Hi, I wrote up some notes and ideas on how to do backups of private keys, which is needed for sigsum primary-secondary failover. I would hope the way I propose (if it actually works) could be implemented on a Tillitis key. I have no idea if something like that is supported by yubico hsm, but I think Linus is investigating. See https://git.glasklar.is/sigsum/project/documentation/-/blob/main/archive/202..., all comments and feedback appreciated. /Niels