savety vs. decryption failed: bad key

Alexander Mahr mahralex at
Fri Dec 28 23:48:05 CET 2007

I use GnuPG to encrypt a file locally symmetric encryption
An attempt to decrypt the encrypted version of the file with a wrong passphrase 
results - to my suprise - in the following error message

gpg: decryption failed: bad key

instead of decrypting the file into a corrupted (due to the wrong passphrase) version of 
the original file.

I am now wondering how GnuPG can judge that the entered passphrase to decrypt the file
is -indeed- a bad key (as to say a wrong passphrase provided)?

Actually I think of the result (though it didn't reveal the contained information) still as
bad because the attacker can somehow be sure that tried passphrase is wrong.

Background to my question is that if you'd use the encryption of GnuPG to 
encrypt some data that is less easy to be verified as beeing correctly decrypted
(i. e because it is itself another key to unlock some other encryption) then
the fact of not knowing that the decryption failed can facilitate the attacker
the work because he can then keep on trying to crack the encryption
without having to consider that the result he otherwise would have got
is actually already the truth.

Best regards, Alexander

Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen:

More information about the Gnupg-users mailing list