Domain Name System Security (DNSSEC) Algorithm Numbers
2003-11-03
2014-03-31
DNS Security Algorithm Numbers
RFC Required
The KEY, SIG, DNSKEY, RRSIG, DS, and CERT RRs use an 8-bit number used
to identify the security algorithm being used.
All algorithm numbers in this registry may be used in CERT RRs. Zone
signing (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG)
make use of particular subsets of these algorithms. Only algorithms
usable for zone signing may appear in DNSKEY, RRSIG, and DS RRs.
Only those usable for SIG(0) and TSIG may appear in SIG and KEY RRs.
* There has been no determination of standardization of the use of this
algorithm with Transaction Security.
0
Reserved
1
RSA/MD5 (deprecated, see 5)
RSAMD5
N
Y
2
Diffie-Hellman
DH
N
Y
proposed standard
3
DSA/SHA1
DSA
Y
Y
proposed standard
proposed standard
Federal Information Processing Standards Publication (FIPS PUB) 186,
Digital Signature Standard, 18 May 1994.
Federal Information Processing Standards Publication (FIPS PUB) 180-1,
Secure Hash Standard, 17 April 1995.
(Supersedes FIPS PUB 180 dated 11 May 1993.)
4
Reserved
5
RSA/SHA-1
RSASHA1
Y
Y
6
DSA-NSEC3-SHA1
DSA-NSEC3-SHA1
Y
Y
proposed standard
7
RSASHA1-NSEC3-SHA1
RSASHA1-NSEC3-SHA1
Y
Y
proposed standard
8
RSA/SHA-256
RSASHA256
Y
*
proposed standard
9
Reserved
10
RSA/SHA-512
RSASHA512
Y
*
proposed standard
11
Reserved
12
GOST R 34.10-2001
ECC-GOST
Y
*
standards track
13
ECDSA Curve P-256 with SHA-256
ECDSAP256SHA256
Y
*
standards track
14
ECDSA Curve P-384 with SHA-384
ECDSAP384SHA384
Y
*
standards track
15-122
Unassigned
123-251
Reserved
252
Reserved for Indirect Keys
INDIRECT
N
N
proposed standard
253
private algorithm
PRIVATEDNS
Y
Y
254
private algorithm OID
PRIVATEOID
Y
Y
255
Reserved
proposed standard
DNS KEY Record Diffie-Hellman Prime Lengths
IETF Review
0
Unassigned
1
index into well-known table
2
index into well-known table
3-15
Unassigned
DNS KEY Record Diffie-Hellman Well-Known Prime/Generator Pairs
0x0000-0x07ff
Standards Action
0x0800-0xbfff
RFC Required
0x0000
Unassigned
0x0001
Well-Known Group 1: A 768 bit prime
0x0002
Well-Known Group 2: A 1024 bit prime
0x0003-0xbfff
Unassigned
0xc000-0xffff
Private Use