[MlMt] Note that the SHA1 hash...

Matthias Schmidt beta at admilon.net
Sun Jul 18 10:12:26 EDT 2021


Hello,

I kicked the SHA1 from this list and it fixed the problem I think:
gpgme_hash_algo_t GPGME_MD_MD5 GPGME_MD_RMD160 GPGME_MD_MD2 GPGME_MD_TIGER GPGME_MD_HAVAL GPGME_MD_SHA256 GPGME_MD_SHA384 GPGME_MD_SHA512 GPGME_MD_SHA224 GPGME_MD_MD4 GPGME_MD_CRC32 GPGME_MD_CRC32_RFC1510 GPGME_MD_CRC24_RFC2440

none of the other 3 settings did anything here:
>>> cert-digest-algo SHA512
>>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224

cheers
Matthias

On 2 Mar 2021, at 8:44, Thomas Kahle wrote:

> Hi,
>
> On 2 Mar 2021, at 0:45, Matthias Schmidt via mailmate wrote:
>>> On 1 Mar 2021, at 16:57, Matthias Schmidt via mailmate wrote:
>>>>> Hi do you use PGP for signing or encrypting mail?  Some time back I had to update my ~/.gnupg/gpg.conf file with this line:
>>>>>
>>>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>>>>>
>>>>> ...to stop MailMate complaining about SHA1 digests.
>>>>
>>>> still not working, now I get this message:
>>>> Risk analysis	The hash function used for the message digest has been obsoleted due to security concerns. You should change your OpenPGP settings to use a stronger hash algorithm for the digest (such as SHA256).
>>>
>>> I use these three:
>>>
>>> cert-digest-algo SHA512
>>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>>>
>>> I think the first might be what you are looking for.
>>
>> I have 2 gpg.conf files:
>> one here:  ~/.gnupg/gpg.conf
>> and the othere here: /usr/local/MacGPG2/etc/skel/.gnupg/gpg.conf
>>
>> I added those lines above in both config files, as it is not clear to me which one is used.
>> BUT, I still get this signing Alert The hash function used …
>> More ideas how to remove this SHA1 hash please?
>>
>
> Are you on the latest version of MacGPG?  You can get info on the command line with
>
> gpg --version
>
> It will at least show you which config file directory it is looking in.  Usually it should be ~/.gnupg/gpg.conf.
>
> I’m not sure how to continue.  When exactly does the message occur?  When you sign something?
>
> Also you wrote
>> My keys are set to DSA or RSA
>> How can I fix this?
>
> I’m unsure what this means.  You can see which keys you have with
>
> gpg --list-secret-keys
>
> If you rely on 1024 bit DSA keys, it might be time to move to longer keys, but I’m not sure if using a 1024 bit key generates any warnings on gpg and if so, starting with which version.
>
>> btw, this appeared after upgrading to BigSur.
>
> Did you also update GPGSuite?  I’m using MacGPG 2.2.20 from GPG Suite 2020.2.
>
> Cheers,
> Thomas
>
>
> --
> Thomas Kahle
> https://www.thomas-kahle.de
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210718/bc861669/attachment.sig>


More information about the mailmate mailing list