The Sigsum team is happy to release a new version of key-mgmt.
This package includes scripts and documentation for managing signing keys and backups using YubiHSM hardware, and sigsum-agent, an SSH agent that can act as an Ed25519 signing oracle for a key that is either stored on disk, or residing in a HSM.
The release can be checked out from the git repository as
git clone -b v0.2.5 https://git.glasklar.is/sigsum/core/key-mgmt.git
Changes in this release are rather modest, see NEWS excerpt below. However, the preceding v0.2.x updates were not previously announced on the mailing list or documented in NEWS; reconstructed NEWS entries for these releases are therefore also included below.
If you find any bugs, please report them on the sigsum-general@lists.sigsum.org mailing list or open an issue on the repository in GitLab.
/ The Sigsum team
NEWS for key-mgmt v0.2.5
This release includes a workaround for issues when sigsum-agent and yubihsm-connector are started or restarted concurrently.
* sigsum-agent: New --retry option, to retry connecting to the yubihsm connector at startup.
NEWS for key-mgmt v0.2.3
This release improves provisioning, and corresponds to the provisioning of log and witness keys for the services operated by Glasklar Teknik AB.
* provisioning: Improve provisioning scripts and documentation thereof. E.g., include provisioned public keys in output files, and do test signatures and validation.
NEWS for key-mgmt v0.2.1
This release includes improvements for the sigsum-agent tool.
Incompatible changes:
* sigsum-agent: New name, renamed from yubihsm-agent.
Features:
* sigsum-agent: Print socket name to stdout only if the agent generated a random name, and it is running as a daemon.
* sigsum-agent: Add support for writing a pid file.