My current OpenPGP key was generated by GnuPG; it has the id 0xC785B90B5053A3A2 and its fingerprint is:
125B 5A0F DB78 8FDD 0EF4 1A9D C785 B90B 5053 A3A2
The previous, deprecated key has id 0x7640947667756F5D and fingerprint:
1645 B6EE 8311 1A03 03F2 B896 7640 9476 6775 6F5D
You can download both keys from wwwkeys.pgp.net. You can usually search by name or by id (in which case you'll probably have to include the 0x prefix). Be sure to check the fingerprint of the key you have downloaded in any case.
If the wwwkeys.pgp.net server you contacted is having problems, you can still download my current key from here (old one here), but this may be less up-to-date than what you should find on wwwkeys.pgp.net.
Here follows my “official” transition statement from key 0x7640947667756F5D to 0xC785B90B5053A3A2, signed by both of these keys:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA512
Friday, April 29th, 2016
Hello,
Because of weaknesses discovered about the SHA-1 hash function, I have
created a new OpenPGP key in March 2010, and been transitioning away
from the old one.
The old key is now deprecated; I prefer all correspondence to come to
the new one. I would also like this new key to be reintegrated into the
web of trust. This message is signed by both keys to certify the
transition.
The old key was:
pub dsa1024/0x7640947667756F5D 2000-01-14
Key fingerprint = 1645 B6EE 8311 1A03 03F2 B896 7640 9476 6775 6F5D
and the new key is:
pub rsa4096/0xC785B90B5053A3A2 2010-03-17
Key fingerprint = 125B 5A0F DB78 8FDD 0EF4 1A9D C785 B90B 5053 A3A2
You can fetch the new key from a public key server:
gpg --keyserver pgp.mit.edu --recv-keys C785B90B5053A3A2
or, alternatively, from my web page:
wget -q -O- http://frougon.net/OpenPGP-key.asc | gpg --import -
You should verify that the key you imported with this command
(C785B90B5053A3A2) has the same fingerprint as stated above in this
document:
gpg --fingerprint C785B90B5053A3A2
If you have my old key in your keyring, you can now verify that the new
key is signed by the old one:
gpg --check-sigs C785B90B5053A3A2
If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you could sign my new key:
gpg --sign-key C785B90B5053A3A2
and upload the resulting signatures to some place where I can find them.
You can send them to me by e-mail like this (if you have a functional
MTA on your system):
gpg --armor --export C785B90B5053A3A2 | mail -s 'OpenPGP Signatures' f.rougon@free.fr
or, alternatively, upload them to a public key server:
gpg --keyserver pgp.mit.edu --send-keys C785B90B5053A3A2
Thanks in advance. Please let me know if you encounter any trouble with
these instructions, and sorry for the inconvenience.
Regards,
Florent Rougon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlcjzXkACgkQdkCUdmd1b10A5wCgwTdggL7ha20YlfHq7PUhHiRf
JiUAn0ynTtT5g2VFwe8PwsqRBDVuITeCiQIcBAEBCgAGBQJXI82FAAoJEMeFuQtQ
U6OiYaUQAJkSC3fPNNE0PszxZw+2dhac6aJc+4UJYme61bsTpyyfIv4ezN5HUjNX
j/yoM+LbEOjPzJ4yAVr94bi3B8VlLpheVcrOTRw09yiwExCx0na//IZRDcL/osC7
aeusl7DP8sJTIY1wcW09L+qwzOPECDg93t1iVKY8px0PLpUeVDjFIIDQ1x6a+sGZ
YdGZmKITLngRibYCJ8q105yhb+xQO0UssrAwx98kQLs6/u2rQhi1X1DS3Ob0YH74
GrhXHRCL3GJr6pJa0hW5Yw0maFVoTfPXCAbRdXycEKz1Brd1Vq/6PZjwvQ2XlBIy
Ov0X+s64X2E9RbMLU6P8QLzH0SI1pt1JUF1AWcF6xet4jwwFkv78CTkQqSbc3HfZ
LrgS+h9AbfKzutUA++zgPd5Vyhb24YvWxcJQ4gGtelx3Qk5V+BNW7+ntQ3SRpkYf
cIEqu4wxsXMLF+01/HJAdlRifeYWRjw1Yh2SrFK7sivgEM78wGcASAfaSlSBJzrn
s31ifOW9d50mxLWcCsqjDWtIkJXX9BDRLU+n/cwDuKJO0HieF9EuufhQZAmErKqE
4Kd/cINn/DxsHdNf9J6jq6BHVKBbXPNbEIo/P4a3DnweDA1TwEmFz/ykvL9AWb/x
xch9eCvggKD/oCKQvIEq4Ps0Vx/R8cHXPUbvqaaeioZioLsdA6/9
=VhpX
-----END PGP SIGNATURE-----
