Restructure PGP Keys
How do I restructure my keys from current/old setup to new setup? The new setup would allow better key-management: isolation of primary-key and rotation of sub-keys.
Current/Old Setup: PrimaryKey - CS SubKey - E
New Setup: PrimaryKey - C SubKey1 - E Subkey2 - S
I think of four options.
Option 1: Create new SubKey with S-only and change usage of PrimaryKey to C-only.
Option 2: Create new PrimaryKey with C-only and add the OldPrimaryKey+OldSubKey as SubKeys, by the method mentioned at Migrating GPG master keys as subkeys to new master key
Option 3: Create new PrimaryKey with C-only and add the OldPrimaryKey+OldSubKey as SubKeys, using 'addkey'+'Existing key' option.
Option 4: Do a complete key transition. Create new set of keys: PrimaryKey-C, SubKey-S, and SubKey-E. Then, sign the new key using the old key to certify transition.
Thoughts?