Background: The client should generate and publish a new singedPreKey in their bundle every now and then (7-14 days). The old signedPreKey must be kept for ~a month in order to decrypt delayed preKeyMessages that were encrypted using the old signedPreKey. In order to strengthen forward secrecy, the old key should be deleted after a month though.
Possible solutions:
Rotate keys every n days and ensure that maximal floor(28/n) keys are kept in storage.
Store a creation date for every key and rotate/delete when keys are too old.
Manual rotation of the signedPreKey is already possible
Background: The client should generate and publish a new singedPreKey in their bundle every now and then (7-14 days). The old signedPreKey must be kept for ~a month in order to decrypt delayed preKeyMessages that were encrypted using the old signedPreKey. In order to strengthen forward secrecy, the old key should be deleted after a month though.
Possible solutions:
Manual rotation of the signedPreKey is already possible