GnuPG key transition statement
written on Saturday, February 23, 2013
I am transitioning GPG keys from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time, but I prefer all new correspondance to be encrypted in the new key, and will be making all signatures going forward with the new key.
Here is my transition statement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I am transitioning GPG keys from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time, but I prefer all new correspondance to be encrypted in the new key, and will be making all signatures going forward with the new key. This transition document is signed with both keys to validate the transition. If you have signed my old key, I would appreciate signatures on my new key as well, provided that your signing policy permits that without reauthenticating me. The old key, which I am transitional away from, is: pub 1024D/71AE2C33 2008-05-13 [expires: 2013-06-04] Key fingerprint = 2C77 1EA9 A279 2B2B CF2A E246 C710 233D 71AE 2C33 The new key, to which I am transitioning, is: pub 4096R/27415CF9 2013-02-23 [expires: 2018-02-22] Key fingerprint = 89C9 5CF0 871D 6EC1 0A3F ECD9 741E 93C2 2741 5CF9 To fetch the full new key from a public key server using GnuPG, run: gpg --recv-key 741E93C227415CF9 If you have already validated my old key, you can then validate that the new key is signed by my old key: gpg --check-sigs 741E93C227415CF9 If you then want to sign my new key, a simple and safe way to do that is by using caff (shipped in Debian as part of the "signing-party" package) as follows: caff 741E93C227415CF9 Find contact details at http://nblock.org/about if you have any questions about this document or this transition. Florian Preinstorfer 23-02-2013 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEAREKAAYFAlEo2PIACgkQxxAjPXGuLDMhAQCeKkIJQxe6UgogzpDpSQswe/Ms 1woAnAuweKXiy4NSmCxXVYr1hEmbSxKOiQIcBAEBCgAGBQJRKNjyAAoJECHsEPEc hdl8WoEP+gOW9jDKR2thjzyaIHpFp4NwMl6nRmJf+y2KaoiYMqdKa7VsytRRCC88 JQR/ZWKZoD6qSBwMMvQdicUkpmyo7nmW/HPbyQvtLyx95CkinumnEV/plEcZf5vx JW1TvWrmKispLmRP+0UUc3sQu/7VCEnJ/6n6f2NKdjKDEQwvPkmfMVNG0AhT+TAb EhMc8TPdmqYFWbro8daFeaJtSh6+MfA8kKFFfipL93SpGRiU+xYbxvfhEA+rmvQO 1/56y9/OUet6FC9m3rkZTKa3kr9WaTojgxqYX+2caWtV8X1IwHoj7MaLQv26DxSx FoOdInWwMqZv53KkOLH/ZAA+ULfqpiJ4c8rcAIgg7gMl+Ltpl3CUsWRfiIVpo57v ibadggcaqemYhtJrAtd8N0Jjg8GssWqPJXV5TQgyJgRqu18xHqjYCFzwzYUkkefD 8JrvGiqAJUN1mxXMB7SXDUb6I7F8IIkz6zBlEUHdGr8WOee0KaUktpCtTAybnL8T Arot2UgDA4IRSmtS82I4kBhNeo47paoZ0G+cC/rJc260vvZoWlPJSl9pv32p9UHs 5soMy3w+6w3XB8JFshmnSaR97bG6uCs68V3WtyC04d0h9KFEWemh5BRZo2yM6Bas X+qIeh2f2oyu/iAoBXgaRQftKkQCiX5rdaGLNpO09PeJ0oNoYDoP =5a9e -----END PGP SIGNATURE-----
You can also download the above statement from here. Use the following commands to verify the integrity of the transition statement:
$ gpg --recv-key 741E93C227415CF9 $ curl https://nblock.org/static/files/gpg-transition-statement-741E93C227415CF9.txt.asc | gpg --verify