Mailing List Archive

New signing key

The key used to sign GnuPG releases expired at the end of last year. I
prolonged the lifetime of that key for another 6 months to avoid the
frequently asked question if signatures made in the past by an expired
key are now invalid (in short: they are not).

I will sign future distributions with this new 2048-bit RSA key which
has also been generated on a smartcard:

pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
uid Werner Koch (dist sig)
sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]

Please get a copy of the key, either from the attachment, a keyserver or
using one of these commands:

gpg --fetch-key finger:wk 'at' g10code 'dot' com

gpg --fetch-key

[.Please replace 'at' and 'dot' as usual and use gpg2 if you like]

The key has been signed by my main key 1E42B367. The authentication
subkey listed above is currently not used. Note also that my old
standard key 5B0358A2 expires in 6 months and won't be prolonged.
1E42B367 is now well connected in the Web of Trust.



Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.