Over the weekend, a personal computer I own was stolen. Fortunately, it contains no personal, financial, or customer data. However, it has a copy of the private key I use to sign PGP-encrypted messages.
What that means is that the person or persons who stole the PC, or anyone else who gains access to it,, can create encrypted messages that appear to come from me. However, the thieves don’t have my pass phrase. This means they can’t decrypt messages from others encrypted with my public key.
To avoid the possibility that someone might impersonate me with the stolen PGP private key, I’ve created a new PGP public/private key pair. I’ve also revoked the stolen public keys so that others can't encrypt data to these keys.
I've attached my new public key to this message. Download mark_nestmannnew.asc
Please use this key for all future encrypted correspondence with me. It's also on the PGP key server at https://keyserver.pgp.com.
Incidentally, changing your encryption keys periodically is a good security precaution. The more you use an encryption key, the more attempts a hacker has to attack it by brute force. And, if your PC is ever lost or stolen, you should definitely generate a new key pair.
For those of you who communicate with me via encrypted e-mail, I apologize for the inconvenience.
Copyright © 2008 by Mark Nestmann
P.S. If you want to send me an encrypted message, please use the attached public key.
Comments