GPG Key Transition Statement

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

I am transitioning my GPG key from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for a period of time, but I will be using the new key in all future cases. I will be making all signatures going forward with the new key.

This transition document is signed with both keys to validate the transition.

If you have signed my old key, I would appreciate signatures on my new key as well, provided that your signing policy permits that without reauthenticating me.

The old key I am transitioning from is:

pub   1024D/D5E5A1A5 2009-05-02 [expires: 2016-11-09]
Key fingerprint = F157 91A3 8A8A 7CC4 F3BA  897E DED5 9D59 D5E5 A1A5

The new key I am transitioning to is:

pub   4096R/37BEB021 2015-11-15 [expires: 2020-11-13]
Key fingerprint = D8A5 6061 25C3 28B7 2264  2B39 3E13 4DD2 37BE B021

To fetch the full new key from a public key server using GnuPG, run:

gpg –keyserver keys.gnupg.net –recv-key 3E134DD237BEB021

If you have already validated my old key, you can then validate that the new key is signed by my old key:

gpg –check-sigs 3E134DD237BEB021

If you are satisfied that you’ve got the right key, and the User IDs match what you expect, I would appreciate it if you would sign my key:

gpg –sign-key 3E134DD237BEB021

You can upload your signatures to a public keyserver directly:

gpg –keyserver keys.gnupg.net –send-key 3E134DD237BEB021

Please contact me via e-mail at <me AT cprofitt.com> if you have any questions about this document or this transition.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCAAGBQJWSBTRAAoJED4TTdI3vrAhwTYQAMFjRnmZcu6tsgjtjiy6QSWh
0jF1aFIV6SJqKJWXXyIDOIiCNILY5A2w95jkklBv1jQGNAgLUXkDAnBhOyMU5MU7
RYqy/Yddx2QqWTFs8mpo2Km3DJzOkwO/JDvle8hDGKwHTVKmQ5FSSWjelZTA48eY
FHKPn7KL9BNUuRYJqZx9gJdxfpAvZUs7ET31NrRliprDjzq65YF2caP+9LxgNwu6
CSDnCrVH4VOT7ViH5nAUae/qb/s1BmXh7MEfYdlcuDKKP6pkHuN1wEsiOjd/UdI8
88kjTS903G1lqda57kEutEnkJbaH71v6rmd0O4wu4QqQoiMS2tolyc6ChfT+VIvk
6VTihXyrpl1dwh5otx6D6774G0m/9/MVT8utkgffu2/su2lWwXqlcqduNiggm3Vp
YapQq5mZRRSAZ/stCN9xzF1yiKtwPyDZZQu5y6KUuFpWU6U4Sd8R/owcw97XdKjs
+ESrnUrJG9WrGBM1595zXoIIRVJ5JCWLizovseWaQW+chkONYrD94plOfaJwPbkP
wv1jkumdGty+s1h8QTBZ2+v8Q2R4HuQA61RCWZZdorj76K+HoYPAyeWhtyAF6Uoe
gF2oE55FBszikZtTVykVR6jVDon4gORvGFYtLUsmIoWJTZaK7TlxNw6Lwaf+dTGm
xdD92K45+YcW2enTPIjp
=Cm9K
—–END PGP SIGNATURE—–

After downloading the new key you can verify this statement by downloading the signed file:

wget –no-check-certificate ‘https://docs.google.com/uc?export=download&id=0B13MofcWHLkaTDBqYmtmdGlUeTA&#8217; -O key-trans-statement.txt.asc

Then run the following command:

gpg –verify key-trans-statement.txt.asc

This entry was posted in fedora-planet, Information Security, Linux, Ubuntu and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s