The Sigsum team is happy to release a new version of key-mgmt.
This package includes scripts and documentation for managing signing
keys and backups using YubiHSM hardware, and sigsum-agent, an SSH agent
that can act as an Ed25519 signing oracle for a key that is either
stored on disk, or residing in a HSM.
The release can be checked out from the git repository as
git clone -b v0.2.5 https://git.glasklar.is/sigsum/core/key-mgmt.git
Changes in this release are rather modest, see NEWS excerpt below.
However, the preceding v0.2.x updates were not previously announced on
the mailing list or documented in NEWS; reconstructed NEWS entries for
these releases are therefore also included below.
If you find any bugs, please report them on the
sigsum-general(a)lists.sigsum.org mailing list or open an issue on the
repository in GitLab.
/ The Sigsum team
NEWS for key-mgmt v0.2.5
This release includes a workaround for issues when sigsum-agent
and yubihsm-connector are started or restarted concurrently.
* sigsum-agent: New --retry option, to retry connecting to the
yubihsm connector at startup.
NEWS for key-mgmt v0.2.3
This release improves provisioning, and corresponds to the
provisioning of log and witness keys for the services operated by
Glasklar Teknik AB.
* provisioning: Improve provisioning scripts and documentation
thereof. E.g., include provisioned public keys in output files,
and do test signatures and validation.
NEWS for key-mgmt v0.2.1
This release includes improvements for the sigsum-agent tool.
Incompatible changes:
* sigsum-agent: New name, renamed from yubihsm-agent.
Features:
* sigsum-agent: Print socket name to stdout only if the agent
generated a random name, and it is running as a daemon.
* sigsum-agent: Add support for writing a pid file.
