How do you guys manage expiration of your GPG keys? I’ve got an non expiring Master-Key and 3 separate Subkeys for signing, auth and decryption, each expiring after 12 months.
This is no problem itself, but if I just create yearly new subkeys, I couldn’t save them on my single Nitro-Key and thus couldn’t read older emails, for example.
I could have one nitrokey per year but…hummm
Does someone have an suggestion how to securely manage gpg keys without throwing security completely overboard?