pages tagged gpgzack's home pagehttp://upsilon.cc/~zack/tags/gpg/zack's home pageikiwiki2013-10-07T08:12:30Zso long F2C423BChttp://upsilon.cc/~zack/blog/posts/2013/10/so_long_F2C423BC/2013-10-07T08:12:30Z2013-10-07T08:12:30Z
<h1>and thanks for all the sigs</h1>
<p><a href=
"http://info.comodo.priv.at/blog/rc_bugs_2013_37_40.html">Bandwagoning</a>
<a href=
"http://blog.lot-of-stuff.info//Blog/Posts/Key-transition/">just</a>
a <a href=
"https://lists.debian.org/debian-project/2013/10/msg00007.html">bit</a>,
and only a few days past the 3-year anniversary of my <a href=
"http://upsilon.cc/~zack/blog/posts/2010/10/new_GPG_key_6D866396/">4096R GPG key</a>,
I've finally got my acts together and revoked my old 1024D GPG
key.</p>
<p>If you haven't yet switched to a GPG key stronger than 1024D,
you definitely should.<br />
Think of the kittens.</p>
new GPG key 6D866396http://upsilon.cc/~zack/blog/posts/2010/10/new_GPG_key_6D866396/2010-10-01T10:13:10Z2010-10-01T10:13:10Z
<h1>so long and thanks for all the fish, dear old F2C423BC</h1>
<p>It was about time. Last <a href=
"http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html">
bits from keyring-maint</a> finally convinced me to move away from
my old 1024 DSA to a <span class="createlink"><strong>new 4096 RSA
GPG key</strong></span>. I know <a href="http://xkcd.com/538/">it's
bloated</a>, but given that I expect the life time of the new
(master) key to be ≥ 10 years, I saw no reason to switch to any
weaker key.</p>
<p>I'm lucky enough to live in a DD-crowded area and I've
henceforth already collected some signatures ... but I need waaaay
more signatures before even daring to think about asking for a
replacement in the Debian keyring. So ....</p>
<p>... <strong>here's my <span class="createlink">transition
document</span></strong> <small>(shamelessly inspired from <a href=
"http://www.eyrie.org/~eagle/">Russ</a>' excellent text)</small>.
If you have signed my old key, you should have a fairly
straightforward trust path to my new key. If that is compatible
with your signing policy, <strong>please sign <span class=
"createlink">my new key</span></strong>.</p>
<p>Having been there, here are a couple of excellent
<strong>recommended readings</strong> for doing the transition
yourself:</p>
<ul>
<li><a href="http://keyring.debian.org/creating-key.html">key
creation guide</a> - by <a href="http://ekaia.org/blog">Ana</a> via
keyring maint</li>
<li><a href=
"http://www.debian-administration.org/users/dkg/weblog/48">migration
howto</a> - by <a href=
"http://debian-administration.org/users/dkg/weblog">Daniel</a></li>
</ul>