-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: New GPG Key
Date: 2016-12-11
Author: Stefan Lengfeld
Since my current GPG key will expired at the end of this year, I
uploaded a new GPG key to the keyservers and to my homepage. The
key ID is *0xE44A23B289092311* and the fingerprint is
CAFC B28D 1612 3A5C 2D31 45F0 E44A 23B2 8909 2311
You can download it from the keyservers and from my homepage, section
'Personal'. Here is the direct download link:
https://stefanchrist.eu/personal/Stefan_Lengfeld_0xE44A23B289092311.asc
My old GPG key *0x7B9E49D4117C3CFA* (Stefan Christ (student key)
_anti_stcim_de_) will expire at 2016-12-31.
To import my new key into your gpg keyring, you can execute the
commands:
$ wget https://stefanchrist.eu/personal/Stefan_Lengfeld_0xE44A23B289092311.asc
$ gpg --with-fingerprint Stefan_Lengfeld_0xE44A23B289092311.asc
pub 4096R/89092311 2016-12-08 [expires: 2021-12-31]
Key fingerprint = CAFC B28D 1612 3A5C 2D31 45F0 E44A 23B2 8909 2311
uid Stefan Christ (public) _contact_stefanchrist_eu_
uid Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
sub 4096R/A40AA9D9 2016-12-08 [expires: 2021-12-31]
$ gpg --import Stefan_Lengfeld_0xE44A23B289092311.asc
Don't forget to check the fingerprint! I have signed the new key with
my old key. So if you have trusted the original key *0x7B9E49D4117C3CFA*
_and_ you assume that the key was not compromised you can be relatively
sure that my new key is also trustworthy.
$ gpg --list-sigs 0xE44A23B289092311
pub 4096R/89092311 2016-12-08 [expires: 2021-12-31]
uid [ultimate] Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
sig 3 89092311 2016-12-08 Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
sig R 1 117C3CFA 2016-12-08 Stefan Christ (student key) _anti_stcim.de_
uid [ultimate] Stefan Christ (public) _contact_stefanchrist_eu_
sig 3 89092311 2016-12-08 Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
sig R 1 117C3CFA 2016-12-08 Stefan Christ (student key) _anti_stcim_de_
sub 4096R/A40AA9D9 2016-12-08 [expires: 2021-12-31]
sig 89092311 2016-12-08 Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
Nevertheless before you sign my new key, we should compare the
fingerprints over another secure channel.
This message is also signed with my old key *0x7B9E49D4117C3CFA*. You
can check the signature by copy and paste the verbatim content into
a text file and using the command *gpg --verify*. Or the same via some
shell commands and sed-magic:
$ wget -O - -q https://stefanchrist.eu/blog/2016_12_11/New%20GPG%20Key.xhtml \
| sed -n -e '/^-----BEGIN PGP SIGNED MESSAGE-----$/,/^-----END PGP SIGNATURE-----$/p' \
| tee post.txt.asc
$ cat post.txt.asc
$ gpg --verify post.txt.asc
For the above commands to work, you need my old key *0x7B9E49D4117C3CFA*
in your keyring.
I will also send all of my known gpg email contacts my new key.
Happy encrypting and signing.
Btw: Here is an article about the concept of long term private keys in
PGP/GPG and the web of trust. Title "Op-ed: I’m throwing in the towel
on PGP, and I work in security":
http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/
v2: (2016-12-18) Use 64 bit key ids. 32 bit key ids are deprecated.
End of message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlhW4tcACgkQe55J1BF8PPreRgCfaaS+fb8Iup9i2IZQJjJGO1Kr
43sAoJQ4KsG/reaxSthgWXbTqtsk+AHu
=MmKW
-----END PGP SIGNATURE-----