Peter Lebbing wrote: <SNIP> > Option 1: > byte 0 = 0x8C: Old format, packet tag 3, 1 octet length of packet > byte 2 = 0x4: SK-ESK packet version 4 > byte 4 = 0,1 or 3: S2K specifier > > Option 2: > byte 0 = 0x8D: Old format, packet tag 3, 2 octet length of packet > byte 3 = 0x4: SK-ESK packet version 4 > byte 5 = 0,1 or 3: S2K specifier > > You could continue the list for larger packet length specifiers (like > someone already pointed out, a small packet can still be specified with > a long specifier with leading 0's), new format packets, for public key > ESK packets, etcetera. If we could match more bytes in one match then we > would have at least 3 bytes identifying a file positively; that's fairly > okay I think. If this where possible: > > 0 belonglong&0xFF00FF00FC000000 0x8C00040000000000 OpenPGP File > 0 belonglong&0xFF0000FF00FC0000 0x8D00000400000000 OpenPGP File > > We'd match both options (with the added possibility of undefined S2K > specifier 2, but let's keep it simple). > However, then we run into a problem with new format packets, where the > structure depends on the value of the 2nd byte in the file. The real > solution obviously is more than 1 test. > > When I started this, I hoped it'd be possible to match the file. I think > I've established though that it is impossible, which is also worth a bit.
Good analysis. We can always submit it to the file people to see if we get another humourous comment in the magic database. You will note that the same problem existed in old versions of PGP. I suspect that what was done with RFC 2440 had to do with preserving compatibility with older versions of PGP. In other words, you can't blame either GnuPG nor PGP corporation. They know better now, but it isn't much help. You do have better luck with the keys themselves: $ file pubring.gpg pubring.gpg: GPG key public ring $ file secring.gpg secring.gpg: PGP key security ring $ file trustdb.gpg trustdb.gpg: GPG key trust database version 3 $ file tkojm.gpg tkojm.gpg: GPG key public ring I think the main message to spread is that people SHOULD use either a ".gpg" extension with GnuPG, and a ".pgp" with PGP when they write out a symmetrically encrypted file. The "file" command won't tell them anything. You have to depend on the encryption software itself to identify what you have. You CAN use the "file" command to do partial identification of a file with that extension to determine whether it has a key you can add to your keyring - there is no guarantee that it will be valid. Only the encryption software will tell you that. Thanks HHH _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
