-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512,SHA1 Notice of Key Transition Permanent Location of this file: http://www.schmoigl-online.de/gpg/note-of-transition-2013.asc Date of Creation: 2013-06-29 ******** Short Version I hereby notify you that my old key ID 38FC9E03 with the fingerprint 5DDB 09E4 3FF3 CD09 7559 1117 9C03 46E3 38FC 9E03 will be superseded by the new key ID 666DB8BD with the fingerprint 1AE5 07CA 8C9F 9C6C 9043 E2DC BECC A1BA 666D B8BD on January 1st, 2014. With my signature on this document using both keys mentioned before, I assert you that 1. I am in sole possession of both private keys, 2. no third person was or is in control of either the old or the new key, and 3. the process of key generation was performed in accordance with general rules of security principles. If your signing policy permits you to reestablish the web of trust on my new key, I kindly ask you to sign it and update the corresponding key servers on next occasion. Thank you. Kind regards, Nico Schmoigl ******** Long Version After more than fifteen years of service my DSA key pub 1024D/38FC9E03 1998-09-10 Key fingerprint = 5DDB 09E4 3FF3 CD09 7559 1117 9C03 46E3 38FC 9E03 uid Nico Schmoigl uid Nico Schmoigl uid Dominic Schmoigl uid Nico Schmoigl uid [jpeg image of size 3378] (old key) is reaching its end-of-life. In light of known attacks against SHA-1 [1,2] and the NIST guidance on 1024 bit keys and SHA-1 hashes [3,4], I came to the conclusion that DSA1 keys will not provide enough security anymore in near future, Therefore, I have decided to move to a new key until the end of year 2013. I will stepwise migrate to the more secure key pub 8192R/666DB8BD 2013-06-29 Key fingerprint = 1AE5 07CA 8C9F 9C6C 9043 E2DC BECC A1BA 666D B8BD uid Nico Schmoigl (since 2014) uid Dominic Schmoigl uid Nico Schmoigl (new key) which is already available at numerous key servers. The key migration will comply with the process suggested by the Debian Community [2]. As OpenPGP does not foresee an automated process of key migration, the web of trust of the old key needs to be reestablished for the new key manually. This may also affect you, if you intend to send me encrypted data such as emails, or want to verify signatures that I created starting with the upcoming year 2014. Which actions need to be taken by you, in case that you are using GnuPG is listed below. If you are using another OpenPGP-enabled software, here is an outline which activities need to be performed equivalently with your software: 1. You need to import my new key from a key server or obtain it from my download location at http://www.schmoigl-online.de/gpg/666db8bd.pgp 2. You should verify that the downloaded key has been signed by my old key. 3. You should declare trust in my new key. Depending on your own policy the level of trust needs to be adjusted. If you want to help me establishing my web of trust with my new key again (which I encourage you to do so :-) ), you need to exportable sign my new key with your own private key. Afterwards, please upload the signature to one of the public key servers such as pgp.mit.edu or keyserver.pgp.com If you are not able to update the key server, you may also send me the updated public key via email. Please refer to the email addresses attached to my key to see how to reach me. Commands on the prompt using GPG: To fetch the full key, you can get it with: wget -q -O- http://www.schmoigl-online.de/gpg/666db8bd.pgp | gpg --import - Or, to fetch my new key from a public key server, you can simply do: gpg --keyserver pgp.mit.edu --recv-key 666DB8BD If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs 666DB8BD If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 666DB8BD If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key, given that your signing policy allows to do so: gpg --sign-key 666DB8BD Lastly, if you uploaded these signatures, I would appreciate it. You can either send me an email with the new signatures or you can just upload the signatures to a public key server directly: gpg --keyserver pgp.mit.edu --send-key 666DB8BD Kind regards, Nico Schmoigl References: [1] http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf [2] http://www.debian-administration.org/users/dkg/weblog/48 [3] http://csrc.nist.gov/groups/ST/hash/statement.html [4] http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQQcBAEBCgAGBQJR2RnHAAoJEL7Mobpmbbi9kOkf/2nhtA7Z3puWO1UFKde7d7M4 i4oZEWqPx0tzHjCPg6LNt523e2y3e0x1Z5Y0gi8t2ddQtHmcqJRRhwcF8Kwpm63E oHoNL4mDyxjpHs4gcKnaDu7t+/yQYndfJhGFKlQGMnk1vYh3sUiltX+weuVj/oTF tbnug1tiJxN6ldhjZ5vJMvZE/mVF6Rs/5tZv4HLahort5lTMyZnIa7cRe6YBb6au gkBlfFUMDqN1k9cAzLUuNsrAB7c8JPzxO0iy+4PBmGP5z3BJlToXRLFloPoWgPA/ uiTC0zzE5YWX768djx0rDRagqYffd3wn9dJCMr9GUWN8Rc2VNo1pcMLMFkkkOV9a YYOiUIsZnIKT+fhIm4AlCK+RwxTAXVSi5PHhw9j6QMbYhAZwATTKWBT6C1SEZ/yb tvM6udt5oommjzQ96dkTYrS5Re/tckWowo+GOxzNFU+ENi16rbla3UOMMcTrmJ37 oAldLaNZ57yA/Q/vD+32j9B3QQNejIsgYHoYPn7H4r+xRnoIwB9noEchklpTnCZe DDDc2D7lx/z+8B3T2Vhno+ql9js/V2jLECdNeD01CqhDtHVoBaVE30xQgt19OkUt IPtb8gNb0hfBKlZ8HCf7XyUzIRoMhAygz1uvTADFnhD93C9GQhYTJ23Vatym8WqU Ft7mVwSlF7ZNxmbfyrVRV/MsGKlze66mBPP8gLz/NtJIoskmR16o7yHe+TrgsH7K P+ddYC+4+8iBWTMipOsepRrVPMD77BvZsKliU02UX/2v2WDHlqcKeB54HbeLGGNq AxBpdNejvZSgX0rOTG3bCYsS1dZidHkVIb6xcZJvzqi5TuFX4H3Zq4SvFkz4ykOk 6K9z4EEshD/q9i/1k64TXFcrNq/ohc4tKl+ZT4724rLBv1cUlitXloOxYu3ERK/7 WKfNFFeyB1BV4XGYey/SMiENF+HDq01fLQeCah2EeHH2nM1uArCGUr+1NDjMIjLj jtcUCSBkJ5YXVIY5ImBhisJM6bTEbJPof2KQiCgkn927apQAcVdYPyYgdoLZ1/ct WNjP4NECfxbvt9VPQIHX1rjKBTZ2idwlyZvrhgw/2HdQZnlFU3reOcmX4w+pjKSy C1p/f6l6iTp1gZtDBXpKQHPE+Mubhr+5FjWP3VGkC0O0TNB5MFa4aNxf1tP/rh1P nFtj5s89Hur46SBDkJBb1gyRRa6SGpV4Su703+kQZuKY3QlBmnPwwaWLudlH6obk rqa26rH2qgtqF1L6v5+zxABZ+JEVhl8vNpm5Zts3bio8U06+RPWp2g3XX+vV+Qgb MqqN16botYujNxGeU8fIMkBKC72N+GtAbbHWjWvdc78okvmXfoohjcSclaMWCraI RgQBEQIABgUCUdkZyAAKCRCcA0bjOPyeA1GjAKCaHttcevjY9b+DO12Y/dK09+/g 2ACg2M/JfTHDpNrZKAdK3yr+EHpjGVQ= =ikmH -----END PGP SIGNATURE-----