Folks, We have encountered a case where merchants are using Java SDK for PGP encryption and it has SHA1 default signature and so is the InsecureAllowUnauthenticatedMessages kept as False.
while performing decryption we are receieving Err: Insecure signature , Security wise we are not allowed to keep this value to be set as default, but the buisness requirement need this support, If we are allowed to do it I would love to add the changes.
Folks, We have encountered a case where merchants are using Java SDK for PGP encryption and it has SHA1 default signature and so is the
InsecureAllowUnauthenticatedMessageskept as False.while performing decryption we are receieving
Err: Insecure signature, Security wise we are not allowed to keep this value to be set as default, but the buisness requirement need this support, If we are allowed to do it I would love to add the changes.