Please find attached my new GPG key as well as general identity information.
I have rotated my keys due to ongoing issues with the way I structured my smartcard exports. As such, the new primary key for the following UIDs should be considered 0x7FF21B69A5FCE951 - Ryan Rix <firstname.lastname@example.org> - Ryan Rix <email@example.com> - Ryan Rix <firstname.lastname@example.org> This document is signed by both the old key and the new key to aid in verification. The previous key is not signing the new key due to the aforementioned Yubikey issues that have plagued me the last few months. What follows is general Biographical and Cryptoraphical information which you may use to verify this information
Feel free to download that file and verify both the old key and the new key:
gpg2 --verify ~/org/new-key.txt gpg: Signature made Sun 11 Oct 2015 01:06:59 AM UTC gpg: using RSA key 0x7FF21B69A5FCE951 gpg: Good signature from "Ryan Rix <email@example.com>" [ultimate] gpg: aka "Ryan Rix <firstname.lastname@example.org>" [ultimate] gpg: aka "Ryan Rix <email@example.com>" [ultimate] gpg: Signature made Sun 11 Oct 2015 01:07:32 AM UTC gpg: using RSA key 0xE5DB00A8DB1B5346 gpg: Good signature from "UberEng <firstname.lastname@example.org>" [ultimate] gpg: aka "Ryan Rix <email@example.com>" [ultimate]
Also, if anyone wants to help me figure out why my old key can't sign, that'd be greaaaat.
bash-4.3$ gpg2 --list-keys 24c87ae0 Keyring: /home/rrix/.gnupg/pubring.kbx -------------------------------------- pub dsa3072/0x67F784B924C87AE0 2012-12-31 [expires: 2017-12-30] uid [ultimate] UberEng <firstname.lastname@example.org> uid [ultimate] Ryan Rix <email@example.com> sub rsa2048/0xE5DB00A8DB1B5346 2014-11-24 [expires: 2015-11-24] sub rsa2048/0x08D32BE430DCAF7B 2014-11-24 [expires: 2015-11-24] bash-4.3$ gpg2 --card-status Application ID ...: D2760001240102000006030146700000 Version ..........: 2.0 Manufacturer .....: Yubico Serial number ....: 03014670 Name of cardholder: Ryan Rix Language prefs ...: en Sex ..............: male URL of public key : https://pgp.mit.edu/pks/lookup?op=get&search=0x67F784B924C87AE0 Login data .......: rrix Signature PIN ....: forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 2 Signature key ....: E494 3940 302E 546A 2ADA A0E8 4AD7 8DC7 5044 6D97 created ....: 2015-06-04 04:40:25 Encryption key....: ABB6 736F A507 64F3 7ABB 7DF3 08D3 2BE4 30DC AF7B created ....: 2014-11-24 07:45:41 Authentication key: 2823 270A 100C 2D85 58A1 4CB6 E5DB 00A8 DB1B 5346 created ....: 2014-11-24 07:45:30 General key info..: [none]
I am fairly certain that using
0x50446D97 as the Signing key in the Yubikey is causing it to
(rightfully) refuse to sign as
0x24C87AE0, but it'd be nice to have confirmation of that.
This new key is nicely backed up in cold storage so hopefully this can't happen in the future. 🙏