1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
|
#------------------------------------------------------------------------------
# $File: pgp,v 1.10 2014/10/14 16:50:37 christos Exp $
# pgp: file(1) magic for Pretty Good Privacy
# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
#
0 beshort 0x9900 PGP key public ring
!:mime application/x-pgp-keyring
0 beshort 0x9501 PGP key security ring
!:mime application/x-pgp-keyring
0 beshort 0x9500 PGP key security ring
!:mime application/x-pgp-keyring
0 beshort 0xa600 PGP encrypted data
#!:mime application/pgp-encrypted
#0 string -----BEGIN\040PGP text/PGP armored data
!:mime text/PGP # encoding: armored data
#>15 string PUBLIC\040KEY\040BLOCK- public key block
#>15 string MESSAGE- message
#>15 string SIGNED\040MESSAGE- signed message
#>15 string PGP\040SIGNATURE- signature
2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- PGP public key block
!:mime application/pgp-keys
>10 search/100 \n\n
>>&0 use pgp
0 string -----BEGIN\040PGP\40MESSAGE- PGP message
!:mime application/pgp
>10 search/100 \n\n
>>&0 use pgp
0 string -----BEGIN\040PGP\40SIGNATURE- PGP signature
!:mime application/pgp-signature
>10 search/100 \n\n
>>&0 use pgp
# Decode the type of the packet based on it's base64 encoding.
# Idea from Mark Martinec
# The specification is in RFC 4880, section 4.2 and 4.3:
# http://tools.ietf.org/html/rfc4880#section-4.2
0 name pgp
>0 byte 0x67 Reserved (old)
>0 byte 0x68 Public-Key Encrypted Session Key (old)
>0 byte 0x69 Signature (old)
>0 byte 0x6a Symmetric-Key Encrypted Session Key (old)
>0 byte 0x6b One-Pass Signature (old)
>0 byte 0x6c Secret-Key (old)
>0 byte 0x6d Public-Key (old)
>0 byte 0x6e Secret-Subkey (old)
>0 byte 0x6f Compressed Data (old)
>0 byte 0x70 Symmetrically Encrypted Data (old)
>0 byte 0x71 Marker (old)
>0 byte 0x72 Literal Data (old)
>0 byte 0x73 Trust (old)
>0 byte 0x74 User ID (old)
>0 byte 0x75 Public-Subkey (old)
>0 byte 0x76 Unused (old)
>0 byte 0x77
>>1 byte&0xc0 0x00 Reserved
>>1 byte&0xc0 0x40 Public-Key Encrypted Session Key
>>1 byte&0xc0 0x80 Signature
>>1 byte&0xc0 0xc0 Symmetric-Key Encrypted Session Key
>0 byte 0x78
>>1 byte&0xc0 0x00 One-Pass Signature
>>1 byte&0xc0 0x40 Secret-Key
>>1 byte&0xc0 0x80 Public-Key
>>1 byte&0xc0 0xc0 Secret-Subkey
>0 byte 0x79
>>1 byte&0xc0 0x00 Compressed Data
>>1 byte&0xc0 0x40 Symmetrically Encrypted Data
>>1 byte&0xc0 0x80 Marker
>>1 byte&0xc0 0xc0 Literal Data
>0 byte 0x7a
>>1 byte&0xc0 0x00 Trust
>>1 byte&0xc0 0x40 User ID
>>1 byte&0xc0 0x80 Public-Subkey
>>1 byte&0xc0 0xc0 Unused [z%x]
>0 byte 0x30
>>1 byte&0xc0 0x00 Unused [0%x]
>>1 byte&0xc0 0x40 User Attribute
>>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data
>>1 byte&0xc0 0xc0 Modification Detection Code
# magic signatures to detect PGP crypto material (from stef)
# detects and extracts metadata from:
# - symmetric encrypted packet header
# - RSA (e=65537) secret (sub-)keys
# 1024b RSA encrypted data
0 string \x84\x8c\x03 PGP RSA encrypted session key -
>3 lelong x keyid: %X
>7 lelong x %X
>11 byte 0x01 RSA (Encrypt or Sign) 1024b
>11 byte 0x02 RSA Encrypt-Only 1024b
>12 string \x04\x00
>12 string \x03\xff
>12 string \x03\xfe
>12 string \x03\xfd
>12 string \x03\xfc
>12 string \x03\xfb
>12 string \x03\xfa
>12 string \x03\xf9
>142 byte 0xd2 .
# 2048b RSA encrypted data
0 string \x85\x01\x0c\x03 PGP RSA encrypted session key -
>4 lelong x keyid: %X
>8 lelong x %X
>12 byte 0x01 RSA (Encrypt or Sign) 2048b
>12 byte 0x02 RSA Encrypt-Only 2048b
>13 string \x08\x00
>13 string \x07\xff
>13 string \x07\xfe
>13 string \x07\xfd
>13 string \x07\xfc
>13 string \x07\xfb
>13 string \x07\xfa
>13 string \x07\xf9
>271 byte 0xd2 .
# 3072b RSA encrypted data
0 string \x85\x01\x8c\x03 PGP RSA encrypted session key -
>4 lelong x keyid: %X
>8 lelong x %X
>12 byte 0x01 RSA (Encrypt or Sign) 3072b
>12 byte 0x02 RSA Encrypt-Only 3072b
>13 string \x0c\x00
>13 string \x0b\xff
>13 string \x0b\xfe
>13 string \x0b\xfd
>13 string \x0b\xfc
>13 string \x0b\xfb
>13 string \x0b\xfa
>13 string \x0b\xf9
>399 byte 0xd2 .
# 3072b RSA encrypted data
0 string \x85\x02\x0c\x03 PGP RSA encrypted session key -
>4 lelong x keyid: %X
>8 lelong x %X
>12 byte 0x01 RSA (Encrypt or Sign) 4096b
>12 byte 0x02 RSA Encrypt-Only 4096b
>13 string \x10\x00
>13 string \x0f\xff
>13 string \x0f\xfe
>13 string \x0f\xfd
>13 string \x0f\xfc
>13 string \x0f\xfb
>13 string \x0f\xfa
>13 string \x0f\xf9
>527 byte 0xd2 .
# 4096b RSA encrypted data
0 string \x85\x04\x0c\x03 PGP RSA encrypted session key -
>4 lelong x keyid: %X
>8 lelong x %X
>12 byte 0x01 RSA (Encrypt or Sign) 8129b
>12 byte 0x02 RSA Encrypt-Only 8129b
>13 string \x20\x00
>13 string \x1f\xff
>13 string \x1f\xfe
>13 string \x1f\xfd
>13 string \x1f\xfc
>13 string \x1f\xfb
>13 string \x1f\xfa
>13 string \x1f\xf9
>1039 byte 0xd2 .
# crypto algo mapper
0 name crypto
>0 byte 0x00 Plaintext or unencrypted data
>0 byte 0x01 IDEA
>0 byte 0x02 TripleDES
>0 byte 0x03 CAST5 (128 bit key)
>0 byte 0x04 Blowfish (128 bit key, 16 rounds)
>0 byte 0x07 AES with 128-bit key
>0 byte 0x08 AES with 192-bit key
>0 byte 0x09 AES with 256-bit key
>0 byte 0x0a Twofish with 256-bit key
# hash algo mapper
0 name hash
>0 byte 0x01 MD5
>0 byte 0x02 SHA-1
>0 byte 0x03 RIPE-MD/160
>0 byte 0x08 SHA256
>0 byte 0x09 SHA384
>0 byte 0x0a SHA512
>0 byte 0x0b SHA224
# pgp symmetric encrypted data
0 byte 0x8c PGP symmetric key encrypted data -
>1 byte 0x0d
>1 byte 0x0c
>2 byte 0x04
>3 use crypto
>4 byte 0x01 salted -
>>5 use hash
>>14 byte 0xd2 .
>>14 byte 0xc9 .
>4 byte 0x03 salted & iterated -
>>5 use hash
>>15 byte 0xd2 .
>>15 byte 0xc9 .
# encrypted keymaterial needs s2k & can be checksummed/hashed
0 name chkcrypto
>0 use crypto
>1 byte 0x00 Simple S2K
>1 byte 0x01 Salted S2K
>1 byte 0x03 Salted&Iterated S2K
>2 use hash
# all PGP keys start with this prolog
# containing version, creation date, and purpose
0 name keyprolog
>0 byte 0x04
>1 beldate x created on %s -
>5 byte 0x01 RSA (Encrypt or Sign)
>5 byte 0x02 RSA Encrypt-Only
# end of secret keys known signature
# contains e=65537 and the prolog to
# the encrypted parameters
0 name keyend
>0 string \x00\x11\x01\x00\x01 e=65537
>5 use crypto
>5 byte 0xff checksummed
>>6 use chkcrypto
>5 byte 0xfe hashed
>>6 use chkcrypto
# PGP secret keys contain also the public parts
# these vary by bitsize of the key
0 name x1024
>0 use keyprolog
>6 string \x03\xfe
>6 string \x03\xff
>6 string \x04\x00
>136 use keyend
0 name x2048
>0 use keyprolog
>6 string \x80\x00
>6 string \x07\xfe
>6 string \x07\xff
>264 use keyend
0 name x3072
>0 use keyprolog
>6 string \x0b\xfe
>6 string \x0b\xff
>6 string \x0c\x00
>392 use keyend
0 name x4096
>0 use keyprolog
>6 string \x10\x00
>6 string \x0f\xfe
>6 string \x0f\xff
>520 use keyend
# \x00|\x1f[\xfe\xff]).{1024})'
0 name x8192
>0 use keyprolog
>6 string \x20\x00
>6 string \x1f\xfe
>6 string \x1f\xff
>1032 use keyend
# depending on the size of the pkt
# we branch into the proper key size
# signatures defined as x{keysize}
>0 name pgpkey
>0 string \x01\xd8 1024b
>>2 use x1024
>0 string \x01\xeb 1024b
>>2 use x1024
>0 string \x01\xfb 1024b
>>2 use x1024
>0 string \x01\xfd 1024b
>>2 use x1024
>0 string \x01\xf3 1024b
>>2 use x1024
>0 string \x01\xee 1024b
>>2 use x1024
>0 string \x01\xfe 1024b
>>2 use x1024
>0 string \x01\xf4 1024b
>>2 use x1024
>0 string \x02\x0d 1024b
>>2 use x1024
>0 string \x02\x03 1024b
>>2 use x1024
>0 string \x02\x05 1024b
>>2 use x1024
>0 string \x02\x15 1024b
>>2 use x1024
>0 string \x02\x00 1024b
>>2 use x1024
>0 string \x02\x10 1024b
>>2 use x1024
>0 string \x02\x04 1024b
>>2 use x1024
>0 string \x02\x06 1024b
>>2 use x1024
>0 string \x02\x16 1024b
>>2 use x1024
>0 string \x03\x98 2048b
>>2 use x2048
>0 string \x03\xab 2048b
>>2 use x2048
>0 string \x03\xbb 2048b
>>2 use x2048
>0 string \x03\xbd 2048b
>>2 use x2048
>0 string \x03\xcd 2048b
>>2 use x2048
>0 string \x03\xb3 2048b
>>2 use x2048
>0 string \x03\xc3 2048b
>>2 use x2048
>0 string \x03\xc5 2048b
>>2 use x2048
>0 string \x03\xd5 2048b
>>2 use x2048
>0 string \x03\xae 2048b
>>2 use x2048
>0 string \x03\xbe 2048b
>>2 use x2048
>0 string \x03\xc0 2048b
>>2 use x2048
>0 string \x03\xd0 2048b
>>2 use x2048
>0 string \x03\xb4 2048b
>>2 use x2048
>0 string \x03\xc4 2048b
>>2 use x2048
>0 string \x03\xc6 2048b
>>2 use x2048
>0 string \x03\xd6 2048b
>>2 use x2048
>0 string \x05X 3072b
>>2 use x3072
>0 string \x05k 3072b
>>2 use x3072
>0 string \x05{ 3072b
>>2 use x3072
>0 string \x05} 3072b
>>2 use x3072
>0 string \x05\x8d 3072b
>>2 use x3072
>0 string \x05s 3072b
>>2 use x3072
>0 string \x05\x83 3072b
>>2 use x3072
>0 string \x05\x85 3072b
>>2 use x3072
>0 string \x05\x95 3072b
>>2 use x3072
>0 string \x05n 3072b
>>2 use x3072
>0 string \x05\x7e 3072b
>>2 use x3072
>0 string \x05\x80 3072b
>>2 use x3072
>0 string \x05\x90 3072b
>>2 use x3072
>0 string \x05t 3072b
>>2 use x3072
>0 string \x05\x84 3072b
>>2 use x3072
>0 string \x05\x86 3072b
>>2 use x3072
>0 string \x05\x96 3072b
>>2 use x3072
>0 string \x07[ 4096b
>>2 use x4096
>0 string \x07\x18 4096b
>>2 use x4096
>0 string \x07+ 4096b
>>2 use x4096
>0 string \x07; 4096b
>>2 use x4096
>0 string \x07= 4096b
>>2 use x4096
>0 string \x07M 4096b
>>2 use x4096
>0 string \x073 4096b
>>2 use x4096
>0 string \x07C 4096b
>>2 use x4096
>0 string \x07E 4096b
>>2 use x4096
>0 string \x07U 4096b
>>2 use x4096
>0 string \x07. 4096b
>>2 use x4096
>0 string \x07> 4096b
>>2 use x4096
>0 string \x07@ 4096b
>>2 use x4096
>0 string \x07P 4096b
>>2 use x4096
>0 string \x074 4096b
>>2 use x4096
>0 string \x07D 4096b
>>2 use x4096
>0 string \x07F 4096b
>>2 use x4096
>0 string \x07V 4096b
>>2 use x4096
>0 string \x0e[ 8192b
>>2 use x8192
>0 string \x0e\x18 8192b
>>2 use x8192
>0 string \x0e+ 8192b
>>2 use x8192
>0 string \x0e; 8192b
>>2 use x8192
>0 string \x0e= 8192b
>>2 use x8192
>0 string \x0eM 8192b
>>2 use x8192
>0 string \x0e3 8192b
>>2 use x8192
>0 string \x0eC 8192b
>>2 use x8192
>0 string \x0eE 8192b
>>2 use x8192
>0 string \x0eU 8192b
>>2 use x8192
>0 string \x0e. 8192b
>>2 use x8192
>0 string \x0e> 8192b
>>2 use x8192
>0 string \x0e@ 8192b
>>2 use x8192
>0 string \x0eP 8192b
>>2 use x8192
>0 string \x0e4 8192b
>>2 use x8192
>0 string \x0eD 8192b
>>2 use x8192
>0 string \x0eF 8192b
>>2 use x8192
>0 string \x0eV 8192b
>>2 use x8192
# PGP RSA (e=65537) secret (sub-)key header
0 byte 0x95 PGP Secret Key -
>1 use pgpkey
0 byte 0x97 PGP Secret Sub-key -
>1 use pgpkey
0 byte 0x9d PGP Secret Sub-key -
>1 use pgpkey
|
