Apple-focused shortcut
Need the easiest Apple-focused workflow?
Learn the concepts here, then use SMIME Toolkit to generate keys on-device, build the CSR, export a .p12 identity, and complete the manual Apple setup path.
If the recipient certificate is unavailable, S/MIME encryption cannot start. This is one of the clearest examples of how signing and encryption are separate capabilities.
Why the recipient certificate matters
To encrypt a message to someone else, the sender needs the recipient’s public key. In practical S/MIME workflows, that usually means access to the recipient’s usable certificate.
Without it, the client has nothing appropriate to encrypt to.
Why users find this surprising
Many users assume their own valid certificate should be enough to “turn on encryption.” It is not. Your own certificate helps prove your identity and lets you sign outbound mail. Recipient encryption requires recipient-side public key material too.
Practical takeaway
If encryption is unavailable, ask whether the sender actually has the recipient’s certificate before assuming the local installation failed.
Apple-focused shortcut
Ready to move from theory to setup?
If you are working through S/MIME on iPhone or iPad, use the app-specific workflow and Apple guides next.