Switch to the new combobox for choosing signing/encryption keys for identity. The combobox only lists keys matched by email of the identity and has a feature to quickly generate a new key pair.
This removes the ability to choose a key with email address different from that of the identity, but I don't think that will affect any users - we can certainly improve on that if there is a negative feedback, but as Andre said, let's design a friendly UI for the 95% of users here rather than having an over-complex UI for 100% users that only 5% understand.