diff --git a/crates/keyfork-shard/src/openpgp.rs b/crates/keyfork-shard/src/openpgp.rs
index be4ec47..11f759a 100644
--- a/crates/keyfork-shard/src/openpgp.rs
+++ b/crates/keyfork-shard/src/openpgp.rs
@@ -25,7 +25,7 @@ use openpgp::{
         stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
         Parse,
     },
-    policy::{NullPolicy, Policy, StandardPolicy},
+    policy::{NullPolicy, Policy},
     serialize::{
         stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
         Marshal,
@@ -276,7 +276,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
         key_data: &[Self::PublicKey],
         threshold: u8,
     ) -> Result<Self::EncryptedData, Self::Error> {
-        let policy = StandardPolicy::new();
+        let policy = NullPolicy::new();
         let mut pp = vec![SHARD_METADATA_VERSION, threshold];
         // Note: Sequoia does not export private keys on a Cert, only on a TSK
         signing_key
@@ -362,7 +362,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
         public_key: &Cert,
         signing_key: &mut Self::SigningKey,
     ) -> Result<EncryptedMessage> {
-        let policy = StandardPolicy::new();
+        let policy = NullPolicy::new();
         let valid_cert = public_key
             .with_policy(&policy, None)
             .map_err(Error::Sequoia)?;
@@ -577,7 +577,8 @@ fn get_encryption_keys<'a>(
     openpgp::packet::key::UnspecifiedRole,
 > {
     cert.keys()
-        .alive()
+        // NOTE: this causes complications on Airgap systems
+        // .alive()
         .revoked(false)
         .supported()
         .for_storage_encryption()