diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
index d6864104..40c0af61 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
@@ -393,7 +393,22 @@ public final class DecryptionStreamFactory {
                     continue;
                 }
 
-                PGPSecretKey secretKey = secretKeys.getSecretKey(keyId);
+                // Make sure that the recipient key is encryption capable and non-expired
+                KeyRingInfo info = new KeyRingInfo(secretKeys);
+                List<PGPPublicKey> encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
+
+                PGPSecretKey secretKey = null;
+                for (PGPPublicKey pubkey : encryptionSubkeys) {
+                    if (pubkey.getKeyID() == keyId) {
+                        secretKey = secretKeys.getSecretKey(keyId);
+                        break;
+                    }
+                }
+
+                if (secretKey == null) {
+                    LOGGER.debug("Key " + Long.toHexString(keyId) + " is not valid or not capable for decryption.");
+                }
+
                 privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true);
             }
             if (privateKey == null) {