29 August 2010

Orange Spain disclosing user phone number

I'm currently assessing how mobile operators modify and enrich HTTP headers. I´ve already analyzed the main operators in France, Germany, Italy, Spain and UK with very interesting results I´ll publish soon.

The focus of the study is double, first, check how users are identified when using mobile connections to browse the web and second, the modifications that the operators do to the HTTP headers like the User-Agent, Accept, Accept-Encoding...

Regarding user identification mobile operators will normally have two methods depending on the site that the user is accessing. For internal trusted sites they will add the user MSISDN (the phone number) in an HTTP header like x-up-calling-line-id, x-up-subno, x-nokia-msisdn or a proprietary one, while for the rest, and in order to protect user's identity, they will add a temporary ID instead. That will help the web site to track the user activity during a browsing session but will prevent the web site from fully identifying the user.

During the assessment I found that Orange Spain is adding the user MSISDN in any HTTP request sent in its network. This means that it is really simple to get the user phone number from an Orange Spain user. On one hand, I saw that Orange Spain uses the header x-up-calling-line-id to add a user temporary ID that changes every 24h but I also found that in any HTTP request they will add the user phone number in the header X-Network-info.

I copy below an example of the headers where I removed some information. In green there are the headers added by my crawler while in red you can see the extra headers added by the Orange Spain WAP Gateway:

Host: {REMOVED}
TE: deflate,gzip;q=0.3
Accept: text/html, text/vnd.wap.wml, application/vnd.wap.html+xml, application/xhtml+xml, application/vnd.wap.xhtml+xml, text/x-wap.wml, text/x-hdml, text/vnd.sun.j2me.app-descriptor, application/java-archive, application/octet-stream, image/png, image/gif, image/jpg, image/jpeg, */*, text/x-vcard, text/x-vcalendar, image/vnd.wap.wbmpAccept-Charset: iso-8859-1,utf-8
Accept-Language: en-us,en;q=0.5
User-Agent: HeaderValidator/1.1
Content-length: 0
Via: WTP/1.1 nwg2 (Nokia WAP Gateway 4.1/CD21/4.1.116)
X-Network-info: CSD,34xxxxxxxxx,unsecured
X-Nokia-CONNECTION_MODE: TCP
X-Nokia-BEARER: CSD
X-Nokia-GATEWAY_ID: NWG/4.1/Build116
x-nokia.wia.accept.original: text/html,text/vnd.wap.wml,application/vnd.wap.html+xml,application/xhtml+xml,application/vnd.wap.xhtml+xml,text/x-wap.wml,text/x-hdml,text/vnd.sun.j2me.app-descriptor,application/java-archive,application/octet-stream,image/png,image/gif,image/jpg,image/jpeg,*/*,text/x-vCard,text/x-vCalendar,image/vnd.wap.wbmp
Connection: close
x-up-calling-line-id:{REMOVED}

I notified Orange Spain more than a month ago regarding the misconfiguration and its effects on their own customers but unfortunately it is still there.

If you are a user of Orange Spain have in mind that every web site you access with your mobile phone will get your phone number. Don`t be surprised if you start receiving SMS SPAM or unsolicited calls!

24 August 2010

Generic OIDs for openssl asn1parse

As a follow up of my previous post on Microsoft OIDs I add a list of the most common OIDs found in http://www.rsa.com/products/bsafe/documentation/sslc251html/group__AD__COMMON__OIDS.html
I add them in a format ready for openssl

0 undef Undefined
0.9.2342.19200300.100.1.1 userID User Identifier
0.9.2342.19200300.100.1.25 domainComponent Domain Component
1.2.643.2.2.24 gostR3411WithGost GOST
1.2.840.10040.4.1 dsa DSA
1.2.840.10040.4.3 dsaWithSHA1 Digital Signature Algorithm (DSA) with Secure Hash Algorithm 1 (SHA1)
1.2.840.10045.2.1 ecc Elliptic Curve Cryptography (ECC)
1.2.840.10045.4.1 ECDSAwithSHA1 Elliptic Curve DSA with SHA1
1.2.840.113533.7.66.10 cast5_cbc CAST Cipher Block Chaining (CBC)
1.2.840.113533.7.66.12 pbeWithMD5AndCast5_CBC CAST MD5 CBC
1.2.840.113549 rsadsi RSA Data Security Inc.
1.2.840.113549.1 pkcs Public Key Cryptography Standards (PKCS)
1.2.840.113549.1.1.1 rsaEncryption RSA Encryption
1.2.840.113549.1.1.2 md2WithRSAEncryption MD2 with RSA encryption
1.2.840.113549.1.1.4 md5WithRSAEncryption MD5 with RSA encryption
1.2.840.113549.1.1.7 rsaes_oaep RSAES Optimal Asymmetric Encryption Padding (OAEP)
1.2.840.113549.1.1.8 id_mgf Mask generation function OAEP padding
1.2.840.113549.1.1.9 id_pspecified Parameters source function OAEP padding
1.2.840.113549.1.3 pkcs3 PKCS #3
1.2.840.113549.1.3.1 dhKeyAgreement Diffie-Hellman key agreement
1.2.840.113549.1.5.1 pbeWithMD2AndDES_CBC Password Based Encryption algorithm with MD2 and DES_CBC
1.2.840.113549.1.5.11 pbeWithSHA1AndRC2_CBC Password Based Encryption algorithm with SHA1 and RC2_CBC
1.2.840.113549.1.5.12 pbeWithSHA1AndRC4 Password Based Encryption algorithm with SHA1 and RC4
1.2.840.113549.1.5.3 pbeWithMD5AndDES_CBC Password Based Encryption algorithm with MD5 and DES_CBC
1.2.840.113549.1.7 pkcs7 PKCS #7
1.2.840.113549.1.7.1 pkcs7_data PKCS #7 data
1.2.840.113549.1.7.2 pkcs7_signed PKCS #7 signed data
1.2.840.113549.1.7.3 pkcs7_enveloped PKCS #7 enveloped data
1.2.840.113549.1.7.4 pkcs7_signedAndEnveloped PKCS #7 signed and enveloped data
1.2.840.113549.1.7.5 pkcs7_digest PKCS #7 digest data
1.2.840.113549.1.7.6 pkcs7_encrypted PKCS #7 encrypted data
1.2.840.113549.1.9 pkcs9 PKCS #9
1.2.840.113549.1.9.1 pkcs9_emailAddress PKCS #9 e-mail address
1.2.840.113549.1.9.2 pkcs9_unstructuredName PKCS #9 unstructured name
1.2.840.113549.1.9.3 pkcs9_contentType PKCS #9 content type
1.2.840.113549.1.9.4 pkcs9_messageDigest PKCS #9 message digest
1.2.840.113549.1.9.5 pkcs9_signingTime PKCS #9 signing time
1.2.840.113549.1.9.6 pkcs9_countersignature PKCS #9 counter signature
1.2.840.113549.1.9.7 pkcs9_challengePassword PKCS #9 challenge password
1.2.840.113549.1.9.8 pkcs9_unstructuredAddress PKCS #9 unstructured address
1.2.840.113549.1.9.9 pkcs9_extCertAttributes PKCS #9 extended certificate attributes
1.2.840.113549.2.2 md2 MD2
1.2.840.113549.2.5 md5 MD5
1.2.840.113549.3.11.1 rc6_ebc RC6 Electronic Code Book (ECB)
1.2.840.113549.3.11.2 rc6_cbc RC6 CBC
1.2.840.113549.3.11.3 rc6_ofb128 RC6 128-bit Output Feedback (OFB)
1.2.840.113549.3.11.4 rc6_cfb128 RC6 128-bit Cipher Feedback (CFB)
1.2.840.113549.3.2 rc2_cbc RC2 with CBC
1.2.840.113549.3.4 rc4 RC4
1.2.840.113549.3.7 des_ede3_cbc DES with EDE3 CBC
1.2.840.113549.3.9 rc5_cbc RC5 CBC
1.2.840.1135491.1.1.5 sha1WithRSAEncryption SHA1 with RSA encryption
1.3.132.0.1 sigECDSAec239a01 Koblitz Elliptic Curve over F2m
1.3.132.0.2 sigECDSAec163b01 Random Elliptic Curve over F2m
1.3.132.0.3 sigECDSAec163a01 Koblitz Elliptic Curve over F2m
1.3.14.3.2 algorithm ALGORITHM
1.3.14.3.2.12 dsa_2 DSA
1.3.14.3.2.13 dsaWithSHA DSA with SHA
1.3.14.3.2.15 shaWithRSAEncryption SHA with RSA encryption
1.3.14.3.2.17 des_ede DES EDE
1.3.14.3.2.18 sha SHA
1.3.14.3.2.26 sha1 SHA1
1.3.14.3.2.27 dsaWithSHA1_2 DSA with SHA1
1.3.14.3.2.29 sha1WithRSA SHA1 with RSA
1.3.14.3.2.3 md5WithRSA MD5 RSA
1.3.14.3.2.6 des_ecb DES ECB
1.3.14.3.2.7 des_cbc DES CBC
1.3.14.3.2.8 des_ofb64 DES with 64-bit OFB
1.3.14.3.2.9 des_cfb64 DES with 64-bit CFB
1.3.36.3.2.1 ripemd160 RIPMD-160
1.3.36.3.3.1.2 ripemd160WithRSA RSA signature with RIPMD-160
1.3.6.1.4.1.311.10.3.3 ms_sgc Microsoft Server Gated Cryptography
1.3.6.1.5.5.7.3 id_kp Key purpose identifier
1.3.6.1.5.5.7.3.1 serverAuth Server authentication key usage extension
1.3.6.1.5.5.7.3.2 clientAuth Client authentication key usage extension
1.3.6.1.5.5.7.3.3 codeSigning Code signing key usage extension
1.3.6.1.5.5.7.3.4 emailProtection E-mail protection key usage extension
1.3.6.1.5.5.7.3.5 ipsecEndSystem IPSec end system key usage extension
1.3.6.1.5.5.7.3.6 ipsecTunnel IPSec tunnel key usage extension
1.3.6.1.5.5.7.3.7 ipsecUser IPSec user key usage extension
1.3.6.1.5.5.7.3.8 timeStamping Time stamping key usage extension
1.3.6.1.5.5.7.3.9 ocspSigning Online Certificate Status Protocol (OCSP) signing key usage extension
2.16.840.1.101.3.4.1 nistAlgorithms1 NIST-certified algorithms
2.16.840.1.101.3.4.1.1 aes128_ecb AES 128-bit ECB
2.16.840.1.101.3.4.1.2 aes128_cbc AES 128-bit CBC
2.16.840.1.101.3.4.1.21 aes192_ecb AES 192-bit ECB
2.16.840.1.101.3.4.1.22 aes192_cbc AES 192-bit CBC
2.16.840.1.101.3.4.1.23 aes192_ofb AES 192-bit OFB
2.16.840.1.101.3.4.1.24 aes192_cfb AES 192-bit CFB
2.16.840.1.101.3.4.1.3 aes128_ofb AES 128-bit OFB
2.16.840.1.101.3.4.1.4 aes128_cfb AES 128-bit CFB
2.16.840.1.101.3.4.1.41 aes256_ecb AES 256-bit ECB
2.16.840.1.101.3.4.1.42 aes256_cbc AES 256-bit CBC
2.16.840.1.101.3.4.1.43 aes256_ofb AES 256-bit OFB
2.16.840.1.101.3.4.1.44 aes256_cfb AES 256-bit CFB
2.16.840.1.101.3.4.2.1 sha256 SHA256
2.16.840.1.101.3.4.2.2 sha384 SHA384
2.16.840.1.101.3.4.2.3 sha512 SHA512
2.16.840.1.113730 netscape Netscape
2.16.840.1.113730.1 netscape_cert_extension Netscape certificate extension
2.16.840.1.113730.1.1 netscape_cert_type Netscape certificate type
2.16.840.1.113730.1.12 netscape_ssl_server_name Netscape SSL server name
2.16.840.1.113730.1.13 netscape_comment Netscape comment
2.16.840.1.113730.1.2 netscape_base_url Netscape base URL
2.16.840.1.113730.1.3 netscape_revocation_url Netscape revocation URL
2.16.840.1.113730.1.4 netscape_ca_revocation_url Netscape Certification Authority (CA) revocation URL
2.16.840.1.113730.1.7 netscape_renewal_url Netscape renewal URL
2.16.840.1.113730.1.8 netscape_ca_policy_url Netscape CA policy URL
2.16.840.1.113730.2 netscape_data_type Netscape data type
2.16.840.1.113730.2.5 netscape_cert_sequence Netscape certificate sequence
2.16.840.1.113730.4.1 ns_sgc Netscape Server Gated Cryptography
2.5 X500 X.500
2.5.29 id_ce Certificate extension identifier
2.5.29.14 subject_key_identifier X.509 version 3 subject key identifier
2.5.29.15 key_usage X.509 version 3 key usage identifier
2.5.29.16 private_key_usage_period X.509 version 3 private key usage period
2.5.29.17 subject_alt_name X.509 version 3 subject alternative name
2.5.29.18 issuer_alt_name X.509 version 3 issuer alternative name
2.5.29.19 basic_constraints X.509 version 3 basic constraints
2.5.29.20 crl_number X.509 version 3 Certificate Revocation List (CRL) number
2.5.29.21 reasonCode X.509 version 3 CRL reason code
2.5.29.23 instruction_code X.509 version 3 CRL instruction code
2.5.29.24 invalidity_date X.509 version 3 CRL invalidity date
2.5.29.27 delta_crl_indicator X.509 version 3 CRL delta CRL indicator
2.5.29.28 issuing_distribution_point X.509 version 3 CRL issuing distribution point
2.5.29.30 name_constraints X.509 version 3 CRL name constraints
2.5.29.30 name_constraints X.509 version 3 CRL name constraints
2.5.29.31 crl_distribution_points X.509 version 3 CRL distribution points
2.5.29.32 certificate_policies X.509 version 3 certificate policies
2.5.29.35 authority_key_identifier X.509 version 3 Authority Key Identifier
2.5.29.37 ext_key_usage X.509 version 3 extended key usage
2.5.4 X509 X.509
2.5.4.10 organizationName Organization name
2.5.4.11 organizationalUnitName Organizational unit name
2.5.4.12 title Title
2.5.4.13 description Description
2.5.4.3 commonName Common name
2.5.4.4 surname Surname
2.5.4.42 givenName Given name
2.5.4.43 initials Initials
2.5.4.44 generationQualifier Generation qualifier
2.5.4.45 uniqueIdentifier Unique identifier
2.5.4.46 dnQualifier Distinguished Name (DN) qualifier
2.5.4.5 serialNumber Serial number
2.5.4.6 countryName Country name
2.5.4.7 localityName Locality name
2.5.4.8 stateOrProvinceName State or province name
2.5.4.9 street Street
2.5.8.1.1 rsa RSA

17 August 2010

Microsoft OIDs

Doing some asn1 parsing with Openssl I came across some some specific Microsoft OID which where unknown. I found the "Object IDs associated with Microsoft cryptography" page (http://support.microsoft.com/kb/287547) with a long list of OIDs. As I wanted to use them with the Openssl asn1 parser I put them in a file (oid.txt) with the following format:

  OID short_name long_name
  OID2 short_name2 long_name2

so I can just run the command:
  openssl asn1parse -oid oid.txt -in file

In case you ever want to use them but don´t want to spend time putting the file together, I just copy the contents of the oid.txt below.

1.3.6.1.4.1.311 Microsoft_OID Microsoft OID
1.3.6.1.4.1.311.2 Authenticode Authenticode
1.3.6.1.4.1.311.2.1.4 SPC_INDIRECT_DATA_OBJID SPC INDIRECT DATA OBJID
1.3.6.1.4.1.311.2.1.11 SPC_STATEMENT_TYPE_OBJID SPC STATEMENT TYPE OBJID
1.3.6.1.4.1.311.2.1.12 SPC_SP_OPUS_INFO_OBJID SPC SP OPUS INFO OBJID
1.3.6.1.4.1.311.2.1.15 SPC_PE_IMAGE_DATA_OBJID SPC PE IMAGE DATA OBJID
1.3.6.1.4.1.311.2.1.10 SPC_SP_AGENCY_INFO_OBJID SPC SP AGENCY INFO OBJID
1.3.6.1.4.1.311.2.1.26 SPC_MINIMAL_CRITERIA_OBJID SPC MINIMAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.27 SPC_FINANCIAL_CRITERIA_OBJID SPC FINANCIAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.28 SPC_LINK_OBJID SPC LINK OBJID
1.3.6.1.4.1.311.2.1.29 SPC_HASH_INFO_OBJID SPC HASH INFO OBJID
1.3.6.1.4.1.311.2.1.30 SPC_SIPINFO_OBJID SPC SIPINFO OBJID
1.3.6.1.4.1.311.2.1.14 SPC_CERT_EXTENSIONS_OBJID SPC CERT EXTENSIONS OBJID
1.3.6.1.4.1.311.2.1.18 SPC_RAW_FILE_DATA_OBJID SPC RAW FILE DATA OBJID
1.3.6.1.4.1.311.2.1.19 SPC_STRUCTURED_STORAGE_DATA_OBJID SPC STRUCTURED STORAGE DATA OBJID
1.3.6.1.4.1.311.2.1.20 SPC_JAVA_CLASS_DATA_OBJID SPC JAVA CLASS DATA OBJID
1.3.6.1.4.1.311.2.1.21 SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID SPC INDIVIDUAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.22 SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID SPC COMMERCIAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.25 SPC_CAB_DATA_OBJID SPC CAB DATA OBJID
1.3.6.1.4.1.311.2.1.25 SPC_GLUE_RDN_OBJID SPC GLUE RDN OBJID
1.3.6.1.4.1.311.2.2 CTL_for_Software_Publishers_Trusted_CAs CTL for Software Publishers Trusted CAs
1.3.6.1.4.1.311.2.2.1 szOID_TRUSTED_CODESIGNING_CA_LIST OID TRUSTED CODESIGNING CA LIST
1.3.6.1.4.1.311.2.2.2 szOID_TRUSTED_CLIENT_AUTH_CA_LIST OID TRUSTED CLIENT AUTH CA LIST
1.3.6.1.4.1.311.2.2.3 szOID_TRUSTED_SERVER_AUTH_CA_LIST OID TRUSTED SERVER AUTH CA LIST
1.3.6.1.4.1.311.3 Time_Stamping Time Stamping
1.3.6.1.4.1.311.3.2.1 SPC_TIME_STAMP_REQUEST_OBJID SPC TIME STAMP REQUEST OBJID
1.3.6.1.4.1.311.4 Permissions Permissions
1.3.6.1.4.1.311.10 Crypto_2.0 Crypto 2.0
1.3.6.1.4.1.311.10.1 szOID_CTL OID CTL
1.3.6.1.4.1.311.10.1.1 szOID_SORTED_CTL OID SORTED CTL
1.3.6.1.4.1.311.10.2 szOID_NEXT_UPDATE_LOCATION OID NEXT UPDATE LOCATION
1.3.6.1.4.1.311.10.3.1 szOID_KP_CTL_USAGE_SIGNING OID KP CTL USAGE SIGNING
1.3.6.1.4.1.311.10.3.2 szOID_KP_TIME_STAMP_SIGNING OID KP TIME STAMP SIGNING
1.3.6.1.4.1.311.10.3.3 szOID_SERVER_GATED_CRYPTO OID SERVER GATED CRYPTO
1.3.6.1.4.1.311.10.3.3.1 szOID_SERIALIZED OID SERIALIZED
1.3.6.1.4.1.311.10.3.4 szOID_EFS_CRYPTO OID EFS CRYPTO
1.3.6.1.4.1.311.10.3.4.1 szOID_EFS_RECOVERY OID EFS RECOVERY
1.3.6.1.4.1.311.10.3.5 szOID_WHQL_CRYPTO OID WHQL CRYPTO
1.3.6.1.4.1.311.10.3.6 szOID_NT5_CRYPTO OID NT5 CRYPTO
1.3.6.1.4.1.311.10.3.7 szOID_OEM_WHQL_CRYPTO OID OEM WHQL CRYPTO
1.3.6.1.4.1.311.10.3.8 szOID_EMBEDDED_NT_CRYPTO OID EMBEDDED NT CRYPTO
1.3.6.1.4.1.311.10.3.9 szOID_ROOT_LIST_SIGNER OID ROOT LIST SIGNER
1.3.6.1.4.1.311.10.3.10 szOID_KP_QUALIFIED_SUBORDINATION OID KP QUALIFIED SUBORDINATION
1.3.6.1.4.1.311.10.3.11 szOID_KP_KEY_RECOVERY OID KP KEY RECOVERY
1.3.6.1.4.1.311.10.3.12 szOID_KP_DOCUMENT_SIGNING OID KP DOCUMENT SIGNING
1.3.6.1.4.1.311.10.4.1 szOID_YESNO_TRUST_ATTR OID YESNO TRUST ATTR
1.3.6.1.4.1.311.10.5.1 szOID_DRM OID DRM
1.3.6.1.4.1.311.10.5.2 szOID_DRM_INDIVIDUALIZATION OID DRM INDIVIDUALIZATION
1.3.6.1.4.1.311.10.6.1 szOID_LICENSES OID LICENSES
1.3.6.1.4.1.311.10.6.2 szOID_LICENSE_SERVER OID LICENSE SERVER
1.3.6.1.4.1.311.10.7 szOID_MICROSOFT_RDN_PREFIX OID MICROSOFT RDN PREFIX
1.3.6.1.4.1.311.10.7.1 szOID_KEYID_RDN OID KEYID RDN
1.3.6.1.4.1.311.10.8.1 szOID_REMOVE_CERTIFICATE OID REMOVE CERTIFICATE
1.3.6.1.4.1.311.10.9.1 szOID_CROSS_CERT_DIST_POINTS OID CROSS CERT DIST POINTS
1.3.6.1.4.1.311.10.10 Microsoft_CMC_OIDs Microsoft CMC OIDs
1.3.6.1.4.1.311.10.10.1 szOID_CMC_ADD_ATTRIBUTES OID CMC ADD ATTRIBUTES
1.3.6.1.4.1.311.10.11 Microsoft_certificate_property_OIDs Microsoft certificate property OIDs
1.3.6.1.4.1.311.10.11. szOID_CERT_PROP_ID_PREFIX OID CERT PROP ID PREFIX
1.3.6.1.4.1.311.10.12 CryptUI CryptUI
1.3.6.1.4.1.311.10.12.1 szOID_ANY_APPLICATION_POLICY OID ANY APPLICATION POLICY
1.3.6.1.4.1.311.12 Catalog Catalog
1.3.6.1.4.1.311.12.1.1 szOID_CATALOG_LIST OID CATALOG LIST
1.3.6.1.4.1.311.12.1.2 szOID_CATALOG_LIST_MEMBER OID CATALOG LIST MEMBER
1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID CAT NAMEVALUE OBJID
1.3.6.1.4.1.311.12.2.2 CAT_MEMBERINFO_OBJID CAT MEMBERINFO OBJID
1.3.6.1.4.1.311.13 Microsoft_PKCS10_OIDs Microsoft PKCS10 OIDs
1.3.6.1.4.1.311.13.1 szOID_RENEWAL_CERTIFICATE OID RENEWAL CERTIFICATE
1.3.6.1.4.1.311.13.2.1 szOID_ENROLLMENT_NAME_VALUE_PAIR OID ENROLLMENT NAME VALUE PAIR
1.3.6.1.4.1.311.13.2.2 szOID_ENROLLMENT_CSP_PROVIDER OID ENROLLMENT CSP PROVIDER
1.3.6.1.4.1.311.15 Microsoft_Java Microsoft Java
1.3.6.1.4.1.311.16 Microsoft_Outlook/Exchange Microsoft Outlook/Exchange
1.3.6.1.4.1.311.16.4 Outlook_Express Outlook Express
1.3.6.1.4.1.311.17 Microsoft_PKCS12_attributes Microsoft PKCS12 attributes
1.3.6.1.4.1.311.17.1 szOID_LOCAL_MACHINE_KEYSET OID LOCAL MACHINE KEYSET
1.3.6.1.4.1.311.18 Microsoft_Hydra Microsoft Hydra
1.3.6.1.4.1.311.19 Microsoft_ISPU_Test Microsoft ISPU Test
1.3.6.1.4.1.311.20 Microsoft_Enrollment_Infrastructure Microsoft Enrollment Infrastructure
1.3.6.1.4.1.311.20.1 szOID_AUTO_ENROLL_CTL_USAGE OID AUTO ENROLL CTL USAGE
1.3.6.1.4.1.311.20.2 szOID_ENROLL_CERTTYPE_EXTENSION OID ENROLL CERTTYPE EXTENSION
1.3.6.1.4.1.311.20.2.1 szOID_ENROLLMENT_AGENT OID ENROLLMENT AGENT
1.3.6.1.4.1.311.20.2.2 szOID_KP_SMARTCARD_LOGON OID KP SMARTCARD LOGON
1.3.6.1.4.1.311.20.2.3 szOID_NT_PRINCIPAL_NAME OID NT PRINCIPAL NAME
1.3.6.1.4.1.311.20.3 szOID_CERT_MANIFOLD OID CERT MANIFOLD
1.3.6.1.4.1.311.21 Microsoft_CertSrv_Infrastructure Microsoft CertSrv Infrastructure
1.3.6.1.4.1.311.21.1 szOID_CERTSRV_CA_VERSION OID CERTSRV CA VERSION
1.3.6.1.4.1.311.25 Microsoft_Directory_Service Microsoft Directory Service
1.3.6.1.4.1.311.25.1 szOID_NTDS_REPLICATION OID NTDS REPLICATION
1.3.6.1.4.1.311.30 IIS IIS
1.3.6.1.4.1.311.31 Windows_updates_and_service_packs Windows updates and service packs
1.3.6.1.4.1.311.31.1 szOID_PRODUCT_UPDATE OID PRODUCT UPDATE
1.3.6.1.4.1.311.40 Fonts Fonts
1.3.6.1.4.1.311.41 Microsoft_Licensing_and_Registration Microsoft Licensing and Registration
1.3.6.1.4.1.311.42 Microsoft_Corporate_PKI_(ITG) Microsoft Corporate PKI (ITG)
1.3.6.1.4.1.311.88 CAPICOM CAPICOM
1.3.6.1.4.1.311.88 szOID_CAPICOM OID CAPICOM
1.3.6.1.4.1.311.88.1 szOID_CAPICOM_VERSION OID CAPICOM VERSION
1.3.6.1.4.1.311.88.2 szOID_CAPICOM_ATTRIBUTE OID CAPICOM ATTRIBUTE
1.3.6.1.4.1.311.88.2.1 szOID_CAPICOM_DOCUMENT_NAME OID CAPICOM DOCUMENT NAME
1.3.6.1.4.1.311.88.2.2 szOID_CAPICOM_DOCUMENT_DESCRIPTION OID CAPICOM DOCUMENT DESCRIPTION
1.3.6.1.4.1.311.88.3 szOID_CAPICOM_ENCRYPTED_DATA OID CAPICOM ENCRYPTED DATA
1.3.6.1.4.1.311.88.3.1 szOID_CAPICOM_ENCRYPTED_CONTENT OID CAPICOM ENCRYPTED CONTENT
1.3.6.1.4.1.311 Microsoft_OID Microsoft OID
1.3.6.1.4.1.311.2 Authenticode Authenticode
1.3.6.1.4.1.311.2.1.4 SPC_INDIRECT_DATA_OBJID SPC INDIRECT DATA OBJID
1.3.6.1.4.1.311.2.1.11 SPC_STATEMENT_TYPE_OBJID SPC STATEMENT TYPE OBJID
1.3.6.1.4.1.311.2.1.12 SPC_SP_OPUS_INFO_OBJID SPC SP OPUS INFO OBJID
1.3.6.1.4.1.311.2.1.15 SPC_PE_IMAGE_DATA_OBJID SPC PE IMAGE DATA OBJID
1.3.6.1.4.1.311.2.1.10 SPC_SP_AGENCY_INFO_OBJID SPC SP AGENCY INFO OBJID
1.3.6.1.4.1.311.2.1.26 SPC_MINIMAL_CRITERIA_OBJID SPC MINIMAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.27 SPC_FINANCIAL_CRITERIA_OBJID SPC FINANCIAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.28 SPC_LINK_OBJID SPC LINK OBJID
1.3.6.1.4.1.311.2.1.29 SPC_HASH_INFO_OBJID SPC HASH INFO OBJID
1.3.6.1.4.1.311.2.1.30 SPC_SIPINFO_OBJID SPC SIPINFO OBJID
1.3.6.1.4.1.311.2.1.14 SPC_CERT_EXTENSIONS_OBJID SPC CERT EXTENSIONS OBJID
1.3.6.1.4.1.311.2.1.18 SPC_RAW_FILE_DATA_OBJID SPC RAW FILE DATA OBJID
1.3.6.1.4.1.311.2.1.19 SPC_STRUCTURED_STORAGE_DATA_OBJID SPC STRUCTURED STORAGE DATA OBJID
1.3.6.1.4.1.311.2.1.20 SPC_JAVA_CLASS_DATA_OBJID SPC JAVA CLASS DATA OBJID
1.3.6.1.4.1.311.2.1.21 SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID SPC INDIVIDUAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.22 SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID SPC COMMERCIAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.25 SPC_CAB_DATA_OBJID SPC CAB DATA OBJID
1.3.6.1.4.1.311.2.1.25 SPC_GLUE_RDN_OBJID SPC GLUE RDN OBJID
1.3.6.1.4.1.311.2.2 CTL_for_Software_Publishers_Trusted_CAs CTL for Software Publishers Trusted CAs
1.3.6.1.4.1.311.2.2.1 szOID_TRUSTED_CODESIGNING_CA_LIST OID TRUSTED CODESIGNING CA LIST
1.3.6.1.4.1.311.2.2.2 szOID_TRUSTED_CLIENT_AUTH_CA_LIST OID TRUSTED CLIENT AUTH CA LIST
1.3.6.1.4.1.311.2.2.3 szOID_TRUSTED_SERVER_AUTH_CA_LIST OID TRUSTED SERVER AUTH CA LIST
1.3.6.1.4.1.311.3 Time_Stamping Time Stamping
1.3.6.1.4.1.311.3.2.1 SPC_TIME_STAMP_REQUEST_OBJID SPC TIME STAMP REQUEST OBJID
1.3.6.1.4.1.311.4 Permissions Permissions
1.3.6.1.4.1.311.10 Crypto_2.0 Crypto 2.0
1.3.6.1.4.1.311.10.1 szOID_CTL OID CTL
1.3.6.1.4.1.311.10.1.1 szOID_SORTED_CTL OID SORTED CTL
1.3.6.1.4.1.311.10.2 szOID_NEXT_UPDATE_LOCATION OID NEXT UPDATE LOCATION
1.3.6.1.4.1.311.10.3.1 szOID_KP_CTL_USAGE_SIGNING OID KP CTL USAGE SIGNING
1.3.6.1.4.1.311.10.3.2 szOID_KP_TIME_STAMP_SIGNING OID KP TIME STAMP SIGNING
1.3.6.1.4.1.311.10.3.3 szOID_SERVER_GATED_CRYPTO OID SERVER GATED CRYPTO
1.3.6.1.4.1.311.10.3.3.1 szOID_SERIALIZED OID SERIALIZED
1.3.6.1.4.1.311.10.3.4 szOID_EFS_CRYPTO OID EFS CRYPTO
1.3.6.1.4.1.311.10.3.4.1 szOID_EFS_RECOVERY OID EFS RECOVERY
1.3.6.1.4.1.311.10.3.5 szOID_WHQL_CRYPTO OID WHQL CRYPTO
1.3.6.1.4.1.311.10.3.6 szOID_NT5_CRYPTO OID NT5 CRYPTO
1.3.6.1.4.1.311.10.3.7 szOID_OEM_WHQL_CRYPTO OID OEM WHQL CRYPTO
1.3.6.1.4.1.311.10.3.8 szOID_EMBEDDED_NT_CRYPTO OID EMBEDDED NT CRYPTO
1.3.6.1.4.1.311.10.3.9 szOID_ROOT_LIST_SIGNER OID ROOT LIST SIGNER
1.3.6.1.4.1.311.10.3.10 szOID_KP_QUALIFIED_SUBORDINATION OID KP QUALIFIED SUBORDINATION
1.3.6.1.4.1.311.10.3.11 szOID_KP_KEY_RECOVERY OID KP KEY RECOVERY
1.3.6.1.4.1.311.10.3.12 szOID_KP_DOCUMENT_SIGNING OID KP DOCUMENT SIGNING
1.3.6.1.4.1.311.10.3.13 szOID_KP_LIFETIME_SIGNING OID KP LIFETIME SIGNING
1.3.6.1.4.1.311.10.3.14 szOID_KP_MOBILE_DEVICE_SOFTWARE OID KP MOBILE DEVICE SOFTWARE
1.3.6.1.4.1.311.10.4.1 szOID_YESNO_TRUST_ATTR OID YESNO TRUST ATTR
1.3.6.1.4.1.311.10.5.1 szOID_DRM OID DRM
1.3.6.1.4.1.311.10.5.2 szOID_DRM_INDIVIDUALIZATION OID DRM INDIVIDUALIZATION
1.3.6.1.4.1.311.10.6.1 szOID_LICENSES OID LICENSES
1.3.6.1.4.1.311.10.6.2 szOID_LICENSE_SERVER OID LICENSE SERVER
1.3.6.1.4.1.311.10.7 szOID_MICROSOFT_RDN_PREFIX OID MICROSOFT RDN PREFIX
1.3.6.1.4.1.311.10.7.1 szOID_KEYID_RDN OID KEYID RDN
1.3.6.1.4.1.311.10.8.1 szOID_REMOVE_CERTIFICATE OID REMOVE CERTIFICATE
1.3.6.1.4.1.311.10.9.1 szOID_CROSS_CERT_DIST_POINTS OID CROSS CERT DIST POINTS
1.3.6.1.4.1.311.10.10 Microsoft_CMC_OIDs Microsoft CMC OIDs
1.3.6.1.4.1.311.10.10.1 szOID_CMC_ADD_ATTRIBUTES OID CMC ADD ATTRIBUTES
1.3.6.1.4.1.311.10.11 Microsoft_certificate_property_OIDs Microsoft certificate property OIDs
1.3.6.1.4.1.311.10.11.1 szOID_CERT_PROP_ID_PREFIX OID CERT PROP ID PREFIX
1.3.6.1.4.1.311.10.12 CryptUI CryptUI
1.3.6.1.4.1.311.10.12.1 szOID_ANY_APPLICATION_POLICY OID ANY APPLICATION POLICY
1.3.6.1.4.1.311.12 Catalog Catalog
1.3.6.1.4.1.311.12.1.1 szOID_CATALOG_LIST OID CATALOG LIST
1.3.6.1.4.1.311.12.1.2 szOID_CATALOG_LIST_MEMBER OID CATALOG LIST MEMBER
1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID CAT NAMEVALUE OBJID
1.3.6.1.4.1.311.12.2.2 CAT_MEMBERINFO_OBJID CAT MEMBERINFO OBJID
1.3.6.1.4.1.311.13 Microsoft_PKCS10_OIDs Microsoft PKCS10 OIDs
1.3.6.1.4.1.311.13.1 szOID_RENEWAL_CERTIFICATE OID RENEWAL CERTIFICATE
1.3.6.1.4.1.311.13.2.1 szOID_ENROLLMENT_NAME_VALUE_PAIR OID ENROLLMENT NAME VALUE PAIR
1.3.6.1.4.1.311.13.2.2 szOID_ENROLLMENT_CSP_PROVIDER OID ENROLLMENT CSP PROVIDER
1.3.6.1.4.1.311.13.2.3 szOID_OS_VERSION OID OS VERSION
1.3.6.1.4.1.311.15 Microsoft_Java Microsoft Java
1.3.6.1.4.1.311.16 Microsoft_Outlook/Exchange Microsoft Outlook/Exchange
1.3.6.1.4.1.311.16.4 szOID_MICROSOFT_Encryption_Key_Preference OID MICROSOFT Encryption Key Preference
1.3.6.1.4.1.311.17 Microsoft_PKCS12_attributes Microsoft PKCS12 attributes
1.3.6.1.4.1.311.17.1 szOID_LOCAL_MACHINE_KEYSET OID LOCAL MACHINE KEYSET
1.3.6.1.4.1.311.18 Microsoft_Hydra Microsoft Hydra
1.3.6.1.4.1.311.18.1 szOID_PKIX_LICENSE_INFO OID PKIX LICENSE INFO
1.3.6.1.4.1.311.18.2 szOID_PKIX_MANUFACTURER OID PKIX MANUFACTURER
1.3.6.1.4.1.311.18.3 szOID_PKIX_MANUFACTURER_MS_SPECIFIC OID PKIX MANUFACTURER MS SPECIFIC
1.3.6.1.4.1.311.18.4 szOID_PKIX_HYDRA_CERT_VERSION OID PKIX HYDRA CERT VERSION
1.3.6.1.4.1.311.18.5 szOID_PKIX_LICENSED_PRODUCT_INFO OID PKIX LICENSED PRODUCT INFO
1.3.6.1.4.1.311.18.6 szOID_PKIX_MS_LICENSE_SERVER_INFO OID PKIX MS LICENSE SERVER INFO
1.3.6.1.4.1.311.18.7 szOID_PKIS_PRODUCT_SPECIFIC_OID OID PKIS PRODUCT SPECIFIC OID
1.3.6.1.4.1.311.18.8 szOID_PKIS_TLSERVER_SPK_OID OID PKIS TLSERVER SPK OID
1.3.6.1.4.1.311.19 Microsoft_ISPU_Test Microsoft ISPU Test
1.3.6.1.4.1.311.20 Microsoft_Enrollment_Infrastructure Microsoft Enrollment Infrastructure
1.3.6.1.4.1.311.20.1 szOID_AUTO_ENROLL_CTL_USAGE OID AUTO ENROLL CTL USAGE
1.3.6.1.4.1.311.20.2 szOID_ENROLL_CERTTYPE_EXTENSION OID ENROLL CERTTYPE EXTENSION
1.3.6.1.4.1.311.20.2.1 szOID_ENROLLMENT_AGENT OID ENROLLMENT AGENT
1.3.6.1.4.1.311.20.2.2 szOID_KP_SMARTCARD_LOGON OID KP SMARTCARD LOGON
1.3.6.1.4.1.311.20.2.3 szOID_NT_PRINCIPAL_NAME OID NT PRINCIPAL NAME
1.3.6.1.4.1.311.20.3 szOID_CERT_MANIFOLD OID CERT MANIFOLD
1.3.6.1.4.1.311.21 Microsoft_CertSrv_Infrastructure Microsoft CertSrv Infrastructure
1.3.6.1.4.1.311.21.1 szOID_CERTSRV_CA_VERSION OID CERTSRV CA VERSION
1.3.6.1.4.1.311.21.2 szOID_CERTSRV_PREVIOUS_CERT_HASH OID CERTSRV PREVIOUS CERT HASH
1.3.6.1.4.1.311.21.3 szOID_CRL_VIRTUAL_BASE OID CRL VIRTUAL BASE
1.3.6.1.4.1.311.21.4 szOID_CRL_NEXT_PUBLISH OID CRL NEXT PUBLISH
1.3.6.1.4.1.311.21.5 szOID_KP_CA_EXCHANGE OID KP CA EXCHANGE
1.3.6.1.4.1.311.21.6 szOID_KP_KEY_RECOVERY_AGENT OID KP KEY RECOVERY AGENT
1.3.6.1.4.1.311.21.7 szOID_CERTIFICATE_TEMPLATE OID CERTIFICATE TEMPLATE
1.3.6.1.4.1.311.21.8 szOID_ENTERPRISE_OID_ROOT OID ENTERPRISE OID ROOT
1.3.6.1.4.1.311.21.9 szOID_RDN_DUMMY_SIGNER OID RDN DUMMY SIGNER
1.3.6.1.4.1.311.21.10 szOID_APPLICATION_CERT_POLICIES OID APPLICATION CERT POLICIES
1.3.6.1.4.1.311.21.11 szOID_APPLICATION_POLICY_MAPPINGS OID APPLICATION POLICY MAPPINGS
1.3.6.1.4.1.311.21.12 szOID_APPLICATION_POLICY_CONSTRAINTS OID APPLICATION POLICY CONSTRAINTS
1.3.6.1.4.1.311.21.13 szOID_ARCHIVED_KEY_ATTR OID ARCHIVED KEY ATTR
1.3.6.1.4.1.311.21.14 szOID_CRL_SELF_CDP OID CRL SELF CDP
1.3.6.1.4.1.311.21.15 szOID_REQUIRE_CERT_CHAIN_POLICY OID REQUIRE CERT CHAIN POLICY
1.3.6.1.4.1.311.21.16 szOID_ARCHIVED_KEY_CERT_HASH OID ARCHIVED KEY CERT HASH
1.3.6.1.4.1.311.21.17 szOID_ISSUED_CERT_HASH OID ISSUED CERT HASH
1.3.6.1.4.1.311.21.19 szOID_DS_EMAIL_REPLICATION OID DS EMAIL REPLICATION
1.3.6.1.4.1.311.21.20 szOID_REQUEST_CLIENT_INFO OID REQUEST CLIENT INFO
1.3.6.1.4.1.311.21.21 szOID_ENCRYPTED_KEY_HASH OID ENCRYPTED KEY HASH
1.3.6.1.4.1.311.21.22 szOID_CERTSRV_CROSSCA_VERSION OID CERTSRV CROSSCA VERSION
1.3.6.1.4.1.311.25 Microsoft_Directory_Service Microsoft Directory Service
1.3.6.1.4.1.311.25.1 szOID_NTDS_REPLICATION OID NTDS REPLICATION
1.3.6.1.4.1.311.30 IIS IIS
1.3.6.1.4.1.311.30.1 szOID_IIS_VIRTUAL_SERVER OID IIS VIRTUAL SERVER
1.3.6.1.4.1.311.43 Microsoft_WWOps_BizExt Microsoft WWOps BizExt
1.3.6.1.4.1.311.44 Microsoft_Peer_Networking Microsoft Peer Networking
1.3.6.1.4.1.311.44.1 szOID_PEERNET_PNRP OID PEERNET PNRP
1.3.6.1.4.1.311.44.2 szOID_PEERNET_IDENTITY OID PEERNET IDENTITY
1.3.6.1.4.1.311.44.3 szOID_PEERNET_GROUPING OID PEERNET GROUPING
1.3.6.1.4.1.311.44.0.1 szOID_PEERNET_CERT_TYPE OID PEERNET CERT TYPE
1.3.6.1.4.1.311.44.0.2 szOID_PEERNET_PEERNAME OID PEERNET PEERNAME
1.3.6.1.4.1.311.44.0.3 szOID_PEERNET_CLASSIFIER OID PEERNET CLASSIFIER
1.3.6.1.4.1.311.44.0.4 szOID_PEERNET_CERT_VERSION OID PEERNET CERT VERSION
1.3.6.1.4.1.311.44.1.1 szOID_PEERNET_PNRP_ADDRESS OID PEERNET PNRP ADDRESS
1.3.6.1.4.1.311.44.1.2 szOID_PEERNET_PNRP_FLAGS OID PEERNET PNRP FLAGS
1.3.6.1.4.1.311.44.1.3 szOID_PEERNET_PNRP_PAYLOAD OID PEERNET PNRP PAYLOAD
1.3.6.1.4.1.311.44.1.4 szOID_PEERNET_PNRP_ID OID PEERNET PNRP ID
1.3.6.1.4.1.311.44.2.2 szOID_PEERNET_IDENTITY_FLAGS OID PEERNET IDENTITY FLAGS
1.3.6.1.4.1.311.44.3.1 szOID_PEERNET_GROUPING_PEERNAME OID PEERNET GROUPING PEERNAME
1.3.6.1.4.1.311.44.3.2 szOID_PEERNET_GROUPING_FLAGS OID PEERNET GROUPING FLAGS
1.3.6.1.4.1.311.44.3.3 szOID_PEERNET_GROUPING_ROLES OID PEERNET GROUPING ROLES
1.3.6.1.4.1.311.44.3.5 szOID_PEERNET_GROUPING_CLASSIFIERS OID PEERNET GROUPING CLASSIFIERS
1.3.6.1.4.1.311.45 Mobile_Devices_Code_Signing Mobile Devices Code Signing
1.3.6.1.4.1.311.88 CAPICOM CAPICOM
1.3.6.1.4.1.311.88 szOID_CAPICOM OID CAPICOM
1.3.6.1.4.1.311.88.1 szOID_CAPICOM_VERSION OID CAPICOM VERSION
1.3.6.1.4.1.311.88.2 szOID_CAPICOM_ATTRIBUTE OID CAPICOM ATTRIBUTE
1.3.6.1.4.1.311.88.2.1 szOID_CAPICOM_DOCUMENT_NAME OID CAPICOM DOCUMENT NAME
1.3.6.1.4.1.311.88.2.2 szOID_CAPICOM_DOCUMENT_DESCRIPTION OID CAPICOM DOCUMENT DESCRIPTION
1.3.6.1.4.1.311.88.3 szOID_CAPICOM_ENCRYPTED_DATA OID CAPICOM ENCRYPTED DATA
1.3.6.1.4.1.311.88.3.1 szOID_CAPICOM_ENCRYPTED_CONTENT OID CAPICOM ENCRYPTED CONTENT