Hello, I am using gpgme (set crypt_use_gpgme) to encrypt and sign mails using s/mime. Several (own and others') certificates have been expired and are still in gpg's database. I do not want to remove them, since I can still use them to validate/decrypt old mails. Still, I find it confusing (if not to say annoying), to get these expired certificates presented whenever I want to send an encrypted mail, e.g.:
1 x 4096/0x2D9822032E67A055 RSA es <[email protected]> 2 x 2048/0x22A43C4A51A69BFA RSA es <[email protected]> 3 x 2048/0x521AEDC8602571CD RSA es <[email protected]> 4 x 2048/0x7F378D998076E616 RSA es <[email protected]> Since I do not see the expiration date, I either have to guess it, ignore the problem, or look it up with gpgsm. I hope there already is an easy solution which I just have overseen. My preferred solution would be an option to ignore expired keys for encryption (but not for validation). I found pgp_show_unusable but that does not seem to affect s/mime mails. Maybe a corresponding option smime_show_unusable would be a good idea? Best regards Robert
smime.p7s
Description: S/MIME cryptographic signature
