[File] [PATCH] of Magdir/pgp for ASCii armored PGP files

Jörg Jenderek joerg.jen.der.ek at gmx.net
Tue Nov 5 20:03:17 UTC 2019 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
some days ago i export my GPG keys in ASCII armored format with file
name extension asc. When i run file run file command i got unexpected
results. So i look at hundreds other PGP asc files. So for version
5.37 on some examples i get an output like:

joerg-privat.asc:                       ASCII text
joerg-public.asc:                       PGP public key block
KNOPPIX_V8.2-2018-05-10-DE.iso.md5.asc: ASCII text
test2.txt.asc:                          PGP message
unbound_setup_1.9.4.exe.asc:            PGP signature Signature (old)

Furthermore with option --extension only ??? is displayed.

The file command describes some examples only as ASCII text. The file
identifier tool TrID  ( see http://mark0.net/soft-trid-e.html )
describes the misidentified examples correctly.

The public key is recognised by start magic line in Magdir/pgp like
 2 string ---BEGIN\040PGP\040PRIVATE\040KEY\040BLOCK- PGP private key
Now add lines in the same manner for private key starting with line li
ke
 2 string ---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK- PGP public key
On website reposcope.com magic, mime type and file name extension is
mentioned. So add this reference by comment line like
 # Reference:	https://reposcope.com/mimetype/application/pgp-keys
Afterwards show this information by lines
 !:mime	application/pgp-keys
 !:ext	asc

Text encrypted with PGP is detected by line
 0	string	-----BEGIN\040PGP\040MESSAGE-		PGP message
Now i add in same manner for clear text signed messages a test line
like:
 0 string-----BEGIN\040PGP\040SIGNED\040MESSAGE- PGP signed message
The magic is describe in the GNU Privacy Handbook. So i use that as
reference by line like
 # Reference:	https://www.gnupg.org/gph/en/manual/x135.html

Sometimes it is not clear which mime type must by used. So one site
says application/pgp and the other says application/pgp-encrypted.
Furthermore i only inspected samples with asc file name extension.
But according to trid also AEXPK, PGP, PUB and TXT may occur. So
maybe additional extensions must be added. Some times the used magic
starts with 3 minus characters at offset 2 and some times the used
magic start with 5 minus character at offset 0. I don not know what
was the reason for that. Furthermore i found some asc files where
some text lines occur befor the magic. I do not know if this is an
accident and is allowed. Such examples are still not detected. So
maybe a PGP expert can refine the current magic lines.

After applying the above mentioned modifications by patch
file-5.37-pgp-asc.diff then i get a more describing output like:

clamav-0.100.2.key.asc:                 PGP public key block
joerg-privat.asc:                       PGP private key block
joerg-public.asc:                       PGP public key block
KNOPPIX_V8.2-2018-05-10-DE.iso.md5.asc: PGP signed message
test2.txt.asc:                          PGP message
unbound_setup_1.9.4.exe.asc:            PGP signature Signature (old)

I hope my diff file can be applied in future version of
file utility.

With best wishes
Jörg Jenderek
- --
Jörg Jenderek


-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iF0EARECAB0WIQS5/qNWKD4ASGOJGL+v8rHJQhrU1gUCXcHVXgAKCRCv8rHJQhrU
1n8NAJ4r2f8+Mr8U0eu41dJdIMAdvJfPtwCghUnvQIhne0qSe1tpA22gYVGFLaA=
=RzW2
-----END PGP SIGNATURE-----
-------------- next part --------------
--- file-5.37/magic/Magdir/pgp.old	2019-04-19 00:42:27 +0000
+++ file-5.37/magic/Magdir/pgp	2019-11-05 19:49:06 +0000
@@ -59,14 +59,34 @@
 #>15	string	PGP\040SIGNATURE-	signature
 
+# Update:	Joerg Jenderek
+# URL:		http://en.wikipedia.org/wiki/Pretty_Good_Privacy
+# Reference:	https://reposcope.com/mimetype/application/pgp-keys
+2	string	---BEGIN\040PGP\040PRIVATE\040KEY\040BLOCK-	PGP private key block
+#!:mime	text/PGP
+!:mime	application/pgp-keys
+!:ext	asc
 2	string	---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK-	PGP public key block
 !:mime	application/pgp-keys
+!:ext	asc
 >10	search/100	\n\n
 >>&0	use		pgp
 0	string	-----BEGIN\040PGP\040MESSAGE-		PGP message
-!:mime	application/pgp
+# https://reposcope.com/mimetype/application/pgp-encrypted
+#!:mime	application/pgp
+!:mime	application/pgp-encrypted
+!:ext	asc
+#!:ext	asc/pgp/gpg
 >10	search/100	\n\n
 >>&0	use		pgp
+# Reference:	https://www.gnupg.org/gph/en/manual/x135.html
+0	string	-----BEGIN\040PGP\040SIGNED\040MESSAGE-	PGP signed message
+#!:mime	text/plain
+!:mime	text/PGP
+#!:mime	application/pgp
+!:ext	asc
 0	string	-----BEGIN\040PGP\040SIGNATURE-		PGP signature
+# https://reposcope.com/mimetype/application/pgp-signature
 !:mime	application/pgp-signature
+!:ext	asc
 >10	search/100	\n\n
 >>&0	use		pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file-5.37-pgp-asc.diff.sig
Type: application/octet-stream
Size: 95 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20191105/f8be9d7b/attachment.obj>

More information about the File mailing list