I am switching my GPG key from an old 1024 bits DSA key to a new 4096 bits RSA key. The old key will continue to be valid for some time but I prefer all new correspondance to be encrypted with the new key. I will be making all signatures going forward with the new key.
I followed Daniel Kahn Gillmor tutorial which also explains why this migration is needed. I will try to contact all people whose key I signed to re-sign with my new key. The text of the formal transition statement is from Zack, as follows:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am transitioning GPG keys from an old 1024-bit DSA key to a new
4096-bit RSA key. The old key will continue to be valid for some
time, but I prefer all new correspondance to be encrypted in the new
key, and will be making all signatures going forward with the new key.
This transition document is signed with both keys to validate the
transition.
If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.
The old key, which I am transitional away from, is:
pub 1024D/38D092B4 2006-03-15
Key fingerprint = 080F 4FC3 E825 0080 207D 4464 90CD 8287 38D0 92B4
The new key, to which I am transitioning, is:
pub 4096R/D1E233A9 2014-03-07
Key fingerprint = 4112 E10A 9986 9E25 9E6D D0B1 6391 B494 D1E2 33A9
To fetch the full new key from a public key server using GnuPG, run:
gpg --keyserver keys.gnupg.net --recv-key 4112E10A99869E259E6DD0B16391B494D1E233A9
If you have already validated my old key, you can then validate that
the new key is signed by my old key:
gpg --check-sigs 4112E10A99869E259E6DD0B16391B494D1E233A9
If you then want to sign my new key, a simple and safe way to do that
is by using caff (shipped in Debian as part of the "signing-party"
package) as follows:
caff 4112E10A99869E259E6DD0B16391B494D1E233A9
Please contact me (for example via e-mail at
<jean-christophe@dubacq.fr>) if you have any questions about this
document or this transition.
Jean-Christophe Dubacq
jean-christophe@dubacq.fr
2014-08-07
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJT4y7kAAoJEK5VSseTcinxG4oQAJoVJNB2GUpkLF0n099cf/20
iDF8MEc6K/MXgmhMz0y8A4JV0672buOxKGZNTCSNByNESecQdVx+hZ3Ual1/usm2
8qMwXpwK4Q1nHwFYGQf4cCBEu5HtNk7VdxcDLrLOMof9br0LYSHLu5V+cXvj4Xbr
DIqo9qR58n0OJ21WnbXI3Eg+ZzBn5FTqD3XOCimqe7ENWUmKZsKjHFpPBXaEJEWV
V44MPPALruFrelA7URCC8GJ2yObkPo4jZ3j7PTTPKJ6zeK+nAjk4V5zEG1AXGcsw
Qm5fkOI6cpmT0Wktu1TdML7GQS+Kf992Hx7ERTl9sZakRyUrXAzxhJ0/1nA+qV06
U0bQRzzPi/xLhWP5OD29PfxipoBbJOBz+5SpnFEPBwyJKLtUysnhyLvjUpDhgn0G
5SMdB5VSmw4LRf6z+c6mD5nmXMx8TKSDYepGPIbuxBRdznm94I0DYAiJushiIRna
VIis22TPVfAmnKCXvVmzsBJen2wa8RFHi3WXCGyGG5OE/1P0wsnVNhc+s1r0wAoj
MqEtui8G9mIvalKZf4xdzUSl4XkhPTi8aPDlRtb9gqf9N4KVyJyuW2+YBha6n1jb
6/ftV3UGg8qS9HgaFIlBMO07pzatf6gm6pLhVpgzfbPRDfHHy6QSGA2fDHHOCCjz
j4IOvOrgXJdAzPDd0OSGiEYEARECAAYFAlPjLuQACgkQkM2ChzjQkrTb0gCgz5pp
Z5PketgGDXWqW4KM9HB3o9kAniKoTyDsr+v9tZDJH/xkrVYfqZM0
=P1Qw
-----END PGP SIGNATURE-----
If you have my old key (or my new one, and trust it already, but then you will not need the file), you can verify if by issuing:
gpg --verify gpgtransition.txt.asc
gpg: Signature made Thu Aug 7 09:46:44 2014 CEST using RSA key ID 937229F1
gpg: Good signature from "Jean-Christophe Dubacq <jean-christophe@dubacq.fr>"
gpg: aka "Jean-Christophe Dubacq <jean-christophe.dubacq@ens-lyon.org>"
gpg: aka "Jean-Christophe Dubacq <jcdubacq1@free.fr>"
gpg: aka "Jean-Christophe Dubacq <Jean-Christophe.Dubacq@iutv.univ-paris13.fr>"
gpg: aka "Jean-Christophe Dubacq <Jean-Christophe.Dubacq@lipn.univ-paris13.fr>"
gpg: Signature made Thu Aug 7 09:46:44 2014 CEST using DSA key ID 38D092B4
gpg: Good signature from "Jean-Christophe Dubacq <jean-christophe.dubacq@ens-lyon.org>"
gpg: aka "Jean-Christophe Dubacq <jcdubacq1@free.fr>"
gpg: aka "Jean-Christophe Dubacq <Jean-Christophe.Dubacq@lipn.fr>"
gpg: aka "Jean-Christophe Dubacq <Jean-Christophe.Dubacq@iutv.univ-paris13.fr>"
gpg: aka "Jean-Christophe Dubacq <Jean-Christophe.Dubacq@lipn.univ-paris13.fr>"
gpg: aka "[jpeg image of size 3076]"
gpg: aka "Jean-Christophe Dubacq <jean-christophe@dubacq.fr>"
gpg: aka "Jean-Christophe Dubacq <jcdubacq@free.fr>"