--- /dev/null
+/* ASN.1 object dumping code, copyright Peter Gutmann
+ <pgut001@cs.auckland.ac.nz>, based on ASN.1 dump program by David Kemp
+ <dpkemp@missi.ncsc.mil>, with contributions from various people including
+ Matthew Hamrick <hamrick@rsa.com>, Bruno Couillard
+ <bcouillard@chrysalis-its.com>, Hallvard Furuseth
+ <h.b.furuseth@usit.uio.no>, Geoff Thorpe <geoff@raas.co.nz>, David Boyce
+ <d.boyce@isode.com>, John Hughes <john.hughes@entegrity.com>, Life is
+ hard, and then you die <ronald@trustpoint.com>, and several other people
+ whose names I've misplaced.
+
+ Available from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c.
+ Last updated 21 November 2000.
+
+ This version of dumpasn1 requires a config file dumpasn1.cfg to be present
+ in the same location as the program itself or in a standard directory
+ where binaries live (it will run without it but will display a warning
+ message, you can configure the path either by hardcoding it in or using an
+ environment variable as explained further down). The config file is
+ available from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg.
+
+ This code assumes that the input data is binary, having come from a MIME-
+ aware mailer or been piped through a decoding utility if the original
+ format used base64 encoding. Bruno Couillard has created a modified
+ version which will read raw base64-encoded data (ie without any MIME
+ encapsulation or other headers) directly, at the expense of being somewhat
+ non-portable. Alternatively, you can use utilities like uudeview (which
+ will strip virtually any kind of encoding, MIME, PEM, PGP, whatever) to
+ recover the binary original.
+
+ You can use this code in whatever way you want, as long as you don't try
+ to claim you wrote it.
+
+ Editing notes: Tabs to 4, phasers to stun */
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Useful defines */
+
+#ifndef TRUE
+ #define FALSE 0
+ #define TRUE ( !FALSE )
+#endif /* TRUE */
+
+/* SunOS 4.x doesn't define seek codes or exit codes or FILENAME_MAX (it does
+ define _POSIX_MAX_PATH, but in funny locations and to different values
+ depending on which include file you use). Some OS's also define
+ FILENAME_MAX to silly values (eg 14 bytes), so we replace it with a more
+ sensible setting if necessary */
+
+#ifndef SEEK_SET
+ #define SEEK_SET 0
+ #define SEEK_CUR 2
+#endif /* No fseek() codes defined */
+#ifndef EXIT_FAILURE
+ #define EXIT_FAILURE 1
+ #define EXIT_SUCCESS ( !EXIT_FAILURE )
+#endif /* No exit() codes defined */
+#ifndef FILENAME_MAX
+ #define FILENAME_MAX 512
+#else
+ #if FILENAME_MAX < 128
+ #undef FILENAME_MAX
+ #define FILENAME_MAX 512
+ #endif /* FILENAME_MAX < 128 */
+#endif /* FILENAME_MAX */
+
+/* Under Windows we can do special-case handling for things like BMPStrings */
+
+#if ( defined( _WINDOWS ) || defined( WIN32 ) || defined( _WIN32 ) || \
+ defined( __WIN32__ ) )
+ #define __WIN32__
+#endif /* Win32 */
+
+/* Some OS's don't define the min() macro */
+
+#ifndef min
+ #define min(a,b) ( ( a ) < ( b ) ? ( a ) : ( b ) )
+#endif /* !min */
+
+/* The level of recursion can get scary for deeply-nested structures so we
+ use a larger-than-normal stack under DOS */
+
+#ifdef __TURBOC__
+ extern unsigned _stklen = 16384;
+#endif /* __TURBOC__ */
+
+/* When we dump a nested data object encapsulated within a larger object, the
+ length is initially set to a magic value which is adjusted to the actual
+ length once we start parsing the object */
+
+#define LENGTH_MAGIC 177545L
+
+/* Tag classes */
+
+#define CLASS_MASK 0xC0 /* Bits 8 and 7 */
+#define UNIVERSAL 0x00 /* 0 = Universal (defined by ITU X.680) */
+#define APPLICATION 0x40 /* 1 = Application */
+#define CONTEXT 0x80 /* 2 = Context-specific */
+#define PRIVATE 0xC0 /* 3 = Private */
+
+/* Encoding type */
+
+#define FORM_MASK 0x20 /* Bit 6 */
+#define PRIMITIVE 0x00 /* 0 = primitive */
+#define CONSTRUCTED 0x20 /* 1 = constructed */
+
+/* Universal tags */
+
+#define TAG_MASK 0x1F /* Bits 5 - 1 */
+#define EOC 0x00 /* 0: End-of-contents octets */
+#define BOOLEAN 0x01 /* 1: Boolean */
+#define INTEGER 0x02 /* 2: Integer */
+#define BITSTRING 0x03 /* 2: Bit string */
+#define OCTETSTRING 0x04 /* 4: Byte string */
+#define NULLTAG 0x05 /* 5: NULL */
+#define OID 0x06 /* 6: Object Identifier */
+#define OBJDESCRIPTOR 0x07 /* 7: Object Descriptor */
+#define EXTERNAL 0x08 /* 8: External */
+#define REAL 0x09 /* 9: Real */
+#define ENUMERATED 0x0A /* 10: Enumerated */
+#define EMBEDDED_PDV 0x0B /* 11: Embedded Presentation Data Value */
+#define UTF8STRING 0x0C /* 12: UTF8 string */
+#define SEQUENCE 0x10 /* 16: Sequence/sequence of */
+#define SET 0x11 /* 17: Set/set of */
+#define NUMERICSTRING 0x12 /* 18: Numeric string */
+#define PRINTABLESTRING 0x13 /* 19: Printable string (ASCII subset) */
+#define T61STRING 0x14 /* 20: T61/Teletex string */
+#define VIDEOTEXSTRING 0x15 /* 21: Videotex string */
+#define IA5STRING 0x16 /* 22: IA5/ASCII string */
+#define UTCTIME 0x17 /* 23: UTC time */
+#define GENERALIZEDTIME 0x18 /* 24: Generalized time */
+#define GRAPHICSTRING 0x19 /* 25: Graphic string */
+#define VISIBLESTRING 0x1A /* 26: Visible string (ASCII subset) */
+#define GENERALSTRING 0x1B /* 27: General string */
+#define UNIVERSALSTRING 0x1C /* 28: Universal string */
+#define BMPSTRING 0x1E /* 30: Basic Multilingual Plane/Unicode string */
+
+/* Length encoding */
+
+#define LEN_XTND 0x80 /* Indefinite or long form */
+#define LEN_MASK 0x7F /* Bits 7 - 1 */
+
+/* Various special-case operations to perform on strings */
+
+typedef enum {
+ STR_NONE, /* No special handling */
+ STR_UTCTIME, /* Check it's UTCTime */
+ STR_PRINTABLE, /* Check it's a PrintableString */
+ STR_IA5, /* Check it's an IA5String */
+ STR_BMP /* Read and display string as Unicode */
+ } STR_OPTION;
+
+/* Structure to hold info on an ASN.1 item */
+
+typedef struct {
+ int id; /* Identifier */
+ int tag; /* Tag */
+ long length; /* Data length */
+ int indefinite; /* Item has indefinite length */
+ int headerSize; /* Size of tag+length */
+ unsigned char header[ 8 ]; /* Tag+length data */
+ } ASN1_ITEM;
+
+/* Config options */
+
+static int printDots = FALSE; /* Whether to print dots to align columns */
+static int doPure = FALSE; /* Print data without LHS info column */
+static int doDumpHeader = FALSE; /* Dump tag+len in hex (level = 0, 1, 2) */
+static int extraOIDinfo = FALSE; /* Print extra information about OIDs */
+static int doHexValues = FALSE; /* Display size, offset in hex not dec.*/
+static int useStdin = FALSE; /* Take input from stdin */
+static int zeroLengthAllowed = FALSE;/* Zero-length items allowed */
+static int dumpText = FALSE; /* Dump text alongside hex data */
+static int printAllData = FALSE; /* Whether to print all data in long blocks */
+static int checkEncaps = TRUE; /* Print encaps.data in BIT/OCTET STRINGs */
+
+/* Error and warning information */
+
+static int noErrors = 0; /* Number of errors found */
+static int noWarnings = 0; /* Number of warnings */
+
+/* Position in the input stream */
+
+static int fPos = 0; /* Absolute position in data */
+
+/* The output stream */
+
+static FILE *output; /* Output stream */
+
+/* Information on an ASN.1 Object Identifier */
+
+#define MAX_OID_SIZE 32
+
+typedef struct tagOIDINFO {
+ struct tagOIDINFO *next; /* Next item in list */
+ char oid[ MAX_OID_SIZE ], *comment, *description;
+ int oidLength; /* Name, rank, serial number */
+ int warn; /* Whether to warn if OID encountered */
+ } OIDINFO;
+
+static OIDINFO *oidList = NULL;
+
+/* If the config file isn't present in the current directory, we search the
+ following paths (this is needed for Unix with dumpasn1 somewhere in the
+ path, since this doesn't set up argv[0] to the full path). Anything
+ beginning with a '$' uses the appropriate environment variable */
+
+#define CONFIG_NAME "dumpasn1.cfg"
+
+static const char *configPaths[] = {
+ /* Unix absolute paths */
+ "/bin/", "/usr/bin/", "/usr/local/bin/",
+
+ /* Windoze absolute paths. Usually things are on C:, but older NT setups
+ are easier to do on D: if the initial copy is done to C: */
+ "c:\\dos\\", "d:\\dos\\", "c:\\windows\\", "d:\\windows\\",
+ "c:\\winnt\\", "d:\\winnt\\",
+
+ /* It's my program, I'm allowed to hardcode in strange paths which noone
+ else uses */
+ "$HOME/BIN/", "c:\\program files\\bin\\",
+
+ /* Unix environment-based paths */
+ "$HOME/", "$HOME/bin/",
+
+ /* General environment-based paths */
+ "$DUMPASN1_PATH/",
+
+ NULL
+ };
+
+#define isEnvTerminator( c ) \
+ ( ( ( c ) == '/' ) || ( ( c ) == '.' ) || ( ( c ) == '$' ) || \
+ ( ( c ) == '\0' ) || ( ( c ) == '~' ) )
+
+/****************************************************************************
+* *
+* Object Identification/Description Routines *
+* *
+****************************************************************************/
+
+/* Return descriptive strings for universal tags */
+
+char *idstr( const int tagID )
+ {
+ switch( tagID )
+ {
+ case EOC:
+ return( "End-of-contents octets" );
+ case BOOLEAN:
+ return( "BOOLEAN" );
+ case INTEGER:
+ return( "INTEGER" );
+ case BITSTRING:
+ return( "BIT STRING" );
+ case OCTETSTRING:
+ return( "OCTET STRING" );
+ case NULLTAG:
+ return( "NULL" );
+ case OID:
+ return( "OBJECT IDENTIFIER" );
+ case OBJDESCRIPTOR:
+ return( "ObjectDescriptor" );
+ case EXTERNAL:
+ return( "EXTERNAL" );
+ case REAL:
+ return( "REAL" );
+ case ENUMERATED:
+ return( "ENUMERATED" );
+ case EMBEDDED_PDV:
+ return( "EMBEDDED PDV" );
+ case UTF8STRING:
+ return( "UTF8String" );
+ case SEQUENCE:
+ return( "SEQUENCE" );
+ case SET:
+ return( "SET" );
+ case NUMERICSTRING:
+ return( "NumericString" );
+ case PRINTABLESTRING:
+ return( "PrintableString" );
+ case T61STRING:
+ return( "TeletexString" );
+ case VIDEOTEXSTRING:
+ return( "VideotexString" );
+ case IA5STRING:
+ return( "IA5String" );
+ case UTCTIME:
+ return( "UTCTime" );
+ case GENERALIZEDTIME:
+ return( "GeneralizedTime" );
+ case GRAPHICSTRING:
+ return( "GraphicString" );
+ case VISIBLESTRING:
+ return( "VisibleString" );
+ case GENERALSTRING:
+ return( "GeneralString" );
+ case UNIVERSALSTRING:
+ return( "UniversalString" );
+ case BMPSTRING:
+ return( "BMPString" );
+ default:
+ return( "Unknown (Reserved)" );
+ }
+ }
+
+/* Return information on an object identifier */
+
+static OIDINFO *getOIDinfo( char *oid, const int oidLength )
+ {
+ OIDINFO *oidPtr;
+
+ memset( oid + oidLength, 0, 2 );
+ for( oidPtr = oidList; oidPtr != NULL; oidPtr = oidPtr->next )
+ if( oidLength == oidPtr->oidLength - 2 && \
+ !memcmp( oidPtr->oid + 2, oid, oidLength ) )
+ return( oidPtr );
+
+ return( NULL );
+ }
+
+/* Add an OID attribute */
+
+static int addAttribute( char **buffer, char *attribute )
+ {
+ if( ( *buffer = ( char * ) malloc( strlen( attribute ) + 1 ) ) == NULL )
+ {
+ puts( "Out of memory." );
+ return( FALSE );
+ }
+ strcpy( *buffer, attribute );
+ return( TRUE );
+ }
+
+/* Table to identify valid string chars (taken from cryptlib) */
+
+#define P 1 /* PrintableString */
+#define I 2 /* IA5String */
+#define PI 3 /* IA5String and PrintableString */
+
+static int charFlags[] = {
+ /* 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* ! " # $ % & ' ( ) * + , - . / */
+ PI, I, I, I, I, I, I, PI, PI, PI, I, PI, PI, PI, PI, PI,
+ /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
+ PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, PI, I, PI,
+ /* @ A B C D E F G H I J K L M N O */
+ I, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI,
+ /* P Q R S T U V W X Y Z [ \ ] ^ _ */
+ PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, I, I, I,
+ /* ` a b c d e f g h i j k l m n o */
+ I, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI,
+ /* p q r s t u v w x y z { | } ~ DL */
+ PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, I, I, 0
+ };
+
+static int isPrintable( int ch )
+ {
+ if( ch >= 128 || !( charFlags[ ch ] & P ) )
+ return( FALSE );
+ return( TRUE );
+ }
+
+static int isIA5( int ch )
+ {
+ if( ch >= 128 || !( charFlags[ ch ] & I ) )
+ return( FALSE );
+ return( TRUE );
+ }
+
+/****************************************************************************
+* *
+* Config File Read Routines *
+* *
+****************************************************************************/
+
+/* Files coming from DOS/Windows systems may have a ^Z (the CP/M EOF char)
+ at the end, so we need to filter this out */
+
+#define CPM_EOF 0x1A /* ^Z = CPM EOF char */
+
+/* The maximum input line length */
+
+#define MAX_LINESIZE 512
+
+/* Read a line of text from the config file */
+
+static int lineNo;
+
+static int readLine( FILE *file, char *buffer )
+ {
+ int bufCount = 0, ch;
+
+ /* Skip whitespace */
+ while( ( ( ch = getc( file ) ) == ' ' || ch == '\t' ) && !feof( file ) );
+
+ /* Get a line into the buffer */
+ while( ch != '\r' && ch != '\n' && ch != CPM_EOF && !feof( file ) )
+ {
+ /* Check for an illegal char in the data. Note that we don't just
+ check for chars with high bits set because these are legal in
+ non-ASCII strings */
+ if( ( ch & 0x7F ) < ' ' )
+ {
+ printf( "Bad character '%c' in config file line %d.\n",
+ ch, lineNo );
+ return( FALSE );
+ }
+
+ /* Check to see if it's a comment line */
+ if( ch == '#' && !bufCount )
+ {
+ /* Skip comment section and trailing whitespace */
+ while( ch != '\r' && ch != '\n' && ch != CPM_EOF && !feof( file ) )
+ ch = getc( file );
+ break;
+ }
+
+ /* Make sure the line is of the correct length */
+ if( bufCount > MAX_LINESIZE )
+ {
+ printf( "Config file line %d too long.\n", lineNo );
+ return( FALSE );
+ }
+ else
+ if( ch ) /* Can happen if we read a binary file */
+ buffer[ bufCount++ ] = ch;
+
+ /* Get next character */
+ ch = getc( file );
+ }
+
+ /* If we've just passed a CR, check for a following LF */
+ if( ch == '\r' )
+ if( ( ch = getc( file ) ) != '\n' )
+ ungetc( ch, file );
+
+ /* Skip trailing whitespace and add der terminador */
+ while( bufCount > 0 &&
+ ( ( ch = buffer[ bufCount - 1 ] ) == ' ' || ch == '\t' ) )
+ bufCount--;
+ buffer[ bufCount ] = '\0';
+
+ /* Handle special-case of ^Z if file came off an MSDOS system */
+ if( ch == CPM_EOF )
+ while( !feof( file ) )
+ /* Keep going until we hit the true EOF (or some sort of error) */
+ ch = getc( file );
+
+ return( ferror( file ) ? FALSE : TRUE );
+ }
+
+/* Process an OID specified as space-separated hex digits */
+
+static int processHexOID( OIDINFO *oidInfo, char *string )
+ {
+ int value, index = 0;
+
+ while( *string && index < MAX_OID_SIZE - 1 )
+ {
+ if( sscanf( string, "%x", &value ) != 1 || value > 255 )
+ {
+ printf( "Invalid hex value in config file line %d.\n", lineNo );
+ return( FALSE );
+ }
+ oidInfo->oid[ index++ ] = value;
+ string += 2;
+ if( *string && *string++ != ' ' )
+ {
+ printf( "Invalid hex string in config file line %d.\n", lineNo );
+ return( FALSE );
+ }
+ }
+ oidInfo->oid[ index ] = 0;
+ oidInfo->oidLength = index;
+ if( index >= MAX_OID_SIZE - 1 )
+ {
+ printf( "OID value in config file line %d too long.\n", lineNo );
+ return( FALSE );
+ }
+ return( TRUE );
+ }
+
+/* Read a config file */
+
+static int readConfig( const char *path, const int isDefaultConfig )
+ {
+ OIDINFO dummyOID = { NULL, "Dummy", "Dummy", "Dummy", 1 }, *oidPtr;
+ FILE *file;
+ char buffer[ MAX_LINESIZE ];
+ int status;
+
+ /* Try and open the config file */
+ if( ( file = fopen( path, "rb" ) ) == NULL )
+ {
+ /* If we can't open the default config file, issue a warning but
+ continue anyway */
+ if( isDefaultConfig )
+ {
+ puts( "Cannot open config file 'dumpasn1.cfg', which should be in the same" );
+ puts( "directory as the dumpasn1 program. Operation will continue without" );
+ puts( "the ability to display Object Identifier information." );
+ puts( "" );
+ puts( "If the config file is located elsewhere, you can set the environment" );
+ puts( "variable DUMPASN1_CFG to the path to the file." );
+ return( TRUE );
+ }
+
+ printf( "Cannot open config file '%s'.\n", path );
+ return( FALSE );
+ }
+
+ /* Add the new config entries at the appropriate point in the OID list */
+ if( oidList == NULL )
+ oidPtr = &dummyOID;
+ else
+ for( oidPtr = oidList; oidPtr->next != NULL; oidPtr = oidPtr->next );
+
+ /* Read each line in the config file */
+ lineNo = 1;
+ while( ( status = readLine( file, buffer ) ) == TRUE && !feof( file ) )
+ {
+ /* If it's a comment line, skip it */
+ if( !*buffer )
+ {
+ lineNo++;
+ continue;
+ }
+
+ /* Check for an attribute tag */
+ if( !strncmp( buffer, "OID = ", 6 ) )
+ {
+ /* Make sure all the required attributes for the current OID are
+ present */
+ if( oidPtr->description == NULL )
+ {
+ printf( "OID ending on config file line %d has no "
+ "description attribute.\n", lineNo - 1 );
+ return( FALSE );
+ }
+
+ /* Allocate storage for the new OID */
+ if( ( oidPtr->next = ( struct tagOIDINFO * ) \
+ malloc( sizeof( OIDINFO ) ) ) == NULL )
+ {
+ puts( "Out of memory." );
+ return( FALSE );
+ }
+ oidPtr = oidPtr->next;
+ if( oidList == NULL )
+ oidList = oidPtr;
+ memset( oidPtr, 0, sizeof( OIDINFO ) );
+
+ /* Add the new OID */
+ if( !processHexOID( oidPtr, buffer + 6 ) )
+ return( FALSE );
+ }
+ else if( !strncmp( buffer, "Description = ", 14 ) )
+ {
+ if( oidPtr->description != NULL )
+ {
+ printf( "Duplicate OID description in config file line %d.\n",
+ lineNo );
+ return( FALSE );
+ }
+ if( !addAttribute( &oidPtr->description, buffer + 14 ) )
+ return( FALSE );
+ }
+ else if( !strncmp( buffer, "Comment = ", 10 ) )
+ {
+ if( oidPtr->comment != NULL )
+ {
+ printf( "Duplicate OID comment in config file line %d.\n",
+ lineNo );
+ return( FALSE );
+ }
+ if( !addAttribute( &oidPtr->comment, buffer + 10 ) )
+ return( FALSE );
+ }
+ else if( !strncmp( buffer, "Warning", 7 ) )
+ {
+ if( oidPtr->warn )
+ {
+ printf( "Duplicate OID warning in config file line %d.\n",
+ lineNo );
+ return( FALSE );
+ }
+ oidPtr->warn = TRUE;
+ }
+ else
+ {
+ printf( "Unrecognised attribute '%s', line %d.\n", buffer,
+ lineNo );
+ return( FALSE );
+ }
+
+ lineNo++;
+ }
+ fclose( file );
+
+ return( status );
+ }
+
+/* Check for the existence of a config file path */
+
+static int testConfigPath( const char *path )
+ {
+ FILE *file;
+
+ /* Try and open the config file */
+ if( ( file = fopen( path, "rb" ) ) == NULL )
+ return( FALSE );
+ fclose( file );
+
+ return( TRUE );
+ }
+
+/* Build a config path by substituting environment strings for $NAMEs */
+
+static void buildConfigPath( char *path, const char *pathTemplate )
+ {
+ char pathBuffer[ FILENAME_MAX ], newPath[ FILENAME_MAX ];
+ int pathLen, pathPos = 0, newPathPos = 0;
+
+ /* Add the config file name at the end */
+ strcpy( pathBuffer, pathTemplate );
+ strcat( pathBuffer, CONFIG_NAME );
+ pathLen = strlen( pathBuffer );
+
+ while( pathPos < pathLen )
+ {
+ char *strPtr;
+ int substringSize;
+
+ /* Find the next $ and copy the data before it to the new path */
+ if( ( strPtr = strstr( pathBuffer + pathPos, "$" ) ) != NULL )
+ substringSize = ( int ) ( ( strPtr - pathBuffer ) - pathPos );
+ else
+ substringSize = pathLen - pathPos;
+ if( substringSize > 0 )
+ memcpy( newPath + newPathPos, pathBuffer + pathPos,
+ substringSize );
+ newPathPos += substringSize;
+ pathPos += substringSize;
+
+ /* Get the environment string for the $NAME */
+ if( strPtr != NULL )
+ {
+ char envName[ MAX_LINESIZE ], *envString;
+ int i;
+
+ /* Skip the '$', find the end of the $NAME, and copy the name
+ into an internal buffer */
+ pathPos++; /* Skip the $ */
+ for( i = 0; !isEnvTerminator( pathBuffer[ pathPos + i ] ); i++ );
+ memcpy( envName, pathBuffer + pathPos, i );
+ envName[ i ] = '\0';
+
+ /* Get the env.string and copy it over */
+ if( ( envString = getenv( envName ) ) != NULL )
+ {
+ const int envStrLen = strlen( envString );
+
+ if( newPathPos + envStrLen < FILENAME_MAX - 2 )
+ {
+ memcpy( newPath + newPathPos, envString, envStrLen );
+ newPathPos += envStrLen;
+ }
+ }
+ pathPos += i;
+ }
+ }
+ newPath[ newPathPos ] = '\0'; /* Add der terminador */
+
+ /* Copy the new path to the output */
+ strcpy( path, newPath );
+ }
+
+/* Read the global config file */
+
+static int readGlobalConfig( const char *path )
+ {
+ char buffer[ FILENAME_MAX ], *namePos;
+ int i;
+
+ /* First, try and find the config file in the same directory as the
+ executable. This requires that argv[0] be set up properly, which
+ isn't the case if Unix search paths are being used, and seems to be
+ pretty broken under Windows */
+ namePos = strstr( path, "dumpasn1" );
+ if( namePos == NULL )
+ namePos = strstr( path, "DUMPASN1" );
+ if( strlen( path ) < FILENAME_MAX - 13 && namePos != NULL )
+ {
+ strcpy( buffer, path );
+ strcpy( buffer + ( int ) ( namePos - ( char * ) path ), CONFIG_NAME );
+ if( testConfigPath( buffer ) )
+ return( readConfig( buffer, TRUE ) );
+ }
+
+ /* Now try each of the possible absolute locations for the config file */
+ for( i = 0; configPaths[ i ] != NULL; i++ )
+ {
+ buildConfigPath( buffer, configPaths[ i ] );
+ if( testConfigPath( buffer ) )
+ return( readConfig( buffer, TRUE ) );
+ }
+
+ /* Default out to just the config name (which should fail as it was the
+ first entry in configPaths[]). readConfig() will display the
+ appropriate warning */
+ return( readConfig( CONFIG_NAME, TRUE ) );
+ }
+
+/****************************************************************************
+* *
+* Output/Formatting Routines *
+* *
+****************************************************************************/
+
+/* Indent a string by the appropriate amount */
+
+static void doIndent( const int level )
+ {
+ int i;
+
+ for( i = 0; i < level; i++ )
+ fprintf( output, ( printDots ) ? ". " : " " );
+ }
+
+/* Complain about an error in the ASN.1 object */
+
+static void complain( const char *message, const int level )
+ {
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 1 );
+ fprintf( output, "Error: %s.\n", message );
+ noErrors++;
+ }
+
+/* Dump data as a string of hex digits up to a maximum of 128 bytes */
+
+static void dumpHex( FILE *inFile, long length, int level, int isInteger )
+ {
+ const int lineLength = ( dumpText ) ? 8 : 16;
+ char printable[ 9 ];
+ long noBytes = length;
+ int zeroPadded = FALSE, warnPadding = FALSE, warnNegative = isInteger;
+ int maxLevel = ( doPure ) ? 15 : 8, i;
+
+ if( noBytes > 128 && !printAllData )
+ noBytes = 128; /* Only output a maximum of 128 bytes */
+ if( level > maxLevel )
+ level = maxLevel; /* Make sure we don't go off edge of screen */
+ printable[ 8 ] = printable[ 0 ] = '\0';
+ for( i = 0; i < noBytes; i++ )
+ {
+ int ch;
+
+ if( !( i % lineLength ) )
+ {
+ if( dumpText )
+ {
+ /* If we're dumping text alongside the hex data, print the
+ accumulated text string */
+ fputs( " ", output );
+ fputs( printable, output );
+ }
+ fputc( '\n', output );
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 1 );
+ }
+ ch = getc( inFile );
+ fprintf( output, "%s%02X", i % lineLength ? " " : "", ch );
+ printable[ i % 8 ] = ( ch >= ' ' && ch < 127 ) ? ch : '.';
+ fPos++;
+
+ /* If we need to check for negative values and zero padding, check
+ this now */
+ if( !i )
+ {
+ if( !ch )
+ zeroPadded = TRUE;
+ if( !( ch & 0x80 ) )
+ warnNegative = FALSE;
+ }
+ if( i == 1 && zeroPadded && ch < 0x80 )
+ warnPadding = TRUE;
+ }
+ if( dumpText )
+ {
+ /* Print any remaining text */
+ i %= lineLength;
+ printable[ i ] = '\0';
+ while( i < lineLength )
+ {
+ fprintf( output, " " );
+ i++;
+ }
+ fputs( " ", output );
+ fputs( printable, output );
+ }
+ if( length > 128 && !printAllData )
+ {
+ length -= 128;
+ fputc( '\n', output );
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 5 );
+ fprintf( output, "[ Another %ld bytes skipped ]", length );
+ if( useStdin )
+ {
+ while( length-- )
+ getc( inFile );
+ }
+ else
+ fseek( inFile, length, SEEK_CUR );
+ fPos += length;
+ }
+ fputs( "\n", output );
+
+ if( isInteger )
+ {
+ if( warnPadding )
+ complain( "Integer has non-DER encoding", level );
+ if( warnNegative )
+ complain( "Integer has a negative value", level );
+ }
+ }
+
+/* Dump a bitstring, reversing the bits into the standard order in the
+ process */
+
+static void dumpBitString( FILE *inFile, const int length, const int unused,
+ const int level )
+ {
+ unsigned int bitString = 0, currentBitMask = 0x80, remainderMask = 0xFF;
+ int bitFlag, value = 0, noBits, bitNo = -1, i;
+ char *errorStr = NULL;
+
+ if( unused < 0 || unused > 7 )
+ complain( "Invalid number of unused bits", level );
+ noBits = ( length * 8 ) - unused;
+
+ /* ASN.1 bitstrings start at bit 0, so we need to reverse the order of
+ the bits */
+ if( length )
+ {
+ bitString = fgetc( inFile );
+ fPos++;
+ }
+ for( i = noBits - 8; i > 0; i -= 8 )
+ {
+ bitString = ( bitString << 8 ) | fgetc( inFile );
+ currentBitMask <<= 8;
+ remainderMask = ( remainderMask << 8 ) | 0xFF;
+ fPos++;
+ }
+ for( i = 0, bitFlag = 1; i < noBits; i++ )
+ {
+ if( bitString & currentBitMask )
+ value |= bitFlag;
+ if( !( bitString & remainderMask ) )
+ /* The last valid bit should be a one bit */
+ errorStr = "Spurious zero bits in bitstring";
+ bitFlag <<= 1;
+ bitString <<= 1;
+ }
+ if( ( remainderMask << noBits ) & value )
+ /* There shouldn't be any bits set after the last valid one */
+ errorStr = "Spurious one bits in bitstring";
+
+ /* Now that it's in the right order, dump it. If there's only one
+ bit set (which is often the case for bit flags) we also print the
+ bit number to save users having to count the zeroes to figure out
+ which flag is set */
+ fputc( '\n', output );
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 1 );
+ fputc( '\'', output );
+ currentBitMask = 1 << ( noBits - 1 );
+ for( i = 0; i < noBits; i++ )
+ {
+ if( value & currentBitMask )
+ {
+ bitNo = ( bitNo == -1 ) ? ( noBits - 1 ) - i : -2;
+ fputc( '1', output );
+ }
+ else
+ fputc( '0', output );
+ currentBitMask >>= 1;
+ }
+ if( bitNo >= 0 )
+ fprintf( output, "'B (bit %d)\n", bitNo );
+ else
+ fputs( "'B\n", output );
+
+ if( errorStr != NULL )
+ complain( errorStr, level );
+ }
+
+/* Display data as a text string up to a maximum of 240 characters (8 lines
+ of 48 chars to match the hex limit of 8 lines of 16 bytes) with special
+ treatement for control characters and other odd things which can turn up
+ in BMPString and UniversalString types.
+
+ If the string is less than 40 chars in length, we try to print it on the
+ same line as the rest of the text (even if it wraps), otherwise we break
+ it up into 48-char chunks in a somewhat less nice text-dump format */
+
+static void displayString( FILE *inFile, long length, int level,
+ STR_OPTION strOption )
+ {
+ long noBytes = ( length > 384 ) ? 384 : length;
+ int lineLength = 48;
+ int maxLevel = ( doPure ) ? 15 : 8, firstTime = TRUE, i;
+ int warnIA5 = FALSE, warnPrintable = FALSE, warnUTC = FALSE;
+ int warnBMP = FALSE;
+
+ if( strOption == STR_UTCTIME && length != 13 )
+ warnUTC = TRUE;
+ if( length <= 40 )
+ fprintf( output, " '" ); /* Print string on same line */
+ if( level > maxLevel )
+ level = maxLevel; /* Make sure we don't go off edge of screen */
+ for( i = 0; i < noBytes; i++ )
+ {
+ int ch;
+
+ /* If the string is longer than 40 chars, break it up into multiple
+ sections */
+ if( length > 40 && !( i % lineLength ) )
+ {
+ if( !firstTime )
+ fputc( '\'', output );
+ fputc( '\n', output );
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 1 );
+ fputc( '\'', output );
+ firstTime = FALSE;
+ }
+ ch = getc( inFile );
+#ifdef __WIN32__
+ if( strOption == STR_BMP )
+ {
+ if( i == noBytes - 1 && ( noBytes & 1 ) )
+ /* Odd-length BMP string, complain */
+ warnBMP = TRUE;
+ else
+ {
+ wchar_t wCh = ( ch << 8 ) | getc( inFile );
+ unsigned char outBuf[ 8 ];
+ int outLen;
+
+ /* Attempting to display Unicode characters is pretty hit and
+ miss, and if it fails nothing is displayed. To try and
+ detect this we use wcstombs() to see if anything can be
+ displayed, if it can't we drop back to trying to display
+ the data as non-Unicode */
+ outLen = wcstombs( outBuf, &wCh, 1 );
+ if( outLen < 1 )
+ {
+ /* Can't be displayed as Unicode, fall back to
+ displaying it as normal text */
+ ungetc( wCh & 0xFF, inFile );
+ }
+ else
+ {
+ lineLength++;
+ i++; /* We've read two characters for a wchar_t */
+ wprintf( L"%c", wCh );
+ fPos += 2;
+ continue;
+ }
+ }
+ }
+#endif /* __WIN32__ */
+ if( strOption == STR_PRINTABLE || strOption == STR_IA5 )
+ {
+ if( strOption == STR_PRINTABLE && !isPrintable( ch ) )
+ warnPrintable = TRUE;
+ if( strOption == STR_IA5 && !isIA5( ch ) )
+ warnIA5 = TRUE;
+ if( ch < ' ' || ch >= 0x7F )
+ ch = '.'; /* Convert non-ASCII to placeholders */
+ }
+ else
+ if( strOption == STR_UTCTIME )
+ {
+ if( !isdigit( ch ) && ch != 'Z' )
+ {
+ warnUTC = TRUE;
+ ch = '.'; /* Convert non-numeric to placeholders */
+ }
+ }
+ else
+ if( ( ch & 0x7F ) < ' ' || ch == 0xFF )
+ ch = '.'; /* Convert control chars to placeholders */
+ fputc( ch, output );
+ fPos++;
+ }
+ if( length > 384 )
+ {
+ length -= 384;
+ fprintf( output, "'\n" );
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 5 );
+ fprintf( output, "[ Another %ld characters skipped ]", length );
+ fPos += length;
+ while( length-- )
+ {
+ int ch = getc( inFile );
+
+ if( strOption == STR_PRINTABLE && !isPrintable( ch ) )
+ warnPrintable = TRUE;
+ if( strOption == STR_IA5 && !isIA5( ch ) )
+ warnIA5 = TRUE;
+ }
+ }
+ else
+ fputc( '\'', output );
+ fputc( '\n', output );
+
+ /* Display any problems we encountered */
+ if( warnPrintable )
+ complain( "PrintableString contains illegal character(s)", level );
+ if( warnIA5 )
+ complain( "IA5String contains illegal character(s)", level );
+ if( warnUTC )
+ complain( "UTCTime is encoded incorrectly", level );
+ if( warnBMP )
+ complain( "BMPString has missing final byte/half character", level );
+ }
+
+/****************************************************************************
+* *
+* ASN.1 Parsing Routines *
+* *
+****************************************************************************/
+
+/* Get an integer value */
+
+static long getValue( FILE *inFile, const long length )
+ {
+ long value;
+ char ch;
+ int i;
+
+ ch = getc( inFile );
+ value = ch;
+ for( i = 0; i < length - 1; i++ )
+ value = ( value << 8 ) | getc( inFile );
+ fPos += length;
+
+ return( value );
+ }
+
+/* Get an ASN.1 objects tag and length */
+
+int getItem( FILE *inFile, ASN1_ITEM *item )
+ {
+ int tag, length, index = 0;
+
+ memset( item, 0, sizeof( ASN1_ITEM ) );
+ item->indefinite = FALSE;
+ tag = item->header[ index++ ] = fgetc( inFile );
+ item->id = tag & ~TAG_MASK;
+ tag &= TAG_MASK;
+ if( tag == TAG_MASK )
+ {
+ int value;
+
+ /* Long tag encoded as sequence of 7-bit values. This doesn't try to
+ handle tags > INT_MAX, it'd be pretty peculiar ASN.1 if it had to
+ use tags this large */
+ tag = 0;
+ do
+ {
+ value = fgetc( inFile );
+ tag = ( tag << 7 ) | ( value & 0x7F );
+ item->header[ index++ ] = value;
+ fPos++;
+ }
+ while( value & LEN_XTND && !feof( inFile ) );
+ }
+ item->tag = tag;
+ if( feof( inFile ) )
+ {
+ fPos++;
+ return( FALSE );
+ }
+ fPos += 2; /* Tag + length */
+ length = item->header[ index++ ] = fgetc( inFile );
+ item->headerSize = index;
+ if( length & LEN_XTND )
+ {
+ int i;
+
+ length &= LEN_MASK;
+ if( length > 4 )
+ /* Impossible length value, probably because we've run into
+ the weeds */
+ return( -1 );
+ item->headerSize += length;
+ item->length = 0;
+ if( !length )
+ item->indefinite = TRUE;
+ for( i = 0; i < length; i++ )
+ {
+ int ch = fgetc( inFile );
+
+ item->length = ( item->length << 8 ) | ch;
+ item->header[ i + index ] = ch;
+ }
+ fPos += length;
+ }
+ else
+ item->length = length;
+
+ return( TRUE );
+ }
+
+/* Check whether a BIT STRING or OCTET STRING encapsulates another object */
+
+static int checkEncapsulate( FILE *inFile, const int tag, const int length )
+ {
+ ASN1_ITEM nestedItem;
+ const int currentPos = fPos;
+ int diffPos;
+
+ /* If we're not looking for encapsulated objects, return */
+ if( !checkEncaps )
+ return( FALSE );
+
+#if 1
+ /* Read the details of the next item in the input stream */
+ getItem( inFile, &nestedItem );
+ diffPos = fPos - currentPos;
+ fPos = currentPos;
+ fseek( inFile, -diffPos, SEEK_CUR );
+
+ /* If it fits exactly within the current item and has a valid-looking
+ tag, treat it as nested data */
+ if( ( ( nestedItem.id & CLASS_MASK ) == UNIVERSAL || \
+ ( nestedItem.id & CLASS_MASK ) == CONTEXT ) && \
+ ( nestedItem.tag > 0 && nestedItem.tag <= 0x31 ) && \
+ nestedItem.length == length - diffPos )
+ return( TRUE );
+#else
+ /* Older code which used heuristics but was actually less accurate than
+ the above code */
+ int ch;
+
+ /* Get the first character and see if it's an INTEGER or SEQUENCE */
+ ch = getc( inFile );
+ ungetc( ch, inFile );
+ if( ch == INTEGER || ch == ( SEQUENCE | CONSTRUCTED ) )
+ return( TRUE );
+
+ /* All sorts of weird things get bundled up in octet strings in
+ certificate extensions */
+ if( tag == OCTETSTRING && ch == BITSTRING )
+ return( TRUE );
+
+ /* If we're looking for all sorts of things which might be encapsulated,
+ check for these as well. At the moment we only check for a small
+ number of possibilities, this list will probably change as more
+ oddities are discovered, the idea is to keep the amount of burrowing
+ we do to a minimum in order to reduce problems with false positives */
+ if( level > 1 && tag == OCTETSTRING )
+ {
+ int length;
+
+ if( ch == IA5STRING )
+ /* Verisign extensions */
+ return( TRUE );
+
+ /* For the following possibilities we have to look ahead a bit
+ further and check the length as well */
+ getc( inFile );
+ length = getc( inFile );
+ fseek( inFile, -2, SEEK_CUR );
+ if( ( ch == OID && length < 9 ) || \
+ ( ch == ENUMERATED && length == 1 ) || \
+ ( ch == GENERALIZEDTIME && length == 15 ) )
+ /* CRL per-entry extensions */
+ return( TRUE );
+ }
+#endif /* 0 */
+
+ return( FALSE );
+ }
+
+/* Check whether a zero-length item is OK */
+
+int zeroLengthOK( const ASN1_ITEM *item )
+ {
+ /* If we can't recognise the type from the tag, reject it */
+ if( ( item->id & CLASS_MASK ) != UNIVERSAL )
+ return( FALSE );
+
+ /* The following types are zero-length by definition */
+ if( item->tag == EOC || item->tag == NULLTAG )
+ return( TRUE );
+
+ /* A real with a value of zero has zero length */
+ if( item->tag == REAL )
+ return( TRUE );
+
+ /* Everything after this point requires input from the user to say that
+ zero-length data is OK (usually it's not, so we flag it as a
+ problem) */
+ if( !zeroLengthAllowed )
+ return( FALSE );
+
+ /* String types can have zero length except for the Unrestricted
+ Character String type ([UNIVERSAL 29]) which has to have at least one
+ octet for the CH-A/CH-B index */
+ if( item->tag == OCTETSTRING || item->tag == NUMERICSTRING || \
+ item->tag == PRINTABLESTRING || item->tag == T61STRING || \
+ item->tag == VIDEOTEXSTRING || item->tag == VISIBLESTRING || \
+ item->tag == IA5STRING || item->tag == GRAPHICSTRING || \
+ item->tag == GENERALSTRING || item->tag == UNIVERSALSTRING || \
+ item->tag == BMPSTRING || item->tag == UTF8STRING || \
+ item->tag == OBJDESCRIPTOR )
+ return( TRUE );
+
+ /* SEQUENCE and SET can be zero if there are absent optional/default
+ components */
+ if( item->tag == SEQUENCE || item->tag == SET )
+ return( TRUE );
+
+ return( FALSE );
+ }
+
+/* Check whether the next item looks like text */
+
+static int looksLikeText( FILE *inFile, const int length )
+ {
+ char buffer[ 16 ];
+ int sampleLength = min( length, 16 ), i;
+
+ /* If the sample size is too small, don't try anything */
+ if( sampleLength < 4 )
+ return( FALSE );
+
+ /* Check for ASCII-looking text */
+ sampleLength = fread( buffer, 1, sampleLength, inFile );
+ fseek( inFile, -sampleLength, SEEK_CUR );
+ for( i = 0; i < sampleLength; i++ )
+ {
+ if( !( i & 1 ) && !buffer[ i ] )
+ /* If even bytes are zero, it could be a BMPString */
+ continue;
+ if( buffer[ i ] < 0x20 || buffer[ i ] > 0x7E )
+ return( FALSE );
+ }
+
+ /* It looks like a text string */
+ return( TRUE);
+ }
+
+/* Dump the header bytes for an object, useful for vgrepping the original
+ object from a hex dump */
+
+static void dumpHeader( FILE *inFile, const ASN1_ITEM *item )
+ {
+ int extraLen = 24 - item->headerSize, i;
+
+ /* Dump the tag and length bytes */
+ if( !doPure )
+ fprintf( output, " " );
+ fprintf( output, "<%02X", *item->header );
+ for( i = 1; i < item->headerSize; i++ )
+ fprintf( output, " %02X", item->header[ i ] );
+
+ /* If we're asked for more, dump enough extra data to make up 24 bytes.
+ This is somewhat ugly since it assumes we can seek backwards over the
+ data, which means it won't always work on streams */
+ if( extraLen > 0 && doDumpHeader > 1 )
+ {
+ /* Make sure we don't print too much data. This doesn't work for
+ indefinite-length data, we don't try and guess the length with
+ this since it involves picking apart what we're printing */
+ if( extraLen > item->length && !item->indefinite )
+ extraLen = ( int ) item->length;
+
+ for( i = 0; i < extraLen; i++ )
+ {
+ int ch = fgetc( inFile );
+
+ if( feof( inFile ) )
+ extraLen = i; /* Exit loop and get fseek() correct */
+ else
+ fprintf( output, " %02X", ch );
+ }
+ fseek( inFile, -extraLen, SEEK_CUR );
+ }
+
+ fputs( ">\n", output );
+ }
+
+/* Print a constructed ASN.1 object */
+
+int printAsn1( FILE *inFile, const int level, long length, const int isIndefinite );
+
+static void printConstructed( FILE *inFile, int level, const ASN1_ITEM *item )
+ {
+ int result;
+
+ /* Special case for zero-length objects */
+ if( !item->length && !item->indefinite )
+ {
+ fputs( " {}\n", output );
+ return;
+ }
+
+ fputs( " {\n", output );
+ result = printAsn1( inFile, level + 1, item->length, item->indefinite );
+ if( result )
+ {
+ fprintf( output, "Error: Inconsistent object length, %d byte%s "
+ "difference.\n", result, ( result > 1 ) ? "s" : "" );
+ noErrors++;
+ }
+ if( !doPure )
+ fprintf( output, " : " );
+ fprintf( output, ( printDots ) ? ". " : " " );
+ doIndent( level );
+ fputs( "}\n", output );
+ }
+
+/* Print a single ASN.1 object */
+
+void printASN1object( FILE *inFile, ASN1_ITEM *item, int level )
+ {
+ OIDINFO *oidInfo;
+ char buffer[ MAX_OID_SIZE ];
+ long value;
+ int x, y;
+
+ if( ( item->id & CLASS_MASK ) != UNIVERSAL )
+ {
+ static const char *const classtext[] =
+ { "UNIVERSAL ", "APPLICATION ", "", "PRIVATE " };
+
+ /* Print the object type */
+ fprintf( output, "[%s%d]",
+ classtext[ ( item->id & CLASS_MASK ) >> 6 ], item->tag );
+
+ /* Perform a sanity check */
+ if( ( item->tag != NULLTAG ) && ( item->length < 0 ) )
+ {
+ int i;
+
+ fprintf( stderr, "\nError: Object has bad length field, tag = %02X, "
+ "length = %lX, value =", item->tag, item->length );
+ fprintf( stderr, "<%02X", *item->header );
+ for( i = 1; i < item->headerSize; i++ )
+ fprintf( stderr, " %02X", item->header[ i ] );
+ fputs( ">.\n", stderr );
+ exit( EXIT_FAILURE );
+ }
+
+ if( !item->length && !item->indefinite )
+ {
+ fputc( '\n', output );
+ complain( "Object has zero length", level );
+ return;
+ }
+
+ /* If it's constructed, print the various fields in it */
+ if( ( item->id & FORM_MASK ) == CONSTRUCTED )
+ {
+ printConstructed( inFile, level, item );
+ return;
+ }
+
+ /* It's primitive, if it's a seekable stream try and determine
+ whether it's text so we can display it as such */
+ if( !useStdin && looksLikeText( inFile, item->length ) )
+ {
+ /* It looks like a text string, dump it as text */
+ displayString( inFile, item->length, level, STR_NONE );
+ return;
+ }
+
+ /* This could be anything, dump it as hex data */
+ dumpHex( inFile, item->length, level, FALSE );
+
+ return;
+ }
+
+ /* Print the object type */
+ fprintf( output, "%s", idstr( item->tag ) );
+
+ /* Perform a sanity check */
+ if( ( item->tag != NULLTAG ) && ( item->length < 0 ) )
+ {
+ int i;
+
+ fprintf( stderr, "\nError: Object has bad length field, tag = %02X, "
+ "length = %lX, value =", item->tag, item->length );
+ fprintf( stderr, "<%02X", *item->header );
+ for( i = 1; i < item->headerSize; i++ )
+ fprintf( stderr, " %02X", item->header[ i ] );
+ fputs( ">.\n", stderr );
+ exit( EXIT_FAILURE );
+ }
+
+ /* If it's constructed, print the various fields in it */
+ if( ( item->id & FORM_MASK ) == CONSTRUCTED )
+ {
+ printConstructed( inFile, level, item );
+ return;
+ }
+
+ /* It's primitive */
+ if( !item->length && !zeroLengthOK( item ) )
+ {
+ fputc( '\n', output );
+ complain( "Object has zero length", level );
+ return;
+ }
+ switch( item->tag )
+ {
+ case BOOLEAN:
+ x = getc( inFile );
+ fprintf( output, " %s\n", x ? "TRUE" : "FALSE" );
+ if( x != 0 && x != 0xFF )
+ complain( "BOOLEAN has non-DER encoding", level );
+ fPos++;
+ break;
+
+ case INTEGER:
+ case ENUMERATED:
+ if( item->length > 4 )
+ dumpHex( inFile, item->length, level, TRUE );
+ else
+ {
+ value = getValue( inFile, item->length );
+ fprintf( output, " %ld\n", value );
+ if( value < 0 )
+ complain( "Integer has a negative value", level );
+ }
+ break;
+
+ case BITSTRING:
+ fprintf( output, " %d unused bits", x = getc( inFile ) );
+ fPos++;
+ if( !--item->length && !x )
+ {
+ fputc( '\n', output );
+ complain( "Object has zero length", level );
+ return;
+ }
+ if( item->length <= sizeof( int ) )
+ {
+ /* It's short enough to be a bit flag, dump it as a sequence
+ of bits */
+ dumpBitString( inFile, ( int ) item->length, x, level );
+ break;
+ }
+ case OCTETSTRING:
+ if( checkEncapsulate( inFile, item->tag, item->length ) )
+ {
+ /* It's something encapsulated inside the string, print it as
+ a constructed item */
+ fprintf( output, ", encapsulates" );
+ printConstructed( inFile, level + 1, item );
+ break;
+ }
+ if( !useStdin && !dumpText && \
+ looksLikeText( inFile, item->length ) )
+ {
+ /* If we'd be doing a straight hex dump and it looks like
+ encapsulated text, display it as such */
+ displayString( inFile, item->length, level, STR_NONE );
+ return;
+ }
+ dumpHex( inFile, item->length, level, FALSE );
+ break;
+
+ case OID:
+ /* Hierarchical Object Identifier: The first two levels are
+ encoded into one byte, since the root level has only 3 nodes
+ (40*x + y). However if x = joint-iso-itu-t(2) then y may be
+ > 39, so we have to add special-case handling for this */
+ if( item->length > MAX_OID_SIZE )
+ {
+ fprintf( stderr, "\nError: Object identifier length %ld too "
+ "large.\n", item->length );
+ exit( EXIT_FAILURE );
+ }
+ fread( buffer, 1, ( size_t ) item->length, inFile );
+ fPos += item->length;
+ if( ( oidInfo = getOIDinfo( buffer, ( int ) item->length ) ) != NULL )
+ {
+ int lhsSize = ( doPure ) ? 0 : 14;
+
+ /* Check if LHS status info + indent + "OID " string + oid
+ name will wrap */
+ if( lhsSize + ( level * 2 ) + 18 + strlen( oidInfo->description ) >= 80 )
+ {
+ fputc( '\n', output );
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 1 );
+ }
+ else
+ fputc( ' ', output );
+ fprintf( output, "%s\n", oidInfo->description );
+
+ /* Display extra comments about the OID if required */
+ if( extraOIDinfo && oidInfo->comment != NULL )
+ {
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 1 );
+ fprintf( output, "(%s)\n", oidInfo->comment );
+ }
+
+ /* If there's a warning associated with this OID, remember
+ that there was a problem */
+ if( oidInfo->warn )
+ noWarnings++;
+
+ break;
+ }
+
+ /* Pick apart the OID */
+ x = ( unsigned char ) buffer[ 0 ] / 40;
+ y = ( unsigned char ) buffer[ 0 ] % 40;
+ if( x > 2 )
+ {
+ /* Handle special case for large y if x = 2 */
+ y += ( x - 2 ) * 40;
+ x = 2;
+ }
+ fprintf( output, " '%d %d", x, y );
+ value = 0;
+ for( x = 1; x < item->length; x++ )
+ {
+ value = ( value << 7 ) | ( buffer[ x ] & 0x7F );
+ if( !( buffer[ x ] & 0x80 ) )
+ {
+ fprintf( output, " %ld", value );
+ value = 0;
+ }
+ }
+ fprintf( output, "'\n" );
+ break;
+
+ case EOC:
+ case NULLTAG:
+ fputc( '\n', output );
+ break;
+
+ case OBJDESCRIPTOR:
+ case GENERALIZEDTIME:
+ case GRAPHICSTRING:
+ case VISIBLESTRING:
+ case GENERALSTRING:
+ case UNIVERSALSTRING:
+ case NUMERICSTRING:
+ case T61STRING:
+ case VIDEOTEXSTRING:
+ case UTF8STRING:
+ displayString( inFile, item->length, level, STR_NONE );
+ break;
+ case PRINTABLESTRING:
+ displayString( inFile, item->length, level, STR_PRINTABLE );
+ break;
+ case BMPSTRING:
+ displayString( inFile, item->length, level, STR_BMP );
+ break;
+ case UTCTIME:
+ displayString( inFile, item->length, level, STR_UTCTIME );
+ break;
+ case IA5STRING:
+ displayString( inFile, item->length, level, STR_IA5 );
+ break;
+
+ default:
+ fputc( '\n', output );
+ if( !doPure )
+ fprintf( output, " : " );
+ doIndent( level + 1 );
+ fprintf( output, "Unrecognised primitive, hex value is:");
+ dumpHex( inFile, item->length, level, FALSE );
+ noErrors++; /* Treat it as an error */
+ }
+ }
+
+/* Print a complex ASN.1 object */
+
+int printAsn1( FILE *inFile, const int level, long length,
+ const int isIndefinite )
+ {
+ ASN1_ITEM item;
+ long lastPos = fPos;
+ int seenEOC = FALSE, status;
+
+ /* Special-case for zero-length objects */
+ if( !length && !isIndefinite )
+ return( 0 );
+
+ while( ( status = getItem( inFile, &item ) ) > 0 )
+ {
+ /* If the length isn't known and the item has a definite length, set
+ the length to the items length */
+ if( length == LENGTH_MAGIC && !item.indefinite )
+ length = item.headerSize + item.length;
+
+ /* Dump the header as hex data if requested */
+ if( doDumpHeader )
+ dumpHeader( inFile, &item );
+
+ /* Print offset into buffer, tag, and length */
+ if( !doPure )
+ if( item.indefinite )
+ fprintf( output, ( doHexValues ) ? "%04lX %02X NDEF: " :
+ "%4ld %02X NDEF: ", lastPos, item.id | item.tag );
+ else
+ if( ( item.id | item.tag ) == EOC )
+ seenEOC = TRUE;
+ else
+ fprintf( output, ( doHexValues ) ? "%04lX %02X %4lX: " :
+ "%4ld %02X %4ld: ", lastPos, item.id | item.tag,
+ item.length );
+
+ /* Print details on the item */
+ if( !seenEOC )
+ {
+ doIndent( level );
+ printASN1object( inFile, &item, level );
+ }
+
+ /* If it was an indefinite-length object (no length was ever set) and
+ we've come back to the top level, exit */
+ if( length == LENGTH_MAGIC )
+ return( 0 );
+
+ length -= fPos - lastPos;
+ lastPos = fPos;
+ if( isIndefinite )
+ {
+ if( seenEOC )
+ return( 0 );
+ }
+ else
+ if( length <= 0 )
+ {
+ if( length < 0 )
+ return( ( int ) -length );
+ return( 0 );
+ }
+ else
+ if( length == 1 )
+ {
+ const int ch = fgetc( inFile );
+
+ /* No object can be one byte long, try and recover. This
+ only works sometimes because it can be caused by
+ spurious data in an OCTET STRING hole or an incorrect
+ length encoding. The following workaround tries to
+ recover from spurious data by skipping the byte if
+ it's zero or a non-basic-ASN.1 tag, but keeping it if
+ it could be valid ASN.1 */
+ if( ch && ch <= 0x31 )
+ ungetc( ch, inFile );
+ else
+ {
+ fPos++;
+ return( 1 );
+ }
+ }
+ }
+ if( status == -1 )
+ {
+ fprintf( stderr, "\nError: Invalid data encountered at position "
+ "%d.\n", fPos );
+ exit( EXIT_FAILURE );
+ }
+
+ /* If we see an EOF and there's supposed to be more data present,
+ complain */
+ if( length && length != LENGTH_MAGIC )
+ {
+ fprintf( output, "Error: Inconsistent object length, %ld byte%s "
+ "difference.\n", length, ( length > 1 ) ? "s" : "" );
+ noErrors++;
+ }
+ return( 0 );
+ }
+
+/* Show usage and exit */
+
+void usageExit( void )
+ {
+ puts( "DumpASN1 - ASN.1 object dump/syntax check program." );
+ puts( "Copyright Peter Gutmann 1997 - 2000. Last updated 21 November 2000." );
+ puts( "" );
+ puts( "Usage: dumpasn1 [-acdefhlpsxz] <file>" );
+ puts( " - = Take input from stdin (some options may not work properly)" );
+ puts( " -<number> = Start <number> bytes into the file" );
+ puts( " -- = End of arg list" );
+ puts( " -a = Print all data in long data blocks, not just the first 128 bytes" );
+ puts( " -c<file> = Read Object Identifier info from alternate config file" );
+ puts( " (values will override equivalents in global config file)" );
+ puts( " -d = Print dots to show column alignment" );
+ puts( " -e = Don't print encapsulated data inside OCTET/BIT STRINGs" );
+ puts( " -f<file> = Dump object at offset -<number> to file (allows data to be" );
+ puts( " extracted from encapsulating objects)" );
+ puts( " -h = Hex dump object header (tag+length) before the decoded output" );
+ puts( " -hh = Same as -h but display more of the object as hex data" );
+ puts( " -l = Long format, display extra info about Object Identifiers" );
+ puts( " -p = Pure ASN.1 output without encoding information" );
+ puts( " -s = Syntax check only, don't dump ASN.1 structures" );
+ puts( " -t = Display text values next to hex dump of data" );
+ puts( " -x = Display size and offset in hex not decimal" );
+ puts( " -z = Allow zero-length items" );
+ puts( "" );
+ puts( "Warnings generated by deprecated OIDs require the use of '-l' to be displayed." );
+ puts( "Program return code is the number of errors found or EXIT_SUCCESS." );
+ exit( EXIT_FAILURE );
+ }
+
+int main( int argc, char *argv[] )
+ {
+ FILE *inFile, *outFile = NULL;
+ char *pathPtr = argv[ 0 ];
+ long offset = 0;
+ int moreArgs = TRUE, doCheckOnly = FALSE;
+
+ /* Skip the program name */
+ argv++; argc--;
+
+ /* Display usage if no args given */
+ if( argc < 1 )
+ usageExit();
+ output = stdout; /* Needs to be assigned at runtime */
+
+ /* Check for arguments */
+ while( argc && *argv[ 0 ] == '-' && moreArgs )
+ {
+ char *argPtr = argv[ 0 ] + 1;
+
+ if( !*argPtr )
+ useStdin = TRUE;
+ while( *argPtr )
+ {
+ if( isdigit( *argPtr ) )
+ {
+ offset = atol( argPtr );
+ break;
+ }
+ switch( toupper( *argPtr ) )
+ {
+ case '-':
+ moreArgs = FALSE; /* GNU-style end-of-args flag */
+ break;
+
+ case 'A':
+ printAllData = TRUE;
+ break;
+
+ case 'C':
+ if( !readConfig( argPtr + 1, FALSE ) )
+ exit( EXIT_FAILURE );
+ while( argPtr[ 1 ] )
+ argPtr++; /* Skip rest of arg */
+ break;
+
+ case 'D':
+ printDots = TRUE;
+ break;
+
+ case 'E':
+ checkEncaps = FALSE;
+ break;
+
+ case 'F':
+ if( ( outFile = fopen( argPtr + 1, "wb" ) ) == NULL )
+ {
+ perror( argPtr + 1 );
+ exit( EXIT_FAILURE );
+ }
+ while( argPtr[ 1 ] )
+ argPtr++; /* Skip rest of arg */
+ break;
+
+ case 'L':
+ extraOIDinfo = TRUE;
+ break;
+
+ case 'H':
+ doDumpHeader++;
+ break;
+
+ case 'P':
+ doPure = TRUE;
+ break;
+
+ case 'S':
+ doCheckOnly = TRUE;
+#ifdef __WIN32__
+ /* Under Windows we can't fclose( stdout ) because the
+ VC++ runtime reassigns the stdout handle to the next
+ open file (which is valid) but then scribbles stdout
+ garbage all over it for files larger than about 16K
+ (which isn't), so we have to make sure that the
+ stdout is handle pointed to something somewhere */
+ freopen( "nul", "w", stdout );
+#else
+ /* If we know we're running under Unix we can also
+ freopen( "/dev/null", "w", stdout ); */
+ fclose( stdout );
+#endif /* __WIN32__ */
+ break;
+
+ case 'T':
+ dumpText = TRUE;
+ break;
+
+ case 'X':
+ doHexValues = TRUE;
+ break;
+
+ case 'Z':
+ zeroLengthAllowed = TRUE;
+ break;
+
+ default:
+ printf( "Unknown argument '%c'.\n", *argPtr );
+ return( EXIT_SUCCESS );
+ }
+ argPtr++;
+ }
+ argv++;
+ argc--;
+ }
+
+ /* We can't use options which perform an fseek() if reading from stdin */
+ if( useStdin && ( doDumpHeader || outFile != NULL ) )
+ {
+ puts( "Can't use -f or -h when taking input from stdin" );
+ exit( EXIT_FAILURE );
+ }
+
+ /* Check args and read the config file. We don't bother weeding out
+ dups during the read because (a) the linear search would make the
+ process n^2, (b) during the dump process the search will terminate on
+ the first match so dups aren't that serious, and (c) there should be
+ very few dups present */
+ if( argc != 1 && !useStdin )
+ usageExit();
+ if( !readGlobalConfig( pathPtr ) )
+ exit( EXIT_FAILURE );
+
+ /* Dump the given file */
+ if( useStdin )
+ inFile = stdin;
+ else
+ if( ( inFile = fopen( argv[ 0 ], "rb" ) ) == NULL )
+ {
+ perror( argv[ 0 ] );
+ exit( EXIT_FAILURE );
+ }
+ if( useStdin )
+ {
+ while( offset-- )
+ getc( inFile );
+ }
+ else
+ fseek( inFile, offset, SEEK_SET );
+ if( outFile != NULL )
+ {
+ ASN1_ITEM item;
+ long length;
+ int i, status;
+
+ /* Make sure there's something there, and that it has a definite
+ length */
+ status = getItem( inFile, &item );
+ if( status == -1 )
+ {
+ puts( "Non-ASN.1 data encountered." );
+ exit( EXIT_FAILURE );
+ }
+ if( status == 0 )
+ {
+ puts( "Nothing to read." );
+ exit( EXIT_FAILURE );
+ }
+ if( item.indefinite )
+ {
+ puts( "Cannot process indefinite-length item." );
+ exit( EXIT_FAILURE );
+ }
+
+ /* Copy the item across, first the header and then the data */
+ for( i = 0; i < item.headerSize; i++ )
+ putc( item.header[ i ], outFile );
+ for( length = 0; length < item.length && !feof( inFile ); length++ )
+ putc( getc( inFile ), outFile );
+ fclose( outFile );
+
+ fseek( inFile, offset, SEEK_SET );
+ }
+ printAsn1( inFile, 0, LENGTH_MAGIC, 0 );
+ fclose( inFile );
+
+ /* Print a summary of warnings/errors if it's required or appropriate */
+ if( !doPure )
+ {
+ if( !doCheckOnly )
+ fputc( '\n', stderr );
+ fprintf( stderr, "%d warning%s, %d error%s.\n", noWarnings,
+ ( noWarnings != 1 ) ? "s" : "", noErrors,
+ ( noErrors != 1 ) ? "s" : "" );
+ }
+
+ return( ( noErrors ) ? noErrors : EXIT_SUCCESS );
+ }
--- /dev/null
+# dumpasn1 Object Identifier configuration file, available from
+# http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. This is read by
+# dumpasn1.c and is used to display information on Object Identifiers found in
+# ASN.1 objects. This is merely a list of things which you might conceivably
+# find in use somewhere, and should in no way be taken as a guide to which OIDs
+# to use - many of these will never been seen in the wild, or should be shot on
+# sight if encountered.
+#
+# The format of this file is as follows:
+#
+# - All blank lines and lines beginning with a '#' are ignored.
+# - OIDs are described by a set of attributes, of which at least the 'OID' and
+# 'Description' must be present. Optional attributes are a 'Comment' and a
+# 'Warning' (to indicate that dumpasn1 will display a warning if this OID is
+# encountered).
+# - Attributes are listed one per line. The first attribute should be an 'OID'
+# attribute since this is used to denote the start of a new OID description.
+# The other attributes may be given in any order.
+#
+# See the rest of this file for examples of what an OID description should look
+# like.
+
+# Deutsche Telekom/Telesec
+
+OID = 06 05 02 82 06 01 0A
+Comment = Deutsche Telekom
+Description = Telesec (0 2 262 1 10)
+
+OID = 06 06 02 82 06 01 0A 00
+Comment = Telesec
+Description = extension (0 2 262 1 10 0)
+
+OID = 06 06 02 82 06 01 0A 01
+Comment = Telesec
+Description = mechanism (0 2 262 1 10 1)
+
+OID = 06 07 02 82 06 01 0A 01 00
+Comment = Telesec mechanism
+Description = authentication (0 2 262 1 10 1 0)
+
+OID = 06 08 02 82 06 01 0A 01 00 01
+Comment = Telesec authentication
+Description = passwordAuthentication (0 2 262 1 10 1 0 1)
+
+OID = 06 08 02 82 06 01 0A 01 00 02
+Comment = Telesec authentication
+Description = protectedPasswordAuthentication (0 2 262 1 10 1 0 2)
+
+OID = 06 08 02 82 06 01 0A 01 00 03
+Comment = Telesec authentication
+Description = oneWayX509Authentication (0 2 262 1 10 1 0 3)
+
+OID = 06 08 02 82 06 01 0A 01 00 04
+Comment = Telesec authentication
+Description = twoWayX509Authentication (0 2 262 1 10 1 0 4)
+
+OID = 06 08 02 82 06 01 0A 01 00 05
+Comment = Telesec authentication
+Description = threeWayX509Authentication (0 2 262 1 10 1 0 5)
+
+OID = 06 08 02 82 06 01 0A 01 00 06
+Comment = Telesec authentication
+Description = oneWayISO9798Authentication (0 2 262 1 10 1 0 6)
+
+OID = 06 08 02 82 06 01 0A 01 00 07
+Comment = Telesec authentication
+Description = twoWayISO9798Authentication (0 2 262 1 10 1 0 7)
+
+OID = 06 08 02 82 06 01 0A 01 00 08
+Comment = Telesec authentication
+Description = telekomAuthentication (0 2 262 1 10 1 0 8)
+
+OID = 06 07 02 82 06 01 0A 01 01
+Comment = Telesec mechanism
+Description = signature (0 2 262 1 10 1 1)
+
+OID = 06 08 02 82 06 01 0A 01 01 01
+Comment = Telesec mechanism
+Description = md4WithRSAAndISO9697 (0 2 262 1 10 1 1 1)
+
+OID = 06 08 02 82 06 01 0A 01 01 02
+Comment = Telesec mechanism
+Description = md4WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 2)
+
+OID = 06 08 02 82 06 01 0A 01 01 03
+Comment = Telesec mechanism
+Description = md5WithRSAAndISO9697 (0 2 262 1 10 1 1 3)
+
+OID = 06 08 02 82 06 01 0A 01 01 04
+Comment = Telesec mechanism
+Description = md5WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 4)
+
+# PKCS #1 signature with RIPEMD-160
+OID = 06 08 02 82 06 01 0A 01 01 05
+Comment = Telesec mechanism
+Description = ripemd160WithRSAAndTelekomSignatureStandard (0 2 262 1 10 1 1 5)
+
+# RIPEMD-160 with raw RSA (ie no padding, just 160 bytes encrypted) signature
+OID = 06 08 02 82 06 01 0A 01 01 09
+Comment = Telesec signature
+Description = hbciRsaSignature (0 2 262 1 10 1 1 9)
+
+OID = 06 07 02 82 06 01 0A 01 02
+Comment = Telesec mechanism
+Description = encryption (0 2 262 1 10 1 2)
+
+# Specially recommended by the NSA for German use
+OID = 06 08 02 82 06 01 0A 01 02 00
+Comment = Telesec encryption
+Description = none (0 2 262 1 10 1 2 0)
+
+OID = 06 08 02 82 06 01 0A 01 02 01
+Comment = Telesec encryption
+Description = rsaTelesec (0 2 262 1 10 1 2 1)
+
+OID = 06 08 02 82 06 01 0A 01 02 02
+Comment = Telesec encryption
+Description = des (0 2 262 1 10 1 2 2)
+
+OID = 06 09 02 82 06 01 0A 01 02 02 01
+Comment = Telesec encryption
+Description = desECB (0 2 262 1 10 1 2 2 1)
+
+OID = 06 09 02 82 06 01 0A 01 02 02 02
+Comment = Telesec encryption
+Description = desCBC (0 2 262 1 10 1 2 2 2)
+
+OID = 06 09 02 82 06 01 0A 01 02 02 03
+Comment = Telesec encryption
+Description = desOFB (0 2 262 1 10 1 2 2 3)
+
+OID = 06 09 02 82 06 01 0A 01 02 02 04
+Comment = Telesec encryption
+Description = desCFB8 (0 2 262 1 10 1 2 2 4)
+
+OID = 06 09 02 82 06 01 0A 01 02 02 05
+Comment = Telesec encryption
+Description = desCFB64 (0 2 262 1 10 1 2 2 5)
+
+OID = 06 08 02 82 06 01 0A 01 02 03
+Comment = Telesec encryption
+Description = des3 (0 2 262 1 10 1 2 3)
+
+OID = 06 09 02 82 06 01 0A 01 02 03 01
+Comment = Telesec encryption
+Description = des3ECB (0 2 262 1 10 1 2 3 1)
+
+OID = 06 09 02 82 06 01 0A 01 02 03 02
+Comment = Telesec encryption
+Description = des3CBC (0 2 262 1 10 1 2 3 2)
+
+OID = 06 09 02 82 06 01 0A 01 02 03 03
+Comment = Telesec encryption
+Description = des3OFB (0 2 262 1 10 1 2 3 3)
+
+OID = 06 09 02 82 06 01 0A 01 02 03 04
+Comment = Telesec encryption
+Description = des3CFB8 (0 2 262 1 10 1 2 3 4)
+
+OID = 06 09 02 82 06 01 0A 01 02 03 05
+Comment = Telesec encryption
+Description = des3CFB64 (0 2 262 1 10 1 2 3 5)
+
+OID = 06 08 02 82 06 01 0A 01 02 04
+Comment = Telesec encryption
+Description = magenta (0 2 262 1 10 1 2 4)
+
+OID = 06 08 02 82 06 01 0A 01 02 05
+Comment = Telesec encryption
+Description = idea (0 2 262 1 10 1 2 5)
+
+OID = 06 09 02 82 06 01 0A 01 02 05 01
+Comment = Telesec encryption
+Description = ideaECB (0 2 262 1 10 1 2 5 1)
+
+OID = 06 09 02 82 06 01 0A 01 02 05 02
+Comment = Telesec encryption
+Description = ideaCBC (0 2 262 1 10 1 2 5 2)
+
+OID = 06 09 02 82 06 01 0A 01 02 05 03
+Comment = Telesec encryption
+Description = ideaOFB (0 2 262 1 10 1 2 5 3)
+
+OID = 06 09 02 82 06 01 0A 01 02 05 04
+Comment = Telesec encryption
+Description = ideaCFB8 (0 2 262 1 10 1 2 5 4)
+
+OID = 06 09 02 82 06 01 0A 01 02 05 05
+Comment = Telesec encryption
+Description = ideaCFB64 (0 2 262 1 10 1 2 5 5)
+
+OID = 06 07 02 82 06 01 0A 01 03
+Comment = Telesec mechanism
+Description = oneWayFunction (0 2 262 1 10 1 3)
+
+OID = 06 08 02 82 06 01 0A 01 03 01
+Comment = Telesec one-way function
+Description = md4 (0 2 262 1 10 1 3 1)
+
+OID = 06 08 02 82 06 01 0A 01 03 02
+Comment = Telesec one-way function
+Description = md5 (0 2 262 1 10 1 3 2)
+
+OID = 06 08 02 82 06 01 0A 01 03 03
+Comment = Telesec one-way function
+Description = sqModNX509 (0 2 262 1 10 1 3 3)
+
+OID = 06 08 02 82 06 01 0A 01 03 04
+Comment = Telesec one-way function
+Description = sqModNISO (0 2 262 1 10 1 3 4)
+
+OID = 06 08 02 82 06 01 0A 01 03 05
+Comment = Telesec one-way function
+Description = ripemd128 (0 2 262 1 10 1 3 5)
+
+OID = 06 08 02 82 06 01 0A 01 03 06
+Comment = Telesec one-way function
+Description = hashUsingBlockCipher (0 2 262 1 10 1 3 6)
+
+OID = 06 08 02 82 06 01 0A 01 03 07
+Comment = Telesec one-way function
+Description = mac (0 2 262 1 10 1 3 7)
+
+OID = 06 08 02 82 06 01 0A 01 03 08
+Comment = Telesec one-way function
+Description = ripemd160 (0 2 262 1 10 1 3 8)
+
+OID = 06 07 02 82 06 01 0A 01 04
+Comment = Telesec mechanism
+Description = fecFunction (0 2 262 1 10 1 4)
+
+OID = 06 08 02 82 06 01 0A 01 04 01
+Comment = Telesec mechanism
+Description = reedSolomon (0 2 262 1 10 1 4 1)
+
+OID = 06 06 02 82 06 01 0A 02
+Comment = Telesec
+Description = module (0 2 262 1 10 2)
+
+OID = 06 07 02 82 06 01 0A 02 00
+Comment = Telesec module
+Description = algorithms (0 2 262 1 10 2 0)
+
+OID = 06 07 02 82 06 01 0A 02 01
+Comment = Telesec module
+Description = attributeTypes (0 2 262 1 10 2 1)
+
+OID = 06 07 02 82 06 01 0A 02 02
+Comment = Telesec module
+Description = certificateTypes (0 2 262 1 10 2 2)
+
+OID = 06 07 02 82 06 01 0A 02 03
+Comment = Telesec module
+Description = messageTypes (0 2 262 1 10 2 3)
+
+OID = 06 07 02 82 06 01 0A 02 04
+Comment = Telesec module
+Description = plProtocol (0 2 262 1 10 2 4)
+
+OID = 06 07 02 82 06 01 0A 02 05
+Comment = Telesec module
+Description = smeAndComponentsOfSme (0 2 262 1 10 2 5)
+
+OID = 06 07 02 82 06 01 0A 02 06
+Comment = Telesec module
+Description = fec (0 2 262 1 10 2 6)
+
+OID = 06 07 02 82 06 01 0A 02 07
+Comment = Telesec module
+Description = usefulDefinitions (0 2 262 1 10 2 7)
+
+OID = 06 07 02 82 06 01 0A 02 08
+Comment = Telesec module
+Description = stefiles (0 2 262 1 10 2 8)
+
+OID = 06 07 02 82 06 01 0A 02 09
+Comment = Telesec module
+Description = sadmib (0 2 262 1 10 2 9)
+
+OID = 06 07 02 82 06 01 0A 02 0A
+Comment = Telesec module
+Description = electronicOrder (0 2 262 1 10 2 10)
+
+OID = 06 07 02 82 06 01 0A 02 0B
+Comment = Telesec module
+Description = telesecTtpAsymmetricApplication (0 2 262 1 10 2 11)
+
+OID = 06 07 02 82 06 01 0A 02 0C
+Comment = Telesec module
+Description = telesecTtpBasisApplication (0 2 262 1 10 2 12)
+
+OID = 06 07 02 82 06 01 0A 02 0D
+Comment = Telesec module
+Description = telesecTtpMessages (0 2 262 1 10 2 13)
+
+OID = 06 07 02 82 06 01 0A 02 0E
+Comment = Telesec module
+Description = telesecTtpTimeStampApplication (0 2 262 1 10 2 14)
+
+OID = 06 06 02 82 06 01 0A 03
+Comment = Telesec
+Description = objectClass (0 2 262 1 10 3)
+
+OID = 06 07 02 82 06 01 0A 03 00
+Comment = Telesec object class
+Description = telesecOtherName (0 2 262 1 10 3 0)
+
+OID = 06 07 02 82 06 01 0A 03 01
+Comment = Telesec object class
+Description = directory (0 2 262 1 10 3 1)
+
+OID = 06 07 02 82 06 01 0A 03 02
+Comment = Telesec object class
+Description = directoryType (0 2 262 1 10 3 2)
+
+OID = 06 07 02 82 06 01 0A 03 03
+Comment = Telesec object class
+Description = directoryGroup (0 2 262 1 10 3 3)
+
+OID = 06 07 02 82 06 01 0A 03 04
+Comment = Telesec object class
+Description = directoryUser (0 2 262 1 10 3 4)
+
+OID = 06 07 02 82 06 01 0A 03 05
+Comment = Telesec object class
+Description = symmetricKeyEntry (0 2 262 1 10 3 5)
+
+OID = 06 06 02 82 06 01 0A 04
+Comment = Telesec
+Description = package (0 2 262 1 10 4)
+
+OID = 06 06 02 82 06 01 0A 05
+Comment = Telesec
+Description = parameter (0 2 262 1 10 5)
+
+OID = 06 06 02 82 06 01 0A 06
+Comment = Telesec
+Description = nameBinding (0 2 262 1 10 6)
+
+OID = 06 06 02 82 06 01 0A 07
+Comment = Telesec
+Description = attribute (0 2 262 1 10 7)
+
+OID = 06 07 02 82 06 01 0A 07 00
+Comment = Telesec attribute
+Description = applicationGroupIdentifier (0 2 262 1 10 7 0)
+
+OID = 06 07 02 82 06 01 0A 07 01
+Comment = Telesec attribute
+Description = certificateType (0 2 262 1 10 7 1)
+
+OID = 06 07 02 82 06 01 0A 07 02
+Comment = Telesec attribute
+Description = telesecCertificate (0 2 262 1 10 7 2)
+
+OID = 06 07 02 82 06 01 0A 07 03
+Comment = Telesec attribute
+Description = certificateNumber (0 2 262 1 10 7 3)
+
+OID = 06 07 02 82 06 01 0A 07 04
+Comment = Telesec attribute
+Description = certificateRevocationList (0 2 262 1 10 7 4)
+
+OID = 06 07 02 82 06 01 0A 07 05
+Comment = Telesec attribute
+Description = creationDate (0 2 262 1 10 7 5)
+
+OID = 06 07 02 82 06 01 0A 07 06
+Comment = Telesec attribute
+Description = issuer (0 2 262 1 10 7 6)
+
+OID = 06 07 02 82 06 01 0A 07 07
+Comment = Telesec attribute
+Description = namingAuthority (0 2 262 1 10 7 7)
+
+OID = 06 07 02 82 06 01 0A 07 08
+Comment = Telesec attribute
+Description = publicKeyDirectory (0 2 262 1 10 7 8)
+
+OID = 06 07 02 82 06 01 0A 07 09
+Comment = Telesec attribute
+Description = securityDomain (0 2 262 1 10 7 9)
+
+OID = 06 07 02 82 06 01 0A 07 0A
+Comment = Telesec attribute
+Description = subject (0 2 262 1 10 7 10)
+
+OID = 06 07 02 82 06 01 0A 07 0B
+Comment = Telesec attribute
+Description = timeOfRevocation (0 2 262 1 10 7 11)
+
+OID = 06 07 02 82 06 01 0A 07 0C
+Comment = Telesec attribute
+Description = userGroupReference (0 2 262 1 10 7 12)
+
+OID = 06 07 02 82 06 01 0A 07 0D
+Comment = Telesec attribute
+Description = validity (0 2 262 1 10 7 13)
+
+OID = 06 07 02 82 06 01 0A 07 0E
+Comment = Telesec attribute
+Description = zert93 (0 2 262 1 10 7 14)
+
+# It really is called that
+OID = 06 07 02 82 06 01 0A 07 0F
+Comment = Telesec attribute
+Description = securityMessEnv (0 2 262 1 10 7 15)
+
+OID = 06 07 02 82 06 01 0A 07 10
+Comment = Telesec attribute
+Description = anonymizedPublicKeyDirectory (0 2 262 1 10 7 16)
+
+OID = 06 07 02 82 06 01 0A 07 11
+Comment = Telesec attribute
+Description = telesecGivenName (0 2 262 1 10 7 17)
+
+OID = 06 07 02 82 06 01 0A 07 12
+Comment = Telesec attribute
+Description = nameAdditions (0 2 262 1 10 7 18)
+
+OID = 06 07 02 82 06 01 0A 07 13
+Comment = Telesec attribute
+Description = telesecPostalCode (0 2 262 1 10 7 19)
+
+OID = 06 07 02 82 06 01 0A 07 14
+Comment = Telesec attribute
+Description = nameDistinguisher (0 2 262 1 10 7 20)
+
+OID = 06 07 02 82 06 01 0A 07 15
+Comment = Telesec attribute
+Description = telesecCertificateList (0 2 262 1 10 7 21)
+
+OID = 06 07 02 82 06 01 0A 07 16
+Comment = Telesec attribute
+Description = teletrustCertificateList (0 2 262 1 10 7 22)
+
+OID = 06 07 02 82 06 01 0A 07 17
+Comment = Telesec attribute
+Description = x509CertificateList (0 2 262 1 10 7 23)
+
+OID = 06 07 02 82 06 01 0A 07 18
+Comment = Telesec attribute
+Description = timeOfIssue (0 2 262 1 10 7 24)
+
+OID = 06 07 02 82 06 01 0A 07 19
+Comment = Telesec attribute
+Description = physicalCardNumber (0 2 262 1 10 7 25)
+
+OID = 06 07 02 82 06 01 0A 07 1A
+Comment = Telesec attribute
+Description = fileType (0 2 262 1 10 7 26)
+
+OID = 06 07 02 82 06 01 0A 07 1B
+Comment = Telesec attribute
+Description = ctlFileIsArchive (0 2 262 1 10 7 27)
+
+OID = 06 07 02 82 06 01 0A 07 1C
+Comment = Telesec attribute
+Description = emailAddress (0 2 262 1 10 7 28)
+
+OID = 06 07 02 82 06 01 0A 07 1D
+Comment = Telesec attribute
+Description = certificateTemplateList (0 2 262 1 10 7 29)
+
+OID = 06 07 02 82 06 01 0A 07 1E
+Comment = Telesec attribute
+Description = directoryName (0 2 262 1 10 7 30)
+
+OID = 06 07 02 82 06 01 0A 07 1F
+Comment = Telesec attribute
+Description = directoryTypeName (0 2 262 1 10 7 31)
+
+OID = 06 07 02 82 06 01 0A 07 20
+Comment = Telesec attribute
+Description = directoryGroupName (0 2 262 1 10 7 32)
+
+OID = 06 07 02 82 06 01 0A 07 21
+Comment = Telesec attribute
+Description = directoryUserName (0 2 262 1 10 7 33)
+
+OID = 06 07 02 82 06 01 0A 07 22
+Comment = Telesec attribute
+Description = revocationFlag (0 2 262 1 10 7 34)
+
+OID = 06 07 02 82 06 01 0A 07 23
+Comment = Telesec attribute
+Description = symmetricKeyEntryName (0 2 262 1 10 7 35)
+
+OID = 06 07 02 82 06 01 0A 07 24
+Comment = Telesec attribute
+Description = glNumber (0 2 262 1 10 7 36)
+
+OID = 06 07 02 82 06 01 0A 07 25
+Comment = Telesec attribute
+Description = goNumber (0 2 262 1 10 7 37)
+
+OID = 06 07 02 82 06 01 0A 07 26
+Comment = Telesec attribute
+Description = gKeyData (0 2 262 1 10 7 38)
+
+OID = 06 07 02 82 06 01 0A 07 27
+Comment = Telesec attribute
+Description = zKeyData (0 2 262 1 10 7 39)
+
+OID = 06 07 02 82 06 01 0A 07 28
+Comment = Telesec attribute
+Description = ktKeyData (0 2 262 1 10 7 40)
+
+OID = 06 07 02 82 06 01 0A 07 2A
+Comment = Telesec attribute
+Description = ktKeyNumber (0 2 262 1 10 7 41)
+
+OID = 06 07 02 82 06 01 0A 07 33
+Comment = Telesec attribute
+Description = timeOfRevocationGen (0 2 262 1 10 7 51)
+
+OID = 06 07 02 82 06 01 0A 07 34
+Comment = Telesec attribute
+Description = liabilityText (0 2 262 1 10 7 52)
+
+OID = 06 06 02 82 06 01 0A 08
+Comment = Telesec
+Description = attributeGroup (0 2 262 1 10 8)
+
+OID = 06 06 02 82 06 01 0A 09
+Comment = Telesec
+Description = action (0 2 262 1 10 9)
+
+OID = 06 06 02 82 06 01 0A 0A
+Comment = Telesec
+Description = notification (0 2 262 1 10 10)
+
+OID = 06 06 02 82 06 01 0A 0B
+Comment = Telesec
+Description = snmp-mibs (0 2 262 1 10 11)
+
+OID = 06 07 02 82 06 01 0A 0B 01
+Comment = Telesec SNMP MIBs
+Description = securityApplication (0 2 262 1 10 11 1)
+
+OID = 06 06 02 82 06 01 0A 0C
+Comment = Telesec
+Description = certAndCrlExtensionDefinitions (0 2 262 1 10 12)
+
+OID = 06 07 02 82 06 01 0A 0C 00
+Comment = Telesec cert/CRL extension
+Description = certExtensionLiabilityLimitationExt (0 2 262 1 10 12 0)
+
+OID = 06 07 02 82 06 01 0A 0C 01
+Comment = Telesec cert/CRL extension
+Description = telesecCertIdExt (0 2 262 1 10 12 1)
+
+OID = 06 07 02 82 06 01 0A 0C 02
+Comment = Telesec cert/CRL extension
+Description = telesecPolicyIdentifier (0 2 262 1 10 12 2)
+
+OID = 06 07 02 82 06 01 0A 0C 03
+Comment = Telesec cert/CRL extension
+Description = telesecPolicyQualifierID (0 2 262 1 10 12 3)
+
+OID = 06 07 02 82 06 01 0A 0C 04
+Comment = Telesec cert/CRL extension
+Description = telesecCRLFilteredExt (0 2 262 1 10 12 4)
+
+OID = 06 07 02 82 06 01 0A 0C 05
+Comment = Telesec cert/CRL extension
+Description = telesecCRLFilterExt (0 2 262 1 10 12 5)
+
+OID = 06 07 02 82 06 01 0A 0C 06
+Comment = Telesec cert/CRL extension
+Description = telesecNamingAuthorityExt (0 2 262 1 10 12 6)
+
+# Some LDAP draft from the UK
+
+OID = 06 0A 09 92 26 89 93 F2 2C 64 01 01
+Comment = Some oddball LDAP attribute collection
+Description = uniqueID (0 9 2342 19200300 100 1 1)
+
+# Some unknown X.500 attributes spec from the UK
+
+OID = 06 0A 09 92 26 89 93 F2 2C 64 01 03
+Comment = Some oddball X.500 attribute collection
+Description = rfc822Mailbox (0 9 2342 19200300 100 1 3)
+
+# RFC 2247, How to Kludge an FQDN as a DN (or words to that effect), another
+# fine product of the UK.
+
+OID = 06 0A 09 92 26 89 93 F2 2C 64 01 19
+Comment = Men are from Mars, this OID is from Pluto
+Description = domainComponent (0 9 2342 19200300 100 1 25)
+
+# Certificates Australia
+
+OID = 06 0A 2A 24 A4 97 A3 53 01 64 01 01
+Comment = Certificates Australia CA
+Description = Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1)
+
+# Signet
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 02
+Comment = Signet CA
+Description = Signet personal (1 2 36 68980861 1 1 2)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 03
+Comment = Signet CA
+Description = Signet business (1 2 36 68980861 1 1 3)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 04
+Comment = Signet CA
+Description = Signet legal (1 2 36 68980861 1 1 4)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0A
+Comment = Signet CA
+Description = Signet pilot (1 2 36 68980861 1 1 10)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0B
+Comment = Signet CA
+Description = Signet intraNet (1 2 36 68980861 1 1 11)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 14
+Comment = Signet CA
+Description = Signet securityPolicy (1 2 36 68980861 1 1 20)
+
+# Mitsubishi
+
+OID = 06 0B 2A 83 08 8C 1A 4B 3D 01 01 01
+Comment = Mitsubishi security algorithm
+Description = symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1)
+
+OID = 06 0C 2A 83 08 8C 9A 4B 3D 01 01 01 01
+Comment = Mitsubishi security algorithm
+Description = misty1-cbc (1 2 392 200011 61 1 1 1 1)
+
+# SEIS
+
+OID = 06 05 2A 85 70 22 01
+Comment = SEIS Project
+Description = seis-cp (1 2 752 34 1)
+
+OID = 06 06 2A 85 70 22 01 01
+Comment = SEIS Project certificate policies
+Description = SEIS high-assurnace certificatePolicy (1 2 752 34 1 1)
+
+OID = 06 06 2A 85 70 22 01 02
+Comment = SEIS Project certificate policies
+Description = SEIS GAK certificatePolicy (1 2 752 34 1 2)
+
+OID = 06 05 2A 85 70 22 02
+Comment = SEIS Project
+Description = SEIS pe (1 2 752 34 2)
+
+OID = 06 05 2A 85 70 22 03
+Comment = SEIS Project
+Description = SEIS at (1 2 752 34 3)
+
+OID = 06 06 2A 85 70 22 03 01
+Comment = SEIS Project attribute
+Description = SEIS at-personalIdentifier (1 2 752 34 3 1)
+
+# ANSI X9.57
+
+OID = 06 06 2A 86 48 CE 38 01
+Comment = ANSI X9.57
+Description = module (1 2 840 10040 1)
+
+OID = 06 07 2A 86 48 CE 38 01 01
+Comment = ANSI X9.57 module
+Description = x9f1-cert-mgmt (1 2 840 10040 1 1)
+
+OID = 06 06 2A 86 48 CE 38 02
+Comment = ANSI X9.57
+Description = holdinstruction (1 2 840 10040 2)
+
+OID = 06 07 2A 86 48 CE 38 02 01
+Comment = ANSI X9.57 hold instruction
+Description = holdinstruction-none (1 2 840 10040 2 1)
+
+OID = 06 07 2A 86 48 CE 38 02 02
+Comment = ANSI X9.57 hold instruction
+Description = callissuer (1 2 840 10040 2 2)
+
+OID = 06 07 2A 86 48 CE 38 02 03
+Comment = ANSI X9.57 hold instruction
+Description = reject (1 2 840 10040 2 3)
+
+OID = 06 07 2A 86 48 CE 38 02 04
+Comment = ANSI X9.57 hold instruction
+Description = pickupToken (1 2 840 10040 2 4)
+
+OID = 06 06 2A 86 48 CE 38 03
+Comment = ANSI X9.57
+Description = attribute (1 2 840 10040 3)
+
+OID = 06 06 2A 86 48 CE 38 03 01
+Comment = ANSI X9.57 attribute
+Description = countersignature (1 2 840 10040 3 1)
+
+OID = 06 06 2A 86 48 CE 38 03 02
+Comment = ANSI X9.57 attribute
+Description = attribute-cert (1 2 840 10040 3 2)
+
+OID = 06 06 2A 86 48 CE 38 04
+Comment = ANSI X9.57
+Description = algorithm (1 2 840 10040 4)
+
+OID = 06 07 2A 86 48 CE 38 04 01
+Comment = ANSI X9.57 algorithm
+Description = dsa (1 2 840 10040 4 1)
+
+OID = 06 07 2A 86 48 CE 38 04 02
+Comment = ANSI X9.57 algorithm
+Description = dsa-match (1 2 840 10040 4 2)
+
+OID = 06 07 2A 86 48 CE 38 04 03
+Comment = ANSI X9.57 algorithm
+Description = dsaWithSha1 (1 2 840 10040 4 3)
+
+# ANSI X9.62
+
+OID = 06 06 2A 86 48 CE 3D 01
+Comment = ANSI X9.62. This OID is also assigned as ecdsa-with-SHA1
+Description = fieldType (1 2 840 10045 1)
+
+OID = 06 07 2A 86 48 CE 3D 01 01
+Comment = ANSI X9.62 field type
+Description = prime-field (1 2 840 10045 1 1)
+
+OID = 06 07 2A 86 48 CE 3D 01 02
+Comment = ANSI X9.62 field type
+Description = characteristic-two-field (1 2 840 10045 1 2)
+
+OID = 06 09 2A 86 48 CE 3D 01 02 03
+Comment = ANSI X9.62 field type
+Description = characteristic-two-basis (1 2 840 10045 1 2 3)
+
+OID = 06 0A 2A 86 48 CE 3D 01 02 03 01
+Comment = ANSI X9.62 field basis
+Description = onBasis (1 2 840 10045 1 2 3 1)
+
+OID = 06 0A 2A 86 48 CE 3D 01 02 03 02
+Comment = ANSI X9.62 field basis
+Description = tpBasis (1 2 840 10045 1 2 3 2)
+
+OID = 06 0A 2A 86 48 CE 3D 01 02 03 03
+Comment = ANSI X9.62 field basis
+Description = ppBasis (1 2 840 10045 1 2 3 3)
+
+# The definition for the following OID is somewhat confused, and is given as
+# keyType, publicKeyType, and public-key-type, all within 4 lines of text.
+# ecPublicKey is defined using the ID publicKeyType, so this is what's used
+# here.
+OID = 06 06 2A 86 48 CE 3D 02
+Comment = ANSI X9.62
+Description = publicKeyType (1 2 840 10045 2)
+
+OID = 06 07 2A 86 48 CE 3D 02 01
+Comment = ANSI X9.62 public key type
+Description = ecPublicKey (1 2 840 10045 2 1)
+
+# ANSI X9.42
+
+OID = 06 06 2A 86 48 CE 3E 01
+Comment = ANSI X9.42
+Description = fieldType (1 2 840 10046 1)
+
+OID = 06 07 2A 86 48 CE 3E 01 01
+Comment = ANSI X9.42 field type
+Description = gf-prime (1 2 840 10046 1 1)
+
+OID = 06 06 2A 86 48 CE 3E 02
+Comment = ANSI X9.42
+Description = numberType (1 2 840 10046 2)
+
+OID = 06 07 2A 86 48 CE 3E 02 01
+Comment = ANSI X9.42 number type
+Description = dhPublicKey (1 2 840 10046 2 1)
+
+OID = 06 06 2A 86 48 CE 3E 03
+Comment = ANSI X9.42
+Description = scheme (1 2 840 10046 3)
+
+OID = 06 07 2A 86 48 CE 3E 03 01
+Comment = ANSI X9.42 scheme
+Description = dhStatic (1 2 840 10046 3 1)
+
+OID = 06 07 2A 86 48 CE 3E 03 02
+Comment = ANSI X9.42 scheme
+Description = dhEphem (1 2 840 10046 3 2)
+
+OID = 06 07 2A 86 48 CE 3E 03 03
+Comment = ANSI X9.42 scheme
+Description = dhHybrid1 (1 2 840 10046 3 3)
+
+OID = 06 07 2A 86 48 CE 3E 03 04
+Comment = ANSI X9.42 scheme
+Description = dhHybrid2 (1 2 840 10046 3 4)
+
+OID = 06 07 2A 86 48 CE 3E 03 05
+Comment = ANSI X9.42 scheme
+Description = mqv2 (1 2 840 10046 3 5)
+
+OID = 06 07 2A 86 48 CE 3E 03 06
+Comment = ANSI X9.42 scheme
+Description = mqv1 (1 2 840 10046 3 6)
+
+# Nortel Secure Networks/Entrust
+
+OID = 06 07 2A 86 48 86 F6 7D 07
+Description = nsn (1 2 840 113533 7)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 41
+Description = nsn-ce (1 2 840 113533 7 65)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 41 00
+Comment = Nortel Secure Networks ce (1 2 840 113533 7 65)
+Description = entrustVersInfo (1 2 840 113533 7 65 0)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 42
+Description = nsn-alg (1 2 840 113533 7 66)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 03
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = cast3CBC (1 2 840 113533 7 66 3)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0A
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = cast5CBC (1 2 840 113533 7 66 10)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0B
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = cast5MAC (1 2 840 113533 7 66 11)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0C
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0D
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = passwordBasedMac (1 2 840 113533 7 66 13)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 43
+Description = nsn-oc (1 2 840 113533 7 67)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 43 0C
+Comment = Nortel Secure Networks oc (1 2 840 113533 7 67)
+Description = entrustUser (1 2 840 113533 7 67 0)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 44
+Description = nsn-at (1 2 840 113533 7 68)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 44 00
+Comment = Nortel Secure Networks at (1 2 840 113533 7 68)
+Description = entrustCAInfo (1 2 840 113533 7 68 0)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 44 0A
+Comment = Nortel Secure Networks at (1 2 840 113533 7 68)
+Description = attributeCertificate (1 2 840 113533 7 68 10)
+
+# PKCS #1
+
+OID = 06 08 2A 86 48 86 F7 0D 01 01
+Description = pkcs-1 (1 2 840 113549 1 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 01
+Comment = PKCS #1
+Description = rsaEncryption (1 2 840 113549 1 1 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 02
+Comment = PKCS #1
+Description = md2withRSAEncryption (1 2 840 113549 1 1 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 03
+Comment = PKCS #1
+Description = md4withRSAEncryption (1 2 840 113549 1 1 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 04
+Comment = PKCS #1
+Description = md5withRSAEncryption (1 2 840 113549 1 1 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 05
+Comment = PKCS #1
+Description = sha1withRSAEncryption (1 2 840 113549 1 1 5)
+
+# There is some confusion over the identity of the following OID. The OAEP
+# one is more recent, but independant vendors have already used the RIPEMD
+# one, however it's likely that SET will be a bigger hammer (at least as a
+# standard) so we report it as that.
+OID = 06 09 2A 86 48 86 F7 0D 01 01 06
+Comment = PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption
+Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6)
+# ripemd160WithRSAEncryption (1 2 840 113549 1 1 6)
+
+# BSAFE/PKCS #2 (obsolete)
+
+OID = 06 08 2A 86 48 86 F7 0D 01 01
+Comment = Obsolete BSAFE OID
+Description = bsafeRsaEncr (1 2 840 113549 1 2)
+Warning
+
+# PKCS #3
+
+OID = 06 08 2A 86 48 86 F7 0D 01 03
+Description = pkcs-3 (1 2 840 113549 1 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 03 01
+Comment = PKCS #3
+Description = dhKeyAgreement (1 2 840 113549 1 3 1)
+
+# PKCS #5
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05
+Description = pkcs-5 (1 2 840 113549 1 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 01
+Comment = PKCS #5
+Description = pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 03
+Comment = PKCS #5
+Description = pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 04
+Comment = PKCS #5
+Description = pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 06
+Comment = PKCS #5
+Description = pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 09
+Comment = PKCS #5, used in BSAFE only
+Description = pbeWithMD5AndXOR (1 2 840 113549 1 5 9)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 0A
+Comment = PKCS #5
+Description = pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 0C
+Comment = PKCS #5 v2.0
+Description = pkcs5PBKDF2 (1 2 840 113549 1 5 12)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 0D
+Comment = PKCS #5 v2.0
+Description = pkcs5PBES2 (1 2 840 113549 1 5 13)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 0E
+Comment = PKCS #5 v2.0
+Description = pkcs5PBMAC1 (1 2 840 113549 1 5 14)
+
+# PKCS #7
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07
+Description = pkcs-7 (1 2 840 113549 1 7)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 01
+Comment = PKCS #7
+Description = data (1 2 840 113549 1 7 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 02
+Comment = PKCS #7
+Description = signedData (1 2 840 113549 1 7 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 03
+Comment = PKCS #7
+Description = envelopedData (1 2 840 113549 1 7 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 04
+Comment = PKCS #7
+Description = signedAndEnvelopedData (1 2 840 113549 1 7 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 05
+Comment = PKCS #7
+Description = digestedData (1 2 840 113549 1 7 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 06
+Comment = PKCS #7
+Description = encryptedData (1 2 840 113549 1 7 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 07
+Comment = PKCS #7 experimental
+Description = dataWithAttributes (1 2 840 113549 1 7 7)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 08
+Comment = PKCS #7 experimental
+Description = encryptedPrivateKeyInfo (1 2 840 113549 1 7 8)
+Warning
+
+# PKCS #9
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09
+Description = pkcs-9 (1 2 840 113549 1 9)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 01
+Comment = PKCS #9 (1 2 840 113549 1 9). Deprecated, use an altName extension instead
+Description = emailAddress (1 2 840 113549 1 9 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 02
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = unstructuredName (1 2 840 113549 1 9 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 03
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = contentType (1 2 840 113549 1 9 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 04
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = messageDigest (1 2 840 113549 1 9 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 05
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = signingTime (1 2 840 113549 1 9 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 06
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = countersignature (1 2 840 113549 1 9 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 07
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = challengePassword (1 2 840 113549 1 9 7)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 08
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = unstructuredAddress (1 2 840 113549 1 9 8)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 09
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = extendedCertificateAttributes (1 2 840 113549 1 9 9)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0A
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = issuerAndSerialNumber (1 2 840 113549 1 9 10)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0B
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = passwordCheck (1 2 840 113549 1 9 11)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0C
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = publicKey (1 2 840 113549 1 9 12)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0D
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = signingDescription (1 2 840 113549 1 9 13)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0E
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = extensionReq (1 2 840 113549 1 9 14)
+
+# PKCS #9 for use with S/MIME
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0F
+Comment = PKCS #9 (1 2 840 113549 1 9). This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name
+Description = sMIMECapabilities (1 2 840 113549 1 9 15)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 01
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15)
+Description = preferSignedData (1 2 840 113549 1 9 15 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 02
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15)
+Description = canNotDecryptAny (1 2 840 113549 1 9 15 2)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 03
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 1) instead
+Description = receiptRequest (1 2 840 113549 1 9 15 3)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 04
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 1 1) instead
+Description = receipt (1 2 840 113549 1 9 15 4)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 05
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 4) instead
+Description = contentHints (1 2 840 113549 1 9 15 5)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 06
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 3) instead
+Description = mlExpansionHistory (1 2 840 113549 1 9 15 6)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 10
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = id-sMIME (1 2 840 113549 1 9 16)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 00
+Comment = id-sMIME (1 2 840 113549 1 9 16)
+Description = id-mod (1 2 840 113549 1 9 16 0)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 01
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-cms (1 2 840 113549 1 9 16 0 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 02
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-ess (1 2 840 113549 1 9 16 0 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 03
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-oid (1 2 840 113549 1 9 16 0 3)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 04
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-msg-v3 (1 2 840 113549 1 9 16 0 4)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 05
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-ets-eSignature-88 (1 2 840 113549 1 9 16 0 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 06
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-ets-eSignature-97 (1 2 840 113549 1 9 16 0 6)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 07
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-ets-eSigPolicy-88 (1 2 840 113549 1 9 16 0 7)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 08
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-ets-eSigPolicy-88 (1 2 840 113549 1 9 16 0 8)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 01
+Comment = id-sMIME (1 2 840 113549 1 9 16)
+Description = id-ct (1 2 840 113549 1 9 16 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 01
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-receipt (1 2 840 113549 1 9 16 1 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 02
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-authData (1 2 840 113549 1 9 16 1 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 03
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-publishCert (1 2 840 113549 1 9 16 1 3)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 04
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-TSTInfo (1 2 840 113549 1 9 16 1 4)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 05
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-TDTInfo (1 2 840 113549 1 9 16 1 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 06
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-contentInfo (1 2 840 113549 1 9 16 1 6)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 07
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-DVCSRequestData (1 2 840 113549 1 9 16 1 7)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 08
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-DVCSResponseData (1 2 840 113549 1 9 16 1 8)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 07
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-compressedData (1 2 840 113549 1 9 16 1 9)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 02
+Comment = id-sMIME (1 2 840 113549 1 9 16)
+Description = id-aa (1 2 840 113549 1 9 16 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 01
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-receiptRequest (1 2 840 113549 1 9 16 2 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 02
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-securityLabel (1 2 840 113549 1 9 16 2 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 03
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-mlExpandHistory (1 2 840 113549 1 9 16 2 3)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 04
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-contentHint (1 2 840 113549 1 9 16 2 4)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 05
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-msgSigDigest (1 2 840 113549 1 9 16 2 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 06
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2). Obsolete
+Description = id-aa-encapContentType (1 2 840 113549 1 9 16 2 6)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 07
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-contentIdentifier (1 2 840 113549 1 9 16 2 7)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 08
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2). Obsolete
+Description = id-aa-macValue (1 2 840 113549 1 9 16 2 8)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 09
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-equivalentLabels (1 2 840 113549 1 9 16 2 9)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-contentReference (1 2 840 113549 1 9 16 2 10)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0B
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-encrypKeyPref (1 2 840 113549 1 9 16 2 11)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0C
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-signingCertificate (1 2 840 113549 1 9 16 2 12)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0D
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-smimeEncryptCerts (1 2 840 113549 1 9 16 2 13)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0E
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-timeStampToken (1 2 840 113549 1 9 16 2 14)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0F
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-sigPolicyId (1 2 840 113549 1 9 16 2 15)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 10
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-commitmentType (1 2 840 113549 1 9 16 2 16)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 11
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-signerLocation (1 2 840 113549 1 9 16 2 17)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 12
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-signerAttr (1 2 840 113549 1 9 16 2 18)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 13
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-otherSigCert (1 2 840 113549 1 9 16 2 19)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 14
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-contentTimestamp (1 2 840 113549 1 9 16 2 20)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 15
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-CertificateRefs (1 2 840 113549 1 9 16 2 21)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 16
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-RevocationRefs (1 2 840 113549 1 9 16 2 22)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 17
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-certValues (1 2 840 113549 1 9 16 2 23)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 18
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-revocationValues (1 2 840 113549 1 9 16 2 24)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 19
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-escTimeStamp (1 2 840 113549 1 9 16 2 25)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1A
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-certCRLTimestamp (1 2 840 113549 1 9 16 2 26)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1B
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-ets-archiveTimeStamp (1 2 840 113549 1 9 16 2 27)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1C
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-signatureType (1 2 840 113549 1 9 16 2 28)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1D
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-dvcs-dvc (1 2 840 113549 1 9 16 2 29)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 01
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3). Obsolete
+Description = id-alg-ESDHwith3DES (1 2 840 113549 1 9 16 3 1)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 02
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3). Obsolete
+Description = id-alg-ESDHwithRC2 (1 2 840 113549 1 9 16 3 2)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 03
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3). Obsolete
+Description = id-alg-3DESwrap (1 2 840 113549 1 9 16 3 3)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 04
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3). Obsolete
+Description = id-alg-RC2wrap (1 2 840 113549 1 9 16 3 4)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 05
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3)
+Description = id-alg-ESDH (1 2 840 113549 1 9 16 3 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 06
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3)
+Description = id-alg-CMS3DESwrap (1 2 840 113549 1 9 16 3 6)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 07
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3)
+Description = id-alg-CMSRC2wrap (1 2 840 113549 1 9 16 3 7)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08
+Comment = S/MIME Algorithms (1 2 840 113549 1 9 16 3)
+Description = id-alg-zlib (1 2 840 113549 1 9 16 3 8)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 04 01
+Comment = S/MIME Certificate Distribution (1 2 840 113549 1 9 16 4)
+Description = id-cd-ldap (1 2 840 113549 1 9 16 4 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 05 01
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 5)
+Description = id-spq-ets-sqt-uri (1 2 840 113549 1 9 16 5 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 05 02
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 5)
+Description = id-spq-ets-sqt-unotice (1 2 840 113549 1 9 16 5 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 01
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 6)
+Description = id-cti-ets-proofOfOrigin (1 2 840 113549 1 9 16 6 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 02
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 6)
+Description = id-cti-ets-proofOfReceipt (1 2 840 113549 1 9 16 6 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 03
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 6)
+Description = id-cti-ets-proofOfDelivery (1 2 840 113549 1 9 16 6 3)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 04
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 6)
+Description = id-cti-ets-proofOfSender (1 2 840 113549 1 9 16 6 4)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 05
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 6)
+Description = id-cti-ets-proofOfApproval (1 2 840 113549 1 9 16 6 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 06
+Comment = S/MIME Signature Policy Qualifier (1 2 840 113549 1 9 16 6)
+Description = id-cti-ets-proofOfCreation (1 2 840 113549 1 9 16 6 6)
+
+# PKCS #9 for use with PKCS #12
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 14
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = friendlyName (for PKCS #12) (1 2 840 113549 1 9 20)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 15
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = localKeyID (for PKCS #12) (1 2 840 113549 1 9 21)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 16
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = certTypes (for PKCS #12) (1 2 840 113549 1 9 22)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 01
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 02
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 17
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = crlTypes (for PKCS #12) (1 2 840 113549 1 9 23)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 17 01
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1)
+
+# PKCS #12. Note that current PKCS #12 implementations tend to be strange and
+# peculiar, with implementors misusing OIDs or basing their work on earlier PFX
+# drafts or defining their own odd OIDs. In addition the PFX/PKCS #12 spec
+# itself is full of errors and inconsistencies, and a number of OIDs have been
+# redefined in different drafts (often multiple times), which doesn't make the
+# implementors job any easier.
+
+OID = 06 08 2A 86 48 86 F7 0D 01 0C
+Description = pkcs-12 (1 2 840 113549 1 12)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 01
+Comment = This OID was formerly assigned as PKCS #12 modeID
+Description = pkcs-12-PbeIds (1 2 840 113549 1 12 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 01
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 1). This OID was formerly assigned as pkcs-12-OfflineTransportMode
+Description = pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 02
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 2). This OID was formerly assigned as pkcs-12-OnlineTransportMode
+Description = pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 03
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 04
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 05
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 06
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 02
+Comment = Deprecated
+Description = pkcs-12-ESPVKID (1 2 840 113549 1 12 2)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 02 01
+Comment = PKCS #12 ESPVKID (1 2 840 113549 1 12 2). Deprecated, use (1 2 840 113549 1 12 3 5) instead
+Description = pkcs-12-PKCS8KeyShrouding (1 2 840 113549 1 12 2 1)
+Warning
+
+# The following appear to have been redefined yet again at 12 10 in the latest
+# PKCS #12 spec.
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 03
+Description = pkcs-12-BagIds (1 2 840 113549 1 12 3)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 01
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-keyBagId (1 2 840 113549 1 12 3 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 02
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 03
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-secretBagId (1 2 840 113549 1 12 3 3)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 04
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 05
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 04
+Comment = Deprecated
+Description = pkcs-12-CertBagID (1 2 840 113549 1 12 4)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 01
+Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-X509CertCRLBag
+Description = pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 02
+Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-SDSICertBag
+Description = pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2)
+
+# The following are from PFX. The ... 5 1 values have been reassigned to OIDs
+# with incompatible algorithms at ... 1, the 5 2 values seem to have vanished.
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 05
+Description = pkcs-12-OID (1 2 840 113549 1 12 5)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 01
+Comment = PKCS #12 OID (1 2 840 113549 1 12 5). Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead
+Description = pkcs-12-PBEID (1 2 840 113549 1 12 5 1)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 01
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 1) instead
+Description = pkcs-12-PBEWithSha1And128BitRC4 (1 2 840 113549 1 12 5 1 1)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 02
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 2) instead
+Description = pkcs-12-PBEWithSha1And40BitRC4 (1 2 840 113549 1 12 5 1 2)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 03
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead
+Description = pkcs-12-PBEWithSha1AndTripleDESCBC (1 2 840 113549 1 12 5 1 3)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 04
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 5) instead
+Description = pkcs-12-PBEWithSha1And128BitRC2CBC (1 2 840 113549 1 12 5 1 4)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 05
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 6) instead
+Description = pkcs-12-PBEWithSha1And40BitRC2CBC (1 2 840 113549 1 12 5 1 5)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 06
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead
+Description = pkcs-12-PBEWithSha1AndRC4 (1 2 840 113549 1 12 5 1 6)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 07
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead
+Description = pkcs-12-PBEWithSha1AndRC2CBC (1 2 840 113549 1 12 5 1 7)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 02
+Description = pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 01
+Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSAEncryptionWith128BitRC4 (1 2 840 113549 1 12 5 2 1)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 02
+Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSAEncryptionWith40BitRC4 (1 2 840 113549 1 12 5 2 2)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 03
+Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSAEncryptionWithTripleDES (1 2 840 113549 1 12 5 2 3)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 03
+Description = pkcs-12-SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 03 01
+Comment = PKCS #12 OID SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSASignatureWithSHA1Digest (1 2 840 113549 1 12 5 3 1)
+Warning
+
+# Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different
+# order than the last redefinition at ... 12 3.
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 0A
+Description = pkcs-12Version1 (1 2 840 113549 1 12 10)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 0A 01
+Description = pkcs-12BadIds (1 2 840 113549 1 12 10 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-certBag (1 2 840 113549 1 12 10 1 3)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6)
+
+# PKCS #15
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0F 01
+Comment = PKCS #15
+Description = pkcs15modules (1 2 840 113549 1 15 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0F 02
+Comment = PKCS #15
+Description = pkcs15attributes (1 2 840 113549 1 15 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0F 03
+Comment = PKCS #15
+Description = pkcs15contentType (1 2 840 113549 1 15 3)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0F 03 01
+Comment = PKCS #15 content type
+Description = pkcs15content (1 2 840 113549 1 15 3 1)
+
+# RSADSI digest algorithms
+
+OID = 06 08 2A 86 48 86 F7 0D 02
+Description = digestAlgorithm (1 2 840 113549 2)
+
+OID = 06 08 2A 86 48 86 F7 0D 02 02
+Comment = RSADSI digestAlgorithm (1 2 840 113549 2)
+Description = md2 (1 2 840 113549 2 2)
+
+OID = 06 08 2A 86 48 86 F7 0D 02 04
+Comment = RSADSI digestAlgorithm (1 2 840 113549 2)
+Description = md4 (1 2 840 113549 2 4)
+
+OID = 06 08 2A 86 48 86 F7 0D 02 05
+Comment = RSADSI digestAlgorithm (1 2 840 113549 2)
+Description = md5 (1 2 840 113549 2 5)
+
+# RSADSI encryption algorithms
+
+OID = 06 08 2A 86 48 86 F7 0D 03
+Description = encryptionAlgorithm (1 2 840 113549 3)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 02
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc2CBC (1 2 840 113549 3 2)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 03
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc2ECB (1 2 840 113549 3 3)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 04
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc4 (1 2 840 113549 3 4)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 05
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc4WithMAC (1 2 840 113549 3 5)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 06
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = desx-CBC (1 2 840 113549 3 6)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 07
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = des-EDE3-CBC (1 2 840 113549 3 7)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 08
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc5CBC (1 2 840 113549 3 8)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 09
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc5-CBCPad (1 2 840 113549 3 9)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 0A
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3). Formerly called CDMFCBCPad
+Description = desCDMF (1 2 840 113549 3 10)
+
+# Ascom Systech
+
+OID = 06 0A 2B 06 01 04 01 81 3C 07 01 01
+Comment = Ascom Systech
+Description = ascom (1 3 6 1 4 1 188 7 1 1)
+
+OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 01
+Comment = Ascom Systech
+Description = ideaECB (1 3 6 1 4 1 188 7 1 1 1)
+
+OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 02
+Comment = Ascom Systech
+Description = ideaCBC (1 3 6 1 4 1 188 7 1 1 2)
+
+OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 03
+Comment = Ascom Systech
+Description = ideaCFB (1 3 6 1 4 1 188 7 1 1 3)
+
+OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 04
+Comment = Ascom Systech
+Description = ideaOFB (1 3 6 1 4 1 188 7 1 1 4)
+
+# Microsoft
+
+OID = 06 09 2A 86 48 86 F7 14 01 03 00
+Comment = Microsoft Exchange Server - object class
+Description = site-Addressing (1 2 840 113556 1 3 00)
+
+OID = 06 09 2A 86 48 86 F7 14 01 03 0D
+Comment = Microsoft Exchange Server - object class
+Description = classSchema (1 2 840 113556 1 3 13)
+
+OID = 06 09 2A 86 48 86 F7 14 01 03 0E
+Comment = Microsoft Exchange Server - object class
+Description = attributeSchema (1 2 840 113556 1 3 14)
+
+OID = 06 09 2A 86 48 86 F7 14 01 03 11
+Comment = Microsoft Exchange Server - object class
+Description = mailbox-Agent (1 2 840 113556 1 3 174)
+
+OID = 06 09 2A 86 48 86 F7 14 01 03 16
+Comment = Microsoft Exchange Server - object class
+Description = mailbox (1 2 840 113556 1 3 22)
+
+OID = 06 09 2A 86 48 86 F7 14 01 03 17
+Comment = Microsoft Exchange Server - object class
+Description = container (1 2 840 113556 1 3 23)
+
+OID = 06 09 2A 86 48 86 F7 14 01 03 2E
+Comment = Microsoft Exchange Server - object class
+Description = mailRecipient (1 2 840 113556 1 3 46)
+
+OID = 06 09 2A 86 48 86 F7 14 01 02 81 71
+Comment = Microsoft Exchange Server - attribute
+Description = deliveryMechanism (1 2 840 113556 1 2 241)
+
+OID = 06 08 2A 86 48 86 F7 14 04 03
+Comment = Microsoft
+Description = microsoftExcel (1 2 840 113556 4 3)
+
+OID = 06 08 2A 86 48 86 F7 14 04 04
+Comment = Microsoft
+Description = titledWithOID (1 2 840 113556 4 4)
+
+OID = 06 08 2A 86 48 86 F7 14 04 05
+Comment = Microsoft
+Description = microsoftPowerPoint (1 2 840 113556 4 5)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 04
+Comment = Microsoft code signing
+Description = spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0A
+Comment = Microsoft code signing. Also known as policyLink
+Description = spcAgencyInfo (1 3 6 1 4 1 311 2 1 10)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0B
+Comment = Microsoft code signing
+Description = spcStatementType (1 3 6 1 4 1 311 2 1 11)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0C
+Comment = Microsoft code signing
+Description = spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0E
+Comment = Microsoft
+Description = certReqExtensions (1 3 6 1 4 1 311 2 1 14)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0F
+Comment = Microsoft code signing
+Description = spcPelmageData (1 3 6 1 4 1 311 2 1 15)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 14
+Comment = Microsoft code signing. Also known as "glue extension"
+Description = spcLink (type 1) (1 3 6 1 4 1 311 2 1 20)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 15
+Comment = Microsoft
+Description = individualCodeSigning (1 3 6 1 4 1 311 2 1 21)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 16
+Comment = Microsoft
+Description = commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 19
+Comment = Microsoft code signing. Also known as "glue extension"
+Description = spcLink (type 2) (1 3 6 1 4 1 311 2 1 25)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 1A
+Comment = Microsoft code signing
+Description = spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 1B
+Comment = Microsoft code signing
+Description = spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 1C
+Comment = Microsoft code signing. Also known as "glue extension"
+Description = spcLink (type 3) (1 3 6 1 4 1 311 2 1 28)
+
+OID = 06 0A 2B 06 01 04 01 82 37 03 02 01
+Comment = Microsoft code signing
+Description = timestampCountersignature (1 3 6 1 4 1 311 3 2 1)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 01
+Comment = Microsoft PKCS #7 contentType
+Description = certTrustList (1 3 6 1 4 1 311 10 1)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 02
+Comment = Microsoft
+Description = nextUpdateLocation (1 3 6 1 4 1 311 10 2)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 01
+Comment = Microsoft enhanced key usage
+Description = certTrustListSigning (1 3 6 1 4 1 311 10 3 1)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 02
+Comment = Microsoft enhanced key usage
+Description = timeStampSigning (1 3 6 1 4 1 311 10 3 2)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 03
+Comment = Microsoft enhanced key usage
+Description = serverGatedCrypto (1 3 6 1 4 1 311 10 3 3)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 04
+Comment = Microsoft enhanced key usage
+Description = encryptedFileSystem (1 3 6 1 4 1 311 10 3 4)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 04 01
+Comment = Microsoft attribute
+Description = yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1)
+
+# Something related to CAPI, contains a BMPString describing the CAPI level and
+# a BIT STRING blob
+OID = 06 0A 2B 06 01 04 01 82 37 0D 02 02
+Comment = Microsoft attribute
+Description = Unknown MS CryptoAPI-related extension (1 3 6 1 4 1 311 13 2 2)
+
+# This is just the normal issuerAndSerialNumber but with a MS-specific OID.
+# Apparently it's used for CryptEncode/DecodeObject, whatever that is.
+OID = 06 0A 2B 06 01 04 01 82 37 10 04
+Comment = Microsoft attribute
+Description = microsoftRecipientInfo (1 3 6 1 4 1 311 16 4)
+
+# Win2K CA certificate key/cert counter, high 16 bits = key index, low 16 bits
+# = cert index. Key index is inc'd when a CA gets a new key, cert index is
+# inc'd when a CA gets a new cert (ie recertifies a current key). This
+# extension has two purposes, as a hint to rebuild key/cert lists when a Win2K
+# CA is restored, and as a poster boy for the kind of crap which people are
+# shovelling into certs which has no place there
+OID = 06 09 2B 06 01 04 01 82 37 15 01
+Comment = Microsoft attribute
+Description = cAKeyCertIndexPair (1 3 6 1 4 1 311 21 1)
+
+# UNINETT
+
+OID = 06 0A 2B 06 01 04 01 92 7C 0A 01 01
+Comment = UNINETT PCA
+Description = UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1)
+
+# ICE-TEL
+
+OID = 06 08 2B 06 01 04 01 95 18 0A
+Comment = ICE-TEL CA
+Description = ICE-TEL policyIdentifier (1 3 6 1 4 1 2712 10)
+
+OID = 06 0A 2B 06 01 04 01 95 62 01 01 01
+Comment = ICE-TEL CA policy
+Description = ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1)
+
+# cryptlib
+
+OID = 06 0A 2B 06 01 04 01 97 55 01 01 01
+Comment = cryptlib encryption algorithm
+Description = blowfishECB (1 3 6 1 4 1 3029 1 1 1)
+
+OID = 06 0A 2B 06 01 04 01 97 55 01 01 02
+Comment = cryptlib encryption algorithm
+Description = blowfishCBC (1 3 6 1 4 1 3029 1 1 2)
+
+OID = 06 0A 2B 06 01 04 01 97 55 01 01 03
+Comment = cryptlib encryption algorithm
+Description = blowfishCFB (1 3 6 1 4 1 3029 1 1 3)
+
+OID = 06 0A 2B 06 01 04 01 97 55 01 01 04
+Comment = cryptlib encryption algorithm
+Description = blowfishOFB (1 3 6 1 4 1 3029 1 1 4)
+
+OID = 06 0A 2B 06 01 04 01 97 55 01 02 01
+Comment = cryptlib public-key algorithm
+Description = elgamal (1 3 6 1 4 1 3029 1 2 1)
+
+OID = 06 0B 2B 06 01 04 01 97 55 01 02 01 01
+Comment = cryptlib public-key algorithm
+Description = elgamalWithSHA-1 (1 3 6 1 4 1 3029 1 2 1 1)
+
+OID = 06 0B 2B 06 01 04 01 97 55 01 02 01 02
+Comment = cryptlib public-key algorithm
+Description = elgamalWithRIPEMD-160 (1 3 6 1 4 1 3029 1 2 1 2)
+
+OID = 06 09 2B 06 01 04 01 97 55 04 01
+Comment = cryptlib
+Description = cryptlibContent (1 3 6 1 4 1 3029 4 1)
+
+OID = 06 0A 2B 06 01 04 01 97 55 04 01 01
+Comment = cryptlib content type
+Description = cryptlibConfigData (1 3 6 1 4 1 3029 4 1 1)
+
+OID = 06 0A 2B 06 01 04 01 97 55 04 01 02
+Comment = cryptlib content type
+Description = cryptlibUserIndex (1 3 6 1 4 1 3029 4 1 2)
+
+OID = 06 0A 2B 06 01 04 01 97 55 04 01 03
+Comment = cryptlib content type
+Description = cryptlibUserInfo (1 3 6 1 4 1 3029 4 1 3)
+
+OID = 06 0B 2B 06 01 04 01 97 55 2A D7 24 01
+Comment = cryptlib special MPEG-of-cat OID
+Description = mpeg-1 (1 3 6 1 4 1 3029 42 11172 1)
+
+# PKIX
+
+OID = 06 06 2B 06 01 05 05 07
+Description = pkix (1 3 6 1 5 5 7)
+
+OID = 06 06 2B 06 01 05 05 07
+Comment = PKIX
+Description = attributeCert (1 3 6 1 5 5 7 0 12)
+
+OID = 06 07 2B 06 01 05 05 07 01
+Comment = PKIX
+Description = privateExtension (1 3 6 1 5 5 7 1)
+
+OID = 06 08 2B 06 01 05 05 07 01 01
+Comment = PKIX private extension
+Description = authorityInfoAccess (1 3 6 1 5 5 7 1 1)
+
+OID = 06 08 2B 06 01 05 05 07 01 04
+Comment = PKIX private extension
+Description = acAuditIdentity (1 3 6 1 5 5 7 1 4)
+
+OID = 06 08 2B 06 01 05 05 07 01 05
+Comment = PKIX private extension
+Description = acTargeting (1 3 6 1 5 5 7 1 5)
+
+OID = 06 08 2B 06 01 05 05 07 01 06
+Comment = PKIX private extension
+Description = acAaControls (1 3 6 1 5 5 7 1 6)
+
+OID = 06 08 2B 06 01 05 05 07 01 07
+Comment = PKIX private extension
+Description = acProxying (1 3 6 1 5 5 7 1 7)
+
+OID = 06 07 2B 06 01 05 05 07 02
+Comment = PKIX
+Description = policyQualifierIds (1 3 6 1 5 5 7 2)
+
+OID = 06 08 2B 06 01 05 05 07 02 01
+Comment = PKIX policy qualifier
+Description = cps (1 3 6 1 5 5 7 2 1)
+
+OID = 06 08 2B 06 01 05 05 07 02 02
+Comment = PKIX policy qualifier
+Description = unotice (1 3 6 1 5 5 7 2 2)
+
+OID = 06 07 2B 06 01 05 05 07 03
+Comment = PKIX
+Description = keyPurpose (1 3 6 1 5 5 7 3)
+
+OID = 06 08 2B 06 01 05 05 07 03 01
+Comment = PKIX key purpose
+Description = serverAuth (1 3 6 1 5 5 7 3 1)
+
+OID = 06 08 2B 06 01 05 05 07 03 02
+Comment = PKIX key purpose
+Description = clientAuth (1 3 6 1 5 5 7 3 2)
+
+OID = 06 08 2B 06 01 05 05 07 03 03
+Comment = PKIX key purpose
+Description = codeSigning (1 3 6 1 5 5 7 3 3)
+
+OID = 06 08 2B 06 01 05 05 07 03 04
+Comment = PKIX key purpose
+Description = emailProtection (1 3 6 1 5 5 7 3 4)
+
+OID = 06 08 2B 06 01 05 05 07 03 05
+Comment = PKIX key purpose
+Description = ipsecEndSystem (1 3 6 1 5 5 7 3 5)
+
+OID = 06 08 2B 06 01 05 05 07 03 06
+Comment = PKIX key purpose
+Description = ipsecTunnel (1 3 6 1 5 5 7 3 6)
+
+OID = 06 08 2B 06 01 05 05 07 03 07
+Comment = PKIX key purpose
+Description = ipsecUser (1 3 6 1 5 5 7 3 7)
+
+OID = 06 08 2B 06 01 05 05 07 03 08
+Comment = PKIX key purpose
+Description = timeStamping (1 3 6 1 5 5 7 3 8)
+
+OID = 06 08 2B 06 01 05 05 07 03 09
+Comment = PKIX key purpose
+Description = ocspSigning (1 3 6 1 5 5 7 3 9)
+
+OID = 06 07 2B 06 01 05 05 07 04
+Comment = PKIX
+Description = cmpInformationTypes (1 3 6 1 5 5 7 4)
+
+OID = 06 08 2B 06 01 05 05 07 04 01
+Comment = PKIX CMP information
+Description = caProtEncCert (1 3 6 1 5 5 7 4 1)
+
+OID = 06 08 2B 06 01 05 05 07 04 02
+Comment = PKIX CMP information
+Description = signKeyPairTypes (1 3 6 1 5 5 7 4 2)
+
+OID = 06 08 2B 06 01 05 05 07 04 03
+Comment = PKIX CMP information
+Description = encKeyPairTypes (1 3 6 1 5 5 7 4 3)
+
+OID = 06 08 2B 06 01 05 05 07 04 04
+Comment = PKIX CMP information
+Description = preferredSymmAlg (1 3 6 1 5 5 7 4 4)
+
+OID = 06 08 2B 06 01 05 05 07 04 05
+Comment = PKIX CMP information
+Description = caKeyUpdateInfo (1 3 6 1 5 5 7 4 5)
+
+OID = 06 08 2B 06 01 05 05 07 04 06
+Comment = PKIX CMP information
+Description = currentCRL (1 3 6 1 5 5 7 4 6)
+
+OID = 06 08 2B 06 01 05 05 07 04 07
+Comment = PKIX CMP information
+Description = unsupportedOIDs (1 3 6 1 5 5 7 4 7)
+
+OID = 06 08 2B 06 01 05 05 07 04 0A
+Comment = PKIX CMP information
+Description = keyPairParamReq (1 3 6 1 5 5 7 4 10)
+
+OID = 06 08 2B 06 01 05 05 07 04 0B
+Comment = PKIX CMP information
+Description = keyPairParamRep (1 3 6 1 5 5 7 4 11)
+
+OID = 06 08 2B 06 01 05 05 07 04 0C
+Comment = PKIX CMP information
+Description = revPassphrase (1 3 6 1 5 5 7 4 12)
+
+OID = 06 08 2B 06 01 05 05 07 04 0D
+Comment = PKIX CMP information
+Description = implicitConfirm (1 3 6 1 5 5 7 4 13)
+
+OID = 06 08 2B 06 01 05 05 07 04 0E
+Comment = PKIX CMP information
+Description = confirmWaitTime (1 3 6 1 5 5 7 4 14)
+
+OID = 06 08 2B 06 01 05 05 07 04 0F
+Comment = PKIX CMP information
+Description = origPKIMessage (1 3 6 1 5 5 7 4 15)
+
+OID = 06 08 2B 06 01 05 05 07 06 03
+Comment = PKIX algorithm
+Description = dh-sig-hmac-sha1 (1 3 6 1 5 5 7 6 3)
+
+OID = 06 08 2B 06 01 05 05 07 06 04
+Comment = PKIX algorithm
+Description = dh-pop (1 3 6 1 5 5 7 6 4)
+
+# Attribute certificates
+
+OID = 06 08 2B 06 01 05 05 07 0A 01
+Comment = PKIX attribute certificate extension
+Description = authenticationInfo (1 3 6 1 5 5 7 10 1)
+
+OID = 06 08 2B 06 01 05 05 07 0A 02
+Comment = PKIX attribute certificate extension
+Description = accessIdentity (1 3 6 1 5 5 7 10 2)
+
+OID = 06 08 2B 06 01 05 05 07 0A 03
+Comment = PKIX attribute certificate extension
+Description = chargingIdentity (1 3 6 1 5 5 7 10 3)
+
+OID = 06 08 2B 06 01 05 05 07 0A 04
+Comment = PKIX attribute certificate extension
+Description = group (1 3 6 1 5 5 7 10 4)
+
+OID = 06 08 2B 06 01 05 05 07 0A 06
+Comment = PKIX attribute certificate extension
+Description = encAttrs (1 3 6 1 5 5 7 10 6)
+
+# OCSP
+
+OID = 06 08 2B 06 01 05 05 07 30 01
+Comment = PKIX
+Description = ocsp (1 3 6 1 5 5 7 48 1)
+
+OID = 06 09 2B 06 01 05 05 07 30 01 01
+Comment = OCSP
+Description = ocspBasic (1 3 6 1 5 5 7 48 1 1)
+
+OID = 06 09 2B 06 01 05 05 07 30 01 02
+Comment = OCSP
+Description = ocspNonce (1 3 6 1 5 5 7 48 1 2)
+
+OID = 06 09 2B 06 01 05 05 07 30 01 03
+Comment = OCSP
+Description = ocspCRL (1 3 6 1 5 5 7 48 1 3)
+
+OID = 06 09 2B 06 01 05 05 07 30 01 04
+Comment = OCSP
+Description = ocspResponse (1 3 6 1 5 5 7 48 1 4)
+
+OID = 06 09 2B 06 01 05 05 07 30 01 05
+Comment = OCSP
+Description = ocspNoCheck (1 3 6 1 5 5 7 48 1 5)
+
+OID = 06 09 2B 06 01 05 05 07 30 01 06
+Comment = OCSP
+Description = ocspArchiveCutoff (1 3 6 1 5 5 7 48 1 6)
+
+OID = 06 09 2B 06 01 05 05 07 30 01 07
+Comment = OCSP
+Description = ocspServiceLocator (1 3 6 1 5 5 7 48 1 7)
+
+# Some PKIX usage
+
+OID = 06 08 2B 06 01 05 05 07 30 02
+Comment = PKIX authority info access descriptor
+Description = caIssuers (1 3 6 1 5 5 7 48 2)
+
+# ISAKMP
+
+OID = 06 08 2B 06 01 05 05 08 01 01
+Comment = ISAKMP HMAC algorithm
+Description = hmacMD5 (1 3 6 1 5 5 8 1 1)
+
+OID = 06 08 2B 06 01 05 05 08 01 02
+Comment = ISAKMP HMAC algorithm
+Description = hmacSHA (1 3 6 1 5 5 8 1 2)
+
+OID = 06 08 2B 06 01 05 05 08 01 03
+Comment = ISAKMP HMAC algorithm
+Description = hmacTiger (1 3 6 1 5 5 8 1 3)
+
+OID = 06 08 2B 06 01 05 05 08 02 02
+Comment = IKE ???
+Description = iKEIntermediate (1 3 6 1 5 5 8 2 2)
+
+# DEC (via ECMA)
+
+OID = 06 07 2B 0C 02 87 73 07 01
+Comment = DASS algorithm
+Description = decEncryptionAlgorithm (1 3 12 2 1011 7 1)
+
+OID = 06 08 2B 0C 02 87 73 07 01 02
+Comment = DASS encryption algorithm
+Description = decDEA (1 3 12 2 1011 7 1 2)
+
+OID = 06 07 2B 0C 02 87 73 07 02
+Comment = DASS algorithm
+Description = decHashAlgorithm (1 3 12 2 1011 7 2)
+
+OID = 06 07 2B 0C 02 87 73 07 02 01
+Comment = DASS hash algorithm
+Description = decMD2 (1 3 12 2 1011 7 2 1)
+
+OID = 06 07 2B 0C 02 87 73 07 02 02
+Comment = DASS hash algorithm
+Description = decMD4 (1 3 12 2 1011 7 2 2)
+
+OID = 06 07 2B 0C 02 87 73 07 03
+Comment = DASS algorithm
+Description = decSignatureAlgorithm (1 3 12 2 1011 7 3)
+
+OID = 06 07 2B 0C 02 87 73 07 03 01
+Comment = DASS signature algorithm
+Description = decMD2withRSA (1 3 12 2 1011 7 3 1)
+
+OID = 06 07 2B 0C 02 87 73 07 03 02
+Comment = DASS signature algorithm
+Description = decMD4withRSA (1 3 12 2 1011 7 3 2)
+
+OID = 06 07 2B 0C 02 87 73 07 03 03
+Comment = DASS signature algorithm
+Description = decDEAMAC (1 3 12 2 1011 7 3 3)
+
+# NIST Open Systems Environment (OSE) Implementor's Workshop (OIW),
+# specialising in oddball and partially-defunct OIDs
+
+OID = 06 05 2B 0E 02 1A 05
+Comment = Unsure about this OID
+Description = sha (1 3 14 2 26 5)
+
+OID = 06 06 2B 0E 03 02 01 01
+Comment = X.509. Unsure about this OID
+Description = rsa (1 3 14 3 2 1 1)
+
+OID = 06 05 2B 0E 03 02 02
+Comment = Oddball OIW OID
+Description = md4WitRSA (1 3 14 3 2 2)
+
+OID = 06 05 2B 0E 03 02 03
+Comment = Oddball OIW OID
+Description = md5WithRSA (1 3 14 3 2 3)
+
+OID = 06 05 2B 0E 03 02 04
+Comment = Oddball OIW OID
+Description = md4WithRSAEncryption (1 3 14 3 2 4)
+
+OID = 06 06 2B 0E 03 02 02 01
+Comment = X.509. Deprecated
+Description = sqmod-N (1 3 14 3 2 2 1)
+Warning
+
+OID = 06 06 2B 0E 03 02 03 01
+Comment = X.509. Deprecated
+Description = sqmod-NwithRSA (1 3 14 3 2 3 1)
+Warning
+
+OID = 06 05 2B 0E 03 02 06
+Description = desECB (1 3 14 3 2 6)
+
+OID = 06 05 2B 0E 03 02 07
+Description = desCBC (1 3 14 3 2 7)
+
+OID = 06 05 2B 0E 03 02 08
+Description = desOFB (1 3 14 3 2 8)
+
+OID = 06 05 2B 0E 03 02 09
+Description = desCFB (1 3 14 3 2 9)
+
+OID = 06 05 2B 0E 03 02 0A
+Description = desMAC (1 3 14 3 2 10)
+
+OID = 06 05 2B 0E 03 02 0B
+Comment = ISO 9796-2, also X9.31 Part 1
+Description = rsaSignature (1 3 14 3 2 11)
+
+OID = 06 05 2B 0E 03 02 0C
+Comment = OIW?, supposedly from an incomplete version of SDN.701 (doesn't match final SDN.701)
+Description = dsa (1 3 14 3 2 12)
+Warning
+
+OID = 06 05 2B 0E 03 02 0D
+Comment = Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27)
+# Their response was that they know it's wrong, but noone uses SHA0 so it won't
+# cause any problems, right?
+Description = dsaWithSHA (1 3 14 3 2 13)
+Warning
+
+# The various md<x>WithRSASIsignature OIDs are for the ANSI X9.31 draft and use
+# ISO 9796-2 padding rules. This work was derailed during the PKP brouhaha and
+# is still in progress
+OID = 06 05 2B 0E 03 02 0E
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = mdc2WithRSASignature (1 3 14 3 2 14)
+
+OID = 06 05 2B 0E 03 02 0F
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = shaWithRSASignature (1 3 14 3 2 15)
+
+OID = 06 05 2B 0E 03 02 10
+Comment = Oddball OIW OID. Deprecated, use a plain DH OID instead
+Description = dhWithCommonModulus (1 3 14 3 2 16)
+Warning
+
+OID = 06 05 2B 0E 03 02 11
+Comment = Oddball OIW OID. Mode is ECB
+Description = desEDE (1 3 14 3 2 17)
+
+OID = 06 05 2B 0E 03 02 12
+Comment = Oddball OIW OID
+Description = sha (1 3 14 3 2 18)
+
+OID = 06 05 2B 0E 03 02 13
+Comment = Oddball OIW OID, DES-based hash, planned for X9.31 Part 2
+Description = mdc-2 (1 3 14 3 2 19)
+
+OID = 06 05 2B 0E 03 02 14
+Comment = Oddball OIW OID. Deprecated, use a plain DSA OID instead
+Description = dsaCommon (1 3 14 3 2 20)
+Warning
+
+OID = 06 05 2B 0E 03 02 15
+Comment = Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead
+Description = dsaCommonWithSHA (1 3 14 3 2 21)
+Warning
+
+OID = 06 05 2B 0E 03 02 16
+Comment = Oddball OIW OID
+Description = rsaKeyTransport (1 3 14 3 2 22)
+
+OID = 06 05 2B 0E 03 02 17
+Comment = Oddball OIW OID
+Description = keyed-hash-seal (1 3 14 3 2 23)
+
+OID = 06 05 2B 0E 03 02 18
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = md2WithRSASignature (1 3 14 3 2 24)
+
+OID = 06 05 2B 0E 03 02 19
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = md5WithRSASignature (1 3 14 3 2 25)
+
+OID = 06 05 2B 0E 03 02 1A
+Comment = OIW
+Description = sha1 (1 3 14 3 2 26)
+
+# Yet another multiply-assigned OID
+OID = 06 05 2B 0E 03 02 1B
+Comment = OIW. This OID may also be assigned as ripemd-160
+Description = dsaWithSHA1 (1 3 14 3 2 27)
+
+OID = 06 05 2B 0E 03 02 1C
+Comment = OIW
+Description = dsaWithCommonSHA1 (1 3 14 3 2 28)
+
+OID = 06 05 2B 0E 03 02 1D
+Comment = Oddball OIW OID
+Description = sha-1WithRSAEncryption (1 3 14 3 2 29)
+
+OID = 06 05 2B 0E 03 03 01
+Comment = Oddball OIW OID
+Description = simple-strong-auth-mechanism (1 3 14 3 3 1)
+
+OID = 06 06 2B 0E 07 02 01 01
+Comment = Unsure about this OID
+Description = ElGamal (1 3 14 7 2 1 1)
+
+OID = 06 06 2B 0E 07 02 03 01
+Comment = Unsure about this OID
+Description = md2WithRSA (1 3 14 7 2 3 1)
+
+OID = 06 06 2B 0E 07 02 03 02
+Comment = Unsure about this OID
+Description = md2WithElGamal (1 3 14 7 2 3 2)
+
+# Teletrust
+
+OID = 06 03 2B 24 01
+Comment = Teletrust document
+Description = document (1 3 36 1)
+
+OID = 06 04 2B 24 01 01
+Comment = Teletrust document
+Description = finalVersion (1 3 36 1 1)
+
+OID = 06 04 2B 24 01 02
+Comment = Teletrust document
+Description = draft (1 3 36 1 2)
+
+OID = 06 03 2B 24 02
+Comment = Teletrust sio
+Description = sio (1 3 36 2)
+
+OID = 06 04 2B 24 02 01
+Comment = Teletrust sio
+Description = sedu (1 3 36 2 1)
+
+OID = 06 03 2B 24 03
+Comment = Teletrust algorithm
+Description = algorithm (1 3 36 3)
+
+OID = 06 04 2B 24 03 01
+Comment = Teletrust algorithm
+Description = encryptionAlgorithm (1 3 36 3 1)
+
+OID = 06 05 2B 24 03 01 01
+Comment = Teletrust encryption algorithm
+Description = des (1 3 36 3 1 1)
+
+OID = 06 06 2B 24 03 01 01 01
+Comment = Teletrust encryption algorithm
+Description = desECB_pad (1 3 36 3 1 1 1)
+
+OID = 06 07 2B 24 03 01 01 01 01
+Comment = Teletrust encryption algorithm
+Description = desECB_ISOpad (1 3 36 3 1 1 1 1)
+
+OID = 06 07 2B 24 03 01 01 02 01
+Comment = Teletrust encryption algorithm
+Description = desCBC_pad (1 3 36 3 1 1 2 1)
+
+OID = 06 08 2B 24 03 01 01 02 01 01
+Comment = Teletrust encryption algorithm
+Description = desCBC_ISOpad (1 3 36 3 1 1 2 1 1)
+
+OID = 06 05 2B 24 03 01 03
+Comment = Teletrust encryption algorithm
+Description = des_3 (1 3 36 3 1 3)
+
+OID = 06 07 2B 24 03 01 03 01 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3ECB_pad (1 3 36 3 1 3 1 1)
+
+OID = 06 08 2B 24 03 01 03 01 01 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1)
+
+OID = 06 07 2B 24 03 01 03 02 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3CBC_pad (1 3 36 3 1 3 2 1)
+
+OID = 06 08 2B 24 03 01 03 02 01 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1)
+
+OID = 06 05 2B 24 03 01 02
+Comment = Teletrust encryption algorithm
+Description = idea (1 3 36 3 1 2)
+
+OID = 06 06 2B 24 03 01 02 01
+Comment = Teletrust encryption algorithm
+Description = ideaECB (1 3 36 3 1 2 1)
+
+OID = 06 07 2B 24 03 01 02 01 01
+Comment = Teletrust encryption algorithm
+Description = ideaECB_pad (1 3 36 3 1 2 1 1)
+
+OID = 06 08 2B 24 03 01 02 01 01 01
+Comment = Teletrust encryption algorithm
+Description = ideaECB_ISOpad (1 3 36 3 1 2 1 1 1)
+
+OID = 06 06 2B 24 03 01 02 02
+Comment = Teletrust encryption algorithm
+Description = ideaCBC (1 3 36 3 1 2 2)
+
+OID = 06 07 2B 24 03 01 02 02 01
+Comment = Teletrust encryption algorithm
+Description = ideaCBC_pad (1 3 36 3 1 2 2 1)
+
+OID = 06 08 2B 24 03 01 02 02 01 01
+Comment = Teletrust encryption algorithm
+Description = ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1)
+
+OID = 06 06 2B 24 03 01 02 03
+Comment = Teletrust encryption algorithm
+Description = ideaOFB (1 3 36 3 1 2 3)
+
+OID = 06 06 2B 24 03 01 02 04
+Comment = Teletrust encryption algorithm
+Description = ideaCFB (1 3 36 3 1 2 4)
+
+OID = 06 05 2B 24 03 01 04
+Comment = Teletrust encryption algorithm
+Description = rsaEncryption (1 3 36 3 1 4)
+
+OID = 06 08 2B 24 03 01 04 84 00 11
+Comment = Teletrust encryption algorithm
+Description = rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17)
+
+OID = 06 05 2B 24 03 01 05
+Comment = Teletrust encryption algorithm
+Description = bsi-1 (1 3 36 3 1 5)
+
+OID = 06 06 2B 24 03 01 05 01
+Comment = Teletrust encryption algorithm
+Description = bsi_1ECB_pad (1 3 36 3 1 5 1)
+
+OID = 06 06 2B 24 03 01 05 02
+Comment = Teletrust encryption algorithm
+Description = bsi_1CBC_pad (1 3 36 3 1 5 2)
+
+OID = 06 07 2B 24 03 01 05 02 01
+Comment = Teletrust encryption algorithm
+Description = bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1)
+
+OID = 06 04 2B 24 03 02
+Comment = Teletrust algorithm
+Description = hashAlgorithm (1 3 36 3 2)
+
+OID = 06 05 2B 24 03 02 01
+Comment = Teletrust hash algorithm
+Description = ripemd160 (1 3 36 3 2 1)
+
+OID = 06 05 2B 24 03 02 02
+Comment = Teletrust hash algorithm
+Description = ripemd128 (1 3 36 3 2 2)
+
+OID = 06 05 2B 24 03 02 03
+Comment = Teletrust hash algorithm
+Description = ripemd256 (1 3 36 3 2 3)
+
+OID = 06 05 2B 24 03 02 04
+Comment = Teletrust hash algorithm
+Description = mdc2singleLength (1 3 36 3 2 4)
+
+OID = 06 05 2B 24 03 02 05
+Comment = Teletrust hash algorithm
+Description = mdc2doubleLength (1 3 36 3 2 5)
+
+OID = 06 04 2B 24 03 03
+Comment = Teletrust algorithm
+Description = signatureAlgorithm (1 3 36 3 3)
+
+OID = 06 05 2B 24 03 03 01
+Comment = Teletrust signature algorithm
+Description = rsaSignature (1 3 36 3 3 1)
+
+OID = 06 06 2B 24 03 03 01 01
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1 (1 3 36 3 3 1 1)
+
+# What *were* they thinking?
+OID = 06 09 2B 24 03 03 01 01 84 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2)
+OID = 06 09 2B 24 03 03 01 01 85 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2)
+OID = 06 09 2B 24 03 03 01 01 86 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2)
+OID = 06 09 2B 24 03 03 01 01 87 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 892 2)
+OID = 06 09 2B 24 03 03 01 01 88 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2)
+OID = 06 09 2B 24 03 03 01 01 84 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3)
+OID = 06 09 2B 24 03 03 01 01 85 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3)
+OID = 06 09 2B 24 03 03 01 01 86 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3)
+OID = 06 09 2B 24 03 03 01 01 87 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3)
+OID = 06 09 2B 24 03 03 01 01 88 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3)
+OID = 06 09 2B 24 03 03 01 01 84 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5)
+OID = 06 09 2B 24 03 03 01 01 85 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5)
+OID = 06 09 2B 24 03 03 01 01 86 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5)
+OID = 06 09 2B 24 03 03 01 01 87 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5)
+OID = 06 09 2B 24 03 03 01 01 88 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5)
+OID = 06 09 2B 24 03 03 01 01 84 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9)
+OID = 06 09 2B 24 03 03 01 01 85 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9)
+OID = 06 09 2B 24 03 03 01 01 86 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9)
+OID = 06 09 2B 24 03 03 01 01 87 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9)
+OID = 06 09 2B 24 03 03 01 01 88 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9)
+OID = 06 09 2B 24 03 03 01 01 84 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11)
+OID = 06 09 2B 24 03 03 01 01 85 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11)
+OID = 06 09 2B 24 03 03 01 01 86 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11)
+OID = 06 09 2B 24 03 03 01 01 87 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11)
+OID = 06 09 2B 24 03 03 01 01 88 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11)
+
+OID = 06 06 2B 24 03 03 01 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160 (1 3 36 3 3 1 2)
+
+OID = 06 09 2B 24 03 03 01 02 84 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2)
+OID = 06 09 2B 24 03 03 01 02 85 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2)
+OID = 06 09 2B 24 03 03 01 02 86 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2)
+OID = 06 09 2B 24 03 03 01 02 87 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 892 2)
+OID = 06 09 2B 24 03 03 01 02 88 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2)
+OID = 06 09 2B 24 03 03 01 02 84 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3)
+OID = 06 09 2B 24 03 03 01 02 85 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3)
+OID = 06 09 2B 24 03 03 01 02 86 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3)
+OID = 06 09 2B 24 03 03 01 02 87 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3)
+OID = 06 09 2B 24 03 03 01 02 88 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3)
+OID = 06 09 2B 24 03 03 01 02 84 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5)
+OID = 06 09 2B 24 03 03 01 02 85 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5)
+OID = 06 09 2B 24 03 03 01 02 86 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5)
+OID = 06 09 2B 24 03 03 01 02 87 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5)
+OID = 06 09 2B 24 03 03 01 02 88 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5)
+OID = 06 09 2B 24 03 03 01 02 84 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9)
+OID = 06 09 2B 24 03 03 01 02 85 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9)
+OID = 06 09 2B 24 03 03 01 02 86 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9)
+OID = 06 09 2B 24 03 03 01 02 87 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9)
+OID = 06 09 2B 24 03 03 01 02 88 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9)
+OID = 06 09 2B 24 03 03 01 02 84 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11)
+OID = 06 09 2B 24 03 03 01 02 85 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11)
+OID = 06 09 2B 24 03 03 01 02 86 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11)
+OID = 06 09 2B 24 03 03 01 02 87 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11)
+OID = 06 09 2B 24 03 03 01 02 88 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11)
+
+OID = 06 06 2B 24 03 03 01 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3)
+
+OID = 06 06 2B 24 03 03 01 04
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4)
+
+OID = 06 05 2B 24 03 03 02
+Comment = Teletrust signature algorithm
+Description = ecsieSign (1 3 36 3 3 2)
+
+OID = 06 06 2B 24 03 03 02 01
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithsha1 (1 3 36 3 3 2 1)
+
+OID = 06 06 2B 24 03 03 02 02
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithripemd160 (1 3 36 3 3 2 2)
+
+OID = 06 06 2B 24 03 03 02 03
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithmd2 (1 3 36 3 3 2 3)
+
+OID = 06 06 2B 24 03 03 02 04
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithmd5 (1 3 36 3 3 2 4)
+
+OID = 06 04 2B 24 03 04
+Comment = Teletrust algorithm
+Description = signatureScheme (1 3 36 3 4)
+
+OID = 06 05 2B 24 03 04 01
+Comment = Teletrust signature scheme
+Description = sigS_ISO9796-1 (1 3 36 3 4 1)
+
+OID = 06 05 2B 24 03 04 02
+Comment = Teletrust signature scheme
+Description = sigS_ISO9796-2 (1 3 36 3 4 2)
+
+OID = 06 05 2B 24 03 04 02 01
+Comment = Teletrust signature scheme. Unsure what this is supposed to be
+Description = sigS_ISO9796-2Withred (1 3 36 3 4 2 1)
+
+OID = 06 06 2B 24 03 04 02 02
+Comment = Teletrust signature scheme. Unsure what this is supposed to be
+Description = sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2)
+
+OID = 06 06 2B 24 03 04 02 03
+Comment = Teletrust signature scheme. 9796-2 with random number in padding field
+Description = sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3)
+
+OID = 06 03 2B 24 04
+Comment = Teletrust attribute
+Description = attribute (1 3 36 4)
+
+OID = 06 03 2B 24 05
+Comment = Teletrust policy
+Description = policy (1 3 36 5)
+
+OID = 06 03 2B 24 06
+Comment = Teletrust API
+Description = api (1 3 36 6)
+
+OID = 06 04 2B 24 06 01
+Comment = Teletrust API
+Description = manufacturer-specific_api (1 3 36 6 1)
+
+OID = 06 05 2B 24 06 01 01
+Comment = Teletrust API
+Description = utimaco-api (1 3 36 6 1 1)
+
+OID = 06 04 2B 24 06 02
+Comment = Teletrust API
+Description = functionality-specific_api (1 3 36 6 2)
+
+OID = 06 03 2B 24 07
+Comment = Teletrust key management
+Description = keymgmnt (1 3 36 7)
+
+OID = 06 04 2B 24 07 01
+Comment = Teletrust key management
+Description = keyagree (1 3 36 7 1)
+
+OID = 06 05 2B 24 07 01 01
+Comment = Teletrust key management
+Description = bsiPKE (1 3 36 7 1 1)
+
+OID = 06 04 2B 24 07 02
+Comment = Teletrust key management
+Description = keytrans (1 3 36 7 2)
+
+OID = 06 05 2B 24 07 02 01
+Comment = Teletrust key management. 9796-2 with key stored in hash field
+Description = encISO9796-2Withrsa (1 3 36 7 2 1)
+
+OID = 06 05 2B 24 08 01 01
+Comment = Teletrust policy
+Description = sigiSigConform (1 3 36 8 1 1)
+
+OID = 06 05 2B 24 08 02 01
+Comment = Teletrust extended key usage
+Description = directoryService (1 3 36 8 2 1)
+
+OID = 06 05 2B 24 08 03 01
+Comment = Teletrust attribute
+Description = dateOfCertGen (1 3 36 8 3 1)
+
+OID = 06 05 2B 24 08 03 02
+Comment = Teletrust attribute
+Description = procuration (1 3 36 8 3 2)
+
+OID = 06 05 2B 24 08 03 03
+Comment = Teletrust attribute
+Description = admission (1 3 36 8 3 3)
+
+OID = 06 05 2B 24 08 03 04
+Comment = Teletrust attribute
+Description = monetaryLimit (1 3 36 8 3 4)
+
+OID = 06 05 2B 24 08 03 05
+Comment = Teletrust attribute
+Description = declarationOfMajority (1 3 36 8 3 5)
+
+OID = 06 05 2B 24 08 03 06
+Comment = Teletrust attribute
+Description = integratedCircuitCardSerialNumber (1 3 36 8 3 6)
+
+OID = 06 05 2B 24 08 03 07
+Comment = Teletrust attribute
+Description = pKReference (1 3 36 8 3 7)
+
+OID = 06 05 2B 24 08 03 08
+Comment = Teletrust attribute
+Description = restriction (1 3 36 8 3 8)
+
+OID = 06 05 2B 24 08 03 09
+Comment = Teletrust attribute
+Description = retrieveIfAllowed (1 3 36 8 3 9)
+
+OID = 06 05 2B 24 08 03 0A
+Comment = Teletrust attribute
+Description = requestedCertificate (1 3 36 8 3 10)
+
+OID = 06 05 2B 24 08 03 0B
+Comment = Teletrust attribute
+Description = namingAuthorities (1 3 36 8 3 11)
+
+OID = 06 05 2B 24 08 03 0C
+Comment = Teletrust attribute
+Description = certInDirSince (1 3 36 8 3 12)
+
+OID = 06 05 2B 24 08 03 0D
+Comment = Teletrust attribute
+Description = certHash (1 3 36 8 3 13)
+
+OID = 06 05 2B 24 08 04 01
+Comment = Teletrust OtherName attribute
+Description = personalData (1 3 36 8 4 1)
+
+OID = 06 05 2B 24 08 04 08
+Comment = Teletrust attribute certificate attribute
+Description = restriction (1 3 36 8 4 8)
+
+OID = 06 07 2B 24 08 05 01 01 01
+Comment = Teletrust signature algorithm
+Description = rsaIndicateSHA1 (1 3 36 8 5 1 1 1)
+
+OID = 06 07 2B 24 08 05 01 01 02
+Comment = Teletrust signature algorithm
+Description = rsaIndicateRIPEMD160 (1 3 36 8 5 1 1 2)
+
+OID = 06 07 2B 24 08 05 01 01 03
+Comment = Teletrust signature algorithm
+Description = rsaWithSHA1 (1 3 36 8 5 1 1 3)
+
+OID = 06 07 2B 24 08 05 01 01 04
+Comment = Teletrust signature algorithm
+Description = rsaWithRIPEMD160 (1 3 36 8 5 1 1 4)
+
+OID = 06 07 2B 24 08 05 01 02 01
+Comment = Teletrust signature algorithm
+Description = dsaExtended (1 3 36 8 5 1 2 1)
+
+OID = 06 07 2B 24 08 05 01 02 02
+Comment = Teletrust signature algorithm
+Description = dsaWithRIPEMD160 (1 3 36 8 5 1 2 2)
+
+OID = 06 05 2B 24 08 06 01
+Comment = Teletrust signature attributes
+Description = cert (1 3 36 8 6 1)
+
+OID = 06 05 2B 24 08 06 02
+Comment = Teletrust signature attributes
+Description = certRef (1 3 36 8 6 2)
+
+OID = 06 05 2B 24 08 06 03
+Comment = Teletrust signature attributes
+Description = attrCert (1 3 36 8 6 3)
+
+OID = 06 05 2B 24 08 06 04
+Comment = Teletrust signature attributes
+Description = attrRef (1 3 36 8 6 4)
+
+OID = 06 05 2B 24 08 06 05
+Comment = Teletrust signature attributes
+Description = fileName (1 3 36 8 6 5)
+
+OID = 06 05 2B 24 08 06 06
+Comment = Teletrust signature attributes
+Description = storageTime (1 3 36 8 6 6)
+
+OID = 06 05 2B 24 08 06 07
+Comment = Teletrust signature attributes
+Description = fileSize (1 3 36 8 6 7)
+
+OID = 06 05 2B 24 08 06 08
+Comment = Teletrust signature attributes
+Description = location (1 3 36 8 6 8)
+
+OID = 06 05 2B 24 08 06 09
+Comment = Teletrust signature attributes
+Description = sigNumber (1 3 36 8 6 9)
+
+OID = 06 05 2B 24 08 06 0A
+Comment = Teletrust signature attributes
+Description = autoGen (1 3 36 8 6 10)
+
+OID = 06 06 2B 24 08 07 01 01
+Comment = Teletrust presentation types
+Description = ptAdobeILL (1 3 36 8 7 1 1)
+
+OID = 06 06 2B 24 08 07 01 02
+Comment = Teletrust presentation types
+Description = ptAmiPro (1 3 36 8 7 1 2)
+
+OID = 06 06 2B 24 08 07 01 03
+Comment = Teletrust presentation types
+Description = ptAutoCAD (1 3 36 8 7 1 3)
+
+OID = 06 06 2B 24 08 07 01 04
+Comment = Teletrust presentation types
+Description = ptBinary (1 3 36 8 7 1 4)
+
+OID = 06 06 2B 24 08 07 01 05
+Comment = Teletrust presentation types
+Description = ptBMP (1 3 36 8 7 1 5)
+
+OID = 06 06 2B 24 08 07 01 06
+Comment = Teletrust presentation types
+Description = ptCGM (1 3 36 8 7 1 6)
+
+OID = 06 06 2B 24 08 07 01 07
+Comment = Teletrust presentation types
+Description = ptCorelCRT (1 3 36 8 7 1 7)
+
+OID = 06 06 2B 24 08 07 01 08
+Comment = Teletrust presentation types
+Description = ptCorelDRW (1 3 36 8 7 1 8)
+
+OID = 06 06 2B 24 08 07 01 09
+Comment = Teletrust presentation types
+Description = ptCorelEXC (1 3 36 8 7 1 9)
+
+OID = 06 06 2B 24 08 07 01 0A
+Comment = Teletrust presentation types
+Description = ptCorelPHT (1 3 36 8 7 1 10)
+
+OID = 06 06 2B 24 08 07 01 0B
+Comment = Teletrust presentation types
+Description = ptDraw (1 3 36 8 7 1 11)
+
+OID = 06 06 2B 24 08 07 01 0C
+Comment = Teletrust presentation types
+Description = ptDVI (1 3 36 8 7 1 12)
+
+OID = 06 06 2B 24 08 07 01 0D
+Comment = Teletrust presentation types
+Description = ptEPS (1 3 36 8 7 1 13)
+
+OID = 06 06 2B 24 08 07 01 0E
+Comment = Teletrust presentation types
+Description = ptExcel (1 3 36 8 7 1 14)
+
+OID = 06 06 2B 24 08 07 01 0F
+Comment = Teletrust presentation types
+Description = ptGEM (1 3 36 8 7 1 15)
+
+OID = 06 06 2B 24 08 07 01 10
+Comment = Teletrust presentation types
+Description = ptGIF (1 3 36 8 7 1 16)
+
+OID = 06 06 2B 24 08 07 01 11
+Comment = Teletrust presentation types
+Description = ptHPGL (1 3 36 8 7 1 17)
+
+OID = 06 06 2B 24 08 07 01 12
+Comment = Teletrust presentation types
+Description = ptJPEG (1 3 36 8 7 1 18)
+
+OID = 06 06 2B 24 08 07 01 13
+Comment = Teletrust presentation types
+Description = ptKodak (1 3 36 8 7 1 19)
+
+OID = 06 06 2B 24 08 07 01 14
+Comment = Teletrust presentation types
+Description = ptLaTeX (1 3 36 8 7 1 20)
+
+OID = 06 06 2B 24 08 07 01 15
+Comment = Teletrust presentation types
+Description = ptLotus (1 3 36 8 7 1 21)
+
+OID = 06 06 2B 24 08 07 01 16
+Comment = Teletrust presentation types
+Description = ptLotusPIC (1 3 36 8 7 1 22)
+
+OID = 06 06 2B 24 08 07 01 17
+Comment = Teletrust presentation types
+Description = ptMacPICT (1 3 36 8 7 1 23)
+
+OID = 06 06 2B 24 08 07 01 18
+Comment = Teletrust presentation types
+Description = ptMacWord (1 3 36 8 7 1 24)
+
+OID = 06 06 2B 24 08 07 01 19
+Comment = Teletrust presentation types
+Description = ptMSWfD (1 3 36 8 7 1 25)
+
+OID = 06 06 2B 24 08 07 01 1A
+Comment = Teletrust presentation types
+Description = ptMSWord (1 3 36 8 7 1 26)
+
+OID = 06 06 2B 24 08 07 01 1B
+Comment = Teletrust presentation types
+Description = ptMSWord2 (1 3 36 8 7 1 27)
+
+OID = 06 06 2B 24 08 07 01 1C
+Comment = Teletrust presentation types
+Description = ptMSWord6 (1 3 36 8 7 1 28)
+
+OID = 06 06 2B 24 08 07 01 1D
+Comment = Teletrust presentation types
+Description = ptMSWord8 (1 3 36 8 7 1 29)
+
+OID = 06 06 2B 24 08 07 01 1E
+Comment = Teletrust presentation types
+Description = ptPDF (1 3 36 8 7 1 30)
+
+OID = 06 06 2B 24 08 07 01 1F
+Comment = Teletrust presentation types
+Description = ptPIF (1 3 36 8 7 1 31)
+
+OID = 06 06 2B 24 08 07 01 20
+Comment = Teletrust presentation types
+Description = ptPostscript (1 3 36 8 7 1 32)
+
+OID = 06 06 2B 24 08 07 01 21
+Comment = Teletrust presentation types
+Description = ptRTF (1 3 36 8 7 1 33)
+
+OID = 06 06 2B 24 08 07 01 22
+Comment = Teletrust presentation types
+Description = ptSCITEX (1 3 36 8 7 1 34)
+
+OID = 06 06 2B 24 08 07 01 23
+Comment = Teletrust presentation types
+Description = ptTAR (1 3 36 8 7 1 35)
+
+OID = 06 06 2B 24 08 07 01 24
+Comment = Teletrust presentation types
+Description = ptTarga (1 3 36 8 7 1 36)
+
+OID = 06 06 2B 24 08 07 01 25
+Comment = Teletrust presentation types
+Description = ptTeX (1 3 36 8 7 1 37)
+
+OID = 06 06 2B 24 08 07 01 26
+Comment = Teletrust presentation types
+Description = ptText (1 3 36 8 7 1 38)
+
+OID = 06 06 2B 24 08 07 01 27
+Comment = Teletrust presentation types
+Description = ptTIFF (1 3 36 8 7 1 39)
+
+OID = 06 06 2B 24 08 07 01 28
+Comment = Teletrust presentation types
+Description = ptTIFF-FC (1 3 36 8 7 1 40)
+
+OID = 06 06 2B 24 08 07 01 29
+Comment = Teletrust presentation types
+Description = ptUID (1 3 36 8 7 1 41)
+
+OID = 06 06 2B 24 08 07 01 2A
+Comment = Teletrust presentation types
+Description = ptUUEncode (1 3 36 8 7 1 42)
+
+OID = 06 06 2B 24 08 07 01 2B
+Comment = Teletrust presentation types
+Description = ptWMF (1 3 36 8 7 1 43)
+
+OID = 06 06 2B 24 08 07 01 2C
+Comment = Teletrust presentation types
+Description = ptWordPerfect (1 3 36 8 7 1 44)
+
+OID = 06 06 2B 24 08 07 01 2D
+Comment = Teletrust presentation types
+Description = ptWPGrph (1 3 36 8 7 1 45)
+
+# Thawte
+
+OID = 06 04 2B 65 01 04
+Comment = Thawte
+Description = thawte-ce (1 3 101 1 4)
+
+OID = 06 05 2B 65 01 04 01
+Comment = Thawte certificate extension
+Description = strongExtranet (1 3 101 1 4 1)
+
+# X.520
+
+OID = 06 03 55 04 00
+Comment = X.520 id-at (2 5 4)
+Description = objectClass (2 5 4 0)
+
+OID = 06 03 55 04 01
+Comment = X.520 id-at (2 5 4)
+Description = aliasedEntryName (2 5 4 1)
+
+OID = 06 03 55 04 02
+Comment = X.520 id-at (2 5 4)
+Description = knowledgeInformation (2 5 4 2)
+
+OID = 06 03 55 04 03
+Comment = X.520 id-at (2 5 4)
+Description = commonName (2 5 4 3)
+
+OID = 06 03 55 04 04
+Comment = X.520 id-at (2 5 4)
+Description = surname (2 5 4 4)
+
+OID = 06 03 55 04 05
+Comment = X.520 id-at (2 5 4)
+Description = serialNumber (2 5 4 5)
+
+OID = 06 03 55 04 06
+Comment = X.520 id-at (2 5 4)
+Description = countryName (2 5 4 6)
+
+OID = 06 03 55 04 07
+Comment = X.520 id-at (2 5 4)
+Description = localityName (2 5 4 7)
+
+OID = 06 04 55 04 07 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveLocalityName (2 5 4 7 1)
+
+OID = 06 03 55 04 08
+Comment = X.520 id-at (2 5 4)
+Description = stateOrProvinceName (2 5 4 8)
+
+OID = 06 04 55 04 08 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveStateOrProvinceName (2 5 4 8 1)
+
+OID = 06 03 55 04 09
+Comment = X.520 id-at (2 5 4)
+Description = streetAddress (2 5 4 9)
+
+OID = 06 04 55 04 09 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveStreetAddress (2 5 4 9 1)
+
+OID = 06 03 55 04 0A
+Comment = X.520 id-at (2 5 4)
+Description = organizationName (2 5 4 10)
+
+OID = 06 04 55 04 0A 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveOrganizationName (2 5 4 10 1)
+
+OID = 06 03 55 04 0B
+Comment = X.520 id-at (2 5 4)
+Description = organizationalUnitName (2 5 4 11)
+
+OID = 06 04 55 04 0B 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveOrganizationalUnitName (2 5 4 11 1)
+
+OID = 06 03 55 04 0C
+Comment = X.520 id-at (2 5 4)
+Description = title (2 5 4 12)
+
+OID = 06 03 55 04 0D
+Comment = X.520 id-at (2 5 4)
+Description = description (2 5 4 13)
+
+OID = 06 03 55 04 0E
+Comment = X.520 id-at (2 5 4)
+Description = searchGuide (2 5 4 14)
+
+OID = 06 03 55 04 0F
+Comment = X.520 id-at (2 5 4)
+Description = businessCategory (2 5 4 15)
+
+OID = 06 03 55 04 10
+Comment = X.520 id-at (2 5 4)
+Description = postalAddress (2 5 4 16)
+
+OID = 06 04 55 04 10 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePostalAddress (2 5 4 16 1)
+
+OID = 06 03 55 04 11
+Comment = X.520 id-at (2 5 4)
+Description = postalCode (2 5 4 17)
+
+OID = 06 04 55 04 11 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePostalCode (2 5 4 17 1)
+
+OID = 06 03 55 04 12
+Comment = X.520 id-at (2 5 4)
+Description = postOfficeBox (2 5 4 18)
+
+OID = 06 04 55 04 12 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePostOfficeBox (2 5 4 18 1)
+
+OID = 06 03 55 04 13
+Comment = X.520 id-at (2 5 4)
+Description = physicalDeliveryOfficeName (2 5 4 19)
+
+OID = 06 04 55 04 13 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePhysicalDeliveryOfficeName (2 5 4 19 1)
+
+OID = 06 03 55 04 14
+Comment = X.520 id-at (2 5 4)
+Description = telephoneNumber (2 5 4 20)
+
+OID = 06 04 55 04 14 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveTelephoneNumber (2 5 4 20 1)
+
+OID = 06 03 55 04 15
+Comment = X.520 id-at (2 5 4)
+Description = telexNumber (2 5 4 21)
+
+OID = 06 04 55 04 15 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveTelexNumber (2 5 4 21 1)
+
+OID = 06 03 55 04 16
+Comment = X.520 id-at (2 5 4)
+Description = teletexTerminalIdentifier (2 5 4 22)
+
+OID = 06 04 55 04 16 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveTeletexTerminalIdentifier (2 5 4 22 1)
+
+OID = 06 03 55 04 17
+Comment = X.520 id-at (2 5 4)
+Description = facsimileTelephoneNumber (2 5 4 23)
+
+OID = 06 04 55 04 17 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveFacsimileTelephoneNumber (2 5 4 23 1)
+
+OID = 06 03 55 04 18
+Comment = X.520 id-at (2 5 4)
+Description = x121Address (2 5 4 24)
+
+OID = 06 03 55 04 19
+Comment = X.520 id-at (2 5 4)
+Description = internationalISDNNumber (2 5 4 25)
+
+OID = 06 04 55 04 19 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveInternationalISDNNumber (2 5 4 25 1)
+
+OID = 06 03 55 04 1A
+Comment = X.520 id-at (2 5 4)
+Description = registeredAddress (2 5 4 26)
+
+OID = 06 03 55 04 1B
+Comment = X.520 id-at (2 5 4)
+Description = destinationIndicator (2 5 4 27)
+
+OID = 06 03 55 04 1C
+Comment = X.520 id-at (2 5 4)
+Description = preferredDeliveryMehtod (2 5 4 28)
+
+OID = 06 03 55 04 1D
+Comment = X.520 id-at (2 5 4)
+Description = presentationAddress (2 5 4 29)
+
+OID = 06 03 55 04 1E
+Comment = X.520 id-at (2 5 4)
+Description = supportedApplicationContext (2 5 4 30)
+
+OID = 06 03 55 04 1F
+Comment = X.520 id-at (2 5 4)
+Description = member (2 5 4 31)
+
+OID = 06 03 55 04 20
+Comment = X.520 id-at (2 5 4)
+Description = owner (2 5 4 32)
+
+OID = 06 03 55 04 21
+Comment = X.520 id-at (2 5 4)
+Description = roleOccupant (2 5 4 33)
+
+OID = 06 03 55 04 22
+Comment = X.520 id-at (2 5 4)
+Description = seeAlso (2 5 4 34)
+
+OID = 06 03 55 04 23
+Comment = X.520 id-at (2 5 4)
+Description = userPassword (2 5 4 35)
+
+OID = 06 03 55 04 24
+Comment = X.520 id-at (2 5 4)
+Description = userCertificate (2 5 4 36)
+
+OID = 06 03 55 04 25
+Comment = X.520 id-at (2 5 4)
+Description = caCertificate (2 5 4 37)
+
+OID = 06 03 55 04 26
+Comment = X.520 id-at (2 5 4)
+Description = authorityRevocationList (2 5 4 38)
+
+OID = 06 03 55 04 27
+Comment = X.520 id-at (2 5 4)
+Description = certificateRevocationList (2 5 4 39)
+
+OID = 06 03 55 04 28
+Comment = X.520 id-at (2 5 4)
+Description = crossCertificatePair (2 5 4 40)
+
+OID = 06 03 55 04 29
+Comment = X.520 id-at (2 5 4)
+Description = name (2 5 4 41)
+
+OID = 06 03 55 04 2A
+Comment = X.520 id-at (2 5 4)
+Description = givenName (2 5 4 42)
+
+OID = 06 03 55 04 2B
+Comment = X.520 id-at (2 5 4)
+Description = initials (2 5 4 43)
+
+OID = 06 03 55 04 2C
+Comment = X.520 id-at (2 5 4)
+Description = generationQualifier (2 5 4 44)
+
+OID = 06 03 55 04 2D
+Comment = X.520 id-at (2 5 4)
+Description = uniqueIdentifier (2 5 4 45)
+
+OID = 06 03 55 04 2E
+Comment = X.520 id-at (2 5 4)
+Description = dnQualifier (2 5 4 46)
+
+OID = 06 03 55 04 2F
+Comment = X.520 id-at (2 5 4)
+Description = enhancedSearchGuide (2 5 4 47)
+
+OID = 06 03 55 04 30
+Comment = X.520 id-at (2 5 4)
+Description = protocolInformation (2 5 4 48)
+
+OID = 06 03 55 04 31
+Comment = X.520 id-at (2 5 4)
+Description = distinguishedName (2 5 4 49)
+
+OID = 06 03 55 04 32
+Comment = X.520 id-at (2 5 4)
+Description = uniqueMember (2 5 4 50)
+
+OID = 06 03 55 04 33
+Comment = X.520 id-at (2 5 4)
+Description = houseIdentifier (2 5 4 51)
+
+OID = 06 03 55 04 34
+Comment = X.520 id-at (2 5 4)
+Description = supportedAlgorithms (2 5 4 52)
+
+OID = 06 03 55 04 35
+Comment = X.520 id-at (2 5 4)
+Description = deltaRevocationList (2 5 4 53)
+
+OID = 06 03 55 04 36
+Comment = X.520 id-at (2 5 4)
+Description = clearance (2 5 4 55)
+
+OID = 06 03 55 04 3A
+Comment = X.520 id-at (2 5 4)
+Description = crossCertificatePair (2 5 4 58)
+
+# X.500 object classes
+
+OID = 06 03 55 06 00
+Comment = X.520 objectClass (2 5 6)
+Description = top (2 5 6 0)
+
+OID = 06 03 55 06 01
+Comment = X.520 objectClass (2 5 6)
+Description = alias (2 5 6 1)
+
+OID = 06 03 55 06 02
+Comment = X.520 objectClass (2 5 6)
+Description = country (2 5 6 2)
+
+OID = 06 03 55 06 03
+Comment = X.520 objectClass (2 5 6)
+Description = locality (2 5 6 3)
+
+OID = 06 03 55 06 04
+Comment = X.520 objectClass (2 5 6)
+Description = organization (2 5 6 4)
+
+OID = 06 03 55 06 05
+Comment = X.520 objectClass (2 5 6)
+Description = organizationalUnit (2 5 6 5)
+
+OID = 06 03 55 06 06
+Comment = X.520 objectClass (2 5 6)
+Description = person (2 5 6 6)
+
+OID = 06 03 55 06 07
+Comment = X.520 objectClass (2 5 6)
+Description = organizationalPerson (2 5 6 7)
+
+OID = 06 03 55 06 08
+Comment = X.520 objectClass (2 5 6)
+Description = organizationalRole (2 5 6 8)
+
+OID = 06 03 55 06 09
+Comment = X.520 objectClass (2 5 6)
+Description = groupOfNames (2 5 6 9)
+
+OID = 06 03 55 06 0A
+Comment = X.520 objectClass (2 5 6)
+Description = residentialPerson (2 5 6 10)
+
+OID = 06 03 55 06 0B
+Comment = X.520 objectClass (2 5 6)
+Description = applicationProcess (2 5 6 11)
+
+OID = 06 03 55 06 0C
+Comment = X.520 objectClass (2 5 6)
+Description = applicationEntity (2 5 6 12)
+
+OID = 06 03 55 06 0D
+Comment = X.520 objectClass (2 5 6)
+Description = dSA (2 5 6 13)
+
+OID = 06 03 55 06 0E
+Comment = X.520 objectClass (2 5 6)
+Description = device (2 5 6 14)
+
+OID = 06 03 55 06 0F
+Comment = X.520 objectClass (2 5 6)
+Description = strongAuthenticationUser (2 5 6 15)
+
+OID = 06 03 55 06 10
+Comment = X.520 objectClass (2 5 6)
+Description = certificateAuthority (2 5 6 16)
+
+OID = 06 03 55 06 11
+Comment = X.520 objectClass (2 5 6)
+Description = groupOfUniqueNames (2 5 6 17)
+
+OID = 06 03 55 06 15
+Comment = X.520 objectClass (2 5 6)
+Description = pkiUser (2 5 6 21)
+
+OID = 06 03 55 06 16
+Comment = X.520 objectClass (2 5 6)
+Description = pkiCA (2 5 6 22)
+
+# X.500 algorithms
+
+OID = 06 02 55 08
+Description = X.500-Algorithms (2 5 8)
+
+OID = 06 03 55 08 01
+Description = X.500-Alg-Encryption (2 5 8 1)
+
+OID = 06 04 55 08 01 01
+Comment = X.500 algorithms. Ambiguous, since no padding rules specified
+Description = rsa (2 5 8 1 1)
+Warning
+
+# X.509. Some of the smaller values are from early X.509 drafts with
+# cross-pollination from X9.55 and are now deprecated. Alternative OIDs are
+# marked if these are known. In some cases there are multiple generations of
+# superseded OIDs
+
+OID = 06 03 55 1D 01
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 35) instead
+Description = authorityKeyIdentifier (2 5 29 1)
+Warning
+
+OID = 06 03 55 1D 02
+Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead
+Description = keyAttributes (2 5 29 2)
+Warning
+
+OID = 06 03 55 1D 03
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 32) instead
+Description = certificatePolicies (2 5 29 3)
+Warning
+
+OID = 06 03 55 1D 04
+Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead
+Description = keyUsageRestriction (2 5 29 4)
+Warning
+
+OID = 06 03 55 1D 05
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 33) instead
+Description = policyMapping (2 5 29 5)
+Warning
+
+OID = 06 03 55 1D 06
+Comment = X.509 id-ce (2 5 29). Obsolete, use nameConstraints instead
+Description = subtreesConstraint (2 5 29 6)
+Warning
+
+OID = 06 03 55 1D 07
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 17) instead
+Description = subjectAltName (2 5 29 7)
+Warning
+
+OID = 06 03 55 1D 08
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 18) instead
+Description = issuerAltName (2 5 29 8)
+Warning
+
+OID = 06 03 55 1D 09
+Comment = X.509 id-ce (2 5 29)
+Description = subjectDirectoryAttributes (2 5 29 9)
+
+OID = 06 03 55 1D 0A
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead
+Description = basicConstraints (2 5 29 10)
+Warning
+
+OID = 06 03 55 1D 0B
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 30) instead
+Description = nameConstraints (2 5 29 11)
+Warning
+
+OID = 06 03 55 1D 0C
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead
+Description = policyConstraints (2 5 29 12)
+Warning
+
+OID = 06 03 55 1D 0D
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead
+Description = basicConstraints (2 5 29 13)
+Warning
+
+OID = 06 03 55 1D 0E
+Comment = X.509 id-ce (2 5 29)
+Description = subjectKeyIdentifier (2 5 29 14)
+
+OID = 06 03 55 1D 0F
+Comment = X.509 id-ce (2 5 29)
+Description = keyUsage (2 5 29 15)
+
+OID = 06 03 55 1D 10
+Comment = X.509 id-ce (2 5 29)
+Description = privateKeyUsagePeriod (2 5 29 16)
+
+OID = 06 03 55 1D 11
+Comment = X.509 id-ce (2 5 29)
+Description = subjectAltName (2 5 29 17)
+
+OID = 06 03 55 1D 12
+Comment = X.509 id-ce (2 5 29)
+Description = issuerAltName (2 5 29 18)
+
+OID = 06 03 55 1D 13
+Comment = X.509 id-ce (2 5 29)
+Description = basicConstraints (2 5 29 19)
+
+OID = 06 03 55 1D 14
+Comment = X.509 id-ce (2 5 29)
+Description = cRLNumber (2 5 29 20)
+
+OID = 06 03 55 1D 15
+Comment = X.509 id-ce (2 5 29)
+Description = cRLReason (2 5 29 21)
+
+OID = 06 03 55 1D 16
+Comment = X.509 id-ce (2 5 29). Deprecated, alternative OID uncertain
+Description = expirationDate (2 5 29 22)
+Warning
+
+OID = 06 03 55 1D 17
+Comment = X.509 id-ce (2 5 29)
+Description = instructionCode (2 5 29 23)
+
+OID = 06 03 55 1D 18
+Comment = X.509 id-ce (2 5 29)
+Description = invalidityDate (2 5 29 24)
+
+OID = 06 03 55 1D 19
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 31) instead
+Description = cRLDistributionPoints (2 5 29 25)
+Warning
+
+OID = 06 03 55 1D 1A
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 28) instead
+Description = issuingDistributionPoint (2 5 29 26)
+Warning
+
+OID = 06 03 55 1D 1B
+Comment = X.509 id-ce (2 5 29)
+Description = deltaCRLIndicator (2 5 29 27)
+
+OID = 06 03 55 1D 1C
+Comment = X.509 id-ce (2 5 29)
+Description = issuingDistributionPoint (2 5 29 28)
+
+OID = 06 03 55 1D 1D
+Comment = X.509 id-ce (2 5 29)
+Description = certificateIssuer (2 5 29 29)
+
+OID = 06 03 55 1D 1E
+Comment = X.509 id-ce (2 5 29)
+Description = nameConstraints (2 5 29 30)
+
+OID = 06 03 55 1D 1F
+Comment = X.509 id-ce (2 5 29)
+Description = cRLDistributionPoints (2 5 29 31)
+
+OID = 06 03 55 1D 20
+Comment = X.509 id-ce (2 5 29)
+Description = certificatePolicies (2 5 29 32)
+
+OID = 06 03 55 1D 21
+Comment = X.509 id-ce (2 5 29)
+Description = policyMappings (2 5 29 33)
+
+OID = 06 03 55 1D 22
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead
+Description = policyConstraints (2 5 29 34)
+Warning
+
+OID = 06 03 55 1D 23
+Comment = X.509 id-ce (2 5 29)
+Description = authorityKeyIdentifier (2 5 29 35)
+
+OID = 06 03 55 1D 24
+Comment = X.509 id-ce (2 5 29)
+Description = policyConstraints (2 5 29 36)
+
+OID = 06 03 55 1D 25
+Comment = X.509 id-ce (2 5 29)
+Description = extKeyUsage (2 5 29 37)
+
+# DMS
+
+OID = 06 09 60 86 48 01 65 02 01 01 01
+Comment = SDN.700 INFOSEC algorithms
+Description = sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1)
+
+OID = 06 09 60 86 48 01 65 02 01 01 02
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1.
+Description = fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2)
+
+OID = 06 09 60 86 48 01 65 02 01 01 03
+Comment = SDN.700 INFOSEC algorithms
+Description = sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3)
+
+OID = 06 09 60 86 48 01 65 02 01 01 04
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm
+Description = fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4)
+
+OID = 06 09 60 86 48 01 65 02 01 01 05
+Comment = SDN.700 INFOSEC algorithms
+Description = sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5)
+
+OID = 06 09 60 86 48 01 65 02 01 01 06
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm
+Description = fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6)
+
+OID = 06 09 60 86 48 01 65 02 01 01 07
+Comment = SDN.700 INFOSEC algorithms
+Description = sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7)
+
+OID = 06 09 60 86 48 01 65 02 01 01 08
+Comment = SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm
+Description = fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8)
+
+OID = 06 09 60 86 48 01 65 02 01 01 09
+Comment = SDN.700 INFOSEC algorithms
+Description = sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0A
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm
+Description = fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0B
+Comment = SDN.700 INFOSEC algorithms
+Description = sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0C
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm
+Description = fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0D
+Comment = SDN.700 INFOSEC algorithms
+Description = suiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0E
+Comment = SDN.700 INFOSEC algorithms
+Description = suiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0F
+Comment = SDN.700 INFOSEC algorithms
+Description = suiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15)
+
+OID = 06 09 60 86 48 01 65 02 01 01 10
+Comment = SDN.700 INFOSEC algorithms
+Description = suiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16)
+
+OID = 06 09 60 86 48 01 65 02 01 01 11
+Comment = SDN.700 INFOSEC algorithms
+Description = suiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17)
+
+OID = 06 09 60 86 48 01 65 02 01 01 12
+Comment = SDN.700 INFOSEC algorithms
+Description = suiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18)
+
+OID = 06 09 60 86 48 01 65 02 01 01 13
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm
+Description = fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19)
+
+OID = 06 09 60 86 48 01 65 02 01 01 14
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms
+Description = fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20)
+
+OID = 06 09 60 86 48 01 65 02 01 01 15
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm
+Description = fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21)
+
+OID = 06 09 60 86 48 01 65 02 01 01 16
+Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm
+Description = keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22)
+
+OID = 06 09 60 86 48 01 65 02 01 01 17
+Comment = SDN.700 INFOSEC algorithms
+Description = fortezzaWrap80Algorithm (2 16 840 1 101 2 1 1 23)
+
+OID = 06 09 60 86 48 01 65 02 01 01 18
+Comment = SDN.700 INFOSEC algorithms
+Description = kEAKeyEncryptionAlgorithm (2 16 840 1 101 2 1 1 24)
+
+OID = 06 09 60 86 48 01 65 02 01 02 01
+Comment = SDN.700 INFOSEC format
+Description = rfc822MessageFormat (2 16 840 1 101 2 1 2 1)
+
+OID = 06 09 60 86 48 01 65 02 01 02 02
+Comment = SDN.700 INFOSEC format
+Description = emptyContent (2 16 840 1 101 2 1 2 2)
+
+OID = 06 09 60 86 48 01 65 02 01 02 03
+Comment = SDN.700 INFOSEC format
+Description = cspContentType (2 16 840 1 101 2 1 2 3)
+
+OID = 06 09 60 86 48 01 65 02 01 02 2A
+Comment = SDN.700 INFOSEC format
+Description = mspRev3ContentType (2 16 840 1 101 2 1 2 42)
+
+OID = 06 09 60 86 48 01 65 02 01 02 30
+Comment = SDN.700 INFOSEC format
+Description = mspContentType (2 16 840 1 101 2 1 2 48)
+
+OID = 06 09 60 86 48 01 65 02 01 02 31
+Comment = SDN.700 INFOSEC format
+Description = mspRekeyAgentProtocol (2 16 840 1 101 2 1 2 49)
+
+OID = 06 09 60 86 48 01 65 02 01 02 32
+Comment = SDN.700 INFOSEC format
+Description = mspMMP (2 16 840 1 101 2 1 2 50)
+
+OID = 06 09 60 86 48 01 65 02 01 02 42
+Comment = SDN.700 INFOSEC format
+Description = mspRev3-1ContentType (2 16 840 1 101 2 1 2 66)
+
+OID = 06 09 60 86 48 01 65 02 01 02 48
+Comment = SDN.700 INFOSEC format
+Description = forwardedMSPMessageBodyPart (2 16 840 1 101 2 1 2 72)
+
+OID = 06 09 60 86 48 01 65 02 01 02 49
+Comment = SDN.700 INFOSEC format
+Description = mspForwardedMessageParameters (2 16 840 1 101 2 1 2 73)
+
+OID = 06 09 60 86 48 01 65 02 01 02 50
+Comment = SDN.700 INFOSEC format
+Description = forwardedCSPMsgBodyPart (2 16 840 1 101 2 1 2 74)
+
+OID = 06 09 60 86 48 01 65 02 01 02 51
+Comment = SDN.700 INFOSEC format
+Description = cspForwardedMessageParameters (2 16 840 1 101 2 1 2 75)
+
+OID = 06 09 60 86 48 01 65 02 01 02 52
+Comment = SDN.700 INFOSEC format
+Description = mspMMP2 (2 16 840 1 101 2 1 2 76)
+
+OID = 06 09 60 86 48 01 65 02 01 03 01
+Comment = SDN.700 INFOSEC policy
+Description = sdnsSecurityPolicy (2 16 840 1 101 2 1 3 1)
+
+OID = 06 09 60 86 48 01 65 02 01 03 02
+Comment = SDN.700 INFOSEC policy
+Description = sdnsPRBAC (2 16 840 1 101 2 1 3 2)
+
+OID = 06 09 60 86 48 01 65 02 01 03 03
+Comment = SDN.700 INFOSEC policy
+Description = mosaicPRBAC (2 16 840 1 101 2 1 3 3)
+
+OID = 06 09 60 86 48 01 65 02 01 03 0A
+Comment = SDN.700 INFOSEC policy
+Description = siSecurityPolicy (2 16 840 1 101 2 1 3 10)
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 00
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siNASP (2 16 840 1 101 2 1 3 10 0)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 01
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siELCO (2 16 840 1 101 2 1 3 10 1)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 02
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siTK (2 16 840 1 101 2 1 3 10 2)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 03
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siDSAP (2 16 840 1 101 2 1 3 10 3)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 04
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siSSSS (2 16 840 1 101 2 1 3 10 4)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 05
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siDNASP (2 16 840 1 101 2 1 3 10 5)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 06
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siBYEMAN (2 16 840 1 101 2 1 3 10 6)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 07
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siREL-US (2 16 840 1 101 2 1 3 10 7)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 08
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siREL-AUS (2 16 840 1 101 2 1 3 10 8)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 09
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siREL-CAN (2 16 840 1 101 2 1 3 10 9)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 0A
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siREL_UK (2 16 840 1 101 2 1 3 10 10)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 0B
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siREL-NZ (2 16 840 1 101 2 1 3 10 11)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0A 0C
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = siGeneric (2 16 840 1 101 2 1 3 10 12)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 03 0B
+Comment = SDN.700 INFOSEC policy
+Description = genser (2 16 840 1 101 2 1 3 11)
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0B 00
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = genserNations (2 16 840 1 101 2 1 3 11 0)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0B 01
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = genserComsec (2 16 840 1 101 2 1 3 11 1)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0B 02
+Comment = SDN.700 INFOSEC policy (obsolete)
+Description = genserAcquisition (2 16 840 1 101 2 1 3 11 2)
+Warning
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0B 03
+Comment = SDN.700 INFOSEC policy
+Description = genserSecurityCategories (2 16 840 1 101 2 1 3 11 3)
+
+OID = 06 0B 60 86 48 01 65 02 01 03 0B 03 00
+Comment = SDN.700 INFOSEC GENSER policy
+Description = genserTagSetName (2 16 840 1 101 2 1 3 11 3 0)
+
+OID = 06 09 60 86 48 01 65 02 01 03 0C
+Comment = SDN.700 INFOSEC policy
+Description = defaultSecurityPolicy (2 16 840 1 101 2 1 3 12)
+
+OID = 06 09 60 86 48 01 65 02 01 03 0D
+Comment = SDN.700 INFOSEC policy
+Description = capcoMarkings (2 16 840 1 101 2 1 3 13)
+
+OID = 06 0A 60 86 48 01 65 02 01 03 0D 00
+Comment = SDN.700 INFOSEC policy CAPCO markings
+Description = capcoSecurityCategories (2 16 840 1 101 2 1 3 13 0)
+
+OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 01
+Comment = SDN.700 INFOSEC policy CAPCO markings
+Description = capcoTagSetName1 (2 16 840 1 101 2 1 3 13 0 1)
+
+OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 02
+Comment = SDN.700 INFOSEC policy CAPCO markings
+Description = capcoTagSetName2 (2 16 840 1 101 2 1 3 13 0 2)
+
+OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 03
+Comment = SDN.700 INFOSEC policy CAPCO markings
+Description = capcoTagSetName3 (2 16 840 1 101 2 1 3 13 0 3)
+
+OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 04
+Comment = SDN.700 INFOSEC policy CAPCO markings
+Description = capcoTagSetName4 (2 16 840 1 101 2 1 3 13 0 4)
+
+OID = 06 09 60 86 48 01 65 02 01 05 01
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = sdnsKeyManagementCertificate (2 16 840 1 101 2 1 5 1)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 02
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = sdnsUserSignatureCertificate (2 16 840 1 101 2 1 5 2)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 03
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = sdnsKMandSigCertificate (2 16 840 1 101 2 1 5 3)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 04
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = fortezzaKeyManagementCertificate (2 16 840 1 101 2 1 5 4)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 05
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = fortezzaKMandSigCertificate (2 16 840 1 101 2 1 5 5)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 06
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = fortezzaUserSignatureCertificate (2 16 840 1 101 2 1 5 6)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 07
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = fortezzaCASignatureCertificate (2 16 840 1 101 2 1 5 7)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 08
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = sdnsCASignatureCertificate (2 16 840 1 101 2 1 5 8)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 0A
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = auxiliaryVector (2 16 840 1 101 2 1 5 10)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 0B
+Comment = SDN.700 INFOSEC attributes
+Description = mlReceiptPolicy (2 16 840 1 101 2 1 5 11)
+
+OID = 06 09 60 86 48 01 65 02 01 05 0C
+Comment = SDN.700 INFOSEC attributes
+Description = mlMembership (2 16 840 1 101 2 1 5 12)
+
+OID = 06 09 60 86 48 01 65 02 01 05 0D
+Comment = SDN.700 INFOSEC attributes
+Description = mlAdministrators (2 16 840 1 101 2 1 5 13)
+
+OID = 06 09 60 86 48 01 65 02 01 05 0E
+Comment = SDN.700 INFOSEC attributes
+Description = alid (2 16 840 1 101 2 1 5 14)
+
+OID = 06 09 60 86 48 01 65 02 01 05 14
+Comment = SDN.700 INFOSEC attributes
+Description = janUKMs (2 16 840 1 101 2 1 5 20)
+
+OID = 06 09 60 86 48 01 65 02 01 05 15
+Comment = SDN.700 INFOSEC attributes
+Description = febUKMs (2 16 840 1 101 2 1 5 21)
+
+OID = 06 09 60 86 48 01 65 02 01 05 16
+Comment = SDN.700 INFOSEC attributes
+Description = marUKMs (2 16 840 1 101 2 1 5 22)
+
+OID = 06 09 60 86 48 01 65 02 01 05 17
+Comment = SDN.700 INFOSEC attributes
+Description = aprUKMs (2 16 840 1 101 2 1 5 23)
+
+OID = 06 09 60 86 48 01 65 02 01 05 18
+Comment = SDN.700 INFOSEC attributes
+Description = mayUKMs (2 16 840 1 101 2 1 5 24)
+
+OID = 06 09 60 86 48 01 65 02 01 05 19
+Comment = SDN.700 INFOSEC attributes
+Description = junUKMs (2 16 840 1 101 2 1 5 25)
+
+OID = 06 09 60 86 48 01 65 02 01 05 1A
+Comment = SDN.700 INFOSEC attributes
+Description = julUKMs (2 16 840 1 101 2 1 5 26)
+
+OID = 06 09 60 86 48 01 65 02 01 05 1B
+Comment = SDN.700 INFOSEC attributes
+Description = augUKMs (2 16 840 1 101 2 1 5 27)
+
+OID = 06 09 60 86 48 01 65 02 01 05 1C
+Comment = SDN.700 INFOSEC attributes
+Description = sepUKMs (2 16 840 1 101 2 1 5 28)
+
+OID = 06 09 60 86 48 01 65 02 01 05 1D
+Comment = SDN.700 INFOSEC attributes
+Description = octUKMs (2 16 840 1 101 2 1 5 29)
+
+OID = 06 09 60 86 48 01 65 02 01 05 1E
+Comment = SDN.700 INFOSEC attributes
+Description = novUKMs (2 16 840 1 101 2 1 5 30)
+
+OID = 06 09 60 86 48 01 65 02 01 05 1F
+Comment = SDN.700 INFOSEC attributes
+Description = decUKMs (2 16 840 1 101 2 1 5 31)
+
+OID = 06 09 60 86 48 01 65 02 01 05 28
+Comment = SDN.700 INFOSEC attributes
+Description = metaSDNSckl (2 16 840 1 101 2 1 5 40)
+
+OID = 06 09 60 86 48 01 65 02 01 05 29
+Comment = SDN.700 INFOSEC attributes
+Description = sdnsCKL (2 16 840 1 101 2 1 5 41)
+
+OID = 06 09 60 86 48 01 65 02 01 05 2A
+Comment = SDN.700 INFOSEC attributes
+Description = metaSDNSsignatureCKL (2 16 840 1 101 2 1 5 42)
+
+OID = 06 09 60 86 48 01 65 02 01 05 2B
+Comment = SDN.700 INFOSEC attributes
+Description = sdnsSignatureCKL (2 16 840 1 101 2 1 5 43)
+
+OID = 06 09 60 86 48 01 65 02 01 05 2C
+Comment = SDN.700 INFOSEC attributes
+Description = sdnsCertificateRevocationList (2 16 840 1 101 2 1 5 44)
+
+OID = 06 09 60 86 48 01 65 02 01 05 2D
+Comment = SDN.700 INFOSEC attributes (superseded)
+Description = fortezzaCertificateRevocationList (2 16 840 1 101 2 1 5 45)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 2E
+Comment = SDN.700 INFOSEC attributes
+Description = fortezzaCKL (2 16 840 1 101 2 1 5 46)
+
+OID = 06 09 60 86 48 01 65 02 01 05 2F
+Comment = SDN.700 INFOSEC attributes
+Description = alExemptedAddressProcessor (2 16 840 1 101 2 1 5 47)
+
+OID = 06 09 60 86 48 01 65 02 01 05 30
+Comment = SDN.700 INFOSEC attributes (obsolete)
+Description = guard (2 16 840 1 101 2 1 5 48)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 31
+Comment = SDN.700 INFOSEC attributes (obsolete)
+Description = algorithmsSupported (2 16 840 1 101 2 1 5 49)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 32
+Comment = SDN.700 INFOSEC attributes (obsolete)
+Description = suiteAKeyManagementCertificate (2 16 840 1 101 2 1 5 50)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 33
+Comment = SDN.700 INFOSEC attributes (obsolete)
+Description = suiteAKMandSigCertificate (2 16 840 1 101 2 1 5 51)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 34
+Comment = SDN.700 INFOSEC attributes (obsolete)
+Description = suiteAUserSignatureCertificate (2 16 840 1 101 2 1 5 52)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 35
+Comment = SDN.700 INFOSEC attributes
+Description = prbacInfo (2 16 840 1 101 2 1 5 53)
+
+OID = 06 09 60 86 48 01 65 02 01 05 36
+Comment = SDN.700 INFOSEC attributes
+Description = prbacCAConstraints (2 16 840 1 101 2 1 5 54)
+
+OID = 06 09 60 86 48 01 65 02 01 05 37
+Comment = SDN.700 INFOSEC attributes
+Description = sigOrKMPrivileges (2 16 840 1 101 2 1 5 55)
+
+OID = 06 09 60 86 48 01 65 02 01 05 38
+Comment = SDN.700 INFOSEC attributes
+Description = commPrivileges (2 16 840 1 101 2 1 5 56)
+
+OID = 06 09 60 86 48 01 65 02 01 05 39
+Comment = SDN.700 INFOSEC attributes
+Description = labeledAttribute (2 16 840 1 101 2 1 5 57)
+
+OID = 06 09 60 86 48 01 65 02 01 05 3A
+Comment = SDN.700 INFOSEC attributes (obsolete)
+Description = policyInformationFile (2 16 840 1 101 2 1 5 58)
+Warning
+
+OID = 06 09 60 86 48 01 65 02 01 05 3B
+Comment = SDN.700 INFOSEC attributes
+Description = secPolicyInformationFile (2 16 840 1 101 2 1 5 59)
+
+OID = 06 09 60 86 48 01 65 02 01 05 3C
+Comment = SDN.700 INFOSEC attributes
+Description = cAClearanceConstraint (2 16 840 1 101 2 1 5 60)
+
+OID = 06 09 60 86 48 01 65 02 01 07 01
+Comment = SDN.700 INFOSEC extensions
+Description = cspExtns (2 16 840 1 101 2 1 7 1)
+
+OID = 06 0A 60 86 48 01 65 02 01 07 01 00
+Comment = SDN.700 INFOSEC extensions
+Description = cspCsExtn (2 16 840 1 101 2 1 7 1 0)
+
+OID = 06 09 60 86 48 01 65 02 01 08 01
+Comment = SDN.700 INFOSEC security category
+Description = mISSISecurityCategories (2 16 840 1 101 2 1 8 1)
+
+OID = 06 09 60 86 48 01 65 02 01 08 02
+Comment = SDN.700 INFOSEC security category
+Description = standardSecurityLabelPrivileges (2 16 840 1 101 2 1 8 2)
+
+OID = 06 09 60 86 48 01 65 02 01 0A 01
+Comment = SDN.700 INFOSEC privileges
+Description = sigPrivileges (2 16 840 1 101 2 1 10 1)
+
+OID = 06 09 60 86 48 01 65 02 01 0A 02
+Comment = SDN.700 INFOSEC privileges
+Description = kmPrivileges (2 16 840 1 101 2 1 10 2)
+
+OID = 06 09 60 86 48 01 65 02 01 0A 03
+Comment = SDN.700 INFOSEC privileges
+Description = namedTagSetPrivilege (2 16 840 1 101 2 1 10 3)
+
+OID = 06 09 60 86 48 01 65 02 01 0B 01
+Comment = SDN.700 INFOSEC certificate policy
+Description = ukDemo (2 16 840 1 101 2 1 11 1)
+
+OID = 06 09 60 86 48 01 65 02 01 0B 02
+Comment = SDN.700 INFOSEC certificate policy
+Description = usDODClass2 (2 16 840 1 101 2 1 11 2)
+
+OID = 06 09 60 86 48 01 65 02 01 0B 03
+Comment = SDN.700 INFOSEC certificate policy
+Description = usMediumPilot (2 16 840 1 101 2 1 11 3)
+
+OID = 06 09 60 86 48 01 65 02 01 0B 04
+Comment = SDN.700 INFOSEC certificate policy
+Description = usDODClass4 (2 16 840 1 101 2 1 11 4)
+
+OID = 06 09 60 86 48 01 65 02 01 0B 05
+Comment = SDN.700 INFOSEC certificate policy
+Description = usDODClass3 (2 16 840 1 101 2 1 11 5)
+
+OID = 06 09 60 86 48 01 65 02 01 0B 06
+Comment = SDN.700 INFOSEC certificate policy
+Description = usDODClass5 (2 16 840 1 101 2 1 11 6)
+
+OID = 06 09 60 86 48 01 65 02 01 0C 00
+Comment = SDN.700 INFOSEC test objects
+Description = testSecurityPolicy (2 16 840 1 101 2 1 12 0)
+
+OID = 06 0A 60 86 48 01 65 02 01 0C 00 01
+Comment = SDN.700 INFOSEC test objects
+Description = tsp1 (2 16 840 1 101 2 1 12 0 1)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00
+Comment = SDN.700 INFOSEC test objects
+Description = tsp1SecurityCategories (2 16 840 1 101 2 1 12 0 1 0)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 00
+Comment = SDN.700 INFOSEC test objects
+Description = tsp1TagSetZero (2 16 840 1 101 2 1 12 0 1 0 0)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 01
+Comment = SDN.700 INFOSEC test objects
+Description = tsp1TagSetOne (2 16 840 1 101 2 1 12 0 1 0 1)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 02
+Comment = SDN.700 INFOSEC test objects
+Description = tsp1TagSetTwo (2 16 840 1 101 2 1 12 0 1 0 2)
+
+OID = 06 0A 60 86 48 01 65 02 01 0C 00 02
+Comment = SDN.700 INFOSEC test objects
+Description = tsp2 (2 16 840 1 101 2 1 12 0 2)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00
+Comment = SDN.700 INFOSEC test objects
+Description = tsp2SecurityCategories (2 16 840 1 101 2 1 12 0 2 0)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 00
+Comment = SDN.700 INFOSEC test objects
+Description = tsp2TagSetZero (2 16 840 1 101 2 1 12 0 2 0 0)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 01
+Comment = SDN.700 INFOSEC test objects
+Description = tsp2TagSetOne (2 16 840 1 101 2 1 12 0 2 0 1)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 02
+Comment = SDN.700 INFOSEC test objects
+Description = tsp2TagSetTwo (2 16 840 1 101 2 1 12 0 2 0 2)
+
+# At least someone there has a sense of humour :-)
+OID = 06 0A 60 86 48 01 65 02 01 0C 00 03
+Comment = SDN.700 INFOSEC test objects
+Description = kafka (2 16 840 1 101 2 1 12 0 3)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00
+Comment = SDN.700 INFOSEC test objects
+Description = kafkaSecurityCategories (2 16 840 1 101 2 1 12 0 3 0)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 01
+Comment = SDN.700 INFOSEC test objects
+Description = kafkaTagSetName1 (2 16 840 1 101 2 1 12 0 3 0 1)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 02
+Comment = SDN.700 INFOSEC test objects
+Description = kafkaTagSetName2 (2 16 840 1 101 2 1 12 0 3 0 2)
+
+OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 03
+Comment = SDN.700 INFOSEC test objects
+Description = kafkaTagSetName3 (2 16 840 1 101 2 1 12 0 3 0 3)
+
+OID = 06 0A 60 86 48 01 65 02 01 0C 01 01
+Comment = SDN.700 INFOSEC test objects
+Description = tcp1 (2 16 840 1 101 2 1 12 1 1)
+
+# CSOR GAK-FIPS
+
+OID = 06 07 60 86 48 01 65 03 01
+Comment = CSOR GAK
+Description = slabel (2 16 840 1 101 3 1)
+Warning
+
+OID = 06 07 60 86 48 01 65 03 02
+Comment = CSOR GAK
+Description = pki (2 16 840 1 101 3 2)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 01
+Comment = CSOR GAK policy
+Description = GAK policyIdentifier (2 16 840 1 101 3 2 1)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 02
+Comment = CSOR GAK extended key usage
+Description = GAK (2 16 840 1 101 3 2 2)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 02 01
+Comment = CSOR GAK extended key usage
+Description = kRAKey (2 16 840 1 101 3 2 2 1)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 03
+Comment = CSOR GAK extensions
+Description = extensions (2 16 840 1 101 3 2 3)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 03 01
+Comment = CSOR GAK extensions
+Description = kRTechnique (2 16 840 1 101 3 2 3 1)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 03 02
+Comment = CSOR GAK extensions
+Description = kRecoveryCapable (2 16 840 1 101 3 2 3 2)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 03 03
+Comment = CSOR GAK extensions
+Description = kR (2 16 840 1 101 3 2 3 3)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 04
+Comment = CSOR GAK
+Description = keyrecoveryschemes (2 16 840 1 101 3 2 4)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 05
+Comment = CSOR GAK
+Description = krapola (2 16 840 1 101 3 2 5)
+Warning
+
+OID = 06 07 60 86 48 01 65 03 03
+Comment = CSOR GAK
+Description = arpa (2 16 840 1 101 3 3)
+Warning
+
+# CSOR (NIST) Algorithms
+
+OID = 06 07 60 86 48 01 65 03 04
+Comment = NIST Algorithm
+Description = nistAlgorithm (2 16 840 1 101 3 4)
+
+OID = 06 08 60 86 48 01 65 03 04 01
+Comment = NIST Algorithm
+Description = aes (2 16 840 1 101 3 4 1)
+
+OID = 06 09 60 86 48 01 65 03 04 01 01
+Comment = NIST Algorithm
+Description = aes128-ECB (2 16 840 1 101 3 4 1 1)
+
+OID = 06 09 60 86 48 01 65 03 04 01 02
+Comment = NIST Algorithm
+Description = aes128-CBC (2 16 840 1 101 3 4 1 2)
+
+OID = 06 09 60 86 48 01 65 03 04 01 03
+Comment = NIST Algorithm
+Description = aes128-OFB (2 16 840 1 101 3 4 1 3)
+
+OID = 06 09 60 86 48 01 65 03 04 01 04
+Comment = NIST Algorithm
+Description = aes128-CFB (2 16 840 1 101 3 4 1 4)
+
+OID = 06 09 60 86 48 01 65 03 04 01 15
+Comment = NIST Algorithm
+Description = aes192-ECB (2 16 840 1 101 3 4 1 21)
+
+OID = 06 09 60 86 48 01 65 03 04 01 16
+Comment = NIST Algorithm
+Description = aes192-CBC (2 16 840 1 101 3 4 1 22)
+
+OID = 06 09 60 86 48 01 65 03 04 01 17
+Comment = NIST Algorithm
+Description = aes192-OFB (2 16 840 1 101 3 4 1 23)
+
+OID = 06 09 60 86 48 01 65 03 04 01 18
+Comment = NIST Algorithm
+Description = aes192-CFB (2 16 840 1 101 3 4 1 24)
+
+OID = 06 09 60 86 48 01 65 03 04 01 29
+Comment = NIST Algorithm
+Description = aes256-ECB (2 16 840 1 101 3 4 1 41)
+
+OID = 06 09 60 86 48 01 65 03 04 01 2A
+Comment = NIST Algorithm
+Description = aes256-CBC (2 16 840 1 101 3 4 1 42)
+
+OID = 06 09 60 86 48 01 65 03 04 01 2B
+Comment = NIST Algorithm
+Description = aes256-OFB (2 16 840 1 101 3 4 1 43)
+
+OID = 06 09 60 86 48 01 65 03 04 01 2C
+Comment = NIST Algorithm
+Description = aes256-CFB (2 16 840 1 101 3 4 1 44)
+
+# Novell
+
+OID = 06 0A 60 86 48 01 86 F8 37 01 02 08
+Comment = Novell
+Description = novellAlgorithm (2 16 840 1 113719 1 2 8)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 16
+Comment = Novell encryption algorithm
+Description = desCbcIV8 (2 16 840 1 113719 1 2 8 22)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 17
+Comment = Novell encryption algorithm
+Description = desCbcPadIV8 (2 16 840 1 113719 1 2 8 23)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 18
+Comment = Novell encryption algorithm
+Description = desEDE2CbcIV8 (2 16 840 1 113719 1 2 8 24)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 19
+Comment = Novell encryption algorithm
+Description = desEDE2CbcPadIV8 (2 16 840 1 113719 1 2 8 25)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1A
+Comment = Novell encryption algorithm
+Description = desEDE3CbcIV8 (2 16 840 1 113719 1 2 8 26)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1B
+Comment = Novell encryption algorithm
+Description = desEDE3CbcPadIV8 (2 16 840 1 113719 1 2 8 27)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1C
+Comment = Novell encryption algorithm
+Description = rc5CbcPad (2 16 840 1 113719 1 2 8 28)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1D
+Comment = Novell signature algorithm
+Description = md2WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 29)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1E
+Comment = Novell signature algorithm
+Description = md5WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 30)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1F
+Comment = Novell signature algorithm
+Description = sha1WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 31)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 20
+Comment = Novell digest algorithm
+Description = LMDigest (2 16 840 1 113719 1 2 8 32)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 28
+Comment = Novell digest algorithm
+Description = MD2 (2 16 840 1 113719 1 2 8 40)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 32
+Comment = Novell digest algorithm
+Description = MD5 (2 16 840 1 113719 1 2 8 50)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 33
+Comment = Novell signature algorithm
+Description = IKEhmacWithSHA1-RSA (2 16 840 1 113719 1 2 8 51)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 34
+Comment = Novell signature algorithm
+Description = IKEhmacWithMD5-RSA (2 16 840 1 113719 1 2 8 52)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 45
+Comment = Novell encryption algorithm
+Description = rc2CbcPad (2 16 840 1 113719 1 2 8 69)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 52
+Comment = Novell digest algorithm
+Description = SHA-1 (2 16 840 1 113719 1 2 8 82)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 5C
+Comment = Novell encryption algorithm
+Description = rc2BSafe1Cbc (2 16 840 1 113719 1 2 8 92)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 5F
+Comment = Novell digest algorithm
+Description = MD4 (2 16 840 1 113719 1 2 8 95)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 81 02
+Comment = Novell keyed hash
+Description = MD4Packet (2 16 840 1 113719 1 2 8 130)
+
+OID = 06 0C 60 86 48 01 86 F8 37 01 02 08 81 03
+Comment = Novell encryption algorithm
+Description = rsaEncryptionBsafe1 (2 16 840 1 113719 1 2 8 131)
+
+OID = 06 0C 60 86 48 01 86 F8 37 01 02 08 81 04
+Comment = Novell encryption algorithm
+Description = NWPassword (2 16 840 1 113719 1 2 8 132)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 81 05
+Comment = Novell encryption algorithm
+Description = novellObfuscate-1 (2 16 840 1 113719 1 2 8 133)
+
+OID = 06 09 60 86 48 01 86 F8 37 01 09
+Comment = Novell
+Description = pki (2 16 840 1 113719 1 9)
+
+OID = 06 0A 60 86 48 01 86 F8 37 01 09 04
+Comment = Novell PKI
+Description = pkiAttributeType (2 16 840 1 113719 1 9 4)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 01
+Comment = Novell PKI attribute type
+Description = securityAttributes (2 16 840 1 113719 1 9 4 1)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 02
+Comment = Novell PKI attribute type
+Description = relianceLimit (2 16 840 1 113719 1 9 4 2)
+
+# Netscape
+
+OID = 06 08 60 86 48 01 86 F8 42 01
+Comment = Netscape
+Description = cert-extension (2 16 840 1 113730 1)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 01
+Comment = Netscape certificate extension
+Description = netscape-cert-type (2 16 840 1 113730 1 1)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 02
+Comment = Netscape certificate extension
+Description = netscape-base-url (2 16 840 1 113730 1 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 03
+Comment = Netscape certificate extension
+Description = netscape-revocation-url (2 16 840 1 113730 1 3)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 04
+Comment = Netscape certificate extension
+Description = netscape-ca-revocation-url (2 16 840 1 113730 1 4)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 07
+Comment = Netscape certificate extension
+Description = netscape-cert-renewal-url (2 16 840 1 113730 1 7)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 08
+Comment = Netscape certificate extension
+Description = netscape-ca-policy-url (2 16 840 1 113730 1 8)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 09
+Comment = Netscape certificate extension
+Description = HomePage-url (2 16 840 1 113730 1 9)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0A
+Comment = Netscape certificate extension
+Description = EntityLogo (2 16 840 1 113730 1 10)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0B
+Comment = Netscape certificate extension
+Description = UserPicture (2 16 840 1 113730 1 11)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0C
+Comment = Netscape certificate extension
+Description = netscape-ssl-server-name (2 16 840 1 113730 1 12)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0D
+Comment = Netscape certificate extension
+Description = netscape-comment (2 16 840 1 113730 1 13)
+
+OID = 06 08 60 86 48 01 86 F8 42 02
+Comment = Netscape
+Description = data-type (2 16 840 1 113730 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 01
+Comment = Netscape data type
+Description = dataGIF (2 16 840 1 113730 2 1)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 02
+Comment = Netscape data type
+Description = dataJPEG (2 16 840 1 113730 2 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 03
+Comment = Netscape data type
+Description = dataURL (2 16 840 1 113730 2 3)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 04
+Comment = Netscape data type
+Description = dataHTML (2 16 840 1 113730 2 4)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 05
+Comment = Netscape data type
+Description = certSequence (2 16 840 1 113730 2 5)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 06
+Comment = Netscape certificate extension
+Description = certURL (2 16 840 1 113730 2 6)
+
+OID = 06 08 60 86 48 01 86 F8 42 03
+Comment = Netscape
+Description = directory (2 16 840 1 113730 3)
+
+OID = 06 09 60 86 48 01 86 F8 42 03 01
+Comment = Netscape directory
+Description = ldapDefinitions (2 16 840 1 113730 3 1)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 01
+Comment = Netscape LDAP definitions
+Description = carLicense (2 16 840 1 113730 3 1 1)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 02
+Comment = Netscape LDAP definitions
+Description = departmentNumber (2 16 840 1 113730 3 1 2)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 03
+Comment = Netscape LDAP definitions
+Description = employeeNumber (2 16 840 1 113730 3 1 3)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 04
+Comment = Netscape LDAP definitions
+Description = employeeType (2 16 840 1 113730 3 1 4)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 02 02
+Comment = Netscape LDAP definitions
+Description = inetOrgPerson (2 16 840 1 113730 3 2 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 04 01
+Comment = Netscape
+Description = serverGatedCrypto (2 16 840 1 113730 4 1)
+
+# Verisign
+
+# Country, zip, date of birth (age), and gender of cert owner (CZAG) in
+# obfuscated form
+OID = 06 0A 60 86 48 01 86 F8 45 01 06 03
+Comment = Verisign
+Description = verisignCZAG (2 16 840 1 113733 1 6 3)
+
+# Text string used in certs issued to Netscape InBox customers
+OID = 06 0A 60 86 48 01 86 F8 45 01 06 06
+Comment = Verisign
+Description = verisignInBox (2 16 840 1 113733 1 6 6)
+
+OID = 06 0A 60 86 48 01 86 F8 45 01 06 0B
+Comment = Verisign
+Description = Unknown Verisign VPN extension (2 16 840 1 113733 1 6 11)
+
+OID = 06 0A 60 86 48 01 86 F8 45 01 06 0D
+Comment = Verisign
+Description = Unknown Verisign VPN extension (2 16 840 1 113733 1 6 13)
+
+OID = 06 0B 60 86 48 01 86 F8 45 01 07 01 01
+Comment = Verisign
+Description = Verisign certificatePolicy (2 16 840 1 113733 1 7 1 1)
+
+OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 01
+Comment = Verisign (obsolete)
+Description = verisignCPSv1notice (2 16 840 1 113733 1 7 1 1 1)
+
+# DN contains non-verified subscriber information
+OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 02
+Comment = Verisign (obsolete)
+Description = verisignCPSv1nsi (2 16 840 1 113733 1 7 1 1 2)
+
+OID = 06 0A 60 86 48 01 86 F8 45 01 08 01
+Comment = Verisign
+Description = Verisign SGC CA? (2 16 840 1 113733 1 8 1)
+
+# SET
+
+OID = 06 03 67 2A 00
+Comment = SET
+Description = contentType (2 23 42 0)
+
+OID = 06 04 67 2A 00 00
+Comment = SET contentType
+Description = PANData (2 23 42 0 0)
+
+OID = 06 04 67 2A 00 01
+Comment = SET contentType
+Description = PANToken (2 23 42 0 1)
+
+OID = 06 04 67 2A 00 02
+Comment = SET contentType
+Description = PANOnly (2 23 42 0 2)
+
+# And on and on and on for another 80-odd OIDs which I'm not going to type in
+
+OID = 06 03 67 2A 01
+Comment = SET
+Description = msgExt (2 23 42 1)
+
+OID = 06 03 67 2A 02
+Comment = SET
+Description = field (2 23 42 2)
+
+OID = 06 04 67 2A 02 00
+Comment = SET field
+Description = fullName (2 23 42 2 0)
+
+OID = 06 04 67 2A 02 01
+Comment = SET field
+Description = givenName (2 23 42 2 1)
+
+OID = 06 04 67 2A 02 02
+Comment = SET field
+Description = familyName (2 23 42 2 2)
+
+OID = 06 04 67 2A 02 03
+Comment = SET field
+Description = birthFamilyName (2 23 42 2 3)
+
+OID = 06 04 67 2A 02 04
+Comment = SET field
+Description = placeName (2 23 42 2 4)
+
+OID = 06 04 67 2A 02 05
+Comment = SET field
+Description = identificationNumber (2 23 42 2 5)
+
+OID = 06 04 67 2A 02 06
+Comment = SET field
+Description = month (2 23 42 2 6)
+
+OID = 06 04 67 2A 02 07
+Comment = SET field
+Description = date (2 23 42 2 7)
+
+OID = 06 04 67 2A 02 08
+Comment = SET field
+Description = address (2 23 42 2 8)
+
+OID = 06 04 67 2A 02 09
+Comment = SET field
+Description = telephone (2 23 42 2 9)
+
+OID = 06 04 67 2A 02 0A
+Comment = SET field
+Description = amount (2 23 42 2 10)
+
+OID = 06 04 67 2A 02 0B
+Comment = SET field
+Description = accountNumber (2 23 42 2 7 11)
+
+OID = 06 04 67 2A 02 0C
+Comment = SET field
+Description = passPhrase (2 23 42 2 7 12)
+
+OID = 06 03 67 2A 03
+Comment = SET
+Description = attribute (2 23 42 3)
+
+OID = 06 04 67 2A 03 00
+Comment = SET attribute
+Description = cert (2 23 42 3 0)
+
+OID = 06 05 67 2A 03 00 00
+Comment = SET cert attribute
+Description = rootKeyThumb (2 23 42 3 0 0)
+
+OID = 06 05 67 2A 03 00 01
+Comment = SET cert attribute
+Description = additionalPolicy (2 23 42 3 0 1)
+
+OID = 06 03 67 2A 04
+Comment = SET
+Description = algorithm (2 23 42 4)
+
+OID = 06 03 67 2A 05
+Comment = SET
+Description = policy (2 23 42 5)
+
+OID = 06 04 67 2A 05 00
+Comment = SET policy
+Description = root (2 23 42 5 0)
+
+OID = 06 03 67 2A 06
+Comment = SET
+Description = module (2 23 42 6)
+
+OID = 06 03 67 2A 07
+Comment = SET
+Description = certExt (2 23 42 7)
+
+OID = 06 04 67 2A 07 00
+Comment = SET cert extension
+Description = hashedRootKey (2 23 42 7 0)
+
+OID = 06 04 67 2A 07 01
+Comment = SET cert extension
+Description = certificateType (2 23 42 7 1)
+
+OID = 06 04 67 2A 07 02
+Comment = SET cert extension
+Description = merchantData (2 23 42 7 2)
+
+OID = 06 04 67 2A 07 03
+Comment = SET cert extension
+Description = cardCertRequired (2 23 42 7 3)
+
+OID = 06 04 67 2A 07 04
+Comment = SET cert extension
+Description = tunneling (2 23 42 7 4)
+
+OID = 06 04 67 2A 07 05
+Comment = SET cert extension
+Description = setExtensions (2 23 42 7 5)
+
+OID = 06 04 67 2A 07 06
+Comment = SET cert extension
+Description = setQualifier (2 23 42 7 6)
+
+OID = 06 03 67 2A 08
+Comment = SET
+Description = brand (2 23 42 8)
+
+OID = 06 04 67 2A 08 01
+Comment = SET brand
+Description = IATA-ATA (2 23 42 8 1)
+
+OID = 06 04 67 2A 08 04
+Comment = SET brand
+Description = VISA (2 23 42 8 4)
+
+OID = 06 04 67 2A 08 05
+Comment = SET brand
+Description = MasterCard (2 23 42 8 5)
+
+OID = 06 04 67 2A 08 1E
+Comment = SET brand
+Description = Diners (2 23 42 8 30)
+
+OID = 06 04 67 2A 08 22
+Comment = SET brand
+Description = AmericanExpress (2 23 42 8 34)
+
+OID = 06 05 67 2A 08 AE 7B
+Comment = SET brand
+Description = Novus (2 23 42 8 6011)
+
+OID = 06 03 67 2A 09
+Comment = SET
+Description = vendor (2 23 42 9)
+
+OID = 06 04 67 2A 09 00
+Comment = SET vendor
+Description = GlobeSet (2 23 42 9 0)
+
+OID = 06 04 67 2A 09 01
+Comment = SET vendor
+Description = IBM (2 23 42 9 1)
+
+OID = 06 04 67 2A 09 02
+Comment = SET vendor
+Description = CyberCash (2 23 42 9 2)
+
+OID = 06 04 67 2A 09 03
+Comment = SET vendor
+Description = Terisa (2 23 42 9 3)
+
+OID = 06 04 67 2A 09 04
+Comment = SET vendor
+Description = RSADSI (2 23 42 9 4)
+
+OID = 06 04 67 2A 09 05
+Comment = SET vendor
+Description = VeriFone (2 23 42 9 5)
+
+OID = 06 04 67 2A 09 06
+Comment = SET vendor
+Description = TrinTech (2 23 42 9 6)
+
+OID = 06 04 67 2A 09 07
+Comment = SET vendor
+Description = BankGate (2 23 42 9 7)
+
+OID = 06 04 67 2A 09 08
+Comment = SET vendor
+Description = GTE (2 23 42 9 8)
+
+OID = 06 04 67 2A 09 09
+Comment = SET vendor
+Description = CompuSource (2 23 42 9 9)
+
+OID = 06 04 67 2A 09 0A
+Comment = SET vendor
+Description = Griffin (2 23 42 9 10)
+
+OID = 06 04 67 2A 09 0B
+Comment = SET vendor
+Description = Certicom (2 23 42 9 11)
+
+OID = 06 04 67 2A 09 0C
+Comment = SET vendor
+Description = OSS (2 23 42 9 12)
+
+OID = 06 04 67 2A 09 0D
+Comment = SET vendor
+Description = TenthMountain (2 23 42 9 13)
+
+OID = 06 04 67 2A 09 0E
+Comment = SET vendor
+Description = Antares (2 23 42 9 14)
+
+OID = 06 04 67 2A 09 0F
+Comment = SET vendor
+Description = ECC (2 23 42 9 15)
+
+OID = 06 04 67 2A 09 10
+Comment = SET vendor
+Description = Maithean (2 23 42 9 16)
+
+OID = 06 04 67 2A 09 11
+Comment = SET vendor
+Description = Netscape (2 23 42 9 17)
+
+OID = 06 04 67 2A 09 12
+Comment = SET vendor
+Description = Verisign (2 23 42 9 18)
+
+OID = 06 04 67 2A 09 13
+Comment = SET vendor
+Description = BlueMoney (2 23 42 9 19)
+
+OID = 06 04 67 2A 09 14
+Comment = SET vendor
+Description = Lacerte (2 23 42 9 20)
+
+OID = 06 04 67 2A 09 15
+Comment = SET vendor
+Description = Fujitsu (2 23 42 9 21)
+
+OID = 06 04 67 2A 09 16
+Comment = SET vendor
+Description = eLab (2 23 42 9 22)
+
+OID = 06 04 67 2A 09 17
+Comment = SET vendor
+Description = Entrust (2 23 42 9 23)
+
+OID = 06 04 67 2A 09 18
+Comment = SET vendor
+Description = VIAnet (2 23 42 9 24)
+
+OID = 06 04 67 2A 09 19
+Comment = SET vendor
+Description = III (2 23 42 9 25)
+
+OID = 06 04 67 2A 09 1A
+Comment = SET vendor
+Description = OpenMarket (2 23 42 9 26)
+
+OID = 06 04 67 2A 09 1B
+Comment = SET vendor
+Description = Lexem (2 23 42 9 27)
+
+OID = 06 04 67 2A 09 1C
+Comment = SET vendor
+Description = Intertrader (2 23 42 9 28)
+
+OID = 06 04 67 2A 09 1D
+Comment = SET vendor
+Description = Persimmon (2 23 42 9 29)
+
+OID = 06 04 67 2A 09 1E
+Comment = SET vendor
+Description = NABLE (2 23 42 9 30)
+
+OID = 06 04 67 2A 09 1F
+Comment = SET vendor
+Description = espace-net (2 23 42 9 31)
+
+OID = 06 04 67 2A 09 20
+Comment = SET vendor
+Description = Hitachi (2 23 42 9 32)
+
+OID = 06 04 67 2A 09 21
+Comment = SET vendor
+Description = Microsoft (2 23 42 9 33)
+
+OID = 06 04 67 2A 09 22
+Comment = SET vendor
+Description = NEC (2 23 42 9 34)
+
+OID = 06 04 67 2A 09 23
+Comment = SET vendor
+Description = Mitsubishi (2 23 42 9 35)
+
+OID = 06 04 67 2A 09 24
+Comment = SET vendor
+Description = NCR (2 23 42 9 36)
+
+OID = 06 04 67 2A 09 25
+Comment = SET vendor
+Description = e-COMM (2 23 42 9 37)
+
+OID = 06 04 67 2A 09 26
+Comment = SET vendor
+Description = Gemplus (2 23 42 9 38)
+
+OID = 06 03 67 2A 0A
+Comment = SET
+Description = national (2 23 42 10)
+
+OID = 06 05 67 2A 0A 81 40
+Comment = SET national
+Description = Japan (2 23 42 10 192)
+
+# Draft SET. These were invented for testing in pre-1.0 drafts, but have
+# been used nonetheless by implementors
+
+OID = 06 04 86 8D 6F 02
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = hashedRootKey (2 54 1775 2)
+Warning
+
+OID = 06 04 86 8D 6F 03
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = certificateType (2 54 1775 3)
+Warning
+
+OID = 06 04 86 8D 6F 04
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = merchantData (2 54 1775 4)
+Warning
+
+OID = 06 04 86 8D 6F 05
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = cardCertRequired (2 54 1775 5)
+Warning
+
+OID = 06 04 86 8D 6F 06
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = tunneling (2 54 1775 6)
+Warning
+
+OID = 06 04 86 8D 6F 07
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = setQualifier (2 54 1775 7)
+Warning
+
+OID = 06 04 86 8D 6F 63
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = set-data (2 54 1775 99)
+Warning
+
+# End of Fahnenstange
projects / platform / upstream / rpm.git / commitdiff