среда, 4 февраля 2015 г.

GnuPG key transition statement

I am transitioning my GPG key from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time but I prefer all new correspondance to be encrypted with the new key, and will be making all signatures going forward with the new key.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I am transitioning my GPG key from an old 1024-bit DSA key to a new
4096-bit RSA key. The old key will continue to be valid for some time
but I prefer all new correspondance to be encrypted with the new key,
and will be making all signatures going forward with the new key.

This transition document is signed with both keys to validate the
transition.

If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.

The old key, which I am transitional away from, is:

  pub   1024D/2EE7EF82 2008-08-21
      Key fingerprint = ACBE C1C1 FC07 5E80 359A  7CC2 FE27 2604 2EE7 EF82

The new key, to which I am transitioning, is:

  pub   4096R/373FD74C 2015-02-04
      Key fingerprint = 5157 8DEB 9835 A355 118E  F244 3858 64F9 373F D74C

To fetch the full new key from a public key server using GnuPG, run:

  gpg --keyserver pgp.mit.edu --recv-key 373FD74C

If you have already validated my old key, you can then validate that
the new key is signed by my old key:

  gpg --check-sigs 373FD74C

If you then want to sign my new key, a simple and safe way to do that
is by using caff (shipped in Debian as part of the "signing-party"
package) as follows:

  caff 373FD74C

Please contact me via e-mail at  if you have any
questions about this document or this transition.

    Andrey Tataranovich
    tataranovich@gmail.com
    2015-02-04
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJU0h08AAoJEDhYZPk3P9dMAgsP/R+dD6XPI3TvolVUgWJUkI/W
VM7xc7bfDOUfwq3ZqFFsol9q9TuSVlDkSaWXc487hHN7K8cpN8AOvV8uE0ySiDKf
Oai562LCetORGs/NI+iQKvbVYsoCMfNrNezQ0TrCQ8FCUX13tRL7SthQMBisRo4U
RLoJTS1C+MgkCLD9nnxlZC6VOL6YIaXJ+e1RkmcMamdz2qjizms7oCJDdfNgi+O+
y0QH31Mz/sieXt+UTBkbhU8x9hYWwB1ZRcJXL4LTm7nW+77IQBCiNPQdThYV0ZQi
7kXrMlHo242se8EHZQ7F5bwermJSdC/vT/OG2B7/FV4dxl1U5ld6OdIu3XplLR38
PgiUNaeb9+3Exb4GVi+nBYl9bI2yqqAth0bJhle22PwEQXKMpsZhs85cl0XzM3NR
8k0EYG9rBWlR/93Bt+IC+9H0XfdJwxk8wBlxdAtoZCyGoApzoc6j+tC91UunEENa
IadIQD7MCJavs/jClHTDZd8HOoWcLgaKZjLskZGzccsSmxbWxX/UQB4aMEopXUZv
q6vL94Ef4d99H/rmTmJWzv+a4D+JyMfOtAjDtoilOamO6R2cg5FJeuvmB5oOCMKg
AuLcbJ9QxSYUEcXIN+7nthkLYH6/M2d0CIj/JP2tBg1bVzAQWoMCDFAN7D5CrT2j
rt4jMdBGZCXfyOvmudUBiQEcBAEBCgAGBQJU0h08AAoJEOFsRrMdttrPAgsIAKli
iTL4arThwb6L/GPte75FKtzWEl1SbSfhEmvCTQo5TmkinJ79fcfPpVh2mPuWr2gM
1ap2hYIlPmYRo67aGPKI5ILX8SzaFRInEU1NZjTst3+F2mqiHznfiacU9JuGbL7A
8D/oYTyOXVhBI0ycpj/B+3YewUqwJcblEVOMf3zPop0vTt/Fq2lftFG/dLo8bMsN
REiKXiALhJxflbvwiI3B2n4tl97jH6YXLsnRstRH3AxmwqKPNn98jJNEnrVTBnes
01rL/adPxTAv60AjMOdbb2I+LVfZilUJ3DTAaT0ocz6sLlteO0ikdaU8dGuvGwzQ
ns9/i5oaZuAkVa4bkA0=
=iQ6g
-----END PGP SIGNATURE-----

For easier access, I have also published it in text format. You can check it with:

$ wget -q -O- http://www.tataranovich.com/public/key-transition-2015.txt | gpg --verify
gpg: Signature made Wed 04 Feb 2015 04:23:08 PM MSK using RSA key ID 373FD74C
gpg: Good signature from "Andrey Tataranovich <tataranovich@gmail.com>"
gpg:                 aka "Andrey Tataranovich <andrey@tataranovich.com>"
gpg:                 aka "Andrey Tataranovich <andrey.tataranovich@amasty.com>"
gpg: Signature made Wed 04 Feb 2015 04:23:08 PM MSK using RSA key ID 1DB6DACF
gpg: Good signature from "Andrey Tataranovich <tataranovich@gmail.com>"
gpg:                 aka "Andrey Tataranovich <andrey@tataranovich.com>"
gpg:                 aka "Andrey Tataranovich <andrey.tataranovich@amasty.com>"

Комментариев нет:

Отправить комментарий