summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2024-01-20 17:55:07 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2024-01-20 17:55:07 +0700
commit27c1d7797c79cd799ba04132e0d4b571de509e24 (patch)
treec8ff0d7c6d188841553b08e2561a267488d917bb /crypto
parentAlign sig alg checks in X509Certificate, X509Crl (diff)
downloadBouncyCastle.NET-ed25519-27c1d7797c79cd799ba04132e0d4b571de509e24.tar.xz
Overhaul algorithm registries
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/asn1/smime/SMIMECapabilities.cs8
-rw-r--r--crypto/src/asn1/smime/SMIMECapability.cs3
-rw-r--r--crypto/src/crypto/util/AlgorithmIdentifierFactory.cs4
-rw-r--r--crypto/src/security/AgreementUtilities.cs193
-rw-r--r--crypto/src/security/CipherUtilities.cs333
-rw-r--r--crypto/src/security/DigestUtilities.cs343
-rw-r--r--crypto/src/security/GeneratorUtilities.cs16
-rw-r--r--crypto/src/security/MacUtilities.cs212
-rw-r--r--crypto/src/security/ParameterUtilities.cs13
-rw-r--r--crypto/src/security/SignerUtilities.cs264
-rw-r--r--crypto/test/src/cms/test/EnvelopedDataTest.cs8
11 files changed, 884 insertions, 513 deletions
diff --git a/crypto/src/asn1/smime/SMIMECapabilities.cs b/crypto/src/asn1/smime/SMIMECapabilities.cs
index 0142f0797..47710d9cb 100644
--- a/crypto/src/asn1/smime/SMIMECapabilities.cs
+++ b/crypto/src/asn1/smime/SMIMECapabilities.cs
@@ -1,7 +1,9 @@
 using System;
 using System.Collections.Generic;
 
+using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Nist;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 
@@ -28,9 +30,9 @@ namespace Org.BouncyCastle.Asn1.Smime
         public static readonly DerObjectIdentifier Aes256Cbc = NistObjectIdentifiers.IdAes256Cbc;
         public static readonly DerObjectIdentifier Aes192Cbc = NistObjectIdentifiers.IdAes192Cbc;
         public static readonly DerObjectIdentifier Aes128Cbc = NistObjectIdentifiers.IdAes128Cbc;
-        public static readonly DerObjectIdentifier IdeaCbc = new DerObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2");
-        public static readonly DerObjectIdentifier Cast5Cbc = new DerObjectIdentifier("1.2.840.113533.7.66.10");
-        public static readonly DerObjectIdentifier DesCbc = new DerObjectIdentifier("1.3.14.3.2.7");
+        public static readonly DerObjectIdentifier IdeaCbc = MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC;
+        public static readonly DerObjectIdentifier Cast5Cbc = MiscObjectIdentifiers.cast5CBC;
+        public static readonly DerObjectIdentifier DesCbc = OiwObjectIdentifiers.DesCbc;
         public static readonly DerObjectIdentifier DesEde3Cbc = PkcsObjectIdentifiers.DesEde3Cbc;
         public static readonly DerObjectIdentifier RC2Cbc = PkcsObjectIdentifiers.RC2Cbc;
 
diff --git a/crypto/src/asn1/smime/SMIMECapability.cs b/crypto/src/asn1/smime/SMIMECapability.cs
index 9b30c6dba..7b9255a46 100644
--- a/crypto/src/asn1/smime/SMIMECapability.cs
+++ b/crypto/src/asn1/smime/SMIMECapability.cs
@@ -1,6 +1,7 @@
 using System;
 
 using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
 
 namespace Org.BouncyCastle.Asn1.Smime
@@ -18,7 +19,7 @@ namespace Org.BouncyCastle.Asn1.Smime
 		/**
          * encryption algorithms preferences
          */
-        public static readonly DerObjectIdentifier DesCbc = new DerObjectIdentifier("1.3.14.3.2.7");
+        public static readonly DerObjectIdentifier DesCbc = OiwObjectIdentifiers.DesCbc;
         public static readonly DerObjectIdentifier DesEde3Cbc = PkcsObjectIdentifiers.DesEde3Cbc;
         public static readonly DerObjectIdentifier RC2Cbc = PkcsObjectIdentifiers.RC2Cbc;
 
diff --git a/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs b/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs
index ad4d31ede..686502ebe 100644
--- a/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs
+++ b/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs
@@ -14,8 +14,8 @@ namespace Org.BouncyCastle.Crypto.Utilities
 {
     public class AlgorithmIdentifierFactory
     {
-        public static readonly DerObjectIdentifier IDEA_CBC = new DerObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2");
-        public static readonly DerObjectIdentifier CAST5_CBC = new DerObjectIdentifier("1.2.840.113533.7.66.10");
+        public static readonly DerObjectIdentifier IDEA_CBC = MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC;
+        public static readonly DerObjectIdentifier CAST5_CBC = MiscObjectIdentifiers.cast5CBC;
 
         private static readonly short[] rc2Table = {
             0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
diff --git a/crypto/src/security/AgreementUtilities.cs b/crypto/src/security/AgreementUtilities.cs
index 041aeeed2..41dcb7435 100644
--- a/crypto/src/security/AgreementUtilities.cs
+++ b/crypto/src/security/AgreementUtilities.cs
@@ -12,35 +12,86 @@ using Org.BouncyCastle.Utilities.Collections;
 
 namespace Org.BouncyCastle.Security
 {
-	/// <remarks>
-	///  Utility class for creating IBasicAgreement objects from their names/Oids
-	/// </remarks>
-	public static class AgreementUtilities
+    /// <remarks>
+    ///  Utility class for creating IBasicAgreement objects from their names/Oids
+    /// </remarks>
+    public static class AgreementUtilities
 	{
-		private static readonly IDictionary<string, string> Algorithms =
-			new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        private static readonly Dictionary<DerObjectIdentifier, string> AlgorithmOidMap =
+            new Dictionary<DerObjectIdentifier, string>();
 
         static AgreementUtilities()
 		{
-            Algorithms[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id] = "ECCDHWITHSHA1KDF";
-			Algorithms[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme.Id] = "ECDHWITHSHA1KDF";
-			Algorithms[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Id] = "ECMQVWITHSHA1KDF";
+            AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF";
+            AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme] = "ECDHWITHSHA1KDF";
+            AlgorithmOidMap[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme] = "ECMQVWITHSHA1KDF";
+
+            AlgorithmOidMap[EdECObjectIdentifiers.id_X25519] = "X25519";
+            AlgorithmOidMap[EdECObjectIdentifiers.id_X448] = "X448";
+
+#if DEBUG
+            //foreach (var key in AlgorithmMap.Keys)
+            //{
+            //    if (DerObjectIdentifier.TryFromID(key, out var ignore))
+            //        throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key);
+            //}
+
+            //var mechanisms = new HashSet<string>(AlgorithmMap.Values);
+            var mechanisms = new HashSet<string>();
+            mechanisms.UnionWith(AlgorithmOidMap.Values);
+
+            foreach (var mechanism in mechanisms)
+            {
+                //if (AlgorithmMap.TryGetValue(mechanism, out var check))
+                //{
+                //    if (mechanism != check)
+                //        throw new Exception("Mechanism mapping MUST be to self: " + mechanism);
+                //}
+                //else
+                {
+                    if (!mechanism.Equals(mechanism.ToUpperInvariant()))
+                        throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism);
+                }
+            }
+#endif
+        }
 
-            Algorithms[EdECObjectIdentifiers.id_X25519.Id] = "X25519";
-            Algorithms[EdECObjectIdentifiers.id_X448.Id] = "X448";
+        public static string GetAlgorithmName(DerObjectIdentifier oid)
+        {
+            return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid);
         }
 
-        public static IBasicAgreement GetBasicAgreement(
-			DerObjectIdentifier oid)
+        public static IBasicAgreement GetBasicAgreement(DerObjectIdentifier oid)
 		{
-			return GetBasicAgreement(oid.Id);
-		}
+            if (oid == null)
+                throw new ArgumentNullException(nameof(oid));
 
-		public static IBasicAgreement GetBasicAgreement(
-			string algorithm)
+            if (AlgorithmOidMap.TryGetValue(oid, out var mechanism))
+            {
+                var basicAgreement = GetBasicAgreementForMechanism(mechanism);
+                if (basicAgreement != null)
+                    return basicAgreement;
+            }
+
+            throw new SecurityUtilityException("Basic Agreement OID not recognised.");
+        }
+
+        public static IBasicAgreement GetBasicAgreement(string algorithm)
 		{
-            string mechanism = GetMechanism(algorithm);
+            if (algorithm == null)
+                throw new ArgumentNullException(nameof(algorithm));
+
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
 
+            var basicAgreement = GetBasicAgreementForMechanism(mechanism);
+            if (basicAgreement != null)
+                return basicAgreement;
+
+            throw new SecurityUtilityException("Basic Agreement " + algorithm + " not recognised.");
+		}
+
+		private static IBasicAgreement GetBasicAgreementForMechanism(string mechanism)
+		{
             if (mechanism == "DH" || mechanism == "DIFFIEHELLMAN")
 				return new DHBasicAgreement();
 
@@ -48,71 +99,121 @@ namespace Org.BouncyCastle.Security
 				return new ECDHBasicAgreement();
 
             if (mechanism == "ECDHC" || mechanism == "ECCDH")
-                    return new ECDHCBasicAgreement();
+                return new ECDHCBasicAgreement();
 
 			if (mechanism == "ECMQV")
 				return new ECMqvBasicAgreement();
 
-			throw new SecurityUtilityException("Basic Agreement " + algorithm + " not recognised.");
+            return null;
 		}
 
         public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier agreeAlgOid,
 			DerObjectIdentifier wrapAlgOid)
         {
-            return GetBasicAgreementWithKdf(agreeAlgOid.Id, wrapAlgOid.Id);
+            return GetBasicAgreementWithKdf(agreeAlgOid, wrapAlgOid?.Id);
         }
 
+        // TODO[api] Change parameter name to 'agreeAlgOid'
         public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier oid, string wrapAlgorithm)
 		{
-			return GetBasicAgreementWithKdf(oid.Id, wrapAlgorithm);
-		}
+            if (oid == null)
+                throw new ArgumentNullException(nameof(oid));
+            if (wrapAlgorithm == null)
+                throw new ArgumentNullException(nameof(wrapAlgorithm));
+
+            if (AlgorithmOidMap.TryGetValue(oid, out var mechanism))
+            {
+                var basicAgreement = GetBasicAgreementWithKdfForMechanism(mechanism, wrapAlgorithm);
+                if (basicAgreement != null)
+                    return basicAgreement;
+            }
+
+            throw new SecurityUtilityException("Basic Agreement (with KDF) OID not recognised.");
+        }
 
-		public static IBasicAgreement GetBasicAgreementWithKdf(string agreeAlgorithm, string wrapAlgorithm)
+        public static IBasicAgreement GetBasicAgreementWithKdf(string agreeAlgorithm, string wrapAlgorithm)
 		{
-            string mechanism = GetMechanism(agreeAlgorithm);
+            if (agreeAlgorithm == null)
+                throw new ArgumentNullException(nameof(agreeAlgorithm));
+            if (wrapAlgorithm == null)
+                throw new ArgumentNullException(nameof(wrapAlgorithm));
+
+            string mechanism = GetMechanism(agreeAlgorithm) ?? agreeAlgorithm.ToUpperInvariant();
+
+            var basicAgreement = GetBasicAgreementWithKdfForMechanism(mechanism, wrapAlgorithm);
+            if (basicAgreement != null)
+                return basicAgreement;
+
+            throw new SecurityUtilityException("Basic Agreement (with KDF) " + agreeAlgorithm + " not recognised.");
+		}
 
+        private static IBasicAgreement GetBasicAgreementWithKdfForMechanism(string mechanism, string wrapAlgorithm)
+        {
             // 'DHWITHSHA1KDF' retained for backward compatibility
-			if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF")
-				return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF")
+                return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
 
-			if (mechanism == "ECCDHWITHSHA1KDF")
-				return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "ECCDHWITHSHA1KDF")
+                return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
 
-			if (mechanism == "ECMQVWITHSHA1KDF")
-				return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "ECMQVWITHSHA1KDF")
+                return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
 
-			throw new SecurityUtilityException("Basic Agreement (with KDF) " + agreeAlgorithm + " not recognised.");
-		}
+            return null;
+        }
 
-        public static IRawAgreement GetRawAgreement(
-            DerObjectIdentifier oid)
+        public static IRawAgreement GetRawAgreement(DerObjectIdentifier oid)
         {
-            return GetRawAgreement(oid.Id);
+            if (oid == null)
+                throw new ArgumentNullException(nameof(oid));
+
+            if (AlgorithmOidMap.TryGetValue(oid, out var mechanism))
+            {
+                var rawAgreement = GetRawAgreementForMechanism(mechanism);
+                if (rawAgreement != null)
+                    return rawAgreement;
+            }
+
+            throw new SecurityUtilityException("Raw Agreement OID not recognised.");
         }
 
         public static IRawAgreement GetRawAgreement(string algorithm)
         {
-            string mechanism = GetMechanism(algorithm);
+            if (algorithm == null)
+                throw new ArgumentNullException(nameof(algorithm));
+
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
+
+            var rawAgreement = GetRawAgreementForMechanism(mechanism);
+            if (rawAgreement != null)
+                return rawAgreement;
+
+            throw new SecurityUtilityException("Raw Agreement " + algorithm + " not recognised.");
+        }
 
+        private static IRawAgreement GetRawAgreementForMechanism(string mechanism)
+        {
             if (mechanism == "X25519")
                 return new X25519Agreement();
 
             if (mechanism == "X448")
                 return new X448Agreement();
 
-            throw new SecurityUtilityException("Raw Agreement " + algorithm + " not recognised.");
+            return null;
         }
 
-		public static string GetAlgorithmName(DerObjectIdentifier oid)
-		{
-			return CollectionUtilities.GetValueOrNull(Algorithms, oid.Id);
-		}
-
-		private static string GetMechanism(string algorithm)
+        private static string GetMechanism(string algorithm)
         {
-			var mechanism = CollectionUtilities.GetValueOrKey(Algorithms, algorithm);
+            //if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1))
+            //    return mechanism1;
+
+            if (DerObjectIdentifier.TryFromID(algorithm, out var oid))
+            {
+                if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2))
+                    return mechanism2;
+            }
 
-			return mechanism.ToUpperInvariant();
+            return null;
         }
 	}
 }
diff --git a/crypto/src/security/CipherUtilities.cs b/crypto/src/security/CipherUtilities.cs
index 11bf45680..715bd81fe 100644
--- a/crypto/src/security/CipherUtilities.cs
+++ b/crypto/src/security/CipherUtilities.cs
@@ -4,6 +4,7 @@ using System.Collections.Generic;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.Kisa;
+using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Nsri;
 using Org.BouncyCastle.Asn1.Ntt;
@@ -112,8 +113,10 @@ namespace Org.BouncyCastle.Security
             ZEROBYTEPADDING,
         };
 
-        private static readonly Dictionary<string, string> Algorithms =
+        private static readonly Dictionary<string, string> AlgorithmMap =
             new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        private static readonly Dictionary<DerObjectIdentifier, string> AlgorithmOidMap =
+            new Dictionary<DerObjectIdentifier, string>();
 
         static CipherUtilities()
         {
@@ -124,148 +127,192 @@ namespace Org.BouncyCastle.Security
 
             // TODO Flesh out the list of aliases
 
-            Algorithms[NistObjectIdentifiers.IdAes128Cbc.Id] = "AES/CBC/PKCS7PADDING";
-            Algorithms[NistObjectIdentifiers.IdAes192Cbc.Id] = "AES/CBC/PKCS7PADDING";
-            Algorithms[NistObjectIdentifiers.IdAes256Cbc.Id] = "AES/CBC/PKCS7PADDING";
-
-            Algorithms[NistObjectIdentifiers.IdAes128Ccm.Id] = "AES/CCM/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes192Ccm.Id] = "AES/CCM/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes256Ccm.Id] = "AES/CCM/NOPADDING";
-
-            Algorithms[NistObjectIdentifiers.IdAes128Cfb.Id] = "AES/CFB/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes192Cfb.Id] = "AES/CFB/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes256Cfb.Id] = "AES/CFB/NOPADDING";
-
-            Algorithms[NistObjectIdentifiers.IdAes128Ecb.Id] = "AES/ECB/PKCS7PADDING";
-            Algorithms[NistObjectIdentifiers.IdAes192Ecb.Id] = "AES/ECB/PKCS7PADDING";
-            Algorithms[NistObjectIdentifiers.IdAes256Ecb.Id] = "AES/ECB/PKCS7PADDING";
-            Algorithms["AES//PKCS7"] = "AES/ECB/PKCS7PADDING";
-            Algorithms["AES//PKCS7PADDING"] = "AES/ECB/PKCS7PADDING";
-            Algorithms["AES//PKCS5"] = "AES/ECB/PKCS7PADDING";
-            Algorithms["AES//PKCS5PADDING"] = "AES/ECB/PKCS7PADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes128Cbc] = "AES/CBC/PKCS7PADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes192Cbc] = "AES/CBC/PKCS7PADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes256Cbc] = "AES/CBC/PKCS7PADDING";
+
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes128Ccm] = "AES/CCM/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes192Ccm] = "AES/CCM/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes256Ccm] = "AES/CCM/NOPADDING";
+
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes128Cfb] = "AES/CFB/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes192Cfb] = "AES/CFB/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes256Cfb] = "AES/CFB/NOPADDING";
+
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes128Ecb] = "AES/ECB/PKCS7PADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes192Ecb] = "AES/ECB/PKCS7PADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes256Ecb] = "AES/ECB/PKCS7PADDING";
+            AlgorithmMap["AES//PKCS7"] = "AES/ECB/PKCS7PADDING";
+            AlgorithmMap["AES//PKCS7PADDING"] = "AES/ECB/PKCS7PADDING";
+            AlgorithmMap["AES//PKCS5"] = "AES/ECB/PKCS7PADDING";
+            AlgorithmMap["AES//PKCS5PADDING"] = "AES/ECB/PKCS7PADDING";
 
-            Algorithms[NistObjectIdentifiers.IdAes128Gcm.Id] = "AES/GCM/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes192Gcm.Id] = "AES/GCM/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes256Gcm.Id] = "AES/GCM/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes128Gcm] = "AES/GCM/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes192Gcm] = "AES/GCM/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes256Gcm] = "AES/GCM/NOPADDING";
 
-            Algorithms[NistObjectIdentifiers.IdAes128Ofb.Id] = "AES/OFB/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes192Ofb.Id] = "AES/OFB/NOPADDING";
-            Algorithms[NistObjectIdentifiers.IdAes256Ofb.Id] = "AES/OFB/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes128Ofb] = "AES/OFB/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes192Ofb] = "AES/OFB/NOPADDING";
+            AlgorithmOidMap[NistObjectIdentifiers.IdAes256Ofb] = "AES/OFB/NOPADDING";
 
-            Algorithms[NsriObjectIdentifiers.id_aria128_cbc.Id] = "ARIA/CBC/PKCS7PADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria192_cbc.Id] = "ARIA/CBC/PKCS7PADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria256_cbc.Id] = "ARIA/CBC/PKCS7PADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_cbc] = "ARIA/CBC/PKCS7PADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_cbc] = "ARIA/CBC/PKCS7PADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_cbc] = "ARIA/CBC/PKCS7PADDING";
 
-            Algorithms[NsriObjectIdentifiers.id_aria128_ccm.Id] = "ARIA/CCM/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria192_ccm.Id] = "ARIA/CCM/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria256_ccm.Id] = "ARIA/CCM/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ccm] = "ARIA/CCM/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ccm] = "ARIA/CCM/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ccm] = "ARIA/CCM/NOPADDING";
 
-            Algorithms[NsriObjectIdentifiers.id_aria128_cfb.Id] = "ARIA/CFB/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria192_cfb.Id] = "ARIA/CFB/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria256_cfb.Id] = "ARIA/CFB/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_cfb] = "ARIA/CFB/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_cfb] = "ARIA/CFB/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_cfb] = "ARIA/CFB/NOPADDING";
 
-            Algorithms[NsriObjectIdentifiers.id_aria128_ctr.Id] = "ARIA/CTR/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria192_ctr.Id] = "ARIA/CTR/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria256_ctr.Id] = "ARIA/CTR/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ctr] = "ARIA/CTR/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ctr] = "ARIA/CTR/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ctr] = "ARIA/CTR/NOPADDING";
 
-            Algorithms[NsriObjectIdentifiers.id_aria128_ecb.Id] = "ARIA/ECB/PKCS7PADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria192_ecb.Id] = "ARIA/ECB/PKCS7PADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria256_ecb.Id] = "ARIA/ECB/PKCS7PADDING";
-            Algorithms["ARIA//PKCS7"] = "ARIA/ECB/PKCS7PADDING";
-            Algorithms["ARIA//PKCS7PADDING"] = "ARIA/ECB/PKCS7PADDING";
-            Algorithms["ARIA//PKCS5"] = "ARIA/ECB/PKCS7PADDING";
-            Algorithms["ARIA//PKCS5PADDING"] = "ARIA/ECB/PKCS7PADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ecb] = "ARIA/ECB/PKCS7PADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ecb] = "ARIA/ECB/PKCS7PADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ecb] = "ARIA/ECB/PKCS7PADDING";
+            AlgorithmMap["ARIA//PKCS7"] = "ARIA/ECB/PKCS7PADDING";
+            AlgorithmMap["ARIA//PKCS7PADDING"] = "ARIA/ECB/PKCS7PADDING";
+            AlgorithmMap["ARIA//PKCS5"] = "ARIA/ECB/PKCS7PADDING";
+            AlgorithmMap["ARIA//PKCS5PADDING"] = "ARIA/ECB/PKCS7PADDING";
 
-            Algorithms[NsriObjectIdentifiers.id_aria128_gcm.Id] = "ARIA/GCM/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria192_gcm.Id] = "ARIA/GCM/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria256_gcm.Id] = "ARIA/GCM/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_gcm] = "ARIA/GCM/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_gcm] = "ARIA/GCM/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_gcm] = "ARIA/GCM/NOPADDING";
 
-            Algorithms[NsriObjectIdentifiers.id_aria128_ofb.Id] = "ARIA/OFB/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria192_ofb.Id] = "ARIA/OFB/NOPADDING";
-            Algorithms[NsriObjectIdentifiers.id_aria256_ofb.Id] = "ARIA/OFB/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ofb] = "ARIA/OFB/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ofb] = "ARIA/OFB/NOPADDING";
+            AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ofb] = "ARIA/OFB/NOPADDING";
 
-            Algorithms["RSA/ECB/PKCS1"] = "RSA//PKCS1PADDING";
-            Algorithms["RSA/ECB/PKCS1PADDING"] = "RSA//PKCS1PADDING";
-            Algorithms[PkcsObjectIdentifiers.RsaEncryption.Id] = "RSA//PKCS1PADDING";
-            Algorithms[PkcsObjectIdentifiers.IdRsaesOaep.Id] = "RSA//OAEPPADDING";
+            AlgorithmMap["RSA/ECB/PKCS1"] = "RSA//PKCS1PADDING";
+            AlgorithmMap["RSA/ECB/PKCS1PADDING"] = "RSA//PKCS1PADDING";
+            AlgorithmOidMap[PkcsObjectIdentifiers.RsaEncryption] = "RSA//PKCS1PADDING";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdRsaesOaep] = "RSA//OAEPPADDING";
 
-            Algorithms[OiwObjectIdentifiers.DesCbc.Id] = "DES/CBC";
-            Algorithms[OiwObjectIdentifiers.DesCfb.Id] = "DES/CFB";
-            Algorithms[OiwObjectIdentifiers.DesEcb.Id] = "DES/ECB";
-            Algorithms[OiwObjectIdentifiers.DesOfb.Id] = "DES/OFB";
-            Algorithms[OiwObjectIdentifiers.DesEde.Id] = "DESEDE";
-            Algorithms["TDEA"] = "DESEDE";
-            Algorithms[PkcsObjectIdentifiers.DesEde3Cbc.Id] = "DESEDE/CBC";
-            Algorithms[PkcsObjectIdentifiers.RC2Cbc.Id] = "RC2/CBC";
-            Algorithms["1.3.6.1.4.1.188.7.1.1.2"] = "IDEA/CBC";
-            Algorithms["1.2.840.113533.7.66.10"] = "CAST5/CBC";
+            AlgorithmOidMap[OiwObjectIdentifiers.DesCbc] = "DES/CBC";
+            AlgorithmOidMap[OiwObjectIdentifiers.DesCfb] = "DES/CFB";
+            AlgorithmOidMap[OiwObjectIdentifiers.DesEcb] = "DES/ECB";
+            AlgorithmOidMap[OiwObjectIdentifiers.DesOfb] = "DES/OFB";
+            AlgorithmOidMap[OiwObjectIdentifiers.DesEde] = "DESEDE";
+            AlgorithmMap["TDEA"] = "DESEDE";
+            AlgorithmOidMap[PkcsObjectIdentifiers.DesEde3Cbc] = "DESEDE/CBC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.RC2Cbc] = "RC2/CBC";
+            AlgorithmOidMap[MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC] = "IDEA/CBC";
+            AlgorithmOidMap[MiscObjectIdentifiers.cast5CBC] = "CAST5/CBC";
 
-            Algorithms["RC4"] = "ARC4";
-            Algorithms["ARCFOUR"] = "ARC4";
-            Algorithms["1.2.840.113549.3.4"] = "ARC4";
+            AlgorithmMap["RC4"] = "ARC4";
+            AlgorithmMap["ARCFOUR"] = "ARC4";
+            AlgorithmOidMap[PkcsObjectIdentifiers.rc4] = "ARC4";
 
 
 
-            Algorithms["PBEWITHSHA1AND128BITRC4"] = "PBEWITHSHAAND128BITRC4";
-            Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC4.Id] = "PBEWITHSHAAND128BITRC4";
-            Algorithms["PBEWITHSHA1AND40BITRC4"] = "PBEWITHSHAAND40BITRC4";
-            Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd40BitRC4.Id] = "PBEWITHSHAAND40BITRC4";
+            AlgorithmMap["PBEWITHSHA1AND128BITRC4"] = "PBEWITHSHAAND128BITRC4";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC4] = "PBEWITHSHAAND128BITRC4";
+            AlgorithmMap["PBEWITHSHA1AND40BITRC4"] = "PBEWITHSHAAND40BITRC4";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd40BitRC4] = "PBEWITHSHAAND40BITRC4";
 
-            Algorithms["PBEWITHSHA1ANDDES"] = "PBEWITHSHA1ANDDES-CBC";
-            Algorithms[PkcsObjectIdentifiers.PbeWithSha1AndDesCbc.Id] = "PBEWITHSHA1ANDDES-CBC";
-            Algorithms["PBEWITHSHA1ANDRC2"] = "PBEWITHSHA1ANDRC2-CBC";
-            Algorithms[PkcsObjectIdentifiers.PbeWithSha1AndRC2Cbc.Id] = "PBEWITHSHA1ANDRC2-CBC";
+            AlgorithmMap["PBEWITHSHA1ANDDES"] = "PBEWITHSHA1ANDDES-CBC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithSha1AndDesCbc] = "PBEWITHSHA1ANDDES-CBC";
+            AlgorithmMap["PBEWITHSHA1ANDRC2"] = "PBEWITHSHA1ANDRC2-CBC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithSha1AndRC2Cbc] = "PBEWITHSHA1ANDRC2-CBC";
 
-            Algorithms["PBEWITHSHA1AND3-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
-            Algorithms["PBEWITHSHAAND3KEYTRIPLEDES"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
-            Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc.Id] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
-            Algorithms["PBEWITHSHA1ANDDESEDE"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
+            AlgorithmMap["PBEWITHSHA1AND3-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
+            AlgorithmMap["PBEWITHSHAAND3KEYTRIPLEDES"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
+            AlgorithmMap["PBEWITHSHA1ANDDESEDE"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
 
-            Algorithms["PBEWITHSHA1AND2-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC";
-            Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd2KeyTripleDesCbc.Id] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC";
+            AlgorithmMap["PBEWITHSHA1AND2-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd2KeyTripleDesCbc] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC";
 
-            Algorithms["PBEWITHSHA1AND128BITRC2-CBC"] = "PBEWITHSHAAND128BITRC2-CBC";
-            Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC2Cbc.Id] = "PBEWITHSHAAND128BITRC2-CBC";
+            AlgorithmMap["PBEWITHSHA1AND128BITRC2-CBC"] = "PBEWITHSHAAND128BITRC2-CBC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC2Cbc] = "PBEWITHSHAAND128BITRC2-CBC";
 
-            Algorithms["PBEWITHSHA1AND40BITRC2-CBC"] = "PBEWITHSHAAND40BITRC2-CBC";
-            Algorithms[PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc.Id] = "PBEWITHSHAAND40BITRC2-CBC";
+            AlgorithmMap["PBEWITHSHA1AND40BITRC2-CBC"] = "PBEWITHSHAAND40BITRC2-CBC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc] = "PBEWITHSHAAND40BITRC2-CBC";
 
-            Algorithms["PBEWITHSHA1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC";
-            Algorithms["PBEWITHSHA-1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA-1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC";
+
+            AlgorithmMap["PBEWITHSHA1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA-1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC";
 
-            Algorithms["PBEWITHSHA1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC";
-            Algorithms["PBEWITHSHA-1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA-1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC";
 
-            Algorithms["PBEWITHSHA1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC";
-            Algorithms["PBEWITHSHA-1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA-256AND128BITAES-CBC-BC"] = "PBEWITHSHA256AND128BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA-256AND192BITAES-CBC-BC"] = "PBEWITHSHA256AND192BITAES-CBC-BC";
+            AlgorithmMap["PBEWITHSHA-256AND256BITAES-CBC-BC"] = "PBEWITHSHA256AND256BITAES-CBC-BC";
 
-            Algorithms["PBEWITHSHA-256AND128BITAES-CBC-BC"] = "PBEWITHSHA256AND128BITAES-CBC-BC";
-            Algorithms["PBEWITHSHA-256AND192BITAES-CBC-BC"] = "PBEWITHSHA256AND192BITAES-CBC-BC";
-            Algorithms["PBEWITHSHA-256AND256BITAES-CBC-BC"] = "PBEWITHSHA256AND256BITAES-CBC-BC";
 
+            AlgorithmMap["GOST"] = "GOST28147";
+            AlgorithmMap["GOST-28147"] = "GOST28147";
+            AlgorithmOidMap[CryptoProObjectIdentifiers.GostR28147Gcfb] = "GOST28147/CBC/PKCS7PADDING";
 
-            Algorithms["GOST"] = "GOST28147";
-            Algorithms["GOST-28147"] = "GOST28147";
-            Algorithms[CryptoProObjectIdentifiers.GostR28147Gcfb.Id] = "GOST28147/CBC/PKCS7PADDING";
+            AlgorithmMap["RC5-32"] = "RC5";
 
-            Algorithms["RC5-32"] = "RC5";
+            AlgorithmOidMap[NttObjectIdentifiers.IdCamellia128Cbc] = "CAMELLIA/CBC/PKCS7PADDING";
+            AlgorithmOidMap[NttObjectIdentifiers.IdCamellia192Cbc] = "CAMELLIA/CBC/PKCS7PADDING";
+            AlgorithmOidMap[NttObjectIdentifiers.IdCamellia256Cbc] = "CAMELLIA/CBC/PKCS7PADDING";
 
-            Algorithms[NttObjectIdentifiers.IdCamellia128Cbc.Id] = "CAMELLIA/CBC/PKCS7PADDING";
-            Algorithms[NttObjectIdentifiers.IdCamellia192Cbc.Id] = "CAMELLIA/CBC/PKCS7PADDING";
-            Algorithms[NttObjectIdentifiers.IdCamellia256Cbc.Id] = "CAMELLIA/CBC/PKCS7PADDING";
+            AlgorithmOidMap[KisaObjectIdentifiers.IdSeedCbc] = "SEED/CBC/PKCS7PADDING";
 
-            Algorithms[KisaObjectIdentifiers.IdSeedCbc.Id] = "SEED/CBC/PKCS7PADDING";
+            /*
+             * TODO[api] Incorrect version of cryptlib_algorithm_blowfish_CBC
+             * Remove at major version update and delete bad test data "pbes2.bf-cbc.key"
+             */
+            AlgorithmOidMap[new DerObjectIdentifier("1.3.6.1.4.1.3029.1.2")] = "BLOWFISH/CBC";
+            AlgorithmOidMap[MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC] = "BLOWFISH/CBC";
 
-            Algorithms["1.3.6.1.4.1.3029.1.2"] = "BLOWFISH/CBC";
+            AlgorithmMap["CHACHA20"] = "CHACHA7539";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdAlgAeadChaCha20Poly1305] = "CHACHA20-POLY1305";
 
-            Algorithms["CHACHA20"] = "CHACHA7539";
-            Algorithms[PkcsObjectIdentifiers.IdAlgAeadChaCha20Poly1305.Id] = "CHACHA20-POLY1305";
+#if DEBUG
+            foreach (var key in AlgorithmMap.Keys)
+            {
+                if (DerObjectIdentifier.TryFromID(key, out var ignore))
+                    throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key);
+            }
+
+            var mechanisms = new HashSet<string>(AlgorithmMap.Values);
+            mechanisms.UnionWith(AlgorithmOidMap.Values);
+
+            foreach (var mechanism in mechanisms)
+            {
+                if (AlgorithmMap.TryGetValue(mechanism, out var check))
+                {
+                    if (mechanism != check)
+                        throw new Exception("Mechanism mapping MUST be to self: " + mechanism);
+                }
+                else
+                {
+                    if (!mechanism.Equals(mechanism.ToUpperInvariant()))
+                        throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism);
+                }
+            }
+#endif
         }
 
-        public static IBufferedCipher GetCipher(
-            DerObjectIdentifier oid)
+        public static string GetAlgorithmName(DerObjectIdentifier oid)
         {
-            return GetCipher(oid.Id);
+            return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid);
+        }
+
+        public static IBufferedCipher GetCipher(DerObjectIdentifier oid)
+        {
+            if (oid == null)
+                throw new ArgumentNullException(nameof(oid));
+
+            if (AlgorithmOidMap.TryGetValue(oid, out var mechanism))
+            {
+                var cipher = GetCipherForMechanism(mechanism);
+                if (cipher != null)
+                    return cipher;
+            }
+
+            throw new SecurityUtilityException("Cipher OID not recognised.");
         }
 
         public static IBufferedCipher GetCipher(string algorithm)
@@ -273,14 +320,23 @@ namespace Org.BouncyCastle.Security
             if (algorithm == null)
                 throw new ArgumentNullException(nameof(algorithm));
 
-            algorithm = CollectionUtilities.GetValueOrKey(Algorithms, algorithm).ToUpperInvariant();
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
+
+            var cipher = GetCipherForMechanism(mechanism);
+            if (cipher != null)
+                return cipher;
+
+            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
+        }
 
+        private static IBufferedCipher GetCipherForMechanism(string mechanism)
+        {
             IBasicAgreement iesAgreement = null;
-            if (algorithm == "IES")
+            if (mechanism == "IES")
             {
                 iesAgreement = new DHBasicAgreement();
             }
-            else if (algorithm == "ECIES")
+            else if (mechanism == "ECIES")
             {
                 iesAgreement = new ECDHBasicAgreement();
             }
@@ -298,36 +354,36 @@ namespace Org.BouncyCastle.Security
 
 
 
-            if (Platform.StartsWith(algorithm, "PBE"))
+            if (Platform.StartsWith(mechanism, "PBE"))
             {
-                if (Platform.EndsWith(algorithm, "-CBC"))
+                if (Platform.EndsWith(mechanism, "-CBC"))
                 {
-                    if (algorithm == "PBEWITHSHA1ANDDES-CBC")
+                    if (mechanism == "PBEWITHSHA1ANDDES-CBC")
                     {
                         return new PaddedBufferedBlockCipher(
                             new CbcBlockCipher(new DesEngine()));
                     }
-                    else if (algorithm == "PBEWITHSHA1ANDRC2-CBC")
+                    else if (mechanism == "PBEWITHSHA1ANDRC2-CBC")
                     {
                         return new PaddedBufferedBlockCipher(
                             new CbcBlockCipher(new RC2Engine()));
                     }
-                    else if (Strings.IsOneOf(algorithm,
+                    else if (Strings.IsOneOf(mechanism,
                         "PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"))
                     {
                         return new PaddedBufferedBlockCipher(
                             new CbcBlockCipher(new DesEdeEngine()));
                     }
-                    else if (Strings.IsOneOf(algorithm,
+                    else if (Strings.IsOneOf(mechanism,
                         "PBEWITHSHAAND128BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"))
                     {
                         return new PaddedBufferedBlockCipher(
                             new CbcBlockCipher(new RC2Engine()));
                     }
                 }
-                else if (Platform.EndsWith(algorithm, "-BC") || Platform.EndsWith(algorithm, "-OPENSSL"))
+                else if (Platform.EndsWith(mechanism, "-BC") || Platform.EndsWith(mechanism, "-OPENSSL"))
                 {
-                    if (Strings.IsOneOf(algorithm,
+                    if (Strings.IsOneOf(mechanism,
                         "PBEWITHSHAAND128BITAES-CBC-BC",
                         "PBEWITHSHAAND192BITAES-CBC-BC",
                         "PBEWITHSHAAND256BITAES-CBC-BC",
@@ -346,14 +402,14 @@ namespace Org.BouncyCastle.Security
 
 
 
-            string[] parts = algorithm.Split('/');
+            string[] parts = mechanism.Split('/');
 
             IAeadCipher aeadCipher = null;
             IBlockCipher blockCipher = null;
             IAsymmetricBlockCipher asymBlockCipher = null;
             IStreamCipher streamCipher = null;
 
-            string algorithmName = CollectionUtilities.GetValueOrKey(Algorithms, parts[0]).ToUpperInvariant();
+            string algorithmName = CollectionUtilities.GetValueOrKey(AlgorithmMap, parts[0]).ToUpperInvariant();
 
             CipherAlgorithm cipherAlgorithm;
             try
@@ -362,7 +418,7 @@ namespace Org.BouncyCastle.Security
             }
             catch (ArgumentException)
             {
-                throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
+                return null;
             }
 
             switch (cipherAlgorithm)
@@ -486,7 +542,7 @@ namespace Org.BouncyCastle.Security
                 blockCipher = new XteaEngine();
                 break;
             default:
-                throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
+                return null;
             }
 
             if (aeadCipher != null)
@@ -535,7 +591,7 @@ namespace Org.BouncyCastle.Security
                     }
                     catch (ArgumentException)
                     {
-                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
+                        return null;
                     }
                 }
 
@@ -615,7 +671,7 @@ namespace Org.BouncyCastle.Security
                     padding = new ZeroBytePadding();
                     break;
                 default:
-                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
+                    return null;
                 }
             }
 
@@ -693,12 +749,12 @@ namespace Org.BouncyCastle.Security
                         blockCipherMode = new SicBlockCipher(blockCipher);
                         break;
                     default:
-                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
+                        return null;
                     }
                 }
                 catch (ArgumentException)
                 {
-                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
+                    return null;
                 }
             }
 
@@ -742,12 +798,7 @@ namespace Org.BouncyCastle.Security
                 return new BufferedAsymmetricBlockCipher(asymBlockCipher);
             }
 
-            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
-        }
-
-        public static string GetAlgorithmName(DerObjectIdentifier oid)
-        {
-            return CollectionUtilities.GetValueOrNull(Algorithms, oid.Id);
+            return null;
         }
 
         private static int GetDigitIndex(string s)
@@ -761,6 +812,20 @@ namespace Org.BouncyCastle.Security
             return -1;
         }
 
+        private static string GetMechanism(string algorithm)
+        {
+            if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1))
+                return mechanism1;
+
+            if (DerObjectIdentifier.TryFromID(algorithm, out var oid))
+            {
+                if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2))
+                    return mechanism2;
+            }
+
+            return null;
+        }
+
         private static IBlockCipher CreateBlockCipher(CipherAlgorithm cipherAlgorithm)
         {
             switch (cipherAlgorithm)
diff --git a/crypto/src/security/DigestUtilities.cs b/crypto/src/security/DigestUtilities.cs
index 8c175b056..0c5e12994 100644
--- a/crypto/src/security/DigestUtilities.cs
+++ b/crypto/src/security/DigestUtilities.cs
@@ -6,8 +6,8 @@ using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.GM;
 using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Nist;
-using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.Oiw;
+using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.Rosstandart;
 using Org.BouncyCastle.Asn1.TeleTrust;
 using Org.BouncyCastle.Asn1.UA;
@@ -43,9 +43,11 @@ namespace Org.BouncyCastle.Security
             WHIRLPOOL,
         };
 
-        private static readonly IDictionary<string, string> Aliases =
+        private static readonly Dictionary<string, string> AlgorithmMap =
             new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
-        private static readonly IDictionary<string, DerObjectIdentifier> Oids =
+        private static readonly Dictionary<DerObjectIdentifier, string> AlgorithmOidMap =
+            new Dictionary<DerObjectIdentifier, string>();
+        private static readonly Dictionary<string, DerObjectIdentifier> Oids =
             new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase);
 
         static DigestUtilities()
@@ -53,84 +55,84 @@ namespace Org.BouncyCastle.Security
             // Signal to obfuscation tools not to change enum constants
             Enums.GetArbitraryValue<DigestAlgorithm>().ToString();
 
-            Aliases[PkcsObjectIdentifiers.MD2.Id] = "MD2";
-            Aliases[PkcsObjectIdentifiers.MD4.Id] = "MD4";
-            Aliases[PkcsObjectIdentifiers.MD5.Id] = "MD5";
-
-            Aliases["SHA1"] = "SHA-1";
-            Aliases[OiwObjectIdentifiers.IdSha1.Id] = "SHA-1";
-            Aliases[PkcsObjectIdentifiers.IdHmacWithSha1.Id] = "SHA-1";
-            Aliases[MiscObjectIdentifiers.HMAC_SHA1.Id] = "SHA-1";
-            Aliases["SHA224"] = "SHA-224";
-            Aliases[NistObjectIdentifiers.IdSha224.Id] = "SHA-224";
-            Aliases[PkcsObjectIdentifiers.IdHmacWithSha224.Id] = "SHA-224";
-            Aliases["SHA256"] = "SHA-256";
-            Aliases[NistObjectIdentifiers.IdSha256.Id] = "SHA-256";
-            Aliases[PkcsObjectIdentifiers.IdHmacWithSha256.Id] = "SHA-256";
-            Aliases["SHA384"] = "SHA-384";
-            Aliases[NistObjectIdentifiers.IdSha384.Id] = "SHA-384";
-            Aliases[PkcsObjectIdentifiers.IdHmacWithSha384.Id] = "SHA-384";
-            Aliases["SHA512"] = "SHA-512";
-            Aliases[NistObjectIdentifiers.IdSha512.Id] = "SHA-512";
-            Aliases[PkcsObjectIdentifiers.IdHmacWithSha512.Id] = "SHA-512";
-
-            Aliases["SHA512/224"] = "SHA-512/224";
-            Aliases["SHA512(224)"] = "SHA-512/224";
-            Aliases["SHA-512(224)"] = "SHA-512/224";
-            Aliases[NistObjectIdentifiers.IdSha512_224.Id] = "SHA-512/224";
-            Aliases["SHA512/256"] = "SHA-512/256";
-            Aliases["SHA512(256)"] = "SHA-512/256";
-            Aliases["SHA-512(256)"] = "SHA-512/256";
-            Aliases[NistObjectIdentifiers.IdSha512_256.Id] = "SHA-512/256";
-
-            Aliases["RIPEMD-128"] = "RIPEMD128";
-            Aliases[TeleTrusTObjectIdentifiers.RipeMD128.Id] = "RIPEMD128";
-            Aliases["RIPEMD-160"] = "RIPEMD160";
-            Aliases[TeleTrusTObjectIdentifiers.RipeMD160.Id] = "RIPEMD160";
-            Aliases["RIPEMD-256"] = "RIPEMD256";
-            Aliases[TeleTrusTObjectIdentifiers.RipeMD256.Id] = "RIPEMD256";
-            Aliases["RIPEMD-320"] = "RIPEMD320";
-            //Aliases[TeleTrusTObjectIdentifiers.RipeMD320.Id] = "RIPEMD320";
-
-            Aliases[CryptoProObjectIdentifiers.GostR3411.Id] = "GOST3411";
-
-            Aliases["KECCAK224"] = "KECCAK-224";
-            Aliases["KECCAK256"] = "KECCAK-256";
-            Aliases["KECCAK288"] = "KECCAK-288";
-            Aliases["KECCAK384"] = "KECCAK-384";
-            Aliases["KECCAK512"] = "KECCAK-512";
-
-            Aliases[NistObjectIdentifiers.IdSha3_224.Id] = "SHA3-224";
-            Aliases[NistObjectIdentifiers.IdHMacWithSha3_224.Id] = "SHA3-224";
-            Aliases[NistObjectIdentifiers.IdSha3_256.Id] = "SHA3-256";
-            Aliases[NistObjectIdentifiers.IdHMacWithSha3_256.Id] = "SHA3-256";
-            Aliases[NistObjectIdentifiers.IdSha3_384.Id] = "SHA3-384";
-            Aliases[NistObjectIdentifiers.IdHMacWithSha3_384.Id] = "SHA3-384";
-            Aliases[NistObjectIdentifiers.IdSha3_512.Id] = "SHA3-512";
-            Aliases[NistObjectIdentifiers.IdHMacWithSha3_512.Id] = "SHA3-512";
-            Aliases["SHAKE128"] = "SHAKE128-256";
-            Aliases[NistObjectIdentifiers.IdShake128.Id] = "SHAKE128-256";
-            Aliases["SHAKE256"] = "SHAKE256-512";
-            Aliases[NistObjectIdentifiers.IdShake256.Id] = "SHAKE256-512";
-
-            Aliases[GMObjectIdentifiers.sm3.Id] = "SM3";
-
-            Aliases[MiscObjectIdentifiers.id_blake2b160.Id] = "BLAKE2B-160";
-            Aliases[MiscObjectIdentifiers.id_blake2b256.Id] = "BLAKE2B-256";
-            Aliases[MiscObjectIdentifiers.id_blake2b384.Id] = "BLAKE2B-384";
-            Aliases[MiscObjectIdentifiers.id_blake2b512.Id] = "BLAKE2B-512";
-            Aliases[MiscObjectIdentifiers.id_blake2s128.Id] = "BLAKE2S-128";
-            Aliases[MiscObjectIdentifiers.id_blake2s160.Id] = "BLAKE2S-160";
-            Aliases[MiscObjectIdentifiers.id_blake2s224.Id] = "BLAKE2S-224";
-            Aliases[MiscObjectIdentifiers.id_blake2s256.Id] = "BLAKE2S-256";
-            Aliases[MiscObjectIdentifiers.blake3_256.Id] = "BLAKE3-256";
-
-            Aliases[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256.Id] = "GOST3411-2012-256";
-            Aliases[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512.Id] = "GOST3411-2012-512";
-
-            Aliases[UAObjectIdentifiers.dstu7564digest_256.Id] = "DSTU7564-256";
-            Aliases[UAObjectIdentifiers.dstu7564digest_384.Id] = "DSTU7564-384";
-            Aliases[UAObjectIdentifiers.dstu7564digest_512.Id] = "DSTU7564-512";
+            AlgorithmOidMap[PkcsObjectIdentifiers.MD2] = "MD2";
+            AlgorithmOidMap[PkcsObjectIdentifiers.MD4] = "MD4";
+            AlgorithmOidMap[PkcsObjectIdentifiers.MD5] = "MD5";
+
+            AlgorithmMap["SHA1"] = "SHA-1";
+            AlgorithmOidMap[OiwObjectIdentifiers.IdSha1] = "SHA-1";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha1] = "SHA-1";
+            AlgorithmOidMap[MiscObjectIdentifiers.HMAC_SHA1] = "SHA-1";
+            AlgorithmMap["SHA224"] = "SHA-224";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha224] = "SHA-224";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha224] = "SHA-224";
+            AlgorithmMap["SHA256"] = "SHA-256";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha256] = "SHA-256";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha256] = "SHA-256";
+            AlgorithmMap["SHA384"] = "SHA-384";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha384] = "SHA-384";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha384] = "SHA-384";
+            AlgorithmMap["SHA512"] = "SHA-512";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha512] = "SHA-512";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha512] = "SHA-512";
+
+            AlgorithmMap["SHA512/224"] = "SHA-512/224";
+            AlgorithmMap["SHA512(224)"] = "SHA-512/224";
+            AlgorithmMap["SHA-512(224)"] = "SHA-512/224";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha512_224] = "SHA-512/224";
+            AlgorithmMap["SHA512/256"] = "SHA-512/256";
+            AlgorithmMap["SHA512(256)"] = "SHA-512/256";
+            AlgorithmMap["SHA-512(256)"] = "SHA-512/256";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha512_256] = "SHA-512/256";
+
+            AlgorithmMap["RIPEMD-128"] = "RIPEMD128";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD128] = "RIPEMD128";
+            AlgorithmMap["RIPEMD-160"] = "RIPEMD160";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD160] = "RIPEMD160";
+            AlgorithmMap["RIPEMD-256"] = "RIPEMD256";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD256] = "RIPEMD256";
+            AlgorithmMap["RIPEMD-320"] = "RIPEMD320";
+            //AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD320] = "RIPEMD320";
+
+            AlgorithmOidMap[CryptoProObjectIdentifiers.GostR3411] = "GOST3411";
+
+            AlgorithmMap["KECCAK224"] = "KECCAK-224";
+            AlgorithmMap["KECCAK256"] = "KECCAK-256";
+            AlgorithmMap["KECCAK288"] = "KECCAK-288";
+            AlgorithmMap["KECCAK384"] = "KECCAK-384";
+            AlgorithmMap["KECCAK512"] = "KECCAK-512";
+
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha3_224] = "SHA3-224";
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_224] = "SHA3-224";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha3_256] = "SHA3-256";
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_256] = "SHA3-256";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha3_384] = "SHA3-384";
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_384] = "SHA3-384";
+            AlgorithmOidMap[NistObjectIdentifiers.IdSha3_512] = "SHA3-512";
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_512] = "SHA3-512";
+            AlgorithmMap["SHAKE128"] = "SHAKE128-256";
+            AlgorithmOidMap[NistObjectIdentifiers.IdShake128] = "SHAKE128-256";
+            AlgorithmMap["SHAKE256"] = "SHAKE256-512";
+            AlgorithmOidMap[NistObjectIdentifiers.IdShake256] = "SHAKE256-512";
+
+            AlgorithmOidMap[GMObjectIdentifiers.sm3] = "SM3";
+
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b160] = "BLAKE2B-160";
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b256] = "BLAKE2B-256";
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b384] = "BLAKE2B-384";
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b512] = "BLAKE2B-512";
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s128] = "BLAKE2S-128";
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s160] = "BLAKE2S-160";
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s224] = "BLAKE2S-224";
+            AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s256] = "BLAKE2S-256";
+            AlgorithmOidMap[MiscObjectIdentifiers.blake3_256] = "BLAKE3-256";
+
+            AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256] = "GOST3411-2012-256";
+            AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512] = "GOST3411-2012-512";
+
+            AlgorithmOidMap[UAObjectIdentifiers.dstu7564digest_256] = "DSTU7564-256";
+            AlgorithmOidMap[UAObjectIdentifiers.dstu7564digest_384] = "DSTU7564-384";
+            AlgorithmOidMap[UAObjectIdentifiers.dstu7564digest_512] = "DSTU7564-512";
 
             Oids["MD2"] = PkcsObjectIdentifiers.MD2;
             Oids["MD4"] = PkcsObjectIdentifiers.MD4;
@@ -167,27 +169,105 @@ namespace Org.BouncyCastle.Security
             Oids["DSTU7564-256"] = UAObjectIdentifiers.dstu7564digest_256;
             Oids["DSTU7564-384"] = UAObjectIdentifiers.dstu7564digest_384;
             Oids["DSTU7564-512"] = UAObjectIdentifiers.dstu7564digest_512;
+
+#if DEBUG
+            foreach (var key in AlgorithmMap.Keys)
+            {
+                if (DerObjectIdentifier.TryFromID(key, out var ignore))
+                    throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key);
+            }
+
+            var mechanisms = new HashSet<string>(AlgorithmMap.Values);
+            mechanisms.UnionWith(AlgorithmOidMap.Values);
+
+            foreach (var mechanism in mechanisms)
+            {
+                if (AlgorithmMap.TryGetValue(mechanism, out var check))
+                {
+                    if (mechanism != check)
+                        throw new Exception("Mechanism mapping MUST be to self: " + mechanism);
+                }
+                else
+                {
+                    if (!mechanism.Equals(mechanism.ToUpperInvariant()))
+                        throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism);
+                }
+            }
+#endif
         }
 
-        /// <summary>
-        /// Returns a ObjectIdentifier for a given digest mechanism.
-        /// </summary>
-        /// <param name="mechanism">A string representation of the digest meanism.</param>
-        /// <returns>A DerObjectIdentifier, null if the Oid is not available.</returns>
+        // TODO[api] Change parameter name to 'oid'
+        public static byte[] CalculateDigest(DerObjectIdentifier id, byte[] input)
+        {
+            return CalculateDigest(id.Id, input);
+        }
 
-        public static DerObjectIdentifier GetObjectIdentifier(string mechanism)
+        public static byte[] CalculateDigest(string algorithm, byte[] input)
         {
-            if (mechanism == null)
-                throw new ArgumentNullException(nameof(mechanism));
+            IDigest digest = GetDigest(algorithm);
+            return DoFinal(digest, input);
+        }
+
+        public static byte[] CalculateDigest(string algorithm, byte[] buf, int off, int len)
+        {
+            IDigest digest = GetDigest(algorithm);
+            return DoFinal(digest, buf, off, len);
+        }
 
-            mechanism = CollectionUtilities.GetValueOrKey(Aliases, mechanism).ToUpperInvariant();
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+        public static byte[] CalculateDigest(string algorithm, ReadOnlySpan<byte> buffer)
+        {
+            IDigest digest = GetDigest(algorithm);
+            return DoFinal(digest, buffer);
+        }
+#endif
 
-            return CollectionUtilities.GetValueOrNull(Oids, mechanism);
+        public static byte[] DoFinal(IDigest digest)
+        {
+            byte[] b = new byte[digest.GetDigestSize()];
+            digest.DoFinal(b, 0);
+            return b;
+        }
+
+        public static byte[] DoFinal(IDigest digest, byte[] input)
+        {
+            digest.BlockUpdate(input, 0, input.Length);
+            return DoFinal(digest);
+        }
+
+        public static byte[] DoFinal(IDigest digest, byte[] buf, int off, int len)
+        {
+            digest.BlockUpdate(buf, off, len);
+            return DoFinal(digest);
+        }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+        public static byte[] DoFinal(IDigest digest, ReadOnlySpan<byte> buffer)
+        {
+            digest.BlockUpdate(buffer);
+            return DoFinal(digest);
+        }
+#endif
+
+        public static string GetAlgorithmName(DerObjectIdentifier oid)
+        {
+            return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid);
         }
 
+        // TODO[api] Change parameter name to 'oid'
         public static IDigest GetDigest(DerObjectIdentifier id)
         {
-            return GetDigest(id.Id);
+            if (id == null)
+                throw new ArgumentNullException(nameof(id));
+
+            if (AlgorithmOidMap.TryGetValue(id, out var mechanism))
+            {
+                var digest = GetDigestForMechanism(mechanism);
+                if (digest != null)
+                    return digest;
+            }
+
+            throw new SecurityUtilityException("Digest OID not recognised.");
         }
 
         public static IDigest GetDigest(string algorithm)
@@ -195,8 +275,17 @@ namespace Org.BouncyCastle.Security
             if (algorithm == null)
                 throw new ArgumentNullException(nameof(algorithm));
 
-            string mechanism = CollectionUtilities.GetValueOrKey(Aliases, algorithm).ToUpperInvariant();
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
+
+            var digest = GetDigestForMechanism(mechanism);
+            if (digest != null)
+                return digest;
 
+            throw new SecurityUtilityException("Digest " + algorithm + " not recognised.");
+        }
+
+        private static IDigest GetDigestForMechanism(string mechanism)
+        {
             try
             {
                 DigestAlgorithm digestAlgorithm = Enums.GetEnumValue<DigestAlgorithm>(mechanism);
@@ -253,64 +342,36 @@ namespace Org.BouncyCastle.Security
             {
             }
 
-            throw new SecurityUtilityException("Digest " + mechanism + " not recognised.");
-        }
-
-        public static string GetAlgorithmName(DerObjectIdentifier oid)
-        {
-            return CollectionUtilities.GetValueOrNull(Aliases, oid.Id);
-        }
-
-        public static byte[] CalculateDigest(DerObjectIdentifier id, byte[] input)
-        {
-            return CalculateDigest(id.Id, input);
+            return null;
         }
 
-        public static byte[] CalculateDigest(string algorithm, byte[] input)
+        private static string GetMechanism(string algorithm)
         {
-            IDigest digest = GetDigest(algorithm);
-            return DoFinal(digest, input);
-        }
+            if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1))
+                return mechanism1;
 
-        public static byte[] CalculateDigest(string algorithm, byte[] buf, int off, int len)
-        {
-            IDigest digest = GetDigest(algorithm);
-            return DoFinal(digest, buf, off, len);
-        }
-
-#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public static byte[] CalculateDigest(string algorithm, ReadOnlySpan<byte> buffer)
-        {
-            IDigest digest = GetDigest(algorithm);
-            return DoFinal(digest, buffer);
-        }
-#endif
+            if (DerObjectIdentifier.TryFromID(algorithm, out var oid))
+            {
+                if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2))
+                    return mechanism2;
+            }
 
-        public static byte[] DoFinal(IDigest digest)
-        {
-            byte[] b = new byte[digest.GetDigestSize()];
-            digest.DoFinal(b, 0);
-            return b;
+            return null;
         }
 
-        public static byte[] DoFinal(IDigest digest, byte[] input)
+        /// <summary>
+        /// Returns an ObjectIdentifier for a given digest mechanism.
+        /// </summary>
+        /// <param name="mechanism">A string representation of the digest meanism.</param>
+        /// <returns>A DerObjectIdentifier, null if the Oid is not available.</returns>
+        public static DerObjectIdentifier GetObjectIdentifier(string mechanism)
         {
-            digest.BlockUpdate(input, 0, input.Length);
-            return DoFinal(digest);
-        }
+            if (mechanism == null)
+                throw new ArgumentNullException(nameof(mechanism));
 
-        public static byte[] DoFinal(IDigest digest, byte[] buf, int off, int len)
-        {
-            digest.BlockUpdate(buf, off, len);
-            return DoFinal(digest);
-        }
+            mechanism = GetMechanism(mechanism) ?? mechanism;
 
-#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public static byte[] DoFinal(IDigest digest, ReadOnlySpan<byte> buffer)
-        {
-            digest.BlockUpdate(buffer);
-            return DoFinal(digest);
+            return CollectionUtilities.GetValueOrNull(Oids, mechanism);
         }
-#endif
     }
 }
diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs
index c310cf399..e22fbd139 100644
--- a/crypto/src/security/GeneratorUtilities.cs
+++ b/crypto/src/security/GeneratorUtilities.cs
@@ -6,6 +6,7 @@ using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.EdEC;
 using Org.BouncyCastle.Asn1.Iana;
 using Org.BouncyCastle.Asn1.Kisa;
+using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Nsri;
 using Org.BouncyCastle.Asn1.Ntt;
@@ -68,7 +69,12 @@ namespace Org.BouncyCastle.Security
                 NistObjectIdentifiers.IdAes256Wrap,
                 NistObjectIdentifiers.IdAes256WrapPad);
             AddKgAlgorithm("BLOWFISH",
-                "1.3.6.1.4.1.3029.1.2");
+                /*
+                 * TODO[api] Incorrect version of cryptlib_algorithm_blowfish_CBC
+                 * Remove at major version update and delete bad test data "pbes2.bf-cbc.key"
+                 */
+                "1.3.6.1.4.1.3029.1.2",
+                MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC);
             AddKgAlgorithm("CAMELLIA",
                 "CAMELLIAWRAP");
             AddKgAlgorithm("ARIA");
@@ -115,7 +121,7 @@ namespace Org.BouncyCastle.Security
                 NttObjectIdentifiers.IdCamellia256Cbc,
                 NttObjectIdentifiers.IdCamellia256Wrap);
             AddKgAlgorithm("CAST5",
-                "1.2.840.113533.7.66.10");
+                MiscObjectIdentifiers.cast5CBC);
             AddKgAlgorithm("CAST6");
             AddKgAlgorithm("CHACHA");
             AddKgAlgorithm("CHACHA7539",
@@ -141,14 +147,14 @@ namespace Org.BouncyCastle.Security
             AddKgAlgorithm("HC128");
             AddKgAlgorithm("HC256");
             AddKgAlgorithm("IDEA",
-                "1.3.6.1.4.1.188.7.1.1.2");
+                MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC);
             AddKgAlgorithm("NOEKEON");
             AddKgAlgorithm("RC2",
                 PkcsObjectIdentifiers.RC2Cbc,
                 PkcsObjectIdentifiers.IdAlgCmsRC2Wrap);
             AddKgAlgorithm("RC4",
                 "ARC4",
-                "1.2.840.113549.3.4");
+                PkcsObjectIdentifiers.rc4);
             AddKgAlgorithm("RC5",
                 "RC5-32");
             AddKgAlgorithm("RC5-64");
@@ -250,7 +256,7 @@ namespace Org.BouncyCastle.Security
                 "GOST-3410",
                 "GOST-3410-94");
             AddKpgAlgorithm("RSA",
-                "1.2.840.113549.1.1.1");
+                PkcsObjectIdentifiers.RsaEncryption);
             AddKpgAlgorithm("RSASSA-PSS");
             AddKpgAlgorithm("X25519",
                 EdECObjectIdentifiers.id_X25519);
diff --git a/crypto/src/security/MacUtilities.cs b/crypto/src/security/MacUtilities.cs
index 9490616be..76b2ed353 100644
--- a/crypto/src/security/MacUtilities.cs
+++ b/crypto/src/security/MacUtilities.cs
@@ -5,6 +5,7 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Iana;
 using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Nist;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.Rosstandart;
 using Org.BouncyCastle.Crypto;
@@ -21,69 +22,133 @@ namespace Org.BouncyCastle.Security
     /// </remarks>
     public static class MacUtilities
     {
-        private static readonly IDictionary<string, string> Algorithms =
+        private static readonly Dictionary<string, string> AlgorithmMap =
             new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        private static readonly Dictionary<DerObjectIdentifier, string> AlgorithmOidMap =
+            new Dictionary<DerObjectIdentifier, string>();
 
         static MacUtilities()
         {
-            Algorithms[IanaObjectIdentifiers.HmacMD5.Id] = "HMAC-MD5";
-            Algorithms[IanaObjectIdentifiers.HmacRipeMD160.Id] = "HMAC-RIPEMD160";
-            Algorithms[IanaObjectIdentifiers.HmacSha1.Id] = "HMAC-SHA1";
-            Algorithms[IanaObjectIdentifiers.HmacTiger.Id] = "HMAC-TIGER";
-
-            Algorithms[PkcsObjectIdentifiers.IdHmacWithSha1.Id] = "HMAC-SHA1";
-            Algorithms[MiscObjectIdentifiers.HMAC_SHA1.Id] = "HMAC-SHA1";
-            Algorithms[PkcsObjectIdentifiers.IdHmacWithSha224.Id] = "HMAC-SHA224";
-            Algorithms[PkcsObjectIdentifiers.IdHmacWithSha256.Id] = "HMAC-SHA256";
-            Algorithms[PkcsObjectIdentifiers.IdHmacWithSha384.Id] = "HMAC-SHA384";
-            Algorithms[PkcsObjectIdentifiers.IdHmacWithSha512.Id] = "HMAC-SHA512";
-
-            Algorithms[NistObjectIdentifiers.IdHMacWithSha3_224.Id] = "HMAC-SHA3-224";
-            Algorithms[NistObjectIdentifiers.IdHMacWithSha3_256.Id] = "HMAC-SHA3-256";
-            Algorithms[NistObjectIdentifiers.IdHMacWithSha3_384.Id] = "HMAC-SHA3-384";
-            Algorithms[NistObjectIdentifiers.IdHMacWithSha3_512.Id] = "HMAC-SHA3-512";
-
-            Algorithms[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_256.Id] = "HMAC-GOST3411-2012-256";
-            Algorithms[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_512.Id] = "HMAC-GOST3411-2012-512";
+            AlgorithmOidMap[IanaObjectIdentifiers.HmacMD5] = "HMAC-MD5";
+            AlgorithmOidMap[IanaObjectIdentifiers.HmacRipeMD160] = "HMAC-RIPEMD160";
+            AlgorithmOidMap[IanaObjectIdentifiers.HmacSha1] = "HMAC-SHA1";
+            AlgorithmOidMap[IanaObjectIdentifiers.HmacTiger] = "HMAC-TIGER";
+
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha1] = "HMAC-SHA1";
+            AlgorithmOidMap[MiscObjectIdentifiers.HMAC_SHA1] = "HMAC-SHA1";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha224] = "HMAC-SHA224";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha256] = "HMAC-SHA256";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha384] = "HMAC-SHA384";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha512] = "HMAC-SHA512";
+
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_224] = "HMAC-SHA3-224";
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_256] = "HMAC-SHA3-256";
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_384] = "HMAC-SHA3-384";
+            AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_512] = "HMAC-SHA3-512";
+
+            AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_256] = "HMAC-GOST3411-2012-256";
+            AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_512] = "HMAC-GOST3411-2012-512";
 
             // TODO AESMAC?
 
-            Algorithms["DES"] = "DESMAC";
-            Algorithms["DES/CFB8"] = "DESMAC/CFB8";
-            Algorithms["DES64"] = "DESMAC64";
-            Algorithms["DESEDE"] = "DESEDEMAC";
-            Algorithms[PkcsObjectIdentifiers.DesEde3Cbc.Id] = "DESEDEMAC";
-            Algorithms["DESEDE/CFB8"] = "DESEDEMAC/CFB8";
-            Algorithms["DESISO9797MAC"] = "DESWITHISO9797";
-            Algorithms["DESEDE64"] = "DESEDEMAC64";
-
-            Algorithms["DESEDE64WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING";
-            Algorithms["DESEDEISO9797ALG1MACWITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING";
-            Algorithms["DESEDEISO9797ALG1WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING";
-
-            Algorithms["ISO9797ALG3"] = "ISO9797ALG3MAC";
-            Algorithms["ISO9797ALG3MACWITHISO7816-4PADDING"] = "ISO9797ALG3WITHISO7816-4PADDING";
-
-            Algorithms["SKIPJACK"] = "SKIPJACKMAC";
-            Algorithms["SKIPJACK/CFB8"] = "SKIPJACKMAC/CFB8";
-            Algorithms["IDEA"] = "IDEAMAC";
-            Algorithms["IDEA/CFB8"] = "IDEAMAC/CFB8";
-            Algorithms["RC2"] = "RC2MAC";
-            Algorithms["RC2/CFB8"] = "RC2MAC/CFB8";
-            Algorithms["RC5"] = "RC5MAC";
-            Algorithms["RC5/CFB8"] = "RC5MAC/CFB8";
-            Algorithms["GOST28147"] = "GOST28147MAC";
-            Algorithms["VMPC"] = "VMPCMAC";
-            Algorithms["VMPC-MAC"] = "VMPCMAC";
-            Algorithms["SIPHASH"] = "SIPHASH-2-4";
-
-            Algorithms["PBEWITHHMACSHA"] = "PBEWITHHMACSHA1";
-            Algorithms["1.3.14.3.2.26"] = "PBEWITHHMACSHA1";
+            AlgorithmMap["DES"] = "DESMAC";
+            AlgorithmMap["DES/CFB8"] = "DESMAC/CFB8";
+            AlgorithmMap["DES64"] = "DESMAC64";
+            AlgorithmMap["DESEDE"] = "DESEDEMAC";
+            AlgorithmOidMap[PkcsObjectIdentifiers.DesEde3Cbc] = "DESEDEMAC";
+            AlgorithmMap["DESEDE/CFB8"] = "DESEDEMAC/CFB8";
+            AlgorithmMap["DESISO9797MAC"] = "DESWITHISO9797";
+            AlgorithmMap["DESEDE64"] = "DESEDEMAC64";
+
+            AlgorithmMap["DESEDE64WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING";
+            AlgorithmMap["DESEDEISO9797ALG1MACWITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING";
+            AlgorithmMap["DESEDEISO9797ALG1WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING";
+
+            AlgorithmMap["ISO9797ALG3"] = "ISO9797ALG3MAC";
+            AlgorithmMap["ISO9797ALG3MACWITHISO7816-4PADDING"] = "ISO9797ALG3WITHISO7816-4PADDING";
+
+            AlgorithmMap["SKIPJACK"] = "SKIPJACKMAC";
+            AlgorithmMap["SKIPJACK/CFB8"] = "SKIPJACKMAC/CFB8";
+            AlgorithmMap["IDEA"] = "IDEAMAC";
+            AlgorithmMap["IDEA/CFB8"] = "IDEAMAC/CFB8";
+            AlgorithmMap["RC2"] = "RC2MAC";
+            AlgorithmMap["RC2/CFB8"] = "RC2MAC/CFB8";
+            AlgorithmMap["RC5"] = "RC5MAC";
+            AlgorithmMap["RC5/CFB8"] = "RC5MAC/CFB8";
+            AlgorithmMap["GOST28147"] = "GOST28147MAC";
+            AlgorithmMap["VMPC"] = "VMPCMAC";
+            AlgorithmMap["VMPC-MAC"] = "VMPCMAC";
+            AlgorithmMap["SIPHASH"] = "SIPHASH-2-4";
+
+            AlgorithmMap["PBEWITHHMACSHA"] = "PBEWITHHMACSHA1";
+            AlgorithmOidMap[OiwObjectIdentifiers.IdSha1] = "PBEWITHHMACSHA1";
+
+#if DEBUG
+            foreach (var key in AlgorithmMap.Keys)
+            {
+                if (DerObjectIdentifier.TryFromID(key, out var ignore))
+                    throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key);
+            }
+
+            var mechanisms = new HashSet<string>(AlgorithmMap.Values);
+            mechanisms.UnionWith(AlgorithmOidMap.Values);
+
+            foreach (var mechanism in mechanisms)
+            {
+                if (AlgorithmMap.TryGetValue(mechanism, out var check))
+                {
+                    if (mechanism != check)
+                        throw new Exception("Mechanism mapping MUST be to self: " + mechanism);
+                }
+                else
+                {
+                    if (!mechanism.Equals(mechanism.ToUpperInvariant()))
+                        throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism);
+                }
+            }
+#endif
+        }
+
+        public static byte[] CalculateMac(string algorithm, ICipherParameters cp, byte[] input)
+        {
+            IMac mac = GetMac(algorithm);
+            mac.Init(cp);
+            mac.BlockUpdate(input, 0, input.Length);
+            return DoFinal(mac);
+        }
+
+        public static byte[] DoFinal(IMac mac)
+        {
+            byte[] b = new byte[mac.GetMacSize()];
+            mac.DoFinal(b, 0);
+            return b;
+        }
+
+        public static byte[] DoFinal(IMac mac, byte[] input)
+        {
+            mac.BlockUpdate(input, 0, input.Length);
+            return DoFinal(mac);
+        }
+
+        public static string GetAlgorithmName(DerObjectIdentifier oid)
+        {
+            return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid);
         }
 
+        // TODO[api] Change parameter name to 'oid'
         public static IMac GetMac(DerObjectIdentifier id)
         {
-            return GetMac(id.Id);
+            if (id == null)
+                throw new ArgumentNullException(nameof(id));
+
+            if (AlgorithmOidMap.TryGetValue(id, out var mechanism))
+            {
+                var mac = GetMacForMechanism(mechanism);
+                if (mac != null)
+                    return mac;
+            }
+
+            throw new SecurityUtilityException("Mac OID not recognised.");
         }
 
         public static IMac GetMac(string algorithm)
@@ -91,8 +156,17 @@ namespace Org.BouncyCastle.Security
             if (algorithm == null)
                 throw new ArgumentNullException(nameof(algorithm));
 
-            string mechanism = CollectionUtilities.GetValueOrKey(Algorithms, algorithm).ToUpperInvariant();
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
+
+            var mac = GetMacForMechanism(mechanism);
+            if (mac != null)
+                return mac;
 
+            throw new SecurityUtilityException("Mac " + algorithm + " not recognised.");
+        }
+
+        private static IMac GetMacForMechanism(string mechanism)
+        {
             if (Platform.StartsWith(mechanism, "PBEWITH"))
             {
                 mechanism = mechanism.Substring("PBEWITH".Length);
@@ -202,33 +276,21 @@ namespace Org.BouncyCastle.Security
             {
                 return new SipHash();
             }
-            throw new SecurityUtilityException("Mac " + mechanism + " not recognised.");
+            return null;
         }
 
-        public static string GetAlgorithmName(DerObjectIdentifier oid)
+        private static string GetMechanism(string algorithm)
         {
-            return CollectionUtilities.GetValueOrNull(Algorithms, oid.Id);
-        }
+            if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1))
+                return mechanism1;
 
-        public static byte[] CalculateMac(string algorithm, ICipherParameters cp, byte[] input)
-        {
-            IMac mac = GetMac(algorithm);
-            mac.Init(cp);
-            mac.BlockUpdate(input, 0, input.Length);
-            return DoFinal(mac);
-        }
-
-        public static byte[] DoFinal(IMac mac)
-        {
-            byte[] b = new byte[mac.GetMacSize()];
-            mac.DoFinal(b, 0);
-            return b;
-        }
+            if (DerObjectIdentifier.TryFromID(algorithm, out var oid))
+            {
+                if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2))
+                    return mechanism2;
+            }
 
-        public static byte[] DoFinal(IMac mac, byte[] input)
-        {
-            mac.BlockUpdate(input, 0, input.Length);
-            return DoFinal(mac);
+            return null;
         }
     }
 }
diff --git a/crypto/src/security/ParameterUtilities.cs b/crypto/src/security/ParameterUtilities.cs
index 690195443..36f1dbbb2 100644
--- a/crypto/src/security/ParameterUtilities.cs
+++ b/crypto/src/security/ParameterUtilities.cs
@@ -93,7 +93,12 @@ namespace Org.BouncyCastle.Security
                 NsriObjectIdentifiers.id_aria256_ocb2,
                 NsriObjectIdentifiers.id_aria256_ofb);
             AddAlgorithm("BLOWFISH",
-                "1.3.6.1.4.1.3029.1.2");
+                /*
+                 * TODO[api] Incorrect version of cryptlib_algorithm_blowfish_CBC
+                 * Remove at major version update and delete bad test data "pbes2.bf-cbc.key"
+                 */
+                "1.3.6.1.4.1.3029.1.2",
+                MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC);
             AddAlgorithm("CAMELLIA",
                 "CAMELLIAWRAP");
             AddAlgorithm("CAMELLIA128",
@@ -106,7 +111,7 @@ namespace Org.BouncyCastle.Security
                 NttObjectIdentifiers.IdCamellia256Cbc,
                 NttObjectIdentifiers.IdCamellia256Wrap);
             AddAlgorithm("CAST5",
-                "1.2.840.113533.7.66.10");
+                MiscObjectIdentifiers.cast5CBC);
             AddAlgorithm("CAST6");
             AddAlgorithm("CHACHA");
             AddAlgorithm("CHACHA7539",
@@ -132,14 +137,14 @@ namespace Org.BouncyCastle.Security
             AddAlgorithm("HC128");
             AddAlgorithm("HC256");
             AddAlgorithm("IDEA",
-                "1.3.6.1.4.1.188.7.1.1.2");
+                MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC);
             AddAlgorithm("NOEKEON");
             AddAlgorithm("RC2",
                 PkcsObjectIdentifiers.RC2Cbc,
                 PkcsObjectIdentifiers.IdAlgCmsRC2Wrap);
             AddAlgorithm("RC4",
                 "ARC4",
-                "1.2.840.113549.3.4");
+                PkcsObjectIdentifiers.rc4);
             AddAlgorithm("RC5",
                 "RC5-32");
             AddAlgorithm("RC5-64");
diff --git a/crypto/src/security/SignerUtilities.cs b/crypto/src/security/SignerUtilities.cs
index 918356450..e2a98343c 100644
--- a/crypto/src/security/SignerUtilities.cs
+++ b/crypto/src/security/SignerUtilities.cs
@@ -28,88 +28,90 @@ namespace Org.BouncyCastle.Security
     /// </summary>
     public static class SignerUtilities
     {
-        private static readonly IDictionary<string, string> AlgorithmMap =
+        private static readonly Dictionary<string, string> AlgorithmMap =
             new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        private static readonly Dictionary<DerObjectIdentifier, string> AlgorithmOidMap =
+            new Dictionary<DerObjectIdentifier, string>();
         private static readonly HashSet<string> NoRandom = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-        private static readonly IDictionary<string, DerObjectIdentifier> Oids =
+        private static readonly Dictionary<string, DerObjectIdentifier> Oids =
             new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase);
 
         static SignerUtilities()
         {
             AlgorithmMap["MD2WITHRSA"] = "MD2withRSA";
             AlgorithmMap["MD2WITHRSAENCRYPTION"] = "MD2withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.MD2WithRsaEncryption.Id] = "MD2withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.MD2WithRsaEncryption] = "MD2withRSA";
 
             AlgorithmMap["MD4WITHRSA"] = "MD4withRSA";
             AlgorithmMap["MD4WITHRSAENCRYPTION"] = "MD4withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.MD4WithRsaEncryption.Id] = "MD4withRSA";
-            AlgorithmMap[OiwObjectIdentifiers.MD4WithRsa.Id] = "MD4withRSA";
-			AlgorithmMap[OiwObjectIdentifiers.MD4WithRsaEncryption.Id] = "MD4withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.MD4WithRsaEncryption] = "MD4withRSA";
+            AlgorithmOidMap[OiwObjectIdentifiers.MD4WithRsa] = "MD4withRSA";
+            AlgorithmOidMap[OiwObjectIdentifiers.MD4WithRsaEncryption] = "MD4withRSA";
 
 			AlgorithmMap["MD5WITHRSA"] = "MD5withRSA";
             AlgorithmMap["MD5WITHRSAENCRYPTION"] = "MD5withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.MD5WithRsaEncryption.Id] = "MD5withRSA";
-            AlgorithmMap[OiwObjectIdentifiers.MD5WithRsa.Id] = "MD5withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.MD5WithRsaEncryption] = "MD5withRSA";
+            AlgorithmOidMap[OiwObjectIdentifiers.MD5WithRsa] = "MD5withRSA";
 
             AlgorithmMap["SHA1WITHRSA"] = "SHA-1withRSA";
             AlgorithmMap["SHA-1WITHRSA"] = "SHA-1withRSA";
             AlgorithmMap["SHA1WITHRSAENCRYPTION"] = "SHA-1withRSA";
             AlgorithmMap["SHA-1WITHRSAENCRYPTION"] = "SHA-1withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id] = "SHA-1withRSA";
-            AlgorithmMap[OiwObjectIdentifiers.Sha1WithRsa.Id] = "SHA-1withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.Sha1WithRsaEncryption] = "SHA-1withRSA";
+            AlgorithmOidMap[OiwObjectIdentifiers.Sha1WithRsa] = "SHA-1withRSA";
 
             AlgorithmMap["SHA224WITHRSA"] = "SHA-224withRSA";
             AlgorithmMap["SHA-224WITHRSA"] = "SHA-224withRSA";
             AlgorithmMap["SHA224WITHRSAENCRYPTION"] = "SHA-224withRSA";
             AlgorithmMap["SHA-224WITHRSAENCRYPTION"] = "SHA-224withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.Sha224WithRsaEncryption.Id] = "SHA-224withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.Sha224WithRsaEncryption] = "SHA-224withRSA";
 
             AlgorithmMap["SHA256WITHRSA"] = "SHA-256withRSA";
             AlgorithmMap["SHA-256WITHRSA"] = "SHA-256withRSA";
             AlgorithmMap["SHA256WITHRSAENCRYPTION"] = "SHA-256withRSA";
             AlgorithmMap["SHA-256WITHRSAENCRYPTION"] = "SHA-256withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id] = "SHA-256withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.Sha256WithRsaEncryption] = "SHA-256withRSA";
 
             AlgorithmMap["SHA384WITHRSA"] = "SHA-384withRSA";
             AlgorithmMap["SHA-384WITHRSA"] = "SHA-384withRSA";
             AlgorithmMap["SHA384WITHRSAENCRYPTION"] = "SHA-384withRSA";
             AlgorithmMap["SHA-384WITHRSAENCRYPTION"] = "SHA-384withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.Sha384WithRsaEncryption.Id] = "SHA-384withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.Sha384WithRsaEncryption] = "SHA-384withRSA";
 
             AlgorithmMap["SHA512WITHRSA"] = "SHA-512withRSA";
             AlgorithmMap["SHA-512WITHRSA"] = "SHA-512withRSA";
             AlgorithmMap["SHA512WITHRSAENCRYPTION"] = "SHA-512withRSA";
             AlgorithmMap["SHA-512WITHRSAENCRYPTION"] = "SHA-512withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id] = "SHA-512withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.Sha512WithRsaEncryption] = "SHA-512withRSA";
 
             AlgorithmMap["SHA512(224)WITHRSA"] = "SHA-512(224)withRSA";
             AlgorithmMap["SHA-512(224)WITHRSA"] = "SHA-512(224)withRSA";
             AlgorithmMap["SHA512(224)WITHRSAENCRYPTION"] = "SHA-512(224)withRSA";
             AlgorithmMap["SHA-512(224)WITHRSAENCRYPTION"] = "SHA-512(224)withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.Sha512_224WithRSAEncryption.Id] = "SHA-512(224)withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.Sha512_224WithRSAEncryption] = "SHA-512(224)withRSA";
 
             AlgorithmMap["SHA512(256)WITHRSA"] = "SHA-512(256)withRSA";
             AlgorithmMap["SHA-512(256)WITHRSA"] = "SHA-512(256)withRSA";
             AlgorithmMap["SHA512(256)WITHRSAENCRYPTION"] = "SHA-512(256)withRSA";
             AlgorithmMap["SHA-512(256)WITHRSAENCRYPTION"] = "SHA-512(256)withRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.Sha512_256WithRSAEncryption.Id] = "SHA-512(256)withRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.Sha512_256WithRSAEncryption] = "SHA-512(256)withRSA";
 
             AlgorithmMap["SHA3-224WITHRSA"] = "SHA3-224withRSA";
             AlgorithmMap["SHA3-224WITHRSAENCRYPTION"] = "SHA3-224withRSA";
-            AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224.Id] = "SHA3-224withRSA";
+            AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224] = "SHA3-224withRSA";
             AlgorithmMap["SHA3-256WITHRSA"] = "SHA3-256withRSA";
             AlgorithmMap["SHA3-256WITHRSAENCRYPTION"] = "SHA3-256withRSA";
-            AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256.Id] = "SHA3-256withRSA";
+            AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256] = "SHA3-256withRSA";
             AlgorithmMap["SHA3-384WITHRSA"] = "SHA3-384withRSA";
             AlgorithmMap["SHA3-384WITHRSAENCRYPTION"] = "SHA3-384withRSA";
-            AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384.Id] = "SHA3-384withRSA";
+            AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384] = "SHA3-384withRSA";
             AlgorithmMap["SHA3-512WITHRSA"] = "SHA3-512withRSA";
             AlgorithmMap["SHA3-512WITHRSAENCRYPTION"] = "SHA3-512withRSA";
-            AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512.Id] = "SHA3-512withRSA";
+            AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512] = "SHA3-512withRSA";
 
             AlgorithmMap["PSSWITHRSA"] = "PSSwithRSA";
             AlgorithmMap["RSASSA-PSS"] = "PSSwithRSA";
-            AlgorithmMap[PkcsObjectIdentifiers.IdRsassaPss.Id] = "PSSwithRSA";
+            AlgorithmOidMap[PkcsObjectIdentifiers.IdRsassaPss] = "PSSwithRSA";
             AlgorithmMap["RSAPSS"] = "PSSwithRSA";
 
             AlgorithmMap["SHA1WITHRSAANDMGF1"] = "SHA-1withRSAandMGF1";
@@ -149,15 +151,15 @@ namespace Org.BouncyCastle.Security
 
             AlgorithmMap["RIPEMD128WITHRSA"] = "RIPEMD128withRSA";
             AlgorithmMap["RIPEMD128WITHRSAENCRYPTION"] = "RIPEMD128withRSA";
-            AlgorithmMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128.Id] = "RIPEMD128withRSA";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128] = "RIPEMD128withRSA";
 
             AlgorithmMap["RIPEMD160WITHRSA"] = "RIPEMD160withRSA";
             AlgorithmMap["RIPEMD160WITHRSAENCRYPTION"] = "RIPEMD160withRSA";
-            AlgorithmMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160.Id] = "RIPEMD160withRSA";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160] = "RIPEMD160withRSA";
 
             AlgorithmMap["RIPEMD256WITHRSA"] = "RIPEMD256withRSA";
             AlgorithmMap["RIPEMD256WITHRSAENCRYPTION"] = "RIPEMD256withRSA";
-            AlgorithmMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256.Id] = "RIPEMD256withRSA";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256] = "RIPEMD256withRSA";
 
             AlgorithmMap["NONEWITHRSA"] = "RSA";
             AlgorithmMap["RSAWITHNONE"] = "RSA";
@@ -179,8 +181,8 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["SHA-1/DSA"] = "SHA-1withDSA";
             AlgorithmMap["SHA1WITHDSA"] = "SHA-1withDSA";
             AlgorithmMap["SHA-1WITHDSA"] = "SHA-1withDSA";
-            AlgorithmMap[X9ObjectIdentifiers.IdDsaWithSha1.Id] = "SHA-1withDSA";
-            AlgorithmMap[OiwObjectIdentifiers.DsaWithSha1.Id] = "SHA-1withDSA";
+            AlgorithmOidMap[X9ObjectIdentifiers.IdDsaWithSha1] = "SHA-1withDSA";
+            AlgorithmOidMap[OiwObjectIdentifiers.DsaWithSha1] = "SHA-1withDSA";
 
             AlgorithmMap["DSAWITHSHA224"] = "SHA-224withDSA";
             AlgorithmMap["DSAWITHSHA-224"] = "SHA-224withDSA";
@@ -188,7 +190,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["SHA-224/DSA"] = "SHA-224withDSA";
             AlgorithmMap["SHA224WITHDSA"] = "SHA-224withDSA";
             AlgorithmMap["SHA-224WITHDSA"] = "SHA-224withDSA";
-            AlgorithmMap[NistObjectIdentifiers.DsaWithSha224.Id] = "SHA-224withDSA";
+            AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha224] = "SHA-224withDSA";
 
             AlgorithmMap["DSAWITHSHA256"] = "SHA-256withDSA";
             AlgorithmMap["DSAWITHSHA-256"] = "SHA-256withDSA";
@@ -196,7 +198,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["SHA-256/DSA"] = "SHA-256withDSA";
             AlgorithmMap["SHA256WITHDSA"] = "SHA-256withDSA";
             AlgorithmMap["SHA-256WITHDSA"] = "SHA-256withDSA";
-            AlgorithmMap[NistObjectIdentifiers.DsaWithSha256.Id] = "SHA-256withDSA";
+            AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha256] = "SHA-256withDSA";
 
             AlgorithmMap["DSAWITHSHA384"] = "SHA-384withDSA";
             AlgorithmMap["DSAWITHSHA-384"] = "SHA-384withDSA";
@@ -204,7 +206,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["SHA-384/DSA"] = "SHA-384withDSA";
             AlgorithmMap["SHA384WITHDSA"] = "SHA-384withDSA";
             AlgorithmMap["SHA-384WITHDSA"] = "SHA-384withDSA";
-            AlgorithmMap[NistObjectIdentifiers.DsaWithSha384.Id] = "SHA-384withDSA";
+            AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha384] = "SHA-384withDSA";
 
             AlgorithmMap["DSAWITHSHA512"] = "SHA-512withDSA";
             AlgorithmMap["DSAWITHSHA-512"] = "SHA-512withDSA";
@@ -212,7 +214,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["SHA-512/DSA"] = "SHA-512withDSA";
             AlgorithmMap["SHA512WITHDSA"] = "SHA-512withDSA";
             AlgorithmMap["SHA-512WITHDSA"] = "SHA-512withDSA";
-            AlgorithmMap[NistObjectIdentifiers.DsaWithSha512.Id] = "SHA-512withDSA";
+            AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha512] = "SHA-512withDSA";
 
             AlgorithmMap["NONEWITHECDSA"] = "NONEwithECDSA";
             AlgorithmMap["ECDSAWITHNONE"] = "NONEwithECDSA";
@@ -224,8 +226,8 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["ECDSAWITHSHA-1"] = "SHA-1withECDSA";
             AlgorithmMap["SHA1WITHECDSA"] = "SHA-1withECDSA";
             AlgorithmMap["SHA-1WITHECDSA"] = "SHA-1withECDSA";
-            AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha1.Id] = "SHA-1withECDSA";
-            AlgorithmMap[TeleTrusTObjectIdentifiers.ECSignWithSha1.Id] = "SHA-1withECDSA";
+            AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha1] = "SHA-1withECDSA";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.ECSignWithSha1] = "SHA-1withECDSA";
 
             AlgorithmMap["SHA224/ECDSA"] = "SHA-224withECDSA";
             AlgorithmMap["SHA-224/ECDSA"] = "SHA-224withECDSA";
@@ -233,7 +235,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["ECDSAWITHSHA-224"] = "SHA-224withECDSA";
             AlgorithmMap["SHA224WITHECDSA"] = "SHA-224withECDSA";
             AlgorithmMap["SHA-224WITHECDSA"] = "SHA-224withECDSA";
-            AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha224.Id] = "SHA-224withECDSA";
+            AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha224] = "SHA-224withECDSA";
 
             AlgorithmMap["SHA256/ECDSA"] = "SHA-256withECDSA";
             AlgorithmMap["SHA-256/ECDSA"] = "SHA-256withECDSA";
@@ -241,7 +243,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["ECDSAWITHSHA-256"] = "SHA-256withECDSA";
             AlgorithmMap["SHA256WITHECDSA"] = "SHA-256withECDSA";
             AlgorithmMap["SHA-256WITHECDSA"] = "SHA-256withECDSA";
-            AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha256.Id] = "SHA-256withECDSA";
+            AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha256] = "SHA-256withECDSA";
 
             AlgorithmMap["SHA384/ECDSA"] = "SHA-384withECDSA";
             AlgorithmMap["SHA-384/ECDSA"] = "SHA-384withECDSA";
@@ -249,7 +251,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["ECDSAWITHSHA-384"] = "SHA-384withECDSA";
             AlgorithmMap["SHA384WITHECDSA"] = "SHA-384withECDSA";
             AlgorithmMap["SHA-384WITHECDSA"] = "SHA-384withECDSA";
-            AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha384.Id] = "SHA-384withECDSA";
+            AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha384] = "SHA-384withECDSA";
 
             AlgorithmMap["SHA512/ECDSA"] = "SHA-512withECDSA";
             AlgorithmMap["SHA-512/ECDSA"] = "SHA-512withECDSA";
@@ -257,12 +259,12 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["ECDSAWITHSHA-512"] = "SHA-512withECDSA";
             AlgorithmMap["SHA512WITHECDSA"] = "SHA-512withECDSA";
             AlgorithmMap["SHA-512WITHECDSA"] = "SHA-512withECDSA";
-            AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha512.Id] = "SHA-512withECDSA";
+            AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha512] = "SHA-512withECDSA";
 
             AlgorithmMap["RIPEMD160/ECDSA"] = "RIPEMD160withECDSA";
             AlgorithmMap["ECDSAWITHRIPEMD160"] = "RIPEMD160withECDSA";
             AlgorithmMap["RIPEMD160WITHECDSA"] = "RIPEMD160withECDSA";
-            AlgorithmMap[TeleTrusTObjectIdentifiers.ECSignWithRipeMD160.Id] = "RIPEMD160withECDSA";
+            AlgorithmOidMap[TeleTrusTObjectIdentifiers.ECSignWithRipeMD160] = "RIPEMD160withECDSA";
 
             AlgorithmMap["NONEWITHCVC-ECDSA"] = "NONEwithCVC-ECDSA";
             AlgorithmMap["CVC-ECDSAWITHNONE"] = "NONEwithCVC-ECDSA";
@@ -273,7 +275,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["CVC-ECDSAWITHSHA-1"] = "SHA-1withCVC-ECDSA";
             AlgorithmMap["SHA1WITHCVC-ECDSA"] = "SHA-1withCVC-ECDSA";
             AlgorithmMap["SHA-1WITHCVC-ECDSA"] = "SHA-1withCVC-ECDSA";
-            AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_1.Id] = "SHA-1withCVC-ECDSA";
+            AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_1] = "SHA-1withCVC-ECDSA";
 
             AlgorithmMap["SHA224/CVC-ECDSA"] = "SHA-224withCVC-ECDSA";
             AlgorithmMap["SHA-224/CVC-ECDSA"] = "SHA-224withCVC-ECDSA";
@@ -281,7 +283,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["CVC-ECDSAWITHSHA-224"] = "SHA-224withCVC-ECDSA";
             AlgorithmMap["SHA224WITHCVC-ECDSA"] = "SHA-224withCVC-ECDSA";
             AlgorithmMap["SHA-224WITHCVC-ECDSA"] = "SHA-224withCVC-ECDSA";
-            AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_224.Id] = "SHA-224withCVC-ECDSA";
+            AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_224] = "SHA-224withCVC-ECDSA";
 
             AlgorithmMap["SHA256/CVC-ECDSA"] = "SHA-256withCVC-ECDSA";
             AlgorithmMap["SHA-256/CVC-ECDSA"] = "SHA-256withCVC-ECDSA";
@@ -289,7 +291,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["CVC-ECDSAWITHSHA-256"] = "SHA-256withCVC-ECDSA";
             AlgorithmMap["SHA256WITHCVC-ECDSA"] = "SHA-256withCVC-ECDSA";
             AlgorithmMap["SHA-256WITHCVC-ECDSA"] = "SHA-256withCVC-ECDSA";
-            AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_256.Id] = "SHA-256withCVC-ECDSA";
+            AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_256] = "SHA-256withCVC-ECDSA";
 
             AlgorithmMap["SHA384/CVC-ECDSA"] = "SHA-384withCVC-ECDSA";
             AlgorithmMap["SHA-384/CVC-ECDSA"] = "SHA-384withCVC-ECDSA";
@@ -297,7 +299,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["CVC-ECDSAWITHSHA-384"] = "SHA-384withCVC-ECDSA";
             AlgorithmMap["SHA384WITHCVC-ECDSA"] = "SHA-384withCVC-ECDSA";
             AlgorithmMap["SHA-384WITHCVC-ECDSA"] = "SHA-384withCVC-ECDSA";
-            AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_384.Id] = "SHA-384withCVC-ECDSA";
+            AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_384] = "SHA-384withCVC-ECDSA";
 
             AlgorithmMap["SHA512/CVC-ECDSA"] = "SHA-512withCVC-ECDSA";
             AlgorithmMap["SHA-512/CVC-ECDSA"] = "SHA-512withCVC-ECDSA";
@@ -305,7 +307,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["CVC-ECDSAWITHSHA-512"] = "SHA-512withCVC-ECDSA";
             AlgorithmMap["SHA512WITHCVC-ECDSA"] = "SHA-512withCVC-ECDSA";
             AlgorithmMap["SHA-512WITHCVC-ECDSA"] = "SHA-512withCVC-ECDSA";
-            AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_512.Id] = "SHA-512withCVC-ECDSA";
+            AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_512] = "SHA-512withCVC-ECDSA";
 
             AlgorithmMap["NONEWITHPLAIN-ECDSA"] = "NONEwithPLAIN-ECDSA";
             AlgorithmMap["PLAIN-ECDSAWITHNONE"] = "NONEwithPLAIN-ECDSA";
@@ -316,7 +318,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["PLAIN-ECDSAWITHSHA-1"] = "SHA-1withPLAIN-ECDSA";
             AlgorithmMap["SHA1WITHPLAIN-ECDSA"] = "SHA-1withPLAIN-ECDSA";
             AlgorithmMap["SHA-1WITHPLAIN-ECDSA"] = "SHA-1withPLAIN-ECDSA";
-            AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA1.Id] = "SHA-1withPLAIN-ECDSA";
+            AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA1] = "SHA-1withPLAIN-ECDSA";
 
             AlgorithmMap["SHA224/PLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA";
             AlgorithmMap["SHA-224/PLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA";
@@ -324,7 +326,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["PLAIN-ECDSAWITHSHA-224"] = "SHA-224withPLAIN-ECDSA";
             AlgorithmMap["SHA224WITHPLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA";
             AlgorithmMap["SHA-224WITHPLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA";
-            AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA224.Id] = "SHA-224withPLAIN-ECDSA";
+            AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA224] = "SHA-224withPLAIN-ECDSA";
 
             AlgorithmMap["SHA256/PLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA";
             AlgorithmMap["SHA-256/PLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA";
@@ -332,7 +334,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["PLAIN-ECDSAWITHSHA-256"] = "SHA-256withPLAIN-ECDSA";
             AlgorithmMap["SHA256WITHPLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA";
             AlgorithmMap["SHA-256WITHPLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA";
-            AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA256.Id] = "SHA-256withPLAIN-ECDSA";
+            AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA256] = "SHA-256withPLAIN-ECDSA";
 
             AlgorithmMap["SHA384/PLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA";
             AlgorithmMap["SHA-384/PLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA";
@@ -340,7 +342,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["PLAIN-ECDSAWITHSHA-384"] = "SHA-384withPLAIN-ECDSA";
             AlgorithmMap["SHA384WITHPLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA";
             AlgorithmMap["SHA-384WITHPLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA";
-            AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA384.Id] = "SHA-384withPLAIN-ECDSA";
+            AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA384] = "SHA-384withPLAIN-ECDSA";
 
             AlgorithmMap["SHA512/PLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA";
             AlgorithmMap["SHA-512/PLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA";
@@ -348,12 +350,12 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["PLAIN-ECDSAWITHSHA-512"] = "SHA-512withPLAIN-ECDSA";
             AlgorithmMap["SHA512WITHPLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA";
             AlgorithmMap["SHA-512WITHPLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA";
-            AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA512.Id] = "SHA-512withPLAIN-ECDSA";
+            AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA512] = "SHA-512withPLAIN-ECDSA";
 
             AlgorithmMap["RIPEMD160/PLAIN-ECDSA"] = "RIPEMD160withPLAIN-ECDSA";
             AlgorithmMap["PLAIN-ECDSAWITHRIPEMD160"] = "RIPEMD160withPLAIN-ECDSA";
             AlgorithmMap["RIPEMD160WITHPLAIN-ECDSA"] = "RIPEMD160withPLAIN-ECDSA";
-            AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_RIPEMD160.Id] = "RIPEMD160withPLAIN-ECDSA";
+            AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_RIPEMD160] = "RIPEMD160withPLAIN-ECDSA";
 
             AlgorithmMap["SHA1WITHECNR"] = "SHA-1withECNR";
             AlgorithmMap["SHA-1WITHECNR"] = "SHA-1withECNR";
@@ -370,13 +372,13 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["GOST-3410-94"] = "GOST3410";
             AlgorithmMap["GOST3411WITHGOST3410"] = "GOST3410";
             AlgorithmMap["GOST3411/GOST3410"] = "GOST3410";
-            AlgorithmMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94.Id] = "GOST3410";
+            AlgorithmOidMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94] = "GOST3410";
 
             AlgorithmMap["ECGOST-3410"] = "ECGOST3410";
             AlgorithmMap["GOST-3410-2001"] = "ECGOST3410";
             AlgorithmMap["GOST3411WITHECGOST3410"] = "ECGOST3410";
             AlgorithmMap["GOST3411/ECGOST3410"] = "ECGOST3410";
-            AlgorithmMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001.Id] = "ECGOST3410";
+            AlgorithmOidMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001] = "ECGOST3410";
 
             AlgorithmMap["GOST-3410-2012-256"] = "ECGOST3410-2012-256";
             AlgorithmMap["GOST3411WITHECGOST3410-2012-256"] = "ECGOST3410-2012-256";
@@ -384,7 +386,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["GOST3411-2012-256WITHECGOST3410-2012-256"] = "ECGOST3410-2012-256";
             AlgorithmMap["GOST3411-2012-256/ECGOST3410"] = "ECGOST3410-2012-256";
             AlgorithmMap["GOST3411-2012-256/ECGOST3410-2012-256"] = "ECGOST3410-2012-256";
-            AlgorithmMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256.Id] =
+            AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256] =
                 "ECGOST3410-2012-256";
 
             AlgorithmMap["GOST-3410-2012-512"] = "ECGOST3410-2012-512";
@@ -393,28 +395,26 @@ namespace Org.BouncyCastle.Security
             AlgorithmMap["GOST3411-2012-512WITHECGOST3410-2012-512"] = "ECGOST3410-2012-512";
             AlgorithmMap["GOST3411-2012-512/ECGOST3410"] = "ECGOST3410-2012-512";
             AlgorithmMap["GOST3411-2012-512/ECGOST3410-2012-512"] = "ECGOST3410-2012-512";
-            AlgorithmMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512.Id] =
+            AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512] =
                 "ECGOST3410-2012-512";
 
             AlgorithmMap["ED25519"] = "Ed25519";
-            AlgorithmMap[EdECObjectIdentifiers.id_Ed25519.Id] = "Ed25519";
+            AlgorithmOidMap[EdECObjectIdentifiers.id_Ed25519] = "Ed25519";
             AlgorithmMap["ED25519CTX"] = "Ed25519ctx";
             AlgorithmMap["ED25519PH"] = "Ed25519ph";
             AlgorithmMap["ED448"] = "Ed448";
-            AlgorithmMap[EdECObjectIdentifiers.id_Ed448.Id] = "Ed448";
+            AlgorithmOidMap[EdECObjectIdentifiers.id_Ed448] = "Ed448";
             AlgorithmMap["ED448PH"] = "Ed448ph";
 
             AlgorithmMap["SHA256WITHSM2"] = "SHA256withSM2";
-            AlgorithmMap[GMObjectIdentifiers.sm2sign_with_sha256.Id] = "SHA256withSM2";
+            AlgorithmOidMap[GMObjectIdentifiers.sm2sign_with_sha256] = "SHA256withSM2";
             AlgorithmMap["SM3WITHSM2"] = "SM3withSM2";
-            AlgorithmMap[GMObjectIdentifiers.sm2sign_with_sm3.Id] = "SM3withSM2";
+            AlgorithmOidMap[GMObjectIdentifiers.sm2sign_with_sm3] = "SM3withSM2";
 
             NoRandom.Add("Ed25519");
-            NoRandom.Add(EdECObjectIdentifiers.id_Ed25519.Id);
             NoRandom.Add("Ed25519ctx");
             NoRandom.Add("Ed25519ph");
             NoRandom.Add("Ed448");
-            NoRandom.Add(EdECObjectIdentifiers.id_Ed448.Id);
             NoRandom.Add("Ed448ph");
 
             Oids["MD2withRSA"] = PkcsObjectIdentifiers.MD2WithRsaEncryption;
@@ -477,32 +477,45 @@ namespace Org.BouncyCastle.Security
 
             Oids["SHA256withSM2"] = GMObjectIdentifiers.sm2sign_with_sha256;
             Oids["SM3withSM2"] = GMObjectIdentifiers.sm2sign_with_sm3;
-        }
 
-        /// <summary>
-        /// Returns an ObjectIdentifier for a given encoding.
-        /// </summary>
-        /// <param name="mechanism">A string representation of the encoding.</param>
-        /// <returns>A DerObjectIdentifier, null if the OID is not available.</returns>
-        // TODO Don't really want to support this
-        public static DerObjectIdentifier GetObjectIdentifier(string mechanism)
-        {
-            if (mechanism == null)
-                throw new ArgumentNullException(nameof(mechanism));
+#if DEBUG
+            foreach (var key in AlgorithmMap.Keys)
+            {
+                if (DerObjectIdentifier.TryFromID(key, out var ignore))
+                    throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key);
+            }
 
-            string algorithm = CollectionUtilities.GetValueOrKey(AlgorithmMap, mechanism);
+            var mechanisms = new HashSet<string>(AlgorithmMap.Values);
+            mechanisms.UnionWith(AlgorithmOidMap.Values);
 
-            return CollectionUtilities.GetValueOrNull(Oids, algorithm);
+            foreach (var mechanism in mechanisms)
+            {
+                if (AlgorithmMap.TryGetValue(mechanism, out var check))
+                {
+                    if (mechanism != check)
+                        throw new Exception("Mechanism mapping MUST be to self: " + mechanism);
+                }
+                else
+                {
+                    if (!mechanism.Equals(mechanism.ToUpperInvariant()))
+                        throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism);
+                }
+            }
+#endif
         }
 
-        public static ICollection<string> Algorithms
-        {
-            get { return CollectionUtilities.ReadOnly(Oids.Keys); }
-        }
+        public static ICollection<string> Algorithms => CollectionUtilities.ReadOnly(Oids.Keys);
 
+        // TODO[api] Change parameter name to 'oid'
         public static Asn1Encodable GetDefaultX509Parameters(DerObjectIdentifier id)
         {
-            return GetDefaultX509Parameters(id.Id);
+            if (id == null)
+                throw new ArgumentNullException(nameof(id));
+
+            if (!AlgorithmOidMap.TryGetValue(id, out var mechanism))
+                return DerNull.Instance;
+
+            return GetDefaultX509ParametersForMechanism(mechanism);
         }
 
         public static Asn1Encodable GetDefaultX509Parameters(string algorithm)
@@ -510,8 +523,13 @@ namespace Org.BouncyCastle.Security
             if (algorithm == null)
                 throw new ArgumentNullException(nameof(algorithm));
 
-            string mechanism = CollectionUtilities.GetValueOrKey(AlgorithmMap, algorithm);
+            string mechanism = GetMechanism(algorithm) ?? algorithm;
+
+            return GetDefaultX509ParametersForMechanism(mechanism);
+        }
 
+        private static Asn1Encodable GetDefaultX509ParametersForMechanism(string mechanism)
+        {
             if (mechanism == "PSSwithRSA")
             {
                 // TODO The Sha1Digest here is a default. In JCE version, the actual digest
@@ -528,9 +546,38 @@ namespace Org.BouncyCastle.Security
             return DerNull.Instance;
         }
 
+        public static string GetEncodingName(DerObjectIdentifier oid)
+        {
+            return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid);
+        }
+
         private static string GetMechanism(string algorithm)
         {
-            return AlgorithmMap.TryGetValue(algorithm, out var v) ? v : algorithm.ToUpperInvariant();
+            if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1))
+                return mechanism1;
+
+            if (DerObjectIdentifier.TryFromID(algorithm, out var oid))
+            {
+                if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2))
+                    return mechanism2;
+            }
+
+            return null;
+        }
+
+        /// <summary>
+        /// Returns an ObjectIdentifier for a given signature mechanism.
+        /// </summary>
+        /// <param name="mechanism">A string representation of the signature mechanism.</param>
+        /// <returns>A DerObjectIdentifier, null if the OID is not available.</returns>
+        public static DerObjectIdentifier GetObjectIdentifier(string mechanism)
+        {
+            if (mechanism == null)
+                throw new ArgumentNullException(nameof(mechanism));
+
+            mechanism = GetMechanism(mechanism) ?? mechanism;
+
+            return CollectionUtilities.GetValueOrNull(Oids, mechanism);
         }
 
         private static Asn1Encodable GetPssX509Parameters(
@@ -548,12 +595,20 @@ namespace Org.BouncyCastle.Security
                 new DerInteger(saltLen), new DerInteger(1));
         }
 
+        // TODO[api] Change parameter name to 'oid'
         public static ISigner GetSigner(DerObjectIdentifier id)
         {
             if (id == null)
                 throw new ArgumentNullException(nameof(id));
 
-            return GetSigner(id.Id);
+            if (AlgorithmOidMap.TryGetValue(id, out var mechanism))
+            {
+                var signer = GetSignerForMechanism(mechanism);
+                if (signer != null)
+                    return signer;
+            }
+
+            throw new SecurityUtilityException("Signer OID not recognised.");
         }
 
         public static ISigner GetSigner(string algorithm)
@@ -561,13 +616,13 @@ namespace Org.BouncyCastle.Security
             if (algorithm == null)
                 throw new ArgumentNullException(nameof(algorithm));
 
-            string mechanism = GetMechanism(algorithm);
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
 
             var signer = GetSignerForMechanism(mechanism);
-            if (signer == null)
-                throw new SecurityUtilityException("Signer " + algorithm + " not recognised.");
+            if (signer != null)
+                return signer;
 
-            return signer;
+            throw new SecurityUtilityException("Signer " + algorithm + " not recognised.");
         }
 
         private static ISigner GetSignerForMechanism(string mechanism)
@@ -721,11 +776,6 @@ namespace Org.BouncyCastle.Security
             return null;
         }
 
-        public static string GetEncodingName(DerObjectIdentifier oid)
-        {
-            return CollectionUtilities.GetValueOrNull(AlgorithmMap, oid.Id);
-        }
-
         // TODO[api] Rename 'privateKey' to 'key'
         public static ISigner InitSigner(DerObjectIdentifier algorithmOid, bool forSigning,
             AsymmetricKeyParameter privateKey, SecureRandom random)
@@ -733,7 +783,23 @@ namespace Org.BouncyCastle.Security
             if (algorithmOid == null)
                 throw new ArgumentNullException(nameof(algorithmOid));
 
-            return InitSigner(algorithmOid.Id, forSigning, privateKey, random);
+            if (AlgorithmOidMap.TryGetValue(algorithmOid, out var mechanism))
+            {
+                var signer = GetSignerForMechanism(mechanism);
+                if (signer != null)
+                {
+                    ICipherParameters cipherParameters = privateKey;
+                    if (forSigning && !NoRandom.Contains(mechanism))
+                    {
+                        cipherParameters = ParameterUtilities.WithRandom(cipherParameters, random);
+                    }
+
+                    signer.Init(forSigning, cipherParameters);
+                    return signer;
+                }
+            }
+
+            throw new SecurityUtilityException("Signer OID not recognised.");
         }
 
         // TODO[api] Rename 'privateKey' to 'key'
@@ -743,20 +809,22 @@ namespace Org.BouncyCastle.Security
             if (algorithm == null)
                 throw new ArgumentNullException(nameof(algorithm));
 
-            string mechanism = GetMechanism(algorithm);
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
 
             var signer = GetSignerForMechanism(mechanism);
-            if (signer == null)
-                throw new SecurityUtilityException("Signer " + algorithm + " not recognised.");
-
-            ICipherParameters cipherParameters = privateKey;
-            if (forSigning && !NoRandom.Contains(mechanism))
+            if (signer != null)
             {
-                cipherParameters = ParameterUtilities.WithRandom(cipherParameters, random);
+                ICipherParameters cipherParameters = privateKey;
+                if (forSigning && !NoRandom.Contains(mechanism))
+                {
+                    cipherParameters = ParameterUtilities.WithRandom(cipherParameters, random);
+                }
+
+                signer.Init(forSigning, cipherParameters);
+                return signer;
             }
 
-            signer.Init(forSigning, cipherParameters);
-            return signer;
+            throw new SecurityUtilityException("Signer " + algorithm + " not recognised.");
         }
     }
 }
diff --git a/crypto/test/src/cms/test/EnvelopedDataTest.cs b/crypto/test/src/cms/test/EnvelopedDataTest.cs
index 02c76a0c1..36b3c7db4 100644
--- a/crypto/test/src/cms/test/EnvelopedDataTest.cs
+++ b/crypto/test/src/cms/test/EnvelopedDataTest.cs
@@ -374,11 +374,11 @@ namespace Org.BouncyCastle.Cms.Tests
 
 			CmsEnvelopedData ed = edGen.Generate(
 				new CmsProcessableByteArray(data),
-				"1.2.840.113549.3.4"); // RC4 OID
+                PkcsObjectIdentifiers.rc4.GetID());
 
 			RecipientInformationStore  recipients = ed.GetRecipientInfos();
 
-			Assert.AreEqual(ed.EncryptionAlgOid, "1.2.840.113549.3.4");
+			Assert.AreEqual(ed.EncryptionAlgOid, PkcsObjectIdentifiers.rc4.GetID());
 
 			var c = recipients.GetRecipients();
 
@@ -404,11 +404,11 @@ namespace Org.BouncyCastle.Cms.Tests
 
 			CmsEnvelopedData ed = edGen.Generate(
 				new CmsProcessableByteArray(data),
-				"1.2.840.113549.3.4", 128);  // RC4 OID
+                PkcsObjectIdentifiers.rc4.GetID(), 128);
 
 			RecipientInformationStore recipients = ed.GetRecipientInfos();
 
-			Assert.AreEqual(ed.EncryptionAlgOid, "1.2.840.113549.3.4");
+			Assert.AreEqual(ed.EncryptionAlgOid, PkcsObjectIdentifiers.rc4.GetID());
 
 			var c = recipients.GetRecipients();