alyssais · January 7, 2018 21:03
diff --git a/statement.txt b/statement.txt
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 Date: 2018-01-07

 For a number of reasons, I have recently set up a new OpenPGP key,
 and will be transitioning away from my old one.

 The old key will continue to be valid for some time, but I prefer all
 future correspondence to come to the new one. I would also like this
 new key to be re-integrated into the web of trust.  This message is
 signed by both keys to certify the transition.

 The old key was:

 pub   rsa4096 2016-12-08 [SC] [expires: 2018-07-06]
      03C07C9CCD55DDA61F734F02ED0AE8D0A913FDC2

 And the new key is:

 pub   rsa4096 2018-01-07 [SC] [expires: 2019-01-07]
      757356D779BBB888773E415E736CCDF9EF51BD97

 To fetch the full key from the key server, you can simply do:

  gpg --recv-key 757356D779BBB888773E415E736CCDF9EF51BD97

 If you already know my old key, you can now verify that the new key is
 signed by the old one:

  gpg --check-sigs 757356D779BBB888773E415E736CCDF9EF51BD97

 If you don't already know my old key, or you just want to be double
 extra paranoid, you can check the fingerprint against the one above:

  gpg --fingerprint 757356D779BBB888773E415E736CCDF9EF51BD97

 If you are satisfied that you've got the right key, and the UIDs match
 what you expect, I'd appreciate it if you would sign my key. You can
 do that by issuing the following command:

 **
 NOTE: if you have previously signed my key but did a local-only
 signature (lsign), you will not want to issue the following, instead
 you will want to use --lsign-key, and not send the signatures to the
 keyserver
 **

  gpg --sign-key 757356D779BBB888773E415E736CCDF9EF51BD97

 I'd like to receive your signatures on my key. You can either send me
 an e-mail with the new signatures (if you have a functional MTA on
 your system):

  gpg --export 757356D779BBB888773E415E736CCDF9EF51BD97 | gpg --encrypt -r 757356D779BBB888773E415E736CCDF9EF51BD97 --armor | mail -s 'OpenPGP Signatures' [email protected]

 Additionally, I highly recommend that you implement a mechanism to keep your key
 material up-to-date so that you obtain the latest revocations, and other updates
 in a timely manner. You can do regular key updates by using parcimonie[0] to
 refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring
 from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits
 for each key. The purpose is to make it harder for an attacker to correlate the
 key updates with your keyring.

 Please let me know if you have any questions, or problems, and sorry
 for the inconvenience.

 Alyssa Ross

 0: https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2

 iQIcBAEBCAAGBQJaUosaAAoJEO0K6NCpE/3ChVAQAJ0XU4cwjHWepLu/C4NYgPNW
 py9oNzlYLC5UOL0Dq5etQINURoL4ajScufRdqtGWP+MRAB+ij5F4Llo9btkY1cxr
 K1SGMyP7c+N7agGvbmBu/DpINvn31f7Ok69hJm0QaQfDB8pTdoFryJdO10EQ079Z
 3Q6XT9bQbRXFB1zUGy4qyrJkA8RbXU4/q5oB9KSGgHfHXZiXKo2lghfOtDYttAbs
 9S9I9VbeoBKU2nMn+OxYFCc+EsGuuZ7mOPErH0xkEBbBJ/KVrvMNcElapWfz4+Kq
 9EuwSzybkIXEY2yXPeqyCWtIWFzTKRnLG9iNU00dVIH3u0lpo2QIPLOtKcPnOiN7
 DD6FsnHcI+GfdOz6jI8ziSWjfPz6/ihQjneIOY9fUeeaGXgzYqpQadJNU6eFuOOb
 QmFsABetfQIsxw5ISfP93mWIrJ/qzmLbYTl6bx6PISx7XMdYynlNyonrY8FaCc02
 vkzcz0pxFA/vbPnFIDNtNjf9SYumo8kvOdx/Nv7lbOyjDFUiT/DXXaMk3ramL8wK
 TXIt0sQAg9qTGbmoEwfdXkCCSem6rSSsAJSZipSWaahvl4HIUrcF9rp1YdRxvhs3
 dWPi77VDk5dQPd2h/cIvN0DDsjUB+Y1keb0ABiTUnGOlqMcx9DESu/DxZCu7N78z
 7cAsbMWB5HB/aQ/UplWqiQIcBAEBCAAGBQJaUosaAAoJEHNszfnvUb2XhVAQAJWw
 /r95UFW9APMthjXoLkeFjVeoJt1AGcxUFTH6+Ho/fPxtirlOGiu7wCsTKyVN1N2V
 bfZql3IzRMhYXsQet2rkICLwKqa05Fa35Jm8mIW2L8IeFwkPefdhZPQWS1TdELxW
 WSb6wYQg/GIfMYJPEFtfS9rpXzCbO1VeEw9UewiKJiIk3yTBhh/z2aQM/I/D9YHS
 KLMLAbxEbGrOfRgRqldy9OjxQoFOY/ZCFZVAWKfSDxjAMOnS07GbMIYsfJs/B1EY
 3Ku3Hx3UsdgSAwsAAwEY05ie2VHpAFyQUXJe0HQxfQ/aaMmhY/kJSKI444BsXD6a
 s4dj55/A0UFxZECj85YNf3xLjbahf8ZR5pxI90f+wzuzWm/WPKWeiNZ4zq/bWxY2
 kM9pz3sCLkKmkR3RCnrHeHb9JUSljln7Wlpxfb7Z2zuNW7hecW0jse4nc3jZIFru
 Qz/miHYNh8dseQLb/MxK1dp7Q1KDzILTRPYBGwsD96c9JOCT/fLSwnKxdujRnj9D
 jdHGHQzIGOIP/UPablc/Rv5AJw8HryFiNtgWKEOZu0SK+29XrMil6EkOcaC2ClT6
 HMcxPe1N4aB1cIpj2hzOCJGgZJjXjonv/DlIDAAVKrT3rs9DvGmen5PauiMR3whl
 6GbdW/7E8G9KRrKiS/gxUSVabgDROGSr0yGaxBUJ
 =tCTV
 -----END PGP SIGNATURE-----
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA256

	Date: 2018-01-07

	For a number of reasons, I have recently set up a new OpenPGP key,
	and will be transitioning away from my old one.

	The old key will continue to be valid for some time, but I prefer all
	future correspondence to come to the new one. I would also like this
	new key to be re-integrated into the web of trust. This message is
	signed by both keys to certify the transition.

	The old key was:

	pub rsa4096 2016-12-08 [SC] [expires: 2018-07-06]
	03C07C9CCD55DDA61F734F02ED0AE8D0A913FDC2

	And the new key is:

	pub rsa4096 2018-01-07 [SC] [expires: 2019-01-07]
	757356D779BBB888773E415E736CCDF9EF51BD97

	To fetch the full key from the key server, you can simply do:

	gpg --recv-key 757356D779BBB888773E415E736CCDF9EF51BD97

	If you already know my old key, you can now verify that the new key is
	signed by the old one:

	gpg --check-sigs 757356D779BBB888773E415E736CCDF9EF51BD97

	If you don't already know my old key, or you just want to be double
	extra paranoid, you can check the fingerprint against the one above:

	gpg --fingerprint 757356D779BBB888773E415E736CCDF9EF51BD97

	If you are satisfied that you've got the right key, and the UIDs match
	what you expect, I'd appreciate it if you would sign my key. You can
	do that by issuing the following command:

	**
	NOTE: if you have previously signed my key but did a local-only
	signature (lsign), you will not want to issue the following, instead
	you will want to use --lsign-key, and not send the signatures to the
	keyserver
	**

	gpg --sign-key 757356D779BBB888773E415E736CCDF9EF51BD97

	I'd like to receive your signatures on my key. You can either send me
	an e-mail with the new signatures (if you have a functional MTA on
	your system):

	gpg --export 757356D779BBB888773E415E736CCDF9EF51BD97 \| gpg --encrypt -r 757356D779BBB888773E415E736CCDF9EF51BD97 --armor \| mail -s 'OpenPGP Signatures' [email protected]

	Additionally, I highly recommend that you implement a mechanism to keep your key
	material up-to-date so that you obtain the latest revocations, and other updates
	in a timely manner. You can do regular key updates by using parcimonie[0] to
	refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring
	from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits
	for each key. The purpose is to make it harder for an attacker to correlate the
	key updates with your keyring.

	Please let me know if you have any questions, or problems, and sorry
	for the inconvenience.

	Alyssa Ross

	0: https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
	-----BEGIN PGP SIGNATURE-----
	Version: GnuPG v2

	iQIcBAEBCAAGBQJaUosaAAoJEO0K6NCpE/3ChVAQAJ0XU4cwjHWepLu/C4NYgPNW
	py9oNzlYLC5UOL0Dq5etQINURoL4ajScufRdqtGWP+MRAB+ij5F4Llo9btkY1cxr
	K1SGMyP7c+N7agGvbmBu/DpINvn31f7Ok69hJm0QaQfDB8pTdoFryJdO10EQ079Z
	3Q6XT9bQbRXFB1zUGy4qyrJkA8RbXU4/q5oB9KSGgHfHXZiXKo2lghfOtDYttAbs
	9S9I9VbeoBKU2nMn+OxYFCc+EsGuuZ7mOPErH0xkEBbBJ/KVrvMNcElapWfz4+Kq
	9EuwSzybkIXEY2yXPeqyCWtIWFzTKRnLG9iNU00dVIH3u0lpo2QIPLOtKcPnOiN7
	DD6FsnHcI+GfdOz6jI8ziSWjfPz6/ihQjneIOY9fUeeaGXgzYqpQadJNU6eFuOOb
	QmFsABetfQIsxw5ISfP93mWIrJ/qzmLbYTl6bx6PISx7XMdYynlNyonrY8FaCc02
	vkzcz0pxFA/vbPnFIDNtNjf9SYumo8kvOdx/Nv7lbOyjDFUiT/DXXaMk3ramL8wK
	TXIt0sQAg9qTGbmoEwfdXkCCSem6rSSsAJSZipSWaahvl4HIUrcF9rp1YdRxvhs3
	dWPi77VDk5dQPd2h/cIvN0DDsjUB+Y1keb0ABiTUnGOlqMcx9DESu/DxZCu7N78z
	7cAsbMWB5HB/aQ/UplWqiQIcBAEBCAAGBQJaUosaAAoJEHNszfnvUb2XhVAQAJWw
	/r95UFW9APMthjXoLkeFjVeoJt1AGcxUFTH6+Ho/fPxtirlOGiu7wCsTKyVN1N2V
	bfZql3IzRMhYXsQet2rkICLwKqa05Fa35Jm8mIW2L8IeFwkPefdhZPQWS1TdELxW
	WSb6wYQg/GIfMYJPEFtfS9rpXzCbO1VeEw9UewiKJiIk3yTBhh/z2aQM/I/D9YHS
	KLMLAbxEbGrOfRgRqldy9OjxQoFOY/ZCFZVAWKfSDxjAMOnS07GbMIYsfJs/B1EY
	3Ku3Hx3UsdgSAwsAAwEY05ie2VHpAFyQUXJe0HQxfQ/aaMmhY/kJSKI444BsXD6a
	s4dj55/A0UFxZECj85YNf3xLjbahf8ZR5pxI90f+wzuzWm/WPKWeiNZ4zq/bWxY2
	kM9pz3sCLkKmkR3RCnrHeHb9JUSljln7Wlpxfb7Z2zuNW7hecW0jse4nc3jZIFru
	Qz/miHYNh8dseQLb/MxK1dp7Q1KDzILTRPYBGwsD96c9JOCT/fLSwnKxdujRnj9D
	jdHGHQzIGOIP/UPablc/Rv5AJw8HryFiNtgWKEOZu0SK+29XrMil6EkOcaC2ClT6
	HMcxPe1N4aB1cIpj2hzOCJGgZJjXjonv/DlIDAAVKrT3rs9DvGmen5PauiMR3whl
	6GbdW/7E8G9KRrKiS/gxUSVabgDROGSr0yGaxBUJ
	=tCTV
	-----END PGP SIGNATURE-----