GPGME has the can_encrypt et al. flags to show whether a key is capabale of encryption. However, for an expired key these flags are not set in the gpgme_key_t but only in the gpgme_subkey_t. This allows to quickly see whether a key can actually be used for encryption and if not to skip to the next key. The same is true for can_sign if the primary key has only the certify capability.

OTOH, it is also useful to find expired keys and to tell the user that they (sub)key exists and needs to be prolonged. Instead of requiring the caller to scan all subkeys new flags to show the theoretical capability are a useful addition.