-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA512

Wed, 05 Mar 2014 14:14:12 +0100


My GPG key from 2006 has been a 1024 bit DSA key, which uses a 160 bit
SHA-1 hash. As per the Debian Guidance [1,2], this is not ideal, and I
have been thinking about moving away to a stronger key with a stronger
hash for quite some time.


Finally, in the light of the recent global surveillance disclosures
around the NSA, the GCHQ and other secret services, I have decided to
move to a new OpenPGP key of a larger size and stronger hash. As such,
I will be slowly transitioning away from my old keys.


My old keys will continue to be valid for some time to come, but I
would prefer all new correspondence to use the new one. I will also be
switching my outgoing signatures onto the new key. For this to work
well, I would like my new key to be re-integrated into the web of
trust. So, I have signed this message with both my old and my new
keys, to certify the transaction.


The old keys were:

pub   1024D/17DF3795 2006-05-26
  key fingerprint = 742C ED8B 827C C007 2331  1C89 74D2 915D 17DF 3795


pub   2048R/58E7B5BD 2013-08-26 [expired: 2014-01-16]
  key fingerprint = 8569 2983 C26A D3E1 0F6A  277A 4310 4F2B 58E7 B5BD


And the new key is:


pub   4096R/1CA1C3A9 2014-03-04
  Key fingerprint = A4B7 19DB AFEA 866F 3377  EEC4 3AFB 59AC 1CA1 C3A9


To fetch my new key from a public key server, you can simply do:


  gpg --keyserver hkp://keys.gnupg.net --recv-key 1CA1C3A9


If you already know my old key, you can now verify that the new key is
signed by the old one:


  gpg --check-sigs 1CA1C3A9


If you don't already know my old key, you can check the fingerprint
against the one above:


  gpg --fingerprint 1CA1C3A9


If you are satisfied that you have got the right key, and the UIDs match
what you expect, I would appreciate if you would sign my key:


  gpg --sign-key 1CA1C3A9


In case you have signed my key, you can either upload the signed key
directly to any keyserver:


  gpg --keyserver hkp://keys.gnupg.net --send-key 1CA1C3A9


or send me the signed key by email.


Please let me know if there is any trouble, and sorry for the
inconvenience.


Thanks
  Peter


References:


[1] http://gagravarr.livejournal.com/137173.html
[2] http://www.debian-administration.org/users/dkg/weblog/48


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlMXI1QACgkQdNKRXRffN5VCRwCeNlY+nGX4Sp2O+HogSANdEt5Z
GJsAoMnNniAcZITv4YL/LYfm3FXTBVzniQIcBAEBCgAGBQJTFyNUAAoJEH/lpNsg
LPaihx0QAM4EmgX/aMfMEP9/FqsiBL5DxRNS/SkYOwRjG5dS2WMpgYjtBclhyyWP
F0uGnifG5Vp3uBHCgRXgg74IdyAx7fJwvqO9frTKXjgccEpH8hYLrEpP91Q3gt9r
YIXPkos7kxBc49rKLx7fNObUZhT+KP8la02P1vQsgfa/UrFrRPTIHonV+Ed0KBM/
TlYDmfhOHnx5oel7LZdBkLK3Xv4yYJSe5ZvrY22PBtZTBUpy4jIcBbp7f0+VWV/A
dL/ZF1YvObjW4qw1tarYtN+h6z+oibQxT8Krn0GDge/riQgSCnvkfRV4o380ppeR
aA2y/R1VXA0MXd59qwVNUBN4uYZ1bIELoGe41owhde3r5+9BKw2dcPd2WmSbIYDp
z6mmVFk5Kt2yfTkp2XOwR2DDZ7Sd+AnKo2BnuHeHLEGEAS+ZYwkfqrtsMQMRbgwz
qxRiSp1JhzLWpHKB+KmQtrK6J7weZ6pTV8FsgAZ1+Xu3DbOkXz2G+lpYz3dnIu5X
dvhItYVBXBlNw1xVmY3wwvGySb+rqdHjZlQALOa1ECh0uVGBSv6wSggg0kmCj0ZB
3jWemyOaezRDt4Ktq3KfO8/CDChi0z36KwMfeaQhalSwKYNTkU3qNzAsFcb/tlKe
T1Q7hdziIRTxwlq+Nz0Vi6VVo33w7XrHwB6zm/iUsMlW6tRCxHQ6
=W/3z
-----END PGP SIGNATURE-----