The GnuPG crypto engine can deal with X.509 certificates and CMS messages needed for S/MIME emails. S/MIME can provide a nice user experience, if you accept the hierarchical trust model.
For it to work properly, you must go through the effort of properly setting up the root certificates. (This is technically harder than it could be (as of 2014-06), but the step itself is imminent to a hierarchical trust model.)
Importing a private key part via PKCS#12
The import engine of GnuPG for PKCS#12 for importing a certificate including the private part is only rudimentary, and thus only works for a subset of PKCS#12 files. In this case only a "general error" is shown. (Status at time of writing for GnuPG 2.2.20 (2020-03).)
A workaround if the import fails could be to use a different application to import and export the certificate and try a reimport. Some users reported that doing this with Firefox has worked.