SMIME Toolkit: S/MIME Setup

SMIME Toolkit: S/MIME Setup — Secure Email Certificates
Provides secure email onboarding for iPhone, iPad, and macOS (designed for iPad), in a few easy steps.
SMIME Toolkit makes S/MIME certificate creation simple.
Generate keys on-device, request certificates from your organization, and export identities for manual installation in iOS Mail — all with clear, step-by-step guidance.
Sign and encrypt email using Apple Mail while keeping your private keys under your control.
WHAT THIS APP DOES
SMIME Toolkit guides you through the full S/MIME enrollment process:
Generates cryptographic keys securely on your device
Builds standards-compliant certificate signing requests (CSRs)
Requests a signed certificate from your organization’s secure backend
Exports a PKCS#12 (.p12) identity for manual installation in iOS Settings
The app never configures Mail automatically and never accesses your email content.
KEY FEATURES
- On-device key generation (ECDSA P-256, stored in Keychain)
- Standards-compliant CSR with email address (subjectAltName)
- Secure HTTPS certificate request to your organization’s issuer
- PKCS#12 (.p12) export with a password you choose
- Optional Face ID / Touch ID for sensitive actions
- Manual install flow (required by iOS)
- CA certificate export and optional trust profile for easier setup
HOW IT WORKS
Enter your email address
Generate a key pair and CSR on your device
Request a certificate from your organization’s signing service
Export your identity (.p12)
Install it manually in Settings > Mail > Accounts > Advanced
Once installed, you can enable S/MIME signing and encryption in Apple Mail.
PRIVACY & SECURITY
Your private key never leaves your device
Only your CSR and email address are sent for certificate issuance
No access to Mail, messages, or accounts
No analytics, no ads, no tracking
Keys can be deleted after export if desired
IMPORTANT NOTES
This app cannot configure Apple Mail automatically
Manual installation is required by iOS
Certificate issuance depends on your organization’s backend
Private CAs must be trusted in Certificate Trust Settings
FOR TEAMS & ENTERPRISES
SMIME Toolkit is designed for organizations that want a simple, user-driven S/MIME enrollment flow:
Works with internal CAs and private trust roots
Predictable, auditable issuance workflows
Backend interface is pluggable — commercial CA integrations can be added later without changing the app
Reduces IT overhead while keeping keys on-device
WHY S/MIME MATTERS
S/MIME adds digital signatures for email authenticity and enables end-to-end encryption when recipients have certificates.
SMIME Toolkit makes secure email approachable for employees and contractors without sacrificing security controls.
SETUP TIPS
Use a strong PKCS#12 password and store it safely
Enable signing first, then encryption
If encryption isn’t available, verify CA trust and recipient certificates
Remove old identities when rotating certificates
TROUBLESHOOTING
Ensure your network can reach the signing service
Certificate chain errors usually indicate issuer misconfiguration
If Mail doesn’t show encryption, confirm CA trust and recipient certificates
COMPATIBILITY
Works with Apple Mail on iOS after manual installation
Compatible with any client that supports PKCS#12 identities once installed
APP STORE NOTICE
SMIME Toolkit is a certificate utility.
It does not provide email hosting, account management, or message delivery.
Apple Mail remains fully controlled by iOS settings and your email provider.