Date: 30/12/2019 (Based on RiseUp PGP Key Transition guide)
For a number of reasons, including the fact that old key was RSA 2048 bits, I have recently set up a new OpenPGP key, and will be transitioning away from my old one.
The old key will continue to be valid for some time (though it expired as of 31/12/2019), but I prefer all future correspondence to come to the new one.
The old key was:
pub rsa2048 2018-01-05 [SC] [expired: 2019-12-31]
uid [ expired] Insurgo, Technologies Libres <email@example.com>
And the new key is:
pub rsa4096 2019-12-30 [SC] [expires: 2020-12-29]
uid [ultimate] Insurgo Technologies Libres / Open Technologies <firstname.lastname@example.org>
To fetch the full key from a public key server, you can simply do:
gpg2 –fetch-keys ‘http://hkps.pool.sks-keyservers.net/pks/lookup?op=get&fingerprint=on&search=0xACF4B7893D4D05C8F18069BAE7B4A71658E36A93’
If you already know my old key, you can now verify that the new key is signed by the old one:
gpg2 –check-sigs ‘0xA2444D06D3CAFA92F68A21E679C78E6659DB658F’
If you don’t already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:
gpg2 –fingerprint ‘0xACF4B7893D4D05C8F18069BAE7B4A71658E36A93’
Additionally, I highly recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations, and other updates in a timely manner. You can do regular key updates by using parcimonie to refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring.
I also highly recommend checking out:
Please let me know if you have any questions, or problems, and sorry for the inconvenience.
Insurgo Technologies Libres / Open Technologies