I'm wondering whether we didn't do this for a reason. Currently, groups are only used in the certificate line edit. Didn't we want to show all groups to give the user the chance to notice a group containing an unsuitable key? If we filter out the group then the user will have a much harder time to find out why the group isn't offered. Things may be different for the key selection combo box which is primarily (or exclusively?) used for the user's own keys without even offering groups.

Update: I checked the code. We currently only check for expiry, but we don't seem to check if a group is actually usable for encryption so the user will probably only notice that there's a problem when they try to encrypt.

I think I haven't been clear enough about the issue for this ticket, sorry about that. My main concern here is that in Kleopatra's Certificate Selection Dialog, the key filters don't filter the keygroups at all, i.e., if i select the "OpenPGP Certificates" filter, a group containing only SMIME keys is still visible.

In T6970#182601, @ikloecker wrote:

Update: I checked the code. We currently only check for expiry, but we don't seem to check if a group is actually usable for encryption so the user will probably only notice that there's a problem when they try to encrypt.

Is also an excellent point

In the Certificate Selection Dialog where the user controls the filter it makes sense to apply them also to key groups. The only question is how, i.e. with all_of or with any_of? I'm leaning towards any_of, e.g. if "OpenPGP Certificates" is selected then all key groups are shown that contain at least one OpenPGP certificate. This would also address my concern that key groups could be hidden if they contain an unsuitable key because they would only be hidden if all keys are unsuitable.