—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
- —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Sun, 10 May 2009 15:15:15 -0500
Because of the recently announced attack [0] against the SHA-1 digest
algorithm, I finally decided to move away from my old 1024-bit DSA
OpenPGP key, landing to a shiny new 2048-bit RSA one.
[0] http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
The old key will continue to be valid for some time, but I prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust. This message is
signed by both keys to certify the transition.
The old key was:
$ gpg –with-fingerprint –list-keys 57F795E8
pub 1024D/57F795E8 2008-04-25
Key fingerprint = 2CA5 1131 578D 9175 0A54 B0E8 4BB3 6254 57F7 95E8
uid Nathan Handler <nhandler@ubuntu.com>
uid Nathan Handler <mrcheatr@gmail.com>
uid Nathan Handler <nathan.handler@gmail.com>
uid Nathan Handler <nhandler@kubuntu.org>
uid Nathan Handler <nhandler@nubuntu.org>
sub 2048g/B980FFDC 2008-04-25
$
And the new key is:
$ gpg –with-fingerprint –list-keys 3933A7CE
pub 2048R/3933A7CE 2009-05-10
Key fingerprint = F30E EA8C 3446 F59E F0DB 433C 2335 FB3F 3933 A7CE
uid Nathan Handler <nhandler@ubuntu.com>
uid Nathan Handler <mrcheatr@gmail.com>
uid Nathan Handler <nathan.handler@gmail.com>
uid Nathan Handler <nhandler@nubuntu.org>
uid Nathan Handler <nhandler@kubuntu.org>
$
To fetch my new key from a public key server, you can simply do:
gpg –keyserver keyserver.ubuntu.com –recv-keys 3933A7CE
If you already know my old key, you can now verify that the new key is
signed by the old one:
gpg –check-sigs 3933A7CE
If you don’t already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:
gpg –fingerprint 3933A7CE
If you are satisfied that you’ve got the right key, and the UIDs match
what you expect, I’d appreciate it if you would sign my key:
gpg –sign-key 3933A7CE
Lastly, if you could upload these signatures, I would really appreciate
it. You can either send me an e-mail with the new signatures (if you
have a functional MTA on your system):
gpg –armor –export 3933A7CE | mail -s ‘OpenPGP Signatures’ nhandler@ubuntu.com
You could also use caff(1) from http://pgp-tools.alioth.debian.org/
(signing-party package on Debian GNU systems):
caff 3933A7CE
Or you can just upload the signatures to a public keyserver directly:
gpg –keyserver keyserver.ubuntu.com –send-key 3933A7CE
Please let me know where you upload your signatures, if there is any
trouble, and sorry for the inconvenience.
Regards,
Nathan Handler
- —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoG9bYACgkQS7NiVFf3lejcWgCcDZszRcW9tcMklGbUl1B0xVo6
ogIAn2EkN1D1QqVllzz5QmBB/7m6lRrE
=+3uH
- —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBCAAGBQJKBvW+AAoJECM1+z85M6fOLacH/jtCoqlsmlfmtfcUzfcbO+LV
5FGAzD9Kb471xurp/SEEn7R4JOG9n7xsOQCwM9QOwYfnGilKXI2/gv3i5cmXYg4l
ITcdnVagh2AfRVjw5Az+Xee5kQoBqDNMFlmWkybK4aNSA679CWtgzRlF9pj99LwN
7Q0XEgdvDE1ZBwnSUXwgNBoRTopJN/tWqNDC5tKw0eozNV22qbf4kn81rmV2brNj
7xBqtXCNDELnHKFVPHFP2w4ahrlqHaWhFRQ4GeJrwnYg6lyBmHo/CJCBPa2shX+p
HGM9F/684oD1pTBRxylWYwteG75pJiFjShMe//Jj0ZBauenXH8IUZiImbyVdKXU=
=gcIP
—–END PGP SIGNATURE—–
