Skip to content

Instantly share code, notes, and snippets.

@ajgarlag

ajgarlag/79DCD2BD-transition-statement.txt.asc

Last active May 31, 2018 09:05
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ajgarlag/b5a286c8dc14663220ad6165696d118a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ajgarlag/b5a286c8dc14663220ad6165696d118a to your computer and use it in GitHub Desktop.
Download ZIP
gpg-key-transition-statements
Raw
79DCD2BD-transition-statement.txt.asc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Thu May 31 10:26:33 CEST 2018
For a number of reasons, I've recently set up a new PGP key
and will be transitioning away from my old one.
The old key will continue to be valid for a short period after
the posting of this message, but future signatures will be
created from the new key. This message is signed by both keys
to certify the transition.
The old key was:
pub dsa1024 2010-02-05 [SC]
9C5C56E7F161591AE6C1EB76394FA7AF79DCD2BD
The new key is:
pub rsa4096 2018-05-29 [SC] [caduca: 2023-05-28]
5EEF7C8B89A7F5EFDD87AB8A5704DAC38ACA70F3
Note that the signing of this message may have been done by a SUBKEY of
that key, which may make the key id listed in the signature not match
the fingerprint listed here. You can verify it by checking the key listed
here for the subkey used in signing this message.
To fetch the new key from a public key server, you can use the following:
gpg --keyserver keys.gnupg.net --recv-key 8ACA70F3
If you already know my old key, you can verify that the new key has been
signed by the old one, so the trail of signatures can still be followed:
gpg --check-sigs 8ACA70F3
If you don't know my old key, or you want to be extra careful, you can
check the fingerprint against the one above:
gpg --fingerprint 8ACA70F3
You can verify the signatures on this message by downloading the plain
text file as linked and running:
gpg --verify [name of downloaded file]
If you are satisfied that you have the right key, that the UIDs match what
you expect, and you are certain of my identity, I would appreciate it if
you would sign my new key:
gpg --sign-key 8ACA70F3
And finally, if you have signed it, to upload the signatures:
gpg --keyserver keys.gnupg.net --send-key 8ACA70F3
Sorry for any inconvenience.
Regards,
Antonio J. García Lagar
-----BEGIN PGP SIGNATURE-----
iF0EAREKAB0WIQScXFbn8WFZGubB63Y5T6evedzSvQUCWw+0mwAKCRA5T6evedzS
vefzAJ44ZJ/A7CzSvQhnG/vb/BR+uAiLwACeKc7nYh49fbeAyDNcvkEk2KO4BeGJ
AjMEAQEKAB0WIQSelAOVRMbMXsEz63fRMdpO+RSKOAUCWw+0mwAKCRDRMdpO+RSK
OBn9D/9Yb+LuCmS3fvtaePK+vOgjvpfyBL/yT5gj8nLPh7lNMCjs/n60GX18waDM
OaTikY+vsYb27sZAUb0ReE2J5BxTwRZX3aMUeGzBMA7AHDDfhqPx6+JApYqBQskM
qk/Gr/euGxHIRLhk0MG68do7VbfYq/bBGko+old9YWoFgmqOhGEpZ+gPmjI6f4Op
nMVyRPRchm2D6e/mO5wf0Tvuxg67FLnzm5XA6SChXCxWYipaUBG9sO6lGap8jlDW
fq2zq1Hrs3SDpyq9Ll0BjWi7gw/4y4gYP2Om8nlF4J0Que1oCQn/u6UY+kWvngYW
6JesurH3y3F7hapak/R/6F21EGLdFo1H+Z1JGyQUHTFTXkNDAfjoR7RIXH4RAmsk
HgRFkyAlccULph1JX4g3KfJ/TDvwhdcDodUcHGzfPS9k0m4456mF7nKhuq8W6da0
VolHtZ90MPAiIKqRDbN9s9LI0c356owLmKSBfaaWfkPfQU2fEBOml8lfVDqK0KA2
0LES/ecoXPLYeU2TrVLO1bLA2a6NmKqIvjcb7BgIiLd5lyIFsurY91lTU5K2iwfd
0EdtuS8QKc+vy+BeN0tl+cBLbwH9IiQ6mKyhWTTfKbwpHn9N8M/evYl+vjAVhjLd
5AWcEL0XtIUPb98lI40PiP1gzmLRjabIwWfYrJNSFt4g00jqFw==
=Ncpu
-----END PGP SIGNATURE-----
Raw
99E8470E-transition-statement.txt.asc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Thu May 31 10:26:33 CEST 2018
For a number of reasons, I've recently set up a new PGP key
and will be transitioning away from my old one.
The old key will continue to be valid for a short period after
the posting of this message, but future signatures will be
created from the new key. This message is signed by both keys
to certify the transition.
The old key was:
pub dsa1024 2010-02-06 [SC]
EF48C9D600C4C772694109667A65D79099E8470E
The new key is:
pub rsa4096 2018-05-29 [SC] [caduca: 2023-05-28]
5EEF7C8B89A7F5EFDD87AB8A5704DAC38ACA70F3
Note that the signing of this message may have been done by a SUBKEY of
that key, which may make the key id listed in the signature not match
the fingerprint listed here. You can verify it by checking the key listed
here for the subkey used in signing this message.
To fetch the new key from a public key server, you can use the following:
gpg --keyserver keys.gnupg.net --recv-key 8ACA70F3
If you already know my old key, you can verify that the new key has been
signed by the old one, so the trail of signatures can still be followed:
gpg --check-sigs 8ACA70F3
If you don't know my old key, or you want to be extra careful, you can
check the fingerprint against the one above:
gpg --fingerprint 8ACA70F3
You can verify the signatures on this message by downloading the plain
text file as linked and running:
gpg --verify [name of downloaded file]
If you are satisfied that you have the right key, that the UIDs match what
you expect, and you are certain of my identity, I would appreciate it if
you would sign my new key:
gpg --sign-key 8ACA70F3
And finally, if you have signed it, to upload the signatures:
gpg --keyserver keys.gnupg.net --send-key 8ACA70F3
Sorry for any inconvenience.
Regards,
Antonio J. García Lagar
-----BEGIN PGP SIGNATURE-----
iF0EAREKAB0WIQTvSMnWAMTHcmlBCWZ6ZdeQmehHDgUCWw+5kwAKCRB6ZdeQmehH
Dn1iAKCb/OwR2fY/hfjJeQs5tcH2NWCq9wCgsKMahHPaMQPsqyyS4U07d2lt8nOJ
AjMEAQEKAB0WIQSelAOVRMbMXsEz63fRMdpO+RSKOAUCWw+5kwAKCRDRMdpO+RSK
OIGYD/9ujYkKHlgfwlXGn97boZGsL9xvrsc/t+Xr0WaCyu++gQER/73AhzcqXoNg
qw093nT52NdiB9DyNsGb+AnLw3KXL22Ov1LpxIaaYU0RS/TWPmKuUwrwnGx1xZtt
iIlwD4dfYgpNecQx7C8GMhWcyMePwPp8+NmMcVFLhxlGhjjomI25dSBncRjsqLZA
Ki8cHMLSkuCPVcpw5w8RRMFQq72dhH0EKe5wWLrBtIemS0mqgl6yceil5Rt/bbV2
ValgcRuDqHa4itZq5Xs2r/VLYbX7OnG/MfZpWcN8ZSiaBryPVWfk98BcHABmGc/l
MaZmrfv2XlzDfH5TZYW+iYxW4Mj3wfNlf4djQLIWcWUZ9cv+ZsvBGiSJKWkEjxav
NPvhY4rLVYQIvCSYqzMPGNBLmgXtd7DWPvatiaTfg+44H8LbiDALHtnKcxi7a7zS
H2ASp4Ep5Q5MTMOxaBNSnNbU2EFRx3gV0D7RoILtHAQPM8hZmWx3gBIUDF9zBluh
sVV71VSI/HP/f6+9fSgJIwREIxUrMXifkb4xq7ujX2GhDYDqyX/wPx+Ds/xp2Iq7
eiRJxSwTVyRaGzedtI4xFPkWlf0o0NL6H17ERHsYSH+jBwIaghMkD7YVvasqE/ws
ZdqMB3cbUoEqHBavL3FHwUDbeu4WypmvyMx+COJ5vvkFEQGBEA==
=eqP7
-----END PGP SIGNATURE-----
Raw
README.md

gpg-key-transition-statements

Transition statements for migrating to new GPG keys from existing ones

What is this?

When migrating to new GPG keys, a chain of trust must be maintained from the old keys to the new ones.

The statements in this repository are signed with both the new and old keys and can be verified as being authentic by downloading them (or cloning the repository) and running:

gpg --verify [statement file]

Both the old and new GPG keys will remain in public keyservers indefinitely, though old keys will be revoked (and publicly displayed as such) shortly after their transitions are completed.

In some cases, the signature from the new keys may use a subkey of the new key, so the key ID shown in the signature may not match the key ID of the parent key. This is okay; you can validate this by looking up the parent key and finding the subkey contained in it.

Key Migrations

Key migration statements this repository contains.

  • 79DCD2BD (superceded 2018-05-31) => 8ACA70F3
  • 99E8470E (superceded 2018-05-31) => 8ACA70F3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment