Policy

Configure legacy hashing algorithm

This policy setting allows you to configure whether Office displays a digital signature as legacy when it contains specific hash algorithms. If you enable this policy setting, you can specify the weakest hash algorithm that Office treats as legacy. You can specify any of the following algorithms: - MD5 - SHA1 - SHA256 - SHA384 If you don’t configure this policy setting, Office treats digital signatures containing SHA1 or better as valid. For example, if you set SHA256 as the legacy hashing algorithm, Office treats SHA384 signatures as valid.

Policy
Pack Microsoft Office
Category Microsoft Office 2016 / Security Settings / Digital Signatures
Policy ID 47b4ebc062b7
Internal name L_SelectDigitalSignatureLegacyHashingAlgorithm

Registry

Copy registry mappings

HKCU\software\policies\microsoft\office\16.0\common\signatures\legacyhashalg

Policy notes

This policy setting allows you to configure whether Office displays a digital signature as legacy when it contains specific hash algorithms. If you enable this policy setting, you can specify the weakest hash algorithm that Office treats as legacy. You can specify any of the following algorithms: - MD5 - SHA1 - SHA256 - SHA384 If you don’t configure this policy setting, Office treats digital signatures containing SHA1 or better as valid. For example, if you set SHA256 as the legacy hashing algorithm, Office treats SHA384 signatures as valid.

Related policies

Check the XAdES portions of a digital signatureConfigure invalid DSA public key sizeConfigure invalid hashing algorithmConfigure invalid RSA public key sizeConfigure legacy DSA public key sizeConfigure legacy RSA public key sizeConfigure minimum DSA public key size