18-05-2020 09:23 AM
In the security options, I have selected the "SHA512" algorithm for signing S/MIME, but the receiver always gets a signature calculated with "SHA1." It seems that the selection of another algorithm has no effect.
Apart from this, it is important to select a stronger hash as some e-mail services reject low-grade algorithms such as "SHA1," and as a result, such a signature is no longer considered to be trustworthy.
What is the best place to raise issues for the "Samsung Email" app?
20-05-2020 09:16 AM
It can only use SHA512 if both yours and the recipients certificate supports it.
- Did you confirm this already?
-- Hans
20-05-2020 11:12 AM
Actually, the recipient does. I sent the e-mail to myself. I use SHA512 as my default signing algorithm.
The mail which I receive states that the SHA1 algorithm has been used.
What do you mean with "if the recipients certificate supports it?" Algorithm support only depends on the client and the platform it runs on, AFAIK.
21-05-2020 12:55 PM - last edited 21-05-2020 01:01 PM
Developers only consider a bug report when it comes with either exact steps to reproduce and confirm in the lab, or with multiple Me too postings saying something doesn't work.
- Both are so far missing in this case (*)
Logic dictates there's a SHA-1 email certificate installed on your phone in order to create and send SHA-1 signed email. That certificate has to be revoked, then replaced and validated with a SHA-2 certificate from a trusted issuer:
The recipient needs a chain of trust from (the public part of) your certificate, via any and all intermediate certificates, to a root Certification Authority that's trusted on the recipients device - for a digital email signature to be worth anything in the first place.
Recipients may be able to tick a checkbox saying 'Always trust this certificate', for practical reasons. This 'works' with people who know you, but does not add any real trust if the email certificate is used for business purposes.
Regarding your concerns regarding encryption strenght: I'm not aware of any email server for common users that refuse to handle plain text mail. Some may require TLS or SSL for login and transport, but that's a different story.
(*) I don't use email for anything important. It would cost me €'s and hours with a nerdy friend to try reproduce the issue.
- Anyone?
-- Hans
22-05-2020 09:32 PM
It's obvious from your reply you don't understand how certificates work, or how S/MIME works. I have reported your account for abusive behaviour.
24-05-2020 08:01 AM
Let me know where I'm wrong? - I'm happy to learn.
25-05-2020 04:27 PM
Hi guys,
We should be aiming to be educating and learning from one another.
@dannmartens , I've raised this algorithm issue with our software team. Me or one of the other Mods will let you know what the developers say. 👍
26-05-2020 03:29 PM
@dannmartens , Are you able to share the following info for the developers?
28-05-2020 11:28 AM
Hi all,
An update from the developers on this:
"When the "require signed SMIME message" policy is set as true, then the user is not able to change the sign algorithm. In most cases the default is SHA1.
However, if this policy is not forced (So it is set as "false"), then the S/MIME message will be sent according to what is in the Security Settings.
It seems, that the user has had the proper settings selected, but the proper algorithm was not selected (from Security Settings). So the development team has already prepared a fix for that and in one of the future updates it should work fine."
28-05-2020 04:08 PM - last edited 28-05-2020 04:09 PM
Thanks for updating for those concerned @AntS , hopefully a fix soon.
On another point members have various levels of expertise but indeed we all have something to learn. The report function is only there to report inapproprate comments that go against terms and conditions.
I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.