I use PGP. Very nearly all emails I send are digitally signed. Many Git and Mercurial commits and tags I produce are digitally signed.
In 2015, I started doing triennial key rotations. (Someday, I’ll write up the process here.)
jashankj-2024-D30F0AB8EF0C1E3F53DBB514F108BB9FF2F9FA09(current; 2024-11-23…2027-12-08)jashankj-2021-A604C334C611273232E4B28CFBA811F7695789E9(expired; 2021-11-03…2024-11-17)jashankj-2018-FE4D6AA83736591CFAD30D97DCE96CF58D931E04(expired; 2018-10-26…2021-11-09)jashankj-2015-3DCD6664D5B046260A8B124B85CF5F37E007C233(expired; 2015-10-27…2018-11-23)jashankj-2005-D05D79F141DA2FB5233E0565ACC5E46725A5C309(2005-11-22…)