Date: 30/12/2019  (Based on RiseUp PGP Key Transition guide)

 

For a number of reasons, including the fact that old key was RSA 2048 bits, I have recently set up a new OpenPGP key, and will be transitioning away from my old one.

The old key will continue to be valid for some time (though it expired as of 31/12/2019), but I prefer all future correspondence to come to the new one.

 

The old key was:

pub rsa2048 2018-01-05 [SC] [expired: 2019-12-31]
A2444D06D3CAFA92F68A21E679C78E6659DB658F
uid [ expired] Insurgo, Technologies Libres <insurgo@riseup.net>

And the new key is:

pub rsa4096 2019-12-30 [SC] [expires: 2020-12-29]
ACF4B7893D4D05C8F18069BAE7B4A71658E36A93
uid [ultimate] Insurgo Technologies Libres / Open Technologies <insurgo@riseup.net>

 

To fetch the full key from a public key server, you can simply do:

gpg2 –fetch-keys ‘http://hkps.pool.sks-keyservers.net/pks/lookup?op=get&fingerprint=on&search=0xACF4B7893D4D05C8F18069BAE7B4A71658E36A93’

If you already know my old key, you can now verify that the new key is signed by the old one:

gpg2 –check-sigs ‘0xA2444D06D3CAFA92F68A21E679C78E6659DB658F’

If you don’t already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:

gpg2 –fingerprint ‘0xACF4B7893D4D05C8F18069BAE7B4A71658E36A93’

 

Additionally, I highly recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations, and other updates in a timely manner. You can do regular key updates by using parcimonie to refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring.

 

I also highly recommend checking out:

RiseUp Best Practices

 

Please let me know if you have any questions, or problems, and sorry for the inconvenience.

Insurgo Technologies Libres / Open Technologies