Français
English

My new OpenPGP key was generated by GnuPG; it has the id 0x5053A3A2 and its fingerprint is: 

125B 5A0F DB78 8FDD 0EF4  1A9D C785 B90B 5053 A3A2

The previous, deprecated key has id 0x67756F5D and fingerprint: 

1645 B6EE 8311 1A03 03F2  B896 7640 9476 6775 6F5D

You can download both keys from wwwkeys.pgp.net. You can usually search by name or by id (in which case you'll probably have to include the 0x prefix). Be sure to check the fingerprint of the key you have downloaded in any case.

If the wwwkeys.pgp.net server you contacted is having problems, you can still download my new key from here (old one here), but this may be less up-to-date than what you should find on wwwkeys.pgp.net.

Here follows my “official” transition statement from key 0x67756F5D to 0x5053A3A2, signed by both of these keys: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA512

                                              Thursday, March 18th, 2010

Hello,

Because of dark clouds floating over the SHA-1 hash function, I've
recently created a new OpenPGP key, and will be transitioning away from
my old one.

The old key will continue to be valid for some time, but I prefer all
future correspondence to come to the new one. I would also like this new
key to be reintegrated into the web of trust. This message is signed by
both keys to certify the transition.

The old key was:

pub   1024D/67756F5D 2000-01-14
      Key fingerprint = 1645 B6EE 8311 1A03 03F2  B896 7640 9476 6775 6F5D

and the new key is:

pub   4096R/5053A3A2 2010-03-17
      Key fingerprint = 125B 5A0F DB78 8FDD 0EF4  1A9D C785 B90B 5053 A3A2


You can fetch the new key from a public key server:

  gpg --keyserver pgp.mit.edu --recv-keys 5053A3A2

or, alternatively, from my web page:

  wget -q -O- http://people.via.ecp.fr/~flo/OpenPGP-key.asc | gpg --import -

You should verify that the key you imported with this command (5053A3A2)
has the same fingerprint as stated above in this document:

  gpg --fingerprint 5053A3A2

If you have my old key in your keyring, you can now verify that the new
key is signed by the old one:

  gpg --check-sigs 5053A3A2

If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you could sign my new key:

  gpg --sign-key 5053A3A2

and upload the resulting signatures to some place where I can find them.
You can send them to me by e-mail like this (if you have a functional
MTA on your system):

  gpg --armor --export 5053A3A2 | mail -s 'OpenPGP Signatures' f.rougon@free.fr

or, alternatively, upload them to a public key server:

  gpg --keyserver pgp.mit.edu --send-keys 5053A3A2

Thanks in advance. Please let me know if you encounter any trouble with
these instructions, and sorry for the inconvenience.

Regards,

Florent Rougon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkuiD7sACgkQdkCUdmd1b13AWACdHJn1+JkjNs65oahSQcR+h98e
AtMAoKwZPXv4f92GO0w942EB0EEmx6iziQIcBAEBCgAGBQJLog+7AAoJEMeFuQtQ
U6OixCcP/jtexCQtgnpu4zWs47Wrwn9NfIX35ewqgQ6ptbjWhAmUpOE0H9dM8GOv
5g5w9FU71t6RpjGugRq8NLEnHS7fqFvgrp+Os6OKJO9j1+iMHnZmP3/nM4AcBh1Z
lGt3ccUOUShFRaOi2vitv8XeRNlgCePuqlwOm3ij6DY8Cp57w/3W92Ysx2tn73gr
0D0lxmYaNDfu8GkT2LRQ8rlmzrErb49GxD2+cMOvxu+T8AcPmOnvGqDhvcMz0FCY
5zxIg2bROlH3f/okPsCJhVVfWaW8pyxcnHz3hVkN0zPqjwJihxoXNlvZs1wlREH9
TJyUaekHfZYftUsnmlmcypl6T4a4jfwJlguEk2KN51xGJWPEaK8Ji1rNM7N6tt4w
kzrV3XOOTDva9cMW18vTU3t0YBO1CjYoaB+NH8m1WGsUGA8CvVKPvUZ2PEgQHGg7
tbSsjHS44lIdojd2xP9whS6pVRlGV3R3P+R7EOBzPBBNufp5RSzfp7snTkQl2jZ/
D4W127PB7EotOmFj1WenucxnfI8KhxkFGE0cfMTTXPbLbfCPRYAOPz5nm8O5nzh4
dE9RpK/DFxAvd0vi2C3rQwQPVRjjJefc+G5OC4fFaoJo+9OJEAVtWWKLLBtTT35b
GD4h6KG3CQmazSmAKYT6jLk6oLNeaJO/AhVfGEMOH5ordpej7jl6
=jNw1
-----END PGP SIGNATURE-----
Florent Rougon <flo (**AT**) via.ecp.fr>

Last modified on 2012-02-11 at 19:23.

Valid XHTML 1.0!    Valid CSS!