Page MenuHome GnuPG

If there are more than one S/MIME Keys you can select the key for encription, but not the key used for signing
Open, LowPublic

Description

If you have more than one S/MIME key for the same mail address, you can select the key to use for encryption, but not the key used for signing. The signing key will in all cases be the most old key available. This can lead to situations where encryption is failing, because the encryption key ist valid, but the signing key is not. You can then change the key used for encryption, but not the one used for signing.

Details

Version
3.2.0.0

Event Timeline

werner edited projects, added vsd, kleopatra, Restricted Project; removed gpg4win.Sat, Mar 23, 1:30 PM

From your description it is not clear what you did exactly.

I tried to reproduce this with sign+encrypt for file encryption in Kleopatra where it works for me, I can choose different S/MIME keys for signature and encryption. And they are actually used like selected, too, of course.

Did you encounter this with Kleopatra or GpgOL?
If the latter, what are your settings there? Please add a screenshot from the first GpgOL configuration tab.

Generally, gpgsm needs to be told which key to use. In Kleopatra, the last used keys are preselected.

But the way you describe your issue "you can not select" makes me suspect that the key you want to use is not offered at all in the drop down menu fur the signature. But it is selectable for encryption, correct?
In that case I would assume the certificate is only valid for encryption, and not for signing.
To check that, go to Details->More Details and have a look ath the "keyusage" line. What does it say?

aheinecke removed projects: Restricted Project, kleopatra, vsd.
aheinecke added a subscriber: aheinecke.

I cannot think of any of our products where you cannot chose the signing key.

I assume the support answers helped, therefore closing this.
In case there is evidence of a bug please give more information and reopen the ticket.