-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1,SHA256 Date: Wed Jun 6 14:39:12 CEST 2012 For a number of reasons[0], i've recently set up a new OpenPGP key, and will be transitioning away from my old ones. The old keys will continue to be valid for some time, but i prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. the old keys were: pub 1024D/6BBCFF8B 2001-11-18 Key fingerprint = FF5C 7F9E 7752 D7C8 DCDC 3407 A4FF 2659 6BBC FF8B and pub 2048R/E04DEC74 2001-12-24 Key fingerprint = 84D6 33C2 71C4 F815 ADD4 6D89 C3F5 00CE E04D EC74 And the new key is: pub 4096R/B636D58B 2012-01-08 Key fingerprint = 2129 1E79 5592 B87A 479D D30B 1FDD 301F B636 D58B uid Heiko Alexander Reese To fetch the full key from a public key server, you can simply do: gpg --keyserver keys.riseup.net --recv-key 0x1FDD301FB636D58B If you already know my old keys, you can now verify that the new key is signed by the old ones: gpg --check-sigs 0x1FDD301FB636D58B If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 0x1FDD301FB636D58B If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key. You can do that by issuing the following command: ** NOTE: if you have previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the keyserver ** gpg --sign-key 0x1FDD301FB636D58B I'd like to receive your signatures on my key. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system) gpg --export 0x1FDD301FB636D58B | gpg --encrypt -r 0x1FDD301FB636D58B --armor | mail -s 'OpenPGP Signatures' mail@heiko-reese.de or you may just upload the signed key to a keyserver: gpg --send-keys 0x1FDD301FB636D58B Additionally, I highly recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations, and other updates in a timely manner. Please let me know if you have any questions, or problems, and sorry for the inconvenience. Heiko Reese 0. https://www.debian-administration.org/users/dkg/weblog/48 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk/PVWQACgkQpP8mWWu8/4tNSwCg1M3C24CouPUFbkwNA0jBGk9r ZogAn29V8atH8KXUAsHA/dy0sNG0FsKsiQEcBAEBCAAGBQJPz1VkAAoJEMP1AM7g Tex03K0IAInbGclvu5+ee9nC1YsNkDoRyzdvjQWf2vvIAK3NKQj+D31FpDK4ttIF ECFpcN8cCXHdM/LIfu8s9IK/hjTCi/fCjdWcTuF3Bj/hqzocKxd6GWhZQuPOmJMh w2SM4us/G4GxwuqIQFEOR8iHiNRJlcjpTFOeO0M4ju+lO1/jSz+8MRJEAlZt8SE8 fdQAp6vFo0Vpf3/OI9vnBZjG+IQoyCbL1zlC9Vcx3VJMthyLicSo+jng2EwHcflw cqqYiMQBNHLy4kcX3nor3A1ExdPd28EumQJkHU8Ykq2Z/XwyCluWj8eKkxbOvXMZ KtyUU/9JPYjcgY9yHrVQuKJ6sNYrtkqJAhwEAQEIAAYFAk/PVWQACgkQH90wH7Y2 1YvcrQ//VVK+tenvLroPiKU9uzUkJh6UjnsYeyPwS83FdU9LTgr7N/GLaiFLIYnp VU22puISLgFtOa1SAWIg4+WpM9rEAcCfiTelPPrpA0cvvN3nBpa63/yO5XrXqOsS KXsutAyIMQZwFCOJhCI7R/5nG/bpjD13Pmad+TvpPXoY0reaKzeDD/YgpLKqkS13 jOx3Sg7FqoKa6+IA2AqakQhTBcs6Yu4Lt6P9xBs632BHEb15IQJULniM+BurbGCc RtPo+rP6Rz5ElS0Gjoi46bYEXoEwbupE2V2vKy6xW2gYICPrreslp//0r1mLkA7X rXJ2Rvd+rvoEU4RJls8jixPJ3p/aMfwiluSSc5z5+wkXwmOeIGN3wte4w/dvNER+ eJEpca1bZVHNTEddRusdk2bcVLkO9+KLjrdgiAisLs9sOhBhN5oS3jWm5aXXwLHL 3ngwqM7uDic5mqF/nbS5WAJ2cZ5CY321+jII/bjD23KqOX0b588G1F0rU6+4vixW 18BrIYq+Q4TukdVuLgnoROmyhJZ6HfLhJKWOCCHpLQnXZ1NwMtU1vuLUePSXkIwM m+gZyMemC5hZbAFNO4Yk3ROOINGZtHAqIrGceksKoe346C0qRyfGzbNiQIZl+Gw7 2kNJTJnnUcr8f6SYszrQX4Q2hKvGgz09JJWsiq0ISPPPQxf8SSU= =/D+7 -----END PGP SIGNATURE-----