no error returns when a wrong key/iv is used for decrypting

Werner Koch wk at
Thu Feb 17 18:28:11 CET 2011

On Thu, 17 Feb 2011 15:03, nmav at said:

> decrypted (you have to define wrong). What you want is to add an
> authentication layer to that. I.e. add an HMAC to your encrypted data.

Or do a plaintext detection to see whether you got the right key.
OpenPGP uses such a feature without introducing the HMAC overhead.  The
advantage of such a detection feature is that you can check the key
right after decrypting a few blocks and not only after having decrypted
a few gigs of ciphertext.  Anyway, it is all a matter of the protocol
and not of the crypto building blocks.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list