GPG Key Transition

Table of Contents

Once again, it is time to announce a new GPG key. This document is signed with the old and new key to establish authenticity. However, I forgot the password for the master key, so I cannot certify the new key with the old key. Please use the new key.


This document is signed using the following command:

gpg --clearsign --armor --sign-with B0CAA28A02958308 --sign-with 82D94B35744E1B34 index.org

Download the public key with the following command:

curl -fSL https://kennyballou.com/B74CC4B41148C3DB364BC21182D94B35744E1B34.asc -O
gpg --import B74CC4B41148C3DB364BC21182D94B35744E1B34.asc

Verify the fingerprint of the new key:

gpg --fingerprint B74CC4B41148C3DB364BC21182D94B35744E1B34
pub   ed25519/0x82D94B35744E1B34 2022-06-17 [C] [expires: 2030-06-15]
      Key fingerprint = B74C C4B4 1148 C3DB 364B  C211 82D9 4B35 744E 1B34
uid                   [ultimate] Kenny Ballou <kennyballou@u.boisestate.edu>
uid                   [ultimate] Kenny Ballou <kb@devnulllabs.io>
uid                   [ultimate] Kenny Ballou <kballou@devnulllabs.io>
uid                   [ultimate] Kenny Ballou <kennethmgballou@gmail.com>
sub   ed25519/0xFE55890B57AEDCE5 2022-06-17 [S]
      Key fingerprint = 10F4 14AB D526 0D0E 2372  8C08 FE55 890B 57AE DCE5
sub   cv25519/0x67D198693104300D 2022-06-17 [E]
      Key fingerprint = 9B57 EC72 7A5C 5796 FB40  1954 67D1 9869 3104 300D
sub   ed25519/0xCEF8DC24E2133889 2022-06-17 [A]
      Key fingerprint = 8F1F B6DE 17B1 B8FE C5E1  ACA8 CEF8 DC24 E213 3889

Download the text of this document and verify with the following commands:

curl -fSL https://kennyballou.com/blog/2022/06/new-gpg-key/index.org.asc -O
gpg --verify index.org.asc

Differences from Old Setup

Instead of using RSA keys, I have switched to using Elliptic Curve (ed25519) keys which should have around the same strength of RSA 4096 keys. Furthermore, the benefit of this is that the subkeys all have the same strength, which previously was not an option with RSA keys.

The expiration of the master key is a little longer than the previous keys, 8 years instead of 5 years. Ideally, this means another key transition post won't appear for 8 years. If I remember the password, and cryptography doesn't change significantly, I can also extend the expiration of the key as well.