2 -- Transcribed from RFC 5912
5 PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
6 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
7 id-mod-pkix1-algorithms2008-02(56) }
9 DEFINITIONS EXPLICIT TAGS ::=
13 PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS
14 FROM AlgorithmInformation-2009
15 {iso(1) identified-organization(3) dod(6) internet(1) security(5)
16 mechanisms(5) pkix(7) id-mod(0)
17 id-mod-algorithmInformation-02(58)}
19 mda-sha224, mda-sha256, mda-sha384, mda-sha512
20 FROM PKIX1-PSS-OAEP-Algorithms-2009
21 {iso(1) identified-organization(3) dod(6) internet(1)
22 security(5) mechanisms(5) pkix(7) id-mod(0)
23 id-mod-pkix1-rsa-pkalgs-02(54)}
25 -- Additional IMPORT for Wireshark
27 FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
28 authenticationFramework(7) 4};
32 -- Public Key (pk-) Algorithms
35 PublicKeys PUBLIC-KEY ::= {
48 -- Signature Algorithms (sa-)
51 SignatureAlgs SIGNATURE-ALGORITHM ::= {
69 -- S/MIME CAPS for algorithms in this document
71 -- For all of the algorithms laid out in this document, the
72 -- parameters field for the S/MIME capabilities is defined as
73 -- ABSENT as there are no specific values that need to be known
74 -- by the receiver for negotiation.
78 SMimeCaps SMIME-CAPS ::= {
79 sa-rsaWithMD2.&smimeCaps |
80 sa-rsaWithMD5.&smimeCaps |
81 sa-rsaWithSHA1.&smimeCaps |
82 sa-dsaWithSHA1.&smimeCaps |
83 sa-dsaWithSHA224.&smimeCaps |
84 sa-dsaWithSHA256.&smimeCaps |
85 sa-ecdsaWithSHA1.&smimeCaps |
86 sa-ecdsaWithSHA224.&smimeCaps |
87 sa-ecdsaWithSHA256.&smimeCaps |
88 sa-ecdsaWithSHA384.&smimeCaps |
89 sa-ecdsaWithSHA512.&smimeCaps,
92 -- RSA PK Algorithm, Parameters, and Keys
94 -- pk-rsa PUBLIC-KEY ::= {
95 -- IDENTIFIER rsaEncryption
97 -- PARAMS TYPE NULL ARE absent
98 -- Private key format not in this module --
99 -- CERT-KEY-USAGE {digitalSignature, nonRepudiation,
100 -- keyEncipherment, dataEncipherment, keyCertSign, cRLSign}
103 rsaEncryption OBJECT IDENTIFIER ::= {
104 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
107 RSAPublicKey ::= SEQUENCE {
108 modulus INTEGER, -- n
109 publicExponent INTEGER -- e
112 -- Wireshark additions to ensure compatibility with the original PKCS1.asn
114 DigestInfo ::= SEQUENCE {
115 digestAlgorithm DigestAlgorithmIdentifier,
119 DigestAlgorithmIdentifier ::= AlgorithmIdentifier
121 Digest ::= OCTET STRING
123 -- End of Wireshark additions
125 -- DSA PK Algorithm, Parameters, and Keys
127 -- pk-dsa PUBLIC-KEY ::= {
130 -- PARAMS TYPE DSA-Params ARE inheritable
131 -- Private key format not in this module --
132 -- CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign,
136 id-dsa OBJECT IDENTIFIER ::= {
137 iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
139 DSA-Params ::= SEQUENCE {
145 DSAPublicKey ::= INTEGER -- public key, y
147 -- Diffie-Hellman PK Algorithm, Parameters, and Keys
149 -- pk-dh PUBLIC-KEY ::= {
150 -- IDENTIFIER dhpublicnumber
152 -- PARAMS TYPE DomainParameters ARE inheritable
153 -- Private key format not in this module --
154 -- CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
157 dhpublicnumber OBJECT IDENTIFIER ::= {
158 iso(1) member-body(2) us(840) ansi-x942(10046)
161 DomainParameters ::= SEQUENCE {
162 p INTEGER, -- odd prime, p=jq +1
163 g INTEGER, -- generator, g
164 q INTEGER, -- factor of p-1
165 j INTEGER OPTIONAL, -- subgroup factor, j>= 2
166 validationParams ValidationParams OPTIONAL
169 ValidationParams ::= SEQUENCE {
174 DHPublicKey ::= INTEGER -- public key, y = g^x mod p
176 -- KEA PK Algorithm and Parameters
178 -- pk-kea PUBLIC-KEY ::= {
179 -- IDENTIFIER id-keyExchangeAlgorithm
180 -- key is not encoded --
181 -- PARAMS TYPE KEA-Params-Id ARE required
182 -- Private key format not in this module --
183 -- CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
186 id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {
187 joint-iso-itu-t(2) country(16) us(840) organization(1)
188 gov(101) dod(2) infosec(1) algorithms(1) 22 }
190 KEA-Params-Id ::= OCTET STRING
192 -- RSASSA-PSS (RFC 4055)
194 -- pk-rsaSSA-PSS PUBLIC-KEY ::= {
195 -- IDENTIFIER id-RSASSA-PSS
197 -- PARAMS TYPE RSASSA-PSS-params ARE optional
198 -- CERT-KEY-USAGE { nonRepudiation, digitalSignature, keyCertSign, cRLSign }
201 id-mgf1 OBJECT IDENTIFIER ::= {
202 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
205 id-RSASSA-PSS OBJECT IDENTIFIER ::= {
206 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
209 HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM,
212 HashAlgorithms DIGEST-ALGORITHM ::= {
213 { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent },
217 -- sha1Identifier AlgorithmIdentifier ::= {
218 -- algorithmId id-sha1,
222 MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
223 {PKCS1MGFAlgorithms}}
225 -- mgf1SHA1 MaskGenAlgorithm ::= {
226 -- algorithmId id-mgf1,
227 -- parameters HashAlgorithm : sha1Identifier
230 PKCS1MGFAlgorithms ALGORITHM ::= {
231 { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required },
235 -- AlgorithmIdentifier parameters for id-RSASSA-PSS.
236 -- Note that the tags in this Sequence are explicit.
237 -- Note: The hash algorithm in hashAlgorithm and in
238 -- maskGenAlgorithm should be the same.
240 RSASSA-PSS-params ::= SEQUENCE {
241 hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
242 maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
243 saltLength [2] INTEGER DEFAULT 20,
244 trailerField [3] INTEGER DEFAULT 1
248 -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms
249 -- (Section 2.1.1 of RFC 5480)
251 -- EC Unrestricted Algorithm ID -- -- this is used for ECDSA
253 -- pk-ec PUBLIC-KEY ::= {
254 -- IDENTIFIER id-ecPublicKey
256 -- PARAMS TYPE ECParameters ARE required
257 -- Private key format not in this module --
258 -- CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement,
259 -- keyCertSign, cRLSign }
262 ECPoint ::= OCTET STRING -- see RFC 5480 for syntax and restrictions
264 id-ecPublicKey OBJECT IDENTIFIER ::= {
265 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
267 -- Elliptic Curve (EC) Signatures: Restricted Algorithms
268 -- (Section 2.1.2 of RFC 5480)
270 -- EC Diffie-Hellman Algorithm ID
272 -- pk-ecDH PUBLIC-KEY ::= {
273 -- IDENTIFIER id-ecDH
275 -- PARAMS TYPE ECParameters ARE required
276 -- Private key format not in this module --
277 -- CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
280 id-ecDH OBJECT IDENTIFIER ::= {
281 iso(1) identified-organization(3) certicom(132) schemes(1)
284 -- EC Menezes-Qu-Vanstone Algorithm ID
286 -- pk-ecMQV PUBLIC-KEY ::= {
287 -- IDENTIFIER id-ecMQV
289 -- PARAMS TYPE ECParameters ARE required
290 -- Private key format not in this module --
291 -- CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
294 id-ecMQV OBJECT IDENTIFIER ::= {
295 iso(1) identified-organization(3) certicom(132) schemes(1)
298 -- Parameters and Keys for both Restricted and Unrestricted EC
300 ECParameters ::= CHOICE {
301 namedCurve --CURVE.&id({NamedCurve}) -- OBJECT IDENTIFIER
302 -- implicitCurve NULL
303 -- implicitCurve MUST NOT be used in PKIX
304 -- specifiedCurve SpecifiedCurve
305 -- specifiedCurve MUST NOT be used in PKIX
306 -- Details for specifiedCurve can be found in [X9.62]
307 -- Any future additions to this CHOICE should be coordinated
310 -- If you need to be able to decode ANSI X.9 parameter structures,
311 -- uncomment the implicitCurve and specifiedCurve above, and also
312 -- uncomment the following:
313 -- (WITH COMPONENTS {namedCurve PRESENT})
315 -- Sec 2.1.1.1 Named Curve
317 CURVE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE }
318 WITH SYNTAX { ID &id }
320 NamedCurve CURVE ::= {
321 { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } |
322 { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } |
323 { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } |
324 { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } |
325 { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
329 -- Note in [X9.62] the curves are referred to as 'ansiX9' as
330 -- opposed to 'sec'. For example, secp192r1 is the same curve as
333 -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
334 -- prime192v1 and the secp256r1 curve was referred to as
337 -- Note that [FIPS186-3] refers to secp192r1 as P-192,
338 -- secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384,
339 -- and secp521r1 as P-521.
341 secp192r1 OBJECT IDENTIFIER ::= {
342 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
345 sect163k1 OBJECT IDENTIFIER ::= {
346 iso(1) identified-organization(3) certicom(132) curve(0) 1 }
348 sect163r2 OBJECT IDENTIFIER ::= {
349 iso(1) identified-organization(3) certicom(132) curve(0) 15 }
351 secp224r1 OBJECT IDENTIFIER ::= {
352 iso(1) identified-organization(3) certicom(132) curve(0) 33 }
354 sect233k1 OBJECT IDENTIFIER ::= {
355 iso(1) identified-organization(3) certicom(132) curve(0) 26 }
357 sect233r1 OBJECT IDENTIFIER ::= {
358 iso(1) identified-organization(3) certicom(132) curve(0) 27 }
360 secp256r1 OBJECT IDENTIFIER ::= {
361 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
364 sect283k1 OBJECT IDENTIFIER ::= {
365 iso(1) identified-organization(3) certicom(132) curve(0) 16 }
367 sect283r1 OBJECT IDENTIFIER ::= {
368 iso(1) identified-organization(3) certicom(132) curve(0) 17 }
370 secp384r1 OBJECT IDENTIFIER ::= {
371 iso(1) identified-organization(3) certicom(132) curve(0) 34 }
373 sect409k1 OBJECT IDENTIFIER ::= {
374 iso(1) identified-organization(3) certicom(132) curve(0) 36 }
376 sect409r1 OBJECT IDENTIFIER ::= {
377 iso(1) identified-organization(3) certicom(132) curve(0) 37 }
379 secp521r1 OBJECT IDENTIFIER ::= {
380 iso(1) identified-organization(3) certicom(132) curve(0) 35 }
382 sect571k1 OBJECT IDENTIFIER ::= {
383 iso(1) identified-organization(3) certicom(132) curve(0) 38 }
385 sect571r1 OBJECT IDENTIFIER ::= {
386 iso(1) identified-organization(3) certicom(132) curve(0) 39 }
390 -- sa-rsaWithMD2 SIGNATURE-ALGORITHM ::= {
391 -- IDENTIFIER md2WithRSAEncryption
392 -- PARAMS TYPE NULL ARE required
393 -- HASHES { mda-md2 }
394 -- PUBLIC-KEYS { pk-rsa }
395 -- SMIME-CAPS { IDENTIFIED BY md2WithRSAEncryption }
398 md2WithRSAEncryption OBJECT IDENTIFIER ::= {
399 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
404 -- sa-rsaWithMD5 SIGNATURE-ALGORITHM ::= {
405 -- IDENTIFIER md5WithRSAEncryption
406 -- PARAMS TYPE NULL ARE required
407 -- HASHES { mda-md5 }
408 -- PUBLIC-KEYS { pk-rsa }
409 -- SMIME-CAPS { IDENTIFIED BY md5WithRSAEncryption }
412 md5WithRSAEncryption OBJECT IDENTIFIER ::= {
413 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
418 -- sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= {
419 -- IDENTIFIER sha1WithRSAEncryption
420 -- PARAMS TYPE NULL ARE required
421 -- HASHES { mda-sha1 }
422 -- PUBLIC-KEYS { pk-rsa }
423 -- SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption }
426 sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
427 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
432 -- sa-dsaWithSHA1 SIGNATURE-ALGORITHM ::= {
433 -- IDENTIFIER dsa-with-sha1
434 -- VALUE DSA-Sig-Value
435 -- PARAMS TYPE NULL ARE absent
436 -- HASHES { mda-sha1 }
437 -- PUBLIC-KEYS { pk-dsa }
438 -- SMIME-CAPS { IDENTIFIED BY dsa-with-sha1 }
441 dsa-with-sha1 OBJECT IDENTIFIER ::= {
442 iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }
446 -- sa-dsaWithSHA224 SIGNATURE-ALGORITHM ::= {
447 -- IDENTIFIER dsa-with-sha224
448 -- VALUE DSA-Sig-Value
449 -- PARAMS TYPE NULL ARE absent
450 -- HASHES { mda-sha224 }
451 -- PUBLIC-KEYS { pk-dsa }
452 -- SMIME-CAPS { IDENTIFIED BY dsa-with-sha224 }
455 dsa-with-sha224 OBJECT IDENTIFIER ::= {
456 joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
457 csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
461 -- sa-dsaWithSHA256 SIGNATURE-ALGORITHM ::= {
462 -- IDENTIFIER dsa-with-sha256
463 -- VALUE DSA-Sig-Value
464 -- PARAMS TYPE NULL ARE absent
465 -- HASHES { mda-sha256 }
466 -- PUBLIC-KEYS { pk-dsa }
467 -- SMIME-CAPS { IDENTIFIED BY dsa-with-sha256 }
470 dsa-with-sha256 OBJECT IDENTIFIER ::= {
471 joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
472 csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
476 -- sa-ecdsaWithSHA1 SIGNATURE-ALGORITHM ::= {
477 -- IDENTIFIER ecdsa-with-SHA1
478 -- VALUE ECDSA-Sig-Value
479 -- PARAMS TYPE NULL ARE absent
480 -- HASHES { mda-sha1 }
481 -- PUBLIC-KEYS { pk-ec }
482 -- SMIME-CAPS {IDENTIFIED BY ecdsa-with-SHA1 }
485 ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
486 iso(1) member-body(2) us(840) ansi-X9-62(10045)
489 -- ECDSA with SHA-224
491 -- sa-ecdsaWithSHA224 SIGNATURE-ALGORITHM ::= {
492 -- IDENTIFIER ecdsa-with-SHA224
493 -- VALUE ECDSA-Sig-Value
494 -- PARAMS TYPE NULL ARE absent
495 -- HASHES { mda-sha224 }
496 -- PUBLIC-KEYS { pk-ec }
497 -- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA224 }
500 ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
501 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
502 ecdsa-with-SHA2(3) 1 }
504 -- ECDSA with SHA-256
506 -- sa-ecdsaWithSHA256 SIGNATURE-ALGORITHM ::= {
507 -- IDENTIFIER ecdsa-with-SHA256
508 -- VALUE ECDSA-Sig-Value
509 -- PARAMS TYPE NULL ARE absent
510 -- HASHES { mda-sha256 }
511 -- PUBLIC-KEYS { pk-ec }
512 -- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA256 }
515 ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
516 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
517 ecdsa-with-SHA2(3) 2 }
519 -- ECDSA with SHA-384
521 -- sa-ecdsaWithSHA384 SIGNATURE-ALGORITHM ::= {
522 -- IDENTIFIER ecdsa-with-SHA384
523 -- VALUE ECDSA-Sig-Value
524 -- PARAMS TYPE NULL ARE absent
525 -- HASHES { mda-sha384 }
526 -- PUBLIC-KEYS { pk-ec }
527 -- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA384 }
530 ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
531 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
532 ecdsa-with-SHA2(3) 3 }
534 -- ECDSA with SHA-512
536 -- sa-ecdsaWithSHA512 SIGNATURE-ALGORITHM ::= {
537 -- IDENTIFIER ecdsa-with-SHA512
538 -- VALUE ECDSA-Sig-Value
539 -- PARAMS TYPE NULL ARE absent
540 -- HASHES { mda-sha512 }
541 -- PUBLIC-KEYS { pk-ec }
542 -- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 }
545 ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
546 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
547 ecdsa-with-SHA2(3) 4 }
555 DSA-Sig-Value ::= SEQUENCE {
562 ECDSA-Sig-Value ::= SEQUENCE {
568 -- Message Digest Algorithms (mda-)
571 HashAlgs DIGEST-ALGORITHM ::= {
579 -- mda-md2 DIGEST-ALGORITHM ::= {
581 -- PARAMS TYPE NULL ARE preferredAbsent
584 id-md2 OBJECT IDENTIFIER ::= {
585 iso(1) member-body(2) us(840) rsadsi(113549)
586 digestAlgorithm(2) 2 }
590 -- mda-md5 DIGEST-ALGORITHM ::= {
592 -- PARAMS TYPE NULL ARE preferredAbsent
595 id-md5 OBJECT IDENTIFIER ::= {
596 iso(1) member-body(2) us(840) rsadsi(113549)
597 digestAlgorithm(2) 5 }
601 -- mda-sha1 DIGEST-ALGORITHM ::= {
602 -- IDENTIFIER id-sha1
603 -- PARAMS TYPE NULL ARE preferredAbsent
606 id-sha1 OBJECT IDENTIFIER ::= {
607 iso(1) identified-organization(3) oiw(14) secsig(3)
610 -- SHA-2 family (from RFC 3447)
612 id-sha256 OBJECT IDENTIFIER ::= {
613 joint-iso-itu-t(2) country(16) us(840) organization(1)
614 gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 }