Mail app uses the wrong key when encrypting S/MIME mail

If the recipient has two separate certificates (one for encryption and one for signature), iOS Mail encrypts the mail with the signature certificate instead of the encryption certificate.

This causes problems if the private key of the recipients signature certificate is only available on a smart card (non-exportable). The private key of the encryption certificate is installed on an iPhone/iPad to decrypt the mails on the mobile device, but if the mail was encrypted using the signature certificate, the recipient can't decrypt the mail on his mobile device.

To make matters worse the mail app must not encrypt data using the signature certificate because of the key usages. This is clearly a security bug!

The signature certificate has the following Key Usage and Extended Key Usages set:

Key Usage: Digital Signature

Extended Key Usage: E-mail Protection, Microsoft Smartcardlogin, TLS Web Client Authentication

The encryption certificate has the following Key Usage and Extended Key Usages set:

Key Usage: Key Encipherment, Data Encipherment

Extended Key Usage: E-mail Protection, Microsoft Encrypted File System