The Sigsum team is happy to release a new version of key-mgmt. This package includes scripts and documentation for managing signing keys and backups using YubiHSM hardware, and sigsum-agent, an SSH agent that can act as an Ed25519 signing oracle for a key that is either stored on disk, or residing in a HSM. The release can be checked out from the git repository as git clone -b v0.2.5 https://git.glasklar.is/sigsum/core/key-mgmt.git Changes in this release are rather modest, see NEWS excerpt below. However, the preceding v0.2.x updates were not previously announced on the mailing list or documented in NEWS; reconstructed NEWS entries for these releases are therefore also included below. If you find any bugs, please report them on the sigsum-general@lists.sigsum.org mailing list or open an issue on the repository in GitLab. / The Sigsum team NEWS for key-mgmt v0.2.5 This release includes a workaround for issues when sigsum-agent and yubihsm-connector are started or restarted concurrently. * sigsum-agent: New --retry option, to retry connecting to the yubihsm connector at startup. NEWS for key-mgmt v0.2.3 This release improves provisioning, and corresponds to the provisioning of log and witness keys for the services operated by Glasklar Teknik AB. * provisioning: Improve provisioning scripts and documentation thereof. E.g., include provisioned public keys in output files, and do test signatures and validation. NEWS for key-mgmt v0.2.1 This release includes improvements for the sigsum-agent tool. Incompatible changes: * sigsum-agent: New name, renamed from yubihsm-agent. Features: * sigsum-agent: Print socket name to stdout only if the agent generated a random name, and it is running as a daemon. * sigsum-agent: Add support for writing a pid file.