-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: New GPG Key Date: 2016-12-11 Author: Stefan Lengfeld Since my current GPG key will expired at the end of this year, I uploaded a new GPG key to the keyservers and to my homepage. The key ID is *0xE44A23B289092311* and the fingerprint is CAFC B28D 1612 3A5C 2D31 45F0 E44A 23B2 8909 2311 You can download it from the keyservers and from my homepage, section 'Personal'. Here is the direct download link: https://stefanchrist.eu/personal/Stefan_Lengfeld_0xE44A23B289092311.asc My old GPG key *0x7B9E49D4117C3CFA* (Stefan Christ (student key) _anti_stcim_de_) will expire at 2016-12-31. To import my new key into your gpg keyring, you can execute the commands: $ wget https://stefanchrist.eu/personal/Stefan_Lengfeld_0xE44A23B289092311.asc $ gpg --with-fingerprint Stefan_Lengfeld_0xE44A23B289092311.asc pub 4096R/89092311 2016-12-08 [expires: 2021-12-31] Key fingerprint = CAFC B28D 1612 3A5C 2D31 45F0 E44A 23B2 8909 2311 uid Stefan Christ (public) _contact_stefanchrist_eu_ uid Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_ sub 4096R/A40AA9D9 2016-12-08 [expires: 2021-12-31] $ gpg --import Stefan_Lengfeld_0xE44A23B289092311.asc Don't forget to check the fingerprint! I have signed the new key with my old key. So if you have trusted the original key *0x7B9E49D4117C3CFA* _and_ you assume that the key was not compromised you can be relatively sure that my new key is also trustworthy. $ gpg --list-sigs 0xE44A23B289092311 pub 4096R/89092311 2016-12-08 [expires: 2021-12-31] uid [ultimate] Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_ sig 3 89092311 2016-12-08 Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_ sig R 1 117C3CFA 2016-12-08 Stefan Christ (student key) _anti_stcim.de_ uid [ultimate] Stefan Christ (public) _contact_stefanchrist_eu_ sig 3 89092311 2016-12-08 Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_ sig R 1 117C3CFA 2016-12-08 Stefan Christ (student key) _anti_stcim_de_ sub 4096R/A40AA9D9 2016-12-08 [expires: 2021-12-31] sig 89092311 2016-12-08 Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_ Nevertheless before you sign my new key, we should compare the fingerprints over another secure channel. This message is also signed with my old key *0x7B9E49D4117C3CFA*. You can check the signature by copy and paste the verbatim content into a text file and using the command *gpg --verify*. Or the same via some shell commands and sed-magic: $ wget -O - -q https://stefanchrist.eu/blog/2016_12_11/New%20GPG%20Key.xhtml \ | sed -n -e '/^-----BEGIN PGP SIGNED MESSAGE-----$/,/^-----END PGP SIGNATURE-----$/p' \ | tee post.txt.asc $ cat post.txt.asc $ gpg --verify post.txt.asc For the above commands to work, you need my old key *0x7B9E49D4117C3CFA* in your keyring. I will also send all of my known gpg email contacts my new key. Happy encrypting and signing. Btw: Here is an article about the concept of long term private keys in PGP/GPG and the web of trust. Title "Op-ed: I’m throwing in the towel on PGP, and I work in security": http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/ v2: (2016-12-18) Use 64 bit key ids. 32 bit key ids are deprecated. End of message. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlhW4tcACgkQe55J1BF8PPreRgCfaaS+fb8Iup9i2IZQJjJGO1Kr 43sAoJQ4KsG/reaxSthgWXbTqtsk+AHu =MmKW -----END PGP SIGNATURE-----