By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Transfer Family decryption pgp step CAST5 Algorithm not supported

0

Hello, we are using Transfer Family to receive encrypted files in PGP CAST5 format and decrypting it using predefined step. The issue we are encountering is that when decrypting the file, we are getting the following error:

{
    "type": "StepErrored",
    "details": {
        "errorType": "BAD_REQUEST",
        "errorMessage": "Encryption algorithm not found in preferred algorithms specified by key. Encryption algorithm used: CAST5. Preferred algorithms specified by key: [AES-256, AES-192, AES-128, TripleDES].",
        "stepType": "DECRYPT",
        "stepName": "pgp_decrypt"
    }
}

Upon reviewing the documentation here https://docs.aws.amazon.com/transfer/latest/userguide/nominal-steps-workflow.html#decrypt-step-details , it mentions that CAST5 is supported and therefore should be decryptable.

Thank you

Topics
Migration & Modernization
Tags
AWS Transfer FamilyEncryption
Language
English
Camilo
asked 2 months ago47 views
1 Answer
0
Accepted Answer

I apologize, but there seems to be a misunderstanding regarding the support for the CAST5 algorithm in AWS Transfer Family's PGP decryption step.

The error message you're receiving indicates that the CAST5 algorithm is not among the preferred algorithms specified by the key you're using for decryption. The preferred algorithms listed in the error message are AES-256, AES-192, AES-128, and TripleDES.

AWS Transfer Family supports various symmetric encryption algorithms for PGP decryption, including RSA, Elgamal, and ECC (NIST and BrainPool). However, the specific algorithm used must be compatible with the key you've provided for decryption.

To resolve this issue, you have a few options:

  1. Ensure that the PGP key you're using for decryption supports the CAST5 algorithm. You may need to generate a new key pair that includes CAST5 in its preferred algorithms.

  2. If possible, encrypt the files using one of the algorithms listed in the error message (AES-256, AES-192, AES-128, or TripleDES) instead of CAST5. These algorithms are clearly supported by your current decryption key.

  3. Contact AWS support for further assistance, as there might be a discrepancy between the documented capabilities and the actual implementation.

It's important to note that when generating PGP keys for use with AWS Transfer Family, you should use supported key generation software like GnuPG (gpg) and ensure that the key's preferred algorithms align with the encryption method used for your files.
Sources
Use predefined steps - AWS Transfer Family
Generate PGP keys - AWS Transfer Family

profile picture
re:Post Agent
answered 2 months ago
profile picture
EXPERT
Adeleke Adebowale Julius
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content