OpenPGP
- Created
- 2024-01-19
- Last Updated
- 2024-01-26
- Available Formats
-
XML
HTML
Plain text
Registries included below
- OpenPGP String-to-Key (S2K) Types
- OpenPGP Packet Types
- OpenPGP User Attribute Subpacket Types
- OpenPGP Image Attribute Encoding Format
- OpenPGP Signature Subpacket Types
- OpenPGP Key Server Preference Flags
- OpenPGP Reason for Revocation Code
- OpenPGP Features Flags
- OpenPGP New Packet Versions (OBSOLETE)
- OpenPGP Key Flags
- OpenPGP Public Key Algorithms
- OpenPGP Symmetric Key Algorithms
- OpenPGP Hash Algorithms
- OpenPGP Compression Algorithms
- OpenPGP Secret Key Encryption (S2K Usage Octet)
- OpenPGP Signature Types
- OpenPGP Signature Notation Data Subpacket Notation Flags
- OpenPGP Signature Notation Data Subpacket Types
- OpenPGP Key ID and Fingerprint
- OpenPGP Image Attribute Version
- OpenPGP Armor Header Line
- OpenPGP Armor Header Key
- OpenPGP ECC Curve OID and Usage
- OpenPGP ECC Curve-specific Wire Formats
- OpenPGP Hash Algorithm Identifiers for RSA Signatures Use of EMSA-PKCS1-v1_5 Padding
- OpenPGP AEAD Algorithms
- OpenPGP Encrypted Message Packet Versions
- OpenPGP Key and Signature Versions
- OpenPGP Elliptic Curve Point Wire Formats
- OpenPGP Elliptic Curve Scalar Encodings
- OpenPGP ECDH KDF and KEK Parameters
OpenPGP String-to-Key (S2K) Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
ID | S2K Type | S2K Field Size (Octets) | Generate? | Reference |
---|---|---|---|---|
0 | Simple S2K | 2 | No | [RFC-ietf-openpgp-crypto-refresh-13, Section 3.7.1.1] |
1 | Salted S2K | 10 | Only when string is high entropy | [RFC-ietf-openpgp-crypto-refresh-13, Section 3.7.1.2] |
2 | Reserved value | No | [RFC-ietf-openpgp-crypto-refresh-13] | |
3 | Iterated and Salted S2K | 11 | Yes | [RFC-ietf-openpgp-crypto-refresh-13, Section 3.7.1.3] |
4 | Argon2 | 20 | Yes | [RFC-ietf-openpgp-crypto-refresh-13, Section 3.7.1.4] |
5-99 | Unassigned | |||
100-110 | Private/Experimental S2K | As appropriate | [RFC-ietf-openpgp-crypto-refresh-13] | |
111-255 | Unassigned |
OpenPGP Packet Types
- Registration Procedure(s)
-
RFC Required
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
ID | Critical | Packet Type Description | Shorthand | Reference |
---|---|---|---|---|
0 | Yes | Reserved - a packet tag MUST NOT have this packet type ID | [RFC-ietf-openpgp-crypto-refresh-13] | |
1 | Yes | Public-Key Encrypted Session Key Packet | PKESK | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.1] |
2 | Yes | Signature Packet | SIG | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.2] |
3 | Yes | Symmetric-Key Encrypted Session Key Packet | SKESK | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.3] |
4 | Yes | One-Pass Signature Packet | OPS | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.4] |
5 | Yes | Secret-Key Packet | SECKEY | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.1.3] |
6 | Yes | Public-Key Packet | PUBKEY | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.1.1] |
7 | Yes | Secret-Subkey Packet | SECSUBKEY | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.1.4] |
8 | Yes | Compressed Data Packet | COMP | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.6] |
9 | Yes | Symmetrically Encrypted Data Packet | SED | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.7] |
10 | Yes | Marker Packet | MARKER | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.8] |
11 | Yes | Literal Data Packet | LIT | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.9] |
12 | Yes | Trust Packet | TRUST | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.10] |
13 | Yes | User ID Packet | UID | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.11] |
14 | Yes | Public-Subkey Packet | PUBSUBKEY | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.1.2] |
15-16 | Unassigned | |||
17 | Yes | User Attribute Packet | UAT | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.12] |
18 | Yes | Symmetrically Encrypted and Integrity Protected Data Packet | SEIPD | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.13] |
19 | Yes | Reserved (formerly Modification Detection Code Packet) | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.13.1] | |
20 | Yes | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] | |
21 | Yes | Padding Packet | PADDING | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.14] |
22-39 | Yes | Unassigned Critical Packet | ||
40-59 | No | Unassigned Non-Critical Packet | ||
60-63 | No | Private or Experimental Values | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP User Attribute Subpacket Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
ID | Attribute Subpacket | Reference |
---|---|---|
0 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] |
1 | Image Attribute Subpacket | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.12.1] |
2-99 | Unassigned | |
100-110 | Private/Experimental Use | [RFC-ietf-openpgp-crypto-refresh-13] |
111-255 | Unassigned |
OpenPGP Image Attribute Encoding Format
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
ID | Encoding | Reference |
---|---|---|
0 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] |
1 | JPEG | [JPEG File Interchange Format] |
2-99 | Unassigned | |
100-110 | Experimental or Private Use | [RFC-ietf-openpgp-crypto-refresh-13] |
111-255 | Unassigned |
OpenPGP Signature Subpacket Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
OpenPGP Key Server Preference Flags
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
This is a variable length bit field.
- Available Formats
-
CSV
Flag | Shorthand | Definition | Reference |
---|---|---|---|
0x80... | No-modify | The keyholder requests that this key only be modified or updated by the keyholder or an administrator of the key server. | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Reason for Revocation Code
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Code | Reason | Reference |
---|---|---|
0 | No reason specified (key revocations or cert revocations) | [RFC-ietf-openpgp-crypto-refresh-13] |
1 | Key is superseded (key revocations) | [RFC-ietf-openpgp-crypto-refresh-13] |
2 | Key material has been compromised (key revocations) | [RFC-ietf-openpgp-crypto-refresh-13] |
3 | Key is retired and no longer used (key revocations) | [RFC-ietf-openpgp-crypto-refresh-13] |
4-31 | Unassigned | |
32 | User ID information is no longer valid (cert revocations) | [RFC-ietf-openpgp-crypto-refresh-13] |
33-99 | Unassigned | |
100-110 | Private Use | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Features Flags
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
This is a variable length bit field.
- Available Formats
-
CSV
Feature | Definition | Reference |
---|---|---|
0x01... | Symmetrically Encrypted Integrity Protected Data packet version 1 | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.13.1] |
0x02... | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] |
0x04... | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] |
0x08... | Symmetrically Encrypted Integrity Protected Data packet version 2 | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.13.2] |
OpenPGP New Packet Versions (OBSOLETE)
- Registration Procedure(s)
-
Registry closed
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
Those wishing to use the removed "New Packet Versions" registry should instead register new versions of the relevant packets in the "OpenPGP Key and Signature Versions", "OpenPGP Key ID and Fingerprint" and "OpenPGP Encrypted Message Packet Versions" registries.
No registrations at this time. |
OpenPGP Key Flags
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
This is a variable length bit field.
- Available Formats
-
CSV
Flag | Definition | Reference |
---|---|---|
0x01... | This key may be used to make User ID certifications (signature type IDs 0x10-0x13) or direct key signatures (signature type ID 0x1F) over other keys. | [RFC-ietf-openpgp-crypto-refresh-13] |
0x02... | This key may be used to sign data. | [RFC-ietf-openpgp-crypto-refresh-13] |
0x04... | This key may be used to encrypt communications. | [RFC-ietf-openpgp-crypto-refresh-13] |
0x08... | This key may be used to encrypt storage. | [RFC-ietf-openpgp-crypto-refresh-13] |
0x10... | The private component of this key may have been split by a secret-sharing mechanism. | [RFC-ietf-openpgp-crypto-refresh-13] |
0x20... | This key may be used for authentication. | [RFC-ietf-openpgp-crypto-refresh-13] |
0x80... | The private component of this key may be in the possession of more than one person. | [RFC-ietf-openpgp-crypto-refresh-13] |
0x0004... | Reserved (ADSK) | [RFC-ietf-openpgp-crypto-refresh-13] |
0x0008... | Reserved (timestamping) | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Public Key Algorithms
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
OpenPGP Symmetric Key Algorithms
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
When registering a new symmetric cipher with a block size of 64 or 128 bits and a key size that is a multiple of 64 bits, no new considerations are needed. If the new cipher has a different block size, there needs to be additional documentation describing how to use the cipher in CFB mode. If the new cipher has an unusual key size, then padding needs to be considered for X25519 and X448 keywrap, which currently needs no padding.
- Available Formats
-
CSV
ID | Algorithm | Reference |
---|---|---|
0 | Plaintext or unencrypted data | [RFC-ietf-openpgp-crypto-refresh-13] |
1 | IDEA | [Lai, X., "On the design and security of block ciphers", ETH Series in Information Processing, J.L. Massey (editor), Vol. 1, Hartung-Gorre Verlag Knostanz, Technische Hochschule (Zurich), 1992][RFC-ietf-openpgp-crypto-refresh-13] |
2 | TripleDES (DES-EDE, [SP800-67] - 168 bit key derived from 192) | [RFC-ietf-openpgp-crypto-refresh-13] |
3 | CAST5 (128 bit key, as per [RFC2144]) | [RFC-ietf-openpgp-crypto-refresh-13] |
4 | Blowfish (128 bit key, 16 rounds) | [BLOWFISH] |
5 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] |
6 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] |
7 | AES with 128-bit key | [AES] |
8 | AES with 192-bit key | [RFC-ietf-openpgp-crypto-refresh-13] |
9 | AES with 256-bit key | [RFC-ietf-openpgp-crypto-refresh-13] |
10 | Twofish with 256-bit key | [TWOFISH] |
11 | Camellia with 128-bit key | [RFC3713] |
12 | Camellia with 192-bit key | [RFC-ietf-openpgp-crypto-refresh-13] |
13 | Camellia with 256-bit key | [RFC-ietf-openpgp-crypto-refresh-13] |
14-99 | Unassigned | |
100-110 | Private/Experimental algorithm | [RFC-ietf-openpgp-crypto-refresh-13] |
111-252 | Unassigned | |
253-255 | Reserved to avoid collision with Secret Key Encryption (see the "OpenPGP Secret Key Encryption (S2K Usage Octet)" registry and [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.3]) | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Hash Algorithms
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
When registering a new hash algorithm, if the algorithm is also to be used with RSA signing schemes, it must also have an entry in the "OpenPGP Hash Algorithm Identifiers for RSA Signatures use of EMSA-PKCS1-v1_5 Padding" registry.
- Available Formats
-
CSV
ID | Algorithm | Text Name | V6 Signature Salt Size | Reference |
---|---|---|---|---|
0 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] | ||
1 | MD5 | "MD5" | N/A | [RFC1321] |
2 | SHA-1 | "SHA1" | N/A | [FIPS180][RFC-ietf-openpgp-crypto-refresh-13, Section 13.1] |
3 | RIPEMD-160 | "RIPEMD160" | N/A | [RIPEMD-160] |
4-7 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] | ||
8 | SHA2-256 | "SHA256" | 16 | [FIPS180] |
9 | SHA2-384 | "SHA384" | 24 | [FIPS180] |
10 | SHA2-512 | "SHA512" | 32 | [FIPS180] |
11 | SHA2-224 | "SHA224" | 16 | [FIPS180] |
12 | SHA3-256 | "SHA3-256" | 16 | [FIPS202] |
13 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] | ||
14 | SHA3-512 | "SHA3-512" | 32 | [FIPS202] |
15-99 | Unassigned | |||
100-110 | Private/Experimental algorithm | [RFC-ietf-openpgp-crypto-refresh-13] | ||
111-255 | Unassigned |
OpenPGP Compression Algorithms
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
ID | Algorithm | Reference |
---|---|---|
0 | Uncompressed | [RFC-ietf-openpgp-crypto-refresh-13] |
1 | ZIP | [RFC1951] |
2 | ZLIB | [RFC1950] |
3 | BZip2 | [BZ2] |
4-99 | Unassigned | [RFC-ietf-openpgp-crypto-refresh-13] |
100-110 | Private/Experimental algorithm | [RFC-ietf-openpgp-crypto-refresh-13] |
111-255 | Unassigned | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Secret Key Encryption (S2K Usage Octet)
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
S2K Usage Octet | Shorthand | Encryption Parameter Fields | Encryption | Generate? | Reference |
---|---|---|---|---|---|
0 | Unprotected | - | v3 or v4 keys: [cleartext secrets || check(secrets)] v6 keys: [cleartext secrets] | Yes | [RFC-ietf-openpgp-crypto-refresh-13] |
Known symmetric cipher algo ID (see "OpenPGP Symmetric Key Algorithms" registry) | LegacyCFB | IV | CFB(MD5(passphrase), secrets || check(secrets)) | No | [RFC-ietf-openpgp-crypto-refresh-13] |
253 | AEAD | params-length (v6-only), cipher-algo, AEAD-mode, S2K-specifier-length (v6-only), S2K-specifier, nonce | AEAD(HKDF(S2K(passphrase), info), secrets, packetprefix) | Yes | [RFC-ietf-openpgp-crypto-refresh-13] |
254 | CFB | params-length (v6-only), cipher-algo, S2K-specifier-length (v6-only), S2K-specifier, IV | CFB(S2K(passphrase), secrets || SHA1(secrets)) | Yes | [RFC-ietf-openpgp-crypto-refresh-13] |
255 | MalleableCFB | cipher-algo, S2K-specifier, IV | CFB(S2K(passphrase), secrets || check(secrets)) | No | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Signature Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
OpenPGP Signature Notation Data Subpacket Notation Flags
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Flag Position | Shorthand | Description | Reference |
---|---|---|---|
0x80000000 (first bit of first octet) | human-readable | Notation value is UTF-8 text. | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Signature Notation Data Subpacket Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
Notation names are arbitrary Unicode strings encoded in UTF-8. They reside in two namespaces: The IETF namespace and the user namespace. This registry documents the IETF namespace. The names in this registry MUST NOT contain the "@" character (0x40), since the presence of that character indicates the user namespace.
Notation Name | Data Type | Allowed Values | Reference |
---|---|---|---|
No registrations at this time. |
OpenPGP Key ID and Fingerprint
- Registration Procedure(s)
-
RFC Required
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
When a new key version is defined, the "OpenPGP Key and Signature Versions" registry should also be updated.
- Available Formats
-
CSV
Key Version | Fingerprint | Fingerprint Length (Bits) | Key ID | Reference |
---|---|---|---|---|
3 | MD5(MPIs without length octets) | 128 | low 64 bits of RSA modulus | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.4.1] |
4 | SHA1(normalized pubkey packet) | 160 | last 64 bits of fingerprint | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.4.2] |
6 | SHA256(normalized pubkey packet) | 256 | first 64 bits of fingerprint | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.4.3] |
OpenPGP Image Attribute Version
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Version | Reference |
---|---|
1 | [RFC-ietf-openpgp-crypto-refresh-13, Section 5.12.1] |
OpenPGP Armor Header Line
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Armor Header | Use | Reference |
---|---|---|
BEGIN PGP MESSAGE | Used for signed, encrypted, or compressed files. | [RFC-ietf-openpgp-crypto-refresh-13] |
BEGIN PGP PUBLIC KEY BLOCK | Used for armoring public keys. | [RFC-ietf-openpgp-crypto-refresh-13] |
BEGIN PGP PRIVATE KEY BLOCK | Used for armoring private keys. | [RFC-ietf-openpgp-crypto-refresh-13] |
BEGIN PGP SIGNATURE | Used for detached signatures, OpenPGP/MIME signatures, and cleartext signatures. | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Armor Header Key
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Key | Summary | Reference |
---|---|---|
Version | Implementation information | [RFC-ietf-openpgp-crypto-refresh-13, Section 6.2.2.1] |
Comment | Arbitrary text | [RFC-ietf-openpgp-crypto-refresh-13, Section 6.2.2.2] |
Hash | Hash algorithms used in some v4 cleartext signed messages | [RFC-ietf-openpgp-crypto-refresh-13, Section 6.2.2.3] |
Charset | Character set | [RFC-ietf-openpgp-crypto-refresh-13, Section 6.2.2.4] |
OpenPGP ECC Curve OID and Usage
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
When a new elliptic curve is registered for use with OpenPGP, it should also be added to the "OpenPGP ECC Curve-specific Wire Formats" registry. If it is used for ECDH, also add it to the "OpenPGP ECDH KDF and KEK Parameters" registry.
- Available Formats
-
CSV
ASN.1 Object Identifier | OID Len | Curve OID Octets | Curve Name | Usage | Field Size (fsize) | Reference |
---|---|---|---|---|---|---|
1.2.840.10045.3.1.7 | 8 | 2A 86 48 CE 3D 03 01 07 | NIST P-256 | ECDSA, ECDH | 32 | [RFC-ietf-openpgp-crypto-refresh-13] |
1.3.132.0.34 | 5 | 2B 81 04 00 22 | NIST P-384 | ECDSA, ECDH | 48 | [RFC-ietf-openpgp-crypto-refresh-13] |
1.3.132.0.35 | 5 | 2B 81 04 00 23 | NIST P-521 | ECDSA, ECDH | 66 | [RFC-ietf-openpgp-crypto-refresh-13] |
1.3.36.3.3.2.8.1.1.7 | 9 | 2B 24 03 03 02 08 01 01 07 | brainpoolP256r1 | ECDSA, ECDH | 32 | [RFC-ietf-openpgp-crypto-refresh-13] |
1.3.36.3.3.2.8.1.1.11 | 9 | 2B 24 03 03 02 08 01 01 0B | brainpoolP384r1 | ECDSA, ECDH | 48 | [RFC-ietf-openpgp-crypto-refresh-13] |
1.3.36.3.3.2.8.1.1.13 | 9 | 2B 24 03 03 02 08 01 01 0D | brainpoolP512r1 | ECDSA, ECDH | 64 | [RFC-ietf-openpgp-crypto-refresh-13] |
1.3.6.1.4.1.11591.15.1 | 9 | 2B 06 01 04 01 DA 47 0F 01 | Ed25519Legacy | EdDSALegacy | 32 | [RFC-ietf-openpgp-crypto-refresh-13] |
1.3.6.1.4.1.3029.1.5.1 | 10 | 2B 06 01 04 01 97 55 01 05 01 | Curve25519Legacy | ECDH | 32 | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP ECC Curve-specific Wire Formats
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Curve | ECDH Point Format | ECDH Secret Key MPI | EdDSA Secret Key MPI | EdDSA Signature first MPI | EdDSA Signature second MPI | Reference |
---|---|---|---|---|---|---|
NIST P-256 | SEC1 | integer | N/A | N/A | N/A | [RFC-ietf-openpgp-crypto-refresh-13] |
NIST P-384 | SEC1 | integer | N/A | N/A | N/A | [RFC-ietf-openpgp-crypto-refresh-13] |
NIST P-521 | SEC1 | integer | N/A | N/A | N/A | [RFC-ietf-openpgp-crypto-refresh-13] |
brainpoolP256r1 | SEC1 | integer | N/A | N/A | N/A | [RFC-ietf-openpgp-crypto-refresh-13] |
brainpoolP384r1 | SEC1 | integer | N/A | N/A | N/A | [RFC-ietf-openpgp-crypto-refresh-13] |
brainpoolP512r1 | SEC1 | integer | N/A | N/A | N/A | [RFC-ietf-openpgp-crypto-refresh-13] |
Ed25519Legacy | N/A | N/A | 32 octets of secret | 32 octets of R | 32 octets of S | [RFC-ietf-openpgp-crypto-refresh-13] |
Curve25519Legacy | prefixed native | integer (see [RFC-ietf-openpgp-crypto-refresh-13, Section 5.5.5.6.1.1]) | N/A | N/A | N/A | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Hash Algorithm Identifiers for RSA Signatures Use of EMSA-PKCS1-v1_5 Padding
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Hash Algorithm | OID | Full Hash Prefix | Reference |
---|---|---|---|
MD5 | 1.2.840.113549.2.5 | 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 | [RFC-ietf-openpgp-crypto-refresh-13] |
SHA-1 | 1.3.14.3.2.26 | 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14 | [RFC-ietf-openpgp-crypto-refresh-13] |
RIPEMD-160 | 1.3.36.3.2.1 | 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 | [RFC-ietf-openpgp-crypto-refresh-13] |
SHA2-256 | 2.16.840.1.101.3.4.2.1 | 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 | [RFC-ietf-openpgp-crypto-refresh-13] |
SHA2-384 | 2.16.840.1.101.3.4.2.2 | 0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 | [RFC-ietf-openpgp-crypto-refresh-13] |
SHA2-512 | 2.16.840.1.101.3.4.2.3 | 0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 | [RFC-ietf-openpgp-crypto-refresh-13] |
SHA2-224 | 2.16.840.1.101.3.4.2.4 | 0x30, 0x2D, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C | [RFC-ietf-openpgp-crypto-refresh-13] |
SHA3-256 | 2.16.840.1.101.3.4.2.8 | 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08, 0x05, 0x00, 0x04, 0x20 | [RFC-ietf-openpgp-crypto-refresh-13] |
SHA3-512 | 2.16.840.1.101.3.4.2.10 | 0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0a, 0x05, 0x00, 0x04, 0x40 | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP AEAD Algorithms
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
ID | Name | Nonce Length (Octets) | Authentication Tag Length (Octets) | Reference |
---|---|---|---|---|
0 | Reserved | [RFC-ietf-openpgp-crypto-refresh-13] | ||
1 | EAX | 16 | 16 | [EAX] |
2 | OCB | 15 | 16 | [RFC7253] |
3 | GCM | 12 | 16 | [SP800-38D] |
4-99 | Unassigned | |||
100-110 | Private/Experimental algorithm | [RFC-ietf-openpgp-crypto-refresh-13] | ||
111-255 | Unassigned |
OpenPGP Encrypted Message Packet Versions
- Registration Procedure(s)
-
RFC Required
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
When a new version of SEIPD, PKESK, or SKESK are defined, consider also adding a corresponding flag to the "OpenPGP Features Flags" registry.
- Available Formats
-
CSV
Version of Encrypted Data Payload | Version of Preceding Symmetric-Key ESK (If Any) | Version of Preceding Public-Key ESK (If Any) | Generate? | Reference |
---|---|---|---|---|
SED [RFC-ietf-openpgp-crypto-refresh-13, Section 5.7] | - | v2 PKESK [RFC2440] | No | [RFC-ietf-openpgp-crypto-refresh-13] |
SED [RFC-ietf-openpgp-crypto-refresh-13, Section 5.7] | v4 SKESK [RFC-ietf-openpgp-crypto-refresh-13, Section 5.3.1] | v3 PKESK [RFC-ietf-openpgp-crypto-refresh-13, Section 5.1.1] | No | [RFC-ietf-openpgp-crypto-refresh-13] |
v1 SEIPD [RFC-ietf-openpgp-crypto-refresh-13, Section 5.13.1] | v4 SKESK [RFC-ietf-openpgp-crypto-refresh-13, Section 5.3.1] | v3 PKESK [RFC-ietf-openpgp-crypto-refresh-13, Section 5.1.1] | Yes | [RFC-ietf-openpgp-crypto-refresh-13] |
v2 SEIPD [RFC-ietf-openpgp-crypto-refresh-13, Section 5.13.2] | v6 SKESK [RFC-ietf-openpgp-crypto-refresh-13, Section 5.3.2] | v6 PKESK [RFC-ietf-openpgp-crypto-refresh-13, Section 5.1.2] | Yes | [RFC-ietf-openpgp-crypto-refresh-13] |
OpenPGP Key and Signature Versions
- Registration Procedure(s)
-
RFC Required
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Note
-
When a new key version is defined, the "OpenPGP Key ID and Fingerprint" registry should also be updated.
- Available Formats
-
CSV
OpenPGP Elliptic Curve Point Wire Formats
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Name | Wire Format | Reference |
---|---|---|
SEC1 | 0x04 || x || y | [RFC-ietf-openpgp-crypto-refresh-13, Section 11.2.1] |
Prefixed native | 0x40 || native | [RFC-ietf-openpgp-crypto-refresh-13, Section 11.2.2] |
OpenPGP Elliptic Curve Scalar Encodings
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Type | Description | Reference |
---|---|---|
integer | An integer, big-endian encoded as a standard OpenPGP MPI | [RFC-ietf-openpgp-crypto-refresh-13, Section 3.2] |
octet string | An octet string of fixed length, that may be shorter on the wire due to leading zeros being stripped by the MPI encoding, and may need to be zero-padded before use | [RFC-ietf-openpgp-crypto-refresh-13, Section 11.3.1] |
prefixed N octets | An octet string of fixed length N, prefixed with octet 0x40 to ensure no leading zero octet | [RFC-ietf-openpgp-crypto-refresh-13, Section 11.3.2] |
OpenPGP ECDH KDF and KEK Parameters
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-openpgp-crypto-refresh-13]
- Available Formats
-
CSV
Curve | Hash Algorithm | Symmetric Algorithm | Reference |
---|---|---|---|
NIST P-256 | SHA2-256 | AES-128 | [RFC-ietf-openpgp-crypto-refresh-13] |
NIST P-384 | SHA2-384 | AES-192 | [RFC-ietf-openpgp-crypto-refresh-13] |
NIST P-521 | SHA2-512 | AES-256 | [RFC-ietf-openpgp-crypto-refresh-13] |
brainpoolP256r1 | SHA2-256 | AES-128 | [RFC-ietf-openpgp-crypto-refresh-13] |
brainpoolP384r1 | SHA2-384 | AES-192 | [RFC-ietf-openpgp-crypto-refresh-13] |
brainpoolP512r1 | SHA2-512 | AES-256 | [RFC-ietf-openpgp-crypto-refresh-13] |
Curve25519Legacy | SHA2-256 | AES-128 | [RFC-ietf-openpgp-crypto-refresh-13] |