Hello, I kicked the SHA1 from this list and it fixed the problem I think: gpgme_hash_algo_t GPGME_MD_MD5 GPGME_MD_RMD160 GPGME_MD_MD2 GPGME_MD_TIGER GPGME_MD_HAVAL GPGME_MD_SHA256 GPGME_MD_SHA384 GPGME_MD_SHA512 GPGME_MD_SHA224 GPGME_MD_MD4 GPGME_MD_CRC32 GPGME_MD_CRC32_RFC1510 GPGME_MD_CRC24_RFC2440
none of the other 3 settings did anything here: >>> cert-digest-algo SHA512 >>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 >>> ZLIB BZIP2 ZIP Uncompressed >>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224 cheers Matthias On 2 Mar 2021, at 8:44, Thomas Kahle wrote: > Hi, > > On 2 Mar 2021, at 0:45, Matthias Schmidt via mailmate wrote: >>> On 1 Mar 2021, at 16:57, Matthias Schmidt via mailmate wrote: >>>>> Hi do you use PGP for signing or encrypting mail? Some time back I had >>>>> to update my ~/.gnupg/gpg.conf file with this line: >>>>> >>>>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224 >>>>> >>>>> ...to stop MailMate complaining about SHA1 digests. >>>> >>>> still not working, now I get this message: >>>> Risk analysis The hash function used for the message digest has been >>>> obsoleted due to security concerns. You should change your OpenPGP >>>> settings to use a stronger hash algorithm for the digest (such as SHA256). >>> >>> I use these three: >>> >>> cert-digest-algo SHA512 >>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 >>> ZLIB BZIP2 ZIP Uncompressed >>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224 >>> >>> I think the first might be what you are looking for. >> >> I have 2 gpg.conf files: >> one here: ~/.gnupg/gpg.conf >> and the othere here: /usr/local/MacGPG2/etc/skel/.gnupg/gpg.conf >> >> I added those lines above in both config files, as it is not clear to me >> which one is used. >> BUT, I still get this signing Alert The hash function used … >> More ideas how to remove this SHA1 hash please? >> > > Are you on the latest version of MacGPG? You can get info on the command > line with > > gpg --version > > It will at least show you which config file directory it is looking in. > Usually it should be ~/.gnupg/gpg.conf. > > I’m not sure how to continue. When exactly does the message occur? When you > sign something? > > Also you wrote >> My keys are set to DSA or RSA >> How can I fix this? > > I’m unsure what this means. You can see which keys you have with > > gpg --list-secret-keys > > If you rely on 1024 bit DSA keys, it might be time to move to longer keys, > but I’m not sure if using a 1024 bit key generates any warnings on gpg and if > so, starting with which version. > >> btw, this appeared after upgrading to BigSur. > > Did you also update GPGSuite? I’m using MacGPG 2.2.20 from GPG Suite 2020.2. > > Cheers, > Thomas > > > -- > Thomas Kahle > https://www.thomas-kahle.de > _______________________________________________ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate
signature.asc
Description: OpenPGP digital signature
_______________________________________________ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate