Login/Register
How can I decrypt a PGP Self Decrypting Archive programatically? [closed]
Asked Answered
Solved encryptioncryptographyexegnupgpgp
G

1

6

Everyday I receive SDA files for whom I have the passphrase. The decryption is done by running the file and manually entering a passphrase in the program window that pops up. I'd like to avoid this manual step, and turn it into a step of an automated process.

The way this would work is the following: As soon as my daemon detects that a new file has arrived to my inbox, my program would download, decrypt and save it. I know how to do all these with code, except the decryption part.

Instead of running the .exe file, and manually entering the passphrase, I want to read it's contents, and with the passphrase, decrypt the data contained within it, which looks like this:

4d5a 9000 0300 0000 0400 0000 ffff 0000
b800 0000 0000 0000 4000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 f000 0000
0e1f ba0e 00b4 09cd 21b8 014c cd21 5468
...etc

The language I'm currently using is PHP, but taking a look at an implementation in any language will help.

Any ideas?

Godevil answered 19/12, 2012 at 20:22 Comment(11)
What would you rather happen? Are you wanting your password cached for some period of time?Crabber
You say "programmatically" in your title, so are you expecting to write code to fix this behaviour?Crabber
@Duncan Jones I edited my question to be clearer.Godevil
So basically you want to extract the encrypted envelope from the .exe. What did you try/research regarding the removal of the executable code? The first couple of bytes probably are the .exe header.Aksel
Are you certain this is a pgp or gpg encrypted file? Perhaps it is a password-protected self-extracting zip executable. I've never heard of a gpg "executable".Oesophagus
@owlstead I came across a really nice program called PE Explorer that lets me analyze the structure of the file and even disassemble it.Godevil
@DiegoSaa that's good, though you may want to read up on the .exe format using standardized documents, in case something suddenly changes the current format (adds an optional field, memory location etc.). Those kind of tools are good for initial understanding and/or debugging.Aksel
@owlstead I think I know where the data is by how it looks, but I just don't know what algorithm to apply to it to decrypt it.Godevil
@BobDuell The files I receive are pgp SDAs. You are right, there are no such things as gpg SDAs, because SDAs are not a good idea.Godevil
@DiegoSaa Never heard of SDAs before. According to Symantec, they are encrypted using AES256 by default. See if this previous answer is helpful: https://mcmap.net/q/1314388/-how-to-do-aes256-decryption-in-php/1275871. If it was my problem, I'd try to get the data provider to give me a file encrypted with my own key.Oesophagus
PGP/GPG uses a container format. If you know where that starts then you should be able to parse it regularly (or even easier, move the container to another file, and decrypt it using the regular tools).Aksel
L
1

PGP self-decrypting archives is just EXE stub + PGP message inside of this file. You should parse EXE headers, and found where this data is stored, extract it, and decrypt using GnuPG or any other PGP library.

Lombok answered 22/12, 2012 at 10:0 Comment(2)
Could you explain this a bit more? I have a problem that is somewhat similar (https://mcmap.net/q/1918407/-how-to-unlock-pgp-self-decrypting-archive-exe-files-pgp-sdas-in-python-with-a-known-passphrase/8236733) --I've never used any PGP libraries before, so a bit lost when trying to simply interpret this solution.Urbannai
Please see the answer under your question.Lombok

© 2022 - 2025 — McMap. All rights reserved.