Deleted Added
sdiff udiff text old ( 267897 ) new ( 275698 )
full compact
pgp (267897) pgp (275698)
1
2#------------------------------------------------------------------------------
1
2#------------------------------------------------------------------------------
3# $File: pgp,v 1.9 2009/09/19 16:28:11 christos Exp $
3# $File: pgp,v 1.11 2014/11/11 21:32:38 christos Exp $
4# pgp: file(1) magic for Pretty Good Privacy
5# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
6#
70 beshort 0x9900 PGP key public ring
8!:mime application/x-pgp-keyring
90 beshort 0x9501 PGP key security ring
10!:mime application/x-pgp-keyring
110 beshort 0x9500 PGP key security ring

--- 4 unchanged lines hidden (view full) ---

16!:mime text/PGP # encoding: armored data
17#>15 string PUBLIC\040KEY\040BLOCK- public key block
18#>15 string MESSAGE- message
19#>15 string SIGNED\040MESSAGE- signed message
20#>15 string PGP\040SIGNATURE- signature
21
222 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- PGP public key block
23!:mime application/pgp-keys
4# pgp: file(1) magic for Pretty Good Privacy
5# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
6#
70 beshort 0x9900 PGP key public ring
8!:mime application/x-pgp-keyring
90 beshort 0x9501 PGP key security ring
10!:mime application/x-pgp-keyring
110 beshort 0x9500 PGP key security ring

--- 4 unchanged lines hidden (view full) ---

16!:mime text/PGP # encoding: armored data
17#>15 string PUBLIC\040KEY\040BLOCK- public key block
18#>15 string MESSAGE- message
19#>15 string SIGNED\040MESSAGE- signed message
20#>15 string PGP\040SIGNATURE- signature
21
222 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- PGP public key block
23!:mime application/pgp-keys
24>10 search/100 \n\n
25>>&0 use pgp
240 string -----BEGIN\040PGP\40MESSAGE- PGP message
25!:mime application/pgp
260 string -----BEGIN\040PGP\40MESSAGE- PGP message
27!:mime application/pgp
28>10 search/100 \n\n
29>>&0 use pgp
260 string -----BEGIN\040PGP\40SIGNATURE- PGP signature
27!:mime application/pgp-signature
300 string -----BEGIN\040PGP\40SIGNATURE- PGP signature
31!:mime application/pgp-signature
32>10 search/100 \n\n
33>>&0 use pgp
34
35# Decode the type of the packet based on it's base64 encoding.
36# Idea from Mark Martinec
37# The specification is in RFC 4880, section 4.2 and 4.3:
38# http://tools.ietf.org/html/rfc4880#section-4.2
39
400 name pgp
41>0 byte 0x67 Reserved (old)
42>0 byte 0x68 Public-Key Encrypted Session Key (old)
43>0 byte 0x69 Signature (old)
44>0 byte 0x6a Symmetric-Key Encrypted Session Key (old)
45>0 byte 0x6b One-Pass Signature (old)
46>0 byte 0x6c Secret-Key (old)
47>0 byte 0x6d Public-Key (old)
48>0 byte 0x6e Secret-Subkey (old)
49>0 byte 0x6f Compressed Data (old)
50>0 byte 0x70 Symmetrically Encrypted Data (old)
51>0 byte 0x71 Marker (old)
52>0 byte 0x72 Literal Data (old)
53>0 byte 0x73 Trust (old)
54>0 byte 0x74 User ID (old)
55>0 byte 0x75 Public-Subkey (old)
56>0 byte 0x76 Unused (old)
57>0 byte 0x77
58>>1 byte&0xc0 0x00 Reserved
59>>1 byte&0xc0 0x40 Public-Key Encrypted Session Key
60>>1 byte&0xc0 0x80 Signature
61>>1 byte&0xc0 0xc0 Symmetric-Key Encrypted Session Key
62>0 byte 0x78
63>>1 byte&0xc0 0x00 One-Pass Signature
64>>1 byte&0xc0 0x40 Secret-Key
65>>1 byte&0xc0 0x80 Public-Key
66>>1 byte&0xc0 0xc0 Secret-Subkey
67>0 byte 0x79
68>>1 byte&0xc0 0x00 Compressed Data
69>>1 byte&0xc0 0x40 Symmetrically Encrypted Data
70>>1 byte&0xc0 0x80 Marker
71>>1 byte&0xc0 0xc0 Literal Data
72>0 byte 0x7a
73>>1 byte&0xc0 0x00 Trust
74>>1 byte&0xc0 0x40 User ID
75>>1 byte&0xc0 0x80 Public-Subkey
76>>1 byte&0xc0 0xc0 Unused [z%x]
77>0 byte 0x30
78>>1 byte&0xc0 0x00 Unused [0%x]
79>>1 byte&0xc0 0x40 User Attribute
80>>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data
81>>1 byte&0xc0 0xc0 Modification Detection Code
82
83# magic signatures to detect PGP crypto material (from stef)
84# detects and extracts metadata from:
85# - symmetric encrypted packet header
86# - RSA (e=65537) secret (sub-)keys
87
88# 1024b RSA encrypted data
89
900 string \x84\x8c\x03 PGP RSA encrypted session key -
91>3 lelong x keyid: %X
92>7 lelong x %X
93>11 byte 0x01 RSA (Encrypt or Sign) 1024b
94>11 byte 0x02 RSA Encrypt-Only 1024b
95>12 string \x04\x00
96>12 string \x03\xff
97>12 string \x03\xfe
98>12 string \x03\xfd
99>12 string \x03\xfc
100>12 string \x03\xfb
101>12 string \x03\xfa
102>12 string \x03\xf9
103>142 byte 0xd2 .
104
105# 2048b RSA encrypted data
106
1070 string \x85\x01\x0c\x03 PGP RSA encrypted session key -
108>4 lelong x keyid: %X
109>8 lelong x %X
110>12 byte 0x01 RSA (Encrypt or Sign) 2048b
111>12 byte 0x02 RSA Encrypt-Only 2048b
112>13 string \x08\x00
113>13 string \x07\xff
114>13 string \x07\xfe
115>13 string \x07\xfd
116>13 string \x07\xfc
117>13 string \x07\xfb
118>13 string \x07\xfa
119>13 string \x07\xf9
120>271 byte 0xd2 .
121
122# 3072b RSA encrypted data
123
1240 string \x85\x01\x8c\x03 PGP RSA encrypted session key -
125>4 lelong x keyid: %X
126>8 lelong x %X
127>12 byte 0x01 RSA (Encrypt or Sign) 3072b
128>12 byte 0x02 RSA Encrypt-Only 3072b
129>13 string \x0c\x00
130>13 string \x0b\xff
131>13 string \x0b\xfe
132>13 string \x0b\xfd
133>13 string \x0b\xfc
134>13 string \x0b\xfb
135>13 string \x0b\xfa
136>13 string \x0b\xf9
137>399 byte 0xd2 .
138
139# 3072b RSA encrypted data
140
1410 string \x85\x02\x0c\x03 PGP RSA encrypted session key -
142>4 lelong x keyid: %X
143>8 lelong x %X
144>12 byte 0x01 RSA (Encrypt or Sign) 4096b
145>12 byte 0x02 RSA Encrypt-Only 4096b
146>13 string \x10\x00
147>13 string \x0f\xff
148>13 string \x0f\xfe
149>13 string \x0f\xfd
150>13 string \x0f\xfc
151>13 string \x0f\xfb
152>13 string \x0f\xfa
153>13 string \x0f\xf9
154>527 byte 0xd2 .
155
156# 4096b RSA encrypted data
157
1580 string \x85\x04\x0c\x03 PGP RSA encrypted session key -
159>4 lelong x keyid: %X
160>8 lelong x %X
161>12 byte 0x01 RSA (Encrypt or Sign) 8129b
162>12 byte 0x02 RSA Encrypt-Only 8129b
163>13 string \x20\x00
164>13 string \x1f\xff
165>13 string \x1f\xfe
166>13 string \x1f\xfd
167>13 string \x1f\xfc
168>13 string \x1f\xfb
169>13 string \x1f\xfa
170>13 string \x1f\xf9
171>1039 byte 0xd2 .
172
173# crypto algo mapper
174
1750 name crypto
176>0 byte 0x00 Plaintext or unencrypted data
177>0 byte 0x01 IDEA
178>0 byte 0x02 TripleDES
179>0 byte 0x03 CAST5 (128 bit key)
180>0 byte 0x04 Blowfish (128 bit key, 16 rounds)
181>0 byte 0x07 AES with 128-bit key
182>0 byte 0x08 AES with 192-bit key
183>0 byte 0x09 AES with 256-bit key
184>0 byte 0x0a Twofish with 256-bit key
185
186# hash algo mapper
187
1880 name hash
189>0 byte 0x01 MD5
190>0 byte 0x02 SHA-1
191>0 byte 0x03 RIPE-MD/160
192>0 byte 0x08 SHA256
193>0 byte 0x09 SHA384
194>0 byte 0x0a SHA512
195>0 byte 0x0b SHA224
196
197# pgp symmetric encrypted data
198
1990 byte 0x8c PGP symmetric key encrypted data -
200>1 byte 0x0d
201>1 byte 0x0c
202>2 byte 0x04
203>3 use crypto
204>4 byte 0x01 salted -
205>>5 use hash
206>>14 byte 0xd2 .
207>>14 byte 0xc9 .
208>4 byte 0x03 salted & iterated -
209>>5 use hash
210>>15 byte 0xd2 .
211>>15 byte 0xc9 .
212
213# encrypted keymaterial needs s2k & can be checksummed/hashed
214
2150 name chkcrypto
216>0 use crypto
217>1 byte 0x00 Simple S2K
218>1 byte 0x01 Salted S2K
219>1 byte 0x03 Salted&Iterated S2K
220>2 use hash
221
222# all PGP keys start with this prolog
223# containing version, creation date, and purpose
224
2250 name keyprolog
226>0 byte 0x04
227>1 beldate x created on %s -
228>5 byte 0x01 RSA (Encrypt or Sign)
229>5 byte 0x02 RSA Encrypt-Only
230
231# end of secret keys known signature
232# contains e=65537 and the prolog to
233# the encrypted parameters
234
2350 name keyend
236>0 string \x00\x11\x01\x00\x01 e=65537
237>5 use crypto
238>5 byte 0xff checksummed
239>>6 use chkcrypto
240>5 byte 0xfe hashed
241>>6 use chkcrypto
242
243# PGP secret keys contain also the public parts
244# these vary by bitsize of the key
245
2460 name x1024
247>0 use keyprolog
248>6 string \x03\xfe
249>6 string \x03\xff
250>6 string \x04\x00
251>136 use keyend
252
2530 name x2048
254>0 use keyprolog
255>6 string \x80\x00
256>6 string \x07\xfe
257>6 string \x07\xff
258>264 use keyend
259
2600 name x3072
261>0 use keyprolog
262>6 string \x0b\xfe
263>6 string \x0b\xff
264>6 string \x0c\x00
265>392 use keyend
266
2670 name x4096
268>0 use keyprolog
269>6 string \x10\x00
270>6 string \x0f\xfe
271>6 string \x0f\xff
272>520 use keyend
273
274# \x00|\x1f[\xfe\xff]).{1024})'
2750 name x8192
276>0 use keyprolog
277>6 string \x20\x00
278>6 string \x1f\xfe
279>6 string \x1f\xff
280>1032 use keyend
281
282# depending on the size of the pkt
283# we branch into the proper key size
284# signatures defined as x{keysize}
285
286>0 name pgpkey
287>0 string \x01\xd8 1024b
288>>2 use x1024
289>0 string \x01\xeb 1024b
290>>2 use x1024
291>0 string \x01\xfb 1024b
292>>2 use x1024
293>0 string \x01\xfd 1024b
294>>2 use x1024
295>0 string \x01\xf3 1024b
296>>2 use x1024
297>0 string \x01\xee 1024b
298>>2 use x1024
299>0 string \x01\xfe 1024b
300>>2 use x1024
301>0 string \x01\xf4 1024b
302>>2 use x1024
303>0 string \x02\x0d 1024b
304>>2 use x1024
305>0 string \x02\x03 1024b
306>>2 use x1024
307>0 string \x02\x05 1024b
308>>2 use x1024
309>0 string \x02\x15 1024b
310>>2 use x1024
311>0 string \x02\x00 1024b
312>>2 use x1024
313>0 string \x02\x10 1024b
314>>2 use x1024
315>0 string \x02\x04 1024b
316>>2 use x1024
317>0 string \x02\x06 1024b
318>>2 use x1024
319>0 string \x02\x16 1024b
320>>2 use x1024
321>0 string \x03\x98 2048b
322>>2 use x2048
323>0 string \x03\xab 2048b
324>>2 use x2048
325>0 string \x03\xbb 2048b
326>>2 use x2048
327>0 string \x03\xbd 2048b
328>>2 use x2048
329>0 string \x03\xcd 2048b
330>>2 use x2048
331>0 string \x03\xb3 2048b
332>>2 use x2048
333>0 string \x03\xc3 2048b
334>>2 use x2048
335>0 string \x03\xc5 2048b
336>>2 use x2048
337>0 string \x03\xd5 2048b
338>>2 use x2048
339>0 string \x03\xae 2048b
340>>2 use x2048
341>0 string \x03\xbe 2048b
342>>2 use x2048
343>0 string \x03\xc0 2048b
344>>2 use x2048
345>0 string \x03\xd0 2048b
346>>2 use x2048
347>0 string \x03\xb4 2048b
348>>2 use x2048
349>0 string \x03\xc4 2048b
350>>2 use x2048
351>0 string \x03\xc6 2048b
352>>2 use x2048
353>0 string \x03\xd6 2048b
354>>2 use x2048
355>0 string \x05X 3072b
356>>2 use x3072
357>0 string \x05k 3072b
358>>2 use x3072
359>0 string \x05{ 3072b
360>>2 use x3072
361>0 string \x05} 3072b
362>>2 use x3072
363>0 string \x05\x8d 3072b
364>>2 use x3072
365>0 string \x05s 3072b
366>>2 use x3072
367>0 string \x05\x83 3072b
368>>2 use x3072
369>0 string \x05\x85 3072b
370>>2 use x3072
371>0 string \x05\x95 3072b
372>>2 use x3072
373>0 string \x05n 3072b
374>>2 use x3072
375>0 string \x05\x7e 3072b
376>>2 use x3072
377>0 string \x05\x80 3072b
378>>2 use x3072
379>0 string \x05\x90 3072b
380>>2 use x3072
381>0 string \x05t 3072b
382>>2 use x3072
383>0 string \x05\x84 3072b
384>>2 use x3072
385>0 string \x05\x86 3072b
386>>2 use x3072
387>0 string \x05\x96 3072b
388>>2 use x3072
389>0 string \x07[ 4096b
390>>2 use x4096
391>0 string \x07\x18 4096b
392>>2 use x4096
393>0 string \x07+ 4096b
394>>2 use x4096
395>0 string \x07; 4096b
396>>2 use x4096
397>0 string \x07= 4096b
398>>2 use x4096
399>0 string \x07M 4096b
400>>2 use x4096
401>0 string \x073 4096b
402>>2 use x4096
403>0 string \x07C 4096b
404>>2 use x4096
405>0 string \x07E 4096b
406>>2 use x4096
407>0 string \x07U 4096b
408>>2 use x4096
409>0 string \x07. 4096b
410>>2 use x4096
411>0 string \x07> 4096b
412>>2 use x4096
413>0 string \x07@ 4096b
414>>2 use x4096
415>0 string \x07P 4096b
416>>2 use x4096
417>0 string \x074 4096b
418>>2 use x4096
419>0 string \x07D 4096b
420>>2 use x4096
421>0 string \x07F 4096b
422>>2 use x4096
423>0 string \x07V 4096b
424>>2 use x4096
425>0 string \x0e[ 8192b
426>>2 use x8192
427>0 string \x0e\x18 8192b
428>>2 use x8192
429>0 string \x0e+ 8192b
430>>2 use x8192
431>0 string \x0e; 8192b
432>>2 use x8192
433>0 string \x0e= 8192b
434>>2 use x8192
435>0 string \x0eM 8192b
436>>2 use x8192
437>0 string \x0e3 8192b
438>>2 use x8192
439>0 string \x0eC 8192b
440>>2 use x8192
441>0 string \x0eE 8192b
442>>2 use x8192
443>0 string \x0eU 8192b
444>>2 use x8192
445>0 string \x0e. 8192b
446>>2 use x8192
447>0 string \x0e> 8192b
448>>2 use x8192
449>0 string \x0e@ 8192b
450>>2 use x8192
451>0 string \x0eP 8192b
452>>2 use x8192
453>0 string \x0e4 8192b
454>>2 use x8192
455>0 string \x0eD 8192b
456>>2 use x8192
457>0 string \x0eF 8192b
458>>2 use x8192
459>0 string \x0eV 8192b
460>>2 use x8192
461
462# PGP RSA (e=65537) secret (sub-)key header
463
4640 byte 0x95 PGP Secret Key -
465>1 use pgpkey
4660 byte 0x97 PGP Secret Sub-key -
467>1 use pgpkey
4680 byte 0x9d PGP Secret Sub-key -
469>1 use pgpkey