by

Mac Mail.app Encryption

Mail User Guide

Had the same issue and I found a potential solution that seems to solve the whole SMIME issue with the mail.app for me at least. Go to keychain and find your certificate. Open the private key, go to the 'Access Control' tab, check if the mail app is there, close it (I didn't have to change anything), restart mail and you should be done.

If you want to send and receive signed and encrypted messages in the Mail app on your Mac, you need a personal certificate.

Step 1: Obtain a certificate

  • In iOS 14, due out sometime at the end of summer or early fall, the process I detail below should get you going with sending encrypted email using Apple’s Mail app. Let’s Start With a Clean Slate.
  • Sending encrypted emails via Apple’s Mail application. This methods lets you use your existing email address, but it does require quite a bit of setup – you’ll need to exchange certificates with every person you want to send encrypted messages to, and receive encrypted messages from. Creating a new email account with built-in encryption.
Encryption

For each email address you want to use to send signed messages and receive encrypted messages, you must get a certificate from a certificate authority (CA). See Request a certificate from a certificate authority.

Step 2: Import the certificate

To import the certificate into Keychain Access, double-click the certificate file you received from the CA. Once you import your certificate, it should be listed in the My Certificates category in Keychain Access.

The certificate file must have a file extension that indicates it contains certificates—such as .cer, .crt, .p12, or .p7c—or Keychain Access can’t import it.

If Keychain Access can’t import the certificate, try dragging the file onto the Keychain Access icon in the Finder. If that doesn’t work, contact the CA to ask if the certificate is expired or invalid.

Mac Mail.app Encryption App

Step 3: Use the certificate

Open your certificate in Keychain Access and make sure its trust setting is Use System Defaults or Always Trust. Now you can use the certificate to send and receive signed and encrypted messages.

Note: If for some reason your certificate isn’t associated with your email address, or you want to use the certificate with a different email address, Control-click the certificate in Keychain Access, choose New Identity Preference, and provide the requested information.

Mail Encryption Software

To use your certificate on another Mac, import the certificate into Keychain Access on that Mac.

Mac Mail.app Encryption Software

You have lofty goals that exceed the internet's current implementation/support - secure, encrypted, signed email remains a niche product at best. You've already covered the main players in the field, and encountered their drawbacks.
Without getting into certificate games with your recipients the best you can do is write your email as an file, encrypt/compress that file with a common encryption app (or a compression application that supports passwording), and separately deliver the password to the recipient(s) so they can open the attachment at the other end (of course, this precludes them viewing the message in the mail client). Cumbersome, at best.