Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Cryptographic Algorithm Object Registration

The CSOR has allocated the following registration branch for cryptographic algorithm objects:

nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) }

The CSOR only registers NIST-approved cryptographic algorithms. When an algorithm has already been externally assigned an object identifier (e.g., for RSA PKCS#1 digital signature), no new OID will be assigned in the CSOR arc. Information about externally assigned OIDs is provided toward the end of the page.

Registered Objects

ASN.1 Modules

Often, cryptographic algorithm objects are defined for use with other ASN.1 types. In particular, OIDs intended for use in the ASN.1 type Algorithm may be associated with parameter definitions. This information is contained in an ASN.1 module. ASN.1 modules may be assigned OIDs to uniquely identify different versions of the ASN.1 constructs. The CSOR algorithm arc includes a sub arc for ASN.1 modules. To date, a single module has been registered to support AES project.

csorModules OBJECT IDENTIFIER ::= { nistalgorithms modules (0) }

aesModule1 OBJECT IDENTIFIER ::= { csorModules aes (1) }

Back to Top

AES Registered Objects

The following objects have been registered to support AES project.

aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 }

 

128 bit AES information object identifiers

id-aes128-ECB OBJECT IDENTIFIER ::= { aes 1 }

id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 }

id-aes128-OFB OBJECT IDENTIFIER ::= { aes 3 }

id-aes128-CFB OBJECT IDENTIFIER ::= { aes 4 }

id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }

id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 }

id-aes128-CCM OBJECT IDENTIFIER ::= { aes 7 }

id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 }

192 bit AES information object identifiers

id-aes192-ECB OBJECT IDENTIFIER ::= { aes 21 }

id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 }

id-aes192-OFB OBJECT IDENTIFIER ::= { aes 23 }

id-aes192-CFB OBJECT IDENTIFIER ::= { aes 24 }

id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }

id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 }

id-aes192-CCM OBJECT IDENTIFIER ::= { aes 27 }

id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 }

256 bit AES information object identifiers

id-aes256-ECB OBJECT IDENTIFIER ::= { aes 41 }

id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 }

id-aes256-OFB OBJECT IDENTIFIER ::= { aes 43 }

id-aes256-CFB OBJECT IDENTIFIER ::= { aes 44 }

id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }

id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 }

id-aes256-CCM OBJECT IDENTIFIER ::= { aes 47 }

id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 }

The AES object identifiers may be used in the ASN.1 structured type Algorithm. The complete ASN.1 for these objects and any associated parameters is available in the following ASN.1 module.

Back to Top

Secure Hash Algorithms Registered Objects

The following objects have been registered to support the deployment of secure hash algorithms.

hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }

SHA-1 (Externally assigned)

SHA-2 family

id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }

id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }

id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }

id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }

id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }

id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }

SHA-3 family

id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }

id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }

id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }

id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }

id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }

id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }

id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }

id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }


ShakeOutputLen ::= INTEGER -- Output length in bits

The algorithm identifiers for id-shake128-len and id-shake256-len carry the parameter ShakeOutputLen.

Alg-SHAKE128-LEN ALGORITHM ::= { OID id-shake128-len PARMS ShakeOutputLen }

Alg-SHAKE256-LEN ALGORITHM ::= { OID id-shake256-len PARMS ShakeOutputLen }

The other hash algorithm identifiers do not carry any parameters.

Keyed-Hash Message Authentication Code (HMAC) Algorithms Registered Objects

The following objects have been registered to support the deployment of HMAC.

HMAC with SHA-1 (Externally assigned)

HMAC with SHA-2 family (Externally assigned)

HMAC with SHA-3 family

id-hmacWithSHA3-224 OBJECT IDENTIFIER ::= { hashAlgs 13 }

id-hmacWithSHA3-256 OBJECT IDENTIFIER ::= { hashAlgs 14 }

id-hmacWithSHA3-384 OBJECT IDENTIFIER ::= { hashAlgs 15 }

id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { hashAlgs 16 }

Back to Top

Digital Signature Algorithms Registered Objects

The following objects have been registered to support the deployment of digital signature algorithms.

sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }

DSA with SHA-1 (Externally assigned)

DSA with SHA-2 family

id-dsa-with-sha224 ::= { sigAlgs 1 }

id-dsa-with-sha256 ::= { sigAlgs 2 }

id-dsa-with-sha384 ::= { sigAlgs 3 }

id-dsa-with-sha512 ::= { sigAlgs 4 }

DSA with SHA-3 family

id-dsa-with-sha3-224 ::= { sigAlgs 5 }

id-dsa-with-sha3-256 ::= { sigAlgs 6 }

id-dsa-with-sha3-384 ::= { sigAlgs 7 }

id-dsa-with-sha3-512 ::= { sigAlgs 8 }

ECDSA with SHA-1 (Externally assigned)

ECDSA with SHA-2 family (Externally assigned)

ECDSA with SHA-3 family

id-ecdsa-with-sha3-224 ::= { sigAlgs 9 }

id-ecdsa-with-sha3-256 ::= { sigAlgs 10 }

id-ecdsa-with-sha3-384 ::= { sigAlgs 11 }

id-ecdsa-with-sha3-512 ::= { sigAlgs 12 }

RSA PKCS #1 v1.5 Signature with SHA-1 (Externally assigned)

RSA PKCS #1 v1.5 Signature with SHA-2 family (Externally assigned)

RSA PKCS #1 v1.5 Signature with SHA-3 family

id-rsassa-pkcs1-v1_5-with-sha3-224 ::= { sigAlgs 13 }

id-rsassa-pkcs1-v1_5-with-sha3-256 ::= { sigAlgs 14 }

id-rsassa-pkcs1-v1_5-with-sha3-384 ::= { sigAlgs 15 }

id-rsassa-pkcs1-v1_5-with-sha3-512 ::= { sigAlgs 16 }

Back to Top

Externally Assigned OIDs

The following identifies the source where widely used ASN.1 object identifiers are assigned by external organizations for NIST-specified algorithms.

SHA-1: IEEE P1363, also IETF RFC 3370.

HMAC with SHA-1: RFC 3370.
HMAC with SHA-2 family: RFC 4231.

DSA with SHA-1: ANSI X9.57

ECDSA with SHA-1: RFC 3279.
ECDSA with SHA-2 family: RFC 5758.

RSA PKCS #1 v1.5 Signature with SHA-1: RFC 3279.
RSA PKCS #1 v1.5 Signature with SHA-2 family: RFC 4055.
RFC 4055 also defined hash-independent OIDs for the RSASSA-PSS signature algorithm and the RSAES-OAEP key transport algorithm. The OID for the specific hash function used in these algorithms is included in the algorithm parameters.