Gazdag, Stefan-LukasFriedl, MarkusLoebenberger, DanielDavid, KlausGeihs, KurtLange, MartinStumme, Gerd2019-08-272019-08-272019978-3-88579-688-6https://dl.gi.de/handle/20.500.12116/25014Due to the progress in building quantum computers and the risk of attacks on cryptographic primitives based on quantum algorithms emerging, the development and analysis, but also the deployment of resistant schemes is an important research area. Hash-based signatures are a very promising candidate since they have been analyzed and improved for years. Nevertheless, there are some peculiarities that need consideration when using hash-based signatures in practice, for example the statefulness of some of the primitives. Fortunately, by now more and more experience is gained in real-world scenarios. In this paper we detail the troubles we encountered when using hash-based signatures in practice and study the most important use case for hash-based signatures: software or code signing.enPost-Quantum CryptographyHash-based SignaturesXMSSSoftware UpdatesshPost-Quantum Software UpdatesText/Conference Paper10.18420/inf2019_631617-5468