1 2#------------------------------------------------------------------------------ 3# $File: pgp,v 1.11 2014/11/11 21:32:38 christos Exp $ 4# pgp: file(1) magic for Pretty Good Privacy 5# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html 6# 70 beshort 0x9900 PGP key public ring 8!:mime application/x-pgp-keyring 90 beshort 0x9501 PGP key security ring 10!:mime application/x-pgp-keyring 110 beshort 0x9500 PGP key security ring 12!:mime application/x-pgp-keyring 130 beshort 0xa600 PGP encrypted data 14#!:mime application/pgp-encrypted 15#0 string -----BEGIN\040PGP text/PGP armored data 16!:mime text/PGP # encoding: armored data 17#>15 string PUBLIC\040KEY\040BLOCK- public key block 18#>15 string MESSAGE- message 19#>15 string SIGNED\040MESSAGE- signed message 20#>15 string PGP\040SIGNATURE- signature 21 222 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- PGP public key block 23!:mime application/pgp-keys 24>10 search/100 \n\n 25>>&0 use pgp 260 string -----BEGIN\040PGP\40MESSAGE- PGP message 27!:mime application/pgp 28>10 search/100 \n\n 29>>&0 use pgp 300 string -----BEGIN\040PGP\40SIGNATURE- PGP signature 31!:mime application/pgp-signature 32>10 search/100 \n\n 33>>&0 use pgp 34 35# Decode the type of the packet based on it's base64 encoding. 36# Idea from Mark Martinec 37# The specification is in RFC 4880, section 4.2 and 4.3: 38# http://tools.ietf.org/html/rfc4880#section-4.2 39 400 name pgp 41>0 byte 0x67 Reserved (old) 42>0 byte 0x68 Public-Key Encrypted Session Key (old) 43>0 byte 0x69 Signature (old) 44>0 byte 0x6a Symmetric-Key Encrypted Session Key (old) 45>0 byte 0x6b One-Pass Signature (old) 46>0 byte 0x6c Secret-Key (old) 47>0 byte 0x6d Public-Key (old) 48>0 byte 0x6e Secret-Subkey (old) 49>0 byte 0x6f Compressed Data (old) 50>0 byte 0x70 Symmetrically Encrypted Data (old) 51>0 byte 0x71 Marker (old) 52>0 byte 0x72 Literal Data (old) 53>0 byte 0x73 Trust (old) 54>0 byte 0x74 User ID (old) 55>0 byte 0x75 Public-Subkey (old) 56>0 byte 0x76 Unused (old) 57>0 byte 0x77 58>>1 byte&0xc0 0x00 Reserved 59>>1 byte&0xc0 0x40 Public-Key Encrypted Session Key 60>>1 byte&0xc0 0x80 Signature 61>>1 byte&0xc0 0xc0 Symmetric-Key Encrypted Session Key 62>0 byte 0x78 63>>1 byte&0xc0 0x00 One-Pass Signature 64>>1 byte&0xc0 0x40 Secret-Key 65>>1 byte&0xc0 0x80 Public-Key 66>>1 byte&0xc0 0xc0 Secret-Subkey 67>0 byte 0x79 68>>1 byte&0xc0 0x00 Compressed Data 69>>1 byte&0xc0 0x40 Symmetrically Encrypted Data 70>>1 byte&0xc0 0x80 Marker 71>>1 byte&0xc0 0xc0 Literal Data 72>0 byte 0x7a 73>>1 byte&0xc0 0x00 Trust 74>>1 byte&0xc0 0x40 User ID 75>>1 byte&0xc0 0x80 Public-Subkey 76>>1 byte&0xc0 0xc0 Unused [z%x] 77>0 byte 0x30 78>>1 byte&0xc0 0x00 Unused [0%x] 79>>1 byte&0xc0 0x40 User Attribute 80>>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data 81>>1 byte&0xc0 0xc0 Modification Detection Code 82 83# magic signatures to detect PGP crypto material (from stef) 84# detects and extracts metadata from: 85# - symmetric encrypted packet header 86# - RSA (e=65537) secret (sub-)keys 87 88# 1024b RSA encrypted data 89 900 string \x84\x8c\x03 PGP RSA encrypted session key - 91>3 lelong x keyid: %X 92>7 lelong x %X 93>11 byte 0x01 RSA (Encrypt or Sign) 1024b 94>11 byte 0x02 RSA Encrypt-Only 1024b 95>12 string \x04\x00 96>12 string \x03\xff 97>12 string \x03\xfe 98>12 string \x03\xfd 99>12 string \x03\xfc 100>12 string \x03\xfb 101>12 string \x03\xfa 102>12 string \x03\xf9 103>142 byte 0xd2 . 104 105# 2048b RSA encrypted data 106 1070 string \x85\x01\x0c\x03 PGP RSA encrypted session key - 108>4 lelong x keyid: %X 109>8 lelong x %X 110>12 byte 0x01 RSA (Encrypt or Sign) 2048b 111>12 byte 0x02 RSA Encrypt-Only 2048b 112>13 string \x08\x00 113>13 string \x07\xff 114>13 string \x07\xfe 115>13 string \x07\xfd 116>13 string \x07\xfc 117>13 string \x07\xfb 118>13 string \x07\xfa 119>13 string \x07\xf9 120>271 byte 0xd2 . 121 122# 3072b RSA encrypted data 123 1240 string \x85\x01\x8c\x03 PGP RSA encrypted session key - 125>4 lelong x keyid: %X 126>8 lelong x %X 127>12 byte 0x01 RSA (Encrypt or Sign) 3072b 128>12 byte 0x02 RSA Encrypt-Only 3072b 129>13 string \x0c\x00 130>13 string \x0b\xff 131>13 string \x0b\xfe 132>13 string \x0b\xfd 133>13 string \x0b\xfc 134>13 string \x0b\xfb 135>13 string \x0b\xfa 136>13 string \x0b\xf9 137>399 byte 0xd2 . 138 139# 3072b RSA encrypted data 140 1410 string \x85\x02\x0c\x03 PGP RSA encrypted session key - 142>4 lelong x keyid: %X 143>8 lelong x %X 144>12 byte 0x01 RSA (Encrypt or Sign) 4096b 145>12 byte 0x02 RSA Encrypt-Only 4096b 146>13 string \x10\x00 147>13 string \x0f\xff 148>13 string \x0f\xfe 149>13 string \x0f\xfd 150>13 string \x0f\xfc 151>13 string \x0f\xfb 152>13 string \x0f\xfa 153>13 string \x0f\xf9 154>527 byte 0xd2 . 155 156# 4096b RSA encrypted data 157 1580 string \x85\x04\x0c\x03 PGP RSA encrypted session key - 159>4 lelong x keyid: %X 160>8 lelong x %X 161>12 byte 0x01 RSA (Encrypt or Sign) 8129b 162>12 byte 0x02 RSA Encrypt-Only 8129b 163>13 string \x20\x00 164>13 string \x1f\xff 165>13 string \x1f\xfe 166>13 string \x1f\xfd 167>13 string \x1f\xfc 168>13 string \x1f\xfb 169>13 string \x1f\xfa 170>13 string \x1f\xf9 171>1039 byte 0xd2 . 172 173# crypto algo mapper 174 1750 name crypto 176>0 byte 0x00 Plaintext or unencrypted data 177>0 byte 0x01 IDEA 178>0 byte 0x02 TripleDES 179>0 byte 0x03 CAST5 (128 bit key) 180>0 byte 0x04 Blowfish (128 bit key, 16 rounds) 181>0 byte 0x07 AES with 128-bit key 182>0 byte 0x08 AES with 192-bit key 183>0 byte 0x09 AES with 256-bit key 184>0 byte 0x0a Twofish with 256-bit key 185 186# hash algo mapper 187 1880 name hash 189>0 byte 0x01 MD5 190>0 byte 0x02 SHA-1 191>0 byte 0x03 RIPE-MD/160 192>0 byte 0x08 SHA256 193>0 byte 0x09 SHA384 194>0 byte 0x0a SHA512 195>0 byte 0x0b SHA224 196 197# pgp symmetric encrypted data 198 1990 byte 0x8c PGP symmetric key encrypted data - 200>1 byte 0x0d 201>1 byte 0x0c 202>2 byte 0x04 203>3 use crypto 204>4 byte 0x01 salted - 205>>5 use hash 206>>14 byte 0xd2 . 207>>14 byte 0xc9 . 208>4 byte 0x03 salted & iterated - 209>>5 use hash 210>>15 byte 0xd2 . 211>>15 byte 0xc9 . 212 213# encrypted keymaterial needs s2k & can be checksummed/hashed 214 2150 name chkcrypto 216>0 use crypto 217>1 byte 0x00 Simple S2K 218>1 byte 0x01 Salted S2K 219>1 byte 0x03 Salted&Iterated S2K 220>2 use hash 221 222# all PGP keys start with this prolog 223# containing version, creation date, and purpose 224 2250 name keyprolog 226>0 byte 0x04 227>1 beldate x created on %s - 228>5 byte 0x01 RSA (Encrypt or Sign) 229>5 byte 0x02 RSA Encrypt-Only 230 231# end of secret keys known signature 232# contains e=65537 and the prolog to 233# the encrypted parameters 234 2350 name keyend 236>0 string \x00\x11\x01\x00\x01 e=65537 237>5 use crypto 238>5 byte 0xff checksummed 239>>6 use chkcrypto 240>5 byte 0xfe hashed 241>>6 use chkcrypto 242 243# PGP secret keys contain also the public parts 244# these vary by bitsize of the key 245 2460 name x1024 247>0 use keyprolog 248>6 string \x03\xfe 249>6 string \x03\xff 250>6 string \x04\x00 251>136 use keyend 252 2530 name x2048 254>0 use keyprolog 255>6 string \x80\x00 256>6 string \x07\xfe 257>6 string \x07\xff 258>264 use keyend 259 2600 name x3072 261>0 use keyprolog 262>6 string \x0b\xfe 263>6 string \x0b\xff 264>6 string \x0c\x00 265>392 use keyend 266 2670 name x4096 268>0 use keyprolog 269>6 string \x10\x00 270>6 string \x0f\xfe 271>6 string \x0f\xff 272>520 use keyend 273 274# \x00|\x1f[\xfe\xff]).{1024})' 2750 name x8192 276>0 use keyprolog 277>6 string \x20\x00 278>6 string \x1f\xfe 279>6 string \x1f\xff 280>1032 use keyend 281 282# depending on the size of the pkt 283# we branch into the proper key size 284# signatures defined as x{keysize} 285 286>0 name pgpkey 287>0 string \x01\xd8 1024b 288>>2 use x1024 289>0 string \x01\xeb 1024b 290>>2 use x1024 291>0 string \x01\xfb 1024b 292>>2 use x1024 293>0 string \x01\xfd 1024b 294>>2 use x1024 295>0 string \x01\xf3 1024b 296>>2 use x1024 297>0 string \x01\xee 1024b 298>>2 use x1024 299>0 string \x01\xfe 1024b 300>>2 use x1024 301>0 string \x01\xf4 1024b 302>>2 use x1024 303>0 string \x02\x0d 1024b 304>>2 use x1024 305>0 string \x02\x03 1024b 306>>2 use x1024 307>0 string \x02\x05 1024b 308>>2 use x1024 309>0 string \x02\x15 1024b 310>>2 use x1024 311>0 string \x02\x00 1024b 312>>2 use x1024 313>0 string \x02\x10 1024b 314>>2 use x1024 315>0 string \x02\x04 1024b 316>>2 use x1024 317>0 string \x02\x06 1024b 318>>2 use x1024 319>0 string \x02\x16 1024b 320>>2 use x1024 321>0 string \x03\x98 2048b 322>>2 use x2048 323>0 string \x03\xab 2048b 324>>2 use x2048 325>0 string \x03\xbb 2048b 326>>2 use x2048 327>0 string \x03\xbd 2048b 328>>2 use x2048 329>0 string \x03\xcd 2048b 330>>2 use x2048 331>0 string \x03\xb3 2048b 332>>2 use x2048 333>0 string \x03\xc3 2048b 334>>2 use x2048 335>0 string \x03\xc5 2048b 336>>2 use x2048 337>0 string \x03\xd5 2048b 338>>2 use x2048 339>0 string \x03\xae 2048b 340>>2 use x2048 341>0 string \x03\xbe 2048b 342>>2 use x2048 343>0 string \x03\xc0 2048b 344>>2 use x2048 345>0 string \x03\xd0 2048b 346>>2 use x2048 347>0 string \x03\xb4 2048b 348>>2 use x2048 349>0 string \x03\xc4 2048b 350>>2 use x2048 351>0 string \x03\xc6 2048b 352>>2 use x2048 353>0 string \x03\xd6 2048b 354>>2 use x2048 355>0 string \x05X 3072b 356>>2 use x3072 357>0 string \x05k 3072b 358>>2 use x3072 359>0 string \x05{ 3072b 360>>2 use x3072 361>0 string \x05} 3072b 362>>2 use x3072 363>0 string \x05\x8d 3072b 364>>2 use x3072 365>0 string \x05s 3072b 366>>2 use x3072 367>0 string \x05\x83 3072b 368>>2 use x3072 369>0 string \x05\x85 3072b 370>>2 use x3072 371>0 string \x05\x95 3072b 372>>2 use x3072 373>0 string \x05n 3072b 374>>2 use x3072 375>0 string \x05\x7e 3072b 376>>2 use x3072 377>0 string \x05\x80 3072b 378>>2 use x3072 379>0 string \x05\x90 3072b 380>>2 use x3072 381>0 string \x05t 3072b 382>>2 use x3072 383>0 string \x05\x84 3072b 384>>2 use x3072 385>0 string \x05\x86 3072b 386>>2 use x3072 387>0 string \x05\x96 3072b 388>>2 use x3072 389>0 string \x07[ 4096b 390>>2 use x4096 391>0 string \x07\x18 4096b 392>>2 use x4096 393>0 string \x07+ 4096b 394>>2 use x4096 395>0 string \x07; 4096b 396>>2 use x4096 397>0 string \x07= 4096b 398>>2 use x4096 399>0 string \x07M 4096b 400>>2 use x4096 401>0 string \x073 4096b 402>>2 use x4096 403>0 string \x07C 4096b 404>>2 use x4096 405>0 string \x07E 4096b 406>>2 use x4096 407>0 string \x07U 4096b 408>>2 use x4096 409>0 string \x07. 4096b 410>>2 use x4096 411>0 string \x07> 4096b 412>>2 use x4096 413>0 string \x07@ 4096b 414>>2 use x4096 415>0 string \x07P 4096b 416>>2 use x4096 417>0 string \x074 4096b 418>>2 use x4096 419>0 string \x07D 4096b 420>>2 use x4096 421>0 string \x07F 4096b 422>>2 use x4096 423>0 string \x07V 4096b 424>>2 use x4096 425>0 string \x0e[ 8192b 426>>2 use x8192 427>0 string \x0e\x18 8192b 428>>2 use x8192 429>0 string \x0e+ 8192b 430>>2 use x8192 431>0 string \x0e; 8192b 432>>2 use x8192 433>0 string \x0e= 8192b 434>>2 use x8192 435>0 string \x0eM 8192b 436>>2 use x8192 437>0 string \x0e3 8192b 438>>2 use x8192 439>0 string \x0eC 8192b 440>>2 use x8192 441>0 string \x0eE 8192b 442>>2 use x8192 443>0 string \x0eU 8192b 444>>2 use x8192 445>0 string \x0e. 8192b 446>>2 use x8192 447>0 string \x0e> 8192b 448>>2 use x8192 449>0 string \x0e@ 8192b 450>>2 use x8192 451>0 string \x0eP 8192b 452>>2 use x8192 453>0 string \x0e4 8192b 454>>2 use x8192 455>0 string \x0eD 8192b 456>>2 use x8192 457>0 string \x0eF 8192b 458>>2 use x8192 459>0 string \x0eV 8192b 460>>2 use x8192 461 462# PGP RSA (e=65537) secret (sub-)key header 463 4640 byte 0x95 PGP Secret Key - 465>1 use pgpkey 4660 byte 0x97 PGP Secret Sub-key - 467>1 use pgpkey 4680 byte 0x9d PGP Secret Sub-key - 469>1 use pgpkey 470