New OpenPGP key

PSA: I’ve rolled over my OpenPGP Key.

The old key F289F7BA977DF4143AE9FDFBF70A02906C301813 is considered to be too short by some and it’s sufficiently old to retire it.

My new key is F98D03D7DC630399AAA6F43826B3F39189C397F6.

It’s been a while since I did that last. And GnuPG still makes it hard to use an expired key, I cannot sign this transition statement with both keys as suggested by this document. Also, I might consider using a service such as https://www.expirybot.com/ for telling me when it’s time to think of a strategy for the next roll-over. It’s a shame we don’t have such tooling in place for the desktop.

Anyway, feel free to grab the new from the WebPKI protected resource here.

sec   dsa1024 2008-12-03 [SC] [expired: 2018-02-28]
      F289F7BA977DF4143AE9FDFBF70A02906C301813
uid           [ expired] Tobias Mueller 

sec   dsa3072 2018-03-17 [SC] [expires: 2023-03-16]
      F98D03D7DC630399AAA6F43826B3F39189C397F6
uid           [ultimate] Tobias Mueller 
ssb   elg3072 2018-03-17 [E] [expires: 2023-03-16]

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGiBEk21OkRBAC5XDJFPbA2WhhvbKdu51ZOL3iPwMPSp8k1U5qEY0uChuI5eekL
VUHhsQJP+mNSwPMKJuyAZgMtdeG+YHEo06Rh9beOxCRtR1Y4Jzl1iP2jslHUu/r9
O0DLXUOdbsi0oSfNGJt4nxdZheIr/eH18w8Sp/P1l3YooRcyC3wa/lwR2wCgps+U
nBLN5JbQaz4NeoDXROhwDNkD/0mPTNX7WyPWJoEpFwSSKD1ZPaF46fFDhlK6pdyv
120TYoRAtQBYew3XkiW+ZoW4OZiqVJLTqqI8bADSeZ4AaJEgRyKb99tRrpyWFhpk
vMoxtfw2qXDGidcsaeJfqzSw3+qjfjQJMGEkADW5+7d8URTU2I4GURoUUNVYRr+O
lVdUA/4qdHe2E5pkYXlQZAuq8DjUqvqKtay7uCCMFv0NZtXWNn+sPTq108tMfoQ9
QdS74NlbS4Hh/ttMzTZi1z7AEI4Kf74qY77xBjyhPFPSyThxPRH8WjRQLqrZHe0I
G1MtoEFeRfixqCCDtQyTrhQomEgYgSx7phQUTMrCP3wC8uTB6LQkVG9iaWFzIE11
ZWxsZXIgPHRvYmlhc211ZUBnbm9tZS5vcmc+iGYEExECACYCGwMGCwkIBwMCBBUC
CAMEFgIDAQIeAQIXgAUCVtxYfQUJEV+2xwAKCRD3CgKQbDAYE+7uAJ9KEPe5Qqmb
uQBQND8lL89kjBaHZQCeL4lji4/Pxu1wZK+2M1HgXh9dvNK5BA0ESTbU6RAQAK2Q
cpYuL/ieNSzVcXOCLzPMs+jL+nx7GLINoRdTZkK1394bPu4ZUrcUfsfE/Ehm1209
kzD4kXSqbtMCZ0QLo5Ohvzq/TS/d+5kavYiVs0V9UCnjdu0zl/MHjOZ3aghvGKJo
YB+eQNIVoCTLmZIWSE3tHdy+ocoRCPYXLOLZJgewkRmtfOrfg9n+YisLwVryDO4V
kzNZGe+lXf8JKbEXXnL55g+P6gkfDp6IRPm8QetJQ7j6o7xzFGDA+0oJLHc2NgMV
QdZAVZuZwOUJtHkv+HuH88b2mUBAkVLUv1pgyEjEqV45I+OiFdcy9BluzTtXMw00
3oovmmHTLCOars/GGK+tBS6uFMNX59V2lb0QycLwzg6lnedShvl0ivr//khZ2kJ1
avyInTGUdMy5CGM4YB84X8p63EbhrapkM3JmqlZrR71t5GM4nk3IumGCZY1LzO/7
mVbegtYvBc6vcYJqPjwPSLlBdcquQjD49I2UlDI5EfO91rEwkpvVo9RKigKes4yZ
kEP4bzOaXbMrNYuC3ssrbS/zH9w+TPlMSW1w97D2V5mTHsjbaGEgjzPZY3zWklrq
RnHlGEThTsHL0OsdQ0OI7cWUiZn2fMqGSofdeqFAf/o2IAlHGcyAK6MCRNR802dC
8M5XDh1d67QDA2lWL/axMjqgxHKwIR/ufU4EDlTzAAMFEACYnYVIjmfG2eitMowG
21GhIbAyyKjj+xBWeCjB1BVw3ir04fw5I/xaEd5VP3NTY+yv7TZWPdf3myN1SbhT
xeu0YVyzEDs7y2ekpDe6YNiTSRAOoWeb1YObiY6UGTa/vvHtK++Kx+wq7hbdaCaK
AUW2NZ8T9M8p/wX0jxx+CyV/iIfJuhdl9Q08bqRdlnWH+zfHaxq1syUQBMVPVrU/
Gi+IOwo6qcQiW5BI9mZ9WRLQKE5gbvlbzLL49TKcFRq4bCnQXtj6gVCYUIT+wm7I
aNYXl3NcWNWL6GkmuvSxfoF8z/R5Iw+4LUlngSYscXE9c+rFVzp9gfOOqlCbyFRx
1WCHtyLhZfzZub2MmJHQ0+MuYbcP4bG7rGq2QqpYpKYTuqVhhHx8S2EpOOTlx0ys
vLbbGoRdF29i6L4UFl6Tfy1j2S+FSAmug/iv7KbYj4FVeGBh1Rrt+cF//sUXBO6p
OefLSbXRMt7kZNnIyhNfWrM62n03R2nKucTE8oLlFrwZtZ+VTQZicirvwMsC965a
3a3YSX5VD8Ix3/+nYsDeTC8QUTWgK3wmth3gLy1I6ElU5yiSUHMfbFwmI4RFVh5b
fDnoompIAiINvM6KXSxwFfQ1Zwwkxw0iOx7rQ2F/HgTTpXkVA5bISCPChkfIp/WF
S9L5aiwvjo8rXPhb2ChWm1GvpIhPBBgRAgAPAhsMBQJW3FiZBQkRX7bHAAoJEPcK
ApBsMBgTjcIAoJG4JYCcs0RtH8/khWE1nxZzfhgqAJ9DTOJGHUNVqVBg+GtULiuY
wE7HxpkErgRarZOvEQwAnl8+RVZd1Ly24jGPGPW+P57ASaYlwGMj0ifQTvVAfKOE
NCQjcW7njMywLbhFOgDUpR0OfCiK/TJBqLXIa1G2KN2yMQfCCJdrL6bOTT1catMK
vTw9yTjiRnguk6HbM0IuQSbIlTNsLPwUGDQ1NMe3KckcRuLEjdTpubBTRtpYDM50
4Uexua5DS99MTuc+Mgm1S0o9Zft6yu7rpFjf18klqOqqoP+87FM9BQFm1WctLR02
n0e4NY7akryVH7/W0uDJkV4n5Ye7j8F98VAagoxCSrk8lX3AhAaMBzrbFjzstxJw
o8Vlt3ZTC1d7L8wbgFTEZtErmBKruTRV3BqOEhu9aiao2uwPe2Jhb0D5rjuHCvcF
DqmIhODWsfxuoy5uHy0wL4oSjttEfF8x5jtB3DBVrEBN+tReed5asNMfeQAZQqSZ
fIJ9gXbVE6FTJz8MrLHsn0dculG3lQezddYbc0TMPxg4f0v8sj2xk/LV2lXdTV/o
eB4VbRqkwiT+J/+SHE+TAQDcQCw44rbOCuZx8rzyvwD1W+Jw0IUIIvNwnB7y2HBX
uQwAnLbEC6D8dvYXJc1ltV3eBYiCwneO4S/WX4C9Yp1y0kQLILybbRaOyF41L9OE
7xeFnmr9xnNfS7MgKjdVAm6P99xuZic1S6uC7r8oaL3/R69coO/nwOEN5eVMwpwp
x2tt/Nhig2QT8kyjlVIZe7oppDpf/PWk8SxAXZgwWSa23nawMtp4P9L4VaPbwnPw
kT0nY4RI60jAZmG00GC0cYjomPGnfkg1vfJoGnSMghz7f7+syXGOEIE6SZLCKE1m
hssJmh390x6gAPQjKohU62micEm0VVGEax+fUN0jTnCpp8BXYSWbY66FB1dL4Mtl
o+2i1+7O5hJvnylrLCfRheETazlW/xqxS4ZBk2olaC8FZF1Tqo66rBlFDPVOm8de
rlACppC/px+apDDTZju3UaWPhMIPlhP9M3vkgouJgHRhqvAH9ZgwtlFV9v1wvyOn
91cQFC1y0YKkptIn6X2mlgiZIoizq8no5X0Eq+RtffCJlqDsfj9WncKlk4Oh5Bk6
FFfJC/sGlv7BkhORO1kHZZTHD7arCI3vOSJu8b+W9FnbKLho1/So9wnjQoFe6PO/
Q6PbNvNJnTCSwCEvxm1L7XBLIJtO5uOrrKge5BXNT9a/+oUMem702UU9bydcTF2m
Ux4TbLlstnXa4C+9821aZltSb+pnGPkNBGwprpP6cOTx1TIb6rUmpPqKdVDTMpeg
kDVeSDltOJShTstXH1y3h39WwRuH9c/tnW+m7lpyGmz2yVL4itU7qadygO6u06/2
SuLiyg+WSNh/s6LBsS+Qx+6MwXqs69JXcB13/BK5uqP2ub1ilBN/7aqTIMoESK2l
GHO+g8m3q1Cn0JSZ/ohMC8HMqU8NaHcv4jAh5yRds+UQ7YkxuwIpoxNgawNkW2rk
22JKkuCQWAb04Iiq5sBQSijlfkJoPVLiDW4mMhvrUs7ru1bu+mFS5G3vV/xem7xC
dDxLvIYslX8onZsVqxuzHmZLEXFstz/rfVQMH03I6rqt82Ogf9boNGYxvPUi+WqB
EwmdoFe0JFRvYmlhcyBNdWVsbGVyIDx0b2JpYXNtdWVAZ25vbWUub3JnPoh/BBMR
CAAnBQJarZOvAhsDBQkJZgGABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJECaz
85GJw5f2jcoBAIxZr3oM7QObsHgXE3Aawi3oqsC3KYKv+u431WPsmM1UAQCZpc2F
fVHEa+4234cTmCnQbbFrCXxIeB8k2myZ76Hg+rkDDQRarZOvEAwAkwSKzWkK6pYk
sa6LgZdRKjGghFcwCFprptDyAv9iLfs/s+8zfUhHD2stliStDNtuGvhYeN0/o7T/
F6TJ9JZX0QhI/+LqeQTWvRsZ9KoevSpTp0SpNfQa66b+WCfeGIw9BwKnNn+p5SNc
kxjP3DZvyH57CzctoA8yFiAXK0OTijNiBO89llyCLCdmMHR/BANwg/Lv1AWL/M0a
4oibQR6+GR8T+3ydzaZvkxn+hNdTE50YslWFzXXR0brivparCWijUUpnn3Prgaus
wKvOz8QFfe8Qz037ydd8XXd40S3IA4/GYnuVn+opaxGVMsjMNh1yhYp5AiYU1VD4
FTXdKLZRMXtDr+TTB1qSN6KCJ7EQ/O/tWY704ldIE3zLKQV4dYXDhau4jKx1j9yz
xkb4PpJD+b6NBvwNGoTvw4iBsRNXwRho0WMYo304Dh64edBhMC/h3lhj+wCQONR7
yYv0l3hY8pmJXY409uCGwWUoQ9yr+ynk+fM7vNfOeZA6mVoJCuQbAAMFC/98wKAL
VNTDpmsQvZNebGkYUB2QxEeGtcqUaRly/DcKveb3SpJ4CRrxTVBsZQVVeHYbOQPH
5cKOWprV5RUV08urNVxY5Dlu3PCZTMHT2L2otPGiInxk0CRFOWheo5lu7LRdQMSI
i8m+1iP5heQrfTVt+2vS/ogkMtWbjWRaj1gzHQ0wEEtz+bF8t4f6pjQSUKU7R35g
z4GqTbDG+BsW5yD5tMG+2+Ide/c0dl4aGSmBHwJdhL/78Zi//z2VNt1h89rk8zyL
pfZVl6sq78ukqy30or9LWRkDSYrl8WKrLGXWzQgWLgN97Srd7dXRVqRZqVG7/3mG
6PbQzUiYj+pcItJfhGCp8oVwOBpnhNnywxsAGk5f2G4B9XUWv21aE4ZzaQLi0DnA
3+kzTLULI6yd6LfdhjEJaj1TcW8gxWgRGkyU/5mva9pXvYr5yZzNGxXAyLFliuNU
QHfPbuokGlr/ERy9J8CMmT2LYY+eocCeMpN/oyaZX9j2C4pqei41/Ich5M2IZwQY
EQgADwUCWq2TrwIbDAUJCWYBgAAKCRAms/ORicOX9rrnAQDBKBceDhsxXKWZQvuR
Me/juPtunEHhxSiPQa1i61djCgD5ATxw0MjcM/bRHiPFj8JJmvKeRfrZLMZsdNCA
BkK1L5A=
=Aij5
-----END PGP PUBLIC KEY BLOCK-----

OpenPGP Key Rollover from D3492A2A to 1BF98D6D

Public Service Announcement: I am deprecating my old key 0xD3492A2A in favour of a newly generated key 0x1BF98D6D. I have uploaded a copy here. It is signed with my old key, too. FTR: It involved exporting the old secret key and the new public key to a temporary directory, change the expiry date of the old key, sign the new key and import the new signed key *sigh*. It’s only 11 years that --allow-expired-keys was discussed.

The new fingerprint is:

$ gpg --fingerprint --list-key 1BF98D6D
pub   3072D/1BF98D6D 2012-05-10 [expires: 2017-05-09]
      Key fingerprint = FF52 DA33 C025 B1E0 B910  92FC 1C34 19BF 1BF9 8D6D
uid                  Tobias Mueller tobias.mueller2  mail.dcu.ie
uid                  Tobias Mueller 4tmuelle  informatik.uni-hamburg.de
sub   3072g/3B76E8B3 2012-05-10 [expires: 2017-05-09]
$

It’s 2012 already and apparently there ain’t such a thing as best practices for rolling over your OpenPGP key. I’m thinking about something that discusses whether or how to

  1. create a new key
  2. adding old UIDs to the new key
  3. sign the new key with the old one
  4. sign the old key with the new one
  5. probably sign the new key with other secret keys in your keyring
  6. preparing a small text file stating the rollover
  7. sign that so that you can upload it to the public
  8. inform people that have signed your old key that a new one is in place

I do think the steps mentioned make sense and should be implemented to easy the key transition. I started with something very simple; you can find the code here. You are welcome to discuss what’s needed in order to properly move from one key to another.

Key Rollover

I have deprecated my OpenPGP Key 0xAA208D9E in favour of a new key 0x059B598E. So please use this new key which you can find, i.e. here.

muelli@bigbox ~ $ gpg --fingerprint --list-key 0x059B598E
pub   1024D/059B598E 2010-06-23 [expires: 2015-06-22]
      Key fingerprint = 610C B252 37B3 70E9 EB21  08E8 9CEE 1B6B 059B 598E
uid                  Tobias Mueller
sub   4096g/C71F0BE4 2010-06-23 [expires: 2015-06-22]

muelli@bigbox ~ $

If you’ve signed my old key, you might as well sign my new one (verifying that it’s correctly signed with the old key), assuming that my identity hasn’t changed. I recommend using caff to do so.

Creative Commons Attribution-ShareAlike 3.0 Unported
This work by Muelli is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported.