Yearly Expiring Subkeys

How do you guys manage expiration of your GPG keys? I’ve got an non expiring Master-Key and 3 separate Subkeys for signing, auth and decryption, each expiring after 12 months.
This is no problem itself, but if I just create yearly new subkeys, I couldn’t save them on my single Nitro-Key and thus couldn’t read older emails, for example.
I could have one nitrokey per year but…hummm

Does someone have an suggestion how to securely manage gpg keys without throwing security completely overboard?
Thanks

Hi @Nitramin!

In case you are not aware, you can extend the lifetime of the GnuPG key just before it is marked to expire. You just need to modify your public key locally and then distribute it either manually or by a key server.
For the encryption keys, you can make backups of it for the each release, but I understand this would not really be handy once you would like to explore the data archives.

@nitroalex Any tips on the general key management strategy for such case?

I do not rotate my keys. I am not sure how to handle this in a smart way on smart cards. Honestly, I just would say do not rotate your keys, you are protecting them in hardware, so there is no need for this… isn’t it?