xref: /freebsd/contrib/file/magic/Magdir/pgp (revision b077aed33b7b6aefca7b17ddb250cf521f938613)
1
2#------------------------------------------------------------------------------
3# $File: pgp,v 1.25 2021/04/26 15:56:00 christos Exp $
4# pgp:  file(1) magic for Pretty Good Privacy
5
6# Handling of binary PGP keys is in pgp-binary-keys.
7# see https://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
8#
90	beshort		0xa600			PGP encrypted data
10#!:mime	application/pgp-encrypted
11#0	string		-----BEGIN\040PGP	text/PGP armored data
12!:mime	text/PGP # encoding: armored data
13#>15	string	PUBLIC\040KEY\040BLOCK-	public key block
14#>15	string	MESSAGE-		message
15#>15	string	SIGNED\040MESSAGE-	signed message
16#>15	string	PGP\040SIGNATURE-	signature
17
18# Update:	Joerg Jenderek
19# URL:		http://en.wikipedia.org/wiki/Pretty_Good_Privacy
20# Reference:	https://reposcope.com/mimetype/application/pgp-keys
212	string	---BEGIN\040PGP\040PRIVATE\040KEY\040BLOCK-	PGP private key block
22#!:mime	text/PGP
23!:mime	application/pgp-keys
24!:ext	asc
252	string	---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK-	PGP public key block
26!:mime	application/pgp-keys
27!:ext	asc
28>10	search/100	\n\n
29>>&0	use		pgp
300	string	-----BEGIN\040PGP\040MESSAGE-		PGP message
31# https://reposcope.com/mimetype/application/pgp-encrypted
32#!:mime	application/pgp
33!:mime	application/pgp-encrypted
34!:ext	asc
35#!:ext	asc/pgp/gpg
36>10	search/100	\n\n
37>>&0	use		pgp
38# Reference:	https://www.gnupg.org/gph/en/manual/x135.html
390	string	-----BEGIN\040PGP\040SIGNED\040MESSAGE-	PGP signed message
40#!:mime	text/plain
41!:mime	text/PGP
42#!:mime	application/pgp
43!:ext	asc
440	string	-----BEGIN\040PGP\040SIGNATURE-		PGP signature
45# https://reposcope.com/mimetype/application/pgp-signature
46!:mime	application/pgp-signature
47!:ext	asc
48>10	search/100	\n\n
49>>&0	use		pgp
50
51# Decode the type of the packet based on it's base64 encoding.
52# Idea from Mark Martinec
53# The specification is in RFC 4880, section 4.2 and 4.3:
54# https://tools.ietf.org/html/rfc4880#section-4.2
55
560	name		pgp
57>0	byte		0x67		Reserved (old)
58>0	byte		0x68		Public-Key Encrypted Session Key (old)
59>0	byte		0x69		Signature (old)
60>0	byte		0x6a		Symmetric-Key Encrypted Session Key (old)
61>0	byte		0x6b		One-Pass Signature (old)
62>0	byte		0x6c		Secret-Key (old)
63>0	byte		0x6d		Public-Key (old)
64>0	byte		0x6e		Secret-Subkey (old)
65>0	byte		0x6f		Compressed Data (old)
66>0	byte		0x70		Symmetrically Encrypted Data (old)
67>0	byte		0x71		Marker (old)
68>0	byte		0x72		Literal Data (old)
69>0	byte		0x73		Trust (old)
70>0	byte		0x74		User ID (old)
71>0	byte		0x75		Public-Subkey (old)
72>0	byte		0x76		Unused (old)
73>0	byte		0x77
74>>1	byte&0xc0	0x00		Reserved
75>>1	byte&0xc0	0x40		Public-Key Encrypted Session Key
76>>1	byte&0xc0	0x80		Signature
77>>1	byte&0xc0	0xc0		Symmetric-Key Encrypted Session Key
78>0	byte		0x78
79>>1	byte&0xc0	0x00		One-Pass Signature
80>>1	byte&0xc0	0x40		Secret-Key
81>>1	byte&0xc0	0x80		Public-Key
82>>1	byte&0xc0	0xc0		Secret-Subkey
83>0	byte		0x79
84>>1	byte&0xc0	0x00		Compressed Data
85>>1	byte&0xc0	0x40		Symmetrically Encrypted Data
86>>1	byte&0xc0	0x80		Marker
87>>1	byte&0xc0	0xc0		Literal Data
88>0	byte		0x7a
89>>1	byte&0xc0	0x00		Trust
90>>1	byte&0xc0	0x40		User ID
91>>1	byte&0xc0	0x80		Public-Subkey
92>>1	byte&0xc0	0xc0		Unused [z%x]
93>0	byte		0x30
94>>1	byte&0xc0	0x00		Unused [0%x]
95>>1	byte&0xc0	0x40		User Attribute
96>>1	byte&0xc0	0x80		Sym. Encrypted and Integrity Protected Data
97>>1	byte&0xc0	0xc0		Modification Detection Code
98
99# magic signatures to detect PGP crypto material (from stef)
100# detects and extracts metadata from:
101#  - symmetric encrypted packet header
102#  - RSA (e=65537) secret (sub-)keys
103
104# 1024b RSA encrypted data
105
1060	string	\x84\x8c\x03		PGP RSA encrypted session key -
107>3	belong	x			keyid: %08X
108>7	belong	x			%08X
109>11	byte	0x01			RSA (Encrypt or Sign) 1024b
110>11	byte	0x02			RSA Encrypt-Only 1024b
111>12	string	\x04\x00
112>12	string	\x03\xff
113>12	string	\x03\xfe
114>12	string	\x03\xfd
115>12	string	\x03\xfc
116>12	string	\x03\xfb
117>12	string	\x03\xfa
118>12	string	\x03\xf9
119>142	byte	0xd2			.
120
121# 2048b RSA encrypted data
122
1230	string	\x85\x01\x0c\x03	PGP RSA encrypted session key -
124>4	belong	x			keyid: %08X
125>8	belong	x			%08X
126>12	byte	0x01			RSA (Encrypt or Sign) 2048b
127>12	byte	0x02			RSA Encrypt-Only 2048b
128>13	string	\x08\x00
129>13	string	\x07\xff
130>13	string	\x07\xfe
131>13	string	\x07\xfd
132>13	string	\x07\xfc
133>13	string	\x07\xfb
134>13	string	\x07\xfa
135>13	string	\x07\xf9
136>271	byte	0xd2			.
137
138# 3072b RSA encrypted data
139
1400	string	\x85\x01\x8c\x03	PGP RSA encrypted session key -
141>4	belong	x			keyid: %08X
142>8	belong	x			%08X
143>12	byte	0x01			RSA (Encrypt or Sign) 3072b
144>12	byte	0x02			RSA Encrypt-Only 3072b
145>13	string	\x0c\x00
146>13	string	\x0b\xff
147>13	string	\x0b\xfe
148>13	string	\x0b\xfd
149>13	string	\x0b\xfc
150>13	string	\x0b\xfb
151>13	string	\x0b\xfa
152>13	string	\x0b\xf9
153>399	byte	0xd2			.
154
155# 4096b RSA encrypted data
156
1570	string	\x85\x02\x0c\x03	PGP RSA encrypted session key -
158>4	belong	x			keyid: %08X
159>8	belong	x			%08X
160>12	byte	0x01			RSA (Encrypt or Sign) 4096b
161>12	byte	0x02			RSA Encrypt-Only 4096b
162>13	string	\x10\x00
163>13	string	\x0f\xff
164>13	string	\x0f\xfe
165>13	string	\x0f\xfd
166>13	string	\x0f\xfc
167>13	string	\x0f\xfb
168>13	string	\x0f\xfa
169>13	string	\x0f\xf9
170>527	byte	0xd2			.
171
172# 8192b RSA encrypted data
173
1740	string	\x85\x04\x0c\x03	PGP RSA encrypted session key -
175>4	belong	x			keyid: %08X
176>8	belong	x			%08X
177>12	byte	0x01			RSA (Encrypt or Sign) 8192b
178>12	byte	0x02			RSA Encrypt-Only 8192b
179>13	string	\x20\x00
180>13	string	\x1f\xff
181>13	string	\x1f\xfe
182>13	string	\x1f\xfd
183>13	string	\x1f\xfc
184>13	string	\x1f\xfb
185>13	string	\x1f\xfa
186>13	string	\x1f\xf9
187>1039	byte	0xd2			.
188
189# 1024b Elgamal encrypted data
190
1910	string	\x85\x01\x0e\x03	PGP Elgamal encrypted session key -
192>4	belong	x			keyid: %08X
193>8	belong	x			%08X
194>12	byte	0x10			Elgamal Encrypt-Only 1024b.
195>13	string	\x04\x00
196>13	string	\x03\xff
197>13	string	\x03\xfe
198>13	string	\x03\xfd
199>13	string	\x03\xfc
200>13	string	\x03\xfb
201>13	string	\x03\xfa
202>13	string	\x03\xf9
203
204# 2048b Elgamal encrypted data
205
2060	string	\x85\x02\x0e\x03	PGP Elgamal encrypted session key -
207>4	belong	x			keyid: %08X
208>8	belong	x			%08X
209>12	byte	0x10			Elgamal Encrypt-Only 2048b.
210>13	string	\x08\x00
211>13	string	\x07\xff
212>13	string	\x07\xfe
213>13	string	\x07\xfd
214>13	string	\x07\xfc
215>13	string	\x07\xfb
216>13	string	\x07\xfa
217>13	string	\x07\xf9
218
219# 3072b Elgamal encrypted data
220
2210	string	\x85\x03\x0e\x03	PGP Elgamal encrypted session key -
222>4	belong	x			keyid: %08X
223>8	belong	x			%08X
224>12	byte	0x10			Elgamal Encrypt-Only 3072b.
225>13	string	\x0c\x00
226>13	string	\x0b\xff
227>13	string	\x0b\xfe
228>13	string	\x0b\xfd
229>13	string	\x0b\xfc
230>13	string	\x0b\xfb
231>13	string	\x0b\xfa
232>13	string	\x0b\xf9
233
234# crypto algo mapper
235
2360	name	crypto
237>0	byte	0x00			Plaintext or unencrypted data
238>0	byte	0x01			IDEA
239>0	byte	0x02			TripleDES
240>0	byte	0x03			CAST5 (128 bit key)
241>0	byte	0x04			Blowfish (128 bit key, 16 rounds)
242>0	byte	0x07			AES with 128-bit key
243>0	byte	0x08			AES with 192-bit key
244>0	byte	0x09			AES with 256-bit key
245>0	byte	0x0a			Twofish with 256-bit key
246
247# hash algo mapper
248
2490	name	hash
250>0	byte	0x01			MD5
251>0	byte	0x02			SHA-1
252>0	byte	0x03			RIPE-MD/160
253>0	byte	0x08			SHA256
254>0	byte	0x09			SHA384
255>0	byte	0x0a			SHA512
256>0	byte	0x0b			SHA224
257
258# display public key algorithms as human readable text
2590	name	key_algo
260>0	byte	0x01			RSA (Encrypt or Sign)
261# keep old look of version 5.28 without parentheses
262>0	byte	0x02			RSA Encrypt-Only
263>0	byte	0x03			RSA (Sign-Only)
264>0	byte	16			ElGamal (Encrypt-Only)
265>0	byte	17			DSA
266>0	byte	18			Elliptic Curve
267>0	byte	19			ECDSA
268>0	byte	20			ElGamal (Encrypt or Sign)
269>0	byte	21			Diffie-Hellman
270>0	default	x
271>>0	ubyte	<22			unknown (pub %d)
272# this should never happen
273>>0	ubyte	>21			invalid (%d)
274
275# pgp symmetric encrypted data
276
2770	byte	0x8c			PGP symmetric key encrypted data -
278>1	byte	0x0d
279>1	byte	0x0c
280>2	byte	0x04
281>3	use	crypto
282>4	byte	0x01			salted -
283>>5	use	hash
284>>14	byte	0xd2			.
285>>14	byte	0xc9			.
286>4	byte	0x03			salted & iterated -
287>>5	use	hash
288>>15	byte	0xd2			.
289>>15	byte	0xc9			.
290
291# encrypted keymaterial needs s2k & can be checksummed/hashed
292
2930	name	chkcrypto
294>0	use	crypto
295>1	byte	0x00			Simple S2K
296>1	byte	0x01			Salted S2K
297>1	byte	0x03			Salted&Iterated S2K
298>2	use	hash
299
300# all PGP keys start with this prolog
301# containing version, creation date, and purpose
302
3030	name	keyprolog
304>0	byte	0x04
305>1	beldate	x			created on %s -
306>5	byte	0x01			RSA (Encrypt or Sign)
307>5	byte	0x02			RSA Encrypt-Only
308
309# end of secret keys known signature
310# contains e=65537 and the prolog to
311# the encrypted parameters
312
3130	name	keyend
314>0	string	\x00\x11\x01\x00\x01	e=65537
315>5	use	crypto
316>5	byte	0xff			checksummed
317>>6	use	chkcrypto
318>5	byte	0xfe			hashed
319>>6	use	chkcrypto
320
321# PGP secret keys contain also the public parts
322# these vary by bitsize of the key
323
3240	name	x1024
325>0	use	keyprolog
326>6	string	\x03\xfe
327>6	string	\x03\xff
328>6	string	\x04\x00
329>136	use	keyend
330
3310	name	x2048
332>0	use	keyprolog
333>6	string	\x80\x00
334>6	string	\x07\xfe
335>6	string	\x07\xff
336>264	use	keyend
337
3380	name	x3072
339>0	use	keyprolog
340>6	string	\x0b\xfe
341>6	string	\x0b\xff
342>6	string	\x0c\x00
343>392	use	keyend
344
3450	name	x4096
346>0	use	keyprolog
347>6	string	\x10\x00
348>6	string	\x0f\xfe
349>6	string	\x0f\xff
350>520	use	keyend
351
352# \x00|\x1f[\xfe\xff]).{1024})'
3530	name	x8192
354>0	use	keyprolog
355>6	string	\x20\x00
356>6	string	\x1f\xfe
357>6	string	\x1f\xff
358>1032	use	keyend
359
360# depending on the size of the pkt
361# we branch into the proper key size
362# signatures defined as x{keysize}
363
3640	name	pgpkey
365>0	string	\x01\xd8	1024b
366>>2	use	x1024
367>0	string	\x01\xeb	1024b
368>>2	use	x1024
369>0	string	\x01\xfb	1024b
370>>2	use	x1024
371>0	string	\x01\xfd	1024b
372>>2	use	x1024
373>0	string	\x01\xf3	1024b
374>>2	use	x1024
375>0	string	\x01\xee	1024b
376>>2	use	x1024
377>0	string	\x01\xfe	1024b
378>>2	use	x1024
379>0	string	\x01\xf4	1024b
380>>2	use	x1024
381>0	string	\x02\x0d	1024b
382>>2	use	x1024
383>0	string	\x02\x03	1024b
384>>2	use	x1024
385>0	string	\x02\x05	1024b
386>>2	use	x1024
387>0	string	\x02\x15	1024b
388>>2	use	x1024
389>0	string	\x02\x00	1024b
390>>2	use	x1024
391>0	string	\x02\x10	1024b
392>>2	use	x1024
393>0	string	\x02\x04	1024b
394>>2	use	x1024
395>0	string	\x02\x06	1024b
396>>2	use	x1024
397>0	string	\x02\x16	1024b
398>>2	use	x1024
399>0	string	\x03\x98	2048b
400>>2	use	x2048
401>0	string	\x03\xab	2048b
402>>2	use	x2048
403>0	string	\x03\xbb	2048b
404>>2	use	x2048
405>0	string	\x03\xbd	2048b
406>>2	use	x2048
407>0	string	\x03\xcd	2048b
408>>2	use	x2048
409>0	string	\x03\xb3	2048b
410>>2	use	x2048
411>0	string	\x03\xc3	2048b
412>>2	use	x2048
413>0	string	\x03\xc5	2048b
414>>2	use	x2048
415>0	string	\x03\xd5	2048b
416>>2	use	x2048
417>0	string	\x03\xae	2048b
418>>2	use	x2048
419>0	string	\x03\xbe	2048b
420>>2	use	x2048
421>0	string	\x03\xc0	2048b
422>>2	use	x2048
423>0	string	\x03\xd0	2048b
424>>2	use	x2048
425>0	string	\x03\xb4	2048b
426>>2	use	x2048
427>0	string	\x03\xc4	2048b
428>>2	use	x2048
429>0	string	\x03\xc6	2048b
430>>2	use	x2048
431>0	string	\x03\xd6	2048b
432>>2	use	x2048
433>0	string	\x05X		3072b
434>>2	use	x3072
435>0	string	\x05k		3072b
436>>2	use	x3072
437>0	string	\x05{		3072b
438>>2	use	x3072
439>0	string	\x05}		3072b
440>>2	use	x3072
441>0	string	\x05\x8d	3072b
442>>2	use	x3072
443>0	string	\x05s		3072b
444>>2	use	x3072
445>0	string	\x05\x83	3072b
446>>2	use	x3072
447>0	string	\x05\x85	3072b
448>>2	use	x3072
449>0	string	\x05\x95	3072b
450>>2	use	x3072
451>0	string	\x05n		3072b
452>>2	use	x3072
453>0	string	\x05\x7e	3072b
454>>2	use	x3072
455>0	string	\x05\x80	3072b
456>>2	use	x3072
457>0	string	\x05\x90	3072b
458>>2	use	x3072
459>0	string	\x05t		3072b
460>>2	use	x3072
461>0	string	\x05\x84	3072b
462>>2	use	x3072
463>0	string	\x05\x86	3072b
464>>2	use	x3072
465>0	string	\x05\x96	3072b
466>>2	use	x3072
467>0	string	\x07[		4096b
468>>2	use	x4096
469>0	string	\x07\x18	4096b
470>>2	use	x4096
471>0	string	\x07+		4096b
472>>2	use	x4096
473>0	string	\x07;		4096b
474>>2	use	x4096
475>0	string	\x07=		4096b
476>>2	use	x4096
477>0	string	\x07M		4096b
478>>2	use	x4096
479>0	string	\x073		4096b
480>>2	use	x4096
481>0	string	\x07C		4096b
482>>2	use	x4096
483>0	string	\x07E		4096b
484>>2	use	x4096
485>0	string	\x07U		4096b
486>>2	use	x4096
487>0	string	\x07.		4096b
488>>2	use	x4096
489>0	string	\x07>		4096b
490>>2	use	x4096
491>0	string	\x07@		4096b
492>>2	use	x4096
493>0	string	\x07P		4096b
494>>2	use	x4096
495>0	string	\x074		4096b
496>>2	use	x4096
497>0	string	\x07D		4096b
498>>2	use	x4096
499>0	string	\x07F		4096b
500>>2	use	x4096
501>0	string	\x07V		4096b
502>>2	use	x4096
503>0	string	\x0e[		8192b
504>>2	use	x8192
505>0	string	\x0e\x18	8192b
506>>2	use	x8192
507>0	string	\x0e+		8192b
508>>2	use	x8192
509>0	string	\x0e;		8192b
510>>2	use	x8192
511>0	string	\x0e=		8192b
512>>2	use	x8192
513>0	string	\x0eM		8192b
514>>2	use	x8192
515>0	string	\x0e3		8192b
516>>2	use	x8192
517>0	string	\x0eC		8192b
518>>2	use	x8192
519>0	string	\x0eE		8192b
520>>2	use	x8192
521>0	string	\x0eU		8192b
522>>2	use	x8192
523>0	string	\x0e.		8192b
524>>2	use	x8192
525>0	string	\x0e>		8192b
526>>2	use	x8192
527>0	string	\x0e@		8192b
528>>2	use	x8192
529>0	string	\x0eP		8192b
530>>2	use	x8192
531>0	string	\x0e4		8192b
532>>2	use	x8192
533>0	string	\x0eD		8192b
534>>2	use	x8192
535>0	string	\x0eF		8192b
536>>2	use	x8192
537>0	string	\x0eV		8192b
538>>2	use	x8192
539
540# PGP RSA (e=65537) secret (sub-)key header
541
5420	byte	0x97			PGP Secret Sub-key -
543>1	use	pgpkey
5440	byte	0x9d
545# Update: Joerg Jenderek
546# secret subkey packet (tag 7) with same structure as secret key packet (tag 5)
547# skip Fetus.Sys16 CALIBUS.MAIN OrbFix.Sys16.Ex by looking for positive len
548>1	ubeshort	>0
549#>1	ubeshort	x		\b, body length %#x
550# next packet type often 88h,89h~(tag 2)~Signature Packet
551#>>(1.S+3)	ubyte	x		\b, next packet type %#x
552# skip Dragon.SHR DEMO.INIT by looking for positive version
553>>3	ubyte		>0
554# skip BUISSON.13 GUITAR1 by looking for low version number
555>>>3	ubyte		<5		PGP Secret Sub-key
556# sub-key are normally part of secret key. So it does not occur as standalone file
557#!:ext	bin
558# version 2,3~old 4~new . Comment following line for version 5.28 look
559>>>>3	ubyte		x		(v%d)
560>>>>3	ubyte		x		-
561# old versions 2 or 3 but no real example found
562>>>>3	ubyte		<4
563# 2 byte for key bits in version 5.28 look
564>>>>>11		ubeshort	x	%db
565>>>>>4		beldate		x	created on %s -
566# old versions use 2 additional bytes after time stamp
567#>>>>>8		ubeshort	x	%#x
568# display key algorithm 1~RSA Encrypt|Sign - 21~Diffie-Hellman
569>>>>>10	  	use		key_algo
570>>>>>(11.S/8)	ubequad		x
571# look after first key
572>>>>>>&5	use		keyend
573# new version
574>>>>3	ubyte		>3
575>>>>>9		ubeshort	x	%db
576>>>>>4		beldate		x	created on %s -
577# display key algorithm
578>>>>>8		use		key_algo
579>>>>>(9.S/8)	ubequad		x
580# look after first key for something like s2k
581>>>>>>&3	use		keyend
582