Dopo anni di onorato servizio ho mandato a riposo la mia vecchia chiave DSA 0x4397C730
, una chiave a 1024 bit, che già da un pezzo desideravo sostituire con una più forte. Insieme ad essa ho revocato anche l’altra chiave RSA a 2048 bit, creata più per test che per vero utilizzo.
La nuova chiave è la seguente:
pub 4096R/0x2E15B621E350BA44 2014-08-17 Impronta digitale della chiave = 3CEA 2AAB 56A7 929A A0E9 2AAA 2E15 B621 E350 BA44
Questa chiave è stata firmata con le due precedenti, per cui se avevate firmato le vecchie potete firmare anche la nuova, dopo l’opportuno controllo del fingerprint.
Per scaricare la nuova chiave, la si può importare da terminale con:
gpg --keyserver pgp.mit.edu --recv-key 0x2E15B621E350BA44
o dalla propria applicazione per la gestione delle chiavi, cercando l’ID 0x2E15B621E350BA44
A seguire pubblico la dichiarazione firmata sia con le vecchie chiavi che con la nuova, scaricabile anche in formato testo:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sunday, 17 Aug 2014 For a number of reasons, I've recently set up a new OpenPGP key, and will be transitioning away from my old ones. The old keys will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. The old keys were: pub 1024D/0x4397C730 2006-09-24 Key fingerprint = 84E2 2BC8 ABE3 DCC0 9F15 E511 4357 7ECD 4397 C730 and: pub 2048R/0xFEBCB2E9 2008-01-03 Key fingerprint = FBB5 04E0 36EB CD6A C217 7005 2FBC 61A5 FEBC B2E9 The new key is: pub 4096R/0xE350BA44 2014-08-17 Key fingerprint = 3CEA 2AAB 56A7 929A A0E9 2AAA 2E15 B621 E350 BA44 To fetch my new key from a public key server, you can simply do: gpg --keyserver pgp.mit.edu --recv-key E350BA44 If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs E350BA44 If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint E350BA44 If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key: gpg --sign-key E350BA44 Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures or you can just upload the signatures to a public keyserver directly: gpg --keyserver pgp.mit.edu --send-key E350BA44 Please let me know if there is any trouble, and sorry for the inconvenience. Regards, Aldo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlPwxqIACgkQr0xuW6Dor1/R7gCffbaEsOOVyL5Z9onKzt/tG1Lk +3wAoNdgKnOsVdkF/aHdF9CctdQvuc/XiQEcBAEBCgAGBQJT8MaiAAoJEIkgovzv AMXFKLsIAJObTWbPTSn0FVtzE9S/PN0JZ2nCTh3yiI9o860jTaWfq/EcjAV52faq rPfb0oTxd2HjKlfDO73/c/Ukgbxdxv3EouLeUOEzdx5H4qvjNj8TRI6vr5rANlm/ ykqxh/pT/+WcB6Bj0VSXzzgTXG1+NH+FypWDi5SzZMIOyGyxtlggJnPKOmD+3Q1N YjM7YQ3HnIUy5Xw6V98fTluZPymGdwMxDfFXgmYSpV15cavKQhKbviv3kUHFdRjE hVgGzB0lpsebgMTwkrIyfmxinmfeZ0pUiXobflu73JLANsnoFC6eiAxLda5AFc7K ljcsF55gRh9KcVoYESAkfjrSYxkwxlyJAhwEAQEKAAYFAlPwxqIACgkQLhW2IeNQ ukQouxAAkCaeTSEkEjATOCv0cI0OvAJ0MfQQP85VgSdQFab7xx91+OdXiX80lK1w t9cJOL8AFDdSzWUb9jbXvqfnb4z6yMyXLiciSyk1lmPNfqqrtBeQs0urlmdOVHxh j7DISlF0YDJM3fSUH1Lf99MphXOlgmG1fItbk8Ve564Yt6P5MWFxsd0O9XliruxH 8x/WtgG4ipDJXRWOZUQsVcQyYJdTrt0y8SQtKgAo/6/d34y9696A55AbMIG+x11e rEHYF9E4RpfKVUisvcl726oCKG3tOrrYFjhpLyKUJ7jB4gBoq0KA6jHvZsWcrz+6 5j3YMdJ2VDtXORdQYS6BnpkoZv6w17Ma40aCX5kFG+gH285BgBl96W7EO7Om+EEV GHgBSngDNFQFKRJqBprsB5cuqc+U1GeKEH0c2DMhzTbxaoEgWpyXVztSJ031ta+t qsvRmcn60DBH2SlqldRJPC6FEeajDhR5khsr3XtT4uYFcpPJHdgRW/AuM97aCgMY Nu6VoUb/vDqulYFwdoIDoQGPZBdQLbggshaDBqDkYV/8iX140gi5YwbgIpq1kWy5 Fgk3wdDASBYF6iuL57VqelQxCF1p3PomejqiTJBWWEPFwpUjEk605urUf4qCVDt9 4MaeooYQyo1axk0vcxBkWCGbLMm++lk5j43zfkQSRB3I5soC39c= =Pn+n -----END PGP SIGNATURE-----
Per approfondire
- http://www.debian-administration.org/users/dkg/weblog/48
- https://wiki.ubuntu.com/SecurityTeam/GPGMigration
- https://help.riseup.net/en/security/message-security/openpgp/best-practices
- http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/
L'articolo Nuova chiave OpenPGP 0xE350BA44 è uno scritto di aldolat. Rispettane le condizioni di licenza.