I am transitioning my GPG key from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time but I prefer all new correspondance to be encrypted with the new key. I will be making all signatures going forward with the new key.
I have created a transition statement that can be downloaded from http://www.saltando.net/wp-content/uploads/2016/04/key-transition-2016.txt.asc.
Below is the signed statement.
-----BEGIN PGP SIGNED MESSAGE-----
I am transitioning GPG keys from an old 1024-bit DSA key to a new
4096-bit RSA key. The old key will continue to be valid for some
time, but I prefer all new correspondance to be encrypted in the new
key, and will be making all signatures going forward with the new key.
This transition document is signed with both keys to validate the
If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
The old key, which I am transitional away from, is:
pub 1024D/C66E8D32 2008-05-19
Key fingerprint = CA33 CA06 5AAA AD24 CDE5 1CC7 7884 E8C5 C66E 8D32
The new key, to which I am transitioning, is:
pub 4096R/BF16E645 2016-04-08
Key fingerprint = 2838 40C7 C94E 4092 E7D6 4CBF CF71 65D4 BF16 E645
To fetch the full new key from a public key server using GnuPG, run:
gpg --keyserver keys.gnupg.net --recv-key CF7165D4BF16E645
If you have already validated my old key, you can then validate that
the new key is signed by my old key:
gpg --check-sigs CF7165D4BF16E645
If you then want to sign my new key, a simple and safe way to do that
is by using caff (shipped in Debian as part of the "signing-party"
package) as follows:
Please contact me via e-mail at
questions about this document or this transition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
For easier access, I have also published it in text format. You can check it with:
$ gpg --keyserver keys.gnupg.net --recv-key CF7165D4BF16E645
gpg: requesting key BF16E645 from hkp server keys.gnupg.net
gpg: key BF16E645: "Joan Fisbein
gpg: Total number processed: 1
gpg: unchanged: 1
$ curl http://www.saltando.net/wp-content/uploads/2016/04/key-transition-2016.txt.asc | \
> gpg --verify
I now need to gather some signatures for the new key. If this is appropriate for you, please sign the new key if you signed the old one.