View Issue Details

IDProjectCategoryView StatusLast Update
0000147fileGeneralpublic2020-06-07 19:22
Reporterhlein Assigned Tochristos  
PrioritynormalSeverityminorReproducibilityhave not tried
Status feedbackResolutionopen 
Product Version5.38 
Summary0000147: Some PGP files encrypted with RSA keys are not recognized
DescriptionMagdir/pgp includes rules like:

# 2048b RSA encrypted data
0 string \x85\x01\x0c\x03 PGP RSA encrypted session key -
>13 string \x07\xfa
>13 string \x07\xf9
>271 byte 0xd2 .

I have some files that are encrypted to a 2048b RSA key where the third byte is 0x0b instead of 0x0c, and where the 13-14th bytes are 0x07 0xf8, one off the end of the above list of recognized values.

I believe the patterns for 3072bit, and 4096bit RSA should be similarly expanded.

Also, the last byte of 0xd2 is not always at the specified offset (271 for RSA2048, 527 for RSA4096, etc.). Sometimes it is one byte sooner. I think bytes 2&3 are actually a length, which is why if byte 3 is off-by-one, then the location of the 0xd2 byte is also off by one.
Steps To ReproduceI have not managed to create such files on demand. And I cannot share the existing artifacts I have.

Probably a sufficiently careful reading of gnupg source would add certainty, but... ow.
Additional InformationI can't figure out the right way to say "expect either 0x0b or 0x0c here" without duplicating the entire pattern set into a new stanza, or unintended consequences like matching other files that are not intended. So, no patch this time.
TagsNo tags attached.



2020-03-20 16:38

manager   ~0003397

I made a pass at changing the magic based on your description

the h in the indirect offset could be H but it should be close.


2020-06-07 19:22

manager   ~0003427

Can you test the change?

Issue History

Date Modified Username Field Change
2020-02-23 04:55 hlein New Issue
2020-03-20 16:38 christos Note Added: 0003397
2020-06-07 19:22 christos Assigned To => christos
2020-06-07 19:22 christos Status new => assigned
2020-06-07 19:22 christos Status assigned => feedback
2020-06-07 19:22 christos Note Added: 0003427