Sunday, May 15, 2011

GPG Key Transition

Link to doc signed with both keys using:

gpg -u 0EA23F2B -u 8AE09345 --armor --clearsign transition.txt

ref: OpenPGP DSA-1 key rollover

---

I am transitioning from an older 1024-bit DSA key to a new 4096-bit RSA key.
The old key will continue to be valid for some time, but I prefer all new
correspondance to be encrypted in the new key, and will be making all
signatures going forward with the new key.

This document is signed with both keys to validate the transition.

If you have signed my old key, I would appreciate signatures on my new key as well, provided that your signing policy permits that without reauthenticating me.

The old key, which I am transitioning away from, was:

pub 1024D/0EA23F2B 2009-04-16
Key fingerprint = E1FA ED1F A75C 1DA7 FD9F 14F8 1291 4ABD 0EA2 3F2B

The new key, to which I am transitioning, is:

pub 4096R/8AE09345 2010-09-17
Key fingerprint = 6933 67FF AECD 8EAA CD1F 063B 0171 E182 8AE0 9345

To fetch the full new key from a public key server using GnuPG, run:

gpg --keyserver keys.gnupg.net --recv-keys 8AE09345

If you have already validated my old key, you can then validate that the new
key is signed by my old key:

gpg --check-sigs 8AE09345

pub 0EA23F2B 2010-09-17 Mathieu Malaterre (malat)

Please contact me via e-mail if you have any questions about this
document or this transition.

Mathieu Malaterre
2011-05-15

No comments: