Author: Dan Mares, dmares @ maresware . com
Portions Copyright © 1998-2016 by Dan Mares and Mares and Company, LLC
Phone: 678-427-3275



ISPGP is intended to search an entire disk, or just specified directories, for files that are PGP related files.

A PGP related file is considered to be one of the following types of files:

PGP encrypted file, PGP keyrings (secret and public), PGP signature file.

The program will attempt to find files of PGP type and indicate on the screen what type of file it is. The output can be redirected > to an output file.

In order to increase the speed of this program, I had to modify the algorithm that actually checks to see what type of PGP file it is, and because of this the program occassionally gives false positive results.

False positives can easily be checked out and eliminated as not being PGP types.

However, the author has not yet had a PGP type file (one of which the program is designed to find) which the program failed to identify. However, you should do testing yourself to be certain you know exactly what type of files the program can and canít detect.



The PGP_ENV program is a small program designed to do a quick lookup in the environment for PGP related variables. If it finds something related to PGP it prints the value of the variable on the screen.

If it finds a PGPPATH variable, it will then attempt to locate certain key words in the config.txt file located in the PGP directory. This file, along with the PGP environment variables could contain valuable information.

All this information could be obtained manually, but here is a simple program to do it.

What it looks for:

PGP_ENV looks for the following environment variables to be set: PGPPATH, MYNAME, PGPPASS.

These variables are key to operating PGP.

If the user wishes for the program to look for other environment variables, (i.e. path) the user would place these additional strings on the command line.

Command lines;

/* this is default, only looks for predetermined items */

C:>pgp_env other_var1 other_var2 other_var...
/* this will look for defaults, plus other environment variables */



ISPGP will recurse an entire logical drive and identify those files that are of PGP type. Depending on the options provided on the command line the program can search for specific file types, in specific directories, on specific drives, and do or do not recurse throughout these directories.

The program uses information obtained from the documention for PGP itself. In that documentation are file structures for the various PGP files. Those file structures were used to build the program.

Modifications were made in order to make this program run fast which may give false positive hits. The user should verify all positives. With experience the user will come to know which types of files will routinely give false positives and can take appropriate actions.

ISPGP is designed to be able to detect PGP version 2.6.2 files. However, in minimal tests, it has also properly detected PGP 5.x files from the commercial versions of PGP.



-r:  DO recurse. (default is to NOT recurse)

-oO + filename:  Filename is the name of an output file in which to place any hits found. -O (uppercase) will always append to an existing file.

-x:  eXclude COM files. com files often give misleading hit.

The indications are not 100% accurate, but they will get you in the ballpark.

Some files contain headers which look like a PGP file, and you may get some eroneous hits. These can be easily eliminated through experience.



C:> ispgp
run ispgp from current directory and recurse down.

C:> ispgp file_spec
filespec: filespec is considered file types to check. Directory is recursed by default.

C:> ispgp file_spec -r
filespec: filespec is considered file types to check. Directory is recursed.

C:> ispgp c:\ -r
do entire c: drive

C:>ispgp -p c:\ -f *.pgp -r

look at entire c: drive for all files ending in .pgp and verify that they are pgp type files.

Sample output file for subdirectory c:\pgp

C:\PGP\SECRING.PGP may be secret key certificate
C:\PGP\BLURB.ASC may be possible ascii armor
C:\PGP\PUBRING.BAK may be public key certificate
C:\PGP\PASSWDS.PGP may be encrypted
C:\PGP\SECRING.BAK may be secret key certificate
C:\PGP\CIS_PUB.PGP may be public key certificate
C:\PGP\CIS_SEC.PGP may be secret key certificate
C:\PGP\PUBRING.PGP may be public key certificate

60 files processed
 7 possible hits