Hi, we sign some files such as grub config, kernel, initrd for a Live DVD so that grub can verify them when the system boots. Most of the DVD ISO builds reproducibly. At the moment I am trying to get also those signatures reproducible. By using faketime, I harmonized the timestamp that is part of the signature. The main difference I see at the moment is the "Digest prefix" Even with lots of searching and reading all sorts of documentation and forum posts, I was not able to figure out how to make the digest prefix constant.
This is one of the commands I use to produce the signature: faketime -f "2025-05-29 00:00:00" gpg --local-user ccc --digest-algo SHA512 -- detach-sign boot/vmlinuz The actual private key is on a YubiKey, but I don't think that makes a difference. Then I examine the signature with: sq packet dump --hex boot/vmlinuz.sig With kind regards Richard This e-mail is for the intended recipient only and may contain confidential and/or privileged information. If you have received this e-mail by mistake, please contact us immediately, completely delete it (and any attachments) and do not forward it or inform any other person of its content. E-mail transmission can involve substantial risks, e.g. content or sender/recipient information could be intercepted or manipulated by third parties, lost, arrive late or incomplete or contain viruses. Based on previous e-mail correspondence with you and/or an agreement reached with you, AMINA considers itself authorized to contact you via e-mail. AMINA assumes no responsibility for any loss or damage resulting from the use of e-mails. We reserve the right to retain, intercept and monitor any messages processed through our networks, if legally permitted. All messages sent to or from our e-mail account are securely archived and stored by an external supplier in Switzerland. Messages are protected an d accessed only in legally justified cases. For information on how AMINA processes personal data, please see our Privacy Notice https : // aminagroup.com / legal-notices .' _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
