GPG Key Transition

January 3, 2011 - 2 minute read -

For a number of reasons, I’ve recently set up a new OpenPGP key, and will be transitioning away from my old one.

The old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is also available signed by both keys to certify the transition at:

The old key was:

pub   1024D/934C22D5 2006-09-11
      Key fingerprint = 1005 044E 8956 38A0 95B2  B004 7AE8 E8AC 934C 22D5

And the new key is:

pub   2048R/CF982D18 2011-01-03
      Key fingerprint = D0BF 65B7 DBE2 8DB6 2BED  BF1B 683C 53C7 CF98 2D18

To fetch the full key, you can get it with::

wget -q -O- | gpg --import -

Or, to fetch my new key from a public key server, you can simply do::

gpg --keyserver --recv-key CF982D18

If you already know my old key, you can now verify that the new key is signed by the old one:

gpg --check-sigs CF982D18

If you don’t already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:

gpg --fingerprint CF982D18

If you are satisfied that you’ve got the right key, and the UIDs match what you expect, I’d appreciate it if you would sign my key:

gpg --sign-key CF982D18

Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system)::

gpg --armor --export CF982D18 | mail -s 'OpenPGP Signatures'

Or you can just upload the signatures to a public keyserver directly::

gpg --keyserver --send-key CF982D18

Please let me know if there is any trouble, and sorry for the inconvenience.