GPG key transition: 7BD22F74 → D28DA8DC

I should have transitioned my old GPG key to a stronger one for long time, it’s finally done today, with the help of here and here. You can find my signed letter at http://ubuntuone.com/6O2OCf1rg9ulw1eWi13zc2. I am also copying the letter below for your convenience.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256,SHA1

Due to rapid advancement of computing, my old 1024-bit DSA GPG key,
which was created 14 years ago in 1999, has long been deemed insecure.
Therefore, I am transitioning to a much stronger 8192-bit RSA key, by
using a slightly modified gnupg in [1], as the default gnupg does
not allow creation of keys greater than 4096-bit. Hopefully this new
key can survive much longer.

The old key will continue to be valid for some time, but I prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust.  This message is
signed by both keys to certify the transition.

If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.

The old key, which I am transitioning away from, is:

pub   1024D/7BD22F74 1999-09-12
      Key fingerprint = CD09 4F7B BBEE 93CD 7966  6299 34B3 A9A0 7BD2 2F74
uid          Anthony Y. P. Wong (Personal) &lt;ypwong@ypwong.org&gt;

And the new key is:

pub   8192R/D28DA8DC 2013-06-01
      Key fingerprint = 8DF0 9030 F103 F760 C18C  BA06 605A A53D D28D A8DC
uid          Anthony Y. P. Wong (黃彥邦) &lt;ypwong@ypwong.org&gt;

To fetch the new key from a public key server using GnuPG, run:

  gpg --keyserver pgp.mit.edu --recv-key D28DA8DC

If you have already validated my old key, you can then validate that the
new key is signed by my old key:

  gpg --check-sigs D28DA8DC

If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate if you would sign my new key.

A simple and safe way to do that is by using caff (shipped in
Debian/Ubuntu as part of the "signing-party" package) as follows:

  caff D28DA8DC

Alternatively, you can sign the key by using gpg and send it to me (if
you have a functional MTA configured on your system) or upload the
signatures to a public keyserver directly:

  gpg --sign-key D28DA8DC
  gpg --armor --export D28DA8DC | mail -s 'OpenPGP Signatures' \
    ypwong@ypwong.org
  gpg --keyserver pgp.mit.edu --send-key D28DA8DC

Please let me know if there is any trouble, and sorry for the
inconvenience.

[1] https://launchpad.net/~anthonywong/+archive/ppa

Thanks,
Anthony Wong

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQQcBAEBCAAGBQJRqdnMAAoJEGBapT3SjajciuYf/isb8jX/+SXxnxr6veAS4VTL
rKG2Up6cGjAPsfNX4AmKUojiiGzWyqXOa3qTfRReXf2Xl+NroI6jMdN2zBEe4D7J
UZYDzvEVWDhhATbWIqL2mcxZYbInX4sd18UW5cw58Tx+uBATAIHSJdHiLMjLDbvc
uKpbIqwZDC1zgJIV1+vosgtR3KQFO0bJyeqEBMpjvzJ2Zy60ZFgBycNOZL2aIdav
HnbCBSttqdfUE+TuXMgHSSTgx0WUromRa9d4X/OaT+1veX2CRD/K9X+Qt4ac6dop
Tze43U4ns2Ijz8Mwb603rlkh5e+FFfI7VxehCpIPv2oYlpNHYt5BoJbNj5Hl8LYn
6DMmbJSugz5Ov94Q5/QLFPRprnwXRVmHuvm1sbxznQGrCDgJhxVLJuTTTSNjuUiL
5VVwqKJ8RrG8gFcqmcZhG1+U2tQvBfJU/NR7BF6LMqB9FrJNyBTvg0w460XnUiOc
2ZKubdDn7qj7iEhUru4Mmu1yz9tANjYP7ObCxsvWvMOt8basOn1EobgUywIVsQsz
QdCR5SYNvWT7fgKjbpMM6RwTOa7mqOvk+IF9SCgZcSy4KVkLr6PrB0VSNueMy7bz
iJqF+j06ur79/0IHK33iFj02OqXIXG99g6hGm86NgSIlBM0EZwX52O7XmfSfTcg0
DlKuAy/ZBZOltxujkTaUSECWmfRzT2FtGgDsNj9PGZ+RbSTIT0J3/P46Umg55IBq
ptNFg5e0VNSewVT5sQVGxZDesPmrcVH6KjmFI0HYihZp2SUjshoT9TmyeKIdZcGa
PtLKSlhuwVAgEEsMPKQb4x/8xwZa2D5ZuiSOWP0NWptzdE2g2qAMGVttgu19B1+X
Iv9FUts5BYI5xiocbBq0t/MSioEwQG4Q4fBjMltMKu062lXnHNj8bP2W0Z1lBOTy
/GxHRrRnvfdmsWjn5DTfY3Cg5LlOHWMxd0JnCYMrEMrdQb78+1sc/qpbhfW3cKeR
vL8nGw7GZthOLOTVHUMtMthVSvWcymWfuJ4pfwP+Im6PqHmV+aC8GfwsSBDoLjPn
6AkdoinofPTh7RziNK/bJ36qS5QVL4bITeIw5qBYG9cXGSyuX15clK8CiuMG6RqG
1ztp3rQbLp1a0/1fW4xuhZUfUo4kXPYwR5Tm8Emx9dnS1IDk6avbUYMw+30JUqPO
KLCSGQnsjXyBPD6Z+qxENUgk1046JNxUFZLoc9mbbU9CXWKlGDDAoF+moLcWmR4D
BX9JbQAkmTQkuvPuH9x7aYoFSJKcmJ7Zz6PTdD8PHAT0vm92Kg3viIu/2BhoyvyD
oKLf/yQ1d8y1/iZYuyOrnM7eT56BtcvSHlSXQSmyACiB4bR3YYz6SNS2KDjmWWCI
RgQBEQIABgUCUanZzAAKCRA0s6mge9IvdMFJAKDlnUHGERTnlUGTZTB5SH4IREKb
qwCeJy3k6qi6uxBlZqds/4AG6vDmtfE=
=UVhj
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256,SHA1

Due to rapid advancement of computing, my old 1024-bit DSA GPG key,

which was created 14 years ago in 1999, has long been deemed insecure.

Therefore, I am transitioning to a much stronger 8192-bit RSA key, by

using a slightly modified gnupg in [1], as the default gnupg does

not allow creation of keys greater than 4096-bit. Hopefully this new

key can survive much longer.

The old key will continue to be valid for some time, but I prefer all

future correspondence to come to the new one. I would also like this

new key to be re-integrated into the web of trust. This message is

signed by both keys to certify the transition.

If you have signed my old key, I would appreciate signatures on my new

key as well, provided that your signing policy permits that without

reauthenticating me.

The old key, which I am transitioning away from, is:

pub 1024D/7BD22F74 1999-09-12

Key fingerprint = CD09 4F7B BBEE 93CD 7966 6299 34B3 A9A0 7BD2 2F74

uid Anthony Y. P. Wong (Personal) <ypwong@ypwong.org>

And the new key is:

pub 8192R/D28DA8DC 2013-06-01

Key fingerprint = 8DF0 9030 F103 F760 C18C BA06 605A A53D D28D A8DC

uid Anthony Y. P. Wong (黃彥邦) <ypwong@ypwong.org>

To fetch the new key from a public key server using GnuPG, run:

gpg --keyserver pgp.mit.edu --recv-key D28DA8DC

If you have already validated my old key, you can then validate that the

new key is signed by my old key:

gpg --check-sigs D28DA8DC

If you are satisfied that you've got the right key, and the UIDs match

what you expect, I'd appreciate if you would sign my new key.

A simple and safe way to do that is by using caff (shipped in

Debian/Ubuntu as part of the "signing-party" package) as follows:

caff D28DA8DC

Alternatively, you can sign the key by using gpg and send it to me (if

you have a functional MTA configured on your system) or upload the

signatures to a public keyserver directly:

gpg --sign-key D28DA8DC

gpg --armor --export D28DA8DC | mail -s 'OpenPGP Signatures' \

ypwong@ypwong.org

gpg --keyserver pgp.mit.edu --send-key D28DA8DC

Please let me know if there is any trouble, and sorry for the

inconvenience.

[1] https://launchpad.net/~anthonywong/+archive/ppa

Thanks,

Anthony Wong

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.11 (GNU/Linux)

iQQcBAEBCAAGBQJRqdnMAAoJEGBapT3SjajciuYf/isb8jX/+SXxnxr6veAS4VTL

rKG2Up6cGjAPsfNX4AmKUojiiGzWyqXOa3qTfRReXf2Xl+NroI6jMdN2zBEe4D7J

UZYDzvEVWDhhATbWIqL2mcxZYbInX4sd18UW5cw58Tx+uBATAIHSJdHiLMjLDbvc

uKpbIqwZDC1zgJIV1+vosgtR3KQFO0bJyeqEBMpjvzJ2Zy60ZFgBycNOZL2aIdav

HnbCBSttqdfUE+TuXMgHSSTgx0WUromRa9d4X/OaT+1veX2CRD/K9X+Qt4ac6dop

Tze43U4ns2Ijz8Mwb603rlkh5e+FFfI7VxehCpIPv2oYlpNHYt5BoJbNj5Hl8LYn

6DMmbJSugz5Ov94Q5/QLFPRprnwXRVmHuvm1sbxznQGrCDgJhxVLJuTTTSNjuUiL

5VVwqKJ8RrG8gFcqmcZhG1+U2tQvBfJU/NR7BF6LMqB9FrJNyBTvg0w460XnUiOc

2ZKubdDn7qj7iEhUru4Mmu1yz9tANjYP7ObCxsvWvMOt8basOn1EobgUywIVsQsz

QdCR5SYNvWT7fgKjbpMM6RwTOa7mqOvk+IF9SCgZcSy4KVkLr6PrB0VSNueMy7bz

iJqF+j06ur79/0IHK33iFj02OqXIXG99g6hGm86NgSIlBM0EZwX52O7XmfSfTcg0

DlKuAy/ZBZOltxujkTaUSECWmfRzT2FtGgDsNj9PGZ+RbSTIT0J3/P46Umg55IBq

ptNFg5e0VNSewVT5sQVGxZDesPmrcVH6KjmFI0HYihZp2SUjshoT9TmyeKIdZcGa

PtLKSlhuwVAgEEsMPKQb4x/8xwZa2D5ZuiSOWP0NWptzdE2g2qAMGVttgu19B1+X

Iv9FUts5BYI5xiocbBq0t/MSioEwQG4Q4fBjMltMKu062lXnHNj8bP2W0Z1lBOTy

/GxHRrRnvfdmsWjn5DTfY3Cg5LlOHWMxd0JnCYMrEMrdQb78+1sc/qpbhfW3cKeR

vL8nGw7GZthOLOTVHUMtMthVSvWcymWfuJ4pfwP+Im6PqHmV+aC8GfwsSBDoLjPn

6AkdoinofPTh7RziNK/bJ36qS5QVL4bITeIw5qBYG9cXGSyuX15clK8CiuMG6RqG

1ztp3rQbLp1a0/1fW4xuhZUfUo4kXPYwR5Tm8Emx9dnS1IDk6avbUYMw+30JUqPO

KLCSGQnsjXyBPD6Z+qxENUgk1046JNxUFZLoc9mbbU9CXWKlGDDAoF+moLcWmR4D

BX9JbQAkmTQkuvPuH9x7aYoFSJKcmJ7Zz6PTdD8PHAT0vm92Kg3viIu/2BhoyvyD

oKLf/yQ1d8y1/iZYuyOrnM7eT56BtcvSHlSXQSmyACiB4bR3YYz6SNS2KDjmWWCI

RgQBEQIABgUCUanZzAAKCRA0s6mge9IvdMFJAKDlnUHGERTnlUGTZTB5SH4IREKb

qwCeJy3k6qi6uxBlZqds/4AG6vDmtfE=

=UVhj

-----END PGP SIGNATURE-----

Anthony Wong

GPG key transition: 7BD22F74 → D28DA8DC

Leave a Reply Cancel reply

where Open Source technology and Middle Kingdom meet