Key Update

freedom bits 2019-10-10

I’m a fossil, apparently. My oldest PGP key dates back to 1997, so around the time when GnuPG just got started – and I switched to it early. Over the years I’ve been working a lot with GnuPG, which perhaps isn’t surprising. Werner Koch has been one of the co-founders of the Free Software Foundation Europe (FSFE) and so we share quite a bit of a long and interesting history together. I was always proud of the work he did – and together with Bernhard Reiter and others was doing what I could to try and support GnuPG when most people did not seem to understand how essential it truly was – and even many security experts declared proprietary encryption technology acceptable. Bernhard was also crucial to start the more than 10 year track record of Kolab development supporting GnuPG over the years. And especially the usability of GnuPG has always been something I’ve advocated for. As the now famous video by Edward Snowden demonstrated, this unfortunately continued to be an unsolved problem but hopefully will be solved “real soon now.”
In any case. I’ve been happy with my GnuPG setup for a long time. Which is why the key I’ve been using for the past 16 years looked like this:
sec# 1024D/86574ACA 1999-02-20
uid                  Georg C. F. Greve <greve@gnu.org>uid                  Georg C. F. Greve <greve@fsfeurope.org>uid                  Georg C. F. Greve <greve@brave-gnu-world.org>uid                  Brave GNU World <column@gnu.org>uid                  Georg C. F. Greve <greve@fsfe.org>uid                  Georg C. F. Greve <greve@gnuhh.org>uid                  Georg C. F. Greve (Kolab Systems AG, CEO) <georg.greve@kolabsys.com>uid                  Georg C. F. Greve (Kolab Systems AG, CEO) <greve@kolabsys.com>ssb>  1024R/B7DB041C 2005-05-02ssb>  1024R/7DF16B24 2005-05-02ssb>  1024R/5378AB47 2005-05-02
You’ll see that I kept the actual primary key off my work machines (look for the ‘#’) and I also moved the actual sub keys onto a hardware token. Naturally a FSFE Fellowship Smart Card from the first batch ever produced.
Given that smart card is battered and bruised, but its chip is still intact with 58470 signatures and counting, the key itself is likely still intact and hasn’t been compromised for lack of having been on a networked machine. But unfortunately there is no way to extend the length of a key. And while 1024 is probably still okay today, it’s not going to last much longer. So I finally went through the motions of generating a new key:
sec#  4096R/B358917A 2015-01-11 [expires: 2020-01-10]uid                  Georg C. F. Greve (Kolab Systems AG, CEO) <greve@kolabsystems.com>uid                  Georg C. F. Greve (Kolab Systems AG, CEO) <greve@kolabsystems.ch>uid                  Georg C. F. Greve (Kolab Systems AG, CEO) <greve@kolabsys.com>uid                  Georg C. F. Greve (Kolab Community) <georg@kolab.org>uid                  Georg C. F. Greve (Free Software Foundation Europe, Founding President) <greve@fsfeurope.org>uid                  Georg C. F. Greve (Free Software Foundation Europe, Founding President) <greve@fsfe.org>uid                  Georg C. F. Greve (digitalSTROM.org Board) <georg.greve@digitalSTROM.org>uid                  Georg C. F. Greve <mail@georggreve.net>uid                  Georg C. F. Greve (GNU Project) <greve@gnu.org>ssb>  4096R/AD394E01 2015-01-11ssb>  4096R/B0EE38D8 2015-01-11ssb>  4096R/1B249D9E 2015-01-11

My basic setup is still the same, and the key has been uploaded to the key servers, signed by my old key, which I have meanwhile revoked and which you should stop using. From now on please use the key
pub   4096R/B358917A 2015-01-11 [expires: 2020-01-10]      Key fingerprint = E39A C3F5 D81C 7069 B755  4466 CD08 3CE6 B358 917A
exclusively and feel free to verify the fingerprint with me through side channels.

Not that this key has any chance to ever again make it among the top 50… but then that is a good sign in so far as it means a lot more people are using GnuPG these days. And that is definitely good news.

And in case you haven’t done so already, go and support GnuPG right now.