New GPG key

Posted by Samuel Iglesias on November 20, 2012

Hello lazy web,

For a number of reasons, I have set up a new OpenPGP key, and I will be transitioning away from my old one. I created a new 4096-bits key following Debian's instructions.

At the time of writing GnuPG unfortunately defaults to a 1024 bit DSA key as the primary with SHA1 as the preferred hash. Due to weaknesses found with the SHA1 hashing algorithm Debian prefers to use keys that are at least 2048 bits and preferring SHA2.

The old key will continue to be valid for some time, but i prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust.

The old key was:

pub 1024D/F99DF5E2 2006-01-04
Key fingerprint = DC45 A767 9618 ACA8 FDD1 989A 5AB7 DBC9 F99D F5E2

And the new key is:

pub 4096R/F17DC343 2012-11-16
Key fingerprint = 40FF 9902 F697 5A47 EE29 7884 7FF4 BA32 F17D C343

To fetch my new key from a public key server, you can simply do:

gpg --keyserver --recv-key F17DC343

If you already know my old key, you can now verify that the new key is signed by the old one:

gpg --check-sigs F17DC343 | grep F99DF5E2

And if you don't have my old key then you can check the following link, and see the signatures done with my old key (F99DF5E2):

If you are satisfied that you have got the right key, and the UIDs match what you expect ( gpg --fingerprint F17DC343 ), then I would appreciate it if you would sign my key:

gpg --sign-key F17DC343

Lastly, if you could upload these signatures, I also would appreciate it.

gpg --keyserver --send-key F17DC343

Please let me know if there is any trouble, and sorry for the inconvenience.