linux at codehelp.co.uk
Tue Nov 25 19:49:53 CET 2003
On Monday 24 Nov 2003 10:49 pm, Jens Kubieziel wrote:
> I'm planning to migrate to a new generated key (0x38CB4232). Currently i
> have lots of signatures on my recent key (0xEE0977E8). Therefore I'm
> planning to write all signees an signed and encrypted mail requesting for
> a signature to my new key. Because they verified my old key and I through
> signing with my old key I assure that also the new key belongs to me.
> Do you think that behaviour is appropriate or do I have an error in
I've thought about that before and I've put a page on the DCLUG website that
outlines what I hope is a decent method. Now's as good a time as any to ask
if others think it'll work!
Can I transfer signatures to a new key?
If a key that has not been compromised needs to be revoked (or is due to
expire soon), it is possible to transfer signatures onto a new key by sending
encrypted details to each signatory, provided you still have the passphrase.
1. Send an email warning / reminder about the imminent replacement of the key
(signed with the old key because that's the key that people will recognise)
to each signatory.
2. Ask each signatory to send a SIGNED and encrypted reply to the OLD key
containing some quote / random text. It's important that the reply is signed
so that you can trust the quote / random text.
3. Sign each key with your new key as the emails come in and make sure that
all the recipient keys are updated on keyservers.
4. Send an encrypted reply to each signatory, including the appropriate quote
/ random text and the fingerprint of the new key and make sure that the reply
email is signed with your NEW key. Don't revoke signatures made using the old
key - they are still valid as long as the old key has not been compromised.
5. Recipients can update their own keys from keyservers, verify that the new
key signature is on their own key and check the fingerprint of your new key.
Recipients can also revoke their signatures on your old key at this point.
Many recipients would then be willing to sign the new key as there has been
an encrypted transfer of data requiring both of the secret keys involved to
be available to you alone.
6. Once you've sent out all the replies to signatories, you can revoke the old
key (or just let it expire). Don't delete it from your keyring or you'll lose
the ability to read encrypted emails sent to you before the new key was
I'll update the page if there are omissions.
I've used the method once with someone I know very well and it was our
discussions that raised the idea for the page. I'd appreciate comments on how
it'll work for signatories who are not in continued, regular, contact -
people you met at expo's etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20031125/cb6f7632/attachment.bin
More information about the Gnupg-users