Hi, A TradeRoute vendor has his Grams link in the description and the PGP key on Grams doesn't match the PGP key shown on TradeRoute. At the current time this should be seen as a clear red flag right?
He's on TradeRoute since Sept. 2016 but has only been active the last few days it seems (from the reviews). On Grams you can see good reviews from agora, evo, etc. so if he really is the same person, i'd trust him. Who can change the grams PGP Key, which one is more trusworthy?
Just ask him to sign his new key with the old one before you go forward with any business.
Changing your PGP key is not in and of itself a red flag. However it is a red flag if they cannot decrypt things with their old key or sign the new one with the old one. Make sure the whole fingerprint matches.
It will look like this: