If a keypair does have at least one encryption subkey, but none of them is valid, it should be highlighted in the certificate list that something is not as it should.
This should be done via an appearance filter. We could use a "! " before the status and in VSD versions not use the green background but orange.

In the details view, we should in this case add a warning widget at the top of the window warning "No usable encryption subkey."