After 11 years, I have chosen to transition my OpenPGP/GnuPG cryptographic key pair from a 1024-bit DSA to a 4096-bit RSA key. The new key is ID 0xC004BAE3. Please review the fingerprints and update your OpenPGP keychain accordingly.
The following is my digitally signed transition statement, notice that it is signed with both my new and old key pairs. My old key is un-compromised and will remain valid for a period of time.
Download my new OpenPGP key
You can download my new GnuPG key from http://rietta.com/pgp-pub/frank_rietta_pgp.asc. Or, if you prefer to download it directly from the Massachusetts Institute of Technology public key server, by running
gpg --keyserver pgp.mit.edu --recv-key 0xC004BAE3. The full finger print for the new key is
EF65 AC38 A698 E87D 9CEF B60F 658C D5E9 C004 BAE3.
Key transition signing statement
You can also download the statement as a clear-signed plaintext document.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512,SHA1 Date: Sunday, July 27, 2014 For a number of reasons, I have recently set up a new OpenPGP key, and will be transitioning away from my old one that has been in use since 2003, when I was an undergraduate Computer Science student at the Georgia Institute of Technology. You can read more about the technical reasoning and suggested key management practices at: - http://www.debian-administration.org/users/dkg/weblog/48 - https://wiki.ubuntu.com/SecurityTeam/GPGMigration - https://help.riseup.net/en/security/message-security/openpgp/best-practices My old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. The old key was: pub 1024D/1F9016AF 2003-05-06 [expires: 2015-08-03] Key fingerprint = DCF6 4AEB 7545 3CEB 923E 6E1A BBD2 F8E2 1F90 16AF uid Frank Rietta <email@example.com> uid Frank Rietta <firstname.lastname@example.org> uid [jpeg image of size 2826] uid Frank Rietta <email@example.com> sub 2048R/0CD8B255 2013-01-31 [expires: 2015-08-03] And the new key is: pub 4096R/C004BAE3 2014-07-25 [expires: 2020-08-04] Key fingerprint = EF65 AC38 A698 E87D 9CEF B60F 658C D5E9 C004 BAE3 uid Frank S. Rietta <firstname.lastname@example.org> uid Frank S. Rietta <email@example.com> uid Frank S. Rietta <firstname.lastname@example.org> sub 4096R/3FB74663 2014-07-25 [expires: 2020-08-04] The full key is posted at my website (rietta.com) at: http://rietta.com/pgp-pub/frank_rietta_pgp.asc To fetch the full key from a public key server, you can simply do: gpg --keyserver pgp.mit.edu --recv-key 0xC004BAE3 If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs 0xC004BAE3 If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 0xC004BAE3 If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key. You can do that by issuing the following command. Please note though, that if you had previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the key server! gpg --sign-key 0xC004BAE3 I'd like to receive your signatures on my key. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system): gpg --export 0xC004BAE3 | gpg --encrypt -r 0xC004BAE3 --armor | mail -s 'OpenPGP Signatures' email@example.com Or you can just upload the signatures to a public keyserver directly: gpg --keyserver pgp.mit.edu --send-key 0xC004BAE3 Please let me know if you have any questions, or problems. Sincerely yours, Frank S. Rietta -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJT1Xh0AAoJEGWM1enABLrj5dcP/3B4yDUJrnzL0iM6BsuDsXff vFjFGyMX+pDw84HFMrhWuADzjsyvMfY0ARJtZs0WXPiIcMo/AAyzBXz1mT7SE+pD XuWDlsJvDnnFFIB/kYOpJTW02A49cI1YURCJ+h4ffXIzvhkstWNDEYd29NTsZeWF VzwiVqsXRD7X8PyWhFd9j3XjW3fiWh4zPhy1t0UU6HvjKYgXMZVJHQIY0TyueArk RIbZti2CGRenGcYAGSRt/1zO3Q7KZ/CGYirNg8b4Si8nBnZLTb6tqYqQxm8crUr4 vNgjrs27RiTdd2W1as7WHQHeQkPTQ5GIjcJXrv4eM+tkKepStMlwqKKgwbQND5fX /4O2zAGhuE0tV705Bi5amzFko12r0jcbR9933Cw/ntys+kqlwLR9KVtduWRCSX0Z /YmOfnJchFMyDyPjGHRARaDEQu/h2z5AROTFn20nUARbTjyst5Le/L72bHMJL8ME +ecmD60ETulTpVHEIu2FnIbH8VH77TLEwAOKAeH0sFZe3YCM5WFhP88XtQlHOt8q 0UICTBJzO6qa6UGXWRPsmN8eCI/iiXWqQFME1GaDJZQaMjZspw0sLp6uxgKxIVjp P+PO4lX5McK+lBg3ppYoj9UfklA++CYmKtT2eyetfTHygKQt6WMmybbtaf1tSLdK /Sp0ohU2CetAU2yF6SfOiEYEARECAAYFAlPVeHQACgkQu9L44h+QFq/ZJACfbmjT CSadyF6g6QADtBN89Z3l578AoMMsRT+wHn82Mj4aMjbA8NRqwP5z =+ycV -----END PGP SIGNATURE-----
You can read more about the technical reasoning and suggested key management practices at: