[MlMt] Note that the SHA1 hash...
Thomas Kahle
thomas.kahle at jpberlin.de
Tue Mar 2 02:44:45 EST 2021
Hi,
On 2 Mar 2021, at 0:45, Matthias Schmidt via mailmate wrote:
>> On 1 Mar 2021, at 16:57, Matthias Schmidt via mailmate wrote:
>>>> Hi do you use PGP for signing or encrypting mail? Some time back I had to update my ~/.gnupg/gpg.conf file with this line:
>>>>
>>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>>>>
>>>> ...to stop MailMate complaining about SHA1 digests.
>>>
>>> still not working, now I get this message:
>>> Risk analysis The hash function used for the message digest has been obsoleted due to security concerns. You should change your OpenPGP settings to use a stronger hash algorithm for the digest (such as SHA256).
>>
>> I use these three:
>>
>> cert-digest-algo SHA512
>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>>
>> I think the first might be what you are looking for.
>
> I have 2 gpg.conf files:
> one here: ~/.gnupg/gpg.conf
> and the othere here: /usr/local/MacGPG2/etc/skel/.gnupg/gpg.conf
>
> I added those lines above in both config files, as it is not clear to me which one is used.
> BUT, I still get this signing Alert The hash function used …
> More ideas how to remove this SHA1 hash please?
>
Are you on the latest version of MacGPG? You can get info on the command line with
gpg --version
It will at least show you which config file directory it is looking in. Usually it should be ~/.gnupg/gpg.conf.
I’m not sure how to continue. When exactly does the message occur? When you sign something?
Also you wrote
> My keys are set to DSA or RSA
> How can I fix this?
I’m unsure what this means. You can see which keys you have with
gpg --list-secret-keys
If you rely on 1024 bit DSA keys, it might be time to move to longer keys, but I’m not sure if using a 1024 bit key generates any warnings on gpg and if so, starting with which version.
> btw, this appeared after upgrading to BigSur.
Did you also update GPGSuite? I’m using MacGPG 2.2.20 from GPG Suite 2020.2.
Cheers,
Thomas
--
Thomas Kahle
https://www.thomas-kahle.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 520 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210302/4403631a/attachment.sig>
More information about the mailmate
mailing list