-
GPG/OpenPGP Key Transition Statement
As time marches on, and computers grow ever more powerful, it's clear that it's possible for well-funded organizations to compromise my old GPG/OpenPGP key.
I'm transitioning my GPG/OpenPGP key from an old 1024-bit DSA key to a new 4096-bit RSA key.
- The old key will continue to be valid for one year.
- I prefer all new correspondence to be encrypted with the new key.
- I would like this new key to be re-integrated into the web of trust.
The Key Transition Statement below is signed by both keys to certify the transition.
The Key Transition Statement is also obtainable at the following URL:
https://www.pariahzero.net/GPG/GPG-Transition_Statement-546C244B15279DFF.md.asc
My new public key is downloadable from the following URL:
-
Signed Transition Statement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1,SHA512 Fri Jan 15 17:00:00 MST 2016 # GPG/OpenPGP Key Transition Statement # As time marches on, and computers grow ever more powerful, it's clear that it's possible for well-funded organizations to compromise my old GPG/OpenPGP key. I'm transitioning my GPG/OpenPGP key from an old 1024-bit DSA key to a new 4096-bit RSA key. * The old key will continue to be valid for one year. * I prefer all new correspondence to be encrypted with the new key. * I would like this new key to be re-integrated into the web of trust. This transition document is signed by both keys to certify the transition. The old key was: pub dsa1024/C77F6510 2008-10-21 Key fingerprint = DEDC 320A 3F2A 26F9 B10B C439 8EF4 6B5D C77F 6510 And the new key is: pub rsa4096/15279DFF 2016-01-15 [expires: 2017-01-14] Key fingerprint = F2FF 8921 60E9 4EAE BE15 DBB9 546C 244B 1527 9DFF To fetch the full key (including a photo uid, which is commonly stripped by public keyservers), you can get it with: wget -q -O- https://www.pariahzero.net/GPG/546C244B15279DFF.gpg \ | gpg --import - Or, to fetch my new key from a public key server, you can simply execute: gpg --keyserver pool.sks-keyservers.net --recv-key 546C244B15279DFF If you already know my old key, you can verify that the new key is signed by the old one: gpg --check-sigs 8EF46B5DC77F6510 If you don't know my old key, or you just want to be doubleplus cautious, you can check the new key's fingerprint against the one listed above: gpg --fingerprint 546C244B15279DFF If you the following conditions have been met, I'd appreciate it if you would sign my key: * You want to sign my key * You are satisfied that you've got the correct key * You are satisfied that User IDs in the key match what you expect You can sign my key in a number of ways, including: gpg --sign-key 546C244B15279DFF Lastly, if you could upload these signatures, I would appreciate it. You can either: * Send me an e-mail with the new signatures * If you have a functional MTA on your system: gpg --armor --export 546C244B15279DFF | \ mail -s 'OpenPGP Signatures' ttelford@me.com * Upload the signature to a public keyserver directly: gpg --keyserver pool.sks-keyservers.net --send-key 546C244B15279DFF Please contact me if you have any questions about this transition. Thanks, Troy Telford -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlaavDgACgkQjvRrXcd/ZRDniwCeLVe5y3T7pRtpcW6UP/CAfi/P xBMAoOGNUxe1mku3R/VuMSrQl70LB/COiQIcBAEBCgAGBQJWmrw4AAoJEHy6h9vg gtzfEWYQAK1BvTMy0MhHQtnziQl+dfyQ8+dAyS0RY2xx1VouXfNGIEPyh95oxSlI h3AM3fIXRmYkUpG+VrY4aYOBvbYuDD1S/7EvLrwl7DrvR98K/wSpwa2XnPVWBP/d 7LwSjowCo8ThzjJwuDEczGj8bQpD8qK8WnUkfOVHFoXDDktj3rCE+w+MVW6EUurs 7PFWV6METZGgyOPiV7B6zsT0IXQdCergiOLJW7xScvFu+JjwKRRliQ8YPlwhwHl7 8R1mkG2J7RvZV6e0wk/jwjwwlgeyIt2ese/jIYNYfIDFvPgMCb48AVmxgd/L5CYC U+noYsQrUYI0b0nBglCUEoMV3MIfi33Rjsy1Ri15+9+4bSaixHuBLmxU4EMqW0gF j2kSJPwIopjehxCE4OTwUb+PX7tHPtJs8PEcqjtWs++Hi56wnK9RKFGS9MaE3Yuz l48C9NKLBvGemEi4jNX5DDWq0TXF7m0UleFzI1rE5kwJlCMDAHtvtnz02xu+PDay fFWdrHJEG4zwC+1wd982mM8G7pHUbzHnZKKBhcExmg60Mg5Iw71n+PLeyuyuNCRi fTdIs1u0KUiyFnQn3K1KTRxea0GyZGP8xf5tePLG9sJQf2g5brLys68o2gQae3lk ysV9ucfl00i+SnKMx6IKXIfGfQiuZFHAClw/JaivD/xJdlzsVx8B =Jp0i -----END PGP SIGNATURE-----