Using the BouncyCastle library (although I guess the library is sort of irrelevant) I often run into algorithm IDs specified as ASN.1 identifiers. For example, the signature algorithm for a certificate might be "1.2.840.113549.1.1.11".
Is there a proper way to convert this into some kind of human-readable form that doesn't involve finding every ID I can get my hands on and manually building a gigantic lookup table?
On
Is there a proper way to convert this into some kind of human-readable form that doesn't involve finding every ID I can get my hands on and manually building a gigantic lookup table?
My experience with ASN.1 is that modules actually bind name to the OID:
sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
So that your ASN.1 parser can theoretically build the lookup table for you automatically.
Even more convenient would be if your ASN.1 library's OBJECT IDENTIFIER type implementation would attach the name to the OID object so that the humanity would be able to ask questions like:
oid.name
Instead of running the OID through a lookup table:
name = gigantic_oid2name_map[oid]
On
Specifically for signature algorithms, you can use the class org.bouncycastle.operator.DefaultAlgorithmNameFinder. But - if I'm not wrong - this was introduced only in newer versions (I'm using Bouncy Castle 1.57 - I also checked in 1.46 and it doesn't have this class).
The use is straighforward:
DefaultAlgorithmNameFinder algFinder = new DefaultAlgorithmNameFinder();
System.out.println(algFinder.getAlgorithmName(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11")));
The output is:
SHA256WITHRSA
According to javadoc, if it can't find a human-friendly name, it returns the same OID used in the input.
Also note that (as stated in @pepo's answer) the human-friendly names might not be the same among different tools. While BouncyCastle returns SHA256WITHRSA, the OID repository website uses sha256WithRSAEncryption.
For other OIDs (such as extensions and other fields), I couldn't find anything in the API, so the only alternative seems to be the big lookup table.
There is IMHO no other way than building a mapping table. Every crypto library does that, ie. Openssl, .NET framework, BouncyCastle etc.
The problem is, that every library could (and often does) have different
FriendlyNameassigned to the same OID. For example Openssl hasemailAddresswhile .NET translates it asE.BouncyCastle has this mapping table implemented (sorry for the c# version link) here (and maybe in other places).