# # format: tab-separated values # # # if is "" then no constant will be written # x509 OID_USERID 0.9.2342.19200300.100.1.1 uid User ID x509 OID_DOMAIN_COMPONENT 0.9.2342.19200300.100.1.25 domainComponent Domain component x509 OID_SIG_GOST_R3411_94_WITH_R3410_2001 1.2.643.2.2.3 id-GostR3411-94-with-GostR3410-2001 GOST R 3411-94 with GOST R 3410-2001 x509 OID_GOST_R3410_2001 1.2.643.2.2.19 gostR3410-2001 GOST R 34.10-2001 x509 OID_KEY_TYPE_GOST_R3410_2012_256 1.2.643.7.1.1.1.1 gost3410-2012-256 GOST R 34.10-2012 public keys with 256 bits private key length x509 OID_KEY_TYPE_GOST_R3410_2012_512 1.2.643.7.1.1.1.2 gost3410-2012-512 GOST R 34.10-2012 public keys with 512 bits private key length x509 OID_SIG_GOST_R3410_2012_256 1.2.643.7.1.1.3.2 id-tc26-signwithdigest-gost3410-12-256 GOST R 34.10-2012 signature algorithm with 256-bit key length and GOST R 34.11-2012 hash function with 256-bit hash code x509 OID_SIG_GOST_R3410_2012_512 1.2.643.7.1.1.3.3 id-tc26-signwithdigest-gost3410-12-512 GOST R 34.10-2012 signature algorithm with 512-bit key length and GOST R 34.11-2012 hash function with 512-bit hash code x509 OID_KEY_TYPE_DSA 1.2.840.10040.4.1 id-dsa DSA subject public key x509 OID_SIG_DSA_WITH_SHA1 1.2.840.10040.4.3 dsa-with-sha1 DSA signature generated with SHA-1 algorithm x962 OID_KEY_TYPE_EC_PUBLIC_KEY 1.2.840.10045.2.1 id-ecPublicKey Elliptic curve public key cryptography x962 OID_SIG_ECDSA_WITH_SHA224 1.2.840.10045.4.3.1 ecdsa-with-SHA224 Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 224 (SHA224) algorithm x962 OID_SIG_ECDSA_WITH_SHA256 1.2.840.10045.4.3.2 ecdsa-with-SHA256 Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 256 (SHA256) algorithm x962 OID_SIG_ECDSA_WITH_SHA384 1.2.840.10045.4.3.3 ecdsa-with-SHA384 Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 384 (SHA384) algorithm x962 OID_SIG_ECDSA_WITH_SHA512 1.2.840.10045.4.3.4 ecdsa-with-SHA512 Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 512 (SHA512) algorithm x962 OID_EC_P256 1.2.840.10045.3.1.7 prime256v1 P-256 elliptic curve parameter pkcs1 OID_PKCS1_RSAENCRYPTION 1.2.840.113549.1.1.1 rsaEncryption RSAES-PKCS1-v1_5 encryption scheme pkcs1 OID_PKCS1_MD2WITHRSAENC 1.2.840.113549.1.1.2 md2WithRSAEncryption MD2 with RSA encryption pkcs1 OID_PKCS1_MD4WITHRSAENC 1.2.840.113549.1.1.3 md4WithRSAEncryption MD4 with RSA encryption pkcs1 OID_PKCS1_MD5WITHRSAENC 1.2.840.113549.1.1.4 md5WithRSAEncryption MD5 with RSA encryption pkcs1 OID_PKCS1_SHA1WITHRSA 1.2.840.113549.1.1.5 sha1WithRSAEncryption SHA1 with RSA encryption pkcs1 OID_PKCS1_RSASSAPSS 1.2.840.113549.1.1.10 rsassa-pss RSA Signature Scheme with Probabilistic Signature Scheme (RSASSA-PSS) pkcs1 OID_PKCS1_SHA256WITHRSA 1.2.840.113549.1.1.11 sha256WithRSAEncryption SHA256 with RSA encryption pkcs1 OID_PKCS1_SHA384WITHRSA 1.2.840.113549.1.1.12 sha384WithRSAEncryption SHA384 with RSA encryption pkcs1 OID_PKCS1_SHA512WITHRSA 1.2.840.113549.1.1.13 sha512WithRSAEncryption SHA512 with RSA encryption pkcs1 OID_PKCS1_SHA224WITHRSA 1.2.840.113549.1.1.14 sha224WithRSAEncryption SHA224 with RSA encryption pkcs7 OID_PKCS7_ID_DATA 1.2.840.113549.1.7.1 pkcs7-data pkcs7-data pkcs7 OID_PKCS7_ID_SIGNED_DATA 1.2.840.113549.1.7.2 pkcs7-signedData PKCS#7 Signed Data pkcs7 OID_PKCS7_ID_ENVELOPED_DATA 1.2.840.113549.1.7.3 pkcs7-envelopedData PKCS#7 Enveloped Data pkcs7 OID_PKCS7_ID_SIGNED_ENVELOPED_DATA 1.2.840.113549.1.7.4 pkcs7-signedAndEnvelopedData PKCS#7 Signed and Enveloped Data pkcs7 OID_PKCS7_ID_DIGESTED_DATA 1.2.840.113549.1.7.5 pkcs7-digestedData PKCS#7 Digested Data pkcs7 OID_PKCS7_ID_ENCRYPTED_DATA 1.2.840.113549.1.7.6 pkcs7-encryptedData PKCS#7 Encrypted Data pkcs9 OID_PKCS9_EMAIL_ADDRESS 1.2.840.113549.1.9.1 emailAddress Email Address attribute for use in signatures pkcs9 OID_PKCS9_UNSTRUCTURED_NAME 1.2.840.113549.1.9.2 unstructuredName PKCS#9 unstructuredName pkcs9 OID_PKCS9_CONTENT_TYPE 1.2.840.113549.1.9.3 contentType id-contentType pkcs9 OID_PKCS9_ID_MESSAGE_DIGEST 1.2.840.113549.1.9.4 id-messageDigest id-messageDigest pkcs9 OID_PKCS9_SIGNING_TIME 1.2.840.113549.1.9.5 signing-time id-signingTime pkcs9 OID_PKCS9_CHALLENGE_PASSWORD 1.2.840.113549.1.9.7 challengePassword PKCS #9 challenge password (as specified for PKSC#10 in RFC2986) pkcs9 OID_PKCS9_EXTENSION_REQUEST 1.2.840.113549.1.9.14 extensionRequest Extension list for Certification Requests pkcs9 OID_PKCS9_SMIME_CAPABILITIES 1.2.840.113549.1.9.15 smimeCapabilities aa-smimeCapabilities pkcs9 OID_PKCS9_FRIENDLY_NAME 1.2.840.113549.1.9.20 friendlyName PKCS #9 attribute friendlyName (for PKCS #12) pkcs12 OID_PKCS12 1.2.840.113549.1.12 pkcs-12 Public-Key Cryptography Standard (PKCS) #12 pkcs12 OID_PKCS12_PBEIDS 1.2.840.113549.1.12.1 pkcs-12PbeIds PKCS #12 Password Based Encryption IDs pkcs12 OID_PKCS12_PBE_SHA1_128RC4 1.2.840.113549.1.12.1.1 pbeWithSHAAnd128BitRC4 PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC4 pkcs12 OID_PKCS12_PBE_SHA1_40RC4 1.2.840.113549.1.12.1.2 pbeWithSHAAnd40BitRC4 PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC4 pkcs12 OID_PKCS12_PBE_SHA1_3K_3DES_CBC 1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC PKCS #12 Password Based Encryption With SHA-1 and 3-key Triple DES in CBC mode pkcs12 OID_PKCS12_PBE_SHA1_2K_3DES_CBC 1.2.840.113549.1.12.1.4 pbeWithSHAAnd2-KeyTripleDES-CBC PKCS #12 Password Based Encryption With SHA-1 and 2-key Triple DES in CBC mode pkcs12 OID_PKCS12_PBE_SHA1_128RC2_CBC 1.2.840.113549.1.12.1.5 pbeWithSHAAnd128BitRC2-CBC PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC2-CBC pkcs12 OID_PKCS12_PBE_SHA1_40RC2_CBC 1.2.840.113549.1.12.1.6 pbeWithSHAAnd40BitRC2-CBC PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC2-CBC x509 OID_SIG_RSA_RIPE_MD160 1.3.36.3.3.1.2 rsaSignatureWithripemd160 RSA signature in combination with hash algorithm RIPEMD-160 x509 OID_SIG_ED25519 1.3.101.112 ed25519 Edwards-curve Digital Signature Algorithm (EdDSA) Ed25519 x509 OID_SIG_ED448 1.3.101.113 ed448 Edwards-curve Digital Signature Algorithm (EdDSA) Ed448 nist-algs OID_NIST_EC_P384 1.3.132.0.34 secp384r1 P-384 elliptic curve parameter nist-algs OID_NIST_EC_P521 1.3.132.0.35 secp521r1 P-521 elliptic curve parameter kdf OID_KDF_SHA1_SINGLE 1.3.133.16.840.63.0.2 dhSinglePass-stdDH-sha1kdf-scheme Single pass Secure Hash Algorithm 1 (SHA1) key derivation ms-spc SPC_INDIRECT_DATA_OBJID 1.3.6.1.4.1.311.2.1.4 spcIndirectData The SPC_INDIRECT_DATA_CONTENT structure is used in Authenticode signatures to store the digest and other attributes of the signed file ms-spc SPC_STATEMENT_TYPE_OBJID 1.3.6.1.4.1.311.2.1.11 spcStatementType spcStatementType ms-spc SPC_SP_OPUS_INFO_OBJID 1.3.6.1.4.1.311.2.1.12 spcSpOpusInfo SpcSpOpusInfo ms-spc SPC_PE_IMAGE_DATA 1.3.6.1.4.1.311.2.1.15 spcPEImageData spcPEImageData ms-spc SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID 1.3.6.1.4.1.311.2.1.21 msCodeInd MsCodeInd (SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID) is a ExtendedKeyUsage for Certificate Extensions which indicates Microsoft Individual Code Signing (authenticode) ms-spc MS_CTL 1.3.6.1.4.1.311.10.1 szOID_CTL MS_CTL x509 MS_JURISDICTION_LOCALITY 1.3.6.1.4.1.311.60.2.1.1 msJurisdictionLocality X520LocalityName as specified in RFC 3280 x509 MS_JURISDICTION_STATE_OR_PROVINCE 1.3.6.1.4.1.311.60.2.1.2 msJurisdictionStateOrProvince X520StateOrProvinceName as specified in RFC 3280 x509 MS_JURISDICTION_COUNTRY 1.3.6.1.4.1.311.60.2.1.3 msJurisdictionCountry X520countryName as specified in RFC 3280 # Certificate Transparency: https://tools.ietf.org/html/rfc6962#section-3.3 x509 OID_CT_LIST_SCT 1.3.6.1.4.1.11129.2.4.2 ctSCTList Certificate Transparency Signed Certificate Timestamp List # PKIX Certificate Extension # https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.1 x509 OID_PKIX_AUTHORITY_INFO_ACCESS 1.3.6.1.5.5.7.1.1 authorityInfoAccess Certificate Authority Information Access # PKIX Access Descriptor # https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.48 x509 OID_PKIX_ACCESS_DESCRIPTOR_OCSP 1.3.6.1.5.5.7.48.1 id-ad-ocsp PKIX Access Descriptor OCSP x509 OID_PKIX_ACCESS_DESCRIPTOR_CA_ISSUERS 1.3.6.1.5.5.7.48.2 id-ad-caIssuers PKIX Access Descriptor CA Issuers x509 OID_PKIX_ACCESS_DESCRIPTOR_TIMESTAMPING 1.3.6.1.5.5.7.48.3 id-ad-timestamping PKIX Access Descriptor Timestamping x509 OID_PKIX_ACCESS_DESCRIPTOR_DVCS 1.3.6.1.5.5.7.48.4 id-ad-dvcs PKIX Access Descriptor DVCS x509 OID_PKIX_ACCESS_DESCRIPTOR_CA_REPOSITORY 1.3.6.1.5.5.7.48.5 id-ad-caRepository PKIX Access Descriptor CA Repository x509 OID_PKIX_ACCESS_DESCRIPTOR_HTTP_CERTS 1.3.6.1.5.5.7.48.6 id-ad-http-certs PKIX Access Descriptor HTTP Certificates x509 OID_PKIX_ACCESS_DESCRIPTOR_HTTP_CRLS 1.3.6.1.5.5.7.48.7 id-ad-http-crls PKIX Access Descriptor HTTP Certificate Revocation Lists # x509 OID_PKIX_ACCESS_DESCRIPTOR_RPKI_MANIFEST 1.3.6.1.5.5.7.48.10 id-ad-rpki-manifest PKIX Access Descriptor RPKI Manifest x509 OID_PKIX_ACCESS_DESCRIPTOR_SIGNED_OBJECT 1.3.6.1.5.5.7.48.11 id-ad-signed-object PKIX Access Descriptor Signed Object x509 OID_PKIX_ACCESS_DESCRIPTOR_CMC 1.3.6.1.5.5.7.48.12 id-ad-cmc PKIX Access Descriptor CMC x509 OID_PKIX_ACCESS_DESCRIPTOR_RPKI_NOTIFY 1.3.6.1.5.5.7.48.13 id-ad-rpki-notify PKIX Access Descriptor RPKI Notify x509 OID_PKIX_ACCESS_DESCRIPTOR_STIRTNLIST 1.3.6.1.5.5.7.48.14 id-ad-stirTNList PKIX Access Descriptor STIRTNLIST nist-algs OID_MD5_WITH_RSA 1.3.14.3.2.25 md5WithRSASignature RSA algorithm coupled with the MD5 hashing algorithm (Oddball using ISO/IEC 9796-2 padding rules) nist-algs OID_HASH_SHA1 1.3.14.3.2.26 id-SHA1 SHA-1 hash algorithm nist-algs OID_SHA1_WITH_RSA 1.3.14.3.2.29 sha1WithRSAEncryption RSA algorithm that uses the Secure Hash Algorithm 1 (SHA1) (obsolete) x500 OID_X500 2.5 x500 X.500 x509 OID_X509 2.5.4 x509 X.509 x509 OID_X509_OBJECT_CLASS 2.5.4.0 objectClass Object classes x509 OID_X509_ALIASED_ENTRY_NAME 2.5.4.1 aliasedEntryName Aliased entry/object name x509 OID_X509_KNOWLEDGE_INFORMATION 2.5.4.2 knowledgeInformation 'knowledgeInformation' attribute type x509 OID_X509_COMMON_NAME 2.5.4.3 commonName Common Name x509 OID_X509_SURNAME 2.5.4.4 surname Surname x509 OID_X509_SERIALNUMBER 2.5.4.5 serialNumber Serial Number x509 OID_X509_COUNTRY_NAME 2.5.4.6 countryName Country Name x509 OID_X509_LOCALITY_NAME 2.5.4.7 localityName Locality Name x509 OID_X509_STATE_OR_PROVINCE_NAME 2.5.4.8 stateOrProvinceName State or Province name x509 OID_X509_STREET_ADDRESS 2.5.4.9 streetAddress Street Address x509 OID_X509_ORGANIZATION_NAME 2.5.4.10 organizationName Organization Name x509 OID_X509_ORGANIZATIONAL_UNIT 2.5.4.11 organizationalUnit Organizational Unit x509 OID_X509_TITLE 2.5.4.12 title Title x509 OID_X509_DESCRIPTION 2.5.4.13 description Description x509 OID_X509_SEARCH_GUIDE 2.5.4.14 searchGuide Search Guide x509 OID_X509_BUSINESS_CATEGORY 2.5.4.15 businessCategory Business Category x509 OID_X509_POSTAL_ADDRESS 2.5.4.16 postalAddress Postal Address x509 OID_X509_POSTAL_CODE 2.5.4.17 postalCode Postal Code # x509 OID_X509_NAME 2.5.4.41 name Name x509 OID_X509_GIVEN_NAME 2.5.4.42 givenName Given Name x509 OID_X509_INITIALS 2.5.4.43 initials Initials of an individual's name x509 OID_X509_GENERATION_QUALIFIER 2.5.4.44 generationQualifier Generation information to qualify an individual's name x509 OID_X509_UNIQUE_IDENTIFIER 2.5.4.45 uniqueIdentifier Unique Identifier x509 OID_X509_DN_QUALIFIER 2.5.4.46 dnQualifier DN Qualifier # # https://www.alvestrand.no/objectid/2.5.29.html x509 OID_X509_OBSOLETE_AUTHORITY_KEY_IDENTIFIER 2.5.29.1 oldAuthorityKeyIdentifier X509v3 Authority Key Identifier (obsolete) x509 OID_X509_OBSOLETE_KEY_ATTRIBUTES 2.5.29.2 oldKeyAttributes X509v3 Key Attributes (obsolete) x509 OID_X509_OBSOLETE_CERTIFICATE_POLICIES 2.5.29.3 oldCertificatePolicies X509v3 Certificate Policies (obsolete) x509 OID_X509_OBSOLETE_KEY_USAGE 2.5.29.4 oldKeyUsage X509v3 Key Usage Restriction (obsolete) x509 OID_X509_OBSOLETE_POLICY_MAPPING 2.5.29.5 oldPolicyMapping X509v3 Policy Mapping (obsolete) x509 OID_X509_OBSOLETE_SUBTREES_CONSTRAINT 2.5.29.6 oldSubtreesConstraint X509v3 Subtrees Constraint (obsolete) x509 OID_X509_OBSOLETE_SUBJECT_ALT_NAME 2.5.29.7 oldSubjectAltNAme X509v3 Subject Alternative Name (obsolete) x509 OID_X509_OBSOLETE_ISSUER_ALT_NAME 2.5.29.8 oldIssuerAltNAme X509v3 Issuer Alternative Name (obsolete) x509 OID_X509_EXT_SUBJECT_KEY_IDENTIFIER 2.5.29.14 subjectKeyIdentifier X509v3 Subject Key Identifier x509 OID_X509_EXT_KEY_USAGE 2.5.29.15 keyUsage X509v3 Key Usage x509 OID_X509_EXT_PRIVATE_KEY_USAGE_PERIOD 2.5.29.16 privateKeyUsagePeriod X509v3 Private Key Usage Period x509 OID_X509_EXT_SUBJECT_ALT_NAME 2.5.29.17 subjectAltName X509v3 Subject Alternative Name x509 OID_X509_EXT_ISSUER_ALT_NAME 2.5.29.18 issuerAltName X509v3 Issuer Alternative Name x509 OID_X509_EXT_BASIC_CONSTRAINTS 2.5.29.19 basicConstraints X509v3 Basic Constraints x509 OID_X509_EXT_CRL_NUMBER 2.5.29.20 crlNumber X509v3 CRL Number x509 OID_X509_EXT_REASON_CODE 2.5.29.21 reasonCode X509v3 Reason Code # no 2.5.29.22 x509 OID_X509_EXT_HOLD_INSTRUCTION_CODE 2.5.29.23 holdInstructionCode X509v3 Hold Instruction Code x509 OID_X509_EXT_INVALIDITY_DATE 2.5.29.24 invalidityDate X509v3 Invalidity Date # no 2.5.29.25 2.5.29.26 x509 OID_X509_EXT_DELTA_CRL_INDICATOR 2.5.29.27 deltaCRLIndicator X509v3 Delta CRL Indicator x509 OID_X509_EXT_ISSUER_DISTRIBUTION_POINT 2.5.29.28 issuerDistributionPoint X509v3 Issuer Distribution Point x509 OID_X509_EXT_ISSUER 2.5.29.29 issuer X509v3 Issuer x509 OID_X509_EXT_NAME_CONSTRAINTS 2.5.29.30 nameConstraints X509v3 Name Constraints x509 OID_X509_EXT_CRL_DISTRIBUTION_POINTS 2.5.29.31 crlDistributionPoints X509v3 CRL Distribution Points x509 OID_X509_EXT_CERTIFICATE_POLICIES 2.5.29.32 certificatePolicies X509v3 Certificate Policies x509 OID_X509_EXT_POLICY_MAPPINGS 2.5.29.33 policyMappings X509v3 Policy Mappings # no 2.5.29.34 x509 OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER 2.5.29.35 authorityKeyIdentifier X509v3 Authority Key Identifier x509 OID_X509_EXT_POLICY_CONSTRAINTS 2.5.29.36 policyConstraints X509v3 Policy Constraints x509 OID_X509_EXT_EXTENDED_KEY_USAGE 2.5.29.37 extendedKeyUsage X509v3 Extended Key Usage # x509 OID_X509_EXT_FRESHEST_CRL 2.5.29.46 freshestCRL X509v3 Freshest CRL # x509 OID_X509_EXT_INHIBITANT_ANY_POLICY 2.5.29.54 inhibitantAnyPolicy X509v3 Inhibit Any-policy nist-algs OID_NIST_ENC_AES256_CBC 2.16.840.1.101.3.4.1.42 aes-256-cbc 256-bit Advanced Encryption Standard (AES) algorithm with Cipher-Block Chaining (CBC) mode of operation nist-algs OID_NIST_HASH_SHA256 2.16.840.1.101.3.4.2.1 sha256 Secure Hash Algorithm that uses a 256 bit key (SHA256) nist-algs OID_NIST_HASH_SHA384 2.16.840.1.101.3.4.2.2 sha384 Secure Hash Algorithm that uses a 384 bit key (SHA384) nist-algs OID_NIST_HASH_SHA512 2.16.840.1.101.3.4.2.3 sha512 Secure Hash Algorithm that uses a 512 bit key (SHA512) x509 OID_X509_EXT_CERT_TYPE 2.16.840.1.113730.1.1 nsCertType X.509 v3 Certificate Type x509 OID_X509_EXT_BASE_URL 2.16.840.1.113730.1.2 nsBaseURL Base URL x509 OID_X509_EXT_REVOCATION_URL 2.16.840.1.113730.1.3 nsRevocationURL Revocation URL x509 OID_X509_EXT_CA_REVOCATION_URL 2.16.840.1.113730.1.4 nsCARevocationURL CA Revocation URL x509 OID_X509_EXT_CA_CRL_URL 2.16.840.1.113730.1.5 nsCACRLURL CA CRL URL x509 OID_X509_EXT_CA_CERT_URL 2.16.840.1.113730.1.6 nsCACertURL CA Certificate URL x509 OID_X509_EXT_RENEWAL_URL 2.16.840.1.113730.1.7 nsRenewalURL Renewal URL x509 OID_X509_EXT_CA_POLICY_URL 2.16.840.1.113730.1.8 nsCAPolicyURL CA Policy URL x509 OID_X509_EXT_HOMEPAGE_URL 2.16.840.1.113730.1.9 nsHomepageURL Certificate Homepage URL x509 OID_X509_EXT_ENTITY_LOGO 2.16.840.1.113730.1.10 nsEntityLogo Certificate Entity Logo x509 OID_X509_EXT_USER_PICTURE 2.16.840.1.113730.1.11 nsUserPicture Certificate User Picture x509 OID_X509_EXT_SSL_SERVER_NAME 2.16.840.1.113730.1.12 nsSSLServerName SSL Server Name x509 OID_X509_EXT_CERT_COMMENT 2.16.840.1.113730.1.13 nsComment Certificate Comment