Date: Wed Feb 19 22:49:22 EAT 2014

For a number of reasons[0][1], i've recently set up a new OpenPGP key,
and will be transitioning away from my old one.

The old key will continue to be valid for some time, but i prefer all
future correspondence to come to the new one.  I would also like this
new key to be re-integrated into the web of trust.  This message is
signed by both keys to certify the transition.

the old key was:

pub   2048R/0x9470DD588DD1026C 2013-09-21 [expires: 2015-09-21]
      Key fingerprint = F92C 4BD9 1084 BB5D E14E  20BE 9470 DD58 8DD1 026C

And the new key is:

pub   4096R/0xBD1A0E09C2F836C0 2014-02-18 [expires: 2015-02-18]
      Key fingerprint = 8CB0 D0AC B5CD 81EC 209C  6CDF BD1A 0E09 C2F8 36C0

To fetch the full key from a public key server, you can simply do:

  gpg2 --keyserver keys.riseup.net --recv-key 0xBD1A0E09C2F836C0

If you already know my old key, you can now verify that the new key is
signed by the old one:

  gpg2 --check-sigs 0xBD1A0E09C2F836C0

If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:

  gpg2 --fingerprint 0xBD1A0E09C2F836C0

If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key. You can
do that by issuing the following command:

** 
NOTE: if you have previously signed my key but did a local-only
signature (lsign), you will not want to issue the following, instead
you will want to use --lsign-key, and not send the signatures to the
keyserver
**

  gpg2 --sign-key 0xBD1A0E09C2F836C0

Additionally, I highly recommend that you implement a mechanism to keep your key
material up-to-date so that you obtain the latest revocations, and other updates
in a timely manner. You can do regular key updates by using a cron job such as:

  0 1 * * * /usr/bin/gpg2 --refresh-keys > /dev/null 2>&1

I also highly recommend checking out the excellent Riseup GPG best
practices doc, from which I stole most of the text for this transition
message ;-)

https://we.riseup.net/riseuplabs+paow/openpgp-best-practices

Please let me know if you have any questions, or problems, and sorry
for the inconvenience.

Alan Orth

0. http://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/
1. https://github.com/flamsmark/documentation/blob/master/gpg/smartcard-keygen.md