diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index ccc31c41..07695c59 100644
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -1486,6 +1486,10 @@ int crypt_volume_key_get(struct crypt_device *cd,
  * @param volume_key_size size of @e volume_key
  *
  * @return @e 0 on success or negative errno value otherwise.
+ *
+ * @note Negative EPERM return value means that passed volume_key
+ * 	 did not pass digest verification routine (not a valid volume
+ * 	 key).
  */
 int crypt_volume_key_verify(struct crypt_device *cd,
 	const char *volume_key,
diff --git a/lib/setup.c b/lib/setup.c
index af59500c..8ff9f512 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -4980,10 +4980,6 @@ int crypt_volume_key_verify(struct crypt_device *cd,
 	else
 		r = -EINVAL;
 
-
-	if (r == -EPERM)
-		log_err(cd, _("Volume key does not match the volume."));
-
 	crypt_free_volume_key(vk);
 
 	return r >= 0 ? 0 : r;
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 30acc9a1..e36b48cf 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -1797,6 +1797,8 @@ static int action_luksAddKey(void)
 			goto out;
 
 		r = crypt_volume_key_verify(cd, key, keysize);
+		if (r == -EPERM)
+			log_err(_("Volume key does not match the volume."));
 		check_signal(&r);
 		if (r < 0)
 			goto out;