[MlMt] Note that the SHA1 hash...

[Matthias Schmidt]

that didn’t work :(
Anybody else any idea how can i get rid of that message?
Thanks
Matthias

On 18 Jul 2021, at 16:12, Matthias Schmidt via mailmate wrote:

> Hello,
>
> I kicked the SHA1 from this list and it fixed the problem I think:
> gpgme_hash_algo_t GPGME_MD_MD5 GPGME_MD_RMD160 GPGME_MD_MD2 GPGME_MD_TIGER GPGME_MD_HAVAL GPGME_MD_SHA256 GPGME_MD_SHA384 GPGME_MD_SHA512 GPGME_MD_SHA224 GPGME_MD_MD4 GPGME_MD_CRC32 GPGME_MD_CRC32_RFC1510 GPGME_MD_CRC24_RFC2440
>
> none of the other 3 settings did anything here:
>>>> cert-digest-algo SHA512
>>>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>
> cheers
> Matthias
>
> On 2 Mar 2021, at 8:44, Thomas Kahle wrote:
>
>> Hi,
>>
>> On 2 Mar 2021, at 0:45, Matthias Schmidt via mailmate wrote:
>>>> On 1 Mar 2021, at 16:57, Matthias Schmidt via mailmate wrote:
>>>>>> Hi do you use PGP for signing or encrypting mail?  Some time back I had to update my ~/.gnupg/gpg.conf file with this line:
>>>>>>
>>>>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>>>>>>
>>>>>> ...to stop MailMate complaining about SHA1 digests.
>>>>>
>>>>> still not working, now I get this message:
>>>>> Risk analysis	The hash function used for the message digest has been obsoleted due to security concerns. You should change your OpenPGP settings to use a stronger hash algorithm for the digest (such as SHA256).
>>>>
>>>> I use these three:
>>>>
>>>> cert-digest-algo SHA512
>>>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>>>>
>>>> I think the first might be what you are looking for.
>>>
>>> I have 2 gpg.conf files:
>>> one here:  ~/.gnupg/gpg.conf
>>> and the othere here: /usr/local/MacGPG2/etc/skel/.gnupg/gpg.conf
>>>
>>> I added those lines above in both config files, as it is not clear to me which one is used.
>>> BUT, I still get this signing Alert The hash function used …
>>> More ideas how to remove this SHA1 hash please?
>>>
>>
>> Are you on the latest version of MacGPG?  You can get info on the command line with
>>
>> gpg --version
>>
>> It will at least show you which config file directory it is looking in.  Usually it should be ~/.gnupg/gpg.conf.
>>
>> I’m not sure how to continue.  When exactly does the message occur?  When you sign something?
>>
>> Also you wrote
>>> My keys are set to DSA or RSA
>>> How can I fix this?
>>
>> I’m unsure what this means.  You can see which keys you have with
>>
>> gpg --list-secret-keys
>>
>> If you rely on 1024 bit DSA keys, it might be time to move to longer keys, but I’m not sure if using a 1024 bit key generates any warnings on gpg and if so, starting with which version.
>>
>>> btw, this appeared after upgrading to BigSur.
>>
>> Did you also update GPGSuite?  I’m using MacGPG 2.2.20 from GPG Suite 2020.2.
>>
>> Cheers,
>> Thomas
>>
>>
>> --
>> Thomas Kahle
>> https://www.thomas-kahle.de
>> _______________________________________________
>> mailmate mailing list
>> mailmate at lists.freron.com
>> https://lists.freron.com/listinfo/mailmate
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210724/de9949a5/attachment.sig>