In the sign/encrypt dialog there are currently offered all UIDs of a certificate for signing as well as encryption. This includes revoked UIDs. (This is a recent "feature", in VSD 3.2.2 this was not the case.)
Todo:
Edit 2024-07-11:
~~# Revoked UIDs should not be offered either for encryption or signing~~
~~# For signing all valid UIDs of a private key should be offered~~
~~# For encryption only the primary user-ID of a certificate should be offered. Add a tooltip with the information that additional user ids exist. Or maybe list the other valid UIDs in the tooltip.~~
# show all valid (not revoked and not expired) User-Ids in the existing drop down lists
# add a button on the right side of the drop down to choose from the certificate list (with filter "only with secret" set)
# in case a revoked or expired certificate is selected, give a better error: "Error: The selected certificate is not valid" (for both public and secret keys, although in the latter case it should probably better be "The selected key is not valid")