Configure legacy hashing algorithm

This policy setting allows you to configure whether Office displays a digital signature as legacy when it contains specific hash algorithms.

If you enable this policy setting, you can specify the weakest hash algorithm that Office treats as legacy. You can specify any of the following algorithms:
- MD5
- SHA1
- SHA256
- SHA384

If you don't configure this policy setting, Office treats digital signatures containing SHA1 or better as valid.

For example, if you set SHA256 as the legacy hashing algorithm, Office treats SHA384 signatures as valid.

Supported on: At least Windows 7



  1. MD5
    Registry HiveHKEY_CURRENT_USER
    Registry Pathsoftware\policies\microsoft\office\16.0\common\signatures
    Value Namelegacyhashalg
    Value TypeREG_SZ
    Valuemd5
  2. SHA1
    Registry HiveHKEY_CURRENT_USER
    Registry Pathsoftware\policies\microsoft\office\16.0\common\signatures
    Value Namelegacyhashalg
    Value TypeREG_SZ
    Valuesha1
  3. SHA256
    Registry HiveHKEY_CURRENT_USER
    Registry Pathsoftware\policies\microsoft\office\16.0\common\signatures
    Value Namelegacyhashalg
    Value TypeREG_SZ
    Valuesha256
  4. SHA384
    Registry HiveHKEY_CURRENT_USER
    Registry Pathsoftware\policies\microsoft\office\16.0\common\signatures
    Value Namelegacyhashalg
    Value TypeREG_SZ
    Valuesha384


office16.admx

Administrative Templates (Computers)

Administrative Templates (Users)