Bad news: In iOS 8, certificates sent in a mobile profile are not automatically installed for encryption. While the own private key is properly used, you will not be able to encrypt for a recipient or even yourself.
There is a workaround: Get a signed mail from your partner, tap on the sender name or address in this mail, and you get a dialog where you can install the certificate manually. Now you can encrypt for this partner. Apple provides a step-by-step guide in http://support.apple.com/kb/HT4979; don´t be confused by the outdated UI, it´s still working.
You can get version 2.0 from App Store now.
A new user interface with all generated keys, certificates, and archives allows to manage your encryption identities.
If you use iCloud, importing new private key profiles into your device’s system settings is much easier than before.
All identities can be synchronized over iCloud, or just kept locally, but always encrypted with your ID password.
Read the built-in user guide for more details.
Contact me via e-mail to get my S/MIME public key. I need your device´s UDID to add it to my ad-hoc distribution profile for the next pre-release build.
I started with version 2.0, which will mainly bring a modern user interface, plus iCloud storage and synchronization of the encrypted key and certificate files in addition to iTunes based backups.
Again, your feedback is welcome.
Get version 1.1.1 right now. It provides a bug fix and a small improvement.
No, it isn’t.
Any mail headers and the S/MIME encryption table are more or less readable:
All mail recipient’s addresses and the mail subject are not encrypted.
Also, all names of certificate issuers are in clear and can be decoded by ASN.1 tools, like OpenSSL.
This is also the case if you send your mail to one or more BCC recipients – they can be disclosed by the S/MIME encryption table, because there is only one mail transmitted to the SMTP server (at least, iOS Mail is doing so). So avoid BCC if you encrypt mails.
In summary, S/MIME encryption protects the content of mails, but not the identities.