-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear all, I am transitioning GPG keys from my old ones to new 4096-bit RSA keys. There is currently no reason whatsoever to suppose the old keys have been in any way compromised. I am performing this transition for two reasons that I will outline below: 1) New keys - contrary to old ones - have been generated in compliance with updated and perfected security practice on my part, on an air-gapped and ephemerally-set-up machine; 2) New private keys now live on an off-line hardware secure element and are unlocked only after two-factor authentication (owning secure element and knowing a PIN). Cryptographic operations are performed on the secure element and are never exposed to the host machine or the Internet. The old keys will continue to be valid for some time on, but I prefer all new correspondance to be encrypted with the new key. Also, I will be making all signatures from now on with the new key. As a result of that, the GPG verification of my git commits, included those to my website will reflect this change. This transition document is signed with both the old and the new keys, to validate the transition. If you have signed my old key, I would appreciate signatures on my new key as well, provided that your signing policy permits that without reauthenticating me. The old key, which I am transitioning away from, is: pub rsa4096/0x664203CFA8362289 2016-08-02 [SC] Key fingerprint = 53F7 C0FF EDA9 ADCA C471 8CEA 6642 03CF A836 2289 The new key, to which I am transitioning, is: pub rsa4096/0x0BD340E9466154CD 2018-05-16 [SC] Key fingerprint = 73C8 A680 ACC8 C617 C1F9 4B8B 0BD3 40E9 4661 54CD To fetch the full new key from a public key server using GnuPG, run: gpg --keyserver pool.sks-keyservers.net --recv-key 0x0BD340E9466154CD If you have already validated my old key, you can then validate that the new key is signed by my old key with: gpg --check-sigs 0x0BD340E9466154CD Please, contact me via e-mail at if you have any questions about this document and/or this transition. Emanuele Ballarin emanuele@ballarin.cc 16-05-2018 P.S.: This transition statement has been heavily influenced by the one written by Stefano Zacchiroli, which I am very grateful to. P.P.S.: This transition statement has been originally published on 16-05-2018 at the webpage https://ballarin.cc/gpgkeys/transition/statement001.txt -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwl3lO2c/dC/Imszez4MYZN2idRcFAlr8PpYACgkQz4MYZN2i dRctfA/5AdUJ0H45VieGtpDPUGO1v0tVx+4/lPtLVi0IbvU3XgjtDSq1vKpGnZtw wR2bBNsEiTW3fWkkBiP+zoRWdowI7exjxhCJknt38tZoRKmTtkDJZJFVAMccASLN G3QTdRONPPK6UaNrUj3Dq4GtFdGEfBNzBfl4k4f0rcIc7O65owmcvs525CrTihP1 TlkKiBVZVY3oruDcpv3y6zwolwrdZarvevqZM/CBPK1DA0O1pdC709CoE94NNfKi 3CFSNKDRIDDhcpGjAODiYm5tVUzHmTm8JLfjioULwFQ+uCcwK2BF9rUZw3VvjO7P 0qz+CDhvrB+HF4vL/GnHQjq+RKgLKuiFAJRIkvkDSHTB/0pvHcyhOFYMeA+XabTU 52KRqVkeCcbYVPyRhw/KkUt1u6/Vi7VWeUP3yh+ZZz/VVbm2aNNbuqXoCxNohEQ+ hmhCqLkbeX8BEQCVJrbJobrcCRSZR/cQdbEB15ic+LDoj5OXM2FgE8/8tU9tnKTg EFPDvnclwzChzT2YjJWsm6KU/KFdYS1yiM5hu2jq7ur53rBQrdTbP6ivuzzbh8nO bKk9xDUrpyl2ZmApR+wjcTsicDVzuPRMTUawjLhVsEuQR9cD//omcCir7ucxffC7 hyf4VNe8F8lnBmjAeeTZLihNuZppXeH7pgFL09o7NfkiovyFa1mJAjMEAQEKAB0W IQRzyKaArMjGF8H5S4sL00DpRmFUzQUCWvw+oQAKCRAL00DpRmFUzQxTD/wNTwlT Trh4F+eR9aGDh2xRQtwfkG8n1v6nh6xBRkQTcQCAMuR6bCino1KFHMiZQyiIWgxt 0aeMJ8o3J5+1lHz1xzEZrYTZEcFwQOjNTTYkaH1fFK24qwkgS6tXTbhk5RPwS2Yv bWBPmG4sCx9BIKe2lQM+DoiwqaVVEdbLDqISws72wIgkZzBcmH6AQqAWBZBmp8RK bxOSIoeC26fNr7Vy06jX7QjAnw+PMX0YY0lxYacqiUtVFuUa01lumELmu8/muZnn hp6vK+5DDPbtPQDivTrYsts34e/m3tix/0qqVKRAQW0ItpOvQL7iV5eW49r2GOHI pzoOM5eKKYf7yAYvQIJ2o5rlXoCkpIqO7u4H4BNSYQ6+XRD5K75utzJkIGkS6FuK cDEt9pCMuvc7ffn5kzYIJiFQfx1l/WpmZu1HPxteunHOUweAqcpvsmnWSh9wEq79 4Z3tpQjJzv0ZOnla9YxeidXp+/KRPhxh1kWYfBGtHP/+aXTIb7G/ICebxANY3nx2 Iv9C1VmMSYRqaP1e9fGkV2flhE36FSgNpkttrJAykpfXQRw9XLo+Zf7/vyfv4AoW O8T8mnYdGwUH1OVJ3eOaN7iYRK5ix5/aFpN10O/Q66/d2lGagTCgxeTOYqt4RKkH qqhWs5W5Np/7hXEQuS2kzXQiLTOBXNbomYvGrw== =qFaX -----END PGP SIGNATURE-----