GPG Key updates

[Zaak Beekman]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

Hello OpenCoarrays users,

I just wanted to encourage you to fetch my updated GPG public key (finger print: 1DB1 B5ED E321 22B2 8E56 810D CB21 118C 92A6 4702) from the PGP keyservers or from https://keybase.io/zbeekman/pgp_keys.asc or from https://github.com/zbeekman.gpg . I have recently tweaked some of the keys including the signing key, and migrated my main signing key, auth key and encryption key to a hardware smart-card (yubikey). This should make it even more challenging to compromise my signing key. I have a new yubikey on order, and once it arrives, I will likely be expiring my current private key, and generating a new, more secure keypair in an air-gapped, verified, live linux distribution. Once the new keys are setup I will send out another email. If anyone requires assistance updating my public key in their gpg keyring, please let me know.

Thanks,

Zaak

GPG key: 1DB1 B5ED E321 22B2 8E56 810D CB21 118C 92A6 4702

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqUSJ2TjLk2Zo+QkRqTznDYAhvQ8FAlwQUKYACgkQqTznDYAh

vQ+ezw//ZEBWi4j0P2kW3T5KTpSJSEzFMM7NMKWHkPOGUOyObxX/iLU5LWLvmSn1

LeVFeGpJ5yg3YyfI7/lsXo6uV935xntCKiyDgPI8Mo8N3570I1dm0oyXD9ch8zao

U88oKmFok7Puryjp+5wIeFvCwqIQaHSGzJNwUIUH87yHwtqi2nUXUjsjkfEXH7Vv

0N+Zm3HJhJHkn0TlmDzrQMM+epcXwODhvFUK1JAT/rivw3EriUopfxxArlN8yrbB

PsUMrBSTDCT3qCwVf5Peledq6lJFpreXjtYYOS+gt4U+AH6ajYDWR/Z6nhXyJ0jp

Vq5whRwUw7avEHJv6Lv3oCtfmPihdX4jO4JN917V9qFoD3zmvbv/7DbfqWXl42Ls

BrEfDcF4O6Mx6yXPUTkZplQhHwWOpSTOtaHzvxIlqvRbotbWbo29QsPSZ5baGVMn

liLorCI1CVYm2EnYo33eyRb4niMBGIS6kceYRi84Umw3qjNqtXMpwLwijgX3hnvZ

B48ZeqQOGtMWE/ZgaQ/tQAmjay+xAp8HkVQaDIaXdafMig8v0ookUndV3rKmSsL5

oK7Fblhpd/15KFdr0QPTe6BSroppdB0YWhGuNIvdTe5NQXBA0wEfQG9GTMCTmWfc

WPpzvn2NhFPRfZaf5syDwX08NTMliFhQxPLTIkWMimhOZXD9Wy4=

=naEI

-----END PGP SIGNATURE-----

[Vishnu V. Krishnan]

This maybe a nitpick, but I think it is customary (and advisable) to sign the key change announcement with the old key, rather than the new one. That way, there is an unbroken chain of trust.

That said, it is really cool that you're going through all that trouble to ensure security and authenticity. Thanks a lot!

[Vishnu V. Krishnan]

Sorry, I assumed you changed your key, because my email client was showing the email as having a 'Bad Signature'. Looks like Google Groups does something to the email that makes it un-verifyable.

[Zaak Beekman]

Hi Vishnu,

So far I have only manipulated subkeys. Also, I think I’m actually using the same signing subkey I have been for some time, I was mistaken when I said I tweaked the signing key; the only change there was migrating it to the smart card. (The encryption and auth keys were 2048 bit RSA, so I generated new subkeys and revoked the old ones with 4096 bit RSA.)

For me, I can select the text in the email I received from google groups and run GPG verify on it and GPG tells me that there is a good signature. Perhaps the linking of the urls is breaking signature verification for you. If you copy the original email as plain text and verify it on the command line that should also work;  it works for my on macOS using gpg suite (FKA gpg tools)

Thanks,

Zaak

--
You received this message because you are subscribed to a topic in the Google Groups "OpenCoarrays" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/opencoarrays/cukveTQ3CaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to opencoarrays...@googlegroups.com.
Visit this group at https://groups.google.com/group/opencoarrays.
To view this discussion on the web visit https://groups.google.com/d/msgid/opencoarrays/47f73381-078f-4f7a-acfd-c932a158ca2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.