decryption failed: weak key

Michael Roth mroth at nessie.de
Fri Oct 1 13:52:55 CEST 2004


Hasnain Mujtaba wrote:

| I saw this message when decrypting a file encrypted with a 1536
| ElGamal key, 3DES symmetric cipher:

A "weak key" is a special DES property. In DES there are 64 known weak
keys. I think Blowfish has weak keys too.


| gpg: WARNING: message was encrypted with a weak key in the symmetric
| cipher.
| gpg: decryption failed: weak key.
|
| Looks like GPG is checking for randomness property of the session key
| after decrypting it out of the Public-key Encrypted Session key
| packet. Correct?

No. If you take a look in g10/des.c you will find a table containing all
64 known weak keys (search for "weak_key"). If gnupg creates a session
key, it omits weak keys (take a look in g10/seskey.c, make_session_key).

So I guess the message was not encrypted using gnupg? Would be nice to
know which programm created the weak session key.

Please also note: 3DES keys consist effectivly of 3 different DES keys,
but GnuPG complains about weak keys if at least one of these three parts
is a weak key.


cu

Michael Roth




More information about the Gnupg-users mailing list