28 June 2017

GPG Key Rotation and MX Migration

The GPG key that I've been using (648A D02C B24B FE36 D601 C976 AD43 71CA DE73 1050) was created on January 15th 2014. In that time it has migrated between 3 laptops, an Intel NUC and has been stored on several encrypted USB pens.

Having recently upgraded all my Yubico 4's to Yubico 4C's I decided it was time to take advantage of the Yubikey PGP smartcard capabilities but since this key is a bit long in the tooth (and been on many devices which have been to many countries) I'm taking the opportunity to follow a few best practices, namely; generating a new key on an ephemeral host, using an expiration date etc etc.

My new PGP key is:

468E 50BC 54F6 B2A4 2A50
2AA6 E6BC 2184 073C 1779

The public key (signed by my old key) is;

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFlS1I4BEACsl19dSUnaLhiUKu9i3aYHHeZjei87wYeuFw3Nl3J7FQ1Wb5Cr
bdfFi+ws6HWuO5a/b2YqBjEaXuEN5Egw7nP8ovP/bsgdcoLWrYz3mokGNBmczlM6
zplBHsepi+ruwXrSrAX9q114MIxFzxqIyib9eMjN16gswhpxLyDfDCqU0rayT/Qb
9MRWtzi2+58SSWBunQb/m69rNJfVvRJYkf4hRyYvNiWsCKrI2v2RTvnNB4DM71EI
zdUyr3YGM1mJ4LBjohhpOwgjf5cOGAOu9TPGMyR//8kiGc4RZtWZ97euxidzZBM/
BOXRx7Qrd4F2q+dYVszx4xHVwyztj/xjsYZOqpWTi6LnMSSx+EyIDVIL2ekH2ULs
fNH1m7U305V4YjYCXH1TXk3KXv5IvbiqhM4cTKJntiPhdNeoKoJ9KHHFLOE1qJ/t
4hdjsWXxNiJyHKRYmwF5QbEDC2CLiPeCR0h4RIiGKODhGkq0kQ96saRp4WfdMQ6M
+RvqbqfDs87KzfQaaDN/uWwLRJWjsiJpf9BZiO8M50JjR3GkkiLmv9Zlm/DUzbj2
jPpzPh6ROPGSgEyoeVHMGAgHeXo0nKoDnNgnQ47Poy5JedKJ0HTZFQH86LTinMLB
S7RebFYczDsbdjJsA9uHWEgNkroQdzG9z2+zsJa9lrnWzwDZguDeb4hptwARAQAB
tDVHYXJldGggTGxld2VsbHluIDxnYXJldGhAbmV0d29ya3NhcmVtYWRlb2ZzdHJp
bmcuY29tPokCPQQTAQgAJwUCWVLUjgIbAwUJA8JnAAULCQgHAgYVCAkKCwIEFgID
AQIeAQIXgAAKCRDmvCGEBzwXeT36D/0bG71OwlrrZke3JhFKg+0AED/lwzef6K2F
QhM4USDN3s2YKGpfmEHMfEb5c4oFFu6bpcE8DPpncgWdOxajtYJ0va3O4RFiPLlj
QV6oUAEHfoUufoIxlPcg07mDIaWYpyjedU7IIkBhwdJT8m22j9qmnn+jo468WqUB
EA+n1/MKy/GFc5KvsJx736B8a8q3dgGdbwLMj5KjP6aA3WU2qNjyHtL0TNWJAl2T
l5/PEKKQ5wYa+s7rLkPpQyYoqN29JNJnzH0ol8lEMHoltLvwsaukl5Gsr16q7jlk
MktWoPMbbkRqkeMJz9SbuP9Q+MVpwY8QcqDOtIZOJ2Hg8zoNC0fJKruUb7GeSFcU
fJoc36A6/mBdSgaX9oKR9fSaH0sMllhdSlcP1RwRZrkTyStCJNfhxoxXz9KKZelG
LF3EWquDOlIwZbc4FkgswDHRNaA+K0Md2SAQ9YBMHE7FT4pB+uYzOT4i5kPq1bac
S6OnM3vOqMQAJogUV25lkUfP+qDICuBDJIh2Y5lTw9otgPQyAcUifduWXKYHuh4O
93+yPNzSjJ1EOd/rRMN6l2Zpdlww6Fn04CwCl2ib+2M3h0wfmlU2qrmDi9CQ58or
1gDNdl5NxWnaur4GK1rsIAwGymtr1ZwLjxV2xjDvZyytX7WYysZhydAKcQcZ7IpO
lp9zLCAcwokCHAQQAQIABgUCWVN4+gAKCRCtQ3HK3nMQUHpUEACEkBd3GRg4s7xz
4OZ+DHm1NMIJUoPH10U8/DweTzRk1ePXw/KMY24UAkNX35nmdTXshTMx85Re/Uqp
Ml5lafLu1rMA8qu6vQZVzIy+6Ahu32PdbE45jQDyTJCCQJORKaa+mOoRTeEPifcQ
h0sAqWhfXAXrXiXpp73gVr48Seh6UtH/E5YnVMweV0xW9E/1kv8VXNc5SP8Ywn/4
eydSau37z0rocp+RG3rGUGGVadTRubSfw7nbpcyeIwbT58mwLVJIi/MYPxcAHAUE
HEVmvS/skXYGZotoVkCmKYKE2NZz47FzJUfNJ3UcCwJlBS6JhxnX8pynCQbBicx+
MliLmyewAlT86imr5/wWLwcSStmiJ5C30jgvHubOw8NatfRGqkwmxcWlIcj/Un0p
TW9zVswyLTUMXoJ0lPkSk9AnA9DvM3yfUhGmzvuOTxnJ0L8LA+oh0vdfaRdXl0lU
qLM0/MgxeWuzDLWS49pENDVBg4iOz/g3RB7y4W94rJmbF6aYJrW1XbLnKwDiW59e
1BTJLa/pmpK/Y/1zpxve9KcjuXUJ23NZKr/AT4Svy3VIqKjqwzWmxymB+XIWANrG
NaNkJdn9uBhqS0Ffjt6krnpLvBzWxJvmfP7gzh7LbNv8XXkCWeoTQ5EK2JvbA2eU
Rj+E/twxD2G6b9htP8MznQDqzqmSSYkCHAQQAQIABgUCWVN6YAAKCRBEcFXzb21g
wRqsD/9NUhmCaltZVbWs3lsa7EZxwmlaijTmtuY8HPdRDk7+c5Y5IAGReVtH12Yr
9QLmf63pjpcSdjJUuvPllsVN9ZXURaR6XYi+bLzU751R3abyonx7myZ4sbcGwv9F
j82S+F87tfFAkEZY4eUKP9ItHo2aZ1BO79TCBV1Hdv4zdhk9rqiByUGPycfgb4q+
uJVzoZVQ2QskNTz9ly6aTwedHzeNXDkPRVlugfbsUgt/qJ2h2zza3DiAy2vzlyms
2EPgONJLmyXD0QWK+MubJgrInJW8DF0gAo8St6CRveDre62i0dUdmRcJCrdBqTLk
mSoSM4LVpfvcWkhp0B0zBv+1nls/RtcZ8zRTVZSZPsIyItjnb8gCyr0nR+zBRRMm
z9FfZaQq7bMApEpQrcyRkchu3KzvYkv0d864Z9KhKZnocWb92hgZM3Lvf7YWeSDI
G++2qHqORwgt/8kX4XwStR0OVE392D5Cri7AI8w3p1gussrrOqnpXk0jZASVUFsT
zU2YuzR7oMGsZAS0+z7zdcX0SBGNq+Gz/JpuuRR+G+qhkqKUilU5elpIxUe37ZjG
rz6y74xLAbMkj8IHDvCCqeJwZ1uFt6Zq6F+9kg/J6GpnirCwDpHLZAUa1aAqEdRK
aZOMNwK98dhYK95hZctiefijWe0duluvCfMleNRsjVlDVpVwibkCDQRZUtSOARAA
1m93hVc6MgsgIqnGn59HvZ7/SXyxuxWBEXDf0OABBf5owDaXTB3Pvg+GOnvYfcXd
66HL1zRDlvNjpcP9ebsgLTDUTVcuLnw3DnM5BawJckh2WnL3piropCxpUUFIp4u7
xRYvz5lrVkDdtBv6r5AZUGNepwP12tp54kaVwo4mPwo6w5F/sKWxlqKBmZ9Na8BR
FHl+YC+0rO+X/olhOLu2je/UD7OfPS9nN+AlpyfrdBeTqoCUgpFDtvqfep2RzVec
iK+llASxhNYJUCs+DU94BttiXBwLCBdNyyb3On7gAclyeKLC69BEwjEJbsnid7Tc
eSMSKjoJbZ1OBbmX8R09gxdEnVcioW1GqxYL9eWvIrpsM+h+kfJqYv2o1QJrLhY+
4dtHfCqqHCn+PzUboTcyba6q6tIm2m87NECugvJHMK4mZh0+BQ7ssL9kYvve5Qe/
b2eEOk6eKb7FHZ5cu6rhgrudn+bRC5qgRj+3Rgsn9fzf1HYfWzFzsUW/iLsArWQ2
LVI3WlJVlqayG4Q6VJj8/6UIM0QU861W5gRRS3euRXa9qHmivushxfNWgNdbSpZZ
bx4OVl3Gfcr3YsljoHXqA/Kytnghm3u6Q38Ij9/mntXCr7bf3ME714/yqxWEoLtN
QrusGbSD8XEx3og4OpdsCQMwf3+5BDQloN/LKlJ4jREAEQEAAYkCJQQYAQgADwUC
WVLUjgIbDAUJA8JnAAAKCRDmvCGEBzwXect7D/9yWFLADIGZ3bA2AWRqoKHSheL7
YS48Ss2HaIX3LS9eD+JFIrQd0qasihqcdfJv5lBAsqFGuX7Fy9hgfjh0YicSbN8s
GKOUlewYJf2sBgKJRdWV+jf4Tk0Nwbdqij1hbZ8bbmqq3RiEaJJ8QrgKGbwP4hYM
qIanYueoTPbpNmXCxrm9ztrEoO6V8CL7UiO8kAgnz4J77skWMr/kJMSHTKA9Q2jw
+SiVvvrpegVCmVo78z1BzLd9i8Q7F4W3duiE7irtQyeoDLaKg1kXZfdsjDhan5bV
s+W9DEtaxD57EpgZfJIBdOorf+FAZMpzIsyPWEz5M1t1TP9zGloFLP7JLRl+Y022
SvPUJkPJP+mmO0ITIDL+1tQwEOeyrp2ZEnBWlNg19L4SVyKQVZvGMOZ7MnzkDwtw
3qDXucp1LzUhFeGfWkHd0sSGQuLiCSh+0exCbhvT79mRKUo6H0lDqs6Jx6CYK9il
IN+sH2sBC1ncX0b2sAHiaPRj/Mg6k+gy8Hfvo0US2uae8jBj3FMhCBfpDpukCKj1
FnaddRQfS4X7g3AMFPtsm7sRw0iMCsnduzWixGojG/iu27GpyTabm4xMz8wwcqoG
R2afavsLDG1P4XRF7ywVacW5hgU5y84zS15Df7MCeoG08EgQ3rdnbNJlMNRJHEUj
DhUj+7+IHoYhL4trAA==
=pwlT
-----END PGP PUBLIC KEY BLOCK-----

The revocation certificate for my old key is;

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: A revocation certificate should follow

iQKnBCABAgCRBQJZU42yih0BVGhpcyBrZXkgaXMgc2V2ZXJhbCB5ZWFycyBvbGQg
YW5kIGhhcyBub3cgYmVlbiBzdXBlcnNlZGVkIGJ5IGtleTsKNDY4RSA1MEJDIDU0
RjYgQjJBNCAyQTUwCjJBQTYgRTZCQyAyMTg0IDA3M0MgMTc3OQooc2lnbmVkIGJ5
IHRoaXMga2V5KQAKCRCtQ3HK3nMQUNB6D/9mJUuZOUIm/59uXVuKtuJWjtAHpDrT
83VpaDWwIIzM/p3sM6M52iFgiG7sPS6LdTkPwezok+ykJ2ueD0JQOz/FVk7fPB/h
vKp8R+2yZuMldRp5CYko1/8pkcFfAqAuaBb9UQ9IMAL259qswf4bKWTvekpwRVB3
p1kXSewn/GdHjbLQm+I7R0ashi6Y8q/V7lC9QxWiqlrUKmOYyjOwIlDMiqDIq/WU
7+wL+4qLGer3Z8h5ohXcTiWgXL9/yIGunOIW7U92Afge32dK+8h/lWRfXEIWA15D
piSBCs+9KP0CgrfFNAvniV6J1cNtvxS9/DU5lOODFOgcQ1gDJnr3Ry0Cp0QLPVWA
VTjCD3xCQeFEQ+njB45R7gVEm7HvL/6/RbiatZXlWxfAC5ciwpK3TtS5NDwmIMsk
mwMtSL0TQsAuLpK6F7fMxS7yAk0wo8ccNh+2+Urue5lqbUUFsHlpNBGyXhHBEwjo
aEazfy9XxA8YBkIfG/9cVYiSytQcIQUEI6GXS2a4zSQjCV+YBTEjirBGhw1Cc2jV
86r6Kj+C9d/KhIvB/MdEw9YGWIJY/+zv2E18HLCzEUmgh1860TSsRnlQN06fipmA
wnE/aYobwdbnntI25Pi0l2SHYIQjl17yqRLjTGxjGAgdNBBnmLDxPfMPAJycM6V5
uNkwX0TeBJQdbg==
=5N1u
-----END PGP PUBLIC KEY BLOCK-----

MX Migration

Due to a combination of laziness / Google Suite not parsing emails for ad mining / general security I've been using Google as my MX for many years.

I missed the ProtonMail public beta and missed various other chances to get onboard but with their Tor announcement in January I added the migration to ProtonMail to my ToDo list.

networksaremadeofstring.co.uk is already migrated and with the new GPG key being for .com only I'll be moving that domain over to Proton soon too.

In equal measures of avoiding surveillance capitalism and due to feature locks I'm paying for ProtonMail+