From 10429269fbeb9442be4c5592b9111ccedbfefd0d Mon Sep 17 00:00:00 2001 From: Lorry Tar Creator Date: Sat, 2 Sep 2017 08:54:31 +0000 Subject: file-5.32 --- magic/Magdir/pgp | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 60 insertions(+), 7 deletions(-) (limited to 'magic/Magdir/pgp') diff --git a/magic/Magdir/pgp b/magic/Magdir/pgp index 95a6766..585475d 100644 --- a/magic/Magdir/pgp +++ b/magic/Magdir/pgp @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pgp,v 1.11 2014/11/11 21:32:38 christos Exp $ +# $File: pgp,v 1.14 2017/03/17 21:35:28 christos Exp $ # pgp: file(1) magic for Pretty Good Privacy # see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html # @@ -19,15 +19,15 @@ #>15 string SIGNED\040MESSAGE- signed message #>15 string PGP\040SIGNATURE- signature -2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- PGP public key block +2 string ---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK- PGP public key block !:mime application/pgp-keys >10 search/100 \n\n >>&0 use pgp -0 string -----BEGIN\040PGP\40MESSAGE- PGP message +0 string -----BEGIN\040PGP\040MESSAGE- PGP message !:mime application/pgp >10 search/100 \n\n >>&0 use pgp -0 string -----BEGIN\040PGP\40SIGNATURE- PGP signature +0 string -----BEGIN\040PGP\040SIGNATURE- PGP signature !:mime application/pgp-signature >10 search/100 \n\n >>&0 use pgp @@ -77,7 +77,7 @@ >0 byte 0x30 >>1 byte&0xc0 0x00 Unused [0%x] >>1 byte&0xc0 0x40 User Attribute ->>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data +>>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data >>1 byte&0xc0 0xc0 Modification Detection Code # magic signatures to detect PGP crypto material (from stef) @@ -194,6 +194,23 @@ >0 byte 0x0a SHA512 >0 byte 0x0b SHA224 +# display public key algorithms as human readable text +0 name key_algo +>0 byte 0x01 RSA (Encrypt or Sign) +# keep old look of version 5.28 without parentheses +>0 byte 0x02 RSA Encrypt-Only +>0 byte 0x03 RSA (Sign-Only) +>0 byte 16 ElGamal (Encrypt-Only) +>0 byte 17 DSA +>0 byte 18 Elliptic Curve +>0 byte 19 ECDSA +>0 byte 20 ElGamal (Encrypt or Sign) +>0 byte 21 Diffie-Hellman +>0 default x +>>0 ubyte <22 unknown (pub %d) +# this should never happen +>>0 ubyte >21 invalid (%d) + # pgp symmetric encrypted data 0 byte 0x8c PGP symmetric key encrypted data - @@ -465,5 +482,41 @@ >1 use pgpkey 0 byte 0x97 PGP Secret Sub-key - >1 use pgpkey -0 byte 0x9d PGP Secret Sub-key - ->1 use pgpkey +0 byte 0x9d +# Update: Joerg Jenderek +# secret subkey packet (tag 7) with same structure as secret key packet (tag 5) +# skip Fetus.Sys16 CALIBUS.MAIN OrbFix.Sys16.Ex by looking for positive len +>1 ubeshort >0 +#>1 ubeshort x \b, body length 0x%x +# next packet type often 88h,89h~(tag 2)~Signature Packet +#>>(1.S+3) ubyte x \b, next packet type 0x%x +# skip Dragon.SHR DEMO.INIT by looking for positive version +>>3 ubyte >0 +# skip BUISSON.13 GUITAR1 by looking for low version number +>>>3 ubyte <5 PGP Secret Sub-key +# sub-key are normally part of secret key. So it does not occur as standalone file +#!:ext bin +# version 2,3~old 4~new . Comment following line for version 5.28 look +>>>>3 ubyte x (v%d) +>>>>3 ubyte x - +# old versions 2 or 3 but no real example found +>>>>3 ubyte <4 +# 2 byte for key bits in version 5.28 look +>>>>>11 ubeshort x %db +>>>>>4 beldate x created on %s - +# old versions use 2 additional bytes after time stamp +#>>>>>8 ubeshort x 0x%x +# display key algorithm 1~RSA Encrypt|Sign - 21~Diffie-Hellman +>>>>>10 use key_algo +>>>>>(11.S/8) ubequad x +# look after first key +>>>>>>&5 use keyend +# new version +>>>>3 ubyte >3 +>>>>>9 ubeshort x %db +>>>>>4 beldate x created on %s - +# display key algorithm +>>>>>8 use key_algo +>>>>>(9.S/8) ubequad x +# look after first key for something like s2k +>>>>>>&3 use keyend -- cgit v1.2.1