websites/dennogumi.org-archive
Archived
1
0
Fork 0
Code Releases Activity
This repository has been archived on 2021-01-06. You can view files and clone it, but cannot push or open issues or pull requests.
dennogumi.org-archive/_posts/2015-06-07-gpg-transition-statement.markdown

105 lines
No EOL
3.5 KiB
Markdown
Raw Permalink Blame History

---
categories:
- General
- Linux
comments: true
date: 2015-06-07 14:39:58+0200
layout: page
tags:
- gpg
- key
- blog
title: GPG transition statement
---
(Inspired by <http://viccuad.me/blog/GPG-transition-statement/>)
This exact same text can be found at [this location](https://www.dennogumi.org/transition-statement-2015-06-15.txt).
````
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Sun Jun 7 14:12:39 CEST 2015
For a number of reasons, i've recently set up a new OpenPGP key, and
will be transitioning away from my old one.
The old key will continue to be valid for some time, but i prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust. This message is
signed by both keys to certify the transition.
the old key was:
pub rsa4096/6E1A4E79 2009-05-11
Key fingerprint = CBD6 EEE3 7132 027A A237 9659 013F A50B 6E1A 4E79
And the new key is:
pub rsa4096/A29D259B 2015-06-05 [expires: 2016-06-04]
Key fingerprint = DBC1 07DC 8601 B275 835F 9178 FBE5 5AED A29D 259B
To fetch the full key (including a photo uid, which is commonly
stripped by public keyservers), you can get it with:
wget -q -O- https://www.dennogumi.org/A29D259B.txt | gpg --import -
Or, to fetch my new key from a public key server, you can simply do:
gpg --keyserver pgp.mit.edu --recv-key A29D259B
If you already know my old key, you can now verify that the new key is
signed by the old one:
gpg --check-sigs A29D259B
If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:
gpg --fingerprint A29D259B
If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key:
gpg --sign-key A29D259B
Lastly, if you could upload these signatures, i would appreciate it.
You can either send me an e-mail with the new signatures (if you have
a functional MTA on your system):
gpg --armor --export A29D259B | mail -s 'OpenPGP Signatures' lbeltrame at kde.org
Or you can just upload the signatures to a public keyserver directly:
gpg --keyserver pgp.mit.edu --send-key A29D259B
Please let me know if there is any trouble, and sorry for the
inconvenience.
Regards,
Luca Beltrame
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJVdDmaAAoJEAE/pQtuGk55uKoP/1orTlEgSNC7HCIJECkkBxqR
F64VMegugEFIe2nUyTf13wjtMDXluCy6hpY7+3iaOAHfMFBCOlPe0INrUTiuqwir
GnP/PQyzXU41yDqd7ytvNKqV8UkkW6NBcL7vCx810zSbnxpSV5L1N8dDy3GG5ZkE
iUm5AH+JJHzZGA7Cn90aA5VcemGCTu5buoJTu2rWWU4ahm3WMHnpuUsYP2mCNnU3
EOc94jlayqiLUTsnjTbpiPbJ7mcxBoufhjg1RHI5uK9BU5db8aUI619nGlTdvHHE
pZ4rXYWJqAhjeuDPmAk8poIeITi8qdiY5W5UibajhV2OchAuyOBGYv/Cddx36Xnk
rUyxlupZsWXriqo79+DgXsVjTgzBjCpkz+QVnBlq3rboXpgpCh6mZWoECGPBj8dN
E0uqsO5CmDxwYv1Yv3EpTvn2rf00pKEAUTq6cfEZAZ7ZhZih7XQdB4qlve4GD8M0
42wQUpFiyRiV0WrXEjN/EyrI0CiY9Rt/wNj+JLKC7NhELyC0q4oRzjvYCJdZHMhH
ydM8YiyWVOLUX5b3Y5xqlmRwPQydmjrGv2NAI7y4z0k1yc9pn/K4m5z2sxTunmQk
jaYxQ5DkQMpoSxaIYxmAYC5vjAa7U5nlg43sfiaQHa2RCUu+THTwFJaBOd0qYR7P
I++SIct+OFU9lnwQkjgyiQEcBAEBCgAGBQJVdDmcAAoJEEDIKBSTsBwWBw4H/RBP
40aLWMqRX3imEIg3jCBmtj9fsPn3OM+D8drF1v5vq2cQHGZcwqLnnaxP9KrZA06A
5/o0ofuqY5dg4jukPWjvqx6hsUlUbEpcJVV9eg0XIlmluaUPc6eVopLJOL0bhYi8
2zk4GLZiiGt7asoJ/rjhQg0BR4aajNALw1wF1pk4oQlm68M5PfjDu9voEd6vg6nv
tILBnEGzJjgiOnXHzHcld7+MG1Kut9EmFNTNNgDasLw7HenGTHt9G/rJq5mSwPZY
0Btd7yJ/cbBlCmyC3OIViN2bd+gCeF5HYtVNyMomMaM/0yunqi9ioMxWFaGrmY1d
JJF3TtQUDXrgOoXUlD0=
=4Yho
-----END PGP SIGNATURE-----
````
View git blame Copy permalink