Title: I've got a new gpg key
Date: 2015-08-13 15:00

[![gnupg logo]({static}/images/gnupg.png)]( https://gnupg.org )

For a number of [reasons]( https://www.debian-administration.org/users/dkg/weblog/48 ),
I've recently set up a new OpenPGP key, and will be transitioning away from my old one.


The old key will continue to be valid for some time, but I prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust.

My [old key]( https://dustri.org/pub/pubkey.asc.old ) was:

```
pub   4096R/9768FD3CC48815F2 2010-10-14 [expires: 2016-10-12]
      Key fingerprint = F808 881C CDEE 45FD 37E9  6896 9768 FD3C C488 15F2
uid               [ultimate] VOISIN Julien <julien.voisin@dustri.org>
uid               [ultimate] Julien Voisin <jvoisin@riseup.net>
uid               [ultimate] Julien Voisin <julien.voisin@trustmatta.com>
sub   4096R/B316D919F9BFABC7 2010-10-14
```

And [my new one]( https://dustri.org/pub/pubkey.asc) is:

```
pub   4096R/04D041E8171901CC 2015-07-25 [expires: 2020-07-23]
      Key fingerprint = 9FCD EE9E 1A38 1F31 1EA6  2A74 04D0 41E8 1719 01CC
uid               [ultimate] Julien (jvoisin) Voisin <jvoisin@openmailbox.net>
uid               [ultimate] Julien (jvoisin) Voisin <julien.voisin@dustri.org>
uid               [ultimate] Julien (jvoisin) Voisin <jvoisin@riseup.net>
sub   4096R/AC28F00D0351B960 2015-07-25 [expires: 2020-07-23]
```

To fetch the full key from a public key server, you can simply do:

```bash
gpg --keyserver keys.riseup.net --recv-key AC28F00D0351B960
```

If you already know my old key, you can now verify that the new key is
signed by the old one:

```bash
gpg --check-sigs AC28F00D0351B960
```

If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:

```bash
gpg --fingerprint AC28F00D0351B960
```

While we're speaking about GPG, I would highly recommend
[monkeysign]( http://web.monkeysphere.info/monkeysign/ )
if you don't already have a fancy setup to manage keysigning;
and also [parcimonie]( https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/ )
(or even better, its [bash version]( https://github.com/EtiennePerot/parcimonie.sh ))
to refresh your keyring without leaking it.

Please [let me know]( https://dustri.org ) if you have any questions,
or problems, and sorry for the inconvenience.