Stefan's blag and stuff

Blog ā€“ New GPG Key

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: New GPG Key
Date: 2016-12-11
Author: Stefan Lengfeld

Since my current GPG key will expired at the end of this year, I
uploaded a new GPG key to the keyservers and to my homepage.  The
key ID is *0xE44A23B289092311* and the fingerprint is

    CAFC B28D 1612 3A5C 2D31  45F0 E44A 23B2 8909 2311

You can download it from the keyservers and from my homepage, section
'Personal'. Here is the direct download link:

    https://stefanchrist.eu/personal/Stefan_Lengfeld_0xE44A23B289092311.asc

My old GPG key *0x7B9E49D4117C3CFA* (Stefan Christ (student key)
_anti_stcim_de_) will expire at 2016-12-31.

To import my new key into your gpg keyring, you can execute the
commands:

    $ wget https://stefanchrist.eu/personal/Stefan_Lengfeld_0xE44A23B289092311.asc
    $ gpg --with-fingerprint Stefan_Lengfeld_0xE44A23B289092311.asc
    pub  4096R/89092311 2016-12-08 [expires: 2021-12-31]
          Key fingerprint = CAFC B28D 1612 3A5C 2D31  45F0 E44A 23B2 8909 2311
          uid                            Stefan Christ (public) _contact_stefanchrist_eu_
          uid                            Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
          sub  4096R/A40AA9D9 2016-12-08 [expires: 2021-12-31]
    $ gpg --import Stefan_Lengfeld_0xE44A23B289092311.asc

Don't forget to check the fingerprint! I have signed the new key with
my old key. So if you have trusted the original key *0x7B9E49D4117C3CFA*
_and_ you assume that the key was not compromised you can be relatively
sure that my new key is also trustworthy.

    $ gpg --list-sigs 0xE44A23B289092311
    pub   4096R/89092311 2016-12-08 [expires: 2021-12-31]
    uid       [ultimate] Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
    sig 3        89092311 2016-12-08  Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
    sig    R   1 117C3CFA 2016-12-08  Stefan Christ (student key) _anti_stcim.de_
    uid       [ultimate] Stefan Christ (public) _contact_stefanchrist_eu_
    sig 3        89092311 2016-12-08  Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_
    sig    R   1 117C3CFA 2016-12-08  Stefan Christ (student key) _anti_stcim_de_
    sub   4096R/A40AA9D9 2016-12-08 [expires: 2021-12-31]
    sig          89092311 2016-12-08  Stefan Lengfeld (my birth name is Stefan Christ) _anti_stcim_de_

Nevertheless before you sign my new key, we should compare the
fingerprints over another secure channel.

This message is also signed with my old key *0x7B9E49D4117C3CFA*. You
can check the signature by copy and paste the verbatim content into
a text file and using the command *gpg --verify*. Or the same via some
shell commands and sed-magic:

     $ wget -O - -q https://stefanchrist.eu/blog/2016_12_11/New%20GPG%20Key.xhtml \
      | sed -n -e '/^-----BEGIN PGP SIGNED MESSAGE-----$/,/^-----END PGP SIGNATURE-----$/p' \
      | tee post.txt.asc
     $ cat post.txt.asc
     $ gpg --verify post.txt.asc

For the above commands to work, you need my old key *0x7B9E49D4117C3CFA*
in your keyring.

I will also send all of my known gpg email contacts my new key.

Happy encrypting and signing.


Btw: Here is an article about the concept of long term private keys in
PGP/GPG and the web of trust. Title "Op-ed: Iā€™m throwing in the towel
on PGP, and I work in security":

    http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/


v2: (2016-12-18) Use 64 bit key ids. 32 bit key ids are deprecated.

End of message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlhW4tcACgkQe55J1BF8PPreRgCfaaS+fb8Iup9i2IZQJjJGO1Kr
43sAoJQ4KsG/reaxSthgWXbTqtsk+AHu
=MmKW
-----END PGP SIGNATURE-----

Information: