Discussion:
PGP Dump
(too old to reply)
David E. Ross
2010-05-30 23:50:17 UTC
Permalink
The Web page "PGP Dump" at <http://www.pgpdump.net/> can no longer be
accessed. The domain is not recognized. Does anyone know of a
alternate Web page that will decompose an OpenPGP block (key, signature,
encrypted file) into its packets.

No, "PGP Dump" did not decrypt anything or expose private keys. It
merely broke a OpenPGP block apart into its individual packets as
described in RFC 4880.
--
David E. Ross
<http://www.rossde.com/>.

Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation. © 1997
David W. Hodgins
2010-05-31 01:12:20 UTC
Permalink
Post by David E. Ross
The Web page "PGP Dump" at <http://www.pgpdump.net/> can no longer be
accessed. The domain is not recognized. Does anyone know of a
alternate Web page that will decompose an OpenPGP block (key, signature,
encrypted file) into its packets.
Do you have gpg installed?

[***@hodgins ~]$ gpg --list-packets davidwhodgins.asc
:public key packet:
version 4, algo 17, created 890435329, expires 0
pkey[0]: [1024 bits]
pkey[1]: [160 bits]
pkey[2]: [1024 bits]
pkey[3]: [1023 bits]
:user ID packet: "David W. Hodgins <***@gmail.com>"
:signature packet: algo 17, keyid 39B84EA598B013E0
version 4, created 1132518351, md5len 0, sigclass 0x13
digest algo 2, begin of digest 83 14
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
hashed subpkt 2 len 4 (sig created 2005-11-20)
hashed subpkt 25 len 1 (primary user ID)
subpkt 16 len 8 (issuer key ID 39B84EA598B013E0)
data: [159 bits]
data: [160 bits]
:signature packet: algo 1, keyid 9710B89BCA57AD7C
version 4, created 1182617849, md5len 0, sigclass 0x10
digest algo 2, begin of digest 5e 94
hashed subpkt 2 len 4 (sig created 2007-06-23)
hashed subpkt 3 len 4 (sig expires after 14d0h0m)
subpkt 16 len 8 (issuer key ID 9710B89BCA57AD7C)
data: [2047 bits]
<snip rest>

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
David E. Ross
2010-05-31 02:07:00 UTC
Permalink
Post by David W. Hodgins
Post by David E. Ross
The Web page "PGP Dump" at <http://www.pgpdump.net/> can no longer be
accessed. The domain is not recognized. Does anyone know of a
alternate Web page that will decompose an OpenPGP block (key, signature,
encrypted file) into its packets.
Do you have gpg installed?
version 4, algo 17, created 890435329, expires 0
pkey[0]: [1024 bits]
pkey[1]: [160 bits]
pkey[2]: [1024 bits]
pkey[3]: [1023 bits]
:signature packet: algo 17, keyid 39B84EA598B013E0
version 4, created 1132518351, md5len 0, sigclass 0x13
digest algo 2, begin of digest 83 14
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
hashed subpkt 2 len 4 (sig created 2005-11-20)
hashed subpkt 25 len 1 (primary user ID)
subpkt 16 len 8 (issuer key ID 39B84EA598B013E0)
data: [159 bits]
data: [160 bits]
:signature packet: algo 1, keyid 9710B89BCA57AD7C
version 4, created 1182617849, md5len 0, sigclass 0x10
digest algo 2, begin of digest 5e 94
hashed subpkt 2 len 4 (sig created 2007-06-23)
hashed subpkt 3 len 4 (sig expires after 14d0h0m)
subpkt 16 len 8 (issuer key ID 9710B89BCA57AD7C)
data: [2047 bits]
<snip rest>
Regards, Dave Hodgins
--
David E. Ross
<http://www.rossde.com/>.

Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation. © 1997
David E. Ross
2010-05-31 02:14:27 UTC
Permalink
Post by David W. Hodgins
Post by David E. Ross
The Web page "PGP Dump" at <http://www.pgpdump.net/> can no longer be
accessed. The domain is not recognized. Does anyone know of a
alternate Web page that will decompose an OpenPGP block (key, signature,
encrypted file) into its packets.
Do you have gpg installed?
I have the installer for an old version of GPG archived, but it's not
currently installed on my PC.

Your output example (which I snipped) appears to be from a UNIX or Linux
system, which the source dispaly of your reply confirms. I'm running
Windows XP.

You showed GPG parsing a key block. Will it also parse message and
signature blocks?

I received a detached signature with an E-mail message. The message did
not seem to have been signed. I wanted to use PGPDump to get the key ID
so that I could lookup the key on a public server since I was not sure
the key had a user ID equal to the sender's E-mail address.
--
David E. Ross
<http://www.rossde.com/>.

Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation. © 1997
David W. Hodgins
2010-05-31 02:36:30 UTC
Permalink
Post by David E. Ross
Your output example (which I snipped) appears to be from a UNIX or Linux
system, which the source dispaly of your reply confirms. I'm running
Windows XP.
Yes, I'm on linux. The gpg program is available
Post by David E. Ross
You showed GPG parsing a key block. Will it also parse message and
signature blocks?
Yes ...
$ gpg --list-packets fred.sig
:signature packet: algo 17, keyid 39B84EA598B013E0
version 4, created 1275273247, md5len 0, sigclass 0x00
digest algo 2, begin of digest ee 18
hashed subpkt 2 len 4 (sig created 2010-05-31)
subpkt 16 len 8 (issuer key ID 39B84EA598B013E0)
data: [159 bits]
data: [160 bits]
Post by David E. Ross
I received a detached signature with an E-mail message. The message did
not seem to have been signed. I wanted to use PGPDump to get the key ID
so that I could lookup the key on a public server since I was not sure
the key had a user ID equal to the sender's E-mail address.
If you email me a copy of the sig file, I'll email back the output from gpg.
See my sig for the address correction.

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
David W. Hodgins
2010-05-31 02:38:47 UTC
Permalink
Post by David W. Hodgins
Post by David E. Ross
Your output example (which I snipped) appears to be from a UNIX or Linux
system, which the source dispaly of your reply confirms. I'm running
Windows XP.
Yes, I'm on linux. The gpg program is available
Sorry, went to confirm it could list sig packets, and forgot to
finish the above, which should have said, the gpg program is
available for windows at
http://www.gnupg.org/download/
Post by David W. Hodgins
Post by David E. Ross
You showed GPG parsing a key block. Will it also parse message and
signature blocks?
Yes ...
$ gpg --list-packets fred.sig
:signature packet: algo 17, keyid 39B84EA598B013E0
version 4, created 1275273247, md5len 0, sigclass 0x00
digest algo 2, begin of digest ee 18
hashed subpkt 2 len 4 (sig created 2010-05-31)
subpkt 16 len 8 (issuer key ID 39B84EA598B013E0)
data: [159 bits]
data: [160 bits]
Post by David E. Ross
I received a detached signature with an E-mail message. The message did
not seem to have been signed. I wanted to use PGPDump to get the key ID
so that I could lookup the key on a public server since I was not sure
the key had a user ID equal to the sender's E-mail address.
If you email me a copy of the sig file, I'll email back the output from gpg.
See my sig for the address correction.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
David E. Ross
2010-05-31 02:51:31 UTC
Permalink
Post by David W. Hodgins
Post by David W. Hodgins
Post by David E. Ross
Your output example (which I snipped) appears to be from a UNIX or Linux
system, which the source dispaly of your reply confirms. I'm running
Windows XP.
Yes, I'm on linux. The gpg program is available
Sorry, went to confirm it could list sig packets, and forgot to
finish the above, which should have said, the gpg program is
available for windows at
http://www.gnupg.org/download/
Post by David W. Hodgins
Post by David E. Ross
You showed GPG parsing a key block. Will it also parse message and
signature blocks?
Yes ...
$ gpg --list-packets fred.sig
:signature packet: algo 17, keyid 39B84EA598B013E0
version 4, created 1275273247, md5len 0, sigclass 0x00
digest algo 2, begin of digest ee 18
hashed subpkt 2 len 4 (sig created 2010-05-31)
subpkt 16 len 8 (issuer key ID 39B84EA598B013E0)
data: [159 bits]
data: [160 bits]
Post by David E. Ross
I received a detached signature with an E-mail message. The message did
not seem to have been signed. I wanted to use PGPDump to get the key ID
so that I could lookup the key on a public server since I was not sure
the key had a user ID equal to the sender's E-mail address.
If you email me a copy of the sig file, I'll email back the output from gpg.
See my sig for the address correction.
Regards, Dave Hodgins
The sender of the message provided me with his key ID, so I no longer
need to parse the signature.

I expect to have broadband this coming week. Until then, I'm not
downloading any more software.
--
David E. Ross
<http://www.rossde.com/>.

Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation. © 1997
Guy
2010-05-31 04:45:13 UTC
Permalink
Post by David E. Ross
The Web page "PGP Dump" at <http://www.pgpdump.net/> can no longer
be accessed. The domain is not recognized. Does anyone know of a
alternate Web page that will decompose an OpenPGP block (key,
signature, encrypted file) into its packets.
Find Windows binary at <http://drop.io/opensslwindowsbinaries>

$ pgpdump -v & pgpdump -h
pgpdump version 0.26, Copyright (C) 1998-2007 Kazu Yamamoto
pgpdump -h|-v
pgpdump [-agilmpu] [PGPfile]
-h -- displays this help
-v -- displays version
-a -- accepts ASCII input only
-g -- selects alternate dump format
-i -- dumps integer packets
-l -- dumps literal packets
-m -- dumps marker packets
-p -- dumps private packets
-u -- displays UTC time

$ ls -l pgpdump*
a----- 165655 25-Dec-2007 12:50 PGPDUMP.EXE
a----- 142611 30-May-2010 23:36 PGPDUMP.zip

$ for %i in (md5 sha1) do @openssl %i pgpdump*
MD5(PGPDUMP.EXE)= cf11fd98959f4c93255e2dbd34c1aa7d
MD5(PGPDUMP.zip)= d65d935c27771d79af6cb05e52cfc967
SHA1(PGPDUMP.EXE)= 5af6c97e5ee6b69aa1aaee9d8bcbf2ef04072770
SHA1(PGPDUMP.zip)= da4f7e8816a4022220469f48a514f2a79c6fffe6

$

Loading...