-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256,SHA1 Date: Sun Nov 3 15:15:31 CST 2013 For a number of reasons[0], i've recently set up a new OpenPGP key, and will be transitioning away from my old one. The old key will continue to be valid for some time (end of 2013), but i prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. the old key was: pub 1024D/C47442F9AB07BB91 2009-02-21 [expires: 2014-01-02] Key fingerprint = 009B FBEB 4C32 52E1 D0B6 7BB6 C474 42F9 AB07 BB91 And the new key is: pub 4096R/5CF8E50C793D209B 2013-11-03 [expires: 2014-11-03] Key fingerprint = B82F C4C2 213C 7CAC EB17 E59C 5CF8 E50C 793D 209B To fetch the full key from a public key server, you can simply do: gpg --keyserver keys.riseup.net --recv-key 5CF8E50C793D209B If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs 5CF8E50C793D209B If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 5CF8E50C793D209B If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key. You can do that by issuing the following command: ** NOTE: if you have previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the keyserver ** gpg --sign-key 5CF8E50C793D209B I'd like to receive your signatures on my key. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system): gpg --export 5CF8E50C793D209B | gpg --encrypt -r 5CF8E50C793D209B --armor | mail -s 'OpenPGP Signatures' gergely@imreh.net Additionally, I highly recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations, and other updates in a timely manner. You can do regular key updates by using parcimonie[1] to refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring. I also highly recommend checking out the excellent Riseup GPG best practices doc, from which I stole most of the text for this transition message[2] ;-) Please let me know if you have any questions, or problems, and sorry for the inconvenience. Imreh Gergely [0]: https://www.debian-administration.org/users/dkg/weblog/48 [1]: https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/ [2]: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJSdfouAAoJECFZ6eQdOKnrj3EQAMcH6wTh2BLG6PV16CCttS41 CDrkqdFK6wM6dkYiLFL4y+IIzgHq4DXhib9VsW+EjlEDPkfShc2IDmPUsO+uYiyV GhQXXd1M9PLP1teBIek/Fgmii6fLHigIoK/yqgDhVnbl3kqXbadvf+bBpcFZUt6y vwflR2V/vqN8QcKFDQzm2Mfuqmx8tMpvNaCoAxEeU3PwqTCC4MtwCZbtQm1JHPzw l2NsGicZmWoHzYIuMc9ON8lcPrLpPWy1Zg480iZJB+CWe63c7RwywNMvaya2CfJz 51dxIqaDN1HlH+p8SzHYAlaAiwK23hsqoixtT13/7Bv8ZNOqexh+nF64h+wz4qoX oC+KeCAEWme863sim8P2xfxiPm7Wj2XrdqK3oz04UdtzyzYBiZHrCD1Htx73Ubmw DfOQoScKVYaZhbjrqVuMkKq5HxpYl3laRsDIGEGE8RtKndth5KgM+MHehZAPzNDY I5iqheV7J/b7ln6dbAaYeiAsVLB1oiLQ8REd5AnBpw+JBcZoxNZ22/1/nckAWS6Z 5//pcGsl5bYpKDJ128qsOVc2ESHjT85CSukfTNT0osDcb9XXQ9vjUSGDdfpzaxFf yHgQ6HlLHj4OxUEFk/bCtYl0YDMscT27qvRimsJM0IEqtpSiMjf0qrvS5ws8NbgE KrY0A27dDsnS4ocee/FdiEYEARECAAYFAlJ1+i4ACgkQxHRC+asHu5F7EACg0+J7 t6eoMtrUcAih7ObPynwdqIgAnR+820h/BgayCq/HuexJvKBkUUoP =sg5/ -----END PGP SIGNATURE-----