PGP Private Key Block
Detects the ASCII-armored header of an OpenPGP (PGP/GnuPG) private key block, as defined in RFC 4880 / RFC 9580. A leaked PGP private key allows an attacker to decrypt the holder's encrypted mail and files and to forge signatures in their name. The registry already covers RSA, EC, OpenSSH and PKCS#8 private keys; this adds the OpenPGP armor format.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the armor header string is long, fixed and structurally distinctive, so false positives outside of documentation or training material are extremely unlikely.
- Jurisdictions
- global
- Regulations
- GDPR, CCPA/CPRA
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- narrow
- Risk rating
- 10
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
-----BEGIN PGP PRIVATE KEY BLOCK-----Corroborative evidence keywords
private key, PGP, GPG, GnuPG, OpenPGP, secret key, passphrase
Proximity: 300 characters
Should match
-----BEGIN PGP PRIVATE KEY BLOCK-----— OpenPGP private key armor header-----BEGIN PGP PRIVATE KEY BLOCK----- lQOYBGABCDEFAKEKEYMATERIALxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx— PGP private key header with following armored bodyKey file contents: -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v2— PGP private key header inline with GnuPG version line
Should not match
-----BEGIN PGP PUBLIC KEY BLOCK-----— Public key block, not a private key-----BEGIN PGP MESSAGE-----— Encrypted PGP message, not a private keyplease export your PGP private key block before rotating the GPG keypair— Prose mention of a PGP private key without the actual armor header
Known false positives
- Documentation, RFCs or training material that quotes the armor header without real key material. Mitigation: Require corroborative keywords and confirm armored base64 key material follows the header line.