GnuPG key replacement

Since last year, I've been slowly working on introducing a new 4096-bit RSA key (complete overkill, I know) with all the modern hash preferences and so forth so that I can retire my old 1024-bit DSA key. After DebConf in New York City at the beginning of August, I now have enough signatures on the new key to finish this transition.

If you have signed my old key and are willing to sign the new key on the strength of a key transition document, here is key transition document signed with both the old and the new keys. While my new key has a reasonable number of signatures, I'm always happy to get more.

My old key is 0x0AFC7476, and my new key is 0x82004173. You can retrieve the new key (and the old key, for that matter) from any public keyserver or from my web site (new key and old key).

Shortly after posting this, I'll submit the RT ticket to transition my key in the Debian keyring.

The new key has a 2048-bit signing RSA subkey which I may export to a few places other than my primary secure system so that I can do package uploads in some more convenient ways. The new primary key has a three year expiration period (which will be periodically extended), and the signing subkey has a one year expiration period (likewise).

Posted: 2010-09-17 17:13 — Why no comments?

Last spun 2013-07-01 from thread modified 2013-01-04