KMail does not allow to encrypt to expired certificates. It is OK to warn about that (and would be a failure not to do so) but not allowing to encrypt to this key is a severe security failure because it does not make any sense and forces the user to use a different key (if available, usually not) or to send the mail unencrypted. This is similar to the old (meanwhile solved) problem that you could not encrypt to non-valid keys. Of course, encrypting to a non-valid (i.e. never has been valid) key is much more severe that encrypting to an expired one which a purely formal problem not a technical one. Reproducible: Always Steps to Reproduce: 1. Let a certificate expire. 2. Try to send a mail encrypted to this certificate. Actual Results: Email cannot be sent. Expected Results: Warning which can be overridden.
I have to "suspend" this bug report as it turned out that this is a problem of the underlying GnuPG (at least gpg) which currently does not allow this. Maybe this will be changed in future versions. But I don't know whether this problem affects gpgme, though. http://lists.gnupg.org/pipermail/gnupg-users/2014-September/050850.html There is no concensus in the community what is the right behaviour.
Still valid for KMail 5.1.3 (KDE Frameworks 5.21.0 on openSUSE 42.1) Related: https://bugs.kde.org/show_bug.cgi?id=369358
Another attempt to get this fixed. https://bugs.gnupg.org/gnupg/issue2703
You already came to the conclusion that this is a limitation of the underlying gnupg, so I close this bug as UPSTREAM.