#696 can't sign when subkey expired, insufficient error message

[Daniel Kahn Gillmor]

over on https://bugs.debian.org/870505, Daniel Pocock writes:

I wanted to send a signed message but Enigmail wouldn't let me. A popup
was appearing:

"encryption command failed"

After investigating at the command line, I found my subkey had expired.
This is fine for a knowledgable user but not sufficient for somebody who
relies on the GUI.

This error appears for many other problems too, so even using a search
engine doesn't help a user work out what is wrong.

I used "gpg --edit-key ...." to see my keys and this made it obvious the
key had expired.

On the machine with my master private key, I ran the following commands
to update the expiry on the subkeys:

gpg --edit-key
key 2
key 3
expire
365
save

and then I sent my key out to the keyservers, exported the whole key to
a file and imported it on the laptop where subkeys are used.

It would be really useful to have some of this automated through
Enigmail too: it could:

a) show a message telling you when the subkey expired

b) remind you to update it on the machine with the master key

c) offer to try and fetch the updated key from a keyserver or import it
from a file

As a bonus, maybe it can even warn the user 30 days before it expires?

[Patrick Brunschwig]

That's already implemented on master (part of bug 489).