Thursday, January 5, 2017

Public key transition statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

So, I've generated a new GPG keypair. It has a set of subkeys (one per usage),
which, theoretically, should make it all more convenient and secure. Also it
uses currently-recommended algorithms (4096-bit key RSA and SHA512) and was
generated using my new hardware entropy source which was the main reason for
this change. The old key will be expired in a couple months unless I revoke it
as superseded first. There is no reason to believe it was compromised or
anything.

New key's fingerprint is

F819 3F12 6021 6B7D D53B  959F E273 25A3 92D7 0FFB

for copying and pasting: 0xF8193F1260216B7DD53B959FE27325A392D70FFB ),
long key id is 0xE27325A392D70FFB.

Please import my new public key from the keyserver you prefer or using PKA dns
records. You can use this command on most platforms:

    gpg --search-keys 0xE27325A392D70FFB

(Unfortunately, GnuPG or/and keyservers don't really support search by
fingerprint or showing it in the import dialog so make sure to --list-keys
later to verify it).

I'd appreciate if you signed this new key for the web of trust (revokable with
check level 2 sounds appropriate since you didn't verify my government-issued
photo ID prior to signing :) unless you happen to know me personally and can,
for example, call me and verify my voice while I'm reading the fingerprint).

Obviously, verifying signature on this message, old key's signature on the new
one, and checking PKA dns record is highly recommended before performing any
further steps. Feel free to contact me if you have any doubts.

What this all means to you personally? Probably nothing if you have never sent
me any encrypted messages or received signed ones. Otherwise you probably
already know what to do with this information.
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAlhuTdYACgkQ0rP4P63gxstL1AD7BsNMR78Nz4tVp2UroTQps+Oj
8+2baCd2BPX/sYD7ItMA/2KiJJM1dCVgxJOhF/7NjGYwFJ/+G73xUjPexph/elHT
=7VqE
-----END PGP SIGNATURE-----