diff --git a/TODO b/TODO
index 46fdd66cc..373b20592 100644
--- a/TODO
+++ b/TODO
@@ -75,4 +75,7 @@
 
   * Delete a card key as well as a wiping.
 
-  * Make 2 strings translatable in export.c after releasing 1.4.2.
+  * passphrase_to_dek does not return NULL after a cancel.  There is
+    no way to issue a cancel when unsing the CLI - this would however
+    be a Good Thing when used with mixed symkey/pubkey encrypted
+    messages. See comment in mainproc.c:proc_symkey_enc. 
diff --git a/configure.ac b/configure.ac
index 6ab6fe0ba..a5e327648 100644
--- a/configure.ac
+++ b/configure.ac
@@ -102,8 +102,8 @@ if test "$use_m_guard" = yes ; then
     AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature])
 fi
 
-# We don't have a test to check whetyer as(1) knows about the
-# non executable stackioption.  Thus we provide an option to enable
+# We don't have a test to check whether as(1) knows about the
+# non executable stack option.  Thus we provide an option to enable
 # it.
 AC_MSG_CHECKING([whether non excutable stack support is requested])
 AC_ARG_ENABLE(noexecstack,
diff --git a/g10/ChangeLog b/g10/ChangeLog
index bea12dac7..875538b8d 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2005-09-20  Werner Koch  <wk@g10code.com>
+
+	* mainproc.c (proc_symkey_enc): Take care of a canceled passphrase
+	prompt.
+
 2005-09-19  David Shaw  <dshaw@jabberwocky.com>
 
 	* keylist.c (reorder_keyblock, do_reorder_keyblock): Reorder
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 438543df1..7c1392160 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -327,7 +327,22 @@ proc_symkey_enc( CTX c, PACKET *pkt )
 	  }
 	else
 	  {
-	    c->dek=passphrase_to_dek(NULL, 0, algo, &enc->s2k, 0, NULL, NULL);
+            int canceled;
+
+	    c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 0,
+                                        NULL, &canceled);
+            if (canceled)
+              {
+                /* For unknown reasons passphrase_to_dek does only
+                   return NULL if a new passphrase has been requested
+                   and has not been repeated correctly.  Thus even
+                   with a cancel requested (by means of the gpg-agent)
+                   it won't return NULL but an empty passphrase.  We
+                   take the most conservative approach for now and
+                   work around it right here. */
+                xfree (c->dek);
+                c->dek = NULL;
+              }
 
 	    if(c->dek)
 	      {