GPG Key Transition

by Ross Patterson — last modified Aug 03, 2009 09:06 PM

I'm now using a new and more secure OpenPGP key

For a number of reasons, i've recently set up a new OpenPGP key, and will be transitioning away from my old one.

The old key will continue to be valid for some time, but i prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is also available signed by both keys to certify the transition.

the old key was:

pub   1024D/DA3C0A60 2007-10-03
      Key fingerprint = 5A41 9205 15DA 73C7 9D04  9EAF 79E1 C766 DA3C 0A60

And the new key is:

pub   4096R/983EA5AB 2009-08-02
      Key fingerprint = A815 9EE0 8317 DE08 8FE8  4EA1 FC5B 12B8 983E A5AB

To fetch the full key, you can get it with:

wget -q -O- http://rpatterson.net/rpatterson.gpg | gpg --import -

Or, to fetch my new key from a public key server, you can simply do:

gpg --keyserver subkeys.pgp.net --recv-key 983EA5AB

If you already know my old key, you can now verify that the new key is signed by the old one:

gpg --check-sigs 983EA5AB

If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:

gpg --fingerprint 983EA5AB

If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key:

gpg --sign-key 983EA5AB

Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system):

gpg --armor --export 983EA5AB | mail -s 'OpenPGP Signatures' rpatterson@rpatterson.net

Or you can just upload the signatures to a public keyserver directly:

gpg --keyserver subkeys.pgp.net --send-key 983EA5AB

Please let me know if there is any trouble, and sorry for the inconvenience.

Thanks!