There is a text-only, digitally-signed version of this post available here.
My old OpenPGP key was generated in 1998 and the key length, 1024-bit DSA, is now considered too short for current security purposes. Therefore I am transitioning to a new key. The new key is a 8192-bit RSA key: I’m using a particularly long key because I plan to keep this one for some time.
The old key will continue to be valid for some time, but I’d prefer all future correspondence to use the new one. I will start creating signatures with the new key immediately.
I would like this new key to be integrated into the web of trust. Please read the digitally-signed version of this post to certify the transition.
If you previously signed my key, I will send a copy of this transition statement to the primary email address on your GPG key which you used to sign it.
The old key:
1024D/CD28DA92 1998-07-05
Key fingerprint = AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Dave Ewart davee@sungate.co.uk
And the new key is:
8192R/378BB197 2013-01-18
Key fingerprint = CF3A 93EF 01E6 16C5 AE7A 1D27 45E1 E473 378B B197
Dave Ewart davee@sungate.co.uk
To fetch my new key from a public key server, you can simply do:
gpg --keyserver subkeys.pgp.net --recv-key 378BB197
If you already know my old key, you can verify that the new key is signed by the old one:
gpg --check-sigs 378BB197
If you don’t already know my old key, or you just want to be double check, you can check the fingerprint against the one above:
gpg --fingerprint 378BB197
If you are satisfied that you’ve got the right key, and the UIDs match what you expect, I’d appreciate it if you would sign my key:
gpg --sign-key 378BB197
Lastly, if you could upload these signatures, I would appreciate it. You can just upload the signatures to a public keyserver directly:
gpg --keyserver subkeys.pgp.net --send-key 378BB197
I’m happy to handle any encrypted email challenge prior to signing or further verification if required: just let me know.
Thanks.