xref: /dragonfly/contrib/file/magic/Magdir/pgp (revision 7b80531f545c7d3c51c1660130c71d01f6bccbe0)
1
2#------------------------------------------------------------------------------
3# $File: pgp,v 1.25 2021/04/26 15:56:00 christos Exp $
4# pgp:  file(1) magic for Pretty Good Privacy
5
6# Handling of binary PGP keys is in pgp-binary-keys.
7# see https://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
8#
90         beshort             0xa600                        PGP encrypted data
10#!:mime   application/pgp-encrypted
11#0        string              -----BEGIN\040PGP   text/PGP armored data
12!:mime    text/PGP # encoding: armored data
13#>15      string    PUBLIC\040KEY\040BLOCK-       public key block
14#>15      string    MESSAGE-            message
15#>15      string    SIGNED\040MESSAGE-  signed message
16#>15      string    PGP\040SIGNATURE-   signature
17
18# Update: Joerg Jenderek
19# URL:              http://en.wikipedia.org/wiki/Pretty_Good_Privacy
20# Reference:        https://reposcope.com/mimetype/application/pgp-keys
212         string    ---BEGIN\040PGP\040PRIVATE\040KEY\040BLOCK-       PGP private key block
22#!:mime   text/PGP
23!:mime    application/pgp-keys
24!:ext     asc
252         string    ---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK-        PGP public key block
26!:mime    application/pgp-keys
27!:ext     asc
28>10       search/100          \n\n
29>>&0      use                 pgp
300         string    -----BEGIN\040PGP\040MESSAGE-           PGP message
31# https://reposcope.com/mimetype/application/pgp-encrypted
32#!:mime   application/pgp
33!:mime    application/pgp-encrypted
34!:ext     asc
35#!:ext    asc/pgp/gpg
36>10       search/100          \n\n
37>>&0      use                 pgp
38# Reference:        https://www.gnupg.org/gph/en/manual/x135.html
390         string    -----BEGIN\040PGP\040SIGNED\040MESSAGE- PGP signed message
40#!:mime   text/plain
41!:mime    text/PGP
42#!:mime   application/pgp
43!:ext     asc
440         string    -----BEGIN\040PGP\040SIGNATURE-                   PGP signature
45# https://reposcope.com/mimetype/application/pgp-signature
46!:mime    application/pgp-signature
47!:ext     asc
48>10       search/100          \n\n
49>>&0      use                 pgp
50
51# Decode the type of the packet based on it's base64 encoding.
52# Idea from Mark Martinec
53# The specification is in RFC 4880, section 4.2 and 4.3:
54# https://tools.ietf.org/html/rfc4880#section-4.2
55
560         name                pgp
57>0        byte                0x67                Reserved (old)
58>0        byte                0x68                Public-Key Encrypted Session Key (old)
59>0        byte                0x69                Signature (old)
60>0        byte                0x6a                Symmetric-Key Encrypted Session Key (old)
61>0        byte                0x6b                One-Pass Signature (old)
62>0        byte                0x6c                Secret-Key (old)
63>0        byte                0x6d                Public-Key (old)
64>0        byte                0x6e                Secret-Subkey (old)
65>0        byte                0x6f                Compressed Data (old)
66>0        byte                0x70                Symmetrically Encrypted Data (old)
67>0        byte                0x71                Marker (old)
68>0        byte                0x72                Literal Data (old)
69>0        byte                0x73                Trust (old)
70>0        byte                0x74                User ID (old)
71>0        byte                0x75                Public-Subkey (old)
72>0        byte                0x76                Unused (old)
73>0        byte                0x77
74>>1       byte&0xc0 0x00                Reserved
75>>1       byte&0xc0 0x40                Public-Key Encrypted Session Key
76>>1       byte&0xc0 0x80                Signature
77>>1       byte&0xc0 0xc0                Symmetric-Key Encrypted Session Key
78>0        byte                0x78
79>>1       byte&0xc0 0x00                One-Pass Signature
80>>1       byte&0xc0 0x40                Secret-Key
81>>1       byte&0xc0 0x80                Public-Key
82>>1       byte&0xc0 0xc0                Secret-Subkey
83>0        byte                0x79
84>>1       byte&0xc0 0x00                Compressed Data
85>>1       byte&0xc0 0x40                Symmetrically Encrypted Data
86>>1       byte&0xc0 0x80                Marker
87>>1       byte&0xc0 0xc0                Literal Data
88>0        byte                0x7a
89>>1       byte&0xc0 0x00                Trust
90>>1       byte&0xc0 0x40                User ID
91>>1       byte&0xc0 0x80                Public-Subkey
92>>1       byte&0xc0 0xc0                Unused [z%x]
93>0        byte                0x30
94>>1       byte&0xc0 0x00                Unused [0%x]
95>>1       byte&0xc0 0x40                User Attribute
96>>1       byte&0xc0 0x80                Sym. Encrypted and Integrity Protected Data
97>>1       byte&0xc0 0xc0                Modification Detection Code
98
99# magic signatures to detect PGP crypto material (from stef)
100# detects and extracts metadata from:
101#  - symmetric encrypted packet header
102#  - RSA (e=65537) secret (sub-)keys
103
104# 1024b RSA encrypted data
105
1060         string    \x84\x8c\x03                  PGP RSA encrypted session key -
107>3        belong    x                             keyid: %08X
108>7        belong    x                             %08X
109>11       byte      0x01                          RSA (Encrypt or Sign) 1024b
110>11       byte      0x02                          RSA Encrypt-Only 1024b
111>12       string    \x04\x00
112>12       string    \x03\xff
113>12       string    \x03\xfe
114>12       string    \x03\xfd
115>12       string    \x03\xfc
116>12       string    \x03\xfb
117>12       string    \x03\xfa
118>12       string    \x03\xf9
119>142      byte      0xd2                          .
120
121# 2048b RSA encrypted data
122
1230         string    \x85\x01\x0c\x03    PGP RSA encrypted session key -
124>4        belong    x                             keyid: %08X
125>8        belong    x                             %08X
126>12       byte      0x01                          RSA (Encrypt or Sign) 2048b
127>12       byte      0x02                          RSA Encrypt-Only 2048b
128>13       string    \x08\x00
129>13       string    \x07\xff
130>13       string    \x07\xfe
131>13       string    \x07\xfd
132>13       string    \x07\xfc
133>13       string    \x07\xfb
134>13       string    \x07\xfa
135>13       string    \x07\xf9
136>271      byte      0xd2                          .
137
138# 3072b RSA encrypted data
139
1400         string    \x85\x01\x8c\x03    PGP RSA encrypted session key -
141>4        belong    x                             keyid: %08X
142>8        belong    x                             %08X
143>12       byte      0x01                          RSA (Encrypt or Sign) 3072b
144>12       byte      0x02                          RSA Encrypt-Only 3072b
145>13       string    \x0c\x00
146>13       string    \x0b\xff
147>13       string    \x0b\xfe
148>13       string    \x0b\xfd
149>13       string    \x0b\xfc
150>13       string    \x0b\xfb
151>13       string    \x0b\xfa
152>13       string    \x0b\xf9
153>399      byte      0xd2                          .
154
155# 4096b RSA encrypted data
156
1570         string    \x85\x02\x0c\x03    PGP RSA encrypted session key -
158>4        belong    x                             keyid: %08X
159>8        belong    x                             %08X
160>12       byte      0x01                          RSA (Encrypt or Sign) 4096b
161>12       byte      0x02                          RSA Encrypt-Only 4096b
162>13       string    \x10\x00
163>13       string    \x0f\xff
164>13       string    \x0f\xfe
165>13       string    \x0f\xfd
166>13       string    \x0f\xfc
167>13       string    \x0f\xfb
168>13       string    \x0f\xfa
169>13       string    \x0f\xf9
170>527      byte      0xd2                          .
171
172# 8192b RSA encrypted data
173
1740         string    \x85\x04\x0c\x03    PGP RSA encrypted session key -
175>4        belong    x                             keyid: %08X
176>8        belong    x                             %08X
177>12       byte      0x01                          RSA (Encrypt or Sign) 8192b
178>12       byte      0x02                          RSA Encrypt-Only 8192b
179>13       string    \x20\x00
180>13       string    \x1f\xff
181>13       string    \x1f\xfe
182>13       string    \x1f\xfd
183>13       string    \x1f\xfc
184>13       string    \x1f\xfb
185>13       string    \x1f\xfa
186>13       string    \x1f\xf9
187>1039     byte      0xd2                          .
188
189# 1024b Elgamal encrypted data
190
1910         string    \x85\x01\x0e\x03    PGP Elgamal encrypted session key -
192>4        belong    x                             keyid: %08X
193>8        belong    x                             %08X
194>12       byte      0x10                          Elgamal Encrypt-Only 1024b.
195>13       string    \x04\x00
196>13       string    \x03\xff
197>13       string    \x03\xfe
198>13       string    \x03\xfd
199>13       string    \x03\xfc
200>13       string    \x03\xfb
201>13       string    \x03\xfa
202>13       string    \x03\xf9
203
204# 2048b Elgamal encrypted data
205
2060         string    \x85\x02\x0e\x03    PGP Elgamal encrypted session key -
207>4        belong    x                             keyid: %08X
208>8        belong    x                             %08X
209>12       byte      0x10                          Elgamal Encrypt-Only 2048b.
210>13       string    \x08\x00
211>13       string    \x07\xff
212>13       string    \x07\xfe
213>13       string    \x07\xfd
214>13       string    \x07\xfc
215>13       string    \x07\xfb
216>13       string    \x07\xfa
217>13       string    \x07\xf9
218
219# 3072b Elgamal encrypted data
220
2210         string    \x85\x03\x0e\x03    PGP Elgamal encrypted session key -
222>4        belong    x                             keyid: %08X
223>8        belong    x                             %08X
224>12       byte      0x10                          Elgamal Encrypt-Only 3072b.
225>13       string    \x0c\x00
226>13       string    \x0b\xff
227>13       string    \x0b\xfe
228>13       string    \x0b\xfd
229>13       string    \x0b\xfc
230>13       string    \x0b\xfb
231>13       string    \x0b\xfa
232>13       string    \x0b\xf9
233
234# crypto algo mapper
235
2360         name      crypto
237>0        byte      0x00                          Plaintext or unencrypted data
238>0        byte      0x01                          IDEA
239>0        byte      0x02                          TripleDES
240>0        byte      0x03                          CAST5 (128 bit key)
241>0        byte      0x04                          Blowfish (128 bit key, 16 rounds)
242>0        byte      0x07                          AES with 128-bit key
243>0        byte      0x08                          AES with 192-bit key
244>0        byte      0x09                          AES with 256-bit key
245>0        byte      0x0a                          Twofish with 256-bit key
246
247# hash algo mapper
248
2490         name      hash
250>0        byte      0x01                          MD5
251>0        byte      0x02                          SHA-1
252>0        byte      0x03                          RIPE-MD/160
253>0        byte      0x08                          SHA256
254>0        byte      0x09                          SHA384
255>0        byte      0x0a                          SHA512
256>0        byte      0x0b                          SHA224
257
258# display public key algorithms as human readable text
2590         name      key_algo
260>0        byte      0x01                          RSA (Encrypt or Sign)
261# keep old look of version 5.28 without parentheses
262>0        byte      0x02                          RSA Encrypt-Only
263>0        byte      0x03                          RSA (Sign-Only)
264>0        byte      16                            ElGamal (Encrypt-Only)
265>0        byte      17                            DSA
266>0        byte      18                            Elliptic Curve
267>0        byte      19                            ECDSA
268>0        byte      20                            ElGamal (Encrypt or Sign)
269>0        byte      21                            Diffie-Hellman
270>0        default   x
271>>0       ubyte     <22                           unknown (pub %d)
272# this should never happen
273>>0       ubyte     >21                           invalid (%d)
274
275# pgp symmetric encrypted data
276
2770         byte      0x8c                          PGP symmetric key encrypted data -
278>1        byte      0x0d
279>1        byte      0x0c
280>2        byte      0x04
281>3        use       crypto
282>4        byte      0x01                          salted -
283>>5       use       hash
284>>14      byte      0xd2                          .
285>>14      byte      0xc9                          .
286>4        byte      0x03                          salted & iterated -
287>>5       use       hash
288>>15      byte      0xd2                          .
289>>15      byte      0xc9                          .
290
291# encrypted keymaterial needs s2k & can be checksummed/hashed
292
2930         name      chkcrypto
294>0        use       crypto
295>1        byte      0x00                          Simple S2K
296>1        byte      0x01                          Salted S2K
297>1        byte      0x03                          Salted&Iterated S2K
298>2        use       hash
299
300# all PGP keys start with this prolog
301# containing version, creation date, and purpose
302
3030         name      keyprolog
304>0        byte      0x04
305>1        beldate   x                             created on %s -
306>5        byte      0x01                          RSA (Encrypt or Sign)
307>5        byte      0x02                          RSA Encrypt-Only
308
309# end of secret keys known signature
310# contains e=65537 and the prolog to
311# the encrypted parameters
312
3130         name      keyend
314>0        string    \x00\x11\x01\x00\x01          e=65537
315>5        use       crypto
316>5        byte      0xff                          checksummed
317>>6       use       chkcrypto
318>5        byte      0xfe                          hashed
319>>6       use       chkcrypto
320
321# PGP secret keys contain also the public parts
322# these vary by bitsize of the key
323
3240         name      x1024
325>0        use       keyprolog
326>6        string    \x03\xfe
327>6        string    \x03\xff
328>6        string    \x04\x00
329>136      use       keyend
330
3310         name      x2048
332>0        use       keyprolog
333>6        string    \x80\x00
334>6        string    \x07\xfe
335>6        string    \x07\xff
336>264      use       keyend
337
3380         name      x3072
339>0        use       keyprolog
340>6        string    \x0b\xfe
341>6        string    \x0b\xff
342>6        string    \x0c\x00
343>392      use       keyend
344
3450         name      x4096
346>0        use       keyprolog
347>6        string    \x10\x00
348>6        string    \x0f\xfe
349>6        string    \x0f\xff
350>520      use       keyend
351
352# \x00|\x1f[\xfe\xff]).{1024})'
3530         name      x8192
354>0        use       keyprolog
355>6        string    \x20\x00
356>6        string    \x1f\xfe
357>6        string    \x1f\xff
358>1032     use       keyend
359
360# depending on the size of the pkt
361# we branch into the proper key size
362# signatures defined as x{keysize}
363
3640         name      pgpkey
365>0        string    \x01\xd8  1024b
366>>2       use       x1024
367>0        string    \x01\xeb  1024b
368>>2       use       x1024
369>0        string    \x01\xfb  1024b
370>>2       use       x1024
371>0        string    \x01\xfd  1024b
372>>2       use       x1024
373>0        string    \x01\xf3  1024b
374>>2       use       x1024
375>0        string    \x01\xee  1024b
376>>2       use       x1024
377>0        string    \x01\xfe  1024b
378>>2       use       x1024
379>0        string    \x01\xf4  1024b
380>>2       use       x1024
381>0        string    \x02\x0d  1024b
382>>2       use       x1024
383>0        string    \x02\x03  1024b
384>>2       use       x1024
385>0        string    \x02\x05  1024b
386>>2       use       x1024
387>0        string    \x02\x15  1024b
388>>2       use       x1024
389>0        string    \x02\x00  1024b
390>>2       use       x1024
391>0        string    \x02\x10  1024b
392>>2       use       x1024
393>0        string    \x02\x04  1024b
394>>2       use       x1024
395>0        string    \x02\x06  1024b
396>>2       use       x1024
397>0        string    \x02\x16  1024b
398>>2       use       x1024
399>0        string    \x03\x98  2048b
400>>2       use       x2048
401>0        string    \x03\xab  2048b
402>>2       use       x2048
403>0        string    \x03\xbb  2048b
404>>2       use       x2048
405>0        string    \x03\xbd  2048b
406>>2       use       x2048
407>0        string    \x03\xcd  2048b
408>>2       use       x2048
409>0        string    \x03\xb3  2048b
410>>2       use       x2048
411>0        string    \x03\xc3  2048b
412>>2       use       x2048
413>0        string    \x03\xc5  2048b
414>>2       use       x2048
415>0        string    \x03\xd5  2048b
416>>2       use       x2048
417>0        string    \x03\xae  2048b
418>>2       use       x2048
419>0        string    \x03\xbe  2048b
420>>2       use       x2048
421>0        string    \x03\xc0  2048b
422>>2       use       x2048
423>0        string    \x03\xd0  2048b
424>>2       use       x2048
425>0        string    \x03\xb4  2048b
426>>2       use       x2048
427>0        string    \x03\xc4  2048b
428>>2       use       x2048
429>0        string    \x03\xc6  2048b
430>>2       use       x2048
431>0        string    \x03\xd6  2048b
432>>2       use       x2048
433>0        string    \x05X               3072b
434>>2       use       x3072
435>0        string    \x05k               3072b
436>>2       use       x3072
437>0        string    \x05{               3072b
438>>2       use       x3072
439>0        string    \x05}               3072b
440>>2       use       x3072
441>0        string    \x05\x8d  3072b
442>>2       use       x3072
443>0        string    \x05s               3072b
444>>2       use       x3072
445>0        string    \x05\x83  3072b
446>>2       use       x3072
447>0        string    \x05\x85  3072b
448>>2       use       x3072
449>0        string    \x05\x95  3072b
450>>2       use       x3072
451>0        string    \x05n               3072b
452>>2       use       x3072
453>0        string    \x05\x7e  3072b
454>>2       use       x3072
455>0        string    \x05\x80  3072b
456>>2       use       x3072
457>0        string    \x05\x90  3072b
458>>2       use       x3072
459>0        string    \x05t               3072b
460>>2       use       x3072
461>0        string    \x05\x84  3072b
462>>2       use       x3072
463>0        string    \x05\x86  3072b
464>>2       use       x3072
465>0        string    \x05\x96  3072b
466>>2       use       x3072
467>0        string    \x07[               4096b
468>>2       use       x4096
469>0        string    \x07\x18  4096b
470>>2       use       x4096
471>0        string    \x07+               4096b
472>>2       use       x4096
473>0        string    \x07;               4096b
474>>2       use       x4096
475>0        string    \x07=               4096b
476>>2       use       x4096
477>0        string    \x07M               4096b
478>>2       use       x4096
479>0        string    \x073               4096b
480>>2       use       x4096
481>0        string    \x07C               4096b
482>>2       use       x4096
483>0        string    \x07E               4096b
484>>2       use       x4096
485>0        string    \x07U               4096b
486>>2       use       x4096
487>0        string    \x07.               4096b
488>>2       use       x4096
489>0        string    \x07>               4096b
490>>2       use       x4096
491>0        string    \x07@               4096b
492>>2       use       x4096
493>0        string    \x07P               4096b
494>>2       use       x4096
495>0        string    \x074               4096b
496>>2       use       x4096
497>0        string    \x07D               4096b
498>>2       use       x4096
499>0        string    \x07F               4096b
500>>2       use       x4096
501>0        string    \x07V               4096b
502>>2       use       x4096
503>0        string    \x0e[               8192b
504>>2       use       x8192
505>0        string    \x0e\x18  8192b
506>>2       use       x8192
507>0        string    \x0e+               8192b
508>>2       use       x8192
509>0        string    \x0e;               8192b
510>>2       use       x8192
511>0        string    \x0e=               8192b
512>>2       use       x8192
513>0        string    \x0eM               8192b
514>>2       use       x8192
515>0        string    \x0e3               8192b
516>>2       use       x8192
517>0        string    \x0eC               8192b
518>>2       use       x8192
519>0        string    \x0eE               8192b
520>>2       use       x8192
521>0        string    \x0eU               8192b
522>>2       use       x8192
523>0        string    \x0e.               8192b
524>>2       use       x8192
525>0        string    \x0e>               8192b
526>>2       use       x8192
527>0        string    \x0e@               8192b
528>>2       use       x8192
529>0        string    \x0eP               8192b
530>>2       use       x8192
531>0        string    \x0e4               8192b
532>>2       use       x8192
533>0        string    \x0eD               8192b
534>>2       use       x8192
535>0        string    \x0eF               8192b
536>>2       use       x8192
537>0        string    \x0eV               8192b
538>>2       use       x8192
539
540# PGP RSA (e=65537) secret (sub-)key header
541
5420         byte      0x97                          PGP Secret Sub-key -
543>1        use       pgpkey
5440         byte      0x9d
545# Update: Joerg Jenderek
546# secret subkey packet (tag 7) with same structure as secret key packet (tag 5)
547# skip Fetus.Sys16 CALIBUS.MAIN OrbFix.Sys16.Ex by looking for positive len
548>1        ubeshort  >0
549#>1       ubeshort  x                   \b, body length %#x
550# next packet type often 88h,89h~(tag 2)~Signature Packet
551#>>(1.S+3)          ubyte     x                   \b, next packet type %#x
552# skip Dragon.SHR DEMO.INIT by looking for positive version
553>>3       ubyte               >0
554# skip BUISSON.13 GUITAR1 by looking for low version number
555>>>3      ubyte               <5                  PGP Secret Sub-key
556# sub-key are normally part of secret key. So it does not occur as standalone file
557#!:ext    bin
558# version 2,3~old 4~new . Comment following line for version 5.28 look
559>>>>3     ubyte               x                   (v%d)
560>>>>3     ubyte               x                   -
561# old versions 2 or 3 but no real example found
562>>>>3     ubyte               <4
563# 2 byte for key bits in version 5.28 look
564>>>>>11             ubeshort  x         %db
565>>>>>4              beldate             x         created on %s -
566# old versions use 2 additional bytes after time stamp
567#>>>>>8             ubeshort  x         %#x
568# display key algorithm 1~RSA Encrypt|Sign - 21~Diffie-Hellman
569>>>>>10             use                 key_algo
570>>>>>(11.S/8)       ubequad             x
571# look after first key
572>>>>>>&5  use                 keyend
573# new version
574>>>>3     ubyte               >3
575>>>>>9              ubeshort  x         %db
576>>>>>4              beldate             x         created on %s -
577# display key algorithm
578>>>>>8              use                 key_algo
579>>>>>(9.S/8)        ubequad             x
580# look after first key for something like s2k
581>>>>>>&3  use                 keyend
582