S/MIME questions: how to set default key?

Sun Jan 3 22:23:56 CET 2016

Hi!

I'm trying to set up mutt with gpgsm for S/MIME.

The documentation was not easy to get together, but I'm now in a state
where I can read signed and even encrypted emails I already had.

Currently I'm stumped at signing new mails.
I always get "error signing data: Certificate expired?"

I do have two certificates, one that is expired and one that is not.

# gpgsm -K tk at giga
.../.gnupg/pubring.kbx
----------------------------
           ID: 0xID1
          S/N: 0...
       Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
      Subject: /CN=CAcert WoT User/EMail=tk at giga.or.at
          aka: tk at giga.or.at
     validity: 2013-... through 2015-...
     key type: 2048 bit RSA
    key usage: digitalSignature keyEncipherment keyAgreement
ext key usage: emailProtection (suggested), clientAuth (suggested), 1.3.6.1.4.1.311.10.3.4 (suggested), serverGatedCrypto.ms (suggested), serverGatedCrypto.ns (suggested)
  fingerprint: FI:NG:ER:PR:IN:T1

           ID: 0xID2
          S/N: ...
       Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
      Subject: /CN=CAcert WoT User/EMail=tk at giga.or.at
          aka: tk at giga.or.at
     validity: 2015-... through 2017-...
     key type: 2048 bit RSA
    key usage: digitalSignature keyEncipherment keyAgreement
ext key usage: emailProtection (suggested), clientAuth (suggested), 1.3.6.1.4.1.311.10.3.4 (suggested), serverGatedCrypto.ms (suggested), serverGatedCrypto.ns (suggested)
  fingerprint: FI:NG:ER:PR:IN:T2

I guess the wrong one is chosen; so I tried setting in .muttrc:

set smime_default_key=0xID2

but this doesn't change anything, nor did

set smime_default_key=FI:NG:ER:PR:IN:T2

Does anyone here know how to fix this?

Thanks,
 Thomas