I should replace my key long time ago, after there are security flaws has been identified in SHA-1. The US NIST also suggested to transit to stronger SHA-2 hash functions.
I followed the key replacement rules of Debian and Apache and created the new key. If you have validated my old key, Here is my transition statement for the new new 4096 bit RSA key –
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA512
I am transitioning GPG keys from an old 1024-bit DSA key to a new
4096-bit RSA key. The old key will continue to be valid for some
time, but I prefer all new correspondence to be encrypted in the
new key, and will be making all signatures going forward with the
new key.
This transition document is signed with both keys to validate the
transition.
If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.
The old key, which I am transitional away from, is:
pub 1024D/DC76FEB9 2004-09-18 Rex Tsai
Primary key fingerprint: 1700 7040 CBD7 5DB4 4956 959B 3A5E 166D DC76 FEB9
The new key, to which I am transitioning, is:
pub 4096R/3860D2A5 2011-05-20 Rex Tsai (蔡志展)
Primary key fingerprint: CDC8 966D A547 6B1F CEB8 6D49 86A6 03D4 3860 D2A5
To fetch the full new key from a public key server using GnuPG, run:
gpg --keyserver keys.gnupg.net --recv-key 3860D2A5
If you have already validated my old key, you can then validate that the
new key is signed by my old key:
gpg --check-sigs 3860D2A5
If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my new key.
If you then want to sign my new key, a simple and safe way to do that is
by using caff (shipped in Debian as part of the "signing-party" package)
as follows:
caff 3860D2A5
In the other way, you can sign the key and send it to me as following
commands:
gpg --sign-key 3860D2A5
gpg --armor --export 3860D2A5 | mail -s 'OpenPGP Signatures' \
[email protected]
gpg --keyserver pgp.mit.edu --send-key 3860D2A5
Please contact me via e-mail at if you have
any questions about this document or this transition.
Thanks.
Regards
Rex Tsai, 2011-05-21
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3WnNEACgkQOl4Wbdx2/rnujQCbBV+TSHWapsMrd5d06RKxkgT3
csUAnRpDr6obff4Fuj/P530f6pVT5WTXiQIcBAEBCgAGBQJN1pzRAAoJEIamA9Q4
YNKldvgP/2ej6EDhrGj/1dNkIdkWmKNXsj4OMWKcvDP6M+VnlkWtFaDQxYBb73Ea
vBhAgDZL7MhUwVbn9zydVInFpA9vtdsBwd6Hr3+rp+iv076TennKYP+qo7YDX5Ga
7s73Tim8Tn6AwYdBhyhFPJPZ/fEUknKNOWILu7eUjeQ+C7ndPNEe6VRvCJvJaHwa
aJ6b8kpeRG6UYQFGw/o2e0XGtEpek8dRiqk2sVnOVR/d0C6/u+2oQuGRVtX/uKd1
2E3HYPh/Y1RTqENYrCd39v8nA6NUzuw8kOpIx8MZ51iN4DB+YfusV8mtzhZIkVQP
y2BZ0jL2C2xFlCER7Cxlp8VpsKcz/tEixytciC0aOuoUoER7LQvfkQGs+pcTj8Fl
PQLmwgnqIM4PPQ4cSyhsFgmSkbFcDyxtStVLMEtJKKAJ0dOuqa13R0MKuRkg5WMP
u07EKBITk50QlqzXrJwM7I8FszIigbdWWQD2qNbXLpHcZNo5m5CshOVgTCy+t7E4
Z0gQ3DnZAsy+tclCjCeb6MdjRqF27C9LdWjNwHHcw71X2yqRXqEN8fb1JcXBSU5a
7AgiIMnDgw3BAm1QLQ/eEk8J7KuKvsFFK+hFpSs4mahYLUtExzSsEN7RbCQptSIc
4FfZUXS3bg+by4zF/2eSGI+FeMq7CIz4aX1JdfucBiFCNUCRhFPT
=kr5F
-----END PGP SIGNATURE-----