Mark0's Forum

Software => TrID File Identifier => Topic started by: jenderek on February 07, 2020, 11:41:20 PM

Title: updated ppk.trid.xml triggered by old version 1 + variants
Post by: jenderek on February 07, 2020, 11:41:20 PM

Hello trid users,

some days ago i must create SSH keys to access my "FreiFunk" router. I use
the SSH client tool PuTTY. This tool stores the keys in own file format with
file name extension ppk. For test reasons i create more PPK files.

Nowadays version 2 is up-to-date in PPK files. Unfortunately i found no old
real word version 1 example. So generate sample putty-v1-header.ppk for
testing. When running trid on such PPK files the version 1 variant is not
recognized whereas the version 2 variants are described correctly as "PuTTY
Private Key" by ppk.trid.xml (See appended output/trid-old.txt).

The recognition happened by global pattern via XML construct
   
   <Bytes>50755454592D557365722D4B65792D46696C652D323A20</Bytes>
   <ASCII> P u T T Y - U s e r - K e y - F i l e - 2 :</ASCII>
   <Pos>0</Pos>

Now i run tridscan to update definition file. Now pattern becomes

   <Bytes>50755454592D557365722D4B65792D46696C652D</Bytes>
   <ASCII> P u T T Y - U s e r - K e y - F i l e -</ASCII>
   <Pos>0</Pos>

The file format is visible by looking at PuTTY c source like
sshpubk.c. According to c-source such files always start with the same
phrase "PuTTY-User-Key-File-". After this phrase the version like 1 or 2 is
stored. Unfortunately the current version of PuTTY can not create the old
version 1 variant, but is able to handle old version after a warning.

And when looking inside installer.wxs of PuTTY source it is visible that
instead of mime type "text/plain" a user defined one is used. That is
expressed by line:

   <Mime>application/x-putty-private-key</Mime>

So old TrID definition describes version 2 variant. So that definition now
becomes ppk-v2.trid.xml with additional mime type line.

With the new trid definitions all PuTTY keys examples are now described (
see appended output/trid-new-v.txt). TrID definition, some examples and
output are stored in archive ppk_ssh.zip. I hope that my updated XML files
can be used in future version of triddefs.

With best wishes
Jörg Jenderek

Title: Re: updated ppk.trid.xml triggered by old version 1 + variants
Post by: Mark0 on February 08, 2020, 02:43:21 AM

Many thanks! Will add one the legacy RSA1 format too.