New GPG Key

Posted Fri 08 May 2009 17:29 under category tech

As you may have seen around the Internet, there was a fairly significant break in the SHA-1 hash function, which is used by default in GnuPG. This is worrisome, since GPG/PGP signatures are one of the only things I'd actually trust to verify somebody's identity online. So I've generated a new key with a 2048-bit RSA primary (for SHA256 and SHA512 support) and a 4096-bit ElGamal encrypting key (which took about 15 minutes to generate, so better be worth it). The key ID is CB8AA0FF, and the fingerprint is 5C35 D713 3E10 9A19 FFFC F58A 68E8 3B57 CB8A A0FF I've already gone ahead and signed the appropriate keys with it, and I'll be revoking the old key in a couple of months.

Oh, I suppose I should put in an actual link to the new key. Here's my key transition statement, and here's the new key itself.