[MlMt] Note that the SHA1 hash...

Thomas Kahle thomas.kahle at jpberlin.de
Tue Mar 2 02:44:45 EST 2021


On 2 Mar 2021, at 0:45, Matthias Schmidt via mailmate wrote:
>> On 1 Mar 2021, at 16:57, Matthias Schmidt via mailmate wrote:
>>>> Hi do you use PGP for signing or encrypting mail?  Some time back I had to update my ~/.gnupg/gpg.conf file with this line:
>>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>>>> ...to stop MailMate complaining about SHA1 digests.
>>> still not working, now I get this message:
>>> Risk analysis	The hash function used for the message digest has been obsoleted due to security concerns. You should change your OpenPGP settings to use a stronger hash algorithm for the digest (such as SHA256).
>> I use these three:
>> cert-digest-algo SHA512
>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>> I think the first might be what you are looking for.
> I have 2 gpg.conf files:
> one here:  ~/.gnupg/gpg.conf
> and the othere here: /usr/local/MacGPG2/etc/skel/.gnupg/gpg.conf
> I added those lines above in both config files, as it is not clear to me which one is used.
> BUT, I still get this signing Alert The hash function used …
> More ideas how to remove this SHA1 hash please?

Are you on the latest version of MacGPG?  You can get info on the command line with

gpg --version

It will at least show you which config file directory it is looking in.  Usually it should be ~/.gnupg/gpg.conf.

I’m not sure how to continue.  When exactly does the message occur?  When you sign something?

Also you wrote
> My keys are set to DSA or RSA
> How can I fix this?

I’m unsure what this means.  You can see which keys you have with

gpg --list-secret-keys

If you rely on 1024 bit DSA keys, it might be time to move to longer keys, but I’m not sure if using a 1024 bit key generates any warnings on gpg and if so, starting with which version.

> btw, this appeared after upgrading to BigSur.

Did you also update GPGSuite?  I’m using MacGPG 2.2.20 from GPG Suite 2020.2.


Thomas Kahle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 520 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210302/4403631a/attachment.sig>

More information about the mailmate mailing list