Invaild S/MIME certificates are offered for encryption in Kleopatra. This then correctly results in an error message when trying to encrypt.
Expected: That the invalid certificate is not offered in the first place, since encryption with t is not possible anyway.
| rLIBKLEO Libkleo | |||
| rLIBKLEObf79357a2bcb Modernize DefaultKeyFilter | |||
| rLIBKLEO37d7eb3b1c68 Add "valid if S/MIME" condition to key filters | |||
| rKLEOPATRA Kleopatra | |||
| rKLEOPATRA6184c7b0fe14 Do not offer invalid S/MIME certificates for signing or encryption | |||
This is because Kleopatra does not differentiate between invalid S/MIME and unverified OpenPGP certificates and we want to be able to encrypt to unverified OpenPGP certificates.
Still this should be changed. I am setting it as wishlist because it was never different.
It should no longer be possible to choose invalid S/MIME certificates as signing or encryption keys via the drop-down boxes or the input field. (The key selection dialog still offers all certificates.)
yes, confirmed. And if I insist on choosing this certificate via the selection dialog I can not encrypt to this certificate, as sign/encrypt is grayed out. (As long as there is no valid key chosen additionally.)