GPG key transition statement 2016

Sunday, 2016-05-29, 21:30

For easier verification, the following statement is also reachable here.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am transitioning my GPG key to a new key that is only stored on hardware
tokens and airgapped systems. The old key will continue to be valid for some
time, but I prefer all new correspondence to be encrypted with the new key. I
will be making all signatures going forward with the new key.

This transition document is signed with both keys to validate the transition.

If you have signed my old key, I would appreciate signatures on my new key as
well, provided that your signing policy permits that without reauthenticating
me.

The old key, which I am transitioning away from, is:

pub   rsa4096/A9A8A2C9D19E1804 2011-12-29 [SC]
      Key fingerprint = 3EFE 50A3 C36E 01F7 B289  765D A9A8 A2C9 D19E 1804

The new key, to which I am transitioning, is:

pub   rsa4096/8816F018ADCAC78A 2016-05-28 [C] [expires: 2019-05-28]
      Key fingerprint = 3A38 8232 D466 0481 046C  759B 8816 F018 ADCA C78A

To fetch the full new key from a public key server using GnuPG, run:

  gpg --keyserver pool.sks-keyservers.net --recv-key 8816F018ADCAC78A

If you have already validated my old key, you can then validate that the new
key is signed by my old key:

  gpg --check-sigs 8816F018ADCAC78A

If you then want to sign my new key, a simple and safe way to do that
is by using caff (shipped in Debian as part of the "signing-party"
package) as follows:

  caff 8816F018ADCAC78A

Please contact me via e-mail at <a@0au.de> if you have any questions about
this document or this transition.

  Valentin Ochs
  a@0au.de
  2016-05-29
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXSm36AAoJEDsRUoE6tPB9YmkP/Ah3URALICsfBF1/j23MSY52
8SwFqb5iH9YT9BjUayPTOzo0Eg+PxJHLkNg6gEIxF6DSSvzMU1TQaanokytCwmSN
kI21uBQa+L/Lm//q6Uwhcd+eKeGuY+QomTHVJSLHtdbf1vLwakn6L+J6CvTgt1VR
W7ac8qpd71hYuase6/1O5BGpI4I71WYqXOBgyrvveoVv7b3I1GGCbpwudU0JBYnY
1/QWjWQI3kLNzT8+sWoj6m+kSdmsgBCpKACR8nf6+wN7RPx92FIBTjHTd7UoTnZR
2Gqkv1gsWMLcJGwtc/VIfSVNOHQFBh3pmXHIpXUE5S/1489G0YwAFCqMj3+dwCaB
rpiBxdfRk9t9+Lm2fOpFrzeDSn7QU1YN5BjRCE+aq4Ynl5ESlIdy7bRWQJX9Yf9s
Y8/6H680Uw5l08cJ8kVE50LmhmgWJGu9p7foMYTDErgOpQAE0c0YOWVAXpJaSvk1
0aFq6Ad+9GDO8MHNmAZTj5tQ+KlVbt+7NXBBQ2Uqa21ynVtUkcL/dftDvKwTf/D6
8LMguveHFbI/WFOxFJpyiE7t2A9G9iY41O1+WqAZWcG1tjS+G9tHf1FuN3vzBGHe
AH+bVNb4AxjEmCSQorxMiuHtPHjGRMbqz4Q1eHrAx/is61Z2QE6wzZHCXGqgf2/x
9jdF9ltmrB1p3h8kzn3QiQEcBAEBCAAGBQJXSm36AAoJEFiK1HsdBr6ZYmkIAK83
5X6bRrqF9kb9ioZuOXZDciAl89sgfDtvU14NbWoaUqn1kgwytuJuvTwXZrWNlfiX
1n+8yJpTe3N5nWo9PWL+Hlw4v/ySWFtzeyQppV3yc2UpFCVAzs8Rpsb3HpQZfQKT
HbLMXRY57HWGCSqpugY/cNkRoL+YJBcW3lnmuz6JpiI7yNrk3oAIYUUYt+2rbt6H
zLbCyY3NEst2O6JDjNdZJzAZu24pecjlHv7NDt/1+/31D/cFhjuxBj7KJNlRiid9
CzCn9f//6L4paXTLdq8CC0PZZYkyK+Rz+dhv8UIFlCQXOibcFwM+69K/iQhjg/Ey
NZ3tzAy6+5s0/0ytN/Y=
=UyZr
-----END PGP SIGNATURE-----