Weak encryption keys

joefresh at gmx.us joefresh at gmx.us
Tue Mar 23 14:42:49 CET 2021

> Interestingly, when I tried searching the latest GnuPG code base (cloned from github)
> for the "Weak encryption key" error message, nothing showed up.
> $ "grep -iRl "Weak encryption key" gnupg
> <no matches>

It appears that the problem lies in libgcrypt, which refuses to set a key for this
cipher that's considered weak.


static gcry_err_code_t
do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)

  /* Check for weak key.  A weak key is a key in which a value in
     the P-array (here c) occurs more than once per table.  */
  if (weak)
    return GPG_ERR_WEAK_KEY;

More information about the Gnupg-users mailing list