« zurück
28.
January 2017
16:24

GnuPG Key Transition Statement

Zum Anfang des Jahres habe ich mir einen neuen GPG-Schlüssel erstellt um meinen alten DSA/ElGamal-Schlüssel zu ersetzen. Der neue Schlüssel nutzt einen separaten Unterschlüssel für die Signaturen; der primäre Schlüssel wird nur zum Zertifizieren der Unterschlüssel verwendet.

Hier ein kurzes Transition Statement, welches mit beiden Schlüsseln signiert ist.

The transition statement can also be downloaded as a text file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=== GnuPG Key Transition Statement ===


I am transitioning away from my old 2048-bit DSA/ElGamal key to a new 4096-bit
RSA key with a separate signing subkey. The secret part of the primary key
will be used only on a safe machine without Internet access.

The old key has not been compromised and will continue to be valid for some
time, but I prefer all new correspondance to be encrypted in the new key, and
will be making signatures with the new key going forward.

This transition statement is signed with both keys to validate the transition.

If you have signed my old key, I would appreciate signatures on my new key as
well, provided that your signing policy permits that without reauthenticating
me.

The old key, which I am transitioning away from, is:

  pub   dsa2048/0x27535553D7E43E91 2013-01-17
        Key fingerprint = 077F 9648 000A 9620 1E5A  2BD0 2753 5553 D7E4 3E91

The new key, to which I am transitioning, is:

  pub   rsa4096/0xA7CA30CCC5860DC9 2017-01-01
        Key fingerprint = E152 DD6D 91ED CE95 25CF  9AB8 A7CA 30CC C586 0DC9

To fetch the full new key from a public key server using GnuPG, run:

  $ gpg --recv-key 0xA7CA30CCC5860DC9

If you already know my old key, you can now verify that the new key is signed
by the old one:

  $ gpg --check-sigs 0xA7CA30CCC5860DC9

If you are satisfied that you have got the right key, I would appreciate if
you could sign my key:

  $ gpg --sign-key 0xA7CA30CCC5860DC9

You can upload your signatures directly to a public keyserver (preferred):

  $ gpg --send-keys 0xA7CA30CCC5860DC9

or export the key and send the output via mail to my primary UID:

  $ gpg --armor --export 0xA7CA30CCC5860DC9

If you have any questions with respect to the transition, please send me a
mail to my primary UID.

  -- Sven Karsten Greiner, 2017-01-28

-----BEGIN PGP SIGNATURE-----

iHUEAREKAB0WIQQHf5ZIAAqWIB5aK9AnU1VT1+Q+kQUCWIy3ogAKCRAnU1VT1+Q+
kXX4AP95uTQgsp3ZLf58YQn9dYqAjPIYij8ZLbtaU7VNyo0H9wD/QRerFu2Qoq2G
ZvqSsmBzFKmlze5lFsrYUDwd5DbMzN+JAjMEAQEKAB0WIQRt40ePsq2fJvHX1ntv
o+l2Qp3UXAUCWIy3ogAKCRBvo+l2Qp3UXCtjEACspoTrTfqrl1Tt5DqLH/es8NZQ
ehuOKyozvNFCyMFae9xGDFocOofIj9uvIRN4s1mkxzOmi/c8Z9RiPdIXKVFjRc6Z
x+G+7RTdo73BZ2iOe10CxjKTaPkKT1r32LpKTE7AQ/JnAVQC1Ty5jKtjH89AkHux
wZ8xqLLH3lbjAmJWTJzbER8oETQ20wIvGKWmcNaq30S7p2+tPN05bSmlTVvxMx3z
p4qVMhZcnpMJICjhqQeb2t9GUElk6KX/tFqXwsHr7qbTCUdC1uOZYFt8pZ/cO3cm
sF9Ni8oDCrks1yhTN1B+QA/EBnmmnIZc0ppX1rx4AkwrWJfXjLI508O0iwWvok+a
9peALu1MZAi+mjAHwp8XhNN/vrR1xlUCdzNswOOIHTkkf4vTzCayMM3G/qkcS6LP
X9mjitquDlAstiL+syEGOMzHsEMjApm9JiXNmDtkKmihaUlSyB7ppO6upPiWVi7s
vVievN0dkwctm/TIp9PzgzwahgukdUKa4SflY8bVeUHzih1E6mOW8x99owWF1jsD
ESzJPEHoVyImpqNVH8Hs/IHVhpf4eidaAEbD1zOKqnNhjE024uiq1E9qhww2LZlN
Kw25SfB3fFBoSvrCizEs05ex2XHCe9a5W84606PZUIMkXyWeqmG/Op2miM0hk3qW
B6yRlc8sCOXraBeILA==
=QlXW
-----END PGP SIGNATURE-----

Kommentare

Powered by BetaBlog
Login | RSS Beiträge RSS Kommentare Impressum