1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Type: OpenSSL certificates/key files
# From: Nicolas Collignon <tsointsoin@gmail.com>
0 string -----BEGIN\x20CERTIFICATE----- PEM certificate
0 string -----BEGIN\x20CERTIFICATE\x20REQ PEM certificate request
0 string -----BEGIN\x20RSA\x20PRIVATE PEM RSA private key
0 string -----BEGIN\x20DSA\x20PRIVATE PEM DSA private key
# Type: OpenSSH key files
# From: Nicolas Collignon <tsointsoin@gmail.com>
0 string SSH\x20PRIVATE\x20KEY OpenSSH RSA1 private key,
>28 string >\0 version "%s"
0 string ssh-dss\x20 OpenSSH DSA public key
0 string ssh-rsa\x20 OpenSSH RSA public key
# Type: Certificates/key files in DER format
# From: Gert Hulselmans <hulselmansgert@gmail.com>
0 string \x30\x82 Private key in DER format (PKCS#8),
>4 string !\x02\x01\x00 invalid,
>>2 beshort x header length: 4, sequence length: %d
0 string \x30\x82 Certificate in DER format (x509 v3),
>4 string !\x30\x82 invalid,
>>2 beshort x header length: 4, sequence length: %d
# GnuPG
# The format is very similar to pgp
0 string \001gpg GPG key trust database
>4 byte x version %d
# Not a very useful signature
#0 beshort 0x9901 GPG key public ring
# This magic is not particularly good, as the keyrings don't have true
# magic. Nevertheless, it covers many keyrings.
#------------------------------------------------------------------------------
# Mavroyanopoulos Nikos <nmav@hellug.gr>
# mcrypt: file(1) magic for mcrypt 2.2.x;
0 string \0m\3 mcrypt 2.5 encrypted data,
>4 byte 0 invalid
>4 string >\0 algorithm: "%s",
>>&1 leshort <1 invalid
>>&1 leshort >0 keysize: %d bytes,
>>>&0 byte 0 invalid
>>>&0 string >\0 mode: "%s",
0 string \0m\2 mcrypt 2.2 encrypted data,
>3 byte 0 algorithm: blowfish-448,
>3 byte 1 algorithm: DES,
>3 byte 2 algorithm: 3DES,
>3 byte 3 algorithm: 3-WAY,
>3 byte 4 algorithm: GOST,
>3 byte 6 algorithm: SAFER-SK64,
>3 byte 7 algorithm: SAFER-SK128,
>3 byte 8 algorithm: CAST-128,
>3 byte 9 algorithm: xTEA,
>3 byte 10 algorithm: TWOFISH-128,
>3 byte 11 algorithm: RC2,
>3 byte 12 algorithm: TWOFISH-192,
>3 byte 13 algorithm: TWOFISH-256,
>3 byte 14 algorithm: blowfish-128,
>3 byte 15 algorithm: blowfish-192,
>3 byte 16 algorithm: blowfish-256,
>3 byte 100 algorithm: RC6,
>3 byte 101 algorithm: IDEA,
>3 byte <0 invalid algorithm
>3 byte >101 invalid algorithm,
>3 byte >16
>>3 byte <100 invalid algorithm,
>4 byte 0 mode: CBC,
>4 byte 1 mode: ECB,
>4 byte 2 mode: CFB,
>4 byte 3 mode: OFB,
>4 byte 4 mode: nOFB,
>4 byte <0 invalid mode,
>4 byte >4 invalid mode,
>5 byte 0 keymode: 8bit
>5 byte 1 keymode: 4bit
>5 byte 2 keymode: SHA-1 hash
>5 byte 3 keymode: MD5 hash
>5 byte <0 invalid keymode
>5 byte >3 invalid keymode
#------------------------------------------------------------------------------
# pgp: file(1) magic for Pretty Good Privacy
#
#0 beshort 0x9900 PGP key public ring
#0 beshort 0x9501 PGP key security ring
#0 beshort 0x9500 PGP key security ring
#0 beshort 0xa600 PGP encrypted data
0 string -----BEGIN\040PGP PGP armored data,
>15 string PUBLIC\040KEY\040BLOCK- public key block
>15 string MESSAGE- message
>15 string SIGNED\040MESSAGE- signed message
>15 string PGP\040SIGNATURE- signature
0 string Salted__ OpenSSL encryption, salted,
>8 belong x salt: 0x%X
>12 belong x \b%X