Old Keys Never Die

Encryption is in the news a lot these days for some reason.  I’ve been doing encryption using the PGP family of encryption systems for quite a while now, but hadn’t been paying close attention until a recent reminder landed in my inbox from the Debian project.  They warn about “1024D” GnuPG keys being weak, which is a fancy way of saying “the way all the cool kids created keys back in the late ’90s”.  Including yours truly.  Oops!

So, it’s time to replace my key.  I’ve uploaded the new one to the key servers and created a transition statement per the guidelines in this fine document, with some changes inspired by others doing the same.  The details are in the transition statement, so I won’t bore you with long strings of hexadecimal numbers here.

The next step is to get signatures for the new key.  I’ll be at the Linux Foundation Collaboration Summit next week, and would greatly appreciate meeting with people in person to do key signings.  If there are any key signing parties happening, please invite!

Sorry for everyone who’s wondering what I’m talking about.  We all have secrets to keep, and conversations we wouldn’t want spread around; encryption gives you a little more control over that.  Plus, encryption lets you “authenticate” people, which is a fancy way of saying “is that you, George?” when you get messages from people, and letting them say “is that you, Jeff?” when you send messages back.  If you want to learn more about taking control of your communication, post a comment, email me, or search for “PGP”, “GnuPG”, or “encryption” in your favorite search engine.