Planet Ubuntu-be.org http://ubuntu-be.org/nl/planet/rss Planet Feeds nl New GPG Key http://serge.vanginderachter.be/2014/new-gpg-key/?utm_source=rss&utm_medium=rss&utm_campaign=rss <p><code>-----BEGIN PGP SIGNED MESSAGE-----<br /> Hash: SHA1,SHA512</p> <p>Date: 22 JUNE 2014</p> <p>For a number of reasons[0], I've recently set up a new OpenPGP key,<br /> and will be transitioning away from my old one.</p> <p>The old key will continue to be valid for some time, but i prefer all<br /> future correspondence to come to the new one. I would also like this<br /> new key to be re-integrated into the web of trust. This message is<br /> signed by both keys to certify the transition.</p> <p>the old key was:</p> <p>sec 1024D/0x8CC387DA097F5468 2004-07-14<br /> Key fingerprint = 0FAC 6A6C D9D5 134C C87E 4FF3 8CC3 87DA 097F 5468</p> <p>And the new key is:</p> <p>sec 4096R/0xD08FC082B8E46E8E 2014-06-22 [expires: 2019-06-21]<br /> Key fingerprint = F744 94B0 7042 6B14 BB90 D283 D08F C082 B8E4 6E8E</p> <p>To fetch the full key from a public key server, you can simply do:</p> <p> gpg --keyserver keys.riseup.net --recv-key</p> <p>If you already know my old key, you can now verify that the new key is<br /> signed by the old one:</p> <p> gpg --check-sigs 0xD08FC082B8E46E8E</p> <p>If you don't already know my old key, or you just want to be double<br /> extra paranoid, you can check the fingerprint against the one above:</p> <p> gpg --fingerprint 0xD08FC082B8E46E8E</p> <p>If you are satisfied that you've got the right key, and the UIDs match<br /> what you expect, I'd appreciate it if you would sign my key. You can<br /> do that by issuing the following command:</p> <p>**<br /> NOTE: if you have previously signed my key but did a local-only<br /> signature (lsign), you will not want to issue the following, instead<br /> you will want to use --lsign-key, and not send the signatures to the<br /> keyserver<br /> **</p> <p> gpg --sign-key 0xD08FC082B8E46E8E</p> <p>I'd like to receive your signatures on my key. You can either send me<br /> an e-mail with the new signatures (if you have a functional MTA on<br /> your system):</p> <p> gpg --export 0xD08FC082B8E46E8E | gpg --encrypt -r '$your_fingerprint' --armor | mail -s 'OpenPGP Signatures' serge@vanginderachter.be</p> <p>Additionally, I highly recommend that you implement a mechanism to keep your key<br /> material up-to-date so that you obtain the latest revocations, and other updates<br /> in a timely manner. You can do regular key updates by using parcimonie to<br /> refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring<br /> from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits<br /> for each key. The purpose is to make it hard for an attacker to correlate the<br /> key updates with your keyring.</p> <p>I also highly recommend checking out the excellent Riseup GPG best<br /> practices doc, from which I stole most of the text for this transition<br /> message ;-)</p> <p>https://we.riseup.net/debian/openpgp-best-practices</p> <p>Please let me know if you have any questions, or problems, and sorry<br /> for the inconvenience.</p> <p>If you have a keybase account and if you are into it, you can also check my<br /> keybase page[1].</p> <p>Serge van Ginderachter <serge@vanginderachter.be></p> <p>0. https://www.debian-administration.org/users/dkg/weblog/48<br /> 1. https://keybase.io/svg</p> <p>-----BEGIN PGP SIGNATURE-----<br /> Version: GnuPG v1</p> <p>iKYEARECAGYFAlOm06hfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl<br /> bnBncC5maWZ0aGhvcnNlbWFuLm5ldDBGQUM2QTZDRDlENTEzNENDODdFNEZGMzhD<br /> QzM4N0RBMDk3RjU0NjgACgkQjMOH2gl/VGh5QgCdE2dKZly+MECXFfH0WCje9Rpo<br /> /HoAoL+6jQ15wWq0FMrisRx24dX5OtOeiQJ8BAEBCgBmBQJTptOoXxSAAAAAAC4A<br /> KGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRG<br /> NzQ0OTRCMDcwNDI2QjE0QkI5MEQyODNEMDhGQzA4MkI4RTQ2RThFAAoJENCPwIK4<br /> 5G6OnB0P/jw77jLrcLlP6GUXTrfui1Pbrk/W6hysplKHPzh53OoVJB0Bq6NARlOz<br /> yptDwRW2LivFNz2M9FxObij+2CDGQ/FoOWdWlKatg9bvqhkQwglpMFNyGDQ/EOxV<br /> a2ObFOySsGU2hXnYvVSUUCc1SMt5M3RKw3264ZsxqIda8o2lqF7ZO9qDijY7peHy<br /> Ll0aPPxlFiqUjN0Q5P4PzoQcWbHDFLDO1Mm+P52gyod/Rh0PrWKOk2kwMEHFBwUd<br /> tgi2jT+W4wv7yAOdvrIwiRpdqAM4be9MPDmXDjYrEHsJrKwqkXfDRRV53ZRFo8f3<br /> bKXSnAV0i2svIEOscNWHhNrpmk5iqzyvr5CeJse7nEjXAP7HntTxPFIvWs2c3dvt<br /> HItslcDcU2ZIrCh3rIi+fv7pcjX6JE/A0CzZkTo294wnGexoIRiRcC7wojS5e3PV<br /> v83NZPRBz7tpPVQaMP74UiXvQpTm2GEiIXYtFkyZFEtyxwfEOY8L50QpMAJ0HXPm<br /> 7xH+XIaCcBljgeVoP0VlUecGW6aJubTryNTUimIBUnL7ItWjNLl7uJtDlGdjsOZV<br /> QVgpQ6G3Tx8lDp+qo4SD4YI8zoWK59Ef9MUCSJn3ngWI0dG5jElONqOOY/W1zcyA<br /> ce2wJs8ua79HJV/GXiadtlSCJpG8XfanyvhrvePSCp9O/5mZLnWs<br /> =evlZ<br /> -----END PGP SIGNATURE-----</code></p> Serge van Ginderachter Sun, 22 Jun 2014 15:07:47 +0200