[dfey-se-discuss] OpenPGP key migration

dfey-se-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dfey-se-discuss] OpenPGP key migration

From:	Sean Whitton
Subject:	[dfey-se-discuss] OpenPGP key migration
Date:	Sat, 26 Sep 2009 18:26:01 +0000
User-agent:	Mutt/1.5.18 (2008-05-17)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256

To whom it may concern,

I am transitioning away from my old OpenPGP key over the next few
months, primarily due to recent weaknesses uncovered in the SHA-1 hash
algorithm that 1024-bit DSA keys are associated with.

My old key had no significant signatures but over the next few months I
intend to attempt to integrate myself somewhat more than I have into the
web of trust. While I won't revoke my old key for a few months, please
use my new one for all communications as it is more secure.

This message is signed with both keys.

My old key was:

pub   1024D/25F4EAB7 2005-09-17
      Key fingerprint = 7C3F 5631 B45A 1C4A 596E  6EEF F8DF DC18 25F4 EAB7

My new key is:

pub   4096R/3B6D411B 2009-09-26
      Key fingerprint = 8DC2 487E 51AB DD90 B5C4  753F 0F56 D055 3B6D 411B

You can add my new key to your keyring like this:

  gpg --keyserver pgp.mit.edu --recv-key 3B6D411B

If you already had a copy of my old key in your keyring, you can confirm
that the new one belongs to me because I signed my new one with my old
one; to verify this just do:

  gpg --check-sigs 3B6D411B

If you didn't have a copy of my old key, you should check that the key
you just downloaded from the keyserver matches the fingerprint above:

  gpg --fingerprint 3B6D411B

Let me know if you have any trouble. If you use an old 1024-bit DSA key
with Elgamal subkey combination, like my old key and like most OpenPGP
keys out there, you should seriously consider switching away yourself as
soon as possible while implementing the weakness in SHA-1 is still
somewhat academic. You can find detailed information on this at [1].

Kind regards,
Sean Whitton

[1] http://www.debian-administration.org/users/dkg/weblog/48

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkq+WVoACgkQ+N/cGCX06reQ/ACgkJaes9mnnYOj8aEtbkZID0yu
NPsAnihuISwUQt/YpLpXoahVBQQXDV2riQIcBAEBCAAGBQJKvllaAAoJEA9W0FU7
bUEbOXMP/Rroltio+94wDnU+Ed7rQWuQfgSTecCGA5y7g+d7fMhAJqHXY//Z9uvd
jd5kL/UB3JDd3XnIIPJKURULOa27D/Sei6zHGAE23rira2bjgTm1axf+k9pMjKDD
bt/pMpTImhKp00VXbhcQCld3/5arvriUhcwNEBF0pVBTcF/+P0KfWcbuulmz5sOb
UhHhvR1SRmwzBRRtUZlDw2AsUPBpJ6/4DJL4n14JMyIAUfpIe57c65N8Ipucl6pK
0czCd6go5BIT5T/ZRFSHk3E7iGov+iPQSawjuP9qzz/R2MJUB360zeyq0SQ9aWeC
CEtyv0lH4xsyI04bdbY3X+zbybBeK2BZcyvJnpc58h9fDb7KWbFwOFWr9XGOCSUK
HVQv201/39EGNFiQJYB1PsVtcNnxMs+W7R9Pi51bp3oNYjH35btGhu07WTwG6Ibh
NIRLeT0MK8KwAFQYmsRKSHvUz+AAnAwUMLrPQaH0gmdAXeCMNM/9M9vT3YkbcewF
sVNlDccREumbpTd5pvWe1mJdhlrV8RyeZc75TB99b533fnUuCSrQ6hgodDpK0v+9
LtIOvAYREV+Hsg/swlC7g6MolWuna98wAvjSz3diXl5tUcJZDgBXyS2Ho1H5rHVA
Cu4KQKsJg9koKNOiW++NqnWa2wt68a9mcXeJ6tx/XLX+/vv1E6KF
=fWKt
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[dfey-se-discuss] OpenPGP key migration, Sean Whitton <=

Prev by Date: Re: [dfey-se-discuss] London, October 2009 Meeting
Next by Date: Re: [dfey-se-discuss] London, October 2009 Meeting
Previous by thread: [dfey-se-discuss] BarCamp London 7 (24th-25th October 2009)
Index(es):
- Date
- Thread