-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA512
Date: 22 JUNE 2014
For a number of reasons[0], I've recently set up a new OpenPGP key,
and will be transitioning away from my old one.
The old key will continue to be valid for some time, but i prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust. This message is
signed by both keys to certify the transition.
the old key was:
sec 1024D/0x8CC387DA097F5468 2004-07-14
Key fingerprint = 0FAC 6A6C D9D5 134C C87E 4FF3 8CC3 87DA 097F 5468
And the new key is:
sec 4096R/0xD08FC082B8E46E8E 2014-06-22 [expires: 2019-06-21]
Key fingerprint = F744 94B0 7042 6B14 BB90 D283 D08F C082 B8E4 6E8E
To fetch the full key from a public key server, you can simply do:
gpg --keyserver keys.riseup.net --recv-key
If you already know my old key, you can now verify that the new key is
signed by the old one:
gpg --check-sigs 0xD08FC082B8E46E8E
If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:
gpg --fingerprint 0xD08FC082B8E46E8E
If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key. You can
do that by issuing the following command:
**
NOTE: if you have previously signed my key but did a local-only
signature (lsign), you will not want to issue the following, instead
you will want to use --lsign-key, and not send the signatures to the
keyserver
**
gpg --sign-key 0xD08FC082B8E46E8E
I'd like to receive your signatures on my key. You can either send me
an e-mail with the new signatures (if you have a functional MTA on
your system):
gpg --export 0xD08FC082B8E46E8E | gpg --encrypt -r '$your_fingerprint' --armor | mail -s 'OpenPGP Signatures' serge@vanginderachter.be
Additionally, I highly recommend that you implement a mechanism to keep your key
material up-to-date so that you obtain the latest revocations, and other updates
in a timely manner. You can do regular key updates by using parcimonie to
refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring
from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits
for each key. The purpose is to make it hard for an attacker to correlate the
key updates with your keyring.
I also highly recommend checking out the excellent Riseup GPG best
practices doc, from which I stole most of the text for this transition
message ;-)
https://we.riseup.net/debian/openpgp-best-practices
Please let me know if you have any questions, or problems, and sorry
for the inconvenience.
If you have a keybase account and if you are into it, you can also check my
keybase page[1].
Serge van Ginderachter
0. https://www.debian-administration.org/users/dkg/weblog/48
1. https://keybase.io/svg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iKYEARECAGYFAlOm06hfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDBGQUM2QTZDRDlENTEzNENDODdFNEZGMzhD
QzM4N0RBMDk3RjU0NjgACgkQjMOH2gl/VGh5QgCdE2dKZly+MECXFfH0WCje9Rpo
/HoAoL+6jQ15wWq0FMrisRx24dX5OtOeiQJ8BAEBCgBmBQJTptOoXxSAAAAAAC4A
KGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRG
NzQ0OTRCMDcwNDI2QjE0QkI5MEQyODNEMDhGQzA4MkI4RTQ2RThFAAoJENCPwIK4
5G6OnB0P/jw77jLrcLlP6GUXTrfui1Pbrk/W6hysplKHPzh53OoVJB0Bq6NARlOz
yptDwRW2LivFNz2M9FxObij+2CDGQ/FoOWdWlKatg9bvqhkQwglpMFNyGDQ/EOxV
a2ObFOySsGU2hXnYvVSUUCc1SMt5M3RKw3264ZsxqIda8o2lqF7ZO9qDijY7peHy
Ll0aPPxlFiqUjN0Q5P4PzoQcWbHDFLDO1Mm+P52gyod/Rh0PrWKOk2kwMEHFBwUd
tgi2jT+W4wv7yAOdvrIwiRpdqAM4be9MPDmXDjYrEHsJrKwqkXfDRRV53ZRFo8f3
bKXSnAV0i2svIEOscNWHhNrpmk5iqzyvr5CeJse7nEjXAP7HntTxPFIvWs2c3dvt
HItslcDcU2ZIrCh3rIi+fv7pcjX6JE/A0CzZkTo294wnGexoIRiRcC7wojS5e3PV
v83NZPRBz7tpPVQaMP74UiXvQpTm2GEiIXYtFkyZFEtyxwfEOY8L50QpMAJ0HXPm
7xH+XIaCcBljgeVoP0VlUecGW6aJubTryNTUimIBUnL7ItWjNLl7uJtDlGdjsOZV
QVgpQ6G3Tx8lDp+qo4SD4YI8zoWK59Ef9MUCSJn3ngWI0dG5jElONqOOY/W1zcyA
ce2wJs8ua79HJV/GXiadtlSCJpG8XfanyvhrvePSCp9O/5mZLnWs
=evlZ
-----END PGP SIGNATURE-----
