2 #------------------------------------------------------------------------------
3 # $File: pgp,v 1.14 2017/03/17 21:35:28 christos Exp $
4 # pgp: file(1) magic for Pretty Good Privacy
5 # see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
7 0 beshort 0x9900 PGP key public ring
8 !:mime application/x-pgp-keyring
9 0 beshort 0x9501 PGP key security ring
10 !:mime application/x-pgp-keyring
11 0 beshort 0x9500 PGP key security ring
12 !:mime application/x-pgp-keyring
13 0 beshort 0xa600 PGP encrypted data
14 #!:mime application/pgp-encrypted
15 #0 string -----BEGIN\040PGP text/PGP armored data
16 !:mime text/PGP # encoding: armored data
17 #>15 string PUBLIC\040KEY\040BLOCK- public key block
18 #>15 string MESSAGE- message
19 #>15 string SIGNED\040MESSAGE- signed message
20 #>15 string PGP\040SIGNATURE- signature
22 2 string ---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK- PGP public key block
23 !:mime application/pgp-keys
26 0 string -----BEGIN\040PGP\040MESSAGE- PGP message
27 !:mime application/pgp
30 0 string -----BEGIN\040PGP\040SIGNATURE- PGP signature
31 !:mime application/pgp-signature
35 # Decode the type of the packet based on it's base64 encoding.
36 # Idea from Mark Martinec
37 # The specification is in RFC 4880, section 4.2 and 4.3:
38 # http://tools.ietf.org/html/rfc4880#section-4.2
41 >0 byte 0x67 Reserved (old)
42 >0 byte 0x68 Public-Key Encrypted Session Key (old)
43 >0 byte 0x69 Signature (old)
44 >0 byte 0x6a Symmetric-Key Encrypted Session Key (old)
45 >0 byte 0x6b One-Pass Signature (old)
46 >0 byte 0x6c Secret-Key (old)
47 >0 byte 0x6d Public-Key (old)
48 >0 byte 0x6e Secret-Subkey (old)
49 >0 byte 0x6f Compressed Data (old)
50 >0 byte 0x70 Symmetrically Encrypted Data (old)
51 >0 byte 0x71 Marker (old)
52 >0 byte 0x72 Literal Data (old)
53 >0 byte 0x73 Trust (old)
54 >0 byte 0x74 User ID (old)
55 >0 byte 0x75 Public-Subkey (old)
56 >0 byte 0x76 Unused (old)
58 >>1 byte&0xc0 0x00 Reserved
59 >>1 byte&0xc0 0x40 Public-Key Encrypted Session Key
60 >>1 byte&0xc0 0x80 Signature
61 >>1 byte&0xc0 0xc0 Symmetric-Key Encrypted Session Key
63 >>1 byte&0xc0 0x00 One-Pass Signature
64 >>1 byte&0xc0 0x40 Secret-Key
65 >>1 byte&0xc0 0x80 Public-Key
66 >>1 byte&0xc0 0xc0 Secret-Subkey
68 >>1 byte&0xc0 0x00 Compressed Data
69 >>1 byte&0xc0 0x40 Symmetrically Encrypted Data
70 >>1 byte&0xc0 0x80 Marker
71 >>1 byte&0xc0 0xc0 Literal Data
73 >>1 byte&0xc0 0x00 Trust
74 >>1 byte&0xc0 0x40 User ID
75 >>1 byte&0xc0 0x80 Public-Subkey
76 >>1 byte&0xc0 0xc0 Unused [z%x]
78 >>1 byte&0xc0 0x00 Unused [0%x]
79 >>1 byte&0xc0 0x40 User Attribute
80 >>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data
81 >>1 byte&0xc0 0xc0 Modification Detection Code
83 # magic signatures to detect PGP crypto material (from stef)
84 # detects and extracts metadata from:
85 # - symmetric encrypted packet header
86 # - RSA (e=65537) secret (sub-)keys
88 # 1024b RSA encrypted data
90 0 string \x84\x8c\x03 PGP RSA encrypted session key -
93 >11 byte 0x01 RSA (Encrypt or Sign) 1024b
94 >11 byte 0x02 RSA Encrypt-Only 1024b
105 # 2048b RSA encrypted data
107 0 string \x85\x01\x0c\x03 PGP RSA encrypted session key -
108 >4 lelong x keyid: %X
110 >12 byte 0x01 RSA (Encrypt or Sign) 2048b
111 >12 byte 0x02 RSA Encrypt-Only 2048b
122 # 3072b RSA encrypted data
124 0 string \x85\x01\x8c\x03 PGP RSA encrypted session key -
125 >4 lelong x keyid: %X
127 >12 byte 0x01 RSA (Encrypt or Sign) 3072b
128 >12 byte 0x02 RSA Encrypt-Only 3072b
139 # 3072b RSA encrypted data
141 0 string \x85\x02\x0c\x03 PGP RSA encrypted session key -
142 >4 lelong x keyid: %X
144 >12 byte 0x01 RSA (Encrypt or Sign) 4096b
145 >12 byte 0x02 RSA Encrypt-Only 4096b
156 # 4096b RSA encrypted data
158 0 string \x85\x04\x0c\x03 PGP RSA encrypted session key -
159 >4 lelong x keyid: %X
161 >12 byte 0x01 RSA (Encrypt or Sign) 8129b
162 >12 byte 0x02 RSA Encrypt-Only 8129b
176 >0 byte 0x00 Plaintext or unencrypted data
178 >0 byte 0x02 TripleDES
179 >0 byte 0x03 CAST5 (128 bit key)
180 >0 byte 0x04 Blowfish (128 bit key, 16 rounds)
181 >0 byte 0x07 AES with 128-bit key
182 >0 byte 0x08 AES with 192-bit key
183 >0 byte 0x09 AES with 256-bit key
184 >0 byte 0x0a Twofish with 256-bit key
191 >0 byte 0x03 RIPE-MD/160
197 # display public key algorithms as human readable text
199 >0 byte 0x01 RSA (Encrypt or Sign)
200 # keep old look of version 5.28 without parentheses
201 >0 byte 0x02 RSA Encrypt-Only
202 >0 byte 0x03 RSA (Sign-Only)
203 >0 byte 16 ElGamal (Encrypt-Only)
205 >0 byte 18 Elliptic Curve
207 >0 byte 20 ElGamal (Encrypt or Sign)
208 >0 byte 21 Diffie-Hellman
210 >>0 ubyte <22 unknown (pub %d)
211 # this should never happen
212 >>0 ubyte >21 invalid (%d)
214 # pgp symmetric encrypted data
216 0 byte 0x8c PGP symmetric key encrypted data -
221 >4 byte 0x01 salted -
225 >4 byte 0x03 salted & iterated -
230 # encrypted keymaterial needs s2k & can be checksummed/hashed
234 >1 byte 0x00 Simple S2K
235 >1 byte 0x01 Salted S2K
236 >1 byte 0x03 Salted&Iterated S2K
239 # all PGP keys start with this prolog
240 # containing version, creation date, and purpose
244 >1 beldate x created on %s -
245 >5 byte 0x01 RSA (Encrypt or Sign)
246 >5 byte 0x02 RSA Encrypt-Only
248 # end of secret keys known signature
249 # contains e=65537 and the prolog to
250 # the encrypted parameters
253 >0 string \x00\x11\x01\x00\x01 e=65537
255 >5 byte 0xff checksummed
260 # PGP secret keys contain also the public parts
261 # these vary by bitsize of the key
291 # \x00|\x1f[\xfe\xff]).{1024})'
299 # depending on the size of the pkt
300 # we branch into the proper key size
301 # signatures defined as x{keysize}
304 >0 string \x01\xd8 1024b
306 >0 string \x01\xeb 1024b
308 >0 string \x01\xfb 1024b
310 >0 string \x01\xfd 1024b
312 >0 string \x01\xf3 1024b
314 >0 string \x01\xee 1024b
316 >0 string \x01\xfe 1024b
318 >0 string \x01\xf4 1024b
320 >0 string \x02\x0d 1024b
322 >0 string \x02\x03 1024b
324 >0 string \x02\x05 1024b
326 >0 string \x02\x15 1024b
328 >0 string \x02\x00 1024b
330 >0 string \x02\x10 1024b
332 >0 string \x02\x04 1024b
334 >0 string \x02\x06 1024b
336 >0 string \x02\x16 1024b
338 >0 string \x03\x98 2048b
340 >0 string \x03\xab 2048b
342 >0 string \x03\xbb 2048b
344 >0 string \x03\xbd 2048b
346 >0 string \x03\xcd 2048b
348 >0 string \x03\xb3 2048b
350 >0 string \x03\xc3 2048b
352 >0 string \x03\xc5 2048b
354 >0 string \x03\xd5 2048b
356 >0 string \x03\xae 2048b
358 >0 string \x03\xbe 2048b
360 >0 string \x03\xc0 2048b
362 >0 string \x03\xd0 2048b
364 >0 string \x03\xb4 2048b
366 >0 string \x03\xc4 2048b
368 >0 string \x03\xc6 2048b
370 >0 string \x03\xd6 2048b
372 >0 string \x05X 3072b
374 >0 string \x05k 3072b
376 >0 string \x05{ 3072b
378 >0 string \x05} 3072b
380 >0 string \x05\x8d 3072b
382 >0 string \x05s 3072b
384 >0 string \x05\x83 3072b
386 >0 string \x05\x85 3072b
388 >0 string \x05\x95 3072b
390 >0 string \x05n 3072b
392 >0 string \x05\x7e 3072b
394 >0 string \x05\x80 3072b
396 >0 string \x05\x90 3072b
398 >0 string \x05t 3072b
400 >0 string \x05\x84 3072b
402 >0 string \x05\x86 3072b
404 >0 string \x05\x96 3072b
406 >0 string \x07[ 4096b
408 >0 string \x07\x18 4096b
410 >0 string \x07+ 4096b
412 >0 string \x07; 4096b
414 >0 string \x07= 4096b
416 >0 string \x07M 4096b
418 >0 string \x073 4096b
420 >0 string \x07C 4096b
422 >0 string \x07E 4096b
424 >0 string \x07U 4096b
426 >0 string \x07. 4096b
428 >0 string \x07> 4096b
430 >0 string \x07@ 4096b
432 >0 string \x07P 4096b
434 >0 string \x074 4096b
436 >0 string \x07D 4096b
438 >0 string \x07F 4096b
440 >0 string \x07V 4096b
442 >0 string \x0e[ 8192b
444 >0 string \x0e\x18 8192b
446 >0 string \x0e+ 8192b
448 >0 string \x0e; 8192b
450 >0 string \x0e= 8192b
452 >0 string \x0eM 8192b
454 >0 string \x0e3 8192b
456 >0 string \x0eC 8192b
458 >0 string \x0eE 8192b
460 >0 string \x0eU 8192b
462 >0 string \x0e. 8192b
464 >0 string \x0e> 8192b
466 >0 string \x0e@ 8192b
468 >0 string \x0eP 8192b
470 >0 string \x0e4 8192b
472 >0 string \x0eD 8192b
474 >0 string \x0eF 8192b
476 >0 string \x0eV 8192b
479 # PGP RSA (e=65537) secret (sub-)key header
481 0 byte 0x95 PGP Secret Key -
483 0 byte 0x97 PGP Secret Sub-key -
486 # Update: Joerg Jenderek
487 # secret subkey packet (tag 7) with same structure as secret key packet (tag 5)
488 # skip Fetus.Sys16 CALIBUS.MAIN OrbFix.Sys16.Ex by looking for positive len
490 #>1 ubeshort x \b, body length 0x%x
491 # next packet type often 88h,89h~(tag 2)~Signature Packet
492 #>>(1.S+3) ubyte x \b, next packet type 0x%x
493 # skip Dragon.SHR DEMO.INIT by looking for positive version
495 # skip BUISSON.13 GUITAR1 by looking for low version number
496 >>>3 ubyte <5 PGP Secret Sub-key
497 # sub-key are normally part of secret key. So it does not occur as standalone file
499 # version 2,3~old 4~new . Comment following line for version 5.28 look
502 # old versions 2 or 3 but no real example found
504 # 2 byte for key bits in version 5.28 look
505 >>>>>11 ubeshort x %db
506 >>>>>4 beldate x created on %s -
507 # old versions use 2 additional bytes after time stamp
508 #>>>>>8 ubeshort x 0x%x
509 # display key algorithm 1~RSA Encrypt|Sign - 21~Diffie-Hellman
511 >>>>>(11.S/8) ubequad x
512 # look after first key
516 >>>>>9 ubeshort x %db
517 >>>>>4 beldate x created on %s -
518 # display key algorithm
520 >>>>>(9.S/8) ubequad x
521 # look after first key for something like s2k