I have generated a new GPG key to replace my old one which was based on a 1024-bit DSA primary key. The new primary key is 4096-bit RSA. I will be transitioning away from my old one.
The old key will continue to be valid, but i prefer all future correspondence to use the new key. I would also like this new key to be re-integrated into the web of trust. The online version of this message is signed by both my keys (old and new) to certify the transition.
The old key was:
pub 1024D/A75CBDA0 2003-01-17 Key Fingerprint = F2CE 1B92 EE1F 2C0C E97E 581E 5E56 AAAF A75C BDA0
And the new key is:
pub 4096R/769EE011 2016-08-21 Key Fingerprint = 2AD1 07EA F451 32C8 A991 F4F9 883E C63B 769E E011
To fetch the full key (including a photo uid, which is commonly stripped by public keyservers), you can get it with either of these two commands:
wget -q -O- http://slackware.com/~alien/alien.gpg.asc | gpg --import - wget -q -O- http://alienbase.nl/alien.gpg.asc | gpg --import -
Or, to fetch my new key from a public key server, you can simply do:
gpg --keyserver pgp.mit.edu --recv-key 769EE011
If you already know my old key, you can now verify that the new key is signed by the old one:
gpg --check-sigs 769EE011
If you don’t already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:
gpg --fingerprint 769EE011
If you are satisfied that you’ve got the right key, and the UIDs match what you expect, I’d appreciate it if you would sign my key:
gpg --sign-key 769EE011
Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system):
gpg --armor --export 769EE011 | mail -s 'GPG Signatures' alien@slackware.com
Or you can just upload the signatures to a public keyserver directly:
gpg --keyserver pgp.mit.edu --send-key 769EE011
Please let me know if there is any trouble, and sorry for the inconvenience.
Eric
Some reading material in case you too want to transition to a new key or even want to start using GPG:
- https://www.apache.org/dev/key-transition.html
- https://ekaia.org/blog/2009/05/10/creating-new-gpgkey/
- https://danielpocock.com/rsa-key-sizes-2048-or-4096-bits
- https://wiki.archlinux.org/index.php/GnuPG
Note:
The above text is based on a “gpg-transition-document” template which seems to be pretty widely used on the Internet for purposes of GPG key transitioning. My own text (the one of this blog post) can also be found here: http://www.slackware.com/~alien/gpg_transition_20160821.txt . That text file has been digitally signed with my old and new keys so that you can verify the correctness of my statements.
Recent comments