ben.reser.org
rants

january

october
01.27.2011
january 2005

current

 

photos
links
projects
vitals

Transitioning OpenPGP keys. 01.27.2011

Given the issues with SHA1, I've generated a new OpenPGP key, and will be transitioning away from my old one.

The old key will continue to be valid for some time, but I prefer that all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. You can a copy of this message signed by both keys at http://ben.reser.org/key-transition.txt.asc.

The old key was:

pub   1024D/641E358B 2001-04-12
      Key fingerprint = 42F5 91FD E577 F545 FB40  8F6B 7241 856B 641E 358B

And the new key is:

pub   4096R/16A0DE01 2011-01-28
      Key fingerprint = 19BB CAEF 7B19 B280 A0E2  175E 62D4 8FAD 16A0 DE01

To fetch the full key, you can get it with:

  curl http://ben.reser.org/benreser.asc | gpg --import -

Or, to fetch my new key from a public key server, you can simply do:

  gpg --keyserver hkp://keys.gnupg.net --recv-key 16A0DE01

If you already know my old key, you can now verify that the new key is signed by the old one:

  gpg --check-sigs 16A0DE01 

If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:

  gpg --fingerprint 16A0DE01 

If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key:

  gpg --sign-key 16A0DE01 

Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system):

  gpg --armor --export 16A0DE01 | mail -s 'OpenPGP Signatures' ben@reser.org