Date: Tue, 12 Mar 2013 21:01:23 +0100 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: gpg2john (was: Work needed before Jumbo-8) On 12 Mar, 2013, at 4:01 , Lukas Odzioba <lukas.odzioba@...il.com> wrote: > 2013/3/5 magnum <john.magnum@...hmail.com>: >> We need someone to fix gpg2john (c++ != magnum) so it can process multiple infiles and more importantly, it must process all keys in each input file. The latter is a must IMO - at least it must emit a warning that more keys are present. Any volunteer? > > Patch attached. Changes I made are pretty trivial, before me someone > else merged and added some code to make gpg2john.c Thanks! It works fine with my multiple keys file too. I'll commit this and I think it is barely Good Enough[tm] for Jumbo 8 now, but some things can be improved: 1. Supplying a bad file (not a key file) results in no output at all. 2. Supplying a public key file, same lack of output. 3. The full path is used for the login field. For 1 and 2, we might want to add some warning or other output to stderr. For 3 we should definitely use the basename and ideally also strip the .gpg or .pgp extension (are .pgp files supported at all?). > Sometimes encoded file may contain additional info about user (packet > type 13), it looks like that: > > Old: User ID Packet(tag 13)(47 bytes) > User ID - Random User (Just for test) <random@...dom.com> > > We have got user name, comment and an email. When gpg file contains > multiple keys it can have multiple identities. > Currently gpg2john formats output that way: > printf("%s:$gpg$*%d*%d*%d*", filename, key.m_algorithm, > key.m_datalen, key.bits()); > In my opinion we should add an email too. This is not a blocker for Jumbo-8 but it would be excellent if someone can fix it: We should definitely try to find this UserID field and put in the GECOS field of our output (as is - it's stored as one string and it's not trivial to split it canonically). > Should we somehow modify copyrights? I believe you could just add lines after the existing Copyright line: /* * pgpry - PGP private key recovery * Copyright (C) 2010 Jonas Gehring + * Modified for John the Ripper: + * Copyright (C) 2012 Dhiru (...) + * Copyright (C) 2013 Lukasz (...) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.