Hello,
I started using gpg relatively recently (1 year or so), mainly for signing git commits, and I am far from mastering it. Since I was struggling to choose a strategy for expiring/renewing my subkeys (more details below) I decided to seek expert advice (hopefully this is the right place). At the moment, I have my primary key (with no expiry) stored on a offline drive. I created the key 1 year ago, alongside a set of subkeys whose expiry was due in 1 year. Since they recently expired, I created another triplet of subkeys (sign, author, encrypt) and started using them instead of the old ones. Now, when I was doing this I realized that this strategy is not particularly good, especially in the long run, since you have to recreate every year (or 2) the new subkeys and let the old ones expire (losing some trust?). Also, uploading the new keys to every website that you use (eg GitLab) is quite the annoying chore. So, I was wondering what's the best strategy I can use to keep my (sub)keys valid without compromising on security. Is bumping the expiry date every year or so a better solution? Also, are subkeys with unlimited expiry bad, or am I just being carried away? Regards PS: I would also like to add that is not related to any professional setting, I am just trying to learn how to use gpg correctly (mainly to satisfy my curiosity).
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
