http://bugzilla.opensuse.org/show_bug.cgi?id=1208478 http://bugzilla.opensuse.org/show_bug.cgi?id=1208478#c3 --- Comment #3 from Bernhard Wiedemann <bwiedemann@suse.com> --- The timestamp is only one part. The more tricky part is that a random key is generated (in my test I had only replaced /dev/(u)random with /dev/zero to avoid that randomness = https://github.com/bmwiedemann/reproducible-faketools/blob/master/reproducib... ). But if it is meant to secure something, we probably do not want everyone to be able to reproduce the same private key. Or would it not matter? This makes it tricky. For secure-boot, we keep the private key in OBS and use https://github.com/openSUSE/pesign-obs-integration/ to unpack+sign+repack. But even that is not so nice. -- You are receiving this mail because: You are on the CC list for the bug.