Hello,

I am using gpgme (set crypt_use_gpgme) to encrypt and sign mails using
s/mime. Several (own and others') certificates have been expired and
are still in gpg's database. I do not want to remove them, since I can
still use them to validate/decrypt old mails. Still, I find it
confusing (if not to say annoying), to get these expired certificates
presented whenever I want to send an encrypted mail, e.g.:

1 x  4096/0x2D9822032E67A055 RSA  es <[email protected]>
2 x  2048/0x22A43C4A51A69BFA RSA  es <[email protected]>
3 x  2048/0x521AEDC8602571CD RSA  es <[email protected]>
4 x  2048/0x7F378D998076E616 RSA  es <[email protected]>

Since I do not see the expiration date, I either have to guess it,
ignore the problem, or look it up with gpgsm.

I hope there already is an easy solution which I just have overseen.
My preferred solution would be an option to ignore expired keys for
encryption (but not for validation). I found pgp_show_unusable but
that does not seem to affect s/mime mails. Maybe a corresponding
option smime_show_unusable would be a good idea?


Best regards
Robert 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to