Don't know if this helps in your application but if you have old files you can just decrypt them with the old key. If it's important to store them in an encrypted state you can encrypt them again with the new key. After that you can revoke the old key.
Yeah I could do that, it just seems unnecessary when you can sign the new key with the old key and decrypt both. Turns out it actually chooses the right key so there is no problem