[File] [PATCH] of Magdir/ssh for PuTTY private key *.ppk

Jörg Jenderek joerg.jen.der.ek at gmx.net
Fri Feb 7 15:20:46 UTC 2020 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

some days ago i must create SSH keys to access my "FreiFunk" router.
I use the SSH client tool PuTTY. This tool stores the keys in own
file format with file name extension ppk. When running file command
version 5.38 on such examples most are only described as ASCII text.

Furthermore with -i only mime type "text/plain" is shown and with
- --extension option only ??? is displayed.

So i add lines to Magdir/ssh.
On Wikipedia i found a page about Simon Tatham open source ssh
client. So i add that page as reference by comment line like:
 # URL:		https://en.wikipedia.org/wiki/PuTTY
The file format is visible by looking at PuTTY c source like
sshpubk.c. So this is expressed by comment line like
 # Reference:	https://the.earth.li/~sgtatham/putty/latest/
 # putty-0.73.tar.gz/sshpubk.c

According to c-source such files always start with the same phrase.
So recognition is done by magic line like
 0	string	PuTTY-User-Key-File-	PuTTY Private Key File
Instead mime type text/plain a used defined one is used. This and
the specific filename extension is shown by lines
 !:mime	application/x-putty-private-key
 !:ext	ppk

After this phrase the version like 1 or 2 is stored. This
information is shown by additional line
 >20	string		x			\b, version %.1s
Nowadays version 2 is up-to-date. Unfortunately i found no old real
word version 1 example. So generate sample putty-v1-header.ppk for
testing.

The next phrase is the name of the algorithm like ssh-dss, ssh-rsa,
ecdsa-sha2-nistp256 or ssh-ed25519. This is shown by line
 >23	string		x			\b, algorithm %s

The next text line says "Encryption: " plus an encryption type like
aes256-cbc or none. This is shown by lines
 >32	search/13	Encryption:\040		\b, Encryption
 >>&0	string		x			%s

The next line says "Comment: " plus the comment string. This is
shown by lines:
 >>>&0	search/3	Comment:\040
 >>>>&0	string		x			"%s"

After applying the above mentioned modifications by patch
file-5.38-ssh-ppk.diff then i get an output like:

dsa-key-8192.ppk:            PuTTY Private Key File, version 2,
			     algorithm ssh-dss, Encryption none
			     "dsa-key-8192"
dsa-key-test-2048.ppk:       PuTTY Private Key File, version 2,
			     algorithm ssh-dss, Encryption none
			     "dsa-key-test-2048"
ecdsa-key-ECDSA-nist256.ppk: PuTTY Private Key File, version 2,
			     algorithm ecdsa-sha2-nistp256,
			     Encryption none
			     "ecdsa-key-ECDSA-nist256"
ed25519-key-test.ppk:        PuTTY Private Key File, version 2,
			     algorithm ssh-ed25519, Encryption none
			     "ed25519-key-test"
putty-v1-header.ppk:         PuTTY Private Key File, version 1,
			     algorithm ssh-rsa, Encryption none
			     "putty version 1 test"
rsa-key-1024.ppk:            PuTTY Private Key File, version 2,
			     algorithm ssh-rsa, Encryption none
			     "rsa-key-1024"
rsa-key-16384.ppk:           PuTTY Private Key File, version 2,
			     algorithm ssh-rsa, Encryption none
			     "rsa-key-16384"
rsa-key-256.ppk:             PuTTY Private Key File, version 2,
			     algorithm ssh-rsa, Encryption none
			     "rsa-key-256"
rsa-key-test-4096.ppk:       PuTTY Private Key File, version 2,
			     algorithm ssh-rsa, Encryption aes256-cbc
			     "rsa-key-test-4096"
ssh1-test.ppk:               OpenSSH RSA1 private key, version 1.1

I hope my diff file can be applied in future version of
file utility.

For SSH key in other formats some variants are still missing. I
will try to look for these missing SSH formats.

With best wishes
Jörg Jenderek
- --
Jörg Jenderek
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iF0EARECAB0WIQS5/qNWKD4ASGOJGL+v8rHJQhrU1gUCXj2ARAAKCRCv8rHJQhrU
1k3GAJ45RfX7RYF/1tWnO5N4yek4ZD5EQgCeIpAUSd5pebQd863EJCPBO2+qTxA=
=Uesr
-----END PGP SIGNATURE-----
-------------- next part --------------
--- file-5.38/magic/Magdir/ssh.old	2019-09-18 20:20:24 +0000
+++ file-5.38/magic/Magdir/ssh	2020-02-07 14:55:30 +0000
@@ -17,3 +17,23 @@
 >>12	ubequad	x		\b, version %llx
 >>>20	beqdate	x		\b, generated %s
 
+# From:		Joerg Jenderek
+# URL:		https://en.wikipedia.org/wiki/PuTTY
+# Reference:	https://the.earth.li/~sgtatham/putty/latest/putty-0.73.tar.gz
+#		/sshpubk.c
+0	string		PuTTY-User-Key-File-	PuTTY Private Key File
+#!:mime	text/plain
+# https://github.com/github/putty/blob/master/windows/installer.wxs
+!:mime	application/x-putty-private-key
+!:ext	ppk
+# version 1 or 2
+>20	string		x			\b, version %.1s
+# name of the algorithm like: ssh-dss ssh-rsa ecdsa-sha2-nistp256 ssh-ed25519
+>23	string		x			\b, algorithm %s
+# next line says "Encryption: " plus an encryption type like aes256-cbc or none
+>32	search/13	Encryption:\040		\b, Encryption
+>>&0	string		x			%s
+# next line says "Comment: " plus the comment string
+>>>&0	search/3	Comment:\040
+>>>>&0	string		x			"%s"
+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file-5.38-ssh-ppk.diff.sig
Type: application/octet-stream
Size: 95 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20200207/35f5fa97/attachment.obj>

More information about the File mailing list