Hi, > We'd need Sequoia to provide some way to provide deterministic > signatures for at least v4 signatures, and probably v6 signatures as > well. I realize that v6 does not intend to allow this, but it is > functionally required for testsuites as well as some cases with > reproducible builds[0].
I’m not sure that’s doable. It might be for RSA signatures (if they use RSASSA-PKCS1-v1_5), but even RSASSA-PSS signatures are non-deterministic already and depend on that non-determinism for their security properties. The same applies for ECDSA signatures by default (there is a deterministic variant in RFC 6979, but RFC 9580 doesn’t mention that RFC, so I’m guessing OpenPGP doesn’t support that). ML-DSA signatures are have a random component by nature. Long-term, it seems like the better solution to not assume that the used signature scheme is deterministic, and change the tests to not expect a fixed hash. Note: I’m not involved with Debian maintenance of this package, just here to provide context. -- Clemens Lang RHEL Crypto Team Red Hat
