New key from my server at /keys/micks-new-public-key.asc I have signed my new key with the old key. This message is signed by both keys to certify the transition. This transition was aided by the excellent on-line how-to at: Making all new signatures with the new key from today. New secure correspondence to be encrypted with the new key. ![]() The old key will continue to be valid for some time, but I prefer all I am moving my preferred GPG key from an old 1024-bit DSA key to a GPG transition statement – Friday 20 July 2012 This is not well documented in the GPG manual.) Where $KEYID-1 and $KEYID-2 are the eight digit IDs of the old and new keys. Gpg –clearsign –local-user $KEYID-1 –local-user $KEYID-2 filename (BTW, the way to sign a document with two keys is as follows: That transition statement is signed with both my old and new keys so that people who have my old key may be sure (or as sure as they can be if they presume that my old key has not been compromised) that the new key is valid and a true means of secure communication with me. If you wish to contact me securely in future, then please use my new GPG key. I used that guide, supplemented with some further guidance on the apache site to come up with a transition plan. ![]() However, that leaves the problem of how to migrate from the old key to the new key when the old key has been in circulation since at least 2004.įortunately, Daniel Kahn Gillmor (dkg) has published a rather nice and useful how-to on his debian-administration blog. So, I have now created a new default GPG key of 4096 bits – that should last for a while. That is good advice and it is long past time that I upgraded. He recommended that such users should upgrade to keys with a minimum size of 2048 bits and a hash from the SHA-2 family (say SHA256). ![]() Following a recent discussion about gpg key signing on my local linux user group email list, one of the members pointed out that several of us (myself included) were using rather old 1024-bit DSA GPG keys with SHA-1 hashes.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |