I have created a new OpenPGP key 54265e8c and will be transitioning away from my old key. If you have signed my old key, I would appreciate signatures on my new key as well. I have created a transition statement that can be downloaded from https://josefsson.org/key-transition-2014-06-22.txt.
Below is the signed statement.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 OpenPGP Key Transition Statement for Simon Josefsson I have created a new OpenPGP key and will be transitioning away from my old key. The old key has not been compromised and will continue to be valid for some time, but I prefer all future correspondence to be encrypted to the new key, and will be making signatures with the new key going forward. I would like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. My new and old keys are signed by each other. If you have signed my old key, I would appreciate signatures on my new key as well, provided that your signing policy permits that without re-authenticating me. The old key, which I am transitioning away from, is: pub 1280R/B565716F 2002-05-05 Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F The new key, to which I am transitioning, is: pub 3744R/54265E8C 2014-06-22 Key fingerprint = 9AA9 BDB1 1BB1 B99A 2128 5A33 0664 A769 5426 5E8C The entire key may be downloaded from: https://josefsson.org/54265e8c.txt To fetch the full new key from a public key server using GnuPG, run: gpg --keyserver keys.gnupg.net --recv-key 54265e8c If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs 54265e8c If you are satisfied that you've got the right key, and the User IDs match what you expect, I would appreciate it if you would sign my key: gpg --sign-key 54265e8c You can upload your signatures to a public keyserver directly: gpg --keyserver keys.gnupg.net --send-key 54265e8c Or email simon@josefsson.org (possibly encrypted) the output from: gpg --armor --export 54265e8c If you'd like any further verification or have any questions about the transition please contact me directly. To verify the integrity of this statement: wget -q -O- https://josefsson.org/key-transition-2014-06-22.txt|gpg --verify /Simon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iLwEAQEKAAYFAlOnV+AACgkQ7aIelLVlcW89XgUAljJgYfReyR9/bU+Om6UHUttt CAOgSRqdcQSQ2hT69vzuhb/bc8CslIQcBtGqTgxDFsxEFhbm5zKn+tSzy5MHNHqt MsqHcZjlYuYVhMXDhka+cfyhtd9zIxjVE5vk8v+GqEGoh8DGYq0vPy3VfvcSz5Z3 MSUpSj8gN00jlU1z4nad3maEq0ApvsLr8EsLZmtxF5TNFvzJ8mmwY+gHBGHjVYkB 8AQBAQoABgUCU6dX4AAKCRAGZKdpVCZejD1eDp46XGL2puMp0le2OF75WIUW8xqf TMiZeB99ruk3P/jvuLnGPP2J5o7SIKE50FkMEss0yvxi6jBlHk+cJeKWGXVjBpxU 0QHq063NU+kjbMYwDfi5ZxXqaKeYODJm8Xmfh3d7lRaWF5rUOosR8nC/OROSrhg4 TjlAbvbxpQsls/JPbbporK2gbAtMlzJPD8zC8z/dT+t0qjlce8fADugblVW3bACC Kl53X4XpojzNd/U19tSXkIBdNY/GVJqci+iruiJ1WGARF9ocnIXVuNXsfyt7UGq4 UiM/AeDVzI76v1QnE8WpsmSXzi2zXe3VahUPhOU2nPDoL53ggiVsTY3TwilvQLfX Av/74PIaEtCi1g23YeojQlpdYzcWfnE+tUyTSNwPIBzyzHvFAHNg1Pg0KKUALsD9 P7EjrMuz63z2276EBKX8++9GnQQNCNfdHSuX4WGrBx2YgmOOqRdllMKz6pVMZdJO V+gXbCMx0D5G7v50oB58Mb5NOgIoOnh3IQhJ7LkLwmcdG39yCdpU+92XbAW73elV kmM8i0wsj5kDUU2ys32Gj2HnsVpbnh3Fvm9fjFJRbbQL/FxNAjzNcHe4cF3g8hTb YVJJlzhmHGvd7HvXysJJaa0= =ZaqY -----END PGP SIGNATURE-----
Pingback: The Case for Short OpenPGP Key Validity Periods | Simon Josefsson's blog
Pingback: New GPG key | Espen Andersen's site