OpenPGP key transition

Leave a Comment Posted by on August 15, 2010

I’ve recently set up a stronger (4096R) OpenPGP key, and will be transitioning away from my old (1024D) one. To a large extent this is about being able to use the SHA-2 family for signatures.

The old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. Please see this statement signed with both keys, certifying the transition.

The old key was:

pub   1024D/FAF2463A 2006-11-20
      Key fingerprint = 4947 BB72 9192 8645 CC8B  F142 8AF2 8D1C FAF2 463A

The new key is:

pub   4096R/13CD4F59 2010-07-11
      Key fingerprint = AFEB 2D24 4715 3F0D 9250  8A8B 5882 A0DC 13CD 4F59
uid                  Andreas Olsson
uid                  Andreas Olsson
uid                  Andreas Olsson
uid                  Andreas Olsson
sub   4096R/9A943D4A 2010-07-11

To fetch my new key from a public key server, you can simply do:

  $ gpg --keyserver pool.sks-keyservers.net --recv-key 0x13CD4F59

If you already know my old key, you can now verify that the new key is signed by the old one:

  $ gpg --check-sigs 0x13CD4F59

If you are satisfied that you’ve got the right key, and the UIDs match what you expect, I’d appreciate it if you would sign my key:

  $ gpg --sign-key 0x13CD4F59

Lastly, if you could upload these signatures, I would appreciate it:

  $ gpg --keyserver pool.sks-keyservers.net --send-key 0x13CD4F59

Please let me know if there is any trouble, and sorry for the inconvenience.

Other , ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.