Christophe Weblog Wiki Code Publications Music

I've been putting this off for long enough. My current PGP key was generated in a different age, with somewhat different threat models and substantially different computational power (let alone social and political power) available to those who might be interested in subverting the general ability of individuals to identify themselves and communicate in private. It's true that not much of what I do is likely to be of vast interest to security agents worldwide, but as SBCL release manager (on holiday for a month!) I do publish documents that purport to assure that the source code and binary that users can obtain are unmodified from my personal copies.

Therefore, I've created a new key, with 2013-era configuration settings: 2048-bit RSA encryption and signing, and SHA-1 hashes undesired (though still accepted, given the protocol requirement). I've created a transition document, signed with both keys, to help interested parties with the transition; while my older key will remain valid for a while (I have a stack of business cards with its fingerprint on to get through...) the new key should be preferred in all situations where that makes sense.

Observations:

  1. This is all quite fiddly and complicated. There's a reason (well, several reasons: all those business cards!) I have been putting this off for a while. I understand why at least some of the knobs and levers are there; I've taught Computer Security at undergraduate level – but I'm still not confident that I have got everything right, and that's worrying both personally and systemically.
  2. epa-sign-region appears to malfunction for me when given a prefix argument: what it's meant to do is give a UI for selecting keys to use for signing, and the option of which kind of signature to generate. What it actually seems to do is generate an undecryptable PGP Message block. [edit: this was caused by epa/epg version skew, from an old installation of the Debian easypg package. ]
  3. I stumbled over the --escape-from-lines GnuPG configuration option while reading the documentation. It's on by default.
  4. GnuPG is crowdfunding a new website and some infrastructure.