OpenPGP Key Transition
From M.Eng. René Schwarz, Bremen/Merseburg
In the light of the recent occurences in the domain of computer security, I will hereby replace my old OpenPGP key by a new and stronger key. The old key is invalid with immediate effect and I recommend to use my new one for all future correspondence. Please see my key transition notice here for further details:
https://www.rene-schwarz.com/pgp/2013-08-11_transition_notice
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1,SHA512 PUBLIC ANNOUNCEMENT M.Eng. *René Schwarz* August 11, 2013 <mail@rene-schwarz.com> <https://www.rene-schwarz.com> OPENPGP KEY TRANSITION NOTICE ~~~~~O~~~~~ In the light of the recent occurences in the domain of computer security [1], I will hereby replace my old OpenPGP key by a new and stronger key. The old key is invalid with immediate effect and I recommend to use my new one for all future correspondence. I would also like this new key to be signed by other persons in order to establish a web of trust. This message has been signed by both my old key and my new key to certify the transition. My old key was pub 1024D/DA8DE871 2009-02-07 Key fingerprint = 3124 8A0C 92C6 9129 75DB F4C6 91C4 AC7F DA8D E871 and my new key is: pub 8192R/687A7D75 2013-07-28 Key fingerprint = DC8B FE25 50F7 6FBB 05BB 5917 4B71 ED33 687A 7D75 To fetch the full key from a public key server, you can simply do gpg --keyserver pool.sks-keyservers.net --recv-key 687A7D75 or download it from my website: <https://www.rene-schwarz.com/pgp/public-key-687A7D75.asc> If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs 687A7D75 If you don't already know my old key or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 687A7D75 If you are satisfied that you have got the right key and the UIDs match what you expect, I would appreciate it if you would sign my key and send it back to the keyserver. You can do that by issuing the following commands: gpg --sign-key 687A7D75 gpg --keyserver pool.sks-keyservers.net --send-key 687A7D75 It would also be nice of you to inform me about this certification via e-mail to <mail@rene-schwarz.com>; if you have an working MTA installed on your system you can do this simply by: gpg --armor --export 687A7D75 | mail -s 'OpenPGP Certification 687A7D75' \ mail@rene-schwarz.com Additionally, I highly recommend that you implement a mechanism to keep your keyrings up-to-date so that you obtain the latest revocations and other updates in a timely manner. You can do regular key updates by using `parcimonie' [2] to refresh your keyring. It is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep and fresh Tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring. Please let me know if you have any questions or problems regarding this message or the transition. M.Eng. *René Schwarz* <mail@rene-schwarz.com> <http://www.rene-schwarz.com> ACKNOWLEDGEMENTS Most of the text above was directly copied out of a template from the Riseup GPG Best Practices website which can be found here: <https://we.riseup.net/riseuplabs+paow/openpgp-best-practices> REFERENCES [1] Refer to these websites, among others: * <https://www.debian-administration.org/users/dkg/weblog/48> * <http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf> * <https://en.wikipedia.org/wiki/Edward_Snowden> [2] <https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iEYEARECAAYFAlIHwg0ACgkQkcSsf9qN6HHexgCdGmL5nHX3BDvj6RROIYFAOUXI emwAoILKCjLtvtYW6e6OpNmDnRqRCKV2iQIcBAEBCgAGBQJSB8INAAoJEM1FFckc vpGw6IsP/iCAtL/t6F8lLSIWen+D8BI300R18fwKl1CBpudIZn8ipiycP/kGNPbT TsiPocOz3TBEiJk9EbW5MlnNtLkjSEpz7NI7bgtpWFcEJHrE40wpm0HHbb1fpZhX kikiF03vHLF2Zqf3g8OtaIVB83Pb7w1QmcqUVpxEwZrkFttT50zC2KaTygM/f6Vy YG5C2ut7zo6ZMr7VmkIuAvEqIQHJO3OBoUpEH4nApFKUyAMAk32sBL3itDyYjX/w 8F7EFX1SMFt01Own7gBZwm3lCIhX1bt7/TaDlfcv4takQnskjht2DOzFpRZ/Ey9S 8qECjea2g0zW0u6Tgg6sdAXHkxBZ1qrowgTxBjGLB9439oXW3MRHQB1ZhLOSEyJK EZKo7xGQyPJD18UTtIeVo7Gr3PRKK97deMiNE0Wwm7sZ3K18TA0B22yeHw8pkiKt 2rgAwm9skNOTPS46weWncDn65lPuJRNsTljTwC0KozkZcvPm4o88afAdnNhC5Gl1 YW5z6FeaWwPBYD3EG4AYV4xV2cDdNXiEK2zC2KNGrXN08hucGMD0GexCXPqrLgTI d2Jiqp0+fIVxbTkaJL2d6sd19F43SOX7iHcSgMIyk5Ch6nwy0pw8Wl8dP41Wtzvp rVSGLezSmLS9/13eWc9VT+RelLh9wkoMNxjXVW5C7BLhmlNQeFwR =jb9Z -----END PGP SIGNATURE-----