nblock's ~

GnuPG key transition statement

written on Saturday, February 17, 2018

I am transitioning GPG keys from my old 4096-bit RSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time, but I prefer all new correspondance to be encrypted in the new key, and will be making all signatures going forward with the new key.

Here is my transition statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I am transitioning GPG keys from my old 4096-bit RSA key to a new
4096-bit RSA key. The old key will continue to be valid for some time,
but I prefer all new correspondance to be encrypted in the new key,
and will be making all signatures going forward with the new key.

This transition document is signed with both keys to validate the
transition.

If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.

The old key, which I am transitional away from, is:

  pub   rsa4096 2013-02-23 [SC] [expires: 2018-02-22]
      Key fingerprint = 89C9 5CF0 871D 6EC1 0A3F  ECD9 741E 93C2 2741 5CF9

The new key, to which I am transitioning, is:

  pub   rsa4096 2018-02-17 [SC] [expires: 2021-02-16]
      Key fingerprint = 65D0 A6E4 6387 883E C3B5  E78C D67A 997E FEA3 D7C1

To fetch the full new key from a public key server using GnuPG, run:

  gpg --recv-keys D67A997EFEA3D7C1

If you have already validated my old key, you can then validate that
the new key is signed by my old key:

  gpg --check-sigs D67A997EFEA3D7C1

If you then want to sign my new key, a simple and safe way to do that
is by using caff (shipped in Debian as part of the "signing-party"
package) as follows:

  caff D67A997EFEA3D7C1

Find contact details at https://nblock.org/about if you have any
questions about this document or this transition.

  Florian Preinstorfer
  17-02-2018
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEy0qC0zkB+ER+IRLzPkJ06FLyrlMFAlqINJUACgkQPkJ06FLy
rlOwZg//QH4s6rRhcHbLx0ASr+LuqbJcqLGuZZxC/TcX0RTBVK/6EOzxcw/HFYpU
P0Hb65GYeVWHAnPMqp8t+lL6dhgCjE4AtddlXX+6T0Pusuh5SPJ23ztymq7DQwF+
giC1eRYWF0tpBbEpUuTqgFAkeMi3wRJsDCuh2z542rgv3EcjeS7u/j0RsBKRFLbB
FRC+YbIWEjLURUVzpYYqlEOq/3Q5x0p+JF3oyUG4Uz8hfToM0CxzS22GUgoBUqfg
1rob57ovt8kK+bp1IdWz/3T4GS2xWvQZljSQ4xWHySqCW4Yspej/L3cFToacdVM/
kMWOh25kpZrE1GQP2LVUK7YsbAa9jvjtBg2KSQw7nopor8RD1WuW3ztW71NVEkBB
Qd3EW0bIBur7CeWxg8m6lJfUY67Dymx/fHXiaLH6wJ1eVP0JzlUpWqhFhqTfWSQG
e77MXwR5oAbKUghYzB+gNO6g3xOVTlTV1THpRuD/fI6acKdxKcOioFJg6IOP6X13
sj7QPG0Ze5xBAdGoYmNzRSEdgbgT61Mk/gu2cKXJ4050xpBQw2FhFHGLi+SwHvuv
w9nE+V9l8hJHufcn2YUpPSUJcneTET0JtLLpUTxjG+GjVCByBdM98MDr7nyb7NQc
6Sz9fF9nUunwvZZbPjI8skvCnNfOYLui9j2mhCLumqSbnkqMlQqJAjMEAQEKAB0W
IQSjDdzD+eoe0FJE12Ih7BDxHIXZfAUCWog0lQAKCRAh7BDxHIXZfFtHD/0chSc8
x2tHHHC/EnAgc52vAEi85ZPkX6TYiDTT/rEO1U5EB45CDf1MZ5wMngqAI/3b0TeW
JMuESwcbCu4CmLkPJhznnJgFzZ9pdnautzYoqwwTujX/Y4YvQzb8HoJmARK1A/JF
+JtE0mpuWQen3tJC5hyRgd798+lXqFbNSnsFJn/1UCuBBPKhVpJERyWukQuXWASe
SW61n4xWQoxIGTzI/AWm2KE/pe8O7m/eyj10I5HQj2r0eMkWuqHjdHf8+X+GcRoo
P3RmO7bhwPNbyx6yGeegykWavw+xQxSUKHlLfUzRY2cz4t5Oj9zKwHflEkeZeQYJ
VPNZWdtvEc3PmLzbOUtEJmT905I6mWgCyX1ES3AT+aYG1TWHYEss0v8olc6zqcqX
v4yrjlJ4DjbZ7dcmEKAeSvi4M7l3lEZTw9Z3YENFsjzUpQxW0Gb6V24c3Sy6zBgE
Ffo4ltPQp4Wg0+PdrYKAsaWNNgPhKzm69m24AI+jHIgZDIF546ySNc5SxaDfp7Xy
AjgfvjhQI33uWq9yLea/RN9g0C4OBttuUJbAuKOcCykOIVfuvYkCTOnDzn2MFJPr
lSq2oOexypJgUPFR6RRNvdP0WB/hJjPD5kY+X/A35kl/+/JV/dabUfzwnAaVcvEt
OpjKeOTPQaYNItLd8OPR8BBr7/QvWDgbuu1mwg==
=Zctm
-----END PGP SIGNATURE-----

You can also download the above statement from here. Use the following commands to verify the integrity of the transition statement:

$ gpg --recv-keys D67A997EFEA3D7C1
$ curl https://nblock.org/static/files/gpg-transition-statement-D67A997EFEA3D7C1.txt.asc | gpg --verify

permalink

tagged gnupg and security