diff --git a/pgp/internal.go b/pgp/internal.go
index 32afab87..3747d627 100644
--- a/pgp/internal.go
+++ b/pgp/internal.go
@@ -108,13 +108,20 @@ func (g *GoSigner) Init() error {
 		return errors.Wrap(err, "error load secret keyring")
 	}
 
-	if len(g.secretKeyring) == 0 {
-		return fmt.Errorf("looks like there are no keys in gpg, please create one (official manual: http://www.gnupg.org/gph/en/manual.html)")
-	}
-
 	if g.keyRef == "" {
 		// no key reference, pick the first key
-		g.signer = g.secretKeyring[0]
+		for _, signer := range g.secretKeyring {
+			if !validEntity(signer) {
+				continue
+			}
+
+			g.signer = signer
+			break
+		}
+
+		if g.signer == nil {
+			return fmt.Errorf("looks like there are no keys in gpg, please create one (official manual: http://www.gnupg.org/gph/en/manual.html)")
+		}
 	} else {
 	pickKeyLoop:
 		for _, signer := range g.secretKeyring {
@@ -124,6 +131,10 @@ func (g *GoSigner) Init() error {
 				break
 			}
 
+			if !validEntity(signer) {
+				continue
+			}
+
 			for name := range signer.Identities {
 				if strings.Contains(name, g.keyRef) {
 					g.signer = signer
@@ -148,6 +159,12 @@ func (g *GoSigner) Init() error {
 			i++
 		}
 
+		fmt.Printf("openpgp: %s-bit %s key, ID %s, created %s\n",
+			keyBits(g.signer.PrimaryKey.PublicKey),
+			pubkeyAlgorithmName(g.signer.PrimaryKey.PubKeyAlgo),
+			KeyFromUint64(g.signer.PrimaryKey.KeyId),
+			g.signer.PrimaryKey.CreationTime.Format("2006-01-02"))
+
 		if g.passphrase == "" {
 			if g.batch {
 				return errors.New("key is locked with passphrase, but no passphrase was given in batch mode")
@@ -456,7 +473,7 @@ func loadKeyRing(name string, ignoreMissing bool) (openpgp.EntityList, error) {
 	if err != nil {
 		if os.IsNotExist(err) {
 			if !ignoreMissing {
-				fmt.Printf("opengpg: failure opening keyring '%s': %s", name, err)
+				fmt.Printf("opengpg: failure opening keyring '%s': %s\n", name, err)
 			}
 			return nil, nil
 		}
diff --git a/pgp/openpgp.go b/pgp/openpgp.go
index 6c5e15d6..046feb48 100644
--- a/pgp/openpgp.go
+++ b/pgp/openpgp.go
@@ -3,6 +3,9 @@ package pgp
 import (
 	"bytes"
 	"crypto"
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"crypto/rsa"
 	"hash"
 	"io"
 	"strconv"
@@ -191,3 +194,50 @@ func pubkeyAlgorithmName(algorithm packet.PublicKeyAlgorithm) string {
 
 	return "unknown"
 }
+
+func keyBits(key interface{}) string {
+	switch k := key.(type) {
+	case *rsa.PublicKey:
+		return strconv.Itoa(k.N.BitLen())
+	case *dsa.PublicKey:
+		return strconv.Itoa(k.P.BitLen())
+	case *ecdsa.PublicKey:
+		return strconv.Itoa(k.Curve.Params().BitSize)
+	default:
+		return "?"
+	}
+}
+
+func validEntity(entity *openpgp.Entity) bool {
+	var selfSig *packet.Signature
+	for _, ident := range entity.Identities {
+		if selfSig == nil {
+			selfSig = ident.SelfSignature
+		} else if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId {
+			selfSig = ident.SelfSignature
+			break
+		}
+	}
+
+	if selfSig == nil {
+		return false
+	}
+
+	if len(entity.Revocations) > 0 {
+		return false
+	}
+
+	if selfSig.RevocationReason != nil {
+		return false
+	}
+
+	if !selfSig.FlagsValid {
+		return false
+	}
+
+	if selfSig.KeyLifetimeSecs != nil && selfSig.CreationTime.Add(time.Duration(*selfSig.KeyLifetimeSecs)*time.Second).Before(time.Now()) {
+		return false
+	}
+
+	return true
+}
diff --git a/system/t06_publish/PublishRepo31Test_gold b/system/t06_publish/PublishRepo31Test_gold
index 7f8c4b42..1c29ddaf 100644
--- a/system/t06_publish/PublishRepo31Test_gold
+++ b/system/t06_publish/PublishRepo31Test_gold
@@ -1,4 +1,5 @@
 openpgp: Passphrase is required to unlock private key "Aptly Tester (don't use it) <test@aptly.info>"
+openpgp: 1024-bit DSA key, ID F30E8CB9CDDE2AF8, created 2014-08-30
 Loading packages...
 Generating metadata files and linking package files...
 Finalizing metadata files...