NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Cryptographic Algorithm Object Registration

The CSOR has allocated the following registration branch for cryptographic algorithm objects:

nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) }

The CSOR only registers only NIST-approved cryptographic algorithms. Where the algorithm has already been assigned object identifiers (e.g., for RSA PKCS#1 digital signature), new OIDs will not be assigned. Please check back for a page that identifies the preferred OIDs for these algorithms.

Additional information on NIST cryptographic algorithm activities is available from the Computer Security Resource Center.

Back to Top

Registered Objects

Back to Top

ASN.1 Modules

Often, cryptographic algorithm objects are defined for use with other ASN.1 types. In particular, OIDs intended for use in the ASN.1 type Algorithm may be associated with parameter definitions. This information is contained in an ASN.1 module. ASN.1 modules may be assigned OIDs to uniquely identify different versions of the ASN.1 constructs. The CSOR algorithm arc includes a sub arc for ASN.1 modules. To date, a single module has been registered to support AES project.

csorModules OBJECT IDENTIFIER ::= { nistalgorithms modules (0) }

aesModule1 OBJECT IDENTIFIER ::= { csorModules aes (1) }

Back to Top

AES Registered Objects

The following objects have been registered to support AES project.

aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 }

 

128 bit AES information object identifiers

id-aes128-ECB OBJECT IDENTIFIER ::= { aes 1 }

id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 }

id-aes128-OFB OBJECT IDENTIFIER ::= { aes 3 }

id-aes128-CFB OBJECT IDENTIFIER ::= { aes 4 }

id-aes128-CCM OBJECT IDENTIFIER ::= { aes 5 }

id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 }

 

192 bit AES information object identifiers

id-aes192-ECB OBJECT IDENTIFIER ::= { aes 21 }

id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 }

id-aes192-OFB OBJECT IDENTIFIER ::= { aes 23 }

id-aes192-CFB OBJECT IDENTIFIER ::= { aes 24 }

id-aes192-CCM OBJECT IDENTIFIER ::= { aes 25 }

id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 }

 

256 bit AES information object identifiers

id-aes256-ECB OBJECT IDENTIFIER ::= { aes 41 }

id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 }

id-aes256-OFB OBJECT IDENTIFIER ::= { aes 43 }

id-aes256-CFB OBJECT IDENTIFIER ::= { aes 44 }

id-aes256-CCM OBJECT IDENTIFIER ::= { aes 45 }

id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 }

The AES object identifiers may be used in the ASN.1 structured type Algorithm. The complete ASN.1 for these objects and any associated parameters is available in the following ASN.1 module.

Back to Top

Secure Hash Algorithms Registered Objects

The following objects have been registered to support the deployment of secure hash algorithms.

hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }

Secure Hash Algorithm object identifiers

id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }

id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }

id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }

id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }

Back to Top

DSA Registered Objects

The following objects have been registered to support the DSA signatures project. *Note: DSA with SHA-384 and SHA-512 were omitted since they were not specified in FIPS 186-3.

sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }

DSA Algorithms

id-dsa-with-sha224 ::= { sigAlgs 1 }

id-dsa-with-sha256 ::= { sigAlgs 2 }

Back to Top

Externally Assigned OIDs for NIST Algorithms

In some cases, OIDs have been assigned by external organizations for NIST-specified algorithms. Where these OIDs are widely used, NIST may choose not to assign OIDs in the CSOR arc. Widely used ASN.1 object identifiers assigned by external organizations for NIST-specified algorithms are listed here.


The following OID should be used to denote the SHA-1 hash algorithm.

id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 }

 

The following OIDs should be used where NIST hash algorithms are used for HMACs:

rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}

digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2}

id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}

id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8}

id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9}

id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10}

id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11}