Deterministic signatures digest prefix
Andrew Gallagher
andrewg at andrewg.com
Thu May 29 17:00:46 CEST 2025
On 29 May 2025, at 15:28, Richard Ulrich via Gnupg-users <gnupg-users at gnupg.org> wrote:
>
> By using faketime, I harmonized the timestamp that is part of the signature. The
> main difference I see at the moment is the "Digest prefix"
> Even with lots of searching and reading all sorts of documentation and forum
> posts, I was not able to figure out how to make the digest prefix constant.
The digest prefix is not an input to the signature calculation, but an output. If it is not constant, it is because some other input to the signing process is not constant. Are you sure this is the only place where the signature packets differ? (Other than the algorithm-specific data)
> This is one of the commands I use to produce the signature:
>
> faketime -f "2025-05-29 00:00:00" gpg --local-user ccc --digest-algo SHA512 --
> detach-sign boot/vmlinuz
>
> The actual private key is on a YubiKey, but I don't think that makes a
> difference.
Is the created signature packet using that exact timestamp? What signature algorithm are you using?
A
More information about the Gnupg-users
mailing list