Skip to content

#6055 Add ALLOW_INSECURE_SHA1_HASH flag support#6065

Closed
martgil wants to merge 6 commits intomasterfrom
issue-6055-add-flag-for-allowing-insecure-sha1-hash
Closed

#6055 Add ALLOW_INSECURE_SHA1_HASH flag support#6065
martgil wants to merge 6 commits intomasterfrom
issue-6055-add-flag-for-allowing-insecure-sha1-hash

Conversation

@martgil
Copy link
Collaborator

@martgil martgil commented Aug 20, 2025

This PR adds a new client configuration flag called ALLOW_INSECURE_SHA1_HASH in goal of supporting keys generated from a legacy system.

close #6055

Tests (delete all except exactly one):

  • Tests added or updated

To be filled by reviewers

I have reviewed that this PR... (tick whichever items you personally focused on during this review):

  • addresses the issue it closes (if any)
  • code is readable and understandable
  • is accompanied with tests, or tests are not needed
  • is free of vulnerabilities
  • is documented clearly and usefully, or doesn't need documentation

@martgil martgil requested a review from sosnovsky as a code owner August 20, 2025 07:55
@martgil martgil marked this pull request as draft August 20, 2025 07:56
@martgil
Copy link
Collaborator Author

martgil commented Aug 20, 2025

Currently trying to write a test for this change.

sosnovsky
sosnovsky reviewed Sep 3, 2025
View reviewed changes
extension/chrome/settings/setup.ts
Comment on lines +126 to +130
if (this.clientConfiguration.shouldAllowInsecureSha1Hash() && typeof opgp !== 'undefined') {
opgp.config.rejectHashAlgorithms = new Set([...defaultRejectedHashAlgo]);
} else {
opgp.config.rejectHashAlgorithms = new Set([...defaultRejectedHashAlgo, opgp.enums.hash.sha1]);
}
Copy link
Collaborator

@sosnovsky sosnovsky Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @martgil, I think we shouldn't completely disable SHA1 algorithm with rejectHashAlgorithms property, as we already show error error verifying signature: Insecure hash algorithm: SHA1. Sender is using old, insecure OpenPGP software. when user verifies message signed with sha1 key.
Disabling sha1 entirely would also make it impossible for users to decrypt older messages encrypted with sha1 keys.
So let's just remove opgp.config.rejectHashAlgorithms property altogether.

Copy link
Collaborator Author

@martgil martgil Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand completely, Roma, sorry. I'll be closing this PR and proceed with removing the rejectHashAlgorithms property in openpgp configuration.

@martgil martgil closed this Sep 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sosnovsky sosnovsky sosnovsky left review comments

Assignees

No one assigned

Labels

in progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add configuration flag for allowing SHA1 hash algorithm

2 participants

@martgil @sosnovsky