diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 732311bec..22387b957 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -51,6 +51,9 @@ static void free_key_schedule(krb5_context,
 			      struct _krb5_key_data *,
 			      struct _krb5_encryption_type *);
 
+static krb5_error_code _krb5_unsupported_enctype(krb5_context,
+                                                 krb5_enctype);
+
 /************************************************************
  *                                                          *
  ************************************************************/
@@ -62,10 +65,7 @@ krb5_enctype_keysize(krb5_context context,
 {
     struct _krb5_encryption_type *et = _krb5_find_enctype(type);
     if(et == NULL) {
-	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
-			       N_("encryption type %d not supported", ""),
-			       type);
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return _krb5_unsupported_enctype (context, type);
     }
     *keysize = et->keytype->size;
     return 0;
@@ -78,10 +78,7 @@ krb5_enctype_keybits(krb5_context context,
 {
     struct _krb5_encryption_type *et = _krb5_find_enctype(type);
     if(et == NULL) {
-	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
-			       "encryption type %d not supported",
-			       type);
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return _krb5_unsupported_enctype (context, type);
     }
     *keybits = et->keytype->bits;
     return 0;
@@ -95,10 +92,7 @@ krb5_generate_random_keyblock(krb5_context context,
     krb5_error_code ret;
     struct _krb5_encryption_type *et = _krb5_find_enctype(type);
     if(et == NULL) {
-	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
-			       N_("encryption type %d not supported", ""),
-			       type);
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return _krb5_unsupported_enctype (context, type);
     }
     ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
     if(ret)
@@ -121,10 +115,8 @@ _key_schedule(krb5_context context,
     struct _krb5_key_type *kt;
 
     if (et == NULL) {
-	krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
-				N_("encryption type %d not supported", ""),
-				key->key->keytype);
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return _krb5_unsupported_enctype (context,
+                               key->key->keytype);
     }
 
     kt = et->keytype;
@@ -684,10 +676,7 @@ krb5_enctype_to_keytype(krb5_context context,
 {
     struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
     if(e == NULL) {
-	krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
-				N_("encryption type %d not supported", ""),
-				etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return _krb5_unsupported_enctype (context, etype);
     }
     *keytype = e->keytype->type; /* XXX */
     return 0;
@@ -713,10 +702,7 @@ krb5_enctype_valid(krb5_context context,
     if (context == NULL)
 	return KRB5_PROG_ETYPE_NOSUPP;
     if(e == NULL) {
-	krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
-				N_("encryption type %d not supported", ""),
-				etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return _krb5_unsupported_enctype (context, etype);
     }
     /* Must be (e->flags & F_DISABLED) */
     krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -1954,10 +1940,7 @@ krb5_derive_key(krb5_context context,
 
     et = _krb5_find_enctype (etype);
     if (et == NULL) {
-	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
-			       N_("encryption type %d not supported", ""),
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return _krb5_unsupported_enctype (context, etype);
     }
 
     ret = krb5_copy_keyblock(context, key, &d.key);
@@ -1972,6 +1955,32 @@ krb5_derive_key(krb5_context context,
     return ret;
 }
 
+/* 
+ * _krb5_unsupported_enctype() converts etype to a user readable
+ * string and sets as a side effect the krb5_error_message containing
+ * this string. Returns KRB5_PROG_ETYPE_NOSUPP in not the conversion
+ * of the etype failed in which case the error code of the etype
+ * convesion is returned.
+ */
+static krb5_error_code
+_krb5_unsupported_enctype(krb5_context context,
+                          krb5_enctype etype)
+{
+    int errcode;
+    char *etypename = NULL;
+
+    if (errcode = krb5_enctype_to_string (context, etype, &etypename))
+        return errcode;
+    else {
+        krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
+                                N_("encryption type %s not supported", ""),
+                                etypename);
+        free(etypename);
+        return KRB5_PROG_ETYPE_NOSUPP;
+    }
+}
+
+
 static krb5_error_code
 _get_derived_key(krb5_context context,
 		 krb5_crypto crypto,
@@ -2035,10 +2044,7 @@ krb5_crypto_init(krb5_context context,
     if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
 	free(*crypto);
 	*crypto = NULL;
-	krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
-				N_("encryption type %d not supported", ""),
-				etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
+	return _krb5_unsupported_enctype (context, etype);
     }
     if((*crypto)->et->keytype->size != key->keyvalue.length) {
 	free(*crypto);