<div dir="auto"><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">Hello,<br></div><div class="gmail_quote">
<br>
<br>
I started using gpg relatively recently (1 year or so), mainly for <br>
signing git commits, and I am far from mastering it.<br>
<br>
Since I was struggling to choose a strategy for expiring/renewing my <br>
subkeys (more details below) I decided to seek expert advice (hopefully this is the right place).<br>
<br>
At the moment, I have my primary key (with no expiry) stored on a <br>
offline drive.<br>
I created the key 1 year ago, alongside a set of subkeys whose expiry <br>
was due in 1 year.<br>
Since they recently expired, I created another triplet of subkeys (sign, <br>
author, encrypt) and started using them instead of the old ones.<br>
<br>
Now, when I was doing this I realized that this strategy is not <br>
particularly good, especially in the long run,<br>
since you have to recreate every year (or 2) the new subkeys and let the <br>
old ones expire (losing some trust?).<br>
Also, uploading the new keys to every website that you use (eg GitLab) <br>
is quite the annoying chore.<br>
<br>
So, I was wondering what's the best strategy I can use to keep my <br>
(sub)keys valid without compromising on security.<br>
Is bumping the expiry date every year or so a better solution?<br>
Also, are subkeys with unlimited expiry bad, or am I just being carried <br>
away?<br>
<br>
Regards</div><div class="gmail_quote" dir="auto"><br></div><div class="gmail_quote" dir="auto">PS: I would also like to add that is not related to any professional setting,</div><div class="gmail_quote" dir="auto">I am just trying to learn how to use gpg correctly (mainly to satisfy my curiosity).<br>
</div>
</div></div>