Disable Weak cipher check for DES KCV

Jan Bilek jan.bilek at eftlab.com.au
Thu Jan 9 02:57:53 CET 2020

Hi Jussi,

No problem and thanks for coming back on my email.

You are right - "all KCV algorithms I managed to find encrypt zero input block with the actual key as key" - except cases where the key is a weak key. While this might sound ridiculous there are many cases like this - in production as well as in test environments. E.g. Thales HSM default-load key-set works with some weak keys and while doing symmetric crypto we need to support those as well (in testing / dev environments Thales HSM is almost always loaded with a default key set so crypto can be reproduced and validated).

Hope it makes better sense now.


On 2020-01-06 00:36:19+10:00 Jussi Kivilinna wrote:


Apparently my first reply went only to the mailing list.

There I wrote: "I tried to find KCV specification where zero key is used to encrypt actual key as input block for KCV value, but all KCV algorithms I managed to find encrypt zero input block with the actual key as key. Can you check your documentation for KCV if zero key is really used and give pointer/link to that spec for us?"


On 4.1.2020 12.33, Jan Bilek wrote:
> Ping?
> On 2019-12-21 11:40:06+10:00 Jan Bilek wrote:
>     Hi,
>     We have a problem here where I need to encrypt a block of data with zeros.
>     <>
>       gcry_check_version (NULL);
>       unsigned char key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
>       unsigned char out[8];
>       unsigned char data[8];
>       gcry_error_t err = 0;
>       gcry_cipher_hd_t hd = nullptr;
>       err = gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
>       //auto blklen = gcry_cipher_get_algo_blklen(GCRY_CIPHER_DES);
>       //auto algolen = gcry_cipher_get_algo_keylen (GCRY_CIPHER_DES);
>       err = gcry_cipher_setkey (hd, key, sizeof(key));
>       std::cerr << "gpg_err_code: " << gpg_err_code(err) << std::endl;
>       std::cerr << "gpg_strerror: " << gpg_strerror(err) << std::endl;
>       gcry_cipher_encrypt(hd, out, sizeof(key), data, 8);
>       if (err) {
>         std::cerr << "Failed to perform cryptography" << std::endl;
&gt;     &nbsp; &nbsp; std::cerr &lt;&lt; " &nbsp;cipher: &nbsp; &nbsp; " &lt;&lt; static_cast<int>(GCRY_CIPHER_DES) &lt;&lt; std::endl;
&gt;     &nbsp; &nbsp; std::cerr &lt;&lt; " &nbsp;mode: &nbsp; &nbsp; &nbsp; " &lt;&lt; static_cast<int>(GCRY_CIPHER_MODE_ECB) &lt;&lt; std::endl;
&gt;     &nbsp; &nbsp; //std::cerr &lt;&lt; " &nbsp;keyBlock: &nbsp; " &lt;&lt; BinToHex<std::string>(key) &lt;&lt; std::endl;
&gt;     &nbsp; &nbsp; //std::cerr &lt;&lt; " &nbsp;out: &nbsp; &nbsp; &nbsp; &nbsp;" &lt;&lt; BinToHex<std::string>(out) &lt;&lt; std::endl;
&gt;     &nbsp; &nbsp; //std::cerr &lt;&lt; " &nbsp;data: &nbsp; &nbsp; &nbsp; " &lt;&lt; BinToHex<std::string>(encryptedData) &lt;&lt; std::endl;
&gt;     &nbsp; }
&gt;     This blows on:
&gt;     gpg_err_code: 43
&gt;     gpg_strerror: Weak encryption key
&gt;     cipher_encrypt: key not set
&gt;     Tracked back t&nbsp;in a source&nbsp;to libcrypt / cipher / des.c
&gt;     r. 1384&nbsp;do_des_setkey
&gt;     r. 1021 is_weak_key
&gt;     &nbsp;&nbsp;if (is_weak_key (key)) {
&gt;     &nbsp; &nbsp; _gcry_burn_stack (64);
&gt;     &nbsp; &nbsp; return GPG_ERR_WEAK_KEY;
&gt;     &nbsp; }
&gt;     cipher.c
&gt;     r.797&nbsp;
&gt;     &nbsp;rc = c-&gt;spec-&gt;setkey (&amp;c-&gt;context.c, key, keylen, c);
&gt;     &nbsp; if (!rc) {
&gt;     &nbsp;&nbsp;} else
&gt;     &nbsp; &nbsp; c-&gt;marks.key = 0;
&gt;     &nbsp;
&gt;     ... then disallows weak key setting completely, resulting in a failure.
&gt;     This has quite an impact on multiple (still) in-use KCV operations (e.g. KCV_METHOD_VISA) where key needs to be encrypted with a zero key to get its KCV.
&gt;     May I propose a patch? (See in attachment).
&gt;     Thanks &amp; Cheers,
&gt;     Jan
&gt; _______________________________________________
&gt; Gcrypt-devel mailing list
&gt; Gcrypt-devel at gnupg.org
&gt; http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20200109/1f1eca6c/attachment.html>

More information about the Gcrypt-devel mailing list