SignatureHash and MailEncryptionAlgorithms

0 votes
asked Apr 26 by minam (210 points)

We used to use default algorithms (SHA1 for hash and TripleDES for encryption) while sending secure Emails.

If I was to change these defaults to SHA512 for hash and AES256; what effect would it have for the recipients? Do they also need to make modifications on their end?

Please bear in mind that this will be used as written statement for our customers.

Best Regards,

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Apr 26 by Lukas Pokorny (85,590 points)

The recipients S/MIME implementation would have to support 256-bit AES encryption and RSA with SHA-512 hash algorithm, otherwise they would be unable to decrypt the e-mail or verify its signature.

This means that they have to support Section 2.1 of RFC 3565 (AES in CMS) and Sections 2.4 and 3.2 of RFC 5754 (SHA-2 in CMS).

Most contemporary implementations support this.