no error returns when a wrong key/iv is used for decrypting

Yves Pagani ypagani at
Fri Feb 18 09:55:36 CET 2011

On Thu, Feb 17, 2011 at 06:28:11PM +0100, Werner Koch wrote:
> On Thu, 17 Feb 2011 15:03, nmav at said:
> > decrypted (you have to define wrong). What you want is to add an
> > authentication layer to that. I.e. add an HMAC to your encrypted data.
> Or do a plaintext detection to see whether you got the right key.
> OpenPGP uses such a feature without introducing the HMAC overhead.  The
> advantage of such a detection feature is that you can check the key
> right after decrypting a few blocks and not only after having decrypted
> a few gigs of ciphertext.  Anyway, it is all a matter of the protocol
> and not of the crypto building blocks.

Hi Nikos, Hi Werner,

Thanks for your quick answers.
I, indeed, though that checking the error code of the cipher_decrypt will allow me to warn the user (me in my case :) ) if  a wrong key is given (like gpg does when a wrong passphrase is entered).
Now, with your explanations I have a clearer understanding how to do it properly/working.

By the way, many thanks to all the developpers who done this great library and other related tools (gnutls, gnupg and so on).

Have a nice day.
Best regards,
Yves Pagani

Darth Vader sleeps with a Teddywookie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20110218/25cce89b/attachment.pgp>

More information about the Gcrypt-devel mailing list