-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Date: Sunday 18 May 2014 I've set up a new OpenPGP key and will be transitioning away from my old one. The old key is valid for about another six months however I'd prefer all correspondence to come to the new one from now on. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. My old key was: pub 1024D/0x5CB47B59375422A6 2006-02-23 [expires: 2014-11-10] Key fingerprint = 7F0D 81CA 1630 8179 CC31 B364 5CB4 7B59 3754 22A6 My new key is: pub 4096R/0x2227CBD64C497218 2014-05-16 [expires: 2017-05-15] Key fingerprint = C045 AD3B B3A4 865D BA02 C2EB 2227 CBD6 4C49 7218 To fetch the new key directly from me you can do: wget -q -O- https://richardskingdom.net/publickey.asc | gpg --import - Or to fetch it from a public key server: gpg --keyserver pool.sks-keyservers.net --recv-key '0x2227CBD64C497218' The key is also available on keybase.io: https://keybase.io/graphiclunarkid/key.asc If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs '0x2227CBD64C497218' If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint '0x2227CBD64C497218' If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key. You can do that by issuing the following command: ** NOTE: if you have previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the keyserver ** gpg --sign-key '0x2227CBD64C497218' I'd like to receive your signatures on my key. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system): gpg --export '0x2227CBD64C497218' | gpg --encrypt -r '0x2227CBD64C497218' \ --armor | mail -s 'OpenPGP Signatures' richard@richardskingdom.net Or you can upload them directly to a keyserver: gpg --keyserver pool.sks-keyservers.net --send-keys '0x2227CBD64C497218' I recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations and other updates in a timely manner. You can do regular key updates by using parcimonie[1] to refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring. I also recommend checking out the Riseup GPG best practices doc, from which I stole most of the text for this transition message ;-) https://we.riseup.net/debian/openpgp-best-practices Please let me know if you have any questions, or problems, and sorry for the inconvenience. Richard. 1. https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTeLx5AAoJEPJ9mHxIhJ0oYhwP/0UBVPYOhwbWz2ENWxgLr0wy EThSBIhY4+4HcFgVJnVfkFz/Nr6u+mtJEEL9aUGqHzc/G8UUvUmfWad0TWTrTqia MIa0qw5qsgnuu8heBR1fSavQBOdXlyOy3FcZfXcS7oCJHBdesKgy/ouHZjX4tMFt KNyJf/w6uXGwhn3WYwTxDreU6y8GP5cx8DbDjyLvKNjP3pq98w/rG8KlcvY6m8aG Lc7HayuT28LPjyz5cS2NZkfMt+myflNKf0KP1VGXfCqYOP8I2qtgC8KVxezhdc0J 1Ih7Puc5FDeq8F2Brs2x+mxK/bS3Z6oFVqJ374yJd7bv1NUJXE9SgAZvFm6bABNq FdjqyH9lUdaJANKVcj4L/pkb0bznAKSmb2SLyRe3uWbyrO4DcHBzuuxLPmMXvKhg XMDLMVbNO5sjOcuf3Dr5uRF4r70E4mXXJ6wFceQw3PM/JTVbPZkAk5zYUqkmKwD0 BzQEcVuy7rLKjzGP3Wynef0VIPpkFSwVhxlbm4WdeHHF0aMcsP8f4U2i2yczjiW8 BMJf7ASFI5CnFOyDpwKw9HAdDXjsXskB1vdmtOUCNHYRVbDU6/3Gl3aXgO4Scjoq C7kXEKymiyrcRp3jra7OgnQHalHOfr+x0yj+THQNlLNxGTtQcKOBEcPUi+tu2iIz aLb0bNEgKfICR8bQ5Gz0iQEcBAEBCgAGBQJTeLx5AAoJENHvj29xrr0XYhwH/2Bo sNoJSa5ul/hI9lTo84gUXWarg/GOXiO8JkqNJl2iDN1eABFtXhBydlVZX4mlV3HM hWoTcwFGvtLmTbSZYo5N9H+UWEEkL4cFljvw6iOutTzBhUsCNoXvEyoZXIaqV00f T9dunG7FbS1jT6xSc+y+FCXWyUfucVArI4A3EIsKm3+W4LdnYclO386QZPGcoy+L jHrUUA7Tta6ZXJjUm9WmJpRpFb5mc0lDVGPETTEbgYZwa1iYTZqKNFb45gAPN0il o29jkpm/e3669s6BtDv0IqoaZ7yvKVZO9UEkz+9LSl+XsFQoGrPC+LcniFsOBoah VWPOoZlSt196QkeyFGo= =rPJa -----END PGP SIGNATURE-----