In the case of needing to create new self sigs (for example to add policy-urls or notations):
gpg --no-greet --expert --cert-policy-url http://example.com/policy --sign-key <keyid> <keyid>
If the --expert
flag is not given gpg will just say that there is nothing to be done.
gpg --no-greet --list-sigs <keyid>
Will show both signatures. The old sigs will still float around the network as they have not been revoked. Compliant implementations will only use the most recent signature. The old signatures can be trimmed from the local key using:
gpg --no-greet --edit-key <keyid>
...
gpg> minimize
...
gpg> save
But if one redownloads the key from the keyservers the old sig is probably still there, as keyservers always merge when receiving an update.