DabDeals Nucleus PGP Changed. Be cautious when ordering

Dabdeals from Nucleus's old PGP (also used on agora and can be found on Grams)

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.12 (MingW32)

mQINBFVOinIBEADZXalIfhQHQ7XnDH/MGHBoS0NFvIDEkwRp8c9gSREe3Uy+Ry18 s5uH9YcQ6Am/JbUJYLaFEgediOcPAUrLlGs+r6H3wQenkyd19dv+Yf3xJ3udxve1 dt1HLNMRKOlyO8nEc2LHLFJ8g29qXo4xdlmJeX1eG3nQNpBxXJiNMvZ/HoEoa9fs tLXVC+Fm+Y+GPfra9WSqGT5SJK23zXA6fkS3Wp6iib4GpwxR2Oh5LroKrQUix4hB GDu/E966XfzHYDZmfIHf/kfTTU0O7LecZi6HL64gQGX4bCRRob5ex1XgrVtquPqW QjcweHYVPw7YWY7JKqGG51EhnR23ddmxyjJSB/r3h3FxYh0pcwrvjXGHs3VMGjsn 9Q81fNuBhXArzzrv5U19d0qg6Jc8xIm7ET10YxCM9wyVd04gvkBwgyqtQB/GSiKO fafC3tld+K3/hMuJ+sprNy/i0cA86my7ed+/XKU2jMvxo+t3eC3tVofmZNo/yPOo PBf5eCqDTaEGBbZuQKb/A9D/ZO2IJrQMZqVzOYu6aAWxa+c+OvTts98v844UKmz9 P0Jkqby5yPDt6WFH9lxuQ2b8LQh6VJwahWGamlqeH3vYMQDOTVkNacYdmyLh5NLc +PjMfpsjSKUfwjsUDt8TiYUgz05rEbeQRbMxsDDfRN0pf0DXPgs8G79/OQARAQAB tBdkaXJlY3RkYWJzIDxkaXJlY3RkYWJzPokCNwQTAQoAIQUCVU6KcgIbAwULCQgH AwUVCgkICwUWAgMBAAIeAQIXgAAKCRBpCa7rxrb3jOjwD/469dAfTtt9oPDt2rO7 wL11J57rODvyz+voBQia5SxzHYWy3F5AHsmkG4+JCAw6b+v1X6wHURFKCZMHN/4a ldBSJKA5B9eIaVKwLxPbLxAFy1uxXp42VSkF1+s2ToGiMoxg0IlybWU1HtAhiJ8f E9MbICVV43FayA1v8d0Loqv1ZzxoSPN9+ZFc368ROqzhBKXYDpJNSJesH7uJfTW0 cmTxReZbcQuspdQgzYV4bpphKDLrHiTJ6JGnfjaeY2qLveLlmyhJu0NcS21mPZDl Umbzu5a9vIxMB6c9Q/CqMrwYFyzGc2TsziQLnlgF+/gimU3CDJieK2kZCbCj1j/g 10kBinuoC21foW5D7RCoVcmzaHRKAShNlwmRZBddCVaFSra9sv9J+6n+qT2Jud37 hIdWhJcp2X9YtxBiC7Uix4ZYBiUHczcI1WNW7Lb+/WBcPhHr8MTO7X1Du51EWcZT o3KJ7dv7FskYEL2j7Gj5uE9aLiKBJsp353GihbDKb5pel+gwP+dg0WDBLSWvbtIE i2GJ4A3108UDAEmgQg60oexI2Ysbld/H8M40RXzzwnyorEA5/4W2RtT2QXWBGMU5 YUHEzgj6S+PtQiZHO7YX5yVv7riNRaFC2eFN7H+6fx7U02ZJ2WPGXz6xK5kiaWob Wn5H0rZPYyCh7MPq14/tbOKQy7kCDQRVTopyARAA7cSgRaCVccnYKBsjMOQkKt9g wU6p98WWqbL8HqwkuJw4ukM1LGTFNNvDf3PkqzlJgKa0aXoE+cL1vNVX5TxDMFDX B5VI3u+pnsrR+suwP5WmmZqpmAkJuPQt6GUPUZm+nlvNZ3OUa2M5I3Xc+ZQHzDGG NBznleRjQ3UbwW/tqGEzJnk247FuIaGUsW2SYutU2jXpllAlk6M4iwqhFyBQlTKR X5zeKAw1HiOux8tGBixGUOnPQEcPeZ8k3Gd7202XtKV3maEd+AWixrStavaeqzST bylbs9pZybabaLETYuVcU7abfa9Esob+a6faOVi8JRuU3md1sJtas2UrH1aw3DOd lXaZGfio63RXC0x2FX5jGcXa1yV9ORl16SkTQtDNeRMq7c+TUURfYUieIY670dMj NNhHot83YOEuevRp7MkP5FBKX7FxSVPKGYvKyjZNdL2Fv6dQ/4xw/DTPv7CzTJJi gA7yglQoieyjvATD0qcHfbo1eHJEedwEZzzba/95XV+z4B/kcXDsZr76OKlhboxQ 82cjbyarxYpOaRygx0JJscIE7uCT5C4Ha5rKN1AvhaH/ynx4AtRnwoOTc9UXidCR dgFClq5Vo473gxx+0OcnV+108TWPUgRySpuelTTLsrVkJvqOto413Po/bFUc3ZKY z9qv4phqUlJU+j858Q8AEQEAAYkCHwQYAQoACQUCVU6KcgIbDAAKCRBpCa7rxrb3 jOjyD/sERGM4AIoLU35BOEQzNteCzssxU7kYcC9QJ7B4yP/iBvk+Be4n8OGKF4Gs SzZBfTzGCC8aFKZukEN45aHHYrcMfcJTv6SpW1lyxGKnJy96dxw+QT/JWe1j/nRg 8ZSaevBUl8ArSuXfh4mjtFRDMFG26HRED8mn0+M1IPIcKK1U26WNba6ZbSBVh8vb 9wIooH2AYgBgrthJ4hIs0PERkDKZaAMXHlBY4lihQXvDbHUhfz0aowUciTvcstNd 3h00ote7NPmMG+Z1kXPApSsVPPmeg8ifat8+vgI0hAaw/CGiFMmulCD2/ON6Zmat hukmJXucUzxMbFtrlKoybQ7cNIywntWUoTVfsYXXHOIp/tUKoQoa5eoLt0Ywoe5Q P+lli9nbwhB0ugSWlMOgg5Au5PGrqexJyFrgUt8l1niiwpkHofd8fEslUcNdb7xi Gr9uaH4vBynCx35wgnPK6jW8yd3w3yUePe5N/h83Tqv7mDhK4kikOqJc+GJILJXb SYzBpt9ZXMWgT88XuaC5APZ3oY04Ksnl7DvFN3qboELYMwMZra1lCMRm8JL0aEr8 6jNIaFTO87R0DCU99rzeWjqEYe2nUnc9WmtPPTmoPD50ko0o0s3p5KmaPkOVo3G0 tqs6IBOJrCrU9rBg71uKxqm/HXghkJ1ntfrsS9SX0z6+BBSp1w== =fhkP -----END PGP PUBLIC KEY BLOCK-----

And now they have a new key, nothing about it on their profile either.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFXnrsIBCAC5B3qFRF7s9crIKt2Rw3BvLX6rAqs7wy5YrizwAEL+WEhYN28u vcOC3eB5OdvhR2SdE0TSzahRWWAlPckCctJ6BFR+vvWaBApSkSWYcKNXID655+6l wX032OzpqeP/V69Fg7FWmy2DqyX/nzFy2olB7Z+XkLuZYUz156aw4/ebwQAs0dCQ FHFjPkOfELMQpIb6nXMeO8TcCC0mwcCpgFn6QQDppfEXmL18YB7ZObnA6THKG7eX cqZz0VgiXpH4n/MeLK20lOYhonnfJFhdBOP5O4Y63TvR9PX0343HeKB9CVIGGh++ RLEvWFkGziIUyS3MvX5Bi1GqOZndIH0bBCP3ABEBAAG0CmRpcmVjdGRhYnOJATcE EwEKACEFAlXnrsICGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQs4ykmHCA o9XJIQgAmvlyaUo2u7jOiSaeBMMeK+HfU22hAYmDj+DS4sJD6ZQVyPpU2OhGp60o M8VUa5Iomi13x83D8G7rOzcgT54GZ+4VBuQCHVedsJAJP92HCfoZ6eZ6dWsBCucB F+bs+yFXIxQH4CCafh6+9eJNiu8E+MS5fZXV8oYBh9NeUVn/CtbDyUbBMXaVPndR EVqLTZGarC1S0qUWv40Kh3TXe0KpEuOJvBeDt5a9t8aToiMfA+P3vgClzXaB8wwd MQCVbXSvIRqfQgURkOtZfDL84qC/ia4ot9x3axl5Qu8bUXdXYDG6P/BhKlHT1lGk 1yY6hvWNRUt4fidyOhPzp2I08+FF3LkBDQRV567CAQgAqKa+dXdsSA9P+wImOYNw rFFK+Sd/5cgxlWCAOk4L0I4ZxkfdJ0yD7oz1ZBvR91gYpZI9thRVs8WDV1O2Bq2T B4pzWydWIDe6bsTidLLg0lGf3RUHyYdZ7PAEg2U0/NYvNQpyHO+/t5zwFoYyNc/e TIkVuBh9Kf/sDpw4VJ2tqVqZXc5RalYO9SfAS75AVBYzpWWF9vnkE8QR1OpVWkdk viO4VsBlvdQM3BjfJrkfP4/0JlgaqoVCUfLF48GZE1Tanyr8AWMG37smEcYcdjId egfCObC+rnhfXAbmiVZkJ0xTLBnY0LvSFXK3/TNV46Yl3/xYOPh9jPHU+KjaWYsS iwARAQABiQEfBBgBCgAJBQJV567CAhsMAAoJELOMpJhwgKPV780IAJtp5xd/oP+/ U7kY4Wpm3AP1sk7IKrozuWnN8EV4cYUtyQcFkAyECdgsEaM5PZRcwwLjmKKYrope /XdRaB7cwxcTo75M9ue4oOFd624PgScHd+MjfOb5RDJuopSzBci78Kehj0MOzg/t C0dlEytsgyCgq5Cll0BfMz4LYil/iJ8Pa9t22+2A8f3gHal4EoXP58hQeK7KQOA5 VrYHHkTlakJxQAbIHkjCR1UO3oKFfoia6u0IrBIyd9SPqYKdI/H4szwmx4WF7Ud1 mb3F51WruUVHZJJ1mnjW/KWuHUMtGqKGG2Dz3oW37R02zpaCuVXPgp3b3X2pBjTj MaqVufIoqU0= =YrKv -----END PGP PUBLIC KEY BLOCK-----

:EDIT: Sorry I can't get the formatting right, but either way, title says it all and you can take a look by logging into Nucleus and checking


Comments


[2 Points] DirtyHippy69:

try sending them a message encrypted with their old PGP.


[2 Points] sapiophile:

As I wrote just yesterday:

When anyone decides to change any of their OpenPGP Keypairs, it is essential that they either sign the new key with the old, or release an OpenPGP-signed statement from the old key that validates the new key and includes either the complete new key itself or its complete Fingerprint.

Any other behavior should be considered to indicate that that person's identity has been compromised.

You can check if the new key is signed by the old after importing it by typing the following at the command line as the same user that you use GPG with normally (this will work on GNU/Linux systems like Tails but may have slightly different syntax on other operating systems):

gpg --check-sigs 0xNEWKEYID

Where "NEWKEYID" is substituted for the KeyID of the new key.

This will output any Key Signatures included with the new Public Key and if you have already imported the Public Key of any of those signers, those signatures will be verified. It is essential to look for the specific, exact KeyID of the OLD key among the output, as the name and other fields may be the same (and are of course easy to spoof). If you have several Keys in your Keyring associated with that particular name, you may even want to validate the full fingerprint of the old Key that Signed the new key.