-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date: 2013-08-05T17:25:00PDT Due to the dated key sizes of my old key, the ongoing transition away from SHA1 in OpenPGP and the desire for an offline master key I've recently set up a new OpenPGP key, and will be transitioning away from my old one. The old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. the old key was: pub 1024D/0xD771E87520CBD918 2010-01-06 [expires: 2015-04-12] Key fingerprint = 5D99 D929 93FE EE79 1645 D77A D771 E875 20CB D918 And the new key is: pub 4096R/0x7D964D3361142ACF 2013-07-28 [expires: 2023-07-26] Key fingerprint = 60D 9167 F8D9 3913 3564 E571 7D96 4D33 6114 2ACF To fetch the full key from a public key server, you can simply do: gpg --keyserver na.pool.sks-keyservers.net --recv-key 0x7D964D3361142ACF If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs 0x7D964D3361142ACF If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 0x7D964D3361142ACF If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key. You can do that by issuing the following command: ** NOTE: if you have previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the keyserver ** gpg --sign-key 0x7D964D3361142ACF I'd like to receive your signatures on my key. You can send me the output of this command after signing: gpg --export 0x7D964D3361142ACF | gpg --encrypt -r 0x7D964D3361142ACF --armor Additionally, I highly recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations, and other updates in a timely manner. You can do regular key updates by using parcimonie[0] to refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring. I also recommend checking out the excellent Riseup GPG best practices doc, from which I stole most of the text for this transition message ;-) https://we.riseup.net/riseuplabs+paow/openpgp-best-practices Please let me know if you have any questions, or problems, and sorry for any inconvenience. Max R.D. Parmer 503.380.7455 503.725.3368 [0]: https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iKYEARECAGYFAlIAQ1lfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDVEOTlEOTI5OTNGRUVFNzkxNjQ1RDc3QUQ3 NzFFODc1MjBDQkQ5MTgACgkQ13HodSDL2RhwuwCfcVkXiogA+w9F//4Pfeq4qH4e WNAAnAjBHwfYfCzwZuADa/DR7AgTjkIl =8lJf - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQJ8BAEBCgBmBQJSAEO9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1REI3REQxQUQ3Nzg5NUNDQTFBMEZEQ0NE ODdFM0VENjdERDRERTlEAAoJENh+PtZ91N6dVAgP/0qtwZalsAbQJfl41OK62QfE SDjYtL4Y7/qx/enISj5B7r3JgEGvDmj4N322DpA/ogj6n2im6SMBeZtVYs1sipGq hCi1cCxIkb213yvxUIEhZ/0M48BsjV2ZWCHGvr1Az0ms/68MboR1H4/rqrcgQj15 Eiyv0F+nrVmU/4kXVZ7/+aIxBC1YSmB36KBSSTYppRiP/qwFaCLSx/rEGJdnLGlF J0kMkeFttmpFFfLn1T8gwgan3P+5uLmMAdJjafKoA3VIZIx8JjimqZoFOhG+v/+O Lq5lmDILCFAr3Am77bzEwMErOAjCaHqwNVanK9xqBcejXQTpDpC+aHIQSD6L9Lmg LKztNbWF7ZVhW987ZQ8RUjHB1sAzzV1cgR+yMAiKRDobSS1YA6Umy0IR7j8UD/bT aWZxuoEz3H4VG8EfpNM03PJVinT4k6tc8g3UXk2Xk+jw6tRaknaLjQv5/37Bz5e/ zAxUKWK4UWynxEaFKAyFxWbmIbFdMl1xYWHupYtN321FFjuwtb47MAyBP6Jqvu5h NPPJo56oXe3d9b78MkjSwF6S791W3rS+h0TsaMPv8Nf9ZqqV7DRKxyCEF9O6N2lW SrLXW5iCYFeJUzK6uzM7NjtKWQ73RHSOAmdEX59qwIc//gre9+1l3VMMvtmXeIQz nb6AeQkWgWsck6zucnO6 =Keee -----END PGP SIGNATURE-----