I'm using weak keys while doing cryptography with libgcrypt and I'm getting proper warnings about it from libgpg-error as "Weak encryption keys" to stderr. Problem is that I'm reading std:err into GUI, where I don't want to see them (just because getting too many of them). I can filter stderr input in GUI, but my preferable way would be to suppress the warning in more intelligent way. Unfortunately I don't have any clue how to achieve this. While reading though libgcrypt do开发者_C百科cumentation I found that it allows suspending of secure memory warning only. Reading through libgpg-error source code I haven't found anything useful.

Your advice would be much appreciated.

Thanks in advance. Jan

---

Finally I've got to ask libgcrypt developers. Following is the answer from Werner Koch, whom I want to thank in this way. I hope this is going to help somebody else.

==================================================================

I case you try to use a weak key for regular encryption and the error checking inside the DES module inhibits you from actually doing it, there is no documented way to go with it. A weak key is something which should never ever happen.

You may however use a private control code to disable the weak key detection. We use it in the regression tests. But note that this is undocumented private feature which may or may not work with future versions of Libgcrypt. Here is a code excerpt:

#define PRIV_CTL_DISABLE_WEAK_KEY   61

err = gcry_cipher_open (&hd, cipher_algo, cipher_mode, 0);
if (err)
die ("gcry_cipher_open failed for algo %d, mode %d: %s\n",
    cipher_algo, cipher_mode, gpg_strerror (err));
gcry_cipher_ctl (hd, PRIV_CTL_DISABLE_WEAK_KEY, NULL, 0);

==================================================================

Edit

Disabling weak keys warning is now suppressed in the latest libgcrypt version so the above makes no sense anymore. We've fixed that by catching up stderr in a boost stream and filtering it out before providing it in a log.