New GPG Key

As you may have seen around the Internet, there was a fairly significant break in the SHA-1 hash function, which is used by default in GnuPG. This is worrisome, since GPG/PGP signatures are one of the only things I'd actually trust to verify somebody's identity online. So I've generated a new key with a 2048-bit RSA primary (for SHA256 and SHA512 support) and a 4096-bit ElGamal encrypting key (which took about 15 minutes to generate, so better be worth it). The key ID is CB8AA0FF, and the fingerprint is 5C35 D713 3E10 9A19 FFFC F58A 68E8 3B57 CB8A A0FF I've already gone ahead and signed the appropriate keys with it, and I'll be revoking the old key in a couple of months.

Oh, I suppose I should put in an actual link to the new key. Here's my key transition statement, and here's the new key itself.


Want to comment on this? How about we talk on Mastodon instead? mastodon logo Share on Mastodon