Monitoring for non-pgp files

Question

For privacy reasons, I want to prevent my users from posting unencrypted files to my ftp site.

It is company policy that all data exchanges of sensitive data be encrypted with PGP.

I'd like to setup a program to monitor the ftp folders and whenever a new file is placed there, verify that it is in fact encrypted.

I can't just rely on the file extension because in some cases, our trading partners require a specific filename that doesn't have a .PGP on the end.

Is there a library or another method I can use to verify that a given file is encrypted?

I'm using C# and .NET on a windows platform.

Answer 1

You have to come with an heuristic approach to knowing if the file is encrypted or not. Usually, encrypted files tend to have a near random distribution of bytes. So if you read the stream of bytes, and bucket-count each byte, the distribution should be even, ie, there should be nearly as many 00h as AAh or FFh or 78h or etc (two hex values represent a byte) for each encrypted files.

Bad news is almost all compressed files (jpg, mp3, zip,...) also have this pattern of random bytes. Also, being an heuristical test, some encrypted files will fail, and some unencrypted files will be approved.

Answer 2

You can easily detect the text mode PGP files. They start with

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.11 (GNU/Linux)

and end with

-----END PGP MESSAGE-----

This is of course not a sure way but good enough to prevent accidental unencrypted uploads.

I have do idea how the binary format looks like. You can try using "gpg -d " with an empty password and if it fails with "decrypt_message failed" then it is not a correct file. If it fails with bad key it is a PGP file. This is not a really good idea because the messages can change in the future.