I am transitioning GPG keys from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time, but I prefer all new correspondance to be encrypted in the new key, and will be making all signatures going forward with the new key.
Here is my transition statement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I am transitioning GPG keys from an old 1024-bit DSA key to a new
4096-bit RSA key. The old key will continue to be valid for some
time, but I prefer all new correspondance to be encrypted in the new
key, and will be making all signatures going forward with the new key.
This transition document is signed with both keys to validate the
transition.
If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.
The old key, which I am transitional away from, is:
pub 1024D/71AE2C33 2008-05-13 [expires: 2013-06-04]
Key fingerprint = 2C77 1EA9 A279 2B2B CF2A E246 C710 233D 71AE 2C33
The new key, to which I am transitioning, is:
pub 4096R/27415CF9 2013-02-23 [expires: 2018-02-22]
Key fingerprint = 89C9 5CF0 871D 6EC1 0A3F ECD9 741E 93C2 2741 5CF9
To fetch the full new key from a public key server using GnuPG, run:
gpg --recv-key 741E93C227415CF9
If you have already validated my old key, you can then validate that
the new key is signed by my old key:
gpg --check-sigs 741E93C227415CF9
If you then want to sign my new key, a simple and safe way to do that
is by using caff (shipped in Debian as part of the "signing-party"
package) as follows:
caff 741E93C227415CF9
Find contact details at http://nblock.org/about if you have any questions
about this document or this transition.
Florian Preinstorfer
23-02-2013
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEAREKAAYFAlEo2PIACgkQxxAjPXGuLDMhAQCeKkIJQxe6UgogzpDpSQswe/Ms
1woAnAuweKXiy4NSmCxXVYr1hEmbSxKOiQIcBAEBCgAGBQJRKNjyAAoJECHsEPEc
hdl8WoEP+gOW9jDKR2thjzyaIHpFp4NwMl6nRmJf+y2KaoiYMqdKa7VsytRRCC88
JQR/ZWKZoD6qSBwMMvQdicUkpmyo7nmW/HPbyQvtLyx95CkinumnEV/plEcZf5vx
JW1TvWrmKispLmRP+0UUc3sQu/7VCEnJ/6n6f2NKdjKDEQwvPkmfMVNG0AhT+TAb
EhMc8TPdmqYFWbro8daFeaJtSh6+MfA8kKFFfipL93SpGRiU+xYbxvfhEA+rmvQO
1/56y9/OUet6FC9m3rkZTKa3kr9WaTojgxqYX+2caWtV8X1IwHoj7MaLQv26DxSx
FoOdInWwMqZv53KkOLH/ZAA+ULfqpiJ4c8rcAIgg7gMl+Ltpl3CUsWRfiIVpo57v
ibadggcaqemYhtJrAtd8N0Jjg8GssWqPJXV5TQgyJgRqu18xHqjYCFzwzYUkkefD
8JrvGiqAJUN1mxXMB7SXDUb6I7F8IIkz6zBlEUHdGr8WOee0KaUktpCtTAybnL8T
Arot2UgDA4IRSmtS82I4kBhNeo47paoZ0G+cC/rJc260vvZoWlPJSl9pv32p9UHs
5soMy3w+6w3XB8JFshmnSaR97bG6uCs68V3WtyC04d0h9KFEWemh5BRZo2yM6Bas
X+qIeh2f2oyu/iAoBXgaRQftKkQCiX5rdaGLNpO09PeJ0oNoYDoP
=5a9e
-----END PGP SIGNATURE-----
You can also download the above statement from here. Use the following commands to verify the integrity of the transition statement:
$ gpg --recv-key 741E93C227415CF9
$ curl https://nblock.org/2013/02/23/new-gnupg-key/gpg-transition-statement-741E93C227415CF9.txt.asc | gpg --verify