-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Date: 2015-01-12 22:06:16 For a number of reasons[0], i've recently set up a new OpenPGP key, and will be transitioning away from my old one. The old key has been revoked and i prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. the old, revoked key was: pub 2048R/0x599941C9289B331B 2014-03-10 [revoked: 2015-01-08] Key fingerprint = 3A9A 47C7 1691 E8CE C432 7F3A 5999 41C9 289B 331B and the new key is: pub 4096R/0x759FAB2A315C4F96 2015-01-08 [expires: 2017-01-07] Key fingerprint = 6407 AA64 A185 A8E0 6CBB 1629 759F AB2A 315C 4F96 To fetch the full key from a public key server, you can simply do: gpg --keyserver pool.sks-keyservers.net --recv-key '6407 AA64 A185 A8E0 6CBB 1629 759F AB2A 315C 4F96' If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs '' If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint '' If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key. You can do that by issuing the following command: ** NOTE: if you have previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the keyserver ** gpg --sign-key '' I'd like to receive your signatures on my key. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system): gpg --export '' | gpg --encrypt -r '' --armor | mail -s 'OpenPGP Signatures' Additionally, I highly recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations, and other updates in a timely manner. You can do regular key updates by using parcimonie[1] to refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring. I also highly recommend checking out the excellent Riseup GPG best practices doc, from which I stole most of the text for this transition message ;-) https://we.riseup.net/debian/openpgp-best-practices Please let me know if you have any questions, or problems, and sorry for the inconvenience. Dimi 0. https://www.debian-administration.org/users/dkg/weblog/48 1. https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/ - -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUtDwUAAoJEHWfqyoxXE+WeEwP/RGMqBKXSjCjghEVIWL67lKv w3QiQ2vkfUJesR+d5csy1Q5YU86GDR2YXUY2RAKSElwrufEfWGfHNP3V5aeC9VKa uaV6Gfe/CfES6vf9rTcrsYp041gO9c20x2biB86DtMNhM3OTghzT0UZKQahPN1MD JDmR+TFipXs4d6VjhjOjfovu8YUt4IToILmVSvtNzgMzb9h/v4Tb3waRiQVeyHwX k49feIdyhv6K4rpQbjf114ejT8e5D1Vkk6ZC1H20DYRJqqYNFWWWUamzLWNU+N1D +j/8ALqgeXhHjTpQXAmXYS3qnTIjRKxibN9L1I4RKH4QoSikwxA1tu3Gov3QRMhr UuBwMoLixhegKMtwQxvgFVLtpAzgGeL7nkfK4Z2ELVy4Q1W1Qi5rNgEoV5+P9oUC bzgijrbpIdkKHiQA4FQEPsOQ+ZaLHT26FwGEKBcqf9E39H6kcomDGG53Zyg2N/ZG E2obywWTBBSH8/oY1JGK0j6oP7k5gvd8fytmWsgWCe22n/XrRqsYI8zJ6wWZh5hy TFqP5zmSqKxJwaSZTwg0j8j41d+ShDaHVvGNR9FGUAKQ/QQ/UEVqie5XN9jEn3E4 VaKCHr9Z7nD0NQeg19REUqUF8gdvWDbb9Oiw4RpJ9ZscBclLfcYL1G271RQoTAsU SLjsCgIx3rE0KaElnU2N =jY9H - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJUtRlhAAoJEFmZQckomzMbS/kIAI4+eOTWA8n1wok6IxSlaCgE kimUmaxGm5pWPQAP2RZ5CbvtF6ulssbu2RHGuEmxpFa6mDwGzOKTvkUju8a8exrF dqAjwGqBr09XS3zLOBfKgBBiIx1CEaqf3im2Uojv19KQeqUKEfqgbIS6EmqvcR1I qT/djBN+ydJhp4gjh0J/kcCx0OB47mOVvt8yR1RacmosJ2MWhbPRFdFKjnvQ3GNw QdT5CNVi4PrK4Q/chAtsDu2wCaJxBpHmz/3ynNN6RgJAnQdbNOtsSRfOK07n+I57 ebHnvNusK3Hzpjsl8DT2gsQQoI/OEsH+jN0chul5wkn/xHNs9AtDO7J+XpY0zZg= =8ZRE -----END PGP SIGNATURE-----