I installed GnuPG on my main Windows computer, and created primary key. I was stupid at that time, and used the primary key as a signing key in git, and uploaded its public key to GitHub. These commits show as Verified on GitHub.
I later changed my mind and generated a new subkey, set it to the signing key for git. However, when I tried to upload the public key to GitHub, it says "Key already exists and Public key already exists" and fails. GitHub email, git email and gpg email seems to be the same.
Do I need to delete the public key for the primary key I uploaded on GitHub? Are there any other steps I need to do to make them Verified?
gpg --armor --export both public keys looked the same.I solved this be deleting the existing key and uploading the new one. Previous commits were still verified after uploading the new key. I think this is because the old signing key is still present.
After doing this github will show multiple subkeys in the GPG keys section of your settings.