-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256


Tue Mar 25 12:42:55 CET 2014


To whomever it might concern,

We - CERT.at  and GovCert.gv.at - have  recently set up new OpenPGP keys, and
will be transitioning away from out old ones.

Why?  Because our old keys were 1024 bit DSA keys with SHA-1 which needed to be
phased out. See the excellent background article by dkg:
http://www.debian-administration.org/users/dkg/weblog/48


The old keys will continue to be valid for some time, but we strongly prefer
all future correspondence to come to the new ones.  We would also like these
new keys to be re-integrated into the web of trust via our master-signing key.
This message is signed by the old key to certify the transition.

Some background on our keys: we have master signing keys, which are offline and
only there to sign the other keys. We'd like to ask you to re-sign these.  We
also have team keys, which are used for general communications with the whole
team.  In addition, there are individual personal PGP keys which are also
signed by our master keys.

In addition to these new team and master signing keys, some individual personal 
PGP keys changed as well. You can find them in our keyring at 
www.cert.at/static/pgpkeys.asc. 


For CERT.at:
=============

Signing key
- -----------

Old master/signing key:
pub   1024D/A5A2AC28242EFA2F 2008-02-12 [expires: 2014-04-18]
      Key fingerprint = 0F71 E5DB 5A23 22AE D6A3  5706 A5A2 AC28 242E FA2F
uid                          cert.at master key <cert@cert.at>

New master/signing key:
pub   4096R/998C1CC6C2E0E6A7 2014-03-19 [expires: 2019-03-18]
      Key fingerprint = FB59 8F2F 6B68 0211 F85D  2A0C 998C 1CC6 C2E0 E6A7
uid                          CERT.at master key <signing-only-key-no-mail@cert.at>
sub   4096R/9D1B02A6B0454903 2014-03-19 [expires: 2019-03-18]


Team Key
- --------

Old team key (for general communications and incident handling):
pub   1024D/02FBC1EF5C384328 2008-02-13
      Key fingerprint = 740C 68EC B6B6 2060 48A5  D49A 02FB C1EF 5C38 4328
uid                          reports@cert.at (general communication key. For incident reports) <reports@cert.at>
uid                          reports@govcert.gv.at (general communication key. For incident reports) <reports@govcert.gv.at>
uid                          team CERT.at (general communications) <team@cert.at>
uid                          team GovCERT.gv.at (general communications) <team@govcert.gv.at>
sub   4096g/B72EBE6BD7071014 2008-02-13

New team key:
pub   4096R/8D2F23E111334B61 2014-03-19 [expires: 2019-03-18]
      Key fingerprint = AD35 20E5 2CE8 8BA2 50B2  8507 8D2F 23E1 1133 4B61
uid                          CERT.at (General Communications) <team@cert.at>
uid                          CERT.at (Incidents) <reports@cert.at>
sub   4096R/CC28457FA810F7AA 2014-03-19 [expires: 2019-03-18]


For GovCERT.gv.at
=================

Signing key
- -----------

The master / signing key stayed the same:

pub   4096R/F0B3399C2925E79B 2011-02-23 [expires: 2016-02-22]
      Key fingerprint = B79E BB32 52BC 1859 660B  F390 F0B3 399C 2925 E79B
uid                          GovCERT.gv.at master key (signing only key) <signing-only-key-no-mail@govcert.gv.at>
sub   4096R/240B7C12949A01E7 2011-02-23 [expires: 2016-02-22]


Team Key
- --------

Old Team Key:

pub   1024D/02FBC1EF5C384328 2008-02-13
      Key fingerprint = 740C 68EC B6B6 2060 48A5  D49A 02FB C1EF 5C38 4328
uid                          reports@cert.at (general communication key. For incident reports) <reports@cert.at>
uid                          reports@govcert.gv.at (general communication key. For incident reports) <reports@govcert.gv.at>
uid                          team CERT.at (general communications) <team@cert.at>
uid                          team GovCERT.gv.at (general communications) <team@govcert.gv.at>
sub   4096g/B72EBE6BD7071014 2008-02-13

New Team Key:

pub   4096R/7B22517412B5F638 2014-03-19 [expires: 2019-03-18]
      Key fingerprint = 9F95 96C8 5FE8 4EB6 8130  DDBB 7B22 5174 12B5 F638
uid                          GovCERT Austria (General Communications) <team@govcert.gv.at>
uid                          GovCERT Austria (Incidents) <reports@govcert.gv.at>
sub   4096R/E45ECA70FBCCFB17 2014-03-19 [expires: 2019-03-18]



To fetch the full key, you can get it with:

  wget -q -O- http://www.cert.at/static/pgpkeys.asc  | gpg --import -

Or, to fetch our new keys from a public key server, you can simply do:

  gpg --keyserver keys.gnupg.net  --recv-key 998C1CC6C2E0E6A7 8D2F23E111334B61 7B22517412B5F638 F0B3399C2925E79B

If you already know our old keys, you can now verify that the new keys are
signed by the old one:

  gpg --check-sigs 998C1CC6C2E0E6A7
  gpg --check-sigs 8D2F23E111334B61
  gpg --check-sigs 7B22517412B5F638
  gpg --check-sigs F0B3399C2925E79B


If you don't already know our old keys, or you just want to be double extra
careful, you can check the fingerprint against the one above:

  gpg --fingerprint 998C1CC6C2E0E6A7
  gpg --fingerprint 8D2F23E111334B61
  gpg --fingerprint 7B22517412B5F638
  gpg --fingerprint F0B3399C2925E79B

If you are satisfied that you've got the right key, and the UIDs match what you
expect, we would appreciate it if you would sign our master-signing keys:

  gpg --sign-key  998C1CC6C2E0E6A7
  gpg --sign-key  F0B3399C2925E79B

Lastly, if you could upload these signatures, we would appreciate it.  You can
either send us an e-mail with the new signatures (if you have a functional MTA
on your system):

  gpg --armor --export 998C1CC6C2E0E6A7 | mail -s 'OpenPGP Signatures' team@cert.at
  gpg --armor --export F0B3399C2925E79B | mail -s 'OpenPGP Signatures' team@cert.at

Or you can just upload the signatures to a public keyserver directly:

  gpg --keyserver keys.gnupg.net --send-key 998C1CC6C2E0E6A7
  gpg --keyserver keys.gnupg.net --send-key F0B3399C2925E79B

Please let us know if there is any trouble, and sorry for the inconvenience.

Regards,

	CERT.at


PS: This text was created based on the great reference at
http://fifthhorseman.net/key-transition-2007-06-15.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlMzAiMACgkQpaKsKCQu+i8s4gCfWyojjxS8FyhyFxRmgSUn+yto
3HgAniP/rzSzeQ1WixcE0DyW28r5NR3CiQIcBAEBCAAGBQJTMwIjAAoJEJmMHMbC
4OanmKUQAOC8MlSAD1wIlvJ3WMKHn3GLc3tCEs8eyQBBRck7oVKTfN4W22ZAVWmK
23qlxY4u+2VHCk4Pyw1RwK0cIuJbz/BUDVV8I9NRRzZlXa3WUm7EX2K9YKAKL4fQ
ViZBYJSdALuwKA8shNCeOdOjGMZ3UkdoRC4yqk1kXIbMXGgLGUdU4qDz0+83RSqJ
SkZ9mJzIbIF4WMNKvDJbJmSrIoPK4Q56XmASoOEB0y1/SMbJ4dWymrxTUgCVi5K/
le8f2IGyznNwbTXkKgD/CT0ebNRWwg2fH8e5P99fBGTG57e0oxirTsm9bijAlxIF
OnMOQvPfUbEsRXbuom2WyCWrsSCn1P6IC5+lrscAEv2SSsMEAeI4OBLupIBAnS9a
sPOhcqK0f8bq9/Z8L5ct/LvNMEITY7tQV5OKngUrk6lc3pKbnzrpU+QL5JVk5v6B
w34YneHbf+tjYud3nE0SMbdLPg03F6dYz/dkdm1AwAGi1UKHMgt6lKMy+u0GE9F9
+cFWiA6bsYUyCSz8MhmOjXDCOJwKPjWMMqnOUs2+d08hF6F2DurBSjhOkFziciu9
wRb7aHHq/CU6llBR/Qo17cqcsX50VnYLCKMKKCZHQk5nVPuHsXJZUNzOfpCv/cZD
2XW642bJAC+Q3e/o8u7e4VRNbhrjpZqkU5T5HJEGcYZX2KpsZSUbiQIcBAEBCAAG
BQJTMwIjAAoJEPCzOZwpJeebmKUP/1LfujCpkmkZXfYXJCMCLMfBtjA6CBcCGp29
k6BMAJpsnmHfhenVQ53e7Kce2cY8cMhwYON9HVucj2PrjGjGmaqutJJhtBKPlEtQ
2tZBgm8y+ImQuT4sZ54yFS50of1Uxe7q18DWbIN1L2LhzCvDdWERDsws6CZwVb8b
1ZDDj+q8K/zmlnxWQTCmJn7S3wP1xM/3XsH5pLIVrIkNSBK+Uqr6uALC68BHXzV6
K0bBGJDSovKEO59Nk+3R/+ug1gGs8DkXI6mORoe2u94CkAUj/cZT0hNLARuyifBx
3/Sf57xxyAQy6g3P7UE8G990+XqYRdlmFbwa+MGHqI4mljRm3Pza5ZlRyL03Jpvc
zcOX2JSdkEWjhbRM3fJDPae6/1byN7Nuh5auF4Mg9UPfLtkmOK9Esi/9C05dJG/1
zGQDFTt4ycdiG3ynSkyOV7niEyWPebb7dmdtVVbSHebfl56E9yjvzRKlM+YYXeX1
GJqBbO/BBL/rR3vZXvrOZ+E2hPdeJgbHYvuHQ1va0NjcGG+XRGEhNU/h90X+xG9P
kjqLR0cumvsRf0MrAzgM1djy2rOnGaE1QPQ8qxvHWq1te2XUTOCu8JWL+TTejMev
SaTaK26VpjUwLxK282btqnjVuSOWn1G19HODEQ6g3mNdnT2LG0oBrWkGzWcgRWsW
wCk56l+y
=TNFU
-----END PGP SIGNATURE-----