xref: /freebsd/contrib/file/magic/Magdir/pgp (revision a0ee8cc636cd5c2374ec44ca71226564ea0bca95)
1
2#------------------------------------------------------------------------------
3# $File: pgp,v 1.11 2014/11/11 21:32:38 christos Exp $
4# pgp:  file(1) magic for Pretty Good Privacy
5# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
6#
70       beshort         0x9900                  PGP key public ring
8!:mime	application/x-pgp-keyring
90       beshort         0x9501                  PGP key security ring
10!:mime	application/x-pgp-keyring
110       beshort         0x9500                  PGP key security ring
12!:mime	application/x-pgp-keyring
130	beshort		0xa600			PGP encrypted data
14#!:mime	application/pgp-encrypted
15#0	string		-----BEGIN\040PGP	text/PGP armored data
16!:mime	text/PGP # encoding: armored data
17#>15	string	PUBLIC\040KEY\040BLOCK-	public key block
18#>15	string	MESSAGE-		message
19#>15	string	SIGNED\040MESSAGE-	signed message
20#>15	string	PGP\040SIGNATURE-	signature
21
222	string	---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK-	PGP public key block
23!:mime	application/pgp-keys
24>10	search/100	\n\n
25>>&0	use		pgp
260	string	-----BEGIN\040PGP\40MESSAGE-		PGP message
27!:mime	application/pgp
28>10	search/100	\n\n
29>>&0	use		pgp
300	string	-----BEGIN\040PGP\40SIGNATURE-		PGP signature
31!:mime	application/pgp-signature
32>10	search/100	\n\n
33>>&0	use		pgp
34
35# Decode the type of the packet based on it's base64 encoding.
36# Idea from Mark Martinec
37# The specification is in RFC 4880, section 4.2 and 4.3:
38# http://tools.ietf.org/html/rfc4880#section-4.2
39
400	name		pgp
41>0	byte		0x67		Reserved (old)
42>0	byte		0x68		Public-Key Encrypted Session Key (old)
43>0	byte		0x69		Signature (old)
44>0	byte		0x6a		Symmetric-Key Encrypted Session Key (old)
45>0	byte		0x6b		One-Pass Signature (old)
46>0	byte		0x6c		Secret-Key (old)
47>0	byte		0x6d		Public-Key (old)
48>0	byte		0x6e		Secret-Subkey (old)
49>0	byte		0x6f		Compressed Data (old)
50>0	byte		0x70		Symmetrically Encrypted Data (old)
51>0	byte		0x71		Marker (old)
52>0	byte		0x72		Literal Data (old)
53>0	byte		0x73		Trust (old)
54>0	byte		0x74		User ID (old)
55>0	byte		0x75		Public-Subkey (old)
56>0	byte		0x76		Unused (old)
57>0	byte		0x77
58>>1	byte&0xc0	0x00		Reserved
59>>1	byte&0xc0	0x40		Public-Key Encrypted Session Key
60>>1	byte&0xc0	0x80		Signature
61>>1	byte&0xc0	0xc0		Symmetric-Key Encrypted Session Key
62>0	byte		0x78
63>>1	byte&0xc0	0x00		One-Pass Signature
64>>1	byte&0xc0	0x40		Secret-Key
65>>1	byte&0xc0	0x80		Public-Key
66>>1	byte&0xc0	0xc0		Secret-Subkey
67>0	byte		0x79
68>>1	byte&0xc0	0x00		Compressed Data
69>>1	byte&0xc0	0x40		Symmetrically Encrypted Data
70>>1	byte&0xc0	0x80		Marker
71>>1	byte&0xc0	0xc0		Literal Data
72>0	byte		0x7a
73>>1	byte&0xc0	0x00		Trust
74>>1	byte&0xc0	0x40		User ID
75>>1	byte&0xc0	0x80		Public-Subkey
76>>1	byte&0xc0	0xc0		Unused [z%x]
77>0	byte		0x30
78>>1	byte&0xc0	0x00		Unused [0%x]
79>>1	byte&0xc0	0x40		User Attribute
80>>1	byte&0xc0	0x80		Sym. Encrypted and Integrity Protected Data
81>>1	byte&0xc0	0xc0		Modification Detection Code
82
83# magic signatures to detect PGP crypto material (from stef)
84# detects and extracts metadata from:
85#  - symmetric encrypted packet header
86#  - RSA (e=65537) secret (sub-)keys
87
88# 1024b RSA encrypted data
89
900	string	\x84\x8c\x03		PGP RSA encrypted session key -
91>3	lelong	x			keyid: %X
92>7	lelong	x			%X
93>11	byte	0x01			RSA (Encrypt or Sign) 1024b
94>11	byte	0x02			RSA Encrypt-Only 1024b
95>12	string	\x04\x00
96>12	string	\x03\xff
97>12	string	\x03\xfe
98>12	string	\x03\xfd
99>12	string	\x03\xfc
100>12	string	\x03\xfb
101>12	string	\x03\xfa
102>12	string	\x03\xf9
103>142	byte	0xd2			.
104
105# 2048b RSA encrypted data
106
1070	string	\x85\x01\x0c\x03	PGP RSA encrypted session key -
108>4	lelong	x			keyid: %X
109>8	lelong	x			%X
110>12	byte	0x01			RSA (Encrypt or Sign) 2048b
111>12	byte	0x02			RSA Encrypt-Only 2048b
112>13	string	\x08\x00
113>13	string	\x07\xff
114>13	string	\x07\xfe
115>13	string	\x07\xfd
116>13	string	\x07\xfc
117>13	string	\x07\xfb
118>13	string	\x07\xfa
119>13	string	\x07\xf9
120>271	byte	0xd2			.
121
122# 3072b RSA encrypted data
123
1240	string	\x85\x01\x8c\x03	PGP RSA encrypted session key -
125>4	lelong	x			keyid: %X
126>8	lelong	x			%X
127>12	byte	0x01			RSA (Encrypt or Sign) 3072b
128>12	byte	0x02			RSA Encrypt-Only 3072b
129>13	string	\x0c\x00
130>13	string	\x0b\xff
131>13	string	\x0b\xfe
132>13	string	\x0b\xfd
133>13	string	\x0b\xfc
134>13	string	\x0b\xfb
135>13	string	\x0b\xfa
136>13	string	\x0b\xf9
137>399	byte	0xd2			.
138
139# 3072b RSA encrypted data
140
1410	string	\x85\x02\x0c\x03	PGP RSA encrypted session key -
142>4	lelong	x			keyid: %X
143>8	lelong	x			%X
144>12	byte	0x01			RSA (Encrypt or Sign) 4096b
145>12	byte	0x02			RSA Encrypt-Only 4096b
146>13	string	\x10\x00
147>13	string	\x0f\xff
148>13	string	\x0f\xfe
149>13	string	\x0f\xfd
150>13	string	\x0f\xfc
151>13	string	\x0f\xfb
152>13	string	\x0f\xfa
153>13	string	\x0f\xf9
154>527	byte	0xd2			.
155
156# 4096b RSA encrypted data
157
1580	string	\x85\x04\x0c\x03	PGP RSA encrypted session key -
159>4	lelong	x			keyid: %X
160>8	lelong	x			%X
161>12	byte	0x01			RSA (Encrypt or Sign) 8129b
162>12	byte	0x02			RSA Encrypt-Only 8129b
163>13	string	\x20\x00
164>13	string	\x1f\xff
165>13	string	\x1f\xfe
166>13	string	\x1f\xfd
167>13	string	\x1f\xfc
168>13	string	\x1f\xfb
169>13	string	\x1f\xfa
170>13	string	\x1f\xf9
171>1039	byte	0xd2			.
172
173# crypto algo mapper
174
1750	name	crypto
176>0	byte	0x00			Plaintext or unencrypted data
177>0	byte	0x01			IDEA
178>0	byte	0x02			TripleDES
179>0	byte	0x03			CAST5 (128 bit key)
180>0	byte	0x04			Blowfish (128 bit key, 16 rounds)
181>0	byte	0x07			AES with 128-bit key
182>0	byte	0x08			AES with 192-bit key
183>0	byte	0x09			AES with 256-bit key
184>0	byte	0x0a			Twofish with 256-bit key
185
186# hash algo mapper
187
1880	name	hash
189>0	byte	0x01			MD5
190>0	byte	0x02			SHA-1
191>0	byte	0x03			RIPE-MD/160
192>0	byte	0x08			SHA256
193>0	byte	0x09			SHA384
194>0	byte	0x0a			SHA512
195>0	byte	0x0b			SHA224
196
197# pgp symmetric encrypted data
198
1990	byte	0x8c			PGP symmetric key encrypted data -
200>1	byte	0x0d
201>1	byte	0x0c
202>2	byte	0x04
203>3	use	crypto
204>4	byte	0x01			salted -
205>>5	use	hash
206>>14	byte	0xd2			.
207>>14	byte	0xc9			.
208>4	byte	0x03			salted & iterated -
209>>5	use	hash
210>>15	byte	0xd2			.
211>>15	byte	0xc9			.
212
213# encrypted keymaterial needs s2k & can be checksummed/hashed
214
2150	name	chkcrypto
216>0	use	crypto
217>1	byte	0x00			Simple S2K
218>1	byte	0x01			Salted S2K
219>1	byte	0x03			Salted&Iterated S2K
220>2	use	hash
221
222# all PGP keys start with this prolog
223# containing version, creation date, and purpose
224
2250	name	keyprolog
226>0	byte	0x04
227>1	beldate	x			created on %s -
228>5	byte	0x01			RSA (Encrypt or Sign)
229>5	byte	0x02			RSA Encrypt-Only
230
231# end of secret keys known signature
232# contains e=65537 and the prolog to
233# the encrypted parameters
234
2350	name	keyend
236>0	string	\x00\x11\x01\x00\x01	e=65537
237>5	use	crypto
238>5	byte	0xff			checksummed
239>>6	use	chkcrypto
240>5	byte	0xfe			hashed
241>>6	use	chkcrypto
242
243# PGP secret keys contain also the public parts
244# these vary by bitsize of the key
245
2460	name	x1024
247>0	use	keyprolog
248>6	string	\x03\xfe
249>6	string	\x03\xff
250>6	string	\x04\x00
251>136	use	keyend
252
2530	name	x2048
254>0	use	keyprolog
255>6	string	\x80\x00
256>6	string	\x07\xfe
257>6	string	\x07\xff
258>264	use	keyend
259
2600	name	x3072
261>0	use	keyprolog
262>6	string	\x0b\xfe
263>6	string	\x0b\xff
264>6	string	\x0c\x00
265>392	use	keyend
266
2670	name	x4096
268>0	use	keyprolog
269>6	string	\x10\x00
270>6	string	\x0f\xfe
271>6	string	\x0f\xff
272>520	use	keyend
273
274# \x00|\x1f[\xfe\xff]).{1024})'
2750	name	x8192
276>0	use	keyprolog
277>6	string	\x20\x00
278>6	string	\x1f\xfe
279>6	string	\x1f\xff
280>1032	use	keyend
281
282# depending on the size of the pkt
283# we branch into the proper key size
284# signatures defined as x{keysize}
285
286>0	name	pgpkey
287>0	string	\x01\xd8	1024b
288>>2	use	x1024
289>0	string	\x01\xeb	1024b
290>>2	use	x1024
291>0	string	\x01\xfb	1024b
292>>2	use	x1024
293>0	string	\x01\xfd	1024b
294>>2	use	x1024
295>0	string	\x01\xf3	1024b
296>>2	use	x1024
297>0	string	\x01\xee	1024b
298>>2	use	x1024
299>0	string	\x01\xfe	1024b
300>>2	use	x1024
301>0	string	\x01\xf4	1024b
302>>2	use	x1024
303>0	string	\x02\x0d	1024b
304>>2	use	x1024
305>0	string	\x02\x03	1024b
306>>2	use	x1024
307>0	string	\x02\x05	1024b
308>>2	use	x1024
309>0	string	\x02\x15	1024b
310>>2	use	x1024
311>0	string	\x02\x00	1024b
312>>2	use	x1024
313>0	string	\x02\x10	1024b
314>>2	use	x1024
315>0	string	\x02\x04	1024b
316>>2	use	x1024
317>0	string	\x02\x06	1024b
318>>2	use	x1024
319>0	string	\x02\x16	1024b
320>>2	use	x1024
321>0	string	\x03\x98	2048b
322>>2	use	x2048
323>0	string	\x03\xab	2048b
324>>2	use	x2048
325>0	string	\x03\xbb	2048b
326>>2	use	x2048
327>0	string	\x03\xbd	2048b
328>>2	use	x2048
329>0	string	\x03\xcd	2048b
330>>2	use	x2048
331>0	string	\x03\xb3	2048b
332>>2	use	x2048
333>0	string	\x03\xc3	2048b
334>>2	use	x2048
335>0	string	\x03\xc5	2048b
336>>2	use	x2048
337>0	string	\x03\xd5	2048b
338>>2	use	x2048
339>0	string	\x03\xae	2048b
340>>2	use	x2048
341>0	string	\x03\xbe	2048b
342>>2	use	x2048
343>0	string	\x03\xc0	2048b
344>>2	use	x2048
345>0	string	\x03\xd0	2048b
346>>2	use	x2048
347>0	string	\x03\xb4	2048b
348>>2	use	x2048
349>0	string	\x03\xc4	2048b
350>>2	use	x2048
351>0	string	\x03\xc6	2048b
352>>2	use	x2048
353>0	string	\x03\xd6	2048b
354>>2	use	x2048
355>0	string	\x05X		3072b
356>>2	use	x3072
357>0	string	\x05k		3072b
358>>2	use	x3072
359>0	string	\x05{		3072b
360>>2	use	x3072
361>0	string	\x05}		3072b
362>>2	use	x3072
363>0	string	\x05\x8d	3072b
364>>2	use	x3072
365>0	string	\x05s		3072b
366>>2	use	x3072
367>0	string	\x05\x83	3072b
368>>2	use	x3072
369>0	string	\x05\x85	3072b
370>>2	use	x3072
371>0	string	\x05\x95	3072b
372>>2	use	x3072
373>0	string	\x05n		3072b
374>>2	use	x3072
375>0	string	\x05\x7e	3072b
376>>2	use	x3072
377>0	string	\x05\x80	3072b
378>>2	use	x3072
379>0	string	\x05\x90	3072b
380>>2	use	x3072
381>0	string	\x05t		3072b
382>>2	use	x3072
383>0	string	\x05\x84	3072b
384>>2	use	x3072
385>0	string	\x05\x86	3072b
386>>2	use	x3072
387>0	string	\x05\x96	3072b
388>>2	use	x3072
389>0	string	\x07[		4096b
390>>2	use	x4096
391>0	string	\x07\x18	4096b
392>>2	use	x4096
393>0	string	\x07+		4096b
394>>2	use	x4096
395>0	string	\x07;		4096b
396>>2	use	x4096
397>0	string	\x07=		4096b
398>>2	use	x4096
399>0	string	\x07M		4096b
400>>2	use	x4096
401>0	string	\x073		4096b
402>>2	use	x4096
403>0	string	\x07C		4096b
404>>2	use	x4096
405>0	string	\x07E		4096b
406>>2	use	x4096
407>0	string	\x07U		4096b
408>>2	use	x4096
409>0	string	\x07.		4096b
410>>2	use	x4096
411>0	string	\x07>		4096b
412>>2	use	x4096
413>0	string	\x07@		4096b
414>>2	use	x4096
415>0	string	\x07P		4096b
416>>2	use	x4096
417>0	string	\x074		4096b
418>>2	use	x4096
419>0	string	\x07D		4096b
420>>2	use	x4096
421>0	string	\x07F		4096b
422>>2	use	x4096
423>0	string	\x07V		4096b
424>>2	use	x4096
425>0	string	\x0e[		8192b
426>>2	use	x8192
427>0	string	\x0e\x18	8192b
428>>2	use	x8192
429>0	string	\x0e+		8192b
430>>2	use	x8192
431>0	string	\x0e;		8192b
432>>2	use	x8192
433>0	string	\x0e=		8192b
434>>2	use	x8192
435>0	string	\x0eM		8192b
436>>2	use	x8192
437>0	string	\x0e3		8192b
438>>2	use	x8192
439>0	string	\x0eC		8192b
440>>2	use	x8192
441>0	string	\x0eE		8192b
442>>2	use	x8192
443>0	string	\x0eU		8192b
444>>2	use	x8192
445>0	string	\x0e.		8192b
446>>2	use	x8192
447>0	string	\x0e>		8192b
448>>2	use	x8192
449>0	string	\x0e@		8192b
450>>2	use	x8192
451>0	string	\x0eP		8192b
452>>2	use	x8192
453>0	string	\x0e4		8192b
454>>2	use	x8192
455>0	string	\x0eD		8192b
456>>2	use	x8192
457>0	string	\x0eF		8192b
458>>2	use	x8192
459>0	string	\x0eV		8192b
460>>2	use	x8192
461
462# PGP RSA (e=65537) secret (sub-)key header
463
4640	byte	0x95			PGP	Secret Key -
465>1	use	pgpkey
4660	byte	0x97			PGP	Secret Sub-key -
467>1	use	pgpkey
4680	byte	0x9d			PGP	Secret Sub-key -
469>1	use	pgpkey
470