On Fri, Mar 19, 2021 at 11:10:22AM +0100, Filip Janus wrote:
I am the maintainer of Mutt package in Fedora and RHEL. I would like to ask, how Mutt deal with the SHA-1 hash algorithm.
The TLS Cert prompts show SHA256 and SHA-1 hashes now. I don't think there are any places we default to SHA-1 only, but if I missed something please someone reply.
I found the default usage of sha-1 in the file crypt-gpgme.c .
No, I don't believe that is the case. GPGME attempts to find the hash algorithm used in the signature. The comments says *older* versions of GPGME didn't support obtaining that value for S/MIME and so it assumed the signature was made using SHA-1. Mutt isn't actually *using* SHA-1 here, and recent GPGME should give us the actual value.
So my question is, is there the ability to drop SHA-1 or force Mutt to use sha256 everywhere?
The contrib/smime.rc specifies sha256 for classic mode (i.e. direct invocation of openssl). There is no Mutt configuration value for gpg settings. I believe that is controlled via the gpg.conf file.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
