Internet-Draft Header Protection S/MIME February 2022
Gillmor, et al. Expires 6 August 2022 [Page]
Workgroup:
LAMPS Working Group
Internet-Draft:
draft-ietf-lamps-header-protection-07
Published:
Intended Status:
Standards Track
Expires:
Authors:
D.K. Gillmor
American Civil Liberties Union
B. Hoeneisen
pEp Foundation
A. Melnikov
Isode Ltd

Header Protection for S/MIME

Abstract

S/MIME version 3.1 has introduced a feasible standardized option to accomplish Header Protection. However, few implementations generate messages using this structure, and several legacy and non-legacy implementations have revealed rendering issues at the receiving side. Clearer specifications regarding message processing, particularly with respect to header sections, are needed in order to resolve these rendering issues. Some mail user agents are also sending and receiving cryptographically-protected message headers using a different structure.

In order to help implementers to correctly compose and render email messages with Header Protection, this document updates S/MIME Header Protection specifications with additional guidance on MIME format, sender and receiver processing.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 6 August 2022.

Table of Contents

1. Introduction

Privacy and security issues regarding email Header Protection in S/MIME have been identified for some time. Most current implementations of cryptographically-protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. For example, lack of header protection allows an attacker to substitute the message subject and/or author.

This document describes two different structures for how message headers can be cryptographically protected, and provides guidance for implementers of MUAs that generate and interpret such messages. It takes particular care to ensure that messages interact reasonably well with legacy MUAs.

1.1. Two Schemes of Protected Headers

Unfortunately, there are two different schemes for cryptographically-protected email headers that may be in use on the Internet today. This document addresses them both and provides guidance to implementers.

One scheme is the form specified in S/MIME 3.1 and later, which involves wrapping a message/rfc822 MIME object with a Cryptographic Envelope. This document calls this scheme "Wrapped Message", and it is documented in more detail in [RFC8551]. Experience has shown that this form does not interact well with some legacy MUAs (see Section 1.2).

Consequently, another form of header protection is produced and consumed by some MUAs, where the protected headers are placed directly on the Cryptographic Payload, without using an intervening message/* MIME object. This document calls this scheme "Injected Headers", and it is documented in more detail in Section 4.1.2.4 and Section 4.1.4.4.

1.2. Problems with Wrapped Messages

Several legacy MUAs have revealed rendering issues when dealing with a message with headers protected by the Wrapped Message scheme. In some cases the user sees an attachment suggesting a forwarded email message, which -- in fact -- contains the protected email message that should be rendered directly. For these cases, the user can click on the attachment to view the protected message. However, there have also been reports of email clients displaying garbled text, or sometimes nothing at all. In those cases the email clients on the receiving side are (most likely) not fully MIME-capable.

The following shortcomings have been identified to cause these issues:

  • Broken or incomplete implementations
  • Lack of a simple means to distinguish "forwarded message" and "wrapped message" (for the sake of Header Protection)
  • Not enough guidance with respect to handling of Header Fields on both the sending and the receiving side

1.3. Problems with Injected Headers

A legacy MUA dealing with an encrypted message that has some header fields obscured using the Injected Headers scheme will not render the obscured header fields to the user at all. A workaround "legacy display" mechanism is provided in this document, which most legacy MUAs should render to the user, albeit not in the same location that the header fields would normally be rendered.

1.4. Motivation

Furthermore, the need (technical) Data Minimization, which includes data sparseness and hiding all technically concealable information, has grown in importance over the past several years. In addition, backwards compatibility must be considered when it is possible to do so without compromising privacy and security.

No mechanism for Header Protection has been standardized for PGP/MIME (Pretty Good Privacy) [RFC3156] yet. PGP/MIME developers have implemented ad-hoc header-protection, and would like to see a specification that is applicable to both S/MIME and PGP/MIME.

This document describes the problem statement (Section 2), generic use cases (Section 3) and the specification for Header Protection (Section 4) with guidance on MIME format, sender and receiver processing .

[I-D.ietf-lamps-header-protection-requirements] defines the requirements that this specification is based on.

This document is in an early draft state and contains a proposal on which to base future discussions of this topic. In any case, the final mechanism is to be determined by the IETF LAMPS WG.

1.5. Other Protocols to Protect Email Headers

A range of protocols for the protection of electronic mail (email) exists, which allows one to assess the authenticity and integrity of the email headers section or selected Header Fields from the domain-level perspective, specifically DomainKeys Identified Mail (DKIM) [RFC6376], as used by Domain-based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. These protocols provide a domain-based reputation mechanism that can be used to mitigate some forms of unsolicited email (spam). At the same time, these protocols can provide a level of cryptographic integrity and authenticity for some headers, depending on how they are used. However, integrity protection and proof of authenticity are both tied to the domain name of the sending e-mail address, not the sending address itself, so these protocols do not provide end-to-end protection, and are incapable of providing any form of confidentiality.

1.6. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

1.7. Terms

The following terms are defined for the scope of this document:

  • Man-in-the-middle (MITM) attack: cf. [RFC4949], which states: "A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association."

    Note: Historically, MITM has stood for 'Man-in-the-middle'. However, to indicate that the entity in the middle is not always a human attacker, MITM can also stand for 'Machine-in-the-middle' or 'Meddler-in-the-middle'.

  • S/MIME: Secure/Multipurpose Internet Mail Extensions (cf. [RFC8551])
  • PGP/MIME: MIME Security with OpenPGP (cf. [RFC3156])

  • Message: An Email Message consisting of Header Fields (collectively called "the Header Section of the message") followed, optionally, by a Body; cf. [RFC5322].

    Note: To avoid ambiguity, this document does not use the terms "Header" or "Headers" in isolation, but instead always uses "Header Field" to refer to the individual field and "Header Section" to refer to the entire collection; cf. [RFC5322].

  • Header Field (HF): cf. [RFC5322] Header Fields are lines beginning with a field name, followed by a colon (":"), followed by a field body (value), and terminated by CRLF.
  • Header Section (HS): The Header Section is a sequence of lines of characters with special syntax as defined in [RFC5322]. It is the (top) section of a Message containing the Header Fields.
  • Body: The Body is simply a sequence of bytes that follows the Header Section and is separated from the Header Section by an empty line (i.e., a line with nothing preceding the CRLF); cf [RFC5322]. It is the (bottom) section of Message containing the payload of a Message. Typically, the Body consists of a (possibly multipart) MIME [RFC2045] construct.
  • MIME Header Fields: Header Fields describing content of a MIME entity [RFC2045], in particular the MIME structure. Each MIME Header Field name starts with "Content-" prefix.
  • MIME Header Section (part): The collection of MIME Header Fields. "MIME Header Section" refers to a Header Sections that contains only MIME Header Fields, whereas "MIME Header Section part" refers to the MIME Header Fields of a Header Section that - in addition to MIME Header Fields - also contains non-MIME Header Fields.
  • Essential Header Fields (EHF): The minimum set of Header Fields an Outer Message Header Section SHOULD contain; cf. Appendix D.1.2.5.
  • Header Protection (HP): cryptographic protection of email Header Sections (or parts of it) for signatures and/or encryption
  • Protection Levels (PL): The level of protection applied to a Message, e.g. 'signature and encryption' or 'signature only' (cf. Section 3.2).
  • Protected: Portions of a message that have had any Protection Levels applied.
  • Protected Message: A Message that has had any Protection Levels applied.
  • Unprotected: Portions of a Message that has had no Protection Levels applied.
  • Unprotected Message: A Message that has had no Protection Levels applied.

  • Submission Entity: The entity which executes further processing of the Message (incl. transport towards the receiver), after protection measures have been applied to the Message.

    Note: The Submission Entity varies among implementations, mainly depending on the stage where protection measures are applied: E.g. a Message Submission Agent (MSA) [RFC6409] or another (proprietary) solution. The latter is particularly relevant, if protection is implemented as a plugin solution. Some implementations may determine the destination recipients by reading the To, Cc and Bcc Header Fields of the Outer Message.

  • Original Message (OrigM): The Message to be protected before any protection-related processing has been applied on the sending side. If the source is not a "message/rfc822" Message, OrigM is defined as the "virtual" Message that would be constructed for sending it as unprotected email.
  • Inner Message (InnerM): The Message to be protected which has had wrapping and protection measures applied on the sending side OR the resulting Message once decryption and unwrapping on the receiving side has been performed. Typically, the Inner Message is in clear text. The Inner Message is a subset of (or the same as) the Original Message. The Inner Message must be the same on the sending and the receiving side.
  • Outer Message (OuterM): The Message as provided to the Submission Entity or received from the last hop respectively. The Outer Message normally differs on the sending and the receiving side (e.g. new Header Fields are added by intermediary nodes).
  • Receiving User Facing Message (RUFM): The Message used for rendering at the receiving side. Typically this is the same as the Inner Message.
  • Data Minimization: Data sparseness and hiding of all technically concealable information whenever possible.
  • Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Structural Headers, Main Body Part, User-Facing Headers, and MUA are all used as defined in [I-D.ietf-lamps-e2e-mail-guidance]
  • Legacy MUA: a MUA that does not understand protected headers as described in this document. A Legacy Non-Crypto MUA is incapable of doing any end-to-end cryptographic operations. A Legacy Crypto MUA is capable of doing cryptographic operations, but does not understand or generate protected headers.
  • Wrapped Message: The protected headers scheme that uses the mechanism described in [RFC8551], where the Cryptographic Payload is a message/rfc822 or message/global MIME object.
  • Injected Headers: The protected headers scheme that uses the mechanism described in this document (see Section 4.1.2.4 and Section 4.1.4.4), where the protected headers are inserted on the Cryptographic Payload directly.
  • Header Confidentiality Policy: documented in Section 4.1.2.2

2. Problem Statement

The LAMPS charter contains the following Work Item:

In the following a set of challenges to be addressed:

[[ TODO: Enhance this section, add more items to the following. ]]

2.1. Privacy

  • (Technical) Data Minimization, which includes data sparseness and hiding all technically concealable information whenever possible

2.2. Security

2.3. Usability

  • Improved User interaction / User experience, in particular at the receiving side

2.4. Interoperability

  • Interoperability with [RFC8551] implementations

3. Use Cases

In the following, the reader can find a list of the generic use cases that need to be addressed for Messages with Header Protection (HP). These use cases apply regardless of technology (S/MIME, PGP/MIME, etc.) used to achieve HP.

3.1. Interactions

The following use cases assume that at least the sending side supports Header Protection as specified in this document. Receiving sides that support this specification are expected to be able to distinguish between Messages that use Header Protection as specified in this document, and (legacy) Mail User Agents (MUAs) which do not implement this specification.

[[ TODO: Verify once solution is stable and update last sentence. ]]

3.1.1. Main Use Case

Both the sending and receiving side (fully) support Header Protection as specified in this document.

The main use case is specified in Section 4.1.

3.1.2. Backward Compatibility Use Cases

Regarding backward compatibility, the main distinction is based on whether or not the receiving side conforms to MIME according to [RFC2046], ff., which in particular also includes Section 2 of [RFC2049] on "MIME Conformance". The following excerpt is contextually relevant:

  A mail user agent that is MIME-conformant MUST:

  [...]

       -- Recognize and display at least the RFC822 message
       encapsulation (message/rfc822) in such a way as to
       preserve any recursive structure, that is, displaying
       or offering to display the encapsulated data in
       accordance with its media type.

       -- Treat any unrecognized subtypes as if they were
       "application/octet-stream".

  [...]

  An MUA that meets the above conditions is said to be MIME-
  conformant.  A MIME-conformant MUA is assumed to be "safe" to
  send virtually any kind of properly-marked data to users of
  such mail systems, because these systems are, at a minimum,
  capable of treating the data as undifferentiated binary, and
  will not simply splash it onto the screen of unsuspecting
  users.

[[ TODO: The compatibility of legacy HP systems with this new solution, and how to handle issues surrounding future maintenance for these legacy systems, will be decided by the LAMPS WG. ]]

3.1.2.1. Receiving Side MIME-Conformant

The sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification. However, the receiving side is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2).

This use case is specified in Section 4.2.1.

Note: This case should perform as expected if the sending side applies this specification as outlined in Section 4.1.

[[ TODO: Verify once solution is stable and update last sentence. ]]

3.1.2.2. Receiving Side Not MIME-Conformant

The sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification. Furthermore, the receiving side is not MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2).

This use case is specified in Section 4.2.2.

3.2. Protection Levels

3.2.1. In-Scope

The following Protection Levels are in scope for this document:

a) Signature and encryption

Messages containing a cryptographic signature, which are also
encrypted.

b) Signature only

Messages containing a cryptographic signature, but which are not
encrypted.

3.2.2. Out-of-Scope

Legacy implementations, implementations not (fully) compliant with this document or corner-cases may lead to further Protection Levels to appear on the receiving side, such as (list not exhaustive):

  • Triple wrap
  • Encryption only
  • Encryption before signature

  • Signature and encryption, but:

    • Signature fails to validate
    • Signature validates but the signing certificate revoked

  • Signature only, but:

    • with multiple valid signatures, layered atop each other

These Protection Levels, as well as any further Protection Levels not listed in Section 3.2.1 are beyond the scope of this document.

4. Specification

This section contains the specification for Header Protection in S/MIME to update and clarify Section 3.1 of [RFC8551] (S/MIME 4.0).

Note: It is likely that PGP/MIME [RFC3156] will also incorporate this specification or parts of it.

This specification applies to the Protection Levels "signature & encryption" and "signature only" (cf. Section 3.2):

Sending and receiving sides MUST implement the "signature and encryption" Protection Level, which SHOULD be used as default on the sending side.

Certain implementations may decide to send "signature only" Messages, depending on the circumstances and customer requirements. Sending sides MAY and receiving sides MUST implement "signature only" Protection Level.

It generally is NOT RECOMMENDED to send a Message with any other Protection Level. On the other hand, the receiving side must be prepared to receive Messages with other Protection Levels.

[[ TODO: Further study is necessary to determine whether - and if yes to what extent - additional guidance for handling messages with other Protection Levels, e.g. "encryption only" at the receiving side should be included in this document. ]]

4.1. Main Use Case

This section applies to the main use case, where the sending and receiving side (fully) support Header Protection as specified herein (cf. Section 3.1.1).

Note: The sending side specification of the main use case is also applicable to the cases where the sending side (fully) supports Header Protection as specified herein, while the receiving side does not, but is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.1).

Further backward compatibility cases are defined in Section 4.2.

4.1.1. MIME Format

4.1.1.1. Introduction

As per S/MIME version 3.1 and later (cf. [RFC8551]), the sending client MAY wrap a full MIME message in a message/RFC822 wrapper in order to apply S/MIME security services to these header fields.

To help the receiving side to distinguish between a forwarded and a wrapped message, the Content-Type header field parameter "forwarded" is added as defined in [I-D.melnikov-iana-reg-forwarded].

The simplified (cryptographic overhead not shown) MIME structure of such an Email Message looks as follows:

  <Outer Message Header Section (unprotected)>

  <Outer Message Body (protected)>

    <MIME Header Section (wrapper)>

      <Inner Message Header Section>

      <Inner Message Body>

The following example demonstrates how an Original Message might be protected, i.e., the Original Message is contained as Inner Message in the Protected Body of an Outer Message. It illustrates the first Body part (of the Outer Message) as a "multipart/signed" (application/pkcs7-signature) media type:

Lines are prepended as follows:

  • "O: " Outer Message Header Section
  • "I: " Message Header Section
  • "W: " Wrapper (MIME Header Section) 
  O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  O: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  O: Subject: Meeting at my place
  O: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  O: To: somebody@example.net
  O: MIME-Version: 1.0
  O: Content-Type: multipart/signed; charset=us-ascii; micalg=sha1;
  O:  protocol="application/pkcs7-signature";
  O:  boundary=boundary-AM

     This is a multipart message in MIME format.
     --boundary-AM
  W: Content-Type: message/RFC822; forwarded=no
  W:
  I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  I: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  I: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  I: MIME-Version: 1.0
  I: MMHS-Primary-Precedence: 3
  I: Subject: Meeting at my place
  I: To: somebody@example.net
  I: X-Mailer: Isode Harrier Web Server
  I: Content-Type: text/plain; charset=us-ascii

     This is an important message that I don't want to be modified.

     --boundary-AM
     Content-Transfer-Encoding: base64
     Content-Type: application/pkcs7-signature

     [[base-64 encoded signature]]

     --boundary-AM--

The Outer Message Header Section is unprotected, while the remainder (Outer Message Body) is protected. The Outer Message Body consists of the wrapper (MIME Header Section) and the Inner Message (Header Section and Body).

The wrapper is a simple MIME Header Section with media type "message/rfc822" containing a Content-Type header field parameter "forwarded=no" followed by an empty line.

If the source is an Original (message/rfc822) Message, the Inner Message Header Section is typically the same as (or a subset of) the Original Message Header Section, and the Inner Message Body is typically the same as the Original Message Body.

The Inner Message itself may contain any MIME structure.

Note: It is still to be decided by the LAMPS WG whether or not to recommend an alternative MIME format as described in Appendix D.1.1.1 (instead of the currently standardized and above defined format).

4.1.2. Sending Side

This section describes the process an MUA should use to apply cryptographic protection to an e-mail message with header protection. We start by describing the legacy message composition process as a baseline.

4.1.2.1. Composing a Cryptographically-Protected Message Without Header Protection

[I-D.ietf-lamps-e2e-mail-guidance] describes the typical process for a legacy crypto MUA to apply cryptographic protections to an e-mail message. That guidance and terminology is replicated here for reference:

  • origbody: the traditional unprotected message body as a well-formed MIME tree (possibly just a single MIME leaf part). As a well-formed MIME tree, origbody already has structural headers (Content-*) present.
  • origheaders: the intended non-structural headers for the message, represented here as a list of (h,v) pairs, where h is a header field name and v is the associated value. Note that these are header fields that the MUA intends to be visible to the recipient of the message. In particular, if the MUA uses the Bcc header during composition, but plans to omit it from the message (see section 3.6.3 of [RFC5322]), it will not be in origheaders.
  • crypto: The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y"). This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output.

The algorithm returns a MIME object that is ready to be injected into the mail system:

  • Apply crypto to origbody, yielding MIME tree output

  • For each header name and value (h,v) in origheaders:

    • Add header h of output with value v
  • Return output
4.1.2.2. Header Confidentiality Policy

When composing an encrypted message with protected headers, the composing MUA needs a Header Confidentialiy Policy. In this document, we represent that Header Confidentiality Policy as a function hcp:

  • hcp(name, val_in) --> val_out: this function takes a header field name name and initial value val_in as arguments, and returns a replacement header value val_out. If val_out is the special value null, it mean that the header in question should be omitted from the set of headers visible outside the Cryptographic Envelope.

For example, an MUA that only obscures the Subject header field by replacing it with the literal string [...] and does not offer confidentiality to any other header fields would be represented as (in pseudocode):

hcp(name, val_in) → val_out:
    if name is 'Subject':
        return '[...]'
    else:
        return val_in

Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality). No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all header fields known by the sender have these protections.

This asymmetry is an unfortunate consequence of complexities in message delivery systems, some of which may reject, drop, or delay messages where all headers are removed from the top-level MIME object.

This document does not mandate any particular Header Confidentiality Policy, though it offers guidance for MUA implementers in selecting one in Section 4.1.3. Future documents may recommend or mandate such a policy for an MUA with specific needs. Such a recommendation might be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling mechanisms, but these topics are out of scope for this document.

4.1.2.3. Composing with "Wrapped Message" Header Protection

To compose a message using "Wrapped Message" header protection, we use those inputs described in Section 4.1.2.1 plus the Header Confidentiality Policy hcp defined in Section 4.1.2.2. The new algorithm is:

  • For header name and value (h,v) in origheaders:

    • Add header h of origbody with value v

  • If any of the header fields in origbody, including headers in the nested internal MIME structure, contain any 8-bit UTF-8 characters (see section section 3.7 of [RFC6532]):

    • Let payload be a new MIME part with one header: Content-Type: message/global; forwarded=no, and whose body is origbody.

  • Else:

    • Let payload be a new MIME part with one header: Content-Type: message/rfc822; forwarded=no, and whose body is origbody.
  • Apply crypto to payload, yielding MIME tree output

  • If crypto contains encryption:

    • Create new empty list of header field names and values newh

    • For header name and value (h,v) in origheaders:

      • Let newval be hcp(h, v)

      • If newval is not null:

        • Append (h,newval) to newh
    • Set origheaders to newh

  • For header name and value (h,v) in origheaders:

    • Add header h of output with value v
  • Return output

Note that the Header Confidentiality Policy hcp is ignored if crypto does not contain encryption. This is by design.

4.1.2.4. Composing with "Injected Headers" Header Protection

To compose a message using "Injected Headers" header protection, the composing MUA needs one additional input in addition to the Header Confidentiality Policy hcp defined in Section 4.1.2.2.

  • legacy: a boolean value, indicating whether any recipient of the message is believed to have a legacy client. If all recipients are known to implement this draft, legacy should be set to false. (How a MUA determines the value of legacy is out of scope for this document; an initial implementation can simply set it to true)

Enabling visibility of obscured headers for decryption-capable legacy clients requires transforming a header list into a readable form and including it as a "Legacy Display" element in specially-marked parts of the message. This document recommends two different mechanisms: one for a text/html Main Body part of the e-mail message, and one for a text/plain Main Body part. This document does not recommend adding a Legacy Display element to any other part.

Please see [I-D.ietf-lamps-e2e-mail-guidance] for guidance on identifying the parts of a message that are a Main Body Part.

The revised algorithm for applying cryptographic protection to a message is as follows:

  • if crypto contains encryption, and legacy is true:

    • Create ldlist, an empty list of (header, value) pairs

    • For each header name and value (h,v) in origheaders:

    • If ldlist is not empty:

      • Identify each leaf MIME part of payload that represents the "main body" of the message.

      • For each "Main Body Part" bodypart of type text/plain or text/html:

        • Insert Legacy Display element header list ldlist into the content of bodypart (see Section 4.1.2.4.1 for text/plain and Section 4.1.2.4.2 for text/html)
        • Add Content-Type parameter hp-legacy-display with value 1 to bodypart

  • For each header name and value (h,v) in origheaders:

    • Add header h of MIME part payload with value v
  • Set the protected-headers parameter on the Content-Type of payload to v1
  • Apply crypto to payload, producing MIME tree output

  • If crypto contains encryption:

    • Create new empty list of header field names and values newh

    • For header name and value (h,v) in origheaders:

      • Let newval be hcp(h, v)

      • If newval is not null:

        • Add newh[h] to newval
    • Set origheaders to newh

  • For each header name and value (h,v) in origheaders:

    • Add header h of output with value v
  • Return output

Note that both new parameters (hcp and legacy) are effectively ignored if crypto does not contain encryption. This is by design, because they are irrelevant for signed-only cryptographic protections.

4.1.2.4.1. Adding a Legacy Display Element to a text/plain Part

For a list of obscured headers represented as (header, value) pairs, concatenate them as a set of lines, with one newline at the end of each pair. Add an additional trailing newline after the resultant text, and prepend the entire list to the body of the text/plain part.

For example, if the list of obscured headers was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/plain part that originally contained:

I think we should skip the meeting.

Would become:

Subject: Thursday's meeting
Cc: alice@example.net

I think we should skip the meeting.
4.1.2.4.2. Adding a Legacy Display Element to a text/html Part

Adding a Legacy Display Element to a text/html part is similar to how it is added to a text/plain part (see Section 4.1.2.4.1). Instead of adding the obscured headers to a block of text delimited by a blank line, the composing MUA injects them in an HTML <div> element annotated with a class attribute of header-protecton-legacy-display.

The content and formatting of this decorative <div> have no strict requirements, but they SHOULD represent all the obscured headers in a readable fashion. A simple approach is to assemble the text in the same way as Section 4.1.2.4.1, wrap it in a verbatim <pre> element, and put that element in the annotated <div>.

The annotated <div> should be placed as close to the start of the <body> as possible, where it will be visible when viewed with a standard HTML renderer.

For example, if the list of obscured headers was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/html part that originally contained:

<html><head><title></title></head><body>
<p>I think we should skip the meeting.</p>
</body></html>

Would become:

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p>
</body></html>
4.1.2.4.3. Do Not Add a Legacy Display Element to Other Content-Types

The purpose of injecting a Legacy Display element into each Main Body MIME part is to enable rendering of otherwise obscured headers in legacy clients that are capable of message decryption, but don't know how to follow the rest of the guidance in this document.

The authors are unaware of any legacy client that would render any MIME part type other than text/plain and text/html as the Main Body. A generating MUA SHOULD NOT add a Legacy Display element to any MIME part with any other Content-Type.

4.1.2.5. Choosing Between Wrapped Message and Injected Headers

When composing a message with end-to-end cryptographic protections, an MUA SHOULD protect the headers of that message as well as the body.

An MUA MAY protect the headers of any outbound message using either the "Wrapped Message" or the "Injected Headers" style of protection. See Section 4.2 for more discussion about reasons to choose one mechanism or another.

[[ TODO: this document should recommend generation of one particular scheme by default for new implementers ]]

4.1.3. Default Header Confidentiality Policy

An MUA SHOULD have a sensible default Header Confidentiality Policy, and SHOULD NOT require the user to select one.

The default Header Confidentiality Policy SHOULD provide confidentiality for the Subject header field by replacing it with the literal string [...]. Most users treat the Subject of a message the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible.

[[ TODO: select one of the two policies below the recommended default ]]

4.1.3.1. Minimalist Header Confidentiality Policy

Accordingly, the most conservative recommended Header Confidentiality Policy only protects the Subject:

hcp_minimal(name, val_in) → val_out:
    if name is 'Subject':
        return '[...]'
    else:
        return val_in
4.1.3.2. Strong Header Confidentiality Policy

Alternately, a more aggressive (and therefore more privacy-preserving) Header Confidentiality Policy only leaks a handful of fields whose absence is known to increase rates of delivery failure, and simultaneously obscures the Message-ID behind a random new one:

hcp_strong(name, val_in) → val_out:
    if name in ['From', 'To', 'Cc', 'Date']:
        return val_in
    else if name is 'Subject':
        return '[...]'
    else if name is 'Message-ID':
        return generate_new_message_id()
    else:
        return null

The function generate_new_message_id() represents whatever process the MUA typically uses to generate a Message-ID for a new outbound message.

4.1.3.3. Offering Stronger Header Confidentiality

A MUA MAY offer even stronger confidentiality for headers of an encrypted message than described in Section 4.1.3.2. For example, it might implement an HCP that obfuscates the From field, or omits the Cc field, or ensures Date is represented in UTC (obscuring the local timezone).

The authors of this document hope that implementers with deployment experience will document their chosen Header Confidentiality Policy and the rationale behind their choice.

4.1.4. Receiving Side

An MUA that receives a cryptographically-protected e-mail will render it for the user.

The receiving MUA will render the message body, a selected subset of header fields, and (as described in [I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the cryptographic properties of the message.

Most MUAs only render a subset of header fields by default. For example, few MUAs typically render Message-Id or Received header fields for the user, but most do render From, To, Cc, Date, and Subject.

A MUA that knows how to handle a message with protected headers makes the following two changes to its behavior when rendering a message:

  • If it detects that an incoming message had protected headers, it renders header fields for the message from the protected headers, ignoring the external (unprotected) headers.
  • It includes information in the message's cryptographic summary to indicate the types of protection that applied to each rendered header field (if any).

A MUA that handles protected headers does not need to render any new header fields that it did not render before.

4.1.4.1. Identifying that a Message has Protected Headers

An incoming message can be identified as having protected headers based on one of two signals:

  • The Cryptographic Payload has Content-Type: message/rfc822 or Content-Type: message/global and the parameter forwarded has a value of no. See Section 4.1.4.3 for rendering guidance.
  • The Cryptographic Payload has some other Content-Type and it has parameter protected-headers set to v1. See Section 4.1.4.4 for rendering guidance.

Messages of both types exist in the wild, and a sensible MUA should be able to handle them both. They provide the same semantics and the same meaning.

4.1.4.2. Updating the Cryptographic Summary

Regardless of whether a cryptographically-protected message has protected headers, the cryptographic summary of the message should be modified to indicate what protections the headers have.

Each header individually has exactly one the following protections:

  • unprotected (this is the case for all headers in messages that have no protected headers)
  • signed-only (bound into the same validated signature as the enclosing message, but also visible in transit)
  • encrypted-only (only appears within the cryptographic payload; the corresponding external header was either omitted or obfuscated)
  • encrypted-and-signed (same as encrypted, but additionally is under a validatd signature)

Note that while the message itself may be encrypted-and-signed, some headers may be replicated on the outside of the message (e.g. Date) Those headers would be signed-only, despite the message itself being encrypted-and-signed.

Rendering this information is likely to be complex and messy --- users may not understand it. It is beyond the scope of this document to suggest any specific graphical affordances or user experience. Future work should include examples of successful rendering of this information.

4.1.4.3. Rendering a Wrapped Message

When the Cryptographic Payload has Content-Type of message/rfc822 or message/global, and the parameter forwarded is set to no, the values of the protected headers are drawn from the headers of the Cryptographic Payload, and the body that is rendered is the body of the Cryptographic Payload.

4.1.4.3.1. Example Signed-Only Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

A └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
B  └┬╴message/rfc822 [Cryptographic Payload]
C   └┬╴multipart/alternative [Rendered Body]
D    ├─╴text/plain
E    └─╴text/html

The message body should be rendered the same way as this message:

C └┬╴multipart/alternative
D  ├─╴text/plain
E  └─╴text/html

It should render header fields taken from part C.

Its cryptographic summary should indicates that the message was signed and all rendered header fields were included in the signature.

The MUA SHOULD ignore header fields from part A for the purposes of rendering.

4.1.4.3.2. Example Encrypted-and-Signed Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

F └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
G  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
H   └┬╴message/rfc822 [Cryptographic Payload]
I    └┬╴multipart/alternative [Rendered Body]
J     ├─╴text/plain
K     └─╴text/html

The message body should be rendered the same way as this message:

I └┬╴multipart/alternative
J  ├─╴text/plain
K  └─╴text/html

It should render headers taken from part I.

Its cryptographic summary should indicates that the message was signed and encrypted. Each rendered header field found in I should be compared against the header field of the same name from F. If the value found in F matches the value found in I, the header field should be marked as signed-only. If no matching header field was found in F, or the value found did not match the value from I, the header field should be marked as signed-and-encrypted.

4.1.4.4. Rendering a Message with Injected Headers

When the Cryptographic Payload does not have a Content-Type of message/rfc822 or message/global, and the parameter protected-headers is set to v1, the values of the protected headers are drawn from the headers of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself.

4.1.4.4.1. Example Signed-only Message with Injected Headers 
L └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
M  └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
N   ├─╴text/plain
O   └─╴text/html

The message body should be rendered the same way as this message:

M └┬╴multipart/alternative
N  ├─╴text/plain
O  └─╴text/html

It should render header fieldss taken from part M.

Its cryptographic summary should indicates that the message was signed and all rendered header fields were included in the signature.

The MUA SHOULD ignore header fields from part L for the purposes of rendering.

4.1.4.4.2. Example Signed-and-Encrypted Message with Injected Headers

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

P └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
Q  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
R   └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
S    ├─╴text/plain
T    └─╴text/html

The message body should be rendered the same way as this message:

R └┬╴multipart/alternative
S  ├─╴text/plain
T  └─╴text/html

It should render headers taken from part R.

Its cryptographic summary should indicates that the message was signed and encrypted. As in Section 4.1.4.3.2, each rendered header field found in R should be compared against the header field of the same name from P. If the value found in P matches the value found in R, the header field should be marked as signed-only. If no matching header field was found in P, or the value found did not match the value from R, the header field should be marked as signed-and-encrypted.

4.1.4.4.3. Do Not Render Legacy Display Elements

As described in FIXME:SECTION_REFERENCE, a message with cryptographic confidentiality protection MAY include "Legacy Display" elements for backward-compatibility with legacy MUAs. These Legacy Display elements are strictly decorative, unambiguously identifiable, and will be discarded by compliant implementations.

The receiving MUA SHOULD avoid rendering the identified Legacy Display elements to the user at all, since it is aware of and can render the actual Protected Headers.

If a text/html or text/plain part within the cryptographic envelope is identified as containing Legacy Display elements, those elements should be hidden when rendering or generating a draft reply.

4.1.4.4.3.1. Identifying a Part with Legacy Display Elements

A receiving MUA acting on a message that contains an encrypting Cryptographic Layer identifies a MIME subpart with within the Cryptographic Payload as containing Legacy Display elements based on the Content-Type of the subpart.

Note that the term "subpart" above is used in the general sense: if the Cryptographic Payload is a single part, that part itself may contain a Legacy Display element if it is marked with the hp-legacy-display=1 parameter.

4.1.4.4.3.2. Omitting Legacy Display Elements from text/plain

If a text/plain part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • Discard the leading lines of the body of the part up to and including the first entirely blank line.

Note that implementing this strategy is depenent on the charset used by the MIME part.

See Appendix E.1 for an example.

4.1.4.4.3.3. Omitting Legacy Display Elements from text/html

If a text/html part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • If any element of the HTML <body> is a <div> with class attribute header-protecton-legacy-display, that entire element should be omitted.

A straightforward way for an HTML-capable MUA to do this is to add an entry to the [CSS] stylesheet for such a part:

body div.header-protection-legacy-display:firstchild { display: none; }
4.1.4.5. Affordances for Debugging and Troubleshooting

Note that advanced users of an MUA may need access to the original message, for example to troubleshoot problems with the MUA itself, or problems with the SMTP transport path taken by the message.

A MUA that applies these rendering guidelines SHOULD ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting.

4.1.4.6. Composing a Reply to an Encrypted Message with Protected Headers

When composing a reply to an encrypted message with protected headers, the MUA is acting both as a receiving MUA and as a sending MUA. Special guidance applies here, as things can go wrong in at least two ways: leaking previously-confidential information, and replying to the wrong party.

4.1.4.6.1. Avoid Leaking Encrypted Headers in Reply

As noted in [I-D.ietf-lamps-e2e-mail-guidance], an MUA in this position MUST NOT leak previously-encrypted content in the clear in a followup message. The same is true for protected headers.

Values from any header field that was identified as either encrypted or signed-and-encrypted based on the steps outlined above MUST NOT be placed in cleartext output when generating a message.

In particular, if Subject was encrypted, and it is copied into the draft encrypted reply, the replying MUA MUST obfuscate the Subject field in the cleartext header as described above.

[[ TODO: formally describe how a replying MUA should generate a message-specific Header Protection policy based on the cryptographic status of the headers of the incoming message ]]

4.1.4.6.2. Avoid Misdirected Replies to Encrypted Messages with Protected Headers

When replying to a message, the Composing MUA typically decides who to send the reply to based on:

  • the Reply-To, Mail-Followup-To, or From headers
  • optionally, the other To or Cc headers (if the user chose to "reply all")

When a message has protected headers, the replying MUA MUST populate the destination fields of the draft message using the protected headers, and ignore any unprotected headers.

This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, and then replays the message to Bob with an additional Cc to Mallory's own e-mail address in the message's outer header.

If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory.

4.1.4.7. Implicitly-rendered Header Fields

While From and To and Cc and Subject and Date are often explicitly rendered to the user, some header fields do affect message display, without being explicitly rendered.

For example, Message-Id, References, and In-Reply-To header fields may collectively be used to place a message in a "thread" or series of messages.

In another example, Section 4.1.4.6.2 observes that the value of the Reply-To field can influence the draft reply message. So while the user may never see the Reply-To header directly, it is implicitly "rendered" when the user interacts with the message by replying to it.

An MUA that depends on any implicitly-rendered header field in a message with protected headers SHOULD use the value from the protected header, and SHOULD NOT use any value found outside the cryptographic protection.

4.1.4.8. Unprotected Headers Added in Transit

Some headers are legitimately added in transit, and could not have been known to the sender at message composition time.

The most common of these headers are Received and DKIM-Signature, neither of which are typically rendered, either explicitly or implicitly.

If a receiving MUA has specific knowledge about a given header field, including that:

  • the header field would not have been known to the original sender, and
  • the header field might be rendered explicitly or implicitly,

then the MUA MAY decide to operate on the value of that header field from the unprotected header section, even though the message has protected headers.

The MUA MAY prefer to verify that the headers in question have additional transit-derived cryptographic protections (e.g., to test whether they are covered by a valid DKIM-Signature) before rendering or acting on them.

Specific examples appear below.

4.1.4.8.1. Mailing list headers: List-* and Archived-At

If the message arrives through a mailing list, the list manager itself may inject headers (most of which start with List-) in the message:

  • List-Archive
  • List-Subscribe
  • List-Unsubscribe
  • List-Id
  • List-Help
  • List-Post
  • Archived-At

For some MUAs, these headers are implicitly rendered, by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc.

An MUA that receives a message with protected headers that contains these header fields in the unprotected section, and that has reason to believe the message is coming through a mailing list MAY decide to render them to the user (explicitly or implicitly) even though they are not protected.

FIXME: other examples of unprotected transit headers?

4.2. Backward Compatibility Use Cases

4.2.1. Receiving Side MIME-Conformant

This section applies to the case where the sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification, but is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.1)

The sending side specification of the main use case (cf. Section 4.1) MUST ensure that receiving sides can still recognize and display or offer to display the encapsulated data in accordance with its media type (cf. [RFC2049], Section 2). In particular, receiving sides that do not support this specification, but are MIME-conformant according to [RFC2045], ff. can still recognize and display the Message intended for the user.

[[ TODO: Verify once solution is stable and update last sentence. ]]

4.2.2. Receiving Side Not MIME-Conformant

This section applies to cases where the sending side (fully) supports Header Protection as specified in this document, while the receiving side neither supports this specification nor is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.2).

Another variant of backward compatibility has been implemented by pEp [I-D.pep-email], i.e. pEp Email Format 1.0. At this time pEp has implemented this for PGP/MIME, but not yet S/MIME.

5. Usability Considerations

This section describes concerns for MUAs that are interested in easy adoption of header protection by normal users.

While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document.

See also the Usability section in [I-D.ietf-lamps-e2e-mail-guidance].

6. Security Considerations

[[ TODO ]]

7. Privacy Considerations

[[ TODO ]]

8. IANA Considerations

This document requests no action from IANA.

[[ RFC Editor: This section may be removed before publication. ]]

9. Acknowledgments

The authors would like to thank the following people who have provided helpful comments and suggestions for this document: Berna Alp, Bernhard E. Reiter, Claudio Luck, David Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Robert Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Wei Chuang.

10. References

10.1. Normative References

[I-D.ietf-lamps-e2e-mail-guidance]
Gillmor, D. K., "Guidance on End-to-End E-mail Security", Work in Progress, Internet-Draft, draft-ietf-lamps-e2e-mail-guidance-02, , <https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-02.txt>.
[I-D.ietf-lamps-header-protection-requirements]
Melnikov, A. and B. Hoeneisen, "Problem Statement and Requirements for Header Protection", Work in Progress, Internet-Draft, draft-ietf-lamps-header-protection-requirements-01, , <https://www.ietf.org/archive/id/draft-ietf-lamps-header-protection-requirements-01.txt>.
[RFC2045]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, , <https://www.rfc-editor.org/info/rfc2045>.
[RFC2046]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, DOI 10.17487/RFC2046, , <https://www.rfc-editor.org/info/rfc2046>.
[RFC2049]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, DOI 10.17487/RFC2049, , <https://www.rfc-editor.org/info/rfc2049>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC5322]
Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, , <https://www.rfc-editor.org/info/rfc5322>.
[RFC8551]
Schaad, J., Ramsdell, B., and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, , <https://www.rfc-editor.org/info/rfc8551>.

10.2. Informative References

[CSS]
World Wide Web Consortium, "Cascading Style Sheets Level 2 Revision 2 (CSS 2.2) Specification", , <https://www.w3.org/TR/2016/WD-CSS22-20160412/>.
[I-D.ietf-lamps-samples]
Gillmor, D. K., "S/MIME Example Keys and Certificates", Work in Progress, Internet-Draft, draft-ietf-lamps-samples-07, , <https://www.ietf.org/archive/id/draft-ietf-lamps-samples-07.txt>.
[I-D.melnikov-iana-reg-forwarded]
Melnikov, A. and B. Hoeneisen, "IANA Registration of Content-Type Header Field Parameter 'forwarded'", Work in Progress, Internet-Draft, draft-melnikov-iana-reg-forwarded-00, , <https://www.ietf.org/archive/id/draft-melnikov-iana-reg-forwarded-00.txt>.
[I-D.pep-email]
Marques, H., "pretty Easy privacy (pEp): Email Formats and Protocols", Work in Progress, Internet-Draft, draft-pep-email-01, , <https://www.ietf.org/archive/id/draft-pep-email-01.txt>.
[pEp.mixnet]
pEp Foundation, "Mixnet", , <https://dev.pep.foundation/Mixnet>.
[RFC3156]
Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, , <https://www.rfc-editor.org/info/rfc3156>.
[RFC4949]
Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, , <https://www.rfc-editor.org/info/rfc4949>.
[RFC6376]
Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, , <https://www.rfc-editor.org/info/rfc6376>.
[RFC6409]
Gellens, R. and J. Klensin, "Message Submission for Mail", STD 72, RFC 6409, DOI 10.17487/RFC6409, , <https://www.rfc-editor.org/info/rfc6409>.
[RFC6532]
Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, , <https://www.rfc-editor.org/info/rfc6532>.
[RFC7489]
Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, , <https://www.rfc-editor.org/info/rfc7489>.

Appendix A. Possible Problems with some Legacy Clients

When an e-mail message with end-to-end cryptographic protection is received by a mail user agent, the user might experience many different possible problematic interactions. A message with header protection may introduce new forms of user experience failure.

In this section, the authors enumerate different kinds of failures we have observed when reviewing, rendering, and replying to messages with different forms of header protection in different legacy MUAs. Different legacy MUAs demonstrate different subsets of these problems.

Hopefully, a non-legacy MUA would not exhibit any of these problems. An implementer updating their legacy MUA to be compliant with this specification should consider these concerns and try to avoid them.

A.1. Problems Reviewing signed+encrypted Messages in List View

  • Unprotected Subject, Date, From, To are visible
  • Threading is not visible

A.2. Problems when Rendering a signed+encrypted Message

  • Unprotected Subject is visible
  • Protected subject (on its own) is visible in the body
  • Protected subject, date, from, to visible in the body
  • User interaction needed to view whole message
  • User interaction needed to view message body
  • User interaction needed to view protected subject
  • Impossible to view protected subject
  • Nuisance alarms during user interaction
  • Impossible to view message body
  • Appears as a forwarded message
  • Appears as an attachment
  • Security indicators not visible
  • User has multiple different methods to Reply: (e.g. reply to outer, reply to inner)
  • User sees english "Subject:" in body despite message itself being in non-english
  • Security indicators do not identify protection status of header fields
  • Headers in body render with local header fields (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.3. Problems when Replying to a signed+encrypted Message

Note that the use case here is:

  • User views message, to the point where they can read it.
  • User then replies to message, and they are shown a message composition window, which has some UI elements
  • If the MUA has multiple different methods to Reply: to a message, each way may need to be evaluated separately

This section also uses the shorthand UI:x to mean "the UI element that the user can edit that they think of as x."

  • protected subject is in UI:subject (and will leak)
  • protected subject is quoted in UI:body
  • protected subject is not anywhere in UI
  • message body is not visible/quoted in UI:body
  • user cannot reply while viewing protected message
  • reply is not encrypted by default (but is for normal S/MIME sign+enc messages)
  • unprotected From: is in UI:To
  • User's locale (lang, TZ) leaks in quoted body
  • Headers not protected (and in particular, Subject is not obscured) by default

A.4. Problems Reviewing signed-only Messages in List View

  • Unprotected Subject, Date, From, To are visible
  • Threading is not visible

A.5. Problems when Rendering a signed-only Message

  • Unprotected Subject is visible
  • Protected subject (on its own) is visible in the body
  • Protected subject, date, from, to visible in the body
  • User interaction needed to view whole message
  • User interaction needed to view message body
  • User interaction needed to view protected subject
  • Impossible to view protected subject
  • Nuisance alarms during user interaction
  • Impossible to view message body
  • Appears as a forwarded message
  • Appears as an attachment
  • Security indicators not visible
  • Security indicators do not identify protection status of headers
  • User has multiple different methods to Reply: (e.g. reply to outer, reply to inner)
  • Headers in body render with local header fields (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.6. Problems when Replying to a signed-only Message

This uses the same use case(s) and shorthand as Appendix A.3.

  • Unprotected Subject: is in UI:subject
  • Protected Subject: is quoted in UI:body
  • Protected Subject: is not anywhere in UI
  • Message body is not visible/quoted in UI:body
  • User cannot reply while viewing protected message
  • Unprotected From: is in UI:To
  • User's locale (lang, TZ) leaks in quoted body

Appendix B. Test Vectors

This section contains sample messages using the different schemes described in this document. Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it.

The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from [I-D.ietf-lamps-samples].

These messages should be accessible to any IMAP client at imap://bob@header-protection.cmrg.net/ (any password should authenticate to this read-only IMAP mailbox).

You can also download copies of these test vectors separately at https://header-protection.cmrg.net.

If any of the messages downloaded differ from those offered here, this document is the canonical source.

B.1. Baseline Messages

These messages offer no header protection at all, and can be used as a baseline. They are provided in this document as a counterexample. An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection.

B.1.1. No cryptographic protections over a simple message

This message uses no cryptographic protection at all. Its body is a text/plain message.

It has the following structure:

└─╴text/plain 152 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: no-crypto
Message-ID: <no-crypto@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500

This is the no-crypto message.

This message uses no cryptographic protection at all.  Its body is a
text/plain message.

--
Alice
alice@smime.example

B.1.2. S/MIME signed-only signedData over a simple message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 3852 bytes
 ⇩ (unwraps to)
 └─╴text/plain 204 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part
Message-ID: <smime-one-part@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500

MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq
hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz
YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh
IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp
biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD
fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB
UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL
UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO
HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F
KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L
DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW
fC6Pm51fEkabbmw=

B.1.3. S/MIME signed-only multipart/signed over a simple message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 4156 bytes
 ├─╴text/plain 224 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="76c";
 micalg="sha-256"
Subject: smime-multipart
Message-ID: <smime-multipart@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500

--76c
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the smime-multipart message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a text/plain message. It uses no
header protection.

--
Alice
alice@smime.example

--76c
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCBBQlio2vX/u19qayJ1Cm1QL6VZY0fBeGz9o7nEzCRO
+zANBgkqhkiG9w0BAQEFAASCAQARvwKQYbbPuADZ7KqyO9LuESdEfBxOF80sHKNz
UXrHZo8JdKaKxr/cTAuzBvoTxsmqvzP3ItCBm+javqX22+tHTpqisz5jkoiWyNVS
e+F++YX8mXokgQpY26mZ+15Mv8pYYhptn6zdkRU1+QOwwlDCc6ykkCZeXyc+Hf7c
xqM6SqPMQ+G7wIF6P2jHCId8Xyl7sdbL0i6PjotesHU+7nQsCjgI/iVR/ubWUdFX
CTg8HVy4p683V3Y9DoRNP4MlUdmon8JasHDvA0240JcXxhJn1zEYa4gOnwgu3kh9
3Y+NeucYCT0bXCBq2RLVQSpdNZfScXKL9QvZ3FtB0r6Bmtky

--76c--

B.1.4. S/MIME encrypted and signed over a simple message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 6720 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 3960 bytes
  ⇩ (unwraps to)
  └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed
Message-ID: <smime-enc-signed@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500

MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAE1K2Qo2Ln5O6L9qgFnOdvuAuXnh2dLiYWIt
x7B9W2VMQCtrxTipZfUe+Y4oV/Rxifp4gChJ2lCgt6A4hHyApD1yNqmR1pCT+ky6
jOJlr907Jzy9nIADEjaeKTIHePPWEWPiF3Otlrvg25NobNAE/dzcSgaS+SHsfPgu
vW6gA+lfzdoOKIWNVl1AJfbDRw8DeDi5n8ZPLkb/gYteBpY5mC2Iu8TebZ5qstQH
i8G01K4xb6E7eMdXKx+gyDxox1P79E4q3dCKwYPK/C6B3AaY52WW55js9mb79OH5
6/XvIEez58lV4a9d0iY7g+aoARyTPE9Z79miRYT0aagyYhblb14wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAWANrcGMnwYd7bg/TA9Wagm3q
dbiZLg3NxHQZRLRySCFHt5wGkq1XcD7bWYwF0hSKiI4AJxJapfGUDEpDk1FYBU4r
9zS/elrwCnhwpO9sLfbJPRVvMTgTZuCOaY25ovZWvWtkS9MRDH+WoM5SNTf4vHHu
kjcSx5hafbhyiC5pPLLTRyIjObYgKraIMBXix7XKtSR/G7uD+HSIzhYUXqY0q2uQ
w7XiijbRd4bq9zqBbXriYyhFdo/JsBnYckjmmKcTLp6DfYTEzILKBJOepEiY5X4J
0JPeFyGxs7WSKDp1JZLZtjbMwvtEuUAwZ+iXDr1x/rQhq7mZIWqIbG6QpxYX6zCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBDwXZa6LrdPCgLubNCkd3qAghAA
kaaty8gkFo4+y5iWeOqsbZ9paegmFbiGsTQxrta64sj8znKQfQKz6/g055IcDixI
STqxPMV+w01jv6+Azoy9qJP29UTL0mXAP0LDionSBTn/4VAwBMSUDRus6jkq045K
UXxmIpcO3SeOnpCLksyij6QlnAO24SbKsBex7R5EXYXU7W1G/PCoz9SWlYrQuXJ9
cU5ONWldvYE4/WeD1m3pjv3XKLNEWiaUIVolKFRhR4v+FUedn6dlVYDgfJrH8xDC
kW9gQvI1ZBbnBOr/zkoDhMMKtTgTvmzLIauDEi2RWKzlvwCattvIkkrjt+SwWpvr
oc6i58XfCx/d0YHPp5AIU8pslawDtQXe5ecACY9J/K0OgX1G51HI+O2XMC9S9QYn
YPxA+CsRxmhKHzQv9au48aQwmLBkhkXZq7FCve8GTnCLdU5AmtP6ff59lga7+hfb
VSz+jSodBL1WnlIKw/lrBvXFem/A4mtY/W9y9EVhGyRFuhoZDCiGRo/bPsyDNZBS
WAsjHLI3NJeUgHFFcEn5xOwDmhmJOehzs712pqrzMd0VrT4hALvvhSGB7nybL5dR
pabbxtpBgqzlwu6eoX1jSh5bF8/RsAJ81dxvn8AWcFc8q81YfYOzjqf7ZnuumT10
18/rdepv/nfyiYCRhr2Eekj0F3bXjlTG1oeCNTuUPcNHVX6+hQ7FY2CJm9JCqNhL
7whKhq+kKJuPugHb1e5d2rJFkNHrMIJAga8QqKy9eqKct4gW5FFT70wyB15YToJb
qVxb3BEZ6u1shpZ9IGVzS0Jmvke+Ptze86it00fQIJWfrFqoag83GcCuQEyYEcIc
HXWFsZIbQ1UD2+YSWBOzRBUUuJ3U66w3J5oDAYfYnieFNPuP0dhaAMsu7QQfLSZa
T/GbSibQoFXcDx6MaZ5fbZ1iduvoZZfERNMe5vN+q/w9Lx5e8hf1EZmTNMuoRn9O
wfT/wuM06Cc8FR2Ft7QLu80jqePQ6tAYwvA5QOvpBN9A82DUWz0I9eRDl9+S8Z+I
QgjbPcZ0ACFqLCfbT6uzrKp2vGSrA+IcS89+qBB+sKbtWPgTrK7QlJgc7NpHGyhZ
BltAVXv4fPngqn+gSqGuerD/xmvszHMIIHq6Q4ADxbxDE4R0yoV2afXUVyAMo85Q
eNG5WJ83Z12msJqx1+1EUzzoQXxvrZHm0bMziCjV/P1cu/ChtmuemopRxkplLbJv
/mChRaKv9TotDy2Dwzf5N5Xy58gb/0ktMXMdGpYts9awYc742TCscrTqutBAXtNM
dXA0OyelkVHBBCRcoUEWWhUGQKYmK0NQIpxduJYcLLhkMI+2QfyfdkODplEtXbX9
LaZhPRi9osmmF0fnSkmt2mtD+W8uxBF7espDkUsidb8NiUtzBrSqTADQUIuAw5xG
322wFZ0DtpFM6nHpbYBfIGlIR4LyqTzyaSRJtMkMiDFgnMWrNF6pMsToo+4GbARO
MWM9mq4XSMrKAinqu7T8UGWOt9bMfMJrTrpfETgQCL4vur9nI1CbgcPWW14U2oBW
2lT1duS0o2eRpeGA93U6zF7BbCmlEqPK45Qmm78NwMcI9i4GgHSG2ssEn8URmv0L
qp9+UmkhvLT26dZtkB0wPMEVOIWx3e+F34eVzno5jAbiJxuUIdDPDwQg7xtrcLif
lRsaiGx7MtWsP6paqGBrYdHcXNt8P8k2ywNqRicTSThG0P09CNDWFwNaKa+9Ia7a
EnWoFmNoNm/IUH+wbRQUnT7oh0qU2mxdgMnygDhEELe1+4tGCTAPTbxSU3gxQyv0
w686bzZP9uGLoRfivmXKm73Wu0HtUefT1rNdPsJDfqEfo8mEY4EDMh+Fa50S9Yj6
SGe8X9jDaTEJLd+yL7xEvdEQ7FxHbqo7twj/g4Im0OeG2ngEchWlYcuOrlgog4bv
kWwcMhOCcQ/9242sgCTG/ATAV1ix0Z16/WCzzY60Zxk1eAlP3Ar9NiQHGuVClR0o
QxhlP/1KvyVMAQTtuEposNLUdXMydq8lVErFuopYej3NJOPE7eA4BeIXNyrhxqfX
j23tfb3/C4uHEmgjnfW1LZIjwWrOjoEZa2+lG+Si7YQWLLJWFNqEEH2rpxQMnwvx
282dIYpyY14PDLLN5nMltY8MeMaNp6Q8rOwTDozmmZ9RONzbKJL3FxSVENKgdJTf
v+gpLOvXou6qDdidAqxErGM0j68g8Rnsdw7Lj3FQH7JjLZiR3EQgGxRKDwTsV1rW
ODtsNyKBtHDBOn/zOFTmgTVpYol2x/kV22C1Wn9ZArHFgZDxDyDjjJqxJwHlgVdE
J+bUZ1C5DatXxvjpFhrTpUz1dvsTsq48cmepEiEnqYO/33uU7KIqjBxY527dagnR
q01ntVycY4wiLKjuJHHHy/b25ORyxS/x6nVYJsoRNXsvYCZ1zqHC7uh9eQStAyj6
zotbPet++u2REXKSwzhI+6mTCrFkfeHxt3BqTPAxHPxsZAmquayksNs8e94G5LnD
VLAbdtwuIdeuz3rDWObafnaOVXD8vzjoMpiZcYKubb9pdFQIdxpYXPyqwz2f+c8g
9VnLXajpwqByOPtLT5knKWMbsXJ5Gc8sNIGl1blYnj5ao+z6JNV2qqWA8dukpM5Q
/KwmBvR9/RijeIEPGoqRcwUi92fuvVJV7oZf2ZCCGMLw8W4pSrzfs/xdOJslrTgN
trDrAOKlraCKJQ5zHwZyg+c65KUe+5voj4WTu27g/vWTmPjF70htA+UIYcsNVYU9
yGuznj6x/2EV7rLsUTpMqMFN0s4dQl4Hhfr4gaoDROb7bOdkVtWAvwP4c18wlJA9
08X9kQNPqID0M0NOruz8JO8gyTIxyAmopnEDREvMT7JCGuwPM9YRE64pVPOZ1AZm
STC7LY11zMhZL+RvhwbWqjkKeKN3hQM4/45BHGFVgg6k5iobcv78lZHWO28SWila
dEgJLSobB9ieOTfrWqBrBBHjpaDwuyjS+QwjsF8SFLdRD5TY1IugUvW5Swnucikh
X1rK/FaRRQJGzUesrkN06LlpFiiRyW9nuDjdpaKV4P9pkEjHmtN3KF95LjJnXs+Z
07cF0sX2K7FY4GCfFxGPSsqbcR/6zAFHVPjgPGDH51yOTe05RWLhgGEWqt7mIeSD
ppJdnY1LDFK0AFbXAFnjxhNwlfJiLB4vdsFqxGSYXfAjns8vZR62PgSExxUMxrO6
P7oIAYisiU+9XuG40ok8RFCZgN2Qdy5oNDbYow8x3XR4BQu8+2sT9nLvJosjYNhT
8yHMhhAbJl5VWK1EaB2gMxmAISiCCkQQ4YlStMc/LUkl8XOdQmf9SF0L1puuGEpM
V3BhxNxCReiXA8ulMtnytw++lhl3qapALVu5OsJBQ2sqrhc7VhZTfiRQHr5s/i97
OrBb1ZHv48NblW+tsS0Vl+jW/7AMUvQO+j7wYDI8Q2GplujJ08iHxZw/YDjR+up4
bmQjK3xySaCi9Ef58KYOj0Y8ITvS61GMn0bCkL23UGNwISo2gPEcStdOksZtlvGX
X37skWsFPD3M85DqQeckjv3PFzGQL7ZZLUQmmYqwG43DKrDJSZld7VYHmTY0rrMj
gNo6iqzI+6Ygi81y14ZWTVeOFIH9tOKvjtuJz+90Qi9vEbDqF43+hiyWVg/aOke8
4TGy7BZp5j/+SCr78/LvTko/5gafEymhaQmmsR7hskt3AhjfTyUfq/cAtuIm39U2
MmXRwPdrzWASGy/lF0QnrgB0T85+ID58J9VaP78mI/BtKO20wWMTjbabR7J3Rn+8
KW4H6eewVWBqghCnsJQuqibbZeFDjFgJ9kIaTvGD0TBehpp9TidmppXM4Dl4J+V/
u7dSL257DzlKkk42gK4Cs0P1dZwe888KIABF38AZ8dnWtD492eYxA9We6NB2ru1o
K59oloZdn+slcF3DLfvVpyfkZ8o3EVgAPVXiDfHWuVp1gL8Cv5ahVlk9BJSD1CgC
Vwsm01V1E7QeNh3gNdQI88tu4wh5SVFk4U2cYI+dDMFUVDMzrUI3tKvWXNZOzn4V
Ce6Eu2JPIcCOYUwDHpsq5aj9BPKBguhQQybDpAAkgSZLwhzAD7rEvo8TU8gzZ2KZ
zH506GoFtU4oNinnrvyHX96/bG/VlizOE9YtQNyEfxxSOBsZD9jgd1pG4j/FDF1Z
Ib+KUUo8Y7GKlOu+l+/WIVcp0nIsyIC4zGdM6DThCT6nGrhKboduTgF5NRH/Hf03
Vrbj/ZarK0t1gzbzPgxotZiUfCVEuav9AVqxA2Zq5afs6bRfohqyFqwKHiYV19C4
m00v4HisEFDGG3f5+Zj/x6tnX9QxR81DOomUooh8aYs/iAz0nrKyux6GMHSlj8db
UbvQ+1VvNE3Fj0xu46HkKzGtFqpgXxzDLkE9e7NJ+Hw4tbOLfINQ0qS7iTcjMbwg
snexBuL6rf8NF28EdlqQzCPLZVhnOd1+KKJS7V/M8u/R/y22+IXzFSA2TlxhId09
IduZ3ByCz2HFJfVj7SameC3KANbRnBkdud1hclIBDS5Hhpqk4M8i3zmZRZWgLyjR
edtSaHuJAlHiKgAtQVeIzlL6Ilw3jVoHL0vOdISoQpoWWhejB9f47KRmUbdb5Pxb
Ot2ylXJKYFfoCQUs1xkNAyynSJAJ97yEAZm7aDmE4bjs33pz4L3nYxO/KUY6EB/E
eGgPk3Cdvt2JYY5BuFoxXYRKQgZ06c9mXzavJJXXWQUUB5k2QG0uyKPmwNr2sdJQ
A8ehhmgGws+7qXwZQEcNC3W0vmiGOBDYP3JVJPiNLFVQN9k8ClE7+0emFn2UcNyG
294hO1G0uBPAbCdhAyDnNpVj5RS0EgY647agQHyp/gjSt4XeoaCIKaalb4iGpT+C
4r2BqRcVUCdE3MRQFqiT6ccm+8h8eA7xtMB8c9OgUTEIKk/WSc0DUsCJB62Plgtj
KJ4xXQXTzzUCDMnACFp6mBTd3g2ZbnfHKSyJdAvPigVbA+Qhy2eWUTYpi6yjTIyT
eaQ2qafGppn85oLFkdgdmE3Ty1UxOpAsqLyNlNAa6YT3D/0Jl3VnfhFKlmywWIG6
Z2SLd0r07xoBUuAKHkFUuRauGYbVbU/Frmdylv6I9DhCqV/XEDa/tHOa/LWugvb+
x5A+g+kZiTiWRRLZYHungyjquAf/zeJsPYRoQEi4KHAQ30xCDk/dhWdhDBnUXT8P
hzMj8VN3yjQA1vMNA5uefj2/+MIkLkz6+XPl/lJNLFHYi+EERgxJ2mFm/s02h9NF
NhyWBsBtsEwi+rVbfcRRBpVjR5MwUohNHMGxwgj7rzvUkDe47ueXDP74j+JclO68
r4jQ3sob123uSYryDHBZxZSbwjFU2ufE8W+XL/NGwTw04alHZfKsH4x4ZbGqwunf
U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0
sAa1LzD78Dg4FKO8t3d13Q==

B.1.5. No cryptographic protections over a complex message

This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.

It has the following structure:

└┬╴multipart/mixed 1371 bytes
 ├┬╴multipart/alternative 794 bytes
 │├─╴text/plain 206 bytes
 │└─╴text/html 304 bytes
 └─╴image/png inline 232 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="428"
Subject: no-crypto-complex
Message-ID: <no-crypto-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500

--428
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="db9"

--db9
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the no-crypto-complex message.

This message uses no cryptographic protection at all.  Its body is a
multipart/alternative message with an inline image/png attachment.

--
Alice
alice@smime.example
--db9
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>no-crypto-complex</b> message.</p>
<p>This message uses no cryptographic protection at all.  Its body is a
multipart/alternative message with an inline image/png attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--db9--

--428
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--428--

B.1.6. S/MIME signed-only signedData over a complex message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5249 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1288 bytes
  ├┬╴multipart/alternative 882 bytes
  │├─╴text/plain 258 bytes
  │└─╴text/html 353 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500

MIIPHwYJKoZIhvcNAQcCoIIPEDCCDwwCAQExDTALBglghkgBZQMEAgEwggVIBgkq
hkiG9w0BBwGgggU5BIIFNU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjExMCINCg0KLS0xMTANCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjE5MyINCg0KLS0xOTMNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt
b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN
CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
IGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh
ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCi0tMTkzDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt
YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+
PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4
PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg
aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl
Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l
LmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS0xOTMtLQ0KDQotLTEx
MA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5j
b2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlW
Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
bEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpv
MDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91
bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTEx
MC0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+Rp
wpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPK
J2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ
2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3
lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMH
bM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpq
tQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw
546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXO
SBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2M
fbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHN
aaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwD
R6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459Cyq
bqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXnt
dX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRr
jFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP9
68+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dK
vIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCx
qqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATK
RGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNV
HQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cb
bmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVE
DMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhs
plrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnu
mghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4
rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYx
ggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDEwMlow
LwYJKoZIhvcNAQkEMSIEIAiYlRaTjUNCbHnrieg64m3mMEmTRF8kqt5E8+ogUh5/
MA0GCSqGSIb3DQEBAQUABIIBAILQrmFl9ls0ehRVddBjQEsH5VnT+NxYWjofr2i0
w5OoB4RU3+6bPs2i5Y+IZvdnQTkfux+L/Rmy+cK5tlK8J9taLXm3/mJO/57tW+Cl
E9WSBFb1Ik29FHbTuTbrcSaE6Dr5zGwZBmlkcb3rx+AdYM8PMAhDd+ESwYwyjWk4
A7zRNEA1pD4XZdiz0a/kULobW9W3OKaQdJANQG0CX23puEW+wk9hzuuWX+IXeLwh
4R1kXSigeWxlu44jrBGOzkr/UjonxvpjBzyvlS6ltj0HekROzHy9tXEHyeP6BOzC
kWKI9KZRyeZenYIOJRgqicDLdDgrZN5AoQqE+rBlK5i82l0=

B.1.7. S/MIME signed-only multipart/signed over a complex message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 5199 bytes
 ├┬╴multipart/mixed 1344 bytes
 │├┬╴multipart/alternative 938 bytes
 ││├─╴text/plain 278 bytes
 ││└─╴text/html 376 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="e18";
 micalg="sha-256"
Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500

--e18
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="831"

--831
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="a1e"

--a1e
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection.

--
Alice
alice@smime.example
--a1e
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--a1e--

--831
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--831--

--e18
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCDXOvk8vYdge4ktwwFa4GFP+Zxia/eTOacb5ZgEXQA7
WjANBgkqhkiG9w0BAQEFAASCAQAIBfufI8gxAWPFjnahNo6lRRGWj0U1S4GkRl6h
LCNh5x49ns9BM51cZp+s5KhQSxhFdmuru+wCwgRk7KjzckAnizh70/dEYJmsjSZl
zmLEGmtQ+q9MoyydZD9s2l9891WDjsCFjVIIhRkLTI7Zeh6+wQQpGKDbv0MoYQ95
a9HPz6DuuCjCTCv+rUEOAys4X+dQsgDx3hsSITVoKDR11kHVmZnjC4Byce6HY0Gn
cEg/VqBGK4R70/46XTk/EgLPsnSPLPfc8Pc1kw6yyF+QNyLV4tKvOKRvNJGf+Pjy
GvJIthBGOKFbOtWPpY+nFTMT+aNODuyAVQUmlbQIvz0/WXvU

--e18--

B.1.8. S/MIME encrypted and signed over a complex message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8690 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5426 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1356 bytes
   ├┬╴multipart/alternative 950 bytes
   │├─╴text/plain 293 bytes
   │└─╴text/html 388 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed-complex
Message-ID: <smime-enc-signed-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500

MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJGYWhyOEdeaxA1hlsqTJL/nwL8aIuFtQBnq
8aptWsaRxmbkwfd639Jspx9JZhc4gu50hiKu1HdJ2+IL7vvPRB49SfqiCst+ImD3
syFxHjbMJSpFDNNukyut/SYV+DAHbvgiGxB0vCT8iW+qbKgwvQYcm2Kcs0UYV7ek
NXA7wkNjIygcyRSbg7Xdhv9HcGGtIshTBvwS9DaYwmjo/8IlrXfeIusKU7dhZgMK
bVVbotXAylbEFH6vpDFWK5pc+DPgVPFe8iA8z02k8HdtXEM44g++0/chZAiqe8uw
UARmERg+5Y+2dROAVHRWFvloW6qWw71jBmtf55abK6jJFhSIzmowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAB9sGmAYY1DHhoMQbd734joYE
SjbvkHEPyOAlJI7FfGdAr4I+dmkYeBuvZVM1YWhtejpVAlurNbbLkOEj+yPhGbTG
nxBGt08KsSGKCM1blIY9MpkbsdUs0rSkPs33cYeRLJwGTzAsTSy0txkCETlKQBgK
0JGNQHIu8gvPjyMrlRI5xHGVjvbdz0LiWeQPJmoqBFyO53sliYgWGiZmeqjVUSc9
LeQ1h0kHl+vF0QQxAqIl9+SpjRTlFe3MXdq3gmvwgkYPelF48YaBst45yyJh57+z
Z3pAX7dJgjE75Msb1MKn7q/OSpF4Ux/yfwTVFxNJEGFGo46FOWkVb2lSBRhqxTCC
Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN/jbIuyBiQPvx9QS9tgtISAghWw
/W8bWpUqIZAatmwlv5kmA9az3Z9YUJnqm2X8mh1MO+UrRCcq/uk04cXYQaF0iqS+
M6torBqIrSRUMFkcC7k9TEaDFIuUYpRfp00AFGT/+imSNuouqRb69TcXkAHqfU7S
p9atNXNLr7tSxVec1j/uuW8cwTToPi7U/kHFCdGQt+YwMoUhD4gVp6lxWtgeNUE+
RNr/vN/hPSwXyWR/WCk4Vlc9AjGlwds4m4R9MzGHaaFWjOSGbkhm8dN/e0s409ze
8YzvbRc3GKz669zduW9lLGzjbaGGd+X3Oug9zf6JPkdwvQAv6rPfQK6zbOBtNs7Q
KYm2APsaHFjItbN6/pM1E5ypYb+q+W+jQQqrbZOFziwlxFWWU0vUe0GwADCjEkKN
68ImJdvWjB1FvdFrGQLFRogHBwcyxCttF9ZJcG88ldMGOt5S7vKfSWY8l5ZEOtr0
ZqgmIA5tiajWyasZPpqgz4Cz0pP6NJpeuTlpHrDKH/YjMvtdzzpnaBvFPMQJGu7Z
2gG5BX36PMHNFWDUi+L9fUnXl2pjuWqYPOS4WatITNaRP6NIyR3qsbSNZ0uqS7Ry
bZs9xvpYBsFIupxr6b3a2o1aSx4I0rjLijDjYDesIjV2b+eis/vMi5HKbY2feFch
tTPdcv2KxP1yxflB5xF/jVxaFXlsRr7ZW3tPrWuR/oGhSn5DM6Ruqg0zN7RoMAuu
9QxQRWS8eyw5VFxThQ/5pWVos2xwF3WtKVfuOXbhhKlWwwcZpiW32UvwnLG6QdLp
2FdmgD/MJMkGHOrB2LyUx6fABSOrOBz7iEe2uwPDTKIyLNj8uH4P9+O9IaYnNHbT
mOjGGF4eTRVwRe8QTj8aQA+ObyxriGHEDNIXTF+QFES9+roo2zWbbOF2PT+C/LIA
Rmhtc0gFnpcCQ0iZNNssJDBlZhu1iEGq5Vbm/UXqS11b/vWtBmqrwUoBsrgXvkvx
HevFH4VrRQE8aIDCKMFDTme6Ti9zZyJh7sviuBQETt0rIQ4Hd8tVPR4B9VSIKbER
mgOsxcNkGEDPipr8Z+hioTO7g1++ZhUbPQSY6biWrQmRemE4nIXisAEXfX5oPtrN
X9y92vgfUEF9q8c6uiVlh7MMt/U8WyjuoM/pEQRd24sA1n+Hxytq99aStV0DQqg8
eC7RmmtjGToJkdeOPPJwZEn2QVloYuJs4jD4Aqrt+KlaooFh59tAacHt3KL7LO/c
U/sUfENJ9ouHlfmJd84xc5w0D4g0lB53Ly6YRjLlzlrd1fhkU2OJiG9s7Ki6yC/a
4B7rA5cULoxyKiSIlQTDbTqo7CO0dA0RPkKP7ZQWMTrRhjeF4qfNJNKwkTu1kXJt
rIlw6XRj3xix+kYBrDHkzZI8Jp27Z4lbkpcXu9U3iOHP+HPD8T8HepC2n63eQop2
+EJ2A06pintq029gtfssP7Tl4kybuimSgyaVLEIwcwzdI44fYg/Oiiezr66DSi/F
QggHZW3pgIdudD/CS4Uf7MdZid3S19NSBh3iAdiajotqXz7SEMCCt3YfdrIDFX7b
XQxhbVD/26zPKilLSYbAs634xeU91PUEdFvYdeA6uMSGo5Fn+0D2ldT8vZiE5H2T
ud0buFrNqN8mnvAo6PxIDHqobXkTjcbdFDnPm43xGfvNPO8WUvGOHwSEhlzz+pvh
BeQ7XxOo/U0aNSXdT88TZ9v9z4VYCLaW2ko+WAd9PrmKLkcdqxmt0WT7z1ii2RG7
hLOpjKI4FHWFGwtXcx8YnXr4FDr6m87DhiYURQbLSV4iUfBgECFFhVuz4quYIyZn
yDrMlVJJ15vmZmwOlJKfSjMKyUZTJRPZaqRqjEu1hmLfuTKygTpFHw0Rx8HTkiDE
wWG4c3Jyh5AMSjYmTNnVgr/fqH1N56k9LD9ydWquMKe0HW3X2bhMQ6M+x03l1b/k
XUbF7lD2W+u2BJMGDnhvU2alL42QPQebGjrsb/Dmoq9BtJr1ldrB224aCbaYCSkN
dsQCCSPLCB/TXJAGoDSznw5f0OdG/gsafEOq2SvCrnACoQwkpz8HHYezx1QnV4Bn
kv7Cq70vb3wndsctTZrdR39fpB/rWILMer7kfsClrto7WK3p2QRgEAgDya82SWtJ
FJpOzO/6hW3EcIvq7TZHElWCvf/5gG6YsaDi36dBGfwUMI+NkAVOCCcKCLmro6ET
Rw0Yb3sawxuBrS5hOG4jCXcuN3lEC8AVVARho17xHU5nt+pfFTV4jt/uJh6iWxx8
zmwiPKO3tCaNAWsVHy3UHNG9D8kz+ygMqMSQLFtzMnW8cty2Xf9YF5SiBefQflgM
HbI0dvzXxGStYSOjrQehUVLaW6gLnPuyssSDISubCQuf89AILtRpH+rETIq8Ai6L
t1v1dsbI2ikHBvWe0z9f+EsXks1E2hO7GyPiK3TgwzVeT+t3z5wA0/39l7qigGZ/
R6v3e2RhaBu6DSBhUX97hvJgn0rIjdkNv2A380mrW9Xz2ZXJhYkj5Isp5cH5wy8p
rW11eL6trfkuqozm174uYA44/DRqnEqqU6QhIeIJEAUeXilsfBittZ24twIulKx7
8S6g2BjuoBvv6RiwNw1gUtch45H844gqTrwjAr4j+CarCc8mYmI1LjaM9uVUOgtl
4q5+2m2f294KOKgiY45Q7Hit+TwqO+inWlskDqZAb04zn0/aZbdrqomWh+f7Nufd
KvlFWAoljZg+ekAFFytBreBJsw+zah4yAz4W28gldy1w44f68xNzCRg4SpoEm8Rp
gbQXVKzi7mFcfYn0R1GgFFldLDLLV9FOb4hXYAgY3KV0qu6hfyrq6zAw8CRAPYkP
3rhV082VlFOaxIUiA/U06vuXOWFzkMKciH8XEDvdPZycExa5HTzr9D7Je89csh5Z
AuQFRoHOshr3cDpiq+MLO1HpL+b0Ol+tCkWlJSBE0y3JV4udFnWmESoqU4WAGKhP
+AWSZdwjySJEZnZtRgovk+fquvxnL6FjPJL/ohdEAQPeXfvbvgxQoeeiDFCcst9q
O5G1Ekiq3VH4NDCgARDCeGFag4oJU6Naw0rKAW3dzZQjZxU0c8a+CdVLV+ZaXYUC
rbopg4GKcAnCo2RP3tIXNvgHvnHWhWhtiys7hzVNPtO6jXk0d7qIF7hClxq5aShe
kweXjMHYZJLjB/NT4JZoIgeyQKJAZkSSqbqBgbK3Mtuw5aZQaChuMr0MYyXbZ5Yv
4EABKcGUj1nIcsx4goKlsCnNVUIakz4oHCaxdKfGA/SyKbs8cgS+zusjpD9ankYh
tH8VGAO6s0td3CvDhHVoX8S5kyUO1LkyNhkXDCe5TnTEKRF4b7vLpNj71FzLYPC7
vc1FHNSFhyPjD+MGQsqohf1HozSJUMlt/Au72XxP8LXQgqJiRP0UkZ39IjRMt4BK
+rXt6baHjmcQfowjAhIPsqDNGLgFRGGK4FSJ1hRb11kOFz4VHJ8604AkmS2Mk5fF
kTXLOkxOEqvb+JBVd4J/NmW6wvlEZ7iHw+3nRS7E6o1+wefl5b/axmVeJgU/h6KP
OfJZ8vDjzNtrkHFTbix4Vj7bzQFLLfiGl7bP++hN+8ioJDsxob0/DijdcTvdJnzR
XJRgBH4iEEJrOcleQ5HIq2kLmUoYz+U4YpBVFbOKUyQfheYl689HphhUg2NEs9w/
6am0jNfHpdUrRuBCHtBLIJySdyexq9Gzy/M5/+j51v29YXCLZo/lu6JpPXv21wGy
uG/+T5wFKVlcIBVfwgYJJM4Whht7I9S6IAqp35b0hLNtYoyGAqttOSEENpM5wJKw
DGLeB4vye2vyiK67ZACxcnqUrDePFYRFKUMSj+U/zeB62y/DVmZBkr7XAXiGBKbp
M5YMTuLmsz6uB2S9Pp1fuiwO3qV4myPHlNQMtHZVnn/Fcgo+3rpW1zx3JSX+aMdT
eEran9uQRAyfMHOd6k1tghZwvvZwGaU+9Oi7hyL2o4nJY1G/cqWvSK1E48u8aftK
oPv6RmpJDvJbh/uriqGZKNIf27t5O/IGBBcwRGeMBgqYYkmG4ss6cvbIcBcnyP/D
w4EoGDTLL+YU3vOZKUp5l8TEHYvtDGuBf1nMt0uTT1Zk6savmLVEHOYObjpHGAVO
Mn5PvfV2L+QYi2mpCxAmArscHVJSysWXJ66Lzps4J0hI2mfxalyK/N+qW8dNrvkJ
tyokrjjfnO3FVyD4j2Ph962pMLP9m0FsNBVaO2ntBYojDYYd5MqXNcUMVkvaxORk
UTuUsCwU7CwIkTDpHtDt+9u8Ljl39jkejwEAovh70EVDkGaclDCi0PVs/jq9ferb
V1T9QGbP8U2wp6pwVsJAdo4nuH+sn7HUsDxGP0/Zwz65dhSyd7eHLNSfEdxBMFSq
GyQ/RG03Rxq+sgtAKLjaBlS4Ra7xNLAKdxO0dlyciNXPFHubDDhaib7BQE3qG7WY
9JYC9NeBS6qtfn5PBS9xaf5xtHLbIBegz0NRmct2KkamMIQsAJYRvcJ98mMXrFwO
qpqtQ0KHePJk7CLjUB8oQooWUuD7LGpmeSCnjTUSXqqJiW40ZWX0IWJYGkCEOLuZ
KrCIkTYimOq6fQBfbe6aAzrF1Wpdk7/7GXhiJf/agQnRkvrCP3xAeYNDBxDMnWmD
EKeY12hNSGbEx/GEvM3c0odMtd6HMko8X1G9OXevZWd10CiEFkqeL6faFO0v+rZc
gHF18L09KUOIxIjyPis3lKTrFLBqJnfzyHDeIiIlCCfqAgW/2ng3EK5sDs4fnvYN
DmNJIE0oDiDodIQrznGwn5Qsj2sG/aUgp8cNNdsLWn7diGmSrdJFZWji9/rluO60
1nwrMHbPBzEpEufZjGs8TbN5Ww2CUfuSFBkB+dn7dkoORVppiakqygh/OzSiNYp1
KCNU7RkGV45I+hadL7RU811L5F4Qimo7WQXW6F8fFEakURm4PU2cREpR86dhe/Xt
XNp6pvLjvgZb9G2CgtgDMgsZqSRlDa71B6ktIvg1js0blZ4Tcn4APcdi5F2Tm6Uj
h7V01OozajrZ4VGJVYI6DsBRPfa5DY+l4f/ITDyONn9VBmnOlIQhwC1G4l1csAnW
L4T0bi2glMl3BdafBAR0H7RePm08oohRiV9gB3lm9OXy7t9tyMdmfJSKExALnc5/
aE+7QfadJ1uaKI8MvFbfkWKB6x5KD+XHjNQ0NHOewM3aloJUp2Ok6CiNp9yekVAb
w8cIhvODtQysXPMj/q+wnuieOzkYHt9I2TA+wc4Bq+p6ZFGbIZUBzmb21h8SRqUw
HXC6D2VSMCBFjIVpePbYB8TbgEkY60obahPfkiq4BN1SnJc9rGK3ueMOcXLwyp8j
5enxquno55PmmeSvyU9VS5vwcUiLoEggLfmc3l0/XVlVpyFUsl1y1KjhBh0YfSDf
R0wTA3fMRH8v9UVQlVcoNBS+FzXPk8wRm4Nbx0zQ/d6BqDeL25dvQw8qy0+CIntR
cMWV+BG5PIFFmL4N9fqw1iHyK6ccIhp9KpUuVrpTTmmE2DuuJJiO00lZU52DzaTg
GvRuEjZz/TryEYploSpya4iaNzqnaaWd/g4STf5EXzH192QBf7WJoct/EaioK+8T
hIpyR5qXBX0RK/+TlIT2+oOPFdEXXOI5II+0YTdYa+y1uV9qKnN3apBXS+7GLodr
fjOABQTpXkglp6d7CTJU5gJlR+xQjkOKMvuQJn1WzeN3pkEFKaC/9SwoL/olvs5+
uCpE5QWUXNuCPyd9us8/mNsXse69SNK/oF5/Zqn8NawfmQVMo8JaPWpWarqJXdoY
2Mt/UhmLgfrZ6QidZEQi6OPcLgNbbYY35VHGgYsHj8c07GYTo3p59lKC6xEotY92
9MyKOgM8fw3dfAbBPXA4TqyUm6kD1J2Fy1sMMkyfR5WnQDsR+/Vxq5k5bTlJ1ZRF
8FZHeWv5AItHWP8KknJv9yHpygUWgj1PtFTPI9JfC4OI4kTybfGkS67iIB72oojf
dLLyzdJ/WMy9HSlT6EncV0clQTVlsCpxvNMn7Wxt4BkYd0v8eLPm7d7saiwl38D5
TtHy3EgkOABsPPUoihuls1gJKoRq7hWT3CYf5UBCsa3Ocd7Qo2yKJNgDrRosp45j
X6u//xxA/LDXgrq+th28PN7i+E9ZkWHt16wdUbtFQBEOmpm5ZB3hq88mDk15v9vb
OnQnwGf6h3UWx/AzmPuRPu2C/7mEtB7/tUj9nqwCgjXIJ8oYhv2uD6IjoAZgRbwm
T7KoMb9T780h/0LealOBpZ2a9LZgNAIcDWWhb8fGcS537GIzIS6eZG31J2Pdb+ip
isCzrnRZmWJqR9MPhUq0lhTLEuxd0RnuqQE+VnYydNvDu0p3L5nfINK9vtGWybkc
XRFbJS23dc0vS6ug29jGzLzjODz/S6TTvo0qgl2heFVFdYzD/z1pw2dPQAlk+RhO
dAG0tDQCIyVr719e64j4ZbFjMNfE7QA+YJfMaQ1HlXEGQvF9oLA34dN9hiNAh2Ls
9ehAOIo7gs192SDDOwDHSmJJr27A/BdGGc4vC+t8Bc7hjFza2ixJ9VkIh1pa8ZU9
aNnNbLcnfb5l8/7DXgSpiVFncgsLaCZ3iORFxE/IsNX9+R0An0+y+r2mpdtDWg1w
69g+EMg4dJw8u7pTTW4J47TCAECjF3WVybl8YpvVmgVsrTIL/jDlNWq66JtH2yC7
Kcc7IF1neMYTpW033hDTKDcY271nz/BhdumwynboWzKTjyNuim6e/OdCKOJHT8YJ
8icUmzbOi8iYjAwhSqu6t8OZBYIT7oItqzfkQMKKLWwuguJsRa3P6OY9Gg7FUZno
PXjOCpNyGzY0hg5VVk6FV+thB11MYmlnG16D50UbrH4tgnzkUwpUCMrXLdWr7dfp
l9u77ICFSiWnIUTtah+s9TUULnBAL1TWyEN6dcqdtT2+HYzDN+FT9+HJsUabDIVP
9421qkTt5VlCWImXEPdeq4PqfE7LWtEA666xhpgzdnmmE35QHI/por/HS47TlxTV
38m+Laew31eEWGaiORbPI8XlNZqlfwjv39bpJH9nqMdaeY/kbgFCAsJyuW1nfJ4W
uiTUYsk0Cs9u70BdYYfo0+zdUgem+XM0epL9zH9gsKiJ4gfdbv8x0rmcXhIhaA/V
bRGj9MYxyBbCORCNCMt1OeX/GndLxj9azdHKugZdLzGTA0Dx84xRd9rDWOSxGv1/
bNVXqDqCaW7BcSiO8pAnWlvwQ+m/p2Wxkzi71uxJhhHX7M8/k6mdJmmrB6SRf6S2
4oc7ojwI6vXTexWry421uQcrQTOMIFutqna5NYRylICuC0vm3WdNuRLfN7Lkpafq
evbT4zaksQOuDFoXIGIQ8kJ6HTEOA+v33uV7BZfqlo1yIetX1JnToGheZBMc3skU
pCQjWDeZA6u42Nz+ewytKgYRwr2trDE0bX3xMfH0+/o=

B.2. Signed-only Messages

These messages are signed-only, using different schemes of header protection and different S/MIME structure. The use no Header Confidentiality Policy because the hcp is only relevant when a message is encrypted.

B.2.1. S/MIME signed-only signedData over a simple message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4213 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 566 bytes
  └─╴text/plain 228 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-wrapped
Message-ID: <smime-one-part-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:04:02 -0500

MIIMIwYJKoZIhvcNAQcCoIIMFDCCDBACAQExDTALBglghkgBZQMEAgEwggJMBgkq
hkiG9w0BBwGgggI9BIICOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0ClN1YmplY3Q6IHNtaW1lLW9u
ZS1wYXJ0LXdyYXBwZWQKTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LXdyYXBw
ZWRAbGhwLmV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
PgpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIg
MjAyMSAxMDowNDowMiAtMDUwMAoKVGhpcyBpcyB0aGUgc21pbWUtb25lLXBhcnQt
d3JhcHBlZCBtZXNzYWdlLgoKVGhpcyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBt
ZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEg
dGV4dC9wbGFpbiBtZXNzYWdlLiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2Ug
aGVhZGVyCnByb3RlY3Rpb24gc2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1l
LmV4YW1wbGUKoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV
fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK
tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M
RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0
LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw
fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu
OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3
QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo
7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95
0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW
Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC
n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9
COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw
HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA0
MDJaMC8GCSqGSIb3DQEJBDEiBCCt+Ik56mZTd2mpSgOXM38dS7jM5alU2FDX9/58
cga1szANBgkqhkiG9w0BAQEFAASCAQCxKLkx5li14OIOcH2tcWqcsQilPLgQ30ck
qhJL2X9/Cl22ibOGNwL8w3qSEBeG1a+WtHw3bSqJx1ciRYcLs16ms23no5QoZ0pU
fRLmQuTEgObCf+syiTGnWLj8e+2aRVP1L9yEIbin6+hFyp4s393zYhdMOPAP2ruI
lg+BxoWXUjXso+8lPgqLawA+9KMI6tQZMnwI9LpGJmZfoSXdHWqWtjdotzZpqsKm
Ihr8DBKtUetqgZ2zqDO3zo3W2L6EmNM05BJUmqwAt/cN+X9kws5dAqtHDQhPNTa1
WUX0oTTkMzn1RAlOxfowEStSnfDOOzIqg+L7LgiMw9jhIgP4/uB2

B.2.2. S/MIME signed-only multipart/signed over a simple message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 4451 bytes
 ├┬╴message/rfc822 596 bytes
 │└─╴text/plain 256 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="20c";
 micalg="sha-256"
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500

--20c
MIME-Version: 1.0
Content-Type: message/rfc822; forwarded="no"

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500

This is the smime-multipart-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a text/plain message. It uses the
Wrapped Message header protection scheme.

--
Alice
alice@smime.example

--20c
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa
MC8GCSqGSIb3DQEJBDEiBCCcDIxr7wd3VCCz1VBG9nySvUJ/Fhzo26f78El/UUbj
jTANBgkqhkiG9w0BAQEFAASCAQBUmMGL40IZQmt3Nad/ymEUOLu3Dgfd/nYKuj6P
fjKYJFb9UhwtufZK9/WyVtytLsFJMYHZgUSWU3VbHk1L/cO0469Rbqo6CqlLRJPK
uN2Eul2UCa+3ovMIQ8g0NBflXrdfR0OVRqvfO91hLFkTxLfCDUG8ziRWOLWucgZg
zkVXqEzvFyOtsSbr3GAY817wWgl1+PTFchO4XF+rg7cNysKqGLtjxP9lN3PcURYv
TmooTPY46kheab7ZAzKqQI6go7somKmMqD7UsctMLSVZo+EX5/N9vq5znv7bfpoE
Rgd+NZNQD+VYDIOU1FI5ZjyjHpRmcFpywjvHNbTBGlYhv3q4

--20c--

B.2.3. S/MIME signed-only signedData over a simple message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4185 bytes
 ⇩ (unwraps to)
 └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-injected
Message-ID: <smime-one-part-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500

MIIMDgYJKoZIhvcNAQcCoIIL/zCCC/sCAQExDTALBglghkgBZQMEAgEwggI3Bgkq
hkiG9w0BBwGgggIoBIICJE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl
Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l
eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTA6MDY6MDIgLTA1MDANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
dD0idXRmLTgiOyBwcm90ZWN0ZWQtaGVhZGVycz0idjEiDQoNClRoaXMgaXMgdGhl
IHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBz
aWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEu
ICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMg
dGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyDQpwcm90ZWN0aW9uIHNjaGVtZS4N
Cg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3
oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4
WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoi
ZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3i
Ox7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLo
OAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqU
uqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8
v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNV
HRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNh
bGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB
/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgw
FoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCc
sTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPI
FlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMG
HjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M527
4XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P
1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1
SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0G
CSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQK
EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxh
Y2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+S
tijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc
9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rT
iz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJ
C3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfo
g8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOW
wks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFl
AwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAK
BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeu
KWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqG
SIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2
doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVY
eDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqG
JdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQs
Pn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcs
m0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw6
9Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCA7
4grfze+Y7DQEGFAYHyyvRpNkuuZFR0V+RvSTvu4FGDANBgkqhkiG9w0BAQEFAASC
AQB1KYVvQNZpe3EKeM0XhJrlJNxneVmZWFCEl5YFeRsO8FeIwJkV65YtFJKjOVVy
qYuZBGz4MsKaddXxAOXI/Q7cJ+70d9iOc1mL3PD2/U6DOwwhNfJoNSK7miYfMASV
42TMJWTt0T1ORJnvBitjkTuZDus1tp3xwxbrZTa4pyGaXEhBW/Fc4z6L+z8hpQv/
+6dw3+ORgfc67VTHVnsVVfb0UPrWvdxFdL5xYdqXxlhDsLMEms2ttHHzvjC003Kq
As0xMHEmMpfdL5M69MAjvroOUv0SXETfQaxca7IKd+9xUNNRretZ9xz2kn2uD+k7
unTEyVGeHrWmQMw/8MdvEac/

B.2.4. S/MIME signed-only multipart/signed over a simple message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 4417 bytes
 ├─╴text/plain 258 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="12b";
 micalg="sha-256"
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500

--12b
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
Content-Type: text/plain; charset="utf-8"; protected-headers="v1"

This is the smime-multipart-injected message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a text/plain message. It uses the
Injected Headers header protection scheme.

--
Alice
alice@smime.example

--12b
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCCXRoUdgR7J+TnI6kw8MpGtWVJPCnoAB+XfkDf78dWi
cTANBgkqhkiG9w0BAQEFAASCAQCitU3JsEMd9FhqUu87UxYScDI1pDfZnX1vjges
xBmmSy5lq5vvs+axKK/hTOR7YLSuLJLNwxJgDCPEmHi1hV5Tpj5mLH8qEXu4c+kK
s9is53v0NvibhIvDEpnqNvL/kMVDAk2gTqYHCE2Ij7qcWWNhnGdweMJZsBvLy/Xi
BLaD2t4qHY9lPaeMugDrxThNWEhjoDIoI5f7NpBPYvJgB7b1cJhXqil5weYrJiGr
hyTr56lff+Xjs8qjgrrzdJ8HHeUsxDJulrX8auo+pIKudcu41U8Ben2M9nCiVbEG
aqbbPK7xip5c/YZEaZWYAs8w+dif68J8Eo7QO/kkr45Tt5pf

--12b--

B.2.5. S/MIME signed-only signedData over a complex message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5631 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 1613 bytes
  └┬╴multipart/mixed 1549 bytes
   ├┬╴multipart/alternative 946 bytes
   │├─╴text/plain 282 bytes
   │└─╴text/html 380 bytes
   └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500

MIIQOgYJKoZIhvcNAQcCoIIQKzCCECcCAQExDTALBglghkgBZQMEAgEwggZjBgkq
hkiG9w0BBwGgggZUBIIGUE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9Ijhm
ZiIKU3ViamVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3Nh
Z2UtSUQ6IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1w
bGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxi
b2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDow
MiAtMDUwMAoKLS04ZmYKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBt
dWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSIxYWUiCgotLTFhZQpDb250
ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlz
IGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWQgbWVzc2FnZS4K
ClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3
IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5h
dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50
LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24g
c2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS0xYWUKQ29u
dGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRt
bD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMg
dGhlIDxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZDwvYj4gbWVzc2Fn
ZS48L3A+CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2
aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFy
dC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwph
dHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHBy
b3RlY3Rpb24gc2NoZW1lLjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFs
aWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPgotLTFhZS0t
CgotLThmZgpDb250ZW50LVR5cGU6IGltYWdlL3BuZwpDb250ZW50LVRyYW5zZmVy
LUVuY29kaW5nOiBiYXNlNjQKQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lCgpp
VkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFj
RWxFUVZSNDJ1VlRPeGJBCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oKc2dyemZjcVZNcEwyam8w
NDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3Vs
aQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0KCi0tOGZmLS0K
oIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc
2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZm
OpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG
/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWT
LMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF
+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83z
dw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg3
1/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG9
1PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF
7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGX
noEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDT
qNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/Qqmi
XDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNV
BAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4
WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMO
QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0
9InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5J
O6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96
wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHE
FbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3
f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokF
QgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAE
EDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBs
ZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYE
FLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYa
ZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0e
NARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GH
qgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPT
UNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE
6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3e
oZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCC
AfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQIT
N0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMx
CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA0MDJaMC8GCSqG
SIb3DQEJBDEiBCDMOILEox46FkWxHI/3mD5yDe0N8CAfZ/xaQnI0alyyOTANBgkq
hkiG9w0BAQEFAASCAQBWzuGAP7C0InZ86JeaKimYKXpArooRzZnso+wJtXhZlmTX
csHp783QCEKYE0F+rv1IrD+fcFULz8Lo7Mm+PWQbtkbx5uZR7IFLGlK+8i8wVCZj
1Bs2lgpZ/qg1qP+ddCPwZuywITEGnjjqg76OHJOgxJniG3/teIy6dHMI2OBogZjN
kdVSbBhOa9GnTtnWJd2zH7t0tV16NyH3+pNn4DTUWR2IvRgxHky/KT7cIOTfQj9C
HEizTljQMDvHhoHslWdwjAGjH3foH4CXP1/1bN+qBH2QAuRZ8+LueDcllQsPJXtc
fUseHVMstoHac0rajLjDZ8FXSLCkmto6RRSQVsT0

B.2.6. S/MIME signed-only multipart/signed over a complex message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 5542 bytes
 ├┬╴message/rfc822 1671 bytes
 │└┬╴multipart/mixed 1607 bytes
 │ ├┬╴multipart/alternative 1002 bytes
 │ │├─╴text/plain 310 bytes
 │ │└─╴text/html 408 bytes
 │ └─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="ce9";
 micalg="sha-256"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500

--ce9
MIME-Version: 1.0
Content-Type: message/rfc822; forwarded="no"

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="c33"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500

--c33
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="bb6"

--bb6
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message
header protection scheme.

--
Alice
alice@smime.example
--bb6
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-wrapped</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message
header protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--bb6--

--c33
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--c33--

--ce9
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
MC8GCSqGSIb3DQEJBDEiBCAv+o7fTfRFOqnpRsH2sYzOleh5w2W+5q6Nde9GJQWH
nTANBgkqhkiG9w0BAQEFAASCAQBrqtTw1eU834PA6rF6Vsac5dGAswyv4vh/EVxO
xBY7A+uEacaMOXRaSzkTqehOkOGa31d2bV6XmWbcR9kNvradw//dXOkctHW/cW6x
1BALj1aFAbYmObCY/FTItu7nLGIAIQCm0W4OVHgH7I/QXOsz3o7hH68SWItJnLDy
cSEDzRKNh1vl5cN0euY0mNA6HcvKchkIlWCj1pcJVmTq3FQE4GNeeO1x2Pz3ao7y
vDO/E/s1iF2SiPS7GcgluywZ1ln5xAwR95/G/lUlqWFBXPAPgIMda1kDsqRI++tE
7aFVuQ9rEoAQJ8KeS8QWA/Lf/iefFfu0ESJxjRDdbJ3+gm5P

--ce9--

B.2.7. S/MIME signed-only signedData over a complex message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5651 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1579 bytes
  ├┬╴multipart/alternative 950 bytes
  │├─╴text/plain 292 bytes
  │└─╴text/html 387 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500

MIIQRwYJKoZIhvcNAQcCoIIQODCCEDQCAQExDTALBglghkgBZQMEAgEwggZwBgkq
hkiG9w0BBwGgggZhBIIGXU1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs
aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpD
b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjVkYSI7IHBy
b3RlY3RlZC1oZWFkZXJzPSJ2MSINCg0KLS01ZGENCk1JTUUtVmVyc2lvbjogMS4w
DQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9
IjllYyINCg0KLS05ZWMNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
dD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zl
ci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1j
b21wbGV4LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25s
eSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBh
eWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFu
IGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVj
dGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lLg0KDQotLSANCkFs
aWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTllYw0KQ29udGVudC1UeXBlOiB0
ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN
CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhlYWQ+
PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUgPGI+
c21pbWUtb25lLXBhcnQtY29tcGxleC1pbmplY3RlZDwvYj4gbWVzc2FnZS48L3A+
DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBL
Q1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2Fs
dGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRh
Y2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90
ZWN0aW9uIHNjaGVtZS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp
Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+DQotLTllYy0t
DQoNCi0tNWRhDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29udGVudC1UcmFu
c2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxp
bmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlS
ME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1RwUncyMGRxcGJmQVJR
RWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWg0Kc2dyemZj
cVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2
MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09
DQoNCi0tNWRhLS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2Ug
TG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi
44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3
ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3y
nqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAO
peNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhv
BbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8
QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwG
CmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNV
HSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVE
PIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZ
MA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7
GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RF
FdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+b
l8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6d
SYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9Rd
NI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIB
AgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQK
EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBT
IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8y
MDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0s
I7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVA
ckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prD
tpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4
jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3
VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB
/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNl
QHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQD
AgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSR
MI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBp
I3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ
99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZX
L2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+Dqat
iQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1A
LgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/t
HuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkw
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIw
MTcwNjAyWjAvBgkqhkiG9w0BCQQxIgQgSnZFRpoKyudHBvkAo6hqyxtaGzBVpz8R
sk+FJtjH7PgwDQYJKoZIhvcNAQEBBQAEggEADAiUCPkW4o6qXePSs+Yh+ZPDq8Zy
v5hHlSNGGLmQP82ZDL/+zob54QvODTFnFb8SNL05nxIZlmZo/XtxRThlSiIy/Cnb
xL9dkylfOaOdtkc5MMv+W5AWQQ4CsJfkN+g9EPr+XcsFCn7Dsb/Vu836eZhSQ+tB
kttfKuhy/XKImI3fp5GLZhGu5NVWnwwC+lUm3AoKhmKhI3M8KCt84xpMGYXHJd1t
DfADNo6cWgQ0pQeF7mSh4gSneysep2koZNVx9LpCjoYzto6t5DorJBtBiZBr7qBg
jY68KcMpZ2N4IIPLtcup96bHPeR+IkDqaF4EeeFIfCysEKBRFkbF+qzgNw==

B.2.8. S/MIME signed-only multipart/signed over a complex message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 5510 bytes
 ├┬╴multipart/mixed 1637 bytes
 │├┬╴multipart/alternative 1006 bytes
 ││├─╴text/plain 312 bytes
 ││└─╴text/html 410 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="34f";
 micalg="sha-256"
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500

--34f
MIME-Version: 1.0
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
Content-Type: multipart/mixed; boundary="193"; protected-headers="v1"

--193
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="db5"

--db5
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-injected message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers
header protection scheme.

--
Alice
alice@smime.example
--db5
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-injected</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers
header protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--db5--

--193
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--193--

--34f
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCBpheScfJ+ESh8/z2r5jHx3Lw+5VkH8zTicO3HRGxfm
ozANBgkqhkiG9w0BAQEFAASCAQADy9VgxUcoI8DWKdyHqPM8nLuaHB1B/SONgbzi
4S1gIMs4wR6S02LpiG36z4/zFw0JUbvqwC2WJN7+W0Vra6ZX/x7Hfmv+uqdsMW6j
r8IXATRFWNm6GEbih2BsYABTNy8z0JGs+y6dcNNdDIwDJIkJETi+xv1eFA0deoWI
PyHmUjpzzjOcTAkFnSsa4lwSBOty8lZPW6u0klUx+VVGRkgg/0uXTBB1yGD02gbw
q5893RxO3g5zzxaYJP03zyO/WW7FmCJNNQbyZbQD8R4rvR0hVna0r7XoW4Q+WZfU
Dz29oLszzmumpedAaP7q/M0jySdSjWfQn1W5hHHhAMIlwcqt

--34f--

B.3. Encrypted-and-signed Messages

These messages are encrypted and signed. They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies.

B.3.1. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7345 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4436 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 679 bytes
   └─╴text/plain 321 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:08:02 -0500

MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFHb+aM8bhyJ1nFFuBDyyBVQf2IplykrvvYb
mKqBk08i2gecPSOMTkW5e2oQ4+WT4rtU4E0JXfMSA2KukKc+QUA3ycVCoL5zhetX
GsEx74S5P4JMY/uAoyBlEogGNi2lvagvgOGkqHJCZAjKjPNmqyTfafyv1Y4BQRQ+
WJi7mURDIbgrc0xfcC/yt7UWxFlfUhm6n7rTvRKhe4D0EOOB8yKupUgcDzBMTw5F
P9HEy0vFij12+LNKSsOPhVp0PbPkMCVi+ERtXEgV7C7BRVVYBiprpYJxJryO9t3E
jmIupqHZMgXxlAKFpBsdlPWfI1mrMVZTBpRgy8Bds7CORgWbs0MwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAX1PxPDDlV2Wo766+MhR82lW8
pD0GWAM1ScYPggh4t5OFmSjFtyiqawhMcQhoRsAkGV387oXupYXH/lkaD7nIdZW+
pZK1/RZUU0txvlsRIpJduXcWm/Dsu0lQtQSfcg5FaslSMjBpMI41BD2KC9M5meDP
NqHnzNMFv0ZiPO6x+bTCXhds8WTi/B2DDyXGjEaN6RUFw6rKNXwbXoR0DJCMosF5
55gQuo1k040YMqYRwdsJGETr/r/JaEPwNekogAfuXBkNE3JQB7aVgePp8mIZNIIU
0nP6eXp95UwLsoA/zwbOv9XSYgQDCcQ0MWycXmmn4ysbeWi1p7P+6CLwgx/TNTCC
Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN9EoELwqIPQUHcQvENM3K+AghHQ
7MaGZ6VZ5f9fpYjTHCbQSjcBtsF3qd7/z94CkYE+Fdt4Xtm91GlDSRONaVuT9yV6
vd3hoFTCfrX1aQSzzHn3SPtIh7ySaTG70ctsXP33UjcMjzDbvyvfIl1mxsct5rSx
e+cJ4z++pLB0vQeq1JlbuqY8SkSX9FyDZegnUD+zCB3qv7YSZEwD+EjifauMcrl5
p29hRgVx522WoILf6Ty14stVYot76cyOYE5AlEUMxBg98tLLzNgvgpevmhZwNzby
B3v68cMTXh8Zm8UB6F17oxdLFIszhEMnM4v2RSWB5O7L5C4ab+zWpB58AcOeIesg
E9TvdhcJVsiQHLMtVqxXcyyzlh/T1g1YZnfI4+Q0gNTTS9kp5y2Jpl8AWiHV3lJH
ltigpNDSlfbskC4ZUKNLmwMTed03kH2leAZGK9afAC+nNwKvSlhWovXXujmTwGao
8fQPc9cKfRS3tx5dOnEY5A6ZPbAx3SkcdHpUc/Z6Z9at0NnN80ppl55sichJeP+Q
yoWX/IMhZwNksoiP1Wqa2KYGk89l3EvBOOKMH3G/IOcilg75VxjfKQ/IrB6xrhb7
wY3YCV14MtJ4T9gi0rtkXxq6YfJ6LQVXP3BWpmlf3xwxQn3HUsQNFO/dESQMikOy
PgNT/wkwX0+v0XY59maI2tF9sMFiheLeRRjPDbwaXNCX4ghzpOA0KQ1+0/upcXPd
O2sskI3b3qh+gbRhTUOxAMA5i/POQ6QOj/0jxfbN081YdiHE49jlx5MA00u/yn2V
WKlDkXE570tX5Z3upvQvLVYuc7+hfsr0oIC/A+4UKzt3G3kjmHqKvkPeP4ytu5Cw
VxRQlhl+rWISO/EzflNHsgNwE/X3eOmub8vNl/fX9ng5hMVaz38pAQyQysr2Rg2s
ZDasrLS4kWuGOtv8gXD+Lm34r31bQfl+0NoVpJFV0iHYzBcmL+refdBec9Jfm0yI
KkX1YkAovvlnYL5ZYzP8E08hNtZW+rln041yyZa12hRlORO6lBqxb9W23vTgU4O4
vIRppUbJrf6tmYQMiYXkC+Kugur1nBJtEbLQ2WurYFSkdrrZYLg6+cs/K+sGgCMI
0GokK2ntwmLWHCVU9w15i+7G0HYxZkschUQeIokU2M6KePbp36Mb0vQlVJhlqTmU
HdW6EDk+iXDNW72gZccDyPhZbhZT2g4iWHl6xA5iydhE9le80boq437OlgMIHUkS
2+cEArcITxmKpDQWxREYF74jJyz2Yf8rZY4uI6j97+LHYlds7X5HIIq37xVUKUud
sDav+1XMQygilVzgdQ6MTKH29rK+/OKJhWZYn5HDGUIa4GzskjL9Sp93xG+sRvtP
tC2bhURNdHjg7HyyH+RldvxN74NiFrNCj39TXyw5Tzs44nxsVqghdu04BYMm5uGp
9rN4c7Asn7kfjg9rmntnmnmBotKncRM4W1ybT0zZ4QoBCvl2306QKgll3Qiv4E2e
3l/POH7VEtTBeYph3JUhCjoF/DU7lQetAaH3sKDdRqvxb8pjvQKI+q3NLUhYMLdl
/HqrtNXq4ItRsfz+yYsEKlw68fPncK4OEVjxD8e1kP9iccyhEWK9sS+zZmsJmRP1
+CzHNdV/3F4V2eaa+YRiBgerv8jjqKhozquzKBnFerDrGvBnctYkBCL04sGowv3c
uxADq5pw1sBo2XIwsA6/hKtCijpkIOiPjawE+uKwDiQdGutdxOx5v/wk7McMU0qO
tjhrKGa3WqQ7w9lLO/xqNVBsGxKSDsyCZuKnpYlg3MgRK5JEq7GngLiBKRN3EErD
f74gk2ZQ5l+41eokY/3YTYhAFnDabzhxLK2vZxuc5JWOScoo/Ej7AATgKkhr1U/g
CHvGyXxqrozMu/Vks564d4QTx7SHcOzJs0pIeN79muMOwEFYBKnQJWZPxyzZ+Bx9
p97BbhQwhJ3sCJPiwMrLUJCI3d/DDPkz8IPru7rBmuYfTJv2buakTrR4hwjg8oK1
2YnhHumejoHzR9EfDQelF3hYZSzwCH64ODMsSXGCRZjps7Gu1KWvdRxAiZHHCCA8
98vBO6pjBFG+J1KVufCTecBAyFKQOToYBMiQ195wzucZjnEeFtBDlaSwTJAx8rM2
ROR5DasKHRqdV6i2LV4b/3Xq5CUqZw3Q/kZcdSQTrqtDafc5lTLS/dPdCVWr/XAh
wjBgP9alKi33QhB73CFNTM4T9HAgR4SkqqpfEQEWkcJOIE3K7pfcQbplvR2uIIdg
gExjg5vyMloBFEO2YBcBi8bzUKF+sVpIkaOyfeD/tUydll0e/eDkwMD6Mx01ssgT
POJKR7EggddGlm/BCB29IekA5Y4Ydc7GslOFhO8zC2LCm5OHfNgzCaOos6lZtpzA
II9ihCb2/P0VRO0XSJ4RoR9Srj4DJji/VlzHqqswZJQyzqJMRJT15mQHf2tOmobJ
PCHpkJVwJNjHphbKTcqfokzHh1YnOvTJ2f0svarDhV8H3q9cM+ODMDPFOARjZ/hi
ciDo60l0MciMAYzh5CoAbLQgzlHNUZIM4CCqidPVzHyn1lIifhH+yEWkXkkCO8QV
1kDFbwmBhLRPawpIxsr7QuZ0aICJBdGZ2Xwx55VAbht7SObllNYbM50QeMtpzJC7
0vKgPkoctvuqR8vO4lsIqxUc6vtHW8C8YWHhz8g9oLBPeR0o/0I4+AePScm/BICy
DrnYGfFM9C/rMU+PateE/dvsGiW6dTm+9SUFqEqwIOazGfAwE83G85ZVePQ0Q7RB
jxvZkgnSg7DZkbuy1EmSRUa5gR0wttH+4jVTYo9Zqrjw7NOvn/OLIIYDcpxQBrUE
/ntfknMq8luYOMou8YJCIOtx/wL89sYZhJu49H657dGB/A2tpGRVSb82OIei7rhu
+9quDIPXoPgBcEPh8k5eLtF23XJTfTi2sxD7WU1XwhiX0+0CfvQNFt8ptJUrPB9/
GzNzN0brNex9YUbFEAeGh6BiopGlTAeauu/VSc6J0Dl2uxLtt/sqx5riBDvgiXpu
vp+N22l3sEjyMeQ1iO3EJKhAHNpAFbMi6uEeMVCNneg9IxJj8lodiCaWKxjQafhY
i97omBTNjLQWXj3gCyIr4gK8aD9jrcixrPrUuK1yO4jdSuprINoQcDLE1T/yPd/O
OTwDZewzygLHRI/2eg0JPHtjZer/m+stDLbRxnhKGfwjTR7Redk0cX4oLPiyVI40
mRZ30OkMZ53iYRvzrsChO+L7Z3D6q5nZ2vO5yKFvfHgcmy3RZW9WyaiCF+wnLGD+
gcOtrcMs+SYc1FO1xCpCNd2obYK0icviIqH4TpAuSrW0bYCtM6hzoDdbW1OBtcal
08D6XVsUPgy4o683tf5TyqMZYqEssG6UbY+O8HElcJ4p1jzb50VxwwFrMkfntREv
Birra5k4+/Td6nOWE/Ba6lCOWVC8cBy1qp0bkKsm1IWNrbbGZmfLx9hgfLtxtCZQ
+DaWbvzEEeH6qyGy8VR/rX6kU0+rHMIyohPbk35VysC/s87OfBsuUheFCigfC7xE
v69dle3NAnXQpCE8OyIlL063AWlQBxEvEMfkutCX9LM/w2h7PI7DGu71Naj1CxTo
g/74mJrIT9lneVCKlEpkmEMCimLd5NzjUcGatCLu574LfGpsOEDRUDvIi8HBJOAP
spptpgQ8LMAjnvWilPQZcbd/0WvRzzKEp8i5k3IvtVHi/aFu9lZvnopgDJe43L30
tT3Kt9d/ZjHRswW4MT8vnCiDkBNF7TTyTC/jUq6pOuHglfc5H6QRgEjow/maBCB/
ApoGhlvCv+7J8ExVzkesaqrcTWQpHmq2szcTpnnhjgzV5W9CHGv2R0GcqQGHvkBB
Ds4wYl+OKDQhXczbqX7C9bJOjDb6hhlQhTtlO1/M5iBdW53k2OCcliV056KNLFhd
yLDvXZg7r7IuGo75lb9urObCI/w2KGDfN3P4Y8yRseJeBY9m+txWMJNyhCyNJQnn
7jLZ3es8cx/zQC/6AUQtNrjHzM+sIoSxSHXnS61Akj21zY0qyn6pZalPgVM0HIy6
I5r4BTGdIeI/kc6LoKhrfgeQnH6PwZmmddNIFQo6la3lpXuWgOZfqWOILo7L+2dR
neQ5AYaQj0QdH8z8aYrIgwwFzxFzETtnGJkE/HoN/MNGSaMD2x5b4y8ObDpvAkG5
AD8/VxZOsBJE1hTz/v7DBFY062MdYDbKHkBSOAxUPMI0ivu8yV5JzC6+x/98L+C7
NJTs6g2OIWXqgAX+NHZbFDdeIYMcExoMH8R/mz1zLibFZG8f4Buv73rdhwuRQ1/F
aKAxL58efL/ppkEvFEGrJhOKtXjQv2mEloseTc64JuG7wXql0/LW22Fiw+b9vP8z
aowf6DrVDB4CiZBvbjpyk/t8EtByn0JLq+Qp/f5FgIglB0DWteA1PVC22i0zlg/d
+aVKtOHRCsJXupP+jIjdJUekwJSZCid72SmwS6lfCinpJlVedq7OOA/SrJ9eg5Om
Etg28g9N3x3BzC4Q+gI5CMSKlfC3d2xHohxxdkwO2MJWdOXbjwPaPxgqYbngJC4E
WLCXLPTLw6XuTJ6lQJRpF3kk6REmqnRlDz8Dmm3ocpCcNLa7Vo05LkCnZfUvmZc4
jw/2JwuLcZR9yooiuHRMZj/WOFzRhPmWQWwCESCqcKYfNnXLKVsOZfWaUbNapIbA
5EOZoVpFQYZRz00Q7vdSodDtJ0REPxvybjGomJTYm8VgsICQZVTAhU8cNkRgh3KF
tqULWhLK7TzOzl2rrr1+LuSq1pb+QM0Az4ALYByeWEKno920ZaCfa/DxxMitx/Zy
RDfAtYiUzOmtWKcJnGfPzuInCHQ7QRYh2+xDh/o9k5qSeSV+lrG4MlI0sptm4lfN
W6oEJR7Y99IoIt1enqjicyLDYpJavZCgMjHznCSPffWziOB8Vy1vpbs80mTQlvN2
J2V6HqLTgDg27MO6vZoBjjSjBdW+AJcwOzzY0eMvT+hEkLqcSRXXEB40Wr/qtwFv
aLYhIToRENyvxRbQGmXWL8iT2mCs57m1sr0tvP2t7J4DWbp4CoiPY2IFLC4vZLK8
KgfPwD1d7qdZEwykzn9tzisOdx83ta0qeXc02kXsvxglglxlhO+DL6oamH2G1BBz
yVVaDnw3C72aV6BKL5XFjbW5WdqKr0/2Gh8EE6IPZIw9TlMbt2TxSTdGxXDgslBB
plIDqlQo47imspSjw1lbZm/duczPWuDpNW1f9uHRyIPcA8QaqXA+hvgeLbVpJuJG
6Y11FEYeIl+0tX251S9qhkDCvZ8MIZZ2muqYoB/Bac/CsbkoGJHgF5kglRNBMCZv
aUGnTA/PaUEDyHJY74VsJJFVv8Hbsvwi5M0AUuAIIy60lGL3VZqQRdQjInJKEXIp
szLOcHyaL8tHY0IRSP4XaSR6hiEbFJvbPUIKS4TqTr9N+mT1FeVkJXxjGJVqwcxn
GSohbJc93gt3r2sS7HAr5fhJI3xDyXIYhWmRIQatvlKh5SXsg9wSVMNFn4D1Ql49
Flb9J+ydb3ENJlVnOaKGC/hyGhULNAUTDyg+pqz3Nu5lwejgFNgz3/W/KPNnIFnM
6vJto9bEpNKATOOBLXW20ztJCjgH0DD7AvQAVTGu8208MBL8PueUDlUysqZduTay
f2aVXIcEfPFwXR8lzHtDe87Iu/RqKwPnkHy+nFRKUSVhyhQ3EgnWZpLRNzHgPxvf
C74UbBFrBARWFRty28HGPqM75jNsOIsquad+9gxleRsuPE1klsjiXlvDTltrEYE/
EF56h9hdn88C7SEO4KFMbI/6ae62JQdpO7CPgq+5YGHMVUZeQHJZkfLAQUVTCRQt
cZH86BtnMyKPZeovEd0guyX0kv27gswviZXf1h0ey5voAGw0EH9j6+z5SN0sPhry
AzwG8mH27qDlrrGCn1gX5fOS39+xtuuseqAW+iQgDk9IGrqAstMQYRW1kRYXKQlg
y/1c1Q5/M6kyq5M2iI9ggd7hrqTcEh9Xy1dRBPdCljXyWZo2eTnp0n9whXZbMtLu
lIZc102dTwLWWXM7uLK3xDQS653AQKc8C46DW3GslHl5+jW00C5orPHh5xeLX9UO

B.3.2. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7305 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4406 bytes
  ⇩ (unwraps to)
  └─╴text/plain 333 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500

MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEqWQtP9NMp0lborDI5F55uEoZxerbw2f8G8
04jr822TF4ehQnzqtlSmtb3q7XZZGz3OVYv0JOO2DWrWWbSzaaWHXwJ8HdM0vxiO
87SvZMWXXzwrZSyrabmCte7HhJOo0FYqMphkC8UoGtIE+J5Z1XpZqjpiicTDHZPD
qKPIXCE026LS1ujO/1l/ON5cBrdMRlzEE/tnl2vA3e95pUEM2ILObukZPPKLiTfr
ejLM2/oQUklYmh54leeC3dQA0xIf0Wktzrp4qt/qJPPKI/RCw/JL0Saf2x005pET
PBRhxQdPEyjKfBRIOm/FMa+LkAqzjHlJI6MbYs7a+zAZvqH/tXkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABaLUv4/qgPpg9LQVoTctoa3J
8+wK32xlFwCr3LzD4A+3AZGAzqgJ6roO/cyDbz6swNjZQb6IvsHrxn2hCLyGS7JZ
pxaqvNh0MTZ7ppvAAMY/cbtim6oo+aR+YBFMuUejNy2Lf4g9Qugs7C86BqwT/DDR
8012vrQcTRVqxxgtaJtTSHXPZVQeoTL9QvyvBR69XJ4fNvap1F5CVPlGONwVWgYd
7u1FQCViH1ASwcJ2VMYTAp2vWgrghn6taCB5NuzPH6TLqXM33bzaEZ9+7ya0kOyC
h6PtoTm+Sk504F3qTf3EZ9l+pZw9dYKmHXnJSXzhInzob22BUwmi8rmAhyz7YDCC
Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECnEpHap3uuwIy1DMX4JXriAghGw
Y9Dgh6eaEPJSGb2YLpt5P4NZqy1iFQN5A5F/ejZ+0XBWbhPihaoCRKaixUL0XFx0
f1THjHHFDNcuiZ2dxbGtWtuCZkxt44ycJ2GOJpCNcWVnO0aJckEyiPxhjn4yu16d
pqbT2G4Pt6DEW8teMJFNpaM7AcGbp04KTf02zIy1PQRjQRafhFO8+7Jkm8ndRPUP
bNfOdLq+oIErDaMDlr84VyUEaSjJzIS5xh7+Igilk1O9cGQViTaOEtDhhL19sWrn
Tdmrit+/jso6IPZKIlkaA8U1sZ4B3gWEjyxOphDKmtzOY5P5hQNcbXquk6CQT+N0
2XB5h9OdYPQc5hSUY3PxG0WwUovzQGAQLH/LwCm57sjfSNdTYJO4NijQB5kIzmSI
8KLqLquMser7JzSyhGaatw3zC9rZl52FUohJQk3OSIzeMhJoXrQ1lyWEQOSfdCFo
+iaV7OjHoEYQtmmcamzZwOi18JN4FyufRh7DyCBi4RoDx7OwWgKr601VrhcPZNwV
r+8Ysuqprpb1YEPlE1cqL0ZxVX5z21UQ133U08p4CV9fW0TuuNnMFRARnfnwoXFS
ORqrSR45G/274tG2/j3R94EdomMSJ8/Zx/qf7fou+EkdhfVNB/6ANb2jAm37bUeg
I89QvN/BTVcXwhMDsYV6OqPMaHwD3B/O7yF8HjyRiVh78bUX9rU1pIgXSrmnnuyB
1noOrWKpacjxQenLebNa8CZVG4ZpQRa3f/NXOcS17auNb/qoT/xtgcTaWb6jF5M/
D3ulDiILH/jCyDaglL7ItSzTKu2BCH9tNXy2DVV0FSMTyfOLrYaZpYGLULvoly+u
yBqTQram5ZxmWjGhM80snWlmaB4kQ1FBWoW++rnEbQ9JEL+n6UxTJHBbR6bNuY7u
5jjYih1tEKM7Y6cQbWn/PykRIjP76mukR/PI84WHQGP+n6K8QjCP32Ij5v0BdXCN
KftDYROYNGK168oej0ozUpPnz5LJw3vbDEFzMVVCjEY2qOD7EdTFAYojNwL4IuGW
W43/PKeEi7smTQWxGWrbIFxPwuuNKyMOHLGiKXqSJSzj531jTiGasWVpHibEKlUS
IWOXef/7Q/PZvCa8vxmVGowSQ7gWQTVEohKi0MV7lYuxDTWRacPetjFzkwOZoTHF
5gFV+/CY2W5VXVSKIR5mr/jjQtBu+7LOAep2MGq1u1LZJgXDaOkPR5Rz6orfCz70
M7oE85uq430h6goP4YKeCU1sxSE9YXRqICN83AhY7JCzrP4bKVnKdia56XEmxMKR
LQ29Z2zSakaIPKbSmxMuIqknlOV29PGG1KztSDonWIFVVLJb6Qne8altI7zTxml1
IMi5zxcto96g35HGN1V0h9zJKA8xOf6q18yhfJnWQ0ONkMpfHrHPTOXaU1r4hzm3
mPEnuG94PWMw6EKi485rsY0tZgE/PZr1slDsxmAO6r06mqwc5NfNZoHwNl6WFWZ6
1uRmctWEMW7gHeqly4TfXH4QiRMXAuzDdrYnVjWGqNlk3zEY/v/ppxI/woU4wBmw
pxwr3LTvna/8jpkt060hM8ZUkAs9zYbtQBGLqrSy1prf+nplrXDQhkIgbV3Lpx2H
hdMljzMyvPJse5AyQ42L9w5SZa0vIA9t7Rn+i9LKxjpdMsY+zW7tgqMhRTd6U9pY
kfRsOnDJJuv1ypSBwbaEfZgiNtUkFwuzQRrfKLqjJeKCXw5cpad+f4xPPPc52UM5
RnJMTFe6UFlNmodzkyLr6pltMRmnLxs12uTXHR/9z8Ni/+mUWg8G/9aTwujB1JOl
6Le8TE96yPlWqF//qSz8WJVWgTrfPGpQkwpzBWaV251LvgKzETe16/EY8zo/G3nN
ahlOW1aeBxbKm2VwtGwZM84bYWaH0cLPAQAvkFhv5zk+5pgC98rwifhhXTefYA2P
0D950lUaTQTWkjrw6t2kzg6mQ7TF0Ee1i5EW+SxVKbd266MQgSZNhzXsFTgs8XA/
aNmXLx2DjpbQIjI5AzvE5YWeN+d5lHDee4Z54sDp6GsqpYj136AHZIE6I1jxxi8U
p7J7Bkc1zs/4FdY9cGfHTlhV7ugtaENq3w5whavoMgaQZIj0qi/PyLBSFrScCK15
3kfdaRRwdg4E43PqQDRW0e49oKWX6VxGzqVlsOhzo4Hq8GvMhvSjC9gJQK1hIeDY
otBZIhEmOZQBq4rlJ6nVaWEPJkfebn8GB2xkogf3j+o16u4rv+djux87+QJ1h+cZ
vOIk/12eJaW3cxzBa/ckfph6TAPM1wEkcdxpLtF+dbNc7WHXK6NV8P5zPBTq58mC
iCpwhMnRUKY78wOdsAK5/oXl1bya5fFBSrVf7lPPyADaw09puu5di9cJUyOGEcH9
dWWI29MnuhJ/+GPGLrT+X36CDc4UMuYHNqGI0Eqk6XuEUgZDwbsmpYUt0J2zBvu+
Rb4xAIb1a94wXzsAQ/4aVKaUSd6ofjycbzcc6aU1vyQtqAOZPFP7S9z3dyN1LCA0
Uiat5crCQbVhJQNVMabkFBOWIF5kGIIERqmupnlukf8OFS+XGw8t24PPq4os2MnP
xtdZMOlmE1wvFlcD2/thU8hfXUfYnT2qmObikJpXQE0e7BAsAnYQj6u05eboEhfH
1bx1ZsZX+8bb504ah7QLfuqwAg9WTzdWooCpiCuYlAS/I7Ey2JW1tna3BZMCYMJi
SOD4yZG62wfP4QZFvv4WWKyg+NYdPj4XkHse7Yd7qTI5mxCr7bjtccBZi80JU19G
w+OvdypURyiYXylUYolj55nFnEUX+IP3/pToBWpL7yRizP/Q98xEUjoOS1QV9rz8
ppg7XjBYZrns2JERC2L2xQUUfBgTtd28lNgCt02PwnF8F+KrS2w+kiJZI9CvN3ie
No/ufb4uOFLlJU+YWC2c1kBb+5bxF1uVN2jhIfZRNXzbGVVifpTsIaz/qddsFtnI
8Y6yhImBpFCrdzt9GjsZjdNRFwTy60fJrXdkzwQgTwR8k4b8OF7AWYPxqgLHRhRv
v2P26GOG2d7+BhGyZcaiz2y/eleV1eG/rgfqYHi+a3IDAa3Iq0hDg9IQ4x6/qh5L
viDAM70hN8kqGkg8//BaXvgETIIMyupmvi7nWpBVKozs/jGI90UCOSf8uJDDcbnP
XOnV47XI0XufAeIdxKa30hxw7b9UTqE6DAe0Vzc3qtWLscadPIxjHOoko+PGoUOe
A7w0vNwutU8beBDHkhz84Ni9hmSWOy9A+7J3XFMm7QxJJTmKoRe5bySvCy38god5
12WxVrlxuftoGPf8QYtLc5F7B+gx5i8Pv8eI/JJLMnGBdci9OUYkIe6IAw0zMxjz
0wPzIITHL8l5ejE6cc+Gy+SwVosoa0RC43n0AzP4BWu4wRmJungQTSzMUM+6xb2k
ku3XkjwdQLVY7qX7M7AbDr/7eK7ojWnixTyNY75zqObQaoyhgKJlD+6iwadbMVq8
SYpSY2EUnFSVM3+NeGVF/ANLoGcBHzYiokQy1HQZlTpB/2nYA3kBfL9mZoUxN0fi
Ca8uDcGvB0MsHne8wvOMv9A4GCYYHSQxZ+SMtylTMtZ6qENDdRSz7JFC6jbaho3U
KM5+8iyAbXOh3PnMNURtJ+9+nFHI+7Uiudkoel/ymgOZgJhrKkbSd6X9i0f2da/F
SeLx1jFtLx8GDkwZfI+8N/JOTsH0/0tI5gW4UUvWoRtF3XUMU6ZFPnkCK8GLUCqs
eCgzZdnCV0tYxvZNtQhZe9prONcE1bbRGCJ/OeZRNKKH2CrjdLG811wFC47KfrMD
xRTM9wFxVsFDyr6VyhxojPuEz2OjmxnStXyd3nofcVVr8kI9VxIqPbRTLvlzevRC
CMdeZPGMgvEPLXCWAkFTuqpTYwWBx+aHDGj8EPWoVKp/4DRwjwYMEyiErQjz+a6c
0Kg5lovwNc0x3w5qx+7aU5hA8JF8YGj0+Oj4HdNeFs0n5uAqSXI4IkaiMcik3F5I
pJRwI5VHLfm/UoeazisJ3IDq3TKAYpeh7lSJ6xotJkZnqlMBFzMA1vu/WMN8Ymye
1GUEFPLgoRiukUOrfqDC1pfgYKXtvRsJRIFMPiaT/6kGDMA6OOVRjNOBO44OxuJJ
N2o71Q7+J6/Rig2Gck7bEVmmaZdj/lgrD7H2Hs/aUhFS5vQzdCnTiXBdcfUIyHM3
AsrOlzmwPgBup6FH4GW6oL64cFGmuSsCzkCwdXJKNt9AMq5h3efJVWhnRnldAYKo
bgkLdL4u2ls9R802FQHqC9WahhGh7EF/fnVGE+yJkFI13jJUC7ZSU4W+QTLYR41e
ucYxmO+DmK9UDLOXyExJaSqohfaCba4nz+Dw2BFRSgV3JG3RcbsLsfcerXwQdyxl
R/u5ZRt3SThNNz/UIgkTZXTYMWZezQbHv6REvER0rwlDtMXpg0/rcPcH6iGSKEi4
Wn365bCmBTYHd6mCOh8p2YycZoQBgqGAxfSxz5q9OXJGIikrou7UfnSKTHqhubXz
PVmNwGbxuR5FrEYkR6sHQwpF4Hr9pbiqq4OZFXr0NvdC0fB7LL63x9XWV+TFXnPE
j9ycJeqxVQgB6fQ83nNfwb7WKCe4waoEARcZ2CNY14V3pePfZttMYwQDtHR7Ssko
VpjhgDqoQpMP3sdNFR7u7DqmwLkkhwArU1J0LynI72G2IutRxnOx4hWxiNizYntB
d9bjlUpcOt7UYf6mDnadqFg6gQa69YiYuRR5JChc1P6LUSVTyNNMkCznkoPVOWGm
VQvaEPkWWZI2/YSmZqtBsuE2G2ggK6q0nRXCO1GxjeNuoJkgaedceHrGFtnyfQBQ
gHG1j7L1HV840nwdJNS3nMhxceof7nQVsOyllcdHv7Flui5ZSxPzAJb6turW8ssy
xU8838uMVgqwnwVzj1Hz9mGguIeGX4rATS1tlvVR93GAebDWcEBiGg2hdJLfrvUF
Gru8B/HMtDc+HFwyDICgwVMrjixqb4QlOMZV8X8B2NdFG66U4KMG2KCmUeVU8ExX
sCMrf0/JEVC8uXZWUNXby7H1u4rMH257aYkhhXwh/obKUx9DDqkWxW8QFjNeCQYq
+ACwiXXJlWOPg8CSXw5HQHdTLJHDtUXQ6qGuJMJCB5VCDcnO4SRv93e7wxnqYqpM
vQeKYt1gEx2SBn79jgkoZUCJ+GKqqdA2X0lWs+n/yl39OSyckWHgEvHv+MzLjx5T
pAG7lMwClyA5Tg1xiuYhliensL03XmszIm9qLTRD7tQ05RwC+fzpmBa6sU4eyQUe
ZnLupGijRq4IbhFWng18sDrS2dyVnib3tS3E8dnn9jTBDXxDnQrfgq1GNcK+W7R0
n4c3EfHXenwQ1mkxdp5gefawftI8pa7VU9oVPdNHG2DbGtNfyrdcvKBjNV8k5Eq7
f2ScfXVavYXbDN0kFohBQZJCQNMEdrJRq6G1OoBmCu1joXpo48LWj/Wf4EM339nm
A0umfbUWwMMUHOtHDCdFwMUQ/pviN4J0u67f32f8WnK7FJGLqcKQSBmT710lp0wg
B1A2gBGUp3/OtsLsc5RZMSUyXYuqZ+qXjKkhEj8ApsB4sO8mEkho0KJRDqW0uu5o
yij7OfBY9kxe056y0xWee2Fw4O0SRscjAcuGkkiCZi8Beb9JriE5ddE9Hw9W5/Ai
Xyxn3C7Mv4ozpFzvKgw/bukNYIKdDZ2nWeqpnRoSyAbuHJ0FFdayEvx/XSSPdq/t
g3V1bNrMbZMYr/QJkQqCvncusXK5OpFeOF/2jj+EnJrbubrOmTR+GzKAN88Qq67n
nMRrQVCOZ+3Wiq1ykBY7nrVLfHW/AF8BDW+xqr6uNIO5u084yZRpStkE611JMZVY
MvTtm+Yb5trb/qUuzJbpgSRT40mlHynstp+vEEcM6ujVFSUEITFCQuaPKmZl/qHd
M+AqbdMRu6MLGBR1TX5rTVd6kIj2qDTmPbnV/6PK59T8Nv6Aekokdc5CtYgc4oKh
ftDRa60EjpLGiJgCQzT7khzTrHZMN9YxdtrTDBr4fHitqlr5RjU+Aymx+NL0CXmX
V+LiVvvQxHGpGiZEaV7onQ==

B.3.3. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7565 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4584 bytes
  ⇩ (unwraps to)
  └─╴text/plain 423 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500

MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAC+Eq3peshJhf1JB/ataWrNRTuNhGtgwfe7q
0EmuJ93I3x04yobd1gfM+UQ8fBXZNobbjj57dkoxkbYEEtGKltv9PQrZ4Qw/e8UM
rgYA++xUC/h4dLTBBD+6U2KFinZFbVBJ7irGCZVB4ddzF2F9dMzZjMH9DOZIS4Yy
sB8Egd8ouTVQCLCfc7FB7i6f5qpfj3FibrPFQBrxFobqID08eoeQLv0oNkI4b78W
xdkG88IHfdWmjCr0+5Zj/1XdmMnuQfDaGV0r4FemW/gCjq9UnQCF9Z6Yi3WQeCm9
xyEcMfUBWbBlpt5sBXqfV9JrdP6/5bQn53myy2B77XRrGmIzA04wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdfxEVSY21BQVbKsyGRIhEI8f
oJYQGAob33mMh9x08UAKGVuquskYMwZs2ZzPcFIPCBQquiecjjXN5wxq1MWLaiRW
Uxg4tqnwezPRnGQD9GsjwmlV/n2JMhbMx/iXXYfvZ3f3mEwsUzfKPkxmO/G3j6q9
zXW3J5c0ipriUdJHt26EFllENbXUWSp32pwEjOXxp/nCHy4SphqyoHLgHTxQ9oTj
sJU9nMm2Tdl0Z+WtHuRMxLbFjFF4lURAz35aWJ5Iw+v0eBxQX1GxuNZ4CrmQsKrd
CE2hcL2vXsRECb4A+6596OGIon3R/BLQeLC8DPVdUFHvx1/N2REyW+hENgsY6jCC
Ep4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFVaSaXfBQr5J2dso1R7Q+6AghJw
pYrgLyq6XYnx9XGh8iNTbg26fpAqJ/xIjvD6nilunwHyMUMY08cEIIe7V6BClAKi
kBfWqycgmbgBhr0X92qKyLS/izZ5+QdJeqracwwwepbT33PZXDBy5q7hhIF90Bc/
GMId1bJGopFeyjjrczBpN30biBPas7kzVFn/wGrRfTi2Mo7crR0v9znT0ixht33F
KB49E/QZFdtyip1Dz+2zIm+1WkYX9nsW+fyLcUo4OHpywofaDHWpx1MrxUs2QF91
8CR68OCF/GSnUVJcySVKp1xXrEeoN7i3TX4+0BWSWlIVYp5g0vrJ1eD3vadQTJuB
gDk2Myz7mtAdswdqd/wpPn28tBGM5+GLwImlTORyf2Eqscr1ptWJXsdDlsKf/u7u
Wgrz+Z6GFqiSVmB35k2oO03E/hEu74u0H3zErccItnxq6ElhDmVBRgYO+3Nwmh7/
Cr7nfoSykkpZPona4ULy+3O9VrRI31cCheD+EIB+HRo58Ez22AxmlVINMq9ANC67
Gl/xTtJBiqb/PvT/mQiAgOvD95GtK152R361w630qTBcIV36ZN+zCC82AQIDKbOK
PmZm9nMyACvQ8oogodcctHvFcQj87+eqJRmmFU2/CMsreSXmujzxXH6HGK+kanBN
lDAV8efJXHsD8+2V2on05j6WN7inIUdZeZGvEzrDeGu8mTdGQwCEoyH0PVRYYVKF
31uCk4eB50Rdze4z+Fn0mBNjwykdbVySdLZnKMX2jalrcbrP510I6dsUnG9T83xk
uvcNrf1RfNq63Iy/GsHMNnLNtgSpLc4N+hz67uU6G2y2+dLikA3ODBomVXDxqPvq
ozR2Lcaqb5Wi/T8YLB4AY6BUAAfTWrhT0FWeccWYe8O+l0PnPHbqKTejSDpkzz6M
3wB2MtLOsCxSDJouFWohnAlwFbZ7hEfdcuRXSklk1rSbpEFHOsWiNCdfzmoSvVOa
yXOMR9fWCaYXXZJyZOZwTZ7KjFswa7LbZNJxPpV4RDNEOBGrGkxfGe8N2B0AuN46
7YkKLTQRy2f2BhZGKrKnGgNLPWvccBouqR0tvA09X7QUFAqfDJKJKAq2jPFfnjLI
S/DA1pUuMzGd1AAJPXkRXC5MvbepTLxPcwvo8Ucw+zzzmSTYQuyOyUwXqNyj+DpS
cdqSt5QYxQiMMBQ7QCA95OIGmwXXXX+PvpS6ShMGtidC3Q/h7M+oT+SCoCZqOVNW
ttRmECtUzx3t5IVRPE1shpsdNE7SyUS0KHUnguliMTWhaAWWfM03vppFHRMQ1Paj
KPybWs+V+Pa0gOzstjTqKr0u5L0wX1CRtH+add6GnjZuzaJ+pOZtC1CIGlHl8Rji
dCO472JhGSeEt/T5ugKEQ3gvVE38GdduYyDNL0u5Ef6vBRbY9mJCITfI134szZac
axoN5PKF2Gd5XM7kyU+DeHntXpvxfwDF/39ScoZ1Fow1qHbxRcFEH+3YyhFfPvar
JELk7bMfE1CLcE93CAmuVdxLjwMgXLD0fD2p7o03dgEcoMfuQBtk9LqaiND0/b8U
N2FJbAyLGxKn+Dkorl+TF16ydEJIGQnIv6kvJYi2v6QdblmSCoY7rF3IuA72aO8A
dpenqkKsPLgp5ltXAbND8d2gXVaLxyMOSJSSgKo0vZYKQYcPh5FeaIMtWhbpo6ci
ht3Wb3jFcXT7REyuTVIbXcmwp5BfGF5HjtdsAUhuyZUWUfOdHWyirtORHoFlmokS
UMlRMaDa0CcoiJPXpQmvUivQxM+rPQUEHSTShwnx7hMjOUTUXxiaakiw0QNA9ZKL
+GMSQBAFIz+20NO4OGUtL86+ypHLQppCgOlYrbxcLKRvIIs4+VsaIvgCw5DGdStR
9jftX9HpMUXcIQvUIxZn+pWNMeTD9f1ScHgQzYklDcbLf+YCYM0GXnnVr1Xeu4Me
VlhyXuHUZdsghw4BpyRk12gvO4UQcCvrwo/jLr3TO+msHMj8K7GZagwqzwBNJ3EV
UeuYuFPYxk3nwsS9csq0WnH8i1YIBa63pdYH4VuRGWm8Y7vbI5/I0HTb6O3jYVB0
8Iwn+GdBK/UJe5scdKBgBPc/cg6M043WgzdQp0jYpRZbehyB/KVU/W9x8df3DkXa
DM53Ub6Is1CK8/eSrjkmjnwytkF+JuVUxYB52yoDzg8JbxiBKwn7NcNN79k8hW3I
KZTSRImiDH4s59fzHmCMZYN4TrZ7aMC/jqMKlPfJjZRraM3aeRC4DvvHh0fD/bcB
rWzmZfFZeTjsKTYKHh4ehbgMKbBU0wMQyYg8HZ8XILgHNhGHz3UqiEKGlY3tOE+P
9/2DFIerkICH5xybrAxcvDJeyMF8sWVxW6ZJ8Ka7OOUMEmCfdcum625cz1uIs9u3
MyD6VCyef/j0TpqD+kn40IqQnfzL0QzrHA9Vp6k/pg3NpMhFc5ftr4QsBgyCDA5n
vKcsC5p2gi7/I9BgEw4aVu98QCO5dtULTssnjxZZHXhggg40FEw0gv254T7r6yJz
gYa/tRiRzM4I1VILMvTdbC91eqBR2QSEBfjpBoPWJTXNcQfw+6lSdQCXC9LyIhwR
+8BNMu883XsyEW2nHu5pELYUuFFIG1LLAPL9h13BKbOg/Q0tvhHnjRZvujBGlLSK
rSbq9JZX9cT+r6R4kab92kbII2bEuBAOei7rNge0kLba5jTmsLiOSI38Vsr5AZok
pIbQl8SbqDEnnApKiIL9BuFCUfHG+uoM5hpg9B7ldmDyCAiFSAzm/YsNwHqcHpEs
el83W3ds1EMf+VJ6St/mq5GJfAKH+vfp3qXaNqJ3WoaII+VAK0VJ42gxXgtdzojS
pNX505etbGndrzjGEUSrcfXKhUduDklpB0wtAPewEXQFJj5pIZCO/KX2B6Xxe7xn
xGk3b3zY6FQfIMVX4VIYDA+eaTu2AvEJ+1HNAZNJmPO1y59VBUif0vfARKnuh7fP
mQVBAguXLkzbZomaCs/WEYLFIN7dKw3gJw5nYyKNRjRUgW5PSRjsv4UVsCUIw2EJ
bWiJ6n2B0LM97iaDbMTlHUBb5O1HDNn0o5qgd0lqto+2BCsWJpqvCSNUXPW/kXGr
Suq0yAcjmajGOvZSuN3/uUMdd7f8z+g/kzOw5tGz4m/Y3rx+WdM2IvyRuw5pVNWd
4NXI7onnvatoU9lPkXzaDpUTUj0bI3MOiGWEsId8pyCDIAkjhud80in/kQsAoU9q
E8RFW1YopzYsXXG3bVWYYVGoqk8mew/5dYAThg5LnTNuQw1SGb61TSpwhNjh4uuO
0coeDjLGD7+IDcwHZ/lOqIGXi1W0L02y+jT3GGUVQ6gM6b+JmTHgz9WREh/ewegV
Zz9jHHEoj5XSGW4EcBE5UB5R4tg76KqZJTfrDOKifiLQ+bI/u4jPt6P2TpGd8rPU
2bH1dJaImjko/zcMfq4hTxKiL8qxnPAjbMEwtCtlcO9ZOa1oJM0r5CO1TnFo09uq
FaP0RHz3949Pue+6Khf4My25iOdUor5qA7kxPsV6H0zZegWtLhWQ5bQqedzp5/eM
LUZVgqQV4EqczWW6nVSHq14h1572C3wZEy8lSkMhFPmNo+cdYCucDeA7Z+If2jvm
KotQrWLQ6GNUTV+uDM6y7YvVO+DK4C8mVvi4Kk85/7yQsLV1iDA9JWtH2D3+JTRv
MZ1E5RduDm/XBr18LGBp08kBGLlm5sUg1Wf9bAb7VwoEgJf6YGPXxngTnQhpmSF3
05txmNA7C1O79SfGJGaS1xLuJrTaXuZGHYEK3mWv7x1pRtUkzMam7nu9Fk0WEBsi
4TWBRNwFDLt+eRDhlcEZ3BXYXxaYmd5cXZUYdGaQuwbBkD47MEwL/XEPROuqpWFG
IH3c2ZkmrugKkNgaKKJb8A196iXGBBz7JcofKzud8PK+3tWOdXYM0y/KXNM3vimE
QHrX3fidOvKpxrYJMgbcCkFaXWvGM3F6IksWK9R2IuPOS60MZ/IZPweiuQqMLgYK
iLqf4Xkpc+mI+9iFwbfVOg8b+0+bI7fBfrCFsGliDS5xeBsmB86h+fn+O53BCZeZ
S6ltkJUm1lKQxzSKvYfdvY3Atm/MYVQK6/bIVZg+BniwM8VEFY26BWz0lsxzK0UY
FbtfWN9vjObdqOtiSoTMFIjcGC1C7z1mi1uiExj0saHwbTKFuyHduJ+VRLm3+uto
ou9iSAahnyum4gnxQ7IIcceBe+/mp5SbG5G3EZwVQRkUHD/P/6fCJ2U2Qsl2lmmI
HClgZBzFMe8HeDW4K1tTnk4YMOyTbn3qMPq0Qii8a6yjDxTYfoCXWzVWF80VmOkz
1wVLaNm3GRujlWDRURCzwbWDUV9/dm++kWwquY23VagcWgaTKLWTW4vuAq0rf1KJ
EYONqKKZHxBRyhg1+M6KQqGAgg3LZk6MqiMzABR8V6jmnLLbw1AIUCcaAGOynlZI
WpcaMisOUT3C3v2ChiEQtQrfWX9vlOY/ScwND6KDieQMqkzMrPUZU8we/Mms/ouG
tiD4hMx3QZf2BTKcPeGDt9R5pkWYg1ZzL+7vsDouLCuDAnUOsSfu5w+Qgp9aRB98
O8g+RbMbBoiOljAK7Bbj6pqXD/IXJ3PubuED+Q8TSG4YexDXGX1qvBPvxUsSlS1p
5XDmwx/ULLKV5UdRUlrTqmDjALIGAEww0awhTvvxaCHaRynxq1/9fJYFQcZ8JvlQ
j0Zjaqw8BS9rw1z+ZQDwYQbko0pBYWc/vKLib0YERvqph84iHWtvXfydd0poJvSa
KESUEko1Djp9ia+iEpUrwOQ4bU4cNXpqAlQtHy3ZntHWYdkWRRH8o5Fj9sYO+sDx
mQvwACvKaUb+o42n5AjfgI4fYoFBtHJj8TKDVxfPGJfajp/Nb+/xmyor8jbNOQZc
ofBI9oZnZgGz8FdxG/eg1ZiUXHqGvs/fx7p2qjdcz5CMXbSzhvpiuMhDPGLDfDpN
6T/DEY5OjN7dTHOhjYdPGYHZeH2o9dE6W60PlvREtOdHyJ0RZ0vwtWUzJEgGadcb
HA1e6w72My04BWtL6SStDSfVhlUU7PSjqSA0mSc/8M/WjQJid2poodyKEOVijSID
P1a5dKKJPo9WZtRPQUSSUtOYOdTTScYDynhYQ3qVGgIiEZBgI9XlLVXsvnTSXCTv
1uUPGg/P7wNmfg0GEpJDPqudqE3j2s8JRNWsuqiE44QKle/3JlHewX0m7hNyoVVM
qZdJ3nkuA/7f68PW7+ctHoojLOxD41VLt+UjWgU2heqxsP4DlhTuSYprwl4Mg/Fq
PyWkyh9qftkIi8WKAw8VcfSj9jRQGk+YHtt38DV9mBrPd2h7QUNKPa16Gw489CTz
hKP6MrCVLwLveTAJvx0YCH8k+yq6bCB6zURi4L1qOiu7VskLyB54/TEcLDMTRmEQ
6Nsueo1eldOv6SyXILaQljAbEZAXy0ZHGOy8YNbDm4y0caEhzr7Z2YmXrfEOo5Cb
Qmk/qtJb2cCNBIlyt/8DhseAE3ocYSDDGHFyyb1UneK+zmWdQIzKEch+ho0or2BG
X9B9kJOdsk/1en/Ln41PQoWCGshu23ftb7btgKzriCHzNQYFdq2Lr/1VMwScD56K
8RuUopGOJ3mwBDqJJweqYZj6h4NtdY1LcOy1+f0lObhLzcGQZ80vec6Uz02RNKCR
j816g+bUQuQSrJAecEnRy92vzQfnKngKknC3HC66S3kVQpf7ssyo/cS+hnj/VtML
3tq6Sw4fdd+mWlEKk9L4CisIFbV/P7Q+6HyreiOnai184ltgWA1AEKU47SIchIoe
gT5Gak9VyqGOhuyJVSfEuyphI7EUIjXFK6MMz35oWkwT5tcroUT4zYfH/p3W08Og
rQjBqIJfvVNTjbSXUfebiMrRNAPXSuN9knQkqHgNdh/0T6HsPGEFxvEFu38D+Qby
3WexSSUsUnH989T49sYCh6GSrk4h6hRl8Bhh7+UYg0alXi1SZzMMEMab7AGvuQI0
fKC/wXyhekq/1ZOtuEkDaTWvLedbHgaSKc/8WUItnLSefrR8iMgpTTQDsa0r+cEd
Zf1Nfv4eBMuSYAJ6fT5LmhDS5LlAbkz/1tBfYkkout37Uppu73u2tnx2lgtxHXaH
/4N94VfakQa5/J5s/yjx3YHb010Z1yEzgk3+GslWOdD5HY4PpX8oJCKEKChqr8E5
D/d4XnQqvVepA/WLTXnk8j9ZRTkpSThqo1/v379XqFn6IbQlQyg57EuhSWJzFlbr
92AByhfG3CgJcjhwGBp49vlu0axM9Ahx94N/J0H4HRECcagNDsIOhfufB4/8OyOc
BrK7Ai7RR8LDtknZ8oxMdg==

B.3.4. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7345 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4432 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 675 bytes
   └─╴text/plain 319 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:11:02 -0500

MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHMG7sjRDCJDMqgvQrFh4sk9MkaJJY7q6B3r
hY87n3jM6UYk/ZaBi9uzcB1pDAF0hJkFLmo+PRUbFLUrmeYfQI6OuvVElpwIDWMp
cMtfzlXgKAO6fh/On6aoVhpfv9EmaG1rCU5ezDPPbaXW8caNi2/yvL0ustpqKOTj
cOLgMK45tPcHeIaSD+8A4P0uf/GLzEFhDPdJrt3mVq76UbAoIGasA/sDhhg0xygq
ZH3IPQoYShFEUmsK+RC9Sc9dmXtVYPByCEsPdhTieJyjW695dde8xl7ZeWS+JZai
QK8pXZUdRL8El82+001HTXZYybfF05sFmJHQZ3LlftF2Dqs800cwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALvjSc3y8/+aA+Mk2+8tupO51
fsr8cR8BV0+aR/CYDXaeAFg6CPk12PnLcpFRZDdqitxfe7SpMgk0oT3IsBxvuOsr
0QckRlRLOwlv43Y9jJFMc7VInrB7bJ/cPHHgB07tPtB69/Qf252gsUs3UbWko8JU
JXBkymfUAe5+x8/gGQYNJdvNC+v9cmnwTORFF/IJ/WcGsyHPhxguR+JZqIJkSI8T
xjawV40qcahz5G/O3vLI8kxW96lSSmVE9WIuPafsMbP1KZN/6i1gaUOPFcsH1jln
fdnk3fToayCGwOAQvh/UYvlGTA06Rtnmz44YLZiGbVLFLGlvcXFfwL1JLdl25DCC
Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJo6kOdMHnCo9aCxhG8k8qSAghHQ
oifxeGRuuDaxdcCkEyNhsAq0P92jEteuI38u48FqaDfBniUs9wmW/EiEaTmXWvdB
f7df3XeOK8yGqyR4pcXSYSK8iGfLezceiIwABbXRS8eLcNT9NPc5MPopD/h4q1Vq
+L1iuvm8P0OIh561cmKglrAmTebH1bnyjYLw6GH82/dscgRu4mihqvJTYQC3uaLY
H0dJnqyYV124/K0QyAPKCm3gR9gniHVlejlQKIVwOT649mTdZ6FVeMk9eaLQtKf3
mkx0trUzXduJnBj4cASKSovC8yySEuGwWu4kROF1g650ledfeU4SC9lwPwzvHPD/
lk4R/gUA0UAolIj7GaNDZ4CqpZqDYOG2wJvCQjfK7MU9TgoPsSRXhlmZPCam4ecK
gdybUd0A4UTQ9OlZiCrS0pDyKQyatn0u04SfKU/b97P9VwNageENErZTERoUx1T8
Vq9yBTKZIWoQe/2wsVvVJaR2+SXunrla9HDwpHqDtZHhR6i9TtnpO8KMOCWLZbb+
lVrxswrexUtGPCJRl62TBchhyO1dIyz8eWMiUvHhLUkFnSUGh81MdQKItc0qJ9g3
iu3tSd05AEHxNf+2hKrrTZzWCClatSvyfRbW6/OmlIzh9+JUyJLcCywJbxQUuWRA
5pc3bHrd6/Ff1dqgw1dbH9x0Q/r0lbKrWK98B+7/KIAfvy/XTW3NAJNdlzpzyhl4
Ko4ujuBiRJz0xRKIPSMOH4w76YejowDi4O5Ea/F44hlTop5N/lYNVkPIVnGYrEHD
7s05/cjQTX+A98PpoFVKHxphV+jRiwDz7uUYlW6ClyrC7/H7VkzdtPk07EyY+zXs
uThq5Js+uwgsbNqnA613vTEF0p8f8k5fLi+HSgL/TYz/UtW7JknTl6k7TvLXuQWT
UWmrWrD/UKADkkehGkZHpMZe+RaImwRd/x10M9+ZBovlbflDigfhRVimwTppKE2k
/S+GSXDs5r5ESN7OgIZv8swYTk6Nl8yoFijBD+wvWU4u6JNLl5RlJZZbki00Hhse
4Of2qogvmNfTpHbAU5DL4UWdehoK1fmPu4KaSpL2sRnTpqzyZEdAwG1JIOB0YAqE
ztszmcxi1s9KWQ/XdNJBG2QHvSMf4QTCuY2e+335Y9/ZC5WBphpAazRp9xfXc3de
Pl93N6ydfn09wT5k7TMeLOJrqPa84H06oRAyXqFYwiOVWRvyfrsInUv6AJfhRJBN
dA3ebIVCwrfG1w8OHerzDBo5yPc1ASLrmuPjaQ42CDrHqzfnMw9tHq5ZajoCGF60
4mzqu9/99upVaaToFRsA40lUpRN2QoOYUBOl3Ck34mWGWg8vf6akYADylm0SrpRO
yM+/8WeERonQcc3YqrmVjzM/yh4RLpl89oWWhHIHAAp1YyuwCj+kjiOq2HNhvyuq
9acwfjQ7mKBfK1i7PAydvWb9dt95VnY5LF+MvevJOdf1lEt6rISePs+AhoQCA1u1
B92MpDynfPUFoeRMx3do/zhVmY64qN7rlV0XxuuZXUW3WoopjdUzTmHycYBn7sM4
3U0d02yJgy+IqiTOusRaQGC3/IJiZmXoTL94wBsOB1++cP59GPyvm6qgM7iO9fUW
VO4ik8lTEs1WegTez1Lr96dwkPv6mfFJQIDlxVoZ4LVRf3FbQa9cZS7wxSe6hgpI
0Y6YB/s21v13GpCX8RtHEkEkW4Zc/9CrpUv+1/R3QXRvYOnQaWXc96w0/lVkoxCd
SRrlglhl6yY0QYvOmTbusUdC0QtrcQBRVcVeqqbfLhip9Nxe8vabPkoGQro+l5sO
xkO8YwlPt6oa0hh5NjqZaBpMhD0xAqHT0826xj7R5wp49KKtR90K4wuUy0OAWpFY
NdihvipP1jGuCio13PPc+Vah0+ACMMDvEWjYk2qEy2TRbWooNB9szzUoQ7P0kKJx
LfMSO7ecJ6sSsjcprsKzgOsjQXtIcAgRMnxFFaCfeg2zjW1I5HC+jbiNtqda0aQQ
L0RZ1a3KWIIPNBq18u+cXXjfaBy4HQhlXmQEnStkLrx1JuAI1wxhXWYdsrjJ2xEW
hQBjBwcnTAc5i/vU8H+oI1Pnc32DF8qfa51w1uLdoYl37PUMlerpXq+mPvL9cX/l
w2zd7Nc+UUezqOYPrBbwnrWOvG1msrjBPqKnJGHZJhlZOfLdmLa6inlsQBpX6kXb
K+8mpshqf472HOfje8/hrdLnOe9Qxdf8eNyi0DHs2MzxkYRktNJFIEK6JHo62NSG
/aM1VJbKudK1V7FFd/hrOAVg+uLbrsaFBdI6EE868qQpDThpd3WnyX8HztTkm7Up
zpPujeRarCgEk4RPLl3erYa7d+8lpD0hzZOlQkEALbSlCV0uTW3RSd60fNp4gvXu
GCzrJ/gsevjRJNggz3QojIXW9RFaU1Wwy80yIWdTguCswGBjMdUBRghKQlM6LlHU
qqXGdRL742XbYU76RVNlTnjUvAFvumey5cylAck7Lm68hV8rhTBsWMAJCP6VYhY9
i2AiW440gsNOWu/uCLBNpxPlfA5UFYNx3fo5XriyTPumhhkwsaF1N/jnWeXm8eUz
/ylnM5K6sD0gOX0ThLWVg90IC+qbMPNu5dOpCznI9DIup6dIhx8L2j+JoeqdsCBY
6Xt6KE8silLZAkYFFe5A57qlTq/z1s/p/6TlhmRP/2IC+2sSX9EBqXGDD98gy66h
rBapI4n5N6RNt1N5fnWJPVSnvFYIDQ145EmqPd/gUmMBF/AalgyLEdxc3xKOT+Gd
G0BcwQJdvmUp8rPGWgP5oy/qNIAdB3dnlfAdeOeeeiiGhaSpcwVhEaWOfYS+IXUM
kGWNDccjDIZHvGyLNYSihyAP6vOxZWzj2EWWUEAhtGodCQ74qm6JxRMGyVuBvyFD
MtZxMQE/AU/bPQmNBNCkN69NXyYW9Uk7p//Ef0EvZG4WYgQvaZ1u4E/P8xOL6au0
pDcB5UWRoqkyU7jguMb7f167iCgkRTTFSLULD+ljv/4zflFv4F6cQhv+NaEAF48l
fCUFjEMtGLCp99xxnu3M6CdiabZNCyuGEVkhzL/fq1JpVlgKRFeDFU/wfTe8D4QT
9tranwYyAVj3gd2f0ijrlQ5/9Ch0s83/X2CpSk8fHFOz3oBS7Gfyz45BugIhDqml
NkX8J2vKlCBOx2Xo/3waf/Wf3ajOEFXKR9fC+TSO6DrSS6XGBSQXn95SsWrzuA9I
RuemiW8+wYbygIW4auucs+V60BRwG0wxAzn+0lX7zac+WHjerZui+E/7ehmFc8NP
ZW/FVFtCYi6oc26dysKTzhpOUmh0WX4TvFHEx4KCL9QXTC/Ya1jrZTBFF+OtsJOi
oRDK2/yjrGU67Q1zK5escKJg0YdorZjMkfb0nNdjNOeJ1fLNL5eB8em/LEpaF+vK
aCWLa8tVvuq8ggUZ6PHQNkqeIssJoSXrmCfSP0DEtjk2ZDGsHaHOJ8KUBLR+wiSs
g+NRIG3Uvch6kARJqN3AgW1BySV42A+C6x+BPUEbcwDv3qz0DLmfNob4WArd+jyk
42Gnk9VL/bbddnhCyzYyHCr1D0XMIzewqzfR9ppDbgCLMxb7Q7a+8Umlkddd/aC5
wFUAVB88JT1gj+NqxHZs4BIStd91ElFslmx9yXD/dEUPGfqyl5tbTrbGQpfv393U
Q6L6cwZS11Rg+b7E777ZSuOWxJL92ATouJmzCYLjafI0jBN9BpGIymvi2QvUYgB9
9Bia2X/SRc1fc00VRK77c1GtW6Nj9L37eiXMKseQEWY3i94vY2Z61ytosB2BCcSO
R0QRJSWzXCXTJ6btCnFhZUuGhrnG6ibGKYmrTJTzNcrN4yJ/eByDqOc0YBUR10S2
uGMqxwB0adJ9ci+r76ZLzdo7OvTIb+WGbOP3IIYeSjIsymkc+ShbO4mAEcodrYX0
n3wYsjrhRYf4WIDxQhWJRUdBpty2LGl4OGUOTPOQPDaKwnGIiBUiT554NJMvv6WW
KLEBxtJlJQ8LhN/jo9ZwxwI/FZ68pd0h4r5Mh1atVxJHbLmnWmdd0L2b8w9UyBwM
ts/zY9bdjfndBgU3zmDsjkZgZdgGtzL9KbUwHDInvCKtODM+X7QQKHu482dRb/vo
uIkQDy6meuxdj8e/xzdSua2aSQhYaRXuZlE7uq4EyN3OcJB/rE3OR1sgKh5k+7hm
kSibtsFYYMWvBzh/Mata98kYHs6Bf+Rgx/FdA8989koFmkAb/B41NFKuTuS0DmK1
2SDKgHb6rmn+cftv1MOzfgJdnGObqa3NCEYnICWitPw6NAbqllvRWdKj2A91oMO9
YU1P/ZNox2vKWdH6rkpGfKJYVwdtVEwu1Nhaobu6p2c71RyCzJSYuAMshOyLXxgE
1mCup6EU6+IqLryA4WkD2IdpYbVP/tOdFLKY1fBcGJtSVdgJCXiC/krDLDKhrEkm
RCiIcf6ghGlEn0Jpk0xU3OWMh+kD01MO2IJuwk4TlT0kBRqZAtYWQQYQv0xecZ/K
DvOXZNUQQSzXFSpnGo7wOLoUh9gB5GOIbDqtAShYsCXbU3fuXl8/6Lojv+f0YBBN
capJh5oWBmJAmowJU3pL1JyABd5+R//cj1hQFApBKrs+cbP6ZO2cDabDWavBPPQ/
QQCPjbMENRsGrU5bdWRoG13qP8+FVk+aNHF0xtn+mc18scGhwfem6/hFgKyBCAZh
H7RmYuWoRZP73XPLYAM3sfwb1hLZSFNhbKHs0O/Fg2b5MkFy3DwttMbqH+2vDLBv
6CJ8s0VTULjSk9b+ddvk6rgUy+Nce4l3s8Gq1ZfUUdV/AfYeovwoUhCIkKYj2DFS
jBB6Zvoo8Z7zQpqNOHIiz+02zoYKtLconQWBGhVhn/A5ytYh05JZ72725AjitaE/
9iRvigf0u4hQrowNuR+5t6bjA+5nfpKimd/3G6JdvY+QcN3BizQ39ZyUrUr3pmY5
KkyHTZolsazk9ZKQY8LU1/nM2IraTuFzLhP6Mttj8DR+zXDjoPX5xxsr9VVWlcTG
Y1NPHo1SYvqScQ7K3LVVsiqAzbr7SHOABDF8ZtfwVqIDDmk7cubaTlUEdGA/tXTu
iQMYNv8iJ4MmE0tte0sRrPKKbnEPlf+UiSI2LDEYPuvXooGoroNFHzqPUX+6BswB
8GSEpsQDPzSJlYTugYrX+2PlM75c89dhfuidAHdubHMqurOUaWtTKTl57rd9en4e
HF0ZHQpXBgGQyQ7fT51WsXBZjxhWjHM4uDmc3WiST9DQX+blihwoOGx3moRbbAR4
UsUJ8lopNmbY+Pf5XGvp92PtxzIBJyJ1Wfp0nCX3g4LhuwHpi5JOGu2nfKD2LZR9
l9OehrIncV0oF5rcJWwKnRZbTBJgozaxKwkUUfp/qEAteGYxEeAJC0wy4ZD3N2cS
r3I2871gQAni/LsF8CEAPaXE6swdSsfc0GWTi5W+jnDh2oeAWeUOqb10+vwLikC+
Xm4VabpnHPZPiozLRL6TaVEqvmBpvUXgZffUIXpXHsWbVpJuPsIzMlmgeKEdwUvD
Efcmnds0p3V5B4ZaXLfR6aHdtrDT+B8eNb1bB2wOP/IA7Up4NzVf9BtEzq2JKj18
mtSbNmSuhSGqYP3fKWV4inAgRQiDDw3bnazMh/mI17qMLa25lzP9IJ5RNDRRWCjf
+mljnLpyYHb5RyZ4nqD4+w59YM9Q/v72C2cyL6WygYE4JVXIWdnrHPSTkjBBjoxD
P1WbthMP6DJcM5v9t8Rv8Mc8bPiUrKzMDCbXNcPJm1HDCnYrWXFYqOvUpKvWn6zt
Q39rPppCdrHkNzFS20MsvWiw9KsWg2rb/ph+qh418ac8VdyXNcETVgkLeYHnue61
Rbb04HvCvu3bBNjy8D6yRlFVIVxH3Zy7+iz3fJ70VwlqqpmlnMsidx3v1ykAeK1t
uo42n/3t82Dx/5s3p9rZnhWXUdO0etjL88GpyzvdwtkYy3Nj/8afvB62iUwZ1fR5
rcnklWkphSq9HL6brXQsS3lODDHsy8xIJlu5RrGD2MOIOy/rbMxNT5WnGoZ6j/RJ
Spn1f944h2LkyVFFNgIlq1W6MLfTNBrZZ6kMpJ8X39iL5KmkrQ1me1rgJTtM4heK

B.3.5. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7305 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4402 bytes
  ⇩ (unwraps to)
  └─╴text/plain 331 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500

MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFeMxt6IIoOR5Kq2Jiucu85qezrNEQcYm6sV
Cuo2f+/3QCmr85ho7PNGXSmj0LkmkvIAh4RYf2fH6jqYSYgsxQjT3jOcx70hhTms
zQV8e/UJvWRvxQHhPbtnDFketPi2CA++Y8zqvbl3L/dBeL+ltiQqcQprqy9RY5pH
FibcQ5OkxPIzBZQUL5NrjwRf16gujq+nGVrhphjwjWsCX+ypt6ZrrBPtje3Iudw6
/0MkMj2lJPEkgWvFEFNL/FkcNRzHlH3dQxqjaf28Jp7eY/3tF4NVHcirE9DSc6hV
7v5zVlVEtthdFE9shnbPxf+Sbww+M3ZTVOxJwGNwPwhM7ehf8wMwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ8MBsyH2Tp59sokhPP1DnTLh
iblpxffhKGR1N86t0QjQcmsND8MhB4aM7BtgsymR3IcdKrchClmkt6ATp9anhFwz
7U93WrdRIUcSqLnwoCU5P6lGpM+w6XYJqWjpU2Yd76iYLPOYBeAFtMbxdrOEwSCh
KZH2jyGohfZXtA8jwGbf3rV4sQ4EyZum5yfm0i8cOK7FPSPK/7pqtP797I9IBT0L
YdssDTrrNMDRBKZ8AXRO/UZFGyWAcX1SGSlwAQ4Ilg87lgUblYdKihC4VhH2Qn0m
YZG37Til6fmiZqAUFyJZp5nuJW8sUMzgrjzv8vuO5u66W7LoEhCQQYTRSrxFYTCC
Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAfIC8XIvnLoAcDMT8ITOq+AghGw
lTqzvMWiOchU/VM97L/Ya1UcMR5Gp9ca4N2T5OXhTDXkanfsUHQtiKBHI9XXBP1h
Modt75Gunm5g+Jaj5K6hI2OtXZHGJFrH7MkZ6ttTNUeIHqtjacCA8j6Bunoa2qmT
MCCdHnTipVzH8tFx8d5xcNETtOvuUjXwIpBMsehYbKBqpEG3qcS/Ke9chuwIEbwJ
vDwkagqw97Cyn+b+EWAj2hEKUGnS/YtzsrhPwkhox3M+MG7eCJ577KUmIvrJcOZw
d7vku5E0Z075QiAfw40KaHVkqHsEEuAJ6FtQAOpwuHrTTZkMkTiZpETf40N4SPWu
uk0JIZpJvbxnZvktxbCDZV9FrGV/6TCpFgo0iAh28LWcjVkiFTS1kOtKqMFQxAu7
78W/dA6JSkli8OYPhevcdyP8Ffyh+S1j+7cFirJPyKi/WS5oJn5vIZqzkJelySyf
vzGAiy84zd7AFevlZyHSJhYhvkpRa3Q9puIgF2DveqUvoFWuhhkg9SJ3QMGqVC6v
z8bPYqk+vG2btGT6FjlzZk/J0et2jpe+luFQ6qqVxQZQReUXaY3KZk3jSyub5M8U
RmIBw+lOeE7HXor+L/IMW2AV4TC45Crl61YlbOadPDyClJtsleWj7nlRkfRZTmAv
fgecHCgqAFIin76vB0uB7BcWXEJ1je8QBP9RHSadMFsxtO7QMwVXqMXLil4xaNPP
hUV3Z+YquW+rpMbb3WpFO1AzYtwUbagK08eIzQmEa3nrpiX0so42imrrde3VgWiN
l/ZRyo9cPuCmmsdsJkxGfa2pdTecK52lE3Add8BI4qjF+W6ZhZnEmzkMiDuHGmoD
OOWvV+yV5S40HBhvGFlbBQR9xjKp2k5oIWLiSSbeUxpTw96sQ8Viu+MLgjubTjrL
bvWPHJzykokgM0VgZs0MwDQ6TNw3sSeI4wB/5btssUmjTwOinqjHbVjyityjM4WZ
5u7z29MaUNUY3I/rTBvN/RllEh/dBBBh1hCjbywizIQtOv146GRwPUGZeWymkNkt
xRqRxU+ecdzT3FZIDMjcK4F1PqY0ylK06yevfI8mioUFU3HwNBpmkhfwgKx+K+WY
zoLatFBnvon9gemuVKvI/HblzOSqMXG30TQVzifza9Zhfeh9Hwz0cnknLCKYVyYq
NcQoTI6PyBZ44Rc5UmMr5o33OI0pffYHq0+QueAb15SskBOnCi6ELWBi6n38fVEB
Nh/7kpFO19JqXnUwrsl7jRMGp0gsM+sW9xaxbCkb8d6VOVS78gewysolaGe0AerO
qMQnNbfzbNH3IqxHGote/Y0husOkU5Kyglq6k3Aq7KCLtIlVLnyT+7rPmpf8jbrC
TlZmT3IaunHh3qS/c7xo0ybB1sFJzHdlrgwZ/FqMFGI65pynQ5zVGH37MspWs3L+
ZJ0w1nvA8W1e9cYGh41g/Ipz8Tl8hn4hhxP3XbQrPczDQ6i0cZn3Il84Iy0EyW/h
u0lLnQtzN9aes0ihuE8uL5H5DKFlG0L3zwE9eayxb9DXk+1wVLnCfO6fGHgJFNt4
tbFIDW6y1ZLvsNT6FZwJUiLD5i21UIaMUDossMBzruTMGp8sTPqadxEtQRO8u/mU
ezKAKFr0DP86svFjFtMUK8mp9trqWpg5c6ftgN/7uG4fzq5DKAcPFbUspLH9J+Mw
WcbS3bojohXXNtpV4VgYbdjOqNFw5P2tKHRHSYFyHmu7eznQCrgklNNONJFQA9dr
3wHvLNshSt8ECsLarvnHUxyLCqn/i5Hy3Elzalma1iL7wYp3/7i+rl+qx39U6RCO
1uHAZHWw2/IU5JkDkxjqRDOlkHgcfmwGdIBoKuHbcPxohwAlR7fD6ez0pnjW8RBo
AiDbgUB1rWOOrLKFQMIabr7QDFrnmjLRQ6f19MJUtdsktb5E+r5odPTE/87yPS6w
wZxtM3xoFbIkmjzAjc3URxJRtDNVeeyKOCvnyxXO/QSS62Rs10/gOGmrpdiAA0yO
F3+n0jCBMkhtMmP7J2DiCDCwTCuuFglWJwxfE+TzeOzEOiiH5Pjce9PBTRgHJfnS
7apBM8IT+HatvHMcC848/mtO7Sg1ZpYQo+xBRjM4viMwSfYX+HeuiTQ4X/AxjGeT
sSOsOmozJwJiRkzwB95wY5yaTuSBLZgk1w0cakzfk6elcxVYiN7PUc1/GOR43sp3
soZF7Q+vI6pIbDzOXGH5gE8yrutkDhHs6pnQJ5hVWi4KBo1R5dFNhYv2FsQHpVKC
ocw/Ng+jARRSHTEvRyvZTTe61evbTjG0ocCYx7j2rNsyov8MX4b1XpECBOdpOAUE
IcfQUUqYtgfs+m4h3QGlch38u4UVUPAbhqCy14HHSsmA2y097eej/A1IKx1Q7AAh
oyjCVIIrKtZClfkfu6gPq9ft3L0aYqwQY4Ns9Br90qNyC57zvklvZDziNDy+/5NK
9raZxhPSJzek09erc68W5mR1d/M3+hnHUJJtldIfd1Ud5LdJSnqUd/7f98xxFrSR
zxyxdyPyCnRix1+mcCRoYsFwkYtnocmBcuKgoNtiGpmx9KZfbEk85xHW4OOBZPus
BQReMzmCHYMPWTsh4RrP0BjLkdjMrlmwZ+P3fr1PE5CCTwie9z9hO5gXnrc2isRF
PMhm28AVdi7HHNHW0eCBRluz/TtgwZKK/ZsDJ9kx0NXCoWgvyLC2QhU9NT3q5jYr
LzSdyoaTypOzoYQT7rIgaQ6nyuo2gJ1rtkKYGAAWKp3Z8QIWz1VFV7XDXekKnPK0
i2O63tw/PtB/PMRXMqRvO4lBP+M3GY67yROQ75RWfvaAmQhyYfA9p+1FkLnaXlql
8sh6D/BSRAr0aaGBPdxY+M/WBNnIAr0e1VfcwUIav+x8j4/YJDGi7Rb8IJj3C7+P
9ev9NDQU3NICaUVlYOXo+PCa+WMVG6cHkk2u4GvYu2r5/v57RScgzDYpfOJwadAx
EINItmSH827SL6mLKPLPr6nvGhMZSONUSVk9M0XqgGWUVlFPh/Vc7PV4qpi8F36Z
i898n6XP7u1L7TFUvWYHEbsK5x71uURECMlkCr+tueRKzfEfRtfnpP12Y6mVt9JZ
fBkOGR8I1ZAoghQ0IsC0JP3c1f4z6msuZwleDm2C98WpohbHX3D1AnCFSPzl5RHS
/abEFkAJ2hfuaSQNc/nw9BWcceX1WNXxC1bA8GsXRguODW/BgfJ+lGsptFZORZqJ
u+XIpl7NaHPrQl8pnF+pRN5Zqzn+nDO3H0Uu5tdKKpk0spelQenzG4bDzy0UBJel
l9cTFLJwz0sUXZStIGz5KhwMiIW9O9evFGE6q8lm4LxUcG5OaSgUNmZWmJ2dGWGN
72Q7Qyg3FSZRBbFDkkBYAWUFrnjrHEAQSFsD9NVjrCAVEXEHfwnGncn2Ysh+gm8U
Poj0VWH6R1BIAgDQbITeskfo32dyIn9RHWPqwF16914VXndx/5XO/bORTCqQSpFc
vaTwSt0NVkFVRvCsGG74SCEznwBulWd6ijslVKnOrZqlMXfzPiNUSTk3DEdwatsL
12yNVNiKoAdKK9oxbIyMHYHJXJWVluhwPy4gS43ND2PllePBWC6DgnFQyIS2uPmD
sJ8V4fz6MYcLZQyfI0nOVwyRUE80vTKAczJ4u5hJ0HhhIXSoEqBJONSO9X1Ta7MW
uKmqm8O3X7JHEZcCa1kb1SO1KeFXtVXRudVLhPP5Lc+o+DaxfvtOEpxjD3wjB2O8
Z3fYwkH0aW3sDo2aWSTuYC98UJ0/imqlxG8+4FrkwRkaoGetwt6oXaDY1RXE8GDy
FOBIxBrxAncl1gv5dBxsjOmzQmNYCHtMG3T+AfDKmzsSRyPNWhi8NeEK9G0PThu1
LYezQjfKTm6zhq3Jlm6Fn9DZ3CxXU7MZRqrVW0yXgsjlC0Mfb2WKiXZB7PZ2lQKy
qi0hZoVubPHAoAK6rezhq0Amd0lf3K/L6qVeilFMD7ilcP7r7dW/6hm2ZV4WS7Ck
W3R1ERI/HDgJ15NnWyyaXqcbwaRhpJma70FWE6c3lm5s1mcu64txxJDJSB4E4aI8
HVkz51slcwbuE/YzdNUbNrr98iuAlh+3iJOZ1jKK3bHfb8zBZL9IDYFv+Hsb/fdb
tkTASb1fZUIp3u9OhvD91Vqb3IYriQiX8RB6/6cmvk3L+lbDGNk8leupqSPrhIOt
YvDSVbQSyE93KGdNbyUe1U/l3TervPeu2dOL1qkPFoEs+TXThUUxzjyCvp3kapmh
MmbI3pVHqZKLfGym9BZcm80gOVMLsD/ICYwLfmMQbGXOVvQRBvn0rVLdbu3YKOll
MZci10F9Usak+agLidFmLlCBWnLk3uBNsj1zX/KkSFMPp9RBCpVDdtY2f4Fm1SSN
Mg+dmnVNqZHQuXA/Z2nuxwGKxrWF29crk8Nakha13U0X+qnBPUnRrs7X/IFhpsY5
OsGsD3US2ACHpojAENsGoCpwJ0ydsQJ1926iSbQpcyL1avqxouPA70KoNWL8Jn6F
uuh/OM/NC2JhKNa3wbfMHg3btoAZiK1hhT8NKFbZ6P7QfDkrmP9j8kJK7nfWsiYp
psAur9z0EW//oWWAWR/xZ0E5rG0QUVfjTTWEMVQOwf6Q6cjJ1EhxYrpIj0gA56li
Cw+ZUqUAyl1FHFEvVTPAeJD2XyZW0jwxaL67DyyxeGBLJj5dzTBbBiZ06vkMk7b+
u5Z/iGaM1mgn3jS0y8a13WAn/y35u6HZzteP8A42ZL4+fBsFL6cmIrWDYsLYEmB6
0owZ5Iz6xmqLXbfwNkRZBDmixp2eeQPcMX8FnXK+6lZEl/AGlSlRSz5r8HoPOwI4
/3HE3uykVyRl3dWCnQG1A9V/2xw325/WgbvZ7z4gOxhwsYTNucIyCik3PR1j8OdD
GfEICpkLRCA/28hWE663wV93bRwVMqJi1MSTfxprAW10ChqZqe91RM5ijXbisdoG
yiwKF87xW5/lfEbBhVJAnXqjvjMtDZbkBEteBDMOJ4yR2lWOj8/F+96IPUulX6N7
6BGczTT+dFe22fgjFqjOllOaA5H9d0A2me1oaSpveDLWSd9k++tuhgbq5amEj0+V
o8qcJ8YydforXi39Tugm1elPjlJFSfG7uH1LFNzBBKp+cfDWBtfNqnsFUkJoXT/d
21Xwl9DKzGIfzcjDyrXDQEdf9Lzvh6VJ3CWJ9FwpbIw0rzo49ULXkl40Uyy9nhA6
JJlX1sI4q6yWxUTSXQunbZH6LogTq9FshR5xAhkHmJhjAdDMkR/d3cBcDxKs0pdk
5PPw7R1w43Ledc+sV73bvEmD7r+mrQXfbYhvkP8nmLB8VkbPUqq2dqUwvnAq8WkZ
ggzcOKk8vETew+4B+E1zC3wUzpL+B9O8qhIJu2XHQqkKJraDaB4k7/jTtlgVFjQN
J3swWfsiDRKYUrPzZfac8+smCyy6FN1S37fGLOAIaDFcTiO1fZc1OhCXRHI3uRpl
dNXwFG6OepZTs+r3yLEpqH82vnbak35zhJTZgWWlUutcLLYLuulaTv85TntCV5du
tEPiR2f6oxgo+96zUxxpFAMU6+EZz01IeGYy61+NTJ0aAOhWvlmpff2uDBEJtdnu
/i7WYT5qC6Pae0ZWIhseLGI1U/CUMfdY295pCfCQSTS8O16J93yHY5bWMwMyDw52
Vf584mGeE3a5/j9ju9qnjdl7Z5rjR7bc7oYKjCP+Pv+R3pOo7jhNhTKCbipvH2Ik
xi+aa9nsTlYgNFMTmbFljhcsiTbPSOw6NpNfJmynWlduqM2Ra5ZSMOjdKtOEW5mL
HKN7LhzMs5nWvxM2m6J26kzfbM3+d5W361BvgU6v9oCE8uSobGI/sSNP0kgGU9Cx
A9kSrxMnhahtlC02aROS08PSeAcErUnyKJLOdrcACRM/T6iwROLI38Nn3E/PuqmF
XDcN6aosfk5Gz0WhEuIe7o4bEDcHTKkeZ90/qNyJuCTwh99VUEeN9T6PovTSTYr2
xpl2Dca+KXzEcdmT6bL3eyrBAMRW8HyfYTxAJntty0pLOgszHc9Im6q5Y+HvKOU2
Jck3h1nygfBehDUwsLTWPg==

B.3.6. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7540 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4576 bytes
  ⇩ (unwraps to)
  └─╴text/plain 419 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500

MIIVvAYJKoZIhvcNAQcDoIIVrTCCFakCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEwle5fdKMS6hyob72qHYwMpicWoxWhovcMx
m9ncW3nWi8JUNK4Y306rc91m1a91Bnmm6koyF5vbpMTU7MQgVK8Xsfmc8Pl5UeX7
9nO2hq9Nk5YDrbEy2VetDe+8FmyhJHM2AEKCRYJENj8JVN32v38+96h/H+JtAagN
hbEnXCjwumjHMPq3nqq+32oFDLLRppc1JZ1khgX2LCH7MjfRp8ikVnSvAUa8tdtr
uWtEPqmUktYXUtad5ZqXQXual6KDi+0XCy44Ou+txnGyzY/iFBl/U9o11QtMSBaq
hrCIF4WUgYlH1u3KN97+lm0qxlFcLQHGZx/eEhbejFEFwoFIOukwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKiTmrMj8VnpLrV7+Exp1xnLj
Vd5b5eQeYliijqjmlUqj8JoYMSe5FokiSfC+lheSGabYyRZ7KxKY2NRScXNIX2Fz
r2Gv9imDrelGioRcACAbwJTj9aJYZqcY6NCkfvPvdhcs0sVvw1L3CX/iUbLkw5xm
P73HitnQIGolSmgB3M1hEVNIrhSefymvaQcekGRrNAH4paHMsNJqJOY77FmSVzmr
YFketa7EX4sYy4Gf+7akz3GTH+wBHbmEFJnKp+4EC4ABLo3N7AQokqUlbn5DdUXG
1JkgTT/wAqPW7wO/JDM0yv+yfqjA/IsWKwwFG8UtW9maIP/NYDumgW4CzYqUVDCC
Eo4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKA15xixtiHfDNDPM9jjLlCAghJg
uO1SOu8ogsWNs1fQP2jjEv7BYc+c4S79FLRrC6DAccBIlKL5S789CjRrx2+aIXVi
A1/gBT9yGFF7ex0g+L5Q47TYi/kZYprf3V8l2nf7NCSCn4MOczDpL0h98q6F0aqq
9m6kIL6Z2LkTVCTLtuUfFv7WivKXqjw5G2rbgvKU1Biuw4hSn604yNsCrOvLVr9L
fb8UA1Msy6Og9VVZJEM57Ns5wDcTnCNfecl3RLvQs0MtaX4qtk8DiY+A8maTM5PE
VmbwBnkYLlNEmv3KMhbYQdPN2YfXObyRVxg+HDuOd0wHx4TXKYK3frhgN+uII6hN
Py3gJmRR+HpK/kxCzXc2ZuyQLycQF2+Buv4bfW6PczVVGaw80iAWM5Iaj9H7Tv/T
fycspPk62ce3cGdh/RUT78mc4pEKMaZvut8WTf0u5szet/NnSyH/VgnymZ1etHL/
9ijhv2lGfkhUltEGlHE3OIkcQhZAFRhMfMgDHcOAuATGcpybxmUAlVSF8F2pia66
frmrFyzmKEQ1ce9fuyd0DX5MbPtPTb3fDgOPwHoknczGnSF8GE0kqIRcs4wiz906
KrHSwKM78SxxcMnJS1Z2V71fIx5LmcSiidjYhsr1gyDDzUhqksK4/YyrdLS5CAdA
DVmWlQ/x7ALB+/gyW+2EYj4FhlhREW03Haqc4lDECCIVNjvxjqmhE8MnkUihJnqJ
yQAH/U+wBcK2zce62XHZpMbJBKlOSsGfjY+ofURfhjPPzfXlHSnDYMWAYkFWsUhk
4L95+YwIcaDoYlen1XyNdmqRu7HC1K5tVQwGW4ffIeaJlxBe8NuOMaW3Tmn7KJrQ
Y/QWy2sR/dgT3aTOSUO8sM+OHrmCW+44tdHFdsaGbQYrBX1l+2XtP/buOecSgkVb
1v7B+4d+1T/BfoJxhDVyZ5wIulKjBVYOLJe/dj8JuYwDk9RNYpSl2XEKgl/5vsOa
NpMNTmx/Sp6qw7OgqETPhZX6zFevW/Q81vnXiX/9bc3JEr7AmPmKoxij0JAI+a/g
HPHTUR/7AylcvuqAXs3Ni8OTtOzzu5HU3YYqB3J9eeovmY8lTKyKS+bTgS9PQExr
3HtgzFoLQji+x6t5YcijdiEjsjD0R8ukMCRH0QMostGlodIrAla/3BU4+4epKtdl
WwzPGlaPONuW11351UOArbfY0VKUa1IZj0lnKWs0Pr7CJsEObiRT+WMY1xDR6K3w
PUq0d8v+m8+gldNpqVJ/jm1U7BswjmKWnTcHgJYebwpA4BuAVUAQJJTzYy+MioEJ
cNRngJF53JY3v9vBoQD/7g3CIzCI+UBiS/duaiVCtyzIwQ+T537LmrFWdDDHhzFC
S4k96TozHwcJQZT19GW4svAz2M8eZBTuBWoXtPn4sH/BHOC5yBjH5bHf5qg2vV1L
dCfWdg9T6AYewLUr9c2EPd2t8Z04SH+KwsruM4z1db1LibNf1PxwXIpB1tpnKOox
nQAGYRHDyBLyIJ7Mdwoz5QfS1ZOQ61ct77tM343Rf1C8voyh90yDQXhGxkvfGPFr
RP1EEZK7oANIl0nhGkYwXkBsmdMR+KsC5VXA8tfXKkSAcEpXAbY+aqRCbUYRvpnV
AZ3iNObov/wWcnnvYFZC844eFjYYg0lkbXsFcig0iS37EcGN2jSRZaiV5kVq7hHF
+VUnwsSFthMwtK+Z0cuJjRLrs1upM4fBbbVdRuSe2n2yvVZiZeXe59Jr6WwERlkI
n+sc1D/wkXIBrCRGclyoyW1JU4A531Pd46dgcgHNtuP8Yv/PW6zHc4HT6VYro9mI
wJosMTwIuL0W+Qr8/XLN+siI+XhdcaVGA480p3BxrjSeeqyWAC2QRVbWnf5YdXmp
NSkKo1ZsceL9myNGEBk6UTZyDDzo7aJiOy1rqPCJDlhfXofYDyPlSByHE8zoMnwj
KVhOHUHE2Q4FDiCpSJO5qlvhSB2svgWlrTcBI02qevuCHugFvbUIAI4sN0XPcl5y
1afNwNbXK3bQ+ZC8nXwKZRxQLRBbEk+YGP8XkDmXf59WjGoRJMO1v/5gxZQAb1s/
g2VX/juutTVUt0GZP0umPmrnRQXjwTLtfJpIETj4AKUuGKEhr+i8uuNlvIDHJTZ8
qQiqddhek7kTGfpZ5GTHsx4U1Nexaio1aHCln2oDYlkY0XBTlAmuU4kFo0sqfD6k
hVHvlF9/A3sQt3v5ygiV42HVAjbYZl1RHRKPLBFhuomDxl9FBPbjGzF+cOKYRrnN
qdZpYGtCNKp1VDudQw0ffHFCTjebXmPPOkgMrNtidWZGbf8wEPEf3VHE49gj7+lN
e5dwUlUXWQnfAs8VBIF4kSWhDG3gIFhD8IKoNTRPZeDL2O8bW6bfEBuKRlD9DE4z
rOot/hUAabFfA30AU1aMno7Rv5XNidY9sGTs39HSxL6CiGdHq1OoKErMW6vaVnZ2
z0FCLo9VBtXR5qAGQ5MgFlOPq+/rhK8+qNb/iPozMddYgxktJPiORCg4B0xhDySt
8IuzPhsNINyj0+eclvG17TQPwX69jaUutQm3F82ldrLrFYXBDytfyz+APuWurZGH
NtBGj9JkKN50//7reaWeVkDSh8VwMwwfTCajrSQerUEu7rww0z+mGsSRzawuWahF
ZFpyNn2o/Pfn8eeBOW2E/2n/ndPvDf6jvAM8rL2rT3gGMktmYM4TvZxdFHG5gEFj
7M8itL9dqDTaeaHMKaFN6AYqPIhMTnYJa15iV3eKavPwE/t33q6oeNW8Rb+kv/lO
BMaVSzwxKti/MLt0xRe+x8+8HyvcxaINaojri2CYnbxCrH8HjTCsqVeiAIui4/q3
GjxEAiEfRoRmhRU+qcJ1O1XCqDsAhn7NOCUtQx9zS8ueWVUJeT19SsgQpjquSobg
Pc37RBBJP/QNHODoGUsYOLEmzMzAtC9YMOCXjmcm7g/2S9dspURtpV5UaCwm6eAt
0quRoCr0ajbnG0zRWkoPRob6ZuIEOqMielz2QsuhTacD7OygdRNU2wmBcBAe7RKY
J7dsJ/oYpJf6y+uBReB0AEUJhpErULETUlZ4uoLBWlqyP3drMYAAdoXXIBpLTN7E
9VkhIbQxhCuN7o2q6M2mykHAqEBAca9KkL0UiouLiPC9Ygxr0FAUJpzFBb6dBXQn
Jo3JqNw7TyTzVf7PoZ1V8hkQdrvrJ/67peI+rMZS2Cn9ut93AilRdO2v/fJmvUcx
8cei7AJlboOdMzdKTkDpX4Opmo/EDwl/uR4M7bVwoGLiVx83lutJ3FFmsNcwH53e
FgyM2jdlWKncm0EnNhi8Njr/8j+O8iBlaGD9rTlkDRb8RlcF9VtMrKKp3/AYf6wk
Ecenr9xcJxKzKxKigRNHmj1hEsJEyElICYoxlglyfyJRVeyVHoqO3OJ8cDeSwfFd
kDK2va4X7CPQvWFkkOTsv70vw+Q820SdkSiU4bq8rK37Hku3qFwErTgFT0Iph8OP
dz3TS00qpIWVYTRlCgWJnmwv2h20AAC25Cfwwa9ro+Xov5dr+/CZPEl/0wF4aZ3h
34uau8enUXV07sZ0ibmPUvwl6lZd8vj3I+h4y6JbQTclHtaNxlFKvRubFomrclMI
EqWbB24KS46W4U/l2qv2GD5SfiV9SjmwX8hYvhKlbY976BNL5VZbXNx2lyU2LUKs
Uhlv9BxW9c3YCo80yDY3vw7nfq49u3X9Xf3lQtDI839WfB5PnG/59UJhHWIxvpe2
xn+mdUaGoyfLXSm2eZefp7C+41wsceFWgxpiVT6WekOoGyq/v0dRMHOruTOKyX2p
BIlzuqf0/2Vw9y3fnEJNsY0K+Afi6aevoHKQCWwr4tjc9YEawrzeVyNU2vZ3/YY3
2NsMxQP0a+JqMpIbv2I3GX0lIOhW0Ws5Al/Qzx9rA+bIAXbQKT0z0bHdGm/rj2C7
z6ngk24CxIJNc38+YPhO6l7agY2bfXy5UJktxZPNxU23Os2GuqG4ymkfM2pf1nkN
TXFOrhDNpaZKhSEEU3Vv/6f3w1y9wfjptEsanbt7oHDTnrh1BZPzUvvGuR7rmjy7
AFqG+Ql6KduTqdWV3U5FqGk4RVuOKDj8rxkQDPZo23l76g0WRJOJY+aQi7uqQStL
v0BtVtALm1LNMHfAza9FKOcbNlc+fyWLkJ6cqA1dKUqIyUAFh3EqDQQk3wcwuqQH
oBOZYRSsY8vSbFvA8mL2njUfxuhnGG+iUcNxJGaURHzhABBfrRHlbBmyDjW9gJPB
TQaDauQgHe0K5OZooPi9UIGPIGJCy0hgnF9MupBiMkBDJmOBLK1bx6Fwj7h/Qjrc
eVceaQtEbXvhiewH0BjiWckvSQ5tzoCeBE/9E2Bn/NCtf4ZUzWK1l1jAKU4Cb5Hm
pZTTueisZbC302FNqM7hOOFsEqer24L2YH3TZOoaNaFd1pzPAzfbbqghQiFrREIo
NmvhXVVzse+pskP3bXscjdartlkb8tXIKNSi1YP9TArBW1zBxy4hUqHv30hzS3uP
PmxpFlZPGgmmwu4sU9uAXG8WS+rWsDats8GmVnnx3kXJyessMHm7txv02TZ8Jplk
cj7ciVmkfy3CBT5mMZ8Qn2pWAdtsXFn4OQFE6CGTiSDkZ2LA1iisyWOqQSVg6o9A
TYNF7xBFqxi2AiebiERKRLO3JOyZohVHNsbMWlCIMXUdH5TfUKAVLTkaAbB5b8Fc
lNJs9EUuuFPnuorJIO6sETOp/mejzkaHiq3yBsmHgSKoUHTN49lcjg5GM8WDXr0P
8XJqRBIme3ySH6QF0yY6vCDISvKlAPisi4LRd0zpnh6LJmMxob1tvMerzXCEL1lc
wzAzuHVBGNI3BBltQ5mYdTAj0+SSDLwILnJ9Sf44JuWc4HaUBzX3nf20G0T2bxh/
2N1BbY9U5Fjtp7R8dNU37NrhxTKjhXSabJ8w0x6dkuvq6uWLOhzAw1OQKkHmEquR
X0G5kRsWw0DYi0m/wfpvtBYZUKr124ejzLrl9FLXYVx4cVO8WOgnHxc4FW5mZl3e
LlSyxfe6EoYzj1Z96wM4buC9TDesk83m6TlKA1PlZvBbU+nnpgFL7d1RXrsTD0Rn
5nk06TDXqQba/sRzzvyd5zjF8LfiPEdIB/X/zpqy5jK0Q01FixhOpyWA9MXYu2Se
6keqSwT2lnfR/ZhpqRhA39TnmoITHS1lAPPkf/Er+8ecJlsNVzfuVkRBVVvSq4Hn
tOA0l1ItIK24/z5wa1e8W4dGnURA2OGWEPm1YACq8K1o+nSir0k4+VvJCm42+2vk
Zi1hE+FWxHQ9H+Pt58nJj5pNflP6VH+up0515X0EHRIkTm9ecyYPQETdG89ZbUwl
Hys/1nsNIKnuREwY5P/J+A5/s/+xl94jNNBsv1Q8kLngufxOQBbpwGjRxCTTfzbj
MHIONho7Xg0TbJQrq41oU1goDWV5tQsMH4VUg7ESiLzceMECYiQsnVLg+FOUqDvJ
4vaaGYvSTIaxlgpjL3qpHbmYa7+XXN0Vr8eHvr4XPB5PDua1oEftZPA1z9dGCEAo
RPISOQbZBVxC2SmC60mZ3ANIUnBDIA6/6VRaByAWoH43QkuC7c6Z85TIB7Wosx9c
KatEOhxIRGwcTvLf00vKY3bHb9aihWMDnpBEKUfIpHU71iC9nCtij16NokXMNAqo
SYvTbH9XJNfG7R3O9dINOgfD+aKTvkY3pP713HZyf/FiHyH5H+obcjXlHsKidTjg
BUptxdFQt6yVJaAy0xCZtUPV8Yrd3XZaAV1rX1tDsnfJe1Ab5u7CxpDYLijdwLml
seOiMm6Uy0Nxr1UhfKmx9GPlrqMgm/U1Z2NBE5TKa5lAI+3iIGWxPUOByT18/7S0
jYkvk2oO9B9iPcYqxyUn7mS1vefRxwCmbIOP2lo39QYEX2zUsh3/kLoqxBwRk/Bj
/S2lLwfSxi1Qrb3dJHyHyBIrMeGDCUXESmEv7n4JhFlSWjMYLTDY6TmlBefU1x+a
klwE9TszGKt+rCMCUp1tt5axy0zPz3U7yJF63/j+kxT3YH7SJcmC47pOpALhG+dx
5zdQnZiTtioYO7E8ZiaLPM2+42pYf9vhugpZhyA3R/EFJYYBBqjo36Iw7Jh6gP9q
NzM4+CFNs3sdVuvkRNbDks6s9Z5FICjjK9BsYb2IjzyqDVMGdAxX0uuJTLoXTJ+o
lis5qqmnmylbPMoSsUiJZ+0ZQbw5m2NgNEZNrQEvfTj4L+R3tZfgCePtn1lVji6r
lUo4asH3v+jk5varkDOjOF9/mX4Ycu+TX3ItDx2c6kcbMsP7tknEMa7Xd006g2f0

B.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7605 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4626 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 816 bytes
   └─╴text/plain 327 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:14:02 -0500
In-Reply-To: <smime-enc-signed-wrapped-minimal@lhp.example>
References: <smime-enc-signed-wrapped-minimal@lhp.example>

MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJG/Nu5fmnMkn1fBsCANbQMYLALsx0mJWEly
TzK5u5MUntTeOq+fVAUULIJkXaF4inxIe6HSau/bWDWISRy5txztdBIrGLB2RZt7
Yq6OY4UVqXmD3EwkUab9wJVVj1ZTP4O8ijOAfpCjJkzfcQD5J0ZLr3CRXz7JT1wR
CUHwhSBCMOuy7/lM2fKeyI+ThUNFUQQRECIjA0PmMrQt1dYM+bXNPi4lY9BVM5qx
J8DQG9XNcQtPsIfz7ELwD20a7jGykPYUHzyFE681x+4KTBKjRZb9t2Ezecydep9M
T92aV0ZU4A3Vd8bujGl9sUvWCbFR6/vhT9TOHHpqRUOOLJr20iswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKUK3Tne27yc9+vIqGMeTO6/u
Ieg0Iav3LcaUwnCOGLjLZhlnpZEzC/SfNTobX7d/2yPH5oc4gDxGekJO2YyCkin5
RqpYlhIeCEWtii45otBUInis/kAroFNbe7TOfJ9ck5tVXxLJ0WwG4mW+CoMlRF6o
E7tB3VSvplzvuapfi2/TrLtmCDb4rlAfyhTIeIQy8J2LuSEbmDm2RllrWNVhVPTo
9gQYfEz9VxyC6Ix13w18tJ7vAgvECibxVDj6AVkAB6ThJJGle5YRQHsqbEDbQjBX
RBXfKBjTQ9eZqxRIKjfP11iYA+tNktr4WRyY6YUA1dWvb+GBV/qS2F78yjK4ETCC
Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEE9Ajv97rc3cRK2SsCiVP3yAghKQ
4aCK5bc+ic/OjQtKizK3Vidpqd/12OkW7gP/7UOS3BiPtRIUkwQux1cSiCmFa8FS
B2Hv6npe8PgIkgv6B4E/paVga591QdjPmnyoUmAWrH5ILbAdHllugybzhs45sSg5
xHftcE9xswAoBb0Es60qRMyNEbOilRKYIDVoXjFiyA5SxLCFxXZTveJGqQV6bErY
bEsTEhz578Cq+tMZVC6fRR/iSi1ZilyP7AYtCxUH1K5FSgt8qnxLSwk1kiRaBnMJ
Wtk3Ve+BETCUBTn6jYdL3rBLw8rx2bp+qUcVCu48KTW1Bk/eytSJ6Fn62hJnmNs3
m7U06C3nra2hvFWYhKva0JgOD+EyAiqGWwXOdD7jRS9js/dkFgguZVT9OewCvEb4
gGTXLtmTF5oiCipk5o8rRhQk8mkrXQSmfAkD0R7hav45BnaisfI+4rd3VRBqV0NZ
wXVFiOfEpq4hhA2fCV3owC+DiW+54F6gUEz0htkkfbJdD4r7+8u1Y8oLrEkPZGJU
7SOjAM5yC7TErr4U9FCligOLjWKmeKud+rV+AGKUVEtgXlAe1C6EPQDY+uToSsP1
bwRmAroLwBBD1fttSRuS7089AsGqDNLbLfhoxrwkwtyDG/1t0XbjWNNw+8a5y/nn
xnLklpqHvaHRSzrH6VAcSmrSuJUrJ+bxm7yPWqJbz17+8wrQa1FObsq7NBfUz1LD
93+hvKOmLVIWTpYq02QlkYgRNyEFSXgTbLslA5l9WChT75VhrwQrRT70JVP+RXwd
LT9su8myIifWOZpEIJpSgSMAJs7EPDJTdckMkBEVyiQRIcNra7lZsjjI5JQa6nVg
8pqD7tbH9ZH/AV/Z87q00VNUP3ppQWlkwaw3ZuLEH9DWfxVbrIxD+c9DjzTl+axI
voBsFnXWUQyW7CsirR0jhoM7sLcLXqv87UnwxlH7WgSiwkzNAoNj5gvZ8FB9xLw6
ZvndV4o8MOYKaXQuOkIo4fJ8xkjxa4g2suRFsOHUS8+EeuBKmMJhmOXx3P2TVFmY
jZcIPkXuHbJUMS3sCcDkwsN6Xbt7aa3jzqUpEJwwge3BG/1PC7Xeb4JgWH9uP5Hy
/JkC7Q4gfLcqXNvBE800MyGXpZCj9iXWNYSbAHLazBYpARpj+a2/nj+D0xjPYNo4
iwBzCBpOpva2C0f0MO7Axas7XDRRRuoP0bVeo/gDS7Nm7mq+HpH4RYdLP8Idr4ff
8wHmnihggUDFmvJnWAEePrMXZb2fCjr0zFAwHG7aL7GI4bH2tbN84uOYFGCUrAf9
qRe+7v7SGZIiQIXNvQCzsHkNbhSb1hOeAeKpMG+nkU4IHI2GGjs2291D7kEkKN0F
VA4f15pSlKLlEF8T4HhoWc8S8+sGxdXm4iujbis/yrkXH13bk46A55DNk+aCvDkl
nJatM4o58mMFun1LaCMUZl/AQW3CFDRJxOU2Ae7VbgXRsb6gokkiL7hmxC0fNXwG
ff75Lo6/MywhXI8vANmoTBVNeOCO7atRVdzYZ3xvQ7tTgUgr2BCDQlw+1aDLso60
SxunTtZxDECm9V8mWeoQjzmWYLuYeCbaUfeoY0dhQfwlph8tOrunEfwrbfCMK1Gv
QX5b1eQURzZ/owrqE9/fUHHY+EjMrxk0T6+45cA+N3oOJS32KkIgv6+91GE43YKK
9eAiDYmrBaIoDMXAzpW0yyWmzPjSuKuolPsCKnVeMN1bM/1Iib1/lyjF0yegu4bS
0VIh+z/cNBg9Eetrbr2gR68d5mZzWXvB/Wfa6VM6Odl6t7Kq30wiFUJ5OtVaRPkg
NSOeAXekL2rUQdmVJFwOtO6FmoYimgc+YD7b4HZICUSbpaernIhy9+ZS3iLrci3Y
9tiMlikwHpBX8ykQ59fI/i21SK+JVtqzjFOVq6hoRLegzQ/OSHuiEr+RWYmnGXH3
TLRaPx1xp4S5P5zEsrIGmkQVudXavewItyxq4vyEzC1BS7L4rK0XcK0n940IKJj5
YwOIj2uiGGew6AFVEF2GsO29XdpbM4XbuIrXMVKBV5VR8B06ppA8NcVOK0PgvfhO
66yomGxgvUn9V0v76+x/ZZpsyonbIsdfnoHmaK5gIfUcAKVIp8I2B7gN4tH8ut1+
YumRhc/R6Y37ZbeY9ZpMh1WFDJ04LOaiccFaU8yt0Grdhmg+VLQg+mzOUIZReTJb
VCP2201EGNisGeYp4sIqlVfziAtyPgnvTN8qtUhoZOZ5ghK5xlB9nmmbhf2wjOGY
vB3dyw+dTkOBIH3tqqS90ATEddzJHHVV/oXzFAs6FtGbRFA0YpGvgYC+RUpYqvqj
lcm1OLqlEHl8tpQlrWzTEIGVUMePTRBW77CXSZGNh3yz+eC6l270KPKbhNbvZSQg
uI+NZXnGCdapQh8NIUmn4Suo/Kevo9/Z5WKg2k1gFI6rZVw2rdMuY0PVZfyuGTeE
KuLtXAmNZ8GVFBOq/uz6GoiO6s5nFh7587LHc+X4bayK63tuKnkRdKJoqzChoU7y
P7zFJGwR0Rhe70vFwlihlYI2y9kH11Y6GSzULYY2tYozH0cmAkYMnSTmeo5lq7Oh
NveHC6v1vVQZ6BUYN+6fm/jU8fuE8aTgrnREfdDNbPUF4G3hZz7Kyzu5KgWxWVjm
a7Jd10MxVjUhqVtU52/H8eikdanl1QCSTtjnt8BP2apT8lXjzT2zdZsiIeEXhylX
03ao14tBqMDvpZ2Uriq0S3d4O6zZ8DdCA/4vqyVpdA5GYxj34Wg2tMN07XHZ+5iF
4D+Dra9pXS3mqmR+U/MUF495/9xM6+eKSN0e3gyHW3LLhMtnc/sNIod0mMvIkexl
1VblCRNsO/vKpLm9TOgilk4uhk6//Nha+SoknZwZbKpV2HP/yjFm3/yopccmqRbJ
96z4Uwgqeq37EBPdrck7d395U29Wntzzh122iauJyNYXmer9OqsH+tM71mJ6NWiR
KQ23Pj5h4nxvhDRAMD2tN65RfRPD+Qjz8QJ/6h9scXL2we2QuzNSZZ/IfITHt1Tj
c0Qp3HQgFH24JSf/QnhdPz06SUZp0rzR1Ykgh97miSOzOZZt6K0oPYy/YeAC+kyL
K15Cu3F7fVrk/aYuU3TSSO10vfblioC3K74lWQZHmEd8nOF25++U7FspYVGa68Gq
lJiI/W8vhtTDUCdSwymn1NgsrVVg9ip7RCkSBjoibnup7nTOLbdi/yNTmgD+s/Fu
F9ieEEQN0/k8ARP71YAZR8YSaG2dLuYh/pRTpe3xoxLqwNyC6ck2eOWq0lK+LBOi
/T+b6HH2v64De8MGR33MNDf2DagAJ40/RlJJqXhLm6JTn0ZB4C9gygJRUumv9KIV
li9yccYXs/dU+zYXiVOwedmN7vtm6lJTkWfet+gTRz4zS0z3UA2+dtiu8LLVm9oG
5BGb8qiRF5WNXjaB+HC81bpJfuIDzAja/2QPAwFH3tG5ixKlN4/ryCwoGllkamDx
IiZPf+2itg/7CLDnomfCGn2XEe1WxS8CGR+c+sH1k3umqpDJam0FZ8y1g7gaFUO3
QhpGY2kt7EvPhOXdbwMhNADHFCu9oEC/TLxknowMsdjme/vA1h00ttDWG0dPnKQO
VYpCRCFQCVOvNqbrc/kbRRiIZxnuPmcoRcI31MqUDirZWfyxpMJsfgGCQxAMe72q
nCHGQgaRIC60JXosP0wFPSibg9HloaEAFAwheI6rMoKaLy2WL696rG/zxEQSovB5
wTsHFs1UAaB70nCVoLu+0lS7mL2s5JPv6Hk0i0+wSi5uYMOpO6TUY2tZE3ay52zR
tJHKVK0rT7yTe6VQOr6PW//y7Ygqy+glBPVUJo8YV6oV4QF2vrj+StNKV457paQ4
+ACh6FXcShgGxI6Em41W/wrBQEt2wzOUv2QKsx1T4rjtBk+hA1xfJoCYuJjiTqtT
HpdHHTPqX4WzGa+7Kelr1YITR7TGAbOlPeJd0IMP8mu3zoRc1p15Te0mrXwM7CuA
7f+c5VIPIXaPxcQmGdPgrs9t9jzpV+JUpeokAtUpVJ+jcJtTaFf1SQqd/6w6rI3o
uvYT5IxS05EUu2nTYxjQRuTlonWNXkqVHEDGi99u/FrOgh9fZ10oX0FgTN4u5R6H
58uGsmJnWUE0Voj+1iSKb86wgwDJw8QOHhnrAoDBxAhtWTuydmuEhjGaFmQdNSKr
I3xC9o2Q4dqI/Kmht/fzrZiifbxvPleMkvaMUOKPEdWOQXaDeIAauR/Bg14jyrvo
5GcTdHxa9DBvSpuhE/jpTk0029DBIKhTWPiUK2mCoRk+e1JILSi+k/q6P105sziD
TIBCjg7ba04EahFU7f8EReRzToWb2e+a2/F1DIw0r6o8SQJcrDi2MNORjEpOkAWP
HEAeTHh9WojXnEsnHChwG+pshviy+tZInONjU3Q187xSUbNseO5u+tKVTLtMEr6H
AnU8UzFHkUDnpw6fjJjRfKYe7BQrM4uxeN+V3CjzNrK2VLQvMiUw5fcuEOboEbBT
dzhUObkrGKaUGGbuyIBhR5zVRQC3QsATra0ITzrPEBxGD2yY/PkpW+GhiV+6Qp57
fHtZSB0EQHOM3mihF0XJqLnx8dXAXJobdo5jNBXSo14os4fw88WdUCpmBDPpbWgD
Fy6hynY8tjtmeaGFQC6o8tzFNMnSH/Re7uO77x45Ly1WeHBhXHARumCEVRkI1Yg0
8WE9KLZ+TEkcTok4hMcYH27XnKSWElrUNV2ViuXKyH2jDZe2lSvLO9kex+h8Fl3C
cfgeToh4pYrcxYB1Q+2Sehwy/nubL2pTbq09ZifaTyJaUyf6ilbAX82TUVSCRRn9
pqGlo6+sFZsKG/AitwV0xZ3DsuFbhVaePSArpAGJ6VLTMeHqHGy/20euCky6fsyE
DAU/W4DYjv9cN2BoATOxWkWKyI9IbGyN0Ob6E8LfPXoCswXAtuW/MdphWUHWlKED
v/WYC1ZYL8oRIzDAvNQGJxp7CI9iGaQCEcsbwzoGw7AGsb7pt0lfLJfVTNC28qSG
tCei/HdZbUvdwUDRwePFXxSh8uhZEOWFNnqaIVTYDdbxnIHfnHNNjBczT+TjKKlz
s5A5dWgxCtLZcGKGmqcOmiw/KnNsAEJ5y7fFur4fvKrXQvQYctdYiJ5yX1O2gtci
IHiHmfohFrl4TWB7iKEVj0+pfQqqnJIWYj5Sgd96UkR9FOl+Suc4lnTRqzSkOkYj
zkYZFaa7SPobvhK3N7as3niAgcb4VfTAoFXkOX7oVPPpDrHcd7UfZ/Vj2RnuO2/7
4o4aUm89U3k/9FgEapUL/rKCOoCGnazK+w4+Hcg2wzkgkSNFU/sgxEqY7cKAHjTt
TAxKYh/F1r7MizSf0uFRyksMEa3NSeDqNhDhHV0IbPandc9CWVT2eqU5uvOgsNPp
oLnDUUFC7rkQhQW1h39BaUzndXGU88LT5Lqb31Z8/8/AMMn4ZxowOTggd3Z0NSVe
ymrsuSGyuOEU0agx9ipbomjzc5Cz1oOcF2D0/0ofzdTPkGFhb1NtOjutGbg5x50B
3bIphtV6lpFP+GapZKcX6e308lJ/2AV2hJywbxN1AnLPnqmkGeHaU1nOp60JQ5TR
It8Oi/LjjNc5hrFa8zKU2aM+c0lXT0VQu9DvEkHqqkMBCH8B35NXlXn7GYDzFwBs
NnGcrNvJl3y5LbJjdrORsyggVHjl5Rda8Nx3ihLdt2lkse6UBoUkZMJGwc3ZmpGW
2wX7+5Pv9ttUmQ4bx7xcKy0su4jQaOWpjoJ1l2G5Ju0BzRx0Vfvn2WGX4aY0AJR0
uIZgeibQy5/3hW5keuHgB1Q7134DgYMSSjj0C4PBvHnpSnuTjYPqgE6+D7UrNnbX
x6PbWeP0soJxQfy3i26+flQ2yPZcNIOSzSulQdK36RTeOR7C2XcQhsivgBbsM35Q
3E29rbMMFDfUzCZmdJNivvf+kvHID5I8RtX2p51YIQVcyItTunQkR9P/avTMBqyN
28vQlzFk3RtJrpOuy8m0nOfNue4VpUV35u3FdYIa6RkqLB8ZBiLcSFoi559B9czW
C6zz4GlpoHMNJbPN+dNbNFIoTeSi0dE0vHlP++Xo3phOC3bBcRxNwEoIExYwxxBS
uWGQBDNIdRHsYOVYSSiEx9QE0bOinnitTHLthPcpcE0yMQkl+diABJe/J5IBPee8
O9sicjpgeFcIozBDz26njPOgLMl5o0xtKDsJ1tKloM2g9NpA2kjXy/4uW1iru69E
c592xssBoY3eEzoKdAOE2OHUBVnmA2v+kJc51y1BkY3YYi9LICEDPZvR0PTDl72o
cJY2hGykCCDvfrTBjTuvIB5KeKgMfJRJDMtGAfzPESCXOZcDr4pXX4im1japeGUx

B.3.8. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7585 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4600 bytes
  ⇩ (unwraps to)
  └─╴text/plain 339 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
In-Reply-To: <smime-enc-signed-injected-minimal@lhp.example>
References: <smime-enc-signed-injected-minimal@lhp.example>

MIIV3AYJKoZIhvcNAQcDoIIVzTCCFckCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABgRQRzXTRs0Jqxrl9ouqlyyOUVTZpzsEN4E
rRGV0bKlOV1O8OiF4s73Oamfc1GowC6YOss5JBen3EQq5NmMsFXjlU5sSiFGgsX6
IjkVSHC9c9QtdJtXyEoqEhf2lGJ22FcLjU0M21XxtKMlArch5aouJO1+nTj8AIqk
25JNvqG2dpiLaN61T9hSnyZe7bqDUflBo5Xm5REOc6EBvO+lFgjtIJB73QWiGBu9
C9iPJPz7du0yIReoX0wtkClqUzrBEiqO64SNQ2MuLTLrl2niNDfaQrvfDa62Y6Zz
RKPE+I461BxC2Evp18cJVdmOLPE/41b6QPu38l6L8/fSoKYoCk8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbgflLBuq/SuTA535o03fl0T7
hFJz1cRgrOgdYfajI+bAIAncrUXPCxEhAIJAV9DNOJnISnnTNW0E5ND32Dbcji83
GwhT2iC+Uzx+0auUYuuVZ/go7eHMUWrY1Vm5dqNq5JbTwVgWy8lIC5CatZVYDVFW
o26J351tuF7mAaIaLYXOnUrLgqWpgqI7zXjHrL0hADXlaJARcCY3Uv/PO1YOsb83
1zQQs7Mu82fjhmJWqZ4yQX7rBKSk5V3aoPjFcj1w2vQWUXHqczJmr0ZHYiaZQuLT
gglkNNSPNFVlfipXESE0ksP3ZoM+DzLahjfKSLiQTY1Gacasb9+oVwALBhUoCTCC
Eq4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKODP8WCdJVi34OU9/jVCwaAghKA
Ed5TZquhpH35bEbuVz9wfPotJOKJ6xieYlQEcchc8+87Log3fBKWsZo1NwcRMZzW
PhE8p73CscBYylFWDtwWTtQfsu+pizFoH1B2u+byGhyr+cEVOcI2hSM7BTFzBEbR
RlAWNZse0ZlvW9MABUHhu/7QFVwV9LYaL+UlEEAvoPfnX1QP1WPbjyIl4v+/4i4B
6jk2HBMlN2r7Kjk1+i0hdt8V7WXHRWifGO9rGmZzi4hVkFIiRkqOqXpghbsHOdTL
mWf8LfMXatmz39ueE27ZJC/1KHygfdFqQkTfSutBP05eP7lJHPn3cb7ktJ3wmEj+
0iCyGySJlwKB9EFbWPOo3ENWZ90csz4250Djzzx6HIUk5jA2ePiEw8VyoTCq77kc
n88G6ucn+7hApODGLazPByQeB4OTg4EwkVwa3fZ6CHENZfDNDjiqYtBtxLUh7KAt
elv3UmZ5PtoWGuUd/7MYNeGiZeVuALdFAzI9Z8uY1BEQE6kZQY4g1IAvvd09Xvu5
Z7LA4qbfbpw3708ps9KmKmlcrhmDs62DkZP26lKUgC98FmpmKgpKmPb/V475+OlZ
FLJkE8LVPrhBQlgJWSFmPCj5FTkWml+dAriVS+7RdkeohjOepRIw7ON+BODCpvSO
AKHry0k5ANJOZhIgYOPCByDs+AypJtqPl8M0azkThmlFLBc1m6HDVroDklpZkGib
hgANe0pnA87omyIXs3lWpkApS3Ri4HrlJXj8sM1gqJABeQEOOcej3yIlIcKgVh1J
OYPfeRlibKzDHbIpVFs5QMzKNNwil/t2+VmuV9Reye1pdtpXPFDP68ilPO/VCyMk
Uq6yKfU/3gtieCtCgYbh/5dAcYwAVwB4XvYqCO4Sxj369X90TBM5Ege/4e/jcNik
S4wJ1VNVIgs6WlQbAsQ0GwwyULguRbnmXuwXmLySLgKd3pqSeR6mM6HGGXe9rdSN
miIc53pdrWAaLRqP35oyOCjwdl8xgaaLAV2Un3AD+Lwwts2rSOpiTFbTLRHPYvN9
/44HfmulG/cxGTWfJrXq54hh+UteebsyKUx9Um4LGqs29HIx5skDVOxhzYPM3+J9
ZP/IVgnm/tqkzVvYd0s1SmHdhQyXuGt9BaWjii2JZdrQjbUv7KrtfLcGUNGl3yzR
q4hyRecPQeCO89AryPZor5CQ2H1fi1ibSDcILtCP2UDzScA9qd3lvMRZV83rFcYl
cRYGUyckJP6aJFYUPCXRiDei9/nSkLDCIjtVHESDyUtGFTv8DeTH208INYj5xjBv
cEtW1IM2DXft68jf9Z5XsnUM1QO2jhLDaUptBWmKDgzeQa3KESniqdceGLrTM1H0
lFgMPFEn9W/Ma3pdi2I21TnzIcS7ZaO+NG/2ZLKXMEVBrXVEU+R7heEo6mey9+qV
ftDsbNZJoB7mTlMf75Ut4jax9YReArT22jhHyxZ5NiUu1200emE6VMlH2t3UB5gS
9aoVqxh9xNiDMO+6Gh0xHbc3m712hWT6yIHYcPCHzC/wqBE7VE1jcq5PF3ZpfrBz
ZMVa18yGAvhW+lF/Fl5GUpsyxJ7LR3RMUappLFdx+OBrAHWI3B59ZIDYTodigu6k
e4qJyNKMwlEGusefonkkAX/53Z63QXe0RswKzW3cfydOvwfC0Hi0TQX4kqXj4MAg
N/gNFOVRpbUfLEmaWyohkVEkcgxqyYm2Qvw0oADhU/Loz9p6a1Fjz2E29DNsKtdT
uszU9+2D+9PptibTCm5BOEbgM27wSfTwjcyKpcZ1E+6SEiGVQthWIIj8cCSkp9uG
vTQrG0F1HCYzBIUixyzrCJoc1jBRv9lcRrjG+xdVOrRX2gNKz/bgU+9e3MPW/MFe
uuhCqpee6qMBPJY7JQqa6qsJRDIbmjib2gCdSLsYr8+E/KGTwu1TDDb9bKq1I1lm
3LWl+d+VrGBz3Hl10N2PDgedjwHco3igrwt3dMiciqF7l4R/aDCJXgQOb2PxOqoY
Eyg6vrAoykdSfrpFU6UDhXbnxBdlsRSQ5zfX49Rr+YHXOk/VWuQQkeWMA0m9nQ4C
BiU72A3+nP11Kh7mc0/3FXzSEuF7zzfhfU88tEVvzmTpVJkgNm70NEZ2tX6VBe9g
ycH24ytDbrYu5voZUP1CepPCdOTwq+uD1iU/UcIKxnsnxwPmnvqU/3Chl/wOd8/V
4TwbNbRlSYit7Xt/3Kg63vkQa3wOBxZ5j/KOZLLPYkSy1OJTzvE7Y1Glf8T8oeGP
li0RQbOaux8t+j9ZrHCtxfDvbTOEOXYeVuQV2rnbvQcXg+KOAv8Ef4TEfSnnnG/1
dW0Uvb+YxJjABh84LTf6X7ja8BTJIY+oyIMIptw3Iw3BKmpHe0DqZaJKatzZ2JP7
IaBmSS46Oxngqb3tIs/iX10OuvfoYFF8JP9VNwlVacn40mU0YuGJi62oWugI5yPG
zjI1lcVAsiiTYMM8OUmw/UuTDwIgIO6AOSVNMMjWcihBOQSn5HgJNP3dc9JWCIzd
xM5npoLCukhsKgzQr3MHHroiP6Jn+UsYwoNvFeVkVzb7nZM9sqmrQ75JJPiqADfX
NpSGqNdGU6q4o7aCtjegr0coM4xyfyOEKyq04w5oXhYzAQ7qGvN4j0iw+WVtIX6x
kMV1cVXLzeJ/oNxL1aIgZjt+sN8MGTf1IBftWxfuGO+WKvWwuO7D/BTsxexdfstQ
J401huuod1YSoSsHMcT1YdDaRospOz9pvkjREwwb9RZtlnCjKALdVGeLDBLG3bc8
SX/LC//AosoGt1gzAFtBa7/n3Xup3EqME+nXH1K0xjvED8jh6xchDA8U+tSghuC1
0OmY4GFlqXtshxJOf0tbCGEoXJUGFLeYPUG8d8cn6aLwQiRi3D8OMZhDRSdz3KWw
M08i6lvavxGnwBPG+XIVDvxkzEaeEZrZ9Ea19/RnW+bZwxMwvC7Ecqk4q7o/djW+
FKjWedjnGYAJIHSZCljRDosskfmgCEL4nfgMwVfqF+xS8bTxyQu5RxqwBPDk8EM9
ZN1EH4WY00hgN4N2oqllTUn8L2Ehx5JAhiTckZz+cp/nzKVpKArnjBQpCjTBUDiG
PT28zjiTkrZi1eKw1C2zwaQ8KOjMjRp1An1P6zSiuayEtf/GW8nHzG9FcJoRlMKR
TUt05KBg7wgE1RxPumyws1RL4cpIb2oWlyfSqlYNHdNCQykyuu/ubaQVg3VZyz03
CRl5V3ErDa95ZM+cbaGx2JMXR29N6wTXEGi8FCMZpS5gTucp67yZtG3Ik+PPWkih
8bYskpn0AcPCl283neE57MhsEp+BOekq9tAx4IEWDVzL7w1EotLT5gp5iZlqMeQT
A4kCWEbcX0emotgo/KgYhSfgaSDa+LJqvFNlOAqpWU0ApqrBkhDUUY97uznHWjXc
yS5rzHHDbrO448nJpFo9ioCAwFYkWaEKRCEljUlqlfdaP+jHYIz48nuecCtuVOeU
gpdgE4EhL0mGG+ylj1wC6Isrqdj41aR5m3ZwMeucBE7RkyiCVMW8/GobcG4OEqGn
grvjoMjWLjOIoJoeuZsv4ED7JjAbedGsA7WqGGzVTyyXbUVseSuYsb7eVy7I0VZF
KiPI06KglRA9AQYPtnij3qku/RMQNWWrSjSSwUlm4FceY77GGo9BctQ7DdYSoMOa
ia2CYsL/nR12wRySdKzJOBmgBPDA+cFORwReVoBwGl4z1YB7jCBCpjKaB3zRrfwa
RGXijQqS8frHtNaj6+jQqa6myg6vlUPPRnEyPz69WyE5BVJOaSftCOixCtBI+Fnx
hJDiobd6WBzdueaB7Qc6W6tS79C+F50dUbzHeZLQNRXHztZX/H4TyJ2Jz7Bhy1hh
Haa5mIhgjdV985ZHUEBXIch5x85lmAjUQPADei3chwO0idxi+nbq/exCmsAxj6JC
cIuVA764o2gftaIAEj94JXMVy7Xi3en12L8wbUezyFZGKhUxwKi1WFhvb3or70DM
yT4U/URV1HgDgeKAyOsAkTeSAZsK08cRvhxDrpLl7y5wOfxFkSbN/04KujYb6YBe
Z/aUF4VZeNeg7FEmpW6XAVSorFQ6DgMLmY2TyIIh5GswHwfcB7tqgYVYSieRM/ns
GZ9hks9nsg6NlaL5ueYYOyGs8MB50XHDS42uK18fvRI8qA5liX/CkCdUJC5Hlu4i
lt3BXM3Z25iaYaKEmosgNj4cMdreoKFckmq8nSBdeZdIJ0xWX4/ioBdOaQRTknIV
wSSQb1utN5X/AZmKnF/65svl3IgngkLQIbFCCaD2IAzS5itRuTcbK+KZbKSCLNpg
U/qYmuh0TDeHHMO126VEPQXAQnxvtV/0MobXpswmuo91PVsbFgCU2IA0JDILkI/a
xwaCsoQSzTnw9qN5BVmIodbT1BBfoDorlC/C2HrkeD/J3+jSX/35Zbb9GnuLnlwU
j/fQaGftHgt63pLqqMycYcVmiA0quvpMZYRmBGhHPyr+TcoLzkFNAsNswev6//U6
hxWkF6SAaIVWF7hTAePbDqIyeVLm4s2S5Qhjw5IAsQokxff2C9GZTLDJpBlKv7oE
r3HBtOIs6Y2CzkCH9nXfQvbv2LWEgsAgq4dLk3Z2NRCt/LZAWF3E5a1wW4YRRH7j
Ozl8aACWB6WnKnz82+1v2FciFB9L8b0gNwU01u7sE1ayC2TQGzXAhu0riMtqBiJX
bLmCos3/VelP2TodcI9HmrjSPH5HOWnP0h3M7VgXHbohm9FgOZf+0GNaSI4Hr/3X
nvFuT6JgJUS4Nrq9uE2RpZ1XDvLUVrwE77tnLaqXMbLeHm/V/TXviqaxEEgtCSba
iWgsWkhjk8JL/Oa/HBSA5mhf8Sq1ru46/sJXjRdZ1wXGEVmCoSkJmgKTn2a/8K1g
XE1NMeTFZucz8WJDAC5DFvqthrHHcAcG8YMVTE4EzwfTrYe9dxfHjILMDjP8A3Dx
c7tlM/6g1c4nQTI471xs28iOsRw3upKY1T4S5MRqidQD2yKYbBVp0zMAwsybq0ay
Bmugnz5xafztkADCg1mgQ4BzhXWz+0CMNj4txId3kMwGt7Qi20RDf7cDrv0S3krh
lDGwGSl3fr9aaLISh6m62v7hg5Jn4wl2yXEGxAPj2TXzZwVGL9hmzbghxt8pJM/u
HR2vMKohagn56K3xIfwi8QrWDBr9r8OKj2Ia88v2i/QeQe8CqOVu6yR8xAxGQFiW
mJZO3enMPl00rRF9wdj33CxaF2q2kVysid59tPfJanTHUYz+IFV6/NsRfMgye0gV
9k/ebq0x5OIIjAjhllfIFj/jyupnblUteAILhvNBfkqiDkWg9Yhqd2MZXgIGuJod
CLUq8fWt0iNV6WkSthZI4O2wMz3ek4YuIfyVrh+oxQcG6PihlwEu5wamZb2g0GDp
tqa8AD7v/mezlHR4a2xogj9lDLz3RXH1RYOQHSbvvRebgjZrntOG+gidcbQvsB2e
aS5X3SZXYQ0hbG4KACkwKWTj84Jxflp+KMfdybhVz9HneTtiLMsvlibPVj54ZuPc
YNmELTHyCxjlsX61mmtydIAoitzN+YrB+MWx06KnPbWW18AsH/gWNX0qtYIRxJjY
rZkvzOEOUgRBxdWuK9FlOcbAfq6S3fIPMJycTlSalOA6ltq5XtjfozA2ckRutqV3
1n+JM3Lo55CMe9igKfi4sEuIPmFjQQccxh85PMZKXZv+k+EU/PgD21HxWLbp1y1n
lwSllaTC9kNAplcvelROfuM5jqi1qDF6Q6w8pwem2m+vUc0aV0CBGJvvz8+Y76Bo
fho7SD9SeBOnCsSxq1cOKaeWPl10Y001wUfI061oTbSya/tbNGgaE+pXzIbhKCvv
wOTZ6t3+12dhZ0mx9Ozo1pxslASescGr4MDQePR6lecDPdgU6cJZMCzMiKrbZC1M
lFlApbM5HdkJOGOAVxHvbBP5u5SSfu5GGDcjiVp27A8kLGB1x1JkFr/ayVqyi0Zn
7QUQu85CxW0nxqFFkYxXfvWVpPvbzorPySEntj+ZmwdqB6asqBuHoW+WEVf/U4Sp
7YZ5c4Q6mP9/HZV3J+1b+BaFuuROp8lwuvYuITRpobOncr3+U4Pr77vdBbzYFm65
kR5uZgS38rm3DX54qlUhb7AeWPnwqtEIaJA3soThkk+J4/GAIDM46cQaJdPfXikq
AuZkkSOqjH0qEQR2gprYNTTakISQXK3os+aSrdScZq87W55RQ4bW+1pwZjCnlEI5
zTgzG2iWGCaPHZvoCV0cv+Ln14a+rplNBoRDHhDuN5Vxnd8R3QFz7iL6WOW8XPUW
Vfhi1ZMHR8/e0rgqlF7nEw8B8XYydKsPRpYDnrjWOUA=

B.3.9. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7845 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4806 bytes
  ⇩ (unwraps to)
  └─╴text/plain 435 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
In-Reply-To:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>

MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGNl0aq5o2OJUxeEgaKipbTTomG9IBdUTU2t
ZdTEG6d1H4121Dz0Q5zSqpMHqbqb/HQpqERcNiXtq0vu2aBMF48OoZoO85R4khlC
8uARKo/8CAcUANfGIjie+ojPw1o8eaDT8CQL8/T2TZ012rfdQahxsIAr83/tFQMD
5EqnQVxHA9IM69Epdiwk4IrQjep6djisHGG61WLrc8tbIXgBM7QHKdrEA9yJuWFp
zpnGgYTGHi3gPzE8H4MJK3hnZ3uNAWqHy/nLUw/BwzD6EOKM5CRoSKcwYI0yAYu2
zGrO7E5fvoqfFzBsYJp038zjw95tEOGUDeszdrGP2dPg16g5AjwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAG67SjjL4JZnZLqZM62xH8Cdz
SGchx+DpraOfE5ehEpY40Jy9j8sF6Wu21MLUNRZHQ+pUlNky7tA0DCIWcIbJlWV1
PHfr/M0xf++3kfnJBFAjiGzp1ROhtpeP5p+qtky9VLxoArhI071rvEG0Z3u+6IO5
Z9OLz4jX5lzZvi6XIQLp3wtBxap1hQ6lBD3DWX3W2lCdKw0mKPhHQlwig0kXFWUV
mpUs6oJZV3HlUp+ifN6znQJVWjDOAT08d2Rtq0y3RGvivEWB6ElLpy9vu6a6JWIL
1TTb/owfsyochfPx0ew4y/edwROayHmScjQ/ysa4ee5ehFnG691E1F0hKXJLozCC
E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOh03Ev+7rYyNOa01Xc4M6eAghNA
Mmz6xWWqsulbcV8u720fQPHh5AMbqDsGBizaAz6U1atqA09hSm7bPTSZH8HsuP3M
psIfwjyqa+yeFZqhx90wHC1CMBJJUcsKTnzKjNL71IC4NntenOTMTkIuFcnWT4Nu
PBmKZjCN+8XqeJKQMyRT93MxKXNrMugo99jEnDIp1vvEk94e9sp9F2tfBbAspxjw
vyDpJWsMyylq1GPfHcepIqZ4ULyPCIiFgV/1xfvqu29NM2RClWuBPR/2ro0k12Z6
f2idvHL65xzqBxJf1APVZLUVcKZZdPMGXgk7H4a/NULP7AL12zxMqIzMXilk+Hp6
H+9igKeybOrw2qYbZea2E7XxCJinzqdMpE1S3ChlaRTyKCLyDF3mKnuX9IMcS1Y0
08dc23dKkLW85VYc6MhZXPu5SADPfDNj43GGuyy7L6hqLNfr1vLfYRLGfiPwG1CU
KKVOvFNxRUi3bJq2vMzmErG/mUkMZXWiFLEv4pj3eT+5eCrlwNqYgsezECwtcYWw
KZrDYEep+2oGlIjyO0XLqWJf+aqaAHPaAUkyB3sbvTvCe5OwkV286LnXEbzCJSCU
ZlpbGV81YlAXQQb5wKzKGpMn8jmUVOw89w+1v6zXmu8voytNqowE3QBsjHzVkBvO
6RJ0+CkcRRC6oy5aOPP0GmjPBxodwTmmkJYdqUqDd7QAqkrlbjITjFMgs9NAocrP
XyzjkT96178e3BFIaOY34JCZa2rB3I/dEFpPILq9bgR42Jajc+hhikFB3aQm3Gx+
ljZHAyDjJbSNGsMS2k9Vv/yNAYyy2AFA957mhXHX5mIKimD89pJAhnfoL0Dl202+
F8eDfn3nU81gOR4rTWadeCsTbJnWtABBcwd3Yt6AZ5+aF+OnnWKdICvc4UTVD03Z
rP+bdla8xvTY2vkB+l2P4h+NVRRxszuR/9z1gF3I+8MRbpANT7zEr8Szs3RhO69R
N/Kz1nro4K7zZWh5xfkX49khdcOORwk7ecBojed8JJXS+hi3D25BA5l7hll1eC5s
a90m4GVcZBvykdWd48VKmrdYttGAZTyW8afjfjSfPqN6Q21vHuNMec6MM1wXZsqZ
nacCtsBJhfYrmOSdsFygTxg5Qsw6OC8EqFWZHtyUuXOUoFM5fJGC1nXCri/er9xq
HybJe5s8nbyK62Kc7QQPPU3oPMN8ApyvvL5NrKKF7OxFPX3XGIva1VAKgoBUsWUa
44Usk/YQdw+3VngpUi7QJpn3fTbGMF31LHxoztmn7aNZ8cVDdidme096V+gbbUpq
ay6QKYXnOWB6PclfewkY/G5ETwdRrB6jtJ1bwJ+0b2LBD7wU5cWBd/MeWBzYl4JO
ZfpwfHuw3V8VQasdCVmqrzb6EA+8NLu34NxSzVEejItaMz2aawCHnGbHnYlTbvsK
JQ3/JHBu44dkMSFPwiUOONd1wa17SBtjOOnjFnz2IMGpkyhMNOjjw9Jq7CUMPGda
mcfhosZo/jxC+6ZrSybIJsmOzyasMsXxgRUvjGVjf8rpmhou5ThWJu8rlfWg6pia
JbtyomU4c48lthqN/AaZNkkKlUsZg5uqHpO8jn1bOFVgREb2bOWnUzG9Y+SDxWV+
0IhwAq3FamYXMGAWGkmgr6xi2EJAXLPe14qy+p+GzQ3wEHu2lBLRTiAMpgJzqsXh
toundiL6kl9C0g6oawjx42JcOHITrjYtO1ySkFaFiynKT+dvBV2rNigWpUDrTxJv
308zWn9sGToO/iam0jSm0V9J0HptLw6BZhdqp/iZyre9wwouwP4uKzAY4Vi5clvu
e0KMJXaMg1ykE8D0wg5MpxKPy1oIoSXoMbFKh/hAjZoxQTgotxoYMeGLe8FOYw+l
9pZSm0EwtL2ImAA/qyDp6A6245mc0W46sDE2vUyKMfWPNVFlnwCFackni/Rzg36M
bVbxxpxGTY8GpSm4z4RI9EwwhbrdgzdyFD6qC8kXXGuXZpQ2n+e1ysdCmPSLcEy7
t0aXFBNyYMOI6eCBVNowQiZrQTp5aHxmxRgfeB/Ee45dfg2jvdryr7Cz6NO34kad
Qv8gXyMx5Jfpjb6EIX/kGxliFbMFKUNB1DAVO1gJkL9mvsNa3nk1ZA5u7StcCRuH
z4Qq0ST2uEkv0OgT5UKh/SEW3OEg9AkF/G2kA1+4df192P3tP9JrJhFuxtcgrY/V
Q9mQV+R5MapirlP/OAmdMogkgktmfT0/VBUEup4I4bL6RTGr2Hs0KYUzcUNEbKEo
F24QXk8dri3SZf5WtIYW5cGflDptkKoUxGRsS5UHkfx8QXz1PG6PWpHR9Gy7SDQe
FvDIf7tegV8l2O7ak/v6TjoSyqXTq5IBjCpnmsHNoLd9pRVmfGwWzh6aL/CyeMqk
WOfOkIbKY4FIJUtU8dZmDRgEsq3O7cFnRdffFwAwodbrc9OAXdPHlpjAd7Ev/d6Q
F3YRA5ndYXDktkUW0pPwmooCO7cKcYQsVFX9FeIt60Emvtd1+XY+zZF8i4kc38uP
sHaUBNYGAIlyZEyouBqEQyB11gc1/cQgxlc81izK+J7IXlwcYgmwq/jrpJ/mBeUM
V3P4N1HqjfH2yc7fGnVLE86barIMsqtdrZ58kMLdZNiQiwe9DZzOWmIx5BSrqWEb
tNtew/8ftKcMHrFAMyBkEArOWyyTty7QkvWlmAWDCGVt8rVuWIWlqk0gp2zATtMR
Fao6Io1thU2G8nPdEd0ntVssPQMmlhS4Bf16UAxpXUJ05KKgtyyzqxqWe+jGenxJ
/qu1JNzhlgjWPuFJ/qnm7+Vk0W/HFvwMiY95Jd+dAxhkqhk69PKVpcr6uBwKJRjn
IHgr2jpEoyswZNKlRlZLMtiKEpc+sM1vnCgf5qIAUVi7WmSS7WxI4h9OUdTVjz4/
bjmJSDI7ekPdvoD1P6DvS6atTCgu0NgxkG15zSnqOD2q5+l87MGOiV6IL2vq/0Qk
oqwpKn2DCzLkO29XfVOPCZEyloJaufBlXWfqJIBA0EK9hQafa1q2ObXwQ9VT+JQW
z+y25MbD5x7E7iqTTJPGNG+Lc1KVPVuryLz5aRsQdIa4AgvTZ0+Tgy2yt89tfZ2v
6dQ+VfyWTsHtwaympKDDGRKmk5qlhr88UkI9Km8d1bmTicg+94+ot20tJE43pyDp
XpEohbQIfeNtYtkkOWRr+7Q9XBlq49FMBTFOoMv+ygcy2622WF7cSIFIIDUzh3UQ
Ca17U/TfyKbpoYxxeP5psXEI9q0fZg1N2Lc4CgyHt3CqTOZbie3+Vtsl3+YKZyJ8
Fwm11tlEMw67hezntqgf3ndcB0JRvoZSifIa3NLdYANJG+70yR3lG5Llly3kJ3w3
llKPCvy4theKWfYSAHxfx1+3nnPLV6PF7ZlTAZaHRukvKtnSOWb4Kvd06UWIN5Wi
GiWjiYQS01VDdq2CWMQ6v5QR+KIt2lmse6mxwHg87UW6TR8FPsA4F6GBZA0W4IdH
vLV2AjVR7G8UqWkcv7ETl/dE27daGrtF7Z82cO9x/9sBuFXJk8gxl7/rn9aOqRF0
2SY4CrMACJ8qnu9aakvtU+vN670pnFUAboIEG66jJ7Wd2SbhgXDOUmThzoZWezM4
IIwVxlLlxqF4FJvPEQjI32UcoViUU4GkG5SgXerArXeYKRwRGoMMoNccUcar0rm6
JuZMU58vcP9Uhz/HaRtaQUWjwG1N/I2Q1XJPX+Tzy4c3ae9pcoKoOFfL1VYSDLTI
4KFH5ElGswcW7kHfsibCxrZc9Q3dP6bT+YteuGvbbSHgP1YFp0Iw4ok4Dzi8EWGp
6KvdCH5m1qZYJgawSVISnxLPLUdbqY/49uExMm+HcvO1fXNcbV2SF/KnhdJ26w5y
VcuMB1/ze/mG9MAerxoFBRIO29SRLhe39zsK2RNjDXDEi6R1q3F9oTQL/rCufOG5
Crl/ogQBFihF5Gyc8sqmVG6/f+p6dPcwHAX9US/WGI1zRR+qZ2TRW53zfe4CEgvi
YyRg6aniqaS15moIjoR2k7ieadjMPhw/zDIlvTbIjR10i1w2e97yTT3o7dvjAjQF
yJ6tcnCP7pX+WC0pEYF6LVQiIs1xEZFnsnug22YBFpYfyxVO7m3H7LTlZFjWdxpm
5JElz5wqdv7005yFo58JAs8fIpcD54VLQ9czDPpByq6M10JmasVc1EmdG98FgcuI
jGycJv0lloomv91iojQHTc3m1fCDrPcMMDeELBfoeP5Xpd4ZhHOBwx/BjdUfQHI+
DALW+hazukHzcsCamfYh6XffFbqXKBg2r+4An7z2Bnb6xoQRB3TW4yibQ5XhDasi
kXsJ3m7Rx1Ja/scA8IqeEKD3xE2KWfARGBA4QSXv7/r3Q7/PHhCiBSQMZuLkPAxn
RDDmyHFi4F4jU+L5zsrvy4qJ+nV6CwPIn5Py+6LuUnqe/ZHZv9MzsWbhbaChY+Gb
uUYSfUVGbY3pdVIBiHymgmpHjlOxjDdD15WGRM8sI4yG0f6L0hCSm/fD0cIpihDZ
HMikn2GaNYTS5A50+GkRQPfYnm+lKHN/enyD6vOHITFgqJufjk9TtFD6lt0l2kri
O8Yx+o8fFvFaeFUBaTWpPMi/ffgZio3ih+vRQxlMX2G3JdDolPPuRTR5ZbH+a3f6
aAueSmT53IFvv7280mVHUPN0VtjqHdkOT8p/+xVy1VwCtl9h4xCLSQOKwwLzvEXw
W64AQfaJ/tELAdB2k0l7tRO4tVlt0c94hgR1d2r67TZZzPC5y2tBspXL29SabgtY
CRCpmaF09VIH3o05brlBrj0glYdy7t6U+TfMDunWiLCDmYtweCs9kGeESiruTHdr
GTiWBojP4HAsGP+3qYD0nfMXKELYgaPC/xtl7A3ON5tR0pwDkSckCzrwHYKWL66X
KGOBDPW/o+Eq9BjwFN4n4lP4OXlcmGQqGBWHgnVSldditTAvFEEe1pokqQI0G6Cf
9/qeVR/kgY8/YmkwfSyL2b0xZMI1Yo7S54irqaP4j22vIKWA1RkrH9N0LV5sXAzy
XJxZVx0PCOFQVnyJqCNX29qfQ2j/KLmHfaK5ZESCdUzyvPEQkxt4NtQT+tGuJGBy
sWjK6jVA+CRw8xdLFZMwEZgoAhAVdW3bl75BmqSGGs72LvKs6535tfwsXMN4YJSe
x7Ax4n9HoH9zNsrJ4sFCsaI2jdGY5cj3XjB4oNcjutsMLj0xLg54wo5AAEHik+4G
qC9KPLpWIe7XXQFdUsMfByfqvFlj3iRERNdWCnhxk6xdXk29xaNgLh+uAEmG63Qb
3DfVqsaCTed4N+gNf7sr/9xJ3PojwlcCXfCiO4h7J+tRw5m3bdOyhibVErHftemb
8skTeC6Sy27zEmeBj9suIyWeruTTAd77XzD7y+py6Mo7k0PV5nP7anGbVeKIZoSe
/pLC7TzSOaEzR/1fYia93Rz7ZD2weqp+j+OUgCipefeOeCs7nwPThu/Qki2Z0cki
F/pBP0xgIl2RRIPiInSWGq5WzfmdUo6BSkzz0PSJAa88yac7/Z/h8+rca7HGZzbB
h1Y05I3Zx2oI2RxDW1ZS/x3ZEW1Qx14PNzpfKn4tyLIfCk02fZoA2YEb3s+NwASV
SaSz95eSz3gaaa7QcdwvXjy9Q9obcuZuQt57NofpkeL9R6sv1SJG0+3W/He8D9q/
yW46YufMjtUUXCMmQecEBvUDNkr5BdAfAcpqtvEHx8mp+CKPOU0EfRaXC6+mtzYD
lQQBHHBNXj0HwiKEMCmdJDMGv5hTwxLFJHPC0u4/cZLhebSqNxLM8siMH3zyua6z
L1YWygKvdhf09syokQVndzz7M9rz8pKqvosbVP3nn37Pu90jpEphZnY66cPbIQuR
BmjA2DLAImK/u2KQEtwNiiRYzWxmZxw+hiVMBaWHhmY0Dn5K+v3LQlnlUeIR5uwP
/gdCM+F0Jy1FOPEfso9V/dVPa+sgXJc8Np42PGmgnbpNUR7+MMh1EQ+1iNq41Yuq
AsdKuq30cRy/5CC00IFz5tKDS0NpLKjEfa+LuZzPXd8i+MLthWEDPsi9/j+kwgjX
2QanQPnMj2kJ9sl5K22nMHtZWf0PI2B/3m3ic330yWaDJPm35z7UlYimwKLAPsg3
91JJxNt6f79/cqZbGOau01nffytR4/uSyra7AYmGUhSDFnd2FEpKTtzutURPKviy
kDHUtu8OnJE+0jJrg6HIxyf7NzVhgYUESyMFyL+MHEbf4h4R+DoV8pdqVhJLk5Zu
Rtfejj0y6g53mq2e26I3y0iu9P9WMBowvmx3e5q0u+D8exIIM9V2aKfGFS0qynSB
O3BpRAofu6fjzSN6SxCaG/lCO40NIegIf+FXcehxr2eVV9+ql7dvc/bwOxer1bV4
BBvuuRy9AO39kW0B8wCQDq/tzAIjxItCTM2deFxlwB/fAbbIG+a/PVBxA7T+aYsF
WGoNCxoFYe3TYXuVdp9FtSVlKIzW2E8LTT2pUfs1a7U22v4RnCFWTcjubRkaicoA
eI5QRSnnESPlNF9Ci9TufpUPOxjOrImfoChuCftBoUUCLWSKktXKzICP3wrRt9Vs
8b8gb0Pg3hx5kSZjBJQ+yCeeRDGGEU9eTa8lsJTEitk=

B.3.10. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7605 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4616 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 810 bytes
   └─╴text/plain 325 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500

MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIEzSE7YJfWjy0TMQGEfYcrcBw2uruGZw+/k
QaHXEcEFdwDSaKvAzEFoNN0xMpZ090ybC5MHqteYMRpaax43TsCnes6XevL7o7FV
gSMI6CCnmVlY2Dvj+oGPHkl/ZkFRPz+Hsrnvl65Fs19thjbtQ7LX9uKE8TBODLRF
nCnuyDdHx7iDJGI6xepIvD4M3zaUwpNa3fFi8XOC7UH7br6+UGCRQCZl9nrAU1W/
VvfRt+6XSWXl71IU/0syMw4ghwS2tsLgZhIrDkFNlEokgVR8bDejaV9px7jH+d3m
FJ0t4hBjsZAfnggaecXwoKUaPqlj6Xl0e9cLtqwr+26h1TmA8X0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACUHcgXEC4pKuedLh3CB0QLAW
HULF5htBXebTlJVES1voU9Smp5OkueBMptF18R2ojjM36C5d3xtdsBddVweJqNyA
Hgp92O7qVoPyVXvp7BByoNRgZcrMx1pRoTREEjCX585MOXEBFUxRVRPohViZaOAM
dgdWFB02fcOwGh+RtwBfE5Ege2zujhTpF/ie7XIbNOlWsZrTDGdQ63VaqvX3AS0m
TPJyeqUkstDWSzOIrOlp1W/YjMcYNjDkygeNgppdV4SEUFYTNxz6rqql4E+a8LxX
IogOTMh2ruDPamtoAEMfsMvz9XUjSN4TRWXORLkzQeaI0jcPVjr6AHLJFG6etzCC
Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDyefElL8mhLfkZjajQLY7KAghKQ
4f1OU+eyhjobu3iIzeCooqq/a6JmdoGQbY6s656cODYMhlimkXQkRV1QEZiLkAOi
aKPZy3zmuu00h5lnpduDqzFq16Clw8CY/99ep7I6vANjzmvh4pV0onCsR9GuYexq
65nR8oy9dXdCFP6vkGBFXcrTqnbPQrZF9DSxpXiicROjS5ybp8clDbMJKB0x9LQE
vHcxB5jaNGAsb+IVHZr3LjvO5V5T0/YsXn6aJXQAVU3bOO7iUjxgvGxQGSsShre7
F5qW99KiI2cc0c/wPtv4PyvgcVuLs/CFtvc9CfgbIAr/Vm4AupZUbaizLnpxSK3S
PKY0l/8j0x8Eavv7LsO7R9WzZwS8zK5Zrx3aDRclXUMCXyQkel4nZvCOintGDoKo
QuSs4Fy3M826VYkKfc7uaVo7j5lzoSeNUeD0q5hpmrTnJ/ce8C9T0FES75jc6P3r
Q6yAakdLcsTL4XPc9Hi9stkX0pPrGYrK1HYaDBDBKZ92VdiEVGlX/41hltwX0f79
M/R1sbT4a2j9PsWKRI7Pva3L0nNGV0iajjBslyppdXLKNFBH02Vy4zoujcjj34Mr
SsrmW5EkoxUZGzlX9NAYV8N5/f8faUCYnSbfHg/QIK9WBKggCTm7e8Gq2iGgzVmx
Jpj85EkYXLDkS7tN4KhgJRp3ZYRFdRUutoq4SVNzNc3AhYDMVyBWcpDAIY/Y8ync
ZsHpEFB1Ypau4/vtj14MCjlIfOtRDf3oH7Z0Gp6ecWGFwkZ+P8muIY95FEfOofeH
gTzUi2M3NwbGVOSPpTMxZE5wesAvXaWVS2pN2KPmQLBXPVij7vqavbVd1e31d8JJ
cRJwxdVYO3Tfe42TQRdKjYIxQmPrjRdx9d6TyyoZE00mGed11v6Z7lxWcvGZDl8k
rMM30LF4IgQjCVr7EiAYIybviRYLNNKptCqLK/TvANtevYEhb9yTynwevu1nFW5e
Uw3rihR3MJgCV7+zSvsjKHubdSpuu5adyMKfYpRyDQM94pKVEvEVxR8Ja51xyVB4
p8T3Y22rNWjlsBf0B7UAVqb/oDuN5oW2M8K53GVXEPUg+80dlR8r82Wq7ahSyae+
/jAZcaopN062hQvXXsIFj9vy/B2rdDu3hreUtFIjgLrCmKqmeXIvh7lcBL1hQ9Zm
EI+F7fIJJSynDna7PLsU0tANrE6lmn9XkdL9EVCVZK5LMFp8LtuGo8EMZ/MxZ2LQ
99duo1um5gSBdZJYhrxb2rpmsVRrtLjzKCmywxOEBlyj3hYBNjFcdYhRd9RsMRgg
QjoZME5ovHDRyBABUiwOtyGIFD9rt8xNqjzHWEizeAzfj+WbDfWDz9qrysvx4Myg
scicK+yCWBwRvL2LbNb+uHhX879Ejj4zzkSlqDIuOTvGduojH+Ti6aZjEdnpfKGM
xHRFRHBI4hmwuiwzqO6h6CpuX/2aew8wByIAaomyyGeTscBaJk0JumMxhSmeyImn
T9DTF4dUXR9cGEs2qYquQcSSc2KNZpaRpVDNcTETNPLNh+vFUPJcv485g3e8EJIy
VS99+e2lECdjkc+iHVMBTXdwSMEgrlYdIlfrPCy2nwsajp9+4lhL2aPk3yEqSs6x
QHPO9cEKNuL7BG1Cpq9wkr0O7CVayEWY9W0k912ARy637pYpgeQ/w3eNhlGjSuRK
pXZr7WWgT8MEuF0PJPOVWy2V49JmKjP4po+9/V+ewHievS/Z74/xozJnNhNqyYDp
56mGQ3FH5Q628WcPdk2V9h897AOsHVyFrjFHlObWeUuQqQVctYqT6QtW/rITmQwE
85DzWoYELv6ng+IjSswQEeKFm7UIbz6UBPe5IVYJaA6nAXV9Ir0ErT0A8QLN/Inw
Buz4RnznGuXNgm7mONvWZrYnbwNKGsbO/LSmsKDmlCqDd/CRZLP2/r0mgNld6Iqy
wuFfFo9Ml8WXUY3veMD4J9+i1sm08jMQfIqKgBOOczsBt0sPn2yE9mgcsDgudO95
jFz4g2E8RUSRJgj/av9nM1lSCYjnizkBezVvM/S/qJmGHOl8RbYSZlZBIJq+xkAv
xGKG0oNKVzHe8VtMUwBbi5kOOx5oTrvJ/A3s36MrE0JlcBKV/jMMt2FyDE++PvFE
0X0zf1YsK5281jNBMBIA8GRbLb8+G/6q5RMf/epfy7c4oJRpDblPVhSMWXmgUNxc
mLmCftewVJZvvtUu0WWcVWZ4s2GZOjtBFlqXcm8nBdY39drprA0pcrkL26XKWM7y
F+6CqwCgsMabwViBtsY/BMVeO26UCfXJfytMGyCeuano9d3p12VHCLM49TQcWIpZ
6yRLmKEYoXxvtThZE7WndatiUmS646xpsLmtoHpAhN9V/AJVUB5DPHDkFr75fWp+
GYsKyEDDIq/4U6gYlFkzWuNF3if8PWwT8PbkiA+2XWrUs9N0Tw+ugD8LkeobRw5M
gHcphVR6Zia3WvpXBe7u/rGgNqzRWHSDtT2UWKsJx32iPuQEVb7/KQNT6blBhFrK
LUa6Xp1ZUtvdiJ09fNx9plaKquHQqjV00YTga++ZCrdLnEL0IxRMUbzf6tkF0fF+
gNnP7uaCt/1mXRyilDgb68oLxN8R/fCRTSVZibLhimWPRFXm0Qf8nznYR2+nOARW
K4SfFLhhB7QqsLHuQ6WB8k4vwewhAuNM6EDR9wSyp5wJ4/NRtwm8b+Vf9aYXweQ7
8n+mGBpKQBwStOllzU+pDdorM+jmLeky2hPVkR59IvEiZmnDQXdzEWZAVEC9jbsa
llb8FnL61OedbblBkjfeaXn+hD3iRbz44vyHa/l/4fi717XNCyWMEL4Op/hezWdt
pGtexT+AoYw2uA9+qNkz7OxtqcSzcVkm3jWTJPJLrYslUUhI5HF8yH7NtbaySqPm
ybxysODBGFXz7qf/o/rg2SNHfSIcfr/itP0ZpnuHiCtFwIBYFLoY2ceMYeKfvrKX
9Ble9lgex4BtKL/uPFQopYWNPKAchseKIJzptZpPW2T37kt1UYzEhzieQpC6IDCn
qSZeq/Nd56iF/kw78PQMDCGLdulJDh/nu18LD62GhCWpZMEGdxDJvP+VdycMEIkb
BHXKLKm5NNAygyw2Wj6kiAPR3+/ZJBMuRzBFSxI87Zt/iXoHM9PYvyDcgjC8wwEK
z4jRNokSW2eSmgRp8ty0ZSWcgnnegymkRsYSYkIc7894qFP44PmypNB981mLje3c
FsuvRcVny3r/KJ4XI14OqbkYWwD8rkHbXohiYQx8N5VUqlfQCMyPpaqYf247fW1p
YJwOKXeOsJeiv5/uUiC6GzgunABnBhZS5uFVKoCtVITzzOKpqAEFFMr6fG1nOMzv
Y9XwwT9fnM3XWB6RsXeHvSMKjQQXzOMxc23mtV0wse1Mg01UJVcLURy1jWoY815F
DDNeBt5irzunTvX3eRCGz9oaJ6Dzl6er72YqmHFyKEGFyFjCpOxMI3LlwZhUCRM0
MrsbtGKchcht9fmh2QouxtQh8T9r0vLlVrHyJhWwargNxQG+25ZPyb7pmBR9Fs+B
5PFhN2O3nOr9LbPdrDXxvsGexOwAwf5kp0LdM/8g+cn5qqSNGcj2jDagZ5j2IPbJ
9S7HmRxx/D0v5RFnwrc+WVPR+z83bYwlN6Ug9KB1S1lwE9E5DEUb4MWbnh3RCi8k
Uhh0ErIcBWByUooqZz1in408/ebhlpC2zYCOHqUP1AgVsycmvbZf68bHDZxJWPGz
w4EJYYCAF9DGbvaF+pA3TWnt7jmf8qLliwGCgC7U2XjsL6aTClql8QseE2OvvBLE
11g4ZbXJXHs/rV9ZuKzzIE7MTQmZTY4923ROG/Bt9Bc/1AJ/a3e/mdYoZ+79TnQr
/sLP2FiqVHAOtLY8SQXnVP/Tes/Jc6EAxemoCR7fT+959WcC+vaow6MTngjk6JBb
YQUU5wNNFl/834tnvSLBI4IohjKbp/ZBqsctq6bg3pGb5MjfJgOxybX3G37CdccZ
yxd3N0+3lXBWuEuUEzusUu1pqxK/TpVTcptV8IJJweiQjwYCESMsp0vHO44a5ruy
WDiMaDOdgSiKgTl+4LiQsTTqVG1Hd3WB/16hUvIUeCmwbsDLZ7JZWy6b0PyQSqdi
AH2GwmcRRU0Kiebx942EDTkSTDudSCd8fcE9B3zg7VkgNkTRyHALUW/4kEm2LayA
Igg5Rkfe/t3w0wiDfiPkx6KZH//S5FpHgbFbPiXGLcKIozH0ocs5kT6L7vKc433K
es5nwUksTlIiBdSP8fJjknUww179CqF5H3N00HUo3vN9Ghso3bvBvI0WOd84iuLk
7OX098rJyQR8HBBiUFG6ze6ZY8hd4EY87dFY2/01p24iuQkLpXgxIRPmm2Z49Wvo
2MlXLGIao+4D+sY3+E5RtOfjJ9oEUFZX1HJ5zjGB9poPJV2O/RSiRXpU4weIW2+t
T4gvboMSMPZh4tccAsIMZxostc1LjBl3lrLzR62crJOdOc3vKHhDrd9RdR2QM9yp
ufaOAwJm+Ubb5+liqVPo5bwyXOxJZ5Q5cyBQRhwwFUL0y+tWwPmyGR1ysoW+soFm
w0NNGgn4qZFm3O0i7wkFJK1gZzo8t5d2XXx1yp063X6BYVLT+SGuTSNrfpk8MuWo
0Q+6lyZ6UjZ5XLuGvyKFOyraKr3ETdfMCA/bDmx2FI/rFDhziwWgtYJpSaoEptP+
I/+rZxfQEd1kzJ+SgvggUbpRXR6/UCHBcvjSnJNMyBRnjTU5j9FBfitay2L5ZOL8
79hudV2c/NO+qTc1yMir5zQyYLfN5oIHUIOJRRTs1/kSu5Uk3i+ByDvAXG9nJ+I4
t/zZ9FSvk4RatM+nHLbqQvA31qfv8yoz9quVhEAMZRMticGWmwvPkchjZQdtzwTo
vCKBC7M12xITparw+kZuD5tD2d62xn8vTAgLhaFebflI5N5dF58XgwOkqMEoYq+l
mYNorq/q659Ac97jyJ35UEGsS8tbkWCAHcj27WwkCcFnXMyfkRrDXasOyQWqZ8iQ
mmZeVjJKrHNHAV5Xj8l+CI2BJlLwYyS/IwbK45UuIi1xcMAAx21J/HMk80Y8laDR
qbqq5IPR2ndsYs2JYchBB06t4VXmcJSzK9Y9CFzK8OOOawFE3DpTjcl4ZCxodKSM
MuTGLS2+ZYqM4buYp92HbeXBz+tjCaFp16wFiPm3yRpm969smGt8Hhc0wkSvJIOl
LmFkXib4QXDx5ulHVDRH93B2tnq9kCG0Zs/AHaUkN5/TeFx2BIvMEJyQTNHfl2Sn
kF0+ao3jREVMhAadVzFq5Yvr907MFID/t29EEyWkk7NU1zmOjTzOt02akO40Pnog
Qibu6gHHGFY6Aje3zHdIBEXnIETJd1vda//GG5u1fdb7bgJzoY/sdORb/U6ZY2zA
hlqJnifV7+0aT1aVDXD/F/FSd+B8sK96e1MC0oB7YJ517ZxdZ09WJ/fNJaXBU1PS
2065hVjG4S4XfYonkvE4Ig3OUntnwg6y4fx3ZUgUFo3XJtGhgyBIw6ZNrHrhyJHZ
w89PxnGJpGTA6tDbJMUNSir6yvR9/uhgADhfVJszdhSFKKre4BdDwn7gEtd3X2dx
TbkFAs3TzfummzNHO0Cl1v86RR8xx3jRGRqJLd5RtwoaNUoTMIR6oFNx+1KOG/lp
ADjBJU3otm8hC7Vp5HdTtRk0mH36inha9dPTjFalx1OIUmj3V5icC2ZlLApdAuzD
uAiYMqntZJGHawGLKOc9UspeMgmUiblo25gDMYsuG0stOfQZjQi9EQLQ2xyyj4Ha
RIrSLm+guqcYPQJgRhAOEx1owEGqJqYoR4rmps7w/kAW7TrTrdXeXHLBbvavGtwo
rt0mrTfHPhPmsYbQz/4T7Lsm2k60TjGbSm8tGgBRydJI5ly45U/FpNXVgykgXBMF
P+hJLVMvKgHehLCoxn5sBE5Zzf8/PrgZ6c1iG/iBXgnbMW0+yKUQ8sVLvp92YpY7
hKplcj7RKJL3HBxzUeuUhFGfaiq7MgpKm18vgnFXJoc/NL5N4eKLzn3TD0q/Xhid
5lpZgm3+6c/mDgS4RUIqtHaALsVQhoMGdrK2Tr1bi2VoKIhEOng9UF2WxQJiDNhr
VM99rYy6aX8H9bj70xYG+KtlO1fEjp0+S1OEfxeLCEi/DShQjPrEwumCW2dKz0Q1
7G2u+qo6Zcml9eJp5ZX4GPHrlImX4+ngp27/cNDQML/pHZrTbT+h2HZiDObED3if
Lj/pAB43Snah9bg7XoUWOE5lNQoOq6uSG+bUFsuuprFeekcs850DtaryNWzpi+4/
5bScqoMawu64YqNq/1pSCXImEEab9nXtn6q4aPjhKHEAhWD73YR0nP3kV6XUn1yF

B.3.11. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7565 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4592 bytes
  ⇩ (unwraps to)
  └─╴text/plain 337 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500

MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAD2qfM1qd/wlIn5/weLGjTIvhLXq8DBtZlBx
74LEO41mLd1hgnRYsPIWC2PtjkC/seobOuZC+CV58bybhtZc98t+SPFhw/rCzvKD
r+TYWJWJ5klGojWrmZJXuXFUA6GW1KvNQYQV2xkntNjeOe0dUY/UwXDXnV2hwOSz
K0MpYY9/M847oDrGiWv4xDqLd7WrN+ztQiy+4b29oA4Hy40Ll/z9o3yNMYEeZ+ZU
oICNWAvSHhIHuHztoEhhGI01wF7KFpygyjP34o5oC0MRFwyUPmqJEuj+/o265hfj
zKAzd20Dh0lY5f4cKRak/Nq7j0YAVUMftIn6Z1AI3NBdqAuncSAwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmcFRU9fU/PySxv4kLIQ1zBV4
nTTHsBv+t6RGYcEOmqToQCdNyyQie+HqTJh6M2/Cc1sbRuOVsrfhJc0RQqKG2VOa
huevYf4E/x7+3Apl7zzg6rOUfi0rSCv8y5PYLaHe3AbZvJr/ilj5YKIj8+D6JnZe
WxSSPZTDbmnN+oTtePW9v+hfq6OWomQ/VnUJTSQNUnkxTnhBK5MiOnwmIYBpOD5Z
29/dLzfgciF1gFtTdEjszQ05IkVB20IvP2hvyaciljfKmFXS3302jAuxLSPiAQIK
UYw8JQCLz+TEGT7jr2XKXTQQo2yv3dRTB9Y4P0/MglX8fbzqWLyOY94hK8fWMzCC
Ep4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBaBWCdD05Wk7rGu0j8AGnmAghJw
LWbI6Q5pWF3Q3tMokfjJ+6dzF8HNZm7De0S6Hu3eU/9w7ooJDnRsWbdr6B5QI3b5
fsXYC3Vfjp4iYgwikm2xX4AXzt07T4YUl2V3yKNU5UKPhRLrbH6zb91+ghmZ3Nor
yEWWu2QuHVTg4xsCaEG/+LX71k2wJTI6Lk4QDH15OyIN6KaivSZkqjNll6OgQTp4
/0YdExevb/K2WX7w34kdq1KFg0Vju2hGrnPMhgpvfuzkQirtFtZ6FmeUXWm13lX9
Guf6GeL6F4r6aZqH5gz1JUVh++3OC6bzPG0MdkSVo5hELTYRvfclnSLbyYcoE38a
v9aMDlRv8v45Nd3eCxClG93Vh/EP8NOS02geATE0/mNk5f3jsZ9iFZOdRMZ+jVuB
l00t/jCj9PiJaxLZ4+Vf9qB2CJ15PtbEp8CfhNi1mGU3Z8LJbPApUpRW/rzmTf0P
JbGJzL0mU39zRnEoIRDAFAaqTj5pVgqWiYVJhKkfs7fHXd6hHM7MXqpQXtc4KrPC
UJWjii4DhyEEeTscOx10QPrGqST5nNFbc6Hb8qFKc0/bIE//QGz9rGerH+cFxeKa
sOkevWj7Gb6EhMu2aGJMmnqoh0pNj2bp/5vZ6paFmhn37B89nJJhLXqQeDcgglmA
f7DzuAAN5CSw6KmiJocmaYe6RHZjCEZmILXHSRJoDoTEIIrQiV4NNGxah7Nw3gaw
wwASkf+dhn6mKg+6y1mVIIPdgW/CjjLSUTvox7WeKdmlX4yjmJSASoCJM3NWGW3z
BVDdY3nxkSQ6QcpaK1N57MpOmkP2EjbN3ch8vQuj+croYOmR72zD2mGNQ5iMzcl+
US5jIew4R49N1TavwubkQKXtxl6WnUgVGLeFm2d+J7zGWT6tw88k740Oce8UwVpu
NBZduEjPtYnsyXIRxL5tYEPqUrSbrTbsK10WesjpTD9+i+fBqvf2Y832yXQeu97r
9JSQi1Q6Xtyvsmy2lM5ahdzwS8cz2WSxMmJgVyGKlFX7REPjktHf6dkDM+GZs+6w
SBhDu4Lyf4yrtiwuNsoF1qn2rdhnGQAkjishzsOOIcoctx8ionRi2p+nLn963tfZ
kYGcbbRaDs27nMBTFCncLpXFqq8Phfmb6fI8Amv4JzptPtqnwU/ygonOdkKoMrqf
DUXXAJ7r/5otGqc/ABjuCOPe7TeAi4JZm0nnEnJM1SvvuJuPk2cJ18ippjYIF1lf
zkOU3aaxJtQKofPszkX6eBEuKWlTo9rlh6M7NqmZ3j9Q82SA8K2W43q0ImgYnded
h+5i3siTYTHrXwSdN07hKtPI7c2ZE9J4ASDtTmWNmrb2i4u9bxF3+IG1ze8lVZU2
Woj4mqsBYOEO27tKn5IWVGKrCgJ1maKOCEumEi+iICajyyYOXzl5mXu6Z6+84uDn
RxMCOxu/mualrIjt35zaUVuvkhMMJnkRijEcdbHk+ICM9x0DLnRQruuY9Kxwjgui
c8YACZcQf0SSMyQZTbMfJjVXvplXUA0TqF5dCX4TorUEiWy7pclCmBvvAkOADjug
htFRym605C5HtjmVQonQWL5c5e5z4+cDOISgdkaEvVCqg0pu+MSvMLhjiqoQx7dZ
Mov5sdbk344oo/G0mokjLT3u52mhM00SighMtW+ABfzwBE16DP1I9sC9Ge999HsU
EU7hw6vEOIzM5O8hsKTAceB6wpXX0ch1um/emFkjglVnxgHGxYegMezigQwkgaNV
UwuqPnnrFIce4xu7QZ7pcAcpcWVLUZhEtCK1vh8QPUBcdA7CSrcGWdXuzEZ5V0Xt
LpF2augMYQ+a9XFQjm2Lx0UZErfesN3plZ+1ci/ltQgVNuZCPABIFNEdZpEKtOfR
czO5y++dgqlPVOAdAP3bhY4cFSFfyoeOTtJo4Ev1kph7Cgp9s1zR2QEUrwah1zMa
4zyeqnwomcZtbJfFysNTlIOT8FeRrynOImEZaj5HoCRvicEBUB2Y0X6uFcFlyydv
1pEEIBfoI2opc5Zczm4x7sr+MUAaGbvVBRoXTn8L0r46JILp7hVYlXt+DeoR3BEt
sKKSE+q3uuGbWCmhAxeoYZEZwt9VGFv5DPJyhugkn62dA6P6AXPHYf+NbIQIh0oM
HFRx+3xZwluTmCq4+MFlLFekGuYenQnBEySm7ps3aLRBxjdKTuG59Z7nu1KIeLjg
nyVhQfyDgyheDLdf4EWpb+moqjmfKnW1k83KSMLR7v8EQyWYBO1jSCCoOTeEFez1
Z0E2ALHfEWKMFt8fGHd7VQoJlwoIoixNj5jYlm8xGBDvNbFDBCa/4e2CaAIj/AZp
lhRBXc6JJibLqOihgoxc5fMNTE2klv3qWa47QmbYnkQ1VV5C/u3mwBBlnFHSVHu5
s1MduNiVpN6Z6/Cex5nloPZK/7TqixnA6/058Ckrqf6nLZUGIT5gFo9RRYyGqbNU
ptIeBZqRpOxLoFanC2KSOFnJFhDAd4XVzaoXTEvyCjj9miTbccY9xh08ldAlWcZh
0RItsVcqKhkVD25FH9kViSKjct1V2b1fqBAEcuqwytnB4gp2aUNCRmvu6RDPBpy/
yNAM6d9dgDCyW55KNpv2aUoJmSxEGLuZhSMJjbiZ/B43ipxJHwpMmP1Vj8y6UX6r
bzpaSRXhPv6RCdohH0Z6dY8rpO2PEufTa+4YNYcv5ehCY0AVcVSGGy4PgSiS+M9t
HezSWjMkqB/Oa3a7rEKo0Em/n9Y2L+h3npXY5BPACo590diiPdbOajojdP8s9DbH
kGepW9TxYpBKKSODBZJF7Gv/yUf1xJ23g+eZjnRgOBaNTRImSe484pSgmSCbOg8N
dW4Odnk4zyoZg61obVAQShRtmBU2slIx6Yl9zrVJUIxo77d1dkybPob6mtgAauxZ
RDKT9uaaC03fm4GEJ9HEWfKwK2m4lt8EiHLrjz5Qar/XUW7JajxsJG9+d6pMZtak
TKevdDYv+3Sr7+TSDUEYtYgPbxBdPtT8yXZa0vruA5BA9yazmxIfbK3HhKe9XFVW
CEpR1kHad3g8t+xQFEvdKJEEfwrWd31KuqXCmPJqPEyT8uZ51NLG4xqb2oTM14v1
DcoREgm8ZFVpsvuwylItnwH6jluWV9yzetCoL4AbH/M8os92mzgl9OCygBl4PV1T
t1UGyDidOpv1Pa4tWvvzJQioGf49mPeatlpFv14W+Iqqw1cKsDVbmq1MusOXgafm
qZ9nNYAnxLU07FfeN09ljVyAEYMTW0BglxWU2Vo65GoZURH8mu5OHau5gD8FPOqJ
yl3kUiZ8PKoQp+TCYfWs4IyEDXCo4+wKJ0TPVOhH8mBeAZBQsfmYEXtZhBGSlWxB
OMu9DJMuEXMSlUWFH0NEajhn1bdU1KD3KUvLXx6lH35NoL6c8ER8AwHTB51wPWsp
hMiG6T1bhXc8mSrz5Z9ftBXe+5NIN+eChmxUZpYTbv6wvUQJ5aq8iO2CTjBa5948
RhXCrENgzF2sa2tRVQjWOeMzU5G5NGo+v16bIZIzXv9GsWJdhQfiwJ8PEjdNGEnF
gFb/zSPJbno41vgKhA5vp4r3T9IGR8wqID6Q4Tf6MnP6MkEPwwzqH6lp1tEhNElV
2W7lpbkL1n63ciSw+2frJ86QiDDeKMU5OFpWR+pt/6dGuHTSCOG6lKIlJRzDLRpg
Wg4hOEJOFID+9RU6DBZiNpW1FIt5VZ2ZHYjrqSYEy8z+tenmX/yg42YFxI+1UL63
PAeyXDuNQ+D2OSrs5WqPz+ac9SGqA1NicNMDnLrm+82OG/4z/1xcTUlTI1ewQRCD
VvXiTNxll1PvW+/wdD5YGcRz/yjBSTqV+Xb1ALKPTk/qrLpHFerTxWw1BITpNEA2
kKM3lYBpYZQK+ubTQexACbQeeE7129OG5r9rUEtcTEeh1vzg1hiYrWoGzFOPXUET
G+ru146zMsDoJSALJuJjgZrEQX/BMumYdFHwPVxAXy7d0lzchXUTUlbzTOMteAUs
Hn6hpaELCpuWYhKPQ30aN/Q2zWpat7jz1w6rm+NPTHbnw1loE0zJclaw9huFUCQZ
If/DRPbKz9JTOdfZiz1ZqCxDXilpfYXHgFMWa6OMpcMYQ/yDOggqD7/z2fvwUdOU
NlDv2HxpoZKuBV6bF664gJ3qdHmHEteecKXjKbuzUbTrQLE/dsZIsgvZyW/sMiZy
ErLCFA+pcGIeO6za9DFYVQheIpv6/y+gJgc/H8NPJXZVREbfbRqnhqkMGmnw65FB
lDRstzU1AYvq65aeLXkDaT/9wydtN57ebZWD7zbum6OrgEjdBtJWd3NuiUQf/pqY
dbKBfBifI8r8oUWomyJV3l7HOxXLZO7bwXt6sykngeZhnW6gULF0J2VqRShN62iL
ycHtr7ug33fo+EGHE/FTia3Wg9SUJXgssrcxB++igW1Ou96AHA/Ub4IQZM9plIpE
BH4a07A0ia2DxYbpWCpeWZWuKmBa5jEF8VIyVy3baic8L2cWmMPjPZ9+DyQpsemj
RTutRPZUUI5pNUPiGvAby+c/s4zLFtKFFzk0/mE5MhFhwws69llz1BOA/L3QRNX9
py9AlucjDPOjFrJ4zmvDzdogkwkXGVSF4ELZgh6Jpe4ZKNqkI0Xrv79GOngnHm2Y
a1srIFshEQj8TxXc3GT4W7HrzrbCjT8NLGE2YVq8xva6iOAX6DcpPLb0DH3fUcJh
IYBE0Wxlr6ZSU4DaahCfEuNvKBtLv3oE8izP+SBDvo62etQXWS7ku4kQi3z9Xhlp
1qjLh1ePnZXdO60RlgrpvfwbmT6sFWrnRrOpeCkjU4YgMRJWwzyhWDJK9VVvYpFv
axcyjGzBgkmdh3+EV8ha+Owy6OCY95+9tZmv5c3jdBHrs8ErFh1AsYDfVWCeN9rW
T3PcOGahl3AKqRWT1g4yPxIJSGCwxLR1238YLcd05LigKh6VDV10X1AgiON5fyP4
5o34WccEbM4qvroR+sEBvlFJkA7k3965R1K1exSFkVqyaZbn5P5EgvY4MMgtCxez
KvYoCaS26llcK8ofGVy/UTyV8B1N6ViBX5NPcKycjVNrnSroPIDZtXjwRHjZiPud
iboVmbLDgLA3m5hoUUGeLi1jbTkH+OUVga+0rQy1QSNHX/MGTP4zV4Gcj5NU76CQ
0XWwelntePs9LTNJCJfYKyLPcelDAJ31JOia3Lqg4GtYEJbp4pq3rwdp8vF3etkb
8QHUBcwfEPe3kyK1VYRPwfwq4tpmLrfWtvofx/mZ33TAoMa3e1p9SXHI+Ndb+Sob
KL8Fyp43miL9wUFYKnv0Vo67do3cCXYOA6F/wbJw4V+oLdBS2amMQnMwpra94Scf
L+B1nmzQsGVpl5nieCQE935uFDxfxGUatNbKbsqkX1ZOIORPplfX+TJrAfShBsSj
E22uxGfq0Bj2W/3tdFVKnkxzCuNtKECq1xQSuTaWkAHW5apFfpVBpWxzGO5eoiE8
CadNkpr8YFGswCrirpoYqPgGHE68I96yIHal7H+ufo1XK7QH9ZtVSL7CEirYG0Xi
ZhGhDlQwMBDAhI/57sF2xfGgv8UEm7l7/94isN0XPkSqEmmbjcBpGhRBvRmWggnX
7DHoQj0viTY2Cj8B4f8ATvdCEuPY+JpCU3xWVdSTJSOXq9NH/isNzxWWxx2aCS2z
T/K9ol67FcXMJN8tH3TCs0VmXkYwID94DrPknaUXMPqr8fiTedByso764tCoK/bZ
FcDRnUbdpn8UCN8koJF4UMp6mHOwWxIg4ekX+V+REudBAWOXF9pRdury8xbVFb6A
t+RvY9aZhTTr7sFFDHOSlhOnRndzfOVj5u0iiKmdmk4NDMf/gIMq1kQ6m2/vjAEu
2H1p8DJ6XNsLCIZ4nwdqU5326tFOaeylTAcwSXox4M/23zzEHW20+DCSXn+GAd3v
U0iN+AKsss6pGPFxzwwBzaWBIpCdXmzV1w3JOoLiHQOx2IHkGXXEeaNPDBOa2PoY
G/vQRsJCv3vgeYHuq+oKiOORye1rLkFakmuSZjgG2Wo05B5tapxMHoW4plyNDDPJ
0cezb1xnqbDkceXcHa+nTeCouRCqd/P6YVz5ocD4BIdSwrda5GX+6U0bl/e+IDoP
pHWKijdsU3DAM+uCJrE9EwZHDrkW2qL/Spp9AhtbdMsugaIqVuuTQyCWhoK+wpz7
wjCdyk1XEMoCfQ8PAS1RyaSUz7fYAsIk9P+FZ6qwyvM9zhmvFQcNoj3E5ObIq18H
GezlvPOeoDwieqKamAHWkEwefrUb6X4IK9w8dBJrYQgCjnwPq9G0dWu+MbbP8xwE
w7LgVMRJKMMDllquSaKDrQ==

B.3.12. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7845 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4794 bytes
  ⇩ (unwraps to)
  └─╴text/plain 431 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500

MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACGdltueYBykYh99Md439ZT6COO0DuOkUssi
mv3sONO23lQTEH4IDhS8pYhggW0VuZxgSL6feXXdBPYdr8UHnTNZm2X8X2fSpZ+N
HcdEN21H71tpKrFHxIznR1bEU7/Zb0maRg8+O7g5f1cZb/e0dnjEOLQsEplkUKik
wZQmfi0FJaFRTGEdQh29pQ7Ww5rVltn8jyZvr6IFqVPjOlhYJ3SciUdJxygMnF1N
FyIBlmNShELvkr8C4huv3q2LOr02QN/W8TdflPIDakY5zijst5q6ILX6L2EypcuC
LBTFWAyWYCsechbb0ZyZVFzg7+Yj/ELIeOg7ZC0iPjQhaB9lluYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAas3uwX/STpLX/lRqYFr8HSB
yVCdYgegxlTMbw98g/QmQgcNvrzFDvp6vF+VkGPOqTJAlFSQGJWraNLTmbBQ94i6
NXuQ3fDrGzr0Ll5RbvpB0VcqrejOrOojHrgkHKGl3DRTIH6tC4mgmOMYZToCev+H
bWpijRzWYdFH8wGQxwgfWKHF2AnXprLBxe6Uub+drp2fIrASfBehX3Aid+6gYP1h
tOy57CV4WIRA9/Xr1fAyxkfmChdQHHBziiuvplUtSVVQf5UoB9lKkjRbJhCe45IJ
mW2hG53SoHPyud6DIhDdUB0RzbTmnnSCnLNo03HohsszxDYJ3oa2Otu5UhvPxTCC
E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN9CGuz4+n6t4epemVmxzYWAghNA
3D4c/K+3F1f4LD3bnX4C/QHDrrX+DwkHhmMT7SdnP5EfQngHFRFaLT14d39XpHOM
sD7kubDwB5uW026zEoxDmgfcYPzeY1OKVzr/sakxiMRWybdMQyEkwQYWxVzaSTLm
+pvssI56CmM/uImY6F/i8ncGRy2w+nuAjAhJFlXO9+NUzRPEweEoMccfZ8lX8yoo
Zy9e9LVvXQJ2gFyA9/Ny3NFXVlK7LbHIV3oAwztLE36nRBlrQRyUswvrYdowbS2u
fVPzhi83lINf02rA+HJ9WWLRgQtc6oGDHJqEzXiMRQMuBFWj/6sdhISaoELUCSRo
4ET9+D/hdrPpVuyUc7aglq9ihJnPV1Fod0ga0XHR9RziZgLqLknbroLOqj3mEFCd
y18HXQbUOCxNuIw7SoLfFfoN/qV7hGOfkf3eFrChKmvD4A+FYezswa7lFq37Zkzs
hL7EeLHf8PhTPmQmQVd3EFVWhIUrNvR2Fy/lZOJjvokFLpsAfMyh/gL+4SMxJkYr
MW5KtcDHH84o9J7ZYIZwhoc/Zr86uXtRVQN5cTJnPfMFsckBXD+KEWbTGuiXyzRJ
ZtzqfVywRm+4MTWmmRHq0CRuHsrbE1WCGmQ2zIjdUIOG2+cge8Uc2aAttFVXfnXs
SZ3K1JHmRkvDug4qdR62lDDg6zfJNnsStk8ej+y0fLKZJy1qs7/MxcIRjxFaoEvr
DdKbZk9Pk2pJutgsyU9p9bXN5qZdQWJSM6iZL0VVeolN0sZC1A61eeJUAzbytV5T
2ahvUGLR/zNMLSFyDUj4/et0/wuwqPVaLLT6VqrG1gylt9VAUm6nfDTj1n5mIerB
tVobrisydTBQ3wwDKY8s9t4kebInwfJx5l/lFaDg+BfMmZfIxph+CEVdaWE+ORgD
97FgoyL7j60qzJvInsEUe8Bb5cml8fyMMYGMlydDGHVUZUGI6OxFaJZMpAhuq37A
7z0/Y46ykepVvOzjZCBhNldwsW1AftSoWSEXHGbOmeI4rKELBiXqZ2TidS3Ny5Y5
WGRzzUYufn5rD4OULPIPbi25Fo7WydCFnOIHBSPaZNixaM4fcjSqCZcpXnuzKOGG
M6iGJ8F4rS3oFgXoeHDSM0CWnLS132zD/NKRklmLTiAgwEJ9BPG+NgNIIouZkv45
EbFiYCGef4vBisukj0yDBvhlzTdrGAeHk2nqIF5B9DFc3GtuzKUjY/5xLQ9GIWuF
NFgu6DoHqVmoBaISDRKFlYr4vxqWsoW6a9+yIOcTqLL6ll9hu4Oc0SaYpPEZLV95
io9pBC4N9HPS8tVBzd/GAeK/BUiv1zordIx9GgwB/200pNkUyAuQ+DXL4yv/MROX
Dp2tM0TvUNIQNpbcLSP3oGkEll1d2IvTFsKJMXBkCe/oASFUQDD0C4Upv7B6usoJ
ZH5t1ne3dnxDQfBvhykXpWMxFEkktxpW5EwY5Cl7Br9f10LDX8wntj41F7ddxzDE
xwk0GOkYfY7JTVnxefTyMCN8rYjEiQCa/KEgeZ2y9ORPG7tnDWpmSbRVOxPrmFDp
sIHsnefohCbNuoLfWbcHsGX2nNQd7zSn4GRQWAUV2CP10/sVcsthEjTKsHrhMaVs
PoBrhEos6wS2PBa4zLsFKTe85ORkowEW+n7TGU64Nz+TNR8w2xJqZrhJEiMvS51r
uQ4fg1vijfgwPlmufZfH9UcTzZ4EpeRvTQp/Yrfc1uIfIliJSIqf2Vk3VJ1trJxj
Jn0N5EDb/k3bNdxsD5GfuYgaO4bBtQ+8inywlbC7BXtpRJaEdE4xbPvQ/xARTV1r
SwTwK9cMhzB86GM8KUqLtNhvMOJLitfVRLlRcMYXYcpKaaBvXkPUtKDFU7adHC57
OOz8WCgazSrM29c8IIvKJKtxk0+zSZ5riscOhNXR7wuWPT1ZMMXWir0oKJIRO/Y1
XptrfKa8goaSOE6abQZHMjdUwehU2W5epgZAz5XIUS0yBXpqv6f+NRpB75zazfNU
39buyaJnytIABH4r6777ft3oLe/JI0Eeput70P+imSENLRulQnafte7ZaGMSAsQF
v3RnekZqnYQnUSPU7hK7vn+sXbkf5tI6ntF7/XXY/BMrk7bAk2dvjiekscZy0Jsf
CFKjpI9Y+dJ91+CXBGduBmavKSZ7xGdYayVKLyQ1SnGNw+IGm0sJ1fR9AzxGI3pa
XPh55uuzGOFY5Y34kCO/+0KLbJ0ry7UQGGm8F3L1yLtKeFvYBj1pyAftb7VdMI3D
XlurTQ+03tPrWP21wFPpB9nZp7i+8JaH5gJSec0w9uooEXEZHkhoDzE/wK51uJgC
wuPcTFMrXNI2nGaiNJW20FDTsOFZ0iit3cx54qT6w++P6iQRJOzAH2ncSkGz4DFC
mHlYqgrY69jGWDa8Trg0RDBQH1aUAmOAlhmyVLumqBdpfQN7mppB97DNNVRsDhSY
VnnhvJH1YVzGJ1vxE50CLTfz8vDHgQmjLfab9IdJ2hb9McpWGGqLLw/u+363yxsv
ijn5Raylovp5o7XF9t+NKpeGPNXamhbc22Yg08omXRsTv9RicnuPUK6WX9TGp6q6
9l6X/8rUNdDGKxwCfzVK2pknexty1h1rjMY7QQX5QD/MEZl2BHdVtjN2+DvoqqTZ
N8T9ow7vZVKgTM0TWy9of78D8KLMW8mHsq6nHD9X97ROrkucD8avlQdjgTuHbQH2
wXg1dxGGPQR+xDF4p40nfDvILWlEGndaYQH7qBJYvwE6uxO/6uk8otg8AzdfxRlK
60DByDHk0N8JDQmek0bEHSy4CbuBZgDDZwQlAG7ade0WSRUZ0ZwHGPfFEozYNFG8
fCluzUuOOaPYUhDchIFYVOw30TwtoDwkEbcMzXXqBpXMzHD4Yk1TIKZY/ok9M3oa
Oei8xx3pPFJaxfSodmV/qXwv5b+f/UrmCwwC9gLIljzg26o2KZK9SGQfAMf5HbqN
yzp/RyMKr88w6urhdFdXI7UvPAcsi4wOOA4Q3ANX0T5E/3M9oGRyKpUridBt0Pfe
Bmyr2Cq6yWDVs94OvPm6b1hOsOTx2KUTKKMTxWbbKjLKob7C6srYllc4x9AzjbJX
XJu34KZxfbuRbL5mLzpu5BPXQE7VIZqwPXoYl+uvj4sAGq8RfHqpbeExVZAuGl+y
Tb0gGtwaIyb3xTMV86tkjzMFprxMgbj+iHAeU0k2wbF09Cq2wXGddBUEH2XZYCgv
aviaalJRhNKIhvr0zmvugsjnsFlX91MYJwGJbw2TbSxLLcKK6Buan3e83SNVZGPi
Tvvsyo4XebbkCxMy4Vnd+SYRfdPx2wfleJsq6LYqSrAA0DgvTjs/3hnVtGL1YQcd
jttlij0V8i0VicD5bNUbB132G5qy2BoflCkwdjINBZcx56fXKMOJU5cAf+XGD68p
shyNm+/cexdiiRjNGChN26m/yNiPAkCwrPacnj+Z/2DTvmFFutAtImSD5y30NOyH
YtxtuufCXPtwg1wzXcetvufyOHCquSLWIhB/usDLS8L/eqBJaezmF7dHa9oWLz22
SjiGi+R/WqiSSFgBHAznUd7Wm9cUitJxLpMzVJDeotOGcFyVI0nXUR43B54+phJu
B5UBU5DSt8VbjehmLUa4VCw8q38vDbH7L4NkTd3pw38lNrNuzmRyIxcq6Ta/zUmn
CbWBfA6WoBHdaq+Lp8q3VNBE4IkVJObiYWtAegODFUIlvASixnUIYl3YePRXX8+5
QTGxKzosyzYBm2Xy9cA3DrEY7VviOjXzAtNozQRbiQY0dcmDpc1GocJPk7gNFtPO
BeCwMhlJ3+UVg+vMeX5lbAK3/gnMCSryxSgs9ku5v4ltN95KZxfOTmEXg2r1SdDz
pvwkAXzp0wTyD1v12fAexu5KpFTSqauxy0tR682iWElbxmPmqnxrU3Gii0Tass43
KUtV7fRY6Lw9DO/hcY4HCbL0uCeCi0YTsM52GPBNPyJkVzQjBAlATxmgSrW05+ND
Ww3FoDL2ae81XWH4n3ZAZmRwTt3myeUm2UyBWDrXsQOb3MfENTrQDjoI4KjoHHyl
k0BOS7MfR2SmSJh24aBsZgGuTekTVhcqzJHn68b2H5VkIaiSTS8LNBa12L37LpOK
7jugg1RMU3KHdgSS4ZrfreHn6R3Mjz380TRwms+6fs4d55mqLWtnE6KMzm79cSw8
flCcTKgYwpJdPX8qZR6BJKbR9kTeOdWcTgeJtoeWHMccVd7SLFa8Ya7MFAufnkX/
nKyGteImetM81f2OuOc9s8tdvH6MnRBCGs6TLBJ/6HR7gvkAO8mm7Q7hF8T1f1hW
7SBcWyV0ombMqutB+VxvKpzWhg+dozChhIVijh4uHCEhgHrDKgCRvQ0xdvPTce/f
boPaajtf28SlJtoc+72AISoXv1QhQdInO5K36T0MhC47PTZMEVSYwkd+PluzO1ue
jVw9f4GfO9lmJ8Ly5VHT9auu/wLiJ7N1x1Fuyje1+hBU+eH6vtf/IPDZsYNTyo+7
r9hjMHdLYoDBqRplLxkEiOhD3j3VvJdTF0D84Ke97ICldKmdtpgTMeXgFI21OolZ
dZWUeBo2xeqqgJWyNK0XykgOi6uLjs3pW72taG3q7pIgn66rHdQD5rixjisP2uTM
yDznF+q5QbrtSAsQ3YoghwqLnxQnWrOp0swcef95tLHcJu6k3NNXiaMVVAZlWBIh
UJ/Hw679GGoXXVFveIzLA1gcThjJ7Y7IU7ipbx8JpczGUXkLjtEuOYxlBBm51q0d
F39q5YeNs0Z8DXg/Lo8xFgGKTzAuzDfmyM/vabHxFHTUJgyB/Dt/MrAGLztwvBjB
sffTcVoAnzv5Fv2er9Qxgl7psksLwfRkV59IclGPrxfgwdZM21b0A3FURCGWvTMe
QLUm9pmb7HsvBfzixhvWU4Wo/OAtFWX59lSAlSeaNaRqtPNAiyj5mdnvJ7Ujl1FG
h+GAhGNn5yL27v9gvgkzBdUlq37eiNjjzu/m4YBZEkICz3buOVO2/io+vy1rxud5
aMed7LnIqkXn8qXz2KPouU9BTiHwXLPby4FzKF6vJVF6q870R6b0WEYu0uRwTjLg
y2dHTpVSjU9rhTu4fHMbvgDBgvRKlY2GWf/d8DSb71lSgWVZvq6SYtjxJigqNKYq
ekAKOGbchPbn0SRnlYkCCUzOzVI0nFs7SogYWbNv7lI1IkE5xW93Anpytzo6H7iQ
wX+1hB1jm/Q5iiBYTJU364NCqJ+a2H93H41Bf7PSMhoW+RvSoO7JUAsaOahQPjP8
c1NAGqPTShgHDWE/1PUHRZ2+AjUOBY9tIe+NH/EF0zPY7uMXhm4srokBSdn1rosB
6NAnIxY9DDK5LiLrkpQXJJ3Dciifm7ivE+/FRK/4gb4RRwmjxTUtNv2c9Q3apdwX
ZawER8MGwniMghNwU0plAdt5z+4aZ0nU6fW0S1eAsTZ1uR40BTf911sj2llFdEoL
2ZeUBYWm+lmx3MGtJIvYk93CmlJMBY8Mlcd1h/vT1FooJjt8EjjLBjzJhWacTbBO
9/F7XjLzyEaG3v5u7C5T/mdDhYYyoQQj//M34pIUuGb8EL4Heq2wKX/k14QG7RBy
PtKY8+Uso6DUFztfHwwyjafJKIcddFxiO/eQiIx813Uj/q5BGRRufrNcSVFAgDLE
zTvGsoZGWkr7zxUw/cfoRAlzKa2h69SCFk4XcYkLLnQVEn27NXN3FhxQDH41f6qt
CpVIpqeJl300v5fDks3ne84iKGQkMnjdYRGJ2UzGvaxGA9NN28zdhPZKO3IqT3dC
2Nsq4TgBk/0wICjSg/vlMjaYVifBZo4H2Swb4CSbYh49S6upMHU+Kwx5R+x9TBNG
vKK14gPzebpQxtjeX/oIJE9WEUS9/STuHpVRnuhYl5kbnD6XTOs2crZHpQlCNm75
z4gqzHsG/ZXD//NkxsFPb6y7A0tmhol7wiEbLZf7r2O45YE/UGR5IcTcQ+q7dAu+
T6VXouyzcU927dN6PiKmVkd5E6+oR9zcMWopXvsR0cLR02+SzbtxIeQofq7TV4Gf
ZaU+lNTzOusfGZR8erXiptDVThvRbk+SpjCydJUf6RKpmQ1TVod8tIEKH9JpBftn
lhmZ6VHKEM939lifc2pDl9TkyX3I0QBoL01MuPRbpDJiDODIdZmbNltgmoE88maY
nZW3ZG6GhUjQsYSGEtuyZ6CkbC+dlGIWaVYQJM/YycxZ5QxasmgHwQ9jEgoMfXiS
EfIBev7/ciyPU76nT/ZcExZ5OYaX9NHvNpL0KJzTNi7NXGK/JDI9gb6P1DTdwreH
6FdwlkZe4ZX6TpCDrXl1FdL5bI6afUIZOpiiUZtICwVFTzYlhAlui0aD/79t0R0V
EjXZ0G3JdJmqdd50fqxVfcq/xwDOqqbJUvcVcWg2F6zAMfdwQFNGx1qpL2etFspL
vwe1mTu1UUP2gUBXpQyPrmf4EM768VaLjRoAFu2v4/M8zalr3WOtokr9YfiFRPEH
EYAdFENn6A7DDE9uhFPJ+qasySYc1NwmdGtXVS5ynJw4GERicu7mJAa/L5fVzd6n
xDKBsoZSv0yR+1I5Nl+79Q7L5xE10bITWIL00J8pxTE=

B.3.13. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9470 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6002 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1819 bytes
   └┬╴multipart/mixed 1755 bytes
    ├┬╴multipart/alternative 1132 bytes
    │├─╴text/plain 375 bytes
    │└─╴text/html 473 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500

MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABfhanpcfRrENuk7s3Y/t208MLeCOtKAgVuq
+YxkFGf1eaxIShygOHSwbXnGM+P3BCMmQ+iTm3smLm5KvZdO1e9Mle4QERyC2//p
VNSbK6NWD+5sFc9YMZ9BrQDIkQ3gSDtVpZiCoNUh/IFYw0d0Bu55kTxrD1iIbPdx
rPSwuyLw43V+ytTi+PpnlxvI7mGYNLZxHkFIaY1zqjpqdMphNko5TZBE2tXZP37+
MQ6slzZZ4nnUDIPO9u85PlEabQM4zbTd3gpdri8wZnNb16kqnoMR5/uv8JmAgvEw
hYY1akgApGMqM9G7wjVSd3vk2kXPR8iPUP7dszHXdlbog0G7hlEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEn22GWE7bdTRn4fqNM0tQeXb
NqN2BYvLUaMBiM4mpghZq9GH3NcmFADp6SMPjrh871dh7aKLQhOsBKLZ5eMlTUJr
3CcxczSGd+8urr8fnH2/aHmarkkz8YE8eUNIPlcCJbkAuw8cskDdHgE/xPYpcNsC
J5mwtcVnenPFt5M6Xg2TeaY7MYLV3nkToPhAr4wJsE+wFQv5sHSzP+W/HmoPzvxF
cpG3JKqI0oMnmbvWjqFKBc31HsFrr6LOhilpt/WS5N9OiFvld9VdsxX4ihoXfHCh
KORL5MqJo+dW7iamwXl/EiqbT84z0r865OfvwgWFct2bjs6O1vSR8O3LrHTP2DCC
GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAVgmUQkXr9d9o0OLLRDaHKAghfw
AN3p9ViMzS3HiNWsI5FdjO0ONoey+zwgLD/6NT+kvHSdrO8mVxkiSlqiMlU+p73o
tuGu2G95XIXZhfdSa+FaFHo9R0+hPc1hRgwIOaKnanBcib69zehPF/v4PzgniUi0
/l02qOvemyfDyUNepw/LItyoTFFf0h8KxdqSrXAIOUYeaxjVqk5rdjh0WZ8k7rI4
BMNXgFeiQzKr49+jME51mkjDNulUZiNhuEHpHLwiNfDOUybSoLyN01ZTC7ckSpV4
FT1+m7FH+LRwAo5ZqugK4i8CXbkqRByxpt8b+oPZz+7mM+L1bPNENBSk84eVfNQu
6cppe6/gCjdel+Zwr31mwdQ7TGt+nhgQU4+ZdtcEG9zZfcZ2EFxrYasInDZx6pY8
W1qmI11VESiGBVq6mbDn6QzQRPIZwdxz5mIjm1ghHcNuBLgTnzBXGOANLsYrgWh8
noVnm6548GvXbYygAghYOljGIrIA9k7wZzfyedIhYYEc07BKHE6x0rNtAZsEs1JO
Kln/cI3vAn425+Pfr8AJkzBnzzPwcBlDkUsxu2RNbuxAKD+OIIa3gnXk0hdQc4pz
LJ80AT0AQ1IKReaqa3WFYTDzZ9vqF+MECs5t3CqYpYk0T2dk27pa7K+O3NzklRe6
gxoCneYhsbNvzBTRhZeZFlt6jhoyhWdD0IZQC+G9WKXyYi1j56x2c04MCTMDse7y
qBiHsCK8qWkz6PqFz0VhiorX7j7Ke+qTylHEF3jNlBEM1xoW5pHp8Jvg5JeUYK2A
HovLtRQiF4suTS/f/FltIZzSY8eYs1czdmCFJVAzdDdHAwTiqu17d1R/v5Ypr4N9
GyeXRUZWmHKZ7d1ixriYwwCWSaT5MAtoO/mIFamf5CMhUcxCLkmdRx23T4UCa/yf
ffZbPBCO23GzAG4WJOKPyCVWBjIyMlTPinYq4cOlnEqTom3CHYLFNuwAaD0iehuP
aAqYtMETlFXyu7+AtkWqBgbwmec3z8LLIJzWt1IOb9opoP9QIhTy7aUePT42eA9n
2r4rorVK4c7HxNCswBlSKbQrELyz1JiUcYeqPArb/jDE/LlgFH/D+wrL1zIAgR8E
kxzGBaPmxxq6dhDdHeEAU3oqoWbt4e0Fy+bVoiw54O+e5NbvtM1+HAeKXzAy3fX+
Y8iavBhuLB0iDSDarP2Exc2dDO+rQOk6EYCvqaYh4WRA4iRe4hsW4WrwA9ccLGVi
+eTdml0/uJn59CcjEFs5bicctGtxTohpuzYE4V2BBBwXNu4KFvG1USuVdsH84Mhl
TtTo4ptQly0u90eyWWlSdaJORBMRMCj2AY+wvldRFpx10NtbGwQ7PtmemZktZgyf
UjL69zbu0qVOWW6h686uoOTkF1D6K2spPd7nLZjsu1KJjLCdQgbJNU20z3RswPq7
cSK659Uv7h/kagEhlY9AhEjtXCbYxP/Tb7ieUQV+CmeGPM0xQceWd/LnSudqh3ZB
slRv7nDgIaKqoF5dZB8AASqs1W9f62CRy/Kgu+D0kbLvc4unid8yS/CiFXsPGkAw
LJwd5nihVJC2jw2GrfP17yhNW8TR87nbR/faqoyWmQkjqyw+ezNIkgRM2Tr98fe+
CTofmHuFAOCAn4q9q40+p6YCDDJCYbyyP2nLIpaOZBpVNtoysfkvH7bBWC5qrFt+
xK7YzlPi4Dtw08K5F8nqaPdgJY5hSKoP2fPrJBwx40s92rOalZEdNA+Ig8zcMwqo
EYRE3BKxPBgChWxjuMcowBkNz6ZJzBSsfPfYHz0/9NdDStBl32M29oNN5XBIYjbD
sS1NqmK7vJVkrszIn8w5t1VQQo6B7SG34/sMPRZvfXLGvwDO0sn5g5NBJ2to323R
rpNwXHRQao1O6IARwxTSCLk7+r7mjz3U3Cz0YTWpuZZK3yMKg9JbxAN6rG6fb02+
tideDrU5ibGI+VpBxPaoO/q7XBWks3Q3RX45O2uoAPkYNBr4D6PoMXq1zrtMoSg+
PDKGTuZaw3RQ+5ED4tFWUl1VQACLDszT4Q/7RWkfF51b2aswy97gEoRCEUYc7GA/
KDSyviz8kGxEF/KxqGFZhYB1/Xs2VA/o1XUZsbR2YX/mhfn4iEvMUl+vI63YEkbR
KTQdM2UEw1MaqKSSyo4TGJ8WXG1WerWQ1Vpxn2HmeOb7mIYw0CC5vMrDsYJ4Dz4f
rAG3v2iqqG7aLpbnXe8BYLVMgcnciJWfav2lWNVUnHhG1IyeOvuvQRBtO9RizxSK
fe/5rjxBBa7sPu8WDESre5Xg/C8GdbKk4vjxM6pUnYKLMGxpHO/XXWDlaIV4IuIG
HnfUZ9UzR3cilV53bmuWKlAOMqvJ3QcvO1tXdcQvk535uMu3VgRyrwd1wDbVRH2h
/ZTW5YEO95wjcCVjfD4YTXZOoinKBFt7vv2WDfCVOYQ4Frkertg/E/V+jcJ0usoS
qFny9JE2WQ3NSkYb1SEYQD0oiWH/6++kjknuMpWP2Ubc9UTERVD81RGPBNL+vAr5
ItFtD8iwBROCZg8iB3dWaM6Gs2zu1sYZCWvn18XVrHkQjvqvliIeD9pyrmGKBqc6
jdlFfhY0Q4Ucy3GxE9yz/WT2SWWXOUmq9PiAzOoh2jg45w7BWmsDnRx5WOwoaJvI
1W+BXT1K/ajqnzDQELZCYLElG4jbkqmUvpkm6wtZ4vs3xwNMGo5vVLUkudC4ybag
nHrfb0t42o0IM4mtJOePslIEgLQ4dh3pd1hYFlOjcdwatHJ4yKjhli9UbjWcRFkV
Brzh1obPcv1pAx9ExiwJqp91ETrdGk0I/Kwr4sacP9+yb9tnuP9Y8M7KXn+K7Y5t
p6OXGLEAQsltWjK9b7XRI5y0FJwkMGFFjvKIVgLwDkeIYK5SNqsCgB+MoSwprtgJ
X7XWtd/6RICinOH+1AnAeB/WUVox4634qyh2GZC8vRvc2xNdKFDcLA3giC2/ltpb
CeQULpERCoy5Q/1jo+ShZSSmw3JbdcJFuDP4varTgf7Ft9mAWnd8xPtkTTYKgzMo
ZO6nxNnMdNBu/3+NYWVTSXuq4OFUEmhkftP+GbVdU89jSr2oXsmTSd2PMWOUnNgN
oJK7meDsHkOPjT1mg05wvvRy9FHN6TNWEfSAAVeJHJOyoSRQDdRtmek/9AXecNb9
wyKXyw3aGL1wB49hC4AE+w6zw8uAHNF6xYGBLaxW9jWyN+EEYG5mb5Co9MPsqTEa
+Nx4CMoj3VLFmk3Q8aYtIEmyQBkjY10pGAix8oINf9TTWvAgrHimCBQhsztQoHgz
uByvSyCbvendL4o2BsiozGAhUM21HC9lL2FdtgVKEmYyXZEGWSdhMY7UD7uIPauo
7/+5o46AS1ZBAynSHi8oAETNni/oy47O4a7yinNNcAsG+ZXH5mZU5akGiBJjPH7p
6REwmf11k+RGkS6sOIwdbXqgR3007qZPkesAKUVRB10xZkgEZ+DkZtOaULTxkxqJ
ED10TW/lZAm3wmTY86UhCsOiPRCMvsfughQisp4yZeEIw1s3vb1Lf3r4FLvgBLRc
X9wdASPYHMPUWapeeYSajJPZ23B478UIINoziz7dEl/OFGEmHKwiNTgRG2guXVks
QX+9LH4G+W9Kic5fwm/5M9gkQXOGu+0PIMgIy13RNyFr+5rFfnCcdq+FKC/w6N30
3/15JKrRup4exCfw5fXIeUpOtJP8W4HKv+cPtTJ2lkJXHHpXkMWswdcBWXGrb4Pp
rOII2htbmRcq/99mx9/7cWmp1ZY512GEhbd73CV4ZUaRO5JJV82Hbp3j467BorIT
D/hMJoUsuSOypRvUJGGQ33m5uLOTqmQbuRk21SwNLYEoih0w6HK5Ayz1i4Jyrc0B
gxWkNkkWD8e1QcYsb5kDlZeoMK7HHAeXzZBmW+LeMrkfAOhXqDFC4HO+Reza8d8k
97RhAjNAHHdox0KoC6PY2dcu3VQEkYod8PizWgBtZYcjL6fsntjJNL/rDTl2Kfm2
XkKGG/2Q/2RHiOhGVeEv6lMQN9CmvzIyB2Ijf5fpZLn/B0aedX8H1V33f/J/xsvA
nw2uAVziSucRJaEcSUoNV/cKgpV1OuwBDcVeE7+p/k+RlY8aohN4J6lWgATzV9+J
MFbRZXALyzLrVKk6y6Siog+7BisQajPtu/XncGfrRHxwHRJgoOoJM/jXq91KyW1V
YlUNu/ea/hz5xOUJ0D9AlChu3b2lZZ81MAwnxxjyMVb7xRu+etoSpWYBB9/5B9gL
KXA2lxpC8tdk0HVpPLH/kGwcZIsIr8GS8A2Unj/dreOIIW0+NxB/ERGPkbPEZ0qR
zBZZdkBbL8IckfMqP6w37k5ZXKHvJzQS6m2gFmNoXi0EybXe5cveSk/0ZxyohL4n
BA71Ouc+VoReh4st1zRWPbrOni7AuYeENdTH6kpQZ6Gd1kd0s05c1EPa+zDdPGJr
21nOL/vYAHVtW9eAFWU17W0zSbRH8Fu0UfBSiuZmRyPrrd+bUL/GTPATDDSEdidy
YBh/ihWM3PD10fgOrygqbpK/BmeOVEYesTHqjmdjLZU96NGMfmr0x+53a1YhFd4b
3sFFDdWdmDBh4eO+dELQkbT0ISLjmICTWw8TnKffjM3MDgy08VvjQP1ZiF7C6aao
wCYNS1iX+B7vANKfj8Ax89jgqPqyjzmB8xbxPsHvBvq7X718tWqXJnFuoFUrEhaz
l2h0WMxjY1P/r86Y1mzMlw17EwagREZq3sTIRc1pu4qYN93RhsUOXFGRukYQLh7C
1VKgvOYGTynVDP9C2U07Rq/wPHc4u/6ZimtKJYddc3YqpvNXiQYv1unfGgz1UN9Y
tYQVDmM9d5k+1tdqONOpG2SIDifSCRpc7fogO5hlo/3+3JSRYg54irwaln2AiaOK
xhrSXkWlTaV7yIAFr5J38rYA5lGoaYLUAP2NavHiYCHjIUjAkm5TxHEnx0DVOuk7
IQvkXRRXCkjBPWkvOQL6VwmauiPuQvYrWhUQHng4npHb/h+WY7RQcovz5tMtMOs+
RFIiORZmJS2Fze0lfsR3TZtu6eUQBotYF85YKvGCo/bPsvN7hKdY1L1CjpsDtn7I
Q/dhxXWnvE2SXpzWBN9LrQrIKR4UYTcUiXXU+BnEodBJQD2z8/1Bf/r/JzUuHdo/
CzA1OGF1IcuUYkoBZild5ZrWoikc1e6XCxXtUQ25yub8cq7V9Y8eOzpIee6VyYcy
NTezqa1AQ/NPVOFICTtl9blP1Tmo2I42GmjWTE7mjdANcl9MXg8vmFqq6PaR1n2D
na66iGUEPfoNVGYFg0pR0DZAYWIE0ha9rY7Ocy7UbiQKRg73oBSMz1PGy+GNJwVg
75K9Gpkuu4iTHey3BB6Kc6Qr8ab3CNoAf4z95VqfZ8eH6TwLjPwPrLbCa61iayBA
MKAqD8mtHmLclE+9F4L9hn3oVIek3gVnKGWannZ64/RON75iwXJ2tijwJRfQsfP3
dteQX1sBrt/l0Ui66PiOxMi83GwHNzkonFjia9Gn4FEOLTenDZowI+Fzp8uL9SzZ
slziDSogFCEjSJUmBVBKciUcwD1wwuJi8N4Hw7MUlMxx0gLWLUWe1t2eCdrDd2WH
vCCfZ+VG41q7d/7nrRKNnThBZohgg0H7DFIuIco5a/u4lEr1vT3Cxb/LSBGWAHfh
BPC+vKdBAdle2gnyIxajSv/8qPjbx1I09okQvIMygc6uA+ScX97RWbvWvFu5Pzig
NFl01VSJqI9iO4r9jGm0P9nyDliAQFEcxqUNIQC0V98oZLSFA9q3jF+jqClaMDxL
Tj6WAZ6fEmamXo4VW1QkjwIIqwQAlDdyC2ffCZhHgtLL7MOqsOagvtMAPRzDGsl3
Dj4uMUPkhgOmj+LzZby1at51L2n9qtZRiQpIAzSpCiHIakkxCZaix+TLU6xIsIPi
TUw5t6QxmgDeqYbio5VYKCldb7LE+SjmESv0Ss4K2HoNxPiViw0G1vQYJoWpLiI5
E94ftgR41MwWhwEpeb+fB6ilVS+KCyyFOjPBmlWOejlrPYoK1ZbRJqVGfiV15eNl
bfvWOlVoRqhGG/2YQqc4bnEjhKUYmPnqQ15HWeZGbZnlBQzyArU1s3WhLQxiP+O0
k9nh6ThhMD/NcynQpa5w45ozDhoLfDrE7W417oV5wcwRjkw89ylt8MRMr7XbJHjo
OaWaIDc+BU9SNJWo+OCzxkHOBO/rYcUEHC57gh93KWThFdMSgpju8Rl0DshdQwtq
ivJwyVI2s7csucaxcnao/dlSkEg00fUDTyMpXHsUE+TvAJvZbu9VA82oS59nyej9
1Wnb4PJxHwP3v+3xp22MadG+wwoQKQ4OsWS8QjmA+AjPltz8bbVlKDaJQ+mX7fO6
sXc4Q7h8J0AfaX7CHfe08enFdQhgTYdCIinGQVVFE8E52tMp8bCosYKQ0/+Gs7Fs
YSqSMyrTkd/vTNzzBAt2MKM/qRttltAoR1rGH2GEYGYy97uCXmEK/CS6OLsu7CIm
/JlSUTPMkfz/rGNQbNIhrmcoshyIxRMn5zJq/y3T3y63jbPRe2+w7tDDIMoFFjhU
6ciiBm34QaHTg47LOhHjFRzqBPeAswaset9i5XjypsbPbajcvFBA0IqxtXJp8J2o
eUDpkKsW/Pji8EQqxP6/6nst2hdaWRtvlC4cW9mkCobZ1xvjqnugCN2ANye49yxm
O9jQYjUxanul/heIQcGPBnhOHMFO2e/RwxsCOqQdP+HVghQcuQOq/S4rtDAuvCF+
PPfcB8MNbsWdD9IVeKkFXxqn3rtvlbs1WFCTvUjEI0cLorKixghPeYDmKNdDh5Ku
1ctfIe3wwadx9TV3mvMyjEoz5z/rUstZgh2SmKT7NznKrGHaSKKH/e+qnI02PvU6
aWi2mVvHOVHG6Sg0RF4FZZeaZj87bXyQz97ainp9jiko2GCwlxuy5hjOcC0Wsjb+
UcFjBRqePQhSqo2LFT4+XtxbzosuCE74sefZLuNE4wX2cbQ1MPGh36drjY5vnygD
bl7Zgj5j5kOfDn2rFWORdkgk2yJE7Gae0XnkwifGEBSYNpNXZWgW00gTZxApQaAu
N2SAKRgKvKzLJTtpgNSIrJ6H2MOU+ImQhoB1uQiN43i265h9u7/GXSHarj9I5Rxm
yOtUwzF7J6IKV02ZJyDuNUXzpLJJHh3tvQX88N1Y3oLBj937j5xryIDHHNvX4bJP
Ypjka010Pv9JTQ1PRAVHe4gvpSxb1qnEb+xaqa2/Kz/1hDnVJuHpC3cQyLgTkk7k
UtJn2j9z48MNK0Mbp7r9BeveVb39QGLfBVOoKnILQX2hv/8dkXvgN+I/tSjuW8k4
sYXg/tUqwdu1FEdncgA+RvAGIqvWrwwzZESO+BFPavv7anvn5y40s21+r8NctgtK
RlL34q/LH+w2J4OVlkMEjqf9xDctTDAVWQ0Sdsqul94TCK8UpzNJAsc61QDdedlE
nUsAKRQiYThJP6uwL7Xz3xAowcMyNyNLcxSLsgaYna7F3/rRoJr4oJErXX73zaVL
EWjIuw2lJ5ba/5+XN4rHFKSlGtNNP8A5GCgNdbKxknowUZdMSWH2xDOXWExTnCJk
HJPcmXu1PnWt5NOH920R3EpuFKrRcSKKniORKdNLo7jPLZ6r0KwuPNoQtWgmNzQC
qSB0EWuRliZX+glNR7cWkwfLIxqVtER37OWpNEPr6YAXUFqgsFgKBNNM9etKVbll
82mWq9DRGbLCrhxbp8iAu4omBxQe1mGGRRT2WtBwkAvQr2O6sX/RU3nBVt4NvHwN
yRyiTWYpfve8RzriZuZdCdYjagegbNVfPege0CYdhq3XYzf3AxrUVEZaaC/GCZlq
innWTPiXunVZyqF0v/UL6Xikh4f/1L8i6Zn3GKeeWHXHnyzsw2c44eTzBnkC5eqz
F15GHyRMedBfg/3T8VnZSj/39dJ//+xSogpITDQc4yW7u5WKDvS47xQJ142yh4k7
bIAuqxXgAt87MWUA2mLzuifRpWFDZi999O0EH+teaiezOXbqnv4EPNjWGxRDPbyr
EIVNcKBxsk3zuFtGCsA2cEXLJIjcucV5Q5PscW5gBOqopPjNEClB5Fa9LpftzIR/
8QoTaaW3Hr5PrcMgEuRnfIBKriykSxzbyRzsrozP1ieA0ygm35QW0Tvr32QBUwS1
wmSyyQOnKRpzyLDGZUuUehGyY4C4AZ7utFzxG8SBOdg=

B.3.14. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9515 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6028 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1785 bytes
   ├┬╴multipart/alternative 1136 bytes
   │├─╴text/plain 387 bytes
   │└─╴text/html 482 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500

MIIbbAYJKoZIhvcNAQcDoIIbXTCCG1kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJMTpwbSzvTtudiTaWcx0TvyxUZpiHL+UmRp
WR9LJ8Evl8vh5FnKDB9TadYiAhseHiWnelYjygz/q5C8lV1HH+WwEihs6x7gIROb
IAudvBR12CMjm4HX7GKkCNDyFse+QRiRuuuQzLG3d0/2slCA33mCsOhkE7RRtjvz
yoxcOJ8Ulz18BzFtjYnIcjqR/zkeMtaTdaw9S15wLSoCHhdnAl0eYAnebMhpZM5t
NatVeDmlzoJAlqQKtaE/K+LWfhSm2Y2GKD2I7XaslJS0QBNdDd00AF+537e4m/MY
RylhEzNmR0dz/Tyg6tyqakhXnPiQDQRv+RaXMH3RWDJWfZI1rYQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAger+uW41F5G04kqx+ZTa0DlY
7GfQxltAwowLQzQPB1zUs0/WkjzvXFDBcFkXL/8RPGyqT+5GvNxiloFEB/emqqTg
qee5jWKPur+BknpyLKQN5bxprkeRSccljN2hO+msRhI6m6T7HIPs7Gqdwtw0C1rY
Zf0dl0+sKarYj3cR3YKV8BDD1kR+QhfLAmzRxryvhdXSYZah4KShupL2tcBpOYbQ
TFF5bj6DdNY8heOItu3/EzH7dzfJexThe3dFh7HtSEMkXiVcqNVIqEVtm90dzP2T
lOrxdnqUscbb+6lrIOxn+JjQmRLSt6JImEGQaKKxXuTzaR+PAERxHemp8HUm1jCC
GD4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKiRbYjQHnb/KW2jRBj95raAghgQ
74WlHyDzh0qIAn81LJx1D+JkALWg/z3P8Xhy++EjKaMAmY7CgoYG4O9ElUzkIDwi
taWh6ide0mxmdP8oKFVVtb2cSIHDWnJD8+Ox1F5eFiVo5zKIdaSRekpopoKFoP15
/Zck5ua5lprkBMIBuinwHLtHLAq7nVDP9sv3adB55mUKPCRstPSWIYAqqAEBwKoS
gQsbEH68GxplCaFswEn+GU6Nw4ffdbM3t4yNHNZ/4W6I6P03e5fRhclbU+6wg0s3
EhQNIgeP0aHYPjoShfAJ4IU+er9TV+UHN5Vz7FiEPE+Hpg9xNzL30fwhwN0Z1zRh
fX4HEd/nM2kZfezaF4DDoMj6g6N3n3mrl95JZuuH9MoJhhTXEFZ6FIVAPG13RrWY
4KFehIWCrnjz+KJ+PoG/5A8RJJ9MSZLaWb2c9lmSj5+7WWwPqih+Ky60SXFnkSC9
uv9X76f4d2mIzBKzPtfpvka7b+LUua/lMCRxVN9q7eikC/po9yzc69kAezNAmwmF
xi9Ni7yoCL9aPibcqUv1ZlW/mPajkOJ68o3lbb0KdR6dfW3ZtW+bI7IQwZnq2RDX
4/fxf5qZ3l1VO8O2oVvfmrr5xpRXVfyYx+wdln2DbG3k/NzUcn8aKlmZ6pNEDily
va4GJ3Vx1AHN1PxnL8sYFh2q0/VWLE2+wsL6RtQzS9vK5SLJDrl9J+IY5Pn65Io1
O3gpsKC1bGODiaA0UGewRIUi9yfHzCMLwlmTWC9QBzGP/bqsp5bScgP6u02figP0
Kl53pevpRsrm4RLF+Jfcz/DoTso2qVSiBChh4qAiPmNXLmoR2YkY9LqWZHXc+Nfc
4b2cIUluCSTG+pX1p33B9OAytkfVNdj6SPhLvl+jASccJaPdY4Y33cboweJkdVq4
cBStfoG+nFQsDhXx7KKym19Tzce/tu3CngG19umIuL9rT2uksT14U4h5hsy1bbCJ
IZZZhpf6JnvCN8xrKaX8LAcblG2+DSbFvrkCZea+ej5v4sYiVBi40E88LQSB30bJ
FxREDenMDiKRTBEeRjmqY6JtVsVrcm5H19/cDnrsVdAKbp+ToAncdA3Jy2bQpfhe
Ev7D/zDK2HPam2PODgCSX8ErGs0g1zOOlrtXBd0+BEEb8o9CyBj6VY+Rk5B8Hl6Y
21asrQGVpgnQTSeJJIfRGk2//3ZPmJvhXnINA9c1B1ctC2g+UPwbxs87V2oRhQkE
oCdpPS/0GmtCFmG2pdO7Ejbhwx2s5R//sfQEkYc/jkmu8u8xuaUbP+yPSIGaSUBN
aD+l2wvCsOzAdZpv3oS/uQ41M6ICuCRdWhufcs5M3sNh6rjCk8TvfiYOV9E36Qcu
5owhwVaHZjy99TCYWq6BbTjgPrw1oYi15eqzUn/xPu+OnjqSkN1J5V14QqutLAOK
VTfscKVW7rHDcmM2hbwl+rk+X/9F8tY/X8ekuy6Fha+NcYTjAsGwsMGhGZ3I9YI4
Zw3lpucLV9M3jmLBlF2n9KHbZ920SvFMzuyTeSXM2nEnvRPOoCEzRHcSqew/JMty
2Qn/me+bp28rc4zDLOz3IAYot0SNC6sskGM6rGsxvUmKkqu3U6D+mI4yhdZL3wL1
xuwRHM5ERRguxQAzFrCuc5w22UGL1gIShUTowRLirZ/e9KjDg6GzsDRscQEgr4zj
kCRKsIVT9qotk6PjZXqcn5QJsy1GhH6coGGQdBbBIkwx0+XIOITCmtwIrMU4S79B
fp+Ll2KTyWT4HcILWA1vof8CUAFYqZMYEOvxCF11yP7UbFelNNRU96BxkCtOfcP4
2vwp2I+nViA4CwKyoizepwZqkLZERiSvvQAZah+Ukvd7mni4MiWN2OVEPZMvTNmZ
p8VmOLRESZ0Ut67qh4leKq/c8pQtEhGArUP91n+H88bpfNVI3XhwJrLVEDXCKx7B
IKcEwE6Di32lZlinkiWMTJq2Vk5oUaAI4D87y04rabhC/4Pl7rMn6LX4vBKDMcRW
VgrlIy5+AgglFaGE4NqNLaXUHyn4tq8dZIVdg4lWmlNFONKKTtNfTtGTwdYNKfEF
14LzyWSvfkZvjUMlRWTITQz/rc0zkow98aYbQwWPWgAH7TK6tcsUSaUGi2nVm8FX
1JAMLH5KrQjBmyiKldpc33Pp2T4vb9CIOvVm7G8+E35XZ8bFdH3JmNcRB+bnh4dH
Bgn982jnBkTh8TjhksvNs+tlGzHDxh65caJO5t8HuDuX78oUVJfeVU/pm1j7Wa3p
P0OgW5tckWxyLTYmOhnVHUk0GS01ZZQPYGo6adCGiGz0ghAHiikI0UKy5zrosh/L
+nERmxlycUETbc2V5N5l8BHveOR83WlhR1qo0SzVlLPJwDqhwDyk3da23fUo0DDX
XTjgvokUk99fW1Kzma6PQsFJaRbAcOJycBOp9tyPJyo+h3s8L9Moj5S5lxXPq4Bf
N/LIKISnci9+QtNCg/baPByMLUHULep4llC+aeFqPVT037EJ6ixe88PRpVGkvpyd
8b2SGlgeP/e7fIOM2lAcpET5HI3hbv6ILYAIM/U6iEZp0CldMxt5nC3GiU0guSte
c2zBkcwz6idYRETZQnbXFiKDNvolGoR1vh5h9pOFFabcyjpY3dxDpjGMSlrre/lX
RQF83BVCXFkFGtZjuGSRC+Upe44sL2kxKjHrJTpeFp/gI88Jecm8UuwsFHIFAGdr
fczsiGKBjeBHUJlCM6i1QYNx9zQs/0Dsf+WWBUzthv84Lw6sVDjZaGYkzjZSwzvg
iH6+ytZH26KVM3/QQ1qUB2EeLM8Jh3vNSKl3BLsrHr8XqQm8wllKcySSS+mDCmLu
kmjwrXI8GbWyfkvKJmWi0WMEp4v+AQqltSSoNoQ+NYMzQe1vR+s9wzePrOmQxIpw
sdT3OxSr13r24K5Rl3YdhOD42YN+RSgU9m9MCLDg0Zst0n2FXfYhl+c02uwoSLbi
6GHviTKteFAkk10B2E1DDj0gbMMvnXIHvgFIM7GoPf9GU4bDuo5ohDdtCSJwU2qv
e4JtkY1VCY9zAcnmROqUSDpXvVlw1Q61FhzQ7GpkOuh0auGS7Sc3BTqX5s6Y1Smj
0dChIy2aDtXppCDxvpLjYBko17JKg74ZlwdzyJe4ohS+w4h3oQNRZMqIGR5MlWeE
6XCX5xELYh1lXT41SEL+ZXkIig0P+TywxnXMbQ74zY4o7+tVTarYTjf4leBGjkRE
iqfTJGSCA+HDhMy+ULYRrdsbwWVpeNl66anKpSK8hPZe50+ULzBjVz1rsL+KX7MF
h660epx9YwxzpEf9TK2SstH7dp3lbDMz96FL6ugWcTWSJa+ERyF4vt814y2lA7W/
SZx4N5W+IzUG8kcws5UVczajnEE80dm8blBxVofJloKaRd1RS7aP+YPvaeOmI5l4
FeQ83kAri2oAcfmnk+yudvptSl3A5cmfKV1NCybx7vpK0ePwlg2UJtz1RiIIC20Z
kCNMpLLN8hVkZHvJo2D9ic8IAmt4EGVQGcD6qp3Cv3RwYeVtJVgMnSw7j5HUpdFI
JiIZl7ZSNLW83CiiqJXFmkyJx7AxvEOXNC/00jZBtoOKU4RuGp/Uzpx93g+rao+7
97oyYSmNk8WVH5qk4LXhlNw0NuQnYEeFICIeLNuZOJOJ/PjBI+hVvr6NtuEZ+0FV
J3zQYjMafQ9qD9EajVHjHJVyjBCDoAoJNio8l8OFM8/X1NIMxri3nQYc4xfHP+yx
FgHbHiEcEhn1uHNARec+E6zXcVF/TmOhNovBPEROwhJhybxKAaaSKPzDZEOvfJ8a
MpQxexpNSpkJ0u5gcEw6Z2xASX6Qn7RTPXwJo7hNYOvqDUVUdwQLPy8vJHgqn4iC
KAdc1wMsJ7gTR2bgdZYfHGxUlXG4zKPvSZahp+uEcxixhC5N67sC301A1oLmXKFX
YzGqt3ZhZu4XsPYWV2XEEa6S2Y+3ygke0HuloY/8aosF+3ow8UN0KJWinsyG3Rw7
t+ssGCQ2sGUTdpx7SOLwpwzlUgLuIJ3tvUK617fsCwUl00uG6j6pqNIALRNiN6QM
ayUuu2lnKX2WTIiFf2UN5lppaGncolEwYozlfF+0Xw1+xmoFJ+42QgjHrZSLf88P
w0jisO3nKyTSNvqcJlv2yuloI01u90HO7qiCzpYbByPkFYN0yGhSFZ0aMl9vxoD6
O9tzFkNN9LZQBhaWxduBZJOxdEsF7Fi4c0ZB2443iyMJvhkxeQ+GeS8sPrX10LQu
nUVLUXLG24DI2w8o7ihTWn8PtZNgjcMbMf8c0g8+7yjmyRVtWcqJvfL/NtXv5f6x
FBQQiDqO5xFh2PyjUL+MO9xiUkC5YBBasBUm/cpPKflGnDIiqw5NRKGzdo6/5Pvv
pB5iUrukmzlDJ6ROUHpniT0FIs2gVa6d2YIoZ1iXxY/eYu8i31aAS0/h8KXiU+fN
GdzpeVKz3dr+UQwb+gMXafWV887yre6h70AA8gCW1dAbkRaNj9CZeKlm6Z1lQilp
/NzqbHoCyvn2Ehrn8x8cFpEESBjau62otkaALHD032L2ijfiKqlq3AzTfgOhN2j1
IbvpXGhke9gEzJG15iiWSqe7agSTb2AGGcgNaRlJP4/DW3nVf7SF01/J1dJPlC/w
RjmQVSxV+115g5bHxLr9BE4NOgAha0DDHZ4MVujaQaIj3XO3XcLhUROpbSC+cCzT
ZOmQ/QnCeiMZ1sFCmpn+hRxoV6BA8VBvI5pEprY7+YPiWGt3zqZF4Ot0UggbfZtM
WSDqYv5CoXdSaVvBOPofBidUdk/ASlgjdQBbXk3P/YBFoAbkbSPQopm1Lmxcytfu
/W1GGf/VMk5/wm4QC8yu1nE+8b3iZuG2IxthamQZR/qqowk9Qi1juhDiWnx3mITK
CJHeZhSR6zfF331p1G8mAYln6ZSfxrzQ4R5h8b/O/u4mf294VCNj5hoaTDhxEHmw
inflbhehkFbk4GQT2Rx7Ub9MU7mhkUpf01Ch7lIn8ci6jg0TS3Yr63gt3FpW8YRG
Cyauu/nUGZg4MXRfzEas/KNgcyayz7G/WK7puHvCfq/kiM2iaeRZ2BSBuWt7jLUQ
k5TgBmo51SVsSsr2Csf6mTG30+5kS1AgLkFaxqynIN819dpBLdybUH2dxLcGN6Ue
wXhbqttN1pnCJ8EtPKo2puWrXla5ke++q9/cZdAx9+hwB7+PLwVPSBxO6IG6i3xu
LX2b3oxXCmTsFJ0V4AXFZGCwSXSI5tPx4wZPRI6l5OJ/iVxJFxaSQXwoGs/KyjOk
B9dlqppJkzn6jxmCRt494/c7uVJePG/gm6PxhWVWP+c/S2d28cypy85fIE1kATQP
YTBSHfzorJhH2dfD+vT5WWCwE5kTsORSiuLNlct3+m1N0gQU/OmAi76cwzpWd+w8
mtbwm9SY3el48FmHnlD4RFdZd3z/AWFVCmXJroEsUYuLL08NrFx7Cap61XCEEw0w
VxdjdFeaKOKFTIHBoTK4XUSmEYdMcjQv3lJ4zRGStjRuv4hF1awK/vhzC0ueOjqX
ZyBjUEE0GCfzu2UvZ9P1jbPbCOWOkM5TNg8Szm5J40FgtwFXr7yZLddFKsqw3F7x
N2Tc9q61PNXbyElosPciD5vMpCBS7u3R1TP1UNJtoNf8qz/dvoDEh4FmKiVeznCV
7BFss4q1YEQH3JwVEGjAvcSUsggIpqNI8W8mbIT65vY6VKgP/WsyugD5AFruh5M+
qlt+Dni6ywMGC+CSQ1Yl1S8bVZviAEgCWZBs2PmP3HjuAFIcNo/hPd6fTK3HVp+V
6OYgIHScqa3qXt4NBogbYyNFOYwwQq/dokmT41bNzaFbh29xGlKfmOq+1qzT6bQs
ZSzV2DnyEtnBJ0t3OFR0hWBjUObR5DCfiqjw/ckkEe5rrmS11DCPdmJA9fWTWR5D
EDICjnGMRrzIrINPKa3stnTRXNEujHw2FfpUIhXcd7IlrWJ+8EjaZKUDB9f4X28d
+DIR9tpvYhtB9/tWX/vK034ElxKGfLP3GpYMUnm+R8lv+v26JS7jndCylKmdbcjn
8l05tyykOqCt/hYjFtC+tt13wlTjZrdkJg7lJZ4p6gq4a35vn+gARo+X+RgOHffl
/aQYY0X8JbfLBOI8BJ8NcvgJ0yaQXkTwGBDlGupCzIz0uUpsVTXUtkwBPgftsM7T
adqGCstJU44H56nQriTE+UJGSj0JZY5ch4nSTF49iwRvqtabrVUucM4TasERduFr
12QCvEVgPO30zvkuWJobau3tjHOe2INzAqG8txBYO5pi8StzGJ0sIgJCIxDHHKyI
pa/V28Es6RYKpneKJLZHIe8ISILgj5bcowaSXLS4hLYr1FCdJzKgxoQg4/tUMHvm
1B5Se5JfWER3K+4DLKkZ5EzWu39vwQOvYljrmd1ramOCkxSmOvoVt3AGecaW8Y0E
d0j/iQnMVUwqtik0zprqVr0CCnZah+HfB0CVBqmEi+ymR0Lmtl6GoLzX/d2Jfk76
eJi9iWDXqU3tQd7ya5fRmrEmQXxZ4F36sFHaBdp8ZVj9NMocDPAvBRXCfsU4vlwq
7uFEXRN15y9mKlHQc4FGcrF81vYkBt6aSRZKdxwV3zajN+vOBUSlRAa580lzrmrl
SuQ7XH7OIVIuAcjpmlFcLzAFIx8UXAXflTvg8/T4fpzIbXL5KKebjYFBX3i2PUO/
ajofkSfOwiNJrpv/0VyeDeXreFoP8XQlzxQRrST9TRTPgK2A76u/4JSJzwjGc5Uq
sV4gTCwqFd9UEl+Ls4/P6RuDyGX6gl4/XI/VLxLaDTW2OEccANzOlxDQJALDR34O
uSqRQf6/aIzUlS+wGUV1WglFYXheY93z/Z9/M18EqF/DunA9WawYlbjl02GYIIyQ
ENowMwUKzCBOth8JPO/qm6xkNV7Nn/ZbEBAOwb9i2wIUGCJT2csM5GjiqpR7k0cH
ybYGZQlWpQKYTHHxUIkTYkzREtOa42m2O2U2A3NA45Wu1tYY6r+9/eq7bltH/eFr
KkNw3S3R/LjDvYGvijThFUAAp4bsdHRo6Vq0B8X61ToqUCenMc4WFR6B/LCJ5oYy
Xpq3wY7d1CkwFEF8ZHmIIBDcV0rgtkQK45MhkWXkNoeNCQNb+VFHAgU901wC3qG/
CQBrlzF0mzMLel9OaSt8vR/uzdoCZksxDgElgNmM6tQeSuFdZyi7k9XgB/x2e1H5
2Ph+u3l3XDhfE3Ce5QULLs5TJFSXhc7x1trZOXLC4T4YJSpIg14LBzIXc9USQ3xM
UFgw1LUPIlI6uu8IJ33B8OS9HZeLmUZAHkfgJ14O9+UFwV7yWB1bDhDlIEN87LZz
DWGEUfSOXcUEjgoUMWfitfFtx/UXV8OzJB0TlvRTVY2clZzUY1fsGYzTz46DL+O1
BQ1o1LzehE9GxkGoGplyS340Ifx/nKWvvOrPCXmFyC+1sU4yYj4OXiFjdRuDy2dD
9vOEOQ6A6TwGCBHaTHeLYJz/BlN2iDF4xL8hBAIk+jPKugY59SqFGvWq+LBFg3u8
oy1O6YgAjcrKIrETalXDbHvVBr5u0+XHUhfsEvP/tXhZG7GD45K55TSvIroq8Ext
zilBP1ypEjJra+uFDDOAhzW43BuQw5Xa1PHg/lVh3bJ2YGuSJ7FHUjF5sgfnq0HT
gnV5e9J71CJju7AqDUcmAtK7Vf/lCF9kgyd+uwkfAJLDvic5wZxSpwEmaejteHpl
wPlKPKPE4MRDxXVJpqqxMjh/eXGn4n9lqGfkn+j1STMgYaudnyXSoIe3GO0qfEZ5
LxeuW/QDMxOLgvVhaZLlQWKg6XVbCFwW5eTCSfZ2xfmSPFyF02coVIcemUZbpnUL
kXVoToyXbklNuh9Qyisivoy5Mz+DZetDF03042Ric7OOtWl0mIQDRQM7oPCECKOu
iEEDlk0ZkG5BCFy1uSiznlBEZJR6Nc0NZyTDrX9haA5SsUrtGYZFow1PQXgCI1Ey
jKVwenOKJbHo8ep728dd+aVBIw2sHnhzQcn5QNZ6URudhSavSM6CQJWqOsYOSrHc
SIcxiL9CMzGXJzMG8ppnL2TgkiBjRmsst0sTT7Y19TFnScgXDjtwpimlSzkoQ4bY
a0Gw0jsN0F5k7k1SFjJQLe/fau99wQhJsTdnVeUA1SgzFLiEj0+Ba6z75muf4Yaj
3CwhLFtXiAia29lqNteJNQSJKJa/NR9Qw9qEBwXuT/T7HxqZXfOAUqsiYeOJ9vOr
iskAuLrYCHbASEVkcHYOBw==

B.3.15. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10100 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6456 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2094 bytes
   ├┬╴multipart/alternative 1431 bytes
   │├─╴text/plain 485 bytes
   │└─╴text/html 637 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500

MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEgnvqzNR+Do6JAxBP8F7JUcbB8kS7mxU+3b
foHqCQ/5kO96KgY8libT3/JmQw+yAifncpIcl+22N0NqaqisYJj9dKA3Gjs/Uprb
bSN0zOavKBotza78JC1mzmIIKQ4Vy9QuStaxihfghKti9dZ5+elgenqQhZrq3wjX
MYBlnGKNgrXmNb/8HVb+ak+kxK9ZiRj7s2A3HBQz4kFOr2wcga3QHrnUFqlllFw+
Qod2RDSowp7uvZ/vdtVdVcywnCh7P45RUFO1PL4WVr7AhzRDXsVmYWF1x+6uBz9M
NxOXJX3f7y5+eoTzMUWhJdUwcRM2z8EIT7EdG6I2n1XCgzT8jsIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAlNiYwrBY5HIxX9zMW8ERT4tV
Hl5QupEY6aXcOJhoRBLO3hrV9mEbo9vy3DlQkwW1OIsI4UqkQQ98dNeDQYEzy7TF
onupxyn8dy6gInGpUpqS6Vjnemvm+XbYthI6xuRu4wO1PEnGPuCsFjE79EARuh/e
2QZutFt0PgbwevdiCDF7mJhFEA1aG0BHfYGxD142JRyQJ81LDB5MxsTD907MOGuF
mB6+zW7NWvTjYEsSZfqe6Ycc1hcbFt/3yp8gthRh4eeJEtowBFMfxLQEIUiI7ImC
CesYCwW1gMziG12d3hZkXR0nHd7xu/K1aw09mdvZepumsMwHXSOd66y5U7Bw8jCC
Ge4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBmL+hRticO6t0R79DViIhWAghnA
zZMLw8xZkhor3XzGSawL1DOtnmwJnq+wKQl+2FrIFolxv4y/rsh4bZQW0ouD6wF/
MedLtVae7U9xInumho9P6VKuhRgWUCMMxG36qD/UwZ+s1V25QftaO9rt5cbCMN7/
e5da5VzohBicz6GzschM8HuV3uoNgxsLjZ88izGE7y/yptAcusUg2Fk+dWxnWwx1
KVsFEURo0qocwe4qcTEtOO0dPYZn8ebKFizhwAxD2g6jdFWefS+gmlpGQhKPGZJR
g7dC9sVURBP4FuvuUPvZE2OgSjM7pJCrALawOAUCaWMD+hAU25kX6Y0gydcpzdMW
Kus7jsPUKBfs9FwjX3gJnv9BFr7uJobL232X6ufvC11OgfzAzPE5GDo4nSdqpand
JEd0Db6ZWLux4Fduy5xtWqqmGLST7KMZBHMzpo94Z8Op2V9Wqa2hJ/DS4nB4voYD
fotZeh1dXoILB8HO7l/yq/6AyI3ouSV0GdmtpneoeKyStj+WlPVaREIdmIzup2l2
+PySH1Kn5ckfcvz1RVQl2IL/Ba28Lx5KqBgbtMdGkfRmbGvH5DEYGiA7h98Q14Lv
6300MpgLbVjjs3h5QPUYp3tbDr5fUJZvAPJno8NtI5j7KgbPJmQaCNejpqJGWx2s
g2X0Vmcsj7X24PHknpccTXCq5cAf0rV/59KidMJgjMkVhYSnJVJ35wteFmKxYc/l
lrcU1E3TJMOoUCeIoTUR6BSwuR9v4pWxkY8y43HZEqPK+lEx6m208woHTVx0YYoU
76/Y1JC7eDVpqFbOwDCUqSCOZmOzz0R67+pxHNSf6y78gLYEIySt3n8OViIRH69E
XMChkXCvj6dlynO+1zaFMr1XiFbxzlsIeqMAERp/QNAWAb3OIsqvAeZpG8Kb5byz
54+JpGZcYQ8VKkhrDt07oE5EM4ACNMQSzk4UfABXl4npNvBUbKZ3FRQPUsHEtLF9
moSV4lzGGV1pmgOY5Rzuwe5Td3Yj9inGZ2heTO3VywoBN2iBmk2chX2V9xoUO5oA
If+wmAz2SM3vwT71krjWztCa25BH6O3RR0bFikxREWrfbS3stygZlq+fzmsmSnBe
n/2AXYZAUV9J0M3jz2FPHr09/y2TBoso9ExI2kSy6pgwqnqj3q/tMyErXgl6FKOC
/OXMSn40cHCX7ZZ5ud+XJLG7bAb2izzG7jjguLihCL/WxUwQMQ46jzPaJXcg2ioR
PAQwITRsWGuWR3qyqaLeHBRzfpSKE6I7lIdy5cz2tD7LYrOnx3tJHjiXcyTbzRk2
69yMTNciAjBsIcg4VtJ6AKgF5Clxrdu/3iOMXtjOIkfvmlEl/pOsnhkprkQVUsgA
MjXBclOyE675ukj0TYB5Br+AJfa+beSgZ/5Hd8H/vhfS/0v6Mh6eFyaooWh8w5HS
jQg4TKzfnRyLMqOC5Us7UNZS9KNtp/g2FlYHYJX3CK2+AZfPtqn18XnoCF49rK54
S1e9rwAAa9gSYeAsoiEm3tCF+UiFlauSwzDgK82I1TCM7Vm4gD0Lwgi1z8OpDZXY
U7zavy4wLQhYVdKYQH+kItxxMvdyeu4v5+Fa2LH9+V/wg7lzMG9TmutDOdDGUXy/
LbXagLTbrPhLqPYVNK1kb+UMuSnrB+56tRJqdZnlC64kOEOG/nLa+K8p/ZE/2jZs
avakQn7ZXZs98aQ7NKFxNqJ9rgMNB1NMETrVA5Wtty+6WhlwfpW8Au/Md5gsdYfO
wckX/W+t+87UoW99zM6b8zOkFpfFNEgacBD3EA8dR8TWIgMXUm/Sq6ihlOpInqI1
bbtuCqcgogz3uKgDDMZilb1taTAutpKTFvPcJ9rMoxC1HYuXhyrn/VNCBGMOVE49
lAkoiyBesIPM5UQb+Ys6TQ7m/ALazY0PKLKPEWjCqnVtMkEjHIn5b6nDZvQwFoug
fW2Tnzi0k6OIgiVMBNmx8+zBj8wflkeqdbZ3hS6Akx+lHXVeNGFq47VKwojw0rIM
bUBUk8rMC+lxJWPebgu/l/+otzeBnSipu8sIA/5dEtVxkXExEKun/U/E7qQZD7jo
xscyuL1srcfwUd4W9intgyf/86rfJUc8yeAl4QOciAhjZvRc4X0Cf/Y8peIHRHAs
YKjQQYhQuCT04IqVOnodAzd/oGtFe3nvPu2uNUCOD/Ct66dVHb+n+eB63qeB9T1C
cqj7AAMSA56ZM9jDICPs33k1Au6Z85gsPLxzySmfk1dtcYsdN1Inh6d+olcdJXtI
1TfoRY+1xhTfavxfq9asGoQjNEtDywdi8JV8vHQ5ja5fC7LE89qGSkc/lRbTg1Ot
MSjnQSBVtjmPkNIt2DlWwtdDdr/aAPyK57hsXpwYMOtNSqCF+L8HirXdZ6K+7zBG
lJd5uB8/EFP7oFi9+MpBSm56GYN8JByRJIF1rSCyK0GdrUb3/DJSd/sdheewQPDR
ra17SMB/aysgT2xu2cPqlbr+/D9bGA4kTJ7KXp6WZ67kuUC3JtKkaGiqfcESDKym
mIglSN1W3BflH7fIxgszAdRRyEw01MaipgGbFsoU7sIKgjeQ56sczbl/PBJ3xS07
GamCZ6m44m5DhVs3k1vawuZqrSTRsxFBVrSYajL6msNtLXu6l4IPD6x9RZ/OCDAt
CgmX2rSBj3pg0Jx+X1nr69sVhTnq9LbB+GSu85eC/siDkcUEXaV5TzSXakE1afuv
ESgOpdP1YFDIyiJmW0SKS+5uZLGvyH+hI3UdIaDt+Bj1meBmI+Q8poXc+jAqk2Qf
/vG/2p9o7EWgawk1cuch6zDa3r4iNXWlKQc+lojXQdP5YhpRUcDKCGe2hdelk2ku
cdth0i5lM4YqZH71hP5M1df4uR8iDRjyTJCKGcDPVAKTpUXQ+GlbgzZxerv6XBuc
Ouxmi36H1vzHOBrGgJw8FdXIosD/O25gSJUGr5Q2O9YzOOpcvUZiU/bSglfsb8fH
9us8+rlf/qHf9Sa1HTd7g93kgTx996ne/D4xtnuc6R9bcUcYmoME14u5pRkHjAAq
pAv8c0dFypwWm77RLb3SdSIqhuIQ3TK34yh7wILMHOAvZD4O/jYfDn8aMFz9zYBy
r8iB26Oyc7F7Gn52aZMoLoKuNYpJCE7UsM1N2pkyX5DhkDA/JHJW/5LOtmFHfSfU
mtkh5PR3c/DcRjsSImjWAW3BDvyOUlgDcGE3dVKzpfCEDwTt06+bIHHpLLv+otYt
uu3ZbQCNQmt9jCh7FbEYRLixr/as8MT2HijNbBfrT5m5yyo9jAFgl5kLMRe3SDmc
5eevHjA7ymNRPVmDPAK2yoSG6agF39CmZfZZS07Cwdtha3+YfHIfEaB8tdSEC/YX
O9g9AQSjTCbfX1TK/bwitDFeTZhLEhQVUK5jCFJECQS2uOiqpgC7Hiv9MObH9GxU
FM+E+h3Osw0gPmaEGXh9+2V+tR9EwzyE7VPjuUTv/aMl0qdOxIldZWM63BHBqrPn
y1p4MId6l4zULkZ9m5xnXpBEOHQ0vbwbN8+qtfRTI3axZSbwAJAxvisUtLZDExIr
Q4ce+BNEMH1QnrKlSfZlIcwC9UwvzDfwkFm/zkiZ34NVPWHT9ep2zJIXkQrQ/ugY
HOQVEwgHODz88MEsY01V1n2rC0nFTnSMbnwSpOH+cqn8gt1ogwBNYBiyfrFbCSGi
7p4bUjO4MTXG6cbhZr2ztouRuGN4PWs5aWshQgc204U7mkldftGRuGxOHD6uxr1B
YllOJHEAQSg+Vm5mAPG7txzMHldLlsScGdwviP4TsLmfObJsxyr8JQKJlB9a0W+2
r47lIxOZ6+sTkOFIbzoCEH8rlwlpUIJI9QTZtc32bDI3bfEO4DFqUMvrN3cpS2nK
Zr62fWlcM6s64r2cjmaMno1kwYB86gwZbZbxB1yxndMcIcsKb1vpFpEczg3b9aoH
M+54UC2/YKtGc/j9xDZgQrivnN9YdMlXq/SSa9rBNGYUiALhkESxUFuc3Q6Kzxto
sw/OJVyZoDafAF/JnpcFFt0WaSbC4BCnLP5RSBjyHXTBYhN0JWDep/E4IJc8i8Ha
+LYIFuu7RySDJ4ciLleZ29rNlcEQ4go2H4GX8F+RlniC3oXHYrth6Hp/STe5svk3
ZtblNLDP/ETyz2oE/0O7NbRmncVQ3/rijaRQX+Lwx59bc1vxeLOOomatawh0+F06
UgC9UYXHpltXBnJAFVQaScpez2hene/b3WMcl6lZaWFbslvGjCQqfuWXtKt8KSdE
8ts/s1PAmLln0a/35q4Hu9gMTGT6hmxHm9gyEPNyLsNW/LkDDypIeG4KQ1ha12to
JILz8xufltXOwmIiMzWyGrMLWZriPhT2XL3uwutMHt++0KCcpG2v2HdOLvaA/+8E
Y9/M5N4Vd6hSNGHKapfmypZB9ECf7jnXEkjvD0u+Er2JJ5G73e2u/vY4H42Af48k
ZEKdBg6RRK7yZIsaD155TgOCCspcyoiHKmjWKzq3uhT76aKxmdi7gYfl0GOSZjc2
zNUyWzjrCiehuz/tdFUsG1hfjcja158/RPKmXKdIUBHpm6FQTF9RKhC7hVqEjXju
cVvmaNC1g3hkvBPEu7ZGsWj4iXG8YxskrKGYB3L6RVbhJuSw7QobThAIH1nI17wC
5JnUgILU3HzPFmA8A5oC5CrMO3u7p+ambSZO26DRtYElKk3TuynuNwx/UejPWX7j
S5ejy62kE7vsOEN4mmazRRxDxQC1RjE+XrD9bQR7/G0z6b0dS3BdxDQgnXIAyhLA
Iaz52rMo0qtun6gNFR8ynICetkwAgmtg+fVKqCIIQuV5zE8nw0fPVQfG2hmFf175
6+btxw+wUdUJWML/NjquSf+HSP7QXVRzCOVyLsX968iIwym7G10e+thPXbGhXqGy
SKxx7ZSw0SVDn89z3N58/Lfdi1x84gcEa2wVkssffysVlOIzE7EKTtU7fbzYW6MI
ihGnXkuQvAYwgKPw86nirrdHXs8nDIwjiuo7//VFzAwnqqTQxkXzbyDQJWZBzZKg
PC5GqEe8O8mtvanHZFYFytM8PDOxgmTbcNj2QqvTY2XK2nhV27ce7LLK1KHTTDNm
P8APqv3zVYKugFx7dyCVwPEpgayshnf9wGVfyVd9qHRb5o3LNJjxq8Pg1BpSOuzN
ocUY2xOES7b6IGm+Apg7eJcl2vmC6eClapHg2U/S/p2T2w5FhWnonCAhO/U8DKBM
DsMb7+JEJMCIdpm/0KbA8X55f3kkeNShwaDmKJMoEzVXiFMBNBLW/js9DJrPmL+H
R58bo2I8yRhYnOmvNggyk/pp/JMZm8rJtcJTyI06M1sNuVUvNeisMP7yVgH/KLGE
734aRoPQWSJA3IrY9h0lI+9zN+/0GB3db1zzImIP/17p88DPXeCW5My4MOhQYU2K
uuO2JanljJQs3h96Ps8MNMbvRqZGqq2poWLe2PvDCzu23/XIDLjPQk7b1Ttoa1rn
GfTjYW6W/5WqUrILkrdYWh5UBqtPdt+N0kBk3fzeOAheh6CGtt00T2+sRjXM0ABr
9g4BF8uBE7nMYF5KorUAdmmwgD3XzHkLTFBlVpD9TOLvQEGJ/l5kdudRSRQmbWMe
iM61X6D9wFN3XoYBj6Zs0CbNWzLnicOrUIgSwvndNQHUjOx7snPwd7EEpTahMbIf
MQILRvKV2PWXCjiKZm6b3oiMv83UINinANxhP4qdQ/yHXJx8FtUGmlE8/Ar7wJqn
UTJ5oICO2rANqCJdnok6ISs0fCYZ/6ok6u6W5sA/PuZKXLAvD4N+vM2ntvrySjcb
lpHKJFOpAcomoLOZ60CCix1BXAtcejVkNSe835sJiNCK/LDg5I4bkoZ6/SsbPS64
MkRCaOqeEK9aRD44B+UYzz1cxfAlbUFPIhu34ohFgSL5T9n6NQQ5ARPvoZYSYcB5
Z79+bYs8W/c4+9F7GAsIy9WJWuJLK1s2gGlSsf7uMkQ2t4ZblN+sNmiL/II2UvMp
maoMvSTdxATlVRmuvT0NX9Zh8M4PpNF4Fc6UhH0hqnHza1jYBEkAHeZytB47Hmq/
OsRY5sHEoNJIsoU0OUlQyKhf3CcyWovSl/CKWoasFNM07kb3Sc4sUmLBd964UkFL
THi+6MuOQvWusXO1Ba5g8XGvMB9T2B23R3Tl61XIFOGRoQ6ZOgnvPmvaEv6LzW3v
lduQRgkUnYXOYDk0riNqIZ7o1u+60t1MvpU2MMnRoNrWgj3V2QpPyV9P97r51Yk2
wL27uGVjELbcYNI0ufY2js7L3cfQoY6+4SqcUrlvF8z+RHKRHdz0D7V8pb6OjOTA
+/ugp/qFXJYPqSi9ipmzoA8+qL378pusJ0lXG+A0Bf+T00nzEzlePwflle5pkQxc
FpR9cFHYsr6aAmOqf9nCQhzcMPT7xQkfpn9hKMFwB5lbMRD8NrYY0SH1pfaEMDuO
jMNdqO3IrOTRMuHA9WYsJK0wN/RM7LrLaSQPTqpWMFZhF0FHgcrheuCth94Nvi/D
MEN/saGODFQJuqpyzRtwkMQGvNE7JW98MFk6gHxZIXisVn5BEksPfM3EqFci6UfC
bAn1/8XFw29Um2IynHBedf+fTmjxg0D+aazX1jxeGyZ6by8DrlJMxq0yFO1HtLcv
XwaHFeKrF/tD88VHsiZuq+ek/AAZmrD6C4aSTtJIPysF5hto1l0lIJD9tPC+UfzS
f2oD2FGKE1Y1KPE3uPlkovnvNfdnV0CPq/17Zxfa30KRZTDstvTdc5+sZNxmbfVZ
ZnbfQv0g0vo/E8iG5V2Y+gVHRhHwIR8E71/n3JXV51xmchvvJQ9JNJh4sijEr+sH
7j5oXuEeFqWsISVHV+dlXTp3GZvTAiH2qgMDgbGSP696+VXsTp1h3L7/PEYKQkCG
d/ntsjq4mGQhI49Je4oCq3+5qb9i9gU1H6g4YFLL5vhkumdkL4mw8KbQoF/0kmGS
EhzXvd0mPTrlSb14ObVcjh4pvhLJw5uc/AHgCukSkFde3n7Ml9mpqgcJzfHTPYiK
lBxfy0O0F0ZB5KgH/evozRKQZT5mLO0oFWbjtQJkGxXBhcyqTyCb3/zNGMonfk3P
Jc7+ooybNn80pZzYHVTaYT2MNVFqKfy0GHMBA5S6SaISzoKtxR2XMwKAMGqInt95
Ie7dK/Ief0WhNx3iCexZeJ70dAfYMbAqghJYEFyOjPb1I6p7div5cnlR87Q45UQf
2VLRlOQvAR1OyNk+DxXKFesn61mejZR+5HeeLcu5h1d0R/broo2IrZGvCK3oDWyV
meuvKtWP8oLn49fA20K56nG8OfkEKXNv/TVn2YqN5llNkU1E+d0v6vF3jFWbuqu4
al71ighPkUhWrVbXtSRydmNA/gjxkj/hPll1MfYiVOIfQ1wrpUgVpH50t4+a/cYk
jtqEEqPQtL9Jf91Y1i37JJ0KI6mH7ZIYXhcuPOGEzdQxj2CZxCZgIwe7Lb6GAu75
dLAIFwtzLdkKfFXyVlZFKig8ADzESPevxuO0TkNfX2hs8MB0nUFxziE2sY3XW5ih
vvaQc2o2KcpY+irZj+B1PoYPBaHqcxPAYgK4pdcUqkgjVmLSqxqyStrMYS4/glOr
cDWhFpYUAM6i55g5ojwK7WJ5HEws8+yUoniq1/d0PsiSfGOxm3P/cf1bPHsXW0Fm
I6FO3TFT2eQjLU7ZkZTSq1TrRH27EHyJ2drlQUM6aVKhSiHdqTS5hhpanPwfhd3+
1TZnWC9qLglpCwWjut+r9bqYS2hyFLbR7YCT3+jybEGQBXDHhXy+Xy9jixADek9/
IGKnmujmTq8F1akLgi1puSBFV08tOTrIiKZ9jV7O/un9T5IIq9eTPFu4dw47q67w
SUg+ped9JU1iMrer4gmdppjRIYheCUYSe9/9wmedaHLYkYnjNzHqZZlSlxROM10d
zPe7heqZGurSfVamOl2TKGYMYkPg9j/X0xejK0QQnkW8zP3Ptbb2z2ul/lIwPAQp
TraAOK74FHKLCkQV/B7Vc0TvoLbyNYWLwQkkLqvwLVb3FdgWSjO3ed0V4/lgJF+A
DRsBY5DLNf0hSXgfvgMa3kPkN+oD8u93LuIFRJp8+fGjcb2bMC58LpyJhhVUhFQZ
JNVxhWn0bzuF8VSZbyek2NeIGLkDCziLrKB0ncnkeD9Yry/dgHN2ycWijJaI4TcY
ixuCz6wtR5zzpxt3tPuY8NSMMfLW3+SH+gwGRpLS0E4QXbFCdsWoiuLduN60A2gL
5pICZpsqE38z3M1yL2yYc0Kl4BvvNlAsDNXnAET9xadEyt+wHDY1x5VSWONM5+/2
vgBq6YJnDDgP3fLIUf23nYDH8RVkRvewaKFOB1q0TtWwb6mmTVXFDEEsjjsHG9uT
uNuGWi3yej3Q00HaqWZ1hdj+gNYDBikIEyvTRwJYWVELYugW9KLJIBLA+Ha4tCbd
MrPj2jslCXcU3jznPA0f2elPPGC2UPhwFEfo4JsobAGnBbJMkLrFkGt0CId4KjOq
hBJzY+nG18Lad+pAhPixagmYYr6L4g4aJADhORtoqsuIleCw1MfGxpFYOhbdyJL5
NcQQwSZKRgVBKuRafocoIvkGrxdCaYbTWS27kVSvT5T7Y8REBMv6akipc5IrUi70
ouSl909sPj5dz9kJ0RPqTxlUCUN+5LTuzWRxT+EyOLFxX1CjibP8lSjovji+KG1F
yuHcQh7v9L/amc0MAsFkV0VSMKJQuGGoN/BaIK+yVidMO/P3VNiDHloPi8AalxLv
V7aAsUeu44NI+V3dnDW2KofLxCHsc44U+c/dpkyJWijRaoejiZ4U5G0Z4RxNRHI8
cov6b9CP2WhxfoCWqatcsg==

B.3.16. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9470 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5994 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1813 bytes
   └┬╴multipart/mixed 1749 bytes
    ├┬╴multipart/alternative 1128 bytes
    │├─╴text/plain 373 bytes
    │└─╴text/html 471 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500

MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAE0WeE2CZplu4oxW9silJTfwzOsPhm847d7z
qIXcjfvT8bDw1Ftlv/4KmZLDPdBnuisuVpyLo4nnCIwQJYpQgGBTT6QS+49zKBE6
MCBAtAEpO1EX96vni0EnBTirqrlYTpyCfovzY7Wit0AGZtagvTDbUFZ0x1zspCwd
jrQHxNGnPvIUgWOmZvE8xcUU7goh5lIMlCrTSo7O1VwvBcAl36MvP2cq5fMwshaq
5sG8Tisa8scczHgFPox8g4dRg3avviuPIeIWlhFHsjHOyxK//eXvbIAPvqSX2kkN
XA2WosMZFaOFDbreUYfH3vXXKhM/bN/ppP0j79SP/Oo0zcZNrFswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHCEttYG1eFD18WMLL2cj4QA2
9ufo9YrcguLxREsAqFgSdjNWumX+O6TbxzRXIRWUDM7Fgya5itiSeRX9vVMPqmoE
IqvVaBvUJrC/vpqimtsZ1DzfMILZS++8zKvhe65KULce+nV5uQFdCqY0haaC+r6Q
vo/Ync/CML6Gjnp4wpc5DWfXawIfTETdqw3OlRjeC1LN9x2Gm1rZRG4Ae220cevY
fSeUgEwOAhN0JK0dKJV2FTaSocvlsjSpqeEvrA/7PPTXiNhx3MpW/5LdnLVrGLWi
nf/8vbIMVRI1a6OuX5LIebtuiMcrDBW37Fz87G2WVfaLEGKlkOpuAq4Hva6UbjCC
GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHX14xKi0oQG2bn6PtoB3rCAghfw
CwTQY9uTkxfjYyQLL9GBme+B4ar0sIhiueLsLSpDqYscvN0BUJ8d0xE+TpJm0IbY
yB8K+Xu2ZuZEbKHDM6gkwMjUmvzrqaoFM9JdgEdV0xrEEAtZ5fo4CQSQdtOY1EcC
gXaeqcek2pnEtzdMvpecyxJI+Swcj87MWMQkZC76ukWAJAb5HrzxWR1KppuRWK1k
k4dSlEU+tkItRahC1nfRNdHbi/N4IYHFR/FS8efbDILhfnCsNrzhirBKkn+xCm9S
ICK3vs9rLRSxMGD2N2gvZlnijo/rIS38E8qPvgabRYasxvJjpm9pYnw8bna19NA5
hH44E1Nmd5/hF4MezlJ2HU4Fm2illB31TE0MPz+k1U/luNpMfkgBUnLEzGchYr4O
+BzewtTsctonsul06hFrrHim5LgtaRxuiAJXnqmArH1N62eoFxC3t5GW1O2O9d6G
hEFa1cWjh03xZfVOmvog4BUa99tR1SgQf1jkLuSGbYr8mfzufkCnxOzEZEsuumqO
pGaxc4oX5J4ZiiGCMlK9M2L1/tDjN48CcZ3i1VWB/Dqb6bKHF3eEoy6qQR4aPWeL
OQxiYK+mRcDtzOMcynvgGo74RmLMNk3rpjpDOM9ltd++8stxLRltZY4dlOfdlwu8
pO53BAi0nPEwze9ApPBqp5p/bPHUp1lJNAGXY8H6tnhgZ3x3RV/Ji9KGJ6GJmENx
SVI7r714zXjwM9FJHqCmzI2DKr7p5ysqZ+Qc8mw2CRsfz60LEKA6WGb0NlovfQXL
tTq0qIOHtYe9Ge0ztbKKnbzbZQL9kQ/32dbfKasQxDczaHjNZ8dNGhNr+BQ5rVWm
+8FwxmvMZDIX6Py2wbJEREUGCGHh6lUUGiX3GlVYFBnqI1GUxBUVzXxvGJ3cj5t7
4aX8GRvMBrZQxhwuSLxSFQ/rPyTAusVPphPbwAoav2ZaUIlblLr4yHbawssp81sD
svgW39lI7SRDonvdo2+qs5nPW0l9leeD9I9wvZM8AQ5q7mxvQkY7WDqX2J6lxxzS
jP3+jvr5vGOYuPGYGOZeuFSZU7HZGnPGFRk3tWG5Q1dRGPi0TWXzV1eZZo08e0cw
K6EuDenwxOU7i1LpC2xRxuJgdN4adAi2+AOd4vyJWxIvkQtcbzj57ZKPt80raQXJ
l/bGRFGynFRuXE510jBbwdBzvseKMOvfNFqB4nv6FMT9zVpGsmpesvDDUdKLDayO
sEqeoV2boFAP9EvIpmA6i+G27ECsh9cTUlYXueOdcBUHagcS9DT4oNt57euc29b/
yKd5Y5iE3R0v6VquqewtpwlGS/F2De5x3ETXj86FmcML0aZ9Z2sZMJmVy/Dw+ixl
bjVKliDg/FQZzGwsyynEcBARKvdKwM07/o1iYy5n8OouKlmIPUyUmDoix3fS1z8/
RXYV30BYKERlNHxpPPxzhD95ECeWi68toMliKaMsTstv23mJNwAEh6TrdfXL4Ls6
HfE/32ohxglD4q+sKg8V5QG8wVBnGpwBXd0yuUxewyeO8Xw1m7Y/PbCJvuSEj4G9
zSOPXka1ViH3tcnFedmyBugNw+Gs1NHCo49wllf2+UCpaoJcC6zvD8gdQ737Gl/p
tLvIrC6FZa4CP0PVE0omraIssica9iWZT1QaEWDZDSVlQQvBLfBpYA90XUHxEw2f
8vWTvVo+Wmx0nZMhlU8sen1kEcKVJNuRC6XDq3fHpVJXnPkdVKk9ssvJ8IfKPSL8
4cpG9bV7RrGymy0q3hDzbzCPVGe5EdT5EaQyQRiHOjDYx+SGyyHdNQD0nDOT6nh5
C+guv89wGlYFJnjpYOpKW9Ex8yo3Ib4ArrGLTzXqdZaMaA31oAqhlOPkfp15xPSY
clEMnTcEGGt98VSHJO1Ku3WDSC57PYd8QJsoFD4ayoYwlLM7Fc1X7CG3s4i6eJOy
evfhxLQLiW5NX2/xkCnEHhZ7wWyXc6EPA4CQw2Rz0wyYEjEj/JQbcWqdn9eQnqHF
6O0WW7O4x6zRtVMKYNkvOreAVL3Q7U5EyE4ralLZNc2E/4caDxANP7mXW8x+8QOx
uJ7KR4z036DYCtZvOFO7d9k3wlwgMSxwJkBGiuIOP9QQ3xWXE49TncQlTIaFV2sN
Fcl0JLepjTDCSVi1U+JqwjI2DZdAfeLtKkC8Ka4D6Bg+Aovdgq/0ev+dj8Pl+ek4
et1FTQ6Db/v2POfdiWLFdp1XzSHsEnQlNMfzvintSUsfGB0qOWFwPUj5jfH8/4hX
D0pxPixHA8PI5/3gSPho+wxgnbsd/j72VHlA+S34IinR+OH4SW+A8qCzcF/JGP5P
2TSact6pbdx7dfdlcW0J+QC8ity5APj3cOss5XDe3gs95JBgZ1AXEhypZs6avgoB
empIh6BBYeeu1+NuXmRxpzLQbsqNwivPMtK+Jab2Yw/ASZdqyBHJH8DLa6xi8yFI
134xG6zMmGqW3Vnxa1IS6opslDenfDzZ2hCDG9m6J2CTqMiY7ec3uoT2QysRPjmL
cx/gtUxS1L31u6dfC0buV7dcEzuBG0H7m/Lja6vk6Tr+P9D+j1cQyUExDvpGnEOj
fhVRK//WmqWlxJ+su/yMvnSj9e51K0GC3yYmMem8Zyx7xSWOXpnBrqRf/T3tCAHL
P4DgV/3jEfFtu0PKV7Hx05YEemLzppQ0GA1IVvnZa/myRLB//x1qVATvGVc7EFhr
vKtr6FYfLfa7FUdMiDH2cxWx6/Zit+l7JT/PJaKTspmM7UuxWh6eBMEld7GZZMT4
zaYrPCTvK+ykLj0FMs1ddbQCuD8BROzV/KgmTpiLQSmlcLpkGSODxR0K+8YVXigQ
tOyNFEDtniIJQ3VoejaeLPX8YnHJPft4R9qAysU9wFdGJ1VPNCuDH29pn/i6KAPU
Rl8ALoomj6W2htvLQtIrnxIcrKNpvd3FyXS0/+kSqT1WMfK1XdaYxYK1f4AR+P5A
PGsmE9TA5lfkeYild3osdmL7/3n+x8LOOIDVxps+XdAk4MsQlnqjoazCysc+v6yi
Y+eMl8nsaxiTt8d8JPS9BpBUi5NlTlCmGsdoYEBjMPEso4/irjuckLKxRDb8S3U0
o6eo6x5IrEQK3/pw6/Vngiay9f32Rc64roNaCKcfgSl4MFJA2g5I4zIjBCL4stzN
E3tHKN7dCggwABOSxThjlBo8Q9/ZUPRNXyGlMduAWomNV5SR2tUChA+G8YH4ESNv
M74R4Ij2moY9P8Pl65M4iKWBGwZ9eHwgHKZTkDBNrOvfwJlcDrjinDhNUwRNtFB9
hkUY4ZAYqInsedNkZRI4PpSEl3jUtKHILRx4O55De37pwSFO04uZ0NNn7xhFyQYU
GXV0HxOHt+AkafP9TLFb76lN7WJvPHF43Gl6EYbOVYUDJ8XRktk1AMX4WH4bNz1n
ViY421ca1q1/NpziXwAUEBpKWm8BR6mcBvZzNWoW9C1tQjWW7JjK5FeRLlMYDMko
r07Ra6N4/3ZCk+e5bNbJUDAuzb8eqdmGP6X9aTEE9IM+sUNeSOCZsAZtmOknyU3A
0eLkJyhzAf1uOSIYkD9SrAcsO47mpycYfQhREhwCbzYdM4AX9y0TVsCmVRWBznMK
z8i9jdnnKQYsSd131h4ZezvalEf4mWGDWY5bdXYwTwJfaFRPNzH7JqcMrQrgWJ9C
7Im2YgUbOfTCqfxbVGZLstzRcONhn1v9yjXm1LlaaC6fbApPfolBzXSToXHG2FB2
ABgF+3DvWtltSShKbmqUE00Ppn2uz5ghChxt/uUFupvAntbIoHQPzsVB3GHiyN2p
pGgScgaIelUp8AUA/htPDdY2Ia0hLmGaxF6lpO3yt+uzAaWE0CSSsUJBBAT+kf2Y
8WMH1+54KiyyujKFU0Fq/4JQNQ0/JvZNNx3M44rpuTPwpecL91ygQmQ2OLphlKyJ
Ou4B8cJLexmiUz8BHOtB+xKWfGdnT0OLzeNni+f8HzBPRivcWrpdyyYgOJ/YZnF3
5+tbP1UsLo0GOjtXL1Egtg71pcgFv2RSDzYIsYMI+C7evP9r7GPoZeqQoU5d2fh4
hi7XGx8Hz9FlG+qDWhCj3JQUjBNxIPiEbP1u3N5ec/lzv4sgUwNkCcGKooPpm2HT
ddHIYyRnAGm1/om3HwMiZ+pH61slauPah6padnXHkX4uxNwDURuSFbhcZugAG4Qo
UDpgSuRw/51av1cLzEN42Y5FFkHWpVZSXf2+XTbODGYOWK4B2rD8nAP5XGbBKpOY
Zcu9I3Z+/jSkHoO7NFk/SctQmcrkz7CBG8Zg4E6m1XTdI+G4pu2OV3AWSfnnUKj0
4WnRDhyqPb25EN1dTQAGm9R5ltwb/lVxWqFKjPrRWzkifSZFKjIbFpWV2uqYhAeJ
+KptyupEN67BuI887mN/v064HR/Vz93Uc4b2ypaOb9ZbMC1gbmGuV7ckFU6yBuYd
RA+KadICGwJne8vTRf0KnU1ccldqyz/Zz+uNZy9KMx1E7DtDOKU+0Zydl4Uoeqzv
4ExE9pD1QIc+XHvxeqQGk5wAYqM+65cw4J0PDJNTlKGoahzpyiJIBBMvh6Nlhg4/
Ac71Wyv8yIczLyNi4wR5Tvq4I142AH3h5y2pzrUR2yTaB6iCYA+jClpQsLpZoTn/
Ry4x/8wxc6+tXSXsJkTWaZCDyEIDX8TXJ6nvcDYQvLek5sLf9QWQeSU+VniT8jUF
vtC5q0Y7BXcA0ymKtHFSB+rr2jJRT+680orbac2nTacuMF/YcTKclX0TXbLRFrqd
hMsu9An0CLG5CTHIpb1VXhEzuophya1aWsXkfRkU7EteWNiV6Mfg8ASVykh7HTtE
Zgn/i4vhp5qzEB5ule1VIoevtWmYQxuIqxphqonucqf4AH32lC5S3/G4OaLpJBDS
DKsGVxF/u86KRZRN3euuy8aTz4pKxSaYp6IFpA5hNZYU8vk0YNd1wFd0K+d+JB4b
y4tm7ipaJ26YgWE3kX4v9PX3v40UHMQVg+0k66GF0O0/bveWv0wg0KtbXWatb9c9
xO3ZRWto0h/l+oylLPCSROnVbBoICJ5VHgME/bIvZUIGQMKeWv9f3VQsI1k4J+e7
JX7SG0bfnuMczVS7fz6FEAV/k+1Z9HvjGXLfjTLXAJQOU0gZYbsr6ZfaAWyUmgBP
M9BT4M6ucbdvNdKd5AFMyg/DFoH2yINOBjXgEOio+m+5x0YAKE2pUn0W/9xaw+zR
abZTJHJdEdbW5YXiscG0MJKt1WWVjy1fGq7y6mgi0XqTMf6cY57DzR9k7hmywrpT
6Bg9CStEDPEub8kNy+IafignKGkHdVwjXCC1Ly2U8P50sSifmvG+9vukY/E/IBgB
J2x8j2OJQ6FaiQ8PBhxVo+gudwZTQ4NKpgCiIxv2CHERaI8ao+DM4uNmD5T/Kaci
QWWG0mA+SA3KVvqMreaYKnMmwvtTXbet8zMLHy6knEIBe0v4Gp1sLsr7IugcKANl
q/IahiURHLXnsmrLVPjojdzaK7uUJuuchZsuuYVJL4CnV/Uo69XvozltlZ0APY9i
apIFDpZuF8tTBEHTU1uY8mCY918T8CqIcFEN1N5B6cieWhbNCzgR4C1Xl+YsCGgs
O9dFKtOPKIMJvlk1WpDVIHb4Ae6Ogv6zIUmfnEQlGZzYksOauSQia1EhXYly/3Zo
vQOenTXQDo2WuPiJohwP3Dh6qQuDkqgPmnhZ0EggdbxvT4xVAvRc2jwOag96XwqF
WcLgkKDeIcORd/JOBuCyMNPF1oQT4Tqse2TrGgRcbxwLrUAHRhmYhuzvnpjSt9x+
LCzkF2lGNorizv5Nc8sPSDIzCNKjC725BS65BUaRBQm/XywyZl9TkQ9tZP4vkQ8Y
YIuejmuJFpu2WD+IhoLVKZgQoFckYjCAIdXK2XqYlpQFfUmcYmlcUbrLlyhwfVZd
PMFeFvUmIwmQxeZv6MYTyDWg0OwRLDAxsBlrDER0GPbxRsz8y5xrlNT5oayp3Ehs
JLdDuhCHe3i/TGfHIuh2NUPBZsmGrNCMRCx8ersWKKKATqGm+344paa8AaaQTVxb
14Yx0JGR/21YqdS3NvnRwDDtojwYieQb1rr3xXae9vFF5xXgtOCMMUiyu4GVuy/4
6FuDGu9OAzayfOcjtPQLYTIP+P9CNEagX2y+/Phsh9lw3fbjkCWNG3/A0I/u+L3v
gyFaKP9wfi7uzcebxDlotFmdwSzLvO4idtjlA5F3djh9ZXY/R4cHqVuPgTnTJ7YE
Q6NzLEHlWB/X0xX2wl6GwA0k+hFVT/MX//+a4sf9dRETuzqbetGyvbqJ8whNQeh0
7ZyqtGRPxrBsipaq1A4NMTTjeT9usAJze02GuQK8FwBBhVXAKSjeyWX5eKiSIlp9
X0ytTitsmax66xCgjmCU6a0zuGHMvb/fih2RnuQZoEVmU/YK8xPWsjhwR2vOo+HK
k0XPfZOlDZLV+ZNMn28Y1wtfBWt6EAqKsQNT/pdDWjcbnq51NOxGaK2yIuznyew8
KGk0I56x7sixMIfiye1v+vH5OzX68yxjxJ9Wf3ODjcLVWTs0rEi9DcPSXN2EB0UI
N2Ovqz17RjsA5+YDmkjk+DnPUrKJ1IW7B+7Tyx8Xec99AbsJ4kmnw12U56HlqCdR
HfOWgI7Ci0Sq0gFozVDV6sA+AYuDGURGaYdWkBM+4VvoZyb0ZSplXW5TfrppRnmP
yJnmUrRWotuLYxHnV1WsN4Tys2KAXYqbjSj0aGSuUXQxjzPrkqn5cLwxstaHUYr1
8TxNpQd3uzj2E2Y/Ud485aZR5d0VRA6GDqZc1V3IV3eYDxktBC00K8rT4jhBsUkq
oOEBjlHqIrRVXZ0XdFAjUO5ihzgGlvTB//DOI7xzpmfO80/ZREtNT7LubT5q2EEe
M2rJYeOK4anWYGL1IIsck4o5rAT3Wyrq3qReKPAk3Vo9u4PIjmZCX1RE6Ypl7B6i
MoA/zdlp5fg3kNziivSSbTeM1vR+Vz3XD3/6IeRz6sTZJF2+Jl8N47+W7yxPFKHM
mia1KU73fNbjXXp/4/l9bZAYFQoatqCsxqTJSAU17f6klXVYsKnsnHMiZcvlJ5OP
/2Tg25JB4Cuif2UyYUDGTw7ZAWSnVQ56eYYPIgSqJE2+PBGC7a+7bKZLeZoRpzuh
iODsg8xhw+olSRMO5i01myoPWxJV/hochADoHY+oyk+9Gy3YPHwNUYZAr5glMYME
m+BA5aY999241lkL6bs3JZsdROR4/m+eVBhfGQq47jejWWcPT+iB9/jPWjfLEnzU
bK95G61z2uXASIDKVR0PZbsl8/YjBHsgELlVgYXG4pnLO0L+jEEZK4PZHkOEFFZ0
0cGAVObOkXoIYr47Kgy9RcxZ0APK3GlKmGzCzppqu1x981MyIxllV1ZDkFWrYyCZ
eZnQXlBdB4UkDTHBBqBDWXKpBHqe2lwrzrNDUTz68DegE7Fsy3RtNWBXdDyNneyg
6w/rfYkj8i5prYqceBChIsHG0HHoXzpdKAqkBL6WH8k1z2Iw3NuyDFwq0ubXHrMo
W8PFxlyh00cdfI3aecM0l7OH+eo/fFzMpQ3Fc9VwEYgFuMmT2BoPSeDLWpInOAKn
5p5sym5uRRfrosszXJi43DkQJuOmX8gAHM0IfdKkxC61x/GCQER6jLoNBnHq9egY
V3lzG1PdL2XjjgJ7Gm7S7CPTvO4uPi6/DW6xIHS1N8yAfvOQoORvUA+feom8lXkH
raLUgRGx/mMyAjvnDpE+QKvXNVRqEAPQ19p6txnh4uB5BvDn0Fvgqvi9TT0Zh0qM
m+rKKr4yJONSwAktkWlr+h8JdcOonx3AD8bMG2v6jNLQC0D8Tab2NGUiy1ruhf00
iGXn5rWe3q4mwmJhEOgTeVc42rURcOjIrh5njcvwm3kMIyoF2v8+1FloQcWwYu1G
8wyAGJytXy8UNi/W4/MR4Td5tVNn3sXIjoRk9sZ9O7ILfIU+4c7067N5VtkAtdPT
BnyPvEaM/hyyXTxOZ2kVXx3pC2EB4HNQMI9AJfWFcpw/tPupk5JRf2bs4CD06tB3
GnPORggcMCjGhlIKY2we3OW+38sCY/lXgYd2FWOXupYeEytax0iQn5ZcJlMLIzQ1
vAtwSP0ighGTimF563kRlmbveO5H/Tu4MWIj5kr/88nMMFWKdIY9FG0NViwfEFxa
Ieem/FtXVZu6dn0kCG5Hzkwv5ITErz4gaAJpbCWgrb4=

B.3.17. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9490 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6020 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1779 bytes
   ├┬╴multipart/alternative 1132 bytes
   │├─╴text/plain 385 bytes
   │└─╴text/html 480 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500

MIIbXAYJKoZIhvcNAQcDoIIbTTCCG0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHU8bGe/H5LsJ+SjrpHwt7+3o55WiMyCIM8u
JDc68NB26HoxcT1KAtf33RWDG0EF3HshliusIPEIu99f46HunvPjw3oIBJlXcMmQ
8CHOFlx+iX82VOPuiW0O8lW6+aVsK3zZF8gxiFoUh/Z+kgL06L58OPM8v+V2cwIa
ApYX+6UXWvVY4CBZgpFtv8/L5tvwIFX0Zv/Yl50d4U/jFzc7GVq8Baz9JC4UjPrw
5QYctjl3CCCLNdssAzgxb0Gb/2qXUkPKNel4HxCBE9tWVtAT6N0pJ42iGEeC87yy
RRk8MhzpaVghBs84p17CCHt/5e2x0Db7RS4fFxzr/KHjy0daW04wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjQAOlUQpwd5dQ6rwccqfmudD
4Vr95tB9KqwFa6dQkQ+ZGQPO/rJMcL7aH3xKJZai1UmzD+B7Qkl2TVg/dCCkyxHC
9OIIRVw4Hd5H90/K1zxuX5D8bTFsZrbgQMhHTo6GnxZFbkHrW5Cj/XDYmpFSdORg
Sl/IpiWgxp7mkCM2eO5V8aQxf7gYn0AXW+IWIXnG5FsSO7ViTd3ar+/n0UhZDuYQ
iE5Sn0iw15b+snWR2u6ECu5COerDvmQA3y3p1DTBQzGpJnj2wWxkSqaunhJsF6/r
UCaRcXnjTtoFVWegVaY8P/5ZB3J2OpZj2hBazyYi7t9623QdO3PHmT8/LeDN3TCC
GC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIrz8pPRFcIaD2K3N1GCAaGAghgA
DGzTGc1dSEpAV7+00CnAVac9cDEwSOG4Loi6QQs2S3iKN1F14B2sdxpfOQq5uvGu
vfr8Q4g6fYkQLeyJd1vPLjaiA43chMeBl9+2qZVb59rkj19XX42EIHtSplGy5/IU
5S+BLxju5tV6lkj/akkXKOtUDAaVv7mtZqQE76C8W9NyLj3uKBAfKNngz7KcSQXz
1Cc4CTI3/S9C2BmV1GjKwLYxS4ZD5S0CEuc8NIUCPb7WzeesnVkN2ZFZoq5gLrns
DB1gTxu8a2vU1cVklyNohbqC+6IzkCaJUZo+372R05nRLFlwWAXe0Ur4yRa8P0rT
U0XJ/jo0EIQHLkQ27DKmEd8DWEyJZsFz4uAqqcjhlkLrnCgSGU3AolKkzXvs9VVI
Db7+E73GQJ9gNU4dDjY+zrVC/ssM8JmwlqKQ9SZ/3p8oLL8LVQ9hiC2j1XH03W52
yqph6lWkdBL3snl8M4fCre7ukmBbY0Z8JCIFu2lqvMndcvuIy6ygUH/Mjhtz7soV
6E5/nuTKWZgQN38LFnjm2YeILU0GsmBDjwfyV8S3aTRoQPk3ibMAICJi84SdzIo+
jNrYikZK3isLflU9PDfle13cmmLcZibK6cceDwFyjR5A0RNgz/D4LIEsQWaq3fW5
sw758e8mWCbOyXG317vh5TV2Y3wTy8gGIeflPfA8jCSVu3xnMxNArq9AcntgEUGR
k3C+UefHb1CWPC9+aW0/U83hFyelfCkuAIS39aFVbI3WHdruUd53cE+D1qaZ7AlX
Dga9uH5Yv4RFkrfbrTntd88k2yv1K6sXYCek+MS723E6NS+cRxpUk8d7qIbIXhDd
VAvnxtb2qrk7LB/lK0rvVyI2UaH1xh6JRy8TjJqxA7WpBnQ9EM8WBtruzQmqmg7F
S+l8EdGuKTqG3xhFjxK6Y/k6XndRiPWn+GpRv//llAFqbdm4ej0kiG9ieSfzGoa9
cKQYw6C8u352uDaB6Ek7GYXMH7dywq9DJOdTpojQUWr4QX+m7Q1qmpljgLfzylib
qT1Zw8fYTq7fU3QIvmFTZBYkvoU3GLQEOWBS1rPGapUNl2ntj/arj85BTOdMZVVV
m1RN5qxtrJjA9IK5oMImYheqq8T5wBQ9gftKDMVdb6pPNqwTu3nbjyItKAt8OL4k
c8IbgH5bTuNcVMJNlUIdxFoOEudnJzirckB7A1RfJDlgDq0WkaIBQsw3YV2npfaP
D4lkf8HvyvTE6QbEDurgon/rDy6TQ2+bupgrsoCRw9+yvm0CHjKDOvk07L5ZNo5M
LALNbBRtUgyyM27hkmYKSjGx9740ijlzj3eKl7DQ6XPlhxWPPfOFCYCPY5U9440g
1unbhT+q3F4x7Lk4U726O3gj25h+SYJiAf+5jRCCUaOpjAaG4ex0s8kdEZnvSLH3
0w9YmZr7w43Q+3C0IY/du3WCMkj0EgNWeDEALQIo1j3wEVOWIxNsynfEP7ilKGWX
/L4MkeACKDDYMbXkvM70khXuH0APAGmw5rwuEUH2Nvr4rTvRI7QKMnDJ9BiNKK6A
e2gySoYelX8c7NeqdoEVUUyigF3rB8LNOqOHqMM7AAsAyt/yjFYVXxze6PXS124Z
ohTlT3vJstmrAfSsyzc4q29tU8Aiy0AT3xmUe7lN2/QNyzHIrp/KjC6OmNFvcDLE
dTXLSxCUSLJby/rJ+YH69BJxledxdfogY7JFIXM3+4Hii5/JAsuAGkGpjsmTvc2T
X9pl1/08ChdT5m1wRo0PqgtXy3Sfyc4hlFDhDvCk0kP51Lpr9YHe51HSRx5x2/+i
mcSbDu1LU+2wNdu6g8+OResU5LvI87Mt0sCFRvV7yawg3gIt3tZrsStS543vilWd
+rZ7NQfC+GK7wBeP8xcGmb6LgdxTpJQmW7bOfLkIzXQHd6cd/Ezm24X5WjMkFKeB
HRJPGK8i5FYjQW8I+26mctTjPmo3MN4m2aUzU934aKZWnnlHd21wahtXB2Z7CNJC
7gpsed8peXWUzQ+ZTf8nx+nMpq8OdB4CRJl8Ah+GWBu1tkL7P1VikJIOQWE4ef5P
+wSn1phsQDeZWxyIGjcRcDwah6KougxOu9liqv7Hcy5fbgSDH0dWTJ+mARcQYiP8
EgdkQ0rmiJJ3INAclG5jle4545SJTrIJqC5j2q2oRgj7JHe515QlIfzpfcNOxi6v
Cv/51Srhh9vovy9f6SE92adrBuYf6m10EpR0UT0iYHKPEwCFkA73K6X8crEUXvGA
PuvzXqqC1aK8kYcYYUKDy3wkY0L4XaO9iNHQ8YDC0bwUg7Gcexee5H5IOC4F1lRk
sAGVv6QwESYsAikD1qS3d+IJC0DLasJ3OtY6ibSjNBs64A/SWxSVgrmkvyUK8GYs
bRoLyedYYWsaJLIE4w0SR4LEcNAUsS3IXFgmwzuZfwI6++kVnYnP/Mzfhai3pFOy
CWn3Q0n7egRd3athFzhalQMSo/F6Nqvp0cj/wQu0Ebevqnnv4hEi/QAVkzH6wWed
bo0JZaEOEfHHVtK5gHqTbcD7tIxiZGIri6mW4CbdxMYBsMdA7D+CfjmFedVCZTZN
Hhi90An3agODUXbE2W1tKMrUfxwOS2StF9MRWmjUtoqkqQMp9CSpucAxs57JTHER
ex/IkrkJZUZ0dss7foEB5kple+JLA0Ilg2EzakCkcoC60TkTY/X34c+azZPLeEDM
vfNA5xqoiMWOotE9WDh8wlXphW8IHD9ixwPCaZGUNx75sQjqOMxh9UcgRaaolvFo
XfjktjmfHbhTc/J3VyMxgvcS4WIU+w0Ru+DaDVzL/9Kl1Vdyrbel/SDzccYtDax3
RpgWZC8/8h996H/Xr3p6gmFS10cQApU/SlvU67Ka6A1aBEIJnrIbv0r7hefAJPe8
QIEyoz5WYJfaHpHSg49BUuS/vQB5XbvDEbJbTutsF7NWd/6/8R6iNI4iRtfYxrSn
QCu/yy78iomVpwpFR5qdRpwIIyigs4Do8yIEeKB3Woy1LHx0bsWrQqvQdVwEIszA
tMkqlW1BJMTqPE1aQY5dwtr/zde2gZIIv41NikHHaOE6D+q3cNwHgUcSeRU1B0Ws
Y0KjEUhkb1tGlYVBsvtYio88JaQbsNom2MRBJE8eW3gNSIeYyN2BuUeu3MGcEuhb
x5kymYoD8rnk7UE6zrDc/pZuse8sPk/LMsPitFL1I1QXRjRyc4EhINUCjPI3fXyp
8rN74Eu+lR22AtXc95TzUr44sr5Xi2JC6ZD91jxexS1TRnoSkd/ODPD00hktkn49
9vLH1HGtGFRg32LW7SCS2gKQFRf+t8DHGQBKyNt/UoOWGdx9NyUeFS6bqQzlTR1z
sw6UpnfQt4UuJR02d8Hv4OC3IVq3n5NFEGi0301Fvi7v3TQ4Vd8j7nYH9BR7IeUb
eES3imAhN20cjEOy5cwn/pHh2TuZQpoEyLAkZJrZzl57Uxu84xRPSY+OyDUU/4Rw
L3M1pFSTXjG7cJeWS6qYJx6W9M/Kl6XffQSvV+a9tghkCk6fddrd4Zm2DzxJJZ37
jrdVAxzWoi2oFTLUccS4P/hFje9j9rk3iJRAEpVY7178UvyemgA9OwkYG342DQ4s
+IR1S059lYjYf0XywFewBbkdLk4Jtnt1ObNkIxVLeaXtZ9ErByUrG4Mw2Bxq/MlZ
/BEiYdcoHUFPzqMckAqyOrng/k+uTkDs5OBnBIg84i9EAzrfL3iCW///1OMVAml8
edoavzvZ/fJ3JyClx/+n+Z0o/zbIb0CD61/nT9c+65UMbe8FlZ7Jfu7G883fKFk4
g9EOnjShWVRgW1xZoTm6n6q2U0cazxQeVMswCe0r5N8+hw5WgW/9KhEB56Yy756r
GdoIUv2dtOJBBe77EtCLU3QxqfaItSpsgErm3u7pwHFW8t0FbgaoB+Cfln+c7HWk
5G22Og916iK6k7Xba8HETpcviCtUbKS+SKXobr9ehgBNjQtmUG1MkUgxP9GRKBGk
M1WnUD9ZN3yyLyEsXyNYRr8psmcS/tHXcpUlTwyKfS2wrNfXUFxUggcyqfkUrYto
nTN/bThuRWHm1uji69YLvuSGZTdjn6WvPhzG0D0WTaimHrH2LhIev0t7gd8p6461
Ke9ElGsTojuv+jE4W+a//BDVsMaXONzrmPJFPhHEq+ewSreJCn/dNIy7LwzHNOtp
RdNY3oNXm3qIQ4ocjo53nEPeChi5sMxmdHTzNvVSl9s3baoLcrSfnSIsczX6gevM
T3exb0F2ABkqEYLjK94VepPsTVJ8o5JIxaEMTFyXU42em+gGhFD/clr2moylm71i
zbAFGP3KLDN+nMi2QXmoR14/4VhIs1Sdhs/OdlbsQKK4WBGyRhbcYepWTY0qPFh6
0vOxXtN/FYJc4b2h+hBTsdrGdiOBYDk3pfKbS4R5z9FnYbP2LYiWjZ7sbUW572J7
i4tdRsuAdJr2dA+TEk/d04x3xJkxmQ2xIaBmxmaRZbxGKUg2Jk/ndJGUMLih7bNi
3Cni/051ZtrgXJZyWn4CbawvDIntdK06KetGrrs8CzeUTPz7XOpOucxC7CtDB5Am
W+s+imvEUX1fGqNoI+FJtevc/pcgrSFk1NFyRQ2F8R6hra70uy02W2Ta0FfFZtgx
OGboryID8EkpBvEr0rEjxSDzdWnTpbD1RlxKmhlTocft0N4yRfa2MLAuMhIcKY3U
sKj+SeSfdq+v5UOuEvr4RDuEsWRgFlFeDjv1VDlGkDzR5weT1d1bYXv86oI4G/9V
pE/86WG2xzyEYrHuUW9/y37EglGUTRP357gGuZvqvLWLo8+TRRWBDHfxUcdlXpKW
R9ejNA6slpC9Pq7s4cB1zcYMH/tX4o85FCLkIa6PfNSE52Dui5AXo3HliBeUGE4p
FBBAbc2yK71L6vKp9ld+a7qhzMw+gEKt9bjLRJbSlDiyTvCuisK2n+zW0NZ98ftn
duoTAWi2pKRw9Tj8csKNgB6XCZmVM0rA0sdQGjRK5L1WFJAhw/tuWA6ZPSXeR59R
xFlfoqPCKogCImWSokmduQ63dwSrr4rQsvKLRlQCfpv9c68CqFEV2fsIFtcfUAMz
eYibzi+Xl/t2XDPZ9DYpEopOGcfAXvUqSzqbbcAnvaOXHRcECJGmW22kvqgbDwiY
Hg1t4LkyWAG2C+5MbFfB0u6U9NVgv3EnPZceDXMTYWhkUu9T7QvyQso+2vaOGt64
4Qs9he5jL9cLamEkdmlvKhSpJ+uig/1srw8JS6ZNddyCAChKDuVwlW4y/A4Aj7Vk
IUBampf6jpzmlaYtkvFUG/X/PkKZYUZsX8XSRTHJ7ngTSMfh6pj9ZjPbGOI8Qnob
sqdThBen8dLsMS3SS1jg9wqmh1tKV+0Ni0x/xLy3weoC96ujika35zZh/048HKN5
6104KOA5PiQqmwGSVskQMy8kBZPF2IEOrmQuZUmrz5w1xVGYULNPNhUIscXDGV1+
0ws5mOu9BHnu7OSy9RjJIp7llfagI0//22OjQ+kwxpaGsSRYN0k9ArR8LiijUoUH
cxI/VRAa+ELehkMiAzHma0quZ1bztVKd1ISono5d++7W9c68myMreM5IHKI1DMXL
PfIEvCbhlTOcgetvn/y/6nQDMOTJuzeh1p9un3rIvfVfJtbtId+md3gHa2JRCeua
tKifW21hk1Ec5rU8x5n3Zcnf/fupeVkkt90fR3NNtZjLKPh+tgvOWiUUztU2Mjpl
eZ3p1IWgfdLKlmW9Ct2kMXMrEaJILDbC9pWd6lKUTpmXwJSDn2sifPQkfR/ClmAi
3IUQevSy+HdGEDJmD0lcEr4dIAT/rrAAsJB4faO9oNrU5uJ/gi++qKx0olnMMMkS
36ZJhczlp7kiZ0mqF5aVGEAwRnP7cOrrViHDEY8bVNTFTiJJKDjLro4w6dbaRPJ8
xKJgXblHEOCDHf3u91gcKZ6bERuMPxTXcqvTGiRQjRmPgEPUE08ktgBA0Va6QoV0
1g+ntpIzRmek8t202ITq3Pfl4XW4O1s8MrjDu8U9KatnPlf0eaSjGnhRtJYZO+6z
vaRgNzqimwjUCyJiuDJjqn6TvwdVZ0P4qCbNLkpBQZjyevAcLg56nQImgBn+KZPZ
1kPOX93JWxW8jI2qt3xsTdbIT1uXVuPCm4AOMo9/LYE/g1/PLejwMmyCX3mw/dS1
avlPSQ78JwubirIjAcPz/iEsc+6TRobJWFl7ixFC0fDWW4XwTzpZVqYkcn3qrdQ0
txX+bV2+6+F/ZMf4OsXUN3RxsVveT99cGMyJyhpWytCGOE5tRd2xB14N2VsO6r1R
M/ZhnTrBjwmEZLzwKXMhnE3rRhubX3JMgQ42jLEZqtfyzGh3Qz5UOEN/eNwpTTLt
h0kqu9DX1/vN3MwTYaHHl7MMniZsZwUAlRLBwEUpMipuTOSiDArQqmzi0NFRlU6E
4TuxVFnQZvI2PdCccF6owNBxQX4jz6foY6VVuXTYaVl1F1ykkwRrwPU7R2gY2V0J
c3a75TZ7GZq3EZLdPz7yQyMS9iAIvjzgIXvPPcXi7zbT+eUPPEc/D/jY5SUuirj1
OPy4xxb+yDrtilHLDzvZKLkOjT06S4RLA5CdZv0HLWKMvAUF9Qyb43PaqFNRjEta
TxiqKyIrFKon2nzbOiNh8W8z404/1KBAOdn1IlMhGZ4b5hOWsY0KY2sCr/rqRJs0
yxdFL7o4QwtONtfEep6gMBirUEpIHXkqfYlj3nBLuA6X4WkoARkLomRn1c0O4LO2
oxO8bZSmTNNWtlB1K45DjxQft4huCMdIa5N5hRfPUlG4G+Z08tjZRYMKuHi78Ntn
SKtyo+9XOYCaiOHnUOzhSd0wXpZAVtixrhsKZJ8BeOSb2HhJW23hoPUd5EI6h0tU
P8JT7Vfshp6nc0nm5uWc/hGb4+G2F6Qaea19ZodxPquvOOgzw51ts8V9rTlxKfKh
bXrrAYYVQQEXLw7qEeptTrEIa2PEb/ALsXboBcvxJeHE2esGYFinD/w2k1bMwqaG
KebiMZTB98PvrrwTfi+mPl0wHA3FmRm4B1IPH18yqgPIqHZPWnKZHyN7D84vn0B3
c/jGgii3mYui1iNu78cI8l5dFgXektZv1A58e6zUO6kTd2ShOmT8NJkqOg1AACVT
5n9nfFBF+WLdflN1dFIdxc7Y1XCth1i+RjuWC53vASEbdnzMFmCuT5bh8Hh82rFo
UbQ2Y5ssuqI6F/onzAh7XezjMGFzDEblF5S4WrGnyJ1EcikxxJ/2zV4lGacEXWDa
kFvC8oHxlepSFtq9B2b9/ZJSVwy/p48UyJ0/buYFoYwME/FFvFA5BU4Wo4UvVPeH
iVDV8mC5cH5t2HubjV4332LFKpqSIqA6+BLhytDhOx9I4E6Ns078N5/US1vVZ86i
6w1yMcTT6SXn4N877apC2BgDR3T/byu34Y2zHUjTW/4YQJQQqFVQq9watpFShVbx
OmLPa8AkZOmScgvEQKUfP15p7zZXoNpWMMSwTiALbDYiLTGVi0bh2EZ3voRqca1Q
oSSlHtLoxpSrWtydtXlRQZUT/c+crTac+rxw2XmgfT+kqovdHPqLXhfZQTxdtYRO
ruIAiWG0TbUUsBEVOqWY7RJjGflWTnEyCNk7Sk6PdFqWz7T7hRNYCbEEdVl4fbK+
rpxBbmdpNQxY4KQOumQIPxLj/iPtXkCSu5qVEgpHyrBsahu9kaCuU2x6lggIqfir
xwqzwG/lJNu0NCPOjR2/R3nAieqNy3eus+yXDAa4L1YxdgQixBod7iDt/v1CZL6E
zGoDoJpm8hWnoBvuYYDbmA8fAkfIq4utPMHrpr+bOW/7a7PESN7dBV4onEWfQFaT
D/T33gyRT5ly0UWd7Sf/BothnNXSQYWX7+jwkUMR5yCszQCxGqjuBLGE9mFAjnxZ
1PG8K/hN2jFAyfL8vAs5ak/Ui2eDi3x8UQE3mFRTxvS/irNUS1c1Sf1AgPaEGZWl
fV35q+7N15gJrNsopoZ/X64U4CzNzk+6114IjbczrzkJqF4xWzRLmMxdZGsJrhjg
ox3JAAECGdYMfbDsu1TGiJ4J3/ooGsBU/xTgi532AyXGT8Vbd8jt2kug+K7KKBTp
xw+jRrSD9gW3kcUe3e4hqTxwVNUslt5uqkjFKpMgdQ5Uzlt1kAVKEhGCmSOHGw+e
8lii+Oc+IggActRBZFM/DMucxfR4gTlVT8adbtODeR6l/nWwQBumEdDR004PgXp8

B.3.18. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10075 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6444 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2086 bytes
   ├┬╴multipart/alternative 1425 bytes
   │├─╴text/plain 481 bytes
   │└─╴text/html 633 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500

MIIdDAYJKoZIhvcNAQcDoIIc/TCCHPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAByIMaFU0xsD/lTxj7lo116DStu37Nert2mk
49trfnEu2mQhv6MAkHx1/MoOvM9j5S/Q1YSfRhF5c7XVgUWLl7xafpFcdxqwyK5J
BfPzYzqEjA+P/oGei2qVW/IvI5iJkbFD04TPw4Cvfab6wNOnAhLiflDJElxx1uUD
93ha4H0ng3pb7MBP4wyYCSeCc16mqDolTGCP6ejUEzn9GAAMAyOVK6A5DxVe711M
UtAdjXwP3Gy4IRYTFfISTD3nKp51OaKSv8g9qQtGCuYdfJxW3eB0BpG6OmBLMiEU
/jv1oVMZp0NwmuT+BSbkdecwgwuwJgqOOFn/4aIDEmyHyC72fakwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAELJsGfVgEhqvwyS2R6g8/Srk
JTe+rInzh0ZtMqt+7FoT1/5aaw3JDLnPsncJyVpqrxrWq4lJadCL5ycSUOaspAEP
RLkQGexmMk27IYrhwXfTkALRWqrH3yvGihyuSwALfMWqX4uWgyJB4TGxN/xXfvWl
34jTPewe4JQOWGajIc/dgrKKDgQcbiT8v5UYw7d2ha8YpcUxII/t+RfXqknLDfRm
lGq3zXjwfmve1ABkYtvr7NZ5J1HsAQzMKn9m2C1w69ocgTgBqCHxVHJ8k+hHdXAz
L1U5kc1vlKxKklqtviEXZBtDXc1cc+jXEqNT7ZI1t4FlnqqYgroVTvzsSpKMqDCC
Gd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEB6qJslpRAtedRCD+VoEQzeAghmw
cU0VsqpEoyC+vYCYkiY3Kbxt4jFIYYdAjPJRd8vfGkNtINaoFODWIXX7QSy7RU9E
Pd7Fc7zrQ+9FwrrSbxtMQZ4s4Z3cI4COUOMPR/7nlHspkKLyJQ16bEp6Z2GOjn8h
32kVC/Zb+ibVcKXyTABW0dRCtl2f5Kai4jEtwXlrcx43SLS9NUEMDTqpsgphCS7L
BHfHSmaM5g/RCX2Wa41meHlkDnQsR7T86qK/Wbna6eOdYL9uyhIlFC8UKZr2PSRc
1/hFb+4vgubeJtOIpODtHCsTxZFMudj8t7Wusq9KdzBBLNu7afQLx2f/tMPI2Zxl
ZTjDuhsopFZIH0Lp6MNNCcCzWHVVeY6KlqMI6fqDHL1OcFpWNManOERp/KfP/Gu9
8kRxF4uM7siFrHjdeOa8fjARE4luXNKUio7DRezkVxPnX2dzg5CLTq0/U47x2DON
TOmM9kAie/7SxOmbAOmMJlO3p91Zyez6+BmXZlV7UdhvdCf50o+0y8X7sBLEwZB1
vzQvCRUvJeSm2k51hpNGv4GEA5fKKRQVdAITaCD1b9GJpmiqJmjt9YJlnlM8SkuL
yxMBp9RDnraYcnrbgbyT60fnC62XYHmKMTOeBz9qMbcW4aweo7odM0DLhMpBEiu1
308VDGznIH+gPB8l77rECe+mXVIRO+sU7RvOUOurgm0Bh4Gwxbluqb6UF+yUB9a4
4ItKElEhYRuxIkfHR1rCvAj4mlAFSXjKakcI7wX3kFRTODz0vQe2uX90n+U2N1rY
ELTPpQhrnZqVSnQEPXEJPDjc87aIw2jkcsmdoKie+lt/PnoG99sF9Rf5qlNvG8rO
jK5FzIRl6WRk/u8IgGuZKD1UjxuDuwXyyQJZOUq3xHF46YE/0iGTkpcMPBNDOMXj
CSrcJiq5FOi+Tw/TUBYhjYf+TrR31+cLFGUttZl0af6mfMX2y4nhRkd5I1Sy8TMk
+RrscOia0g+gWRWfpyDzpvmve5QEJxsLuXv8UC92y0EpR7/OKUeCujGRSU8iPePy
dqQSJV1kh8z5mG+3ioZdfejkTvlfniCocY+yYecdOGCZEBRdZq3JxLEMInsIk8Th
W3cULAtziM7gie06byCMBkUuUDswPHLcQJdJJwpZIlnKGv/vevR55tzUgdit8tvA
oLnJQO/9OYna1PQbL1eUHE1ZhzH8hqve/3iSGn2M61EGi0ASRh74WM5Qrwflr/ax
l6L3GIzHl/Vr6dLQz15nPwIjgVsl+lfGkagwpK1MX0veWj7WAGm11FJHH6amN/oI
1pDtSGwlhzakM+QBTbPIQ3iWIpzA9xmiB9qXDfSInpogFMZVKHs8d9qpTAdSbXEH
Y1F5XoKatqjyA2A2kqQnX3DZNrDgeYsOPpV+qBBtBmIzmWv5qXM1unwQuB5nFEzf
ciq8LNboFTxM6Nb+2J8b84GNJH0RwQfjyDHU081z82HD1dFCCFbeFI8H4dg6vzQ2
dRVFqX5wGijJI5ZsAafFLQaxiyViAfEcrnNwbTauiNsqCwzW8VsKLe/+RsvsjKZp
QTgcJ/3DZVaqJGefNi2i5YErLizIRGA0UUFdPck5iDqWOo1GlR4kUxnQM1ttRxwj
m0K69dDcqrz0lqCd+XlLE1VSuQ+m6W/p6nylVy0hwcNZK2Rd6V/8CztIKs5hcmVs
m2YcrPtRB4ZNtMqiRHKFHqX6K/bI+YJSArfVkhJ+top8M4qW3jFvGbk/d9GA+Xql
Oe4+5cN07qdC0OEHtcO61ZEdoyDjfoBE6y2LDXXVDc7vAUKh52vG5FWLmpgUhy9l
brHdPnkrIo4hJEgbeTyhP0FSQkKKGv0h/PXBJWMkfYWztltBaUPhi22dV3/MSLBZ
z7dyc5Ly9wAP72qL3Cd6Kwsz6kvBAMDcqzR5PWvdjkVv8plRuMWKv4UFazpM6sX6
ruNNgLCAYraByH/DbYU4kDMhCnpcVstZC6InBfMveoTsfwcSh0Qeb118SeqNBoI8
NjDIDwlwXR8fsWNj5Ek7POrmutwqhTj0aqsNRuXBo+iyUE32QAb+Erx+ukbWlFPf
ECA/Um/vZyP6TCZEMLCaxes9Yx4XcCGxrKboDwwwKIeiosCzBRMZ+hg0zTqiwYPe
uZIgWq3in1H3SPJhtNKbWvZwEpfkK/+soAQA6cNkKBemJxdjy0Cdvs4k+iWN8hVc
YNOeo9wG70iy/xLfmc7QGnlasUAWBkzpuBmcPw0VCNIkTwu10OR/K9/mUUe1QYpq
g5BR++U0cilgbBuh4MqdYBSmXraC/Sc8V0XF8HMXFqLf63VvymmXKXu0YdcsQmzg
pLp/eA8DY3yEJqZYramSSUU5b2d9pBRhh/uiSX/KRNquVhIbyPmBr//C2E6CFSG6
xDFJcYaZJPUIkh7SDDI8gIOshGoJpvQFfBZJtfoVtjP8gGk/pdCyqqCN4/4J5Lql
HIfNXAqfeKobox3KJLLK4aKUcsElZ3ws7zH+0IDdtq2KTiIZxFaON7VfoYTpZCDZ
Nf1XvkGeI6/iZ2TvpcE7R/+ueMUAhbOklIRm73tC3KNBjEcTmCd5ogHjnBU//FGL
APCfDs6dql82nG97yAxLRRVK/Hf6K/wCPapULZ9T2fDc6uIy4ffE0DynmguoIhxH
0U27dBn7m5FpaY1GP3+y0m6syw99RaV8o2NOpNtu+RPRD/V/V43s7f5S7BcGTdVB
BZ3Q0ppHpU7UViCCSK6FnEEVYly37vF3uP8LRfJ3ZQ5N8957zXbF1OwUvBKW9eLl
NJ8lI+d6Z+g4VZn0vKQkgjIp8xhtkUCjNzwdCCISNABMd1ja/N1R+aL/zUEZpM5+
TC7KFqJdea7VB8LS5UJUINa7SuWuGCUNqAZ8h+2Q0LTCO81/DMQCMIUyUYMZjj3T
qq0ZXr2KX1NfcjFx3J2Z46xLpIBx2Ui6psXapHrTZoORGGD6xg5PAYQoDfvo+u7X
RMxTvYGR0xM3XX2XaxXQYzuFvY0Ksb7aa0WR2DJW5OTq7r1i2CUUYv8s6UUBNrtK
wgTWi9HvExMKS1a6cZV07S3SDRXUf+ZGk3VROgtwX1OQfx4jPVs+Opp5YMQETKXQ
qPT9zaEC6bVKlm7ODT4Hq1AA+fPbWDcmdEn3r3LRQaKUFkTHs1pb+IT0xR8N4TcY
3BsKf4AQaNlcQd9Ewso+wztvmOLHPub5PXrop/1DHap4OR3WfgnVd/7kpboYYsQH
bx2fHcuX154kCCZ5oajf5o99GDG1M83MJP9YOS1v9yff3ikVVNzvGgSCJhqNNxlI
fJ5UW9jrSOh1MdCA4nDAZx14VcT7HA/RtvQYk6REMjhpMM/f2mKRT+LA7lx9Dd/R
wS74z4b893+hIoI+FdQhnzbO9c7LhsJDyQO+e9RlEgZj4Iudic7LPaB4ibtEZfMW
I2tiXcN7bjfpAimTxDcr7pHgXy7OiAzrKMkeH0VZQUxytxvCdOKqiGpa7Q9rlcOV
YOv6Qc7L0XeZowibtXMLHQrh/atZqHLGD3RkMk4wPws80QHfvvtJeU6r3ORr6sR9
+z5/FM9eOQpEV556J8VvLtIRI+NkqTAQ6vn3NVmVcn0W1//JEeixkeXSNg320lS+
VtgnhKmDIrRtaEX2riy9FfYZha/P4L/NtZV5YTlzbZIz2wK8nUvC/pjWqR7bsGqx
yVpPXgydzIFVSRdSBJp2kCRvqMVahTPBXq2FJ7D05FZjtpJ02fIiD4h7r2KG5E/p
GlLueal+1kTw8F8ewXqg/kuX0UyMT3XuWCS59CirpPZfqWi7m5CJv0EMcJvmIqQ0
wEQ4SxYhxcz61SJMMCcf2LKlRn5yUWOfElzAW+ORZeltXIBzQy6eGZjo1x0U02a4
SiQvMf2UtMW/TukODEMGyBmfGdj+hTXsbntSh+y4LrTOEbDPMtaIkHVOQ8bPG7Ch
XZkNkLS/zFMxeP8UMs9kkfQNWsjAYWPOMtLEQkn5DEHL7BIARnWPzzjSRd8+mB7T
ss+B0SzA0FRMmWASR7an0j6H8LPGU/WRJieuPBUoOcrLj3uY9nUms+VWnv50eKIc
dc89aR+ev6JTzre5hDYZ+uQ8KLx4XsL+8VTSfTGsVGa45fIgUOFgkJsNqLdb84WG
85Y+7qkRt7/+NaXJ2e3JNdqpqA3uLCM8TcQrj3fb25AEos4rlFb5N/e083CLTlaf
H9WcO12oFO8fXM1+uPFieLIjbkRshsWngD5G72GFgaLAAKe2xBRnh8bmQPiHeDe1
dzs2+kj4LmroR1Kg8yrMTbbQpItzGhIosOXOx0uCWM6XDMrIZV4+QFmdVlQKmtpH
JHF7KbltJ67EkfhKClaCZNJtSdrcFIRSn1Y7D6Mxain6sHM6EBUkmyL5zc6fmpXz
8dTwMkebR8/c2mdvuZZv9cP0AVzOH5LIG3OQCkeCyRfwpX4briGu+1Nf2G2YthmY
CN/UFvw11DQygRunTPMibMlC89pgLHsth3xrah4bqwyXQ9Kka/Oz/XLn5WIEEbFT
n8pXpcU1zuH09WjBCEoz7kZAVYtov0fAbawJFhA8vyT/DnOdv4T5ZE3KSZAtgYZB
Ua4DrBi/1b7eJ7ed31kFhKCxQIzglroeb23hMEzRLcrw+3zE8HKm4E3TQjlN8est
nuiyV2KsUNtzRhQvvh1tlLMx1Kp6C6XOZar6JHwS4F7xGrxS3iVGMrIQzqbPacgv
PD9w7N9jgnJ60R92OjYH0CveVCGiLO3DYjQOIJYSAqxtP0HN4nKO8gnJb+FLoofa
4fLkjoe2K1gILv6weolQUvCtjycoYdiV5ivwpwRpuGyujUOIwc/ATZsKrS/NySmE
/cVFfDNFDhjffynJuG+dS8Z502SGB8zmh3tbZDj/1uwlyqnzHzq7hHN+QdYmUIXr
/AXXEXd1mgJ9SArtyGeBTrmt1ufT7wyetJ7Y4Uvu5TdLIRrHVuOwzQItsCB/xrny
e9xD3J+ZZA+AffaE0nZtu4FMK0+gWO6oyZ6QuIXqZSaZtGMtTHCJ6ONu2nMWgifq
Vm1NvNTebsAS7PZg7FlGGn2OFwzdZQN7TAZtxp0iYbGrOgO/lZc+yKbALzVTQuwo
4P+1WK4FoVzgwtCUwswgJeCb0bDwYwJ5dmzQo4kxZIyxGYawoXoxvigJrkZqPOIY
d1ah8s3xzQMHNRt1AXLGOS8moIcBPGXQQl3i64M43bytLOOwn4rJfZb1gWDKVcrj
a5tVN0unSfHOcgrBSJuw8C4bNlzDwnQMeawjQctkEeDU2DexIq/GtYj9X8//TPTp
boLHSFY0dcseVbHWw8O98ZCBU4Qd13JC3WLMF75aFvOcnuZZzJxh21R+espRC8ME
7mNSr36wzwD7YLXxyjQJTHaS14A9GG3kHCvawTb06nSrwRgVOVSsfUw1Pglt/NV3
WqeaQtUj9zn4nqPLHtEO7vCRR2d5P22ism08Nulu8mQN8JCNqH+qvK2RjOxESFEc
wzo/AliWVkCROjaYivbfN08fXsN8mal3iL7L1tBeZ3dyNxRGksC7Q3jO7KfC9H25
XeDRabFI4RmbFXHSdEcb5IZvVRspZps32VSjaFORMztIpqBy7ilNt03Xoa3ZAwqe
NKdZpuSm70uwlQBVZSDQYKIL/RNbZ1c2uVko04gRvh5akoZMZHbPh62RLzWvDU5Y
EEmeT8pS+B+Z+Ecy0tCuSUFfwe4IT4oO39SCWWymA+F6JMI+nnRzzbFLgoSK+FVd
/nONHA59fN2Pfe3eP4GDWVgct78eHOgLU6QitnksyUXn5VdxdJjm4dPZeWEdVyhS
xUj/RKd20pSQj9L/+i7s9HSFCP0u9fe3mluqOdKLyM7tvpQZBFRpiCDo9U+hKhZE
RR5Bzw1viLObNtWbatUxLC2xwCfILdsXPzww5mWL5JxsZQrANYtZb9/Otc8QSV5t
11/An0LYu8dlY42NUbw+Vo3cEUlqkq4ULCMDqQVEwsYaTiOJIFXXfa35Jhzq32mZ
uBRQIUaac2nNVp9sWGbaRVV/g84g67uqK3ZTrOGmcPrBoinoe9nMC1gpgCq5ke0f
Dqi09ofQK7HsQtimRa3oPqa4+auijzi8aeE0fYjUUOenF/YQgDOx0L3ObDd5UiUW
5XqbObxCLr7ItG34aHjRsiGAml/jVSNCAGIjybVuB2r/XR95g24THvE+WIM0204O
9v+GuSK8gkATcCnLeHEeolOvHBKYhJy0WC0TkJ16YTwXIC6NisObPeBoYa4sF02v
a1vzVOx82uzKR+N9nIHtjZXNJ5QohQ1bduPYQcUU3tAOz33pk3tTCcs6hRYfUee1
x9IsI5AGh4jUoU8CXETUKKjlSDEP8yU9KX5M08+7Opom4VncYgGrGtRRsStdNb08
m+qa7Im2zgqMucz1A/PSuCwlGrfuSUhGFDmy1GXVHTrpvzx6DG7trSvmeO4WOLnK
rFezgGiJZTagiQLomXiQg4MtqRAfNcOdkW/+ojy1jdpcukyou+4SMjarHJkCOPWH
ToE428nTBq3ub4UaE3vMMoZlJZAru8nC1EE5qq/bIHdSVOjTXlw5elvSOUaBfm/8
nSeQyBYHJtQcqp0qIPbSMMa+IavQPa+DjzNX+VzRay0XaffjspwwWwGg+cgnKL6D
HKtsqWJNuahAlmYLe4ktql9WHIcJtQRPqrAKcwI9WGsaA5ckOvP91V0nIhIjLzup
3aHFd8Fa7oKLCPksD2jFNldJL8i4utOs7+GyLraPmQZMfAULwevozQadYi/kV7Q3
hI/WxFP+2bS+AJgerPrpixJOE5IQRdz3+d1RUP5pG51G6UL2VZQXcOhcta6yjuad
nr1C3mEY0LEreGf0QMGsnkDc+xFD9vn7pQ7mNazjY8UPyoC8LdAfQXpZz0LpCpWM
kBMj1VoMooH6FFu+1KQ6MGVB5ycl005mCvwtlqqVW2j337AsASvbulH2VK5PU7TR
oEX94PUldZNGmEyQGbJGep4br+z4GOKKwlPhcCTKzS4QXCkPSLNluolt9OqDny81
We6WpVBIZtUG9YU5JBsa0EYHenmV4VGtEx+GrXA624jI5ZPcYvHery3AAXb61SZ8
HbjZoDyMpWCLiKb1SMpjYUrRISH0Qc4TJzYCchYp9DXp0thekCvj+JsYJuDzRJ14
nRQKmFVLTKhk3tGDPsBEk15eE0gB0uni8oDkggDAVd4YcnnoIPQErL9Urq6zUYOb
br5UNf20HmUUVfj6EN14dF1moBHwfKIe1yXaffJ91OkdLfJASZnAT6iWV+EMrTAY
61tDu3ZmHdrokfuuCBUCb2m+Ruxiy8euVtvtyOy9Hz6QmkfDJzU/IUpszVbxkzI4
KMopbWaCNq1+bwOq7Cm5KlsQ5hXWbKJcjAUFwp1f0T6KuzZQHXpuscVOHihk/MNP
lRVqu9hYnYH4Pguyq+IwxJx/lr4BW1u0U5ad4tNpjNvHYNaH88rYxSMXKZmYB1oV
WesNteubU9yZK6sVCv19xnUCmy/meLS3ZgPuI+AEvVGv39aWDrNTWG8ZE8pom5N3
eHxqtdJgocgeFzzhAXeyH0k/c5pu1f6iFveSu1VPWRWPunAshICkpBlFIWVvHxS5
54IwqzIVGmGV//xcYZrl7439S3H6+nCVGUdWJ39/j86LCzJlutdhVRcNNBKAMymR
hgUeBFPb9cj41p6uSp9vQ3zKtwyRMAEPJjzTeEeOz4YroZi0nHnpQbU5aQ/6+Ex0
AWXMC17zMPJ1aiqP0gFFjXUDUaC/OE84vok2Fr/1+VlBozORMDUNIv4UCmyZE0p5
VeZ2SVI2dgS+2EeHM5L0lWTlXQOnj0CMU2w3W7mEGwQVb6su5R5Dze5o2+JhyWSJ
gcXdY+dgoi5nje2gL6rSx8Ng9uoDKxkWzbqn2cwjNd7fMbGfDApuhKAsK1c35h6p
n48Mlmlw2hIPSrp9/af/nJmLg6BowhIFJNh6DhdaArLJ4PziwBNDw+3yhzy14IXA
CfSEin4hIHtri0cONIu8wRT8Zyzm23UzcOJ4hpmV0JQnDYqA/S3s54zU46cth4p+
I04XQoR9nfN248dxmCUxovOCx8oKodRMg7OR0EUkQ/NhjY5bu3gaTbRD3R8JiiQg
7sRBFrQAYPojJQ7bg5NsgPjOjfzhEdkW/ALVfSVb7yP2tSF9oVAxyUgMlfRSRg5B
A1pYCKze3jaSjO5QZuxtohtwH9d4qpdyTMUPuGV7R9GolydLHTl94HeGJ4BwCktn
Z8RAeSwMpqhi8wkeu+rw015OPYE6mndiIVQUKRuR5bWFSjm2CWXwQ4m7QvjIVjbd
8lGFKgPnoyWNC1DVCEEc5jHk4V72X+U4mdG3Gm4vs3NzGi7aRpeGFXUWWuIBzu9B
sT+3qcGlz9s7WQ6eiPEaERS9UMVN+FXUrdrI0xyIw8GxFcCgmLIo3OLJWadiOq/s
+G+R6Q5AE1lt84szlmIrjyZsURpic43zojbjzFbcP9mXdkZRwaOHi1IGZm5JVOUb
EkC67WMDgWg8fJ8+1C/X5cv2XnIHzQ0okcvFWmOWHhUkH997h13vLWMROW3lXldi
UuN/+maQS2grBs30QPJzB8c1cF7hBELFfdIK+GyJk4+Rf5Mlsqo0mMDJRbeA8Fl+
v2VzU0k+X1aRky/89JLRHWKAfJT1marsf4qIvGOQ0WKpJT//Olz95ONcjFHq2u1e
OgxwxXeiIvNmPASjl8rx1jwj1FrbMcOAZfNi9j+3ygRK+Kk+g+5QYu8zkCbqoVD2
MycPrv/fsRjrzojVnBDFRWMX1YIsO/sxYxTAZS67kz9YQDj7J5ulsHNLuc8bn7Rm

B.3.19. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9775 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6222 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1978 bytes
   └┬╴multipart/mixed 1914 bytes
    ├┬╴multipart/alternative 1144 bytes
    │├─╴text/plain 381 bytes
    │└─╴text/html 479 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500
In-Reply-To:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
References:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>

MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIJ1TSnodbIX+xsUfgRTABHJ9Cp7TJAEjB4Q
8bJ2SJQsuXjbky2uXOISzL5ryCsv37l6n7W+MLKlTPvXIpRN5kkk9mlAlZkCprRC
usJvS25o/h3x6yb+XnhWORi3hB+b87zo1ysoA7YcyF3Qq9YCe8bkrNrstnxe6uzW
T+1EhIhPRzZRpaJzXKer4JjxKKJYn3o+pLdsD9/T1sAJu8ueGodVcn3cnDH5oW8j
9BnAVIS7Bosh05moOD1jwg1taKZu02ycsVzIq7U1yQ/kXQbxMkdc3sCIJHSH7upn
3/filDlwvHZynaQc5oIrGaXfja7+BlmCJJ3pvCwRg1BTs+2OkhgwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAJJ0GA1RKCaIpRJ/hSThEF8Kh
MV66qx8SQ4zF77Q0N1rgxGmQagbwuJaWy50TKpbEet11elIl4pERnA7ySapuOE+e
myif7rCxUr08+MyqSidsGm4wSUC9MwRfUC+t9CwwV55MG8ajowtd5WhCKPbStsup
9MXn5yMTNCMJPMWOTVx8b3dcQIREcjMK06ZF8s0Tv0ecI+FaCP/38Tt5IxZ7rx1r
3IlzBA5i1uHjkKGPlsF6iYoLafm36gWtCk36g++FRtROfmBa+PbRjX0HNU8efC8c
W+WbS5fHnf6jx6wgtRgfNnwz/IKBp3OYBhpbURNMRoixDwTk8jTg6nWnFJPxfzCC
GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC03a1ouHG0V1jk5l34aXauAghjQ
BZBWseHe0tDuv9ziM/TuHvOjqmGw7teVs9nTLzfGBG3tZSAKlVuSbG4eJazVrwQO
O0G7DWrAtcKbTZ1CiOxGlEUm4wddP9TkZTlZR0jrg6y4zxr45Q23+iE6Wtw74p2Q
ZcRm90Zcv5Vq6rBThZdK946hmVdfNK6jB2ZQIfZ7ziemSrgxLO2cEx5dLNI0K3qC
61ZdmJc7phl0+5sH/vMpzzQu93ju7f28dGa0A/fgSkfAGE5PL6kYXLJJK11vl6ph
mhi8tHK4xGR3ELSu2LHapl+BMrI0L2RF2LJF5qgejVyaRx4NoFvd5ghSATDuzi0I
h22efX7oFv7AwCgBjucQxgUtmCLyd4hJlzNwGQK0mJS/YyTccEtQ96HqD7+3aBnt
LFSP91kzFg7n7mnyffqspUK4jxCj1AXohRL0t6EzroIeuNXNF806Q1RZutbv8GIF
dkhSYvi/MC2AZmulbW3UgPz60Zm04QMVzKGZMNOzNn1ezPShXyTao8iSExrvU1F2
9VVvOVYXE4+e62V6MYdRgfu8bpKyLvOYl877l8S6Hyua61S1/c06mUN2bQrtQK3m
ctf44uHVhQ1gPuyrGCUrGzcVcQrvRiTGGJsDSA+kwefN5hWDY76MsTytKnMfqtsp
59vVlOZJ5mQfCFyIhBttXHEaxUfaJH54aC3RT1Yt4yRS7qBikR9C97dwHbnsR1UX
cgAsxBSq/lgiajK8cBy8ZL6yXVra4A358r4R0TPeh0r2BDbOyQKvr2kE3YZJfVOv
9DxNoqf4Lma2NyQCwxvkP8D+na5df4RfmOPSnAWL1lxPkQEr84sHo6im28GNcWuJ
2OThMF6zKzRxM5bjfdgqnUMJdSXKsb7Akz0dRcF1G/uYCi7mVPn3SCAcmUsfu4NI
L1lLnwB6/EZf5mtVDe7O4iwmTss/75oYmy9jq62A1F07fsH/bN3CVERJufnKiTJI
x4DzG1Ndb0QU8vSCCR/RjLMuAPO8y4BEF3wxVkJyhgVHlg4HncmkdWFRT866XRwl
5BJNrpfOgUXgIwEPRCiA0v2dgCEfpcNkYH7kv1IVTsE7OPqul0hjl0LMVyRcWmfg
9Ukg1fU8dsP7geg0PDcMt8UWYxynvqoPWYStSiuzTB9cOfmb4h5AUpBB1cnRge7L
fzaddRtVqyl415a+BFS4YPkC5/+hO9TVpVVGMZ2y4jNXvYU5YK9Ju5ejy3Vgks6n
kz0kykoimM9DBsrpMdTHnUQZZWLvUSJTJJuxQFhZiY8hsP6tMQcYr60RX7jK4nuy
7wwBZ/30Ha1xaTDTcXWZbme50tqCJKemnZLOTUO7p0KVK8TWgV71rVZsht0xO+qJ
CtkOUNN2DybBGIoBy1Kvfbtn6s3ithd3sQdB5oSigA3MAxvCQtM/whtwyooXLWmT
5vuiPTiiRKzmFf4Hzt98/+tOeXtW64obDHACANFkLAG7dOy2sAOAOj4zG8ykW+Hp
y9QpwYz5nI6rlps5LieciUSvujsonZRP1LpakSkpjYVFXAckoiw0Y/aD+ZrXXV2K
qQulnRrvyrCIYT78XX5Z9v0OmmlLHAhmPAwvvjUKLC+A8dg76+JC3NFVAJQs4Fng
TePrqCLB/qmvgK8EN+15eDZ2IiApNsFmiDJLcQoNaDcMFoGYy4KTNu6C0BsZ508j
K4S6bZ7JjsXDPtNQWrCQVbmZDpHeksenvytw7pF5ITbfWQ1Jaz/BHYGoOr1ClsYo
CTI3Hzf1geYFlNu8EpKLks/Aa2P/mu3zvIJ9Md14l0X836tNkYyQjumyIv9fFm6I
Y3M9x7SGsvNXjg4mihyXgA/cULLcT8crrL4qxxDz2VPEghQLv6FzymcOurgYzwrL
H9lG4JpJV9vdevlRTrM7oUdIHP/RdKZ3IC7RAHySPAcJZnYPbB/p9WmZfp84Co8G
cSDH8TvaEiLmesuVnqGQIChqQhccjzHJL507GBXTIgyWUMcifDrtQ1fjS/gjUOwW
EuwN/vJnH6n5eKiAySg/J8DuAyFt1Ij2aVBJgwZp07mK9jVgEQU4ko1fUyHm1WRb
ontUaYxmWKARMVAmR9xUTUxOaXQ7G0XwPN/vu6n/r866Kk9bEqfArzIcxIq2IkRb
A9NbKkCG5gPLBpnzk0tAxDkABfxBTPyIQZkFtzdUmuRKZY0RRwjeP9IUI+gbbKtP
eVkV817JvVW6oSufkPdDrll++vH9fW4epVh7ToI2SqcSNsj7vBRVbB4KiYB/8fx9
ZHcsCRZqxVcNpvia9WTfNZYdJCJCKwNKJg3EJ9hD+Gp0wqiRtZsikeMRMJ+M0B0g
zK27TfSCmCs+cEdNhbefrTiObXEwabpGw2Jul1+djpA7xbtY34jFy/ZblISTYD5n
6ejtrVMWGMyiRy7f84ib0U0RdPU06TkhLPjvoe7TWuP6jFEeZiZQHeNBVdtC9hE7
iwfrqXQ4+AjEy89FERTszHE7eA8qisp3wMGot6dfJ8ColUGMzgU2B7J7C5TFLcKZ
pJC+x/VjGpk2+kZ4lwP3GB3KN/ROgRsdoKqt5V2wmNXEOExs7WGCSLoC0WKZJk4g
1OP2udKMTCvAUNqS6tbZK7amGEKvuEdPWqWEMQCa4DtURbrX/+r/0O3Kf/0MLrVv
LaoyH/qiTl015FLYR5hHIx71DY0umkqtOdUxf3CRBeHD7OmH/wyhCDts2Krp5h7t
HTEP6WTB10VglfAkmgVzTcgdP/Id1ObJZocu020qkZQeJBfbDcXM/E2FR4wZ2jqy
mkbdRho5pGC2LFc0cH68jDQ++2QqtPoVYhV/k/eYU9DL+QXRx2VvCrliHQpoExEw
o2ucVlbAo6TxPKvv01Al2AJkzKMpoEfyKWy0jHulNB08dcdFcLNG5glGaIqufAck
nkoR7r32bweJ1r9hAgEX6cyoMxBW+318SeLr4Kkmk0wigq5bDTrXh7ahqZzmsxv3
091DgmSzILxN1x7FK6K/yISo5FY2x8WUZqZNz++1tk0aApJU6ZFTaw2/Aj+GwK8g
lS+OgI9obXun2mNyqEYZWaZ2Lo8zVhZ6rkZAsQwVL4Wz9OuL1Ko68fp5Hv8zFmul
kS5bh53wG6qEIgAUg4P0E/vCy31KV2Nz96sN9/B2awyBQ0uVkhw0oAq+zOGUl9Tq
uu5i1ps9R5iwsbF7oFsZDCg6Mp+I+kTAVvEX9Kt0/d3HqtXMZHsBZlbR3it5evm2
dqxeY0djL/WExfZrnG/CH1AV493f0NpdgkYluiU7gX5gf9jadWjOdmC98XDtPJKt
eFG6wXKv6O3FJuATpAKhLZDkFrtX34cdQmtxj76UwB+rCQQO+W8Ax0v0HmeEayeS
HDSKJy0SbgWm3np98sH5N3pdpYQ21WD7p+0M328r7LLdLj65vP/vup58rfG6dSM9
CCpNNHLF/qbmUhd+q00PoNmXPWvgqluCltafTWrBl2Ibu57yEzfePsoeoJAgVpCe
X050lJphnl54RWeYHy6Y02Lb/aRDtu9m4IxtmcOHopKCgXZxiIhkmTPQlCeAmrmE
EebmFvH88R3WcmU+QxTMmptpdUnXBJX3+8dSxojeTo646hFV5r0JkQSQLeSRb3R9
OMm95sO+v7c1aArJZzT4xDnBppqlZshaa7ZuMl+pgmx/UEVuUyhyWvySjDQJMW85
crFlSVGO2u6WT8LAUtUinMj+WolVniO3mdx+MS1g9MgnuvtM9vRLPaJ3el9g8jWt
pAnJzlN6EYfDSg1B9+Nq9aGfagMc/6vRTmWT9AyG/DWW6CCSddK65FedsWzvpPej
pVfjJP56fu9dH3jqWrLsvaQLyEpuc3ArCVzk3FaGStcjsQadQHkgYNAYaGmSK5PD
N/cbht8G/GfBGpGAg8K2wZlk/VBn/uri2mTgtBVu9JJ/jojHxSmRNjrYrAFMSP3F
Q8Z/iLrLzZxYuDn9KYFlv+OUfDDmriaHO4CIdQ1G3MUq9+OMdx+IRB1ZiXeI0m3U
StFOVYb1nN6b5z1gW/ZwU1Wy9Vl/1AyHcuT/+m0TazayuRqhsSjuEkC/zpLwXCMv
72phlTGLP6PrwqpUYF+ZSADFcrno+Ct2y1yEKRoWcqcT4++J9fQLNZKGkQTDSmI4
KlzKx9G2T8xPFlmU8AT1pkWkSP4TT7yROEWplA+aS3VOZGDvI0HuPmEKh0ju2uWg
O9OEGfOe1JeElOnXp9nLFPDyJzVRzbPgzBANSmNTIGtWOkTNZC6ACKv7wh9HHZn8
pF0iugZ+O8N7O9qWj23ps0dQk7GSIGYLUII5WC7DLD6SUtruum9ddsZ5BVDNfg3v
0Hf2gz0M8cGlKKR6wUW4qvK66METjvJoKLoZwQyJIYZKLVr+B9ZQtUBhmhllJ/ju
8VTPIg9loc+X5tt8T/FKa6kvd8/ELN7UQ2gLoSdC0pX4vTQrU3pq5gs+O8NXieFy
Pmt51AYkPPdqytfTrrsqAQHbeemxIZ4R8ZPHoM6ObRC0ciG08QVpSuR6vdOLM48P
lI9AVIQk0U56KJ2NUIhzfBg42hk0pytEBwchIfbEU43fkVoEmfzucImO6DIU8WuA
nL1NxrT2dLrFCQ1kSlsqvHMc5NuhU9BhUSC803rjGPcNA2U6DMYr0omT/A6dgMMX
vKOl+f5ap76yzzQWNJmiVln9iOWj8W4ULXtOH9XmzagAD/2SNjbZarEWLDhN69RO
LNaIW7QIPYHWCccvQMtEauxdmfJFDxCZSu4EY2TC4x2YdOOWNb/gjH9UIxz8dowN
JDgcdo8F/eDg2hzpL1SlkOuA5s00AWZR3UNJgGRikZvqvadhbVlQs0o/g5Q7eU9P
P9AO/U9HVEHJMShOO7NytGUVMilwn7V8yhPwoScLmusnPHVqAfUxhrXWY7jHYN8N
Puhk5IYR9hpxQnab87i8A2HV6d2ezgFAk6CDMFwVFqfHN4v8TZHRfBIXGilXy8uy
NmzQIi/4AYD7ZkgXB1p9mThbZoKZSErCO0opPPwjVGwjGBew2yoIPWwxRIrlHhka
Y0QuWrLkiM+WYCKHwPuvW5mtyraBX4S++TmWSPCzpMjH7/TJUeYGGC+4hOaYPMCZ
W/bd4htjpnxA3gQk3cUL4ZJvKRGdV26vS9JE8v/A5xXv5rALMSO15+XQDPYxBMu8
ZQVAiqeu7kGyTd7ZqT2qwVmmyT+8R6fiRLouuwpl8q2EKpQL+Qec03o4Tl+aX3/w
5kyCl1eXg3e9/TgcDxlwEvGKF3BJWbethR4HiX/J2/mTWk0qcq2GuqKEQ6USqA2u
65isAb+WbfwRcdPmkDRhthOg4H7IwZdLiviBrEzxImQ0Q+XZrV8CAVxKJvg+hiD+
wc9YfgK238F5vwIslHc0fdGFiuAJq51N+34k1lpx0uLS1x8dgHO5e9/dA+PXwvfp
epqFhgNRdu/3NdBseYlohfGYA1db5R9BGnL0A51T36zX9tuo+5jtrAxIIV2QFOCQ
mapV5wdB0kL7R9hA7sIv33e13nN03VAmKQoKITpynZ/giTCYdPpw3vyinwqkEbp9
9rr6gafwig5d8uQ3FBv3vfFJYaOo7edP5HR0Qoae1VxbKV3uX4gLOMjxt57HDP0i
KV50cSAQARRvrdHAiPh64z4/hSofrn6rwhWIqu9iiUHdgTPYZkb3pkknG8ljo00N
1bL/42EH+6CW+JTYjjWx+vHUi/uXMYBbSbR6pT5rxVnHU+SnhZrka8JZ22gKSnqL
lnWrB0RfW1dXnEfQCKTPhuZ3jbaLiFoxhjzRL/BkDvJw56NrOHGqzchNF2MvOGYq
iXPx6Oa//5p5qe8+9ZJ0MwWPLbyXzQbwJp43r8027H1URNbBr+VY82FlpA/eIzwh
M/al7XH4rCdo5n/mdjo/owmTOHEBvlslr0g7Lk7sJHHm/XWk6rquNPF+fzKtPyTA
FMGMkMoHRausqq4PFgzGkYNwly/l05bLSnvkSE4R/fUW5tHtJsEsMNLjXQuHAHqR
QuRtL327OMulL/GCguKpCZ3OIZYfrPk6DSkS8c6SujU3HOGKeo5w5F6QTnYamgvt
T90AgoRGfDZle0bBv9LOeWFQsv0sOYSpuo94p7PRHefDL/MiU4KpnJBabj1dFrch
3ztE8PbhbcKAhwPQ4pfciOPLaqWAZzfQUIKDqMtTYoWErWDcgZpQn6VyXIK35MD/
j1qRb3FvMlU9yGqrHBuNMIPkSi17lvglGdO1yS+rSjvDo7yxRkr+obhNXghroxlW
li3kZwRaj7n5TguEtnlFn24rdoHuO25fVmrynWZGnblQMl1mPqk4CPMeMC4GuvBF
3mnwOjYYo0S4x3RpjR5Ack44X1PrRzo9kd2d8UuPYNokIrhSyFUnzUj3T/U6f6Ud
VwEAS8QqdKStXyMnfGidkaF/O7PqdNxLYwqcOgVd4bln646z0+f6IhoqVNMJ3Nux
ftycLJHKLFS29P8JM6up1OgAJMIt2MJA8U1MCKIuPTsTzKNdoiQJnPsF3JhsMkjn
qSDOZTGcgjJLhL9x/E0kkcvHXMwdmteY+jfmNXsvUex4AneP4I2Qo7FiEFHYs+NO
00VyiqOu83P5WoGgqP+UVbgdPMS6lkNTavqO1+xoZupgtUERmZW0ntGs+dzxBlpy
jFPP5xP9PGcOkJ6vh8DDw8hqWE28hDPnf09Nz1YT2G8OkQOm6hbfzGVgig7aWWhP
0wKAXmLPrG8kKBKzL94kqEuMP/V9T72lASLv6gs1pHJic7h7/vAqNyBVmZFCRluh
C/KyDASVZoUovc3phQUOA9+5tptQ4rrPVtBJvq9vyIqpuO4ny/GL0q/QEIim+XSA
YvRd+owkDCE/Vz78bt+oNbHjdEJDvNSe5yjykCiw99pB1xTrlRgs3hMzU+LCjHYE
yZUGd7ufdF/EK27ofJWnJEOmQ2luNcIqTEeDEU6PIK0lfSV6GIk8tGx1HjhoSE90
OGybZPh2W+Tm8xvOG/VRihnUxHgJop9naLiE6Rdx7Gaqi3hzX2PR/eMOHJ/ctpIh
3sxUpQWpQTPmxTGTjtguuJiRnwAMFOVHHx5xuNrJAehpW/5blrDEwiisB3LjKEqN
8zmT0JWJLcURAqT4dXT1z/JDfjNxRWv3T6cdLbntfTCgeb2CCXYM/BE4F7ZrKnhX
ERVLUEuHASnFQhdCt95vtGKAODdCLrCyB7wt4Q40Mq/2/R+MFF0JKYoT7phsNJC5
RT2X+04ljr2FiCnF34I5cmfkX1TuzcUCclCJmzKMwXbaTTlSBoo9vEUedA2+sBU0
/hMdr70zJmy1eZyi0j7V5cwutEjsxUHBCXYBRRm1gZuD2/6uNF5SeMwqIB1W6epu
fOcKlfHSij3NzdLaCeKnWMMgzJTfqq/TeMVrsgl755bfj7XrPl70r/Fbl7I0//sP
TttmqPr6kGSfWk6RxWu1wVpTJrfYKLmcuKfNIte0PAsyYww5NZ2wfHm3ahnfPzvT
sUU4s6FYWCL/GxrBrjyJ4rseMZ4W4uhFhXOd5+HefFM3IROX9JteuO+FGsHNl8ut
85HOSiEP3ZpOGvmsge6tDtbUH0/VtVS3rxadPPLQcFlM6Y/7Qg7lzH7wDPc5Ra+S
fHpw+vGoqRdS+ffYSn3zjjnlIrqZzKZU0HhDl7hUbgYcnX8KtpCqTkcDDIeGzYrf
nFaie4ASWfljorX8DqWnZ3SzwCp5yxkPWC8bn3kmf5F/yWP2Ioau6aNAYXI2H0G/
q5zz1A4V3NzPdvmGxgclq1JAEu3k+DXnVx9JXncAVn/QEfaXhcOnsPV4Jwp0KJ8t
rI3AbNhuYQ2wGgPiphnrrA2W9dU3hZ0Nmc7cSNoegFb3Fqd+917t9hcGBq2AJkxW
FeKuj8XvMhcLS8sWx48lHp73ZNrSKGPD1NBQC96iUjLnWJ6ZfWUJiErTHwnRqfa/
4+AhmYuP0ibIddFCkfHI7pl1NlVUw5Gktb+86Si0QSqNcuIdNPa43VCvgGCFcwoF
NuPHFtfkHzvOe+GV0RbZrOgOmByYxVcGVpJFD/mGil5nhSdr1PW0FZ5UovRW6d99
P53zqoDgzKOAcIs3ykKkVtmWY1cnJtQanH9yE94cOHc4VJBO9kZK3SCRGw7OZPsp
HeAh+cHqRKckLZASb5MMVZAhSp7AI7bimxJxDLsHWKgUqY8468ytrzeeKUCAEd/I
ivpZOmNn6P2jxtk/EBKa/fRyfT/virU8ZWUp50TgGYSrD7MBOW2kW0sQODnjpxON
FkelUOPPVaJ5cEeZuqRsg+vDOni2f0RBWdEgoCnn2MUN2bI3d7W15SqTYEZADOzz
/YED5L68ReWwAO/8jJOiJ2ZKOYSSe2EatJzCA2nwMG528CtBNXpQILZjohg01l7O
S80RHRpRB0VuPNQyXeSsL++1bPfbDe9GgYrExdCDaS1F44Pa1yID8pchIdQVAt64
ticmexkGwt2so1ihPDfr4FTH0ZC5NYKB+1WOk22WbZ9VroGp8KHhwOQXjLiOw4QV
QSa8PCulKbOEcx+uesAJjQ==

B.3.20. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9815 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6250 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1946 bytes
   ├┬╴multipart/alternative 1148 bytes
   │├─╴text/plain 393 bytes
   │└─╴text/html 488 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal@lhp.example>

MIIcTAYJKoZIhvcNAQcDoIIcPTCCHDkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAABVM3TokL/MB1a9//O9TymFiSM57sFKquhq
3EvwWIqXByQQ8Gfvfi6RyXmhXU4FV6FngXgNxgrBofyJLSvSvfsyDiAlREdaGgok
6sDANNU7831pxijGUNWEw5vlE7ILrr/WH+bFuw/WM33gB7EVaOvdZ+O3mRLr1Mw+
P13Q6oXTucozDJGmjVo4f2gmxnLbx6xRXeAunl31NU1V8Cxlo39a+nXLd3D9Yz58
i7WUxFIEcm/2VDlKr/MzzN9T6C7Dlpx3O498umpq4hXvHx3l4vhJ+O13AuFqpnJe
a05OWrBWkPX3UrMiuIttiHkTyJkH0ry6gN4/HlOVhMPgcspvC2UwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAI00unyTOrapnAw86gBmKRZ+M
//uPCpz3/XHYlyyokmrZ7VGCt8RdGjsn9V7qQyTiSKboObYqYSTK+Sa5Dm5gg7GK
B0Z4ulUg6da2v6ouyOliW0FWUf/cap/Q5nRxN1cKizfqr542GyCMYxHZVjwY+i4V
yTfZoXezLkki6LHBlZh5jIw4wOZn6jAeAlN/geZ+u9ZDWNblRhFyjSj7298pi+ig
o+E4SmVY3W+yE0lF7t9540Vfdq1JCjN3mljbCZlXqEdsMCSWf108NWRT/H9NH1r6
DPFtHvXbUN2XTXma8Zq3EBsoJE2iPsVH90j/LCTk8RRwcr5xp7oeUs+8ms7npTCC
GR4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELhRkgO+qcMaD7mw8JnmTf2Aghjw
gIY1Z/Tmg0UvmhbF2WIlG3DqXoUB8tUJF0hUF6f8jq9/D0o8dbAAcK4UTUcFyHC5
QMH/Em+i8wbbGtdnywdvENrv8/0vl3AuBhl38bugj2sUhI/vkcZiKB0FkiBQN6E9
poX4a2SaH7CmfM1CuYdYYdi1wynVXHbPAX7OzCMVXEKvFaOxSO/Btc0qJhpedowP
kwLWygXmVmpg47xqCM1G67pRa2bTGs35vFQq4iItBv7E1NcSgxIrnKJjxUGxUxwz
sjd5ZpDmYfumgQKvud/xDrfFJIYJ7wrOH5aAC94T7evWcqQ59Iz0e9llr1wtnAFT
625WYAWiPdcaIU4UAfi2MfyErXA4+QXUtWOBxrs48S8Git3i0OXvhIdFTBu5IUC/
tsV8TtH25IFyqdJX0hSgU6ICQ5Atmbr/oEcU/7dT1KUvQCm7d8f/4m7diix2vGuo
q773cAvSpUQ1fKcVrzzjVkHP3eY/AvU3/gz6238S7MSMaYEWpeTZSm8dof0kamDr
DQcS4S7LHYNlIXCusWoqEStecMTbLeyVQeq/uLqUADmBZaRWTEmnGi9ojRynvzEa
+9V/t0NSVGf8yav6jcB/1HO3p5T3K1otRWSQktfuEUuQbZw5hLiu9/lVQ3HlA0k+
4ZHllrd6shUbihUktcsNlnYjNieeSHzoJlfnTVtjSakVmvgJNsCOvl9OW5+YZzXF
whYgJ4/QpsbSXB5STxFJo0F/JDKjR78FT1ZDw1piFUvkW6WAXJftC3NmqwoNSSkU
sVHk501VRxoadB0y4Kg3O7XrQSbQIqZocJnL2aYNeiwD1ej7NcRaZmB67ibEibZS
7gWvsbOJyNZe0mG1tTjlhw1Z263GeaqJXkmU+odvMJwg/zPIFDxATORw2Bl4s3sC
YRs+c8rv2CdgX2sKUfEcOztT9ZOOo84GirylS2LxuUsA1ctypzNPFdrLGP8OOxt3
HLZ57Jamzx7I0AZwxqyh1eh24jyGlPsAqBPM6a+dK2HsZe2HgqAfQHS6lgPx3gAK
c4ZacXIffNntFRUWVLbSQni8xT6kherHh/x4Jip/bSDWPuANpRx6QkOJCkHPjuoW
i1Kveilu4X0Hm/G80Nwh+eQVk8RDPnhRBuqE7jLY1hVti/F0OZPLbyEdk8hIN1sv
FMeKqumCMk4dIr8jP8NeMOhYT20QbvO3aU0w6x1MZgnDxnesvupxgPETygyNd5+j
xKOUmCRaYmMU/TqGhkxYTN3LwSLZpeqztz9wxI4l/+fobTOFNBgcAhguLD8+NO83
0ykPnfiK8yoRQKLeH4KdFpzSkzmZVdfZHlDJT/LITxUnEWABjtp3ozx74N6YJ394
vme45v3uUmCJjcSzmQXPtg2Xdkh+xmF62Yb5n4NjUZ8ajxQqaYOE80RN+A7J4TWE
c+NSg1nJYdUZnmnYlJxHNkI8iAwlLEir5Khi99Tc1dMCOKfoVzvb4drq8CQhEjPF
ikP6skclyTthVmWx4EpyEKAws89MRooylF7DxpYigByznws2/6dithCOMsQ1UhlU
ph4asCh5uuPIJ/9n/nCNCnC7j1wQkb97WjfgFrl5DWUcdTIw3LriyTBphW7A8JpV
RkWiwtlVMVJiukGu7HsDgLTYDTDd5SPnaJxerrdgh6oUdaeLtgrEPJbGMmepHZbh
STiqxKPYHzycYSz/imTHs6ziGlaVuVfK1U3+LGf39E3Xgjzy2Jgpd9sPAIYXuB7i
+jW4lI93rkMg+RyUe4sNO9z0Ciw8XCQ09m6a0KhAG7TY+lAHfSeTbibAWXAOjqBt
docVwG/zA0mGOPflMWPtTEQxk/xXP3opo1wlrEYdeVGNFwDK+byECjmS0cHw21AZ
WPc0G1SbX9Gxd6MJmvDq3swf68SBWEkCUT6FzBHxl/tqx9jm/afuW792zsqXvzIs
XfRpkDnHVBDqdgpkmfbjmE84MdpvY4Ia7rSQq1bYqgzpuXEEjNFR+6qO1siDKFEa
hA8LPbCBr8YT86HGMWavJ2k0NmdDqKQJi/7QK5Dq6pN5lJZZkJFCcysJCYDW7WXo
4HiX7QAXLRlfpaIxXsorcxidMODuXxDAh7YOgFisV5WzksggEsoZJrc21mlchFxX
1MI9Ashp7pZVyspWA5GhKXjEOD52kEGaZM2F41JFOzMwF+S8jgmAYoxKehWhIZ/n
/6nkBCxfe3N28PhGOs5UWiuwe1D16KBndxnnbjsaTiT/tXYaD2U/7OPOF4Jdngfw
1zONBR2onlQneBnTp8uSsAx2K9IJ/kFchx3tJBFVzcWE9shyW8+KsArqe/HUEm0r
LdIqiFnXXZsETa/8MLaIft0mX7k+m0Gpu5wH1jooJuopxARH61kNRKApdjqCodfV
yNDO+pIKp1yBy/Ryu2S3ur/Raf3TuRxU3aJzUmeLRhkezJBycRbbyibWYTgkwSXc
u8HnOaUv2D8Yr4OM4c1WQbOXozuwlIYq6jun+v6s+G0JSKHB2cyI+AG7gSDS/JEa
VDVrcklkt+mat/BDHSidprTXa4DrTLWUzGZFYjjI6WI5k2F7Iy8wk9LBdl34tkT6
okv503aW8U4e4XHDQ+Xqrx5NxTUV33nTChsLeS+cHYihaScLo4xQXTV8owWqPBZq
jVAVBkfkq111DCp4Mpfe5nHWKqdXF3eUZYDpOsdPz0MPKHIcjifpxFlthtmkV/io
L97zVJ1TN65cHSZOQHg256U2qvB6nmJhxFP1PhnVg79PEV5G1AdmNVwfxP+oXkGe
JvP8I7FNBC4Si7l1tEyfRupEk4jajuJZTH2KS4UXGnfrHCeeacCGn0nacFvWUXSR
mE4cvwYTI9A0bhdNPFn2QnTnazNWBkgXI1/A76x6H3Shzfs/bm5fPOnSyObWFamQ
/te5QwG8W3segOlrKd5y2OJPdn8IXG945KrJ9htWRXlxihI+RRFSAwJvD5WrsS2j
/LlobmLNEYcT3o1+mQKj9P5yJHtRfLzQiMzExSBw1SPG4uAnUhaG9bfXP8BbosZV
Q5wXBA6QmkzjTB662M+8fUC8t3ictgC1Sp4abIUNlsVnNrn/7BbjGK8g/G9s8HXH
mhPVUrMzOu6r74ZCj1ErciHW2ViJG9xaBp7cRerGeGORuQyIgbQSe1fb814D3Sz6
dxtB9z6Pin08MDfD2eWsAnfpVs/6Hpv6z7BBjaOiisWMuX+eN0Pr766iwjpsgeLa
fg/Pkmqy89cJ6kn5I37/lJrkYUl537G4VCPq68bHUatUTBSSrczNRv2D4ircEupi
aHd2RiMiS1iUiYERGqzVXQG2cKzyolxVg1HzmDKJX6DtRV9WhvSfgrRDYR2/LGG2
KDQ+JO1L+wwYjb04XGjmiP5Cu7zJ+r41GwSMGZS7MNNXkXpvoCdF5tyzbVCp/gSi
fApUNNQILq2HyD3c4fkcH3hUpE99N4OmfeNizOrns9oJZL1DScma3eiR1bj9HVaY
pkTdA4lkNeZhLGzg1leyYrKfq5OqP2JROOMtXQ6/QzlHowm2b+QAvVSME0a49mop
YIQ06GBJljso76394bD/h9Xm/JshO8Gnlw+0w3QjINBnCtDzKNxYqbP3+APTWHjO
qRyIaGd3StrluNjbNsW2fRojm1Nvc7eJlnDGpecnCfcimLCqBK5dy6Yg3IwUDeQ1
iz4k2RzUM0R4NKzuVi/t9iZ/1jl7NTRgQRKGQ5KDjs5iVKDgCHi97iWWqaDSYYh+
SS0jyzgxBDyLT54/cVYbPEBKaxFQrNV7caJm6ESjH/IZS4DKUaw6qlTgppL5KMhu
wrdyv5sgT1gWTKQ7uihPK5sHCtk6pXkwLoKPtlK+hl2DHFjUFM0+/ZJeqflmYrDd
VpkrSTATGYIRwm6xpmTZ9UJxyBL/LtUFWrzS1HhdRm0voZW5MmNtsvag/OYTjwrA
rjUGUotkVX+RP97OjOOnsluJ3AjPKa8LwtfvqqfLYKXkm1hofkoh4CR2+bmh0iDv
EzXj/rNsg/8IGUGxrAwmTzFMSiw0Ek2hdmfsyqNXY2yO1ixnd4uzQfNjMT3Sozeu
hVy7GjtPshtut/MBPWvvpBSnLmBdqjF4S749iorKESScUSaECqXpip/ebdRLV7eD
3FIApmFsgxYsLBEBRsN7Zs1gFEk9P26jE3b2GVvdlTT7QUz90Nsta6x4PopCOUTt
EepMDpP+/gcjgZuks3rAdq4908+qX4i/O26C1FF/VyUIFVBpq9BlqXFhL5c2bq8C
wky8hOs1hyi6vkbo6HF287EVAi99kIzloZNWOe4J2EX+a/OuVJqI+EI+wAPDlCMy
ERB72QK0PDXqo8kpW7ZG2Y6bQJxnc1HyL2zu5vMcrWs8Wj2nRvuEpf72ScKVKgJE
K6hwd4ms6LEtTXg/Eo0qT1HdbUTtvqzLZNp5aMfeh43+j15f6MiapGpwcC7ysoeA
XnkS0w84nauOLsrCqXbmxHVBLPzqKbad5b2Spw68mqXu2n4ehKckkYfKJBhM+M3u
lbQz8Hxpdp6qqZ8k0lQW5s2ICrSr2Ecs+pf7019WPOkbMQ/zCtX7u45jLHW5eoT4
P4Q4QUH5x1Owi+3j12dqsd8TkVE07SsJ/WO8Nlvi1WInS4bpjnHXlX7Lze5U+sZy
/hwzlg/AMBmYVFG1vpgDLGu+uK7qQe90dNlNqcF6JR8YZvcUc+KQApmXOJc7eyyg
Mg0l1DaFWaOUPNFA8Px4+zWq6j4R9WDKAdX6WutMRfQUZdDY01mB/S2A2ASTBiIR
Z7/6ss/Q8aAq7iFlOtWHD6KoupswIuAy6aPdUmSL1cwTiuvOppzazhv01RwC2JWN
9hKOo+TQe7bZlSXDiPHEhh6TdRhEoChJJBSSwiA3wkfb5d2y8P1Gd3WZby+gySCb
lgzOcu06tKesa2Bv+/YIK1h6X6FobFQDsBvfpleenUqNqH2SnrREV9GqU+40bZ/K
rvrKuRaOq1ZHzlBStWiVQvfgjAw8PwvpS6BVLly1CtVD0u55MiTCadYxAJmHfF8K
FE+Agt8f8JKpVFcu2DvsQ3tbU2Y85LFm+SNzEhZ2yaDmVvSU0zpMKDp8/uq/Y0H9
08TLriiMt8eEqO8Zr7/02X6fCn3i7r2RtYzECBikY5LQJ9R9hIWRIYykEwKLDeEK
YfGCqtKWnKVRH9dD0JfFYaok5jnJo5zrtazBipDT1wq/f5QAvEKapOXR6U/bdV8q
ITyNJVXbXunZA2QHlopJu5PkH3Zf9R4awUpoozPwagjG7t3Odl+p7j1Wdn3ODTzD
5jAkWoeEw8OAu4sjp7tCY8Oh4qcGqB6pdhdMOxbSqiuQ8DpM/frLnCn9AXgavnlf
7QSEZte1qEWoguQ0ZhMHeFLf41D/CcjUQ6ZiNYTLMFjVgU5oKLrxC6YyADkEt84z
X1vniPeE09HXD4AEkC4SZv0Td2pWLGvriWTXZQxZA66rbMVopPdbLh7R6S8DZNej
FsUlTZmS4X7y4hfT9kG0daRgboLpS1PtniXSsbrRBxd5qSRtic/3zo/7BVkl+tn3
lQO5dbcLpCWBlkugz/gawwa7saPJcy3H8DKKsguEetNDevwejSEazPt3drw8aYnk
2eVKnpGmAOL4MjajHxea63UPKhA5mzEJGaqMvk6ZjTpkHMVpVsoEhcDIBgEMMTsm
6MnXBW+uXWtiLi/ZaCRAyneogN1nhsPp/IiQ5iz6VHqeO8EwZe4OYoMTbfWSec33
my2r8kJ6FdYNMQsi4RbDf25edVOzZCwiAUOk4VgHWThZKqbQ5PMgx6NpCgOEmS57
5U1fXhdFXvhiC1f7YrPtaaDspWrD3RNYhmS6EUZ+rh2y7oU0Qrqt4TLowAeiODDm
7r0ib2e6B+0EzeUsQuc4j4OK5lVuNoSHMROQvE/Vbd29nz6jlgw6IlTwOkCl/Uuq
M9CywwguyPoThftSFUaTGKAjhnYhuLEOXI0iSNfIbcceLuSARpcwUZuGd82Rwf23
17UvrNguK7U2HrHvMJ9DbVlELQIEJBEPkdIBbaejKLxLSVrwSskjZis9fnXcqSy7
kAC8nfTr0aBVk5RaH28P4qRFEdROKY9SNKHrHnhi57scrzcToYVgB7pYykc0hgnh
zBdSxXWOTgBvOPuk3OY+ob+ZSdQ4pEhs10U8AT5V7XKy+SvphZ5CT/LkcIvuWvku
1RwgE1MFpAg+4BDqCAW41sGea5RPALHIwiEkDu1a217gMeOVFCN3QO34+/yYoTti
W59mBgVUABv2rbmL4+8KUAXBVpx5XmE9SEH9w7jOaCIX589K+gn++ea1PZrbuaQC
aSlUCTbV3tlJt8SNYVm3pzqs34GSKEz54cWAIVIKGOdPLiza5hc++HnDOpBbk0ss
Fu4ertJzRwxsdIY6NkV+T3PKinYVOUhWaE9AfXVHl+U6Y0wV8TD5ZZmY6gYNGxAY
+elu881wblovSNVfkka9rcVD0zyXaWVZ6bXNxzJiT/ctcUdsVdiCYWY67RiwCjRv
Q4GE6JpIdviPsr+3WpVlggXDHUfhBdaRk6BqaYjEHJPwLC6Xcpp6tn6JUtajKBEv
kw+ry74RXm0iPY4zzN1uo8jRdhMcRo3QM43B2ny1UZrA0gvts7jFzdbgCQSIjdxC
PMZqLRrzoJtOrfBEtrT+Gc1Zv0XU/FWtdLguk8FeAiNQKHESoD56t43Vu337yo3C
c6xXtOPMXb4Nov4nM4MBzYrlT0tk0JqjB+egAnskd4cNK5IJGaJWZLqAOKkEFPPb
wMr/DFN7Sk0ilKYocrDTNI/5SZOvGzdW+TK3NwwnNEfuDKKvlIGoM5aDZmC9wUpJ
INIVDIIWT/jtvimk6uHShOuoM8JFGRcfA6wXmxmEzGiBPkucBE37RLXjU5EGtZ1P
OLwjYFevCtiWl+NhfzZAUxnf4Haowxao21hXZiwZ5Lj4N9VFiWaM6aW2SXhYOmUF
T95mjF388hS5yMwC2Vd91uN39BN527R3VUKT/fKQOg0HwfERMfdGPsm0cvPfFh5J
A2KK3zhIANF/hQh8LbIQesy3gCe2RYLwQYuouT0gh9sTx4Pn2LGxuSdO6Pm+Iuh3
Ve9/tOxxFOcANPrMpS8W2cTMTCi2MxN2MpAu0ITu5VeUPkaptdHBJnM8YewRGHJB
tuzGcPIkuPRDFtPu7vHTPJXZvpbH+MyvCyGKotSI3lbOBo7PXgMMfS2mR0sn1vb3
gKPr2p8zMy5YcX6Tf9zecEr1GVNC9WXGzOrGz0N9jQbDZKbXVyI1sZh+AjIw+6x2
ztqEbXNPb2uP/RSCqciSljodg+p+P/EAQAeT6C/AsNOsSkFtm5P+4//QQId+MdI4
MufzVlVbtHwJOT+aNXwYKa/ahFwZeae2KXgSELroRoaoe/qoiOR+apq6uLG8FkM1
OtA27JRz+S2leXCeX23BrKXYmi96dN/E7Gd+qUSDa8OGDnq7+Dq+SLKy2WwtTkLT
0sSBPgZCoatFx2k4F8FnBr/USXQJJ+97iAWjqTVqbas/YvzdQKey4N/ZMrMq3oAy
q3Ei5pEo3Z54zQ0qGeNYHl6OW68qU3fTlTPlqUOWRrJoalwxeLRRQijHa0IxwInj
kwKKht5zbcACm4ExqUYKbsQzZBBp2HzIXiWYBRnWUFZtho8KME4rjkv2useTcTIb
dLwr1gJj0fhB5vBSe3Zxc6ct7OI//SlUKClB265o+ocbQCyiLNLwMyLpfIkPPGUO
R06Fw0gNEelvEuPwI12InP4sRTUOP/bH/MJFSDOE/hCQNp7RPtQ5Goa4kVAQvb9h
ewEuo7Ky3k+LsTjNWynhVlwIM2vC49kVqE1D4sFZrCzjov1ufxhvOjlYwpL7P1Gw
SZ4a4GGDiJr9weHvOD8Jgr98Ulr3UDPxF900Ucvr2289xC5Yoaq0vkAs0HOAusd9
5Jws02rm1aE/xJgMoxDyWphpHvLXQMGvRdEdpwHDn6LgdXYUF8dMFOxFXRsJWRmR
IhtW5b/GPamGHJrE/2967Ow0anuM/jzV6DddDaUlNj+saJa7SuZDQqs+n1XWjxH/
NBPab+4Wrlr3eJJTNxHkg+p92zJVXQqpHkZ45Zry4k3mRByws8u9NWQ9Y+3oQyKS
cDYd8gDc5yv4DHZXcVoqHrpPSdc1gtTDq8fdByeeM6B9Q1aUF7Pn3XeV9fNkApB6
6fqbecdqyzoFyD5+zjbD64+XOgsxDRGO0GPdnj9cAsXVoD1sG/iu9yyWcRdIgfL2
2U58BewyeOwnwdedNn/NiChYwJZpbL2G1y6IfZHrjXfbRsMNPuPi5ETWNzixs4TP
jCiZ4Mcs6Hg8mTLcwMs30teCY7bJuy6g4AxsRWDgOhS3VS0uKJDXtkYYIsxor8/7
o47xu+jpQaqXzpCjPs3NPKQCXhHcEQLgTKQ1XQ4iTZDDisBo0vbt/5M0no9ZqrGA
x068PKdPRefVDHkGOTDDTYMJzDi0ZsSZk5fCgXf6IurWeWVpB5Y3cMf+hIwmJnMZ
Hb5knGHlz5BRYXLFBvJTf5kGDxKa+najrOZrJD0CexsFWKVo1NhfHOOH6ba7srmw

B.3.21. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10445 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6720 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2283 bytes
   ├┬╴multipart/alternative 1455 bytes
   │├─╴text/plain 497 bytes
   │└─╴text/html 649 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-complex-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>

MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHrX9uy/oQe7y+9tegYXxu2T9sAJqzKM2LCf
sMR9WNLx5AZ1A8iQOHilviTas4EvYkPgJzfadPRq5lF98h1MGWaCpvYgKlbyVdu5
ubwR2pIkRpttWRULid17OwadsTnbL539iRWWzWMakKPEh00oSsrDAUbE2INawzzs
H/ajSTjtFZoeVtwRH+c7+WiTsK+LO2MnbqBLhrIUjPXq753QToNcUYbj4iFWtnku
gUFfdkhrcwmzEzOmM66L9kwqvnfqjpCbx8A5QOsVYGZc4nuXzgY4F8PYKtrGwq7c
tLX+CPJ4X2rqH3KoqhhRu+TfeVtVR4RQ1TOPlYyFdjlGDqHbAC0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmCHkN9nwaIBtxA0yYkitWt8D
lJ/Tj1uocqIubp1kShAIee33NF+5T0u7bNLseaqu5urdWlCk5z4Qh94iUA+En95C
+kpTNvWtXyIoWgRX6C/TSup3ETM/DE6BpdKTM0VvzV3rNAkvIVzBocTYnULspM8L
beO74Vkw1oJQzvVJlU3kDA0a9s7R999SnfYwO1MppzK7fjnKswLkaw7SpkfbR/4t
9ogphGdg+GgskkFarJF3tJtXRik6M6HZGvvsognVKJCdVF1EgLDsyerBr6WhvJk9
oHoXkwb8oXkJ/UNqq9Xu2Ymg3G2cL4bvgHqLOxTTtg0M4uYFrqkren7v07yzPTCC
Gu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJN4/uWhaPtLhndZalT20q2AghrA
DzzcVJ/3c+0CpoBDEH/meyCF1mPrf3+qcrvGwbBABAlrKY6u/r2YSJskaJa+GEIV
kMO+ImIqUfW1JtOHsT5xCOyU26TOkyFayWIPSdoewTsmUzbtv9jovXsuBAApDy9S
jjKhe4Z+A9mJoWZj4vc0Kma8qvWY7gWJoKvi/62hiycutl2ppRGDpucRgTpSM4Sj
n7GVlA1gSO9od9GxQ2lbLYRx1m7GQ7ChVQPEYoLOENESrlel4Hq8+0sCcNw6cP2J
6wiblt0DfMkIHHa+ZJmKJJ+JeNmC+p4saEHIqsPm6QVQEuhpy7T5TEw+dBrm4i96
PrsB3jO6ZoTBzih0Y0UBccnul26JMom7QCmo4voFnhu0ZTh0J9E4H7Kf/g6oe0H0
NdtjqXvFwEmFyp+C+c1X9dJauWjNSvyq4mTbD25mtg4zKh0bHOtFP4fEi0vPRaJF
x6N54uuJVAWSjmV68nb8POCEqPJqQKyMIxdWvfEOtd1FLrExkxh6S5D6IB01Opon
7lrFDkHIAVvZycqZ34gItB0ElH+DEmIUr2d+/slzztYY5X1soQ2pkAPXugtYMq9j
VGUFOdv9piFo5g53FpDJAZKSYFHtSuZblvc+8ws3Fa57CUFoTVSzSbGL+1dPTXCB
50zvNXsmiMSpR0wLKCrSdi0fCwrKusHS7XOI/A5hoX8di28RGmR2gkp2zmPnbYyv
1xLSGqQ+PAS8nNMrDNAVS7oMEab/avu+0LuZqcaQhADX+jwApOTA2MC1B+BxvRow
iqdE/pYUh2BqZRePd81UffmR6PQQMCHe3HQDfalo5B5r6o5AIpkjoVw3bpWgKwTz
SQMX5O9K/pjEkMc0nvdLxOJ/YIn6kfJmlc+Wn+8QrmTfejOMiO5Pp8TKAdGsIl58
2bizDK857Fkxjz0dUz0Xi/5hCZxTiKIDbdGrUjlRL6PsM0w6NFgGxct08G9r0u3Q
kfE48HI5EVs8Tvc/w9Gchy51CZ6zUWVXjuhkUHUT98teTvmLPRlDctrrfDcYD/kJ
woptpWkI48LzRZMRfKrIP7MorWT6vcrZl7SRleAPGmd4Yjsn88oiPgsqKcd0P90R
HnDJFpkHaFFl1ezy5+dk/sE4tY8xWRFxsPMVfp7tBYwQqN3x3BfuLFM6/7Afb4FN
xGlIH9iGCBmfq1JPYk0XAL2oVy5Byz/xudIHqSqekP3+26l1MZ7kQ+3swrKXhx4+
MVBvg5NUlKbCBCmIp+fGv0FDiTo/ytc3kQIF00QgQ+ZiZb85Us/JzHw5jfwhIkYz
D/RKHPdhvbTzMX7+Ta+KthM2WbZhS953R7hWbTBL0lKJYleS6KPjnvlcGSouFAd8
WP1WowObD4agmewE0AGJrXn99ZpzQaGyQnTBao78IkBrdqkMc//Q6SLGPbVRTWJm
5Pyz0NEn8sKXN4xT0mbHM5rphnHUz8CcfQtGG2YfiloqBWrG80xY0WDKeXoU8Lp8
nvbJL+ltLc3UdpqTuQPH9TtUTJHFPoiXD5ka4dGu9ciFv94h1UMGuqD3gueaHGLj
Dyy5ctxAY2RVmC0VSgXrj9RMKNGSTTWPb9ysZegl5RJA9zioyPSz7lIukJm0MOD1
j9UK6gTMlWxuFcaXZZK13dfkB6DsMmctP7G+M1bTCQ96beE8J4b7Wl1w89Yd2pgt
c0Pa5xomT1c1sA5UTTXvetX+F+JDrkQT8A9jEZmFgW4R6xJ/17X1gYOg9YDqZUce
nNqLBH1nwXJ15xrGNo778M2SR5sNCb3rKHOzT/xtCXqg6kbvuynAPwJfvur1CnsX
mj7+2HHO83UJk0ol4BfUfXMZZLY6CdwVEqRgtVXTR9ImEUkcNj1N2hZjFND8CEad
p4LfJ3N6YgEWqT5BsmJ1TqJ8ipZHSTpC6C10h9ejsAhs7MvMUDWVOTIzXuyqCNgD
1L5BdMUR4NkLeAo+EDS/T34gJCBtwHg7MfD0ebVbMVmXdtq5JR29V0RauWSNbIfq
oc+ophaLmAovD/HByZzdeDFr2tSKxQ76xohE42HugOlJDl4whXHbFRlvhM/j0bMA
JJ4sYx+U4qRIYOlopa4uQTpLqbjd9xgWSR3eQvq1l5cpL6rH4pHYHHihoYmcy5b3
v06Psq/uW4juVo5keQ+R1lyii/TMITHKdNZZvxfaA6CMC1aPZxS8dkhgWIf+OfV7
VKX93zUvWUwOGNnir/JDPNqTtu4KqCve/pMM2WyATwvEwmwQnwfNOV2tgHTkGRV7
CKMmteCyuOsaLOyj2HlIZhFg5i9573eMXQpAjJAVFJ6NccSjJ9USCeP74EL885m8
cK/T3aTTyXs8w4jDIj4LkAyNnnc4RAY1lFfFLMaGVEmO4ELG9MepFIGeNV9ek15C
M9JpvEoHHWboyzqvddT6az++vW/D4F1ZCQFCwVGgt0bgOokcL/5FBbP8x7QjzdfQ
RBirgQr2hzSV944IU+x9nzhLPcs1y31BjjKkKCgK3bL5PsjRz1wd4CxBed/qkQfC
5lgaX+mo7p9fxnP1g2ZUIImv79ERuqHo2EL/RmlmpKFtCHeAxdbcPaZNRLzhvWjO
IN9XBlJqvEqP0PdjPcSPiZcp/RXVviRlCWa+GVFhJGymvKtn8a5pttqRBHQiYoni
R5E+5jd/aLdS8+/rwmVjxou3QtYNHi7z+kR/4IE4l+Ih/Vemu/fyahAAqiYv837c
Wmewk6Brnc9h1bIDwsngS1uGBSPHiIcK4wFRttqyl/0DkIukpoBjqyqTWsDu1Z3X
k/lUrO+nP1cSzmD6FoYtag80yz7vqzSpk35b5oMf0oLxQB8nAEaQge4Jabxo1nuq
H0NIm9l9yBC2RulsEibGcNT4u3nLyVSetpioIEN5q+HYuXVNeprsrfeMNmAFSfxg
fWETq/iRyF8lTChlI/lgUFSYjd8toXthEcsbC/rABnMrNAslGlsVy5d/wE3J0er7
mr5+vSh72veXZ7pvkk1lXu5Ued8jXHFJ5Z8tLKGs3oQrcx7TIa+23/R52uv1Nh84
VaREBqQe8cGcAIQ8HcwhG9/xcc5LL/yuZnWbZaJe1NKEhP0jaRsxxXaT1pIUO46B
L3LrvCuqfRVWklke31XzmkaR8JN0QyDGLRWDyTtap786x+XefWKoejbzCffSpnwY
0cqGv1nfuf7BSE95cqhq1NS4be7EapwSe094iusmLrNsINSCDirmBmDc3yt9HwiL
NdJl1Pwuubxgn7Wv6y4jhw+gcfO+jnkkPnlaf1Dw+EZj0R00028dbItWmdsMS9LT
lvl/lhox6fO1ivULgwbD4UHawJpSZY1wg29Bh0+EyPUCGUZyCBGAfHAny12j9Wk2
B/gZ6d5HGE0XwGTsguOnNnFP6xyJq/kRonyBfvukT0AQ6dCTquBnCwLFMfobN3mZ
pwniDmCmlz9XfZ3PQy7nHp0MvQhFEePu+0r/SY3PsOOZaMsBgVt3tMurznmYRXx4
sjrEyzQ7k8TAKhN7a2QmI66++OFp3HKIkOwwAAIqE3zer/cJZEu25GsOESlfZzE6
9BYcQkelF8GGFjgL0DOu3B+ZNsEbE5+Arjjvy7joocRiaN75yFVwFzPwCIEHfzMs
ts00Irmy0nhznA2bMt1lR4cjJZdfWQ3XTWf9/6+4ktE1erstISjvMBaCJdIrDTIC
rgNOXHmLpj9D/EqNgtQHdSneFwIiq90xRdI+vDU8kkf00tG8PvT1DAcVXWPEMctk
PP2SrEStVocHcrh9joSrvo/UcIYQMrE5DFJLkdSlfuTIG5F8KwEKWIx9++m//r1x
5t18KTDQMLrM2VzSvyrjhuqRNAR7KjjPZjyFuMA6s9GMj3WR/HxKGgQ/R2+oyh91
9Gykf7oCZJbVd9b7amMwUNahOTKs0UFAmdbeb06DwXIg29P5LM65IOSs75xRQDqz
Yx5wgxrxLJeZmYsHZSzfFribNZ1IiKGWiY3qjPy+hHbRVS6yeRvMj3oHSo9p9feN
rjFfR1K5icZf18Cyob414ampJqisPWpy8hy7muaSzNnFnIJ1MSpqwsLpGBahia8A
5pwKqysj9Fh2PB1gSOuoqx40b+1eDp0ZpHUcbkWdXT7S8SX299ipeoOetAdSyoNf
UIbf8dKF+kUHVzKjPx2whDjfgCxRgn3wm57m3ytJIEWJNIhRz4SOfnyBi+PJSHCF
ZgLirMJ1LiXoXhps9XeuKyxW7uBGiGqWbpDmC1k3R7aEN7es3mxJ86ZBs73y1DMB
RVp46c0ABaXYrMFCLKZ1y9Cy4Y51j6c6H3ClaC0yp90uERHUTrvO0bHsMwNDG+Yd
s5UZXZPvj7/Gq2nStN32/1b0GZKxM9LOp/7pidZDDwALawHsasewceEDS3mNccVG
DxBBcTw2tlzLNkGXKYdnPryyeBi7IvtRy0GbNGzaRmrDIP4wcwHutGBs2VZVp70X
wAij44z1G8/tFCJ6FIYppK4WKs6Sa0LmkpAyXzZEa48CQ8VbgFWb5fuRw+mR3dVP
GtJLTrTtqXe3SqD819fwaf98gWT6iNw5mQYVHwHkMEj0/39DVwqJsuylK6FKI8CE
WHZaOmFrn+8tekEdwBVSBFFc8dYrNSSYSsAKR6Pt5w6yYq1mj4qcUy7mwlhGCVkU
/MBZUtSxmt5xbMBOFhD5aOvFAr4dGUnE/vixJ0b8dJ9O9GGXCg7NQUMZhswH/CkI
3Xzx0M6LudHZsYPwmAeYVVML0Ud4v2zUMRaJQw0mxQdCIeae+DcDr7z0hstApqFz
w3gkrgc0rdiC/yCktzD3NtHXT6MEdsNoXkOTCFoyW24BiT2QvIZL7XK2K04tQmPg
KR4YgOCK26KO6w3xs2bOlqHJvljZ0251w+O4DtJCFktBhwiUnB/BjcwrgD0wpqeM
fUejPndVXg/SzM5XSAxO0kFZa5/UtR6gGHSJ4KYuA/LL+82pglGygefxL7OGAfyl
VZz0Hj0RPMozUkkMOS8GKGKVNOPAMOtrd6MNU+2NryVpcu5mQ9ZCcIqtruhgS8NS
QOfP8my2x93TF/1OX1N6S65sHpjFTVDh6h4W+q21f7R6Ri+M0qiuxKMUrLxlrbY+
A7VsQX1ObqeS4uWt9WRlEZXFO6IAkYFUPMDQf5XOkX4h29G2+QBvd2tx0IcGU9b6
kez4Peu1MkX/6fBReyso+PPmc2rcQQyKByDZskE7lYNGg1cPulIaq3oX2tVmVtB5
kHjuLuFq4tw3UB7eYO2G0JnibQAC73+tKME+uA5+pyLi07C3RfVy+T5XJR+EQ1LY
BNS20NxiU79Y0F6NF/uL5pbtqTJQEItvxQo1jSwKtvDBwLE/2uWfs2L2PPglKkC4
Wi3myKYZR8j4U437sMF7XP7FyD475AYUu7xn6UpjuBXu2gTl8PRYHOmumaE1pL25
MC1fUoiVyWjRZlIa35EsliR6GOrDhgt50rlCy5pQuOrzG0e5jj2sKkSkg33LQCKC
rzm/YhJdnnGHarmPuR73Kj3YgDhvz0hGEUmeTFeqo/URfO1kKhcI8aajfLsHrbva
yLduu1tV4Rz80ny9UHREdNkjV6kGeMDCqG0b0YKQmZ2U7lyo6qegNXTlvpURnnzq
nbaVtyQqJugGvZA/9lbAxEka+xWLX2VeC9RVa/RaTuluRS4TRfF2EzPfz3s46uOr
7cimaZ7oITiv5SygK2K4oM2a4OPCOmnK0GQ07suAVmMtspZxZW4zELOMP+xJnWgB
JzXDIIWAOaIR3hEYhi98y0721G7o+WORYi53DjmfYaQYikx9IpIY2g1jIploNvVB
DWh1FuEk1pZ8jXyhNRAmbcMtSYmgptFcE+BDolDZhg3Zc4ps0Wjcg/c7A9sqNf87
3lCKLoKP0UV6M6KRvat0AjLaVmwfNvQphUQzOGevQ+H0h+7WZJ2lCVd8DxH6c7Id
m60ioaEHfr4OEZysB+sPqPbSYPNZo+oH/nIGhub1AQ/zcXSupFd0S2lDkStCKkK8
9W2xTfgiB3pB6zf5n4T+S8/RXXX91xfvMk4NWvdlKDX7N7PPpE00N2A105SXQt2L
pLauSBWVfb+YOIx072R7gHWo00ZogqG+M4HfQAGvUk2P5AN2FcEn4nn/z158xwJd
YYWqWajg78qja6dLNhoY3mPupeQlLmHAru3NfdksCwpoyAnhEFAzzrzku1B1EZhT
746Zfiu6nBF8KPW1Zxk8SqFwYJsbXe4UJHL/2Pn0UCoqI55YZDBT9xsWhwrHMvXf
mMrvGQ7iKzMTqY54R8LqHF44NcyXIdaX8rP7IguHq7EVNTriJt3tW8k4kjaq4EsU
PkPIpQabENvuHdRolaLRAnq9PXJvjZW5bcM29y9tR5sMrJ5pXDOHp3pLZQYeDVWo
UzRwKRVZ+o3rraTNc4BVUZ1rGwfsbI4AG8AesgiVgc9z03xVKjNTLYOWZOq/wC9p
enRMyKfTRteRx99FzrqVlyrkiYZ4Ol6DT1QorbUUzHArZG7mwedLIs4YyXaJTywD
Qo0fjyfEkhnm5TvUX+K5FMJjzGlLs9N01sXDX5dkzBm8Gd/E0mSZ6wZ4cp8KvVmN
XXgJyZQjhr5fuEahuLzfumxjrYS4yB6nrmfsMTLxfRd9CI29YntG+dyOrR8mlAu6
QTgvfiZ4m4BZuznWoAvRPCmBYfOaoqOrZOWeVp0YPPFs4wDnuMXGqGtflZWEkIdJ
HmJawnx5hzcRemznAAXQ5NTu0kUfXFxx74ar7bfPFm8CdnAfzEEVEjdfbJHm0uv9
sTV7Yq1EB5thCy2ljjZ/3d6rkUp/oFvL6L0XRBApGAVFVQYj1M5XgsMRLZDz2VDy
UyBUn2avhiAxcFEiuhrhrZOEWysP9VB6b89OBeNuC001yKB6YqcDaiLRIyKdTfAu
87jH247gx/yX40/35ePBaSPjpSSdW0HB30cgFNfJguDcAAq2aPL8BnXCtQv+X6cd
pKrFSXu+a6IJc+77rTCEJXCU7KANqQiRJZDjEzVsIt58K3jiYxx5bGsE9w4BTI3p
7BwaeUn84WxI60Lnc4ggWQ6UEd0Wgsn7G0ISVkkVJFYL0y8floa8yucVPSyYn9Cz
p5CtmpbMeY+fJ9+g3f2szBylmLy3whwC+Ac64U7PoQdIxTlJ2cRUefFLdwSmrdgH
mu6KSA31FhANmEl06pnQ9A8/mRwVBEU8k3eg+UNZv+19JRaOib3uPzgZ+BeLP5nb
wKg1054R0kLFafvTooXvXI2HWGZe8Qlw+gJtg4U+hAspgubGYCqQAcuh1taS2yC6
7v+uhGluXu7z6CqjWSsRTytjLXngXQCvoJDxv4LX6Z44e+mw+S7BSi7Lr+eBxVYw
5Dz1JUokGejWlF5qNT/l5dfB6nDZoYXYyG/Gu5w7siTu8+CPpC5cifiIfq2ttGH7
s8nRZqZEOBKr77EhFCOUrQQCkYtiiGBldczWf8Oe1E75LpbXNxfWXSxH/Fs8gJPW
17xridMMCR/wvMQX1SLtxwAP0BnkbtGLGDUZzH5CAv2+5PG7vbj7kWyNPnXWobps
jzEd957txPQ+hHY/e7jwW5IpQBrwEPMaC8pZ+INDJMMzFnCWv/1YL4D1piMMuDmn
r/bc6SdFGe0iwIu5/FQlRzc45abUlpwUOctnxGt39YmJhxc4PexJ661mY++9ZF55
8mrlf2yB0O+0+RmS0HL/J9drHfowJak+pveva+wQpy6wLGaWZlByZoVwt7fod9Vu
Moq5/gBGk7smRG0aOuV55I1YEMxSjNQcYMTqsI37TV9GHsCmdQfULk+J5IdTc8Bm
MCSk5t03BR4OFAlr4OmQQvRvw7ed/TD7Xk6tjttJw+hrBzzy98F80J6sQW1aaOzx
D+s0nq+e+JMzb3pGh+FqVaiDG0oEp5zgcY9SU7cNAx78VUtEZdqgxisPW88SknL8
cyMPqmXrjlxd4XY4lwVh57RP2xiI8TU4bJj5LBRIiUXh3R5OHiFFSxxVHhvKQEuS
vV91GIqkneNiB+xY9U3Yd4pGt/VShSVH6rj+s9l2uKLx82mexYo/Vh9OnqKVwIo/
TGbGIbjAUrjOoAGsLwV9AvOTAqsALA5FLJmGm5PCfSamUpDR6ksuoM/eWywoYa9U
lDqlIitNd7hPOmHaE6P0sBIg4+zWEB/7yV//xCXqafBWJPmfZg+HZw/nUGZ2B2XW
0qFDl5ZTvgJ/V1I6D69QqZrptp923AlHsAkQt9PIG3vOac7M8EsUMGzSVxjbcR1C
ZoKKzPI7f0WYpSz18mbQHbRuyLbyS4FCCiPUgIPcsJL3abSFDSgJTZpVXPD3ApLa
mePL2wM4ETERs3M8adrXJTTU9I7ApThgMK0ZtzOBWOfVHItd1JunvBVyr9snQ+c+
412hVUhi24LTl0UeqXH+KHclrZH43eBaS4UZk5pQMSHG1GmX/ctp8D++WiCt796D
4ey4odj5TI02nA3BJNd4O89ZTgNkL8MAukgJG9kX+IDry+Nl8PkGzLF9W1/IMcqh
QutsvU+/3BIz7ZT5GzgLkYhKSnlapoHOX2eevqozAlpQCDbPmBwkaf0kV3jxkIIF
APK3119EiGPaqL5TCBXva7mG4dz0fAiF4eiG8D6VZbRZ+o6MscSIfDo+x4MpSD3Q
dWoz3qPPwmHBL15sUQjbb3fMlOuY+10tjTF1zLjTbdmK2V4nVuu0vu1EGBij0/xq
uOZZWD77iJ5EBZbjBowi8cq/HMGRvWMMA1BYmfUpdXj48WcQ8Ivlba8os0HhRBKG
0iZIlizxkzVZXfGsBFQB5RWX0mxXnOobwn1QVYTxVtISxekyBOidef823n0n+Tpp
H+Cd7IXiAvdttcUBto9zA0ILgt6VPIi+mXemGRsyUklMpU9vNx60UFS9KeJ2bPXA
+/OkxdJfwCVc0i85JvCfVHVdeYTRgou5A5eTffCqau7YwRYPKi/56AUSB3hUfMjr
ka2lxki6bwcrP/Vn3FEEn3g22U77+RcPe3wm4NKSSxrpaA0PZqIvKfqeTxn5MNI6
5YT1l8+hLJva5dc/Yiss/fMRAPfd741cjkd0Vc6ezy9LYIljhenC8ut3oJiBvgcC
7rm/ncD7aKXHMmlo48qTwus0ujNw8rHVDOMtGtXsRU/AoKGe+mv/XKV/owN8+sK7
9IYXne5CD/jMn04I2sWzEyP3kP4mZnNcpQFOM0vIZNs=

B.3.22. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9750 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6210 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1970 bytes
   └┬╴multipart/mixed 1906 bytes
    ├┬╴multipart/alternative 1140 bytes
    │├─╴text/plain 379 bytes
    │└─╴text/html 477 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500

MIIcHAYJKoZIhvcNAQcDoIIcDTCCHAkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABoiuTpkWhhfblL1RCZbuwLzmGm3w9XY0fj+
SDxw4qBddauIERLO6YUM7k29IGzo5RQXEr/+QU80QxKUEp2vjNSnGqGpLAj0VEy8
TI52mFbeqCPJ5LxD7SWOgmI3i4tuUWcwhlIkwj73sYwqd5pOl41etK8yVIBDqN1D
uOwTKe9j9zyxHO7gl7GtWB5HJ5jAYmsoGv2bbg1T6JxlbOUmFwgV1R4g+33YiMin
sjuHAZ0EmoFH7o58au/9BOfaVrWjOgjAdn1bJps58tByZjaBYekx2FHjhW1+Zi4Y
sF1FEt1eDjxZ0Bm2rpaWw6ZeCUz50YnkymOS5mC7AT9biJtw8mgwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAY2tgCqi1NB7E4JtYGs2o2huW
iyP3292KYFjvg29uqV7CkkBAasq/ejnunH/LBQQOGZJ+lratSdSqrlTBUE7PVKO9
pr3izAQpj7NLTbbT5ntI+17+I9SCf3gOiLXOq+f30/IAqXcLG+JgoSIBIiMitzUf
6dsiRa7g5mDvnSd18mZo85Mf9tPs2rGvYo0dUzhlVbCcmUmW0qoGVvIFsimm5URh
Z3o/hDSVhaD6n24mNEuQqLcppYhcGWK6PAF7lKsqspk4RUgtmK8GyqX2gM+qg1qy
dklwTPrw84ZEi5ERcZI3mn+8gG3C7fUqvWYeikNuQjHRqm4cK3A4TQbWmBGUNDCC
GO4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECWAFD4S4DqPDZVZGaRlOuKAghjA
38c9JsS+smudhk2lgcqxGWgqxm6ZqJ6N5eg0EVWslLtBoO1B0Zc74xnKfB+zTMfS
RQy/b0QNtFJWO5pYEjcT86o6AOoDUdNAT1mR0BlKCKyxvwxyQhACje0+DejbItz5
Laj0abNLDFqyrXR1qlwXaTUFM+r7sBYq9RDM65/kjFvv0dcKJlQHvcsGG0k6XzWT
1z18D5m43m5v52IQSMITBlGQmhFuI45+KTJ+U1E9Zs8EpHSvLNX0vTs3QaWsF3/8
AWn7TxhH/zu9Qu0DykHkGOFNjRGWj7ufjC0ROQbjIaVIoUKvSKcM1DkPbQ7tNfo9
T52RnWuJbExEwhwLXjoGjr5zwzMNWKIkYbGunRlPDrgq2fsd2ewlJu70URliKEQ2
wS7BzRjb3JYnWCy830jRuVGpvLzo2WpQyqWxhSYzxuAl2oseGqfZ44P0eZy8YX7+
09noeKem2F2+XFLDrV3mL3OSEGEYqiTg2aalRxFAIuPz2IMl58Exm3xV87F3oGrV
/NsV2g1f8sjkwdQ4k2K6IC7Rplk5jUBixRGClFsFoXKWofoL9/r1RIS7fvKpWUBh
SdQQ6VkxOTeBdXG8oPm+KZ24XnEPniJ1AduGFU5EPFo17MCGCPG4lSJtwZM9vx1b
v3HV4zNDZAbUvST2YCDSgZSSH7hgt8r0MzuB72PUiCBrHXA35nuRACWKG7W+Hbnp
7Dvw72vbdP4WJ9BPUyCENzmVLP/4le07FI1Llx90ieh+/abBC1FKsnITC2mo8OZs
j7uYnZOKpJLyHPUATsyZ6qh/FdlElhiYJxmsROVUV7zuQDdXbcP7qmDNvifNwaIB
AA88/wC58QAwLIvrQeOesAOqoWa6XA2FevLKkob4zcKBUv7zLEgHEEkMebx7T+EM
13MeN6Nm0bit7+eZN+zZ9MuiUM8q1qbFj7dEMAnMMY9rbaH2d2AmXHhxVm74aLjE
eX7vcYPsyFxTRheds9jpeYalct58v9UB2Db5f43gGx2jm6+hW1NEAuBhAlzdHJ/I
yHzgGTwkaY5mu+1e07CNTgVes0hCmNqyekYxAkpJDzvWaJJSi6pqfNHGkil8q4Dg
gr2jQqGWMzgQX0HBkDPioF6AK7lGIaOi+ME2/8x2/wFF9in1h+cKkayz1RTubYh+
9ulTMlECKCCAg07MQSMqc0XBlYrUuOSZBOcu978xXqc4JnS3LVmNrvh6dhekr9H+
X0ao6tIUOpR75d4hwCVUy1UlEPXekxAjG5Gp0eY/rAOh2JUMd23ScmSOIbsVNq8a
8BKB35v2mGyOBnQ50JNM/4KTOB5EMJWAL0S36jpneZksgw/Xxi6rQC8wg3eFgBXw
WFrNqzG/4HoILHbq4cbQZqymebjygCN9GCjmqKGPBbDxoiNOpGQKfCM2cyCm7eWy
Zhy6/70p296ogFP6TfCGbr9ub4y1yxXJbs7hBqVEQAWqQRgT2d83Z+XcSYsPyz+D
CSunKBKbLZlaAKcbYvSogrz5d/ANlKGHtE5SHMhI+X32ygZG/A7V98rOfskk0qaT
NGkuZeQA/wOTjZLwwVMlhfDRGuBEbmedpU9lClMXHFw2KpDEH9oNDtc03cyQZ7Ov
H3RceOTylTgEly26Mu295h9PBlxJjY667JKai9F58Bfn5KO37hj694CjiimFjcVk
JhvoP3fVO1tnrGD4sq7soMJNyoeDSTBbuhjUZAwceWMnekAE/cpuBvf4brdLYKRa
tWJuu3ZpYLJIU1kNh3udFdVWcRhVvRRiGWU47BzvM7G8ewbLWrZARMGm/e1fSTUr
WSnRM8sujXFffCscjFUHvA7a2G26bH1pcFEFj/EjgAG82J3bQwtz6kS2+tdMas6b
ry+hI0UVjKJN8umUP0agp6uFmpaCnU1tRu/9Zu+P9SOm4kuZCK0TEoFgPBrjxPG4
kVtjAVlj8ELNPWdCPJzjaz5dwK0wPi1st3RC6kOsro4yzHSM3t6MY6Bun3KtXCiS
koqqWaUx3vUvM7piART7Xv+gAsBcYu/MyDkVJKBFOlNGRx9ycEuVcnVohru96B2f
R0SXF0B9WdG6sndF6SySzsU9f+Xq6LyvSSq0L5zVBQmswBx8DE/1S+oTWqFZz4ba
SKMZU3AdT8NrglEuJ/OAoX+eCbYAP9EXC6itTXDGqJjYlqVbryurzNLO6Gz1ro8W
dbtNjD+YDjMPT4VFslE+KGo+9J0YNLWVqU9HsRhj6/DsgSZYp4AKi8tu2P9YhRGL
4wGK42ziR83Q9oBXSkh24etn5MBMBqwZo4nUbYKQTYg1cfYF3P5WiJUhr7OttCmq
JtGiggPyGTX4AUfDb8bAEaisxiEZlMpj8/bsQWnQ8ghj0z1/Fr9isSMT4mpVH3PN
94ElJ1eR4GC9P0zEFrPNosC21534F/xNWT6AHFV5HXlMyVyHFPFTS0x2pP8O9S8x
mBpen3OjycqSsDogIDY3hsrTy5s33p16tNrvdsRxf+Wsb4bOB0XQ+VQrr+WhJWoD
76raYeLbdcZ/R+C842FPz+lMeoQpb8zo5LQTIgjN/Z68u1Re+S/w2OaZXzDVs5ub
HIFWswpy6z1gHwEGvRYC+thOO9p33IWMzEuSpgApmVj7UsKJ6iNaJwpGFZrzjMRT
2LLAlvXST2XAmgWb8t+eWJ/ToWcizoqm6Cm3uZTnfIiqjInGbX0dNV3ZjHq5F9Ik
eVnsRXS3U9Jutuah+2pUK1iVSZ1hQUkKcY2MovGcCRoFdQ8Vbvlr3sZ+QCkOe7Cn
YF69COsOnpgtzPU0CfsyHRInzVkqdbM1DqCl7IBjHVoLyWN0TTcjxvxNDCD2ih19
DY6QtVCeoYX6/sE3HE9Y4MmVqHdzq4hX68xujAhZry+9dP4c1z6imAIMakJAj9BE
ZSDl0Cl1nk+tdz5qlzRopWkDdjNzyVsLbVuo9jkjHcGzX5LpLCqkFUzcaMR7mCpU
Qg7AWlqF27B7HVuoCTy9U2/9+XrDlUSS+qWG6Oic1+FSxFD9bEy67VhN3205twID
Xc/DtD0RP9JrNRqVHHl3Ciy7t6HJDukaMW2xYSlrVTT+gZXUqh9y1WHwDUTwlScb
/K5Des8IvZnWIMseAjTSEeygp/EsLOc7yWkuNOZXu9pxZE6dDITLvGujDLCxaxl/
dsbzXrtUjXffniZgkPAFnkWA165ligKu26yM5thczRFgQbH5vofHm73OT5JKzGNk
j1q8qHRxkJiFy4S28Y5u7TJEAxwgeKN1/IPkU2iXuroKCgMWHJNUVCMYnRzYjkvl
GVnNyuTYdu02aeKTe4JvO7cC9uC+PkDlnbB9el2t5Qul1It6wF85A5/jMPzPomU2
Uxc4ZGaWM31zbPsUjWVOTf+DE23nVsrdklyBsNK52U63Zu6hEX1YD3NEmyGLmBdT
b3nwAKZ/6s5tmTTy5QtqwoQ4snOnUWOuv8uXzy8HRIw10MHYkoAVMpui2qT6LxBu
nSvEukN66qhV6XTMzSX6rKzh49zPNFvWjFwH30Qb/E6ekHKzrF8z2IeQ37q0aZmE
a/RFmueAlLIhwm0ym4MRYgjoMHcnXRfTGj2QqQwCVtQZ6lmJUAqLN7y7BbqTeR8P
K/oZxgd4pfDlAH2l47ewBQxYy0DLw2d0OPXQIqmXwh6MNLKyBvD0oRRFm/3lkh2C
PYnWQNhKZ364zEVEsivpW1R5pBB3lNZPiKrRXEHRRAr6Sd2i2s+Md2mlhLvF0Pe8
m0pVUR1QzZ5+apPRThgbZKj9iPhha1UNiOZd9HCSS08cvrV6WZq+n+KmmudxkE3O
G9rMGFn16DCEYg3OcVOBG0FAphpir8RoLKpGU/Kw1nOzKiQNwXK7y5jfyyR6Q/cI
hbwJ5XBKXtFaAsd72S+tgo7dNcmnIpGjI5QEDdvcskX50TUf9CAnkDGgpUkxfQ17
zfvM39IDZir4dUTZnuI9fmmCrr4yzDp9pvmv8gXnquvUmv9i0HKOJXte6vwq9K68
HaOmtYBT7EKkZFz2FmPkdvf9n3q8lLTM+L43xAKh8/vtREu8uqmrr07BOiqzBi/T
mG8WbZCgo5zR0wnErf2sSGWpTlYX5GAtiMVees5k4z1Ya2kNDEwxbWkC11ymVjr7
X4ktxrq+aUSFb5lw6NR4Y6Hoz/nR8CLvoes5/Q+cOeSd9atBNWXiyBcBjlCt9pTW
ANQrde9jL0bz1zrJpz06poVw7SrcuqUU1GWPkScjaewysY38l1p39GqrnWfuOfI4
y+BXxKikdQuanQOrxGE/P3Q3hM1pIc7lLPWMw4kWeIYYO42zgUqY6y28QhZDaiKe
r7F6Ti1L/3or6LyH3TsT7W9m8P/9pab/odpm9/Hj5GD/vQTSrcEdw9rMTTbj9WlS
X5X2hKactPQYqQLM2pJfQDVLBjnp7SHrM3Pb3PxQnxS3MdtYB0P1LaiXmlgNx+IY
igQPeBKkzGpV3itLdGCSgqxEI33Tz3EF9sYdLhKYl7gHUXbbRMq2wir5DRbzDiOB
sQp96CWHxqizf4bmpxjvM7J8BU8vsWt6PUdnYwAxsYoizvocscFv0sc+rwj6nNJY
Himws1CETDr0HVkXQymqo+sNVGLkQh+Lp8tEIqKc4qZFeVtw/2YQec7tFZLp9KcJ
3yDy/g9WDJ+54ezBz/s7kX14BwXynjylX6oBa7GKHMEcIhwJykVtym2iduR2yBYN
ifpOBdHMjBwvxNei6+tpZJ8wvUJyrV+xCzyZpNHfztuPbNDU+XH0SKXpk9ltmyed
B0e2WIl/+GtBOMubq/TEHNcEvMTwScaHidJ1bc8wkxpOdVoh6R1QGgD9KQ3VWecO
IkNaiMCdUiCbRYtGj/u7ZDfF9GM2w6eJotswrRAcGqlqHForJX07MkTrECMOkL+c
3t+YfiTEBOaud+vGoDkvnOU1yNL4p1YKASQIJaUdffOY9u9a3zRUXotvnZPa341R
3nMPdZB03wOGY2aZ8DWrJZhUG5E+PqNeOV8yft21UTHxQxXy0uNbp4Z/LaVIREjz
9xppWhO0CQ0Z+hQ6KkWpHKckRSLQ9uzDgrgKTy9ROt0Z+mB3Q0smMxFVk7xHpomT
hAx3e8UBulOesksRLBbFMpGsduLJGQeu7itHjaY/FJCiqNtabh5+hjt4gby8rr7/
+wP4UuaEl5nqx2KwtAYNe/qFWT339gN3co+yvWrIPYtbkJYpxNQQkEdOHDZMQLtz
QwsgeiV2XBYlqnqb3kAiwwp3ilJ6Vh1Nivt9ULe5IQOyz6er+dP15HoDOx4j1SMN
gl8Of16MDPdAynaBZplhHALSedNE9e4+P9O8AKfHgZBnKU+eK+2+I4u7NRYwXy6O
AqiXD3RUC+SuPpUto5a/OTAMiOnEyxlSD631bB1mJieDNVgYoIyRlGuqMLDijdnA
BJlCl3SOdj0e50MU/ik9uK/jv2ulYzkhbBZDwxDyp7GNKHRnwMeZrn+WyvFXiayx
7B12tGr4qQWsUYhQX2jk1WNaD5/XXVp2xvGDDfrR64FLGWOTMkqNiuvOojJNs6Z3
G5F/omCdHI9LFBnO833IoqRaT2Lkyqx7olsrMNO+NN7EP4220fZtffagcWdqXERB
1KyjxvM0ppRSmyKFHEiIGMhpOO8xRku9m3s+F7L+D5mU4cR7fvA/qQy8/WEB0GYW
HVD6fvxnEZ3GJhZOcYbk8G4eW7V6//XrEND5yoEG2mHqc3atZQEUCEPdEtdZeuk5
HWyKqwZ9B/b8r2LLXEBnZPrbH6O47PQrzl9AOGr8F5W5act0DB35D7vSRHk16aJn
OTDkat3EW881tFSRj3rjpmf6Uah+igycI7Ca1D+25BfbX5mSwxmskDTxAHIiOVHA
MWmQEY2G/5OEsWGIa/45oBhZxfuBnyAXD2zRrNwNOQvwLdHZbC9fBSvQVPLttq4D
t0p6q/mCY45JZUKF7YwOIKkIMvUJYFWKDcXYFCfktrZruKFs8BS1ZNKWFq+itIha
0CtiEkHXWL7HFLJ2QvF1FJ6Jrv92w9jgUXy4tVAZkShOQMtTqm1Tj4XkgoSMYc6T
KjBr3gQj2z9nIeehx1sQNNuw2fECAA3DZD5W1UacVUs9AJje+5tkko22HHg8To9O
4rWFdKZR/LU/6Hkkialkxm1XI5dgWeGI0ZFxluG3pqDmRODK6Yzw01z2/3XcJ1dt
CmMckfCkQFKICMMg+0R13F56NaKjVSeGb0mP3eH7OkL4vl3fKyeWxHL+OPRnz8nQ
CQud6Bb0JztTPHdRTK/jT6w8F2R2/o4/qB5oDfj+w1rzkSvcAKUPsNbOpTWzFhGa
kWdFZE51CWZVz08uYIBxd7gBcQnuoh5/aJwykUGNjlNv4e+fy38nBb0WMnp+GFuS
zorlITl3Hx5PUgz4e7x4pHVNzwv93elwmPo8cdwmE6tJ8CyzRDGBBzRHKYgGYVUi
XgLu/HmH4QOak8n2CX521DSRO//8FFGsBSRTP2yHX3yRou0y2D1OUpSOruO+4FK/
APG0pzyouSOP+I3nLNuMEcvKOcA+s5D3+wcOqQLl3XaLeNpxlLPkhPYi43Xchfms
E7Z10YalmEWXxuCurLmBjM6NQRU28t4XCfoIzlblJV1Vc7B4134r4erV4G02sbr/
xTbLC848s8OFTYBf5GxqAmo2riVfsHOlY1d6AnIjaai63Tf9V1ktnPGwHgefyODN
JdKZAtkJyTen/tEwD8LkVBzHEjMN2axaM1+sQBj3RLWyn9y/74GiPXfHiOa1OrI8
HB+9F2in4+R7OWzdIj1MxwE2tTOWabZ+NxNpFt+iIrzH1ps9SYjFrf++ThfEWKjC
AaoPlnoyP/sTcxCEJLGwjru8nDTMln3HWHVLle//yyFzSV6eeIaTDZhAdMFNd5Is
gokg8DCkveJwsBlZZqWG11uuSKnzbwxGPOYzsPUrVTEeJaa7X7fTGNQhV0NHNhTR
SWKzni0hohpklTtPSWlMXybyFjCjKk6ZZou34GE+O4l9jfcYYRMisU3+pgm0VJhy
sAQvO5/VdAswT6rgjS05Gq5ipj4+binjkY7qpT+yPRkfqCvbPUnq+jJ8UCo99fye
cfN8JK7zlqj/hF9IkeNwGZqSr6OFmMDj9yorE+j1ls0siwKbrfPdVrE5GZ7391G0
efVYKql4IkBIStxUHIRjWe2MTn1FpIhFPibSTlmKPJH2purDDIesB68P4rcvn21t
SesHG15q18PECPIB3AaVJEA4dat89Rt1PH8MO8WLjWgDZ6TOEsK5CjK+EYKL7Yjx
JJO7u5QWY82oFy4ofWsWTqLdB7M09vPvjM6aeNm2noStTyf80rikW/KZpvj7UbSO
tkmV0zccSLvG49PXt5TkJ4cv/moxzgqTUtBUzHzEfrQTMF3cMrOAKBew7UAQLJ6n
icV4etOsqBNgiXg0jfvmkSZ+nJ1hnzaODhno/PeQ+YYUW73jKeu/ItMnr4OqZw4U
AFRjavvXktsxwy9v+0/wgaIC4dAEgh1/i7wQFRiaJkZrYFulr6f9vebJwzudFS0F
0qNn3WIJqsXJXE+skopVmmyuaOaMhy65BtehYJ9qOUcweAfZHJl01I6b0mtXbZNl
Wm0Xu8GIW6hPA16/X9nb1Me13Ii/UOtI9+a5UaIdSivlT4CiWUMuQvHbkTAgyqG2
wki/+pBwjZ9Rzx5L3jB/gYx+5kGoTMdkP8ECH33Ghd0yDhhIotlfTqSdxFxSemdb
qKqen1/IOvk+0Dj1yMsVw+/WnvNuYg1lBcNp0jWjSE5NOavyrbs/5q+MG/QRFwZT
B245IVLCgzvoacuEIvUKt1fgxuNisAzts1/xdMWdLa7gab+B9rm4LI1o7flTtosp
3P4oNVFBuDGy51pQVzMobKUb3OUvBs1keTKf2G9A2tLTaOdCRXD0LN3QoE/qsOcW
2VA+J+0xwmOOsGC4KCSbi7CrKcMg/FzhtdBfwyFUXX04wMZrETfDdd7vKDy9JJyc
dfjxfi3gOWpzCTimLXa6bqjttcre7zOdu+fw033+Vc3iF6dRksSMvVJNFpnTOLgM
a+NplsG/fVIK1q7Z/vOcH8roepjboBd+isHKwO9v8IWRx1gd8cBjFkieixnBlleY
gwnlof+ZV4Way+5CG6hZw9mBvNXPPud8QZWu5K3cNSb9QkldF+ZvkJ+ACEAQDpEK
xqINQvloKDt5dGPSCXwDlcCljVOadk2cQ6hE4ODlIGA1DdPXK9Rnx/BQAI2K1P0d
BjFTc6OF11LhCATKqdQiWotLtPN8P79l0L6dqSXTJVojY5sPxY6aQts77PKggSQq
2AtliQ7HmdnqHeZqAXKBM4bbHRr7PDIwgWw7t/ypE6gQ+M8p3CxZymaWFjvix+5Z
ZqnTv7pRvpE3nmvBtOMUyPjGa2AJEE5nH/wN2vqBbRcZ6ZdFvC7zsFv5mpQym+1f
dYZcgQ1KSCt4RjO6p/8R3pZFMwirr6hihe8YlHwTiv9FskZd6a1yiROyGwGLl+x0

B.3.23. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9795 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6238 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1938 bytes
   ├┬╴multipart/alternative 1144 bytes
   │├─╴text/plain 391 bytes
   │└─╴text/html 486 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <c6774fdb-3ef5-5293-ab2d-eca8b66b4bbf@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500

MIIcPAYJKoZIhvcNAQcDoIIcLTCCHCkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAChSAmfqHyENXaa4Q2w2DOX1R3r9EC4cvYoT
j19WfwiSgCZkQs08Aai9ARBMlXNRKV0NY9ocrCo+RAAv+2xgHyBbZAvZYGa2SmRT
rSqdHUtXYXiWkBRjXHer7Yi+96T6zGZ5iUyz/aEJBc+DkFgkAkvIayyi5QH/uLz5
tjd096w8lzj2s/2UsloUHw/oCs7KpleZzI9j/6MP0f+vpTElu5G1WYmumgKrF7MS
68ABr7NlV+hkMkSXo2u1CzPamQjLqHRjxJco0LFubArK1Rknli1GcCb9dITJh/dI
CPLaXPtgCNHE8ZL4b40reSbA9UEKTpxA03oNph5Qt2eZLdvwdr4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAQkDtFs7ZNTe9O8FdkPkY3u/
BoxJYAVFN+1/NdDaSSZbp3FL6Z4zdwVSIo379RUtPSLfaOjQ9vYpDZJs2DiFoftP
lQbDV/+SQWeCLRSuU2MJTr+W+xvgvVRG6pAERbPZemHtGCVo2hY0JqVt6U9vw8oZ
J96jh38tirDZ0688VjIBOVOwEJjXHPIf/xv5dek4EqDvqQ9SAg2f6YvL8Ipb5tlS
xN7dEQyAk38FU19ubnjOpHuPsSYQl6TmwdJ6tkL2Jf5X+Jb0Zi7vTVgA8CVeWQW1
ekLv0xrFrOgAxpY+mKs3etVDZJGXFNK1/aiwXcBtrmhzxxivA+yLrVGYCJvVBzCC
GQ4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENrXasWjkevTOXaTor1IK6+Aghjg
P741UlHNtIuPnFwDRMNU/sFhk4O0LG+v/6DUQ5W62l2BS61HgIRwI9sLmaUrwYCO
Yk2Fz0uvtOYr7IltVsC0LSg89JCsMh55IaZ/7CV+VVffH0mSiA+ItCAwVdUcPWSI
L/ppMzr/meOgS2KBv3qWPmtUkVVoIZHJbKO/C+MRd1EqcL9VqMAej/I/QWplvtQa
cSmZD7g3loZ4FL/8OAVtc/baOv4b8/MKJ7MzVmVmUHaM/uHeVHMnj8oeNPzdP8fE
AQLX91/Wdi1QUYmEcfMvkQ/dTcYWVDYy8TviIupGDHYW8YU/TgIUZn2d3DNx57eZ
8USIuIcJgE0uY61ItMPFuRtQuxj0s2oBbEY2ncWtVQOA/CFyPwSWMFFR071wRzLY
nOoLIlOhMmzZjGBoAKXEl+Py2aoKOa4nFXzKbYMtWB8ecVYfEXcl1oAwAa0lZw1S
VoFZzt2NQ4AD45j9oCEXjuhW7X7eEJLMaghXPZPOUJ/B/HxZe4K1qmV3TmLyHRON
fzZOvMfy9Qlq3SbdLWvJJ13I6/R+GKEdJnQlUSaq2BajucENyfuckvJIo7Gs/FSY
AhC6w1vAuN8c+tKbiVQ3xbgkWeZ1BHcViaJ5XFGL0qejccj5X2n3kz79UZSgGEkN
COdo6ahpLHqu3fECZv/yy8a34Km171+70PKOv7VUt073ajLq6e6/gxlbM5rfODV2
n6yB9vT3JGzb8qjrreNshQp5TUjywgZcqFvJmNZ9dusXAPkHE3L29TZx51wtXmJv
DvC4ZdzsZQq9T3H8Zs9uU3bJNM5yjTk2JXIX5J1uvbwy3F0cjlXqdU3iL6dxE8dQ
eyS++mxO+yj7qXwx9ZWY+TAzcCGBaWXtL3vhgK4qkiKuHl7QIWrrEmDNq1EyQ7J1
D9E1PZ5dMFCtRoYf9OIwGYRDiwhys2H5DWLOmQZwSfSYK30K9stbA3LgQ2GbAWJl
vjTYH5yeWcAH5MA7SI+Sya7U3B4A0rz0YtHcVq8//QLb/h6Gfy70OmP5w6acuQ1Y
aNlnwKK4OFBoh1jmVlBg4HL8zQKLAud5e8ObT9/KIn9rZQRcSg4wWwlTYPOOQbFK
gKBmYBbIuU0z7Q1OGbglJ3iS8Gu/dCt7MZkyDwgEGKJuPLuN1omOiToDLs18jwUr
Wt15bSsXfu3hCNpiFhm+ns5XrLPtBE/fLgzfZUFSNg4vKV/s5QzZnMroJnyan468
UI83csnYxe+Gyf5YHjxLCflwhZP7PJnztOho7O72tIS21EZKPqIIeh8W/m/QuMzz
ajEmEPV+NvLVPM390uS41J7paCIjoBRj3saGMf1WTZx8821b+QCZgjkvTfcAnFFO
SP7iYopxJ3x2SK41sBHmic/PBCKbJcfUG6EJqntVdPz+/ZDMCAoMYwloM7417r+O
9fuoH9zlmTR6TbT3X+e3N+8dQXRhuDeD7eJCb8gAD+c6Z/MZuAoAzlZK5t1+RybL
hyJ8JEKTt27f+DXv02k5bwfcsmkbKecqDCjQv7ObNFTmDMS50ZTQzKC4QcOR/zfw
UG8SCmbY7mlARW5xieWIUX3qDbG5MI3M3DyR928prPrT/eFjCY2iTsp/FGThwdCF
I9HQ+9l0h+h50zkmm4Z4yyphWU89HOmhKiGCOye9je9D2IhoGr6885e0A/xklss6
4EovfOu4KE4FB9lUXvFXTMK4tw9NS8Swi52dzhNNDkzX9jeSjcohoaUSnspO2G9G
wgEOkKcGhtggc1/O91uIMG9MafDUAIuR8eUdF1KJVoxKl7B4ew5PwzyFqXX/CMZY
lLcrC+gbE2dnYJbSGDChv1mFM3lat9A7qYfebrVgtnvZAJLsF6rXUZa0XU0X7rN6
cN2omrfsUMqQqJfACQKcMVke9MRDvPPfLR4vTbsLwbOFj6OxE6Axsru3Vz1oC03a
0RSozFfRq1ujIHJSTPJwMFnqR0pnvxBrHfYnOOqnXBBiT5rQgJvF56I2dYCPICQ0
nZ2m8Jr4Ne8uL/NFUAIEgJrHzWrC/xdbDmk9/mQYsFLFXVqsjVzbCAHCPjGemwqH
0ks8YgiiPaC8Ij0YOYu8XI7RCTs+pdWQZNntQPmicXP3zTbim9nzHRYXVEDVYS4h
oDW/4UCbjkoSxnf8nP2dx9vhwrktfCDubBnBc7wHCJgloFNCeUnmxKd7T1ou6BF+
NxUc7PVDq26Rv3rMepQ67YbjU94zp6cvlGAEBgXa2c+1q6m4BK09zGpUCfmRpVzz
GY3bzBrjoswbOY1Nl9dlIWcqHD9A9RMCVIkpezwgyCHXvkLMwsWNfBGdDDM6ZJkw
v1f0MW0GMMsQeQ8aTtty1UZrAibv5/uo8GJtKqDAn/D2c4IaLPjkkEO1xPlvaj4y
dm+VEp5/PaidiKfSyLiBO3xw7OVH6/V8OlRCD5cd2C5zEVwWNzYC0ipjUhP4NaWV
QKx37Zn32bR3NUqyV2tyAFGwksFMi7+xjXBd7l4NMGgExP744j7cWwlihetUaTOG
QwVq1AFK7q2QVefSZ1bpEPyZAz5fLuwuZ1QgONbJhQyBLCkgobgrTVUYPGpRIbHh
xMTfD6NtwWLA9ZGyzdNgbId2QJmaXwBZTwNNRClnBcCJkBj1MYgOGT7xtozAqlW/
3SqfTTjNwFwXdEee+tgg2aL/BvJPnAzQzxptuSKhM0sLvi70ripJ5ODwSIiYRS6r
me4vE85xUBbOXZ6EPo4YB0GoJsGG9kvDp1tUYhcPmHyFkEDgGjxCDPzIWAyPtNLi
3L3x6jDRkJ/AqPqC4laOaA6t/qbumExEGkcSAPS2BdJ1Fduk5ae1nkUZ4obvGZfB
zxraCTXp0SOZ2IdDVgzgLK0aEZa1VEiHyw8ikekAxoNcRqZNtpugCushSbdHFW6g
OpaKf9fNWM2MdoyDDuUFqR+tFhvdgAqCpnhXG/AArLUw85OQoY920VnRFNqeBxBx
osxBQWkhj2Msw7DgU1XhIXD5djfY5UQhpov/uxLMf4ti13LGC+xdjiX6Mh1ZeMNa
gneEzmb3YCROwldNCr3spnULVqQIqubaSp4DO4WPN7GiWr04gwncQOPy/HEu3t1V
+EzO6TIG3BB3EMU6dIolL7tq69pTQeOTQm3Gf7itpp7MSIjpAc9y4kmtXbD2r0qJ
A5As6tiIchm8qHnP0iyCTv2TA+zkXMU/YDPj8KJJ2PWRoz9KTn2Cn8OMDcINnZle
LMNOs3THxzRMvGsv2E5Z0+0SWZtz23SJQp+aaKdXbE84z6rLNnaRSwHdkwFQtLs8
7P4kLJzaF1YxaC66+/Z6LR0WUg9wrx2lptK+0o3gvSFSkK/mFW1rIt2z67ebaHww
KOk9XfI2683nxXFyCEBMBzuNVDs3aAb7biO61wkMD/1RqqxApZ8x+WSfXu1PZ0Z2
ehc560tuM6c+ZZRwNUBCy02cALsEOVcQGbkQgiOwY0ubHqGBLyYLWyQTuX/TLmbe
OXvWNbwuQbAXxRcDL92OAqgj4qBjRqT2J7DQlZnkw0jyxjde1hfd0er+X/X5s4M/
PGapcQWQp3xacBld4K5STV6XLynqFgxe+cI+Gfye683wNWZtPRkonoFv9VnOKa08
Q9K0E9Tv0WzDXH1B5nwFMW41d0j6JiwI22M/dSUwpLcbHml6XhfUgLg9rPYPElRa
7tRxq/6MfSwOdy435zsxkUx6eB2Yt9rEcFWEmZjNTBIZ8Efa77cquLJzFv/oFfCB
jHpTrVr5a2uDiv0migp7upYC65rmMlAhcAJioFfb575g2P6t+q+fMeLOX3sH6wVo
fsTXpKwhFiWYp+MGUh83pqvYqngfNBDd55ITQveLl54h6EVuFuGuiC0oGCO19EHS
jHrzf76ruy2EnojmXq1jXsGMUXHXLsxvo8XZM7Qr0bXEj5gt1bWUaaV7hIkCMTis
pNVz5ZzsklqxF00+cTcPlrh9X7RLjMHkDgWR6k+mbOLexwmXUlKrlr2oGVFrArEW
ACcAa3z40TIw3oAdRPmvY0THlInKc70fVaJW7SQU9qXXGH6iPSfjTVj8xjuPkyY8
VobraL10ekLXrHOEx3o2ylYfLhS8sNuyE015lKuXbfucUFU7aELaa0FYQv1k75ma
0Cb7+pJvZDXoGaGdjovnJktD140GqutOqBlf1Q7VAabgbI71vzJbIzmlVKJfW7ii
L++lwuHQG2IYUsxTG9P2LM5LqIvD8uQyH4duCSKEY27JD3nR6fkayv7+EG68N2TF
OdCtm3GEa1+HYCQGww2K7TROeY9B1GepsI0MraAUEwcJcmOJoRv117j1FNolgyxo
Zr7EIAH84gKLPgK7j5WBGVVpAIGtztiD4j/7MYnNa4aOAqmtyLnMtnp+IQflkJXP
71SBoL2nqMq52JEIuMW2Xfw075FcrFhTh/82U7jlojFsCsaiRvB0CWlt6d906nFM
e8dTmK7rApCgdj2CTQjA8KlQw53qo82XyZeI8X+UZdk1pQzWIOrz0IR9XC7oWtv4
/D0VtBpwp2m3Tswh+iX3Z/wUBiq+OcA2zCf2AEUNOQlb4gUPl/+WmdYt0OyhrA1T
jvHV12pvycM59MEQfqzaffqPKOeQ0N7NSrq3Q4T4p8UkO1tAaA+K9GDOYthBQrKZ
IyqN+t2nuaCOnQB0yZdPAzsKUQtDZlUVnE+1C7PM7hG63oKz/5QXoVAWB5jrXZ+f
bhO9XP/wf3KD4ANaACVcGteJsECi8a9zCQU4Hwm184bc61jLXAAUAI2/RqF2FYR0
ywq7PTI3LNH47WCimxjaCdULyBIBYhOgTQdeQ55W2lqTLUsNSwoOog6C0Ng/FfRY
DgJb62ff1G8NrQCIldGgJKi3SGafe+4+2dheCyIS1TO+3OBbkj2wQxgvzht9Fmae
MZdf2vJg9i35pieoEIQ5QHBONR4W4yoZuBv8GtnAuKYcPHAnSzJGla+omMCbaCcu
gupCvuY9P+mR7ML8/vH9VaTW7u6M95PEcj9QiiRVZdVDUmBGipWr4oxMkfK+sCdv
TqEmJ4HgzlOj5Z8HQrL8XZ/HwG356bs8e2tZF68IBFWDEFcZP4BZ3qV22kbo1fyO
8E6hQqsnfJMXCymYkQIwEWOdj5mkAYErfjieuVJ2HgKWCUv/KKsbE7DkT9hHkjDy
Hii8rmuAkWik6QA+lQnpK8x+oLYiiIcBYpEUYCBlryWAbYO2WBNj4YWl+do+AGgU
whJj/yPGISuNTUHl0Gd3AbFplsgjlHKua8+7XLy5UDrRHXoQBzBujN70nbmRYXPs
vOWNOSNnkLSxNDwsOlT0X6BmYv6qDg0u/hq0s1Bmn2aKW5JBr17MQqfPZ8pKDhNl
ZBrILg6Fu2ThJyQUjWLVdmsNEaLzlGi8A4om0Vww8qhkPN4ar+B5tbJwakdYne03
l0WDrZI+w7cNLMUB5u+BqtHm8UNsQF6mY1YLnGCmr8l4hv86yB91RwPcJUK5ua+w
+JjE2DWb/zG/feWM9rgIyGz5TSmfzfyeWUFw4FV70n8EsKzTPGZpBxVK8Qp/S3uK
NhSXczrlgmeHdF3lip1QaX61GV1s/IkoepnPLxzHA1oXQY8FUgT8Ib5+lGKFNbZ8
bam2Fd1Lrm2Y7m9qd0oAjM5QII5vMpraulzDfxAZugVh2G0DC6cqBxdqtuzUswUj
gzb6y3WZRCr9MZpsRTpe43HHm5t0U6JEpqxxjFwK3hDRCRSckRdqt6I3MnA0EnyX
l1ByNr2o6cCaw2yK/sVz9GOuxBMFdyy4599ES1uKYFvSMA/8nJr0IXNa13mLz+am
cvYemKIitkg/7aa/cVGKHWravWxN/kTdhb7cJ9Fu05TZYXZvIKFNt6qaUzyE9XwK
WFwx1Alk4s0CjFdAu17vRR4wW8V1caD1GR8DZdAjFw7gu2+x+J2XW02Z6z7ulv0T
Nf3byz3gU7pdXCvpF1Dkck8LpxpGMuPycwkwebrGedJ7HwwITBItheixm32+tXLo
07TBiVKT2+NjswiToqMiLaymqDjmj4EGYFWpRwXQMkZm8qVAW5Y7jGogTIbD5a5u
uvdJQzGupuFcVphJUO5XUu1nuWc/qN4lym+UJsd0qZuqU2QhfirT6lYSQg/ELX82
d9ekPyX5qS73C3qb1zgagY8FssaWdW60mmUsCmetOg8osqWFyVRb4KQxTbVT2U+9
8kX08I3w/0Pjclz75I8kpbS/JSGMsUKCHvGDToF1nbBKUSA2ZkxPx5gujoXGxRl8
UIefG+ACT2MdBBWjsFMZF/b/SPieVb7dnVOP6bdQYt3bn3OKxA4GGPvWmZhOUk3A
8UV240yhvdgUFSCvfWjD+N/4JmHjOvx5Jniw2qi2sxkIA8Q6s872ktESgGG7eWh7
+okS+UHITreV7auJBHgMGSNue79Wa7fJiVZXeVdVQJjAJXyFsT1ID6alM++9yOM4
kO8o5juEMt6Gy210OJe5oupYuFj7zCmN9lnWQgSIqNlr4igslW99S22KXZN9OWpM
M1+J7aG1b0BKSXA1KIFYMY+iCc0pUHBDeTIIUR7wQ8bDQdjwa97/iw0LEJT7yuuO
1G0tAbZOBlRrJmoae+2Uz2bcilZGHTqVp+WhjNxXtBoCIxGCsP5YA4OIEfdgf9qq
RKfQBVt6gBEg2PsR1SLCiJrETK41FHWvLHa+sxIVRbbkjQGvBiFY5PTF7m54DtOC
3RIw0yso7Kx66fP9kBGIQUKM5MQmedw6/xju3f6IZdHFAmThBI/s7bZgUqIqYHXN
Q56Rmu1qifF3H6IfGWVyQKvfEhKzW0W+mrrl1i2DxYQL5PZcqaTfJMNRvS2OMwYh
SfUJ92V9bGw+NyJtAfoHpyO1DAXv9tGU6od1QsECCTY48Avs3F//cjuWnxgu1+Zl
7PSnlVTpa+EbMWO5NHAnQkrPvaungyDsFja/bF+0iSSvGGSRarzXglH/TUbR7O8y
NrK6GGwJXnV80lVelBXEbClpks0VbMCxtOY/VhCOq5iGtD2Ulwmz3OA/uXTcIoBq
UmCEX21E+DeAV1cGLX4881Wx/W96qNEvYMBKANd+k7MYJQeKcVOBA7i0T9WYQ6Gg
MEiQiFp9Fqep405VwLnvU+j1JCX79gKOr0IqXMu1LoVn0LvZusZhluUZg+LdcZm1
Vs89SAuTz4EdRu7K/hxugECIPzizw3DGn5xnuMSdkGNoLHLtTZlefXqiG+0Ru066
DA4cIoKYOCELWFnCIjXIuVc9PuiOljCmMPlNzTK34bzJFx10qa6fwqn8dpqYyDaQ
viHoR9fcmuVWtHzinc0oW2DrCkzbENviMZaxCdQwGCfo4vVNPRLwrnk92OtcWrh8
WBcWstpRe5y7V20GnCnfPARPAFxHkoU6SgyDds16t0aBlPoNf6/KLJ5e7fovnWuL
vdqBzPlMECtWuEJaqr4B4zqrb1txNCNhR1f4laQxT1yPp2sP0CStOSI1y+9zCSwF
41yIz70JLeT+0x4DmcVMkkdu0iwuVBzhx0cjjfcanELiT+f+ET9Gfac8MaEjTi9f
IGmyra4O8a7ZnEcJgqY+H+uNW9AGneSqVQyuFnV2C18at6JfCckHVbIsMOAkRTwo
a+l1odcyhIjnFQRaWf4y5Z+T3mWwQ6j6Gkbr6Qkqxq7L8AGEcXhjaLLHpUlrDzlA
5vuMSkorZhgxV1OvicWzcqqNqffXE5ojF8GDhoYEAN4JHONI7uB2EMkON+XTp3OZ
uYCDqzWj/3dEuaYpq1m9HBLp9TawR2gMRADCPNZVplcmjWbcQNRlZ7JqeGZKyyl6
cYvcyKsR+g00/sQ/z/t8rzgP5O+n8GtqYKQoS6RMlNXTu5qrE4wmOr2nIWM9q2bh
2H5WIUUEd0fExbIVYKIIuhWb7N7VAMwm5K4+fIfIVVCQJegNmvS/FUe4MbVxV6yQ
XOEyaijhmv3amKe98fWQIqtIke71zvhCNbbsVOmRnBZfMdP9jkg/vNPuGRXDOL47
liRD1XX0jp83F/UDsyiGHyy9HRortlhJFn0UOhdDaEszsTpxJjw80bRc5X8gmuiT
QW8DtD5P5IjBDuctN9wC+BLOEuoLT72eyUxrtoqLjm45QpBqDA8c33I+5A4hwZs4
BnEigRXIv/I2gfyagiRyAQlZTJrkB+T+DVsmxdfAqZxf5pGfYLE45Bid+vjB0DF4
BSPUw8ILhQjw+LmtgtMia4i0IZgYHGGRU1EoLXF2jLadBqU+FRA8f0f3CCnCHsAm
xQ64u1taZ/jen8ESHvxl9c0NDmGczJINqX4zWNX+loRENaU1fISuRGQ5jF1+SWmC
81ixgMcuCIvGcuTnZHvwkSmcSpis9paO6pBZv7RieLBqlAcH58Mqur9P7zXTdNnO
mNmk7k/ucs94XpGQiXImMric05OgVg/3kxthe/D3F+fHz4LZPLtqdIhkJdCnNp/e
UbFF9A+6bvCyvMzEXZiOaI8fY8BekHIrr9QJ4meKPb2IpYFTlo9/EBGHoQs/VvA3
3RQSFHsIYe7r2+h6JDgTwtB0zG8B63mNY6rxgWR3q5k=

B.3.24. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10425 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6704 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2273 bytes
   ├┬╴multipart/alternative 1449 bytes
   │├─╴text/plain 493 bytes
   │└─╴text/html 645 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <acced3c9-111b-5a4f-bd80-34558da32b4d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500

MIIeDAYJKoZIhvcNAQcDoIId/TCCHfkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIz93W2Y+UAs5hfJv0FVshsVqpt+3nDEwVwW
1CbA0ElWkeDUJEA3temKIObvlca8GuinuFRfBNobC6Qh74dtjjDjD2Vy3mi+VJ13
ERB/OM1wdrMRtdJrwTwV7zPC0rfHhpenbvNQpKsdszIVitiiHeG7dG2oRrJ6Jyfq
ceU313EXthbLhXNRBA17tWRd4DtpBH9Wk+3M9v7tGQLOFW5sLczK+Btqgmed+/ns
mQNfl/8T+aA5ttkzwHYYJJ/Fj6GMxWaKWLpGkGtE1V00ED2NpDHLNwciWMG3MgUC
tT2aF5yASW93vBhV3Wg/gdw1p5zTF6RXI7/Z0tSE5PjLpyqYrWkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbcc4GVOP/kh6RDuyhTj+6aj4
Vw/bzLNJYkgln3XsWd53MePIzQQ2m4/w2qMxeOFjCV0j0XA1FpKJH9XfUjeKKC9p
WYYOLCu7zYgXD+9rsxA3EzG3EM0S6x1FI8l273MZ1mUNDFKWhl3e+PYyharTwa0N
aRe+ZdxDT6nJfkE0Rj5AJIzk+mqZkyfJqmWINhNBlQZmUdJIBUJ2Fj2TjWO89fGf
RCyTlW2TeC9L4D4g77ZZopfPLE5mUYzJds+pg4gvdujbdGWcj+L9r5MfoVVjy0hL
AvgZUbgPbyFy9wovvXxgsjLrVG91D2yy0djtLJ30rIvG4QUdoOmGI3FwTWafzzCC
Gt4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJiDLZUQgf3R+buYZMtlK/WAghqw
ghkHRdlK8epExfgdOk0WgxpB5DMVZGINLxdkqNitRYZOEfZCL1+hs9S7JlfRggC6
rGyhDGGxDGKzg4ACTv+WoGH/Ghz47DLQqgop/TbkOwr4aAS9HTfrHWuOAxdID1XS
4C18yoQWJyWYmgEyqMTOq6A5ScnYnYitQoTzVgSm37/vkKZ35Q5PhkTwG5QtbQln
56/oyWYYjB1dnSGtzAR6DLH3COiPS/b6mDJSHWhvqWlu5IjyMPqegZvIuNLA7Q+d
StCCdpDF1pJx8B7knuGIuevf2vfXHYHOOntYmXH9WxV+UFBY3k3GMiCnpCdWszGv
6FnlFOZMbUy2rk7k2zHTwluUdy5HbiQ+VrbBPI03WgGwA9l5B5oDeB8NZ0GdhXqS
FxmjlpNkrDsxNTTv8+vHjLyI1GnstSDixjwvpJkcn8LUf6bfAllPv5ChAKhIEcLF
yJJsav2uwXI7by0noyTd0x6/Bzut35DBhHxuiwfPp8QSE/bgHg+vT0nLZKTIuEkD
66kpORIEciQxSfh7rhSrFYksA4wF64TjQBONWHfl8pFTRpqTLUaI0K9F+ib2abp4
o8gk59yymY57ABKz6ZqE/6bn8cEcsREbpKaHkx1r3568Fy7ErBeldGs3DAn5DHoF
FHCRGtUzpxzRXEd5efHf7NrFnN/qyNVxdzcRqqats71vjjOQRZtUJHKAyPdFF6mU
ePcxW+iGTACvgpkvm2ZnTjID4li5Q57gmnslrywGpIE8BJePAfcH8+ccjyEhPGUD
XS/DPT+w+bs9GV0nZFrKGMpLs7iheaAR9twp7EF47wPgSNVFlZWq2fdkUcBxrwj8
cpbEI01eNwurQZGKz99aoaoMdYs6TUAxtI3/P9+Gu4M6DHjsnPeRrv/A4K79VNVp
z4NdM/vy+fBpS0Ef3kIdFc7gv7CkqFr05FR2i7MP69MDsUvwulbl0jmeY37lEVhd
NWHL6gBbuAgP05qjk0fk7ZsS6pHK1wocgRpeJtC9PPc/GtrB/hXCfgBLSL/xVCwu
z9MSrgRsSHDIf8H5lfJKGkT/5DmghLE9U8lQPTTZe6pLF0i9k0mgxVS1aWXogvxi
fM7yz7bHYLgeQR774mTP85h/ei3brsA92JJRCe162EBXExD8nBpUPDVXlvid6i5G
dwKDJDwfTB1Gixfp4SRoU+QzclKyuKuJ40YoN0OPsOPmRHeL6r+A9QbCxz/+gv4c
cgmzX17pczTW4MMo/TkhKstD75VySPwEHSdiJ2ETsCbF9/OCyeGzOEIN8csUSFyx
PanRCmvP2E2ER58hnqQOJcTAck5qTl8hs+Vw+C9lBQ0noQfm7e9i1HMKaFEQoPWX
JwHRkmPaz0FiEQTjhI7nZTWfpxa2sslnkERQ91SgsT1cYJOxQ3GeXWlPp5t7yfbQ
UZyYkbHvqC4MczW5rmSdPqxJiFkZF2uX8+OwOdF8DIwT8AKAp4MS+/Lg2iuYeq/Q
YVOMdXSaQkBxSaLiBIXYEypSNPIfc6+24NgxTMzEpyJwlCNb5iV4Va8erDaYhr80
frClSk+xKC3nGNw8cnz5D1LFLz6px28dB7C7dSvYNU2YAR3xtDphOP2zZVydudI+
Wa7FGFpWJHHfGPAtnBNebwcr5hffICVV2ATiNwHJG6I8IlW6b2UZo8V0v7sDj4EW
9pcuh96H27VG54UoM9xZcdkMq8q1mH02nD602xc9MIacOGoLV/pQP56MvfYfr1Zf
ysOUBaJW9BOlWsVEOyP4IkEovtlKaTvA2v+HMQlk2ok1EA2cYk8tcpnJg/fHmm3K
LmTxldf0/2bfyBWlNYkcIsCxOjAoB7uoisPMNPCLRwniXfZgrspDt3yE4vzbXYMQ
49I/BYdxdDJH1lfrDGqMyZ9OYS6aWoFQuSY1p3mI9IcrJu154SxeaALNaDnEX1h7
wfBejR4aGfD9AjuoVXyVdLI39difUDggMITPbbqO4eFeZph6D9sdTyG5Li2k+WxL
FQ+iVwj6/teLAiLyPgks13kbEP6CLIcMQ8wpleF888YG4BVC4HlBjgzVTwj58Whe
E9zJSxPhewf2p8a4PPs/75+3GNriNDjwZM1jtERMn1t96UfO2DCkiC5RYs2J7s9t
Cdguovv4PsN1pi0bD96Toe6yLDDeBa7Y50FRBpN/YW83HS7HInPCiFjFOzxc//JR
rvtYVjXzHvWWl8mdua+0k4lE8WVCkk/pn6cA1g/+HnkNh7UTB+QYdFHVr4HSI9HB
DPZ0H1zvGKG7jpx8AqgxLDItBq7JI7Kyo86fPQ7Gl5vjSZD53prvZz0tToR3j0dq
uZ/oH4IWqW4GiwsK4fUweHfOB5qDqaQTdm4jz2Dv4JJNS+C0QJxh2Nb0sZXV42NR
ITZIST8tS3MdUnxgH6KXV+AnvFWh0Tn51Dq1JVbWGRTGjw6qjnFNomU557ygDmMr
CEYBxPcj37jYbd0D7mCHD6L6ztrDXxWsJms0X2oILzTJFIfVc8+5gPbzYgbn4CxD
ZffnrHA89rZiKcWn8fhqHPjeeADP65ywVfTqGltw5VVt78+aBKCkXOLPZGzQ7R26
zxUVtxIG51AK70JNN6EqWTtk+IMd/EIUjIVZN9TbQBXaTUaert5x5dziA0lf9eVG
LmC3mkW9uQCzBxtwacxYUdw/VaV5VsbktA61md+7B/FKvzmIq4F6sKSTiYuEFfOO
paFQf6FaftiIgqigpDu7ogNeR4YLl4ZQwZj+xTeYO1Kx4OxPxCAfMZz+sVoXGCnG
qCvuppWQ1X+rZItB3YErkf2nf1k6J/XrSjVfr3mcmvw2QBsAmxK4Na4hLlo3mRT0
JgbmKXqNlTfZT2qWhjDQNmC7mo9hKUOmnm4Dy1RNElQ1XMG//0G3oqKjFX21Gizy
wv07CYHuTuBBsyyXXj1ZARsGuzGbOkX5EaBri42M+VVGTqG8g5uPbfY/8i+/BuDs
08u1YlPBrvyzJOE7YbHOBdsJOGi546DSO57Bexrmfgs+yoPEpfmlDqAgppm00++Z
agWFbj5JtLRMvO0vFYMBgQU1FkZLmcvNA2tAVNUwC5xbFcEXxg7/4xQGXTA/B2/A
Oo/2kDsq3o9Gwfx+OmYE8Sb6rEyIiVBymM5AzlEpF0lVFMGLzmRN85cwldtBnKGF
b/vP7caw7LBoJCHUSasGmY2Mg2k+jmfybs573h3x9XAtGfbAN9YAR9qtRmkj8Wvr
4VpOSKGSV5zyfxWwdgNEShhH0HKFnj5hHKgcjgOmUWSEMX7+qDiF83uZ22xpyZnt
Wckbw7AcxznIPON7HJMKasZ2Oy+nlWgQw//n1prdnlFv1YSuj5HUp0wp9D544s2t
I/b9D/TAVEbBK8+m4mCf0PvqG1zuxrjt4A1pAwG9zVtNebdYw1YvxTwVVxdem7Bi
qzXc2YsmHLEkCkRsyqOgjr3k4IN3vMWICv7YQBX58NzvqeIA35hlCUc/wM4lbH5O
EaCuWzAIiKNeGJ9tTvcPb0WAM0crq+G3CQwZyCxPQkCmKZWNyweO6yxpMzfh80aq
DBJIsYKOhyL+YZLu4i196BZY3wZ4Jh4rrHHA07NpsoS5ZLTh9+5OE6WkLR4sc0Kn
4lfQZdFq7Lh1i2fD5A0l4zin+/1FY6FQ0iiBFBYOYhPB9WMbaO/T6HRsKfHS/2xU
G9cS2xdrLP1MNXv72PEY5EDMegsd0owKk6HpwmfNNU8iOg0AougZ1hmm+R5OBEu7
nJlccBRPusfZ4U2pG5MBwuo9ZQ/CetLMPtm/glixKoq+esl/ENTXoT7amGSA5nAN
ivxH/kKsGHNe2oh9QVaXeYtVwEknn/fPYcuOu1RljqfnqqLS5pdTSSTOByJjImyA
/KbmzyEOgZDXLup3pAC6PXYaV0Y8FNdqs2eAg+jQZZ67foGYQeXbZ07t4W5LH/qB
Zt+78EN01NVBoHHdt1EdAcs57bzviVdbJw7GtjccwJhLEdJTxsDOOrTtI+wGJINp
KjNDBnBRe1KyE7Us/ev5yRQWWqhoi+17Mias6eTXucKMNGz6mS9aNruTMDcQomjN
pdyfeN0mYcYSwU5RcrxSoZRwo88soKJ+vwsC+kQj2CWWl5alOmdZKPQMcFuS5XTi
SdXjZwckT9CcwoB4ElKxuni2mjLPODKwByYF1DV2fckV4P9oJRSD9400ZiwqI5KG
a3yCtmNGW2AJKVRWuW9uXgNR/ouMGwxKbHhJJzeBJAebZspgxC2OAq4aZDQh3BQt
b9vfySSPFRn6nu3z6qWfvMAmjQfcyrydW+NphJEISLjm58kKM5NAW55bo4Zo7we4
eesbotmSaAVhpdDz+JbubsqGm0QhADLBp8A20Uj42jbgirqJ91AuuQik9ujDUjXy
gPPVSYH//iL6iyP6/hlk+EfCet77i34ZR36mn0rKKdtWzmi0JHnlz7zzLhG8DueZ
pqxYAUqFtkktrLOFjt4863P0U9i/aWM+TcLZXdYhTM+dZLZViUUCACsHkhSs3i4h
9R6weSgV9WMOKn7ZhCAlWnnRuIFuN4+wzZtJlXk1m2T9Zq+1lBB9vQmJXquctdKG
Y1qqNQwGs3y5lcs13FylU6H9iSDz2eXtyr2srHniRNC3XdQ/CQQ7csM60nKvPRSl
agdyDj6ZWe6gdV1vrZuXyQHEoVYPCSXibqYTl6PsUHfwPfK16ZIJfkBT+gUWgfjP
MxsBsRJoW4nA8hJjspaYXWj/+yyA+MELghFfCt1TVTOT7D4p//B8zUpVpFGirxJC
LtuB7P82/o9gn1EgLBeypQc8uU/2L5gljkUr18zxTDnuu8uN5T+Dm7t9KhOzz4Nr
MlamGKrFCZpDlkFQHRuZuCzD003fja+Z/TxbKkHT6tAS8KBpA4hkg6R/XZiSX2aX
dZf+8snt0yRyHvIKLsLuVl/oz7TJm0E6WhBxnAaXQRBYL1Qf0Qw586/TxJMbgMKG
bOOdHUqyyodGrLhdzO+aZIbcceXR8tVF2pHvwEUoi1KjlD+RrzHP2wYqckinh2ie
sKzou6qmtfojHrZxv/hooe5UxuRQB5LoBY5tEPklx5CI/8MFtZg3Eb+uU3q+/TJG
2KAUnkqJsyNiLoggMcKasWkbbLm3g7nyq3eewRSdGinxwicCXqiC9zX9A1Fp4jHN
rLv0QtM0tbKjJbk/ttHqAafC4/+CQ0YnWeNxqzTrF/JCCnr1v1/grN14ei8wizb2
Uby05vA5hUgbgWDUPGvr+2tjl18Q2Y+XGzl3b76ype0TPFk9g3d2SlNUIcakiup2
e0PhHCXsVPIjxih+XiYUIeh0oxyWKAKnsZPhausQZ7R1ArI2GBdRGFJBQO4rhIlC
2Bn1NUXf7IwH4Siza4mJvt+psd84SluVVBD1JYvFKJxrCQacY8OWNPZXqhy0aY0u
IWnCDYHWuLOK17RUfDaAHaiNwZ3LpppCxjtRl9s1P4ujl7b1LPk030nu9k6qjlO9
YYBSPq6wSqYvJ2vWYdebU0rLHm0R0MqZHKSscZfB+gypWgXi4dIKy5lS+DWKQQmr
lS+pxCx/Gab/yNjGIAMklWHr1EB+8xc3Tt1BeCBj4YdJgxdFzvOg9jnDr9JlCLGu
K9OkCAuzAqltaX6ot2KCWkzKNimmnd4i9p6pADukioRRBmftZf+cjk4LXoPGNPvp
cX1OaXejZ1t+9SII2eoQQhDZzyromghHXKdi9Oq1WV4kDAZG8cNVWTiLs462AHum
zSuI4Vk1WN1v1F7w1a1SX9/I5hL5pq2ldmyUCcANp7TWLr5lACPc11PEk5JdmAHa
nrMW7wGgf6Tr8i8LX0s8jGljaRdDVHmIfKPbhitfBuYcM+S3NN3uin1ZnyKhE8RU
KfiW4ZoQCExOhcO1Yjiqq7VUB9g4kEKVt7y3LkuP3d3VkGndYDEwrCtyUOoXymx9
hpR/33z96eYICVKPxYEsCGAv802RcvviU48ZfDvkxDv0AdJLGU0BXANZKuJs0SAS
3cm/vIMqBgjGZ18Je+d5yEXUqrv1IiWFJtA6rdYdbvg6zTUIdpTriWV6e6KjgvMh
xCe2RPJn+vyEtmwwLMhs8pL1zqMAIS/cTxrQ73wyOgpI+i1kqUgfvfsJqrrHoQKt
agXmgsbOb6a2XTLqmymLmkcJyWpwwuRZGBMwFPYtIpwzcxISrn/AR7m4fXoHzl3E
UFCwKWYXV7PvcNgGlzdlqBesPNM0tiRAhNclp+Vsl8WLYaJfGCfDcclWoH6ApgmM
HFaDEB51+UTNr1+lgemzs7E6Bq4vYFwIWQhCrSsv7UmQv554YOzqsqib+mGYa706
w6NZxLI3KniU4GZoTHT0Z+3HnhBJr9zMV0LQ88XAmqbJFiEGV2OBn62qu9SECOI9
UGYObQt1ZbsMAdI3GXbPIRlj4nyQgxxaDrzw2RSkr0t7lPe7GrjuWJPp0Chz4jqX
FaAjxn3rWhqlDaSKe0kCsIh5bJ5dzfAfuTPYqNID3chp3SKn3PbfeIS8qf98NDT9
sWFrAeQtwefreuKymaYDZo319W4KRzpS8eYJfJ5Li2bPn6j67i5kTwCm6C4qzWNB
xncykXYsTZyc2+3Jy/0GKuG3twqA+lNehq9cq7vAbKNKM+GvZ2LP2rcK49oVsMJc
Tp+iIZIoqC+2Ak8ZlEoV56oCzkVSFzJMmcN5PRUIeG4i69CdPTN1l4p/OxhuM1e6
EaIoR4Vr2CdnFQS2ftv8Mukp1+aT8YT+6RiVeJWr4/G30fby7uuQUqS/Hr7eSAC8
NxuVQooLc1y8dXtkpIrRMzojukX/1x2MALkq8w5V5v/Qw/Nz2PYa3UOAZ+p65ikY
O/T7PHpfTjNt1D7m/3WQvrmHa85P9Z9ehvmT/H27WrEwN/eomv+Ozk5+1XuPlZmX
PjnOBFIdbS0fFSu3zUJit0/uMx3vzDWVVqkh5L2xBcknrNt4yBz8Jt/FRgSmEebU
caMYI3iMLz4nxjNYtwf/BOJF+4smrptS5LGm10IQdnxEgda8gfmRyJGFUYGzFj/o
lctglZ7myHIAb5SaCEt2J1Vn/D+tEyv4p5aRnEuFN4rHfVeozrunN27voartSRCv
fxA4GSH+kzSRhpEH1UUy7kWuHJaLAKZQDdGtTEv3yqhKJZOu6FQAFJMjrwacUYgq
mErRvluDNllB4CCPpzaC7FHM7jIY+5pqYXU5wW2WIc9bhCuzbWPmGu/JIFpS1PWj
xSV89+maQe4Q2bmTuSXMPof1DXRgB0dB+kzKlIyyv42NF9K2c5IS6Mqf3rRmpUL+
7mFV5iBibV+ZYLQHKGN1ev2OQuYlTc0Zgal5xP4fNn61C0W+T1nl7K2jjRKDWDrX
LvDexplV8no/dsm1FXub+eGlC+MKxj+v12Rb1k9W2pj8ui5X54CVfxT2Ol8jtgcr
l9GTMH+9CyWpN/1qnrS2LV9MFnjv1mVJ9QBcHESFVIi3SK6M9KbW4iqoPzsed3Pv
HbJ76KwLj0bcSLnLdXoqp5XQUUh50ULEZN2IYhx4FNKZABcf9Uyr3o/h7EqAejUi
MR7qBOmjegXuji3X0lnIZSK6ds5LfXyb9hTa/O7CIO86BQpk+xZpWKU2oxRbAR66
f79naAQwchYFDbIzc8XqFMT6TQHuk61DsWhQtyRpLkbuONYMqSuWp3i4DcoMhsNt
SEHxUWf3qxkDO/cjGJ1QRP721TP9UFgRjh9gRpjL15yNSfPeNfUQfvAGs87K5xP+
WPTEJRFIdTfzf5SHM4DA8+2eJSsm7ii8iq/bEubxwMc6mO9YfauvuOwyXuEw5En9
kNszDnBgefWRanDIkwGQHZOjs77wm1i15Bf8ik8wpluWI4qtkeNmnHLmbCAkvv7w
PXZc2hecs0rN0Ly0xsQtxBvD5psc/V3nm9N9DteCIOBJZNQeTGpY5cukWrN378Aq
tOx0KItEZVVFklYVSdmiJsxaB/VF+8NvhjC4qtUNqRm2UIvFbGQnb272FL5tN6ow
Bpg/wd9+26GPhZ9Xf1+pgGHMpQBOUqY+jVjJGsCm8CkSJ9btOVdak7JYzGHACWvK
KtTve7W+HErYj2fiZbgXbpGitaa0lVr7tqpsO6bYqxFayDNLTlUwrU+i0CFLPwgD
JJp7LrUkUbYNPWR4UDX5eoIMvLo3SMJkW3FYi8cp3mx7NYzFXbs4aq2CCZnOWFTl
ZrY9cc5RTxaP8MGMsVS3EqxK2GmEs3oC/Ww9BBG9bQ2enxeBqseA2Tx6RkhgLDzS
WegxW26LVLmtkk0e0sEc42vMXt96kTMrOKpq/sThDpif1XaMTOGiOasI/ArISJwi
Z8B2W/io964PpAcDc6Qo5AKqAhjMxFQy3bVsAdCotMDXSYYOkHDJ8yKdssNumKOv
9i2iNAgzcGUx085i0jerD3FiYmCw77X0gTeJ5S3EKcm8NN+X8WuwgsHTjIwWSkeG
GhoYUB6PZY/NS7hKl2pV+ob+S5cDKI8I60buh1quEc2K5NpMrfIux6h+Rmd2AYb9
WyBRA6uNeb8JZQkQdPzNnS9RGXPY19mPU617gmv0mNT5xuVbAYbwu64AOVL6au5U
V6VauvPlDPeSQSDHCbtFfSd82zp8IRTQgo34EjzYQQhrX31KW4fkSkOIIY5xvM/9
xVAW+8Svg+eYWb5ue7VHS/+n/PTdEi4kB6UPJ5gStfe7l6YeC+caOejkoCzvneBV
MdAoR04DsRgdmIFNn/vS0k2RbEnVLusz3ZkaOT2ZF3SztXqSa764+OjXhFZQc8K7
l4hFxmXaBgNmWT5vDQNEb86hBx3zkkhTlPZJLdJJgEJ0FiUJYThos+xCMPHtsHMz
v7qaTE0YyukXFCKvxbByalL6CjduTJjZQXcxbIJBh67l0ZRjAN1rkU/WJTYlREo9
2juia+Gg56gsjt/qM0VJjR+pYktjfvcFdUWYwZu+WTLdhEVm1sgjKdaHuastGnBE
wEzTYffcbXAG/4pc8A5msfCJexqNBr4QNWLmhN2kpZCIOAJRfzci9hKd/xsI8AXa
CY+q3wTzJDEzcGrG1Vh6PRKFtnuuk7MEjAHmz0Po/Suh7PPjCUABihvcac5rnDRA
kdqDZ+jCgU/KgsmEzQdxxR8M/iAmvDrYFMKlDlC6zPw5JxYbSMh/tdrPjBdbpjQY
pQf5xCsbK0kMJsf6ZAvrjg==

Appendix C. Additional information

C.1. Stored Variants of Messages with Bcc

Messages containing at least one recipient address in the Bcc header field may appear in up to three different variants:

  1. The Message for the recipient addresses listed in To or Cc header fields, which must not include the Bcc header field neither for signature calculation nor for encryption.

  2. The Message(s) sent to the recipient addresses in the Bcc header field, which depends on the implementation:

    a) One Message for each recipient in the Bcc header field separately, with a Bcc header field containing only the address of the recipient it is sent to.

    b) The same Message for each recipient in the Bcc header field with a Bcc header field containing an indication such as "Undisclosed recipients", but no addresses.

    c) The same Message for each recipient in the Bcc header field which does not include a Bcc header field (this Message is identical to 1. / cf. above).

  3. The Message stored in the 'Sent'-Folder of the sender, which usually contains the Bcc unchanged from the original Message, i.e., with all recipient addresses.

The most privacy preserving method of the alternatives (2a, 2b, and 2c) is to standardize 2a, as in the other cases (2b and 2c), information about hidden recipients is revealed via keys. In any case, the Message has to be cloned and adjusted depending on the recipient.

Appendix D. Text Moved from Above

Note: Per an explicit request by the chair of the LAMPS WG to only present one option for the specification, the following text has been stripped from the main body of the draft. It is preserved in an Appendix for the time being and may be moved back to the main body or deleted, depending on the decision of the LAMPS WG.

D.1. MIME Format

Currently there are two options in discussion:

  1. The option according to the current S/MIME specification (cf. [RFC8551])
  2. An alternative option that is based on the former "memory hole" approach (cf. "Injected Headers" in this document)

D.1.1. S/MIME Specification

Note: This is currently described in the main part of this document.

D.1.1.1. Alternative Option Autocrypt "Protected Headers" (Ex-"Memory Hole")

An alternative option (based on the former autocrypt "Memory Hole" approach) to be considered, is described here as "Injected Headers".

Unlike the option described in Appendix D.1.1, this option does not use a "message/RFC822" wrapper to unambiguously delimit the Inner Message.

Before choosing this option, the following two issues must be assessed to ensure no interoperability issues result from it:

  1. How current MIME parser implementations treat non-MIME Header Fields, which are not part of the outermost MIME entity and not part of a Message wrapped into a MIME entity of media type "message/rfc822", and how such Messages are rendered to the user.

    This draft provides some examples for testing this.

  2. MIME-conformance, i.e. whether or not this option is (fully) MIME-conformant [RFC2045] ff., in particular also Section 5.1. of [RFC2046] on "Multipart Media Type). In the following an excerpt of paragraphs that may be relevant in this context: 
      The only header fields that have defined meaning for body parts
      are those the names of which begin with "Content-".  All other
      header fields may be ignored in body parts.  Although they
      should generally be retained if at all possible, they may be
      discarded by gateways if necessary.  Such other fields are
      permitted to appear in body parts but must not be depended on.
      "X-" fields may be created for experimental or private
      purposes, with the recognition that the information they
      contain may be lost at some gateways.

      NOTE:  The distinction between an RFC 822 Message and a body
      part is subtle, but important.  A gateway between Internet and
      X.400 mail, for example, must be able to tell the difference
      between a body part that contains an image and a body part
      that contains an encapsulated Message, the body of which is a
      JPEG image.  In order to represent the latter, the body part
      must have "Content-Type: message/rfc822", and its body (after
      the blank line) must be the encapsulated Message, with its own
      "Content-Type: image/jpeg" header field.  The use of similar
      syntax facilitates the conversion of Messages to body parts,
      and vice versa, but the distinction between the two must be
      understood by implementors.  (For the special case in which
      parts actually are Messages, a "digest" subtype is also
      defined.)

The MIME structure of an Email Message looks as follows:

  <Outer Message Header Section (unprotected)>

  <Outer Message Body (protected)>

    <Inner Message Header Section>

    <Inner Message Body>

The following example demonstrates how an Original Message might be protected, i.e., the Original Message is contained as Inner Message in the Protected Body of an Outer Message. It illustrates the first Body part (of the Outer Message) as a "multipart/signed" (application/pkcs7-signature) media type:

Lines are prepended as follows:

  • "O: " Outer Message Header Section
  • "I: " Message Header Section 
  O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  O: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  O: Subject: Meeting at my place
  O: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  O: MIME-Version: 1.0
  O: Content-Type: multipart/signed; charset=us-ascii; micalg=sha1;
  O:  protocol="application/pkcs7-signature";
  O:  boundary=boundary-AM

     This is a multipart message in MIME format.
     --boundary-AM
  I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  I: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  I: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  I: MIME-Version: 1.0
  I: MMHS-Primary-Precedence: 3
  I: Subject: Meeting at my place
  I: To: somebody@example.net
  I: X-Mailer: Isode Harrier Web Server
  I: Content-Type: text/plain; charset=us-ascii

     This is an important message that I don't want to be modified.

     --boundary-AM
     Content-Transfer-Encoding: base64
     Content-Type: application/pkcs7-signature

     [[base-64 encoded signature]]

     --boundary-AM--

The Outer Message Header Section is unprotected, while the remainder (Outer Message Body) is protected. The Outer Message Body consists of the Inner Message (Header Section and Body).

The Inner Message Header Section is the same as (or a subset of) the Original Message Header Section.

The Inner Message Body is the same as the Original Message Body.

The Original Message itself may contain any MIME structure.

D.1.2. Sending Side

To ease explanation, the following describes the case where an Original (message/rfc822) Message to be protected is present. If this is not the case, Original Message means the (virtual) Message that would be constructed for sending it as unprotected email.

D.1.2.1. Inner Message Header Fields

It is RECOMMENDED that the Inner Message contains all Header Fields of the Original Message with the exception of the following Header Field, which MUST NOT be included within the Inner Message nor within any other protected part of the Message:

[[ TODO: Bcc handling needs to be further specified (see also Appendix C.1). Certain MUAs cannot properly decrypt Messages with Bcc recipients. ]]

D.1.2.2. Wrapper

The wrapper is a simple MIME Header Section followed by an empty line preceding the Inner Message (inside the Outer Message Body). The media type of the wrapper MUST be "message/RFC822" and MUST contain the Content-Type header field parameter "forwarded=no" as defined in [I-D.melnikov-iana-reg-forwarded]. The wrapper unambiguously delimits the Inner Message from the rest of the Message.

D.1.2.3. Cryptographic Layers / Envelope

[[ TODO: Basically refer to S/MIME standards ]]

D.1.2.4. Sending Side Message Processing

For a protected Message the following steps are applied before a Message is handed over to the Submission Entity:

D.1.2.4.1. Step 1: Decide on Protection Level and Information Disclosure

The implementation which applies protection to a Message must decide:

  • Which Protection Level (signature and/or encryption) shall be applied to the Message? This depends on user request and/or local policy as well as availability of cryptographic keys.
  • Which Header Fields of the Original Message shall be part of the Outer Message Header Section? This typically depends on local policy. By default, the Essential Header Fields are part of the Outer Message Header Section; cf. Appendix D.1.2.5.
  • Which of these Header Fields are to be obfuscated? This depends on local policy and/or specific Privacy requirements of the user. By default only the Subject Header Field is obfuscated; cf. Appendix D.1.2.5.
D.1.2.4.2. Step 2: Compose the Outer Message Header Section

Depending on the decision in Appendix D.1.2.4.1, the implementation shall compose the Outer Message Header Section. (Note that this also includes the necessary MIME Header Section part for the following protection layer.)

Outer Header Fields that are not obfuscated should contain the same values as in the Original Message (except for MIME Header Section part, which depends on the Protection Level selected in Appendix D.1.2.4.1).

D.1.2.4.3. Step 3: Apply Protection to the Original Message

Depending on the Protection Level selected in Appendix D.1.2.4.1, the implementation applies signature and/or encryption to the Original Message, including the wrapper (as per [RFC8551]), and sets the resulting package as the Outer Message Body.

The resulting (Outer) Message is then typically handed over to the Submission Entity.

[[ TODO: Example ]]

D.1.2.5. Outer Message Header Fields
D.1.2.5.1. Encrypted Messages

To maximize Privacy, it is strongly RECOMMENDED to follow the principle of Data Minimization (cf. Section 2.1).

However, the Outer Message Header Section SHOULD contain the Essential Header Fields and, in addition, MUST contain the Header Fields of the MIME Header Section part to describe Cryptographic Layer of the protected MIME subtree as per [RFC8551].

The following Header Fields are defined as the Essential Header Fields:

  • From
  • To (if present in the Original Message)
  • Cc (if present in the Original Message)
  • Bcc (if present in the Original Message, see also Appendix C.1)
  • Date
  • Message-ID
  • Subject

Further processing by the Submission Entity normally depends on part of these Header Fields, e.g. From and Date HFs are required by [RFC5322]. Furthermore, not including certain Header Fields may trigger spam detection to flag the Message, and/or lead to user experience (UX) issues.

For further Data Minimization, the value of the Subject Header Field SHOULD be obfuscated as follows:

* Subject: [...]

and it is RECOMMENDED to replace the Message-ID by a new randomly generated Message-ID.

In addition, the value of other Essential Header Fields MAY be obfuscated.

Non-Essential Header Fields SHOULD be omitted from the Outer Message Header Section where possible. If Non-essential Header Fields are included in the Outer Message Header Section, those MAY be obfuscated too.

Header Fields that are not obfuscated should contain the same values as in the Original Message.

If an implementation obfuscates the From, To, and/or Cc Header Fields, it may need to provide access to the clear text content of these Header Fields to the Submission Entity for processing purposes. This is particularly relevant, if proprietary Submission Entities are used. Obfuscation of Header Fields may adversely impact spam filtering.

(A use case for obfuscation of all Outer Message Header Fields is routing email through the use of onion routing or mix networks, e.g. [pEp.mixnet].)

The MIME Header Section part is the collection of MIME Header Fields describing the following MIME structure as defined in [RFC2045]. A MIME Header Section part typically includes the following Header Fields:

  • Content-Type
  • Content-Transfer-Encoding
  • Content-Disposition

The following example shows the MIME Header Section part of an S/MIME signed Message (using application/pkcs7-mime with SignedData):

   MIME-Version: 1.0
   Content-Type: application/pkcs7-mime; smime-type=signed-data;
      name=smime.p7m
   Content-Transfer-Encoding: base64
   Content-Disposition: attachment; filename=smime.p7m

Depending on the scenario, further Header Fields MAY be exposed in the Outer Message Header Section, which is NOT RECOMMENDED unless justified. Such Header Fields may include e.g.:

  • References
  • Reply-To
  • In-Reply-To
D.1.2.5.2. Unencrypted Messages

The Outer Message Header Section of unencrypted Messages SHOULD contain at least the Essential Header Fields and, in addition, MUST contain the Header Fields of the MIME Header Section part to describe Cryptographic Layer of the protected MIME subtree as per [RFC8551]. It may contain further Header Fields, in particular those also present in the Inner Message Header Section.

Appendix E. Examples

This section offers example cryptographic payloads (the content within the cryptographic envelope) that contain Legacy Display elements.

E.1. Example text/plain Cryptographic Payload with Legacy Display Elements

Here is a simple one-part Cryptographic Payload (headers and body) of a message that includes Legacy Display elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-plain-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A compatible MUA will recognize the hp-legacy-display="1" parameter and render the body of the message as:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

E.2. Example text/html Cryptographic Payload with Legacy Display Elements

Here is a modern one-part Cryptographic Payload (headers and body) of a message that includes Legacy Display elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-html-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Dinner plans</pre>
</div>
<p>
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
</p>
</body>
</html>

A compatible MUA will recognize the hp-legacy-display="1" parameter and mask out the Legacy Display div, rendering the body of the message as a simple paragraph:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

Appendix F. Document Considerations

[[ RFC Editor: This section is to be removed before publication ]]

This draft is built from markdown source, and its development is tracked in a git repository.

While minor editorial suggestions and nit-picks can be made as merge requests, please direct all substantive discussion to the LAMPS mailing list at spasm@ietf.org.

Appendix G. Document Changelog

[[ RFC Editor: This section is to be removed before publication ]]

Appendix H. Open Issues

[[ RFC Editor: This section should be empty and is to be removed before publication. ]]

Authors' Addresses

Daniel Kahn Gillmor
American Civil Liberties Union
125 Broad St.
New York, NY, 10004
United States of America
Bernie Hoeneisen
pEp Foundation
Oberer Graben 4
CH- CH-8400 Winterthur
Switzerland
URI: https://pep.foundation/
Alexey Melnikov
Isode Ltd
14 Castle Mews
Hampton, Middlesex
TW12 2NP
United Kingdom