I'm trying to figure out how the best approach to managing GPG keys during my career is when I change jobs.
To my knowledge, there are two ways to achieve this:
- Have a main / main GPG key with subkeys for signing and encrypting.
- Have multiple GPG keys.
I am more confident and tend to have a GPG key with subkeys and multiple user IDs.
Every time I start a new job with an organization, I would create a new user ID with the email address for that company. I would also revoke the previous user ID.
Does that seem okay? Or am I missing something?