New PGP Keys for 2026 and beyond!

Published on 2026-02-21

It has been nearly 10 years since I generated my original PGP keys that I use for software signing. It's about time to rotate the keys.

I have no reason to suspect that my prior keys have been compromised. However, I will be revoking them within the next day to ensure that the new keys are used going forward.

Unlike the prior keys, the new root key was generated on an air-gapped machine and protected by secure hardware before being shredded. This strictly limits access to the private keys, keeping them safer from software compromises.

New Root Key

The new pgp fingerprint I will be using going forward:

CDDF22CE9A8C9A9A942CA044B47A9AF0C71167A5

The full keyfile can be downloaded here.

Subkeys are generated directly on secure hardware and will be rotated every 5 years. These keys will be used for commit and release signing, with the first subkey being: 5A59-6077.

The new key has been signed the previous key, E081-F37C, so that it may be verified using existing trust.