John Lenz avatar John Lenz committed 7214b48

Add post on new gpg key

Comments (0)

Files changed (2)

posts/2012-09-17-new-gpg-key.markdown

+---
+title: A new GPG key
+author: John Lenz
+tags: gpg
+date: September 17, 2012
+---
+
+I recently generated a new [gnupg](http://www.gnupg.org/) key for several reasons.  The
+key [18E36459](/john-pub-18E36459.asc) has fingerprint
+
+    A2A6 3C06 35F7 0E95 3470  25F5 29C5 C3D9 18E3 6459
+
+My original gpg key was generated in 2006 and is a 1024 bit
+[DSA](http://en.wikipedia.org/wiki/Digital_Signature_Algorithm) key.  The main reason for updating
+is that my old key preferred SHA1 as the digest, and SHA1 is now broken enough to not be recommended
+anymore: see this
+[NIST](http://csrc.nist.gov/groups/ST/toolkit/documents/shs/hash_standards_comments.pdf) statement
+from 2004 plus [wikipedia](http://en.wikipedia.org/wiki/SHA1#SHA-1) for recent breakages.  There is
+some debate if the recent progress towards achieving a collision are practical or not, and the
+breakage would not allow attackers to create arbitrary signatures.  But with hash functions such as
+[SHA256](http://en.wikipedia.org/wiki/SHA-2) standardized and sitting right there without these
+uncertianties, organizations like NIST and NSA recommend against SHA-1.  You can check the list of
+preferred hash functions using showprefs.  The following is from my old key, you can see SHA1 as the
+preferred digest.
+
+    # gpg --edit-key <keyid>
+    gpg> showprefs
+    ...
+    Cipher: AES256, AES192, AES, CAST5, 3DES
+    Digest: SHA1, SHA256, RIPEMD160
+    Compression: ZLIB, BZIP2, ZIP, Uncompressed
+    Features: MDC, Keyserver no-modify
+    ...
+
+So I decided it was time to generate a new GPG key using SHA256 as the preferred digest.  While I
+was generating a new key, I increased the key length to 2048 bits and generated an
+[RSA](http://en.wikipedia.org/wiki/RSA_%28algorithm%29) key instead.  RSA is the default for gpg
+now, I am not sure why but I decided to stick with the default.
+
+If you upgrade your own key, make sure to put the following entries into ~/.gnupg/gpg.conf
+
+    personal-digest-preferences SHA256
+    cert-digest-algo SHA256
+    default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+

static/john-pub-18E36459.asc

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+mQENBFBSKioBCAC4Ee0D1aYGkkzMSKJpucYpZ4/OygNA/LOtg5IOBW0lxskYUBAY
+8spLPESGldMF7uBEyyoxPQEwHyU41w4C8X//wAZ0fSk/IXz1y/WDVgqQhQ+hOKyZ
+DRjb8sPG56uCox+7ekz7STuq/EVgfnKLPBn2Ohw0ZWc7qL/ISvYWTbaSnLNDejby
+Ntep1EKYdN0Fxm7qIismD1Xe1Bqrfc41StqTU8n92D+nPKt1nvtw0bg3w5gnO+Tg
+C7vpqM2f8QWPwI0lSjSoHAH2KO0YIETtBldzUSxlP1TpRF6Tx8xnQaPbQVVTOiIe
+p5AadNwOMY8BdSpWgnmgbCbjsjhG0vEALLr7ABEBAAG0HUpvaG4gTGVueiA8bGVu
+ekBtYXRoLnVpYy5lZHU+iQE6BBMBCAAkAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4B
+AheABQJQUir9AhkBAAoJECnFw9kY42RZ7ZMH/3PQ+4tIu5qGW64MijunyQfZ/v/T
+TYk2DUSp2kFNzfqsa6ucFoxwbfIY2VABmJv/Wgl/obKy+ay6ic2kh+Vy8ZIvdy9b
+JlQ5n2Kl/GNnTDlmzXfCiA4BidT2uSanoZpeQ7psMQIolAZs0YA3t6a5uhJ2c36d
+uQNSsTt+cn4BYfHyBeGX9N478/zD/j7tQCLWn8UgrBBPq/lbEy8IVN0YA8ymZnQy
+lJKRmdLObTCtLF0HH722ps1Qbib+mQN2Cadkz0MmcmgF9jcjTJtVqNVhj2s3G4sS
+8Ja9/pD9H1XPH5G5OjuTptt5H4bx8fGPyf7T1ASMluaoE9uM18xZTJEaGHCIRgQQ
+EQgABgUCUFIrxwAKCRAVvbDjVG2iujdAAJ9xud3MKieU3GHaj100A9EfUpdmmgCf
+TDHO+UdnaBX2SIXzIa6DscCW2/CIRgQQEQgABgUCUFIr9gAKCRAnDeIv/QY7iXH9
+AJ4lHRQyiQgb6vTjlFkl3Z9AV99gEgCfXewPvTqQ1rfXS4HouxiJt6ai3he0HUpv
+aG4gTGVueiA8d3V6emViQHd1enplYi5vcmc+iQE3BBMBCAAhBQJQUioqAhsDBQsJ
+CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJECnFw9kY42RZ/8MH/Rlreo7yER+Y5LCj
+bmJGZZCluJSxWhE28DGPywg8AM75BJGBD/hX7yoUl6mQX+0Uz9td9duWpBZlpLIL
+LcVLq0yODPiOzDGMWM/Mz8zACbLOVZU+xishktPnA9dTBcnkgLYlC6sIWPmEoekQ
+XnZ5AlDjD7k3b6+eRQPfPDEXRSmQo4QonVE2zkWt8CMxLVLVZdoiTFS/VgyUTR/s
+YxU9LyJCb0U2NgdjQUUr6A2dDhBtMLQB+5a3aVaMRTLySJ02hrr837Vw2mmVOsui
+h/R72XAvbKxlLrpwT5cWH9WC5w2opZLB7AOtJt81SUxo7bfroEma1UVBTbdeggB4
+mCeNUQmIRgQQEQgABgUCUFIrxwAKCRAVvbDjVG2iunaUAJ9hWQxU7UtZHpbVOYfw
+Wuil/PYcfgCdHhZB7dLZ0p7k0Q4sibvQLN2X/gqIRgQQEQgABgUCUFIr9gAKCRAn
+DeIv/QY7icbUAJ4mcn7VH/P1tMVQmXCJULJE/KhZvgCfUP8kSK67qflBV/nVwDMW
+L5Qzo8PRzrTOsgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQEASABIAAD/
+2wBDAAwICQoJBwwKCQoNDAwOER0TERAQESMZGxUdKiUsKyklKCguNEI4LjE/Migo
+Ok46P0RHSktKLTdRV1FIVkJJSkf/2wBDAQwNDREPESITEyJHMCgwR0dHR0dHR0dH
+R0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0f/wAARCADU
+AJYDASIAAhEBAxEB/8QAGwAAAQUBAQAAAAAAAAAAAAAABQACAwQGAQf/xAAwEAAB
+BAEDAgYCAQQCAwAAAAABAAIDEQQFEiExQQYTIjJRYRRxgUJSkaEzwRYjsf/EABkB
+AAMBAQEAAAAAAAAAAAAAAAECAwQABf/EACMRAAICAgMAAgIDAAAAAAAAAAABAhEh
+MQMSQRMiI3EyM1H/2gAMAwEAAhEDEQA/ACAXQuBOCylxwTmpo6p4RAOanhNb0TwE
+wBwTgmhOL2tFuIA+0QEg4Tgh8mr4UJIdO2x1rlVJfFOnRmtzj+gmAHQuhZz/AMuw
+w8AMdXzwrsHiLAlHMm39o2dQYXVVgz8Wc/8Aqma79FWmmxaIBwC6EguhEAl1JdRO
+FSS6kuAZtOC4AuhZC48JwCaE4JgEjU6wBZNBQTZEWOzdK8N/ZWT1rX5nmSONwbH2
+rqmRwc1fW2Yg2Y7mvk7/AEs1napkZAubIIB7AoS3IjfwZCXd1DNuN7TY/SJ1E8uY
+K9Lia7kqu/I38biFX8tx/pK4YnX0KZJI7JKZnjn3BWcbJG7hxa74J4VABzXdCniy
+6+qLQMhuLLe0gscY3hafRfEsjA2PM9TegeFjYG+Y0Nd3HpKswukg9LhwOoKS6wN1
+s9Vx8iLIjD4nh4I7FThecafqcuJK2XHeQw1uat5pmczOxw9tB3cJ1KybVF0BIBIL
+oTiiSXUlwDNUnBNCcFjLjgq2o6jFgY7pJDzXA+VPLI2KJz3mmtFlYPWM2TNyXkng
+ngfATxRzGZmoTahOZZXmuzR0CoZD9w2u78Kw1gDfoCyq4h894Auw7lUTRzWDun4D
+pnkkcBGI9NYBVKzhYvlRCh0CuMFdlCc2y0Y0UG6c34pOdpbCOlom0BSNZZSKTH6o
+Ay6QH2Wt6Km7SZI3ggHrytYI9rrA47qb8djxdJvkaB8aZi2RGCZ0bwdrDwr0jBPE
+Cyt3/wBRqfTY5Gk7fV3+0Mkw5Mf1MHANj6XdrFcaKMB2uIHz0R7Sc+XBla9hth4c
+Cs9lP2O3sFc3Su4mU2RgcCPsKmdkmem4eQzKx2ysPB7fCnWV8K52yR2NIeHe1ars
+rxdoi1TOpJJJgGZTh0TQurGXBviGfytOLQeXmljImmSUu+TS0fiGQy5jYb4DUHxm
++U5xPIB4TJnJEWRthxpG/wBZb0XdJh3u3nuqebI6TMLW87uAFp9MwPx8Ru/3EIyd
+RGjlk7WUyl2qTkq7qH6LCZyeinZYUTCAVYZR4QHSHxqdgChAKlYbISOxqLLIg67C
+Y7Tw7tYPUKaIVSstNJezQaMfrmiOja98bfT1WXje/EyCDe0lesSMbKwteAQQsF4p
+0r8KYPaPQ/oVo4uS8Mz8sPUXNEyGvlikDuWuC9Fby0UvIdEmLJAL4Jor1TSZ/wAj
+T4n3ZAo/taoYdGWZdSSpJUJmYC6TQtc7LklmM/pY7NJk9Um35c0t8NNBDciUBgAP
+uan6pIY5yw9C42oWxOcS4jd2YPtUSAWvD+nnIzvOl5EZ5/a0+VIyGK3EABRYGM3B
+wGs6vq3H5KHZgky5CHGm9OFKT7Mql1Qn6nACRuSbqUJ43j/KoyabGLt5VaTTmD2S
+H+UyjE5thyPKY/2uBVyCUHoVlYoJYn+l9/yiuHLI0DdZQcUNGTDwfasQOHUlD8Zx
+e37TJpZGcC1NqynajQMe0Vypw5rhwVicnMzGu9DiAOyWPqWpuNFrkPiB8ht75Qnx
+RjjJ0WUkepnqBQ6POzwAXbuPkIl+W3P0yeJwqQxkV88IdHF2c5KSowGKXRTg9ORa
+9N8KyF+K8f0g8f4XmbSS1shHUi1vPBuVUnkuPvjsfsLatmOWjXJJJKhIzATJpWxR
+lziP5KegPiSU744weO4WM1Qj2dAnVsfz5/NjAcN10CpdKx/Nz4wRxH6j+0+L0QBx
+6lENEjAEsvyaCZukUcVeCxlSho2lCsnJLGkRNtyI5bSTSo+VtJttqaOYLazJyi8y
+SGINFj7QkyziUsMjlpp2ve2toQ9+ESbDBatGSXgkot+lHfLDKAXk3yj2BcrAa5IV
+GLTJJZLeAB/taLExGQYx29UvJJPQ8IsvaXAN3KbrgjxWbwOqn0v3WpdZwfzMVzAa
+PZZlL7ZNDj9cGKm1Q2SI7aO6mwNbje8N8t19OAosjTXwh0TmuDbU+kacyCdsvuo3
+RWr6VkyvteDQ4WZDO0WAAeOVOzEZ5++MUO6qM04PkMjX0TyQOAi+JGR7lCUkngqk
+3swTsRzZpoSKDJSB/la7wjhiSX8rkNiFN+0P1XBkk1KVkDCSXXx9hanw7iOxNMa2
+QU9xtw+Fqg7MnImgqkkkrkTLIF4ijLpInAdeEcQ7XGXjMf8A2PBWP018TqQJzJWQ
+DYGg7RX8olprtuE2xRPJQLULdlEj2k2EWw5Lga2+UHotLDLUvqNpm0V0Tu3JUUkg
+ugUoEOLWnsFVmoONAKUyHaq0rqBXJUMyWB7d4BPUohJbWCjwheJBvi/Ie7vTQiTn
+tbiAOdz2XMKL2nGuiKg7mcoPpr2kjceEWeA9lMNc8KEkWRVysaOT3NB+1WGHGDbR
+SWTO+GYxv/j7CdDOHJlaFaTLUEIAVgeh30u4rWlhNps5LTwlZ2itMyQZkksRq4xZ
+RLRZHvxCHku2uqyhschfJO2+RHwieiNLdNYT1PK1cO0Z+b+thAJJJLYeeZUKvnxe
+divYVOk5oc0g9+FjNKdOzNkMiBjA3cdSu4zw0BXcnSnW97ZQB1qkNYeoHULispJv
+BdkyBQA7qqZRuPKryzeqr5UZkoLkjrLokHdQzP3CkNnzi00080om5r3usplF0HsE
+nOf5OwOIHainQ5EoAZI/d8EofJku2gDqovMfuskruth7UanFmkYwlvNfa4MnVJsp
+oY4NYD7Wj/tAMfPlfKIx7Qj2DmlgbfZTmqHjOy1qZmtj5PcG0VHi5HIUuflsmgJF
+dOEDZl7ZtpNAHqhFWjpTpmwx8nazkqSWbeN18DqgGJmh7QLVwzl0ZB6JetHd7Raw
+HbtVmrlpYtFporCjH0s5ogD5MktPq4Av4Woxm7MdjfpX4l9iXM/xL9kqSSS1GEyY
+XbXOy6FkNBx4uNw+lmANr5b9wK1CzWpA42ZIL4cLC5BTBkjyHk/CUj9zSAeaUcpt
+3B4PVNDtor+E4bBzg4PO75ViJzGVvIaFDlOHmgAq3BC2WOnjqnbwCOyVgjlHoId+
+lNFCL5Yb78Ko3EyMZzvIPuFcopgSSxvd57Q4UNpAU3XhXK2iOLFjEm8Aj6V1myqs
+KWGW3khgF/3FQDF1DKyHlkbGxgbQf+0jp7GVvSJpCwREFw4FoPmPjFlpNo1jaC2J
+hfkSOe6u54Wf1mAwZB29F0Em6sXkTiizpEznPNngI6ZQWD7Wc0qTaLA+Ajcb7ofB
+RmsiJ4D/AIahlkmlIoN4slato2tA+AhHhmLy9MbJXMri5FwtEIpKyE5uWPEOSXEk
+5MyYXU1d6rIXHhA/E2O4sZO3o3go4xR5kLZ8V8bxYITRAzASu2v3DooHzOo0VYnY
+6OV8R6tPCHSWCQVVKwt0MJJdZRHBlaKBKGOJtSwOLHAhGStCwlTNGHDbZ5ThIGnl
+VMWbeyu6e9jy40CeOiz62alJrRdjyW1donh5QqgOSgGNjzF/sPB+VoNPx3ii8AJJ
+UPGUmWp5gILceqx+vziaUbe3VHtYkO0saaAWWy7dILT8SzZPlleB+AS0ir6IzhF2
+RkxxN6yOAQfHbsYAL+1rfBmAZc/8l7bZF0PYlWq2Z26Rt8WJsGNHE0UGtAUwTQu9
+lUiOSSCSJxkQuptroKyFyRpVbJ1DHicIXPHmO4AHyo8zL8hu1vuP+lmoJTk+IImk
+2G27/S5MW8pD9fxwHieMc/1IBKN49PXutlnRCSNzXd1lMtjoJXNHQlNxyxQ80UHC
+jypIiB9lKQAiwbJTWVdFWJ6YRxZgwjlFIsi/gLPskoq7DKKHKjOJaMg9DO1gv6Vq
+PLphJJ/ys8cqhV8KVmXxVpHCx+5by597ySeL5QfJ/wCXrwO6mmlDnHnqFCDZ59qp
+GNEpOyfFhc+djIxue4gABep6NgswMCOFoo1bv2s14M0kMZ+dOwW4VGD2+1sW9FaK
+IyY8JwTAnAphRySSS4BkFXy8puPH8uPQKlJrEe0GJhN9zwhsmW7IlDnGyenwFkor
+KdaHzzukc5zjyUIwpzFrTJD0PCvzn0UEHnuOcOHHKMEJF1I2Erg7+QhGo4rZQHdC
+reFkCbHb/cAlKCRRSK0zW8mUljdG4tIUdd0dy8QPs1whsmE5vts19K8Zp7IuH+FP
+lPY54J6qdsDrqiuuicGnhM2tAUWQmV18pzXP7ld8vjnqpYoHvO0NXNo6mOiutzkU
+0zCM7jLIC2FnqN907TdEfI9r5R6QtFNgiPSshrOCY3AV+lKU14UjBvZQwdclw3sE
+PqY7+g9FttOzGZuM2VnBPUfC8r0slzQ4nnotn4fzPxpQx59D+P0UYy6yoyPBrQU4
+KNptOC0hH2kuApLjjyGWV8l80OjQBVBca7Y8DmhwLTGOuTqKaF2Q7uQVlYCeR27p
+0pDcxt2VcY4k0oMtnG5csM70k0zILAOUWMgkbY6oBjel/HRFYXfBXSRrjK0TEElc
+8q+aUjeVI1qUYriBt3STsONwrarscJPZWo4B36rrCkC4dLj/ALQiONp8bf6QrLYg
+OysRtpJJ2MokkMDWAWeAnZrh+I5o4FFSNBr4VTVZhFgSOPZpUtsfwxenCpntHQPK
+0WK6pQBws9pQuR7zwC5HInU/cFbk2eZybNtg5LJoGeobgOQrYKxfnPa0uieY3Vw7
+4U+m+JJg8w5dbm8G+60w5FWQJmvtJC4ddwn2HybCP7gkqWg2eUxyOJKsM/4WnuUk
+lmZwx0jmjg1arl73uIc4mkkkyASRinCvlEIEkkWX49F+EWrbGNtJJS8NCLDQB0Uz
+QkklGQ8KxEAkkkloYkcSgXiWV7cTaDwUkl0f5HS0AtN4bx8IvH8pJJ57PMlse5xD
+QVSzR6mSdHHukkihEWMR5mbUnqocFJJJE4//2YkBNwQTAQgAIQUCUFIrlwIbAwUL
+CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRApxcPZGONkWXQ6CACctAhKdmXoidG8
+NlLw82YJlUnazK62KfKmzQ9w5NVCFrgEgg/JKDoxWixPnvrSYwGecsYNSje7szul
+UrejG1A5R7TBi9L2/iDWcFDzoIeVn0S8Z/FGBAtWeWgUAtpzfgwvTb/akOLjB1TU
+93UdGOlWqmzqxdrNRx+vX5rZmeoUwdy2fA+BwKckbAFjXXfYj8NXWL8IGyGoPbMC
+hYHS3fUQ/7pS7tXVbftBOogyVXfAcCZCKO2vdBMmmrgSA4VpthatK1cGONwjHrhU
+YlIRN/NHVN1+QxgRB6HiuZ2wIfn0v5qnZbp8WKCqHNK5k3aopNWx3IDX480jXjvM
+CSc19f4DiEYEEBEIAAYFAlBSK8cACgkQFb2w41RtorqUnQCeMylSISfxejmxs1ES
+Tn1FwL18xSYAn1HCnrkwTEAj+kmMxGW2IHu8DWzjiEYEEBEIAAYFAlBSK/YACgkQ
+Jw3iL/0GO4mWAACghYVbQblpPD9T0p7BymVHIuUhpgwAn2/q/rLrYe8RoB6a2rnR
+OYBmz8PYuQENBFBSKioBCADAqE+AVxg8pOCs3t+VJHqcDOcVX0YQ3Fa3FpUjYI8O
+UigPJ7faWY1pgwAe2J6M4zNJj+lqHRsa77sXmF6ofipicrC3CpfaNFVntr4u/7Vf
+aiYXPpdH6Hr5PpfAXpiiU+M109B0huzubaaNNJvExQ1V6ELkFvnviNox9NPxL/1m
+e21qVYBy2XOuJCkM5HM9j3DUoKPzhA5bH337Z4ArhK7meaHoBc4M5LFsgpiiJXFi
+gkjBAagbljroEOMzvPzAG4buRHW9C7OEw4MtFx4X2wORcwuWGKPJF9D2D559DDh0
+4c/LOAwfSkuLAGFwi3E7Fg2zrtTKUEVIOw+ODxHDBWJzABEBAAGJAR8EGAEIAAkF
+AlBSKioCGwwACgkQKcXD2RjjZFnyfgf7B5M9fV4X/ro6mBA4nYjVpfLuQaDVTc5l
+VlwdRT+PuyswLDmfD6SxnF9IJVldmIrsyxuGe+dxXZp3FeUCAG4Dd7ie33i2PDwZ
+to5CWZys9/KqtVE1IrhvPa6FUgpik4NSW7JVnd8POLwSkK5LIgKaPKMPL6sFijVe
+N5XhNe56s7b+wNtPJS32E65ZUP6mywxFmqrOq4RZm+dLL/Dn7R8nkvhpKju/YeVB
+/zlajT4FODUjhxbOLVgm3fBmpF3uia0XgmoBvi8KbitRtkKh82JPBs8UbyVEdr7q
+Kgy+FxDER0icG/UMuHhlHhH0IZ33QQahJx1Pr1J9g3m44afcJYsJNw==
+=uIlq
+-----END PGP PUBLIC KEY BLOCK-----
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.