GPG Key Transition 2022
Doing end-of-the-year security housekeeping and figured it was time to generate a new GPG key with modern defaults. After looking into the model of a main key stored offline (like in a firesafe) and only using subkeys locally, I decided it wasn’t worth the effort. The reality is I almost only use these for signing GitHub commits. 🤷
The cypherpunk fever dreams of key signing parties and a robust web of trust feel pretty far away. Even Keybase is no longer mentioned. We’ll continue to solve this in different ways.
At any rate, my transition statement is linked here and included below.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Sat, 31 Dec 2022 17:00:00 -0800
After 8½ years, I am transitioning to a new GPG key to take advantage of
modern defaults. The old key will continue to be valid for 1 year.
Starting today, new signatures will be made with the new key.
This transition document is signed with both keys to validate the
transition.
The old key:
pub rsa4096/19A1D1424FE98E13 2014-07-03 [SC] [expires: 2023-12-31]
Key fingerprint = 5D80 FC62 9CEF 8FAE 737C DDED 19A1 D142 4FE9 8E13
The new key:
pub ed25519/5260A4FA4A4CB7A5 2022-12-31 [SC]
Key fingerprint = AE49 4547 B3E1 F9B6 6291 69E0 5260 A4FA 4A4C B7A5
To fetch my new key from a public key server:
gpg --keyserver keyserver.ubuntu.com --recv-key 5260A4FA4A4CB7A5
If you've already validated my old key, you can validate the new key is
signed by my old key:
gpg --check-sigs 5260A4FA4A4CB7A5
If you are satisfied you've got the right key, I'd appreciate your
signature and upload:
gpg --sign-key 5260A4FA4A4CB7A5
gpg --keyserver keyserver.ubuntu.com --send-key 5260A4FA4A4CB7A5
- - -- jeremy avnet .:. @brainsik
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXYD8Ypzvj65zfN3tGaHRQk/pjhMFAmOw6jEACgkQGaHRQk/p
jhME8xAAkgL0/7Gis/eSJMV/oORc80V16t26CDlrmZ++HRAa5gk5On/aEhKzpNMO
st9h1fpnDQAmTzT8PiMz3Tdkk9m4Xh3XBkeeyXPKzAgfm0U6dJH2xJooEb9KtXf5
m4oShVntYCVtRQZlmS5KN35cPxEikFbfz8ok1B+/j77Awgo3uXbbKD7WdUnVSSUE
dmA0x/pQcQPS9Eg7TzT+gNCsui9zU6riMvtVp5I4DWvVg/fP322nG7Y0O/SMWcuU
ndFyxEc1jzrXkhOO5Hv+bO5wefU7K6ct8JcBvvzY5/7GvRJwx/GQCl7n0PQS4kCJ
AS40BmZ2lhQGP4O7gOqYmn0krrskXZVSf0tKzgn2KvKyoMtijf6HbEZw1lq5kxuH
ubnQH7IoBaIZpkcJRdq9u77jD9AKwVdCz/TUL4MGR9B/OYlGDBwEJ9LxPSGLBATv
t+OKOUfg/apNDn8lFTR6YnGT9D85NKEWm0FEqVx51eDHSH+FxKGuY57FG18qMB3i
qWrtqdQsq42bzhbPWKAIPwjoImeKyMTTbq6oJV3d7htStt1AHHPxR4GXGSZQZ0vW
uonjIh6HHJLF5guLIMw3LD+GfkDKHxrcNa4A7BA3RDuxyRSjXq1QFp0DSSgk1cCb
sy94dRdhSPg1QwW3EXRnEXcp8QTJfB4QF0sG6WuXj3otXbLo+i+IdQQBFgoAHRYh
BK5JRUez4fm2YpFp4FJgpPpKTLelBQJjsOoxAAoJEFJgpPpKTLel7rsA/iR2DuNc
PSSuLB8G1019vRtHuSV7SlwB4VzK/hip/W3aAQC+DHH+umRJmBhC50qxK5JuBIOA
lBvZJEvPBU/BYBCmDg==
=sj7h
-----END PGP SIGNATURE-----