Bug 339087 - you cannot encrypt to an expired OpenPGP certificate
Summary: you cannot encrypt to an expired OpenPGP certificate
Alias: None
Product: kmail2
Classification: Applications
Component: crypto (show other bugs)
Version: 5.1.3
Platform: openSUSE Linux
: NOR wishlist
Target Milestone: ---
Assignee: kdepim bugs
Depends on:
Reported: 2014-09-15 00:33 UTC by Hauke Laging
Modified: 2017-01-18 18:56 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:


Note You need to log in before you can comment on or make changes to this bug.
Description Hauke Laging 2014-09-15 00:33:29 UTC
KMail does not allow to encrypt to expired certificates. It is OK to warn about that (and would be a failure not to do so) but not allowing to encrypt to this key is a severe security failure because it does not make any sense and forces the user to use a different key (if available, usually not) or to send the mail unencrypted.

This is similar to the old (meanwhile solved) problem that you could not encrypt to non-valid keys. Of course, encrypting to a non-valid (i.e. never has been valid) key is much more severe that encrypting to an expired one which a purely formal problem not a technical one.

Reproducible: Always

Steps to Reproduce:
1. Let a certificate expire.
2. Try to send a mail encrypted to this certificate.

Actual Results:  
Email cannot be sent.

Expected Results:  
Warning which can be overridden.
Comment 1 Hauke Laging 2014-09-16 00:03:20 UTC
I have to "suspend" this bug report as it turned out that this is a problem of the underlying GnuPG (at least gpg) which currently does not allow this. Maybe this will be changed in future versions.

But I don't know whether this problem affects gpgme, though.


There is no concensus in the community what is the right behaviour.
Comment 2 kolAflash 2016-09-25 22:10:24 UTC
Still valid for KMail 5.1.3 (KDE Frameworks 5.21.0 on openSUSE 42.1)

Related: https://bugs.kde.org/show_bug.cgi?id=369358
Comment 3 kolAflash 2016-09-25 22:41:22 UTC
Another attempt to get this fixed.
Comment 4 Denis Kurz 2017-01-18 18:56:57 UTC
You already came to the conclusion that this is a limitation of the underlying gnupg, so I close this bug as UPSTREAM.