The Sigsum team is happy to announce the initial release of the Sigsum C Library (aka sigsum-c or libsigsum), version 1.0.0. See NEWS file, appended below, for a summary of features.

Library documentation is included in the package and online at https://git.glasklar.is/sigsum/core/sigsum-c/-/blob/main/doc/sigsum-c.md.

The release source code can be downloaded using

git clone -b v1.0.0 https://git.glasklar.is/sigsum/core/sigsum-c.git

The v1.0.0 tag is signed using the key

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/xZ+v5e435605MS4BYE89PLcgk8DT5PvuoM2oASnuko

This is the same release key also published for nisse@glasklarteknik.se at https://www.system-transparency.org/keys/allowed-ST-release-signers.

/The Sigsum team

NEWS for the sigsum-c 1.0.0 release

This is the initial release of the sigsum-c library. For API documentation, see doc/sigsum-c.md, for build instructions, see README.md.

When building a shared library from this release, the library name is libsigsum.so.0.0, with soname libsigsum.so.0.

Main features:

* Support for parsing the ASCII representation of Sigsum policy files, Sigsum proofs, and OpenSSH public key files.

* Support for verifying Sigsum proofs. The main verification functions are written with constrained embedded systems in mind. They work with a bytecode representation of the policy's quorum rule, and do not require use of the ASCII representation.

* A command line tool sigsum-c-verify, intended to be compatible with the sigsum-verify tool from the sigsum-go package (the main missing feature in sigsum-c-verify is support for named policies).