The CSOR has allocated the following registration branch for cryptographic algorithm objects:
nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) }
The CSOR only registers only NIST-approved cryptographic algorithms. Where the algorithm has already been assigned object identifiers (e.g., for RSA PKCS#1 digital signature), new OIDs will not be assigned. Please check back for a page that identifies the preferred OIDs for these algorithms.
Additional information on NIST cryptographic algorithm activities is available from the Computer Security Resource Center.
Back to TopOften, cryptographic algorithm objects are defined for use with other ASN.1 types. In particular, OIDs intended for use in the ASN.1 type Algorithm may be associated with parameter definitions. This information is contained in an ASN.1 module. ASN.1 modules may be assigned OIDs to uniquely identify different versions of the ASN.1 constructs. The CSOR algorithm arc includes a sub arc for ASN.1 modules. To date, a single module has been registered to support AES project.
csorModules OBJECT IDENTIFIER ::= { nistalgorithms modules (0) }
aesModule1 OBJECT IDENTIFIER ::= { csorModules aes (1) }
Back to TopThe following objects have been registered to support AES project.
aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 }
id-aes128-ECB OBJECT IDENTIFIER ::= { aes 1 }
id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 }
id-aes128-OFB OBJECT IDENTIFIER ::= { aes 3 }
id-aes128-CFB OBJECT IDENTIFIER ::= { aes 4 }
id-aes128-CCM OBJECT IDENTIFIER ::= { aes 5 }
id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 }
id-aes192-ECB OBJECT IDENTIFIER ::= { aes 21 }
id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 }
id-aes192-OFB OBJECT IDENTIFIER ::= { aes 23 }
id-aes192-CFB OBJECT IDENTIFIER ::= { aes 24 }
id-aes192-CCM OBJECT IDENTIFIER ::= { aes 25 }
id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 }
id-aes256-ECB OBJECT IDENTIFIER ::= { aes 41 }
id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 }
id-aes256-OFB OBJECT IDENTIFIER ::= { aes 43 }
id-aes256-CFB OBJECT IDENTIFIER ::= { aes 44 }
id-aes256-CCM OBJECT IDENTIFIER ::= { aes 45 }
id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 }
The AES object identifiers may be used in the ASN.1 structured type Algorithm. The complete ASN.1 for these objects and any associated parameters is available in the following ASN.1 module.
Back to TopThe following objects have been registered to support the deployment of secure hash algorithms.
hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }
id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
Back to TopThe following objects have been registered to support the DSA signatures project. *Note: DSA with SHA-384 and SHA-512 were omitted since they were not specified in FIPS 186-3.
sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
id-dsa-with-sha224 ::= { sigAlgs 1 }
id-dsa-with-sha256 ::= { sigAlgs 2 }
Back to TopIn some cases, OIDs have been assigned by external organizations for NIST-specified algorithms. Where these OIDs are widely used, NIST may choose not to assign OIDs in the CSOR arc. Widely used ASN.1 object identifiers assigned by external organizations for NIST-specified algorithms are listed here.
The following OID should be used to denote the SHA-1 hash algorithm.
id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 }
The following OIDs should be used where NIST hash algorithms are used for HMACs:
rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2}
id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8}
id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9}
id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10}
id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11}