You still have to receive an S/MIME signed mail to import and trust a peer´s encryption certificate. According to this discussion, it´s not a bug but a feature coming with iOS 8… Feel free to post some feedback to Apple like I did, and hope for a change.
Last weekend, the new version was published.
Thanks for all the positive reviews so far.
Questions and problem reports are welcome, preferably as e-mails, see my contact page in this blog.
Version 2.1 will support 32 and 64 bit architectures, as required by Apple.
An archived key can be restored back to an identity.
Loading the own profile in Safari via iCloud will be improved.
And a bug in ID password changes of archives will be fixed.
That´s all for now.
For those who work on a similar project, there´s some snippets from AYAI in page Source Code, dealing with RSA key and X.509 certificate generation with OpenSSL. It´s just for illustration purposes, not for copy and paste.
Bad news: In iOS 8, certificates sent in a mobile profile are not automatically installed for encryption. While the own private key is properly used, you will not be able to encrypt for a recipient or even yourself.
There is a workaround: Get a signed mail from your partner, tap on the sender name or address in this mail, and you get a dialog where you can install the certificate manually. Now you can encrypt for this partner. Apple provides a step-by-step guide in http://support.apple.com/kb/HT4979; don´t be confused by the outdated UI, it´s still working.
You can get version 2.0 from App Store now.
A new user interface with all generated keys, certificates, and archives allows to manage your encryption identities.
If you use iCloud, importing new private key profiles into your device’s system settings is much easier than before.
All identities can be synchronized over iCloud, or just kept locally, but always encrypted with your ID password.
Read the built-in user guide for more details.