-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Date: 2018-02-04

In the interest of improved security, I have recently created a new
OpenPGP key, and will be transitioning away from my old one.

The old key will continue to be valid for some time, but I prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust.  This message is
signed by both keys to certify the transition.

The old key was:

pub   rsa2048/0x88159C24830F6F7E 2012-09-28 [SC] [expires: 2018-07-30]
      Key fingerprint = 11CD 3DD9 8D7E 61C7 6D1A  3224 8815 9C24 830F 6F7E
uid                   [ultimate] Ernest W. Durbin III <ewdurbin@gmail.com>
uid                   [ultimate] Ernest W. Durbin III <ernest@python.org>
uid                   [ultimate] Ernest W. Durbin III <ernest.durbin@zapier.com>
uid                   [ultimate] Ernest W. Durbin III <ernest@thegroundwork.com>
uid                   [ultimate] Ernest W. Durbin III <root@ernest.ly>
sub   rsa2048/0xEC25EF163CF70387 2012-09-28 [E] [expires: 2018-07-30]

And the new key is:

pub   rsa4096/0x8F8E423168928420 2017-12-26 [SC] [expires: 2022-01-01]
      Key fingerprint = 22AD AE0F C41E 160A D159  6B11 8F8E 4231 6892 8420
uid                   [ultimate] Ernest W. Durbin III <ewdurbin@gmail.com>
sub   rsa4096/0xEDC928AEEC732DA2 2017-12-26 [E] [expires: 2018-12-26]
sub   rsa4096/0x4F19322DF3FFA2D5 2017-12-26 [S] [expires: 2018-12-26]
sub   rsa4096/0x346B728B8ACEAD43 2017-12-26 [A] [expires: 2018-12-26]

To fetch the full key from a public key server, you can simply do:

  gpg --recv-key 22ADAE0FC41E160AD1596B118F8E423168928420

If you already know my old key, you can now verify that the new key is
signed by the old one:

  gpg --check-sigs 22ADAE0FC41E160AD1596B118F8E423168928420

If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key. You can
do that by issuing the following command:

**
NOTE: if you have previously signed my key but did a local-only
signature (lsign), you will not want to issue the following, instead
you will want to use --lsign-key, and not send the signatures to the
keyserver
**

  gpg --sign-key 22ADAE0FC41E160AD1596B118F8E423168928420

I'd like to receive your signatures on my key. You can either send me
an e-mail with the new signatures (if you have a functional MTA on
your system):

  gpg --export 22ADAE0FC41E160AD1596B118F8E423168928420 | \
  gpg --encrypt -r 22ADAE0FC41E160AD1596B118F8E423168928420 --armor | \
  mail -s 'OpenPGP Signatures' <ewdurbin@gmail.com>


To verify the integrity of this statement:

  curl https://ernest.ly/gpg-key-transition-2018 | \
  gpg --verify -o - | \
  gpg --verify

Ernest W. Durbin III
- -----BEGIN PGP SIGNATURE-----
Comment: what up, i'm ernest.
Comment: signed with new key

iQIzBAEBCgAdFiEEuSkpynpDar/Z/lqqTxkyLfP/otUFAlp3DmkACgkQTxkyLfP/
otV9pRAAgDjS/ZrtRL/BWx1ocC+L6gPJyin7NqI9HS+a0epUpG5ctEzbIVWY9O+I
dYQG6lSRqtOrJa5iWUdXfGtEnD9lrA+LQUOf7FN5vSGeDh0yHD6MNhbaPpfhawf6
CU7LWW4R9Y2U+D7JMEmsgj2+hosnRFzr+5EbtL34XT5PrAj9snMR7G2zlPAwqua3
Mj55DiMoF3y2VsxJp/iXLKY4x2yO15klb9n728o4AziaTP19rgnQCc40OKjZ14KK
SE7x/x2mHq03jJFQEWpp/CFX5iWZYCfXbrednZCxiOb+snIs9IZ5iAxN97uO7Aee
9GQmRkzgG62PjYRSGXRmFgsvrm8LHu8zkGw4JuMuGayG+G0ICCW/ZJ3cz9B4ZZhC
XaJ34//NVlntxS3BD+bN2F/Lqed8uLbleYmOqE/A8fPTOJErkZpkZ+/wFACqO0jw
8NGfuVUdQzpHefVeKKgcUUEsrtA8y+vkTf1c7oVp8+Kxm53QS+0rzrr4NrU+Nwa1
HgqVoo72qsO2U1P1zpywSo4kToogQzfyu9sqkbSJoP4nTgN1NYXw/f2dtd6BmCf3
FKRs0vyzg00O7Gvd1JYpGdqQabnvmSaZAFDXiFAf5eiaYs4iihX26Ma82Mn1SKDB
yqWi1woKzQN58J02I6J9B2OZfLLeXChtaolACzkhTGDy7feuPlQ=
=U6OC
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Comment: what up, i'm ernest.
Comment: signed with old key

iQEzBAEBCgAdFiEEEc092Y1+YcdtGjIkiBWcJIMPb34FAlp3Dm0ACgkQiBWcJIMP
b36ilAf/W/OFv726a4sd7OCWSFywnsNtUWlC31BMTRyNTJz1eK4Niw8eiRDhzoW0
DrVN6sXUIHkAwy1oX8dbgRu0qktuMDskVfjKXxsjHpaY3N1EtoqC47n/daASDKRA
jiuqHXugQsEvlWp+7VhFfhZms4Tt29DmAQYbJsKuiorgzATfYJyO+D7a4hI2wO48
wVGgG/tIy/1BIhBcJbVKd0RGhvB5vGpnyiwOKvES7rWjRt/xDYkmYRqkyFsKoOsU
y3cAnGV1Cu6KPxvXaSt79Y2VhRDcqDQP06IUcphicLL4tJSXNukBa8qlSVIyCdom
u06aH//1s80rQf+zTGXzdKYg67GeFw==
=YWEv
-----END PGP SIGNATURE-----