Extended support for gpg keys

[snooppr]

In Debian 10, by default in GnuPG, the CLI utility: gpg generates a key pair (RSA/DSA) and nothing more.

I checked the $ john/run/gpg2john gpg_key.asc #The hash is retrieved correctly and is subject to password recovery.

But updated versions of GnuPG now generate a key pair (ECC:Curve25519) by default.

spoiler: gpg_cli v2.3.6


And the routine for extracting the hash is not able to extract the hash of this encryption (maybe john himself does not support this encryption format). The user will always get an error: $ john/run/gpg2john gpg_ecc_john.asc

File gpg_ecc_john.asc Unknown public key(pub 19) Bad parameter: encrypted_Secret_Key(len=-1, sha1=0), len can not be negative.

Although I have Kleopatra/KDE gpg/pgp key management software installed on my Debian 10, when generating keys, it has long been possible to choose a cryptographic algorithm (not RSA/DSA), but cv25519:

spoiler: kleopatra-cv25519/


I generated such key in gpg CLI on Termux under name "gpg_ecc_john.asc" password "johnjohn666" And tested it on Debian 10 it imported successfully and encrypts data. You can practice on it (note — I’m not sure that in the Russian Federation it’s so easy for citizens to engage in cryptography and removed the link to the key.):

spoiler: kleopatra import gpg_ecc_john.asc/


JtR does not fully work with GPG keys, it might be worth considering a request to support this encryption algorithm (in the future / already it will become preferable, judging by its purpose when generating keys by default).

This is a continuation from here: https://github.com/openwall/john/issues/5252#issuecomment-1467751212

[pwrbob]

Here is a program that can be used to extract hashes from encrypted secret key files in the OpenPGP format, and also works with EC keys: https://github.com/pwrbob/pgp2hc. It's compatible with john hash types when using the --format=john flag.