weak key used for an Initial Vector

Denis Corbin dar.linux at free.fr
Wed Aug 12 22:37:24 CEST 2015


for what I understand from libgcrypt source code, when
gcry_cipher_setkey() returns GPG_ERR_WEAK_KEY , it is rather a warning
than an error, the handle is operational for ciphering/deciphering. Am
I right? If so is this behavior expected to change in the future?

Another point: what is the use for gcry_cipher_get_algo_keylen()? No
error occurs when one gives a larger key than the value returned for
the corresponding algorithm: it seems the key bytes are XOR modulo the
key length at least for blowfish. Is there any advantage in terms of
cryptographic strength to use a key larger than the reported

Thanks for any help,

Best Regards,
Denis Corbin.

Le 08/08/2015 15:46, Denis Corbin a écrit :
> On 07/08/2015 09:08, Werner Koch wrote:
>> On Thu,  6 Aug 2015 22:33, dar.linux at free.fr said:
> Hello,
>>> I've found googling that it was possible to disable the weak
>>> key warning thanks to the PRIV_CTL_DISABLE_WEAK_KEY value given
>>> to gcry_cipher_ctl()
>> No, that is not possible.  This symbol is private to libgcrypt;
>> it is not defined as part of the public API and thus also not in
>>  gcrypt.h.
> OK. How then to decipher very old data encrypted more than 10
> years ago at which time the error about weak key was not issued?
> Regards, Denis.

More information about the Gcrypt-devel mailing list