hacks07 Feb 2009 11:13 pm
For the last six years, I’ve been making use of the same gpg identity. I’ve copied my private key onto more workstations than I can recall at this point, so I’ve decided to try and be a little bit better about keeping my keys and signatures in-order and up-to-date.
A couple of steps I took tonight in moving to a key set of keypairs:
- Generated a new signing keypair with
gpg --gen-keyI cycled through the process several times until I had a nice-sounding trailing 4-bytes. I ended up going with 0×8F8CAD3D — “eight-fate-CAD-3D” I say aloud in my head. - Signed the new signing keypair with my old signing keypair, 0xC8579EE5. This is just to mark the new key as trusted by the old one, and to demonstrate that cryptographically.
- Generated a revocation certificate for the old key, with the old key using
gpg -u 0xC8579EE5 --gen-revoke 0xC8579EE5 | gpg --import - Sent the revoked, old signing keypair to a keyserver with
gpg --send-key 0xC8579EE5 - Old keypair disappears from keyservers, begin using new signing/encrypting keypairs.
As a result, I’m interesting in finding people I know that want to swap key signatures.
My new key is available here.
Update: I figured “what the heck, it’s 2009, what’s an extra 20k?”, so I embedded a photo in my key as well just for grins. Bask in the glory of a big blob of base-64.