xref: /freebsd/contrib/file/magic/Magdir/pgp (revision 4f52dfbb8d6c4d446500c5b097e3806ec219fbd4)
1
2#------------------------------------------------------------------------------
3# $File: pgp,v 1.14 2017/03/17 21:35:28 christos Exp $
4# pgp:  file(1) magic for Pretty Good Privacy
5# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
6#
70       beshort         0x9900                  PGP key public ring
8!:mime	application/x-pgp-keyring
90       beshort         0x9501                  PGP key security ring
10!:mime	application/x-pgp-keyring
110       beshort         0x9500                  PGP key security ring
12!:mime	application/x-pgp-keyring
130	beshort		0xa600			PGP encrypted data
14#!:mime	application/pgp-encrypted
15#0	string		-----BEGIN\040PGP	text/PGP armored data
16!:mime	text/PGP # encoding: armored data
17#>15	string	PUBLIC\040KEY\040BLOCK-	public key block
18#>15	string	MESSAGE-		message
19#>15	string	SIGNED\040MESSAGE-	signed message
20#>15	string	PGP\040SIGNATURE-	signature
21
222	string	---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK-	PGP public key block
23!:mime	application/pgp-keys
24>10	search/100	\n\n
25>>&0	use		pgp
260	string	-----BEGIN\040PGP\040MESSAGE-		PGP message
27!:mime	application/pgp
28>10	search/100	\n\n
29>>&0	use		pgp
300	string	-----BEGIN\040PGP\040SIGNATURE-		PGP signature
31!:mime	application/pgp-signature
32>10	search/100	\n\n
33>>&0	use		pgp
34
35# Decode the type of the packet based on it's base64 encoding.
36# Idea from Mark Martinec
37# The specification is in RFC 4880, section 4.2 and 4.3:
38# http://tools.ietf.org/html/rfc4880#section-4.2
39
400	name		pgp
41>0	byte		0x67		Reserved (old)
42>0	byte		0x68		Public-Key Encrypted Session Key (old)
43>0	byte		0x69		Signature (old)
44>0	byte		0x6a		Symmetric-Key Encrypted Session Key (old)
45>0	byte		0x6b		One-Pass Signature (old)
46>0	byte		0x6c		Secret-Key (old)
47>0	byte		0x6d		Public-Key (old)
48>0	byte		0x6e		Secret-Subkey (old)
49>0	byte		0x6f		Compressed Data (old)
50>0	byte		0x70		Symmetrically Encrypted Data (old)
51>0	byte		0x71		Marker (old)
52>0	byte		0x72		Literal Data (old)
53>0	byte		0x73		Trust (old)
54>0	byte		0x74		User ID (old)
55>0	byte		0x75		Public-Subkey (old)
56>0	byte		0x76		Unused (old)
57>0	byte		0x77
58>>1	byte&0xc0	0x00		Reserved
59>>1	byte&0xc0	0x40		Public-Key Encrypted Session Key
60>>1	byte&0xc0	0x80		Signature
61>>1	byte&0xc0	0xc0		Symmetric-Key Encrypted Session Key
62>0	byte		0x78
63>>1	byte&0xc0	0x00		One-Pass Signature
64>>1	byte&0xc0	0x40		Secret-Key
65>>1	byte&0xc0	0x80		Public-Key
66>>1	byte&0xc0	0xc0		Secret-Subkey
67>0	byte		0x79
68>>1	byte&0xc0	0x00		Compressed Data
69>>1	byte&0xc0	0x40		Symmetrically Encrypted Data
70>>1	byte&0xc0	0x80		Marker
71>>1	byte&0xc0	0xc0		Literal Data
72>0	byte		0x7a
73>>1	byte&0xc0	0x00		Trust
74>>1	byte&0xc0	0x40		User ID
75>>1	byte&0xc0	0x80		Public-Subkey
76>>1	byte&0xc0	0xc0		Unused [z%x]
77>0	byte		0x30
78>>1	byte&0xc0	0x00		Unused [0%x]
79>>1	byte&0xc0	0x40		User Attribute
80>>1	byte&0xc0	0x80		Sym. Encrypted and Integrity Protected Data
81>>1	byte&0xc0	0xc0		Modification Detection Code
82
83# magic signatures to detect PGP crypto material (from stef)
84# detects and extracts metadata from:
85#  - symmetric encrypted packet header
86#  - RSA (e=65537) secret (sub-)keys
87
88# 1024b RSA encrypted data
89
900	string	\x84\x8c\x03		PGP RSA encrypted session key -
91>3	lelong	x			keyid: %X
92>7	lelong	x			%X
93>11	byte	0x01			RSA (Encrypt or Sign) 1024b
94>11	byte	0x02			RSA Encrypt-Only 1024b
95>12	string	\x04\x00
96>12	string	\x03\xff
97>12	string	\x03\xfe
98>12	string	\x03\xfd
99>12	string	\x03\xfc
100>12	string	\x03\xfb
101>12	string	\x03\xfa
102>12	string	\x03\xf9
103>142	byte	0xd2			.
104
105# 2048b RSA encrypted data
106
1070	string	\x85\x01\x0c\x03	PGP RSA encrypted session key -
108>4	lelong	x			keyid: %X
109>8	lelong	x			%X
110>12	byte	0x01			RSA (Encrypt or Sign) 2048b
111>12	byte	0x02			RSA Encrypt-Only 2048b
112>13	string	\x08\x00
113>13	string	\x07\xff
114>13	string	\x07\xfe
115>13	string	\x07\xfd
116>13	string	\x07\xfc
117>13	string	\x07\xfb
118>13	string	\x07\xfa
119>13	string	\x07\xf9
120>271	byte	0xd2			.
121
122# 3072b RSA encrypted data
123
1240	string	\x85\x01\x8c\x03	PGP RSA encrypted session key -
125>4	lelong	x			keyid: %X
126>8	lelong	x			%X
127>12	byte	0x01			RSA (Encrypt or Sign) 3072b
128>12	byte	0x02			RSA Encrypt-Only 3072b
129>13	string	\x0c\x00
130>13	string	\x0b\xff
131>13	string	\x0b\xfe
132>13	string	\x0b\xfd
133>13	string	\x0b\xfc
134>13	string	\x0b\xfb
135>13	string	\x0b\xfa
136>13	string	\x0b\xf9
137>399	byte	0xd2			.
138
139# 3072b RSA encrypted data
140
1410	string	\x85\x02\x0c\x03	PGP RSA encrypted session key -
142>4	lelong	x			keyid: %X
143>8	lelong	x			%X
144>12	byte	0x01			RSA (Encrypt or Sign) 4096b
145>12	byte	0x02			RSA Encrypt-Only 4096b
146>13	string	\x10\x00
147>13	string	\x0f\xff
148>13	string	\x0f\xfe
149>13	string	\x0f\xfd
150>13	string	\x0f\xfc
151>13	string	\x0f\xfb
152>13	string	\x0f\xfa
153>13	string	\x0f\xf9
154>527	byte	0xd2			.
155
156# 4096b RSA encrypted data
157
1580	string	\x85\x04\x0c\x03	PGP RSA encrypted session key -
159>4	lelong	x			keyid: %X
160>8	lelong	x			%X
161>12	byte	0x01			RSA (Encrypt or Sign) 8129b
162>12	byte	0x02			RSA Encrypt-Only 8129b
163>13	string	\x20\x00
164>13	string	\x1f\xff
165>13	string	\x1f\xfe
166>13	string	\x1f\xfd
167>13	string	\x1f\xfc
168>13	string	\x1f\xfb
169>13	string	\x1f\xfa
170>13	string	\x1f\xf9
171>1039	byte	0xd2			.
172
173# crypto algo mapper
174
1750	name	crypto
176>0	byte	0x00			Plaintext or unencrypted data
177>0	byte	0x01			IDEA
178>0	byte	0x02			TripleDES
179>0	byte	0x03			CAST5 (128 bit key)
180>0	byte	0x04			Blowfish (128 bit key, 16 rounds)
181>0	byte	0x07			AES with 128-bit key
182>0	byte	0x08			AES with 192-bit key
183>0	byte	0x09			AES with 256-bit key
184>0	byte	0x0a			Twofish with 256-bit key
185
186# hash algo mapper
187
1880	name	hash
189>0	byte	0x01			MD5
190>0	byte	0x02			SHA-1
191>0	byte	0x03			RIPE-MD/160
192>0	byte	0x08			SHA256
193>0	byte	0x09			SHA384
194>0	byte	0x0a			SHA512
195>0	byte	0x0b			SHA224
196
197# display public key algorithms as human readable text
1980	name	key_algo
199>0	byte	0x01			RSA (Encrypt or Sign)
200# keep old look of version 5.28 without parentheses
201>0	byte	0x02			RSA Encrypt-Only
202>0	byte	0x03			RSA (Sign-Only)
203>0	byte	16			ElGamal (Encrypt-Only)
204>0	byte	17			DSA
205>0	byte	18			Elliptic Curve
206>0	byte	19			ECDSA
207>0	byte	20			ElGamal (Encrypt or Sign)
208>0	byte	21			Diffie-Hellman
209>0	default	x
210>>0	ubyte	<22			unknown (pub %d)
211# this should never happen
212>>0	ubyte	>21			invalid (%d)
213
214# pgp symmetric encrypted data
215
2160	byte	0x8c			PGP symmetric key encrypted data -
217>1	byte	0x0d
218>1	byte	0x0c
219>2	byte	0x04
220>3	use	crypto
221>4	byte	0x01			salted -
222>>5	use	hash
223>>14	byte	0xd2			.
224>>14	byte	0xc9			.
225>4	byte	0x03			salted & iterated -
226>>5	use	hash
227>>15	byte	0xd2			.
228>>15	byte	0xc9			.
229
230# encrypted keymaterial needs s2k & can be checksummed/hashed
231
2320	name	chkcrypto
233>0	use	crypto
234>1	byte	0x00			Simple S2K
235>1	byte	0x01			Salted S2K
236>1	byte	0x03			Salted&Iterated S2K
237>2	use	hash
238
239# all PGP keys start with this prolog
240# containing version, creation date, and purpose
241
2420	name	keyprolog
243>0	byte	0x04
244>1	beldate	x			created on %s -
245>5	byte	0x01			RSA (Encrypt or Sign)
246>5	byte	0x02			RSA Encrypt-Only
247
248# end of secret keys known signature
249# contains e=65537 and the prolog to
250# the encrypted parameters
251
2520	name	keyend
253>0	string	\x00\x11\x01\x00\x01	e=65537
254>5	use	crypto
255>5	byte	0xff			checksummed
256>>6	use	chkcrypto
257>5	byte	0xfe			hashed
258>>6	use	chkcrypto
259
260# PGP secret keys contain also the public parts
261# these vary by bitsize of the key
262
2630	name	x1024
264>0	use	keyprolog
265>6	string	\x03\xfe
266>6	string	\x03\xff
267>6	string	\x04\x00
268>136	use	keyend
269
2700	name	x2048
271>0	use	keyprolog
272>6	string	\x80\x00
273>6	string	\x07\xfe
274>6	string	\x07\xff
275>264	use	keyend
276
2770	name	x3072
278>0	use	keyprolog
279>6	string	\x0b\xfe
280>6	string	\x0b\xff
281>6	string	\x0c\x00
282>392	use	keyend
283
2840	name	x4096
285>0	use	keyprolog
286>6	string	\x10\x00
287>6	string	\x0f\xfe
288>6	string	\x0f\xff
289>520	use	keyend
290
291# \x00|\x1f[\xfe\xff]).{1024})'
2920	name	x8192
293>0	use	keyprolog
294>6	string	\x20\x00
295>6	string	\x1f\xfe
296>6	string	\x1f\xff
297>1032	use	keyend
298
299# depending on the size of the pkt
300# we branch into the proper key size
301# signatures defined as x{keysize}
302
303>0	name	pgpkey
304>0	string	\x01\xd8	1024b
305>>2	use	x1024
306>0	string	\x01\xeb	1024b
307>>2	use	x1024
308>0	string	\x01\xfb	1024b
309>>2	use	x1024
310>0	string	\x01\xfd	1024b
311>>2	use	x1024
312>0	string	\x01\xf3	1024b
313>>2	use	x1024
314>0	string	\x01\xee	1024b
315>>2	use	x1024
316>0	string	\x01\xfe	1024b
317>>2	use	x1024
318>0	string	\x01\xf4	1024b
319>>2	use	x1024
320>0	string	\x02\x0d	1024b
321>>2	use	x1024
322>0	string	\x02\x03	1024b
323>>2	use	x1024
324>0	string	\x02\x05	1024b
325>>2	use	x1024
326>0	string	\x02\x15	1024b
327>>2	use	x1024
328>0	string	\x02\x00	1024b
329>>2	use	x1024
330>0	string	\x02\x10	1024b
331>>2	use	x1024
332>0	string	\x02\x04	1024b
333>>2	use	x1024
334>0	string	\x02\x06	1024b
335>>2	use	x1024
336>0	string	\x02\x16	1024b
337>>2	use	x1024
338>0	string	\x03\x98	2048b
339>>2	use	x2048
340>0	string	\x03\xab	2048b
341>>2	use	x2048
342>0	string	\x03\xbb	2048b
343>>2	use	x2048
344>0	string	\x03\xbd	2048b
345>>2	use	x2048
346>0	string	\x03\xcd	2048b
347>>2	use	x2048
348>0	string	\x03\xb3	2048b
349>>2	use	x2048
350>0	string	\x03\xc3	2048b
351>>2	use	x2048
352>0	string	\x03\xc5	2048b
353>>2	use	x2048
354>0	string	\x03\xd5	2048b
355>>2	use	x2048
356>0	string	\x03\xae	2048b
357>>2	use	x2048
358>0	string	\x03\xbe	2048b
359>>2	use	x2048
360>0	string	\x03\xc0	2048b
361>>2	use	x2048
362>0	string	\x03\xd0	2048b
363>>2	use	x2048
364>0	string	\x03\xb4	2048b
365>>2	use	x2048
366>0	string	\x03\xc4	2048b
367>>2	use	x2048
368>0	string	\x03\xc6	2048b
369>>2	use	x2048
370>0	string	\x03\xd6	2048b
371>>2	use	x2048
372>0	string	\x05X		3072b
373>>2	use	x3072
374>0	string	\x05k		3072b
375>>2	use	x3072
376>0	string	\x05{		3072b
377>>2	use	x3072
378>0	string	\x05}		3072b
379>>2	use	x3072
380>0	string	\x05\x8d	3072b
381>>2	use	x3072
382>0	string	\x05s		3072b
383>>2	use	x3072
384>0	string	\x05\x83	3072b
385>>2	use	x3072
386>0	string	\x05\x85	3072b
387>>2	use	x3072
388>0	string	\x05\x95	3072b
389>>2	use	x3072
390>0	string	\x05n		3072b
391>>2	use	x3072
392>0	string	\x05\x7e	3072b
393>>2	use	x3072
394>0	string	\x05\x80	3072b
395>>2	use	x3072
396>0	string	\x05\x90	3072b
397>>2	use	x3072
398>0	string	\x05t		3072b
399>>2	use	x3072
400>0	string	\x05\x84	3072b
401>>2	use	x3072
402>0	string	\x05\x86	3072b
403>>2	use	x3072
404>0	string	\x05\x96	3072b
405>>2	use	x3072
406>0	string	\x07[		4096b
407>>2	use	x4096
408>0	string	\x07\x18	4096b
409>>2	use	x4096
410>0	string	\x07+		4096b
411>>2	use	x4096
412>0	string	\x07;		4096b
413>>2	use	x4096
414>0	string	\x07=		4096b
415>>2	use	x4096
416>0	string	\x07M		4096b
417>>2	use	x4096
418>0	string	\x073		4096b
419>>2	use	x4096
420>0	string	\x07C		4096b
421>>2	use	x4096
422>0	string	\x07E		4096b
423>>2	use	x4096
424>0	string	\x07U		4096b
425>>2	use	x4096
426>0	string	\x07.		4096b
427>>2	use	x4096
428>0	string	\x07>		4096b
429>>2	use	x4096
430>0	string	\x07@		4096b
431>>2	use	x4096
432>0	string	\x07P		4096b
433>>2	use	x4096
434>0	string	\x074		4096b
435>>2	use	x4096
436>0	string	\x07D		4096b
437>>2	use	x4096
438>0	string	\x07F		4096b
439>>2	use	x4096
440>0	string	\x07V		4096b
441>>2	use	x4096
442>0	string	\x0e[		8192b
443>>2	use	x8192
444>0	string	\x0e\x18	8192b
445>>2	use	x8192
446>0	string	\x0e+		8192b
447>>2	use	x8192
448>0	string	\x0e;		8192b
449>>2	use	x8192
450>0	string	\x0e=		8192b
451>>2	use	x8192
452>0	string	\x0eM		8192b
453>>2	use	x8192
454>0	string	\x0e3		8192b
455>>2	use	x8192
456>0	string	\x0eC		8192b
457>>2	use	x8192
458>0	string	\x0eE		8192b
459>>2	use	x8192
460>0	string	\x0eU		8192b
461>>2	use	x8192
462>0	string	\x0e.		8192b
463>>2	use	x8192
464>0	string	\x0e>		8192b
465>>2	use	x8192
466>0	string	\x0e@		8192b
467>>2	use	x8192
468>0	string	\x0eP		8192b
469>>2	use	x8192
470>0	string	\x0e4		8192b
471>>2	use	x8192
472>0	string	\x0eD		8192b
473>>2	use	x8192
474>0	string	\x0eF		8192b
475>>2	use	x8192
476>0	string	\x0eV		8192b
477>>2	use	x8192
478
479# PGP RSA (e=65537) secret (sub-)key header
480
4810	byte	0x95			PGP	Secret Key -
482>1	use	pgpkey
4830	byte	0x97			PGP	Secret Sub-key -
484>1	use	pgpkey
4850	byte	0x9d
486# Update: Joerg Jenderek
487# secret subkey packet (tag 7) with same structure as secret key packet (tag 5)
488# skip Fetus.Sys16 CALIBUS.MAIN OrbFix.Sys16.Ex by looking for positive len
489>1	ubeshort	>0
490#>1	ubeshort	x		\b, body length 0x%x
491# next packet type often 88h,89h~(tag 2)~Signature Packet
492#>>(1.S+3)	ubyte	x		\b, next packet type 0x%x
493# skip Dragon.SHR DEMO.INIT by looking for positive version
494>>3	ubyte		>0
495# skip BUISSON.13 GUITAR1 by looking for low version number
496>>>3	ubyte		<5		PGP Secret Sub-key
497# sub-key are normally part of secret key. So it does not occur as standalone file
498#!:ext	bin
499# version 2,3~old 4~new . Comment following line for version 5.28 look
500>>>>3	ubyte		x		(v%d)
501>>>>3	ubyte		x		-
502# old versions 2 or 3 but no real example found
503>>>>3	ubyte		<4
504# 2 byte for key bits in version 5.28 look
505>>>>>11		ubeshort	x	%db
506>>>>>4		beldate		x	created on %s -
507# old versions use 2 additional bytes after time stamp
508#>>>>>8		ubeshort	x	0x%x
509# display key algorithm 1~RSA Encrypt|Sign - 21~Diffie-Hellman
510>>>>>10	  	use		key_algo
511>>>>>(11.S/8)	ubequad		x
512# look after first key
513>>>>>>&5	use		keyend
514# new version
515>>>>3	ubyte		>3
516>>>>>9		ubeshort	x	%db
517>>>>>4		beldate		x	created on %s -
518# display key algorithm
519>>>>>8		use		key_algo
520>>>>>(9.S/8)	ubequad		x
521# look after first key for something like s2k
522>>>>>>&3	use		keyend
523