since 1999


3 minutes estimated reading time.

New OpenPGP Key, 0xC004BAE3 (2014)

After 11 years, I have chosen to transition my OpenPGP/GnuPG cryptographic key pair from a 1024-bit DSA to a 4096-bit RSA key. The new key is ID 0xC004BAE3. Please review the fingerprints and update your OpenPGP keychain accordingly.

The following is my digitally signed transition statement, notice that it is signed with both my new and old key pairs. My old key is un-compromised and will remain valid for a period of time.

Download my new OpenPGP key

You can download my new GnuPG key from Or, if you prefer to download it directly from the Massachusetts Institute of Technology public key server, by running gpg --keyserver --recv-key 0xC004BAE3. The full finger print for the new key is EF65 AC38 A698 E87D 9CEF B60F 658C D5E9 C004 BAE3.

Key transition signing statement

You can also download the statement as a clear-signed plaintext document.

Hash: SHA512,SHA1

Date: Sunday, July 27, 2014

For a number of reasons, I have recently set up a new OpenPGP key, and will be transitioning away from my old one that has been in use since 2003, when I was an undergraduate Computer Science student at the Georgia Institute of Technology.

You can read more about the technical reasoning and suggested key management practices at:


My old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition.

The old key was:

  pub   1024D/1F9016AF 2003-05-06 [expires: 2015-08-03]
        Key fingerprint = DCF6 4AEB 7545 3CEB 923E  6E1A BBD2 F8E2 1F90 16AF
  uid                  Frank Rietta <>
  uid                  Frank Rietta <>
  uid                  [jpeg image of size 2826]
  uid                  Frank Rietta <>
  sub   2048R/0CD8B255 2013-01-31 [expires: 2015-08-03]

And the new key is:

  pub   4096R/C004BAE3 2014-07-25 [expires: 2020-08-04]
        Key fingerprint = EF65 AC38 A698 E87D 9CEF  B60F 658C D5E9 C004 BAE3
  uid                  Frank S. Rietta <>
  uid                  Frank S. Rietta <>
  uid                  Frank S. Rietta <>
  sub   4096R/3FB74663 2014-07-25 [expires: 2020-08-04]

The full key is posted at my website ( at:

To fetch the full key from a public key server, you can simply do:

  gpg --keyserver --recv-key 0xC004BAE3

If you already know my old key, you can now verify that the new key is signed by the old one:

  gpg --check-sigs 0xC004BAE3

If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:

  gpg --fingerprint 0xC004BAE3

If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key. You can do that by issuing the following command.  Please note though, that if you had previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the key server!

  gpg --sign-key 0xC004BAE3

I'd like to receive your signatures on my key. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system):

  gpg --export 0xC004BAE3 | gpg --encrypt -r 0xC004BAE3 --armor | mail -s 'OpenPGP Signatures'

Or you can just upload the signatures to a public keyserver directly:

  gpg --keyserver --send-key 0xC004BAE3

Please let me know if you have any questions, or problems.

Sincerely yours,

Frank S. Rietta
Version: GnuPG v2


Further reading

You can read more about the technical reasoning and suggested key management practices at: