Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 417 other subscribers

My Favourites

Slackware

Calendar

February 2019
M T W T F S S
« Jan    
 123
45678910
11121314151617
18192021222324
25262728  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

RSS SBo

Meta

Transitioning to a new GPG key

 

I have generated a new GPG key to replace my old one which was based on a 1024-bit DSA primary key. The new primary key is 4096-bit RSA. I will be transitioning away from my old one.

The old key will continue to be valid, but i prefer all future correspondence to use the new key. I would also like this new key to be re-integrated into the web of trust. The online version of this message is signed by both my keys (old and new) to certify the transition.

The old key was:

pub 1024D/A75CBDA0 2003-01-17
 Key Fingerprint = F2CE 1B92 EE1F 2C0C E97E 581E 5E56 AAAF A75C BDA0

And the new key is:

pub 4096R/769EE011 2016-08-21
 Key Fingerprint = 2AD1 07EA F451 32C8 A991 F4F9 883E C63B 769E E011

To fetch the full key (including a photo uid, which is commonly stripped by public keyservers), you can get it with either of these two commands:

wget -q -O- http://slackware.com/~alien/alien.gpg.asc | gpg --import -
 wget -q -O- http://alienbase.nl/alien.gpg.asc | gpg --import -

Or, to fetch my new key from a public key server, you can simply do:

gpg --keyserver pgp.mit.edu --recv-key 769EE011

If you already know my old key, you can now verify that the new key is signed by the old one:

gpg --check-sigs 769EE011

If you don’t already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:

gpg --fingerprint 769EE011

If you are satisfied that you’ve got the right key, and the UIDs match what you expect, I’d appreciate it if you would sign my key:

gpg --sign-key 769EE011

Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system):

gpg --armor --export 769EE011 | mail -s 'GPG Signatures' alien@slackware.com

Or you can just upload the signatures to a public keyserver directly:

gpg --keyserver pgp.mit.edu --send-key 769EE011

Please let me know if there is any trouble, and sorry for the inconvenience.

Eric

Some reading material in case you too want to transition to a new key or even want to start using GPG:

Note:
The above text is based on a “gpg-transition-document” template which seems to be pretty widely used on the Internet for purposes of GPG key transitioning. My own text (the one of this blog post) can also be found here: http://www.slackware.com/~alien/gpg_transition_20160821.txt . That text file has been digitally signed with my old and new keys so that you can verify the correctness of my statements.

 

Comments

Comment from kjhambrick
Posted: November 10, 2016 at 15:37

Thanks Eric !

All set here.

— kjh

Comment from Tonus
Posted: November 10, 2016 at 15:41

Thanks Eric for giving a full process, useful and interesting.

As usual shall I say…

BTW great to see you’re still there and hope your new job is at least as great as the former one.

Comment from Alexander
Posted: November 10, 2016 at 18:24

Thanks!
There is a problem with copy-pasting commands like:
gpg –keyserver pgp.mit.edu –recv-key 769EE011

Double dash converted to some nonstandard dash.

Comment from alienbob
Posted: November 10, 2016 at 22:43

I have changed the commands to “preformatted text” which will make the double-dashes visible again. But the .txt file I link to also has properly formatted text that can be copied and pasted.

Comment from Jen
Posted: November 11, 2016 at 17:43

Thanks for the reminder. I should regenerate a PGP key. I used to use one all the time, but got out of the habit.

Comment from gegechris99
Posted: November 11, 2016 at 23:29

I uploaded your signed key to a public keyserver.

Comment from Mike Coddington
Posted: November 14, 2016 at 15:04

Eric,
If you’re interested, I can get you an invite to Keybase which is kind of like an enhanced idea of a keyserver. https://keybase.io is its URL. Actually, I’m going to put an invite link here. Other people, don’t be jerks and grab it. If someone got to it before you did Eric, drop me an email.
https://keybase.io/inv/e6a2240562

Comment from alienbob
Posted: November 14, 2016 at 21:25

Hi Mike.

I consumed that invite and I am going to investigate the scope and usefulness of that site and its tech. Thanks.

Comment from Tonus
Posted: December 9, 2016 at 17:42

Hi Eric,
I might have missed something or being posting that in the wrong place :
When I use your repo with slackpkg+ I’ve got a gpg error on the kde_frameworks repo (url http://bear.alienbase.nl/mirrors/alien-kde/current/testing/x86_64/kde/frameworks/CHECKSUMS.md5)
Is there something I can do on my side ?
Regards

Comment from alienbob
Posted: December 9, 2016 at 19:42

Do not use the /current/testing/ repository please. It is not up to date. Use the /current/latest/ or the /14/2/latest/ repository, those are being maintained.

Comment from Tonus
Posted: December 9, 2016 at 20:31

I knew I had to pay more attention : I now remember reading something about it…

Thank you and sorry for the noise!

Comment from Geremia
Posted: December 21, 2016 at 17:44

I’m not sure if this is related to your changing to a new key, but I keep getting gpg errors when trying to install, with slackpkg:

libktorrent-2.0.1-x86_64-1alien.txz

from:

https://bear.alienbase.nl/mirrors/alien-kde/current/latest/x86_64/kde/applications-extra/libktorrent-2.0.1-x86_64-1alien.txz

I ran “slackpkg update gpg,” but it’s using your old key.

Comment from alienbob
Posted: December 21, 2016 at 20:49

Geremia, the GPG signature for that package _is_ bad. I just verified. I need to re-create that one.
And by the way, I am still using the old GPG key for my package repositories.

Comment from Geremia
Posted: December 24, 2016 at 22:19

I still get an MD5SUM error with libktorrent-2.0.1-x86_64-1alien.txz:

==============================================================================
WARNING! One or more errors occurred while slackpkg was running
——————————————————————————
libktorrent-2.0.1-x86_64-1alien.txz.asc: md5sum
libktorrent-2.0.1-x86_64-1alien.txz.asc: md5sum

Comment from alienbob
Posted: December 24, 2016 at 22:42

Yeah I did not generate the MD5SUMS file again after fixing the .asc file.
Live with it for now. You know it is still the correct file despite the error. Next month with the new ktown update, this issue will be gone.

Write a comment