For a number of reasons, I've recently set up a new OpenPGP key, and will be transitioning away from my old one.
The old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust.
My old key was:
pub 4096R/9768FD3CC48815F2 2010-10-14 [expires: 2016-10-12] Key fingerprint = F808 881C CDEE 45FD 37E9 6896 9768 FD3C C488 15F2 uid [ultimate] VOISIN Julien <email@example.com> uid [ultimate] Julien Voisin <firstname.lastname@example.org> uid [ultimate] Julien Voisin <email@example.com> sub 4096R/B316D919F9BFABC7 2010-10-14
And my new one is:
pub 4096R/04D041E8171901CC 2015-07-25 [expires: 2020-07-23] Key fingerprint = 9FCD EE9E 1A38 1F31 1EA6 2A74 04D0 41E8 1719 01CC uid [ultimate] Julien (jvoisin) Voisin <firstname.lastname@example.org> uid [ultimate] Julien (jvoisin) Voisin <email@example.com> uid [ultimate] Julien (jvoisin) Voisin <firstname.lastname@example.org> sub 4096R/AC28F00D0351B960 2015-07-25 [expires: 2020-07-23]
To fetch the full key from a public key server, you can simply do:
gpg --keyserver keys.riseup.net --recv-key AC28F00D0351B960
If you already know my old key, you can now verify that the new key is signed by the old one:
gpg --check-sigs AC28F00D0351B960
If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above:
gpg --fingerprint AC28F00D0351B960
While we're speaking about GPG, I would highly recommend monkeysign if you don't already have a fancy setup to manage keysigning; and also parcimonie (or even better, its bash version) to refresh your keyring without leaking it.
Please let me know if you have any questions, or problems, and sorry for the inconvenience.