Best practices for decrypting (or not) unknown streams?

[brianbegy]

I have customers who send me *.csv files of data. We suggest that they pgp encrypt the data and ascii armor it. We cannot ensure that they follow our instructions.

So what I get is a stream from a storage bucket and I don't know in advance if it is encrypted and if so, if they ascii-armored it or not.

Is there a best practice for this?

Right now I'm starting to read the stream, looking for PGP MESSAGE then, aborting the read, refetching the file and going down the encrypted path. That seems....barbaric.

Is there a best practice for this? We cannot change the customer behavior. We have tried.

[larabr]

I am not sure I follow what kind of output you can get: is it always an OpenPGP message, and you just don't know if it's armored ? or it isn't necessarily an OpenPGP message ?

[brianbegy]

I get a stream. I don't know if the customer...

• encrypted and ascii-armored it.
• encrypted and didn't ascii armor it.
• just uploaded a plaintext file.

All I know is I have a stream of bytes. Is there a best practice for this situation?

[larabr]

We don't offer a function to detect whether a stream is in OpenPGP format, but there should be no need to refetch the data, at least not in all cases: you could peek the stream to check for the armored header or the leading bytes, without consuming the stream.
I'd start by checking whether the armored header is present (as you're doing), since testing binary data is trickier. If the armored check fails, then you could re-peek the first byte and verify that the 7th and 6th bits are set (see spec). If they aren't, it's not OpenPGP data, if they are, it could be a false positive, in which case readMessage will throw. You could make the binary data detection more precise but it requires a deeper look at the spec.

About peeking, there are some libs that implement it, like https://github.com/openpgpjs/web-stream-tools or https://github.com/Borewit/peek-readable.

[brianbegy]

Ok that is super helpful. Thanks.