I have a recipient (gov entity) who uses an invalid (fired employee) key, but they still demand us encrypting data sent to them using that invalid key.
GPG OL suggests to use only the Sender’s public key or Nothing to the recipient.
The “invalid” key is successfully imported and visible in Kleopatra…
Why can’t we select the recipient’s public key when sending them a message?
of course. It only shows the Sender key… not the imported Recipient key
Because security. Invalid keys are invalid for a reason.
They should create a new key, it’s easy! 
yea… try telling that to a gov agency… but thanks!
Probably I misunderstood the issue. I thought invalid in this case meant just that the employee was fired but that alone doesn’t make a key invalid. So it was revoked or something?
https://www.fsc.bg/wp-content/uploads/2025/03/ict_contact_point@fsc.bg_2027.asc.zip
This is the official government key. I import it into Kleopatra, but then the plugin can’t see it (it is visible in Kleopatra). Any idea why it can’t be used? They claim it is still valid…
Ah, it is a file with a p7s extension and this extension is used for S/MIME signatures (see standard RFC 2311 and search for “p7s”)! What you got is not a key (or certificate how it is called when it comes to S/MIME) but a signature 
But to encrypt an email you need an OpenPGP-key or a S/MIME-certificate. And in the window where you select the keys of the recipients you have to ensure that S/MIME is enabled in the top right corner when they really send you a S/MIME-certificate.
also, you will have to import the Root certificate of that S/MIME certificate, too, and set it to “trusted” after verifying it. The latter is easy, Kleopatra will ask you after you imported a Root certificate.
