0000147: Some PGP files encrypted with RSA keys are not recognized - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0000147	file	General	public	2020-02-23 04:55	2020-06-07 19:22

Reporter	hlein	Assigned To	christos
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	feedback	Resolution	open
Platform	amd64	OS	Linux
Product Version	5.38

Summary	0000147: Some PGP files encrypted with RSA keys are not recognized
Description	Magdir/pgp includes rules like: # 2048b RSA encrypted data 0 string \x85\x01\x0c\x03 PGP RSA encrypted session key - ... >13 string \x07\xfa >13 string \x07\xf9 >271 byte 0xd2 . I have some files that are encrypted to a 2048b RSA key where the third byte is 0x0b instead of 0x0c, and where the 13-14th bytes are 0x07 0xf8, one off the end of the above list of recognized values. I believe the patterns for 3072bit, and 4096bit RSA should be similarly expanded. Also, the last byte of 0xd2 is not always at the specified offset (271 for RSA2048, 527 for RSA4096, etc.). Sometimes it is one byte sooner. I think bytes 2&3 are actually a length, which is why if byte 3 is off-by-one, then the location of the 0xd2 byte is also off by one.
Steps To Reproduce	I have not managed to create such files on demand. And I cannot share the existing artifacts I have. Probably a sufficiently careful reading of gnupg source would add certainty, but... ow.
Additional Information	I can't figure out the right way to say "expect either 0x0b or 0x0c here" without duplicating the entire pattern set into a new stanza, or unintended consequences like matching other files that are not intended. So, no patch this time.
Tags	No tags attached.

Date Modified	Username	Field	Change
2020-02-23 04:55	hlein	New Issue
2020-03-20 16:38	christos	Note Added: 0003397
2020-06-07 19:22	christos	Assigned To	=> christos
2020-06-07 19:22	christos	Status	new => assigned
2020-06-07 19:22	christos	Status	assigned => feedback
2020-06-07 19:22	christos	Note Added: 0003427