diff --git a/Cargo.lock b/Cargo.lock
index 8c9dcee..0d88b51 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1798,7 +1798,7 @@ dependencies = [
 
 [[package]]
 name = "keyfork"
-version = "0.2.2"
+version = "0.2.3"
 dependencies = [
  "card-backend-pcsc",
  "clap",
@@ -1962,7 +1962,7 @@ dependencies = [
 
 [[package]]
 name = "keyfork-shard"
-version = "0.2.1"
+version = "0.2.2"
 dependencies = [
  "aes-gcm",
  "anyhow",
diff --git a/crates/keyfork-shard/Cargo.toml b/crates/keyfork-shard/Cargo.toml
index 31b7e09..3d8050b 100644
--- a/crates/keyfork-shard/Cargo.toml
+++ b/crates/keyfork-shard/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "keyfork-shard"
-version = "0.2.1"
+version = "0.2.2"
 edition = "2021"
 license = "AGPL-3.0-only"
 
diff --git a/crates/keyfork-shard/src/openpgp.rs b/crates/keyfork-shard/src/openpgp.rs
index be4ec47..11f759a 100644
--- a/crates/keyfork-shard/src/openpgp.rs
+++ b/crates/keyfork-shard/src/openpgp.rs
@@ -25,7 +25,7 @@ use openpgp::{
         stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
         Parse,
     },
-    policy::{NullPolicy, Policy, StandardPolicy},
+    policy::{NullPolicy, Policy},
     serialize::{
         stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
         Marshal,
@@ -276,7 +276,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
         key_data: &[Self::PublicKey],
         threshold: u8,
     ) -> Result<Self::EncryptedData, Self::Error> {
-        let policy = StandardPolicy::new();
+        let policy = NullPolicy::new();
         let mut pp = vec![SHARD_METADATA_VERSION, threshold];
         // Note: Sequoia does not export private keys on a Cert, only on a TSK
         signing_key
@@ -362,7 +362,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
         public_key: &Cert,
         signing_key: &mut Self::SigningKey,
     ) -> Result<EncryptedMessage> {
-        let policy = StandardPolicy::new();
+        let policy = NullPolicy::new();
         let valid_cert = public_key
             .with_policy(&policy, None)
             .map_err(Error::Sequoia)?;
@@ -577,7 +577,8 @@ fn get_encryption_keys<'a>(
     openpgp::packet::key::UnspecifiedRole,
 > {
     cert.keys()
-        .alive()
+        // NOTE: this causes complications on Airgap systems
+        // .alive()
         .revoked(false)
         .supported()
         .for_storage_encryption()
diff --git a/crates/keyfork/Cargo.toml b/crates/keyfork/Cargo.toml
index 5a732a8..96e937d 100644
--- a/crates/keyfork/Cargo.toml
+++ b/crates/keyfork/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "keyfork"
-version = "0.2.2"
+version = "0.2.3"
 edition = "2021"
 license = "AGPL-3.0-only"