Comment # 6 on bug 1081723 from Dennis Knorr

just some cents from 'a fips guy':
Yes, the not-reproducibility is very likely because DSA needs for every
signature randomness to be injected (like the salt petr cerny mentioned). Which
of course breaks the reproducible approach.

There are two possibilites:

1. Either maintain some (secret) randomness, which additionally with the
private keys is used. I do not know if the implementations support that.
2. Implement deterministic signing algorithms as bernhard already mentioned
with the IETF RFC.


The issue is: Libgcrypt and OpenSSL both implement deterministic variants of
DSA. Mozilla NSS does not as far as i am aware. 

Implementing this is a headache, which would make option 1 perhaps a bit more
interesting because it might be easier telling shlibsign "please use this
randomness instead of getrandom/devurandum".


Also, currently i only see deterministic elliptic curve DSA in a variant
covered for FIPS but it is possible, that this is ONLY a problem if package
signing has to run in FIPS mode.