We'll see | Matt Zimmerman

a potpourri of mirth and madness

Posts Tagged ‘OpenPGP

New OpenPGP key

I’ve recently set up a new GPG key, and will be transitioning away from my old one. I have done this in order to migrate to a larger RSA key and stronger hash functions, and NOT due to any known key compromise. The old key will continue to be valid for some time, but future correspondence should use the new one wherever possible.

I have created a transition document and signed it with both keys, a summary of which is included here for reference.

I would also like to ensure that this new key is well-integrated into the web
of trust.  This message is signed by both keys to certify the transition.

The old key was:

pub   1024D/43E25D1E 2000-03-30
      Key fingerprint = E86D 8583 92CB FD92 70AD  43DC 02BC 42B7 43E2 5D1E

The new key is:

pub   4096R/AE426944 2010-01-04
      Key fingerprint = A243 3192 1670 F006 0A97  500A 8A11 1B5C AE42 6944
sub   4096R/9C92EE9E 2010-01-04

To fetch my new key from a public key server, you can run:

  gpg --keyserver pgp.mit.edu --recv-keys AE426944

If you already know my old key, you can now verify that the new key is
signed by the old one:

  gpg --check-sigs AE426944

If you have previously signed my old key, and you're satisfied that you've got
the correct new key, then I'd appreciate it if you would sign my new key as

  gpg --sign-key AE426944
  gpg --keyserver pgp.mit.edu --send-key EF584970 

(or use the caff(1) tool if you prefer)

Written by Matt Zimmerman

March 25, 2010 at 17:50