectivePhysicalDeliveryOfficeName", "c": "X.520 DN component" }, +"2.5.4.20": { "d": "telephoneNumber", "c": "X.520 DN component" }, +"2.5.4.20.1": { "d": "collectiveTelephoneNumber", "c": "X.520 DN component" }, +"2.5.4.21": { "d": "telexNumber", "c": "X.520 DN component" }, +"2.5.4.21.1": { "d": "collectiveTelexNumber", "c": "X.520 DN component" }, +"2.5.4.22": { "d": "teletexTerminalIdentifier", "c": "X.520 DN component" }, +"2.5.4.22.1": { "d": "collectiveTeletexTerminalIdentifier", "c": "X.520 DN component" }, +"2.5.4.23": { "d": "facsimileTelephoneNumber", "c": "X.520 DN component" }, +"2.5.4.23.1": { "d": "collectiveFacsimileTelephoneNumber", "c": "X.520 DN component" }, +"2.5.4.24": { "d": "x121Address", "c": "X.520 DN component" }, +"2.5.4.25": { "d": "internationalISDNNumber", "c": "X.520 DN component" }, +"2.5.4.25.1": { "d": "collectiveInternationalISDNNumber", "c": "X.520 DN component" }, +"2.5.4.26": { "d": "registeredAddress", "c": "X.520 DN component" }, +"2.5.4.27": { "d": "destinationIndicator", "c": "X.520 DN component" }, +"2.5.4.28": { "d": "preferredDeliveryMehtod", "c": "X.520 DN component" }, +"2.5.4.29": { "d": "presentationAddress", "c": "X.520 DN component" }, +"2.5.4.30": { "d": "supportedApplicationContext", "c": "X.520 DN component" }, +"2.5.4.31": { "d": "member", "c": "X.520 DN component" }, +"2.5.4.32": { "d": "owner", "c": "X.520 DN component" }, +"2.5.4.33": { "d": "roleOccupant", "c": "X.520 DN component" }, +"2.5.4.34": { "d": "seeAlso", "c": "X.520 DN component" }, +"2.5.4.35": { "d": "userPassword", "c": "X.520 DN component" }, +"2.5.4.36": { "d": "userCertificate", "c": "X.520 DN component" }, +"2.5.4.37": { "d": "caCertificate", "c": "X.520 DN component" }, +"2.5.4.38": { "d": "authorityRevocationList", "c": "X.520 DN component" }, +"2.5.4.39": { "d": "certificateRevocationList", "c": "X.520 DN component" }, +"2.5.4.40": { "d": "crossCertificatePair", "c": "X.520 DN component" }, +"2.5.4.41": { "d": "name", "c": "X.520 DN component" }, +"2.5.4.42": { "d": "givenName", "c": "X.520 DN component" }, +"2.5.4.43": { "d": "initials", "c": "X.520 DN component" }, +"2.5.4.44": { "d": "generationQualifier", "c": "X.520 DN component" }, +"2.5.4.45": { "d": "uniqueIdentifier", "c": "X.520 DN component" }, +"2.5.4.46": { "d": "dnQualifier", "c": "X.520 DN component" }, +"2.5.4.47": { "d": "enhancedSearchGuide", "c": "X.520 DN component" }, +"2.5.4.48": { "d": "protocolInformation", "c": "X.520 DN component" }, +"2.5.4.49": { "d": "distinguishedName", "c": "X.520 DN component" }, +"2.5.4.50": { "d": "uniqueMember", "c": "X.520 DN component" }, +"2.5.4.51": { "d": "houseIdentifier", "c": "X.520 DN component" }, +"2.5.4.52": { "d": "supportedAlgorithms", "c": "X.520 DN component" }, +"2.5.4.53": { "d": "deltaRevocationList", "c": "X.520 DN component" }, +"2.5.4.54": { "d": "dmdName", "c": "X.520 DN component" }, +"2.5.4.55": { "d": "clearance", "c": "X.520 DN component" }, +"2.5.4.56": { "d": "defaultDirQop", "c": "X.520 DN component" }, +"2.5.4.57": { "d": "attributeIntegrityInfo", "c": "X.520 DN component" }, +"2.5.4.58": { "d": "attributeCertificate", "c": "X.520 DN component" }, +"2.5.4.59": { "d": "attributeCertificateRevocationList", "c": "X.520 DN component" }, +"2.5.4.60": { "d": "confKeyInfo", "c": "X.520 DN component" }, +"2.5.4.61": { "d": "aACertificate", "c": "X.520 DN component" }, +"2.5.4.62": { "d": "attributeDescriptorCertificate", "c": "X.520 DN component" }, +"2.5.4.63": { "d": "attributeAuthorityRevocationList", "c": "X.520 DN component" }, +"2.5.4.64": { "d": "familyInformation", "c": "X.520 DN component" }, +"2.5.4.65": { "d": "pseudonym", "c": "X.520 DN component" }, +"2.5.4.66": { "d": "communicationsService", "c": "X.520 DN component" }, +"2.5.4.67": { "d": "communicationsNetwork", "c": "X.520 DN component" }, +"2.5.4.68": { "d": "certificationPracticeStmt", "c": "X.520 DN component" }, +"2.5.4.69": { "d": "certificatePolicy", "c": "X.520 DN component" }, +"2.5.4.70": { "d": "pkiPath", "c": "X.520 DN component" }, +"2.5.4.71": { "d": "privPolicy", "c": "X.520 DN component" }, +"2.5.4.72": { "d": "role", "c": "X.520 DN component" }, +"2.5.4.73": { "d": "delegationPath", "c": "X.520 DN component" }, +"2.5.4.74": { "d": "protPrivPolicy", "c": "X.520 DN component" }, +"2.5.4.75": { "d": "xMLPrivilegeInfo", "c": "X.520 DN component" }, +"2.5.4.76": { "d": "xmlPrivPolicy", "c": "X.520 DN component" }, +"2.5.4.82": { "d": "permission", "c": "X.520 DN component" }, +"2.5.6.0": { "d": "top", "c": "X.520 objectClass" }, +"2.5.6.1": { "d": "alias", "c": "X.520 objectClass" }, +"2.5.6.2": { "d": "country", "c": "X.520 objectClass" }, +"2.5.6.3": { "d": "locality", "c": "X.520 objectClass" }, +"2.5.6.4": { "d": "organization", "c": "X.520 objectClass" }, +"2.5.6.5": { "d": "organizationalUnit", "c": "X.520 objectClass" }, +"2.5.6.6": { "d": "person", "c": "X.520 objectClass" }, +"2.5.6.7": { "d": "organizationalPerson", "c": "X.520 objectClass" }, +"2.5.6.8": { "d": "organizationalRole", "c": "X.520 objectClass" }, +"2.5.6.9": { "d": "groupOfNames", "c": "X.520 objectClass" }, +"2.5.6.10": { "d": "residentialPerson", "c": "X.520 objectClass" }, +"2.5.6.11": { "d": "applicationProcess", "c": "X.520 objectClass" }, +"2.5.6.12": { "d": "applicationEntity", "c": "X.520 objectClass" }, +"2.5.6.13": { "d": "dSA", "c": "X.520 objectClass" }, +"2.5.6.14": { "d": "device", "c": "X.520 objectClass" }, +"2.5.6.15": { "d": "strongAuthenticationUser", "c": "X.520 objectClass" }, +"2.5.6.16": { "d": "certificateAuthority", "c": "X.520 objectClass" }, +"2.5.6.17": { "d": "groupOfUniqueNames", "c": "X.520 objectClass" }, +"2.5.6.21": { "d": "pkiUser", "c": "X.520 objectClass" }, +"2.5.6.22": { "d": "pkiCA", "c": "X.520 objectClass" }, +"2.5.8.1.1": { "d": "rsa", "c": "X.500 algorithms. Ambiguous, since no padding rules specified", "w": true }, +"2.5.29.1": { "d": "authorityKeyIdentifier", "c": "X.509 extension. Deprecated, use 2 5 29 35 instead", "w": true }, +"2.5.29.2": { "d": "keyAttributes", "c": "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", "w": true }, +"2.5.29.3": { "d": "certificatePolicies", "c": "X.509 extension. Deprecated, use 2 5 29 32 instead", "w": true }, +"2.5.29.4": { "d": "keyUsageRestriction", "c": "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", "w": true }, +"2.5.29.5": { "d": "policyMapping", "c": "X.509 extension. Deprecated, use 2 5 29 33 instead", "w": true }, +"2.5.29.6": { "d": "subtreesConstraint", "c": "X.509 extension. Obsolete, use nameConstraints instead", "w": true }, +"2.5.29.7": { "d": "subjectAltName", "c": "X.509 extension. Deprecated, use 2 5 29 17 instead", "w": true }, +"2.5.29.8": { "d": "issuerAltName", "c": "X.509 extension. Deprecated, use 2 5 29 18 instead", "w": true }, +"2.5.29.9": { "d": "subjectDirectoryAttributes", "c": "X.509 extension" }, +"2.5.29.10": { "d": "basicConstraints", "c": "X.509 extension. Deprecated, use 2 5 29 19 instead", "w": true }, +"2.5.29.11": { "d": "nameConstraints", "c": "X.509 extension. Deprecated, use 2 5 29 30 instead", "w": true }, +"2.5.29.12": { "d": "policyConstraints", "c": "X.509 extension. Deprecated, use 2 5 29 36 instead", "w": true }, +"2.5.29.13": { "d": "basicConstraints", "c": "X.509 extension. Deprecated, use 2 5 29 19 instead", "w": true }, +"2.5.29.14": { "d": "subjectKeyIdentifier", "c": "X.509 extension" }, +"2.5.29.15": { "d": "keyUsage", "c": "X.509 extension" }, +"2.5.29.16": { "d": "privateKeyUsagePeriod", "c": "X.509 extension" }, +"2.5.29.17": { "d": "subjectAltName", "c": "X.509 extension" }, +"2.5.29.18": { "d": "issuerAltName", "c": "X.509 extension" }, +"2.5.29.19": { "d": "basicConstraints", "c": "X.509 extension" }, +"2.5.29.20": { "d": "cRLNumber", "c": "X.509 extension" }, +"2.5.29.21": { "d": "cRLReason", "c": "X.509 extension" }, +"2.5.29.22": { "d": "expirationDate", "c": "X.509 extension. Deprecated, alternative OID uncertain", "w": true }, +"2.5.29.23": { "d": "instructionCode", "c": "X.509 extension" }, +"2.5.29.24": { "d": "invalidityDate", "c": "X.509 extension" }, +"2.5.29.25": { "d": "cRLDistributionPoints", "c": "X.509 extension. Deprecated, use 2 5 29 31 instead", "w": true }, +"2.5.29.26": { "d": "issuingDistributionPoint", "c": "X.509 extension. Deprecated, use 2 5 29 28 instead", "w": true }, +"2.5.29.27": { "d": "deltaCRLIndicator", "c": "X.509 extension" }, +"2.5.29.28": { "d": "issuingDistributionPoint", "c": "X.509 extension" }, +"2.5.29.29": { "d": "certificateIssuer", "c": "X.509 extension" }, +"2.5.29.30": { "d": "nameConstraints", "c": "X.509 extension" }, +"2.5.29.31": { "d": "cRLDistributionPoints", "c": "X.509 extension" }, +"2.5.29.32": { "d": "certificatePolicies", "c": "X.509 extension" }, +"2.5.29.32.0": { "d": "anyPolicy", "c": "X.509 certificate policy" }, +"2.5.29.33": { "d": "policyMappings", "c": "X.509 extension" }, +"2.5.29.34": { "d": "policyConstraints", "c": "X.509 extension. Deprecated, use 2 5 29 36 instead", "w": true }, +"2.5.29.35": { "d": "authorityKeyIdentifier", "c": "X.509 extension" }, +"2.5.29.36": { "d": "policyConstraints", "c": "X.509 extension" }, +"2.5.29.37": { "d": "extKeyUsage", "c": "X.509 extension" }, +"2.5.29.37.0": { "d": "anyExtendedKeyUsage", "c": "X.509 extended key usage" }, +"2.5.29.38": { "d": "authorityAttributeIdentifier", "c": "X.509 extension" }, +"2.5.29.39": { "d": "roleSpecCertIdentifier", "c": "X.509 extension" }, +"2.5.29.40": { "d": "cRLStreamIdentifier", "c": "X.509 extension" }, +"2.5.29.41": { "d": "basicAttConstraints", "c": "X.509 extension" }, +"2.5.29.42": { "d": "delegatedNameConstraints", "c": "X.509 extension" }, +"2.5.29.43": { "d": "timeSpecification", "c": "X.509 extension" }, +"2.5.29.44": { "d": "cRLScope", "c": "X.509 extension" }, +"2.5.29.45": { "d": "statusReferrals", "c": "X.509 extension" }, +"2.5.29.46": { "d": "freshestCRL", "c": "X.509 extension" }, +"2.5.29.47": { "d": "orderedList", "c": "X.509 extension" }, +"2.5.29.48": { "d": "attributeDescriptor", "c": "X.509 extension" }, +"2.5.29.49": { "d": "userNotice", "c": "X.509 extension" }, +"2.5.29.50": { "d": "sOAIdentifier", "c": "X.509 extension" }, +"2.5.29.51": { "d": "baseUpdateTime", "c": "X.509 extension" }, +"2.5.29.52": { "d": "acceptableCertPolicies", "c": "X.509 extension" }, +"2.5.29.53": { "d": "deltaInfo", "c": "X.509 extension" }, +"2.5.29.54": { "d": "inhibitAnyPolicy", "c": "X.509 extension" }, +"2.5.29.55": { "d": "targetInformation", "c": "X.509 extension" }, +"2.5.29.56": { "d": "noRevAvail", "c": "X.509 extension" }, +"2.5.29.57": { "d": "acceptablePrivilegePolicies", "c": "X.509 extension" }, +"2.5.29.58": { "d": "toBeRevoked", "c": "X.509 extension" }, +"2.5.29.59": { "d": "revokedGroups", "c": "X.509 extension" }, +"2.5.29.60": { "d": "expiredCertsOnCRL", "c": "X.509 extension" }, +"2.5.29.61": { "d": "indirectIssuer", "c": "X.509 extension" }, +"2.5.29.62": { "d": "noAssertion", "c": "X.509 extension" }, +"2.5.29.63": { "d": "aAissuingDistributionPoint", "c": "X.509 extension" }, +"2.5.29.64": { "d": "issuedOnBehalfOf", "c": "X.509 extension" }, +"2.5.29.65": { "d": "singleUse", "c": "X.509 extension" }, +"2.5.29.66": { "d": "groupAC", "c": "X.509 extension" }, +"2.5.29.67": { "d": "allowedAttAss", "c": "X.509 extension" }, +"2.5.29.68": { "d": "attributeMappings", "c": "X.509 extension" }, +"2.5.29.69": { "d": "holderNameConstraints", "c": "X.509 extension" }, +"2.16.724.1.2.2.4.1": { "d": "personalDataInfo", "c": "Spanish Government PKI?" }, +"2.16.840.1.101.2.1.1.1": { "d": "sdnsSignatureAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.2": { "d": "fortezzaSignatureAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1." }, +"2.16.840.1.101.2.1.1.3": { "d": "sdnsConfidentialityAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.4": { "d": "fortezzaConfidentialityAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm" }, +"2.16.840.1.101.2.1.1.5": { "d": "sdnsIntegrityAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.6": { "d": "fortezzaIntegrityAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm" }, +"2.16.840.1.101.2.1.1.7": { "d": "sdnsTokenProtectionAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.8": { "d": "fortezzaTokenProtectionAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm" }, +"2.16.840.1.101.2.1.1.9": { "d": "sdnsKeyManagementAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.10": { "d": "fortezzaKeyManagementAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm" }, +"2.16.840.1.101.2.1.1.11": { "d": "sdnsKMandSigAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.12": { "d": "fortezzaKMandSigAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm" }, +"2.16.840.1.101.2.1.1.13": { "d": "suiteASignatureAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.14": { "d": "suiteAConfidentialityAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.15": { "d": "suiteAIntegrityAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.16": { "d": "suiteATokenProtectionAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.17": { "d": "suiteAKeyManagementAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.18": { "d": "suiteAKMandSigAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.19": { "d": "fortezzaUpdatedSigAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm" }, +"2.16.840.1.101.2.1.1.20": { "d": "fortezzaKMandUpdSigAlgorithms", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms" }, +"2.16.840.1.101.2.1.1.21": { "d": "fortezzaUpdatedIntegAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm" }, +"2.16.840.1.101.2.1.1.22": { "d": "keyExchangeAlgorithm", "c": "SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm" }, +"2.16.840.1.101.2.1.1.23": { "d": "fortezzaWrap80Algorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.1.24": { "d": "kEAKeyEncryptionAlgorithm", "c": "SDN.700 INFOSEC algorithms" }, +"2.16.840.1.101.2.1.2.1": { "d": "rfc822MessageFormat", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.2": { "d": "emptyContent", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.3": { "d": "cspContentType", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.42": { "d": "mspRev3ContentType", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.48": { "d": "mspContentType", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.49": { "d": "mspRekeyAgentProtocol", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.50": { "d": "mspMMP", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.66": { "d": "mspRev3-1ContentType", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.72": { "d": "forwardedMSPMessageBodyPart", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.73": { "d": "mspForwardedMessageParameters", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.74": { "d": "forwardedCSPMsgBodyPart", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.75": { "d": "cspForwardedMessageParameters", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.2.76": { "d": "mspMMP2", "c": "SDN.700 INFOSEC format" }, +"2.16.840.1.101.2.1.3.1": { "d": "sdnsSecurityPolicy", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.2": { "d": "sdnsPRBAC", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.3": { "d": "mosaicPRBAC", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.10": { "d": "siSecurityPolicy", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.10.0": { "d": "siNASP", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.1": { "d": "siELCO", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.2": { "d": "siTK", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.3": { "d": "siDSAP", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.4": { "d": "siSSSS", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.5": { "d": "siDNASP", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.6": { "d": "siBYEMAN", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.7": { "d": "siREL-US", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.8": { "d": "siREL-AUS", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.9": { "d": "siREL-CAN", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.10": { "d": "siREL_UK", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.11": { "d": "siREL-NZ", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.10.12": { "d": "siGeneric", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.11": { "d": "genser", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.11.0": { "d": "genserNations", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.11.1": { "d": "genserComsec", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.11.2": { "d": "genserAcquisition", "c": "SDN.700 INFOSEC policy (obsolete)", "w": true }, +"2.16.840.1.101.2.1.3.11.3": { "d": "genserSecurityCategories", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.11.3.0": { "d": "genserTagSetName", "c": "SDN.700 INFOSEC GENSER policy" }, +"2.16.840.1.101.2.1.3.12": { "d": "defaultSecurityPolicy", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.13": { "d": "capcoMarkings", "c": "SDN.700 INFOSEC policy" }, +"2.16.840.1.101.2.1.3.13.0": { "d": "capcoSecurityCategories", "c": "SDN.700 INFOSEC policy CAPCO markings" }, +"2.16.840.1.101.2.1.3.13.0.1": { "d": "capcoTagSetName1", "c": "SDN.700 INFOSEC policy CAPCO markings" }, +"2.16.840.1.101.2.1.3.13.0.2": { "d": "capcoTagSetName2", "c": "SDN.700 INFOSEC policy CAPCO markings" }, +"2.16.840.1.101.2.1.3.13.0.3": { "d": "capcoTagSetName3", "c": "SDN.700 INFOSEC policy CAPCO markings" }, +"2.16.840.1.101.2.1.3.13.0.4": { "d": "capcoTagSetName4", "c": "SDN.700 INFOSEC policy CAPCO markings" }, +"2.16.840.1.101.2.1.5.1": { "d": "sdnsKeyManagementCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.2": { "d": "sdnsUserSignatureCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.3": { "d": "sdnsKMandSigCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.4": { "d": "fortezzaKeyManagementCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.5": { "d": "fortezzaKMandSigCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.6": { "d": "fortezzaUserSignatureCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.7": { "d": "fortezzaCASignatureCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.8": { "d": "sdnsCASignatureCertificate", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.10": { "d": "auxiliaryVector", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.11": { "d": "mlReceiptPolicy", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.12": { "d": "mlMembership", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.13": { "d": "mlAdministrators", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.14": { "d": "alid", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.20": { "d": "janUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.21": { "d": "febUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.22": { "d": "marUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.23": { "d": "aprUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.24": { "d": "mayUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.25": { "d": "junUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.26": { "d": "julUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.27": { "d": "augUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.28": { "d": "sepUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.29": { "d": "octUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.30": { "d": "novUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.31": { "d": "decUKMs", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.40": { "d": "metaSDNSckl", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.41": { "d": "sdnsCKL", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.42": { "d": "metaSDNSsignatureCKL", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.43": { "d": "sdnsSignatureCKL", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.44": { "d": "sdnsCertificateRevocationList", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.45": { "d": "fortezzaCertificateRevocationList", "c": "SDN.700 INFOSEC attributes (superseded)", "w": true }, +"2.16.840.1.101.2.1.5.46": { "d": "fortezzaCKL", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.47": { "d": "alExemptedAddressProcessor", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.48": { "d": "guard", "c": "SDN.700 INFOSEC attributes (obsolete)", "w": true }, +"2.16.840.1.101.2.1.5.49": { "d": "algorithmsSupported", "c": "SDN.700 INFOSEC attributes (obsolete)", "w": true }, +"2.16.840.1.101.2.1.5.50": { "d": "suiteAKeyManagementCertificate", "c": "SDN.700 INFOSEC attributes (obsolete)", "w": true }, +"2.16.840.1.101.2.1.5.51": { "d": "suiteAKMandSigCertificate", "c": "SDN.700 INFOSEC attributes (obsolete)", "w": true }, +"2.16.840.1.101.2.1.5.52": { "d": "suiteAUserSignatureCertificate", "c": "SDN.700 INFOSEC attributes (obsolete)", "w": true }, +"2.16.840.1.101.2.1.5.53": { "d": "prbacInfo", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.54": { "d": "prbacCAConstraints", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.55": { "d": "sigOrKMPrivileges", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.56": { "d": "commPrivileges", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.57": { "d": "labeledAttribute", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.58": { "d": "policyInformationFile", "c": "SDN.700 INFOSEC attributes (obsolete)", "w": true }, +"2.16.840.1.101.2.1.5.59": { "d": "secPolicyInformationFile", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.5.60": { "d": "cAClearanceConstraint", "c": "SDN.700 INFOSEC attributes" }, +"2.16.840.1.101.2.1.7.1": { "d": "cspExtns", "c": "SDN.700 INFOSEC extensions" }, +"2.16.840.1.101.2.1.7.1.0": { "d": "cspCsExtn", "c": "SDN.700 INFOSEC extensions" }, +"2.16.840.1.101.2.1.8.1": { "d": "mISSISecurityCategories", "c": "SDN.700 INFOSEC security category" }, +"2.16.840.1.101.2.1.8.2": { "d": "standardSecurityLabelPrivileges", "c": "SDN.700 INFOSEC security category" }, +"2.16.840.1.101.2.1.10.1": { "d": "sigPrivileges", "c": "SDN.700 INFOSEC privileges" }, +"2.16.840.1.101.2.1.10.2": { "d": "kmPrivileges", "c": "SDN.700 INFOSEC privileges" }, +"2.16.840.1.101.2.1.10.3": { "d": "namedTagSetPrivilege", "c": "SDN.700 INFOSEC privileges" }, +"2.16.840.1.101.2.1.11.1": { "d": "ukDemo", "c": "SDN.700 INFOSEC certificate policy" }, +"2.16.840.1.101.2.1.11.2": { "d": "usDODClass2", "c": "SDN.700 INFOSEC certificate policy" }, +"2.16.840.1.101.2.1.11.3": { "d": "usMediumPilot", "c": "SDN.700 INFOSEC certificate policy" }, +"2.16.840.1.101.2.1.11.4": { "d": "usDODClass4", "c": "SDN.700 INFOSEC certificate policy" }, +"2.16.840.1.101.2.1.11.5": { "d": "usDODClass3", "c": "SDN.700 INFOSEC certificate policy" }, +"2.16.840.1.101.2.1.11.6": { "d": "usDODClass5", "c": "SDN.700 INFOSEC certificate policy" }, +"2.16.840.1.101.2.1.12.0": { "d": "testSecurityPolicy", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.1": { "d": "tsp1", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.1.0": { "d": "tsp1SecurityCategories", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.1.0.0": { "d": "tsp1TagSetZero", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.1.0.1": { "d": "tsp1TagSetOne", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.1.0.2": { "d": "tsp1TagSetTwo", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.2": { "d": "tsp2", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.2.0": { "d": "tsp2SecurityCategories", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.2.0.0": { "d": "tsp2TagSetZero", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.2.0.1": { "d": "tsp2TagSetOne", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.2.0.2": { "d": "tsp2TagSetTwo", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.3": { "d": "kafka", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.3.0": { "d": "kafkaSecurityCategories", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.3.0.1": { "d": "kafkaTagSetName1", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.3.0.2": { "d": "kafkaTagSetName2", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.0.3.0.3": { "d": "kafkaTagSetName3", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.2.1.12.1.1": { "d": "tcp1", "c": "SDN.700 INFOSEC test objects" }, +"2.16.840.1.101.3.1": { "d": "slabel", "c": "CSOR GAK", "w": true }, +"2.16.840.1.101.3.2": { "d": "pki", "c": "NIST", "w": true }, +"2.16.840.1.101.3.2.1": { "d": "NIST policyIdentifier", "c": "NIST policies", "w": true }, +"2.16.840.1.101.3.2.1.3.1": { "d": "fbcaRudimentaryPolicy", "c": "Federal Bridge CA Policy" }, +"2.16.840.1.101.3.2.1.3.2": { "d": "fbcaBasicPolicy", "c": "Federal Bridge CA Policy" }, +"2.16.840.1.101.3.2.1.3.3": { "d": "fbcaMediumPolicy", "c": "Federal Bridge CA Policy" }, +"2.16.840.1.101.3.2.1.3.4": { "d": "fbcaHighPolicy", "c": "Federal Bridge CA Policy" }, +"2.16.840.1.101.3.2.1.48.1": { "d": "nistTestPolicy1", "c": "NIST PKITS policies" }, +"2.16.840.1.101.3.2.1.48.2": { "d": "nistTestPolicy2", "c": "NIST PKITS policies" }, +"2.16.840.1.101.3.2.1.48.3": { "d": "nistTestPolicy3", "c": "NIST PKITS policies" }, +"2.16.840.1.101.3.2.1.48.4": { "d": "nistTestPolicy4", "c": "NIST PKITS policies" }, +"2.16.840.1.101.3.2.1.48.5": { "d": "nistTestPolicy5", "c": "NIST PKITS policies" }, +"2.16.840.1.101.3.2.1.48.6": { "d": "nistTestPolicy6", "c": "NIST PKITS policies" }, +"2.16.840.1.101.3.2.2": { "d": "gak", "c": "CSOR GAK extended key usage", "w": true }, +"2.16.840.1.101.3.2.2.1": { "d": "kRAKey", "c": "CSOR GAK extended key usage", "w": true }, +"2.16.840.1.101.3.2.3": { "d": "extensions", "c": "CSOR GAK extensions", "w": true }, +"2.16.840.1.101.3.2.3.1": { "d": "kRTechnique", "c": "CSOR GAK extensions", "w": true }, +"2.16.840.1.101.3.2.3.2": { "d": "kRecoveryCapable", "c": "CSOR GAK extensions", "w": true }, +"2.16.840.1.101.3.2.3.3": { "d": "kR", "c": "CSOR GAK extensions", "w": true }, +"2.16.840.1.101.3.2.4": { "d": "keyRecoverySchemes", "c": "CSOR GAK", "w": true }, +"2.16.840.1.101.3.2.5": { "d": "krapola", "c": "CSOR GAK", "w": true }, +"2.16.840.1.101.3.3": { "d": "arpa", "c": "CSOR GAK", "w": true }, +"2.16.840.1.101.3.4": { "d": "nistAlgorithm", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1": { "d": "aes", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.1": { "d": "aes128-ECB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.2": { "d": "aes128-CBC", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.3": { "d": "aes128-OFB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.4": { "d": "aes128-CFB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.5": { "d": "aes128-wrap", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.6": { "d": "aes128-GCM", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.7": { "d": "aes128-CCM", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.8": { "d": "aes128-wrap-pad", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.21": { "d": "aes192-ECB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.22": { "d": "aes192-CBC", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.23": { "d": "aes192-OFB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.24": { "d": "aes192-CFB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.25": { "d": "aes192-wrap", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.26": { "d": "aes192-GCM", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.27": { "d": "aes192-CCM", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.28": { "d": "aes192-wrap-pad", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.41": { "d": "aes256-ECB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.42": { "d": "aes256-CBC", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.43": { "d": "aes256-OFB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.44": { "d": "aes256-CFB", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.45": { "d": "aes256-wrap", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.46": { "d": "aes256-GCM", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.47": { "d": "aes256-CCM", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.1.48": { "d": "aes256-wrap-pad", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.2": { "d": "hashAlgos", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.2.1": { "d": "sha-256", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.2.2": { "d": "sha-384", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.2.3": { "d": "sha-512", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.2.4": { "d": "sha-224", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.3.1": { "d": "dsaWithSha224", "c": "NIST Algorithm" }, +"2.16.840.1.101.3.4.3.2": { "d": "dsaWithSha256", "c": "NIST Algorithm" }, +"2.16.840.1.113719.1.2.8": { "d": "novellAlgorithm", "c": "Novell" }, +"2.16.840.1.113719.1.2.8.22": { "d": "desCbcIV8", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.23": { "d": "desCbcPadIV8", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.24": { "d": "desEDE2CbcIV8", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.25": { "d": "desEDE2CbcPadIV8", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.26": { "d": "desEDE3CbcIV8", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.27": { "d": "desEDE3CbcPadIV8", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.28": { "d": "rc5CbcPad", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.29": { "d": "md2WithRSAEncryptionBSafe1", "c": "Novell signature algorithm" }, +"2.16.840.1.113719.1.2.8.30": { "d": "md5WithRSAEncryptionBSafe1", "c": "Novell signature algorithm" }, +"2.16.840.1.113719.1.2.8.31": { "d": "sha1WithRSAEncryptionBSafe1", "c": "Novell signature algorithm" }, +"2.16.840.1.113719.1.2.8.32": { "d": "lmDigest", "c": "Novell digest algorithm" }, +"2.16.840.1.113719.1.2.8.40": { "d": "md2", "c": "Novell digest algorithm" }, +"2.16.840.1.113719.1.2.8.50": { "d": "md5", "c": "Novell digest algorithm" }, +"2.16.840.1.113719.1.2.8.51": { "d": "ikeHmacWithSHA1-RSA", "c": "Novell signature algorithm" }, +"2.16.840.1.113719.1.2.8.52": { "d": "ikeHmacWithMD5-RSA", "c": "Novell signature algorithm" }, +"2.16.840.1.113719.1.2.8.69": { "d": "rc2CbcPad", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.82": { "d": "sha-1", "c": "Novell digest algorithm" }, +"2.16.840.1.113719.1.2.8.92": { "d": "rc2BSafe1Cbc", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.95": { "d": "md4", "c": "Novell digest algorithm" }, +"2.16.840.1.113719.1.2.8.130": { "d": "md4Packet", "c": "Novell keyed hash" }, +"2.16.840.1.113719.1.2.8.131": { "d": "rsaEncryptionBsafe1", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.132": { "d": "nwPassword", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.2.8.133": { "d": "novellObfuscate-1", "c": "Novell encryption algorithm" }, +"2.16.840.1.113719.1.9": { "d": "pki", "c": "Novell" }, +"2.16.840.1.113719.1.9.4": { "d": "pkiAttributeType", "c": "Novell PKI" }, +"2.16.840.1.113719.1.9.4.1": { "d": "securityAttributes", "c": "Novell PKI attribute type" }, +"2.16.840.1.113719.1.9.4.2": { "d": "relianceLimit", "c": "Novell PKI attribute type" }, +"2.16.840.1.113730.1": { "d": "cert-extension", "c": "Netscape" }, +"2.16.840.1.113730.1.1": { "d": "netscape-cert-type", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.2": { "d": "netscape-base-url", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.3": { "d": "netscape-revocation-url", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.4": { "d": "netscape-ca-revocation-url", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.7": { "d": "netscape-cert-renewal-url", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.8": { "d": "netscape-ca-policy-url", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.9": { "d": "HomePage-url", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.10": { "d": "EntityLogo", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.11": { "d": "UserPicture", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.12": { "d": "netscape-ssl-server-name", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.1.13": { "d": "netscape-comment", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.2": { "d": "data-type", "c": "Netscape" }, +"2.16.840.1.113730.2.1": { "d": "dataGIF", "c": "Netscape data type" }, +"2.16.840.1.113730.2.2": { "d": "dataJPEG", "c": "Netscape data type" }, +"2.16.840.1.113730.2.3": { "d": "dataURL", "c": "Netscape data type" }, +"2.16.840.1.113730.2.4": { "d": "dataHTML", "c": "Netscape data type" }, +"2.16.840.1.113730.2.5": { "d": "certSequence", "c": "Netscape data type" }, +"2.16.840.1.113730.2.6": { "d": "certURL", "c": "Netscape certificate extension" }, +"2.16.840.1.113730.3": { "d": "directory", "c": "Netscape" }, +"2.16.840.1.113730.3.1": { "d": "ldapDefinitions", "c": "Netscape directory" }, +"2.16.840.1.113730.3.1.1": { "d": "carLicense", "c": "Netscape LDAP definitions" }, +"2.16.840.1.113730.3.1.2": { "d": "departmentNumber", "c": "Netscape LDAP definitions" }, +"2.16.840.1.113730.3.1.3": { "d": "employeeNumber", "c": "Netscape LDAP definitions" }, +"2.16.840.1.113730.3.1.4": { "d": "employeeType", "c": "Netscape LDAP definitions" }, +"2.16.840.1.113730.3.2.2": { "d": "inetOrgPerson", "c": "Netscape LDAP definitions" }, +"2.16.840.1.113730.4.1": { "d": "serverGatedCrypto", "c": "Netscape" }, +"2.16.840.1.113733.1.6.3": { "d": "verisignCZAG", "c": "Verisign extension" }, +"2.16.840.1.113733.1.6.6": { "d": "verisignInBox", "c": "Verisign extension" }, +"2.16.840.1.113733.1.6.11": { "d": "verisignOnsiteJurisdictionHash", "c": "Verisign extension" }, +"2.16.840.1.113733.1.6.13": { "d": "Unknown Verisign VPN extension", "c": "Verisign extension" }, +"2.16.840.1.113733.1.6.15": { "d": "verisignServerID", "c": "Verisign extension" }, +"2.16.840.1.113733.1.7.1.1": { "d": "verisignCertPolicies95Qualifier1", "c": "Verisign policy" }, +"2.16.840.1.113733.1.7.1.1.1": { "d": "verisignCPSv1notice", "c": "Verisign policy (obsolete)" }, +"2.16.840.1.113733.1.7.1.1.2": { "d": "verisignCPSv1nsi", "c": "Verisign policy (obsolete)" }, +"2.16.840.1.113733.1.8.1": { "d": "verisignISSStrongCrypto", "c": "Verisign" }, +"2.16.840.1.113733.1": { "d": "pki", "c": "Verisign extension" }, +"2.16.840.1.113733.1.9": { "d": "pkcs7Attribute", "c": "Verisign PKI extension" }, +"2.16.840.1.113733.1.9.2": { "d": "messageType", "c": "Verisign PKCS #7 attribute" }, +"2.16.840.1.113733.1.9.3": { "d": "pkiStatus", "c": "Verisign PKCS #7 attribute" }, +"2.16.840.1.113733.1.9.4": { "d": "failInfo", "c": "Verisign PKCS #7 attribute" }, +"2.16.840.1.113733.1.9.5": { "d": "senderNonce", "c": "Verisign PKCS #7 attribute" }, +"2.16.840.1.113733.1.9.6": { "d": "recipientNonce", "c": "Verisign PKCS #7 attribute" }, +"2.16.840.1.113733.1.9.7": { "d": "transID", "c": "Verisign PKCS #7 attribute" }, +"2.16.840.1.113733.1.9.8": { "d": "extensionReq", "c": "Verisign PKCS #7 attribute. Use PKCS #9 extensionRequest instead", "w": true }, +"2.16.840.1.113741.2": { "d": "intelCDSA", "c": "Intel CDSA" }, +"2.16.840.1.114412.1": { "d": "digiCertNonEVCerts", "c": "Digicert CA policy" }, +"2.16.840.1.114412.1.1": { "d": "digiCertOVCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.1.2": { "d": "digiCertDVCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.1.11": { "d": "digiCertFederatedDeviceCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.1.3.0.1": { "d": "digiCertGlobalCAPolicy", "c": "Digicert CA policy" }, +"2.16.840.1.114412.1.3.0.2": { "d": "digiCertHighAssuranceEVCAPolicy", "c": "Digicert CA policy" }, +"2.16.840.1.114412.1.3.0.3": { "d": "digiCertGlobalRootCAPolicy", "c": "Digicert CA policy" }, +"2.16.840.1.114412.1.3.0.4": { "d": "digiCertAssuredIDRootCAPolicy", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.2": { "d": "digiCertEVCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.3": { "d": "digiCertObjectSigningCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.3.1": { "d": "digiCertCodeSigningCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.3.2": { "d": "digiCertEVCodeSigningCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.3.11": { "d": "digiCertKernelCodeSigningCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.3.21": { "d": "digiCertDocumentSigningCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4": { "d": "digiCertClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.1.1": { "d": "digiCertLevel1PersonalClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.1.2": { "d": "digiCertLevel1EnterpriseClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.2": { "d": "digiCertLevel2ClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.3.1": { "d": "digiCertLevel3USClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.3.2": { "d": "digiCertLevel3CBPClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.4.1": { "d": "digiCertLevel4USClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.4.2": { "d": "digiCertLevel4CBPClientCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.5.1": { "d": "digiCertPIVHardwareCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.5.2": { "d": "digiCertPIVCardAuthCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.2.4.5.3": { "d": "digiCertPIVContentSigningCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.4.31": { "d": "digiCertGridClassicCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.4.31.5": { "d": "digiCertGridIntegratedCert", "c": "Digicert CA policy" }, +"2.16.840.1.114412.31.4.31.1": { "d": "digiCertGridHostCert", "c": "Digicert CA policy" }, +"2.23.42.0": { "d": "contentType", "c": "SET" }, +"2.23.42.0.0": { "d": "panData", "c": "SET contentType" }, +"2.23.42.0.1": { "d": "panToken", "c": "SET contentType" }, +"2.23.42.0.2": { "d": "panOnly", "c": "SET contentType" }, +"2.23.42.1": { "d": "msgExt", "c": "SET" }, +"2.23.42.2": { "d": "field", "c": "SET" }, +"2.23.42.2.0": { "d": "fullName", "c": "SET field" }, +"2.23.42.2.1": { "d": "givenName", "c": "SET field" }, +"2.23.42.2.2": { "d": "familyName", "c": "SET field" }, +"2.23.42.2.3": { "d": "birthFamilyName", "c": "SET field" }, +"2.23.42.2.4": { "d": "placeName", "c": "SET field" }, +"2.23.42.2.5": { "d": "identificationNumber", "c": "SET field" }, +"2.23.42.2.6": { "d": "month", "c": "SET field" }, +"2.23.42.2.7": { "d": "date", "c": "SET field" }, +"2.23.42.2.8": { "d": "address", "c": "SET field" }, +"2.23.42.2.9": { "d": "telephone", "c": "SET field" }, +"2.23.42.2.10": { "d": "amount", "c": "SET field" }, +"2.23.42.2.11": { "d": "accountNumber", "c": "SET field" }, +"2.23.42.2.12": { "d": "passPhrase", "c": "SET field" }, +"2.23.42.3": { "d": "attribute", "c": "SET" }, +"2.23.42.3.0": { "d": "cert", "c": "SET attribute" }, +"2.23.42.3.0.0": { "d": "rootKeyThumb", "c": "SET cert attribute" }, +"2.23.42.3.0.1": { "d": "additionalPolicy", "c": "SET cert attribute" }, +"2.23.42.4": { "d": "algorithm", "c": "SET" }, +"2.23.42.5": { "d": "policy", "c": "SET" }, +"2.23.42.5.0": { "d": "root", "c": "SET policy" }, +"2.23.42.6": { "d": "module", "c": "SET" }, +"2.23.42.7": { "d": "certExt", "c": "SET" }, +"2.23.42.7.0": { "d": "hashedRootKey", "c": "SET cert extension" }, +"2.23.42.7.1": { "d": "certificateType", "c": "SET cert extension" }, +"2.23.42.7.2": { "d": "merchantData", "c": "SET cert extension" }, +"2.23.42.7.3": { "d": "cardCertRequired", "c": "SET cert extension" }, +"2.23.42.7.4": { "d": "tunneling", "c": "SET cert extension" }, +"2.23.42.7.5": { "d": "setExtensions", "c": "SET cert extension" }, +"2.23.42.7.6": { "d": "setQualifier", "c": "SET cert extension" }, +"2.23.42.8": { "d": "brand", "c": "SET" }, +"2.23.42.8.1": { "d": "IATA-ATA", "c": "SET brand" }, +"2.23.42.8.4": { "d": "VISA", "c": "SET brand" }, +"2.23.42.8.5": { "d": "MasterCard", "c": "SET brand" }, +"2.23.42.8.30": { "d": "Diners", "c": "SET brand" }, +"2.23.42.8.34": { "d": "AmericanExpress", "c": "SET brand" }, +"2.23.42.8.6011": { "d": "Novus", "c": "SET brand" }, +"2.23.42.9": { "d": "vendor", "c": "SET" }, +"2.23.42.9.0": { "d": "GlobeSet", "c": "SET vendor" }, +"2.23.42.9.1": { "d": "IBM", "c": "SET vendor" }, +"2.23.42.9.2": { "d": "CyberCash", "c": "SET vendor" }, +"2.23.42.9.3": { "d": "Terisa", "c": "SET vendor" }, +"2.23.42.9.4": { "d": "RSADSI", "c": "SET vendor" }, +"2.23.42.9.5": { "d": "VeriFone", "c": "SET vendor" }, +"2.23.42.9.6": { "d": "TrinTech", "c": "SET vendor" }, +"2.23.42.9.7": { "d": "BankGate", "c": "SET vendor" }, +"2.23.42.9.8": { "d": "GTE", "c": "SET vendor" }, +"2.23.42.9.9": { "d": "CompuSource", "c": "SET vendor" }, +"2.23.42.9.10": { "d": "Griffin", "c": "SET vendor" }, +"2.23.42.9.11": { "d": "Certicom", "c": "SET vendor" }, +"2.23.42.9.12": { "d": "OSS", "c": "SET vendor" }, +"2.23.42.9.13": { "d": "TenthMountain", "c": "SET vendor" }, +"2.23.42.9.14": { "d": "Antares", "c": "SET vendor" }, +"2.23.42.9.15": { "d": "ECC", "c": "SET vendor" }, +"2.23.42.9.16": { "d": "Maithean", "c": "SET vendor" }, +"2.23.42.9.17": { "d": "Netscape", "c": "SET vendor" }, +"2.23.42.9.18": { "d": "Verisign", "c": "SET vendor" }, +"2.23.42.9.19": { "d": "BlueMoney", "c": "SET vendor" }, +"2.23.42.9.20": { "d": "Lacerte", "c": "SET vendor" }, +"2.23.42.9.21": { "d": "Fujitsu", "c": "SET vendor" }, +"2.23.42.9.22": { "d": "eLab", "c": "SET vendor" }, +"2.23.42.9.23": { "d": "Entrust", "c": "SET vendor" }, +"2.23.42.9.24": { "d": "VIAnet", "c": "SET vendor" }, +"2.23.42.9.25": { "d": "III", "c": "SET vendor" }, +"2.23.42.9.26": { "d": "OpenMarket", "c": "SET vendor" }, +"2.23.42.9.27": { "d": "Lexem", "c": "SET vendor" }, +"2.23.42.9.28": { "d": "Intertrader", "c": "SET vendor" }, +"2.23.42.9.29": { "d": "Persimmon", "c": "SET vendor" }, +"2.23.42.9.30": { "d": "NABLE", "c": "SET vendor" }, +"2.23.42.9.31": { "d": "espace-net", "c": "SET vendor" }, +"2.23.42.9.32": { "d": "Hitachi", "c": "SET vendor" }, +"2.23.42.9.33": { "d": "Microsoft", "c": "SET vendor" }, +"2.23.42.9.34": { "d": "NEC", "c": "SET vendor" }, +"2.23.42.9.35": { "d": "Mitsubishi", "c": "SET vendor" }, +"2.23.42.9.36": { "d": "NCR", "c": "SET vendor" }, +"2.23.42.9.37": { "d": "e-COMM", "c": "SET vendor" }, +"2.23.42.9.38": { "d": "Gemplus", "c": "SET vendor" }, +"2.23.42.10": { "d": "national", "c": "SET" }, +"2.23.42.10.392": { "d": "Japan", "c": "SET national" }, +"2.23.43.1.4": { "d": "wTLS-ECC", "c": "WAP WTLS" }, +"2.23.43.1.4.1": { "d": "wTLS-ECC-curve1", "c": "WAP WTLS" }, +"2.23.43.1.4.6": { "d": "wTLS-ECC-curve6", "c": "WAP WTLS" }, +"2.23.43.1.4.8": { "d": "wTLS-ECC-curve8", "c": "WAP WTLS" }, +"2.23.43.1.4.9": { "d": "wTLS-ECC-curve9", "c": "WAP WTLS" }, +"2.23.133": { "d": "tCPA", "c": "TCPA" }, +"2.23.133.1": { "d": "tcpaSpecVersion", "c": "TCPA" }, +"2.23.133.2": { "d": "tcpaAttribute", "c": "TCPA" }, +"2.23.133.2.1": { "d": "tcpaTpmManufacturer", "c": "TCPA Attribute" }, +"2.23.133.2.2": { "d": "tcpaTpmModel", "c": "TCPA Attribute" }, +"2.23.133.2.3": { "d": "tcpaTpmVersion", "c": "TCPA Attribute" }, +"2.23.133.2.4": { "d": "tcpaPlatformManufacturer", "c": "TCPA Attribute" }, +"2.23.133.2.5": { "d": "tcpaPlatformModel", "c": "TCPA Attribute" }, +"2.23.133.2.6": { "d": "tcpaPlatformVersion", "c": "TCPA Attribute" }, +"2.23.133.2.7": { "d": "tcpaComponentManufacturer", "c": "TCPA Attribute" }, +"2.23.133.2.8": { "d": "tcpaComponentModel", "c": "TCPA Attribute" }, +"2.23.133.2.9": { "d": "tcpaComponentVersion", "c": "TCPA Attribute" }, +"2.23.133.2.10": { "d": "tcpaSecurityQualities", "c": "TCPA Attribute" }, +"2.23.133.2.11": { "d": "tcpaTpmProtectionProfile", "c": "TCPA Attribute" }, +"2.23.133.2.12": { "d": "tcpaTpmSecurityTarget", "c": "TCPA Attribute" }, +"2.23.133.2.13": { "d": "tcpaFoundationProtectionProfile", "c": "TCPA Attribute" }, +"2.23.133.2.14": { "d": "tcpaFoundationSecurityTarget", "c": "TCPA Attribute" }, +"2.23.133.2.15": { "d": "tcpaTpmIdLabel", "c": "TCPA Attribute" }, +"2.23.133.3": { "d": "tcpaProtocol", "c": "TCPA" }, +"2.23.133.3.1": { "d": "tcpaPrttTpmIdProtocol", "c": "TCPA Protocol" }, +"2.23.134.1.4.2.1": { "d": "postSignumRootQCA", "c": "PostSignum CA" }, +"2.23.134.1.2.2.3": { "d": "postSignumPublicCA", "c": "PostSignum CA" }, +"2.23.134.1.2.1.8.210": { "d": "postSignumCommercialServerPolicy", "c": "PostSignum CA" }, +"2.23.136.1.1.1": { "d": "mRTDSignatureData", "c": "ICAO MRTD" }, +"2.54.1775.2": { "d": "hashedRootKey", "c": "SET. Deprecated, use (2 23 42 7 0) instead", "w": true }, +"2.54.1775.3": { "d": "certificateType", "c": "SET. Deprecated, use (2 23 42 7 0) instead", "w": true }, +"2.54.1775.4": { "d": "merchantData", "c": "SET. Deprecated, use (2 23 42 7 0) instead", "w": true }, +"2.54.1775.5": { "d": "cardCertRequired", "c": "SET. Deprecated, use (2 23 42 7 0) instead", "w": true }, +"2.54.1775.6": { "d": "tunneling", "c": "SET. Deprecated, use (2 23 42 7 0) instead", "w": true }, +"2.54.1775.7": { "d": "setQualifier", "c": "SET. Deprecated, use (2 23 42 7 0) instead", "w": true }, +"2.54.1775.99": { "d": "setData", "c": "SET. Deprecated, use (2 23 42 7 0) instead", "w": true }, +"1.2.40.0.17.1.22": { "d": "A-Trust EV policy", "c": "A-Trust CA Root" }, +"1.3.6.1.4.1.34697.2.1": { "d": "AffirmTrust EV policy", "c": "AffirmTrust Commercial" }, +"1.3.6.1.4.1.34697.2.2": { "d": "AffirmTrust EV policy", "c": "AffirmTrust Networking" }, +"1.3.6.1.4.1.34697.2.3": { "d": "AffirmTrust EV policy", "c": "AffirmTrust Premium" }, +"1.3.6.1.4.1.34697.2.4": { "d": "AffirmTrust EV policy", "c": "AffirmTrust Premium ECC" }, +"2.16.578.1.26.1.3.3": { "d": "BuyPass EV policy", "c": "BuyPass Class 3 EV" }, +"1.3.6.1.4.1.17326.10.14.2.1.2": { "d": "Camerfirma EV policy", "c": "Camerfirma CA Root" }, +"1.3.6.1.4.1.17326.10.8.12.1.2": { "d": "Camerfirma EV policy", "c": "Camerfirma CA Root" }, +"1.3.6.1.4.1.22234.2.5.2.3.1": { "d": "CertPlus EV policy", "c": "CertPlus Class 2 Primary CA (formerly Keynectis)" }, +"1.3.6.1.4.1.6449.1.2.1.5.1": { "d": "Comodo EV policy", "c": "COMODO Certification Authority" }, +"1.3.6.1.4.1.6334.1.100.1": { "d": "Cybertrust EV policy", "c": "Cybertrust Global Root (now Verizon Business)" }, +"1.3.6.1.4.1.4788.2.202.1": { "d": "D-TRUST EV policy", "c": "D-TRUST Root Class 3 CA 2 EV 2009" }, +"2.16.840.1.114412.2.1": { "d": "DigiCert EV policy", "c": "DigiCert High Assurance EV Root CA" }, +"2.16.528.1.1001.1.1.1.12.6.1.1.1": { "d": "DigiNotar EV policy", "c": "DigiNotar Root CA" }, +"2.16.840.1.114028.10.1.2": { "d": "Entrust EV policy", "c": "Entrust Root Certification Authority" }, +"1.3.6.1.4.1.14370.1.6": { "d": "GeoTrust EV policy", "c": "GeoTrust Primary Certification Authority (formerly Equifax)" }, +"1.3.6.1.4.1.4146.1.1": { "d": "GlobalSign EV policy", "c": "GlobalSign" }, +"2.16.840.1.114413.1.7.23.3": { "d": "GoDaddy EV policy", "c": "GoDaddy Class 2 Certification Authority (formerly ValiCert)" }, +"1.3.6.1.4.1.14777.6.1.1": { "d": "Izenpe EV policy", "c": "Certificado de Servidor Seguro SSL EV" }, +"1.3.6.1.4.1.14777.6.1.2": { "d": "Izenpe EV policy", "c": "Certificado de Sede Electronica EV" }, +"1.3.6.1.4.1.782.1.2.1.8.1": { "d": "Network Solutions EV policy", "c": "Network Solutions Certificate Authority" }, +"1.3.6.1.4.1.8024.0.2.100.1.2": { "d": "QuoVadis EV policy", "c": "QuoVadis Root CA 2" }, +"1.2.392.200091.100.721.1": { "d": "Security Communication (SECOM) EV policy", "c": "Security Communication RootCA1" }, +"2.16.840.1.114414.1.7.23.3": { "d": "Starfield EV policy", "c": "Starfield Class 2 Certification Authority" }, +"1.3.6.1.4.1.23223.1.1.1": { "d": "StartCom EV policy", "c": "StartCom Certification Authority" }, +"2.16.756.1.89.1.2.1.1": { "d": "SwissSign EV policy", "c": "SwissSign Gold CA - G2" }, +"1.3.6.1.4.1.7879.13.24.1": { "d": "T-TeleSec EV policy", "c": "T-TeleSec GlobalRoot Class 3" }, +"2.16.840.1.113733.1.7.48.1": { "d": "Thawte EV policy", "c": "Thawte Premium Server CA" }, +"2.16.840.1.114404.1.1.2.4.1": { "d": "TrustWave EV policy", "c": "TrustWave CA, formerly SecureTrust, before that XRamp" }, +"1.3.6.1.4.1.40869.1.1.22.3": { "d": "TWCA EV policy", "c": "TWCA Root Certification Authority" }, +"2.16.840.1.113733.1.7.23.6": { "d": "VeriSign EV policy", "c": "VeriSign Class 3 Public Primary Certification Authority" }, +"2.16.840.1.114171.500.9": { "d": "Wells Fargo EV policy", "c": "Wells Fargo WellsSecure Public Root Certificate Authority" }, +"END": "" +} \ No newline at end of file diff --git a/client/emv/emvjson.c b/client/emv/emvjson.c index e56ecbb7..116e16da 100644 --- a/client/emv/emvjson.c +++ b/client/emv/emvjson.c @@ -264,6 +264,23 @@ bool HexToBuffer(const char *errormsg, const char *hexvalue, uint8_t * buffer, s return true; } +int JsonLoadStr(json_t *root, char *path, char *value) { + if (!value) + return 1; + + json_t *jelm = json_path_get((const json_t *)root, path); + if (!jelm || !json_is_string(jelm)) + return 2; + + const char * strval = json_string_value(jelm); + if (!strval) + return 1; + + memcpy(value, strval, strlen(strval)); + + return 0; +} + int JsonLoadBufAsHex(json_t *elm, char *path, uint8_t *data, size_t maxbufferlen, size_t *datalen) { if (datalen) *datalen = 0; diff --git a/client/emv/emvjson.h b/client/emv/emvjson.h index 9c6eda5e..996b611d 100644 --- a/client/emv/emvjson.h +++ b/client/emv/emvjson.h @@ -33,6 +33,7 @@ extern int JsonSaveTLVTreeElm(json_t *elm, char *path, struct tlvdb *tlvdbelm, b extern int JsonSaveTLVTree(json_t *root, json_t *elm, char *path, struct tlvdb *tlvdbelm); +extern int JsonLoadStr(json_t *root, char *path, char *value); extern int JsonLoadBufAsHex(json_t *elm, char *path, uint8_t *data, size_t maxbufferlen, size_t *datalen); extern bool ParamLoadFromJson(struct tlvdb *tlv); diff --git a/client/fido/additional_ca.c b/client/fido/additional_ca.c new file mode 100644 index 00000000..f529e99b --- /dev/null +++ b/client/fido/additional_ca.c @@ -0,0 +1,63 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// CA PEM certificates +//----------------------------------------------------------------------------- +// + +#include "additional_ca.h" +#include "mbedtls/certs.h" + +#define GLOBALSIGN_CA \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\r\n" \ +"A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\r\n" \ +"b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\r\n" \ +"MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\r\n" \ +"YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\r\n" \ +"aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\r\n" \ +"jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\r\n" \ +"xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\r\n" \ +"1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\r\n" \ +"snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\r\n" \ +"U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\r\n" \ +"9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\r\n" \ +"BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\r\n" \ +"AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\r\n" \ +"yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\r\n" \ +"38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\r\n" \ +"AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\r\n" \ +"DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\r\n" \ +"HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +// Name: Yubico U2F Root CA Serial 457200631 +// Issued: 2014-08-01 +#define YUBICO_CA \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDHjCCAgagAwIBAgIEG0BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ\r\n" \ +"dWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw\r\n" \ +"MDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290\r\n" \ +"IENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\r\n" \ +"AoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk\r\n" \ +"5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep\r\n" \ +"8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbw\r\n" \ +"nebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT\r\n" \ +"9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXw\r\n" \ +"LvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJ\r\n" \ +"hjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAN\r\n" \ +"BgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4\r\n" \ +"MYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kt\r\n" \ +"hX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2k\r\n" \ +"LVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1U\r\n" \ +"sG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqc\r\n" \ +"U9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +/* Concatenation of all additional CA certificates in PEM format if available */ +const char additional_ca_pem[] = GLOBALSIGN_CA YUBICO_CA; +const size_t additional_ca_pem_len = sizeof(additional_ca_pem); diff --git a/client/fido/additional_ca.h b/client/fido/additional_ca.h new file mode 100644 index 00000000..85658303 --- /dev/null +++ b/client/fido/additional_ca.h @@ -0,0 +1,21 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// CA PEM certificates +//----------------------------------------------------------------------------- +// + +#ifndef __ADDITIONAL_CA_H__ +#define __ADDITIONAL_CA_H__ + +#include + +// Concatenation of all CA certificates in PEM format if available +extern const char additional_ca_pem[]; +extern const size_t additional_ca_pem_len; + +#endif /* __ADDITIONAL_CA_H__ */ diff --git a/client/obj/fido/.dummy b/client/obj/fido/.dummy new file mode 100644 index 00000000..e69de29b diff --git a/client/ui.c b/client/ui.c index 50a6ec7d..3a1e42c5 100644 --- a/client/ui.c +++ b/client/ui.c @@ -16,6 +16,7 @@ #include #include #include +#include "util.h" #endif #include "ui.h" @@ -32,6 +33,77 @@ static char *logfilename = "proxmark3.log"; #ifndef EXTERNAL_PRINTANDLOG static pthread_mutex_t print_lock = PTHREAD_MUTEX_INITIALIZER; +void PrintAndLogEx(logLevel_t level, char *fmt, ...) { + + // skip debug messages if client debugging is turned off i.e. 'DATA SETDEBUG 0' +// if (g_debugMode == 0 && level == DEBUG) +// return; + + char buffer[MAX_PRINT_BUFFER] = {0}; + char buffer2[MAX_PRINT_BUFFER] = {0}; + char prefix[20] = {0}; + char *token = NULL; + int size = 0; + // {NORMAL, SUCCESS, INFO, FAILED, WARNING, ERR, DEBUG} + static char *prefixes[7] = { "", "", "INFO: ", "FAILED: ", "WARNING: ", "ERROR: ", "#: "}; + + switch( level ) { + case FAILED: + strncpy(prefix,_RED_(FAILED: ), sizeof(prefix)-1); + break; + case DEBUG: + strncpy(prefix,_BLUE_(#: ), sizeof(prefix)-1); + break; + case SUCCESS: + strncpy(prefix,_GREEN_( ), sizeof(prefix)-1); + break; + case WARNING: + strncpy(prefix,_CYAN_(WARNING: ), sizeof(prefix)-1); + break; + default: + strncpy(prefix, prefixes[level], sizeof(prefix)-1); + break; + } + + va_list args; + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + // no prefixes for normal + if ( level == NORMAL ) { + PrintAndLog(buffer); + return; + } + + if (strchr(buffer, '\n')) { + + const char delim[2] = "\n"; + + // line starts with newline + if (buffer[0] == '\n') + PrintAndLog(""); + + token = strtok(buffer, delim); + + while (token != NULL) { + + size = strlen(buffer2); + + if (strlen(token)) + snprintf(buffer2+size, sizeof(buffer2)-size, "%s%s\n", prefix, token); + else + snprintf(buffer2+size, sizeof(buffer2)-size, "\n"); + + token = strtok(NULL, delim); + } + PrintAndLog(buffer2); + } else { + snprintf(buffer2, sizeof(buffer2), "%s%s", prefix, buffer); + PrintAndLog(buffer2); + } +} + void PrintAndLog(char *fmt, ...) { char *saved_line; diff --git a/client/ui.h b/client/ui.h index 1273fe9e..0ea738b7 100644 --- a/client/ui.h +++ b/client/ui.h @@ -14,11 +14,15 @@ #include #include +#define MAX_PRINT_BUFFER 2048 +typedef enum logLevel {NORMAL, SUCCESS, INFO, FAILED, WARNING, ERR, DEBUG} logLevel_t; + void ShowGui(void); void HideGraphWindow(void); void ShowGraphWindow(void); void RepaintGraphWindow(void); void PrintAndLog(char *fmt, ...); +void PrintAndLogEx(logLevel_t level, char *fmt, ...); void SetLogFilename(char *fn); void SetFlushAfterWrite(bool flush_after_write); diff --git a/client/util.c b/client/util.c index c6d5f0d6..242a8a28 100644 --- a/client/util.c +++ b/client/util.c @@ -110,6 +110,35 @@ void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount) sprintf(fnameptr, "%s", ext); } +// fill buffer from structure [{uint8_t data, size_t length},...] +int FillBuffer(uint8_t *data, size_t maxDataLength, size_t *dataLength, ...) { + *dataLength = 0; + va_list valist; + va_start(valist, dataLength); + + uint8_t *vdata = NULL; + size_t vlength = 0; + do{ + vdata = va_arg(valist, uint8_t *); + if (!vdata) + break; + + vlength = va_arg(valist, size_t); + if (*dataLength + vlength > maxDataLength) { + va_end(valist); + return 1; + } + + memcpy(&data[*dataLength], vdata, vlength); + *dataLength += vlength; + + } while (vdata); + + va_end(valist); + + return 0; +} + void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const size_t hex_len, const size_t hex_max_len, const size_t min_str_len, const size_t spaces_between, bool uppercase) { diff --git a/client/util.h b/client/util.h index 31ad29fb..1867519e 100644 --- a/client/util.h +++ b/client/util.h @@ -35,6 +35,46 @@ #define FILE_PATH_SIZE 2000 #endif +#ifndef ARRAYLEN +# define ARRAYLEN(x) (sizeof(x)/sizeof((x)[0])) +#endif + +#if defined(__linux__) || (__APPLE__) +# define _BLUE_(s) "\x1b[34m" #s "\x1b[0m " +#else +# define _BLUE_(s) #s " " +#endif + +#if defined(__linux__) || (__APPLE__) +# define _RED_(s) "\x1b[31m" #s "\x1b[0m " +#else +# define _RED_(s) #s " " +#endif + +#if defined(__linux__) || (__APPLE__) +# define _GREEN_(s) "\x1b[32m" #s "\x1b[0m " +#else +# define _GREEN_(s) #s " " +#endif + +#if defined(__linux__) || (__APPLE__) +# define _YELLOW_(s) "\x1b[33m" #s "\x1b[0m " +#else +# define _YELLOW_(s) #s " " +#endif + +#if defined(__linux__) || (__APPLE__) +# define _MAGENTA_(s) "\x1b[35m" #s "\x1b[0m " +#else +# define _MAGENTA_(s) #s " " +#endif + +#if defined(__linux__) || (__APPLE__) +# define _CYAN_(s) "\x1b[36m" #s "\x1b[0m " +#else +# define _CYAN_(s) #s " " +#endif + extern int ukbhit(void); extern void AddLogLine(char *fileName, char *extData, char *c); @@ -43,6 +83,9 @@ extern void AddLogUint64(char *fileName, char *extData, const uint64_t data); extern void AddLogCurrentDT(char *fileName); extern void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount); +// fill buffer from structure [{uint8_t data, size_t length},...] +extern int FillBuffer(uint8_t *data, size_t maxDataLength, size_t *dataLength, ...); + extern void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const size_t hex_len, const size_t hex_max_len, const size_t min_str_len, const size_t spaces_between, bool uppercase); diff --git a/common/mbedtls/Makefile b/common/mbedtls/Makefile index 3e57fdac..a9a85098 100644 --- a/common/mbedtls/Makefile +++ b/common/mbedtls/Makefile @@ -29,6 +29,7 @@ mbedtls_SOURCES = \ arc4.c \ pk.c \ pk_wrap.c \ + pkwrite.c \ pkcs5.c \ pkcs12.c \ pkparse.c \ diff --git a/common/mbedtls/pkwrite.c b/common/mbedtls/pkwrite.c new file mode 100644 index 00000000..8e0bb2e6 --- /dev/null +++ b/common/mbedtls/pkwrite.c @@ -0,0 +1,517 @@ +/* + * Public Key layer for writing key files and structures + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: GPL-2.0 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PK_WRITE_C) + +#include "mbedtls/pk.h" +#include "mbedtls/asn1write.h" +#include "mbedtls/oid.h" + +#include + +#if defined(MBEDTLS_RSA_C) +#include "mbedtls/rsa.h" +#endif +#if defined(MBEDTLS_ECP_C) +#include "mbedtls/ecp.h" +#endif +#if defined(MBEDTLS_ECDSA_C) +#include "mbedtls/ecdsa.h" +#endif +#if defined(MBEDTLS_PEM_WRITE_C) +#include "mbedtls/pem.h" +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + +#if defined(MBEDTLS_RSA_C) +/* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ +static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, + mbedtls_rsa_context *rsa ) +{ + int ret; + size_t len = 0; + mbedtls_mpi T; + + mbedtls_mpi_init( &T ); + + /* Export E */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export N */ + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + goto end_of_export; + len += ret; + +end_of_export: + + mbedtls_mpi_free( &T ); + if( ret < 0 ) + return( ret ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + + return( (int) len ); +} +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_ECP_C) +/* + * EC public key is an EC point + */ +static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec ) +{ + int ret; + size_t len = 0; + unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; + + if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof( buf ) ) ) != 0 ) + { + return( ret ); + } + + if( *p < start || (size_t)( *p - start ) < len ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + + *p -= len; + memcpy( *p, buf, len ); + + return( (int) len ); +} + +/* + * ECParameters ::= CHOICE { + * namedCurve OBJECT IDENTIFIER + * } + */ +static int pk_write_ec_param( unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec ) +{ + int ret; + size_t len = 0; + const char *oid; + size_t oid_len; + + if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 ) + return( ret ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); + + return( (int) len ); +} +#endif /* MBEDTLS_ECP_C */ + +int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, + const mbedtls_pk_context *key ) +{ + int ret; + size_t len = 0; + +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) + MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) ); + else +#endif +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) + MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) ); + else +#endif + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + return( (int) len ); +} + +int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +{ + int ret; + unsigned char *c; + size_t len = 0, par_len = 0, oid_len; + const char *oid; + + c = buf + size; + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) ); + + if( c - buf < 1 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + + /* + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING } + */ + *--c = 0; + len += 1; + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) ); + + if( ( ret = mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_get_type( key ), + &oid, &oid_len ) ) != 0 ) + { + return( ret ); + } + +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) + { + MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) ); + } +#endif + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len, + par_len ) ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + + return( (int) len ); +} + +int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +{ + int ret; + unsigned char *c = buf + size; + size_t len = 0; + +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) + { + mbedtls_mpi T; /* Temporary holding the exported parameters */ + mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key ); + + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + + mbedtls_mpi_init( &T ); + + /* Export QP */ + if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export DQ */ + if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export DP */ + if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export Q */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + &T, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export P */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, + NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export D */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + NULL, &T, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export E */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export N */ + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, + NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + end_of_export: + + mbedtls_mpi_free( &T ); + if( ret < 0 ) + return( ret ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, + buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + } + else +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) + { + mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key ); + size_t pub_len = 0, par_len = 0; + + /* + * RFC 5915, or SEC1 Appendix C.4 + * + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + */ + + /* publicKey */ + MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) ); + + if( c - buf < 1 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + *--c = 0; + pub_len += 1; + + MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) ); + MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) ); + + MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) ); + MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ); + len += pub_len; + + /* parameters */ + MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) ); + + MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) ); + MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + len += par_len; + + /* privateKey: write as MPI then fix tag */ + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) ); + *c = MBEDTLS_ASN1_OCTET_STRING; + + /* version */ + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + } + else +#endif /* MBEDTLS_ECP_C */ + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + return( (int) len ); +} + +#if defined(MBEDTLS_PEM_WRITE_C) + +#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n" +#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n" + +#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n" +#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n" +#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n" +#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n" + +/* + * Max sizes of key per types. Shown as tag + len (+ content). + */ + +#if defined(MBEDTLS_RSA_C) +/* + * RSA public keys: + * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3 + * algorithm AlgorithmIdentifier, 1 + 1 (sequence) + * + 1 + 1 + 9 (rsa oid) + * + 1 + 1 (params null) + * subjectPublicKey BIT STRING } 1 + 3 + (1 + below) + * RSAPublicKey ::= SEQUENCE { 1 + 3 + * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1 + * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1 + * } + */ +#define RSA_PUB_DER_MAX_BYTES 38 + 2 * MBEDTLS_MPI_MAX_SIZE + +/* + * RSA private keys: + * RSAPrivateKey ::= SEQUENCE { 1 + 3 + * version Version, 1 + 1 + 1 + * modulus INTEGER, 1 + 3 + MPI_MAX + 1 + * publicExponent INTEGER, 1 + 3 + MPI_MAX + 1 + * privateExponent INTEGER, 1 + 3 + MPI_MAX + 1 + * prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 + * prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 + * exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 + * exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 + * coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1 + * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported) + * } + */ +#define MPI_MAX_SIZE_2 MBEDTLS_MPI_MAX_SIZE / 2 + \ + MBEDTLS_MPI_MAX_SIZE % 2 +#define RSA_PRV_DER_MAX_BYTES 47 + 3 * MBEDTLS_MPI_MAX_SIZE \ + + 5 * MPI_MAX_SIZE_2 + +#else /* MBEDTLS_RSA_C */ + +#define RSA_PUB_DER_MAX_BYTES 0 +#define RSA_PRV_DER_MAX_BYTES 0 + +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_ECP_C) +/* + * EC public keys: + * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 + * algorithm AlgorithmIdentifier, 1 + 1 (sequence) + * + 1 + 1 + 7 (ec oid) + * + 1 + 1 + 9 (namedCurve oid) + * subjectPublicKey BIT STRING 1 + 2 + 1 [1] + * + 1 (point format) [1] + * + 2 * ECP_MAX (coords) [1] + * } + */ +#define ECP_PUB_DER_MAX_BYTES 30 + 2 * MBEDTLS_ECP_MAX_BYTES + +/* + * EC private keys: + * ECPrivateKey ::= SEQUENCE { 1 + 2 + * version INTEGER , 1 + 1 + 1 + * privateKey OCTET STRING, 1 + 1 + ECP_MAX + * parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9) + * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above + * } + */ +#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES + +#else /* MBEDTLS_ECP_C */ + +#define ECP_PUB_DER_MAX_BYTES 0 +#define ECP_PRV_DER_MAX_BYTES 0 + +#endif /* MBEDTLS_ECP_C */ + +#define PUB_DER_MAX_BYTES RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \ + RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES +#define PRV_DER_MAX_BYTES RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \ + RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES + +int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +{ + int ret; + unsigned char output_buf[PUB_DER_MAX_BYTES]; + size_t olen = 0; + + if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, + sizeof(output_buf) ) ) < 0 ) + { + return( ret ); + } + + if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, + output_buf + sizeof(output_buf) - ret, + ret, buf, size, &olen ) ) != 0 ) + { + return( ret ); + } + + return( 0 ); +} + +int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +{ + int ret; + unsigned char output_buf[PRV_DER_MAX_BYTES]; + const char *begin, *end; + size_t olen = 0; + + if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) + return( ret ); + +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) + { + begin = PEM_BEGIN_PRIVATE_KEY_RSA; + end = PEM_END_PRIVATE_KEY_RSA; + } + else +#endif +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) + { + begin = PEM_BEGIN_PRIVATE_KEY_EC; + end = PEM_END_PRIVATE_KEY_EC; + } + else +#endif + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + if( ( ret = mbedtls_pem_write_buffer( begin, end, + output_buf + sizeof(output_buf) - ret, + ret, buf, size, &olen ) ) != 0 ) + { + return( ret ); + } + + return( 0 ); +} +#endif /* MBEDTLS_PEM_WRITE_C */ + +#endif /* MBEDTLS_PK_WRITE_C */ -- 2.39.5