After seven years of “service”, I finally decided to discard my old OpenPGP key. I was already planning on doing so for a while (especially since it was still a 1024-bit DSA key), but the tipping point was reached today for two reasons: the first is that I received the FSFe Fellowship smartcard (as “Lefty” put it, FSFe seem to be concerned with matters more at hand than those the main FSF is concerned with, so I feel much more at ease to help FSFe rather than FSF itself), the second is that this year I should finally be able to attend FOSDEM (thanks to the fact I can finally board a plane without risking a heart attack; on the other hand I’m not going to board a plane alone so I’m going to take a train to Turin and then move with Luca).
FOSDEM here is a key reason for my switching key: my current key has no web of trust, the only signatures are those from the PGP Directory (automated non-human signatures), so it’s almost impossible to be sure I really exist. Finally being able to meet friends and colleagues is going to be helpful to fix that as well, and at this point starting from a new, clean key (which does not list outdated user IDs, nor my “old”
name) sounded like a good plan.
Anyway, I’d like to thank Daniel Kahn Gillmor (dkg from Debian) for his howto on key migration (although it still is signing with SHA1 — I wonder if it’s because of the card not supporting other digests?), and for his template for replacing the old key, in my case it’s available here and is signed with both my old and new keys for verification.
I’m currently uncertain on whether to replace my Gentoo manifest signing key with a sub-key of the new key after I got it signed, so that it also gets to be part of the web of trust.
Anyway, to finish it off, my new new key details are these:
pub 2048R/BB592443 2010-01-16 Key fingerprint = F204 568C 03BD FD49 60EC 2DCC 1A82 AD57 BB59 2443