My current PGP/GnuPG key is expiring, so I've rolled a new one. The ID of the new key
0x3C7775DD37811E62 (full fingerprint:
1ED5 E5A3 01C3 D109 9040 2289 3C77 75DD 3781 1E62)
and it should be in your favorite keyservers,
cross-signed by my old key. You can also find it at https://files.roguelazer.com/roguelazer.gpg.
It has also been attached to my keybase.io account and my Github
profile. My previous key (
) has not been revoked
and has not been compromised, but you should still stop using it if possible. The new key is a 4096-bit RSA
key with SHA-2 digest signatures — I'm not quite bold enough to switch to ECC for a long-lived key yet.
My signed transition document is below, and can also be found at 2019-04-27-key-transition-statement.txt.asc if you prefer to download it directly.
Additionally, I have generated a separately-signed key with ID
0x233E5EAF0EC3ABA9 (full fingerprint:
14E8 9660 188D BC9B 2C17 67AA 233E 5EAF 0EC3 ABA9). This key should not be used for communication,
but will only be used to sign VCS commits/tags/&c (in Git and perhaps in
Pijul1). It's going to be on my [managed] work computer2, so treat it with a grain
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 My name is James Matthew Brown. Today is Saturday, April 27th, 2019, and it is 09:53am when I write this. I am of sound mind and body and am hereby transitioning from my old PGP key (key ID 0xAEE8F2454A41B87D) to a new PGP key with ID 0x3C7775DD37811E62. The old key, which I am transitioning away from, is: pub rsa4096/0xAEE8F2454A41B87D 2016-05-29 [SC] [expires: 2019-05-29] 9C1BE267C7A5D559739F333AAEE8F2454A41B87D The new key, which you should use for all communication going forward, is pub rsa4096/0x3C7775DD37811E62 2019-04-27 [SC] [expires: 2022-05-29] 1ED5E5A301C3D109904022893C7775DD37811E62 You can fetch the new key using GnuPG with gpg --keyserver hkp://pool.sks-keyservers.net --recv-key 1ED5E5A301C3D109904022893C7775DD37811E62 If you already trust my existing key, you can validate the new one with gpg --check-sigs 1ED5E5A301C3D109904022893C7775DD37811E62 I look forward to your ongoing secured communications. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEHtXlowHD0QmQQCKJPHd13TeBHmIFAlzEi2wACgkQPHd13TeB HmIvRw//Z+m/qeFPnlHKu7KBO5IAbf+XDt7fp7R52bo1za1CBJM2z56L5eERgu4S pRR3sJIgZsWPrI1OEKwITF5oZz0WEyPoDHU2jaQQqCA63Hxym4gzhJyjAOHdfQju dVAwVxNk6TP64P44rNhZ/hzAcaJR6aDgGAduQn7nwWAju7egRU4pMQrNJY3Gtiuv Eg6HOWpvsIoAaCgmNYr3fLuR5G9mfb6/13oQe5g1wiAvcHAgorFZ8xacK7ok5YJp F70Wrn9kfNMO8RUI+PVM3lpHziyugU8v6fWFBR0m6ZuA7ky8aclYPEyOihpSj+k8 YVELkZDBnA3YGd4tf6sO7eo69kghGtKI3tIwDED3KveIYVc80s8hhhjHteE8vHqw lIDlmLskDnbUv0k1LGuNr96Qg7sWmDX3vryTU7zTsTpjdvi9pSGd6oRgdJjDdUTE GVlTlAMXSQu6R9mV/4eQbANKRBtoH63LroeeEw0D/awADrrN9QvYlHq3tGLUGu4S A4RXQPiPvkRhFWiXM5qZbsntiDX38zfdUdhjHuaLX1feMy3jqMnoimTqyTVr/cv8 +KjK9vaW/VYDhMMxteuSwLKjQxAJhNHx+PPRvbqRsu79rwNx+NksBW19ykmdfpOO RlveNooEOMs8k6FDSTbGfNY6R2QNayzXnGznTR4N9zWV7VTFcQGJAjMEAQEIAB0W IQScG+Jnx6XVWXOfMzqu6PJFSkG4fQUCXMSLbAAKCRCu6PJFSkG4fZ/dEADWC85q CdfJdVPADHZIXJtfGdE+vkp5fmBHwoEq1ek3TT5dhLA+l1C1woJXXCq1eIU3NaNR rEuXmRksjNRwqJq02mt7LS2ccakyyhb/hRV1y9ZnXn6n1liuglhXBgE0i1AnkuuD b8YjEksD+ePG3l8djqtGUDh0wBUz7Rs1ExUIr4Fq3m2gE267XfjueaM2Zkd6tvAF WVoPb37ix4vDynl0uhFMFubjrI8ZaSmZ/mAvEois+YmXvNa+/C8Rxg69LpElA/1f Sl1AU6/xdKUCaJceGMX+gttRRcinHtaKd2mfuWo1uxFAjG1x1OO/Xqj41I5OX0H9 pIaTVWV8DLoC+b0bg07L/QdcrlWERLPsitSuYPnJchSHCEncC0aT/1MrcWqAUzoa TzMqQWpeKDAWAw8Zv76I7jpWiwXaTCoVRHrbJLLz/4+Us8ZNilAfgiPDOJ0Ce3+w tOI1+zqrAWtrXbdqNCP2uqy+UszMF94gqya3jPUs8j4aUQ9sp5ac0IDvVRi0exzU zdwEj+LOJ3c6yEKXOwznXgWqU87+bZCYQR0FOLGwBAMClAXgQSn/mkHkZeT4k/+3 lesfiwv9Mf4kxMJhFeU2o+Hx2X/NXz9tyWoVAhamrYwAJFzBmUGS/C9TuuXTELWX IX2e9jpjTOx4Spa3axig9quR/aP1QQkHPdTaog== =S1ku -----END PGP SIGNATURE-----
I haven't actually used Pijul for anything yet but I always thought the Darcs model was neat and I'm ready to broaden my horizons. Spending the last few years trying and failing to teach engineers how to use Git surely hasn't helped.
I mean, the computer is managed by my team, so I don't think anything particularly nefarious is going to happen, but there's always a chance that our MDM vendor could be breached or that the company could make decisions in the future that I wouldn't agree with which would result in compromise of my workstation.