Ramblings about stuff

New GPG key: transition statement

There is a text-only, digitally-signed version of this post available here.

My old OpenPGP key was generated in 1998 and the key length, 1024-bit DSA, is now considered too short for current security purposes. Therefore I am transitioning to a new key. The new key is a 8192-bit RSA key: I’m using a particularly long key because I plan to keep this one for some time.

The old key will continue to be valid for some time, but I’d prefer all future correspondence to use the new one. I will start creating signatures with the new key immediately.

I would like this new key to be integrated into the web of trust. Please read the digitally-signed version of this post to certify the transition.

If you previously signed my key, I will send a copy of this transition statement to the primary email address on your GPG key which you used to sign it.

The old key:

1024D/CD28DA92 1998-07-05
Key fingerprint = AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Dave Ewart

And the new key is:

8192R/378BB197 2013-01-18
Key fingerprint = CF3A 93EF 01E6 16C5 AE7A 1D27 45E1 E473 378B B197
Dave Ewart

To fetch my new key from a public key server, you can simply do:

gpg --keyserver --recv-key 378BB197

If you already know my old key, you can verify that the new key is signed by the old one:

gpg --check-sigs 378BB197

If you don’t already know my old key, or you just want to be double check, you can check the fingerprint against the one above:

gpg --fingerprint 378BB197

If you are satisfied that you’ve got the right key, and the UIDs match what you expect, I’d appreciate it if you would sign my key:

gpg --sign-key 378BB197

Lastly, if you could upload these signatures, I would appreciate it. You can just upload the signatures to a public keyserver directly:

gpg --keyserver --send-key 378BB197

I’m happy to handle any encrypted email challenge prior to signing or further verification if required: just let me know.


Comments are closed.