Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

Computer Security Objects Register

Project Links

Algorithm Registration

The CSOR has allocated the following registration branch for cryptographic algorithm objects:

nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) }

The CSOR only registers NIST-approved cryptographic algorithms. When an algorithm has already been externally assigned an object identifier (e.g., for RSA PKCS#1 digital signature), no new OID will be assigned in the CSOR arc. Information about externally assigned OIDs is provided toward the end of the page.


Registered Objects


ASN.1 Modules

Often, cryptographic algorithm objects are defined for use with other ASN.1 types. In particular, OIDs intended for use in the ASN.1 type Algorithm may be associated with parameter definitions. This information is contained in an ASN.1 module. ASN.1 modules may be assigned OIDs to uniquely identify different versions of the ASN.1 constructs. The CSOR algorithm arc includes a sub arc for ASN.1 modules. To date, a single module has been registered to support AES project.

csorModules OBJECT IDENTIFIER ::= { nistalgorithms modules (0) }

aesModule1 OBJECT IDENTIFIER ::= { csorModules aes (1) }


AES Registered Objects

The following objects have been registered to support AES project.

aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 }

id-aes128-ECB OBJECT IDENTIFIER ::= { aes 1 }

id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 }

id-aes128-OFB OBJECT IDENTIFIER ::= { aes 3 }

id-aes128-CFB OBJECT IDENTIFIER ::= { aes 4 }

id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }

id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 }

id-aes128-CCM OBJECT IDENTIFIER ::= { aes 7 }

id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 }

id-aes192-ECB OBJECT IDENTIFIER ::= { aes 21 }

id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 }

id-aes192-OFB OBJECT IDENTIFIER ::= { aes 23 }

id-aes192-CFB OBJECT IDENTIFIER ::= { aes 24 }

id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }

id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 }

id-aes192-CCM OBJECT IDENTIFIER ::= { aes 27 }

id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 }

id-aes256-ECB OBJECT IDENTIFIER ::= { aes 41 }

id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 }

id-aes256-OFB OBJECT IDENTIFIER ::= { aes 43 }

id-aes256-CFB OBJECT IDENTIFIER ::= { aes 44 }

id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }

id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 }

id-aes256-CCM OBJECT IDENTIFIER ::= { aes 47 }

id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 }

The AES object identifiers may be used in the ASN.1 structured type Algorithm. The complete ASN.1 for these objects and any associated parameters is available in this ASN.1 module.


Secure Hash Algorithms Registered Objects

The following objects have been registered to support the deployment of secure hash algorithms.

hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }

id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }

id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }

id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }

id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }

id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }

id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }

id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }

id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }

id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }

id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }

id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }

id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }

id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }

id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }

ShakeOutputLen ::= INTEGER -- Output length in bits

The algorithm identifiers for id-shake128-len and id-shake256-len carry the parameter ShakeOutputLen.

Alg-SHAKE128-LEN ALGORITHM ::= { OID id-shake128-len PARMS ShakeOutputLen }

Alg-SHAKE256-LEN ALGORITHM ::= { OID id-shake256-len PARMS ShakeOutputLen }

The other hash algorithm identifiers do not carry any parameters.

Keyed-Hash Message Authentication Code (HMAC) Algorithms Registered Objects

The following objects have been registered to support the deployment of HMAC.

id-hmacWithSHA3-224 OBJECT IDENTIFIER ::= { hashAlgs 13 }

id-hmacWithSHA3-256 OBJECT IDENTIFIER ::= { hashAlgs 14 }

id-hmacWithSHA3-384 OBJECT IDENTIFIER ::= { hashAlgs 15 }

id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { hashAlgs 16 }


Digital Signature Algorithms Registered Objects

The following objects have been registered to support the deployment of digital signature algorithms.

sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }

id-dsa-with-sha224 ::= { sigAlgs 1 }

id-dsa-with-sha256 ::= { sigAlgs 2 }

id-dsa-with-sha384 ::= { sigAlgs 3 }

id-dsa-with-sha512 ::= { sigAlgs 4 }

id-dsa-with-sha3-224 ::= { sigAlgs 5 }

id-dsa-with-sha3-256 ::= { sigAlgs 6 }

id-dsa-with-sha3-384 ::= { sigAlgs 7 }

id-dsa-with-sha3-512 ::= { sigAlgs 8 }

id-ecdsa-with-sha3-224 ::= { sigAlgs 9 }

id-ecdsa-with-sha3-256 ::= { sigAlgs 10 }

id-ecdsa-with-sha3-384 ::= { sigAlgs 11 }

id-ecdsa-with-sha3-512 ::= { sigAlgs 12 }

id-rsassa-pkcs1-v1_5-with-sha3-224 ::= { sigAlgs 13 }

id-rsassa-pkcs1-v1_5-with-sha3-256 ::= { sigAlgs 14 }

id-rsassa-pkcs1-v1_5-with-sha3-384 ::= { sigAlgs 15 }

id-rsassa-pkcs1-v1_5-with-sha3-512 ::= { sigAlgs 16 }


Externally-assigned OIDs

The following identifies the source where widely used ASN.1 object identifiers are assigned by external organizations for NIST-specified algorithms.

SHA-1: IEEE P1363, also IETF RFC 3370

HMAC with SHA-1: RFC 3370
HMAC with SHA-2 family: RFC 4231

DSA with SHA-1: ANSI X9.57 [withdrawn standard, per http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.79-2013 ]

ECDSA with SHA-1: RFC 3279
ECDSA with SHA-2 family: RFC 5758

RSA PKCS #1 v1.5 Signature with SHA-1: RFC 3279
RSA PKCS #1 v1.5 Signature with SHA-2 family: RFC 4055

RFC 4055 also defined hash-independent OIDs for the RSASSA-PSS signature algorithm and the RSAES-OAEP key transport algorithm. The OID for the specific hash function used in these algorithms is included in the algorithm parameters.

Created May 24, 2016, Updated March 14, 2018