How to update or remove an expired passive-attack-protection-only keyring