logo

blog

My website can't be that messy, right? git clone https://anongit.hacktivis.me/git/blog.git/

I changed my OpenPGP keys.html (4034B)


  1. <a class="u-url" href="/articles/I%20changed%20my%20OpenPGP%20keys"><h1 class="p-name">I changed my OpenPGP keys</h1></a>
  2. The keyset(not OpenPGP vocabulary I know) I had before was becoming quite a mess, I had lost my subkeys quite often or sometimes they were not reachable (available on desktop but being on the laptop for few weeks and the desktop is ~200 km away).
  3. This keyset should be quite state of the art for late-2017.
  4. <ul>
  5. <li>Generated on my air-gapped A20-OLinuXino-LIME2 (Running on Gentoo Hardened but with a non-GrSecurity kernel as it doesn’t support arm else than arm64)
  6. <li>I have quite the hardened GnuPG setup (thanks to quite a lot of people) see <a href="/git/dotfiles">my dotfiles</a> (even if they are quite outdated)
  7. <li>Stored on encrypted storage from 2017-12-11 (it’s creation) to 2018-01-11 where it’s now stored on my Nitrokey start
  8. </ul>
  9. Terminal output with some modifications so I’m sure I don’t leak stuff.
  10. <pre>
  11. $ gpg -K
  12. /mnt/gentoo/home/haelwenn/.gnupg/pubring.gpg
  13. --------------------------------------------
  14. sec rsa2048/0xC87384794BBEBBAD 2014-03-15 [SC] [expires: 2018-06-09]
  15. Key fingerprint = 8E4B AA5E E6FB D5A8 D04F 3BE5 C873 8479 4BBE BBAD
  16. uid [ultimate] Haelwenn Monnier (lanodan, forwarded) <contact@hacktivis.me>
  17. uid [ultimate] Haelwenn Monnier (lanodan) <corneredlanesubmachine@gozmail.bzh>
  18. uid [ultimate] Haelwenn Monnier (lanodan) <haelwenn.monnier@free.fr>
  19. uid [ultimate] lanodan <lanodan.delta@free.fr>
  20. uid [ultimate] Haelwenn Monnier (lanodan) <haelwenn.monnier@gmail.com>
  21. uid [ultimate] Haelwenn [elwenn] (OStatus) <lanodan_tmp@pouet.it>
  22. uid [ultimate] Haelwenn[elwenn] Monnier (Friendica;Ostatus;Diaspora) <lanodan_frndk@snarl.de>
  23. ssb elg4096/0x5FD41C2FFDDC88D7 2016-12-16 [E] [expires: 2018-06-09]
  24. ssb rsa4096/0x01969693A30C8732 2016-12-16 [S] [expires: 2018-06-09]
  25. sec# ed25519/0x90D93ACCFEFF61AE 2017-12-11 [C] [expires: 2018-06-09]
  26. Key fingerprint = DDC9 237C 14CF 6F4D D847 F6B3 90D9 3ACC FEFF 61AE
  27. uid [ full ] Haelwenn Monnier (lanodan; 2nd key) <contact@hacktivis.me>
  28. ssb> ed25519/0xD5B7A8E43C997DEE 2017-12-11 [S] [expires: 2018-06-09]
  29. ssb> cv25519/0x473C9CA78949B492 2017-12-11 [E] [expires: 2018-06-09]
  30. $ gpg --card-status
  31. Version ..........: 2.0
  32. Name of cardholder: Haelwenn Monnier
  33. Language prefs ...: [not set]
  34. Sex ..............: unspecified
  35. URL of public key : https://hacktivis.me/key.asc
  36. Login data .......: [not set]
  37. Signature PIN ....: forced
  38. Key attributes ...: ed25519 cv25519 ed25519
  39. Max. PIN lengths .: 127 127 127
  40. PIN retry counter : 3 3 3
  41. Signature counter : 0
  42. Signature key ....: F85B DC63 FD9B 4AF4 4BF6 B812 D5B7 A8E4 3C99 7DEE
  43. created ....: 2017-12-11 12:36:31
  44. Encryption key....: 2DBA EF5E F602 78FE 28CE F33B 473C 9CA7 8949 B492
  45. created ....: 2017-12-11 12:37:04
  46. Authentication key: F85B DC63 FD9B 4AF4 4BF6 B812 D5B7 A8E4 3C99 7DEE
  47. created ....: 2017-12-11 12:36:31
  48. General key info..: sub ed25519/0xD5B7A8E43C997DEE 2017-12-11 Haelwenn Monnier (lanodan; 2nd key) <contact@hacktivis.me>
  49. sec# ed25519/0x90D93ACCFEFF61AE created: 2017-12-11 expires: 2018-06-09
  50. ssb> ed25519/0xD5B7A8E43C997DEE created: 2017-12-11 expires: 2018-06-09
  51. card-no: FFFE 67082019
  52. ssb> cv25519/0x473C9CA78949B492 created: 2017-12-11 expires: 2018-06-09
  53. card-no: FFFE 67082019
  54. </pre>
  55. Also I have moved my previous public key to <a href="/oldkey.asc">https://hacktivis.me/oldkey.asc</a> so the current one stays at <a href="/key.asc">https://hacktivis.me/key.asc</a>.
  56. To verify this is I have detached-signed <a href="/articles/I%20changed%20my%20OpenPGP%20keys.html">this file</a> with <a href="/articles/I%20changed%20my%20OpenPGP%20keys.html.0xC87384794BBEBBAD.sig">my old key</a> and <a href="/articles/I%20changed%20my%20OpenPGP%20keys.html.0x90D93ACCFEFF61AE.sig">my current key</a>.