You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FIPS 204 (ML‑DSA) specifies that Pure ML‑DSA signatures encode the input as 0x00 || len(ctx) || ctx || message, where ctx is an application‑defined context string with length ≤ 255 bytes. This is intended for domain separation (e.g., “FIRMWARE” vs “BOOTLOADER”). Without it, signatures may be reinterpreted in unintended domains.
n OpenSSL 3.x, ML‑DSA’s EVP interface already exposes a context-string parameter (OSSL_SIGNATURE_PARAM_CONTEXT_STRING), defaulting to empty; applications can set a non‑empty context for signing and verifying.
SignServer 7.1.x supports ML‑DSA (including ML‑DSA‑87) in Plain Signer, but there is no property or request parameter to set a context string—SignServer can only produce signatures with the empty context today.
Proposed Change
New worker property
CONTEXT_STRING (string; default empty; max 255 bytes).
ALLOW_CONTEXT_OVERRIDE (boolean; default false). If true, allow per‑request override.
New request metadata (effective only if ALLOW_CONTEXT_OVERRIDE=true)
Motivation / Use Case
Proposed Change