[SOLVED] Filetype of gpg-ed file

Mr. Alex · 05-04-2012, 05:57 AM

After `gpg -c` a file GNU/Linux "file" command says that the filetype is "DOS executable (COM)". I tried to add COM and EXE extension to this file and run it in Windows with no luck which makes me think GnuPG doesn't make a file DOS executable on purpose. So why it looks like DOS executable for `file`?

MensaWater · 05-04-2012, 08:15 AM

The "file" command uses a combination of magic number and permissions to determine file type. If you put the execute bit on this file it will see it as "executable" even if there is no executable code. File is probably seeing a string odd enough in the encrypted file that it thinks it was intended to be a COM file. It isn't unusual to get odd results from "file". I've seen many a binary data file show up as "pascal" or some other type of file when it had nothing to do with pascal or the other things it reports. The main benefit to file is to sort text from binary and data files. It can also help to verify that gzip you have is in fact a gzip or that tar you have is in fact a tar or that cpio you have is in fact a cpio etc...

Noway2 · 05-04-2012, 08:22 AM

Interesting bit of trivia you have raised. I verified your results by creating a little text file, creating a gpg (binary), and running file on it. The gpg file is going to be a binary file that is not executable and won't have any of the header information associated with a standard linux executable or windows, .exe file; it will simply be a lump of binary. Similarly, a com file is a raw dump of binary that is assumed to start execution at 0100H in whatever segment it is loaded. It contains no headers, no prefix, etc, and undoubtedly resembles a gpg binary. It would likely (and apparently does) resemble a gpg file in many respects. From the wikipedia article on com files:

Quote:

The COM format is the original binary executable format used in CP/M and MS-DOS. It is very simple; it has no header (with the exception of CP/M 3 files), and contains no metadata, only code and data

.

As a comparison example, here is a hexdump of a assembly object file, a Windows (DOS) .com file, and a GPG file. As you can see, unless there is a verifable header pattern, the files appear very similar.

COM File:

Code:

0000000 44bc b803 056b 0f05 b100 d304 8be8 8cd8
0000010 03c1 2dc1 0f6c 0473 d8f7 d803 4ab4 21cd
0000020 3ae8 7300 b004 eb01 8017 2c3e 0104 1e74
0000030 4bb4 c8ba bb03 0236 21cd 0872 4db4 21cd
0000040 4cb4 21cd 15ba b005 e801 000c f2eb 2dba
0000050 e804 0004 c032 e8eb 09b4 21cd 1ec3 be06
0000060 0081 78e8 8000 0d3c 6174 3c80 752f 800c
0000070 017c 753f fe06 2c06 eb04 8b4c bed6 0344
0000080 48bf 4703 0e8a 0347 ed32 a4f3 f28b c933

GPG file:

Code:

0000000 0d8c 0304 0203 5566 7c6e 4018 6912 c960
0000010 f42c b8cd 1c90 88cb 6c84 2c2d 17c2 affd
0000020 689f f4db 28eb 9ecc f7ac 94e1 04fd 32ea
0000030 952a fb31 6a1d 20c9 3888 b793 0003
000003d

object file:

Code:

0000000 457f 464c 0101 0001 0000 0000 0000 0000
0000010 0001 0003 0001 0000 0000 0000 0000 0000
0000020 0040 0000 0000 0000 0034 0000 0000 0028
0000030 0006 0002 0000 0000 0000 0000 0000 0000
0000040 0000 0000 0000 0000 0000 0000 0000 0000
0000060 0000 0000 0000 0000 0001 0000 0001 0000
0000070 0002 0000 0000 0000 0130 0000 001f 0000
0000080 0000 0000 0000 0000 0001 0000 0000 0000