# Type: OpenSSL certificates/key files
# From: Nicolas Collignon <tsointsoin@gmail.com>

0       string  -----BEGIN\x20CERTIFICATE           PEM certificate
>22     string  !-----                              {invalid}
0       string  -----BEGIN\x20CERTIFICATE\x20REQ    PEM certificate request
0       string  -----BEGIN\x20RSA\x20PRIVATE        PEM RSA private key
0       string  -----BEGIN\x20DSA\x20PRIVATE        PEM DSA private key
0       string  -----BEGIN\x20EC\x20PRIVATE         PEM EC private key

# Type: OpenSSH key files
# From: Nicolas Collignon <tsointsoin@gmail.com>

0       string  SSH\x20PRIVATE\x20KEY    OpenSSH RSA1 private key,
>28     byte    !0
>>28    string  x                        version "%s"
>28     byte    0                        {invalid}

0       string  ssh-dss\x20             OpenSSH DSA public key
0       string  ssh-rsa\x20             OpenSSH RSA public key
0       string  ecdsa-sha2-nistp256\x20 OpenSSH ECDSA (Curve P-256) public key
0       string  ecdsa-sha2-nistp384\x20 OpenSSH ECDSA (Curve P-384) public key
0       string  ecdsa-sha2-nistp521\x20 OpenSSH ECDSA (Curve P-521) public key

# Type: Certificates/key files in DER format
# From: Gert Hulselmans <hulselmansgert@gmail.com>
0       string          \x30\x82        Private key in DER format (PKCS#8),
>4      string          !\x02\x01\x00   {invalid}
>2      beshort         <0              {invalid}
>2      beshort         x               header length: 4, sequence length: %d
>2      beshort+4       x               {size:%d}

0       string          \x30\x82        Certificate in DER format (x509 v3),
>4      string          !\x30\x82       {invalid}
>2      beshort         <0              {invalid}
>2      beshort         x               header length: 4, sequence length: %d
>2      beshort+4       x               {size:%d}

# GnuPG
# The format is very similar to pgp
0       string          \001gpg                 GPG key trust database
>4      byte            x                       version %d

# Not a very useful signature
#0       beshort         0x9901                  GPG key public ring

# This magic is not particularly good, as the keyrings don't have true
# magic. Nevertheless, it covers many keyrings.

#------------------------------------------------------------------------------
# Mavroyanopoulos Nikos <nmav@hellug.gr>
# mcrypt:   file(1) magic for mcrypt 2.2.x;
0       string      \0m\3       mcrypt 2.5 encrypted data,
>4      byte        0           {invalid}
>4      string      x           algorithm: "%s",
>>&1    leshort     <1          {invalid}
>>&1    leshort     >0          keysize: %d bytes,
>>>&0   byte        0           {invalid}
>>>&0   string      >\0         mode: "%s",

0       string      \0m\2       mcrypt 2.2 encrypted data,
>3      byte        0           algorithm: blowfish-448,
>3      byte        1           algorithm: DES,
>3      byte        2           algorithm: 3DES,
>3      byte        3           algorithm: 3-WAY,
>3      byte        4           algorithm: GOST,
>3      byte        6           algorithm: SAFER-SK64,
>3      byte        7           algorithm: SAFER-SK128,
>3      byte        8           algorithm: CAST-128,
>3      byte        9           algorithm: xTEA,
>3      byte        10          algorithm: TWOFISH-128,
>3      byte        11          algorithm: RC2,
>3      byte        12          algorithm: TWOFISH-192,
>3      byte        13          algorithm: TWOFISH-256,
>3      byte        14          algorithm: blowfish-128,
>3      byte        15          algorithm: blowfish-192,
>3      byte        16          algorithm: blowfish-256,
>3      byte        100         algorithm: RC6,
>3      byte        101         algorithm: IDEA,
>3      byte        <0          {invalid}
>3      byte        >101        {invalid}
>3      byte        >16
>>3     byte        <100        {invalid}
>4      byte        0           mode: CBC,
>4      byte        1           mode: ECB,
>4      byte        2           mode: CFB,
>4      byte        3           mode: OFB,
>4      byte        4           mode: nOFB,
>4      byte        <0          {invalid}
>4      byte        >4          {invalid}
>5      byte        0           keymode: 8bit
>5      byte        1           keymode: 4bit
>5      byte        2           keymode: SHA-1 hash
>5      byte        3           keymode: MD5 hash
>5      byte        <0          {invalid}
>5      byte        >3          {invalid}

#------------------------------------------------------------------------------
# pgp:  file(1) magic for Pretty Good Privacy
#
#0       beshort         0x9900                  PGP key public ring
#0       beshort         0x9501                  PGP key security ring
#0       beshort         0x9500                  PGP key security ring
#0    beshort        0xa600            PGP encrypted data
0       string          -----BEGIN\040PGP       PGP armored data,
>15     string          PUBLIC\040KEY\040BLOCK- public key block
>15     string          MESSAGE-                message
>15     string          SIGNED\040MESSAGE-      signed message
>15     string          PGP\040SIGNATURE-       signature

0       string        Salted__      OpenSSL encryption, salted,
>8      ubelong       x             salt: 0x%X
>12     ubelong       x             \b%X

#------------------------------------------------------------------------------
# LUKS http://tomb.dyne.org/Luks_on_disk_format.pdf
# sessyargc
0       string          LUKS\xBA\xBE            LUKS_MAGIC
>6      short           0x0001                  version 0x%X
>8      string          aes                     %s
>8      string          twofish                 %s
>8      string          serpent                 %s
>8      string          cast5                   %s
>8      string          cast6                   %s
>40     string          ecb                     %s
>40     string          cbc-plain               %s
>40     string          cbc-essiv               %s:
>72     string          sha1                    %s
>72     string          sha256                  %s
>72     string          sha512                  %s
>72     string          ripemd160               %s
