Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/html/wp-includes/post-template.php on line 284

key-transition-2016

I am transitioning my GPG key from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time but I prefer all new correspondance to be encrypted with the new key. I will be making all signatures going forward with the new key.

I have created a transition statement that can be downloaded from http://www.saltando.net/wp-content/uploads/2016/04/key-transition-2016.txt.asc.

Below is the signed statement.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA512

I am transitioning GPG keys from an old 1024-bit DSA key to a new
4096-bit RSA key. The old key will continue to be valid for some
time, but I prefer all new correspondance to be encrypted in the new
key, and will be making all signatures going forward with the new key.

This transition document is signed with both keys to validate the
transition.

If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.

The old key, which I am transitional away from, is:

pub 1024D/C66E8D32 2008-05-19
Key fingerprint = CA33 CA06 5AAA AD24 CDE5 1CC7 7884 E8C5 C66E 8D32

The new key, to which I am transitioning, is:

pub 4096R/BF16E645 2016-04-08
Key fingerprint = 2838 40C7 C94E 4092 E7D6 4CBF CF71 65D4 BF16 E645

To fetch the full new key from a public key server using GnuPG, run:

gpg --keyserver keys.gnupg.net --recv-key CF7165D4BF16E645

If you have already validated my old key, you can then validate that
the new key is signed by my old key:

gpg --check-sigs CF7165D4BF16E645

If you then want to sign my new key, a simple and safe way to do that
is by using caff (shipped in Debian as part of the "signing-party"
package) as follows:

caff CF7165D4BF16E645

Please contact me via e-mail at if you have any
questions about this document or this transition.

Joan Fisbein
joan@fisbein.com
2016-04-08
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlcHfGAACgkQeIToxcZujTL1VACgmVJXpV1afjX7gjEeCLG7sCM/
ZOQAoKLtPfn53Z/ETmWUo3uwtXijtw/IiQIbBAEBCgAGBQJXB3xgAAoJEM9xZdS/
FuZF+hoP+JCuCaW1FcxcgCwr5Frc2c6a9kZ9JLljCCfdRM/JJoYBrEg6sZhYiEYp
Fy0S2XR0skB02pjcJOXn8xIxkPv1GsCou0cQD1tYJ3fIbDYnN5xxoyGc/pDhrG6l
b0rFXg83qjtLb0t8NaUHON6ocETCAXawwbmeDlqDSnxN+k7teKAvh+NxoxVQpjkL
TnpTHmMM0Wf4nug4SWyD2ugZwqpZBqtMzPTsIE6pdGus7NIySf0AYiEL/FiO3oAy
MIn522PkkxFZXFOGdhHYE8wUFebcBtMYBgHfLSOHfVgheNmIasMlm4kMlmcLfdIb
zVeEyfg6B32SPBQ9cW+o1U6i0+X0PZ0c/E0olT7CrHWYy8HUfW78DhKivzQ5Y2WG
b7gUV8FJX4pUziHzV63W3iiDmcgtW9Qn8ywURpYjAdeKsWSJrSAMz984ulglklqE
7rIDgkEmnEom05nZXqlc/O3+Z0Vgs6oOZj52o7txmsiACotQJQm7p/BPbkjzpai8
y1p5+JP3NUtEq/1WSBW5czy7ME4RFVrYXPD8WkB3SHkJ22pSgT01X/rsEqd+adKO
pBXBgIS+yJG+eq4jrcdA16IGnfZGke/ad6stOgPyi6HDm/CmJDlvTcTkGPaKwmrZ
jnqtNx2F58Ig8fn6en3V8yBX6SpcQ6qKCGPh9jcWNL4ASkP2eeo=
=I4s3
-----END PGP SIGNATURE-----

For easier access, I have also published it in text format. You can check it with:


$ gpg --keyserver keys.gnupg.net --recv-key CF7165D4BF16E645
gpg: requesting key BF16E645 from hkp server keys.gnupg.net
gpg: key BF16E645: "Joan Fisbein " not changed
gpg: Total number processed: 1
gpg: unchanged: 1
$ curl http://www.saltando.net/wp-content/uploads/2016/04/key-transition-2016.txt.asc | \
> gpg --verify

I now need to gather some signatures for the new key. If this is appropriate for you, please sign the new key if you signed the old one.