Internet-Draft Header Protection S/MIME January 2023
Gillmor, et al. Expires 28 July 2023 [Page]
Workgroup:
LAMPS Working Group
Internet-Draft:
draft-ietf-lamps-header-protection-11
Published:
Intended Status:
Standards Track
Expires:
Authors:
D. K. Gillmor
American Civil Liberties Union
B. Hoeneisen
pEp Foundation
A. Melnikov
Isode Ltd

Header Protection for S/MIME

Abstract

S/MIME version 3.1 introduced a mechanism to provide end-to-end cryptographic protection of e-mail message headers. However, few implementations generate messages using this mechanism, and several legacy implementations have revealed rendering or security issues when handling such a message.

This document updates the S/MIME specification to offer a different mechanism that provides the same cryptographic protections but with fewer downsides when handled by legacy clients. Furthermore, it offers more explicit guidance for clients when generating or handling e-mail messages with cryptographic protection of message headers.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://dkg.gitlab.io/lamps-header-protection/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/.

Discussion of this document takes place on the LAMPS Working Group mailing list (mailto:spasm@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at https://www.ietf.org/mailman/listinfo/spasm/.

Source for this draft and an issue tracker can be found at https://gitlab.com/dkg/lamps-header-protection.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 28 July 2023.

Table of Contents

1. Introduction

Privacy and security issues regarding email Header Protection in S/MIME have been identified for some time. Most current implementations of cryptographically-protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. For example, lack of header protection allows an attacker to substitute the message subject and/or author.

This document describes two different structures for how message headers can be cryptographically protected, and provides guidance for implementers of MUAs that generate and interpret such messages. It takes particular care to ensure that messages interact reasonably well with legacy MUAs.

1.1. Two Schemes of Header Protection

This document addresses two different schemes for cryptographically protecting email header sections or fields and provides guidance to implementers.

One scheme is the form specified in S/MIME 3.1 and later, which involves wrapping a message/rfc822 or message/global MIME object with a Cryptographic Envelope around the message to protect. This document calls this scheme "Wrapped Message", and it is documented in more detail in [RFC8551]. Experience has shown that this form does not interact well with some legacy MUAs (see Section 1.2).

Consequently, another form of header protection is introduced, where the protected header fields are placed directly on the Cryptographic Payload, without using an intervening message/* MIME object. This document calls this scheme "Injected Headers", and it is documented in more detail in this document, in Section 2.3.4 and Section 2.5.3.

1.2. Problems with Wrapped Messages

Several legacy MUAs have revealed rendering issues when dealing with a message that uses the Wrapped Message header protection scheme.

In the worst cases, some mail user agents cannot render message/rfc822 message subparts at all, in violation of baseline MIME requirements as described on page 5 of [RFC2049]. This leaves all wrapped messages unreadable by any recipient using such a MUA.

In other cases, the user sees an attachment suggesting a forwarded email message, which -- in fact -- contains the protected email message that should be rendered directly. In most of these cases, the user can click on the attachment to view the protected message.

However, viewing the protected message as an attachment in isolation may strip it of any security indications, leaving the user unable to assess the cryptographic properties of the message. Worse, for encrypted messages, interacting with the protected message in isolation may leak contents of the cleartext, for example, if the reply is not also encrypted.

1.3. Problems with Injected Headers

A legacy MUA dealing with an encrypted message that has some header fields obscured using the Injected Headers scheme will not render the obscured header fields to the user at all. A workaround "legacy display" mechanism is provided in this document, which most legacy MUAs should render to the user, albeit not in the same location that the header fields would normally be rendered.

1.4. Motivation

Users generally do not understand the distinction between message body and message header. When an e-mail message has cryptographic protections that cover the message body, but not the header fields, several attacks become possible.

For example, a legacy signed message has a signature that covers the body but not the header fields. An attacker can therefore modify the header fields (including the Subject header) without invalidating the signature. Since most readers consider a message body in the context of the message's Subject header, the meaning of the message itself could change drastically (under the attacker's control) while still retaining the same cryptographic indicator of authenticity.

In another example, a legacy encrypted message has its body effectively hidden from an adversary that snoops on the message. But if the header fields are not also encrypted, significant information about the message (such as the message Subject) will leak to the inspecting adversary.

However, if the sending and receiving MUAs ensure that cryptographic protections cover the message headers as well as the message body, these attacks are defeated.

1.4.1. Backward Compatibility

If the sending MUA is unwilling to generate such a fully-protected message due to the potential for rendering, usability, deliverability, or security issues, these defenses cannot be realized.

The sender cannot know what MUA (or MUAs) the recipient will use to handle the message. Thus, an outbound message format that is backward-compatible with as many legacy implementations as possible is a more effective vehicle for providing the whole-message cryptographic protections described above.

This document aims for backward compatibility with legacy clients to the extent possible. In some cases, like when a user-visible header like the Subject is cryptographically hidden, the message cannot behave entirely identically to a legacy client. But accommodations are described here that ensure a rough semantic equivalence for legacy clients even in these cases.

1.4.2. Deliverability

A message that cannot be delivered is less useful than a message with perfect cryptographic protections. Senders want their messages to reach the intended recipients.

Given the current state of the Internet mail ecosystem, encrypted messages in particular cannot shield all of their header fields from visibility and still be guaranteed delivery to their intended recipient.

This document accounts for this concern by providing a mechanism (Section 2.3.2) that prioritizes initial deliverability (at the cost of some header leakage) while facilitating future message variants that shield more header metadata from casual inspection.

1.5. Other Protocols to Protect Email Header Fields

A separate pair of protocols also provides some cryptographic protection for the email message header integrity: DomainKeys Identified Mail (DKIM) [RFC6376], as used in combination with Domain-based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. This pair of protocols provides a domain-based reputation mechanism that can be used to mitigate some forms of unsolicited email (spam).

However, the DKIM+DMARC suite provides cryptographic protection at a different scope than the mechanisms described here. In particular, the message integrity and authentication signals provided by DKIM+DMARC correspond to the domain name of the sending e-mail address, not the sending address itself, so DKIM+DMARC not provide end-to-end protection. DKIM+DMARC are typically applied to messages by (and interpreted by) mail transfer agents, not mail user agents. The mechanisms in this document are typically applied to messages by (and interpreted by) mail user agents.

Furthermore, DKIM+DMARC only provides cryptographic integrity and authentication, not encryption. So cryptographic confidentiality is not available from that suite.

DKIM+DMARC can be used on any message, including messages formed as described in this document. There should be no conflict between these schemes.

Though not strictly e-mail, similar protections have been in use on Usenet for signing and verification of message headers for years. See ([PGPCONTROL] and [PGPVERIFY-FORMAT] for more details. Like DKIM, these Usenet control protections offer only integrity and authentication, not encryption.

1.6. Applicability to PGP/MIME

This document describes end-to-end cryptographic protections for e-mail messages in reference to S/MIME ([RFC8551]).

Comparable end-to-end cryptographic protections can also be provided by PGP/MIME ([RFC3156]).

The mechanisms in this document should be applicable in the PGP/MIME protections as well as S/MIME protections, but analysis and implementation in this document focuses on S/MIME.

To the extent that any divergence from the mechanism described here is necessary for PGP/MIME, that divergence is out of scope for this document.

1.7. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

1.8. Terms

The following terms are defined for the scope of this document:

  • S/MIME: Secure/Multipurpose Internet Mail Extensions (see [RFC8551])
  • PGP/MIME: MIME Security with OpenPGP (see [RFC3156])
  • Message: An Email Message consisting of Header Fields (collectively called "the Header Section of the message") followed, optionally, by a Body; see [RFC5322].

    Note: To avoid ambiguity, this document avoids using the terms "Header" or "Headers" in isolation, but instead always uses "Header Field" to refer to the individual field and "Header Section" to refer to the entire collection.

  • Header Field: A Header Field is a line beginning with a field name, followed by a colon (":"), followed by a field body (value), and terminated by CRLF; see [RFC5322].
  • Header Section: The Header Section is a sequence of lines of characters with special syntax as defined in [RFC5322]. The Header Section of a Message contains the Header Fields associated with the Message itself. The Header Section of a MIME part (that is, a subpart of a message) typically contains Header Fields associated with that particular MIME part.
  • Body: The Body is the part of a Message that follows the Header Section and is separated from the Header Section by an empty line (i.e., a line with nothing preceding the CRLF); see [RFC5322]. It is the (bottom) section of Message containing the payload of a Message. Typically, the Body consists of a (possibly multipart) MIME [RFC2045] construct.
  • Header Protection: cryptographic protection of email Header Sections (or parts of it) for signatures and/or encryption
  • Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Structural Headers, Main Body Part, User-Facing Headers, and MUA are all used as defined in [I-D.ietf-lamps-e2e-mail-guidance]
  • Legacy MUA: a MUA that does not understand header protection as described in this document. A Legacy Non-Crypto MUA is incapable of doing any end-to-end cryptographic operations. A Legacy Crypto MUA is capable of doing cryptographic operations, but does not understand or generate messages with header protection.
  • Wrapped Message: The header protection scheme that uses the mechanism described in [RFC8551], where the Cryptographic Payload is a message/rfc822 or message/global MIME object. (see Section 2.2).
  • Injected Headers: The header protection scheme that uses the mechanism described in this document (see Section 2.1), where the protected header fields are inserted on the Cryptographic Payload directly.
  • Header Confidentiality Policy: a functional specification of which header fields should be obscured when composing an encrypted message with header protection. See Section 2.3.2.

1.9. Document Scope

This document describes sensible, simple behavior for a program that generates an e-mail message with standard end-to-end cryptographic protections, following the guidance in [I-D.ietf-lamps-e2e-mail-guidance]. An implementation conformant to this draft will produce messages that have cryptographic protection that covers the message's headers as well as its body.

This document also describes sensible, simple behavior for a program that interprets such a message, in a way that can take advantage of these protections covering the header fields as well as the body.

The message generation guidance aims to minimize negative interactions with any legacy receiving client while providing actionable cryptographic properties for modern receiving clients.

In particular, this document focuses on two standard types of cryptographic protection that cover the entire message:

  • A cleartext message with a single signature, and
  • An encrypted message that contains a single cryptographic signature.

1.9.1. Out of Scope

While the generation guidance aims to provide minimal disruption for any legacy client, such a client by definition does not implement this document.

Therefore, the document does not attempt to provide guidance for legacy clients.

Furthermore, this document does not explicitly contemplate unusual (and tricky) variants of cryptographic message protections, including any of these:

  • Encrypted-only message (without a cryptographic signature)
  • Triple-wrapped message
  • Signed message with multiple signatures
  • Encrypted message with a cryptographic signature outside the encryption.

All such messages are out of scope.

2. Specification

As mentioned in Section 1.1, this document describes two ways to provide end-to-end cryptographic protection for an e-mail message that includes all header fields known to the sender at message composition time.

A receiving MUA MUST be able to handle both header protection schemes, as described in Section 2.5.

A sending MUA MUST be able to generate the Injected Headers scheme (Section 2.3.4), and MAY generate the Wrapped Message scheme (Section 2.3.5).

2.1. Injected Headers Scheme

A message that uses the Injected Headers scheme has protected header fields in the header section of the Cryptographic Payload.

For an encrypted message that has at least one user-visible header field omitted or obscured outside of the Cryptographic Payload, those header fields MAY also be duplicated into decorative copies in the Main Body MIME part of the Cryptograhic Payload itself. These decorative copies within the message are known as "legacy display elements".

Such a legacy display element can be useful for a legacy receiving MUA that doesn't yet understand how to interpret or display a cryptographically-protected confidential header. See Section 3.1 for more details about how the ecosystem could shift so that a sending MUA could avoid the need to generate any legacy display element.

Composing a message with the Injected Headers scheme is described in Section 2.3.4. Rendering such a message is described in Section 2.5.3.

2.2. Wrapped Message Scheme

A message that uses the Wrapped Message scheme has a Cryptographic payload of a single message/rfc822 (or message/global) MIME object, which itself contains the original message (including the protected header section).

Composing a message with the Wrapped Message scheme is described in Section 2.3.5. Rendering such a message is described in Section 2.5.4.

2.3. Sending Side

This section describes the process an MUA should use to apply cryptographic protection to an e-mail message with header protection. We start by describing the legacy message composition process as a baseline.

2.3.1. Composing a Cryptographically-Protected Message Without Header Protection

[I-D.ietf-lamps-e2e-mail-guidance] describes the typical process for a legacy crypto MUA to apply cryptographic protections to an e-mail message. That guidance and terminology is replicated here for reference:

  • origbody: the traditional unprotected message body as a well-formed MIME tree (possibly just a single MIME leaf part). As a well-formed MIME tree, origbody already has structural headers (Content-*) present.
  • origheaders: the intended non-structural headers for the message, represented here as a list of (h,v) pairs, where h is a header field name and v is the associated value. Note that these are header fields that the MUA intends to be visible to the recipient of the message. In particular, if the MUA uses the Bcc header during composition, but plans to omit it from the message (see section 3.6.3 of [RFC5322]), it will not be in origheaders.
  • crypto: The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y"). This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output.

The algorithm returns a MIME object that is ready to be injected into the mail system:

  • Apply crypto to origbody, yielding MIME tree output
  • For each header name and value (h,v) in origheaders:

    • Add header h of output with value v
  • Return output

2.3.2. Header Confidentiality Policy

When composing an encrypted message with header protection, the composing MUA needs a Header Confidentiality Policy (HCP). In this document, we represent that Header Confidentiality Policy as a function hcp:

  • hcp(name, val_in) --> val_out: this function takes a non-structural header field identified by name with initial value val_in as arguments, and returns a replacement header value val_out. If val_out is the special value null, it mean that the header field in question should be omitted from the set of header fields visible outside the Cryptographic Envelope.

Note that hcp is only applied to non-structural header fields. When composing a message, structural header fields are dealt with separately, as described in Section 2.3.4 and Section 2.3.5.

As an example, an MUA that obscures the Subject header field by replacing it with the literal string [...], hides all Cc'ed recipients, and does not offer confidentiality to any other header fields would be represented as (in pseudocode):

hcp_example(name, val_in) → val_out:
    if name is 'Subject':
        return '[...]'
    else if name is 'Cc':
        return null
    else:
        return val_in

Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality). No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all header fields known by the sender have these protections.

This asymmetry is an unfortunate consequence of complexities in message delivery systems, some of which may reject, drop, or delay messages where all header fields are removed from the top-level MIME object.

This document does not mandate any particular Header Confidentiality Policy, though it offers guidance for MUA implementers in selecting one in Section 2.4. Future documents may recommend or mandate such a policy for an MUA with specific needs. Such a recommendation might be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling mechanisms, but these topics are out of scope for this document.

2.3.3. Definition of HP-Removed and HP-Obscured header fields

This document defines 2 new header fields used for conveying the effect of sender's Header Confidentiality Policy: HP-Removed and HP-Obscured. These two MIME header fields should only ever appear directly within the header section of the cryptographic payload of a cryptographic envelope offering confidentiality.

HP-Removed includes a comma separated list of header field names that were omitted from the outer header when the message with header protection was generated. The HP-Removed header field can appear at most once in the header section of a cryptographic payload.

Each instance of HP-Obscured contains a header field name and the value that this header field was modified to in the outer header. The HP-Obscured header field can appear multiple times in the header section of a cryptographic payload.

If a header field name A doesn't appear in an HP-Obscured header field value, then the header field A was either removed (and thus would appear in the HP-Removed header field) or it was copied without any modifications to the outer header.

Syntax of these new header fields is defined using the following ABNF [RFC5234]:

hp-removed      =   "HP-Removed:" field-name-list CRLF

field-name-list =   [FWS] field-name
                    *([FWS] "," [FWS] field-name) [FWS]

hp-obscured     =   "HP-Obscured:" [FWS] field-name ": "
                    field-value CRLF

field-value     =   unstructured

2.3.4. Composing with "Injected Headers" Header Protection

The "Injected Headers" header protection scheme places the header fields to be protected directly on the cryptographic payload. Unlike in the "Wrapped Scheme" (see compose-wrapped-message), there is no wrapping of the message body in any additional message/* MIME part. This section describes how to generate such a message.

To compose a message using "Injected Headers" header protection, the composing MUA needs one additional input in addition to the Header Confidentiality Policy hcp defined in Section 2.3.2.

  • legacy: a boolean value, indicating whether any recipient of the message is believed to have a legacy client. If all recipients are known to implement this draft, legacy should be set to false. (How a MUA determines the value of legacy is out of scope for this document; an initial implementation can simply set it to true)

Enabling visibility of obscured header fields for decryption-capable legacy clients requires transforming a header list into a readable form and including it as a decorative "Legacy Display" element in specially-marked parts of the message. This document recommends two different mechanisms for such a decorative adjustment: one for a text/html Main Body part of the e-mail message, and one for a text/plain Main Body part. This document does not recommend adding a Legacy Display element to any other part.

Please see [I-D.ietf-lamps-e2e-mail-guidance] for guidance on identifying the parts of a message that are a Main Body Part.

The revised algorithm for applying cryptographic protection to a message is as follows:

  • if crypto contains encryption, and legacy is true:

    • Create ldlist, an empty list of (header, value) pairs
    • For each header field name and value (h,v) in origheaders:

    • If ldlist is not empty:

      • Identify each leaf MIME part of payload that represents the "main body" of the message.
      • For each "Main Body Part" bodypart of type text/plain or text/html:

        • Insert Legacy Display element header list ldlist into the content of bodypart (see Section 2.3.4.1 for text/plain and Section 2.3.4.2 for text/html)
        • Add Content-Type parameter hp-legacy-display with value 1 to bodypart
  • For each header field name and value (h,v) in origheaders:

    • Add header field h to MIME part payload with value v
  • Set the protected-headers parameter on the Content-Type of payload to v1
  • If crypto contains encryption:

    • Create new empty list of header field names and values newh
    • Let hpr be an empty comma-separated list of header field names
    • For header field name and value (h,v) in origheaders:

      • Let newval be hcp(h,v)
      • If newval is null:

        • Add the value h to hpr
      • Else (if newval is not null):

        • Add (h,newval) to newh
        • If newval is not v:

          • Let string record be the concatenation of h, a literal ": " (colon followed by space), and newval
          • Add header field "HP-Obscured" to MIME part payload with value record
    • If hpr is not empty:

      • Add header field "HP-Removed" to MIME part payload with value hpr
    • Set origheaders to newh
  • Apply crypto to payload, producing MIME tree output
  • For each header field name and value (h,v) in origheaders:

    • Add header field h to output with value v
  • Return output

Note that both new parameters (hcp and legacy) are effectively ignored if crypto does not contain encryption. This is by design, because they are irrelevant for signed-only cryptographic protections.

2.3.4.1. Adding a Legacy Display Element to a text/plain Part

For a list of obscured header fields represented as (header, value) pairs, concatenate them as a set of lines, with one newline at the end of each pair. Add an additional trailing newline after the resultant text, and prepend the entire list to the body of the text/plain part.

For example, if the list of obscured header fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/plain part that originally contained:

I think we should skip the meeting.

Would become:

Subject: Thursday's meeting
Cc: alice@example.net

I think we should skip the meeting.
2.3.4.2. Adding a Legacy Display Element to a text/html Part

Adding a Legacy Display Element to a text/html part is similar to how it is added to a text/plain part (see Section 2.3.4.1). Instead of adding the obscured header fields to a block of text delimited by a blank line, the composing MUA injects them in an HTML <div> element annotated with a class attribute of header-protection-legacy-display.

The content and formatting of this decorative <div> have no strict requirements, but they SHOULD represent all the obscured header fields in a readable fashion. A simple approach is to assemble the text in the same way as Section 2.3.4.1, wrap it in a verbatim <pre> element, and put that element in the annotated <div>.

The annotated <div> should be placed as close to the start of the <body> as possible, where it will be visible when viewed with a standard HTML renderer.

For example, if the list of obscured header fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/html part that originally contained:

<html><head><title></title></head><body>
<p>I think we should skip the meeting.</p>
</body></html>

Would become:

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p>
</body></html>
2.3.4.3. Only Add a Legacy Display Element to Main Body Parts

Some messages may contain a text/plain or text/html subpart that is not a main body part. For example, an e-mail message might contain an attached text file or a downloaded webpage. Attached documents need to be preserved as intended in the transmission, without modification.

The composing MUA MUST NOT add a Legacy Display element to any part of the message that is not a main body part. In particular, if a part is annotated with Content-Disposition: attachment, or if it does not descend via the first child of any of its multipart/mixed or multipart/related ancestors, it is not a main body part, and MUST NOT be modified.

See [I-D.ietf-lamps-e2e-mail-guidance] for more guidance about common ways to distinguish main body parts from other MIME parts in a message.

2.3.4.4. Do Not Add a Legacy Display Element to Other Content-Types

The purpose of injecting a Legacy Display element into each Main Body MIME part is to enable rendering of otherwise obscured header fields in legacy clients that are capable of message decryption, but don't know how to follow the rest of the guidance in this document.

The authors are unaware of any legacy client that would render any MIME part type other than text/plain and text/html as the Main Body. A generating MUA SHOULD NOT add a Legacy Display element to any MIME part with any other Content-Type.

2.3.5. Composing with "Wrapped Message" Header Protection

The Wrapped Message header protection scheme is briefly documented in Section 3.1 [RFC8551]. This section provides a more detailed explanation of how to build such a message, and augments it with the forwarded parameter as described in [I-D.melnikov-iana-reg-forwarded].

To compose a message using "Wrapped Message" header protection, we use those inputs described in Section 2.3.1 plus the Header Confidentiality Policy hcp defined in Section 2.3.2. The new algorithm is:

  • For header field name and value (h,v) in origheaders:

    • Add header field h to origbody with value v
  • If crypto contains encryption:

    • Create new empty list of header field names and values newh
    • Let hpr be an empty comma-separated list of header field names
    • For header field name and value (h,v) in origheaders:

      • Let newval be hcp(h,v)
      • If newval is null:

        • Add the value h to hpr
      • Else (if newval is not null):

        • Append (h,newval) to newh
        • If newval is not v:

          • Let string record be the concatenation of h, a literal ": " (colon followed by a space), and newval
          • Add header field HP-Obscured to origbody with value record
    • If hpr is not empty:

      • Add header field "HP-Removed" to MIME part payload with value hpr
  • If any of the header fields in origbody, including header fields in the nested internal MIME structure, contain any 8-bit UTF-8 characters (see section section 3.7 of [RFC6532]):

    • Let payload be a new MIME part with one header field: Content-Type: message/global; forwarded=no, and whose body is origbody.
  • Else:

    • Let payload be a new MIME part with one header field: Content-Type: message/rfc822; forwarded=no, and whose body is origbody.
  • Apply crypto to payload, yielding MIME tree output
  • If crypto contains encryption:

    • Set origheaders to newh
  • For header field name and value (h,v) in origheaders:

    • Add header field h to output with value v
  • Return output

Note that the Header Confidentiality Policy hcp is ignored if crypto does not contain encryption. This is by design.

2.3.6. Choosing Between Wrapped Message and Injected Headers

When composing a message with end-to-end cryptographic protections, an MUA SHOULD protect the header fields of that message as well as the body, using one of the formats described here.

A compatible MUA MUST be capable of generating a message with header protection using the Injected Headers Section 2.3.4 format.

2.4. Default Header Confidentiality Policy

An MUA SHOULD have a sensible default Header Confidentiality Policy, and SHOULD NOT require the user to select one. At the time this document was written, a good choice for default HCP is the conservative approach described by hcp_minimal (Section 2.4.1).

Any default Header Confidentiality Policy SHOULD provide confidentiality for the Subject header field by replacing it with the literal string [...]. Most users treat the Subject of a message the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible.

2.4.1. Minimalist Header Confidentiality Policy

The most conservative recommended Header Confidentiality Policy only protects the Subject header field:

hcp_minimal(name, val_in) → val_out:
    if name is 'Subject':
        return '[...]'
    else:
        return val_in

hcp_minimal is the recommended default HCP for a new implementation, as it provides meaningful confidentiality protections, and is unlikely to cause deliverability or usability problems.

2.4.2. Strong Header Confidentiality Policy

Alternately, a more aggressive (and therefore more privacy-preserving) Header Confidentiality Policy only leaks a handful of fields whose absence is known to increase rates of delivery failure, and simultaneously obscures the Message-ID behind a random new one:

hcp_strong(name, val_in) → val_out:
    if name in ['From', 'To', 'Cc', 'Date']:
        return val_in
    else if name is 'Subject':
        return '[...]'
    else if name is 'Message-ID':
        return generate_new_message_id()
    else:
        return null

The function generate_new_message_id() represents whatever process the MUA typically uses to generate a Message-ID for a new outbound message.

hcp_strong is known to cause usability problems with message threading for many legacy MUAs, and is not recommended as a default HCP for new implementations.

2.4.3. Null Header Confidentiality Policy

Legacy MUAs can be conceptualized as offering a null Header Confidentiality Policy, which offers no confidentiality protection to any header field:

hcp_null(name, val_in) → val_out:
    return val_in

A MUA offering header protection SHOULD NOT use hcp_null by default.

2.4.4. Offering Stronger Header Confidentiality

A MUA MAY offer even stronger confidentiality for header fields of an encrypted message than described in Section 2.4.2. For example, it might implement an HCP that obfuscates the From field, or omits the Cc field, or ensures Date is represented in UTC (obscuring the local timezone).

The authors of this document hope that implementers with deployment experience will document their chosen Header Confidentiality Policy and the rationale behind their choice.

2.5. Receiving Side

An MUA that receives a cryptographically-protected e-mail will render it for the user.

The receiving MUA will render the message body, a selected subset of header fields, and (as described in [I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the cryptographic properties of the message.

Most MUAs only render a subset of header fields by default. For example, few MUAs typically render Message-Id or Received header fields for the user, but most do render From, To, Cc, Date, and Subject.

A MUA that knows how to handle a message with header protection makes the following two changes to its behavior when rendering a message:

  • If it detects that an incoming message had protected header fields, it renders header fields for the message from the protected header fields, ignoring the external (unprotected) header fields.
  • It includes information in the message's cryptographic summary to indicate the types of protection that applied to each rendered header field (if any).

A MUA that handles a message with header protection does not need to render any new header fields that it did not render before.

2.5.1. Identifying that a Message has Header Protection

An incoming message can be identified as having header protection based on one of two signals:

  • The Cryptographic Payload has Content-Type: message/rfc822 or Content-Type: message/global and the parameter forwarded has a value of no. See Section 2.5.4 for rendering guidance.
  • The Cryptographic Payload has some other Content-Type and it has parameter protected-headers set to v1. See Section 2.5.3 for rendering guidance.

Messages of both types exist in the wild, and a compliant MUA MUST be able to handle them both. They provide the same semantics and the same meaning.

2.5.2. Updating the Cryptographic Summary

Regardless of whether a cryptographically-protected message has protected header fields, the cryptographic summary of the message should be modified to indicate what protections the header fields have.

Each header field individually has exactly one the following protections:

  • unprotected (this is the case for all header fields in messages that have no header protection)
  • signed-only (bound into the same validated signature as the enclosing message, but also visible in transit)
  • encrypted-only (only appears within the cryptographic payload; the corresponding external header field was either omitted or obfuscated)
  • signed-and-encrypted (same as encrypted-only, but additionally is under a validated signature)

Note that while the message itself may be signed-and-encrypted, some header fields may be replicated on the outside of the message (e.g. Date). Those header fields would be signed-only, despite the message itself being signed-and-encrypted. Additionally, the data from some encrypted or signed-and-encrypted header fields may not be fully private (see Section 6.1 for more details).

Rendering the cryptographic status of each header field is likely to be complex and messy --- users may not understand it. It is beyond the scope of this document to suggest any specific graphical affordances or user experience. Future work should include examples of successful rendering of this information.

2.5.3. Rendering a Message with Injected Headers

When the Cryptographic Payload does not have a Content-Type of message/rfc822 or message/global, and the parameter protected-headers is set to v1, the values of the protected header fields are drawn from the header fields of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself.

2.5.3.1. Example Signed-only Message with Injected Headers
A └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
B  └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
C   ├─╴text/plain
D   └─╴text/html

The message body should be rendered the same way as this message:

B └┬╴multipart/alternative
C  ├─╴text/plain
D  └─╴text/html

It should render header fields taken from part B.

Its cryptographic summary should indicate that the message was signed and all rendered header fields were included in the signature.

The MUA SHOULD ignore header fields from part A for the purposes of rendering.

2.5.3.2. Example Signed-and-Encrypted Message with Injected Headers

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

E └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
F  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
G   └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
H    ├─╴text/plain
I    └─╴text/html

The message body should be rendered the same way as this message:

G └┬╴multipart/alternative
H  ├─╴text/plain
I  └─╴text/html

It should render header fields taken from part G.

Its cryptographic summary should indicate that the message was signed and encrypted. As in Section 2.5.4.2, each rendered header field found in G should be compared against the header field of the same name from E. If the value found in E matches the value found in G, the header field should be marked as signed-only. If no matching header field was found in E, or the value found did not match the value from G, the header field should be marked as signed-and-encrypted.

2.5.3.3. Do Not Render Legacy Display Elements

As described in Section 2.1, a message with cryptographic confidentiality protection MAY include "Legacy Display" elements for backward-compatibility with legacy MUAs. These Legacy Display elements are strictly decorative, unambiguously identifiable, and will be discarded by compliant implementations.

The receiving MUA SHOULD avoid rendering the identified Legacy Display elements to the user at all, since it is aware of header protection and can render the actual protected header fields.

If a text/html or text/plain part within the cryptographic envelope is identified as containing Legacy Display elements, those elements SHOULD be hidden when rendering and SHOULD be dropped when generating a draft reply or inline forwarded message. Whenever a Message or MIME subtree is exported, downloaded or otherwise further processed, implementers should consider whether or not to drop the Legacy Display elements.

2.5.3.3.1. Identifying a Part with Legacy Display Elements

A receiving MUA acting on a message that contains an encrypting Cryptographic Layer identifies a MIME subpart with within the Cryptographic Payload as containing Legacy Display elements based on the Content-Type of the subpart.

  • The subpart's Content-Type contains a parameter hp-legacy-display with value set to 1
  • The subpart's Content-Type is either text/html (see Section 2.5.3.3.3) or text/plain (see Section 2.5.3.3.2)

Note that the term "subpart" above is used in the general sense: if the Cryptographic Payload is a single part, that part itself may contain a Legacy Display element if it is marked with the hp-legacy-display=1 parameter.

2.5.3.3.2. Omitting Legacy Display Elements from text/plain

If a text/plain part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • Discard the leading lines of the body of the part up to and including the first entirely blank line.

Note that implementing this strategy is dependent on the charset used by the MIME part.

See Appendix D.1 for an example.

2.5.3.3.3. Omitting Legacy Display Elements from text/html

If a text/html part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • If any element of the HTML <body> is a <div> with class attribute header-protection-legacy-display, that entire element should be omitted.

A straightforward way for an HTML-capable MUA to do this is to add an entry to the [CSS] stylesheet for such a part:

body div.header-protection-legacy-display { display: none; }

2.5.4. Rendering a Wrapped Message

Some MUAs may compose and send a message with end-to-end cryptographic protections that offer header protection using the Wrapped Message scheme described in Section 3.1 of [RFC8551]. This section describes how a receiving MUA should identify and render such a message.

When the Cryptographic Payload has Content-Type of message/rfc822 or message/global, and the parameter forwarded is set to no, the values of the protected header fields are drawn from the header fields of the Cryptographic Payload, and the body that is rendered is the body of the Cryptographic Payload.

2.5.4.1. Example Signed-Only Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

J └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
K  └┬╴message/rfc822 [Cryptographic Payload]
L   └┬╴multipart/alternative [Rendered Body]
M    ├─╴text/plain
N    └─╴text/html

The message body should be rendered the same way as this message:

L └┬╴multipart/alternative
M  ├─╴text/plain
N  └─╴text/html

It should render header fields taken from part K.

Its cryptographic summary should indicate that the message was signed and all rendered header fields were included in the signature.

The MUA SHOULD ignore header fields from part J for the purposes of rendering.

2.5.4.2. Example Signed-and-Encrypted Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

O └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
P  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
Q   └┬╴message/rfc822 [Cryptographic Payload]
R    └┬╴multipart/alternative [Rendered Body]
S     ├─╴text/plain
T     └─╴text/html

The message body should be rendered the same way as this message:

R └┬╴multipart/alternative
S  ├─╴text/plain
T  └─╴text/html

It should render header fields taken from part Q.

Its cryptographic summary should indicate that the message was signed and encrypted. Each rendered header field found in Q should be compared against the header field of the same name from O. If the value found in O matches the value found in Q, the header field should be marked as signed-only. If no matching header field was found in O, or the value found did not match the value from Q, the header field should be marked as signed-and-encrypted.

2.5.5. Guidance for Automated Message Handling

Some automated systems have a control channel that is operated by e-mail. For example, an incoming e-mail message could subscribe someone to a mailing list, initiate the purchase of a specific product, approve another message for redistribution, or adjust the state of some shared object.

To the extent that such a system depends on end-to-end cryptographic guarantees about the e-mail control message, header protection as described in this document should improve the system's security. This section provides some specific guidance for systems that use e-mail messages as a control channel that want to benefit from these security improvements.

2.5.5.1. Interpret Only Protected Header Fields

Consider the situation where an e-mail-based control channel depends on the message's cryptographic signature and the action taken depends on some header field of the message.

In this case, the automated system MUST rely on information from the header field that is protected by the mechanism described in this document. It MUST NOT rely on any header field found outside the cryptographic payload.

For example, consider an administrative interface for a mailing list manager that only accepts control messages that are signed by one of its administrators. When an inbound message for the list arrives, it is queued (waiting for administrative approval) and the system generates and listens for two distinct e-mail addresses related to the queued message -- one that approves the message, and one that rejects it. If an administrator sends a signed control message to the approval address, the mailing list verifies that the protected To: header field of the signed control message contains the approval address before approving the queued message for redistribution. If the protected To: header field does not contain that address, or there is no protected To: header field, then the mailing list logs or reports the error, and does not act on that control message.

2.5.5.2. Ignore Legacy Display Elements

Consider the situation where an e-mail based control channel expects to receive an end-to-end encrypted message -- for example, where the control messages need confidentiality guarantees -- and where the action taken depends on the contents of some MIME part within message body.

In this case, the automated system that decrypts the incoming mssages and scans the relevant MIME part SHOULD identify when the MIME part contains a legacy display element (see Section 2.5.3.3.1), and it SHOULD parse the relevant MIME part with the legacy display element removed.

For example, consider an administrative interface of a confidential issue tracking software. An authorized user can confidentially adjust the status of a tracked issue by a specially-formatted first line of the message body (for example, severity #183 serious). When the user's MUA encrypts a plain text control message to this issue tracker, depending on the MUA's HCP and its choice of legacy value, it may add a legacy display element. If it does so, then the first line of the message body will contain a decorative copy of the confidential Subject: header field. The issue tracking software decrypts the incoming control message, identifies that there is a legacy display element in the part (see Section 2.5.3.3.1), strips the legacy display lines (including the first blank line), and only then parses the remaining top line to look for the expected special formatting.

2.5.6. Affordances for Debugging and Troubleshooting

Note that advanced users of an MUA may need access to the original message, for example to troubleshoot problems with the rendering MUA itself, or problems with the SMTP transport path taken by the message.

A MUA that applies these rendering guidelines SHOULD ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting.

If a troubleshooting scenario demands information about the cryptographically-protected values of headers, and the message is encrypted, the debugging interface SHOULD also provide a "source" view of the Cryptographic Payload itself, alongside the full original source of the message as received.

2.5.7. Rendering Other Schemes

Other MUAs may have generated different structures of messages that aim to offer end-to-end cryptographic protections that include header protection.

While this document is not normative for those schemes, it offers guidance for how to identify and handle these other formats. In the following a list of systems that are known to generate email messages with end-to-end cryptographic protections that include header protection using a different MIME scheme.

2.5.7.1. Pretty Easy Privacy (pEp)

The pEp (pretty Easy privacy) [I-D.pep-general] project specifies MIME schemes for Signed-and-Encrypted email messages that also provide header protection [I-D.pep-email]. Similar to the "Wrapped Messages" scheme described in Section 2.3.5 and Section 2.5.4, pEp email messages are fully encapsulated in the Cryptographic Payload.

More information can be found in [I-D.pep-email].

2.5.8. Composing a Reply to an Encrypted Message with Header Protection

When composing a reply to an encrypted message with header protection, the MUA is acting both as a receiving MUA and as a sending MUA. Special guidance applies here, as things can go wrong in at least two ways: leaking previously-confidential information, and replying to the wrong party.

2.5.8.1. Avoid Leaking Encrypted Header Fields in Reply

As noted in [I-D.ietf-lamps-e2e-mail-guidance], an MUA in this position MUST NOT leak previously-encrypted content in the clear in a followup message. The same is true for protected header fields.

Values from any header field that was identified as either encrypted-only or signed-and-encrypted based on the steps outlined above MUST NOT be placed in cleartext output when generating a message.

In particular, if Subject was encrypted, and it is copied into the draft encrypted reply, the replying MUA MUST obfuscate the unprotected (cleartext) Subject header field as described above.

When crafting the headers for a reply message, the composing MUA can make use of the HP-Removed and HP-Obscured headers from within the cryptographic envelope of the reference message to ensure that headers derived from the reference message do not leak in the reply.

Consider a header field in a reply message that is generated by derivation from a header field in the reference message. For example, the To header field is typically derived from the reference message's Reply-To or From header fields. When generating the outer copy of the header field, the composing MUA first applies its own header confidentiality policy. If the header field's value is changed by the HCP, then it is applied to the outside header and noted in the protected header section using HP-Removed or HP-Obscured as appropriate, as described in Section 2.3.3. Otherwise, if the header field's value is unchanged, the composing MUA re-generates the header field using the source header fields from the values within the cryptographic payload of the reference message, as modified by the HP-Obscured or HP-Removed headers. If that value is itself different than the protected value, then it is applied to the outside header and noted in the protected header section using HP-Obscured. If the value is the same as the protected value, then it is simply copied to the outside header directly.

See Appendix C.2 for a simple worked example of this process.

2.5.8.2. Avoid Misdirected Replies to Encrypted Messages with Header Protection

When replying to a message, the Composing MUA typically decides who to send the reply to based on:

  • the Reply-To, Mail-Followup-To, or From header fields
  • optionally, the other To or Cc header fields (if the user chose to "reply all")

When a message has header protection, the replying MUA MUST populate the destination fields of the draft message using the protected header fields, and ignore any unprotected header fields.

This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, and then replays the message to Bob with an additional Cc to Mallory's own e-mail address in the message's outer (unprotected) header section.

If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory.

2.5.9. Implicitly-rendered Header Fields

While From and To and Cc and Subject and Date are often explicitly rendered to the user, some header fields do affect message display, without being explicitly rendered.

For example, Message-Id, References, and In-Reply-To header fields may collectively be used to place a message in a "thread" or series of messages.

In another example, Section 2.5.8.2 observes that the value of the Reply-To field can influence the draft reply message. So while the user may never see the Reply-To header field directly, it is implicitly "rendered" when the user interacts with the message by replying to it.

An MUA that depends on any implicitly-rendered header field in a message with header protection SHOULD use the value from the protected header field, and SHOULD NOT use any value found outside the cryptographic protection.

2.5.10. Unprotected Header Fields Added in Transit

Some header fields are legitimately added in transit, and could not have been known to the sender at message composition time.

The most common of these header fields are Received and DKIM-Signature, neither of which are typically rendered, either explicitly or implicitly.

If a receiving MUA has specific knowledge about a given header field, including that:

  • the header field would not have been known to the original sender, and
  • the header field might be rendered explicitly or implicitly,

then the MUA MAY decide to operate on the value of that header field from the unprotected header section, even though the message has header protection.

The MUA MAY prefer to verify that the header fields in question have additional transit-derived cryptographic protections (e.g., to test whether they are covered by a valid DKIM-Signature, see [RFC6376]) before rendering or acting on them.

Specific examples appear below.

2.5.10.1. Mailing list header fields: List-* and Archived-At

If the message arrives through a mailing list, the list manager itself may inject header fields (most of which start with List-) in the message:

  • List-Archive
  • List-Subscribe
  • List-Unsubscribe
  • List-Id
  • List-Help
  • List-Post
  • Archived-At

For some MUAs, these header fields are implicitly rendered, by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc.

An MUA that receives a message with header protection that contains these header fields in the unprotected section, and that has reason to believe the message is coming through a mailing list MAY decide to render them to the user (explicitly or implicitly) even though they are not protected.

3. E-mail Ecosystem Evolution

This document is intended to offer tooling needed to improve the state of the e-mail ecosystem in a way that can be deployed without significant disruption. Some elements of this specification are present for transitional purposes, but would not exist if the system were designed from scratch.

This section describes these transitional mechanisms, as well as some suggestions for how they might eventually be phased out.

3.1. Dropping Legacy Display Elements

Any decorative Legacy Display element added to an encrypted message that uses the Injected Header scheme is present strictly for enabling header field visibility (most importantly, the Subject header field) when the message is viewed with a decryption-capable legacy client.

Eventually, the hope is that most decryption-capable MUAs will conform to this specification, and there will be no need for injection of Legacy Display elements in the message body. A survey of widely-used decryption-capable MUAs might be able to establish when most of them do support this specification.

At that point, a composing MUA could make the legacy parameter described in {#compose-injected-headers} to false by default, or could even hard-code it to false, yielding a much simpler message construction set.

Until that point, an end user might want to signal that their receiving MUAs are conformant to this draft so that a peer composing a message to them can set legacy to false. A signal indicating capability of handling messages with header protection might be placed in the user's cryptographic certificate, or in outbound messages.

This draft doesn't attempt to define the syntax or semantics of such a signal.

3.2. Stronger Default Header Confidentiality Policy

This draft defines two different forms of Header Confidentiality Policy. A MUA implementing an HCP for the first time SHOULD deploy hcp_minimal as recommended in Section 2.4. This HCP offers the most commonly-expected protection (obscuring the Subject header field) without risking deliverability or rendering issues.

The HCPs proposed in this draft are relatively conservative and still leak a significant amount of metadata for encrypted messages. This is largely done to ensure deliverability (see Section 1.4.2) and usability, as messages without some critical header fields are more likely to not reach their intended recipient.

In the future, some mail transport systems may accept and deliver messages with even less publicly-visible metadata. Many MTA operators today would ask for additional guarantees about such a message to limit the risks associated with abusive or spammy mail.

This specification offers the HCP formalism itself as a way for MUA developers and MTA operators to describe their expectations around message deliverability. MUA developers can propose a stronger default HCP, and ask MTA operators (or simply test) whether their MTAs would be likely to deliver or reject encrypted mail with that HCP applied. Proponents of a stronger HCP should explicitly document the HCP, and name it clearly and unambiguously to facilitate this kind of interoperability discussion.

Reaching widespread consensus around a stronger global default HCP is a challenging problem of coordinating many different actors. A piecemeal approach might be more feasible, where some signalling mechanism allows a message recipient, MTA operator, or third-party clearinghouse to announce what kinds of HCPs are likely to be deliverable for a given recipient. In such a situation, the default HCP for a MUA might involve consulting the signalled acceptable HCPs for all recipients, and combining them (along with a default for when no signal is present) in some way.

If such a signal were to reach widespread use, it could also be used to guide reasonable statistical default HCP choices for recipients with no signal.

This draft doesn't attempt to define the syntax or semantics of such a signal.

3.3. Deprecation of Messages Without Header Protection

At some point, when the majority of MUA clients that can generate cryptographically protected messages with header protection, it should be possible to deprecate any cryptographically protected message that does not have header protection.

For example, as noted in Section 4.1, it's possible for a MUA to decline to render a signed-only message that has no header protection the same as an unsigned message. And a signed-and-encrypted message without header protection could likewise be marked as not fully protected.

These stricter rules could be adopted immediately for all messages. Or a MUA developer could roll them out immediately for any new message, but still treat an old message (based on the Date header field and cryptographic signature timestamp) more leniently.

A decision like this by any popular receiving MUA could drive adoption of this standard for sending MUAs.

4. Usability Considerations

This section describes concerns for MUAs that are interested in easy adoption of header protection by normal users.

While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document.

See also the Usability section in [I-D.ietf-lamps-e2e-mail-guidance].

4.1. Mixed Protections Within a Message Are Hard To Understand

When rendering a message to the user, the ideal circumstance is to present a single cryptographic status for any given message. However, when message headers are present, some message headers do not have the same cryptographic protections as the main message.

Representing such a mixed set of protection statuses is very difficult to do in a way that a normal user can understand without training. There are at least three scenarios that are likely to be common, and poorly understood:

  • A signed message with no header protection.
  • A signed-and-encrypted message with no header protection.
  • An signed-and-encrypted message with header protection as described in this document, where some user-facing headers have confidentiality but some do not.

A MUA should have a reasonable strategy for clearly communicating each of these scenarios to the user. For example, a MUA operating in an environment where it expects most cryptographically-protected messages to have header protection could use the following rendering strategy:

  • When rendering a message with signed-only cryptographic status but no header protection, decline to indicate to the user that the message was signed at all. That is, the message would appear identical to an unsigned message.
  • When rendering a message with signed-and-encrypted or encrypted-only cryptographic status but no header protection, overlay a warning flag on the typical cryptographic status indicator. That is, if a typical signed-and-encrypted message displays a lock icon, display a lock icon with a warning sign (e.g., an exclamation point in a triangle) overlaid. See, for example, the graphics in [chrome-indicators].
  • When rendering a message with signed-and-encrypted or encrypted-only cryptographic status, with header protection, but where the Subject header field has not been removed or obscured, place a warning sign on the on the Subject line.

Other simple rendering strategies could also be reasonable.

4.2. Users Should Not Have To Choose a Header Confidentiality Policy

This document defines the abstraction of a Header Confidentiality Policy object for the sake of communication between implementers and deployments.

Most e-mail users are unlikely to understand the tradeoffs between different policies. In particular, the potential negative side effects (e.g. poor deliverability) may not be easily attributable by a normal user to a particular HCP.

Therefore, MUA implementers should be conservative in their choice of default HCP, and should not require the ordinary user to make an incomprehensible choice that could cause unfixable, undiagnosable problems. The safest option is for the MUA developer to select a known, stable HCP (this document recommends hcp_minimal in Section 2.4) on the user's behalf. A MUA should not not expose the ordinary user to a configuration option where they are expected to manually select (let alone define) an HCP.

In the event that a MUA implementer gets user complaints about problems with removed or obscured header fields due to the MUA's defined HCP, the implementer may offer the user an option to drop header confidentiality altogether for freshly composed messages (thereby reverting to hcp_null). But when handling such a scenario for a reply to a message with some header confidentiality policy in place, note the guidance in Section 2.5.8.1 to avoid accidental leakage.

4.3. Users Should Not Have To Choose a Header Protection Scheme

This document also describes two different header protection schemes: Wrapped Messages in Section 2.2 and Injected Headers in Section 2.1.

These distinct schemes are described for the sake of implementers who may have to deal with messages found in the wild, but their intended semantics are identical. They represent different tradeoffs in terms of rendering and user experience on the recipient's side, things that a given user writing a message is not prepared to select.

When composing a message with cryptographic protections, the ordinary user should not be confronted with any choices about which header protection scheme to use. Rather, the MUA developer should use a single scheme for all outboud cryptographically-protected messages.

This document recommends the Injected Headers scheme for generating messages with cryptographic protections, as described in Section 2. A MUA should not expose the ordinary user to any configuration option where they are expected to manually select, enable, or disable header protections for new cryptographically-protected messages.

5. Security Considerations

This document describes a mechanism for improving the security of cryptographically-protected e-mail messages. Following the guidance in this document should improve security for users of these technologies by more directly aligning the underlying messages with user expectations about confidentiality, authenticity, and integrity.

However, many existing messages with cryptographic protections will not have these protections, and MUAs encountering these messages will need to handle older forms (without header protection) for quite some time. An implementation that deals with legacy message archives will need to deal with all the various formats forever. Helping the user distinguish between cryptographic protections of various messages is a difficult job for message renderers.

However, on the message generation side, the situation is much clearer: there is a standard form that a protected message can take, and an implementer can always generate the standard form. Generating the standard form also makes it more likely that any receiving implementation will be able to handle the generated message appropriately.

5.1. Caution about Composing with Legacy Display Elements

When composing a message, it's possible for a Legacy Display Element to contain risky data that a rendering client could trigger errors in a rendering client.

For example, if the value for a header field to be included in a Legacy Display Element within a given body part contains folding whitespace, it should be "unfolded" before generating the Legacy Display Element: all contiguous folding whitespace should be replaced with a single space character. Likewise, if the header value was originally encoded with [RFC2047], it should be decoded first to a standard string and re-encoded using the charset appropriate to the target part.

When including a Legacy Display Element in a text/plain part (see Section 2.3.4.1), if the decoded Subject header field contains a pair of newlines (e.g., if it is broken across multiple lines by encoded newlines), any newline MUST be stripped from the Legacy Display Element. If the pair of newlines is not stripped, a receiving MUA that follows the guidance in Section 2.5.3.3.2 might leave the later part of the Legacy Display Element in the rendered message.

When including a Legacy Display Element in a text/html part (see Section 2.3.4.2), any material in the header values should be explicitly HTML escaped to avoid being rendered as part of the HTML. At a minimum, the characters <, >, and & should be escaped to &lt;, &gt;, and &amp;, respectively (see for example [HTML-ESCAPES]). If unescaped characters from removed or obscured header values end up in the Legacy Display element, a receiving MUA that follows the guidance in Section 2.5.3.3.3 might fail to identify the boundaries of the Legacy Display Element, cutting out more than it should, or leaving remnants visible. And a legacy client parsing such a message might misrender the entire HTML stream, depending on the content of the removed or obscured header values.

The Legacy Display Element is a decorative addition solely to enable visibility of obscured or removed header fields in legacy, decryption-capable MUAs. When it is produced, it should be generated conservatively and narrowly, to avoid damaging the rest of the message.

6. Privacy Considerations

6.1. Encrypted Header Fields Are Not Always Private

For encrypted messages, depending on the sender's HCP, some header fields may appear both within the Cryptographic Envelope and on the outside of the message. Section 2.5.2 identifies those messages as signed-only. These header fields are clearly not private at all, despite a copy being inside the Cryptographic Envelope.

A header field where the protected encrypted value does not match the value outside the message have encrypted-only or signed-and-encrypted status. But even header fields with these stronger levels of cryptographic confidentiality protection might not be as private as the user would like.

6.2. Header Fields Can Leak Unwanted Information to the Recipient

For encrypted messages, even with a powerful HCP that successfully obscures most header fields from all transport agents, header fields will be ultimately visible to all intended recipients. This can be especially problematic for header fields that are not user-facing, which the sender may not expect to be injected by their MUA. Consider the three following examples:

  • The MUA may inject a User-Agent header field that describes their current technical to every recipient, even though the sender may not want the recipient to know the exact version of their OS, hardware platform, or MUA.
  • The MUA may have an idiosyncratic way of generating a Message-ID header, which could embed the choice of MUA, a timezone, a hostname, or other subtle information to a knowledgable recipient.
  • The MUA may erroneously include a Bcc header field in the origheaders of a copy of a message sent to the named recipient, defeating the purpose of using Bcc instead of Cc (see Section 6.3 for more details about risks related to Bcc).

Clearly, no end-to-end cryptographic protection of any header field as described in this document will hide such a sensitive field from the intended recipient. Instead, the composing MUA MUST judiciously populate the origheaders list for any outbound message with only information that the user reasonably intends the recipient to have access to. This is true for messages without any cryptographic protection as well, of course, and it is even worse there: such a leak is exposed to the transport agents as well as the recipient. An encrypted message with header protection and a strong header confidentiality policy avoid these leaks exposing information to the transport agents, but cannot defend against such a leak to the recipient.

6.2.1. Encrypted Header Fields Can Be Inferred From External Metadata

For example, if the To: and Cc: header fields are omitted from the unprotected header section, the values in those fields might still be inferred with high probability by an adversary who looks at the message either in transit or at rest. If the message is found in, or being delivered to a mailbox for bob@example.org, it's likely that Bob was in either To: or Cc:. Additionally, an MTA that handles the message may add a Received: header field (or some other custom header field) that leaks some information about the nature of the delivery.

6.2.2. HCP May Not Mask All Data in an Encrypted Header Field

In another example, if the HCP modifies the Date: header to mask out high-resolution time stamps (e.g. rounding to the most recent hour) and to convert the local timezone to UTC, some information about the date of delivery will still be attached to the e-mail. At the very least, the low resolution, global version of the date will be present on the message. Additionally, headers like Received that are added during message delivery might include higher-resolution timestamps. And if the message lands in a mailbox that is ordered by time of receipt, even its placement in the mailbox and the non-obscured Date: header fields of the surrounding messages could leak this information.

Some fields like From: may be impossible to fully obscure, as many modern message delivery systems depend on at least domain information in the From: field for determining whether a message is coming from a domain with "good reputation" (that is, from a domain that is not known for leaking spam). So even if an aggressive HCP opts to remove the human-readable part from any From: header field, and to standardize/genericize the local part of the From: address, the domain will still leak.

6.2.3. An Intermediary Can Trick a Recipient into Overestimating the Cryptographic Status of a Header Field in an Encrypted Message

When an encrypted (or signed-and-encrypted) message is in transit, an active intermediary can strip or tamper with any header field that appears outside the Cryptographic Envelope.

For example, if the original sender's HCP passes through the Cc: header field unchanged, a cleanly-delivered message would indicate that the Cc: header field has a cryptographic status of signed. But if an intermediary attacker simply removes the header field from the unprotected header section before forwarding the message, then the recipient would believe that the field has a cryptographic status of signed-and-encrypted.

An attacker can thus induce a false sense of confidentiality in a recipient whose MUA actually did not provide that level of privacy.

This draft offers protection against such an attack by way of the HP-Obscured and HP-Removed header fields that can be found on the cryptographic payload. If a header field appears to have been obscured, but no HP-Obscured header matches it; or if the header field appears to have been removed, but the HP-Removed header does not include its field name, the receiving MUA can indicate to the user that the header field in question may not have been confidential.

However, in such a case, a conservative MUA may still decide to treat the header field in question as signed-and-encrypted during reply, to avoid accidental leakage of the cleartext value in the reply message, as described in Section 2.5.8.1.

6.2.4. Summary and Implementation Guidance

In the abstract sense, the above concerns are of course also true for any encrypted data, including the body of the message: if the sender isn't careful, the message contents or session keys could leak in many different ways that are beyond the scope of this draft. The message recipient has no way in principle to tell whether the apparent confidentiality of any given piece of encrypted content has been broken via channels that they cannot perceive. And an active intermediary aware of the recipient's public key can always encrypt a cleartext message in transit to give the recipient a false sense of security.

A receiving MUA should be cautious about how it represents the cryptographic status of encrypted-only and signed-and-encrypted header fields to the user, to avoid overpromising. However, the MUA should also strive to avoid additional leakage of these header fields, as described in Section 2.5.8.1.

6.3. Privacy and Deliverability Risks with Bcc and Encrypted Messages

As noted in [I-D.ietf-lamps-e2e-mail-guidance], handling Bcc when generating an encrypted e-mail message can be particularly tricky. With header protection, there is an additional wrinkle. When an encrypted e-mail message with header protection has a Bcc'ed recipient, and the composing MUA explicitly includes the Bcc'ed recipient's address in their copy of the message (see the "second method" in Section 3.6.3 of [RFC5322]), that Bcc header field will always be visible to the Bcc'ed recipient.

In this scenario, though, the composing MUA has one additional choice: whether to hide the Bcc header field from intervening message transport agents, by returning null when the HCP is invoked for Bcc . If the composing MUA's rationale for including an explicit Bcc in the copy of the message sent to the Bcc recipient is to ensure deliverability via a message transport agent that inspects message headers, then stripping the Bcc field during encryption may cause the intervening transport agent to drop the message entirely. This is why Bcc is not explicitly stripped in hcp_minimal.

If, on the other hand, deliverability to a Bcced recipient is not a concern, the most privacy-preserving option is to simply omit the Bcc header field from the protected header section in the first place. A MUA that is capable of receiving and processing such a message can infer that since their user's address was not mentioned in any To or Cc header field, they were likely a Bcc recipient.

Please also see [I-D.ietf-lamps-e2e-mail-guidance] for more discussion about Bcc and encrypted messages.

7. IANA Considerations

This document request IANA to register the following header fields in the "Permanent Message Header Field Names" Registry in accordance with [RFC3864].

8. Acknowledgments

The authors would like to thank the following people who have provided helpful comments and suggestions for this document: Berna Alp, Bernhard E. Reiter, Claudio Luck, David Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Robert Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Wei Chuang.

9. References

9.1. Normative References

[I-D.ietf-lamps-e2e-mail-guidance]
Gillmor, D. K., "Guidance on End-to-End E-mail Security", Work in Progress, Internet-Draft, draft-ietf-lamps-e2e-mail-guidance-04, , <https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-04.txt>.
[I-D.ietf-lamps-header-protection-requirements]
Melnikov, A. and B. Hoeneisen, "Problem Statement and Requirements for Header Protection", Work in Progress, Internet-Draft, draft-ietf-lamps-header-protection-requirements-01, , <https://www.ietf.org/archive/id/draft-ietf-lamps-header-protection-requirements-01.txt>.
[RFC2045]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, , <https://www.rfc-editor.org/info/rfc2045>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC3864]
Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, DOI 10.17487/RFC3864, , <https://www.rfc-editor.org/info/rfc3864>.
[RFC5234]
Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, , <https://www.rfc-editor.org/info/rfc5234>.
[RFC5322]
Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, , <https://www.rfc-editor.org/info/rfc5322>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8551]
Schaad, J., Ramsdell, B., and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, , <https://www.rfc-editor.org/info/rfc8551>.

9.2. Informative References

[chrome-indicators]
Schechter, E., "Evolving Chrome's security indicators", , <https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html>.
[CSS]
World Wide Web Consortium, "Cascading Style Sheets Level 2 Revision 2 (CSS 2.2) Specification", , <https://www.w3.org/TR/2016/WD-CSS22-20160412/>.
[HTML-ESCAPES]
W3C, "Using character escapes in markup and CSS", n.d., <https://www.w3.org/International/questions/qa-escapes#use>.
[I-D.ietf-lamps-samples]
Gillmor, D. K., "S/MIME Example Keys and Certificates", Work in Progress, Internet-Draft, draft-ietf-lamps-samples-08, , <https://www.ietf.org/archive/id/draft-ietf-lamps-samples-08.txt>.
[I-D.melnikov-iana-reg-forwarded]
Melnikov, A. and B. Hoeneisen, "IANA Registration of Content-Type Header Field Parameter 'forwarded'", Work in Progress, Internet-Draft, draft-melnikov-iana-reg-forwarded-00, , <https://www.ietf.org/archive/id/draft-melnikov-iana-reg-forwarded-00.txt>.
[I-D.pep-email]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): Email Formats and Protocols", Work in Progress, Internet-Draft, draft-pep-email-02, , <https://www.ietf.org/archive/id/draft-pep-email-02.txt>.
[I-D.pep-general]
Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy privacy (pEp): Privacy by Default", Work in Progress, Internet-Draft, draft-pep-general-02, , <https://www.ietf.org/archive/id/draft-pep-general-02.txt>.
[PGPCONTROL]
UUNET Technologies, Inc., "Authentication of Usenet Group Changes", , <https://ftp.isc.org/pub/pgpcontrol/>.
[PGPVERIFY-FORMAT]
Lawrence, D. C., "Signing Control Messages, Verifying Control Messages", n.d., <https://www.eyrie.org/~eagle/usefor/other/pgpverify>.
[RFC2047]
Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, DOI 10.17487/RFC2047, , <https://www.rfc-editor.org/info/rfc2047>.
[RFC2049]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, DOI 10.17487/RFC2049, , <https://www.rfc-editor.org/info/rfc2049>.
[RFC3156]
Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, , <https://www.rfc-editor.org/info/rfc3156>.
[RFC6376]
Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, , <https://www.rfc-editor.org/info/rfc6376>.
[RFC6532]
Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, , <https://www.rfc-editor.org/info/rfc6532>.
[RFC7489]
Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, , <https://www.rfc-editor.org/info/rfc7489>.

Appendix A. Possible Problems with some Legacy Clients

When an e-mail message with end-to-end cryptographic protection is received by a mail user agent, the user might experience many different possible problematic interactions. A message with header protection may introduce new forms of user experience failure.

In this section, the authors enumerate different kinds of failures we have observed when reviewing, rendering, and replying to messages with different forms of header protection in different legacy MUAs. Different legacy MUAs demonstrate different subsets of these problems.

Hopefully, a non-legacy MUA would not exhibit any of these problems. An implementer updating their legacy MUA to be compliant with this specification should consider these concerns and try to avoid them.

A.1. Problems Reviewing signed-and-encrypted Messages in List View

  • Unprotected Subject, Date, From, To are visible
  • Threading is not visible

A.2. Problems when Rendering a signed-and-encrypted Message

  • Unprotected Subject is visible
  • Protected subject (on its own) is visible in the body
  • Protected subject, date, from, to visible in the body
  • User interaction needed to view whole message
  • User interaction needed to view message body
  • User interaction needed to view protected subject
  • Impossible to view protected subject
  • Nuisance alarms during user interaction
  • Impossible to view message body
  • Appears as a forwarded message
  • Appears as an attachment
  • Security indicators not visible
  • User has multiple different methods to Reply: (e.g. reply to outer, reply to inner)
  • User sees English "Subject:" in body despite message itself being in non-English
  • Security indicators do not identify protection status of header fields
  • Header fields in body render with local header field names (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.3. Problems when Replying to a signed-and-encrypted Message

Note that the use case here is:

  • User views message, to the point where they can read it.
  • User then replies to message, and they are shown a message composition window, which has some UI elements
  • If the MUA has multiple different methods to Reply: to a message, each way may need to be evaluated separately

This section also uses the shorthand UI:x to mean "the UI element that the user can edit that they think of as x."

  • protected subject is in UI:subject (and will leak)
  • protected subject is quoted in UI:body
  • protected subject is not anywhere in UI
  • message body is not visible/quoted in UI:body
  • user cannot reply while viewing protected message
  • reply is not encrypted by default (but is for normal S/MIME sign+enc messages)
  • unprotected From: is in UI:To
  • User's locale (lang, TZ) leaks in quoted body
  • Header fields not protected (and in particular, Subject is not obscured) by default

A.4. Problems Reviewing signed-only Messages in List View

  • Unprotected Subject, Date, From, To are visible
  • Threading is not visible

A.5. Problems when Rendering a signed-only Message

  • Unprotected Subject is visible
  • Protected subject (on its own) is visible in the body
  • Protected subject, date, from, to visible in the body
  • User interaction needed to view whole message
  • User interaction needed to view message body
  • User interaction needed to view protected subject
  • Impossible to view protected subject
  • Nuisance alarms during user interaction
  • Impossible to view message body
  • Appears as a forwarded message
  • Appears as an attachment
  • Security indicators not visible
  • Security indicators do not identify protection status of header fields
  • User has multiple different methods to Reply: (e.g. reply to outer, reply to inner)
  • Header fields in body render with local header fields (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.6. Problems when Replying to a signed-only Message

This uses the same use case(s) and shorthand as Appendix A.3.

  • Unprotected Subject: is in UI:subject
  • Protected Subject: is quoted in UI:body
  • Protected Subject: is not anywhere in UI
  • Message body is not visible/quoted in UI:body
  • User cannot reply while viewing protected message
  • Unprotected From: is in UI:To
  • User's locale (lang, TZ) leaks in quoted body

Appendix B. Test Vectors

This section contains sample messages using the different schemes described in this document. Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it.

The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from [I-D.ietf-lamps-samples].

These messages should be accessible to any IMAP client at imap://bob@header-protection.cmrg.net/ (any password should authenticate to this read-only IMAP mailbox).

You can also download copies of these test vectors separately at https://header-protection.cmrg.net.

If any of the messages downloaded differ from those offered here, this document is the canonical source.

B.1. Baseline Messages

These messages offer no header protection at all, and can be used as a baseline. They are provided in this document as a counterexample. An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection.

B.1.1. No cryptographic protections over a simple message

This message uses no cryptographic protection at all. Its body is a text/plain message.

It has the following structure:

└─╴text/plain 152 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: no-crypto
Message-ID: <no-crypto@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500
User-Agent: Sample MUA Version 1.0

This is the no-crypto message.

This message uses no cryptographic protection at all.  Its body
is a text/plain message.

--
Alice
alice@smime.example

B.1.2. S/MIME signed-only signedData over a simple message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 3852 bytes
 ⇩ (unwraps to)
 └─╴text/plain 204 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part
Message-ID: <smime-one-part@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500
User-Agent: Sample MUA Version 1.0

MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq
hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz
YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh
IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp
biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD
fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB
UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL
UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO
HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F
KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L
DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW
fC6Pm51fEkabbmw=

B.1.3. S/MIME signed-only multipart/signed over a simple message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 4191 bytes
 ├─╴text/plain 224 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="052";
 micalg="sha-256"
Subject: smime-multipart
Message-ID: <smime-multipart@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500
User-Agent: Sample MUA Version 1.0

--052
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the smime-multipart message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses no header protection.

--
Alice
alice@smime.example

--052
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCDAkJYhqVAHhprkzEWP6PweksoYhj5ULTLbcfQ9Tu3C
zDANBgkqhkiG9w0BAQEFAASCAQCJe818STb4M4utvQsdcQEH0CZR7I38uL5TSZF3
llKmD9PuCDuV3GIkfdmZISKRuffBle1xaNc2av/0Qogr7OaFF485DAONVAEIQ7ah
t94pwgAE4yvXXWKmFQkKid1tnMXbnHADKWU0YC+BQkgd/5J3zg4ESeMwOUm0+b3C
GDaUBTIJhHfu9sqlt7jXa7PbzQEfemYZORPI14/uZSs86SLkPvNGUpWb4mN6olC0
2h/U4SCpq8Oy390oNM0VNpoa+nsTu5yOFc34pMIvjwCJyIOYPaDnvw9FYgr2oOp7
cdOgFcSJ8q7I+Tx2yg60VW8tAT7UBkifc37UUuVbnOsqeVB3

--052--

B.1.4. S/MIME encrypted and signed over a simple message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 6720 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 3960 bytes
  ⇩ (unwraps to)
  └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed
Message-ID: <smime-enc-signed@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500
User-Agent: Sample MUA Version 1.0

MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHmnSO2IdHZqhpStR4KWdgv3WQtCaxYUhXTJ
AmWV0NBvy5u7gilyKnpgY7CcJ4T5bA68lWNos4i4D2bsiLDGtMAuEynCKejeKp+r
rS6BU+iI3QAruW8v4xxFHmYtOdge1tV1uws7atc8fXnUlgcfpnOD+IvLOdwkrJBs
o0AePTxqKmi3pUkSoZ4FVkfXJNkM3KKlXsqf5VFJV21r/AY+3w5V5sFkengnXv6e
kAZWUVMZ5GiiLzCk54l2rGO3Wi5oC1cYqkbmnKndm2MvcwEosO48N6XTvW9geENp
y9stPxv9pAp9HD4miuwWA2KlUPBVLh7l7XwjDwA08MGsRCzHP64wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdOnjKorhe+/7PA3sZPAMGBA6
bQlRDw3HF8/5y4ld+ZCHw02YeGKvc4OT1TO4SsY8zdOhNBhJRaQqRkK+5HKOOPqV
ADA6a90U36FAyNI0Zn8veG4rHlb/vWHVdxWbOW69Liymia3fBz65o/6E1yX/GAb8
m+KPtKx9cvSFCazv95M4C3Girn8LkAswtmwR+deEp7tYPdjHky7TOkdXpV/z0Ee9
HtjilLeqUD+mvV3CJkIbywsUBRsZ0iLA8B9WoIsvcpYDU1biaxMko0rWlUFh2VSd
j6+TjlW90dSZM7xUF1YefRDd9XnF+HcRNbO58ucu8iIMxVJq+LNBEY4N70XmFjCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMyuzbDBN6Tv2WSNq2aSZ5WAghAA
nq1HKlEGKfDdd9BKbpZgRqgsSUEEBdGSgAC4v0Ugu6eD+ukLBk+TZzGuLHFj1vB3
/Nk6mjv4xakp/x23yGk7zc6bzmHduR27avvu9zZf8fdeNMkwBeuB47WIXEnQKmlt
y6I7vVEJJE4CEVF0VDIFH7B2wpo5pogs0N3vJt/Gr2vAO2NjRosgGuHTRDXybQlY
KZKOCw2G0+vB1CYCP9YeM5gG7vQNirjQdVPJ0K+4NOEHy8JZHQZvu7dR2P02/QiS
5p8wcYPSRLsWRdaPaBDnfkDTWaaQYUcm909iydoYUI5Xg33LzjGh0UMDg0vouQ/1
Aqj7zwHXfHJVKJ38lSQC8fL88/TaCkouGMAw/dHCUQYOB5v4JlsSaYBo8ojaPIIk
T6PYuFUo01ghi56h21sKNsuhnYSR8c8rZMq3jIKDkmdjOpNpn6kevulBHeNnH1wK
WPBiMx4CAapizFjeVmbgnFbjNBdw2kO55bPqXrHMoG5/hHC85JV/IgCF0uvQgOY/
kG2eTl80pJ3dF3/iJnHsn6wB50UDPYAqXt9bpAgtNNd0iCyd5Gd3guQOCAfvpBOO
IkMPH2K8xsvqk6cUncEtrbSColrldePnQhiTiwyAmJevan++mvjUuBRPN1grXH4v
AeCR28K+htOxC/5SaONcLX6FhppX0MR09j4nlwlWvvXfmm0Bo3eyaYqLAatmId1/
ig17gk0JQBw2zzZHqEm1URQh50r/6DvStMj2ASjGgtsPPhBQKO+CaITceLhuRNyw
cH3tSLeGmhMj0lDT6gmB/d3PFcLjUx8DwCwYsshDY3Z15GrzIq1jgZvmzjBxaCuA
VPGA3jWMOwBdJtXhAP7uYCe5qjbTL9L6EqIo8RQl7zrXxP7etwSjbAFbTUKBxxik
AZKPAGoTFsO3cVhUBmSzoMupgiUAieTOOS43iP9JeXLFHOnN+cAlo7iJx/gEcL68
1ENpSaWRV00NBtF6vjpNIEh7eN0MCA/fTipRR7Pz+g2oKQLUZPNkVxUTi7PjoSPb
bfKpK0xbHqao40mJdNvX6lng73PsQnJGadYu6DnMvVG7oTibcsA3aoh3jreb1vLO
mzpATxg4b1QFC0Cjxqd8FKRxQZlync5cO5E3EhYlVXW0pi17wW/a2Ca7S8iT3+Rw
bVNd2A01JgS6r+NsvgIXQTjxA6RNzP3K1Iorkuhg6nNbqgJffskHz5uD72AXQc9J
OfxGIFAgnIbNr9u+pvj3WVqJLZTHFdDvvXPGza5/D3tnoWb83j8Z9T8pxlTGK3m2
GVFm4CyJxdzDrOcfXznRO3lYkNeTA0lSySF0yhTHAzIOU8lYaUT/2P4y28Fc/79w
ofFZSqVz+J2QCoGbZfbWsj8RbrcaPYzPj0cBWtUxPyCni0Mf/4if+GxLv1F8a7DI
onHVJg5w+Lo1RKcvPpRIrq/w7wrwFOhEehyQr6a/8WbiAOSMMRsqj3+9atQViPFb
QChAtGHq1TMWysVVGod4S3OhkiOsp1s6tOFCJb8QIL2DYlDSbg/wtnNbWA0BXytf
tR1bhQRI0ytm7mhN01kfW+dWXOPqzofRG/zvaKIGoufnmqJpbk4RR4r+KHUZ3xDP
2URkSh5Qrf9yZ7wE791QKomGSZygvX1Tp8TzicUWpeTQB0IHXsCg2JBTykU3q3m/
SV1NYl6oP6oClvVAzRNxQgs6TQ8PEgGqPsE323VDCpgAnqsA5zq5zeZjjEK8p+Zy
HWjcaWf1top6+l9Tt/5chnAmCk4wS120Lkisu7fOzB9M8UzQC0yVrJ4L1A/MD73Q
KE1zP92o87ZfJnnNjpBb4A/EcBTmhVxbjSlC4cT6UR08pv0cfhSqFni9eMhImQmS
0XST/0NkVeqBmC6b72fATGQb09Iv02pyV/2w5W04gCNCvWBN8kmQQLEEhkDaOmZD
OYxGkgfbT00RxsC2fa8VnRuc8FyRJwFO9qWn8OTNhnVHbd3DPfsoTHNl5v7dsGDz
0aOnVMmwSmAFfzQStA9qC+OPeBPXBCKNXd1Y7/7ruO0GpUW9hSHKkOc227QtbTAH
LdUAW1bBIPA3gNJQDkmGQaefVFJDV8xn9v/lRuVxegh4N8QIK1U9IPz7+wec81S/
4cXz/JT01u/oGpcSE86jzarGMh/ik3ovckGLvH7q7TdT5BdOYyZZa6PcinfkT1Tj
rj/SMsHH3alXNipnSnb+5OdEIQUJksSgQYE1nFgV2M9PBONy3YA07Z2ArF/f0sEf
hRKQw9YH9grv0beRA0C5182tvvKrZ5j0q6gttYZ8PacoD9DnaXJjNGKJ01jwNsmV
vlPx7G8yOuxx2qUuTBbqr8jHg7XR9/UaYEuvmDslQZpnuDMOrxuRPufI1nWVZVd7
wxWd588fI3XOXmE9ZA2/kq5uq57xpoRLlPh/sVqVysj9ruYTU7uHz629jFeq5mF4
iIpa80hPVJyC4gDtKLqF8Jb8VVKb4kdbTph6+pcRwnqIj6pEZq4G8FvquntzNn0o
8ydpnyZVV/bu+Py7MYq8YtkcEVvIk70b9gBI3UhKEL1PfRj/t/q0XM2C63a+c93j
YpMSCnb/wOlpy9Ws5VMCISKsDYQLdKwNjj/aYWiHfgyghXGSY8/KDLl8Yyzfqz2n
zaOUaFMS7TMvHSjTe6Cv0zIYvht8P6gQmXVvEOLJ1VWUh+q3ccXnW5EHg4CgIbCI
dm5iN3a+OlIejFQSZvFW4kB/RWNsOiyBextmOxxyAmu7xGayLZul/bzBFT5XrQwv
sb524bGOYs6zcKA5zjnkQY215aGztAXFuMkI2nRiUsve5ARm/KQhbl2NGthQu++2
r807AnZGdjhGlz4h5XfR/VvmjuMF/LxdgIJG31VC37u/343lgNbIOWybUorzFaeg
rVnSDvMrfzMdZ/KRLTBhVUC9KFjlhn4L7FdfpWz3LbcW5Kn+uIU6EsRkbdOwdRPN
mEPhgjT/+PD+msMoxtC0kaPtgRgB39I5jnIgPBAO8iKtObHttmZoZeqD5+N2uTyK
WB+tC1CctNGGYfCR+YAUMTojhou1FSwiJIBTTE7QmSueuLmrEuCYvxUdEuA7RtTd
LO1Abt0S05WURWu0pNDFroYbYPEjX5vEoFbU5jHhzEZF5WQ3cy+/EqMkxk7/47dh
ux/J9UXXJTyT4Sh8KNZOPh38lcVliqIO/Ms4Nn859zwafCAKBZxn6ZqFQbBmxZWu
D8ejB8KfXUIUp9H6wSPWvxJ2XW8By01UuZFIE6vvZunm55eYvotkhjQFIag6CzOH
CaUZfwJ6bEWreih4lWFghnRL1ZhRptnfQhnsKKVUqJW0jiaGZNZC+4jVCOr+36bo
W9e6LYfkemtKEMer/nrdgvW9LXo2CaL4BNgReK+T4ZkQbyob/2/ADN3mYe+ETBF8
m7lbfEIx73e87xNY2mWhvNMA1/hZ04lIJQdPySNwi5V9YE2/cS+6UuLfOVIyxiNG
DpixiwTJroJ6GeKOtBn/K5eCqxKoF3gKiH98DnH9NV1otBej74998NG6ATN5jpaZ
C46LiTJpMZpTx91EyasuT6eDW+lEGa6EWylC7x7zjjjwaNlqD2mMlNpnSm8L1oB3
vvcwP60GoLgyu50+M0C+hYxrNuyCG2aoX6bvzdFrh9DyLl8LEErVdOPj9r/hOMtB
PJzmiDqHIYaZv6+uyarrjfRG6dO+kCZDtzuAy/HEU+UXCuv27i99gkEyeMcasQSp
DkRjvnVJQlO1fMx/ttIGyyUbTH/jlBmLQ0cc+hrBeGGTYyKM5N6eB5WCukYSkfva
6p7zGiKUER1py0ZmcO4BN3UqPR6P9pJbJ0cNhpCTx7/pKa9OgDpT8+Ma1RxanOLK
mskKwQpnkJf+2ays9Rv0oYtbNfVzJJPrT8iVglD3aFwmCop0Ml/kW5sYFdPpFGsH
byzTzq3Fjw0AQ5UOG5Qq8EpsAlAJ3hy/5Vv4OaVizAoJz2fZXnQ9Bw00lud/outL
ZbRUEC72vJewbIAS1lzdJ7RLlpSMvB48/cA2dgeXqqfnvnAsMzgOIlaFlVID9H4m
/KtMJfKPkagrka91wFwLECu207zihtHmRbkkWlrswqA4SyumWfR5AEGW/sZ8g9LA
rugrt/sE6SpyYi5zzYL9/vNT61kQVy7UhUqcasQU+1CLVuaplAk4uvRso88wXYKn
SSQXesmy5m6eYOIevOmyUMQzzfwKswT49j/7hrHsECtzpyCOP0/8zBgGH8f/wg1r
/sZ/O+sZNu819qUaJhHSFIEx/CQKuHYv5ez6aT3BAtmPn0iWrFVzna3Ogo8XAL68
eDwN69Qm82ikDO2LFkKZrBzn/1dyZs/dT6lQYpsmhxJzoluZzW/sYFeOCX6fWs7n
fcrz9yMIDKvj70JrZp5jPRghFKHmqo5xh39TmeTsQFp2B8UlGD9YK6YfgSEaGbyL
3BpUjZN/713jmWYHzGvEQfx7vP3SaZBMZ4GSCoeBT2grQoUDe575H7UDJsmRVJ04
bO7iTWPZ1LdIC+oifedAhGhCoum+tApUYj+3BHz1xIAZJMCGARqgyKcnvjw5WVu3
fDna+4xJdNs0YK1uBkr6N9FBDfmQIuneIsQHAM7lZfucd1FenZhy1zNreqgls9QO
NncRNlltqmT2qmERXw8/HwcwNjR8FWrwbCCApsMgAZ0xWaRxpEct5lnGNbBpplEn
BrMafVecUlQgwa1jchA5ZiOuaZxizi1Pr9/eoaX93aa2u+6OpsyPqdadxwDeV1Do
4dg2NrDqQMFo3I1IcADeZEcEqPx8PV0tYjEeFZYsE0k3Qmcti+RuRj/rNTaXQ2Xw
VkgL1BG8POkxw0pVIKVyevcPtUD5tSlTxfp4qBFlEY/yrGCHy36q2mboBcRyYQry
oBnsvoEfrIE8FEz1rOJVM+HN2udrKVJZzEPySflZvbDzxINcqDu09r3UO+L+ymW5
9/ncHCMyoa0KbQ08q9i8VsGchL2FF5Q66g7I8U9u7R7V4Fz8RvLOzs6bB/Oh7+Z9
0dTWreRYp9/82pQ0VSuvkWYiSPwiy37spaE8uALD5MvZOS3CqOwGI+o45uLBP/a6
dgalPv1kThe8/a25+FqiQP6boCsN9wgA+T3v3kRFibzFEtyqX8C6Vu795PpycZ14
/RGFTm2Df/U38DN/mlNhGgM6gMQr1YuSPieFJ+0/ctzGpSaS835d+DkQVvS3zT3/
5EpybkOZrqf6erhNTVa8Onr3ZNdt9QyNUCmwxpYVvV2exwoVfcIjQgCxwehySLW5
UprvrRNgHo0OBMH+UmSggBfT7/omejxHgAJz5WCl/P+DiQ/dZcBK1OCRh1ZkocLB
WVpunKTMuLyqSqNG87nzXAgFCLYQRWeCQNcItSbJ4aed+sJIYxmEm2UzyKAk9eXI
dCZ/5fHOtmMDl645r/v9eSjeZd7Ed6MhGladuVlNm9Dl29sIzKcUu3zfZAqBlzFK
1RzPS3IUeM2VEJbK9AowEQ==

B.1.5. No cryptographic protections over a complex message

This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.

It has the following structure:

└┬╴multipart/mixed 1406 bytes
 ├┬╴multipart/alternative 794 bytes
 │├─╴text/plain 206 bytes
 │└─╴text/html 304 bytes
 └─╴image/png inline 232 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="c39"
Subject: no-crypto-complex
Message-ID: <no-crypto-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500
User-Agent: Sample MUA Version 1.0

--c39
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="05a"

--05a
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the no-crypto-complex message.

This message uses no cryptographic protection at all.  Its body
is a multipart/alternative message with an inline image/png
attachment.

--
Alice
alice@smime.example
--05a
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>no-crypto-complex</b> message.</p>
<p>This message uses no cryptographic protection at all.  Its body
is a multipart/alternative message with an inline image/png
attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--05a--

--c39
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--c39--

B.1.6. S/MIME signed-only signedData over a complex message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5249 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1288 bytes
  ├┬╴multipart/alternative 882 bytes
  │├─╴text/plain 258 bytes
  │└─╴text/html 353 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500
User-Agent: Sample MUA Version 1.0

MIIPHwYJKoZIhvcNAQcCoIIPEDCCDwwCAQExDTALBglghkgBZQMEAgEwggVIBgkq
hkiG9w0BBwGgggU5BIIFNU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjMzZSINCg0KLS0zM2UNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9ImUwYiINCg0KLS1lMGINCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt
b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN
CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
IGFuIGlubGluZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh
ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCi0tZTBiDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt
YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+
PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4
PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg
aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl
Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l
LmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1lMGItLQ0KDQotLTMz
ZQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5j
b2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlW
Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
bEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpv
MDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91
bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTMz
ZS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+Rp
wpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPK
J2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ
2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3
lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMH
bM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpq
tQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw
546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXO
SBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2M
fbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHN
aaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwD
R6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459Cyq
bqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXnt
dX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRr
jFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP9
68+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dK
vIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCx
qqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATK
RGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNV
HQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cb
bmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVE
DMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhs
plrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnu
mghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4
rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYx
ggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDEwMlow
LwYJKoZIhvcNAQkEMSIEIMhGVzAx/S4dUwqko0cb+oa+gXfmEqw2Iz+svSKpWzC+
MA0GCSqGSIb3DQEBAQUABIIBAGtNM3MMhWZVJdN1nlfSk3mhNk6E+LFoOqG4aiHz
e+HEQjN6bKft5zulMCqh7NKRpRmDcEE9RXDGKGYQ9BKBf6Od/04lolBY/xpPu9G5
XnUTHN3MmqubrTSP3xxU5AozL8i7XmkB68VxKBQ2YpfcXBFGbuvlc6FXkbh2QtRX
UgBZEp+GSxG7o0UVJRa97t6wblUdMwaQ1ONrtBsmrO46bThv4cgrlGBvz8tGfHwR
4HbS/Rp+6jNAS0K9fZ0PQxy2b4M4braYg3f1n4q3dDH8N0XiUcwG8FiB9XQo18+D
fdkZwTVUoDHWjSVdIREobdPI2wdpnGxS/AB1VuiYpcebi4o=

B.1.7. S/MIME signed-only multipart/signed over a complex message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 5234 bytes
 ├┬╴multipart/mixed 1344 bytes
 │├┬╴multipart/alternative 938 bytes
 ││├─╴text/plain 278 bytes
 ││└─╴text/html 376 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="452";
 micalg="sha-256"
Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500
User-Agent: Sample MUA Version 1.0

--452
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="ac5"

--ac5
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="813"

--813
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.

--
Alice
alice@smime.example
--813
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--813--

--ac5
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--ac5--

--452
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCBwnBPnNMORN+JxFvMbZIJ5PtqEBkyDbOtU1Ar5RuGl
LjANBgkqhkiG9w0BAQEFAASCAQBRpXYXiiCEQ/lshkbhpH566H65wAf9rZbGn+r+
o8vLTFSs84ER/EAHGhePmVDiObJS+nXIC7Sa5Y+tUe8JitKPXBQ2oDq2+3tN7tY5
G398yv+LnmYMMf91dlnlyPnQujsEfPSLXYNToa0qBqp1DThm/pfn6RbbOqpZjYr9
fdcNdErDql5+CKaf8R/JDW+hiLyvD0KCpXucWLHb1okt1Jpld4kkaA4wu9Idh9fK
GlN20s+dBXoytH/G6K8NhOh3Qaf3lMP1R60gkvJVJ3j9jIs3/ZG4qH5qWQJHLvi2
WLSxDhkYmZ+dYSCyfIauNkq7a0wauSpZj82elFA7HdyZmNp0

--452--

B.1.8. S/MIME encrypted and signed over a complex message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8690 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5426 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1356 bytes
   ├┬╴multipart/alternative 950 bytes
   │├─╴text/plain 293 bytes
   │└─╴text/html 388 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed-complex
Message-ID: <smime-enc-signed-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500
User-Agent: Sample MUA Version 1.0

MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB5TXoiCIIIIxehywh5/tdFM72iw946N6OzE
mkIj1x+ShPweKrmTgPxaZbNgZpMdyNetqSXTn5HlZwUAxOkE+EPp301kveWwxBAM
/Umzr/ODGiYLHWORWh+cPwjo0OIHo8IJzmF9FWMr7CKYhvbSZn3AFuERRfEccwH9
xsbB+X5og5bu0Mn3y8KdX7XOFVbgAgFuqqWpj6mK2AsyWS0zRKnGNd72rELjEzCv
RZqBFAecaxdJd2RXKKwLmJg5EL/VmKuyN6TgtmtwvzGCKc5YywdhVrP2IvQTye10
+paj8dFQb3W9AGOuCdw8r5CoawAZdYMvZ/v0ixYIkQid7fsOE+AwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFLvnVkTKKAXPN6g5xLlw/7bO
5NQs0DVNxjuCAOXWm9zsyhH8tYGdNVvzktxXkn0JV4g19TEu4MisuhcIhqJyrSsh
4epi0ZxbyM/YTnhHvi4wttaZq07tNVF6eafyuecDKLV8/WF+AGSVWe0xPumEni3w
GADvkwmcO2mDZO/ad/u7Jvl4jF//Id/IG/A0y/yBgrWq4pH7BPwp1W/rXbnwlEEm
8an56+5f/m8teqqXaiRMVQgMaKGCmXHyD3Ud21Rqc4jwsN0VCpzabK9DSDPcxwVl
H+PPUtza/Ux7yNgJ1gm816e85luOjvpf+HliioHpNKCQ+eh6mH0BqLJKJkketjCC
Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGaUNdPZs2K03fcnaJXCvfaAghWw
qf0kEcGMlxiJegJu4TKQPvtUKje4+xRba0xUUSlTzhXrDk9tk2J8zdmnQglvRW54
r/xH0TLM7ny0unGI3ow8lpyUV7g/LFmW9kiaoTnhNcEe6qqSk09dEH1rEqIpQoQ9
1GjuFwlc7uf9vMzb72TdAEhFIOVwboM5hmLtoADvQeH4AsDKfbPvkrFPPNDB7Rj4
QCh2PilelLH+3+78XvJ0NdcZw5KyVFIAa29vlSYTjPNriFn+rKPzxjk/cQc/zHSH
DLZ0CRHvJZKX6z+oIVAq/DYUJfhm4zz4LRSReQfdyChRHDVv4V1dFT2uaqtBPP5C
6c8Ad/SQUfk84wns2/+pKocqa69tVTIok3Y4+1nDcvg8jzkdPD0cednWdYjh0vQz
0qXaJYFlyVuQV8A3IUFV7uX7JCuo6m/PIQIiH23dE7fkGXCPiIwAl9BZj0O2bo10
ZbQgka+Csxk/S/lBiJ5hfdsU6tOk7JZwSNQXHgGrCp7lboSljxOEfiKQVjo+ynyE
LmUM0zoZz2eUdsUILQtmFs9r0AvBrW8PcF79IIOQR+X4QEJ6Ztz3zAgj409q0Fmm
fCrhJTUMcVZyeqLUTpyLWDBKqV+jm5dA7WR8CL5NqEsmtyQRTabkPv8a0DNpgMl7
fCN3bIs6VdsiQXdhwwH8U8pcdZSINvNb2nNbUrFWlU6ZOxl60DGQKm5KxuUd0Uzi
xKe2v0DMl5TyjRekBPhoZC3Mwqf7Ud6vDoBk4Evhlxjv8MAKA5LOghtfvv4xP/eP
L5i4V3EnZtRy4hnW060tcDOodWW2PXPYFPxN0z7UEdKk1hjomBGFlWt1QrPzMO5x
0/m4NezYVWJNWkqPmCUyz+bDzQgIdWXGXGAejNBJsssEvS8eHlRs7V27UfOQ9c2k
/KqDn/Wf15RfoIiT1RfoU4FjBoiq6IXkerP1Km+SzHHnZozF15M684ulz/PPpo29
pziu9WRjDPsWYmS8RK/XzutHp1r7vDInwCdrManEI811C7z/3/FgwA7RJIJ6GNhn
GVD+PUBULWxEIPHQU58y7KwBeXtNX/o9rPul3Nt2HOINyYhhLNgX5AyTpGlONrFJ
TzP3rrqvgLSlmq644pBLfJagaxcAJENyoZ7GT9YgWrT6WzVM6t92VpfCo0Wy0SRy
uy+l6De9bJWDvwPy+RciW5UyN7YuCWxe/vYcAiL55Lv2ZO0m3zmE101bJ7/ZgwtA
k7yABCQqUQPRBc2EnchLv8JdYW1ACX9JIlG/dTmyI1OLNAGb20UGX0d76mGajwT+
a5OF6z+HYxd2KehL1+W7wYrUxfZ1Utk6rACIVD5b+36nE1mqTTnSOw9z9mAZ0+8+
hRcBQ9I0JOB3YMAi4lepbcGGvEAFh9kOSY+9bYy7Lri0HoQEaDZ0aQxf1/12UEAj
P83AjqaswVVKBJNvFpqJnJeh6Y/sTr9eAYE2+Y1PGGH9Z8fzbD7+CqL78sbpaMCP
7cgM9UHRjLY8yOIEl3fME/JF1pR3NMG3LQ9dohsgvl8Z11JABy8+Zz81O3g5ZjBy
xJXkWAXBdTYx2l0bdaIyoTQnWcN1OPaCatCv4P4P8L0SoCj3DrEb1rK9pCUIJloM
pElAoPDJIgYrEPo2d3TunL2qJwAJEy0asaONMvvA3eSdC8kzM+NP5gYHl6gRFvDQ
WbU2LRsCKwu4TtHRR92OqKW1r9x4ZgyZH7UvVnIZVGz2buta7ssQ+PLDwIXemtFh
3laYmNYrssJ7lnd3WwXvS5MxWa/OBwPpDS20IRwOOGmAYKWpQzgFJb/gWf4/rSiK
KSeC0qIb9UXL31AX7eA++TR9mblzEoIrlBebF+MwX8EzQbYRtbvezL3xhXeu1TsS
JUUBS0Z7qF/2AljMgrTjkIQGNuVLhLxexaQJr0GLAwlK2ijOxXK6bGh+JUW12HcT
Ms71ef811J1fHrS7mTzqAAreAsUrUs30WBByMwsvRyMMqNuwRJr4Ax1jF/5HBNPI
bdx9X6Dz51azBBQb78S2hxLwrGLffbheyYJO6CwMeM1epsV/VvCuKfakVGINs4yg
i7DHBQrHXekU6XzCgCRARC288zwDpRSxqubQYGchpewg9ZBK/Syu1FRw/AjQowNS
ONatikKD5N8UZAaf/iLznbZG+bXF4esrMpUm8MY1acow7A6IyQBioGEaAh6U05Ww
sQz+6KO6RNneu5+PvGtl8rGGmVjdevtTZSTT//dlJyREItmsyHkY5cHMugzz8FAh
Yy2ez/q7sbll2P7YFY6TXRc4FIIEVooK6LbsHggzwciBhc80Ue7bq+T6ouFYECBW
lhNwzGLbtjkOlui/ljbqBRAYkbbqciWj337ZRjzbea8NeaoYYQo2ZHM9HKMK7mqS
z6E0XGz++vz83pdsh/ZHF/i8l5OgvGZjG99KvpDy6zZ3PxSdASBOxx4O3wpUEd4B
+8RB9N4I+9xPKmqBFQx2/gLY3jqLc8lWGp8oP1jZHDCYv4rMPnFZk4k+gpYu65r+
Iwy8HIYDzsUNJPxZwHo1GX9BQKt+/X4p0aqLE04G5gP10TrnsL5CM4WGyphpPz0U
3b69yGFwpL/Fj2NZ3LxD6b+fFsVccoqrEz70WPpgfB4NAVVVXLTjI4GkMCHApLhr
466UrQvoEGlVzAPbxVo/2qVa1+cTc8XvIY3s/kKLcHnsOvC6oICvKMlfNPQLv42s
K+qg2NZpM3RHyeplbHe+rPzUeOIOmCSUluVQxp6HghEivLX9D4WU1Asaut747uMy
fugR1lvaTmqVHpcO6Bdc/lO4TiyAXvZYYh+Uv9U8YZPckNZCHl5y4sJTVxQGQhLN
KzQzFNX3mcqFYBW7xzr0fLSGaQxC1qQ6SPaOcUKp2jShAInPMB13i16MzOSOo9BW
9SgnXDcqaiGQWeM4VY1gHuuQmKj4WitLU0Ue5AizZDTPMN0JvUnh99brfVETjien
gNHRtdvrXwt+N2baVRn0GFtj66ebu/rAzqTNZsA5p/F+APdUzxUDrPfh1WYrzzSQ
8DxlRmCTLLRzafCVXLV3xNbWnrfFPX4ilkT+roGTRjYqPv0yDUtvrIt7HKFnZoLl
mLkk4auI/TQgJ72Ne3+wYYsMvOwrHbF8NLmsgyAJSEgWl+FUUBx653i9H6CiABOF
8YVvz7ShqSwhxGllroERl1wJLdXclLWgR65rvkCYvCH7bIHU7kvQoyIZXaLs1Anh
rBNh185OH8RmBfNXNPbt6Hh+2KknmaPCkMxEWkNrLmGseoTJ1/okRunut+DW3FXI
ashoguanB05zVngb+r+jzAwFRGVY3OCgeepb0gBwQDyeZBCCWD3Mr/1wXnB7S4Oh
/zMURX7NtwZUOh2qcJ3Xlpi0S12mNvLSmIyxzZv2dYDolmPwJHptP7tBiKnsZoHM
wbCEUA2lJsHRLDXXyC82AtttZv2auF1pO6Ne2H/en8Y+z8MRDG7gBI48IDGKq3Ej
E0hlVdxVhWvEuavw83TVpvdKo0Q7rVRC1hHSttat1z8TxnKRxIRvxC+fJ2xGxlPv
on1aYRq5tL/jIujIGVHHeSeqB81yiwJ2dFfYdlI3VaCSObVBwVbDKvRli1HskeSB
WGT7hyhS0SDnh9MVHw0z30JWnxxXfg4dB0C0vQWLsTqZm0bncxxBZBR060kSY8RL
S9mYpaSeHLl29h3OIKecjiXhhsA3UI60yIS7VS9dzLE9W53ttU5MLiHhXnYANy5U
eqar+8l1uxtB90CjunOqtgkH0u4Ch+lnAUjdmz7cUPxLwgPgwr/WqJxORTnpGLlO
hEumGFYF3h/XIuW3bNCqjAutco8B38s0kGBipd0XCg+Rr60S3lUS2//mnrqlE05K
VtKVK+NxfcWkpzczLFOIxGLwHsSqg3He2QgGovkRRkCZE0/bBqhvbvAeZYZlOi2/
clB4eYdplZZJ7s3hKPwq678LBRXT3Fs4a9BpqEnvUot6WfgOsP/zsszS247EjWra
w+OAKgdhSOILeuaxfpHRR2FEDYVU+yBdwJjHYzp3knXDDsEALaUmAbOIhZ3A79hY
tCSmzEhXfHdOdpw0wqVoL8VpvumZna/GZE84U8uPEHbE5eeX/6BLNJx36o6FXkB8
waoUUNuiHpPMQbz3cLxZZxN2TGrmmUbpId9+CPfymRGQ9sqBTShxg+tZ7FzO3vSM
WB7Vv+uxhCfBOy45MPX05vVAaxIENdQRabGPty7WqZepGXNdjwC5PaKDPuG699WD
22BOPA8sJ7TLqGj/yJ8Azkl0p15DUr+Kr5gDSwf+j8jt3hhzeFUpQ+9aFmxblIVf
W0lKq5VXLVscZZl3J7hpbG62BmnlEMPy7pV6B+PkbxWkXaT8b+GW8OVSzW2uuOcl
Fedl9AGzjYPlFPfRAtZkHqpMfqbtk6oSNkGx/9mjs5oYR90RCmy2PCKiMh3tPYCj
iQnyJymV6x58UB1tRNbjaUD+rCiuea5hEUv04xdKB37XJ1OEcNT/Z8A+DQGLpLby
u7GHTCTMzNLOwMibhfc2FRfC2q/MaZC4N/IrB0EWAXDIm7GDHlkUOaHL9ADc9vyg
xz44m/CTcf5ETE4d/rEm7FEFnzVtBPbdlGhi3EXhQ7WCRy1ojRPoktdKNvePxSQl
fVemwRsBA9jfLTwIzS/ASUTQohDpYaaqV97aUNn9psRuFblwgGUx0I/XuCUdbFxa
zuM9a7jxDByOVyTn43GINFOlnK+/R3zX1cYm0CvF4+QUNZI0uEP0NvE9Cjb68SfH
qAeV4HIRBg3/jU+8PRHTyUzlQf7vRXKiDM1nrT1belccJTWxUtybEKECersUX+zv
Ybv2/w339RJrY0+Bc2VJt9uB6DX7p2HTQyfvaZTgN80ZLAkBJ/xk4WC6Vc+h7fm/
y5cqIjJJj0SES2VoyP0cu/rJ06+gg7v+OHHehmhkehuQNsLnXldAgGJyiFKcvw4C
+NrQ2II8uJ54Q+ytrAMr8GDV7F6cHb9BuyTT1ubQEP1L5EwcEFWUESEv3A4quit9
t1r3jEuPBc3fqyIcmDNKP58qS0ZPO3m/fJEW1LX6yR0IEkrSxZD6PbUYgNT+qZD+
RhlNUJ6dIpd+xxA837NxUOnkrJQ3uvOvURBKVv20oOXzDVkRtAIEy8aVic6ZAxIX
ZHqkikEiFxgNcMxiO4agsE7qwCKvpq6llM+xxXFs5Puqoj7vL1ihzCjoABqne5SE
yBkYqU2OU7uoIvWSwVdtwqX1Ih/adN5t01nlHWcMHBooh04nfpMrhci8Oi/XYTA0
new3jLMwZXEBZhlkZ62ZZtlPA68K9f6XkSTaJ+bx+s3iV0K4RmLt7VC88+1Kspsn
/pnDEBfBCQhGD07YeKUJBbJ3RPdRi6rsj54PRsZkOAi2MoQZJ6PnzfI6EHsQXNad
PnYFB6ZGrse1ayA9QqibkRFMKGRSakkB+fq12M36RB8CeO766iMoc5qc8n5qz0oH
BBlfTiAHTGU+6AhEGU5kifLZaehBcp5yDl2I5I5lc0X786Zjdm4oGbGq4q6Ieyu1
OLx8vkb9L3ZvkLgZAvn1r2dZKOxyNewjQwFG05ErbK7qpqD6TC5VZCiTLJKslN+B
l3/UjwSwc0Lt3P7dep8oDySMgxKYDQJ0qNBFA6kwdZzTlaXRfQUFHukwn6fn10kX
1p/2K+oYUsA40E9qL0cWEMWcNmYRQyk0qpgWWIykrMl4efXkQxSddTqP0WfW/uxs
pQB4rVeZStpzO9cie1E0tVcoipItpNvvQTENdC/p4Eg2bw2dW+Vd6NB/HwobsPY3
YRox1LGrfj0LH7Rg0qg3pI0D2u9qo3A7ZZ95vkGUtTtF0BYkIf9/SFoEwNSJARNp
BOBA5lMrq3S9qwJEOYoA4KuFqLmpbmQg1K3bdi9M9aDK3hgQgLqWSGB4TF0OWuaG
lkKQSPvZH0dZGtYxCjnNDth5Bp1MhVmS05mlr/uRKdVjdSq3MKj/2O/Nm7P28dRt
O+w7rvRINTp5fWbstkwtBnheOkyX9usXU1qigTIUsAlXqlaG5g5qrDpG9Ijqya1i
ShQJ7cLOtGFIJlkZgG/fT+jbJNSNke5uvMLF9/chmmR2SZEHou1tahe8J2/97H+H
L6epMyb4QYeH9JTLDLEbyz8bvouA8ydhOHbMj6Vr8Ox9af+Uu1FhDtJs57goehgS
/SBljJGQMwl0kHhLpK8qOk9i+NZOO5N+GiBlVgusHDyjsUHnxk3mM8hoRqqpkxAW
7mqZagmE09qk7PEctl1oAgrwdTSIB9WHIudg9cV1yFi1kkI2ktjEZPD/i8uZqO5n
pd6v4w/XJuPopVn5nwJxOwQy1RKDNSOUaWRasZc3l+16D4eywDgDesSLaBmXUlUi
dbbtKOi4OnAEwQ1iyE+Q7JABttILJ8aDSejBvP5gUvKPBliDLwAXMR98ruJeMdbE
/6qCA6YAc5v/UxREKCZBqSYsOaEqD1YKZEIMhn64NDqpdiCX4gwe/sCawTcX1E5r
XLgnSSpfLbIexggQ46Ma1BLGp9CbiGO2bw1IZmlGGOXqpQmKN6FP0OsSnwwq9D2J
nquParO4ILWbL9aWBcA6EIkcer/C0fWGidtazmTj5MXkD83lY3cozRuC9dYLO+4R
FXsWzvqQeXiauLz8iQsgxKUj2DcPT2k6j/qzSXz/M5xapj13Bk6VH9KoR194/smT
gjGJvWOnYdZjv5J3i3oQOwCL9T/ZgdqIFW82jfmGvoe2zu/00XnV9FP4Lbr4rtv6
if54Hr/h8jqJoRnBGAh3doQIGdgLiZZDPt+GWMxreYAk16mbXpuqn49bP8G75ZKq
5Azp5xgNcm/rPGYEp+9iQJSggoz+dqGiQ0u37lK+i0/A0OzJ845NW82hoUye0C+X
DB6OkbbYCgGmPou7bBVaUJNQQdRUTnGd/Yr1EaOQVScMZ09FN2hjx6V1zjdMUvTe
XXpJ2C5Rl4kxHY6pw8mInAg9ja7jmY2e7xaNA4cwRNTjbH7J5uZFNEC2kSf4ZO7V
k7MOX+zDe285FfVBS2+97yAlL3xalj1E4DZVFOw+3dKD+W2bg4r0Yhds/wxYH+M5
GU9zLrHEbw0GsPwUr50w9isSu+o9SKeOCfWrzHz1fJnH26woPOObWy+kkG2cunPN
T5e+OPw9K3MgBkNZ9YG6Ce9ULqhO65f4LISdwDSsMGl3eNhgzMPLtCJZAP8K7dEt
8Oc3POY0NSB8lq1oyxDwHKJz0S/HMwrancUO5V9abkZuYhsOGW+1Kjswd+cPh5Y8
HoL3GF+OAopbYYesvIWgzh0/MtYYUoI3kPvUd4vdWNHEbtHlfSALDs5pukAE9ny8
0GhNtdoH04cVlvDmpyfbLcDTwi+UJ5tT1VQMGLuFo/CxDV9vWjXhJd7kSt+7+K1L
YPzrT6ggMFrLA0kYRIa5K/n99wp2aYab7/DkwfpEjZI=

B.2. Signed-only Messages

These messages are signed-only, using different schemes of header protection and different S/MIME structure. The use no Header Confidentiality Policy because the hcp is only relevant when a message is encrypted.

B.2.1. S/MIME signed-only signedData over a simple message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4262 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 601 bytes
  └─╴text/plain 228 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-wrapped
Message-ID: <smime-one-part-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:04:02 -0500
User-Agent: Sample MUA Version 1.0

MIIMRgYJKoZIhvcNAQcCoIIMNzCCDDMCAQExDTALBglghkgBZQMEAgEwggJvBgkq
hkiG9w0BBwGgggJgBIICXE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0ClN1YmplY3Q6IHNtaW1lLW9u
ZS1wYXJ0LXdyYXBwZWQKTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LXdyYXBw
ZWRAbGhwLmV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
PgpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIg
MjAyMSAxMDowNDowMiAtMDUwMApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNp
b24gMS4wCgpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC13cmFwcGVkIG1lc3Nh
Z2UuCgpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBL
Q1MjNyBzaWduZWREYXRhLiAgVGhlCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1l
c3NhZ2UuIEl0IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2FnZQpoZWFkZXIgcHJvdGVj
dGlvbiBzY2hlbWUuCgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQqgggem
MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1
lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+
hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV
8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41
/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf
NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv
MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud
EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf
BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC
AQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LD
sfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzT
jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps
98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA
W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1
nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4
as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGlj
ZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehY
OBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpj
XwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7Ph
O0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQ
Hi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKR
u0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDt
c0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4w
DAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMG
A1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bM
si0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh2
9FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr
+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83
KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2Wbp
CmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1Oy
D5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9
rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIB
ATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQD
EyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV5
7XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkq
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MDQwMlowLwYJKoZIhvcN
AQkEMSIEIBy5PASACwGRH5TjHzMPGOnx+ApEYLohNoQpcfOASlHiMA0GCSqGSIb3
DQEBAQUABIIBALEJwqCdJEDqhJdeQc5guV+154VR5jEYdCCPsvx4idL35gCXojm6
/U0iFjxwR76piZLpUC1qiRTEK8gQbt3VkVUV9XI2bz7ALBoR/PVb3BQKCDTdXJnm
5wKuDjFCAJPiZCe6IXm0fx/z4kr5YCFJ2yG/Cu4jjSHFZR8/JRz8O83rBbD1kFiX
YiA8QWQtlXYvSZumZzYSSOzs3H/5HfAINCyVICMJc9Z5IQjNhXKUWfZc8NwpJMsC
909/PC03aMXRSfIewlcYZRR/j/fp0c06V9zzYlDDzSCwjayysNQP89HkZiX90PuA
Mo3c2j5FiD1FkaMrXsE4fEAapQ8uTufzD0s=

B.2.2. S/MIME signed-only multipart/signed over a simple message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 4521 bytes
 ├┬╴message/rfc822 631 bytes
 │└─╴text/plain 256 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="b43";
 micalg="sha-256"
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0

--b43
MIME-Version: 1.0
Content-Type: message/rfc822; forwarded="no"

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0

This is the smime-multipart-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses the Wrapped Message header protection scheme.

--
Alice
alice@smime.example

--b43
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa
MC8GCSqGSIb3DQEJBDEiBCCMT6eYpntC4UCFZCclaeFvHRBSPNVDL943812L5TpB
LDANBgkqhkiG9w0BAQEFAASCAQCmWUt7zv57UxTSan7aQOmP1ikFFnS+R/baXlC0
Y0oDZN3YVoLVLlWJH0itxqDRtURxDilWNlfSLHjRjZSowGnMAfcGst9usUSXr94F
eHJ5QTMeji8XAGYhgsl0Y3oZHt4uIUjNd7RUrk3Il18b5U+gq5iMkEiZYD9pmveh
HwsjGH4e9AenRJ4qfe3MSpnhwsH8H37mOP00NfVeO+IUuBb9c2wgG3iT/xGnzKNW
x7EAMa7qQpQrWsQ6F4USvK/I9yQOGSE/bGKrXtaOzVvyBxhsvbm8NXuPlavLjbrz
L55XclHNt0CkMhjwphosBRniyknGjQbg6cwiUjoFxLGnc/jW

--b43--

B.2.3. S/MIME signed-only signedData over a simple message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4234 bytes
 ⇩ (unwraps to)
 └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-injected
Message-ID: <smime-one-part-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0

MIIMMgYJKoZIhvcNAQcCoIIMIzCCDB8CAQExDTALBglghkgBZQMEAgEwggJbBgkq
hkiG9w0BBwGgggJMBIICSE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl
Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l
eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTA6MDY6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAx
LjANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBw
cm90ZWN0ZWQtaGVhZGVycz0idjEiDQoNClRoaXMgaXMgdGhlIHNtaW1lLW9uZS1w
YXJ0LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBT
L01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxv
YWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMgdGhlIEluamVjdGVk
IEhlYWRlcnMNCmhlYWRlciBwcm90ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGlj
ZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0R
OZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg
9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07
k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74
zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY
9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r
8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNV
HQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRG
zJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5
AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5U
zpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGn
UZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19o
WZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgw
ggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUA
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l
078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6
uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEO
ls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBl
fkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4Ku
ElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8w
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO
BgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8G
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB
AQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAo
cCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoT
WgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2z
L3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF
07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSr
JNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRG
MREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglg
hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
BTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCBWJ1HsKaiXvrMR26xS
/wrb+5CS85FLWuHRuKm85dkUFTANBgkqhkiG9w0BAQEFAASCAQBE/g/trAYogNeF
9oD6esBshX+oPQp8AhmTNr5mdEi+YCHauiO4z94lPIGHwPGGI220cly1C68bMsjT
HPlaumv6zhotJym5OtJH1nD0cOxeqMSP+/htEgb/YmOTs1tGL5W6MRDE2Qpk+ZT+
skuKKBT98a/VQGEmyIZSTJV9SmiapvYDb9BA+KPuFZ0Yd/vMtTjq1dRBzadE9byX
O10GDNMBiqOeDeVcfU2j/rb3UELfJqSpiTqEST/JIq1PvZHr+En2Z0PfMA7BKjTm
sl/sczGLBObDAJztOOG7oU83zowcKn0JNse2cKU2eQMAENtuahfaXzVrmbfsW665
Mrfom9Z/

B.2.4. S/MIME signed-only multipart/signed over a simple message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 4487 bytes
 ├─╴text/plain 258 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="f1e";
 micalg="sha-256"
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0

--f1e
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; protected-headers="v1"

This is the smime-multipart-injected message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses the Injected Headers header protection scheme.

--
Alice
alice@smime.example

--f1e
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCA6Rhu8s2iPcyWQk+TNKhP9ZHJ9+wulWjsMpAF1NXCE
jDANBgkqhkiG9w0BAQEFAASCAQB4QMAYf42dnAelBRb2NotiixNgdjdSpVK75af6
oND3UjdCWcd4bPbrfTZMQKp0FBPoOft9lw2fWNgXwKbhD1cL3RWUmUq0zcNbI3XI
86vWp79p+KwM/+SyDdfgudIRGjbs/tmKaBvaH89a8SvuxhNxq/pxgDzpy/JWC8Er
AUDTbKrNVsYD+MfzMy9B0TlK2YLKoQ6rV0N1n2nXbW0e+Ztv0a/getNKAEAP+5hE
OQkq50RxUP9pI5kQ1NdU6zqCNhRjmd1wnMxn45K+hfY8cxwwemFn94PgDGpPG4mB
yRXQPj+5oyduWiHRMLXG1+fs4tqxHZXN+WaUHvSIDqNXK3rj

--f1e--

B.2.5. S/MIME signed-only signedData over a complex message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5680 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 1648 bytes
  └┬╴multipart/mixed 1584 bytes
   ├┬╴multipart/alternative 946 bytes
   │├─╴text/plain 282 bytes
   │└─╴text/html 380 bytes
   └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500
User-Agent: Sample MUA Version 1.0

MIIQXQYJKoZIhvcNAQcCoIIQTjCCEEoCAQExDTALBglghkgBZQMEAgEwggaGBgkq
hkiG9w0BBwGgggZ3BIIGc01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjFk
NyIKU3ViamVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3Nh
Z2UtSUQ6IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1w
bGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxi
b2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDow
MiAtMDUwMApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wCgotLTFk
NwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRl
cm5hdGl2ZTsgYm91bmRhcnk9IjQxMyIKCi0tNDEzCkNvbnRlbnQtVHlwZTogdGV4
dC9wbGFpbjsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKClRoaXMgaXMgdGhlIHNtaW1l
LW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZCBtZXNzYWdlLgoKVGhpcyBpcyBhIHNp
Z25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4g
IFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ug
d2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgdGhl
IFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hlbWUuCgotLSAK
QWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQotLTQxMwpDb250ZW50LVR5cGU6IHRl
eHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1sPjxoZWFkPjx0aXRs
ZT48L3RpdGxlPjwvaGVhZD48Ym9keT4KPHA+VGhpcyBpcyB0aGUgPGI+c21pbWUt
b25lLXBhcnQtY29tcGxleC13cmFwcGVkPC9iPiBtZXNzYWdlLjwvcD4KPHA+VGhp
cyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2ln
bmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZl
IG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0
IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hl
bWUuPC9wPgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhh
bXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tNDEzLS0KCi0tMWQ3CkNvbnRl
bnQtVHlwZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJh
c2U2NApDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlWQk9SdzBLR2dvQUFB
QU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94
YkEKTUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2
c3FsVCt6dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytP
bkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpCnZkUGYxUVoya0RE
OXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS0xZDctLQqgggemMIIDzzCCAreg
AwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MTha
GA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFN
UFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJl
Wkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7
Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4
AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6
oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/
zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1Ud
EwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2Fs
aWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/
BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAW
gBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyx
MpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gW
VY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYe
MxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvh
djFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/W
Eh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVK
QK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2
KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0
FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOL
PgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkL
cLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iD
z3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bC
SzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64p
apAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2
iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4
OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl
0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+
fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyyb
QYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTAL
BgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUg
TEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0
+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDQwMlowLwYJKoZIhvcNAQkEMSIEII8W
T/oyfybZMowUKnyrmtbOIe0GF0kAJFQIicfhWAzxMA0GCSqGSIb3DQEBAQUABIIB
ABZfCDag+wHcUnt57EVjB2pW8+nzgx3aZJfZpkK1Uc7QM8rLeKRu7iPUn3mAE5/y
W6VNM+rMX2DAxXZ56HDjGKD8S+vqxYkg64fkem21UEPgwmaYVcmXyN3abXANi1jS
tag1VimwfjdGphn4jSSiIb8YbAewdoFu9WzmyL+LTEhFi49P+FW2RSHFN9D5e0Zy
L4YkiwvCak5RYMU5lOAtK93BuOXyY4cipYWKGflR5RSopRI+piIeWDasPxXBVlDW
iv8oLV7Fno8/9kc5EikI2ux89aGhPkegvyDx1gnLajIcjKvMvvL10KwV3YK/cvLG
dUPDI6/U5wu7tFjO8A2Wkj4=

B.2.6. S/MIME signed-only multipart/signed over a complex message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 5612 bytes
 ├┬╴message/rfc822 1706 bytes
 │└┬╴multipart/mixed 1642 bytes
 │ ├┬╴multipart/alternative 1002 bytes
 │ │├─╴text/plain 310 bytes
 │ │└─╴text/html 408 bytes
 │ └─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="1dd";
 micalg="sha-256"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0

--1dd
MIME-Version: 1.0
Content-Type: message/rfc822; forwarded="no"

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="a30"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0

--a30
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="844"

--844
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.

--
Alice
alice@smime.example
--844
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-wrapped</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--844--

--a30
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--a30--

--1dd
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
MC8GCSqGSIb3DQEJBDEiBCA1zCXdvmyUdnAjEayGwsTfRb8LzslPryiqROPrKMYD
TTANBgkqhkiG9w0BAQEFAASCAQAnLKYYseI7mqyx59HGWR50IQOZBIoURPXGixq/
FkUxnLYCB1vsqcSYEf6LSnTc80jLYRyeqaML9BNT/6uJDzo2o6mqFmayzv40Zb2G
a2X3503JCQzQOFWX3zu6Wz8yaSUryMDF8toh6N+68eJ+Bp3EXhE1T24lpRalxSGZ
sc2d15lz3bY4RBbqOUf5zFPIEA3E20wwZT1ldUuqgFFORHmZm9I+ZOUFwkN28oIu
PQptk54Dbr2o7h3jxLEj6/S1p0ErZ5NurHVZzdmPT3UwLlub59a1cQiTXut82nw/
mS8oNv/2EF/CDMr+90F+QaXEggC9EEKjJenTJZUtxqgtpwQm

--1dd--

B.2.7. S/MIME signed-only signedData over a complex message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5700 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1614 bytes
  ├┬╴multipart/alternative 950 bytes
  │├─╴text/plain 293 bytes
  │└─╴text/html 388 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0

MIIQbQYJKoZIhvcNAQcCoIIQXjCCEFoCAQExDTALBglghkgBZQMEAgEwggaWBgkq
hkiG9w0BBwGgggaHBIIGg01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs
aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpV
c2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjM5NSI7IHByb3RlY3RlZC1oZWFk
ZXJzPSJ2MSINCg0KLS0zOTUNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5
cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9IjkwNyINCg0KLS05
MDcNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXMtYXNjaWki
DQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzog
N2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LWluamVj
dGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVz
c2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSBt
dWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZQ0KaW1h
Z2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMg
aGVhZGVyDQpwcm90ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VA
c21pbWUuZXhhbXBsZQ0KLS05MDcNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBj
aGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRy
YW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp
dGxlPjwvaGVhZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlIDxiPnNtaW1lLW9uZS1w
YXJ0LWNvbXBsZXgtaW5qZWN0ZWQ8L2I+IG1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBp
cyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVk
RGF0YS4gIFRoZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBt
ZXNzYWdlIHdpdGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQg
dXNlcyB0aGUgSW5qZWN0ZWQgSGVhZGVycyBoZWFkZXINCnByb3RlY3Rpb24gc2No
ZW1lLjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5l
eGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tOTA3LS0NCg0KLS0zOTUN
CkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29k
aW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJP
UncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxF
UVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5D
dGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0
NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxp
DQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS0zOTUt
LQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZI
hvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv
BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
IBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKT
g8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidm
buZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmn
x4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL
7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zN
S2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUC
AwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
ATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsG
AQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeO
r83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcN
AQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgR
yOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x
9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmk
w1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0en
ITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6h
vrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/
QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1
NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE
AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQ
Ul5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evP
gP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryC
qeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqp
o1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRi
VokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV
HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh
bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0O
BBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko
ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25n
Y/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzE
f7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa
1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poI
ccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKyp
yQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYIC
ADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0B
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA2MDJaMC8G
CSqGSIb3DQEJBDEiBCC84gf/+no5va6ErXhHIk1xELMQNWg9BUh8E1M78W5u5TAN
BgkqhkiG9w0BAQEFAASCAQB+q8buLwucKfPrBoXxKP7ZaJ/ifg8Y4Axf84AhNJXC
+NWzThUSgq12Fn9cdSVO858oDrWDSndd/zwgab0TgQZ+64atwiQ7bVTDkG8qgeT+
I/R1I8jGOCUTpkKcK34tOYbmhkc7/2BLITc3qOAxuN+lrsWVL2NF8LFGh9RbfzRu
WFVqAMyfAo9DRr1PeFDoDQnjAGti37M8/WvftXixxOAevVmFUWbpnFiwdvSwdrt0
CKquQ1NYbFAvxOawxLU0jFqhIgW10+fU4jqQDukUVSKFiw1/dK+7jlZC6sCXf3Ys
oHRhxqY/bSsgXn1DUWSDjhae3HnlZuoVXLJDHGCd6oSR

B.2.8. S/MIME signed-only multipart/signed over a complex message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 5580 bytes
 ├┬╴multipart/mixed 1672 bytes
 │├┬╴multipart/alternative 1006 bytes
 ││├─╴text/plain 312 bytes
 ││└─╴text/html 410 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="f91";
 micalg="sha-256"
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0

--f91
MIME-Version: 1.0
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="099"; protected-headers="v1"

--099
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="9a5"

--9a5
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-injected message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.

--
Alice
alice@smime.example
--9a5
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-injected</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--9a5--

--099
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--099--

--f91
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCDzzjU9zkYamvSgC05wewF4LgTekLa4P8khUZ1HRNkO
GzANBgkqhkiG9w0BAQEFAASCAQCFAaiW0MVy2tnagCpthNu6sAL22/BBu2BS5XY0
vTH4/MtLzU4lSokfcs8lgpXmE852prfBZfyoBiOtKZF6TkW59XPiEx4TfBZ+pFwb
MaJbZ5Kil2GpqKib2sEKbaNHaUY0H+vixz3NP6lo2Izras33cw4Z7FE24qs3zTAA
1WYTF8rtPhXVW9rFLumBOF8LgGKPTh4mjWrAEcaqqmscisibxTJ5yp5DJhHMf9Xv
/HVi9lOJJ5BlYOQOL/jWPxQorYJAP62HwEEzz7/GE24hm43pK8uHT5DPHiG+gZZL
35qcfe8j50JVLTG2wcRH/aKhat12MMnPFMqnJGwugLv4rwg5

--f91--

B.3. Encrypted-and-signed Messages

These messages are encrypted and signed. They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies.

B.3.1. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7475 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4522 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 742 bytes
   └─╴text/plain 321 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:08:02 -0500
User-Agent: Sample MUA Version 1.0

MIIVjAYJKoZIhvcNAQcDoIIVfTCCFXkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAC329r1iEcPbagD2cVpD1M/7LXOaUi6FF3iB
LyUr1SzTLh1+A7AgwZwJs9b4k6ajjZU5DhV088Fni955+7BkdSn7nxFFaoCR6mcE
xR/a3s2xqT8OzdsfEvgOTyy2m3t+QM4/xfSaE0zXJM4VvHYjvBh36piG51AbGjoh
g6tUrAByRdFCf8rlGdgxQeUucIRwsb9cMBLgblQHcfX1ULxRGDKrN6mlCJsSIJo9
KAwDgBqzFgO2MZGxPViFdBDH/gyD8x5WqcHaD8/bDesnit5Si140FVfymJauOa9i
mU3tIvZipvtLH7+Qel/CtDEV7WoUF0q7TP3Uum6TzK1q0+qCPMYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAqIADn176oZt02TkHSzUdQz34
YH22oZVum8FBAT7JqnBwFdTVBtV8rc2jaU+wqds5ob6JV3qk/Y4+ojZH5Vai+m/T
tvSqdbEaETX4dn6nwyFens7nVcJucwh5Lupsdl4bDMN3sAXieCl8WLVP1nyopX3y
r3jwP9Kb2sLD6qJm5QhsFCxYnsNc5MezOD7uZzfkhj/cdJziTA9509qQ0N1dZrIc
VAl+w5Y9n6xT1dthwAzbYGtzpMgILpvKqP/Pjlpqgf6ZM/gE6UQp/jWhqddnYh9C
1IFA3jezxfkjriPmGp+DVgs3gbWXGOkiB9OEYGRtupmTVnpIRgiyfZIQPU7TxDCC
El4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEE2766qakXIO6gJDwetD3EaAghIw
e1vHp5+evfwDaEYOH413e+vY6ii91UUkvIi5xIl0FLDpxDjZ/DCOOvPJouULYk+Z
feWZYF69zZuGsYDt6C9fdNGY1r5babjG4HcDOoHnUnaARSpYH0fno1UCAE+FTHHM
UpTwHOFTa3ZD5fCy3GW2zMDEl4NG9Xhxtq+JJsHxfkNwZf9GUIF26vNcaBTe2geL
L2yc7djtLwVMZR2nEmf/OoDClHibRhv9J1Gaq6LqNFFoIi3Xfpqd9G9bZtolBAR1
+L+E8YW9FZHzb341l8ToA06FeWvjTQXUTMnDgsj87P2NU6KTt0qUwsuawV4bbrxJ
GVmpBzfRrvnW+DXUJ1S0MK8dSA4E/ncybiQpXYavbgDWNBGBhXbuvMKv1ucM5HO2
BDQ9Z9IiGBfv/V8uk26U0QZuG/mZr4QC3Yfe7v5fENSGdjuvsAdJjQvfgygKyAyW
O4GQ4oBLeEyTv/SbIZm0A12lVGYKwziDTeymNmnS+famUQTe6gf4ABA/S3VEZV9V
ksyuAjKMLZpab0MdGkVLzSPvjjibMg/2xeCgzwAloOPJx3rbIE7y/cA1J0n1BFAx
IiNfQErXcCWk0D0STiQrZ6NtnfIUwYxFgtvIWzB862n6ek4BlNXHPprMwqp5CXIS
yNjmzZsSUHxW88spEnFO2epL6e723R9XQ0Sf35P6/jJQmY0ucvrZLU5lvncLqMus
cyLUIKMFojNGGCPkY2H/+k8k76JnN5KN5DjBj8sDiawFSM22ou0UC0+fimVoxnVX
8LmW+5skSRF8rnfRaN4LObKe1+fFbc3irD1H9T0EXVAj/qY3GqJd2MGL1MwZ4qTi
btn1jriSMEz5e5yWFRUWI8KbW5hldpgQ6PTOgkAqh2KWN88DNOi7NNLvuiK0Y5Vg
Wq5wcsrBhzWG9crnPSlF93S3hSGvoYx9zKEFhNMPJF/TW0KV9sfXsGjYhBVm+bNz
IKcoQFbsyrU0VOjVuD6Mhd7JDAZkFlS1ofQO5AoSFZ2/A7tCOKCrSonziIiZXtld
mQxoECrkMqnkR2mReKlcb8+xaYk7cZaovSz75YtdattfYkEGXsdSOozM3WMTZ4am
CKahNOFRlvluGNJt3OFwvmvKZgxXUD5EMj2rIGqAIX/ddmzu+OiQatu1zMMw7/09
To1oCrpPGXaO9L99dTw7wNjTY8t09zuoI5SFkIm4OEn6csRuFyBwlPv7KQSG6rDb
AvLmOOH3pfqhZ7WD0OFsRVO1VIcbmj4l5LkaaWhszhI1/78FGs0TYETvvzU47kcL
gp7YCX/Nngu6U/Mlbexw+GxQTxfBXAXi7VsDKaUIQaAXMcP8f92sisfKFGIy677R
BDmLwE/Fgc3lTAz0hRoCRKVaaaEQTXEOmo7y9pjuTIjCDV7aH+1Ox6nR/PIMwpTT
vvMIW3ECZKb3UcneJFP+764c2i/3JlrL3weYXCnsB31BY6E0K60AGoHrmUw8Q2mc
BEdG1Zbm+yRmwYRV7S+KZ24gy7ffnjLDArSozIpkENf+kpAcCVlGDzzbaCzRHlvm
NAiJu+f21iR3wOJlBB0mQJruilQbAqouCU3ko7Xm+4Oa0Ywiv5FQxEraczOyT19E
/7Fu2xXHavn5x9D0Gan+BYNRSr6+jhj//PVymb9O3jfaNwWo+2YIaqxdXj+G2wv4
+MOdHkYFUHp+m4GEixpT5AH1b+Jqh/NpCRH1P6DII71O+ZPOfCnCKRQmwOxdYmXG
ZEnRzSlCgCPdvT1WhUp+ILd6+3PI21fjUCm63xJU3lkFmuOMM/NEImSwEvTUV0zi
p9buB7zqbvRNDT2lGQ5mfY8jXuJpBYWp+d8yzLqxl+f6Cl2ZEbSsthY0gxHMPUWl
AzjCpXfVGanZ5NV/4YVx5CLJGKE43LsVtQSI2RM4b3Y/aRILiMwhGQiQy5zVRq4S
ZOZSL42gy30UNcmXONx44SvASx2NVDolHWqhX1cByuQz4iIjc2P6rRORoAEgyy3n
NnTA46JjLY7hSGQ2LyoAzQl2SYdfqVeIEEyNz7BvunQxfmvwDmOAQdxSEpF8KR+C
C3M5n/6aAGSNMzcxJHFLnSrCh4nsTSBHrrNIZUIu/J5xIWs6HnPOnWhn8c7e+144
aSkGfRZM1gJpdPn8ISENgTqAUDn3j60i9GsspxFdg0IEb6g/pYrmTOAm4n1YUVW4
flFb/Z0+Jn8aLsjc5UI4HyN3HZcIGVFtYNthZ4CJASPxrAdjMBd7sa0/MvMSQS/I
MsDzfZU86TdDOLFdBm2cvjWZYiC0pqDZZxkCf8LQSTwuW5t3WXQXQhY3aV3VvvVb
hHeoLIYtfXZXhjIXPVh9PPfBCng+LrQgW6rYulQpYQtBV3uiirChgcLyq8aoPIwy
11mvM2Hn4XpkNgH5Oykk8MksFXuQkXvkuyPGXmTezj/UD0jO0iPjjZbaDtOIEHbR
V4M1h1WXA3At5ToBTly0Qwbfq1WPLds1bBv9+v+Jep8YlQStQbZ0jeTf0H8El4D+
4Fr/91GixOi+zXkM7C+zm3eYmAELz+9my/amWerQ6nf/qs4XvQCshWleC1yqEpvJ
4X3aekeHM/qkzNPnvHm1g0FxLNmqf+r+Bevmpc+z0iMUbTBmYdrWp9fOtXqDWYyg
zBh8v8YJAMfFG8NX0Kzdb2vCm3+2YKcV/t5e+oFRjcUSDjjLS6I7TeBxMrTz001K
dLJnRLBYnLLLbW7xAyKE1LKbAGetUBbP7by/gYgUKDTxuKHxOdR0LFm0B23T/Kpw
OqyDpxXbdy4cd71EDJ6pPvh9GIOI/zj8b2JBc7CRAqNchy/DoqEy1+n5PFzKzfu0
aLUQKtvpehfSn+hBjNYGK00KAcKFU/E6/ndf2ykZ2QHdqxetA+yUcHAKbRKVjORB
kP50tg0YVIvaGfJR9teDCTRCw7ezUQMHvTVH7ju2eqvVmhT3lHHzPV2kqPewYJWt
420rgkb7lbQIpszV2naVuP2xc9rflqUp2cMDi8W1EjNSk96Uz6RqFqwq5Wec+rrI
0uKr24SIjZXqP9knPn8m/jxSF1tlYswhA8vJDHnoV5xa8mZ15ZVxSmiCuMNRTENO
H2YrGYcgYKD+ZqLm7S7mhAs2nA03JarS8ujt8wfEVCf5GQ76EwO5fJzCOfo74dHW
W0kOqWCtdPP4IRwqnvEHPONqF6oSh67RgCVKaEV8IhXa5D+G/ltE4IG3+132fczS
tu8Z9eEH3NwmGN/jOB/231siEH4O+dBWp5dxpFtNu647SuWFqqKxS4+Co4Xojq+2
q86f5rbcge01Ajqivj15wv6Dnw7xFByJAnUmz/QX2A7Zd96erNk22PkBac7HxOhz
y2Y039p9ZUtabu8LtZC66ha9UENWi7sxlPyzBUQaM01W8J6DdwDtscW7ihXjwNEn
bXc0fWvEcUQ8gU+311KQQy21Z2FJJwDv5L8lkBmbSfl5ASwg2LbDw+nsFJ56NqIt
+doBCaUsLulIe6RRdRKP/K8+WH3jWjc2eACSI5dznyJUFoyk7PztbxYROAW0Z88E
xDYJUmOM3kb1G3b4hKMykpHmHbR6Ysu6G+ZT2Wu8XpCcv40eTKgefKYGj2Pkr/kK
oshzK4foZ0cwxxDofk+WvydtS9T14yDnHeB1WV/xNvhoX70S0XjB9NJDyx2BCS11
r1vHI8YlmfjqOs+K21JS4vT/+Mw+bOkVe9xrHXQ6iKW4H2LwApQDwmhU+2np0O+O
I8GkUyJ6PwoCB8HluviS+3DxJZ0+5V6cDn5huKqIPXWbkndSGfHYT1ScmXk/Uaom
5OA3m8XCxXkLaMUIi/mOwYg5lTcm062DceoJx58BiIqiRHNEvMjtFxib6z8dvQ1u
0VPijWvzVKEpkbUSe0Aa0bYhEioYIHhUwMRIpzOiLH+oymYPuh4mruhVOdfMUzoL
WVmu5tO5dkZQQLwH/TfiUmNxO9ZmNfl8f2vmTsOO8IYYFsvRS7YvlPSIAt5FUwxH
9dkb8IvU02xVJtAK6rr25+dMxrN0meifE5l0wjGlvggwKGf4t021S4NoZ243On36
PdD1/hmXcknY3NQ/uLxaBXhqA7unCivcLfaAV8546OLqAoaO/Y09M2/EtBDxbWXU
MR8hUbOEkSt0oBbcjBPh8GtQ9k9wePkBccDdufHig7tex4OHzMHx21YD+/3TIeAj
/JqbcN8E/bgFlAxL4Xe6ttFZn5swZe2JoJPDx6b5S9gx8mEBq9YCkqi09oKT1i0K
HP5OrntWa2dD37y4CKJh37W3i6AoRRzhrMfzmNz06e+FpRloVW0lMHV+4/1K50ra
Z2hCX+kFzEfQ5Wv6E1YklbwGl0WdaAWNrJ4dRtUnzgcpy1FPYfs6V/WACHqnouO3
ZBQRHkINW4SJXDDAbh7lum+68xG+RBtQUZx97nP9FfJHHbX8CpmYH6W8OWzKlgFy
ZyQYHlBQpa2YZti9kyG4wCQKQyCF7HQFMLAN3iXLHaH4EAJWUzRgUrADj5kzhYTp
tiYOrezIzPaifrR7WwnqACwp8uBN6Uon2bywMOjCFJUy81AdfetTeYYjJADzuwT7
MNzcOdLFiPb3V/y4RbsfCa6pfyF24T5lILyiGHKdXhuZosfeglMK3tjORV0ASx9C
El93i13sVZxB5hKcxyvsCj54/r11rMFsxc7osNkrt9lzYmeIuVvTLSsOLZAr4AcY
V73GXTum/r+KVyReLkkPTT+LZdc8ZVdrKsuKR7r+n2xdKnKassIQClquaKhbvaRY
LJgAEy+abh7glz9tRaoE5hLVglRwD124h4Dgs+iOWr6yY/4uPJHooxoDyuALt4jV
HrDHr0HjY/0nRtoKh9aIvpcyQMmA/jvryRzPVaoGAa8+zxykc1nb4lkz05zKUZBR
4pFDKThxtCoiO29YuOpqez6WQTS7lqab4hPtaRzfHHuee25gSjq9B09t16zmRJAi
rp+imf4i8NmBg56ErGwKMejXvnC/6N8A7YtvJeuXIdnkBV/eJO50PFj52bWvUQJL
c78Y+pXKJXeZuwdoHCBAZa7+Kf+iCsdfgezrxTdgAoWZaKUrfsN+RjTzMoQ/ftrD
5RyQk3ok+rxY+A3FH3XoB9YUQmM835zT3o8fpZ9iRat03SCEGv0FTwuH7p9+wLdk
XwF3vDonbp/D6hQ3Yt2BVmDykN46FfyU6PiNCMrOCUTTLJZLUXZ9YC8Hf069Rah2
o/PZCCRlPEBOdr1Y6mpWYyNA/d0QOPc1oUg8WxVbgH4wqdEB620Vyw5z1G+jDLX9
iaOshu3D9v1xUMM0YdoyDCFNdUCzqdRmflws7YS5RIPtGxsyc1uTGy7h4divbDcD
E3UKuWDaTqk3uOB2wuBZoZSP7nK3R3v5wTXKqzckyklYfxdgMeid1jSxs/wxw1tr
oNZ/aZgTC8pVWsZR2H8vg+VpicWqxHoeuP98XBInN8B32NbPD2Y0gtFEbOlg0aYL
i70FvyLc30MICfaLPEf6ILo1ohagAmdpo3/Sb3JfvB6MNMjJ6sqZFFLbdgJoZHN1
Jn1GddfI06j3nOJ7OlaInyaiKbBF+P98ExbM/EYh/gXelo8u1rCLm6JJEpcg77qQ
E7Warw2fu6vdsYrsQYGfP7sh4aYIVNjvuh296qXGJeilW9Y/kUWa9P79m0Suhj3W
tsQACoHiiOV4p/5AHj2xOI+QexdxfAgSYDxcNMb8vdBdc5DZYMjE8wQu688Sf3Qb
6Gq8f1zWuVOYZAB1D6GyIZVDZZqhjYyr6316z9PBKwo+/m97ZxpRCY60BNrGNtM3
Sdj+Malm9AjqJwzTAks5vBy9e/EbGCq++p4YhC2ZwBi16gSRO0rkTRPmhWeLXOeH
dOBIugywslO7DqagTlCudfqQ+YOKReFUOWd3aM9GHQ0hwy73IFzIQR2qmV757fck
MLor3Z8FSA0nlrh5lHYqYG1WhwUmLloxhcK3S+EC/OMlCwOdDc0U4kYF/S1K17sh
n3M3SnE6zdlkUrhK04hFFFdAfYcCT6BFKuShVI/w4WKT0EenbDm7HwDI4lfXcuxu
rnsuMSf46au1YeBK/wRryCqhdfwQEkAB/N+zsxfvAYG0YpOOhV/xfxUNwVzplxaa
qwBXs6hHajwB0OKDhLzgL1/w2NAk+rsR/zsFwmjt1VrlBRAaZLGR9NEtvnH3ziN3
YscOai+wKkc/SH0/1Pc/7kyNl6L8MaQppLr+TXDl6WwM6zvcvIs1jizLbxtxQydB

B.3.2. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7435 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4498 bytes
  ⇩ (unwraps to)
  └─╴text/plain 333 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0

MIIVbAYJKoZIhvcNAQcDoIIVXTCCFVkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAE4jHFjgjvcL+vJbAAHC/TgYkD0lhFkLlWZh
gSxqqlgjf4wieoJudnfk5t9FO9lLxUqqrqFCOoR7MTdQMJhgmcsb9G8ncJoWsNsO
EZ5Fdt/rrxHgtjXJodVbrk0BOJ7L9GVfzQBPFdwKEg49vP6+sVp+CGmByXvdlA54
ueZCKs6SK2QMzodp1nJws4IXm7BIaJsvGu6huNEI5lNe+NSl9qAGej+oJn0i5vsa
S/2H/0fxS81sIBfY/QYRr8AAb4lbFltWRWfQgix+kORhltIPP4A7Jo5a+fA92ZCT
HpFER/cZBLpalp2M+HVBajOUgASwsA/Y30Y7Sj3kXqE37RvaO1IwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEBy7Zg8b9DsTrdlACEAgiB5r
w6FQ6Bugd6UDLrGOmyCSZ1KoCmPUxpb3veBdbYTrjSIuhkMYq0/ZUQ7JVS4jgFMe
4dHUshBT3CKj63FQj/fT4G7xFKuRnyfk7fpeaGBR/1UsvQ+OyViHQgf4JA6OGEk0
R7oyMOROcZznSFT/Em585/5Iq2dxsq2X+fQUPeHW9sSRRnDZQMmIhQGwo0tDI1vv
OOlAGv2FP0p9iYQSzJ7VgJAViKHYoXDZTrGJnL9uygiIJea0gvw6f2jWLK4j04cl
1DNnQ4KYhWgIaPp5njGCKEiqssMGIj+TkkIYludeGy6dEK6f+Noqc7Lotfz7YDCC
Ej4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPLJkiAiTOk6hJMM2eSXOzyAghIQ
VZdGI8O0ZwU7vWIZenIr6HSnwSw6yJDWDd6K6bteA6qxZ4LMCFXNpNxH5VFIowK5
PqneUhXG3FUR88453uLLUDllY1ynMwvcbH0GGPOIn+tcP0VQHkFpmJk7qbmc1f5Y
jOsWMVVdYDGqgiDMgBAPp2YdqNv6o3h+RYItALY6rebm/0FbQq1nSRduwh8oBlnX
BOhV/LwC4CsqvRo8SigWxGOMMhrJeV2l27uuqEmOIA6fNpQ7yGiKJHxZ+eaVfDmy
bhz9jPZCVH5gL+7cBE2LVTjDrF8H+JDpTC+uQ5YJzGCaxubDbHay2R66Y+qfSy1o
EDXvli1/aX2yqXViRyxhkPteHBCt5Mtwqnfqai0krk76mx1JBeBQ7KrwPi8US0Hv
LXnQxj8tVVts4btT9bNRh8WPAdnhc/elcokASMaEZIB/Oix6hvhR2/AxIIXEOn+5
HOHzJ96UhFBstBf71mIwMzwW/l27zYIzNGK9r90kUhK5psMMkR5Ul6evSDPMO3rT
gKJJwfLH9nKvm12kp+Knn8QDoiHqAmjytzrBwgZrpklqgFFTG8Zz633BpPLwqb3s
j3tSaGrNv0dfFG1HgGsgahfXtvvFpNFj4zR9zx7UNQASXTRXZ5lNVt69CnKkvuYp
45toocAZkYQhTGEnU9s+GD82vFxKYN6PL6oRyef3fvAZ9F9tYOw5xlyf8TZxoMIY
GGM4Unaqsty6YmFqqMO4do+bF2G1bFXYI/2MXa34jz0tnExGOgZ6bsfi/5KYZIia
+w26I0OOyv58j0Jy+CQ6Mfx57+9WOwhx2tOcYeyv1SM2ER6edH0j2bMgztGO9+UJ
APUN6Hq/NUJ1uiBNq7e7nnDHFS9gyiHabq7GI2yilnEebZe32jw9OSyu0v/SyAsx
47m7OKZAukwI3h/9W4iS8L9cEShGUJtSKf5Bnp/m2iiX9B6lSdqT6nwVWEJ+67lv
6wonwAn2CDGDOsvXNoMTktDt4dBNb1lgLC/CgtupTXSosPovX8vgpb4VdzK2arCL
ec8EIaJmGVRW0xyI/w+EkcYIzBAoUDIt+fAIHLz5OXKPFFs2rGHrmneOsWtToCcJ
L3oqpz2QXV8/teUQ5vxF+11nF95vIBDeiZrEY2eAIPZwhdaCVc/EkzdxeE2Tx+cq
JIoVTA/anwMUxmgIRPKdIEMevgiUe/te4pIm+aXhy3VTNlDk+AnGAHvJnh705Zx2
zmmhRUj2OL1sOLxHkC/bMz6E0vjMiE1WsIhxds3EW9booN06wCjZ6GUKnSvOj8S1
ac5kAAomzErAUisWkbsQ+lNCysqNGEowSWqOG4703CzjcCMDoAfwCv/K7JvpHxvv
zosGC0LXLQHITM9qT2PMN4D5HPavNCGAxKQz5mJsovndj6BMJ7HqvhtPixWrLNK0
N4yQMc6NUUDn1J7h+PNquTtzRMqSURk/L/baNF5txyv5m6TgIHBfslnMrfRBEvuI
3sgpW+9aers/0vMh1LOLAW009kCf5+nkqQ/I8ZFaLIFvdRM+AkvbVaQN8li+Ew2z
lef/Aeyo4X1ofNkmFTqxyP+F+ZrB3ZF3/Z2m0d27379QyCXviiNrBvOE1BXzadwd
TqcyILwqQaqFlgEx2d4R/sdYoZLu95R9iLezeZmzYi2KLXmm/WGTzB2gzW0WINqE
k0+b7Jqg4qVJJBeQ0UrRFBZvVwVDQ+cXfWZt3ij6jo8h0iHG+LXHlQ/sIKSmCZKK
XV3U5Zz4iiOCCWEenuA69XN60VJON15QRBIiWtr5vjNUJ8AAg01qCygGZ5VkQzxi
fh4YIBk0OY0nzVIbKKvei4mNDYNdv2rWWuSFSUp3MfqPf1Wt35sSapBXPgUNLujS
7J12ZGPeiV6iB7xibbLsIQQTjroktQrP7qgGvKpSu2Q6yQOsJd5zqrQmyVzzhKEo
Vl1wAMYDEOO4vxNHSHpz6m4B0+ey7ltH8MpeXHk5cyQYAh+dn0u5uR96FWRjM6Fp
G3gPC/0mS2PytJG7KfQOkOKE1w1zt/ypg/iAKsuaMBx70HLuVR+BiQYFTd3YO/72
y6c4u7BarWgn1FVLjnNQ4aodZyoDqh/DluEdkF5AkJb0jNjP8DQAp+78E+ZsO4OK
C65HWQdfag2gNtTvm90RMtQjK7K4vXneBvWLahp74vouNNaZSS9mAAQQ/1YEDIdk
rJxa5hnjgB4+m63U0IqZhO6Yzuv4AlkVtp+BdYcCjur10hvWyq4k2FwFslaROh0d
idOlMirNC/rSnXcVagVonmS28Ykg61SE95r7CHtbUIKIGcsOe+AcSGX+mpJwLYqr
1qNV5PZZ/mFX69QwcDVRrzmDBLi0MW4iGQOup0f/S6RXTjW1nTvoJOmcm9J7/Bgn
nRhkYcd8C/4g//H3XndKdxyojr7KV3UY7iL/KPHI6pIVI7h/HgPJTAuecdXIXWt9
Yr/Srk7R48cpqLxdFvaaDWe3Q30LtNeiL5czscnLubAT6LBstJPTeQE6vnag6N0J
BU0Z0kiCLLIE6We1CUzwQjBzUAWVwHl2uTuFJZdPyVt94VpWeBEP3daeCwnJaOgF
krgkYLC3qySMLK24Oy6X8wESNuJjTEPn30t6/D5CzLIF0SugIwd7GeswWfJvbql6
4Z7JiTCvpZ+M65LFmLn+2oPB4xh/hyzNe0qs+9Z1zd94M02TxZdk6LRaNwI2yne1
2Wv0Eg+JEjqilnIPljd5KhJLou9BwBKciZTGu6OgCeIWY8pKsfLFvMdxkUs41xvN
o3FRhQ1UZPs1VzMabkP/NRb8D0pEedyPiY7v1PlefnU4jX6jP++Ejwbr8vT8K5NK
zB3tC+1MfZa8YTb4zuEIz4ept++/At6oUaZ29DOzhPzckILTsHxoqdbudSpC/RQ/
djKYTYu3XM1EYCUf9fRDaowYjPTHjrNgFzqF/Gv7tAr/1EOT/5SeMNrKaDCngh27
BzE92JTTjgkIjyQKo39JT0DNbcxViUX41EIH17E7tzY7Kaaphousqdjo/mBm4SCu
ncHK+mEBQ+2IGm8EaRlzTHqUqPXwwY5hsv4QMFezLQCFAlsgh1vA1/IpPIpESV+n
EvIgZCr+RLFWnX4m9mEOKHjK+yTds+Gspc1BWBby3pQUqWFQa36zSfA6Lkm0vuFv
0C8YKHKDZdtIrhPTD7e1Gooz4yGZc9//xiUO18HruLHiCnsbQjSHaln+EFk9qzxj
hRSI/4iyfn6mDqwFfqIt39GGA4Jk1eeb871bwTBhATbBkGwGhKVkeRT8xp+dRlCj
S4IsUDbU30rS50SbJ/fRYpVB68nQQNCC8pE2Hg9TlopAnRY9kKiJ1pnMNWRMoRV7
axH3BppdTvAcqaOOXFAtTUJR1lSrJ2XzYQ4GzoaA6Y4VjEu21Vlapjg8Zd2ehtVf
Xfjyc9vQSrv5AUuCRlQRdt26s5VveM0c9wODONxLgL5pimKUmPC1p/0oD6vWdSEn
uGgxlXF/Y0qk92o0AIFjey7xiQELwIP0bl7ukxi6TBayeZMttq4y/OrVgMZMoM/p
PWYnTHfoq+c6iuHc9HBcBlkUpK9crv1iKaNo9UgHvfIg87FkGkLRvol/c49VnRLb
Vm2IImWCOS4TyQxWrdo+iBENltYA09vpCHw4wrz9qzCGEblfvHhFHSMn0V0TJA6r
Rv3W7KrYhIYrLRouWtm6pR0yvXtsGK2b7w1Cn9afoWBsqOyxlAFfSwMpplXIA4rJ
6gbR0FIKgCA6XVGQQroYtdUihp+Ie9EmQuoesyzg3Of2T/ehNil9aZqmeh9rNuSM
PkGIfa/qMaXYiX1pECSNgRaPeUkt655B424KedP4A1p5eDkKKAwHoAsPM5nZ3LIp
WvK6pBZy4wy9ivoTR8WQUtyqf36yEOJLdVF8r5h+UjR2RGg2e0S/sbSyU95KWshp
2agwKQnzGBO08K8IP1ELlNP45stzpXYFcXxqezUwwRzyWqC+hK5RPNjP4CXjAd8j
z0ex0sEoe+5laknet+MPWkQ1wGRqzkrgbiWbl5SFpbM1Qtfv56YUTe25h1gmu8ik
cRBVoPVIi5As0Jpgc8cw/q/1mmC7ha73V22W5s97y2B2aSn457eXZjJ6tR0p6WPF
q5PDDjjlvDliZP4NgM/uyllFbyi0gvW+TZiha7YQIWATaG3EF+0QTzBuHJADH+M3
4RfT92fV7Euya0+/nNxCh47H1ex6v8fxvN46aAuYLv+GVVKC5Sa/QQX3IwBqXBwa
Vb/57a8+dqonQpvr6q8FjdymapGR4kCDVzXNdCgAuoqMRcuO6wJI+ZjgmvNHTwIx
03ASdCVgk8FZaR8hA0MKSDexs1iIvzEzWnckwVdGsuIszxlLmnhTiAxJZygh5GJ9
SYEV5exBe9E4tpAV2fKtzLK3b439ZK25JVCE4ZDY7M/4kPBQ9caFQzx5AiE5PuSB
URZbMFLK4wldwmfM3B3lRsRlgHxr3D7X7fp7/92+fkcM7F6kGwoR3YZ+cXbVrdYP
IJbepUoDIzoLXwC0/5KjivVlt/VVGrL5SKcQ+QEob9DlhP6l4jevV6KYq0QXEw7R
r79EnzkKGqgb41HjP902y1agv8+RqLQnna4cpiySi4SX3de0ojbntyet06Rq2EDY
O62yLHGAYRrOs+qxV3DPAWKnMbXa+Ae0C8D+MzJCk9ZJZNnNTRzeJ+bVBypVC5wO
0E4ouXA3i1tcgrjQqr3yg69l/aj9sPoT5ybE90+pdYccH0VO3beXOS+xZUUpcyqq
VliZINAOxf4y+P7FgPh7+gvrfKYIh+SJMcxk1DxsO4zA4M/aE7QhxjivEpi7ngr9
+0v/VV6X+pCFPmFxia9TpEiiUG81LsdGCHSzedABgWFg0M7rsPuX/5gNN0s2rdti
7tZu39pRWZ4+HXwXgKnMPk3Kx6i5PMLEW0PlM7NV+pLLRiwS5C/8w0RWnzBlth6g
nqX4mN3euezQmTrZAoFD0SEymLjLhOoMLIMEuDBp9k/4pQTE74VMW7ZwjYxz9cDS
sAWa3+sk4c28sAmTdV8hNLtSey+NqA5hRj/bvVEiKNLvuilkbwlseIzqg4OHnrqq
6OgAaZ0bNxZ5PYbY5T2hVA2+tqja9FGJLCvFr0Dq7w76VeAui9hqmpQVmw9YrHmz
TqYYYvCZRTn71eHmITO7j7MGTRnyfqcZNmM/o1Jya8vss8tiusS4DkGNiqq3J2Vk
KjueAqBo+3uYmzqm5gKSbNfXrkDTZJCxj41ZYZto1dCCHUADSQ0vQ8QoZ7ICW7yN
4sMnoqOGL63m7oaqc4983iHk9sK1ZoB9rrkBqlQVNN+ZWE1SgE2ASfen+tnvFKeJ
72WWtgQtK7NhYVPfWF0pzOlMoBEwJaLoMVokYW3I1Cp2joriszqu2ALAmgGTUbC/
dafVABuvHuOErPhHmlp0yVcifF6496mspG2pRxEb3hhHkOmq1JwrVkk37qMUuMTJ
Npr2r0galtYT+Hzmsw4ZMG42O9fUEyAvsNfF2VeanmBJRdxHslBwMHDEyxrkYvcE
R+FMtAIvKNqyDTQZOWkdy3knwDgfz2TJ3M5guMPO9zdQLN1ckEDa7nn83lCtjJmw
lujtT5N0RYIpkt0Xb9ZZKAsnxvn5LlSfz2dC9VFeoIn/amkVAVaZXZ9vWY8V5Ae4
UD6f19EhvZ2SbDCk4uRWCf/i5LcjKOyGwLOtTY2HCfqjmfpdaHDfNJKwikIx1Yly
I5421BKwMlaQuVPYzBUgN3Abd5CaRn1etDax+i1N2jyg+dj+x5NQDBsWJ9IJUOXT
nMDScnH1YW3CeuL+WBcBozVltZaO2RKSDCpm1z4TGTAGHYMoek8PGW8/ZBTIMqCh
7Y1gq54IRMIhO5JS+MTbp4MWaR570XxKrc/09PyDD1EzhIpixAOHqDf4LI97i8Pt
M33AKEIwZjG7lmnCnURdu5YNA9Q1hBgjshd7tHAZI57I8UwdX/GrH/jGm3Zd0L38
xPfZpa9QSr2Fs/f54Zje/G+9vK543k5PY26PckeSxVFrAc1eLNRRXuP0DHVc5xxX
pwj+ARVUo23qb2bn2j3Rk8u41Z+mtOq4YmLc5Q6a0M034HTqrc4jiHU0Hy2nekJV
pBbOU/BFByUFHn+M1h6yRtgQjVKmC88O/aBb5u7MqrOsQ6cvNqHfs3A12HgjBxga
+vBLwEHtHYgBOeZRdIeQwA==

B.3.3. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7670 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4674 bytes
  ⇩ (unwraps to)
  └─╴text/plain 423 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0

MIIWHAYJKoZIhvcNAQcDoIIWDTCCFgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAA7foZVL0cKGxTAGMEqr24xmXk+R9+1tBvxo
vVC0FR62j6F3bEqRPggJoL/HYhvhbCluNzS462O1GUESTn6dU0sFnAtHvpm/aggs
ywFJsWc/fzzIyEN9wQ5X+2BWM9SofTEikdGaUUz/fub8KpV3ZHmpO+boNOMRWys5
gOR9GFt+iv5LEdqhvaymsdFs/qKAZBZo28ffE4DsanZEVmYufMriwoyRtyqnHD4A
hmihNTH5ZCdeUUSZXb0w/UP9TWlQ9C3m663fywaS1zUNaol4gEpTcto76D/FohGk
s9mZ4vFcBgGWzH7GJWJFWE4VRCQoNiWC4H8y+wIqfIDE9d4isEMwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEASY3CY6TZFO/11DvnkCjzRwpZ
S+1JJ7S/t7cPtxZxd8ZVVAmNmVEvYkcXsCNbvUrTy2BlVFWYKuPOOvfXQVHhK4PP
Yq23OYseIXVnsP7qlDMS/ZS+ptGBIXV2ZzqBt7I9jgMLC7f5i2NQwDns0720Slz1
MOIztq+Ccy8l31WlF5k40PlI6oy6PLv5RgM7v5CGr4RmGBZBiv2rQPYlfSSGvAQ+
Xn16CHji/70f9tEXfXGREJRzx/lIKFjz+JdROE4gptu/wXNjw6bTVTPx6FmfOhnD
8XUZA6oBjN14Hi3lLHzYlrhKQG+9owD4tsTcOcdIh7B8ZsMy2G8Mg0mWWHTWgTCC
Eu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFmrLeGX3dF7SOczv6nMLxWAghLA
C3wQFKe2rnY/Rc4LgupEDeMq9p39XhDQIEYeYvcNiPuRC0ietAnYPfAegOQ1hsZh
Nd87LpWCtj736OkRwUXhQyoVEdr8YJRIBBgOYC56WyHutkdWAFsCXrHhJAeHdq4y
5XAdOPX9McvqKmdeDCfanXMWNs28G/sVIfwA1o6Tg4COw7g1DXVJhYqyZnX2tvDH
u5XM4EMVezY3F1dh7rs+NTNQ3ziFs/48dzIVPLmOZj/OX9o2pcnhzU2gyE2ciPtR
t8p/hWw2bdllp5+ZH4Ma/Cmaz+48GrRn3TgQzSw1/QtI+x6h6RBGSVTRo/nTEvWQ
t9SaoC1C+SxmEtHCPWtWLDnf979+I9ZGkqsrrjasoTKZAieq6KeTBB9Fya6eyyGj
VdDEx7jmKtpJpGvb0pBvl8xxWKD7hjX2f3qbgFKrwuToayXLXCw1hYnX3UQ4L7cH
t7h5T5m3pIehG8+HyNFOGvt1QaFTLzibQ1fgU8hdDQQkVhPDkPyCbLI3nFZ8HH9D
V5dxxd6O2t6oNeBJQUKMAzOxnfsygBhw89fobdskQnOPOBvl7PCSLrzGMvvE1WUq
wamSi94s7V6gFfUmbe7YYdZEl/VEEawzaw/eZ+wHbjVxQkpEZ388cFHMdHOnkhUG
SFobdwBYQj8vV4hxRTuoM9V7ZaV58S1MuS4Z86MUkCf2V9Z/9+XgkvmZMu/G+G7A
td574PqjRaFrOuLuEQHRRZgcgUP+5troXLRgcJJTYdZB6JKdfNg1ikBF6Bsl2Fv2
XxXU5o89L53X87Q6oyycSuZUUwhaVQbx4voWjnoR/Wcgo5bE9+moXhXHkFYOajDs
UAORrQGVC+NaaVwpQMQujvZUOYQJJaRiZc5kALd8TZ8c2W9s3j4L4pDDmQcrgBp7
BVdBnNDh7rNwFqrsp5Tt9lJkaA7A3JcMhTnxvWQCbe3e8jbgj5oFfR0vIZju7md/
NwT5rzrSVOAHpgUGEalM6u+zN5YU1Am9aisFYy9s0d1j6uzGTP++UfSI6mJPX5HZ
7HHVExQmVCjVgQwpifT8sOA8GBWUb9w5i3+BXhJroFJkgELcna6RHiRasndr5fdK
ssqW/DRjs+O5WlNfHhnXW6fBpXGeG7tUuaOj26Va00VWkpudP9jiH8qw/tc/ff4v
5aNwO8lMZ5XjKDnRNIkS4lSFTUsYDYhxpnQiIS4PRpbpr3GLKLm9d+vWsq+MV0xZ
u4UM375UCi4ngrtagq/pgrQKdMW7zd6S019eRSm0QbGV97o3Cipr4+6uC+Hv/MHQ
GTCxM/6+uTqESnsngQu5N85Zt/zs7HagRGSOozZwfakUuxpqyGQ3C5W7JMsbQ2HM
KFwQuYh//C1mSX9AZU7Fp0i7sKPp6C211ErUeWUgyViDrwFRi6F2f0nDHNr5bmXy
QCsJdvRIZxCQpWtz7/iFPlEP68dNsGZsz1nXjgwXycst36IRdPks4A3Wfx1H2Ifn
BrLKqg1FUhJhE7dqo4KrvJ3zWIhMoyeQf6roKdxmcECrzigftrVRP5C7++3Jqj5U
VFDeof6JedRUP1rXv0TYjzwta+PUhyGFbDIU6CskSQo8+Rj3U5uYGSUPsbv2bE6u
luOPZYpYNKgBylPsoHZZIRbzmeTit4lDlehWANRFjCwsGjdMUTd8yca9zWr9l5sX
qhWA3Vijz8CHW3DQMSO2obmvDwGnOmnHoxvjWWcexoTuT6AfTBw04XIIh5UAgexI
e5FS/2RzsqbY9la2WhGerXdrB2EIWsO2xaQvExyuo6JJEyk+8IsBqmgRr7mS1lId
H35SzbjwXkPK36si16vgsbDs/p0NIvrWE9bLCj9YZTagqyyUSkXNZssfQQdHGssE
kX/pWS+8l1dXcbQxamf1XENYHuovkX96nTq7a8jxP62FR0fbz3CfcNSAmu3bdGGR
CsQQfW996D18+xtbHuks801cJW4Lnnavjq+SCb7mZroFuDSeS96poK+g84uXPdMj
1TAPgXxHDuvf880nUeuwdnM4j5nA1nHGSnlB0U8ZPQTRn+MVGKHgMycl+Rh1Klkm
DjwrzflGBkMbtiPqKLA1nsyHw9TnYfBqQ5MhlY+jnH4MaT8t3Fm3hzmki2m4u+3W
AXeS5uznfU8p6Sbm5UvXJITRQbBowGD3/6cz04ymkjGwwAEyUyjUNOtlbjLa+8Lu
g/zvJ8EWud3a0az7hFFVY0ZQTR4CympFQUNtT7lszCRL93lCa2RLD+LZst8wCoJ6
vdrHmCsuuXoNnoDE+Ox0CNGRZI9t6SleqzENwLpY//X3Gna/iLEdWzgo9V91DZQj
WVxuPB6YLrlWYoClG4ZB8LANa1t3iGnLGSdzmWDY5ajrAEiaPDe/6ApPbHkuhB7/
fl6S11je2MijlHJn8x3NLamw7qGJeYdq9lnsr+5UbhU+3+xtIUScT+7ncvWgf0aZ
Dib+Xv5ss/GIh3AwYdgx48mqd8/ERfgA9dbr1SiHk3KD/0R5t9cU8VFo449vbODy
1E9s2tyRU95zkArMudoHKvoiB5qBazMPnTEE3AKNbr6HDZwP9EAkpSkdc1ZXq5pW
SvELQVvdVLtkG7Ujwr0GfDDasCMk/g2EFAROVPDhcPuAIivHx9Q2BMCX0ZePjeKc
xOy/iTWnwCwtvlbadizD8McGqQRkFnIezjKnsGDkJkuTxuigBitDNM9m7hKR2N7r
nbYcfPEJ+PorfaaeLIFThejzpBW38NqjPJay+APZ/r3fWNqb40Z/5pB4viBttLx4
ZHEqf/82CA/hNKoYDucEx9lJwB4CBniJDPE9j//Ncr20M0DJYziFgpb6g4+9KNsn
Zz2HIkYvy2DLlgxzyCxqcZsmZIBahX2ID0zsGo8hZ524yyubAG82OCwKf6q1OcFv
ONVGNtH4/GGzQ6PEjeaJiibzVYJJPBeaqpitJMiVdwu8Ar+yS7aO1p8RS5iXxBjV
L770yo2DGgwU3J6BquWeuiO5BK+4AsKVSMhsQgz5q1krKZpMOUviGbO3lCx+SsNd
pLevlECSZqkhjC/XaiHeoHRAuGd8Vo9LcntNjcfJKRXBE/gQ7H9nB1C7qIf2FngI
y23th7XSrUA8R8xHi+AwWyHS8g+WeTx3w5yDh5ey4l1qOR5SpNvuYOgBgZhWxlsV
agmPUcoULPsxeIyQYKQq42fcb60hJrtw+gYB4x7RPDQkX2bEA9TgaXIOYPnQnxen
mkAlIIE7VSHKhPdDpQ6NBueQDmMwby3UbgjttiHXtffUmgZPTfE7G98Nfpq/8Stg
RNPunCj0SUIbIrdMTUbyHOkLMq6kcH9EXu9NqdY7lBLDMo8da0edY28n/sdgrzDI
03GESEjBV6KYjs9gOzPGhUMNXM5t+pst2LbzFpVOA+rONMzyO2lbED8Vc0skQtGz
H4Oliksszm1Cy2zFUXt2Y4kzmO8FCD+vfeTD/2QestE9geJOL3P0YQdGQntB/Wff
2T2J/ERLNLgwZzB+WQcBmH9rIgOEJ+LaWzHF7cJRqkH7b4wui4WsxpDlB1Tj3Xsv
jVIfXsRSUrvCT7QBXcbHCEnCPo1ETMv6/owEysVPYEnym7zc6L5e9krLDoJCY0WR
wENraaPluDZy7PA6NIiKknhAR/MxnpQE1XF5Bhil1l+1hW0KNooHjiJgHQrxkA38
oSrQRciYbzVsBSjiUEqZ+ksD0IeCQq4MzkwV+3WhQ2Y38pKeTNIDsRlweO5UsXXb
c8c0nFaWoSsAP15G5TSqiywqOMEZ/K4sqb4H+FBrqXtAzxzRJmCWKW0su2WsM6o+
YEqxZ5xBL/GmTLVCMR+DIOV9Bd9fnKdjk1qvTbOWK/RFleAyMvWO1W79B+ZlRo36
0m5xGBns9m5Q6doBefeSJXmCBo3krhxznDD/RG85psnlxOugVJuAl8cWXnz8t8pZ
uuyNZc59Sw67IQj1lvJlS5Ta90LcroATUGB5AFRkjqZAkvDF+9LaWeIaIkxFocqF
UPCDVaxdupakvrw4+pLukG2C6e+GU0Dqv76Bnx8xfPrPSafG9whqi3wrzq3dWIah
kUFnkhaE4tZH5ek1fOJYBneStouSN8Yf6M6qE0TsgFWo9EI0iUWASB9HhS6bfTCu
Erg1bH0+JOKrf07HoKCScBx2cnlQJU06NET23bnUg4Zg2DDMdox/278ocQ8qmqum
4cpayWMHvTMgFz1In1++n13n8EVBlKJE0NpNFs1YnRHYRk1z2x6jB1iYXbfPJxje
pSx1qAL2w+hr/qi3NXnkKnz57h08weIgwFjf+cvF84sMThqf4Kr7r3iRdlXtY63C
mmlYKZ3iJVZEULsRnCGXsOla6x9DVqP5a/EurYPWqlzvxXp5sCvqIxdfIc0IGIjg
ncOXHSK4V0ezr0vRzL3rINxh8WOuvkcfqthJf1S9aeYS5S/8YEYTDdXf9BK/PcHt
tN6SX8EPYpHDtPatkS5vHQG4cfdGQG57Z644DolSNs+bKsmjb2KFPMaEyoDCW5pN
ue86Wkzk7ArN3HK6tq/HSqrSU4tUBObViI4trOxbNsPDFmcbJ3RIfcKKIVGkEjGD
t0eh3ox4vdNkiW+5La75VAPGD7Ox40zqHT+6K2oNHfrAgRcecBBAbw9dCRuPPH8u
+m5kNdTo8cvF3BR6pVOx4rYn2T2uZaZPZ6JhMsRRwHbYDsoMEWBmrhGcHMnrVXKa
hnygPpIl0z5REFlWSliNMpX/35RG7dODm6TeK+Wtp16qdSLOso3Kd0BgcjEUbMlB
DMefqY+0dE3Pts7J3UXPw8pn0H6ARrZn01euFeHVxMPJU3GPss/1B5Y+xtT2zrVh
j+ouAdHOtXx7VnOwpYi5P91UEdlBOG4ez6eBc3BMVi5Mol1Qgp5Jr6eHrOUI1DEg
+G2HD2jrl/ClhWcPUJSEZqqH3hkhQ25iJxBd0ol6F5W7NQ2MLaDeE2/xGZ5OBBPB
stf0dFsoohdVtIM6laOIVeZ+TviAh4IlJoHZrmjMRjpZ7vGNlIdjg7z6xM4YYtCl
piJl0n2/rr66+GS7pQcoVOuFAyBnblEg1HrJTfDBy6BAgA46Fe03npuCYpiBGoFR
4I791+nN85fE+JzuEuny182ui/qtR+PQWeNV/oiV8wmhCez8g2zDmuLwfNcAjJtI
xQSOvH5PNt2XA4OjaJWv8YzHdnEHdSmV0gxm7g7TVeT8Ez866jn93fwOKo17shfZ
9Y7TyDCRIcg8hAi/kEM8eRL0G2/Lgb1jMH1HHTZuguE3DYf+LhGXkcvmmwzpAlZO
vLSKYRWObJBU7ag95fr4LptxD0nVfzXyteyTYRyyjceeqcPNieg4c46mYxalmU9U
BZ1p+2eM3AVLiW9+J/UmWE1M+oAjKiJ7C2OjNda2ap/eCLQUsvoHUNQKLz8uawn9
zVJiD40xcpahlF99YhzGTdkUf4vSSaoG7J2g1y12kto6eWS3SawEnm93qJAVDQFK
I9lT7QKqJ305eN9WVuv9+uQBgZHBUfMgbaeGtlycTfasOD5P4y52hP536f7+jS9f
bjyLRnXj2Pzpj+fr5XfkbsMU2tecChJsqoED7EhTeymOg0OOt252dORqQxb47Woy
xRHi40jusIM+HWXCMMPRPYsHESSG2+Mu1IMl1ZN5ofSEUuswoFaboO/ssZaL/Xf+
5rhPpG09YC+I9ZWYyotIl8HQbf1C6hylXTuWQo8bU2IsuXCNH6GdlMJIuTKhLGk+
+RAhVnCq9A1abcvuAYCDFnngY/b78DIENgq5cmSnC+1740SV3TdxVIVEmz8oCgrt
2UMbnsxrgmTW6qDLZdF0bda4854AI3SQ0G3UUUTTkq8+/E2HOVXKBsPKPKIMi9md
mlRE/xKUvsb/Rtw2AoYjDEyciwi4jCc+nyv6ACbhWO17v9FpcHAb8QRD8BxTo2S9
bB5J72cU1BLec3z6p7ijYxn9G9GzyHb0R8kbTcwUnFsP8/LGhN9Lx911/2Y66t/2
7GtZkv6xcttKPN4xDfSdu6Ymvjh/2EjvyvitWTXCMmbVTrkLu4DXeBW3SUYawjxi
8UvT441E6oOK669K33yNnj9q+YtuUWm/vx9oIICcv8njy44W/tLS74wXasF6T9nB
OdZB0NVb1cA5gCgkMyY96lBkTe0h0P5gQjU2cxuEsVc9FhEUsR6j5IGpPJAsmr66
HqUKznyG28I+Khru69SZnyewyvKMsnlCrMSMTsIDn7vfZmB7nDbwhSITm7t3ksfP
/weh7b31c9dq1m6Pi89ZZ1hCCSA/VcjpLT0SwbjvG6s7Z0JXl0en7Yxr+09RxghB
sfFSWHHhwXjuVC3uQyRMtF5PN4HGo5FI4tSqfWnK4ScVVEKXlSxKTIRJOkkyZTgn
4jyvnToOV6/ViCIEeub6qd/rU7H6I/01SIo60W+hjgqhO9CcHz98fH0lCoWK9+0a

B.3.4. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7650 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4654 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 837 bytes
   └─╴text/plain 319 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:11:02 -0500

MIIWDAYJKoZIhvcNAQcDoIIV/TCCFfkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJbkhyOXdRfPommHmM/fR5wusm80KBjfAQr7
6/aYU6JMSsiJo2rYtKTbj2CT4wHmcs7522TCWW/0X1bFzV/zWYEgWuoh9mKG3kH2
h2hrP0+Gbi9tn9x6LW+4rO19+sf7EDSfJG1/Ccj6GvbqwrtOmW3+56YhYiLH6ezx
dwQBIQKAtNJDyzBheQokcNWG34Rl/0HQgXYtE4mSPVM9vSLUW/poaM1CIeRNNOh5
4iK7rPRyz1TeHTKHuptJh7ecPlbJeLA1xds+WLcURwF4bfuwm/II/1Y6USikNNeX
r9yUgmM5NwJmDOi5KSkP/3vqku4Nm9qS3hcuPYAgyCcCevLSNpowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAYHnAuRcYKHvKEooX9+Zjky7e
aLYysQykdJgXcqCS2r3cDdHWqAfCPBcTiqUfa3xNzFeupcebCEtkL4OorfKEmpr1
3W0i2KVBzQiqyXk6rhiGEexCjbz6BCX+KTzWN0VqW2NuLXrUg5y0xwPBZbMo258D
iitqSEjlCCwVvBhSgAPpvxzIgalBK8yhS9MqN6yBjj3JJe2QsCoDYkDqDQo06h5B
3vFS4c0r/SMtE2velgl5+A7i95N8zQgCUDpPpFjgNpMA3hL1TiHT8bcSnnOrX0nl
EGbBcCRODkjjvs5oXo+hH5uLsbedLINyEVJonTrXFgxBC2V5+QfyNV9d8BLUmDCC
Et4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEE50xDQSPKs8O1p5YisodL6AghKw
kLsGjjQueBn11QH6d/AuIWaxZGb8QuZrGE+uHK2l9gHlU10fiTrLMpj6p90+t1qG
pFsmdRpxcnMJxyCyYV5ZtKfx2X1D6Cy/TRw5nTMJUd3wQB7QQSX3VZLitGEimlm+
RXLp1jCpi+PxqLm8rOKoQyvfr9XWoCup6sKvxP/dhUoIopK1stya/dS9x/s2Schh
lJDxX214o+3HvC3qVSAXvv4KFFi7sY9q++7+DcgWUzIYdGo+cThjBOwCN405Bj6v
KyW+Nnnm3iRkk6nqxxGlrg/ep3KRiCSw5BVIRPLIbLL4DFvnpLBeynfikK/OLIKz
RFOGNu/Qx+W70n5rTU8bo1mIf+Sjbm+hFxg7D13NX6qDlV2Dlwq3dLWba05wJ8kN
u2QPL48GRQwn+SZ+5bAOeH0w8fz6P6/+fix+EjbowAle7iqDUmZ1SsEQXsIKBg8s
uxKV/64VC2QoAZJEwjjfuJt4gl1EvJlxP0Ud84mMEdB6DCuTDRALVdVsPPJDifhK
A7SUM6t0jX5uojUKYybTxqVCI/IW8O58DqwC6qw4yeDykJZnysTv+Frr+emBiasP
z1LgyEBe1VyVWIb726JAr3BuKNNcTvYpnUkKzZKnOJj7BEi2FGrmxOFNKxbfuG6C
1NZ+YID5Q6Fi0f2cwptdM5o33p7QAey9r/id1rzpAFSq3Pv/uMokK6gdV8xldD51
X8QYIYTXOE0zIozGsKDLoLztVtb1DjmyIDm8aaTzNgbWIEFW5cm1x3jMxuDnW3Fv
oHQ5gqGj7ydG6/ymJ90ZLhgr82t4LowHUgWco8UII47+v83qFn1Hr/ByGro1xl42
+W/nUv6bp9nu99SS3N/vBwHwOYKqvUlxt6Zyj9D6a4h/9fvKXkEYNAHCwA//AX77
6L0dLWwleEAstS1w1EP00eV4WSNltYMTZD11m67DqXMUXXGQYCoUzLb/e/0dWrW7
ScDxJA0KJQENWnEqmCiOw1ubPpYqak1mhXhhKGxfG11gPa9LXUZ29Y+3cFtE6/G0
Q0npV2iiB7Nw2YpN1B2vyoo93vyfmIcLcRAnp8eDy4/wsGJu1tBVKcInAuB1Immd
6OaS9A7hRl/Tkd1t6L5jEUvN2v6s+bJTTdHOZfauj5K8Du45tGeA9WVDnyZylHmR
pMJlWPPU+7dEYV3b1d9m5snYSeDWu5qkx3u131xzp6VlO3qDapI/jsb6wLYqgjKp
0TAgeL4nPCtr5dxBVN4QPOivAfCGlkgc+oy7LxpszbwirDrUSa31PKvb3Waa4hJk
eV4nI/dXGavUgvPHeoYMdO9sxRvWHOODyxIp/x7oKXry1vMGOs25OdHtOH79PbrT
OLBdoW9SwZRx/J2vd6meZe1GBukJqHspbw1zfMH37Cnog6gv0HtgVxp3+q84zS3d
KDHLwnp3/CJWoociYEf8m+dpa3LAz3RPm90/Hoio6nJLY5vokvE99JBcdN/HiLB8
ZTrFYDdhk2qezGwAjs7+IlKtftw3QwZr0JACr8YQKatZwxVFj7PT8TuMvQeH9hyX
NsmcvesT6OkjNqb01skUp0ZEetw/WwR6EK1Cu96D97IVDt1N9ZzR9O3Hr/690eVp
lEoKlNfeANjS1nF9hiXO4UbsrrJ/qgjm+fKIQItOfdNWBwktiofiJ8aHA0/W2hwJ
3HwpFS+EMGtCHiBoVP243x22dUVoM6tvaz18S2cqmaUK0WbvCim93qNgJJhaNMYG
LdICSJymymhFOnJDNgNRBo4JZNuW1oeT0fjiZveYZWdkng4J/bzQDB8PqbRElzd1
My63RumTcj6wQlL/azfjjR4eyKAHAJqeY4obpzvURpvtEnmphxgbKrdEDG/Ynw/U
vYKObRDXm1/oLaKCfpb7sMcu699U4U1hoWeqf2ned8ObP7loPBnTHcDesPZqmis5
DCKrD7KAdAZZI+WQkKcDKRxV5iAo+6yTmXnfzjA7wts1IAG8AN0Qc6p8LJlfCt6H
TrXmNKOusC2JWt0NYzvFZdFXBH37kaEhVV18FEF5CeEEOVDQInSZcNs0W/jxyIIl
hs5H52PSEYfMTYUsJMSyxVguTiSZzknpRD/61Q1HfyuYIqcNhd8R2V2IuD9c3Zzn
9fRdWQlIvQkqUnSt7bFC7EEGMvtnKbDmrzzg6JZny8aWx0wOZnQf5VocyUkedH0W
60yEGHDc3paIMHW1bEFE2bc7T8vA1qjNYQl3DZ+p/xVY9PTtRi7wrnnIQVUykZgo
Ym1eovzGGLUVFsogBJOTDx6qDCWKUwQeyJJ2V0I0GIZSyvZaNpD0qQKHoweGcsMx
938BIvMe/z5S4A6KrC3O7/kxDeLiNCKyiTerC+c/vdmtSotgqG12UPJETT5T1izG
6AuxDuyViKQ+/nKbjg0cyUoQH3PT6Wq/dc2vyK6EPmH2x0ejp02ZEwi8M2Hl94Cs
VdjEhuiqXFzaDUtcY82GuO5CjhXo5jhOpoFHrjz+O8qbEsBV20TAFmf2KC4dIwMk
AwvKPejuDs7ppfE6mRdaGUVE6SXdX5+U0+RWFiPq/UCovH4t/UJK7azIWw34GmIr
T23ZVjrNeH3snj3FOZvKTi2DptZR6SjUz8p2zMdYZU2lshlqFi7dmnuoP7cVtkRR
mRPyhycGgvf2+eu7q2Qve57CvGfuhxLLttuN/vAjwwhlikTyrfdYC3FhzF7oG1ab
SUGRvcoBOUiIw0ra3E7qiJhCmjLI4E8cN7Kz+fjLx4n39u32+cf51NNQb2uV6/jC
MAjQ8asIkCmIjrplkKbkxMFOwdF3Ui9AvIJXXsOlFV6PQ0lAS9N4OFR6NSpI6hYB
0ZtSZwLcJMES2WuUp2zuwQaHV+kRH2oBpLwSWxUstTifXLWBNKQy+1EksdKMCwC5
fBGcXdmae2UfIoTPuepOsdh3xgTFgG196EE07WaZ3nj70jpIvPD5bLrznTXwqDXX
A/n5wrrUduYvt8X2zx9uy7JBg1eaNtBqArE5aS2tGFAfOyIUo3OWHn21Q7ZnFAIt
ZNGu++WJJ+IuJe8b1GdaQe03a4aH34MQeWTm1nYvccYKQe9YE3sWE6/7E+QB668T
rboqPy/ZyJkucuKVRBb9Tx/I+B0oCnMjkNsRYYHFlxa5MkcHax5z5ILwAFj7vGdH
8DFsmyjqtHEX6U547N7hxYjX8f4rAmJFg6z5yrmciWC57DGka0HZF70zQLJzPst+
iEjI6HZKiKgQ4mkLNUuHs7y+ww43mY1rQXn0ZvLj+tEVFhbiJ51JZ0QgpbZ2x+bw
sgCuT7VDwsgEXEKeTvEpfIg8hhjvm2kpfija+keGBq5zkXjQazVnkCiXNXRfkFij
KOcFJ2FGhmO4xxAcTYOZOFzH1vs4WHYwwoaCV5UgxKvUKeouWVPhnYGBXc38UB7x
RDxYluCRgiIV9iXlVqAXC24KnIDsn//b+z/RAUjziQuTD0ShlcjfYKO+wRglQy1O
WHUC4nYqdJPzy6Q/e7XCJGpLn6zNZwgNz0iBDmOnLQfxd/Rbp5s+i89xCWlXIu8j
ezSLUZeq7STPGF4pkK1BDz9Rmgmlt4PkJZWuusKZlVeLVAJToBpBfmSRGMHkCyJ8
S9NaXGySVaTwUyswlsT14UStoTK1TLovosnACfYf5bUAjOaDxU+iQ6orP7pixfiN
sNx1htGwh6y8CKNBKc4tp6jXmI/xllKScaqtM9YEYpZNBKi7f6kI/1q+q/L8kKtk
yan8ufIzk3jOQ25HHlSYt22P9MYDsgJU1XCzdVQ3AV9IkNL8NkukxSvEmTevT9MI
Yjve6UI7EUW7JL8fnaWeTdfT2oqkj6ycvGK+/XL0UrG/YAqHLmieXW5fOmp8Rce/
mfgKS8dbXcA4GWdzXS3DRMT251ZHuoRCiQZhWRLVx65S6DYpNWyQ4+aL5FmA3kRY
UmrzUX/cBxoXOgaiFxVN6yUihU0s91nTaxi72v5nKwiDXl9EFiC9RioGAHCaD32l
B10soBpFLhsjQb+BLuSNMhwHFjodKZ1CTXQiOQnU/CwgliHsFLoBFSq/PM22+6j3
f2NfthKuohoNGECNy5wgE8/Gtd2PdlQLW+0gUD/Kc49zB5LpNM6dQe6ncVMAo7Tb
XL4+uY69XVEA5T79zYxCVpbsQCHibsKnOXh061CAMTRqVBRswpUtQK5qNx7XslAH
udJE/4Qtn6mhLiNzVG1qxibh0tadmF5ktF71Cb2mtVcFzdpXYIVIvb/W09UsZdjt
j50h+Zm4a3JGDRc3noWKZ4I1kP+IWzjbsbjzHpDhFInsiMjPLz0+Jv7slgUjOPco
koV9FFi90VfXIYc23vV9d0r9Dz7H/xR8Q+tObOlZOibW4Z5Q9/0oMQUYSxyexvfl
1+zSCMQB2FMaqWAv0UG6SDuWIizI5myxBRmtuRhFMr0wR0DhBRypyW8r9v/7rpaL
yW5HfHYxw3ByyTDrQnpara4WhnW/8+bXqj3yMdUsODPTvZ/PjYbID/jignK67C66
KW3YlZlC5YPALvwuPMKNNFiXQN8RCsfGXzBCtlHkjxA+dr6tCg80FlZ9shPOHrVt
dbSQV0e7cwhHV1DvOEBNR4e4Kh5mPfJTpbV7Mh9B9T51Le6gZnW5e7aGMUrdfr87
6bkRBfDtI5YIQiJMeBZwOe/jKRmFMIRe7mLLCumbYdThxWXKe7TomXHOawp9+poP
XqTFbDrrkWSYb6ZbRXzn22J35a2AU2C21jsrUPBXTszLZUeVkOHr28NIM1hdeir/
Kt4S4e+ATa07WYRmH5QxqXfwZcEu9I8aQlaMU1+nLeIFCJ8d24yMyV4hPKHUPw5d
Nmwr91aYn1kVBBoLbhSuwXWmgRe5ZookpvgDHk5utSh5CoF4dhgE1Ib2sFV5vSIj
31SH8LvbUk+5gC2gQqJyzBFOHd7JSnabt2oRpDkulc/3WSA/90PGGv02e2RFPZLc
dTdzDdP8pWAm74ioE5sDbbZkCy7H+GyDsU9qvG0adZJaFUnE04IJ52cmP9vGUh8E
0ZNce/5uH8Imdk78weaNeJymZu15LTGngXRuDObAMHW1wZZTR0gnirpOpMoGNwZD
oULYJL0FEqMu8DygBVzwdg2hSIN2UCVyE2BdYiD8f7tBQcXYVC39uHln5+KEtigJ
t/vy0bja9jPmWMcsAu6bAGCQ24jGtdVk6Y04HPjx4GvSbDYQpSSQDo30pNQ4E6ft
Qa3kHD8e8pxF20s8EgwjiRYmkyPh6V1NLstNclAzFjCaFyfZMPqFZYoErU2Zv9IX
5wxqxTILDwuiGhphR7abXu/fuLFgxhAeWcSRDjr4K2PVH6a5/++atw7n9BnACcKE
dA4WkdFO0kOIPo2Fsp5+6nPLrXvo4CbRd46gLn5bo1mkWHpGXRwjUYDx/8IQ4R9r
fFSqYuFDTPkQnHNBLaGkE9MnCxcmjJLjwYVa8WJCRTxUH/ivzEcXVj7NSayHGWyb
uwoCn52Ef1YpYt+64w67b17Fqph2ehs4ueEdeIAGvgXIK0K7AnAEEcNZCe2Cp18Y
NfnAZ7Ic+6jwSNzCT7krSSreFRsK1yW7NqfGvmcIm0lHUqCQNJZz9KIcXP2Ql3pP
NJNSgOuOt7e2qu/nIUWudDNEAluoTaYKYFZ0DyZ70Jjj1FKw8YfP6EY41IMywJtM
g1NaHnQzJHs/jWGL4kGkiVI9QX1lGxraCSwsL/T6OcUfzP7Np1Vks+v3bCsyJR6A
m1tDejusx1T6dcTQiePhqb120w9Vt3KVnQOK3QrHulCr2pt5+GHvr/tRljYJbved
MSZ31P2VymO9RK+UXMl3u8wFrtgpE3w2dpuyukc2aG90j13W0QrxF2wplPUfNw3L
GwlSp5SNADzI8u1BxKcZEjn5wq9kkLD6l7hU5PSSWbxhDzL245P7XtgSHwvQkTk7
n/ejxFHVclufJ5n8EfQAFtTEqr+onvazc9E32LmxJ3HSIJV6noWwNyWFFgK7f8Cz
VULSMCaWe/pRB1TQDvFzbzkNXJlWvXcniDr78QjNP5egmJpjMkBCThQ23hgE/AAo
acmrD2DaJ/8Tb0Vb4CXupa06ygYi4i1xdce6fHLzvEAeKv4+4EMWwYdB0imG76Kn
EuUjK5oQr9Cz0RBHzteVlpVZyF800vtfubOVzuB/QKjI2tOwfkDx3hDBIrBJT0n3
ODnGdYO8o/dxwD+y/SwbH5z3ogdlipKYMJW/yxuGszcexKaaeWZYOb0gMjt4kS7M
IHnojtymV2ws8icjyaf0OBHYdcDXFXlIPwWgPoUymkWS7yJFr7/Z24kHiDSN/+Y5
4j371heBSS+hIiSSiGdRwsETgJ/llwE0LkF7TqxsTO5C5UtyQef7lLxHgr0qkDMk
deK7Bnc9vsBnx1u8vzfLoVLlWk31Azm+MHpnmAErCJ0=

B.3.5. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7605 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4630 bytes
  ⇩ (unwraps to)
  └─╴text/plain 331 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500

MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHDjf6b8nYADPvM7jm6fi20/h20vJSvpXabk
JPChxwLJxY3a33r0vWwEanKZo/k1fbkxXa7w+FqMEEM/3EsktY3BgsTBDC+vN2Dx
1/hX9wBNi2D3emJnmwEv8vOmNxGeg+P+vZN7WjM6kqVrUgEyfyRkzMo1o8YNaFgB
F/b9ss3PjYUEkN+k+Oi1Pyi3GIxPw1KoYyO4LXX4QQhTFOIje7b9UOZk6zeoz1qZ
sBQjrOnh2bKeSENwgaS+61RvS1FKweluIyE1OuUUvx46WQXVJ4czZmdnSORW0+nD
XbSo3Um6fzwO7Aqqbw82qHcg7sGhQWhbA4F2Ud2aM8p+zviUEn8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEARXtsiPCj7mfzszkuZ4d+30YF
Q2pPbJbLfhl6xEI171WNKwmLMtWS10oQ4Ojmxw+W2/yJCMtUbIr1gXWOlkW07ln0
ATq9WCN99ipuScfQ7mfB1AsCelAoxbEzGtrNX3IInAk59oN21SKltH4hd3UCULlo
So5A8AEJOdYnzb/Wq16ln1wOvAIIousVa335bEoAMco4rS4TitZKYdFnD4PS6tB/
8hUlvet84cSYqoFT7Bxz7TfnP+JksrSGrUK6dqWiFPJbbQHtNKmzpSM25Vfm1gHV
hPX7Z3HJiYpkGaYVmu89MbX52WeBrHj0BqMAk3ufG2exN0VxUI7j0burMpZ+tzCC
Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPvMKX3d5Gy0duoR8bPf3G6AghKQ
LqYpvTxH6buu+cekW2Pe2RA6jN+IBCcBJ+6cxCkvOPPnwwCJ69Zx1tMlcIVpUkuT
2TBdnTeSqCD68rvmVVJuwagJxQKiTOvRpxNTj+jUssmuMMiA0WIff/M5FFQAGJhq
d0JadL7CjuJaHYu/4aw4Xk3Mmw26Ptp2DYCzr316UksQwHW+OnDPX+BEfsc4lQjj
eup79OjAXl+11lwi1poPQrsB6TtxuIr2z8J99L6t4ZUT7WHmlUH6ukEeYmOjWIpD
9UD0VD7jZCAK5LE+YbDuoYuQ9vFjMnDmvZoyH5WAvSYsPSQSlM0oyVxEhKugQUIF
aKcp/fgnqcmtN9ko8QmVCvZpR7Jju84Dhc3Bpf/Y0ma0Qzqpu5IYcPmrnany2x+k
hDQaRsrJzkE/d0UJ7djUHuyeSucC9qj9Y7ch4RtWUjCKhsQs1BpFmAyCjd287CXh
a03YYg1/Z3o8D8ZrghJ3xmmHt1hCH+1SOBQnPZrPCOSrDkU4+BAw/oGPVypqYUaI
WJbk4xP4qi9EtLOHz8jOhMrgFlgMthbicK+kkHti3bA/xWM5I25N9mvDYjHHrhuj
0RcPBngxro6ZGrxvBYhXtSOGEn5RbxCeS7lZtAK5XcrAL5DV7mur+Ehp3NulTDj2
2GSNuneGWqYMMT8dvfG/UKmt5OdmOockk/x7UBMJ3TX0DQUxrJDFsUVUr1gbZwuE
5K16iZsNxoaZUi/cUaEv1ZHXN9GkM0wXNATMcbcHbbxxhd5+Zd/PJWmTbWK7Tde2
Bir54zdAo9Ojo/0AfT06nuQsVdM2LDr3PNEQ4aRLJzIDSA8IrQVZWB5wQBwS7Msf
2+CKkYwaWunIJ0DVUQVSg72bQ8xzT1NhuwfXIlekPECI2B8yaaZeLT31fctGzvMq
jodeOtqynMwWQBrmHVw1yHlagtIJdjEXVL9Rc7jOWvlqlrHE4QmO3EObEmQwmUHs
DA5W2ODPAuH373jS32Mq131XastFG407kZU6vHZ3HBtrBUmYHcK7Madx7/FYYEdi
tUa6anlBEYunHFs6srH1tif3v1iIX9UCqoruSGyUfwlNSXpIxEE1bQMigNu9Vgmx
8nAq51UoxS7TALdy+xn9uG0JH4JbTptWJqhnaDJfUQfHWBKTNQmZLElIy+Dz+BvA
GXT+V6Ay7dq0Zo34+NNVsnDa9rMqW/C8uDoCgADb4+JVQ2pwZgmki8FPHpXDKM7V
HX19hK8WGNYPmFot2aNujTRIB9VWFJhUCNpjgc0xhzbTv3V5DTOmCuXkrQHe7JjB
eR9BGvUs5KSjB2KegldfeFJSIz5zAEZYNeTkQVhAGd6r/OmYj0YJN63eXQCub0Lf
q920ok8k65cBl71HZ96fJqTDAfjA3LKanV5RUAWaTQUCg0OjGgNc1E4pCXa2G3au
VN9iES00s9wbsE2ZR8Hk7ysl1qFQklo2drqeKFH5pKI4bhmkMjeLIa2tzR6AxrnK
jKxIO6fpCAAvWXf9mRpuJ5YrQBqChE97AqfaNwE2CeSOkO4FYIXeOm6iK4iCFlOG
xG1R8uNt+OD/Z+6ODUGiogzH8GYjb1jDbLHn4q00hZaNiB9eCbP2Hx5ighKA72Wg
nGaUCQTTwS2N+Xty/u9HGXKK9jDWBrqTo5YhT7TQ0MiwjRAZSqRii4VBjyAQAnTi
ECS7wsAuljtRPChIW/JIaXlqDCTBg8hirddXSqgk1p9ZmClNmOtP7O7c8zxRhRii
NcgZOwC3DG7asJZGXQWoje/df9XTOgI1ucxmndRwmID6y3BQ7qCge8TubbnDHbUl
cAinpK16k327c3I0D54w1C+BNhwtRgtGTC3CXMsmEBqQ4fJDyvM+sLSNS+rxMhYR
K0WrOlGT7I3oNHSTjUQ+T/vuOm+b1ur0ziYTNnLcWYtPYwV812hDkuHSkeEXb7p+
HBJE87WtIHoYpM5QZSqWBTFAuMTPD/+3n/w3UqFq+xsq58QyNFU4007+u33ttYda
+UXtpu4iReGCHS4Ay151t57xFZMsXHVaTz7bQ3pBe6sEiXWP9uu2J1GZ7b0N7gWN
HEWmJkp511T/OuhmilfxwdCQFM2oJvftqt8h3ex5qAn4hHgipUFI43AaSAj68LaD
wQb67bSkJL2pMbGwTOFNkKb/Rf5O6ytV16S9CZJ+62Es002vE9b6c7uJQkqmdZW6
GQkKzxPR0ghsComJ0h81djW9BUg3qitlOz36GKDHU3PkmjyPlrTFamByceF1Bk7q
FLASGnS22UQzPS0iPpNJrsHxr80e9LqvMB+ehs74gDeQiULdowlcnlLwRblJJTkc
Qy3Cpoi5Vev/MTV+O2Kh3R5L86U/RSfBLXqby8dQISbEGUxIMe387kI2BjgDKV1R
ypOOGUBTneqpeBkzh7WZ0l713a6BC4sunMqkd6GmrD12V0/AWcNDBU7S17W4IQyj
sSNzMIeCE0gCVAQ4cJ5ANyqSFKwgbzcECBr7Ojbx3zsjOsXqSNvuZKzj4iQnbmvN
rUhVnU0a1gDozNXT+jsRUctKu/OYwp+MnporZrdMktt4KZ/E3LPWnLY0tUBcWgen
KY5ea9X7rPuons1LqMEMrLsn0GWQ3sDRw42vIPN+tmJUoeDTqfaW6knY9xvT7238
r1HcX6bqLLyQdBl5H9XOPEDiwH8dwYuHMlexpUw/oJ2q+qD1a4Mmboi7UYmaBTWn
t1sFSUAmwKt+H5kT1ivROq72KwY9Katrj5WBcfZWdcPaP1ogsF1sb41UzVc6Nwrp
MVjU+f4i6I1N13UXtAKcgwzUPR/QCQ1WfPC4oInSCeXnnmUFg/R7aM1uPVJOR370
5yoIy4T5p0H2I0jiuO1Nk7g5Mt4GulRXVx+mfDf8xytnh/QcQDmGER7HkFGPrHnf
Ye0fjorSCNfoaJJkzwRe+S8I5MjT0KDsEJlHXhE5HYMv1OoYG3bbvp6l81FFhIqz
EzkJKm6QSF4ucQFQBHhxoyPO0ck1o/XO2YSmEty76cNdgm0XDbqE5RY0dv6xX/Q7
oiNl7uNs+sCX/B5GXek4cSX4o4DpETAerxHSQ+RTt0uBGXdMa11MzXYzvVSwFu0w
DZ5gk3U6ol3u4d2ybyXb6FdJE6Xa2HECqY+8rjtAp6kH2DWT3+ZI+c8nRd6c6qN9
pDQU1+IkggGB110TW+Y1l2fvOqdFar6K3sNHRby4dNG2o8KuEYT/8ugX0vubsioz
puXFdGMGTtYdw1kDDH2jNot0LivJ83jCsHYHKho2tepBY03k5O/c5+/OUAeDDLeJ
BKj18gSXmSuxbdoNd6bOcR+8Mavjb1Uj+FUJX5rfeYaam2hGe0EUzy7xUTFqIsFb
3FWos6oUdW6Je2nBEqitj9JmtpOK1pQV/+HtGQb52VZ+VrfEhQAhb7AaeHTo3s1E
i9m6p+6lWTomxSefzXVKHayZ/M0VedRHba7aHrZoy6wq+QkpWGWzGmtr6RFoXJtg
PloLaAGIMqRhpDJ1ltJMrbyY53Nn2GIQJKz5pzyx5Q3Q6RzHvYBb0g2n8wYsmV0H
GzT/PMBUc6QcfWdNTIpQooRuIDL0p3iuNO+1CU4cDi5hiJ6MWKEyabsMqw9MWEX8
9YWG8j0fHOcyDaHh8L/kcv8kS7ZkeyULPrJg0LYGfCWUjhBuHRmjiAG1w/6XddgY
MKeSedAqY1k6aWbfgz6P3R8q8tnooRT+SSgafEf6FTL1oRqhcpebR3Cxac0f27GY
6s5WyMCMpqS56o5eUExkDHlgcY7en+SvrgJ53FbgGiEtX06F0/OXSTn+zqiCmJAa
nF1hCWkY7mqfFhlRfwBa8acf2zC6H8KVpohS4ysfpildCSvnl44YkXt0q4b1A1RF
Dv8/7nY1Exe8PbAve8ZMWco/ymkk63Jd566Xc+wNToKRYWPA2Otwc2DADreliK6H
Lh7rkX6ECjN3BouQjsSszZvKlUH3aUfGpXzR3QAPiLG7FBAI9VnRv6+xp1u7eSbV
xPQvaCQL4wpvq1esafxBe382ortk1jN8QkPVBHaUWbg/MGrlB9AzaW4MoxdyTiSH
40lXVci3ed7dMCdOpQo4yXiYzRGqUCAbXbQt9uFjATfWNQfpYkEJ/Deqg6mEGmdC
OYt8WhZ11YQGzOAtjbdjJtVbc8sqe9C4c9q04OUMQbBKeXCFn6BM60ZDam6AAUM4
gUf1zf/yuIuU13g4GJE8tQH4Apj3W/b6VDBcbqPkoSoq8Yeqq3qU/DVuKMdxUa4n
Mus4uc41tp5oDHUOr+/85OIURWJrW8Kg5+uEduYAmw88k6s8EHdmEcr08mla9ayR
m3pRnjAmN5vqrhq3Q403qXFv0ykwHjC2WOjmZIiK8cAmUG18H0JAbAcLyD5zHNIG
PbQB45HCp0OGvPhD9psTA6eRkpGgtxhDzwvFwZqYOYrDTIURWvhyf01V9M4ic4wD
coosKQViJ0GlpavFtNg5gD4sEbgfSfdwWr/91w+wewdfV9Jj2iOb12FcUSf2sqpv
cB6m06b3ZyRlcWABdtI1YL6f/VVY1omR60muzBhIP2jZgVq19DNh4ybqAHkjhHex
Z9EqQiKt1HmleD1sxtNKvWDkLMAIRmnxfrXkgWEsVw4kNSvx71kcjOd6nYUt5ye9
IIyIHxemsnbu7hEdWoaOba7pTmQy6I91CO65PcLvwUlC8aTP5m7IY7Uq+RUlreVS
1KcXieD/dXZ1k+TsC5UnCr4YjvCKLKhzSFJxEBDo72BrcHemHONC8gqvT68iOgny
GwsFYI6H4m1ZDUvJvMq2AGNgK8P1p8gcvjBhZ5rTlci2PugR+MTkV+F8X55sCtHi
NVZ8IcbctOf2OUd6hC29sKwc2T4mL2L1+aBxa+K69qO0ovkcoeEuQhp7Qq4GU7fF
v1jGl8AQn3MgDjK1gz2EoRfpV/ldPutJj9AE/6HNJIJ+EA53GttHHHmTITkaMpfR
RPRihuaXChirqsUj1oO/7/xSCh/N3YZqpfQjqsxVIUtYOaVvWXRRlKkZUByuc5dg
rZ0xjjkZaZKEfvwfffsIl/bjUeROkAPPRrRDN90kOuRSa6jMqwEp2rUtqbJLiNrE
Bd+WT9deckx1CA7KayNNnV4iaesg03rfB+D+vZq6NSvG64fBQR+Z3acg+EH/F349
2gqq5FU4XpaCtcP6u8/dDRKdXyhXy828ccNWJ376U3MGp0f2yv69hQxHZPoHH2Yf
MnpzSL+rvM3W7lmdCCBe5R0H9EhU5cA3IgC9CqWnW9i1UJlhJ3YUaceTAU7maqAx
AFEYkeFBrIXuFtPOJlpCF0hiKiv+ErAel8JsjbR4Uf2aQC7t7of3O555N577Kj5k
e8ACBNxpQe1tSYgxPtFmCHZpvSoca9cls3dBXUlGhhhMtIqW0EfzMIb3Yal/J6Ex
NS2hKchqPCdXTUbRg5N14Oyf3QLMaTFCNUj4F9QiKJF6GkYpbH7WWuiGAkZQ3Sfk
VZYAoVx4Jpu2plETEqkpqP/y+ZCfYEj87aBCffr6KMZV5Dph2Prgk6lGWQGPxhlH
b9yF43oTnrNhHvICmxveNRhRVNWNmGpCNqgTmzZYCsxEKauBaz6wE7RVC3/zrrjD
lF97OwVw1JZzKXDWidcNhfZhRA0fYA4PwribzPsPQL0R3CjLoguFBg/O+rdjs55d
4O5UFNk7h2ClnpA8IN1dnmJtLCTd6o0QWLC9lS3lonmdYoBICIqbrrDW+1GiS4Ss
pWHB9IgpnieX1+wbEGqtdPPe3+ePW/gOZTGnRvGvZeZbvHqrCUoGsqldBjwLBvD0
BAHwRFavH2mj9QTxr2bZMNtO35pfh0TnQ+cYnvtX60GuZFJM6LRydzWVurZXBlLo
v1Q8PvIjPUEpAZx1k2qSRKreV97NQU1QknjdcXXxVQCef6J4g5Y86CvlDPzRE8Ou
lxfNL1pfhQQyOQ7xjM2LCDkM2/o6HHjmqpyiH0F6sg/FklAYysK20loKgFQdi3dC
lO9V8L/2Z0jZcA5gr0GWc0/Hu2T7cMeK8MNvOsRpI9dUQY5P1nQ2o3Ea/vj2qvPy
Zlow1vZxNCYyml7+3AcsWG+W6Z70DJw1aOz2HAHiwPklH/U4VJtFqJ+Q000FmWeE
tZkFcKcbivE2E/sBQ2fGnmf0ZF7fAx9D2CMXmoq38hJeoBasdfLCjIU3O+S1on1B
IdVeW1nxpigFuyF198kJDuWcRxEIFJk5Bt8yG4KWyD+4R04NK/CPS56AyPoB/2CD
lmLZUeWYYGrqFER375gyRnCgPDAircopx0XiEh5ZGox3ml7/QdkHXvV8kx55NLGz
dNVeRNDadBm/1OIBkWpeQ2CMnuJHsIGDlfYtC6N4k9cBBIHfh8dItE6BYuDCzcas

B.3.6. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7845 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4806 bytes
  ⇩ (unwraps to)
  └─╴text/plain 420 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500

MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGXrH1WNm/k3nn8sEvr1NxWi6vN9dWkgNKBk
uyHpuWbmQxgdsC4i0rQBk0W4XOaDdu5yYwt4uzqqfbIlgJQRnFfNt5Dj0tx+Wqxs
/uK0Fp8oCFZ4pJQVyX4idSfWvbq6J3iTIA0cPHBogIE4y8mMuByXh97VK5IGKvXc
RDYnE9vsYJY0Hpm//5ZUvUcNa7PeIJmrv/eJ0kjxAW7pa/64ni9T5qP8BKHgvcJm
YFYS6zy4UMjRNEftjlGNZa6QElsy207BIZI3Vp3I1nvBCZI/Y6IHyN/Z3dKLG+Yp
eRhvtvF+PO+YeOLjm+o76hCIkJx8qqg3EYLV8dbbthK1aDgNO2swggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbVIWhJ9+bVLKFMdyq+QNi1mn
qFxMKKidulH5s3NmRCYn9/nu82R8k+r4+FeVv+mrIIH90rG6v8pJZDFUDkG270Vj
v+ZmqsJLTuV1xsS8p6sOi/1sdoHC/GBLUffalroOJhRJ90aoSYnM5b9h4hWxYFi2
ai+WG6mgK7A5/LN1OW5em+aWzWNjoDNDzLAcPapv7ZjeKA5loyIutbbl1Lgkta8t
b+hBmyREyCb/Qh0xS5ikztPqgDO2n39erubT09E0YzvGo7RTmb1DwnH1kW44Sdlj
wqVIwRlX4oIDLKMvPd717j7wEplmgAHCWVRMTs6E1cjNm+CezS3o9S+6CjkQSzCC
E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECNM/iph7panVLTQtINOBe6AghNA
Qo2zwm6jSmU3io3mCTlOe8vTtf9fspgytoop1I5ZqNb1lqgiz4jdvAbqYVo5nnw2
arDhE1C1ZaLGxTnRC0XQbC/b1tBmQepeQsOYizTIj+LdcZLN+M3AymhRPXWc0H5n
wibbdCxS9+OPP0B+QGfH95bSynkzdmD5vIiNuVGFm4FQOPnN3ZuPxID/OpVTZLAf
E9JN1SRdxiyZFDPNA1tduk3GVRuSt4Upb3X/jfTe6FhqDjFKCx4D1WypmTR9Ivba
B/+DiM9xrEry0mv+5eauxR6Swoclp5NR1jSWHCbD7g8viF2dVA01qefOm4+WwMbu
YbhjIDZtfWbNcYKtRnGOB33qSS6+K4Z0aPy0q/ACNzi/8srbxY+jRgIqimXxMCjW
y2hmPPct8YYx8333wLs/psld/zLowShPRg7Fsnj0HxDP1AKYbW6ja72ER8sDONSl
KpZ9JaHclqk9FWCBSZjqM+cChupgq74LYakwM+leXncSuNs8uMcaZYqrqM/nrigE
gIQ0jYOPBVnmm2SAGOdLs1exex9K9B86w8zNJKYuZ17C7I0iicM1kEGl7UO+Wu4V
XmYqLW1E9QmF+LFqXFQlhBbpfkRUu73us8VCyLN8aaM8Tkqean5cvvC02LFCySfp
hhQIPKgNx7ccULAUatdK5si0RW1Hg94dZW5FBn87RqXKLoUYuck/NZs9r2tSkKCd
VuE9o90GEQwhWvcZYiZz9OsPY4NkhMHQ2Mz8FeVPmqEmzRlnPJRBgt9ti1d8UfMa
xzMfNZru7RRMP46WvpOy2iGvCUIDwaoz9tY2+Q/o6BYrOn3Fdd+HRIk3PxQERjnW
UGcZtWCuaR3/ughENO7RkhD78sLGXe9Fzqj+CT6XxPRECtmd4SDSE9SpZTKB7rnr
fK7+Y2wUf8Za0fZjiqtmfoLCjG+58fPGXlcrpqDbI+iLmXo/YaiEeLr40Ifa6R8Z
pgx7Qni6iVHLFHV2xUurrYWQMqtysGlZV73kGMkIdfZuljygg2aytx5JvrKk4XlY
nnS5+N7yX9lI7pDj+k7kFJpDG6zEDiHyMtOLgEARvI8a68+6+oI0/QTi/t4aE8jz
xfQNWWBDxOqkJtvV7437P7D8RKJ5fKpoarCD9haO/WkZhI0zoCEO9Ii33x/Ww2n+
qbpfqiVl0FarBUwm2Ch2zCqF9n3xYHceJJz05UDqjn0i/obgYVYw0LHikI1Lg764
hy7xiuD8v24dOPpLBbVBqZnVTn++QsIy7UgkDOzCl3IexTSXIwCj73Jp2lNkyho0
NIZRo/SJ/otAG/qMzA6O/hip6tk1qo94Ku0/y2XtdTc2NyKGxwWN3lB8XnBIKDOo
V3d/eCDvmDFm1oOkHBtaa5Zq7c4uy6b1V6tYbqOoQSS9DECTKMNcQh1aG3V/kyCy
ddK8cKLDVPNXzjZVYYsL7/0ATa+iwjR6UpHzLEpU6BQWpPzkc6rgi6ornd5iYN1T
9DyxilBWz4lNVg4XyY+C8iFMiTcS1/+wocjrV4/rReyDX8/f7IMubpwtxC5Joe92
bwrkHg0imSBZv1oiZBVjORNv/QKD4jZhfjMDTbGTuMllowR6Qiyw0vgWXN1jbjP2
R/HcWFEej8HwYWTR9RUEB9GFnxPsDmv2EZEF944hp7Ic2JtI1M/eKc0r3VGnPIr7
q8L/4kMA1bE0bbyCKaSTskVD9+81+dNxWpPICArAutROOammgmwBQmjsyfdCRaCX
Cu+P3HoDV11s+Nu6PfoZGjEBboaphvAkvRbboH5Zi6i5uw98EXbX/lsuBj+xpBeS
4ChlG/He6/z/et6zfnewQ7VVcmUwi3q5xIFMCMr6/w3uO31UgPuq6CqMZt7wSid4
78SPQ03EmUeAtottuaKyW38pUiyfzZ7ZpBVuPCE9MXR9H1B3ccuGNJdtUcPu6UBi
ZZrkkg0ahBF25NNuTTtzx7reETt+LfQXQlljxYO7qfoNa1VkJy6ZUJ570ITorgoW
sU3/W9sIujanCYHtJVHjnHnFYFasbzkS7XRi/mrPx/P3R2f0FQW/LBJ2CMcaFxMK
JkpfZVBxHgHmv+g4UFnyECawrxDXoRuasd2F9AvB+YqkDLLxdHsbBiCnpjjetZyV
DSv5Dlpr19jrfbgqb9OaQVigeCZxt1WXV2nx6UvU8ZVfmJPb2O2eBiPKl6GYyGNi
cSdQYzy1KNR4Ge0sNliCYOipwAYrwcDmcT9S3A9EaTqy5qh9DeCuaHhMpQMrRdeI
X7KKs5Q/8kSeLG2e3FqK+tX0HBDvJOXPV56NdwHWtuysW6p8I6HAmQZLG5e25MLQ
UWkStjI9ot11X57ZbKxwyb5FLXR3dsg0RD2ooDQxIqxulErogz6QSgk413I3c4Lc
YnE/ni5a0FjbSk/GozWoTfE/11FRKJETL25KwMSo7x6jZSnOQVKFR/z/gNdV0zsi
MEpeExLkPt8PYVCLHJ3RNiLEGZBnWyYPtf2+SAZjNZ16GlUIbOXlCZxdJfQYP0M7
LNmRF0eBtydwhnyyjm3e/ub+BgtCDJCtYZZLntmZLbFIfFDoTUeLX2Yz8uwRvkKo
tZY2yd42PYbiP3ShlxmIWrYllzlnmFRq8ack/ooosUxwmu3QOAC1k7Uzn0OqdC95
X0KZ5C2UMD9O/+/2v/bFohGg7FZH/kFjRUoJHgzG03dYS5fsr7sUQ2n4i8qmNWkF
cQhNIsaCEYrXQcIaUOUYjn34GN2UcStjCxEN1N0LWvXc+ri72fTVFbO/oHEPdOLe
gJUNg+HrBGZvDdjLvXh8+XaGYXhwD8sJR3ZnIjmL1N5ExrUztL6lY8Pxvi0TnntP
AEXrJjxMX41WzZ4dGQiGko4GDmcQxz6XS9qRe6V06szDcD1WMo8K6XZYFSeogUvk
Frw5z1occx5dw1GNI81ju6EjlfzJKyyEvbkSGFKh+KoSP24u+rNDR5pTXvgrZcTc
8iBC1dbgQrOfppXVfV8/PSjEM12J3a5BFK1WtHHqF4uvhUaYSc8/i26bW2Oe78Co
bFqTac1us6O2iHkyd8a5rnA9TOzN/2lMh3Kxtlddg1bIAPvrHrAfMEp4LtBQqD6p
ztbsFjaFJ38ErhFfyUNIFm8RpcLWFS51MTKHkhdq4hFgfYa3oD0QAHeTmtMydniy
sB1VaSFiihGPdz0Jc5DH3ctkW5z5PoKcjGO+zInaT4ZQbIxQeXFofn2wOD6bEbk/
REar3MAKFvpYGVHrtRLnVhBtvzF5YBl6DDm7CA5uwdOuUlq3WZixz5T1N1IxQEwc
9giATZqkns5KMzd6HUzCrSCxRLK5pyDI+0wDg1kNEl/Zj5esdBV70XtBE/PwxM5/
WQJEhHmlBDokH4wFQ2P/MUg0l7DEZju64u8ecXqMMYV2IdLZUp4YqoStSIk8j7/6
hYBrI5LmC/Ix7h0UZzbJF68i7NgV15jrlraF12SEk/CCuAu28xtT8r74egOAwNbo
zi/FeWIvtXL3Yhf8JH/ixoq7VIDucmaeFNTa67z3AZnLvpBluzevUU1n2/oHmgAD
c9nGegB6z5oqYxuqQuSQgMbwwtcYw9aT3vu9Kp+gkxqDPfeegVTFPWSodXD+WBWg
+wQD/alscbM9OET2jjYen1kbiwGbr1wYqPaLSlhm/PaSDCE7bAVjNhtm3m/PeThT
C7OomaXsSiQGJYU3JcRGP1jHAA9WQMflsCimBfMFrv93VkJm0LdbeFeCunPeV/jA
Jmvl0Cp0jBZMbFrng3P+kCJgqVMO5tOZzclvTFQu7FhgFOxAdC2S2RWyf4F7uYjD
SfIize9a56bglabgNitpEQDnLMDcPEdPXUNve3aWTZxm/b6GsqDjw3xdXF7fHwHy
0H1HB5iZnKrIWEKEQ39v7kDdLxKN1S2QjOq67dK0BsJlfsqeXndO+aiVfX+Ba8V9
79w6+pbA3icZMxmE4NX7wwBDSH38ApMrlXxyi5RNSCT7IYa4cLxmHVHyWWm8TCtA
N/vyBGrMGWZWavUUVdwk+LdU3PiuyOXR4KzegQan9N4FQk5UJtl7hyVfL8RSocom
3gqxb6kp1TSlVVi6jEBiMVaV3iIl+2L0MgLsoyfm1WD3RYkvh5+IMLXSotqyHRVf
U4ba+gCxZl6vURbjl3xl4JMOOisTCXBKp9INr3eu0Q0PQ6rNbqx7Hp8GjJx4sXJK
IgtRP7k1960vtSqMb8b8P3l/mwqvB78UlawDr7CPgxeEII5liB1zcXIULstXNjvK
X4P073MAonSLwx7mNY9xKDRuPtDWULdgi5pXgs25MY0ihsN6STfI0B+TTC1WLQvT
/5UVL3MitLxttN2Xx2m13KlM+hmeOihrqBKZhgZIRrxMSde5auXUlRqlcN9VOBrI
kQDKJN7ep0p8O12R8Yqa6jeOvohm+GU0V/GjCxoilT9oCfhkAAB4xPpFCYEtPGyf
9JAe/NOkoTGE4LBzBvGERqBa058QXgQ0Bdt4tEVsZMdCdFWyBqjdic3smHV7TCNp
2UFw3fgFKGb1QetyuQkF1gdLCXf0U5PlKpA0G2jh7cerGQZsXZxnW47wf1Ndgw5s
9GR/NPdZgU0VZbJUN2mcFz4G9ZH529P6fDCpBdHNjytwEkk5PF5FGKiTbyufN9d4
rwNnswfum0xd+iDDVcw62233XsiABn7cTdIinAMgVFka5nyjer5rahKb1LbpTfoc
M7UdiiC+v6jCeKAZ0LLeFcDzup+MiVZ42Ej7KELseu7DgSOz6H+D0irGKJYRFoy8
Kk005aNSSKW4MZJFKnFH+k6jbR7e2QBR1Ez5vZi1sll7VE8OfK/dig42iEe0QjCQ
a2cq32gUJk9vx1XigKb1uXtnLrtgygNsmuTlwHaRZrJETIVUn/v+luj0Ork7eLSH
ROuUdaYravWkRYwMbVSXP/Nien3DXvzaxH0Yg7cdWaFP9RTXsIe2N3SO6TzKgKgP
cVZ3qwiFS6gt3oO4tXqkZYmnj1kpoxHRYCj/dtBywX+0V0oZznm/Sib3ldnHBnGR
ucCCw37DDKxad8H5c2NSDOQ5s4slTuzaf/N1x4d1UoKzTCX5WecUJGIeAduYjdTm
ZBrkkx+qPy6DvnzWVL8CaI3zfgBLoLuqPY5WRufCp9j9raLTg5XWFGabXFzQFR3Q
a61HhRCp/PihuQjmzB9ptTYaAT8JdO3rNDM8Dp7gHC/KFkbZLvnrhZUBLWuP/YPD
T1cKQst74EmxtqvkW8lG3h/NZZ7PoMRyL76Uq258RNkibjDhwGQKGWvHL/KhJXZq
7OZ8bdceHcz3uFYbV5gfPAbYWRgYtctF6Yg/OeMQBI7g0XTLzn9famG80pOiLGlV
pfWUsjkiX5xP6tz6zyvS4d4QpT9e5/fB/PCp2XHEwEuIZLQz2uiqwuwnDnOmi8G7
I5cxhgPBZA7v73VBmLP5oJ71P5SmOWfAPB5xPXwmDkxhpg51s4OxDOqvEakQTU20
udBZsy4GSJyusTkeEy+GqXCcspEuJ8nEcJ7QlUTt1lsShzfiVaXa12+U5CB3kPen
Tv44U5XkQpOB7Qny6VkmSy9C9FxSagQfsqhvS98xB+zZ+JFvSwpfFQ/1Z1wCkCvS
FjkUBep2DtiqWBs0FW+UoQfo/hqYqEtYSyh+nmOJrozT1wfBdxLkSvH3QsC7p+Ia
OaPsIpTl+8fwngzxE4CBOLHEuyQt8BrUrb5mvluTjATicxSe39A6sDqPK9HXjYbb
5eJfY2TT7PvH0S21hEdUK6KX2TPFgfam/KETn1wFZxFxf82jCd0PM5WQn+COYkFQ
KbQgsiyDhd6zqS4o3gOF9gFyRAA6TtaTygaR64kTFsqWWFDA+V21fz85U5Wy0KA4
/s5Q11MJfrYHWIn2MsBYMi52Ac9JqK3Fm3uVltxRWtNCmOZCuoJoGePlVNUfA5/3
wK4Zs5XERUmVKEh1w8DMduuRbZfVvBmE4/8aCjDCVfbvxNz7s+Sm6mvTmDh3RYUF
ycMXmp47bO78qgAj9hzCcYtJKzbYc0d6OvLKjesGXycWY8irkjwzbDxVcPghoYGZ
xgverdClW38h52/Cb9jXtYFek/6ZTkG4tmzJdwxjqcvMsoZnmpNIYVRRb5bTLmRL
JI3VBioAc8D5YsgaSmd97GnASRCaS2sR2zUfSE1mvXiJr94LrcDyfk86P/aHN5Ly
9VhHlyhjtILy3BOt+uArWFjnIEJ7LxHd7DknIYQ8JWnxYQyEJ+4zpIkS8weBs9bP
BDxwfiN/gUVj+PbTueLVR8VgYzta/yc0PobG9liStSiQZdXoCzihjbctN7WbYb9a
7O+E5GosuFO3VpWxchFXWSUziMnI3Rn9bjzK/xEHMgMe87ptvIp/J7dNwdHCYU2z
dOi3aTvuK+9EcqUKl4k75wY+sysg/ljl+YrwZ6AFCOJ0q1R4Xpsu0GszFGAh/Pgc
HR9+sS2JY1U32Pw6b3c+6PMohOZzb0i80GUOphN0SDH+bbKWejwca7Tqee6oKHRC
w/zoutXWDDK8Wmd1JTScfF/z0DjHa771J+7ypwu+JcDhAhjqWWMYJ8G89fq9CkIL
v53RWDv4IhiylEv0KDaVOKDVJ8OpOIc0I7SCiZDcn5c=

B.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7735 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4712 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 879 bytes
   └─╴text/plain 327 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-wrapped-minimal@lhp.example>
References: <smime-enc-signed-wrapped-minimal@lhp.example>

MIIWTAYJKoZIhvcNAQcDoIIWPTCCFjkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAC0HLpsnRYDPYLGne5TqickK/L3CfJ2N2j/J
7ReG6GWzOlHE8ioJSQ2z5KpDMT5vM4sFFjfBM8WWtVdvXTuJUotLzYO5q9AlAtj5
Ybve+Hi5MrqlJYfjzeQE86FWL3LffkzJJEDFDfzrSPcklcxXGVq4J0bQdihSL/PO
2p7qCwUFJnJ4aMMP5ZyVCl5lkloMDJE+UkizmrlCEpoBMSlzuZ7IrtJ4TYM5SOfw
p6CcrATOB10BPTzNg1WyF8wj7kQNRGmxb2G2AOSEzm4gMIoSHOWymvtrWXHewV+k
RT2lYbGCDuiPPiKxsDUxpez09TLZLW9ucYyGaFOFcw7F8R9oeYEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEApLWrVgW+qdfk2BOOaVJUfW7e
mwFI2qANOgIq5g3XzM10j4dl0MyqCTRa/MLfk+KkSsRMnS9akA9u+LOF9qTDMsmu
mQvwzqt0caPeQaRmidJbOdjMpJrz7ClWhGfn979pFvkEK5IKjOTeIPVhy5KWS7wk
qxwEX1A77rO43mrS5rE/+EYfcRkMjMe93z9Amgcnzk8rJMEc3LeHNyPgOUDmTFmU
DuMpmY7GZocuP9Z2Fk7EG7IM5gRP8bBT7vzqFoloOTRlTU0ls2I8D4AJb9RCvfmL
/oucf3OM/h5BA20+StiYRyf7Bn9JiByMqMwPkU2f1M1uvLipAhGFBWwUZH62DjCC
Ex4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJ2LLAYP+Mn8EGz1ZGxcdS6AghLw
qGBa/kSjmICp+Qf+xNWNXqdVHQvNVseCMr7sCPimo5Aou9U0b/5/5QTBSb7DQGrf
HR5/Z5stYpvioLHRMzGKbiHG+CM/PcuJokq7TtIH0nzuB9ul+HUo9P/OKznRsg0X
34VVy0bomiGcBwLNjDS81rzmLBlZ4T8hleRUugO8XE6yn+3lnEgR+Fkqjc7uxvW5
qP2+XngjL+eodMLtyLr2a0RGo6gS15IGd5dnAY3/g/MUMV8KjvqYKMIXTBLbOipI
RZ8LI10xMkZCFMeCVB4rCBpPICL2GBhNJYT5gqfSuFkOzPJQV+0UuLHRGE4Lh749
AJv5GCH1Q7Fr1x1FdZsS1p/jtiMJPeStTMxNbe9IAEgANh3GRCV7lrS0n4UJkhZY
gxkxoktH93W53+nNboYXkBerjtegbo5mt9OxrMCpi1YEolJTXXgPTKsrBw4Fu+MV
zo8Q3Bq0K3X6dvv4RmmKr/d/BHbLCFhVLLwBzqiBnZep8GU9xNZX8hmqwyYpa6h1
XlsDq26OUDNNvNBF362CDrk8Fr8fqAQpausovMHXoAqGG7ElUMomHxrYngmIdFKM
mPR5XmSTZweivv6ufSewYqVevu8jpU4TLEHkim0NSQczuEtyouYI6mfjK8vgjvPd
CTX3IfKFvS+eIY8x7XaY7WkN6Ziq1Qz5/NQhTS7Ij6BspqiX3z9uzp3nvYW9AjDM
39B/4rdpj8+7mYNYKnV79081hY9SlOUuy6la2ZwDy/mzYqGcwHi/r14O1u7MEEtS
tsG2lS0zn+WrgwPBjZBbKCCJQa7cWyeI/p+l4PN6R5qigK5CreUVVpxg1Y4AGH8M
bpIRTfpWoOzLuIToC7nziaGkejbDCQj6nvuTFhDzYuPADNhVy+S73w5FdSR6kc44
ohrCq3nSnto1x4sF7qZc4h4GSXrjpDl6VbQ8Nhltt/mcUmRQNbASeBk/ytHRGIRm
BDYRTabOyoxva7xcjA0k92HyRsYRtS4HBJg0dnpmlCD+igKY2oKUC9uA/AswCC+k
ttFOAwlbEeeWyiw1ODsHnI4QF2t+qTCV6FCmGapspbLgsYPgf/ScszUe8t9CZRky
aApgXh1s+i9ozfNPu4bbMrFEMOnTKkt3+xPqntOWydnOpSTQ1FxfbCHT75QIpGDm
PhMbJ2sOLWo6iNx4mab2NOiyhuDd6Q7YcsCl2WgimZVIBh3E+2S6oRtGZ6ORIcRt
vmLTOmY4O0yN/FsSClkaelKUvIiVVBJLcwMZda6rpi0y94uD4Q5GvCVi4eMtTohS
8kEAbMKWFREQ9uHFnAeLcvaEabYioQkginoajbk4e91pQPSy61mOZHmDr7f3fTpB
o2ZjFwdz1ul2ZY/wJhRxJAOFGMIKq90tTmDrrNSw5YZO1ULpL6QPomwwdaj+fw8d
x4yuTDXRNazY7nIARNbIJ3nuSVPfK5w+8H9IlhwRPXoghqbFQeaoFQzwbcDSzszU
LxLnx4Yb3/hjHpT8pO2KdZln7Q10mx7Z/aSsDiAmp4TyNSCN9sNE9DTIslitQKG5
BI8KpVfQMQJn1GKhRSkBoO/qmctaDOLtQHQdYf0zCByRVen+D1z1rm5PG3vRMc8t
VpmGEuxsiWrCDWimMVhfp11ow4Ax65Qh341OQq6fDImbfJTzGzXdmbDwcWOf1ZFr
NXvUSzrJJGOc2KXYjTIqkvAmnZoL79Ba9hKK6Ap6WpW2qILhGqnbXTxAO5BjR3FZ
3ps2P/WSfj3P/5mdHUm629O3FQGne2UHSc6xuuLIY9hJwF+MtMq3QvdYmf0u0gzQ
GlX3fXC9fCLSYRtzMksj7DWlaqFUoDuqMbmyLUqbFyLdADcQL+APcX5pL/65Y9o3
fa1/nGMc/NXncdlgWBj3jJ9Kjf3pgbnvut2yIhcWof7ShDNtFZ++icwEOiiFui2m
wamsZInDu+odCuCC0w2S+qmZkgigOUeMtUbyqtTxuaz09sV7o0OW4LRqQI8oQWNZ
5Maa/IYG8e+g6LXLbhLSPgrzP4LMR4C61ano52fHmQlo9RDurMM9JqwMu5xRxuJc
o1bRhp6oR0pa5+l8Ss+AoEZJGW/MQ2ncz96/Whuwgq6iUSbnXitGFw0ba7NXndHi
fhHrm0SHTPqWM01qmUAZfk2mhjwpAxvXR+9OasQIv05BCK5sF3Gk+F53+beam70m
hY7GGI3F/Bg//iYpM2bAHzH/fEQRGaOO8QwxSmRBKRYyi+ucSsnX3y+nbzBPqJGU
gdnvJ3BnM40yrdF091S/zQZ4HjiR03OroUblPmHDGa9mFp8C3BO5x5PGrNjnxCvZ
riaFRmMBbscetaG0z2Fa3ZjGM+C2swhx1DhjXnpXJEVoKT3DVpk+5NeORSnvEGAP
jV3qxja+DIrH+p86ztyKgdxyVxsm2GFqmAq3sfARbLQoOWpD1ieWdDbLMlbt0lLo
dNHVn9fiaJWgnASw85MwjdjOjSMLlF66p6C36z3MRwTqT4Xj8jl6ymK543V9RpL/
GbiITETdqZVh/WDWcoLHJX8QQYpE7toPQ444xikrWIl1rDWqTR9T6jDJMtj43mnD
2p9MQhLTcKZLQnEmnG4ZPzFiT218d5oI+ji8BxZy0fJ221HBZgqa0mq45ga9b9RT
bvWdtlEMp8XcnFHT8IaVPekr2+uROSmfq0XrEucN0EGajIX6JKUq3rCEWZDW///K
zC+O6AnLvN59EjLzJqgLGWf3dXbnPj2DDtfnh0AO9Jf1CxeoBoZFA+PSzE5914vo
QlbgE54S3l7QEnlDAP6PY0HHaZxVvPLlbta2zcw+r/gyznGlDx/qMYEaIUkxOXvb
kD+nf8P51qDqsSw5dE1ogEO6wISYF1MUrv4cSDb7X3tcVbDl7RIckamJhdFHECFa
zr0f5oYxh55h6UJgyp4ubQTRbIef/2hGrWMZhB2a22i7AJ/6knqNeZEzkV6/FH+Z
Ry7vsWDOZxzcrfQFREwPyDYCWisxJigK5VsRoYbFgBpg1muM7V7a0X7p0r0PInr2
4I2zdlknVdUzYmWc5VnFFwz7nPhywm7L06l15WnKLgsKJRx5gBP1yCD9/50hK/o3
7gvxEzILnwhmZJSznxQAnLrMPNFKyuDXROlIzYr1FqbfGn177oknTnR787HhEFr1
g0nIkgp2XY7SHa8B7ilBzUH+A37evhZKOyogoKCOOqDhG4cMW3SZsVxEE9ZdMVdP
WI2GOIT/7iG8Iic63RzS9IOXBaSanS1mM/QUzyv7XvwpICRiR7xAYmcxjoHMEAbi
sw1sq2wTIN/WuAzGhXrPb4vctoX/xuNnMUdfF1d/pST+/pxy0ZxbPgWLjOJvDpv7
KOujbu9d6r7c27wuqBBef4NQPaIpejTpwcNFhHUaA8vp+K5dJXwRTm3zz6VF0ceg
aR9PgB3H4NZGQXTJ//B35UR4tYgNwld6QZribkLoSD60n2mnDWvz58s2ONTx17EC
qVmY8QeVMX0PKuDmBCFgdPJH7z4bJ7O11y8Rze365VhkR2hdWK9S/7nkuZLgxi72
oMknY27uJLOlWMuQdRhrEQP91wpgDIUaKCdITXAEKsWAsjFPt3h2UOxAg5mgiJZi
iXSCPCjWmFjXVI2iGA9TeZYbYxLIorlueeBwLAq9SIgP6mWvn0HjCX773GTTx1o1
G40Y35Ew4blTEzZvVqjsmpeiYJ2yxYLygwMrzE3griC+7+PzESUF/LtUQWdxvAvi
F3Nq32gMy1pXm6M03SrBdDgY206bF8AjyjkZvDbGZMDv/1Ha3B12K0rcL74+rJvd
J/uKU5fvLIrjWR/LG3e0dsgMwdlaBiVpHuVXfW3ATIisOGaYbNPK7EidP5OKxt5C
b0ZBydJioPuiIqz39A0i86kD2MTgwIaJXt1mBR8bQGfgKm5WQvHuVE+2yL/zmULp
Zlgi1/pjBDVlMeKNvNN6Ed9O6NLRseyctPbvqhL6AXYMav69atZgpeaivqRs78bV
WWYPRqhbyd++UYvGwTaUGq7EJqV2K7swjR6WPjHBB4+lKtNpTxjKo5Ct144AyyIe
rWiRoKGi9TC84e7bTkB9Oc239iKsNtrYT/wiEVhAZ0k/VzV3S1rMqSx1/uCkGXf3
EzgXBuZYQi1kX0BERgBUTleOJUrJ353KrGsQQuhXleCA7KqazF5y3VScCtm++gS6
6OxV3WvG3dtA7RlQ5l/3T5IxtXL7SOzoF+BMwc/NC2l3KQsWAA6WgdJLadZim7n6
ZejB8YYDCEoeUuu6OWCuop5rgNvQuendKFZnUZUEloEwrJpCY5YP1hJkj0DkQEcq
6BN/4jfWlLRwX8MrOcRRytcbMShUmIPxR7RqjnVeHZvkbQpdOy8moZg7E028MpiN
XOIoM3WErOwe9FIOoTT6Hgk3S90uFbk5Q77lYnGnvA6eVnTio3p/FpRKvt2SPwva
/vA9X+AE6OOEFZGeCtPF9xhkrdWvLToFTY7hTfTky/hEMtIaotnmwv9GZl+JO07/
MjVD3Ht+QXeeSPYN27MmdyZuIxmAsR/479XUA3f2xpc+xk7ahO8LkwcsUR3+ohk5
ss8cZ4iLqAQeOP0JMRg78rcLejZlCtD7yw7/UQSisX7fOlaJ8UeuUtpJng0nh9y7
vRaaiTER7QVgbE7CCz3CQEIan0Z/bnIJbZbxzkShOx6KWk0UcmDibfXDCUetU4dQ
9eHF+gexkcT6+LWFHo6Zahur/eiCwVaJl6Dm47m2WKXPJ6uG3oHoespE/BQaLf4/
sfZi/btlnEIduiBRIScd1HTb0HWIJPQGuQ5r6WC0Vj5e2WcZzLvie+2I1pg5BVNF
URMGfaTvGhnI0JCmIe73LHZRKyFInpGK2zjmETOV/2e1i8w+YUedoYieniGlx9Qe
15PkdFThnUixexpR0MaNJ2AN9pN+AxRMoy1Ko4rPGpcqm/ai2J95XpqVTMri7tkp
a96I3jB6RUoy6KeOYQXO3BZmce5aUoVTWhyqcM/8YLDWpfzP0xyRF9ex7hSHK58V
qcoqC+LwsSQbS41LCxVhsG2D+WbEDFutXzIV+6OPwFj68gQdKZ15MRAumugX0R+s
P8UGwxjfjOFxJkn8djgkEI0dGT/gNHdXL2vSJGy5QxxFEZjNr2cTtdD/FPxdRWhX
O3nB6IgoV7vpHbl52LgUqjH3zweSlWEIenDs51jejXqVcwRJXnG6Rboeq0Tr+bpE
JrG2CrxFNlfdWB7p3bCJSlqsJpftm451fegF4gyFA+h0RuJ5h9kI9oz98DhAYO7H
AkT/90SkB3uEL7cxaX2P0e+GRoS5fbgpWWnNW1gklh08Z7R1lCXprGHpQ+ChHvVL
u15EbRvX8uQ8/zUEtnSc4osfbSftXfQWFg3uBTBToCHq0o0QDrz3dxdhphdazwtK
vSbqIBfNWR/RXelrtMXt8zsc4PH0l72Ey0i6z9cL2tl2725i/bsVY+JRtVE8hcKX
8g8PD9M5Fs7C5BQU/RzHCAngAMGiADyut3TogMCHStvtCr0KiBPDSqKlFQC+4I/6
Phaxi8lt3vaY6ihN2Rfg285TtkgM1eGm7oFp7+66f3H0h3EIIXXSlzOyhkJ9UEQF
OBYVmh8+Rm7lQqIHVE+DsiLX1OPphCkNgW+PezJ/AsTy93DxTGhHaFoBSA1ajF9/
93eWUXmkpUoAwBClEHkbL7iMm9K50LhMFueaXKwCg8QFKqPxDSsNOIx2e6W5KQtb
SgZ3YcbaJQWds1MpHiQ8cfpB5HuPRBJnLjetU+6CN+U1DwW89i/kgkiKp/LFFonX
LrgqoqyeubGDr4Xzc6PHhar5H8iobjgbny9RyEmqg/wi8vSu0tmK+/kMglm6ir9K
6CI/lvqHn/o9r+snMk/s2tIeuAvyFWE1Kt9iWQMoTTC2RnyiQKO6g6WV/msK2Ssp
y/WEzv1PEGUG+HxNb8bNQshjqURkSRiawkGxPDweUGkpL5uEV2Tl3MBu1L2VNTkt
i9P6PZ8CzcK/QCxOV1NzBs76Cf6owQ4xNp5qyXsC9X1cBErml7NXjilzBjsDDWAv
cr4rq8O6UVFg/MxqKtbWGNIwozTClqfUBQ3Z1iBpoBTZHTZikjUrvLV2HHlAuL/M
DgEltX+xBciS4eEQXQxrnTiNYGecH2Jf7e+jqnbCHG3ta7zP30svh327fNUp5anE
RzGusE/zKXMWVS3zZsO0IcMPrIQz0goP8CuxOSJApRZjPA3IfN5exyn4F6FrabW2
kaXnoxRcTeVevx6DV/0yBneWvKvo5f/kd+GY7NgdMTPyQJTL6wih/Qp8PKTtXN8V
i6PWx90l2atmcKBDNTlG0vZDVd27xaNIWpy44yPo62gK4Qt6zt7ykTDp8AqRhvms
wLeNNg1wZd/HjPH1wfslTtE4GPKSPPwPjyvF3Vma1VRShwy4coMlFdp+raatEPul
AHzckLqztRqxb2SUibCgK0UY5YmoUbrIrP9FGPcoHzsRRJf1xlVLHKIFPgyIjq1+

B.3.8. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7695 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4692 bytes
  ⇩ (unwraps to)
  └─╴text/plain 339 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-minimal@lhp.example>
References: <smime-enc-signed-injected-minimal@lhp.example>

MIIWLAYJKoZIhvcNAQcDoIIWHTCCFhkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFd0ZCRsgbltPZeKwiWXdgr2zAIdA97BVi70
qi2qyF9MtDCkjE1VWu9artXd4M220u4iJKEHTdBXZ7jbhI852ljKnn4JsClo7OqH
S4F5NeZyaT8gX6LCnL/2z9SoWJrOIa28eSF7FO/vwxgzBYHtSQBtUzaXjimb6BQx
TVq+GrpOiE+QaWzRTmip/sgOfiGPQBSJPRJiIzM0NIQhuc6ZeFpDyRz5/EK8Upuz
kOaQZhpGBAq6QeP13CxmYYSk4jnnhD2AjxRGscnonaluELmP4moEnc/SOLAkVHwj
7wEdCG+PumR5Ni1Jf/nxeopZKGYNWva7zQDdTqGdMIIIzfLaA9AwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALks1aYJrPOhzZXHz5t3vIx06
ssGmUbBL7qhD4quYbIx7rjyMPQ55uKOHih9F7PoSzE35IbnPLQgkDTs4ZtaVXcM7
PBVdS7qD5DpG8MG01KnAsJ4Jl0J69xinHszEmRHtAjKngqImWQGHJIFwqSyHijWu
qDuVz8RajyLdLQ7hPFkAcZG/Z5jCr/yR1K/zZIntgHdm2d+TxTIJu2uLzkAZx6L0
H8/VXloYxDgzrZ1rRUoOwfr0VJMcOhaNBv0Jy5fSBItRA8j0D3YdWNX9obhn4trq
mtm7HQ6G8fxu/pnMW3IaHZxzw1+HeZ7HoDzEmgmTjhlFmQwxxPJhxDJh3LaBVDCC
Ev4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFUjt86MMy+RRwRy93mHvryAghLQ
/QMIFUvM2LMdY5WoMKf0OvDUdxH0en9D0BFGuV7pAJ2MIc3jAdFF5dQyGKupr30P
Bpoqle9nx+B/9yx8VNFzVX77ED8ilv4m4ljFpYSgPfLnxsqOYUz0QxfxzMRaipwY
GE1YcqaoF5c+xx/nprdc9wBIAllzfgViI8uNe+sBU+uBHTfEU4/FAb1wc4YyiPAz
QnIMQOThJoF1rPGj2Hyy0sDXub3rhylY1j80hv9t4gYZcfVsbMXL8nEPVl4pf5yU
d8puc0TJfvL5hi8wX2TK7+iMXpsY8BJqs5i0LFlBUYN/DNDl/vm407xQqsH9ZfZs
/HGlPUU5SK/7MYjDCGOkht/5nm2l7HgcnKPviwXmnFpsL5pBgyo/+OX0mJkJ6ogj
YDvGkm44QctWqyaQnFxuQFTODSMsaK3bf+Pbpb3boL5Xe5c0uCb18H8q7ett4osn
wMrSn3KWrfaOsR/TeinnfzL3GeXCAGeskFb0+yKW8maBPSo4z9TZ9TvadOGt+CTt
jcAYA2WkU2DT2od17husRWjnyHZJr1xX7Rh6LjHuKm3CLF2OVsxP9gojEI3I0+Oj
+YXlalQBv+9+t/lN6iz5zSKLXpluR1uEPzm4PyKhQkFMd4srFGRsa6BVMIHhjpXG
kDrsdbX+xP1RPXRWsrAKsHoQ7xrzpyR4uSmW1US25FtYUg7G8z5Lo6pY1iFd+2RP
XoVClVqvOS/F8J0mBR+DA3V3iCsKu9ZV3xtfe1gagTOGGAf8Gx/di4gzXts6SRZ3
9R5HWi6uYUYvdbJdPvH5skjSQ8K8RxvI5aVpaUKU7Bq+sok3nYZjY4sWvlOAMDui
/NkD6AaUlklotIl8MjKPE3Sk4/TDUKL/jeT3Fj9r+6tgeROmjcQp0fG3q3VRbzjv
t0M326Gse66+BjVJ0hEnvY0bHvi1mn5ig5U5xMglpvIQPgPezEXEj2w6LJULE3oV
wuj4vdbOkTwDv1ZxZ08X6eaBXWihWQ91p4e+TtAC0SuYtaO6GeUBRBayPOuKNutE
BwYV/BHExCGdu4S8e4aYElCzJKqLnKFhyfmQcdMk+s0EOu9Sc97Tyr2KvQQfoIqx
vwsGOnMrDAx9BE1rQDB03ef5NwuB+sNZNL5afiJoRLMwsYUB0Epc/jliF6SveUGF
9shSHfMZjwwEtaZRu+bQP2u0RZOz8LVP2XqwHNinMJ0tHiBwagNYBAzuxGdTJZrY
271N0aevOLqjqY9XhiCfnddN9RVo/JI0+FB2Ac/UUXvhiz+d0/u+RK1lIig0VMUW
YIEzvS9b7Km3WbbdjiLP1wGiozIhDiw4jEjiSEIhV467vtaOd+Okvb303E5MOL1z
UbFo9wS1+aNvoT3SRRD73mFSzUlvjpXEsH2K062D7Q5wT6i/M7hJPbsSAAJeMSxO
Aj+rJZQy40qWcPDYuXr/g+r9AjpjfnZTcbBMv31v++4GafzK4bPXmSmRpIWzaV7S
JU+/7g3rmhEk2o30AMiOmm0TmyivruXSv02JSJIxwyW1U3xSWYNEu5izoHmLO/9D
XrMxTVJiOhLKI0RTUQGOES6G+2vmprU0YE08pBLcI8ZRM8Wlbwbjg7tswLA+Huu7
PLpIv8pW/WhkHCISVcjG/xsWqPxnHafoN72Oboc1IJeDq+3j71qRJG27Gf4p6tEm
KI2HTsDXqC+7q5cX8/d2OR8rw0W6oBNTiGjptNW11qFiEhrB40JKe+cH1lhDxn+H
otfBlklHlTyR6U+ObJazcvm4i6F+f/pn3q77mF5BYakoE6L3TD5V9astEcS8pMQ/
IaU5vHiSndSPEj2pFBLmgdhGwhf40tCDoEECc5Ue7hX62dywRxjzPH+YuwESuaIx
ZxLcrJ7o5j4TBBeswJ0txEOM82yJ+qeDtVFvQibY6PLiRuKjWa+biMk144lHS9+7
wPn/kOgreAq2FpFLJJlrCbEOqyORe0d1Jy6L2c6444aL699Tw7zOfPsXyilazfU1
51lS5d0uJhymls67PFYVjKDWejAB+2bQeE1HVj0pCmBDcn0fLWLPJnbeidYCrafm
gi1YIyR7S+wIPmK5w5ofKNzpQaRX1JKQAYAR6PZF5c8Isj+1ipfi5bZyhwQRzl3g
1E1VP/Eg4PFPfMmkOl62rPNzXQnm2iEixa7S2Rbzpcj0Lgu/h3PCccZnw9Gl2k4c
DJoWmPdaOvOODW845ophWQCWNCDoEy9KJyJTz/vqC3Gyf0EYXH2SGNhL3tpZtgnO
O1LfQJ2gu4dzBAMMgFxvfmza1se1xE+uhBeP+Fjpcfq7PNp4rc7fJu5JoVBcGMI0
EkchC9Q5fRNnyCwunYFGd6N7lsVtdDHDLKSykeEzSoGH32ZZbjkUXKyMkEcm5DDx
k1FQSusYCMdFhS09n1+Q+A7gj3NxslrEPVrdkKW01aUgg4OxFuN4nV77NBE28qV7
hJOdl0jvZes+tqgl8nXgtqJ2cWaM3cspKT78fpwnqbg3rGkgQrgcpuUlVXO+sEk5
CDEQ9RAsCLW+A5VRXHMnggzobOmVnXAzLQ+M40LnyQTxn80NvFr5hC0uthnRAF4a
1Fu1CIaw2MMcrPHPRXR776hQGmMk11+1Qbr/XfG+D40vAVWulOLMw9vccahQqBjY
G0Hv6whQPJEx66ubMBa8uRNdCTOJ9dJ1xYd/ETrswLw2OULJYtZtek8gwWQXgFNn
X4WnSQSCbhN4hbaCmcnmXiCxQVHNruc5cR2YzGQkgSD9u0CPiVMHHVcJrXFjBKM+
//OmFwCteJaVwJS0fVZb+BeHibR48NZmALl614z8vGGAX7MTvtWd2KQSnKkDz7f6
/ktj8R1p7qLOMaGgUTX6zjTEY4mY/SkCuWeH3wrHHcvE5RBz9PbPU8QySOBEZTrN
oCwBAivsGUEB0RbjLWuXoB0bx4Yzx0vRf69Aysweg75gAni6UXBOzp2hXMPZiCxS
1JhNiWJrGwY/q8Z6ATTMOdNfhKbN1JiwHKveTni9Dfsje6z4C1QR9p1fqwb4qGpw
m6tVhn2G4cbOUThfELe/o2hv0WXqMj5ev7D48QZnR17Kp0tHvQqMYZ27n+e/haui
4O5F5HBuc8HCW/VwPRtprxK1ACi7jyfSQP9iQ/XOkYz0JpiyFZJJmSLlmFm3q6a7
JXkTdUPOsyihmaOQMZUaggBSX91HMjL1i7A8mCEK+wIEzLbQmsoHlaJ8SANoP268
6j8eCT+/DAXWWSGnqIsfB7c97m3ZkDZIFR66KUsvoebVWgVIuQSvDe5o+Oq16O06
3zB1xqC8z7LFmrX3P/IItA7R1DYMdaZdVh6Vgpgr1epfHDzy9hdvGV6Jzc6vAi8m
TPS5xRdipf0OqwiHo9ohbOB6bFDCF9pKBHxzZkg2C4Ncjewa2wu/Kd2YlDhuVy2M
6xz8KrTPGd9TEBHL4VusO7xYgsdCIkdWUrHSAu0MdJAP42502bILxq2OFVLmjFDU
/7lqHRYZll9Q7yv63A+91Sqndrb9MLzqX4cCcQryi0GKzKx2d2IZacSUViUoP09u
ngg4T8DvUz51lGL1kbPSPnZJY2LEkUjemb9SZqGJmcguAqc91t2BAKZIoENUX66x
IJpr8RprrolgomTGbAbX0rAqX1vyGp4T2iStwnNEtHmocetfGN5IdtmCEY3Xv+5a
YJvFq4q49NAgz1mLXpskg2krz64Y5k/z7cYnsnsgWlLec9hcvSEyhF3wnt0j2ABe
TK6dDOIcvy2JtucgyMOdsFTQSAxOvd0hmKG2/0zn/08j1d14yBZ16osCUzZTaH6t
IYCAuPi8HfiYa9Ubmx4V9zoMN9c1kUqcwvFnu/6mUsMNJjvNukgH2bXTteckFM3S
IfDi9yr3WohnQzt1vITL8c1g9iRxn1Avwh4C3X/CTpCNtAwTTQlD7ZWIJm7slgOy
m0dk0coKGO87sYf0BECv4I7O5iyV20ILpsFC28RsFBJY/cxXFOCX5siu3HM9E5Z4
H+FaZJ5ToyAwhjvY9FWv4Ti6RSxz5OEDcQ3KJnNIynHKWihSg2Q7YpCXP1HlNgS8
T58rUJyJd0ny1RUDrxDOcNCx9KCsZS7K9k8O9BtPax6rUC1qnPExO0sKeNUzpBH9
vJhBq9ROFuVTACgHPJ9g8vFOAkdubhtKfUGHTFPkaGvSlV9ZrQ7j1jS6MT+Q+jQO
DBjddj0VGTbdRxdkeK69fuUTP7rnngfE4lTzLCSFi5krqDAT6rJxKy77LwKi+qEZ
o8YuPHciXH/gIoGnGgcOlKoEXMILHxWDFuuKNU771gvbbDoUqrRqsxUTxKeuSvHw
Cc9cIvsoBHSlpK+wxmIOEBBSDfdeyvh8dpAtmrQHM8H20aYmc456+H+2TCTBpfcg
g509oV7/W26AyC/0P7nIYV9Ar7sHgS6s78jHnfwv7weH9FB4iXXgoTkm5dT/vjsR
uqgRxgFm84cAXmxgOcr4UrafMV5+PAXCzrZY+0xtCFDOr//Y/k67qTPZc0pmO5jE
IxlPjxTkWvXe3oz3bOspcHjQwrIF0UpeQ7WL/uQskIzHkwkcu0zHnTKkZCQke80w
xczH/bjD27nHOFzUWZkeUwjNd2MF7VXKwQtAPgj0T0f9TxGiyNQgKT1IdvSRS+s9
iiffpaOtdSlMiOiLRDL4CzQDy7Bz50DwzhrA1xJ65SIYL43R1vk4QIkSP5n9KkbV
/AgJahlpkEdfqlhSa0i2BQW3VMyHSaLbnEtgcrnmNKcDDBS6XmM/KBuS/C1EsUBi
4k9+KQzY1CJcQH1Wy4fuz2su3P5uiHMbK2pm7td3GxAeqkzsqKFYgdCRMSLS0MLb
jDUBmKWUOE8oqji1aswkk3DBxAKGh+uFNMsEGjK5uWGuJ5GzUZ480PBiyng0WdC0
VgihPWbHWDqvZcCspnl3ctcLeQNfnk1JbWdyYMvH5sIeYCjD6c8FZhgtaK37g8qV
yWmXUVrflTnHMDVect+w1aJoAkCvDUcIJvqI/82xaC6uQHkixVsKu+etn7/FChpW
02+7TNMRKypX2uzpoXe7ac5mGAf63tUiRyMSSKbO1KRn/3yHCY4seFso3t+Qoo2w
830YLb5Zxhfb/Y5n3NQGVwWDjgyAmm9gNy0EJHDVKyxT9OH/leNVOQSJ9lpUSiw6
DCkNvxgQ27LBb8DEBC2jIZNc5Hc+ZWSHR38WCDj5EheuHZk1kbrkqWwGhzBfr2+F
qQgLn9l7zVPX+UgQfntjz9Ob7SNGx+LJevZqEXLIk2kCmGy8lOdlwyaI0XMFcWlu
d8xX3Yn4WL3rHiLHk2TvJ5cd4vtmjf+hymG1gUs+dX6HOapOyxUcS/Uy4CmabJ/O
G1sWS2A1RBR6Zq1oqmWrHPrZ17ueDHLJMFh4EW0of5/hALa+8oZ4JqvqQVhxaIQZ
f2/NanRIIbg/Gk8mS+xhmojHvBVWovqFxDj7pXKr5/WQnDFdp4Dn/cKGeO/uwwhL
TKBwaGuxOfl+Wt1rliL61ccrFd5ig/WBcGUkHTOy5kXzNHzjf5LRj9V+R5AjWy1t
FJDar2UKU/zYl3BKmesrL3CIqMfEiM6DBvj0vyI4E2eWceH6VCQGCEleHCGR7WO5
S1uhPIAvBbSFrA/lCSqirWwh+NYrWq29672fA00zm7so6xAIS0zPJquC/wI3VFM8
T19KG7zDj+O6iiY/kNyLqhLdGRcCerXNreYF5ECVDPvv24wDNYNEdHz5VViqP4p9
1RT5fozXiecBkaLZUAJFZ1xMHuU6xjFwsCKvnY1VNUvePDXsiYE0WXGj2EwTXRcN
zUvFNX0a8nB4bEwiQ/YfTKXD0ddCNX5jwEhDdf2fe4cyvmuUJFxC+F8ZdydupSrH
Qu/0XTCLEA+ijEDmc/7GXAQ3+P4lVn4RvdbwnO6Kn8aUPge5yzSk/XNjQ3G/eHP3
twEYCIhcWH1TWHx+yU51292CCb6nBvO+mNNlTTmTNEwmYMJPttkVAmMRIoxcOOK3
tdQtdnVty8ffhA15B06PwNuQ+EUSbvZxLZXrbDA9X2RMgfUqEJfyIWTIa9M57rsD
83EVdafKSbP++/EpkMImSvPVGMawSSxY0R6Xbz80ER0OvghegfR6Q6dv5NT9r8CW
zmFtg0kmjYfcUR8/mt+EIFO2524dzqprmI/sfIW8OfOH6AJwSOGqFxzuM1KoLKXc
bEr0mv5Sr89W1FdRxsH3zSLnPHacHx4GYO0tNh71eeu28Z6VejDlIVOf2wy0Mu2e
DsjxExn8Jsp4SKVY6USRe8mWcr1HAdibmFNjvv97DA9+3sRp20x1rk/FGL504nvL
ArvivC1f0t3LkTDhnXI+/Ae2jOdIolpJJnMOU9XXVnzs2A6v+Zke0ZfsS/SoPq+v
vME37CehB9IHyjfYq7pikz7vLFdRn7JyIbPqExItB8611sXkKvJPsmeKJE6kzvJD
KWZrv4qEgfqOMJHavYX2TQ==

B.3.9. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7975 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4898 bytes
  ⇩ (unwraps to)
  └─╴text/plain 435 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>

MIIW/AYJKoZIhvcNAQcDoIIW7TCCFukCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJDxg4GjNIIaOr9Kf4xVYzLZ9okfUMbBaiZn
ecCbmpTZbaEOu7Lsxuw+MirounSBPZIeG3keg/uO0HHo9r+kHDt2wq97StpAQRTE
Hb9sdS0xHiGYiH2vpgtIInNztCQQduzOHBzbGtQWa1KG+DoaGp3jzqLp3yaP+o4f
BxcCLcNJIxn7I+H04wSWHE9jQpaguk/2SiGzUZxr+KMP+0HFuYT4l+72cOVcAAXY
p73P8kiMMj27mf28SB3naBDB75+fwsgtcrfqOPHBCIXwyKnGpJ6vmKvFvEzAP9kM
oFQGsi7dBTzi+MQBtg6EfxgHhJfGtcHfE25FlAJJj3o9SbGVEV0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAVQdgmLjOaxQWmpnLHXA3Y2Zk
ZWxNCpmIwmiVM5jvuIjRsU07QcEkLYXVM1Jx6UbJ5A5olBUM9719poHGSPTP+bv+
E3U4Nx1u3D7tgJ6hyZNhn2mGfZmrHahQ3ZZvazhBOpxjIyXo8NmxHIoql8I+1loG
WZIZ4lICZl/nR3Wb+2t8WGW0Wpbhqn5GJdngzvYcRzna36ug4UV+cdp23qceR33Z
nD11PDV0Ss1cGjTH8qpL/45/wOjuLWb+8dOnsQZww1PiIA4XxJgsIjcwD+/Z6g4v
ql91e8oFFZxa6QwoZKrX9x2mbzkZoIugF6sL2TQS87WiDd2SElT8xaqfgYhLDTCC
E84GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGR32whnqKtvXU4g4YzKmm+AghOg
2lFfb92lcqqgkptJ/+rpubdQoPqjugHIPlnXT85kvzfd1dnun9BqrSYaT7KGeVqT
+h+/4hHCwH0HVE3d/cnxFzXrr5a4KoQ98mwnSeDgPcRXUg/AX/ujo6ISFgLPMAbl
XX30BDL3B5CamNf99TxPgTl74qeHHXpW32j3whi4kZ3O69YvwItHKFdfpgwa+gg7
/gQJeJUJ5PXF+RLOCA38aA1ttNNj8VJ1shQTarg5EcmTABp56sq7xtFFnBnTab9P
ZEAvuaFUwYJajkmsydsmFNLHFrtoHsl7KC/VIgRP9OB4jiYs6FGUsxJJFUSXLH7U
H1DM2i/L/AXCVKDvI9UKdfnroVFnYUN2B6IHp1ttX5McGsc88N1/rms5T8Meu5t4
JNBrlOMRzGAzdT4RcsJehRBHZHcBdVFM+ia2LQWNHqCAGjCqMxw48Yh4YwPFf+jL
oOkQO/iodju2oUkgbHORifXs9NDSPA4Pt378dD/8UDbyYNnYStzbf4w8dCyP6Bzz
2tFeRao9Pmj58lIBvsD7KMHSeoQWVZSv9cz12tZ3S/44BLL7J/o3vQFfSCpsImsP
LXf8pGzBlyoxtGlVlRucmIX8WqwjYx0ks1rTCLs8hd82kSTD42D4MCOC9Q5FP1lB
t2P/mwryGVBH8nrd3AKqoGV0fs66nKow7PptKKF1rZt+6/GUe6w9tsmGY78Ttedh
/NwhsA2gKoXMRefM84UTbV5bVdf3xEeS5spdUU/tgJkGULHutcJTuf3e/y7bXaeo
79y7TmuAImqltF3q/Ca/RCa+Dt8fjqNoeFW8PjB2e7+JniDtCzRFIHBTgc1eEGh7
IGGXl7p7C31HY2uC5dfZGiMgIehllnbMUELM1FXa7poslg4lxhv1Zjp4D2ik4YvA
VMITUelZwn51gIs/ehhyfBKmSFML/X4Q9ORFUcogCi3kDjd5J5D1SMZGzLIuWLGY
tUuLHOXGDiqxIoMoe+aANm27mcmHAJNN86lKeg6Uee4pAIQpOUIM7NL/qH8tZnbn
lrZFXYTKcot6xU0bDaW5pnsKjRtmlsrHJ4ptM+10GeyMai+YGJE1bgdsHvbv36Pj
9yzxUoEY7LXDo7AQbpe/PLZoqXnTMQi24/+7jj0MRdxWtTNjbQRH7vYeh3mwDvNN
gy7AXcYC+EM9Zo6O4ZJ9Ui+b8yzoI8oWJhi47dUA9RNxB4JOu6RV285d8pCR/pyR
kKuTNojs5j3uHfCRwyriuVRGMsJnoUKbbQ9wJ8Jx0xamrXJBQfqp8yi2KLpxeYNi
cyMlkErYBCBNuLX/q2xC2tNO4dUvE7kVt+bDOozxlQl4bRqZJAHptUWxEuzla9Mb
Gs3M6j1d0fuXMjbC338aAdkcAkqWYJ3kOJuV5xwmsY6OKPxaQ/glvL41gGA0lbdb
UFJDlNr5mftCfrDflCObU+Gkcf72xtGnlaF6QNSdreznJjlhOpHK/4IrCDcHWsbI
JRO9kz4gBp0L4T20vsAjTq166fhrVZNU18mh4b//LIGHwp6pITvfA/7PsP/NBewS
1/OAagmiSYDKONByLYeSND4iMPv/XC07RR7+LqjZhEZoQDxGiA4Qxaz3D0wIBX//
SQI1r7PA5xcLt03AWMbfoUX1IDpgoCL0joJqKQsRSCRvKS7tMqTq8R4jq3Bepx1h
wY7clFUh875araXYrFP/Qodw3v1weVou7gkIMt3xYLJdPukMzovZuUYtFyUbug/k
KdjZMslV7z/5zebF6vXdE2T26rJX/x2lnl+/6CNd5ouzYjVtYUD6keay5McDeWm/
jd4L1SWKIxIaP7g63Z7PfoESg3LfZSSQqEyoBQCjsIzovw44nji7g7hhntlRUYfW
ansgLFyQjIoytcp7jSTdkUpDF7D5gVrzfRl3Y38ICQ2K/s6kUQshwg8+EOCIJgDw
O1uW60Q3mK9m5KkGkb4gTHKhQ6EUEKiYzh0N8LZ6EuYh2U1FxVSVojscPXSOkUm0
MGGouE3Emh5oqvM7RZlUdZqCgZ8GEsXyVd6Btw6e244ScNa0PawcHxN1Y0NL8x1Z
ZGjainNwNhIm7+Oh6310xmWAGQDHaaxuLq/IgCmjzykv/7EIclsAGx36HtroVBY2
hn2AvFBTd5jxgwRsQZB11ULfzFbJI4DN+3F7EgZJpHlhW3FDU53zGIMB8/PyDN4n
w42R0kaoGxm1FMMfdfLEt9FVvraaA9cLcOlcpa3mUoyOUeaHnKzHnj6BuZ4XChjF
v6PHxHopLPh481OdSKvbrj4E1wxwO0F6+cHqNf0laLkDopyk/WrklnFftJOEAOHC
wJ/JfHBWputTFsxXqKbcX9sTijO98Ev/RoBUaGRZUgNFNQoZ/UpOhvu8OQeW3M7T
6qB+WbGsxS2yP/MHK/ndvJD1I+/lNxfBEve7A8uwMLTGVbpawNaOU9lm0H7tQhix
Zs4yW8RSs8GtcvfkC5f+mvwTHKGAZGqR3RF0wSeqT5PrGHBJtPQYVoSbyj2PL0+C
o03+/TPoxqt3GiqhPquawBCi9B2QfJS/G8H8naocVhCcxINMx9bhIZUIVbz+0Lo0
NSHpeok9++dHNMFiGsIpEHrXubh+829CI52WXZOp1tZXza9XVGgcBD3rH1FT2mYD
f2dtO43MDcp0WYQtItFHV/CpmlK8ro2o1+G+ONhkNgRD7h9+2EU2ZVgSjQM6U6Ec
Y90MHH2zi5UWzR2z/JPGRCif20pyzHziWWv5OW2t4IxU3CVfLbMTLe7LW5GULGk6
7RgazcpPHMCokgUxOggyIA/PAi/pYe7NOvrBbUUqK7a86V5vMAZkQuKXhHlhv1jc
DFv68Xwt5AIazMGhmWx+sn3ZFNl7NU/ymWKXeDXEvgxuJjP6ZoFOXmm+TCcnOUel
+TxQaF0VG7oVHnQTqJCRCjrP0Sg6IQ+m1gS6Tb0bDS5jeGM1uP4DDQHV3+lwk4x5
zhjPpc8VJuj/h4e/v6IxvlvnuBri+g8B9RwjAjqIYnMgTtrYKz2gRJuU5Vz4KEj9
ocO1dUyQRGF/uadBBnt0yQLlojLMkcZB+WzTmM9ie2NlHmIK+RmhJtOHCMn0h0Tm
DKVVeatwpVcOV4aGsoeNrcmx8b/8tlT0ZHpsDmWCiNoKKlX88wZAINbI6W7ZRM61
yx5iXaxQu0PqtvqjoDUiObfBVn2/ndoZ8hZXnd4L7P0KnkakNuBzcRSXxdRXu9m/
OJruF0wtJjDynhk6wP9zk/x86Zt7/yVNGMrKlA7YjxTSzSi6hPow70atzw3TTnm6
MDJ6NlIvWVdO7lG9F2tQaH/3l5wflbzIBQQW6q3wKLf4nakWiBv4R5wZQDIUHsQH
z0OnJT1cdZVPQhfHI/mgKdZWow+4E4PNnsDgzhdCsjeVJfAb0WxysyGBpxPs8DF3
0/aLzMoFTnoysbR6XjmeZE+fZr5lGxljessNjSC/64JBznZIcv7cNn8N2BhdKMxx
y1hgRBBVqSRRUdJfWeYQ/70s9MKQMr0pFaIG9SOqnjTwRobuNSsVPlTeNvYSuC5j
SKC4+UsqX+Yn9x6q82oCO0s3vDVF2FfmTE41i/TyAMUaWaKUm7GCLkJD3NPSDBso
MG6X0eyUVnw00kNryFDRrkzZC1M3emVBsb9AJZdtVd36QiA1pC2k1vZymbVBaQul
oRZiy3zXY0PRKXylj1PIXX/u5tExzIKy4aufl06ijj9B1LrQ3SAI/PYEisYWTZTG
jPdqJb3yXpawXuFjYVeQHCNIjT63dlOtk7z9Jn581d6/T9sTraD+O6Y4CingybdU
LmQ4LS3vEbjwIQiS2siCVG/NLkZK0UMie7NxDbFr0jIBu7SrbIamNU1fLPr3w1JJ
fi5i6664AdPxP8myP6AGRiN9eP6UkTr7K1w7V6KVbYQ9dhSpssT9uxW9dYoDE96O
4pTI9xXtk8pAfRuZzIhZWMIvgBz9u2GByz6+sze7PDfjP0MXZd3ByPSFPgBCtU6t
EIyEtZ9rYe3Jwm5ySdIeTZz2S2fSEBg2BxoR/aTj/2H2cD9+BD+DKoDrCAZTV3aL
8JEGkiC+h5HbI5bhye9vRxDY6zywDexbG9PSB3QAZSzYqJDye+21Gog3zStMpXEX
UzrpFFfzOhr2hOZkAMFmMapnuzw3rvLVsiu3qCiUnG7r9/eJQ8MwNDy8nqT6TCLw
870KN72CRyuiKaXdm8VfPRdthwzbzBvUwex2DkX8F/0vSAYUc5ZHlWM3xPu1HPRM
7naUuSSv735oWvlN31HWbj2wHg44tXKmhEU0Yl6MfeEEkd0IkGypUNkGVysHVaPx
AaVYrPTbsQMHyCpDeA6Xolu0rEUzPnc2SYTt1GRbPHDv0YmXVmDwEo/mOwDGj6C5
RGWSRcIDn3gp/ySu07C2JX8E4xredCAPq9Nb+bSjXvqQlQ0MchAEQKo8ePl8QLK1
InQ6+T2938i1iBg8iXbipkWsV+Ep7YBSicowe+rJJoCVzLafdQyj15qOSkJcHLsu
MBNU3LcjN+BA0QB7+BJX4f9dNNMVive0FT49o32XzN/pEdntoDQKsZW5ZPW76kUe
ctCGV2moGavodZVD9Ur/HWdHwYhRyrAeRWXy14YCeYD+K0S4GiaGYKuA3rMU+r1/
X91wYcdaC00Gli7JGP0ka+7HmoW6iDMHTbg024Iv4S4ot/iQM7L47OFraAJ05zId
i68W8HRnZSMfbwC6r36mT1hLNZ1/PTYKEZNtZszM57dK2qEmdbI/BW530wwxQ7TQ
JAzVEs1+EVNljJw6EIIVXK6q7uM0woFCBYLhrwzy7kJ8jsL+5ugyEYKPszJrcOCN
f2aznRRq5m7qRACNhlppSv8ByS6OGAbG964j4fbUYtdcXQTKA6OZ6lwBd/2jprt5
OudG5QjqtSH4O4RYZS3F2KSbC2jXvhhhJh++/vCPIrhleP7xcdMLB7Vhffq0Sadf
pSWqz2mavJqA4J2qTixNbZuef0Rc2zNBpYWTFaw2F9AIwYLAbzjQTbJw4BOdquze
OWsY//12b1TUESK+Tw/8Lu4tEq6qqUzPwgRfW8FfTSX3DrVOWFIgJBdlqfvss5ta
vDNin2vh3f3Rbl5p8bqw5w1QhEFYEB0YdZOM0IUFKsTrtC8+iAnuM6ngoXW+ldYu
F1O6Z9kLacsMTZSBzC8SVjOvHEFTysH9uttHvNtBLF1HyRCNlaND53lNc3J39Ftq
yiHm7xWQaCZSFcvoIgOaFTkt78H1PJAoQVTGwA6Frj0oTxPtQufSaqs58aHWzJ6G
jjskZbSZP9g+gsa8tDiIxEpfiG/c0FG+bFDsVMOhHgtkfy1vEiT1v7fAghkZmT7d
kiBII9WtYxfkpjyF4eSJyoLFSkRIys+v4Ki41Ys1SrbDmeBBdoYEnD8D70qVdGoV
Gg1nlw+PBf9g3EgtwkxV66IvFACArHYzpyPzuzT0ICL6sjVmRFgNTU64Dra4uaaj
nK7iUyHKxPPXMD5oTXE0aBKbW6H+fySrYcjiUKW6N5hk1aGzkui5tkE9L5Gn1ZkS
J3sVajduSlL4fdejTFitqStbyr0YDp/iuaYUH6TA03YS6TxMk5uCgiLjZOohoeeF
9pm9SCTWKhIXiX9/vPl4ZqU8rCwt0520U6qK+hx2RVENYOY1LUQRUYucULc9FFdW
wnD6bi3OMmMMPMvVbtbMKplN9gsBtDa9yBjRwvl7L0iV9OLc45pJpde6Xd3A2P/D
6mxXl94H+4FbvTmRn01JHHpgmJ5q4faFcj9o5XCUmRvX8rkp6uxGX3U+wDJSq9Bx
12CSAru2cJ8D5yBvnss8eOHPFb6VlcJw8FFMR3g1qezR9pg0z+K+ZSJTfeTQf2Tm
4HhFYOO1ZEGBGHHO7NiqP26Mj4EzbSSfUSEIgI0t6+w75uH6+dbiEyPm5tAwpk5C
DLy9p8eVkXIz8H2GWQjULBYzO21dK46b79Sa1pudQ8bHyt/eVT/aMcs3nNWn9xO7
ZpddAqveyjwMf4CE+gt8zmAGls6WaZ74LTNJIdc+KNkLg2VpAID6UlCrpjzqPZv/
oDa2DbKyDHLU9T2AiTcGBkmGYXmoVLVfuHflXDeVSDyOPtpOdcEkzBqy/qRf34MI
Kx/X42u/uOX8Eh9ivApezUoAp0J1FeB32wPtmmfN/Lmi1E3IGtMJsnKperFjVq78
rKQF5uf9w3CKdAqwWfoQBPKmjP5WI5q99TzMtvQcNiKW3f9plHbmVaEIvor2Btws
B6rHqBxcvN3mTy27BDYzvJEGe7QK12kfeNGIRmWTGo/DT6xxmwYmVdHTboZmUDKI
z129E2C4ITu4A7xvT1C0CScD3fVjDg7D2SVfcYSHzA/K3b0jkOYMg0/OiUlHOI//
iYFURenOu70sXJXtT1ttz4cQEEkRgKN9SIiloi/TdbwDcz9Sg3+NnLkeEG1UlEz3
eFUbAsBCwJBVZQACGtAtyLGEElMEdNz2za+G6Mpb4MA0XTI3gENKu8SAKLzAU/DC
Cns8/koY5tSTFlPbwA3cxrrFXVyvWLRbqCfEpa8/L/peuj870nOsjtr485s4+Gca
t5YdE9k76pIC/JLfBA5GpTjY79wevaWEmsmKTry97cn+C73zzT4YxVFjpVeRuCBH
4Scq1sR5315HRzoP4mCkIe7hm7pbYSd9tk+uJJULCu0h0ZiUelbNtnZQiSp/zGqM
MdCfVk66rAsqEdIY6iwhMos4tJHbn5xWrugyfjc2jKk=

B.3.10. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7955 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4872 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 997 bytes
   └─╴text/plain 325 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500

MIIW7AYJKoZIhvcNAQcDoIIW3TCCFtkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJRRHWyOiWFezOgaesheWpZ1dC9KXYRdEpX0
VW+eNnH8ZPLuVFvztXkrxLfjxna0E5C2+tSsbSuPbcl5JVqs0tS579RaWyTXmua4
AG7aFVVKbtbL26DUH/EsvvXz96iYe1mRf6JCUnF+UrV7zzOtBP+I+B0lYYeSaIzE
WkVB9cHwQrZAPdNnaVpW8EINAc7oL5EfOBRGou0au+OL6lKGE1LuXNIQAh/xNFS2
CcNyTt+wVp9PELp05Sk5ycSHrwDZUQWqDZ6lIQXtjf0YPD07mKL8bMfFczPV3opz
k91JsW5rWNhIAn9OmKleZ/9aEmu610KJPZCisQaV+t0ntUxoNpkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAUbYjv9rQrvtyE5AObgDOOcKv
4PH5sK9kp/o2Zu+RMLEO8iYxXU+mJ582yXy+sC3NfmTnCzbAewkyRQzvxYe7pkTV
uJW6UK0M7waVPJPWhdkp+6wEvVXzcHesGT+FMhqvkXdTW+EQQRzV0jF0opOawBsS
xeXKvzvp4ltstiu+o8tCUg/V+ph82qqAAJSqqnMGQKmwGm46lM30lK9S0lwpzM7m
pt77c58uaC75djVFh7v/cHYR6jJ9nQ283BWtIV9ZZxpG8WAzwKB23ZIZgWVzIXi9
PTTKSSJNVd+zZJGovR9n9J50XhvMPCDcVcXru7vmisqX59hakf5D6JzNpjVRrzCC
E74GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBSD5PcFWI66eJBa0tIrhpOAghOQ
pGvq5bv/igWy2c4GejsiAro4FXhZWrSn2D5O6M79bFxN1k9i/e9WweYI4htDbNR2
VCBDvWwa3oCM+gKGMssWfLoC0APb2oHd17+0dkPsi+h1e9P+DcOmCNqu82qGhiQa
WvPJ7xsCSr+4sgT/NNR0T+/RsY69pHEXaKG2UVpKRJhDHaOBoatZdmmbSqUUMjNT
aoXtDIPkFSagvxhWikv3M+is2I0aJc2oIUASLFRrIW6J0JIZkHYEv3kK/RxKuGG9
Qyj4EfYpx2gG1hnJUxcHMVxpUNePtuc5Pia35CiSMYDOcyjFGHEI0tZejcZWLMeu
Rpy94gTk/qszxucIC0B6PyAdcDx2rs5OvfHCh6cLL9XmJnvP5GcWLydTierzYNTV
RG5xXW5o2SSLAMthtz1fwoTs0F46hMZBLcaPcrtcogcMYztevvItoJShP0ZxISTB
IsJgMFIFpIFl71zJ0PyRarKi0KZk1ekzkqYOPXtTtsMEN4rciAW4zazt8RE28J2K
Kc+Xn3/XjqCZoxuOlRE4C8UVKIvcAuh8e3MMDflo9aiX3AkghLY06R2PafaCUSrz
DFWnM9diOhsRNjuYqjuqzUpQOP10audkSJCp2n0tqNS0VMof5ylRDt9TD4rXr1FR
GC4w1WhixnPr9HKFYAZNgGtk2xbSmD0gbFGD0d9DtF9t7AFK/Gfp0Ix1tdKIAXhw
U1eyj5Yg99rhKPCPQMePJT8wCRoylXi5cVc9SVHIEzv9ty1Yhv5DroadkpxECf8L
PmZIh5kSMXh5eNMSYZBtnIgfAhjcdM+Y6iU2Jbd6aLvZf5bnVB8ka6AyqfIa15pb
khEIBQuxiMj5pS1/cRJAfZZ7cS/4zsDVXIChMcoXl3v8jqMvB1ZVpCUvROya8fzd
+uoWVNNX9SpoCnfC2VXTTMyy1JMSHChG+62AAy27xbBU+gq48FOspq6Y1cuYmqss
CP2Kp5BfYce42SS83t9RmG7aWYy4zUiTK+NlCvFrTfwWU8jf5U/Hq9NqbQ8VvQVc
taK3VTFj393kCfdOetIs0u8jQNEAG/Ul5ePOOeb0rkMdgA74ksK+7wKXnbEwmqL5
ka3fHqCzoARBD5+dohIya3Cd/2T+pp4SqfQ7CYpmTONQe0PRUnOE14IB3WfmcJsd
pr639sHCBfwoWedhZi2YX0pitlo6okPUMX1AllvGNfi5iD0A7SFF0pBEZ3I/dg/Y
YdV+ELzqeVOeCbgFrbecHOGwQoKg4yEQVpRwseH6oihqBm4HJfDxRu7OSr1C4F1l
Y3g86aOUSNOKNfSVc5T8GgTIcYG/9KL6o5HHN91Sh0jnBm3mBm8+caocgQC18WOl
LX/MEV7hPhqS1mYHd4+eXpx/FX2e3mOb6ActJVNysbymxCzUKKCdVsyWb6inM/mB
pfkUPjNNIno5hMc5HGnYOPf22n7HtwQtDAjDlkwRJdKJc6abjCyvQpdP03wuELk5
D3xDmsqP/pccAnX64z495sIuKcsmJ0ZjdLBdDDbOGWDNvE1IDxx8HVKZWTHXfcG/
cuGJccVc4tnrXdEl3TR1xeZWOLAeSm/pr01FacqlPwvZfmhmjgnZDQBU7OxsNAOU
C7I9l0/2oVJI6xqUlVYHU4mYx7HfG6xyE41k/yWVxUTXBZt8IBMz1EMG7Yqr+Qsh
8JkNYVi1xxcPjqxAH+NSG9JkDwX1bFmI4R3zeN5ZPWIs28s8OcTgTBAabN28G129
kLulAtAIYeumRqn5QUMyXiHusD66Bje+QYKTsYyumsxwcCGX55X267U19w59kNk9
LIwpEwaazElB2Cojpj+fbuhoIVf0Q74Na/iJ5cpE2XdHNZUk3N1cODusjGyRVmUl
IxbxMB3skm6cNnkbfYnluVS6+c/eK0Odd3iWZbFFiqB+bRyT9M99SThimhTuXxKB
78nyZ4jP0Oc8fxB1pKLjTNfG0YBHEeWr6ZBF4yd+/pKg720xdK/KspQcNouvVAGn
3IXWyAcaB76j1CTo0Txim07Wg6E8JCB9QJN8FhjMy/TQZt/Ms0lLEUowftD83cmL
R5szkj71uc9S0/NgyVQFR5cp0oBp4JhQJLdl9AzRZpkr/Y13z2f/0VzQo0Uzy7I3
xNqscnCQKfL2QmXnhrbllgl9wzAGfb7YRh3sgypLKwjtfYh/r/sjmRPRfK45KXBx
oVFtYc6JS1gScH0P14UCkXUkrsOBF8QNjIQv3MPP8qP1CTs45FO4LNWlKIJRZtn9
0u1k7pfOBNHPgXhYyfYgDWR7QOkS86Igbcqydb25omT4GBuhAW3/cdrmO3iUKEaJ
tCq0DWWjyecyk1zcm+/kKDlOcTOu30TkiAr33cLUQX5q0EazitrfCHmVzsdQ4jh9
Gt9MDQ3tWzVwCpcb6YdxjLRpxLxIahKhnWkzc6puvmCX2b/+mFi+MspyAEbVHg42
EE1gezhE7FRabDEipWxefKGJl3eASpnjpQo6umvaYJqM5xgnFD5pyNcH8O66yV1x
l8ZrDQhswvvhBzjx4YHuQGB9Wec/LQEaH5/o3JixO8FB4SWySX4iDcEb8oujZw1C
QJgbcWnPL9zONo7yP67g8PS7LEQPGCj26heeepdYcQTH3wihEgh1R1HTJJOyBaiH
bs5vHk4b+kF4a5Jbhqe2a+qOBlA9c7IePY+M3krBHGJyidBk2L96hqjQNnjiPSk4
tpPFbRCCLxCFqwVYsYOZMibrVbufA24OIW4H9/IIdt2j65eKorA+FP5arT3bSgQL
Xp1h92BEjYpRuNAiGX48WgpaCuDVe5HItlUuNJwwcafAN3Eh1Lg2ofUAYKOR8QR5
9xBYbpGcMjqrwG0GAY2kB11HAeLCDuCQtMqlRcl4jypA+a4KTpWLAOG9M2In85aD
wfqQsFvsczDuw9WuJzgfmB0ufkx0MsWP1am4Ges01DBL2hIIC561RCDM9Y0xRHaq
NLAdsFK4CWMBlnGjDzEN3UJUYGvv5EpaBZGXJJigxjUq13hsXgRqcZT0abpbKy80
rpeGw1eFyV8OFo2QZnJ5BWrmu8TnaKSVRuqzdsO/j7hZCulRh6a21unmmOr2Mh31
LNBU++kzhpye61vm+XA4hD5bZUzHSBwFbQgOLHi1fhONjIgVTEWDagEcmBAxMpeU
lw0ZHcMHRqumiD6kEHErbTt2xj8P+dI0dRzgZpFWfncz49LynfwekVok7dby48v9
5/viMQeKlfL3Kl2/FrP4R2xNDAMBz5tbAVrlezmE88VnH04ATqaF1ypKfhIFtx2B
l3rrmlwy0ZV/XgEpsRz4t8CJE5j0jJpUjMchMypfAtY3vAZ+7T5qFnT2+j/X9eFJ
pY7Fzs6G9bElAwePF47lk0DFsjw96ijcH3u0E1D200dzYOFSWX28owTqF7/eIDJ1
6R0j8DBY2bNcU9QJsNPGL/hrTjVnvQOKOtd41QlvJEbHM/IJgQarZDHMT7qEePv3
jmdRx0xq6ex/l4vIpU0X+3Ag+bpOvnQN8DrBVs0BBSPjfq3563TLxqpcyvIqM6pW
bPUWYA8ypfX8K02gvv/c8h85ObTcl/Q5AQdk578T0XJMUJXw5Y5yLmWepF1tKu6l
kNL+RT8F+sYKBXKMwYBW3Sm04cXaen7WteuzmNpixlL8EpaYAmTLWdrNOHrm5AZT
6SRUUfMcG6t0/j74EDSSZ7OiqFFtT9rKZksEC+BUdyYx0TIb3QHrgDsKp1YiECEO
zjK/NhKB6rWAAE5ksURsgNAI8+nWGQtcfFrZDJplJH67WPm1Bj9zRDipggGcQZ9e
N+S4o0MpBqV0dyfgMk3DD85PzMSLhsfN08N4AWzPd57mII2ShOBzwjmgKJEBngvf
z04/T9YLkNk5skqwqkqCEYiZTGek/HLl1554uH3wDYoUMBhxECwcWOeR3eSUYBho
QDd1Y7BKCEHHHWEAzYn+5p5KBDzjV7tOYtNPD7NXGcC92NbYbY8Y8PNiZFXzRifW
AJnq/xyRN1Rf9EZQWRaUDJ0XUB0UGeYZkHhBHZUF/JpoyblAnQvgAhfHw2p6ZY37
hrh1/FvgLqrOz1aZjyIjZYvDp5wEC7nYS9P0AYgbE17jE/LFDlVSeoSYsEKj0z0T
NJDlGbr7VZMqydPNlffwOVQ5/KuRr/8NxIKjPAKhDekotmLXzLb1sOfW6rYRgmzm
clRxmK5wWq9KRFUAHITvwWtiMf6jA+e9sZqOSOI8S45UlJaBMajlfTlVqkdtUgK6
BDAPyWJZ1+K/2gijoXqRQ7Yy+3QOn2O4jI7PcNj4MsLpG9chxtLNKUpfV6x/+rSv
bpREY779PjvPocCRKTQXI6DIYb8MEmVD/69U69dYBIzaWVRRrjcHWzVNKgVXA7Y8
gvYFMq+hGL8AnNrI66r8vO7GS+9Y0zoF6p1uCuBmZghCqyOkiUKfr+hcEZPhaj9i
rtpUTWmCar6avvPi/hN6FGzvgC3s4KHHqp6e3KvYa/RbKMOX5s51S7docsaQ0HeJ
7ZUumPKC/G8/TdOiI9BbQNST3REfW7Lgo/XdF2C+L8e+hjqRKVGzwGpCD1r/XSni
FCzLGex4wwmmUHId8yeVdP3pPAoYnP5TSj3QSC9Qz9w7TbFmSjl0UHjTNQasv44G
uA3hlpnI83m3L8tA58HkaXmw+4qHHmtkDCIeHMetEjGzAUxCQhsw2iGPMGIp1LB2
fLz6ZhXcdFqpXaWcgijJ2Zt8ccF55OGiafJaUB9XfzXKfhH95UlVJWpSt+Li+Ngs
IqExpx7dknrXK0NZYdN+nAo+jdEvThraW/ruurI7LD+xgFyJnU9chPsLlmlNaeb6
Lw8e5NqA814v1AUoL//x7MDtNKjNRReTvPq29HhPXlh0eAcYIlP0YrxuImCT0/sw
ufieY8uCiA/qJbEfsD1QaogKNzqNk6DnI+IXBxdIJZ4qn+XQd+3cOJfnolRRNdDU
VPQSfOWSs2PyKlVTONhSP11H5vmVRClCrFnPRuiDW8POARt0MQQt77enlW+VQ3up
vRf5gGCdc/bjIy8giEvJiGqzyC5thonQnJx01dsfp+/jF+1Mr/mxBsv8WSs329j/
aHsP3r1QzceEeS4yTrJ0QwClc9R+fiDA0Bp4UoBtGCiuMmBsUDUaZKXKjG25IknH
p5h0bPbEGsGZkbtdZzAFvDSayoLynrvQAS2nCnY5A2oBWGMdZfuBBIgno9ZXcCCU
bepI/g/zoXTJnuf/PYunMfk7HYgjBy16xWC+pwsTtC19Bfs4PaMZobhtKXPYC6aS
4rui+t5/6Uy+dDiNCbdZ0LT31JTBQq30hLFrro720w2gfDf3HzXyuTGCI6TZT/KH
uplBbVKrZih9QdcXDdB1EjRCKy1sb408011jtGN6RslYV5CjO9drnKbywpenGUSL
EQ9Zny7PUWTi/rHz/D5UyX2+0tqL4xaaV9vNauM67FLYXj6ImiYJ1uM15ijk0Rw+
CPYsL/vLhZ0Ls2YKSgXZEOoP4K8fX7gJ1C1eLgx8hvDTmD4o5lntO7ZIw2hXXk7p
VcgAJ+Z0qMNX8eyTUQ0MQMovaUlO4Klgjc5IeEdzOOvqY2MPg9CzOUHGifB5EWww
WXVo4ZwJeyx5QEZahsK3E1sctEHOZyydF2zaaqjAi1AQkTQZop3ktAkoGzy5Zc9L
PQ2+NETNkzet4CP9ur34mzRtibRaxk+nWeMchKKoVu2uk8CYgL1MVqa6bHHtDRWP
gxNove/KNwS0pkVWoFVTolcmSaMWm9wXgHzYiG855mPJ9sTePGEl4s2MjjTtIk78
WT/ma7tEZQwdiDlULYZmWhOcQ0xUbYYZMcXL/cJnoHhABgayY2O9lL18KWQ+yCGo
XlOf3s7LY5Rv9P4A9oBiWhtA5NHYOvOZOV0qFtAf3eLOnCmU7muXa8w28qf9qWXV
9BniObj4qo8uR9iiryfxThebQrYyK6TmpCU+TNo5hGsNkME5UITFwOgGtTlKiAqE
CizKQx3hYNIa2wB3R8ikK89PVdmHHDsnj68buiRJ8nWgZTVqoY0rcNoL9rUJOkhf
1gERtcRPWkPKacxqlxp+EGPEAjptj5Zjp0AuQc2RBn8HDJpIN3ZZUoNGM7P2uioJ
SJGy3/pZPWRMzczZvvS67GT2iCwfd8e2XG1gsER8Y/f4UPbn5KBgZuhh4mJerGla
Vv5Tz2ERroqn3ErMtAM9iolMkPqrIk6d7IYEfPKadFOKz03fES1kGT088uKBBDRC
uZABDPGv6YXkF0OXBIaOhD5fd7jtpKymN4mO4fFPPi73Rj/1Gr5WJnH56jB6uWg7
dXUPY7hGIcZD8jdoVT0qmeKbDQV+UWs6qcyDuwqHf98E8XtmRLdmRK6D/uZntVlJ
cdXjHVA5DC8hjHGhBbT0gGWarE1MuS8CFJ5tgZ3nHTpn99vx7SA08YZTHKWEV/eW
I8tCSzebWdM6BwT4uddT27oTjr8fD3EFcKDTEVVUcDb2aRkwst8RCA8TMgm4ES/N
1ddfp+fPBzb75A3XnGIsaWotFAVVJttsf7w0q3LX6e4WxEz+nAvVNNckQb7erdJT
jKpTSdLuvLWAvTondFWJCHdj+xV/DXAjp+MpbRmTiMeUDEiqgFP8utn3qAcQQGnv
hFiewUxKV7zkIK4icKj94q2fMkFSGVSiGQxWWib+7qpszJqXKJEnGs6cSoCwkC03
VopbES4B0rNZnb5/ZXt4Rg==

B.3.11. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7930 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4856 bytes
  ⇩ (unwraps to)
  └─╴text/plain 337 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500

MIIW3AYJKoZIhvcNAQcDoIIWzTCCFskCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJcdIoUSpo1n7vGPkIbII5F90QJDgjFBWqN8
mrP3eorKCd/HmE614/YrIqI4MD0rcJBkd6xNbUeBl2z3wU9w0tyThZKAxZH8XkNw
ZZu1aA3MRM+wqwCnxfJTSaZjkIMhsMe8U9ROY7InwRXqH2O0QRqRU4iJpIe5/DUH
dn/70YqO5g0HOGjzWS+6IoQdiHf3eSU40AlqNyg0QQT5CP1OM7aRXxt006GWvqLW
Lq52uimRL8AanDUkrEsOh1DggpFwsn/kTkOq9eBrjgNA8wHDA1BYfoLBHJQvn9yd
ivkXnsjIqoaBcx/61TLrP97dn2v4STbiZd3LDe/8yBCdnOv08qkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ09H8ZLLO2dMDjR2ysuZrqyi
j3KqVh8Rq7uzjB+IKkzFfun3FxVZlUAvIwb1Pwrt3lFx20ekpF4PzC7x9sdbxWJ4
ZJKftmD6sMZ7DVeV5GABH3ClO+aY1MWs10Lq82S1TBzwcJZpKf5srR0QCuXaQq76
47owb3Dd9Ecn03AIPeJDy05EMNGLRJFqc8md08ykQEJwHFXeZOotDWDm3lBAmqn+
An31eGbsWMcYYwAXoz65melW788tJWCht708gsiVzGdY4Nd5gQAysf0/iCFhQQzg
X+vrFmPwm8EJUmHPEX6I0V8ylyDXBt5qplJgku+51eH1BJtF7WWMVvI/1RSE+zCC
E64GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPmUUHGHIyJ8IXE0zUFiAKOAghOA
iBj5O1lKw12s28QbuFG9Tc0Ejhf/AcHUB2kdSeTBAKLACOsXNXcO/eDFttc+v3sJ
eVAZIO3p97XjwZi7q4YWIInBEFjVrZilmFnkmWymEEuhpAx8eYBZ176CRtq4F48F
DHekBraJgyEOpiuU/k0K0rsPu0/2W2vsy00QsefIBI/LN2+CxgPqcJ9+s3Veru6L
VbHR0Ih2NoLj2RPi1czHvU7B/dQGIWw5e0ZWJFAiEujZ4l6Vp/9I0CN/Wwj5BO8Z
B1cm/rrD6uM7VDJS5jPenm0O8JHd8TuJh2XBdscrw9sePmwyubHG11fViRotOw9r
ux552Pq+8Vwx70+nZVvST8LzYfKT/GmRt5qP1cyg8lUgiNZyb1wScDff9BIXNKnA
+8tZE7yi2VA3vaUMGPb1CWbpTm46mbhsfzRacyyB0pEK1mphHbPdU5pFYULJUhWu
t8O5q7gWy3SeJxtmkTsSbMfRHxaWQyzfOuH8iWW9IPdpd8bcj1Z1pklDe/cy48zT
TWUpSy1hnEOhuB/NLwycjT0pREGh007G04SvR46bH1t587B9Uy3qO04tn3NK8H5U
+hi0SpMxO5Cjp25sOrNToE++zO7dUe6ZjnBDyO20o+a7ASKG1Ec1bJfa26O+TxoJ
kW+R8eMHPF29QefDz8LIDozyulZ/telKPX/Y8pIaOPbnaqcWmO6I1k6kCWLeZAkd
VCpdT3DHbLDdGswODw6iXAMpe31811knTKebGJyX8XTnPTu3HOWirdtoMvmhOlMm
DqqSKR8+uxg3c0++pVGrXwCurOyYArWvkli7ZGy7Ve4ToAOq36hImlr+Zl+G8+Vw
Jj26za6H82M8w3kmuZRwQwqH6YzAivjVxutOnwU8DTSp2b+eIzuyb8dMRqp/X4aQ
CVGBDC5Uqrtccea1bs8pV9Q5t6KDh7jEgISAoTdhmrnwXWnXqcWDX4RCzlDWJiI1
DeMJ1DOQcxuMd1vO15qGRI8PLXa3FPrAABKQWg0zfV2UHqZP7kybbYCOQy++TDA/
dYdJ6SUccFfuYIfuUI+tJP7tYihnJZmD1JWPuDoIymjpnRk6t0J1ZRNkA9UaXWYD
wC6sLn3yDvKsP7ZdiQDUt4OfqW8tY5NmaxTSVdwOMjkKB9JN4KxWKsox15ntar8e
So/vSDBPzSLAjZbqOnP0RppwUAhm2eLiEPNmATCk08jx/F/bqhainHUZFmq/2D4m
WsoQogJ01DtaVBvtzc+6GqknFATY2wZVpbNe0RY5T0vnFfDlg/S8BHKrGNX36tBA
+2S/Lj6qM5B7Lk+BOqrJqhfquyUaNsmvyxFtGbzcdjmAYtOLEpaZ+QtdPBjaZGdd
J1v5hErhQW9At52gT35iZP1kKMhMWFkC09VBQw0QHf9hv8plt3ugvYpmLn4fzKhe
xytNCyLbaWooIDI0Tbpm2QZw9IJ2VyW71Qtqke0qlA5m4tkB9/PpIXu5xeC0OgPm
orNz6IrEGtbbg1C7OFEsJTvRLE6zzmyT7KnR1CjTLXQ6cODPVduoFF/qISe1wKhO
hsBHjdGdK4rcJbVzX5QkJbaqc09IsVnkpJfATyDBN4IGM6xzLbBXxHboK08928ZP
PnDUYjzyArjKhWguHl0f82ioF/Y9miD+iohw1TpHci2aHo1TflXgLWtOLCOXxV19
V49w28dLoz4jPIi9P1OpdsVK2q8gag2vndmDPnIK3AXbiIKAYz7GHXnCIKChgBWZ
TuGfWhVbmQ4yyS1izCmwdQ8ws0qCFethd0HaJUBMIKMYesmbwhw91QEg8T/cTpxW
IsRfc0bVo6MScz4QG+mtU0HnutzA2R6LmFBoaf+25nWOA4bCosrlw9qHRok1AVCz
f20uzQ5sTKU8rTXYwH7+9qzc+LDb47Y31s1xLNXGcGfOc15HXmx8EOUQrYeIyKle
lupWdhk5woEwRCljgnyqsMG55NbLSjpKNmaRYISZBM9MFZRUwtNKt42DgCHXLdM7
oBEMJXlUzlzoSmFKZ/eZ1yjrrZSZaHrvr2H2ulXLXukLfPSWmRX/TY4e5x707ygj
2WVGxTYLCwDRGVR3/ugq3hfmi5jfUHuX+/0So8NVwgWfL74GYJT4Zx882lfvu9n2
gy2dXVFzQwGI4hYUx/SjztSGpheuAvUGf6tJLBGVQz7Z/2LiNWge9giNioE9M8e7
8Vwb1cWx6fdvGiaUvwqR7tt7y6kot9giYVgEtzDBv+owhubFa5LFx/U47smDVvIJ
A6fElBOMSJZMU2Obp3ycYL/CEXtilbvX9nK3InWn5/ldG3JtUhWDSUGMxUonvcw4
BJkxZwAQUQieYYLUF5Q60qF8k5AIWHyp3dtQ+Yt1qwfBpm9ijgfJnxqmtVeUZyA2
dQh1cDhSd9UCodHm85pLfdIdqUcd06uqbR9TQh45Hpgoo9LM8HjeRXeHAYCiJqgs
qAnRgvyQCnqUibhlsE5elrdQGHG0n8zzVBYoB2knm8AwfrlbrVD+nTvmgsGNmIlw
9KU/VMyfHzVQrlfkxUh5E5ILVNMHPp/4RtQ/l0NLPfYfrzrlxFaXbQyVR0N4gTWF
o8OfmoNviIAAxp3Kbu5sc2k0hZHyw+ASxNB5y8s0gwvFZkIiow5VoGT9LWP7BKbe
1VdPq5M8/0ouuzwV+2L/KpqYNbOIUryuJJ/YJenj3g/xmlqcWmCybKIwXWqfawBB
lBPquzSz41/rrjmkrqw8Jcf0MrC51275U2RN0FEOcBCFrNquHH3OzBQrUxHIeZMw
mmzqsM4vW+7qz2ezpa7nPWGfahzqxtsJCs0DnZveLaIfiidQ1x9ePxuraXB8d07T
OpayZXMmrNyaUkxA042EcB7w5IrIW9Gypkcm8AyA1NgLYbh9hiXy7MMbKOV6sTdR
cC2cMoC1GMvH+NywpGWhc0WH0yZTbVH6ldT+wXz8C01pXCmpll0cjv8f7kwFVJLB
MjQUZCsrNwFRyo84vHTEhkviLEM1DLoooTVdvqd6m3XkhkHfZLKFKHIKH5B1SskQ
UPJszpZB2I1+OYuTPfTnbTIeQToxA2BB/HhXbj5eRx1LEQ56ZL6QGVQp6f14zGuO
ZjNQb8lwumE5wUQrw4aye+lv8ObWe/0nNe0swGqhXXPOt51vjbXTbXIZ4j9mMnig
9fIMVSHkNWgA5KUHxlc0XRypWWm9iwsTFIoW8LssH5gtyHvJShUGxXM4WlerQwz8
EmGefrRxv112w0IIV4Lc0F8kSgM/yxBE6yW0PRhorcsbMU7wHPj51yRISntcHG3Y
MHm28iiL+ztiEwlowne4R4xYGMT3aTHmXCXEYUI77jpocMP3rWLAjt19lsPAds1o
I7PzN/3g+0EFPh7pJng3C7JZwYhDJ8pl5y3sUB8Or+gcm+4pk2aHYz7d2PlRMy0/
fPaAeoIOwi4Rv4YoaqxNMYf81DuLcY7rJl46PbNPcqHNpbGBaq8ZH0b6Fp7hvNp8
dCyC439vM1bEA9ttQaOcYDi4bGSB7Mg9NvLfcGjSEFvbwbl8sLYsNrvAetKXUDy7
AK5qGHaRykDTkERofBdCACtruRkvBAg6EXGXtQQtHstDBr6J5J7Mc4jdsBcYaLU5
ojWxPYnDo32c6+Z0qWfV6rKgS1epva4jxSe7TiK7rkgYf5JzF8rE0ZAOEox2UYER
3HDuERoK158ln0FnyD2khZNai0O3/SJfyvnk1x1FYhpsS/8z0TFDq4UmSz+eS5UF
vqLVeJ5yJmcmXy1gSR29EDjeMI1fwzTPXF826D4WjZwGGecNt6KdaSP+PBqsTOIM
mReUZsSlu6Dg6MiIIQptScZH/6XslwzlHbK55ElqYTs8KY/pVY4sjYrxNlobfWpL
MJReUehfNwg3Ki39HUh9q7zYHxuIfqn+JmKKwnJNp4AOhIW1GoGCMuX3ncr4Yj2C
pRHiXXB6/pOxf/UQMpxnBC7fmPeYq0hxMcx2M3VjUWnWxN61jXbPIGgcpzulbzej
T5bs/C601iqgRWAV1Pr27DCW1VFPJARsuPb7Pg+USOHF+Vzjom6+TelVKgbQYQrD
xo5M881NCPxyXWsbe9nmYhZpXBFU9wmHhOCf0VFyDDFIdS+X4if8JxQfcbHan+4Y
+OdeWcCVnEzccKGc4K3sKhrhn68L4KESLKgVSm4bRWfWU5Wf4vahdOfGcczf40gS
NtW2fBTR7EQ91csLXE3VJrETcylQcdLrIykLbrg0F7qzbvi7RVXpUDrvQGfIsCpv
68b9h45msj5nGLh9f5onwo/DUpU87fkuUNgjH5r4FkNAjdgQI04aYbDQ+KK+1c9G
bsIcRhkIZ8fLQ4WtcqqlM+CVH7hkZwtMJXHXESB+n+iXn60tnHao2St9dtDwY1NV
lUIeqHTqGxluMEL8ykS872P81rnPAyVZKg50TW7iE7aLlxTD2TPOfx/pATDVyHLb
VzGaooYr8NHKwrGECZr1Mo0zb9nuhc3NHqDLj3gtwnT4LbVsgdIXwaQ9gEL7E+eR
Y2YFrtz9AXeuEWpvM/DOZgmYXIQeHv4VPv/CSped5JZMMQ2ZnXrG0ptqNgI78Tdi
xuHJDKVFsmLsHRDX0Q/DadNMcCjF05i5pQjKqRwVI7BF3vIajtMB1QQa/fYxK3ib
94PceJKlxDb430CZgzgW5+e2Gbo43lP4f4HDIzk7lbFtHxIZWdqB1gYHf9ZFXF6S
9kIqQS0plZUxv/4fqLFQ4gs/caAufbwtfeqfFODwecdVZwiAGfThrOLhowxJGhMf
NIU3UiHcv+onKVNi0XODU2YQe9ONr/rK19W54EhpIDa6z/dkTTGCw6cRtvRN22cI
KZEKfU61fllzaDV0ea3BOVY0mIrsTTQTk47vH/HYRXAubYgEmD4WXGFP20tDG0lI
OAZ1h9w5La4O58urEk002ZJUEMxEZlBzjeTljb8rZoefeivEJ7Ns0gitHesLJv81
mWrqhx56HHzLIJ6RxW2ChEkZyMsjzYK9eXQ3duSAd7Ye12/dVQEKQVqmkO6UdQJB
76kbQum/jgmOIi2mHiFwCHeW76kzfnIqzxd0Wu8nwQj2OR9wHO7KoiI+/T6ur4s6
FP1VBvzfUXt0Qa9EaI9wMUYAVoZ2xNyZSzpLkQh9Yec1FycEjzkW9cjyBYkJSVwc
WDVFDFDdjZUulonv0rmlz9i9fsK0tsDYcS4TDkimaDOKrGCtnxbxBzzUhEm8jN3W
qoVoAWCnE3TgIbo4Vw1gkFMP37obVrw9ocSMklX3+Lrp1B+Rod2Ps1n6LbuyFXr5
lZsfFJr6eT1DFQ3JBIhm47uGURZrKAucCK63kh3Y1zjLlL4mVDrARMnHYZw+2hIA
lFpuTp7Cu9DNSAsMTIykM0UGNU1XsOGRPo1HkmfxFLCHb8G9N9SAwGggAT4yg0n4
TZ9TbG98508vyMfRYSLODZ+63bvunv+RUtMH40WQE/tE0WNiykDJeQ5igkeLO1N9
SIsUXGsNZG/8UAZSvGxMsgPrjg+7dF2afmE4IHRKFBhElp2TkIaKzkbYgRftnnSC
JYSueC9y9IwDEH01R2ZR8keYLGRG9cxJBWb0Ow2R04XmbarLyvFih6AZ8WnPdGPS
mn84uHqyOupRaIDwvO65LDs07v/ArqkUZcy/ADw6F/2No9nju7zehWcnOYoX4k2x
x00JPki8h7nQo0GH+qtIAwt4pAXorqTbGqyWKXgW/TBm7uwdg+ciIaUL1hStw8XV
3RWW2cmL1ew4DzG4auZOOpAPxkOkPq9gOj6NjlPbAz3g67v82Obv/YOzLwxa69jU
MofBs5itg8XQf23gUVN8tC2zbJL8letTIKnKGvxelQHM96R83PxT4gUjfnKR63rs
cyrtlqfU2+PKa4SByfb9NgaS/v4h2R95j6JGGtSW1Ua9rp3aFLVf1fACHiMz9EJP
pbPFxUnT5GWxORbP5Y0vVU8RFgR0ArKRZhn1Mmyk9vRaJSrT+6K1c3igKDpDvcZJ
AF8NHDUL65szSSWVc0b50wlwBfAIW5MgI55uqDrhTleip4lbbWNwxcd3a6yba9qv
lu0ZAD6E+drFKgZu5B86BRnvcCYGaK90WaHA72ptEQcSKbAAe9Ox3IJ5Cl5aCr1m
M+2nh0x5JbSuCP76n4PJEgrwYJUlSsHy2ga2xMc4wIvi/hkgvthWNLi3unev6A7C
zF2AMR1vxDJYJV833JkA7oLEojGM9ykjmDBkV0QfD2WPyLAFRLR70BmVo2JB1Utx
rb+g5Zav7wI/yusXsFMjEj9rEVhBvhNvpmsehl2ZnvOk6jUr1dNksxH0CdT5hHXP
4fEeZuIxv0mzkAbWntTAYy7HAhBp7i34Pe7c19c97UnP1ZYB8xCWu11ty9kydQQD
9Ve8V2DvgTdgLrc3SHZn1BgtWwISf1jLRx3IWmB6kIRTKoqUND+Mh/bgblfnKy4o
OTPmg2hFLvY64mJEnWC5ATZUx8IN71dsKa18CyDCVWjaq99H+DMbBB+DWk15nbke
ZPwTyUM7CiHIlnpoMBu5Xc9H/2EtLsESNZ90tNbyQH1eCU/OaBM/5ivEZWE3VCnT
7VRke7s3JYbcBAkWMO1oRGj/s0HrPFR6ju7LHjZvWIjeZap1Zf4ldJpTyC6yRcs9
DjJIu9BUU1QE/t4uLOCPsCLlcmTzXtZpD+jV7+9wH8s+LZ0AE1GH+3FZyL9p3UA7

B.3.12. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8190 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5058 bytes
  ⇩ (unwraps to)
  └─╴text/plain 432 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500

MIIXnAYJKoZIhvcNAQcDoIIXjTCCF4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACIQq5gYVGjxS7N/umioYGQaBDzYuvtRP0wn
3/iHOuNThZd19MbrcaWCYkYZfrFFpAuqpVCPZ8mtxHrijYN47vAQUV6uOSDoZYft
drJZYTnB3yuCJmfeS9zonrI+CYksfA9NwkFJdyl9b0ILw7tVf2QFEqX/5tU+6o6b
NEoxlwp8I2+tICsm2oXq7rLZq9Wxw72pyV9OzNAwajOQML1nvPFyV7P1nB3EY6K6
3Mcx5TMplYEYEQ0sDzftTXfsau2fbQ756q1myA6aa344Y6j/oeUMeOuuUx/dQJMy
BbvzzmA6bLmr1mBkuSJRher3NNZkY5BlYpziXXlzrdkZcClYAtcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADTrdvyR85I7Vq+f9+ow8LIO6
6OgE1Cs5YeDyvYgdYW5xpKbd/WKj8IbrUqN7ucVaFEyGjP9Iruf74Zw+MA9CO/iZ
SDn+UiblUlWTqtiWx/4m8ZIkEkh0CgcBNHJT/ZqIF5WclQKqvxJGGUBlBQBhJSd5
snC6cKkTedQBfJ81GZT2ZmoX0dRLABvo/bu5k1h/5FtQibRcd/XGzIeeSSTsiCS4
8BsQKkx+mBDsEAocaLIzHA1Kmm2fDwPwDBDDcGAV4P0nnzZWK5Zdo17pJRpg9yLy
OfUh/w7EqPopX8bHRQuyLIoFs9lzNgMTcGmIg7SL86SfkClkJ831EXg4zX6DlDCC
FG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMJrzgXD5KffUisHbSEv+TWAghRA
IybXhrlTywIGr1n5kLYPD1+FGUjGaKjKFAIK6MYGZur6Ba9G9y467ayUbv5tpU+G
EF8VfYFZG5o3NL809/9vII0FG1ujgRN+t72UvIBuZTDMdP50+imi0G0La93BNdd/
bZ/9eWFM/RGEIoj+krdearRJ9xeb+Y755WcrvlyQBhgDwlTeEAdDbTj/3GFGjIYO
jypfQPfUNofYhFLFi7QwrctHzP7qele64/i4ouHWk1ETw9vzgfxp3CuZVdmImuQR
PSXHpBwwfMnqQXAV1keUPqCifrNWkVgEvWGPBgLoC1jhOK/lbJUBpvhEiFtbcywd
gR7wg0LEsXe4zsEW6GJQy2wF8+L2nXAA3XlSCwpHPj1uAvL3spgOTKd4tSlQ9f9e
5DeRJ60FO4KIq7xG30bwBAguprf/8KzSl7xVntSslz6sp0YLk2OHcD8EC9ZkbkcJ
w9qH487wyqWrl0gAMrxWyac4OsXJV/SfFvYjBMGpBrZXYPYO3Ay0ekLT6xFf31Bb
OAa0hi/TNhOjwBpeEah+zgAyUYla0fsYrQGrJBzUmQxcSWATGfBtAvHGc3EVFSH8
gyP6B0k8tm8vz6Gkp74S/3BhudhO818GBM1RQ2JNwhdXyBmwiTUwYKjCrvoWcSp6
CgTC6c1bSn9u3zwkoenBs0pCarBGHMbL6TytfeUb5l1Dmtebv92C1F9i7x+nuOML
ZVKjjGTISnWJX86Zj3bJRNQHN0j/dQMrGhnJmvIpdp2iayt2vR3yYTHIWMmI/H3d
yeBNVb5pU/RWt9AfxkSNZjrEh/tiMXhawYChB7aHpGI8diS8N5mBGjvXMFQMtGqK
8oFwocldvtjpALqmlYPRaPbLyaZNQrjrCFRyLA94WyuflPT6EWwIycB4spSWTriv
uN7aVVZwxis97frZ+qeavt5lIRSUwmkliIM9bwq1NYVjNXHweN5IBVHvIKl/sjdl
FtmCf9eKCspXsEKSIRvN+AFTVnfP7VQB9xY9OMuBrgwzDoknaZKzJs5BvD6VDqvK
4N5eFGhmQqWZaaN/Jgyk/Bg2Hf25146/wsPsOTdRm1urQl9/G5QiAggZ9OdCPKJX
qdmuO9Jg6DYckWE+MG83Q0gkoi5s+z9mZDtzPCIMU6wh8zwRXwAFVNCi2oNE6TMz
WnLgYyYj/YioeKeYjgAXQeqlMOy47wXn84Za5XBOaNmYV5cr5MBD6heVcQauCHTM
ofotrXaRsrqH77iEVsG3i0BaIagj6KwnlaCmy+xCMDR/WEIX/t1UQE6KOhNGHyFP
zlGaxlIHlfnjWweHoyFntunZrY1MbTnmaSCA+xx/ii9lg5urxqhRPEtbUv49p0Bo
CeSQ0YCTp/Yla4j80bPDB1eno5riUPDzR4UNsLpQ8Fms+qvJJk5e5rsA38Z6pOOi
KZFlCOQqRw/loZgoiPEhYjnmyM6wZyLeZHzr2NJINYyB0ODP8AG71xbU0IFEBoOc
orxAjpAS1giNwHPKdoSdCAwOainwCNvDuc9XSHH//sL9tHQK2o6h/USpxeYK8weC
cmkQD06rqzZEXes2aHfuQo5hq19cSBodUqq48KBGlCF10oIIQkVw5X/PkKX/MrYk
u6rk1NT19Eg3+HUXfp56X+qQvx/KSlC1qRzIZrq4x7p3ANQNSUM/C5h1stMD7Q9L
WNj19BnTAJRJLnASVzBJn/TvdlD9ersXGjwpzPe8fAcXJWfPP3D6gsLdNP3imiac
Etg6Vt6PJtvWO1jf2Gq8lZu4GX3SH15n4jkDOWQtJO9hEG16PCx4zT/5TqdVpYxO
q8QA0QTXjL+zONDwCCgL395n9zW1VGVj3HXUCHo3vLRwRwEazmyllJf7z9nsGyW3
Ol2kMeLE9ddPYavLm8FCQSDq0g9W1w2mZDtRahx66kV9WtOXJdCKU1LPYRr1/gVH
VKpC0NR5f/WNB1RcbCyFb0TqGVirR4tletjdUIbdY2nRov7PIV5hNH68WNS4pJrs
ZNP1iYiohIvy59OyBzsz2mQR/ETCquOf82fJCXRxZ0wphAdXO2oy2o9Vky/njGFf
Fz3EStlH7Z7EoyLkj5d5F+74a+1hWzShS4mw3aX3LmsNq9f5MWC0TuwzxDvSGPU3
PeVLog/vsCNt0fhrWold4Eazc9FmTsyVKtWgNopnXrDO/neQpy8ipcRzn+klpPmY
5g0R+BohkWzBP1aIWhF+b56ZL3Afkpqw5q5LkXmHCuSlYA6yMhR7govC1uFoGJ2c
dP56jqn9y84MqKUMw1fhizhxTjvUKfltPk5398zwQTx2yKRH4bThluK82EFtnNC5
B6E7uTGHX4/x3nz6Q9hLf5zmhUdFJzo3bh0KZx17YFBEZMHFqdcv9jXMBQzy6aUp
qVav9IzRx7h8uYGUwo2agvCoUCuBbujuJrm1tGy0Z3IMxy1w0KMKtkL4Q2uunLzm
MI9KratRPCpqZ2yY0HoGoOUJUmua9CGxrmYSUCWZVdyMdGoUMPuUc+7hqqSvChgq
LfJSqyYKk8TQXVycB+Zq8Q6GI4POGaorIJxqenAMQwqsNziX4/X/YRWSzaHf8PNq
uHUGjv57I36gUl10ZKbsWrVTP0C2/DcilAdhHyJmynoYDpfkMMvmgPO8A66Z46//
XTAtEipnx3Mp7KX2D2M8UyYq6h8c6yl0dPvgLAB8ZO/Ji7/XTTy0z8hG56+Jhslv
Tcxgk72593Vqy9Q6Pqvbe7EiT8kAes14lP4kj+DlTJ0teWoc6dbndK94cE1fE1oO
S7mlF9RiDK4Xq71EbKn5TINq0JsVBv2LHY7m3fPSMHAqrX077CEOy+Xi2PpNL+45
k2g7mTjU15dCOYWuXF/Ma9RiggjsR3fJ/KOu1IqAHkG402O8WF87Ku6wNZUy4bE2
QJYljwwnBwej2sMjSjLpr16fzvPm7hTx20Og4gMZB2qTPtL+VcQ8oPSVUWuEDuAV
Ds/pIMaQUr9EMPSqQumDXpzehQMe4FGaDUu0AF5ynuTacYKNd0am8QAA0mT+zB7S
3Om176opyuGSbkVqff5EpOqKZzk/QTlWFutby/3y3mn4qmEQ5abZ74CYHVuFcQ7b
vcYDHrhgNqGnMVqADM2LIEyl4+SWlrjekytTOr+I9s76C1TG7wu3q4elefZpGSjm
z8DQG/TMK/pRFOyAiFk1PtqiD/VYcUxPQmaPMx6Mu1VArGjkvedqIVJcTF1OsMIy
UJPYGI49Udgb6m4KHK7Q3g8ZMf5eNGfl7myC6mf1/PMSmb+19xI3cW1De4AJCrLn
eiTrLL+kPYbsDjJLzwYAWa1N45ogcCFdKbRtVR6G4Se92b/CU/tdOEajhj19lFCm
pR/oet/vj8C+EH2wgjbKP59YwVTQyaqknZQxhfQIZINt2TCwLF2VT05qGU+TPhTm
UDxOgTObCpElThELwI8D8DHHV9VTrE8SbyuBO07+/6B8m/Qz9NgHkPIpc8Zs05XQ
l5fzm+Ck0IEvY1pc76oazSqN2RtImopUnoB36IMZ1TghD5O+4ywZTAFpd/L/YNoU
O2tqE+hiZ9/08f87g4jCGgNBbAEX+wiGUUkt38riDgrmXvI5PsA6LM4FY4p0PVBN
G4YoqMypb/pU+CeI1yx50N1v4HWhgdkyHN/twWTJyNGESpVjKdlsXmAMonKrJZGg
SSKYMb0T4vxG6PjT6Xg6F7mCZmMAMztXzaEAUNqjr/1taVW+RplkwzeP8JvOTGnl
zOvt3DkVWZqvjXjLHxEptCy2ja9KlPzwvXTZ1KotdAdC755M41I1P0oQSHLCX15w
WAjyfghMQOnpsK40K1wVLwvOW37vkxmh09R+2BMfNRdnXtIO7yKgeY1qsZrgmAzq
nGTXthixWwsW2OHKLeZNBw31h16k1jDm+8twEqe2kYVUVwX0VRVHJE+zspuhsK38
HVt5vCJERCyXRSPYZmoUjgRKY8LpvzJ6U2rv8k+qo6FAIGY3o3sIF7baks05BM5r
ME7dMGsPTqpkCNlJZA4V5JM7lzAwPu0IsXvIeNQw9EK/Flo/7WftoAQADZ5fLx8p
9XNA+/ycwSsCj6a776f0kfoL+Bx9bA7FRvZk3VY6nxT6USrcT4vrsYyANLc2xVDo
nRWog6YpHLv2TtrLCqSqfltbeJxwHEez+0P2MDhVvJYpEeiyZdAAvov2YOF+PHyy
FrAUaltnbuhem4aHs35aaMMmCGItXBV0/cVkW9dJn++8Q0ouM1TMBzFgEKdwVZRP
LdP01nDyyh07WJFXK74f5y2ila2gjAVrg9VsuCuegKCmMb0SoxJ+10gFl9H/F+qn
3Hrx36LBy+tBj4EcRJS07q9m35hmZIRhE2zV7yfnpSYOWEHXsVxeL+aanx1dVIZ5
D6oKjPH252uV9WKZdbvRgPgg/l3gLAGTGXvPbPL+EwYeHZkDVCuU234l59t+Db5w
orVZheuE5q9klV0SauNu+JawzU9UZg69m5QnJ9b5fyAMtAFVVNVlmTzZsonY0ovj
KX6rj76Y4NcLjEKXwJzWDGJvZHv7D4KKgK+ptBpud1hAfmwlDWH3oFP2uelz/262
0sUDU3I3IZk2XDKbPkt1Z/3+WyEpbG+MSKeSvHKEENeqlHpRK56qBuid4QyfuhO1
cWgT2D+w/Nx4WQcz19h4LWYBecrUml8Wo53DQApeLJNMdUzNgeKKOFxs3an/y5/g
NEJT4p+kCpgQfSHJ8sKujf0X8/HHoaxfH3Vd/V2wZrYCVf5IxECQ2xyO1lorvU0w
YbK6euqf597puiFolZtRzOaSnuauUvVAQNthTwfOhUWswoUC/i+jaS9m/4GkIoUH
S6zPE7/w7KBrEne/4gtqgpSOROl0YDnxOGNIFOMNUjZ1zlIKASa4AuU94hYtnix3
dxg6Y2g/v8GUe8Z+RKoLGdjzavyu0AVgZ5O2eH+u2BalxfpQpbQtVFxZEFCeHDLZ
w1IbrXQdbtoks9WVtqjVSutiX1Yf07JQCK20WeGfaVfwvmd54VWBNypXSce1RRhZ
Ek0uX5FGd71l59FYucHQ6TNPbS1fptvSfsiaCqPzU5Tqk1XLBMpdwHrJQU605usd
T4no88uZnmoWE794m7CZ81ZpxhluRB3Dp67znf3gEYSFpTvtRvhRc/e7lBBmPWZH
NY+bvMfrfnWwgkR57Y3wrKLMMcUfH/R1PcXQ1KbLA4FGkUUvc6lVW2u+wfHX1xX/
s3ht5TA4CJ1tubjVmaSFViifQDs5BHADZHVmSPdmpDVjogtBRYnDVNqIEZPWqdya
eAlLLPLNjthzVWmnWF8bBew5sWsjlV5aw+Ly5tCC472KLLM+t2NcVB44OcBa/BSE
p/vh3TEsoZ/m+UfK8EGLqNVs2vPZhuVW9i19cN/5ALp497jj7Pdq/LY19x8VIrjV
EqbFPWIKeRDcBIvh4R1+0Z6nlHvILjv1NlNABnKqHwfjCQicvOaE7OlJ3QWWbBjC
dtOkxhC9+gBqDlq1YWgwbEzDPcFVzcCmTPH9wHhshcmp25O7lxqSxONeNcGMKy17
yBSrKmaQr1escqeLJLH/yofTni7sb+xeohrz+YYJraXlcdLgSK6BzpF7wpWhMB7c
Kyc5T3ReUPHrm8RIcaccjIwgxxyJ8YW3iCpH2s+vdaJnEC1Aa6D+53+0aCFg0/2g
asqTZ/iLws+bFux6MrNs8cohuvtF8Y6A/++cp40kp+PtSN8G7+g1CmkdZZdMg5u5
9J8s8SIrSbVj3y8eH/DSWGQ0gMc+NYLaWBXNReVPndwWP7aqXjLysuRAVVgOFvJa
zrwFU3JeUphCtGTht785hFePHTZ5IZBw+DAxvWHGX/5sIBokYH9E6l224r3ikUXU
DApjB42XlcYwo386TU6OUzfE8xHaJ7o+nW09t6sWy99M+BYngsu5ghjqIz7EAZjU
BEB4pDKLcVf5tXVKSOSeIA/nauOxb8y+xve2ZkY8UARMwrtt7mqgqYgB6/gLD7Ah
Rw/Zs0+oQiNqv7XTY9clU/FfAQlRYiiz8o9fU783ccpsuw0PcgtnHWqyrw5I4vl4
fRHOIu+dIl3Bl8fbPQnoVJkxbLTvG9plaXf4fKPpYsR1zjIOSFSqimx/ogkNjlaq
4eG8h+lcyFIT2fmz4Pekl1uASudAGGQn4AGPu/d9FsM6LJv0loYzcQVI13F1ASgz
Eo8/ks2dfhjeiMfHkGl5aFybZAmd1f/sEtbUX5rCGkf0REfa17TC2NpB+OVSIJKI
V8sLYNVsZc9eiBJTli81ZWUPzNaFtyk8zRcmd1OzUIvpESNve8x/USztcqIpMIwX
N2mlj8D1qwnFIOqgHEoMgWx3Dm9EMD5xjgCA9f1Q9dkD2WHVv62DnMUnSuYH3NKi
4fZ5EGXTNezry4SpXmgLiEOGpiXz/wSLP+/n4RvNfJ4DE0D27wiHchvTAyW8IJgo
9uJU/KuVEk+cmUVwAbqWimq2XpY4TyopHyVjSFy7a8iaYs/sd+u2E2EEfXiyVra5
UsJmo/RdgZSCt0yLcYAKsO3gpXW1KSthrAUFYbSDlg7g5nQ9y2JyLsZGhjM+c1/I
6fEhOucX0MBaqMWpS31pMw8LUKSKOdiMXS+OlKzALyg3X1ObR1yK6PNK4XWs7L0+
a8nAdbRwoasr6SrenKYuTPkuRhLEkj0k+V4B7ilY8xGYuYjiZkxYxpZBwB8AM07m
ck4fGBGOOYdaGhraRy4DImP8SzVebtEj7i4wN7s+fHs3c8d7c6QuKOJhicyK6Hj+
spmo/oEd8vsvHieyu056IHduU4aeDkVoTYN2ks7itpuAv9wMOv6It2r4fob/aRSx
ExuZeT+RW/qnFpLDiUXa/z5VYZH32Ea6W/MUjoLc6VqzfGScE0FKJte+XiasJ8BG
yLuotJvLI5hCIz8gW8M4nSo8yly9VeyZ7Fn/DLsoJ32jQpYmhUjKjtNzqLcq6Wti

B.3.13. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9600 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6090 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1882 bytes
   └┬╴multipart/mixed 1818 bytes
    ├┬╴multipart/alternative 1132 bytes
    │├─╴text/plain 375 bytes
    │└─╴text/html 473 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500
User-Agent: Sample MUA Version 1.0

MIIbrAYJKoZIhvcNAQcDoIIbnTCCG5kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADlsJnLbSLD4yijgnKdwdrIkdrbDzNTnrsjI
XELuRjHPs7nOTTTgxe5JUB/m4j2jllvgnwDChKkT+PDtkEL8N/V1kMBk3jXtkr++
1iMYmG8cTMMd5XZF4X1vErdv/bFVg8Ymua4nOdDBxB4KvOmwvKnRyjGckdYFiUfJ
vfG8/XxKEVXtkiNBDpZRJMnDBu69XZWWcTb42fdFElVeM0o/sTvsgxmpgIat7DpL
Dm7r2jck7QSAOPzGy5FE2WuKrS6vfS/zKfQzk+UcH2ITzEOVnjCDoQ5ms7BabSGo
v7x234legTj0pj7YFslTBjsg7pVvdgQrZbp+1UGu07mlY9+1LeswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAYe/qVc9DeE8uN58IMLmig4J6
Em3s1GZ8dlnSQUXLxibtrp0SXHYoY3HP43NhTP08Q7MY6s4g8ky92uv/6Sy2BouY
6rs5hauyXkwq6jd2eq5uE1yiMjFEI/UIIndyVRpd0hlfKBb7rcxBIG9xd/fRszmZ
d+5GOVAAsdydWjEpduDs3WCGdIElYPHZzYQL7/NBfxdUMHfV/uRP4AgZ0pXSh+rj
F+afl0IWoBLtnMTS/cSgOZdQeZCkVgw5iPToN8+Ouoh9VjD36qMX8pGYgjBgmfQt
a8JUcsnXrWH+E1xIbSGjeE4UUVNbpMWWFiF9YHKjFbkp1sXep1EwGQ62rM1uzTCC
GH4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGVEaKPoN0f45umZdk1R/aSAghhQ
xuueA5X8gBHnNrwKdgseRK3rGHc5NuipuigT8D9P4g3Ve0BdmWDvr3+eXCRh9iB9
sCFc2xX0Tm4+1JA30QdrZ92OFCxcMZnhQoGeU1mxp/gYoMcPDyGQ1vM5mQ7I3MC1
jyoNaqttYFPRX+fk800SylK6wKnjnKifoa+WEhjZL5HrrajUv207jTzaEjxQG1Eh
FfvCBZ9DO9eW83toQMO+aP86arCSNd75rbeQbDYtJR/CLXsvdCx58SLpVBoO2IYt
82x2Wzu7RH8J6/TN/simTytp8bfPW2y7/FTlEaSWzCpxggYHBejyzBffOgbfQcDX
xwr+sn/rMiZgxyDrW2/7DUrGHfakueR6oyu2vqi4jCCBZseyWKcnTpD3zA56YHm9
PcVHyIf04UN6+gOvslb7+SqgNsvrfz7Mckoxuc6Td3PfH9aYm2TPjOZhnv1B5Uj9
KYWb6tErITZRql1O1dOTOXTEXV4K3er8jBt8IWHubLkF4uf+nh1Yt8lj1JBVqlv/
tiu5MwEbnjGR3zzDoVX1SybkZmLma619h9tF0WjLQ46oosbLsS1Ebcgs72bg2Kw6
qsd9ANswKPQJF/D6cdE2rehgvi+eHfC4dwPMJpcFccPT3BKVxJqYowz6+QIxIHgJ
9dIYM672GXUbJopb6u9rgAX+l4+7z5u9ArP53FUc+J1ak1pqwhUJqrgK/eA065MZ
Zdk7b7b/hoyzLb1zdomXnPvRGHHMgOmmFV/oxG4+wLaZpgorbkQdBUg/NZxgRkX4
kH2Q8OZx49ncEot2rrJtGXVuCbJdjci3dyvQ+w3f6WWy2tD91hKGegxGNgtVaPW2
5buo29ndwuayo8+gWPjHjp01YmeH6fSPooymYzkGVv1cBPTaSF+YEM4EYUowI6KB
M1cz65gmQaBXDMDkBEK9K5QahzOpGRWix62f2lRRGT40orpJYjnq92+VfLvAYQbs
XKVEm266J9prQTNlCd9lrsE/Yqm6owi8dqBykamLajixzfPDVunxGnSvlQJ3F135
dsDTajbqU2eIsEZAsmbDRxm76CDRy4XIjEJ9rUHCPSVI9PNL2GqHQKXUxwAr0RsK
n+eafj2+ENmZ5N+/3u60dI0H/E6yEWQ5cA0/G4Y94sxg4WBDYNOMInqAU5rDUjnK
6jwNWVwTZPCUJ5fX7vguO8BbM/+pD4Y5zhsHbUxaBBZw1uJQ1t7N/cLLVKo9iByY
ta8hy980qW5fIB0HXjpOd2fn6qYFVWpygWoKqebP/LMSZq3GM57KuXiMyN3fd3I5
iKc7sIdpYrL1mr9JwtckzIWnLJY9G765GenqJ/6co6S1F3p0wM4oZk03+cUIdDD6
PbfhDwOMXJ6NoOgCPqe8rmYUIkEooQ4tTXj3qIIVbuJkSdOLvqKw9wYibVQP0K9i
CR3tPpKXOrmUvIdmEGYJqxCA2mPT9rmb3PH0Ix4al4NZWztVW+9vvvrX4Looy6Jm
8iroRS3owiM9A+7zPRwOSqrP+SZS7s/ke9bxtM6HXlF9YKXhvbLVHnJVcDyO4p4h
deLxY1E0hVwRaLEoNv4P25Y8gHr8I+cXVmhl133/6jN8FeH87bPg0RVKCvWyRF2E
XIaoWp2psCmc2luRC1PNhYOWex1cbKjftMUGFn1PXs2i9JC9Ein/Lj+ZRx2i+xjT
Ju73GqSGskB3VmgcOr8ik3qRLcedOL9uouxTQy7Gd3y4ud/bEnaFXjZhSLo5vDUm
DvcRxJg32ZeVGgTHZv9CE9Jd90OArUVHSPId/CfID22ru1JcDu8NJf27JLm1jaXi
RevSiY6oJA9Ev3vPU2SokrEqu5AP6lstkLHRgi2Et3XKkPEftYtQC88TiIehKebd
pmjcLJq9PICS2nWddEtcnjoWh53K6gvVdkfsPC/jQCGzm7/BFhZB5nbgv0ABgh6B
exfvgn/5gJLg7u9Isj00uZIgyf8iGR1M3uhqz2GVDZf1llIXT4PRYhNHCWAJ3c2n
fKrBhqcIVTtOiyw/Pp7YPTmdQGMb72xmvPvlYu6DIR4j+RYb4b2jNRz5+M+6Weo3
ds6yQUNYF6wtmmE9bqGM89DnAVJpZeU+M6a+xeU1Y+osstvjDDDQRj74J4tg33N6
RybVoUluaA8fvCWC9ex0CM+Stym3D5pBYx5falMD6fMxTK8vYgS3GyzaOemG7vsZ
TEPJNoArAioenkgVl9irPA4FJkPm4+Lyg0CnNNpxkvZANQkxJG9AqlXPG7TR4VXu
xd4gYMeHkhc0VsuD0Y0+9OEmWczOG4n5thPE9d8iG/KerPRNmxtTNV3xbdZ3DVZp
KcVru+ZYW7oTXrrkuBNYfpfGFLwp+0d0hC1ar/15+6+HrlhgX6JO5hUE47otqZx2
GB1Ffb4rIED8YLYU8RW7olwamqVKHRjhvb6ACXEB1KsEQfB1xZ0W0hlIJYPpjBWr
jaXKpPClyEh2OC/P3reQ2UBAiLnLmq5q776stL4bWm7eweT1kkVc4/IT50unTarn
OMj5/1KW7PErdn+EFd0QJfNVMJriLlm4sBqEd88A3Pl/0pBCPwvXP07zin3GVECz
rwbx4a1uDb1cDri3FHA7/cnyap5M5zfHV/yfPgAqqx3YFOunmRjlWRLZxO7PgSP+
SxQiZLLFriNcBcp5B40t2koAlRx7aFjpXVMql2/G3xqXnTVmnwuhPZkW1i5Mf5F0
2lufUK2n3T0Zgj92TKP8ue+lnDO+1HE1K2/w2846rSsknaaRQ1k9qCjd/XYNJ0gQ
g3bMjcT2n1KjBGGx2y2I4DN94wVR/68tcLMam+bkvrKPRo02c3bf96mLg3CQ2nYo
11VvGCoP4ucP4pDx2AJDOIaAZM6bj3wN1UO/2y+QIM5R6ABjqAGC3wVNvOCpgxH0
QNPJIJA5aEzzoijsryR0cu88LkqhM8OCfTWlFuXW4QZkai/+zE2jOwuVLnT/eS3h
Epm/X+qE1NzNbzvyJJW6W6eoE1HF6XxBeKrR6AMfXKjHAp6WtMS0ExNSNAaPIG0C
quLsFdngIenLP+7YURyCuuq08SKQDIm71wpMLg+UTSennnPpMfh0isdYqGkzdFTf
V2EuwYy2Yi6x+Rjc5cq+g8L7H8RdPq/zOtvtzSM0CxYHn/XeuidJXJql8f3y1plt
tjjyWnpRyZHKQq4/wHKf6/7pAwPDU/VAwAeVN7XbXoq5AC8vCYpu2V9VIlNSpmgw
2DL5wfbhZREDZngq0QM472uvmIICon/HbvQ0m+p6zx8vAJ8wWb8JiXflY6ymZhe4
UckJA2PE2YS5/PR52NOqkPUzlZq4BlrJ+NuPEpKtmtEbvOkgrW2XOVNR3DKUSVlh
UmFu+KkJBBqsOGu3Xb/6ugF79vTEHlGCk5Tz8UOx1gYk3GntGNmPet7NRsQGYim7
rFWD2HW5m4GaBEHG8FrkJcHsW7Qe6OAAehr9L0xtmWdk7ovCK2a5PBRYDMT3kWV9
FV4IJttAM+8kkLkxWkF+BTpChoL5uRfHm9Rn+TI4Lx576QOT/cunmBoQgEWuyDXi
FzNjIarJ7EvjPCiuC6IQ5dLLWJJuWhhKr1gVkFjeaEL2iUJf5Dj4B+mTLCj4DQcT
0hev/f577Clmff0EJF0rpt3IkEcOWxFmcz2Vc5Eje/xhF2HK+sy0b0O9gl3Bicpm
Db6HQRBqWcHyegTp1ug7UcM5wrKWtCN2bASsMqo5MazW2PLDvPlYuogCjZ0fMqm6
SG+L6DqYMtFPi1q+zdeB38VEksX0xLrNRvXiy6f8+9INS62qLTry+ZbqEUhv2mH6
2Xvu7VWj5H026SBCpyowt3oSvaDaITfmgspwJnctyZt6hcJyCWVa+j2keTn1pkci
enmTavNBrIrWkIglnwBk4VTMVft5bemYJt6xkbzAtfc22dappjVhQCAboj43Onlf
f317iqugf5GmLtUGCyaYgJuc3++/Lc9pacvMcqVugtZePotuUn4Ohxe8/xPRyWgJ
3W3k2ESrtQ2MNYq+xBTvZv+/ENUfeNjIdzMSdiFNRrqAh5hti1VzxwP25MtP9rjS
XjQAouZfY7bBic37nBqsVNCHAy3dnUMmJPr2NaMQc3RAGuxYAX0Pby8MRjiUMSTV
6XWHoKjkJtIz0wci3BPzoLbdco+MUSK1QZya93VqhMt3CJOD6d8sB3PBZltZ2CnX
hFftZ6myDs/LFgqbJL9D67vSxvbitd4R4TyO5R+4kHEk1JwefV7dUB78HvEqa9ks
SfxBMms859jWwOPqRcUfJSVYVd7TzaC9J/D2BpAaRCKzG/3iX29WPj3/23EAkzM8
qfahcFni3KDjhXg+qAi8N9OjdjFpyQV249e7YtaH9408/5E+R+1U6/OWgUe7q0U6
uMX+OyBSNFuMOEmQ3SgnB/j4F/DSpU/u8q81e/Qk4Y6EYf9GQy4Czzfx1IAzXi4i
P+znCM8sQ5OOOxj77izakN47VwWJK3EQiKxHBjeBRc4cwh3oihOMNEsSDNPzTDms
VADw29Wi5lCRIpIbMaaiN7Po5lfOeGa0wMLTJi48oQmMlVO4cFU3Nca9+vmUTm0/
y7hDuGYKBQa0HvhyDSS1V2Mll6HEKx3GDzuTH2kVj1cczPwRLvVEr6wbWtD8CgRx
116VIyP0yes3Mad0JEUJCCQN8j4jAv25JcDXFVxhh34uOK7NzmmmKh15mGys5O3R
w943zJaE38JLGI/sJGohV5p4iPB4cpBvomE1UH5YOHfpGslsrkcaWrFxd2mW7Hib
EQIxXLg/A/7bmeZDcuqwnjoyQ0DuNN4ZD9ji2N1xfmD/vzipaJTrF1+eIoLt18bB
sqZ8vTRO/fiQ5BfX6wAbmOg7ENxLtS3WI3syTOUmB3jm5D5jn7g/wfGYelVZAfbu
kBZQOIErgZNaeXyGoOl3gLf0njw3bawk6gqQ56ZdlOP3vHsGlDrYNBWjAl29jB/r
rt/DkluhRPf8U2xqfqjqxaOr2mDTLJd2ooyY8wiTeui307n+PKl2FmrAFVfBbMa3
G5haCysikzXBYSW0SyW+6aSBq7pMCFM3lhFlo05PP9BaChn9gVA5zATkCftzcGhA
oTaqxPjsGOGk/Y9HjIboIxfoGjWqBEbzSNBi2m26Csc0i5fF0o9pEHN5ptVkaVWj
iUXuiqaz8FaS7cnPHaTb/3H2eoIeaCpKlWdZV9k6C+b4gxo/x8NyFx/IAoL1ZCuo
mOFOycV5HStT+jQxmr12HnA0AQaYR0Sc4fvUpGZUp3m2qZ/Wj0wfu+4wVG9yBLsh
83htcnpr9aICo+nNyhU/J3Vs0ZAO5LyFLWiZNJ/6GO9R7do6V1328VKCNyvgFvQE
HXdtVnwwwpq4wYyUAnD/EJYNo7vFwhSH5/CW0LWoAVakpbbQ1CRkAJR/vsiPUX0O
FL9C5WL+I/4WBcolxUiuCwXPWL8M4CacWBwhzkAjBtThmLLS/IWKXkpJonacEqem
3r6U/eIDFofcLTO9Z8SXiTOVZFzFscW/hmQUjRndY7daL3cf8fj+4Y0ou6x7RTZl
pDgtzOFV6A6TgbsjwvnZJNw80qSFV/mUlvaMOKf+TU3SBjgxAojFDvI/4MVx2Ht1
oB2HJupexzjXLGTXpLl06kDYOTS4uX2rxz3E1wHNsyWD7ruLKfGCmujDPNT/QOJq
kHMYPUUZ9KJrkupQHVZopM7DpRqypqbqa3yI8IzQfXMmqhiqMuAEa3SJcJMoO7kJ
ydi7Wih5/w7atM8cpKVzcc/dOtngRABhA0nDNKSmlkSUrDroFp9/mP48jt484mFa
rZYnQsm5k4nIMCifOondtoGPIyQUVsxtqe+sJ+/wXYLUOC8kbndEfoVwZyCWBNGd
ShQHdJtdw5uc4ufCgrpyurSihcoywiDVDlXFS0KL06ZyAs0z/iJy7f75bHBbQKPu
7a7LM1k41J2exofob2U/DdYfgLdm7hB0TQzuFdEx06Qwr+gZNAq+mmlkgu1s3bmk
JmXNXgGA4yvpYBPJYgN+YKNSzE6blXjgvmjrwGHkJNzP1sD8NujL3UGBtIHRK1HW
OtGIQwyHJ11wTBxyX3b1hJTclz6kqepZLMPToYykLGE4hX3oL8YZsdHMDyFuJ8S1
os/jkaIUIzFRfKbvrfKRaTDSzEY3erCw1Xzzdt/VBaupzjfi/txofUQp9NoyS9JK
f0deB0GSkqGMrA9UlhRrbXDE3W+3i/IdppRrnzGYvARF4vjnbEaxPbkAPUtbdQ6r
1JWottMYHZFKz252g0Pn4MV26BbC8cxrvR80i202mTOguJPfzq1CZHF9PQVvvkjJ
WYkhUg9xE9/KyX5dua+u238Ji4YYeODBW79xyBTreL1btpJL/0j0pZg++DVPjIam
61HDZR8NErRncqgDdfFsH7LhDkFYC88xn3WjlOCd8gYH27f91qSWDa5zjmNS13Uj
l0St45+/7sGhStp8V218+FNWLSwD5sKu/cSAjGZ0WfiZJyZMQ4wkJql6xpOJb7rX
SgXwUeZUPIE+K4hUQxHy/m9ljvykeIrWU4ZN5lV1MGMtJBF4MmnQxnGfi9Sm/kVz
diDZACtCluANwC9qqmXkFB2aJhEx8GIoT3GWVqABaoXlQCEs/nwyI7rCQnndQ7Vc
cczf87oZ3yoOOLypw6uPTafkHvm2U7X8bCThm43L0f9C7zVl304Us3sAZTPr3NKA
GDPxMwYRG7J71ZhMuP6g8wDxefOhjpDZl5ErSY1uxMcit4EyPhvtuumPiIM+kc2r
baMRe/ldRJTXdVINeGDmYE2L75tUHJEQnRxQRycMMi1ZSfVUSTOZDh8JFzjxIqVg
yjw9CG7j6g1YGx1ahcwwvqTsR7fmFENjJSONGZWihabv/zX/TRnv4RMMdD//rGCz
nHv2B9vPxho0I8QZQ6OJkhsD9979gLWupVukaEzc7jEgyPtIEzq6KxLRyUdJqzNq
StGNvkr3EY5aQ1r4+MWj1Pt9XQ6D4ibJqiGCeA/7ASMl43KecDRjYyVuVydCr2X9
FiiWgHvcni8Qb/CbT1gtd2+80PSKZphLep02sXpipYi936x9ExyFcaGnPF1mUCYr
348I0SqxEwwvb9SI+n6ZvSixyK2oAC/q0EyR/eKrxr7lX/3m29QUhrKz0hrKzSic
Tz/WKLFy/2w+lkM9vW8qFjgmc9cktP0U7QRvKUdO5O25feo6IFRt6VbyP4rM2ln8
wj0lCjZiK7Uu2iWMyLiW8P+f7Pizrdc8Y57Qu76xvg95+Z3A5JSEfXtWHyorjdvz
oXxYnhzMbiSMv4G+P7f0YHrwwfRCw6zS71Xp8FHPEYE2r6FJKTmkD0M5UYkv0aFY
OCGANZy3KepnDYSu7qIqKQGT3qyS8lkbQHRLAohNR7G12UoDITzQg9dEnHCfc0d3
k24HzD8LFGSKcxJGwgMUQN6v3ZbD+PQNbQeA4jNi72S/ivXe6GUiYuCHnzykM+xQ
9hfKqGRuWNORko7rbVaYreMaldlif1C0Ci2wfb+HsyeLDMgYRK+FK3KPuBeveOVI
rZfly5oLRYEeOUMS+I3QFaWfgS919FLAJfbUkiTUYGxeNmOWUXRfPWqGc49YwO0r
WLcEFbYX/9kDchXQXUXKgxittg898vxONVoWzzzRdebf5wDynFpv6CGWX3jxM4K8
DW00W63Sh2v37bP8JjJ1hSmOlbWV08wvRQ7yDoyFhPSdL26TQJ8KUatNX1295X0N
owC4TI/7tNkiqd1XqUPd7UuouTrgYk/n4vm4C7NWhaqpXkjFBE7l4iN5ImpyP+Cs
oQO9snPPbW3KCRC3HfD0fWJKWu4d+xYYKe70nplPe4DVIvd2WIHVqlFZ1F0LOua4
FjUpgcgUs/UWqVh2gpkU8qXkuUUZ+WSlEWje+FQVi7hp7fRlLHZvE06bZ7/elKOI
mCFGfKutxNgLu73EXEozDhqOOVnGqPKQUpLla296kLNz5mmpF6rk11bkKhZ8/axQ
BDrNeDT4llyiigvcMQz9FuDib2sZ5ggLJwE2shwzYLyh+qsNfUJySrLOELm4eOqQ
CoZbVkxeYk9hNtstjUL6VZS0kDNv54IhLzkcvdUVhvLqJc1NZ0FjygIqDeKmhI9d
I6o8/1V5bkdf9rVVPrc+eJ2csxtJsWNZAx6ZiCOYUI6bXjcQcHiAmivvXbjsKlE2
x0MhXBVpAZj6+qt8iSvLVni6OHuwnm+FFn4W42s7sSXu3NkL7stiHqW5TZXjx/cx
W7uAV7fRYDpyi/Whi6oO7p5Uq6lQNKBAUwkyRq4SCBv0g3pDqkCgzRubjf+Fuh9o
1OCgq3zDr5wxrv+XNowoQn7P3nSnQYnqppc9VhVaKBU=

B.3.14. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9620 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6114 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1848 bytes
   ├┬╴multipart/alternative 1136 bytes
   │├─╴text/plain 387 bytes
   │└─╴text/html 482 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0

MIIbvAYJKoZIhvcNAQcDoIIbrTCCG6kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADkVMpcJRfEa4tT386C5ia35Oz07sK9g9yn1
vdGRpk9pUDu1dIeio6wLIzCtwl4TtjfxJ3m9sEL0KDMSszkV0AANUZwxl576jpM7
qEl/7d2D+WXVGAI56Oe6ihINfrnPUJmk6BCj2Vk9918mX2FaDTtCQsVnrK/gDNu6
c8b8uJJbjeqbuDN8cyhATJA2+qSl/Fhoxieu2uiYU2CRjTfGELUOB5ReaksOxw9g
ICfc55w7fuiIpTo7egwLaPaA3m4yUGoQSfoe+FZm4tCpsyIufBR3YXRVmPFMS2Qf
k5G6ZQnLkxynZ3SEy+XjqO4q3HZS+3ylb3ikQlo+7umpZI/eQ3kwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAafaf6lhcWl9exMGYiSEijqEQ
wFqMkjInWObOGS4Tng36oAAiGiLJ3JBV4QEgcjr/FhJ6A1HeN/LFxBMhYBXiMrqm
d3HVnDtlWSNOcEoyECUeaAPQxVKbvXCPGgsts59nCtEZwE2Ct58RLkd43lBAEt03
TPqKfzo7u0wADP1KHfxSpzJwmpj6HP2pKNaVZNKN9w4ZTMHCwDRwR+3WXb+kwlp0
7ChjrmpLPuWRhRE1ljniRdx1tM8R6OlmbB/6rjtpRXbKZH6jTYBRmOnzHJg9wsMo
WfGn/uYtvIegq4e2v/H5peA14Fp79u8ndV7c7xyPsGDbVjNARvy5hfYQF/m72jCC
GI4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBxcSQvgHyVtT5BnVpnby6uAghhg
I79rjVcQLwsmWeOaVCPz8zezMot4x7NhxWfX0RKueazhiW880A8ASrDW+77sbq83
HMur9uth951A3ICkuqZfb/Pj4GTxR2TNYDqiv5R79Wc0yf4gG2Gb/Kq7CE97/6pE
/9U65LLuMDXIdL1Z73rlxjjtN7LVJ8HN8PuUgtT8gIEnw09IIp7aSh0T/xaV4F0L
Bahsnd4oRINgxXYE0gJB/vO0rDpL5UxLwCoS4odsalPUY4M/03+IqoIuaJv8nakO
qrzULjcy7XFNxQCvVP8UDntvjoTZ7+RB4sLmRNd5qIp9R56dXjUMY8zizE9qR0LI
B4f4fp5IcCxU78UO+JRu7IPJYbD+0Xctx2pEOYwdl79cK3AErM2wSOf9xuQt//s2
CquqezZyeFs/i+WVqCjuSBJU0pnRS1gZvz3B6ulBPK/qehAGFpR5LHbulfjWelny
0svqhMcozSvTBm7xf9sIlSF0Xdl3G7cdHXHsyYc8v4huclggFvcd/5vXO+QCetkh
H9vThqYQFd8tno4miPI1P7KvtypnLUeREpFt2pkuvy4pZl+Z2J6cZI3DaoKvjI/M
4Nhh5SiqtwrM4ZTweTwCojjvdr4iEWRLQ3KscA3X41AKm2XqoNNASzhLw45bj3t5
nJiAVobe4EiCefuqp0gq61Pz5WyePO2u/uG3mZKCsouebdQEl4xhRub/aHaq70nK
cXLnAV8knPXcA38r7h3lAGgCc2ZB1CQiXs6ewaNz8oJPr+P5dd6TALhtev9Z8pz5
YeNWY95AmMMNAvsFWAq4SGALAp2hH3w2yJTu6F04Caacxouy9bB9MAanJfxS+i1/
gkU4dn/3Em+wM0tEPznYckcrsFi+bQMyE6/DWiya1ykCTr7IlTQGep71wsDaX5Qb
mfnhBDo7vOzGkqvchMMAxgD6HKBPojdvnMCmFMVAv33jErGGGkLxV61QntInFt6P
K9aGiS9EbU0v2spQQJZ8gXJRBwAP7E0c40EoDkSVnx2XBZD9CatzPnbgf7lgWdFS
tCka7NXluuRUV/R1GWA2AArMHWpAECzTdVfkQ9nSNqkeyZbcPazgr7WUKXM6SNEb
KgchxJTCfQ6dJC/+dD9MCJH8FNN7j4lCgJ/Uaf8FeSHnvGnAhPogjqrENYjJM/gh
czK0XK2x3hzgq1f7If5CUqD41C0yzHAlfHolKZQprZHJXw9+QhjHzcJ+uKovp+3x
mu5iWxhHpwF54Eo0OD97Z81UDdSeypk8OwazoIKgFXm99jeBgv9TDhXQYwUIfAF5
Qnpp/CR1d6mfyv6wAAw//K+/fwz0PwK4RuXSg0upbodg9dM9O+dFOAidpd5Ruu/t
pGnP94ytVLIouSKq8rM/ZP0Gl51fLB56Ps7JjadBOFPz6nepHkMDwEZu5U8tqOq/
akx6ZakjqkTIVkhHC/HSypAC9d13AYm8XV/uAjOCpGiAZpLh9/lNqpVSadeQ/Zjl
8ZDJg6usgfxm9DPTvpxQ8+KuQMNY8vWJRrn6HCnoTh6eE44Om0ot94prlFOLLUuT
BANmXOYxSHPJ7IAduMUUVh6h2JMIhiVkfP+mZj/4Sy9iBc/8DS0SgpVlc1etv7F3
fGkzsDrMrdMT3YwxpF5dX9k8rIabWYOl03YVHdfPUNK6r9sd1asvGqXVenMBANuv
ZhHPs8NtYgdbRfOAfrtaEsE6SNubEUI1ndJiDZE6hOdfIbOQ92++95XmEneODZOl
6kXy1HeheBzeOCe1w6TXxhkTaSBPcr9GRBeXoTThiLev4jZG4LDjRU39hZiGKJQB
5hJBnL5DBfEy8uR9xNcHHZpcBSnWg7FWfSNOlywaCFmOKXrJp4oZjvVn3hdzWRP+
H50Wi7BNh83CSxqGEGuw3gnSrZtzcpnt3/pbNJOvBfIl4RE39eVZuDT3d3n/1Qho
ae2X6PhEG0MMgSObXZzL7cYsQ0itfsLJUDLaoJXT7tTHhhyaxNUY6Aqk8R0d6FC+
07T6EL5cZQ5pg9ERt24WLufIQrUGah/nE6+ebdjlGmc2DF+NM/+VGcLJ+3CSzu0e
fCxi3lBhvGr6/62CFjPk5XMR3xRrnVlxgj/7A42/tFpOFiOQ7OI2Kp7xl4y1cdoP
LmLP/6PgY498fadbyWqDEWnICOM60W5B+T12/p9d0U0MZOafSmSKLO+5TSzjT7Jc
xptzejYn0T0t1/dwsYCsmvu8NRCsEAU7B02ZrTbzau98CrSOEQP51LJ0ploRv14w
qXA5Qwm9prF9NS0u5pVN03iEqFGBYv2t/z1hWC8H2gJaV/0hqY6RcIsGWS9C6LHE
qhX2OmpHao31ElBit6XdWq7iDtpjwtQPJv6USeFbCxuqk9xSGe6cBHeS1MQh3xBH
0z75ey41DSTO+B4IwWjzHQM+JS9/edI2wq/yezQGpF0U+mULZk9OOWTUXpacnx66
DbOyeglPiA8tYZPR47nHoNFEW4nGeF6gjHpWjse/a0c6Jx1ALd60QN6cpKrJfb+8
y/Lkn1V4xgFHcsG1C3GNyMDTvA7A3CDCdCALCdXD5vlOFHwLJIemygKspPIBZIP7
v2mXqheE4arG06MTu5sCAPYB8L220WjdpGy9Q5c9lay52DvH65JnnfsrtopkKSfU
RuVo2eNrGKKSseL3wFUS/xjmSvYJDWDVScT/KNtRWi8FDuLw+lCq/eOC/CaQ95a/
X6rKyGuE1mUYLe1fiFJ86zZKhQ19+LOMjituykizW68szy+5axC62aBP/Q6Dv+Vm
2NlOVssZubRNnFvzq+Sx2Mr2GdnLC3wb/zFnYe3Ctm4WSJ72khpBfH66s6gzPZC9
RXJdghEHdV8HiQ1YR1YrLlQfwON28p7PpMcOIJ7cemv1V93L1/ysxppMA3CZIm4Q
ROUIAG7s5pl/j1G3D6wHmkibNs3uUS4S5TuZT52assAMpQPJMl2tF+ubwEtRqhiA
6s2u4jNOqEWyzCDNitKGzjtw8ifBVm0PDHRGtI9WFemCWtlppNto4RlKf8NjOfPf
lupXyISaAFEGggwbxx/o2WraNc9pOq7COjZZFAGw2DPA6eyC3yKcLT3GuiNGuDlp
DrzlrEfo2thkAyqsyG5lMNkzooihi7InouvIgUCmshAEr1qrjwGeBrcsdVNKur0E
kEQFLtI3PycbnBxC4q6V3VjyNHL5oscmbqxoFVaMIbK3ApXNzuWwl6hsMI1tHeTu
zWAMuMnGlKbgL09iHUaTvUhzMaaKlR/dZWG1J420tB3L9aEud6lU4IhdEz1EjC1d
7VEti422OQzeYU16Tg5WiHU/MxmsqOQsB09A0kHbZ99nGeGsUNU5k9xfF2oVlfsD
kKnNrdNq6xD+Bp3iFxjLxMsr6HzXNaAQTRjTB8EaqCAp4BgkT9j9xMsUIY185eFu
SI7Jgze8WAGAHQ9WSY2QxVbjO5I0Slz8ZNy2Fv7JeDkCsePALuKCdDXNlPHRoxsa
bcpXn1oiJAb+PM0V4AGYoR3jy9+NznK1KeHYGi8lFA4I8uI7ukS9VBm89BHNGYI0
ajV82mXIessCtaSClGjy5vWNIFrYyHKWNdxd/vQgwV09EAfbhD5Q3X1SiwvCvdvl
hQRWAF9E3GMXAg7q93r23Q/cIQpkaDHzOK+p637fnaEawuSDU5pTANgz5NdNSAPe
Df8unnMf1L7cwlO0ED9WO5JHa1TZBMZejB0G2+074YE2HzZm5omS6fomxsQ5Ldoe
jaCAMDTFXy9SaM1H/0R45750cyD+2xrJAWtgzam7JUiSeeWdpXdnTgkt7nrrpE9T
eHHbf3v79yWBnq6ov2N2bUii8uoyZmGrnT8pRC6/0814qwZWm3GxsB4WBv/0EmTr
20ARsnc9A/ve9EO4TcsMLzBBPV8P8PouFoqK6O01+QATE8cBY3GekqAXAir7r1Nv
Vlnz8UKFQt+KoDyZakAyxk6/haJajS9vKnRfJFNs12w9Yp1lbQsQXwaLwu6y2EQP
V1ph2IN6BH1+v52YtLQ6ntEIcX7wBEwlcJCcQAMILW9OSuwIrIYXSkDaQ3Sw+YDz
oNRiHneHKaW7HevSOZY+Kk/A6XozbAXxeuJv/LeCWALBXbz7r1kd9p/0t7M69bJR
ysTKvNcnBEbHgMK7eggzqd8saboT++vWnO0Ye5VV2Jcg2FOm4x1rgscniJZnxUUR
92619lqtfVNV/rjcDymU5mKGT1+lAU+LqS5/oT8adjEbAYyN1v92qSJPLQXeOBmJ
McheNylR6WsAXo8oF8VJ8l8fwM3NptO439pKY9dXfVo0jH2FQXfCTyvlYZL4OhEF
Y8Do9OPbiBaKtUllqH2hEUrogERXS7DLUloS0yA6jD78eDD8fGs0KYomHiaLws7L
m6laUjiU3RglTQ44hZFhqlfM1zUgCXc94u0wXuRdpik2abxTmCqcWnzPZJFGK6Vk
oF1vZLfve2b9fdG4EB7uuQ+Q9IVJrTui1bH5d9klS0A4fQ94Qo5Rcy2k9+xKU+Tn
s7KUduEGalVl0BtzfCMpd1XbHLat2lnAlsspZwYY0UCfc5f6HNclyA0C+8fCCbnD
f+tRvZ0KxpgGr2t6z6b+3dZNZUNNBQiEW9UIP+TOQEgdzR1YL9gg3BowpQlV+Koy
dGFRKXcKDlyBPevC6jkf+GjE+ocDBtq12gCNlQlfE5mXQMtFi4uce0KThx98kx/L
ZJEWOZvOoWSk7J+BhiWtbGt9yzeZJ6s29i+f8mtzyycmc85wJuzoPIv9dXmIyyXO
NnnCNc2J3G6PydP/xNP4z5gcdVYwi96JC42Cc0uwRdZl8D5ONOLpZdLuEV4Y9vZu
86jLXnWdF5pIf2JqB8rDjrUtu61jptnqFWmcXOQonYmcjzyb+UUfo/cgAalZvK7W
4KzJ+NOdwZVLnYqlWA6XkQFmxKjVIm5TTYE905ylznpKfz6oeXRltKsxrzCJns3r
WysdeDewoUczT3UbZ5X0S7AKtUI3By8+CHHzKWlU0ZWGk9+wZeJT4cJIDaRM6eUO
v2YHnDxXyR8o5VhGlE/UxR9oC4iPrZYleAG7amMapIIKmb26ZOJYcyKuwjNg1Wlt
mTzz0VI3tjsHXgPWHEMiZyI59esnDD1XucN86YfpT6W4PMHz3+LzTutcxMpx2Yhd
OfMmDFITE7bkJ+6oQrLOa+BjScN6jRUQsxUegyrj0OYW2ze1o+gXAceznJzUX2hv
V8C228zzHZUSNv6h+dRXdaztAu2QTtqPHFQawCqB3UX1u67Ulnlvxb7/JVshl2aS
hkioncKVxXhHKSps9i9uZOGgzRwmCo3ih8WDkSDUeD8e4m8Sj9aCYvPEyNld442n
HldVFGAnskP/hBeRYG56JJTN/W4Bzsy8b2K92ylQdZm1NVzwCBSp2r2k5eYGdPmO
cOlwT5xUKkubKqQmpdAzBCeAJBhOUY9QuCtyP1CjZ6WVaFG/QVvaXbByiI/2OvIP
Z5T0+lt8QB2kE05KXSYnWkxcyaelYHTkSdsTICUnmDgT6IyjGFuDfSguDtN0p6H9
1yCPKLElSNcL3z63fDngAivYZE0LyicVlnAGuKMzV5THg72IXU7V4N0WOff+dNDY
3jHsYCNYwYXW700r8golnfgZgBzzoEeUWGMhFHyubXoaJOBcZhRG3CPggPnUY8ij
20UXJYo2X2r7+pRRx6H7V1taYZA9os6VKoyM0i2V1cIYsOu1neXd3H+ejP1dzJYr
1blx2Cd2Fw4NmCUimekWxSFyhu5GPHcvqU00kA25Djktmsq9MKxZdtZ8WvNYnC4U
sh5m8JjYPQqvELzvt+E1szengbK5sQUam7Iln1zT7/3cYTB8sAJkuLcAy9u/Y9+M
y3xqq0VhH+4/joj2w4Vm1YB8FT8Hm9Mq62hYz4XHhQOS/D5r6dvnDUqSZOVxMNV+
pHPQhUrUFQ4fAFWzN9I06Pen2IfWDJKI9+ftVP/CwQxXFvG3lzJdua1Kbo2IvujN
Nn05Gc01PHgQFIMBy5pVTUwq1y1r+RTBRnv22/paj3ih1r7iBpSKAqtlBEssB9HL
E3Nwkd2P/zM8vccDdoxjsL6Ss/sjwe5yU21CncXDcvRd/hpN6OTXSWsw6VnlN5fh
wE7NVmwQ+FQ2Hw0ro33zRiYsY/ZgIaslOedR/ybDho0BOcx5l7OIyEdowQpFaJKs
W3NYVvaMtJZI7AANOHg7gxKx/TstLCkyzFsa4l0qnjjzLTVu5wyWQywERtjv5U/m
1CCXzV/q3pBARgEnMhmwdRb4Xfp6Ik/LFzRddG/t5z8iMKgrVKa8EJeiOqo6iGiy
b6NJAvzaOb7SprYv0m0fow3nsWSCA3m0Vr4mEyCkQVeKZq/CEmWKD+XKV702YxiC
W1vyaQITXt+s8Pi3GqoPTfTg3TE4KoGUQymE1cgBZqEJslMFXWzldvspyS4hpO0r
LOwq/o4RkYhXHMfib1sAC39Dxxct0KHEJ6cFxaWf7ABIVwMk1EuKtm/QIlGh351q
N064Qn4kwMhr5/glYjIFKIJLU1MMKWg/bkqLx0L2eIUpD+UFzSC2EjvpimPTAhNx
RsZk4aWNscJI1lBgaeJpZ15ZojjBQ146+QGcri2isW6BkiJ/d0L4MbQT3q5Ejedx
I8+xt3C6U4OIcf6gQD0Zr3AgOQGTIa42iuYhAK6I3ieJan051yv3PjfX9nxxdsos
EUvn8b8jG5liQpwbJEbh1UhbXFppv8BXDC3Dphm9NIR/v4456Q7KwZ/IDD/zUI74
K6JUXolN4YuzDrXMZnMR6oHywLqvHmvXQd3F1KRpr8A9ofuQdO5J1+YLhNtrzquj
1wuU3soH+zNeM1dLjOpGust8sdezM+6maqI/ILZ+5GA43RGU61td7yyGpfbG49Ml
SGBPSyMn6MhKyngbNMJp759xxTl9HeJ/pFg1BAvvQoCDJMEbl7V10LZIgD0Db/7I
qUF/hkPg2siW/VctB0mgFZWLLOeh0s2zmzuZAFeTUmtvtulaO/R8YcujUEyw7nR/
8SmT4nxvd1j2n4dLW48ukpkahCkULWVR248qmZr+1DWYPuz4P7OJsOSk2dois0sr
ZH/EgSGHRtyHbv7NxchaEWITkKuH+koQMYCE8g7WoW/kcsrqRuuV50PYqKllmtZ8
5n7duXNnnO8hLhahIcA9rXYchQ1P1dIZCx3oI3VvRh94CQeyTjFzzlBCZOyESzWt
/ajcNHM7gRo2oYUyGymikspuvvKozoAiRPS4rTK88un3ojvlI8+JLZyiNHaNuOGz
uP5h/BuuwOcKY3eLCgtTsapMqAMvybQB4hZqxywoEwKvZUwCA/HJkoxuwSeuM2uH
PmmxufmqWHndNg3BSCpN0xjc1f5/ZGQZGREjYTKwY5QsyeHItmHr3rCGM+Qbdm3H
4YoGwPh6sa/TVIkX1a4zlElVzDVlqN3+ecy34zJeZLfgn4f6cYJ1Qz8ga+WfTt67
QIq84sNMaKCaCnUldP2xVFDLwxzqMhHXrYEOrLGt3tGFRbxGJH7ecz02vHp8CWdq
VhPyB05RPFgch57GAsu1IVNwhKUYlgvFb/9aECYgONcxqNcvOCKGSVgyRDWGV0Sh
wPyluTaz+0QxSQGaYvU3THYzzQ852q09DbDhH8xR7QsDTpTbRr2Rk5CSNHw/gNsh
OqgdYL44V+ryJA52q/zBESoP1oyZX3Yy9c8PbI0n49sm8Y0KWbHoBhsywREdtTsH
0hKK5j1XjgaZY/pTen2D34xSh8guGQIseDi4DMAkRMAhMCQCD8sbZKk3ZBujCB8J
JQioHhcIk7wHbcBrtL/P+MZkp3StzSncn/zr+2gd9H+Gs1dS/gun5ZpspGcCk3xT
tG7VqZxKyehEXeElCXgbNtwGKnsKOAgZ84MMNukFt3EIs1x9JR8358lB6tpYeY/j
7zYSdwnUlxvtt/ETW682XYqVRBHS86vKunHAnlEZvleRLd8Nd9WM+5LmRM1o77N9
x8n/1qvmJpzVu8g9sQzy/31rWtN+f35p6ISDRs+KHOX9EYvpqrh/dwVacsd/XBIJ
T/La84y5fr9p6pNODlgBr0s9c3Vkw6isbZXNdYrSwYOAcRmzXJ/51Mxt4P8r4RQC
HVaPR/tewyb8GF46BQ/gllVnc8eQK6GH2yw3FZba4hKJ6HdGEytfvMUSdoSF2Do9
XUYR9Fq5BEThAGYx1RFfVR9K+BdqLJpD3Fx1UzZ3fFrmyjE5+vxe86HOo4x6j3WI
A4ljep6yAgRzIFJ7f//L2+5/7drzD8jhjnwH2CKQZiSoSqTMAVqNA81BSdR1o8X8
Vf0P11sV1zr7VwyLFJ4K/QB1nLAOnj2wcgGASli00ns7w5IJJV4HbZx/cyDwyekA

B.3.15. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10205 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6548 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2157 bytes
   ├┬╴multipart/alternative 1431 bytes
   │├─╴text/plain 485 bytes
   │└─╴text/html 637 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0

MIIdbAYJKoZIhvcNAQcDoIIdXTCCHVkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAF3P8K//f2QuFu3CB1QYWA1UVOKdVUefYICd
TG2PVFlsq76rPSChX/WA765rYh7rlp7cpKSvcuGYkLHxA28CXiR8i77ZCcoxFVVR
vOqPGTZZ9eoNvpYa0qOai6KVhkRbGTwyXC6mi18N+Sy6tLCtR96jSLi8k4EDtKJs
v4cCrA4QRDEpNFyzftj48yfjhKCBZSjnlPSeq6p5RWl32SFKGe81k72ez4VV/pzK
idOG9ltviQ1ffeRFlI71VpEQov3fKCkkxCo/h1DilcFAo88o7TMc6U8DwiaMr8x4
rQXB5S8uBJBLNuhrdFiNIftRM2OJp3ij5DM3YRBoUvnDaKfiEMQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAGuRE7UAzm9ElVleX0vu8IXiY
vh/9cLBb2MVdmWGKIwHthSLxiZA5X64VxdGjFMlZzPanUhhexMLTZaP3ADx57dat
SnmSfpT9XXbpkokCPBL+NBpA8e9vtWAOS7yIgfpwdJyBbfcYi0CHGqs1q/ctRsVF
UyksjPX0dvJjqSM7Tnqd7F3FIToSdoe1ZtprDHh/opM/acJl++qovSgJyL8AZak7
mSU28HbTnBZD5iXxCppi0LH2wK6KfwPqSV3AG8wTpdlqF8vlIvjF2Sur9Jx+hwKZ
1kNPDKOH8G+PgnIA8O0gH2VDW4Husj64hxShEWzAXUFqNqHPwxFbf0h5Lu0S3DCC
Gj4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEI0ER8I07SembW0J+kNg4yqAghoQ
QCNckOUPTLID4uHVLA4bv4N9/bwWoKN68FQvcoXFHbicA+KkrxCMHO+nIrFVSNnC
FtVXb5N90rVy82ACdT1MWQzC/npd1fKQB41F8f5owkRSGl01CZvxE/LqDhFNfLrV
xHdPWi6djHNRKK96S8HDwhR0FtCrCt6kSP62AO/U4x/FUAcQxxc/ad0OwHACucFe
IDeoHb8ne3fF3cyuh4Q1K5MdW9g9xp4Qw4nA6WUYYFY9V78X8jYvxwC15XRKiWaH
rdeQCMdY78V56IvSXto85uCJDMgsvTs+xRyyQZpzm9dt6LWRMm4XNmkt8deoXn8g
K8G5QenEWFqj3uPVN7MSVYwA8WCx/qgCDtjeNZkM70EGhX6SXm8JRhmj3QHS0wth
rc6Tpc6mGZ8ZWBGXOVlGpL4JPB7jgewWM1qEnZOjofwyOLAQxhnqpPOEmTvfNSrm
/yeDFBz9qPX4Q/Z9OUnPYybiVYoly8Flam5bJqnejR9XFUjv95E0rFkwzMv+ceLy
WaicDNCPbXI71Kqj2KdT1NefcSSRLmtEYqn14aKeI0MWA0HHfCkmf8SMkLGY2Cq1
DdH4sf02yoiXpCa3iE1BaoPavMrkVzudyrzRXqIRIDci8ND4knhVdayLUfvyZ2yB
aNomiQ9AMtya2CCGh3GJfTwz2U1IzEaZ0n7ZczW+2pWBCMatvgQfbtCDEhmXlQGN
V2UGz26tMwf775yNhAoldYesgZZp+tnGlmlMnwGgbWIxyqM+FPO+Bmj7/g8/vKC+
zvuyYW9rwbU+VIMDQ+X6w1o6bzOYv/znSdKKl5UI8nSmfkbechyN1BN9o+kX3uJR
Mw6gCShn+ouiA7PK7iy7PCaEAAPS8cRsT8XbYZoo83KcHZM2zaYZ5gGOPOnu1cOX
GSmg27A1zRDjJcP0aEJ/StIwomT864lGe39dprTUlIj6L0pWWEa3x8M75HWMmA92
phMd2f7X+eht71Ix+ne/tc+0BGdKcWRRWJDMIrfpX9WeJZaZZmJhNzT+geR176CQ
OPmmtsFaNt0toVbWDTquzcHJqRNFwRmwL9jOxz1USPPtKAXIvtqgYXdFshLDpx5O
V3ETsmomoE1r0McwwHHB1rc3sVvNoP5cqjNdmtYu/2iX8lc7BjFPfUQmwfMdhKb1
mYMEyzrWT+ABCCSzf9iNjkx59oKSuVDi3oFHOFgu5F723QCw94nHfWjlfhsx05tR
zaZpfuBwc+a2z1Pd9FCsu6KTLwdiUVR0AeFsgMl14+1AVVIeAsZt8p2el/f++W+7
T+OxYTpeN3/2sUr6tzJANWw+1dAmMmiPqlE+2XiSJ1HFqIyeHUSKJVRhjxkbZIxo
e9tW6wU0pb5abx1A1E7rYiL4HlN9DoJStLEgRADxYBCf76QQAlOjR9JLmOFI4w1t
alUkC3MRpJeFfHl2jdFeeHoABM6NaLhOzS7+MtokP+zQsFcLea5FmCmsSNdJVu8v
esS4A1p2szK6fuwXOhsPRdOAuia1U0mc5zRolxW+VD7vB0JN+VxR7puh2b8/5qEd
XJgEedzO8cDKRer7hSoLxDUsdJq7Ruidwvtsz8lpXeVF8ferw+weDNrM1diDSv3J
kk7XOqvLwz5Ud5W5D1ffo2cl68LbejB6ZgUzV7QqCKIzEHfgOz7AmZ4rkw3L2qaN
7EmE6JC+JGsqQsAB+QQgmwmM/atuaDcUXnzKrRWHmNL1XJe8Cdpd3tmquKqp066C
qEriBqD1qKbtSZmYA80YRrjfFRKk5hXuPimek9XJaXn3tOa6WwDniXvS+nE4+qyf
by1qy3ALwm2NVMFkVAU7qFTLgK53sppEEmDMyR6bMoDX7zk9vR1Gipb4JrOtkuAT
yZdVIgkW67kLHQtdyLSaGujNjA07tAMw8UTMzNWlxlT7KYHDrqoMMm6hvXKPhh1g
PaHGTRFxDebmW7hQ7nmcLHs9ca4cjBgAfeNCZrNhm2BZ1D46gO6lNf56npjATYEL
saJmeJBAXtrvgqC78CfngLG5SEAcZnKuUYHnpOB0mCUdqL4KHB15LmUg6jBRIUuQ
4aZQHx5gJDCwhvcQCI9uAxtnhwxcwJ/KUwGntfBeyh71UAbLpNqjF9oJ2UQfAEol
j/qr9QQ56NJT4Re9obu9XWzR/l20chZp1Yy8W0cP1MZRQU1zq/Fp7eDuYv6qy6jo
1yZfWLLe/8u+zaL61XbgksEvDrR21Belq1vhJApw/LC7Ju5Qucsc5HTEtND+k5TW
XUlQ4QI9Vf3/jRsoCuW2jpqgA1krLDAtxzHV4MkyDm9hqWHeFSSqLGguud0MxFel
j6q/ubZsIxt8Ce3NuAQcQMZdkUM+0e/4KEHFJPPUnfh6JbdX5wWJieOPRWt+lceR
CaIpvQKaCPKPiGMWEyI5xHcHJDJJDy3WVmSCTtm+gka/CpwZcI8+szy9JRuUnjyg
LviXjnEQm/4l3QFgW5eV3oa7aUjjSEuh5+DvYWfB86ECneJhQCXG7c4ke+aIE4ub
dx9dyOez2MjaY0eJmjy+xfNHYSfQfmDlMdarcPJv5oBdM2NFiDPAVBgRQte8tSmz
rmjWb06jRzhn7LEMGjRZ7UGjgsIL+/+MO8KckFs32yjzEfz0QUXyhaxn0BVT/4QU
lfQs3C3Perbudo5GXbhXIDIwkIoWLwbUyZee3O/Q0oNBpYsax7AAk/IuKNbdt5kz
LssTIxrLDnpFirt5pPDBFbaQTJrslrPLTiIZIMwwJIOryGbP+P0N9g9XoQal0qPh
Ub/O2CsSfragMboYltbhGMmSvPgnlC71dVztlpMJ9LZdoHHgdtH64WqBO30dSljg
rb0kUNNAz0Sj72N2w5PM7RQ2wzbwNirC0eBrul2CmT4cPTGzQdeA3ygoAWvHYJ0U
MYERTPUBHccQjOqicPZIPz2FEtw5+40jxzuJgyJOqRnt/teJH/MFCkDLIDC2iOGa
JTljsSqTQMOjJBNb+3vAF607LVoRAFapgMjjbJNHRvfNzMk2+PAbQQemEe8zOVQM
Ab3iyFIdJxQl1UiDrfh5/4myWu01BaFPZLCyJET64QX0lXfSUaeYisf7ebvvcCbp
4ChqhxZcomqfs6gKhZNevlv//8YDEwWvHwRaV7vxuGFhZycUsnXUS3JazFw1hUgb
3H3lKL3QGyWPkK3ogmMD2HfKLvFblPdNBMu++jeAef5n0Gvau0oWOHn9vhhZ++mq
ZGbkhfD5HyxOzglF8/MrEQmFrs/ISemFKtSN07qeifzpxqAu5blrV3rdx+4aDK2J
JaKBX/GSu2y6XkrZ8vHZ2leXDaBZzQ1K2cjZuzqWwNJhAg9n+xpOIR1GkLpgm+XJ
hbHWef7y+g93cpVAEmMY9dmffRWFMDZdfNUgCuaV20JhWnqdRB4fPlbPobneyqLA
zFt8R9DjsY0Xy1KXnY07X6yDnjurVLTd7h8dYMv7XM4JGHMRqOwMJvz9ou0KfE+m
VbDkzN49wyy6lbuhVFhBsibXtKwladl9hapfGbDKm5/XG5FctRbfzTPIZ7vfbrxP
JOKjfeTuvcX9igkNJdp0UbJWxdTCUw1or53jlGHZN6rQbjF7GlFkXiXGVgI3T9VC
P48zTCqoHKmWkStKjtqFqO5vVFjOxmxLaLoDlwFtme3apTbbs0jedNav1tXjQNgw
Xms+N9DnpcMsXaYLVB1J/8aVIFmAemuXcShVeu8cBynkRj9oM4q8Cf3nK498K7B/
WKv8qfCmzUUN0LVQWE3n9XV52lMhYDRpUox0D3RCC9WedWXT5IQgJliBR9B17taK
pSRyEq+XzVqgIn8KkTSXinxMbXWyRCncYB8mUdHaEiULkw3QaxyQvODJyF+V4CWE
v+T0EeqkT4QkVzH3AKdURw97F6FodhmJht6qT/F/WnoIvPSTq7OJQ/uzEs0aL0UP
L4oy5jHYpYgKnQZp3fI7DQSbCf+Nw1Z2+Cn8mXf2iA5Ps31CVPObfPLQ1LG1Zc7o
6BkGub3bqmNp18/sgGHB/pEQT2gjT1TllJGGH5CoGE6+x6xqHssugo1pH4+NreWd
O8EBjGAOEDy4vjGAcZAiIYgIJBzIeffDw61+R4Kl4Ljfehkmx6ANtXabGYI6NBs9
zOCIKNe611oHKZT5FuQiBCivdDyD6bLeoKtzHcfkBuTI2ZL9FtzolODBzv6FjMP3
VlNJRtZ4UnsT/nvJaeqZVofqAvVBL2CRIWo3IjfKskRothbvUNlZmLQ+RtWeA35G
xjX54VlBAZxZcudbJ2kDUsAieSIrPWAPeywbvbWDvAme00PJXFUsTZ/S/aQXmg20
EBpACCUrGwYiybW3Q75cuTTwU0HTG9mQJsX+zDmNAafP120lzB+kvv+G9ieDWrie
PGux3Fg6G5X4VXtUrEn6Hee4cDLBVbuVNX8vWO3cjvauzQZHq57wD7ixxcFyXk4f
pPevmSEX+3aQDhEabRe5lNBzhH9DdzxG+Cfcyj1/02xDgVZIlqventjBkkA6Qfp1
Rxz4FHzqNMlbWM/P+CKHf5e/tojrhoIPsne4rVGFWPYMXigF9M29Pllut0KK4qDV
RuJJB9ruG3Rs6sqN4x/m8WJxvGjsObwvvrbQh9yusV00pV6d7BswCBv50wnwrHWB
Ka8s+Bo9Ax8uTsPKBM1Cxu5BMKjWtC+3yRxU0zSjFu0vpae4FvqHqHqAwKJTqkmY
KBXnDbB72DTTLivTYYqgTrsx38AOpi2MwZJGdn4AEiaufo577rehC10lcCWUEmHN
X/12qsTLo2Ym9oQySoSW313ZKFZdFrIbmPd4QcL2ecedk+ZjsEGyJ0yNJv5NDPI7
yASEOLCqzTmiei33MpN2B2N2V1bhx7+B0Dfi2gdguoGACqwqnIFRBrUK1cKPPAE5
zfIDDXp66XmUMvCwKEbCJPzND+6x8ypvKqyqbu5scS9xP6daSNY1QoDKSgLKIgm+
l424sl93XfOfotYJtZbpZANRfu/aUjV04Ptej3NosmScgp+mEoZbMC8HlUKUJE1Z
g3LNZPYisTWNhHPtqjldPPr+4p1eX0+YBaAjfizeh3aLcOr8lgzKsfrxGVYs/oj8
JrY2oN3C6sHrdKJnL57AFzE0vF56/A45znvbfqSUQPI9ylahE706ABHpHqk5/zxF
2brwm2BWDD06T205PghrDKwGwVqmfI3ckcd4UNMT8Gqwd/sw3Uf4W3nPFLK7yD/Y
j8uT3TrjI5yY2KvIj6m23hTCa35r7PEB7WcTOgsmFjTvWPOysOK0d5az3wbsV8DU
xbKzsGPSOCWy+ykdW8eN5LtE6GBFitU1rbw2DIYQk5dKtdUoohaM/x6BmXIGvmp+
pTTLLVJHEYwuZTEEgzDBYPB4WVx2ziXGrfQiuBq71tBp587VNDpMkqpyoBUSCugj
Cfe58nW5DBGA8Q5sjAKHtcGIO5AkHC8LDQDdvWDTMqw5+d6WbAsTRESsL8XRHxIO
pDDcs0006LNcRIJo9zdEsADDZomRxsb4xRcSETKevgAhtPPD0s8qEl2I+V9o9dcu
oFDBeALHR4KWaZ9xQDbhTw3w8QSwZbzbYOrPB22eudzmLxrOCCim9mYM4vp9Gan0
/bvTWcHJt8AkyqR5y08VjOjHH9UGJIaCG++2/H8ij+ya5UVY8+Gfewt6TLIk+3Hy
y8HSNIBn+4G9DydfmUSd/j8x+L81YkRQlZ5S3/peWTOhJOXV8StXSXcQb7umRy87
45hrrDffcSZ6QeMHnVRv6ifh8ImIC5hCxMG9dfz4sMZR5tJRv+LDcL45OLZ5H+p4
TNxGHpDpkdDzrTMHb2r9oYMPjHvZygHlfWcpAtkDDy0fUCxvJZAKoVhKyW4IM3fp
FrlxJ/614a4M46CIgDMH12FoZj/wUw2VKDf3okpusY7y/R93akMEm1BIDCXgGmUg
dy2OQI2FGjeongJUo8Cn8XGfMD4eWShqBUDc0zEiZT40Nx8Ao+qbwfGgwegBpx1u
xSWIM4eQ+YimqLpmMqN1qwk9cME3pKAHZnVBUwJ+8YxJZVz/R1CUmcjbJ6WKDk3e
vbl2FQbV3Kas5vierHSTaNdFaRxZCwfCkFfhjShAHdbHYd3ftwdw4TG0Vo1j4bCJ
DyVn4v+/aZ0O6cgRwsmIvbjHQzYKItzegcn/6mNGuz5i8doi//cwhm6ylr8oxebT
d4CPHfNwL+rbtjV7nh3Px+8PZEcYOXOs+uvpdtGMSiao065lTFb5F5QBbtH6xODg
HvjZ60bVzK3C9ZTIkuE/JNQRQjHhhMikeXuv2k/QPysAo8TQvox5Pcg1DXSMn2Lh
MVj973B3mm/TXbBbagKFeQjcq/4nKiy3lDzGwR3rkVMEJzXcS7rgYkopzccH8XuW
l7dSymO24h2J/7mFotR3SlhGn5jrDWLT9oCyh9caExf58KBKm4lmsmSyTKj70U0d
5gQRSWxDezz7AvWNJo9OZWjaEpBQdcjte3KZXlZxxv9scEsI4jDCQY3D++77vGon
8BcwQbQlLyzJnA7kSBW+QSo5DwceOU1DQqSa9/Kp0HANjy3mZxMp1Bg/+0uA+8nS
UCxC7DqQVVa6xFECxaQwVA/fD/Y4NJhmFxvh1iBYC7iA34K4WOE8P++6fglm7gS6
XyYLVL+ExjjgJLn4xRC3556CGSr46XWyYLTEsqZVWan6ThcxTdYeybeUXW4JOUJx
AlDIL3mM5447P5A6gmz9/VUuRkqPRQsdeOAd7YQfWAe89carf7gQTqdsG7CjD+x8
0ivGprQjfXi5cwfC+NOCowZsFC/qdlr4NciDjsgwZNpP7QW9trhol8evo6jsUiv+
+4kC2qdQ/Fm37xMcwtqTE5PEnsNX1302Qbhp6Pkbx7mrXsib4gTqz6Wyid5h07LW
Afwkvju/p1sUV8gIWmRS1UnrmA9PepLt75pO6+u+7LDcYuHAOun/TC3N+AvC0ORE
CtRIiyMFPDw5v5sSeRidVpoRX2AV5/2ZncYnXizGk8FIv8C8dj/Mtd/GnFFIot7x
9zvd3fX7PGdeIzpTPDSl81a1QbuvxUNiY/d+oaO80/HkbzkoA8VaTLlHRxLJveMH
Snfa9GQFzHP1eOBuwPGNrTNHMLiREC4EQuHunyHyaZ7ut1eRwCXqDMYd5i9/Vclu
K8yuMt1kCyfG110zuCfSFQ2COl1eN8K8DKIiVAzIVvQuG3yaVTSwtNX90mP2qRkn
b6O8M+Xz3bOsrajjxa5ZN4eKROuu+1KA2JeC0OBu4r9wHIS6OtoBgyWzkhkHqjkC
2n6c+4YPcMMi2XgFKF6T99hEzRr3rWKTKsAJh/5dSVSQ19dH3Hwcy7C3WygiuupI
qWkHmnpDMBUuuL+YkF+Fxm2wU7mKDB5ee3GTO0MD19qZSpbHvrSk/ATudlAbgYXd
NGmHBF72S8VKdS6PVPnsTpuNbkYAHMat+AmfdezW/FEWV2Q3riL6KA3thnmayFxA
GlCMQ0sm/4u9IL2RCMZF2V9/v5InTRTAYEzo8sSp+5Zu9I6Rb7mwHZTgLmLWOBQd
kjcbxygVSiBLWvyofQ9WkP3iyUVjsB2mF5ABk4SWMeFiIld/aAi1QvbcnrcnjbKw
b5jnYm6b6bKUJUZzoMGR2dzWi082TnFuO3j1Su1+1DxhOB2LgKypeJGPtMD0smZD
jg2ZhpB8HAJCfqhoseln3lYN2roINWEC0kyTDIyHYZmmubd64Upe/wYbJWAAI2gm
kj0B6+HBZatjHCdhFv7oR3+smnFUtfF59LQ4x9eI6DkJ/3r/Iwyd+5XyZKoDJYJp
5jiwD6pQKW+VuYzg4TxoTc3GXIb5s/22yQI30v3sYG3uSQHviYmStGQxp3pVBA0q
+9xkOMpzp7nFrBA6C2obNabDpTofJeF2aItfPPmuiIrjQYpAc5o3542Sl2fQFmbQ
G2LumyaiTdGuH8uqNBtYNnDQFUsWfnyqcDfIoyLairThbgkMcB8PLip2O6TEKwfV
s3O4MG4vLdGYjBsus30axpSYXtS91JfYPgPcEZifkUR7yZw+sfb3JPAjeNelqs2H
llcNEiMQzL50A8cOtzXftKbLU83H1DMhiCYnS49VqxgChYK8EPCnA0UoJ18CAahf
oRmOoK8N+LMEohQV6VcVL58ggwnR5oFGY6ZuBIv8jJcCS9uXiFZnnoCY8bgkxxvK
7d0kASdiN/eFnzJkPfOVHnkVLUI8kSIY0799iw3kl9dYxShfrma18Xcq0r7BKM9n
LChsKG4lP0RLLWKrTNyi7J6cX484j5FswT8MWOAayc5s51MPUkTn5OX+bWyGV2eV
Th8QwyRTgo3DVcoqNWQ4+W12TEgXbiM8w7ZPxWiwfGTrL4vR+4y/H+BqKvJUjT7W
za33W6iRkgh1bd0jhbehmno6yRcpw6Zcu7ndW+FdtlGBoOtiXjmqolBo00po2cdP
3ToOU8fHl/NExBG20S3Rqhl+IEtVq1Xrw5hVIF7FTF78CXeGpvjue4BAKoiR87Yo
mHnesyBocxOaTxGgiEucDWJtMnJ1L9oh/Ob/UAPQVQngkWSK9HgP+cGiJDkt7e2I
Ktd/Se7OjZa5Tj0Ry5+9akSpa0HWnn24GtauqUmgnotP3QFxrO2FR1KiG6LbsfGH
8NrUGUVymMDePLAGDb4duclasNJGJ2uSzS3GA5EKHqMdIV+VBjl8k1uEffwn55Hz
h7lqzW039NOQ/WyEJbmZWg78l1CnW0dz8dD2ac/fWqpEmT3+pBsiJok+WxPKqv39
s7La32r0XAANEUcA3m79ExjUtD6YfN3kls83zlZt7rgoI5jTVMSEdtaUctJ5/GkT
+ruh1fX05FpB8/8oq8hPLAvf5nLZcVtEBHcgKuIeFwPmqChyqPFxnRC6PjbzPVBH
ugfpbVP45xx284ej8IpXSSXnFtmPhAzPkzNSTfYK3NG5I34qTSaksvCQWkPJIhUd

B.3.16. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9775 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6218 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1975 bytes
   └┬╴multipart/mixed 1911 bytes
    ├┬╴multipart/alternative 1128 bytes
    │├─╴text/plain 373 bytes
    │└─╴text/html 471 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500

MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHcfgLtH0bh7/mdyLCV+zkE9F5xe2MkF1XUz
4OtMi7Y3CsuMtpWQmWjbCzsmRBi03bwcq30gr8pa7tf5LMHrAwKnPxV1qgQAAVK7
rDzkUUnbaxwhq4/muskaYCBfLrBHKQxtoH5jYK8m3jFiZwsZN1o5OqlPIPH2OwuH
F+Pv29dqeARimu2MyuRO9vlJLIRF6GBkCGdGk/WD5hrg9HBdeJbIG6hOAvdDBvn4
oYLkvmO+otqM6yC7nGSxLjNqp0pbNxkMI4OzVA2TASp7YUCAQwZaOYVAMz901NHA
goqDeH+vAfZa6ffLkEMfU/iI5NyjYd5OqX0MssjAAbO8zir9iLQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAWsgv1Jc5o2X837Kgiq0RTITQ
XTO1T31Xd9eHZUcz465LYZY7z1muj8wrHNyCax60wGQixzhsW1MGDpmlJMZQHsbW
oMZa3o1/MJHWXUPNmYzsr2Vowx/jfkUZIgXhQlsJh/5Ns8gsHlbJKNhWl+syOvqa
k6ndQ1bmGUtzg8mNnAy+S/lkE4OTPdw3wOz3K+w9DofkDhcAzdjKSQOUCB3lgMqQ
AQfb7WYOWgJL/0QwXb4+j10u8Oc4QdBukysmi81Ox8IjVJaYsYiRAGJFw419RNUW
lLVoiMSQaxOPOwErHH49cu0KRNN7O/rGO498TyhrF0iVMuMAihWBIRyjOpM78zCC
GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEK4h+XQ4LuqddULmHXZnlvWAghjQ
cv8YiD4WrUftH2l1DCHF4e4XCbA6aMUoBpK0mkL/EqDD5GZdO433A+HhRhyVdcx9
TVsdwJPQTwvhZAEpvsKN1l74G9BH0tFsnutLJj1t5Mk4mL7nEcBD3Xzg+ohjsB+J
vTnpq4sFSIxd877bZQF0Ppy3B7QJAzTrml8fIpi6V7KuSVth0XK6oP41BtMi/DwS
T4mhSNlKiRwDMGRNQk2Kx9LQwHe+Hh57bOrkpVAd+09hsNtR31QO1xiMUab39u+F
daJcyCjDcnNhzbNqEFjElERcXyYsbl9mDEwLPHMNhVBNVfbOH2rgYJX3EWoMpotR
J/Pcvltjta1BLp7qJGPdGOIplPWmxtDbN68wSgZ7ogXeItoZ6skFM/TU+9yvlMln
Wvdo55n3JE7bn+BplRVe6J8WYjW9mPOWsaa+YYXuki+3SGlIcYuQiQRLjCbKHjdf
XgQN5f0sFvgVYxJIV9IP9WgJY40/0x29sAcozsITqGmy9iEMCVIwy8o52X7a0dxV
s09EmdNESebRNCPcIVlUQ5QoUThFiep3x+TplQZzQ+VpFvvZrc5uaD+CyMkggJtw
qFHc6ToHByfXR4AS3zIwcgEkETSOLzhOCt20JGTdzjIwyjRE5Hc/MOhMr85InZsO
X8nhKh2Vs5Y1HdHGqyxJhxxwbwZpp4O6iv9RRFcb2SgmDXPxP2YROvODM6/YZE1E
2b02eKqfXvy4KVPAOnxg/ezaNxP+q9xdhOYgetczT4gzxZJsaaMO82c/y80Wd8Yk
cdVExIiR5HU55pJ5SMxWY0aJPaDG8PVBRsQjnO9XJy1hUYL1sDyb07Mbya8r3f76
aHyBWx60513d/eVtHlHjMibvR6hDiog+le1I3pBotKeF6Hjc3JEuyEadcCcWZ8Pk
jASTCPRZL9hnvBFrD28YxDEo/Kq2WgzQtvKKGNT1+Id4XOxuZUMRiO5Jb9msfOGr
ToMO4wXYwP33Sbmb2wYubXgx8zM/byHhiYOG00OveEI0uiYtluP9LNqrXh72GJIu
ITiEQsDTZpFW+fKp1DNdykSiSqFNwUKmj/RDqpx8WTGMLuNclL2SEJmRrVNmmFv+
jrpu0pKGggMItPDzQLCFILurAg0C4pqRGu18HvxNplffq6be/1sNB0GZHqNYApGF
CsJQtr7AeZrW7hjvbLe51/McI+qak/mbPG2F+lmjSfEnrATYJEqRhIVCpQ6nFaSy
xBfAXj5Re9L1edivZb2E2zPDYM44Co0WZg1DohZxLz4GGEiUm8vVl9PxU5xnvojQ
8pTPeA3rcZe3DiBXX9Yg6lxe4na8VWpBPydd+vhMzjIlwxWgTUF34KTrIIkfIswi
uUmz6j4mPeHgOi2qqxFmxLUmhrDycGflaA4qk0Uyf6jG7LA1L5WclmzaYrAg4enA
7spp36K9NLg80DxOFKoUmB7YpVW2OAhWsFRwrtoFI7zdVkpWXO2yTo1f6iRdvyZ5
RZnqyfRK7TlAk14Y6G6uGOXXerY8PsTJrhJYtwxjByh6bvxzVv3HhszK0vsi91zj
ALh8npWkmWwT6cuMXh6ZJsKl7NnmBAlNAP5b63fRYICq+N3mcNv5veIs9J3n6J/4
79XsmE2Lb6W5Oxa3wU6SX1fzM7xBaICRtdm6w80AhXLmevi5Rx35He/SUCyKF1xj
a+GJpOMdX4ZuqKFirD+YpKZAAI9exvroiQauK4VRrABnhF2eVVgeRRlcILSeZd7h
x6DMw7x4wzVSMqjMbePXLn2CsHgT57sjrryy7sO7as23imMFua1eXF7UDFcj26ju
DPiIB7lwoPU55R5iXx0v9Li1ePeqSV6QACWK2hP8596992TKLaNQc5bOfi7Svo/h
E9b3JnbT+c3EmPvqX76sjVqj6FL3mR7gowk9sqq9LB4xfEN55q54FY1BUGYUt+W+
5yaKkQswH3YOERu1XKz1vtVZhf676xX1KUiQZAQ9Cjhw9Mka9wjAVkWEQODi3QYL
gmDLVrzzu6kUQLpevwMgJJyB2ZF6YbhOIidi9H7LhHkFJcWc+08CTNPiZFk4lBD3
rrQdysOwgAcW8mq3FsL+s4M1Px/HBCnBS5Ko8Z+kBivBns+wkJSOHJxZYcLBY+Ju
9DnvJBi+5KgYo2JAoYDn9ioA25+hvcZ8iSTZve9Qzkpje7tE5UZNs9pURlWJiH0d
yTYZ+KfkPIRZNP/e8L/SDE5ok0jPgSl4YCeBTyavu6mkzKaWv0zG/JJLPWhrvZGC
emr0QozPMzFzCW0KHoqpPEzjnSoLKvYRYvZ5c/C7ieOCOKefeY4DOmdrJG2LUz71
DaAteXmh/cU9h4NMpiHuplflkHsmuEhvzlcZFArDUtNfHG9JUoyCBMtoLPyQiFdq
Bt3J2na+afkPgdqdIKO+ZkE5Qp/ewhghiNLiQeMpYIfMvcuLVMVX1HjDzAoG3x7i
Hr1wks+rShFQTBOHF118HjXJ9A39w5loo40nXygX5aKiRMk/Tcs/BJb6vJDzX8Hu
8YxM/vNzdHCGFcoRQxt9XITAev+b5mupZ3Vi1y0Z9dlL8ilGTS/I1gK8kqxH1LLI
kIo43Cmg9M8TPzwKia9lnJeAGakdnl7ngUwYrZV2gv3yFCScvQXQuTa51ij01aY5
vDblNPWpthTwC9Lwkt1zGN6rCxLmEyUNViDzlG4nt2idwHK3J5zlj/ZmuLuIpPX3
7shl7pdQD8oiY/TZ5K121FQHdOwbWkMWQlNE3UD2dRq4mkFeXBvf/+0GLO5Af+1J
377K4lO3dYX0Lglmo/kILh1nU3ylSKgt1YE5uiPUFcTRMJZbHWnBvVn8pRjm7ppr
G53ue1EHeM8XI13p0BgJvHM8oFCBurq1FwWOLjRL2m/lT7l/VBP8mwkdSlnxSBZb
Y7bXMdOjnjX5TxtYvrzc9vkv5EntZ9j5gklVKM7wREMvSVT+dAhIzJOCtNE5O5JA
gm1+ehupJNBYDZtG16mA/cbTr6YZ9Vll8AjzYELcEWtd3cZP0MrUTprEq/Dse746
f5dMuWHCABWeUB4lesdIqfR7XPPfSoRDAJZOiuRZ9KhHVxyfhOZnK0NEiVIudu9z
raJddetnieGchejME1mSkCJsQI6L2jX6ApcU0E/oAePuh0rti5NqnxW4Rk+w454V
PiQg0dpXCBu8ai2tfxL3FRjzfqrWlwh2cBuaf88YvcCbtRD5680wpVNp+0o49snX
DTNVY9NqUTXcLR16+Ve3x5H47z5XUG9k20+m9EpKbn3+Kj49wxF4h82Og762SRap
mzsS6veIUfYDkruwKYR7Ow40q4nf0BNioI3S3Q+cs1+A2PRLO06/agy6o/Cd03X8
LJ3PsrRDx9HZJuc5FxQH8UnUCMdCdNaiJITnRv2wpDDdf5GgMDCUx/yYqK/6x+Vd
PtQx2/+tp3QvqUlLHWhYvw4r+FiH2uz3XfviPWdbHglKDbfoZ09pLHnY0fI3Su6+
NutEWVWbip5+OSVT1CJNCLakrin9MpDDhBewfj1jBJslsgq9jHJmP6BOmJBUAXdJ
0le9Rly63PtqtkoJrhXqz9vZclctEWXahbN5QnSMYZflY1DXZ28xm0dA83jfvepA
d9z672e8zLDypwjg1jh3XOs7RbDYxU2povdWh9ltXDDdhxr3n9DKKS/Q5B3yk4v1
lMUGztzMyGSQrfMMZdamQQFHhmB8RA+o7uj00XxN/Ld/5kikBJNClKqeW2KhruWO
kzphFBxat6UmPvMf6wKum3H32ZkVVxELVkF4TNvzSkYg6J03czuemEZE6NBsUxrb
pi2RYEZ4PIvVFGAZQrp5LkBjXO1YXOpRyvfGseTefjjI6lVoGMSrhPMuLMyiD7eb
t1oynUXFgT/nEPbHqSR0vDdf38U2LHjJBbsQMYyEOjWglrcgfhYG2RuJm9cvV0Z6
+2ucvyj5Pqe4QlxzdlEJDLX49XxrnQ0dPagBuQb3n/U4EyA2jp2gYg7BDSanY+Zc
KYJAA2GuJ17JmY+TfqpMTWQYORsb0rMxdkGP1i8O/PfEf7e2Yttp9a0Gp6Lq4r6U
gEvthXVVJjvjVmiC0/fagHXSdaM7jS9K30f8A7SLz0Jg595FeAz/pnC1FdsXCorz
OkxoA7tB5XC48f+tabVED4um9GFxNymDQWYt/7xECPGTPjcbAKcAGzHCLyyK40QM
/ytzawntpaycbvztrYeedx8y7wglBfuAt/ZMWl/lafDSJJ/KYkNWeW7OddYWidQt
jC3WMQw+v6ZIQJaOkb1QRYvhtxmN6QWvEJkHJ/+1Ta+lkzw8i2NpN0s4eaR/FUPP
wZLUYpjg4VKySrUIfmWiGrJ2UOtJY2voZq3NO8QQItc+2VkAw00rTZ8QegvVStdr
GuYmjW9TNbuib3OFCzDMR7xTuKu202DyiY/E/tIm7wKMI8bw5gCQQNud8TEBFPDR
t++WgP2bBMNULZQFreyvfAsfFuJbTgHkLW3eysg6vM0oqI8cw7Q4He897Y8e4fiv
VJ4d/+wAziQgGGcJsSiHEbxFIVEfza7Irpn1NEZfdxNs+vdV1ywNdlWQdRgEBX5S
/ZN4G4FXPth8F552wmAixHQNS7IlKi/hN9hd9z7p9Uk6/h1esPo4i29PO8KqJYTK
piQ9SmHkAaktIO7pdHH35onIUSHe/x2vGnBVJ8jMACdtNSxcUh/lVcrUt4h1Ns2G
JOd7pBLnG0BnyobOlP+kUx2Csn5PcjjuoQBOJlqitQy8kzpnlNsUMQilzHS+FS8y
fhMvIM38VQvAQ4TRBaxLIVEWWzZtjwbOK++jsmMOgz4s1t6bB8aJMPSDAVAVEjVw
nMEN+Np2l4QOIVLcQjE8CQoTQ0p+IOXCslArykr/Nxw1iZOHQcI24H09X0YhjbuD
EyiM3Z1FV7GFqW6WveuR68q8bshWkHsOIOAxsSXRrF6hjanRJi81xqr5O/caNoee
kUl+hz5NjtL3A7UAxGO7vTJyLk/tZbwwSjV30kv4JzdX+9oCS7kUxs/seWigsMpI
k1SpaQvOuIqFXm0h0iujICBmiD7qlLsWKpH52BpphfUIYojxF2jtMSiVMchbR0bZ
5xA+8mQaxb4r8JDI9VvTh9T7+XcQF58TM/poUjMBhU8qFSSr3NHwgGrTdTlDbwII
H6q5iuzKnCnMs72OZzgBEVtxUkBe03B96X1G3s1qzyuSoJu9QxSDxKI66WAwZ9n9
d0XvhKoE9nVKSD7M4OrcVD+K9i8QAkhSTpq4PBdp/q+7jmF8hBguGE4pST1nrsvr
LTOKoPeuMF5ybscyBjxlo/mMX66LgUQygH3gPnJIwNJ5VFB6Z7h7GFTkZz+MaboM
TB6xAb7KGdHOI7wR/nZyTndQ+BoB5GwAXMaG7levC2EkTlMLHXJ2JU0clKdLT879
TZx1tYZDjn7gmfROUclkgeHA4n0i+jVJwnfi+isDI2RujYxPHyIkRfr3+sMT6nwe
ezur+Ab5Q7eQuPFKihMBq70vAnRjvyGAAod4DdLLbWezDEg1rpl+quphmBF2PWIk
CHsvpwenix3LK29HMaj38IBfPEovHO22yo2jdPoSUUZHpMNafbCBTNCkX82fbxfZ
nUj9j+7w7bqhAqmp8XqsX40HrG/FaGPJwqWvVvAJVHYn4Lr8U2WJfyoGRLFqLyS4
YbPNMpgkbXb828yt51YIeZV0I5tJ7nCNj85/Fkrzu016QNkOMEqsmF9YNjMvOePB
7pJ5jbUR3yGkB5nd+R7mNU6hjWHDWpzMNS3b6h0QkdmM/ZlvCBjwxOBU7IJYfLTv
7yM6G6VfYhvQmHx9DEE4SiVVBkMj5wfNwXJYN++DmooOghZ4Uo5Gfy08q/hX+6ZX
LVSCU8deZGBq9DK8J18JBk8KEAwn8M1S0l0YPqtwyDp9xHZY9h2dsKTNnr3ejisd
OGg5B03f5h/fA732NMcW/EWlcAuq/iQlwwJVhT7F4560wYbaMEM+T1nquODKEQ3x
JDozi3pEsDcOJPDQZFqCLfK4kxQ5uQyBCSN0oWBeFFJE8aw8gw8d+MDpxsemmpkt
ILS+DQL1uo3pGXuSz9xFBFaIVGhmi7zLLwN3KgUTD5FM3q3T0oqDnDsWAIvT7SBw
skjhXnPtSqEhIk/OgqAHNG7G76yhp/iUCfwM4F6y20u+xvWgxnd4IJEmiEBWamvf
zZOEdDmIYgsSG//BJBW0vf+tjxoh5WNfAm3SOS916OOvsrRJerVswP0/dTMEo5FV
U4nMHyu+DlPwqZH3z9KQpiCXQwbRBN0D245j1Yb6g+hIJ9Gd2OwqLXmVOVcpYMYx
eqW4h62yiWHd+2fD73s1fNdcG4MQdpRrYZ0XEGo/5blTvjrwtRMj6dWDwjN5A0bp
peAlb5rm/wXInehXq+hrura/Ept6bHsLNtn4LK60Yoin/yqc0r9+kmCph+LSOfl4
5yLD9IgO7LSYZTPFLv4UNkxOZKHASv442csWqrQfYwdZhoZofk79AlVc+ig9L+F3
QI1cf+6vVW4gzqC0GDjhJnxgjV0RoRk4rZFyJcf78cDlmPxNaLqd5leAABu3vxrX
++1tskFh/84g4hjHx56jpBW8/9lcbcBWOROvWCgvsBH2vZX/d7JSLtVneRQTKlq5
Pzu69tfPHJiMTtWigYhqSz+7n2mP0ar/4qDK5rjpp8/hgd5iskLGJyGUNl0Ae1hV
CeOaJP/0cG1Xa8y2jga4WOBQjtn+0jdH51SL64JJGBqAbxG32B1eJG7rr9tTzN3n
5buv3mDHSVRjnup98ku17JvYUNMkvBF0JdZVmxq55LSGJMWNwqBpsxBFwt9WbFVp
zaXgWiRQXsD6BGLYG5Q5J7sV94eaM4LsbC2ScylVvYF7rw8pSmRf+6sPjAjEZ047
uAe+3p+GIkcnjszf49O3wcNTkm1N4VCSYD70+ewHvybeHE4p6gdYb5FfzR9YHkbQ
IPunJGVlBcF0I92rEl8Sgyeo2y/6t30lGd7d6QgTOhCKMcsuPkgIHOyZQmLbUnqp
Pv0/AvypUvWauxHHIyBb7gVDxvoUT3FJYqmzcQwmNrLvbfpPkqswS+muAo3K2jvF
nThQ7cLDuCEOS6amwHB6HCg0kTnRRh1vC4NU+EKsKfO9zSYfFiUMsouwmiZnYDkl
wGZ6QTi0YdbXMID3ZgkKsQmeQ4DhjL6Xla4yck13VXQGixW9GFEpmFcxeO6qQ4gl
C2Gh+o86ivriiltsBX5uhz8G5ZjqrzIyhk9cUmLfVeZFGLwQK/CFl5V2zif1Z5hw
dI4BBb3RL5dZHo0wFfraqzCHxLhR2hjvoqzIhEt2u0YOFoX4m6MZn8tCC820cJUe
fG0HOI3f7FhczTKpuFr3fCjWh2icJflL1l6W9Px3X3AuOK9uq71Lbb1tz4y2YLYw
XzFSZwv76pqFR5Yvt8OdSd7D67o7F1NmzUu/s2RAX0zwUrVjTMPXIJVfX2Mp59yC
s5i6SwNMnAQyPSv0j4Pkd4IfCsVogf4RMMzwNOwz/kMTCJl6QVkp0GzFbePTT3K/
wSRu5M194wsrKVeG8FKEQwjwDDymZtoBD2BQW5XeUGv2nmkxLW1hYsXX0WlgH6Vf
WaLP7d2FjE2EcG1crwsEn+/wqyaIHJQa2MWu7/6qZvrgrUdINUZDc6PhTyriQD4r
XD5dQMSTMIv6ALISlUtIjekVNzZ/uLeEzJOEf7CSUUm6Y9UoZG32xw5U0L8EVGvL
hSzxJ/J3RCBhb/Ezoo8rO99KKxCHPbce3LsGj0bcdJtUEvZKiWP73wTUx0T08whm
tPX1GUqofg861zNoq0d7+neGhY3ynUpVFz2nYYEjZGc81IURNpdQBo5Ra7eL8Z15
iRndxbZclP/V9RE+fBdXBl/V1uJF0lnpH/UzC/MBGOw/HL4ApmJudBLS4/PmVw2K
YxlpQW/EK6GDgOKgOt94lt8bcr5vvsvozePC12q6HizYHf/KnhmxhEA0ReRVFLAt
vI7pYX5qQQudhXvmq9IhV9HFnacH3xEuTQHzIvbxCvLgqrP38u5rKtfFwYgCs8S/
veGWgiaHGVawyNKznOb+FmzfMsmx5iJikkomvL8KOl2JWL/XOrTk+yDQyA2fjjXB
cJeMdGiDcngXg8LVt54ZGEpXfiZnnN4X6blK4YgJnEuosvp3D5gNIpvd4Q2KUkhe
286ogVozZQPPzdXwFGhlWWm2EvW6qzOLaKWFvzGeWjbzEWSq13QZCWdgW99+Uqs1
L/eU915BXd+rE8nvfY2clj14ajltDkQygGlGFeLlNCtup+RwXZ1hVXd99Dy+gIC0
39U/upmgiKYv6GJybDZpQk/V86t0rAfqlH7KIFVi/pz2hB+rOxK6GKZPUEBmqXE3
zJBOwp17P95OB9W0IhRvAwd+RRHI0txROwsn53QtoVkWy7hPG5VuVOL+W55roiN6
B69kfmFJWqtYmnKjl89Rdgo3OM9/pnP6+ZcA+myYPD87UEcgKHDcbp1CwxbHOyPW
72VE1tQZQDAwmxH6F5kElQ==

B.3.17. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9795 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6246 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1941 bytes
   ├┬╴multipart/alternative 1132 bytes
   │├─╴text/plain 385 bytes
   │└─╴text/html 480 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500

MIIcPAYJKoZIhvcNAQcDoIIcLTCCHCkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADPyejv9Q41LGeGoBdDpNDv6uYtRx1aRJOfn
f4sbWXr4O/34962uv8O3XkNQUPykKKYZ41bEXBUU3enu5MvV/CQIbHYBIxhYmAMD
vrw41JyVFN+yH53wtubTwSC8poa2TtjNv2S4nBgbsDQBbN7IR/DHKqCbUK7Am5t1
uuSHgMWpZrcRkUmBlkkqYym/kYfK51FnZbMSODJESjwQOrdhXJqv1RJFG6T0kw2a
GOTxsg7spf/dDxEyNMnqm5tLOArFLKOBOxcpbJBPTWumUyKh2P+d8D/8pSGW351u
SVEfw5Zw4zX5klwBKLVowk07vI3oSlu5DKfQJ/5WOBucU0EqDGIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKK12BJjTcV/7qS94clNAH+Nc
slgE+RXD3UJ4VQM1fu/X4uszwrQtE8eWO/ToCVp/g+WSFZIzDRBfhbv/7rFDF1s2
oRVHpoZrO0sUrB6IQB7R+5WCueJomWRjJYbjbAcFSuff3WzC9sh6o+hu8p69lnJm
7/ht/8X4ObRHcno/68mPOu4UEl9jOphAxwAzVPc6DqAPztyBvTOIERp7JhfYUy9W
r0lWxuYsVFF0Z5NI0ZRybPAJPuBQUM38S880am6CxgKgOR+QLy/s0HDiZQ63tbXG
NcRsbWIHMrIC6xLWHl4cmq6VQdnSNGqoHVaQKAzlQjDgfwp4cQ9pFK3HaJJ3bTCC
GQ4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENbAf5M2+FbI0Ai6GKC0Vf+Aghjg
88tKiODrMGsmUZonZvPq/tu/822mi0P1iqCEdG3Jby4dU+exxrgn3InoEZQI0QcL
go7Qm0xpqdSPHFp0ZPf3qDAIJub62gC6/kvshuxVyWeHySYp9qn9nwwesP8JLGBJ
iBqtQEjeRZPxl7A0oLLalGfe5C88Z/zM4QqL3H0HuJzBM55W5pCm5Vv2fvtAnnpW
q4S+YYV9zO5elpo1x8dQQm8+D3RGp+Dlp5nd/yiSgMSolIBZhnxK+jkPZ6dicKXV
CQwyIFfHB5k2J74wsGDYBqeZKIhGZuXEL2YQ9LwchmMv++AjoGOhXnoYdStCh7Lu
zI7eZqnlMriXFXJ4rMdD58BXYByFrjDMoIiMXCD2dZF6wrCPDfECKtaEA4XFP32n
hkLdX6o2r+9uDS7vJX3RvcYVocXdk6VnwxB9664vLWuczw6BueYitlxU50d1sU29
v7IpFTrcSYJOtqftglY38+L1fHGrfd0EKIeY1KeXv2TbT3ZDpiZOVe9KuC993XWl
+5T+JGV02jiDWgDgkP55TRnz+F+i0cowve6gcRrDVM87ECP/4qC3mh/st1g/AkvY
y6DFD45GTLkrMqeKcSHBo06jS3D+/BarpG4XO1tNUhUOgd5DVhURSMNQXrtVxA6y
ro5iupYlJh/00sN8gHoCcwsq4v1Y20CwqmSrfY+8FhfZXBQA4sHP/apBVJDmIrgq
MRBXrZUHNmSwEaL/kFVMzNDPrVjU8RPr2qgqufkelU6si9+sZptEEEraqNWUyWZi
X6e62jWAxv8qOnuD/6zukqOx7tsQVpiJYPHDw+tVd76Yvefe5UCtp4/mBRFqZoz4
tZFm/nC52VuRNyDQ79h4YPQTryxvrgKaGEm5xDZLcM5MtJUy1o/sNiK0yoZHVEix
d4DkM5/IbEOoJM1zhVp3fDh1qkkCEF1yKLsYV1HFamAN22U8ImlGsRSnZVmpLMM6
GuV78wRP/zwJJ0pYrwJf2SzyXI+K9vc6fZQUT9oLCV7mwRRuMN17HMJN/Qi64lq+
KaL9sTZKs84Nu8jAmjGLD1lKbvpAXJIr1nlnKoeoT356OIh0lRHfXmh12ZtTl6qc
zUPROCNGcbDePcmKwpUrS+DPsN9VZnIFqWVsi2bsGFbA5pRxTiulA/rTgIT3/ToA
M4gp2mANIG3dtxKYDnJskUn6LoX7Hsbf9ALSI2CFrA9Ma1o47ILNMhDZn8foho9e
do6cIw1LY/lbaxjh5sRFe6IEYI8Bsc5whhRRX5s2cxYtQprYfr+HDYl1LwJTOEFl
JDlwQ0yEBSmGFnE0wiZPM/iquwnfVsackMwFxg2eC1e0wcryRSH7qFtB69gZYJTr
lGiHXr9TKeKduXVk7CpeiM/SQkgi3cA69dwezdb1HAKCcb8zjpGp4hjHWXAnTrwV
kuf9s26nTCljU/z5XTJc3yP746MKHe+G46Qetn+h/DjvX612v5VKA+XEavB8eyex
5NYLFh0/JQ4zgvNB7DwW3T1+OXyQ+rqplaj3l8sMmH7Zkcvk8Zlbnl2TAHV1w0c5
GQnUCeoJV0guIC4KKjgneu0rNxhWUD7WczWwm5HIAvgq0bjZu9dzCIoZXK9UJ5UN
hp5W/G5MLCqEzmweTXGidg9UBuOBRWjaAEoLsDZYr4E1ElQiIzY0VUoIRh9qt9tO
DvB3YksC/788W5jJX3Q5G+MjX7kxm4Y5fcXWHU7BwqMLKkpvy2qCNYC4z3rBPaGL
ftZ/sJdkR9uvClh9X5zU+JJNAE3R9LlDFW68cUIFxpw+bx43BCesis7r/p1hW/Vp
4JS1x8am2uChAKNMQTjHxeGuaxEvoBjOwTT2D21i1F2KJp+SxKZtb9bTbJZvt/fX
/8nUUR6VdwSfgxmOEf+JCRI5U/z7V1Yv9O8BZ+wf0vvNbfGsFdR1UhEGusARNV1w
gRO27cfkJ0lWDkqYWzWXXvwoTbTgVJ4i01GhA6nChdatU6m5nR8cXrUchXkZQ837
OsNAUN9sjSR11PA+bwM49kF1kysRRv7T1+uZ59hw3Plj/eN95+GNORsJMwUJfAZp
bqx+8YdB2szVpBoFYy9eYmeAajdO6NYkzeXvYAoP739iFs+DQSYvoASUr6CxhBZi
6d3LO7c+OHsgGTiocgGtX8qcP7T3rHDd2njfPzhr980zHQbESJ7TaZOsSlYtsOB4
5rL4nWDXBFqtd5ugCfYmtbMdyWH8xuOTPB7yCUjUI9AdnTEFGPPZlcgo+YHHcQMd
7K7A6C58piH2qnz2NuFcOol+4uwVittRGS5ETrpEA3wPjiNtOl8wt72MbtsYgMec
36DWhQpUnnKOJ6l9jbQPooa14Gc/TlrSLtEpsOJEi5UHkXiuKEVTH2yjP9RdlRYI
7YWecLbK5Hvl+Tw45k81X9IIKMFtdPbQ4sUanD3ErzKGOvccIcEQH947ZI3BlVJT
Uvah9ODsIdJ1a68GGJwFdyydJdHI0WUqBiQ7190/33x3CzxtOTlte9dRkJkP75lo
V+vLRDQ5HHcHOSzWQ0VeGAsoNa4AFgrO9HMcMTH5VYeeHMVZBCtKGpuC08PKehu1
rxY+tQ3j1bYgPdL40IdyNFCVD4edYol1sDkYofsGEjcV5J3umLHWcfLOSdcXylcj
OcGWIz1mAwSeOT8Qqk+8vM6fRKy2neC1QB5L4SFGrmnnVPg91KBEgaZt6E0OMmlP
CwrbY5VET5Nf/w2jJWlhxnViPqlg6E2Zx9dRRTriGItd81FA87+dL7xZc+kt3Otk
2RhG9yLW6OlIpBQC9akLEAlqq/ikJWziVrerWKZ0XQ7IAh7c3Q9Au83eRYqL3jEb
1nXN94Di6dfwGXi29FwYqxzkgz2P21t6KcpvrRIBk378yKn7jLVgkil/TEzQ5vce
quAinWS2WmF+iOaW7nhcIpYBO0HZK1DYSSLAraK0xvydsZTO5HdGkynJ6ddty0z9
j4KhE5VT7X6hrqIkOcfoGl2GNXjelhNDUJS0YKRYvda56b2hbn7ppThsaydOmdG1
HxTq+/9ENaBmASEqcgF0/RojJ5ZcLv8+fww6qmxkQI+GG7PLyseI0GA/Zy/THHoD
uhikRUmY8eFAZNT10kL/4w1GFIG0Ik/ZGVHs7paRJhWeOcFhnGHqQ+4q6ocGcWMi
AZGIgzD7A7sb0zKxtbeSWWrqvS9fhussCMA7avcDNi6WCVTxHSMnV1wCzM5CHemt
rYQ6/kRKQ7mkJ7xWyHuKDb4e93+ZsBOomaM3AETVwagmeYiMKG8Ir7EswzuQLkau
Pe5qh3i33Z3UcNE+4jaD+Pg01LUOHPMsGkTi9hJSADwC7bZpRsE52WtoJ7PoL0FJ
I/SNdk9yzLnDLPiOziNQiY2i+rLI5H2BlRwGRspyZiRw4MthuP4A261dhCscP3fI
TY+DQ9tV5NItvRVNa640EoX/CV/bwNIV8ciFrsGgpVrkAD7gmSdrK5IUsxUEUaYh
v6LECYSmICQb1n0A+GxwCFrPWL3Ls59Q+8UxDjyqcPUA3A9jyz6GUGGAwN0YOqXp
DXHHafrIKs8p5ixcjVili9Lz6Hni9XJGZClQ+nxZQm1C5h55jft+UD0b423beluT
2O+M+Wenck9OpxfbK7IPB9XOvBTj/WNQDWFbt2t2wzgYxZmGZ4x3ULMYHlyqGlu9
KpGu40w+3pAqtuF1fiXW2yBiv5exC+/vz/mfozBnW3PF7BpCmwqHXPp0IHwqcL5W
qtmnF3rz3SxUiHGvIwDU/P0C6PExGixbP4xhmAyVH9kxYLOEK3Jil2QpL8UHh6w3
eXJwuztXaK4HUQhLI7a33lDRtI+fQ9JPfh1bXLJJsLw8Lor1oBgjV9CR3Dl9ESff
NFUj96B5QPwu10KAA3G5jtrBoNa0U+PWxyw3CUhi4d7gsy7eXpGJCc0JNgY6P65t
kXVIzY7RI6zGg+4RFES3uiaxG4oUyfIat4YYGq50ox5iwmOQgav6Y8CkGOQmZUmF
49CiEvsxVUxzUsmESGvvTXTeOsG550DX/XqyG44ieigPjCcMjRTQw2wO2CaNy1HC
8jMIMiteoLovVqThlAmHBnK03EqnOcRJ0isR5JHkv4WTpML0gU+oEkiDhjEKymqy
UAgnKwdZN+2dc7wYFSj8U3oMnVKjtQzgpRVZsanuMmTGaT1hY7+HmSl5M4TjViqb
IOJ+mJLVYyNr18zvp1hl/pAI1wepwoihSO4m3S0IjU+JWproQm6EtEPuW2VNfmIZ
cggeDENMq6OqS8ZoX2wPUlhXge4OlFNSKHividiFYCqqW5SZ/obLqU6aetzZnSVT
KLfpQDqib1Izp2wKJXvBiZgCfIp2gRLoushp7v57DoTlG48KBI8/a8b9xlCvxFVk
1Tx0irCIHSjcnI3OYSPURZQfZE/RZiiyxOrnMiloa2wP1lq+z8mDFikKcyqHNL7W
do3FS2GDA/hj5GJFV9SEtV3vBUmdqjSxyA5skxAXMleHwHl9RlpoDmpAUq/4/hyJ
8NLVJ6GGOZFjbbfJzLdh75qTgjbCj/tW1W0ChzhnjXRN9U2d4YCR3UkE51Soo/Fw
Jg5AZNo51cuygrvWAljeRgCmDfaHp67CYonsr4VuWy5JpuI9/lszIk/19C0U9qY9
wH23xyRz5rG/9NfWMbh6auVHRGypfQAGNwwjslF4hIFAAJ5WkmbPSRn+7SVMLDdW
FYOpNc1iMbknfapvsU9cQiTxkRB7NJfgazVxd6A6h/1rOZNmSuUPou/8NB71F9Jm
1rYt1Op9TF95Z9D3oFwsmCjhRAZa/tlk7SicT8K+LJSGks+0yS0KvH9EbsoV9jMC
vBMzfXEEVINk5qvHNe9O7T5iivAf52jnTYMwVP5UwvNnseR0/q5/Z0dseLwqYbqS
BS3NRjHaV3c0Y8E+Koc4+1RrcE3w6mv0Fsu3IApwQj4AyKd7JDwsfzs2iv2Upe4v
RMCzS7Tww4gY1SIejqlr27iXgi0kR4ehLChh+k9WbyewNYWQWfJqvqzfT39ormMg
dTJDCQh08cUVmBflMKImg/Tf2ng+3SvbnD7fkb9mqfCHzfQlmSRrwp7amGRj3f5l
CfMywN5Bo2si9UrKVgZMaMnl0pIXwziUbSqiGyE9/8SqdLtBtVR9/x/XFUL4eEEQ
dUUCk/9qBkB3Ml5vquva6BUVj1hhiKFgnnpZ8eI9o4RL02UfBJRtgBzicI9IlGOB
+Dfveo85TdQLZB3duuEo1RMrnSKre0Ki50xp7I80guRkie+++71s3wixp42GENXb
pesxCaAZWreIJoVqFsqJLkpDHrh/C1VVc/DlMfYROf6rTKLdFsuJy1bxEEOXwlQ3
DkNIgPoy7x38a0TUj59t2H5xbfbQj3rRmbSuhVWIYgeGL9w/N4NXYmW0iXs9QxHz
Yl5/X+cYWrOV9zLhHvjhYAA3z8pevd3v7HgYvyayHH9FAOQOzwtiNPlDijZ9zVQy
XxDTlm9Y+rTdVxj36dzUd/EVAmuIgH7HA5TdC+2fwfcoMN+4cyFBNVw/FhnvhqY0
S788MBOudK6UPbTyPte9szSqkdVRLzTtjiURPGf3DACDPOVu7bzewbXN8f+KHjDK
aSdLktQiFgbzdXFsCZPOYHQXbs9zvztTU/xC1iGjvsDK/A+exn8QuBuLnumKZzZ6
vW88zNPu1JdZIqdszjEQt5TrMnSVBgxcB3TeerA8GQCmgZ1gnN+Jy5PIQHTz4oLu
mp8ZPBWd8DRsT59LltNwyKTDLCYTiN2Xx1YOmfpUQDKnnvmct7W5usjD8VntHWoY
gJ3J+Rd8xPdQsnW4/HCX3uTjgp/mUTqCYP+J+226n0ac+jdfDmi/otRn2jE9zvKG
7gKpFu/gGfXZvY8OUSdNP/h8+VCtaUzbDqkbNkIIsyhArupkDBvSJCW5qxybXB/a
k471+F9nug6jdyIi3Hqp0FvubcsSchYA1UP9EtUg0ae9hDB1tRY9GTlAaOBd2xbI
zvvEBeEcV1TlzaY9B6XaTG3VIt40i8S1BrDlJh50jc/qG3B7X3Tk9Vvyn2N6otF5
nidTIwwJ+HLGt4h6c+YsV1WZlPZDta3n6/HNh/+pAdwSP/2t43PJMgJ1OlSlxR1I
C/OUgu7gNndyg9sm0j8rpPUz7p5s7cTPIzGkyZ1VzEAcl9dv2RFB4TV6z9h/BLWI
TUfx0RcH6Ny4mvPiQKUADuMHGNZoOHXEpsIQPvpqL/XDXeEZCgKIH7nZIaoirNWO
OG7cJU3F7Ko0EejbSsrG2HJVrDd09Tlfr7HP6/4Tu3h6qoxlTuINjNCWs9wUqdxx
3HNzXc+0JAKE1xiuoat5Y/aGnfabVUVB29ad8yFPtG4cv3ftWHM/N87Uezeni6f4
vsZhKLoo6FcJ6xpmWD0Y0Hys1YtukQs8IhuKNYBBRTNFGrBlCqKJVn7MIsziVld4
NGgmDpVQ6sgIr8EbIVVsQC/0WgzON1hsfLvweYfd0I8AaVfPWd39Q/y8DSlLq/yq
of7KgAyObSxxqumY+hJwW7lVufGFiRiZDYi1bdoRaVb0qVnRF5pU7YkXYwby6wzF
77olQUVcEoXMJvtWLnu7h3mI7fQ5F2F4a9bclLGXDcNMHsfh3JaIlhXkmUbEyrgF
EBOuotyT8Jtz4a6rSG8vLCDEjfw/DKFm/2vtAg9CWb8u1Tj8Ir0j/0YP01VjNtKe
dQmi+Grcts/5cYbhewOIaoaD00N2Hy+7MQLMDrHo/NFlrCHtLUT+B0I7acnjAdit
v202eROGGQa9YDjmZ8tMhHVGYko46yepO8AWm5RR4vVd8b3CbvFbzJy8wIGIBlsE
5Ds5rvWqgzKcVVlxRneE5k9uJwY7CeL1DnVX5Sks4mZoxgabfQEcRl16SB5RFmSW
y1CDnTwMg64WCGG8XCWMnjEydtEGK2JoI1b5Zikor9F5Wiqhq29Ropv+CjekM7MP
F7lW0+C0iB9PaQsn47J5WuZhdt85RfLpCm56r57z9eMctbGfmhUl3YMth9J71xOB
NZyBXUnAzQ7qIaOuFJ8ZxZT3V55hYAokF/Ph+6W/rHcSshEb1nzUQ8Yf4jqjLmcl
S9I1cVf2xkwWTS+6+xOMoEuqeGK6TF3brI+s8qmnimIIxYsspnpznNun6fXcoXmh
6TOKCAoCHh3wWPk1ucj+JzK5LHDUhoBzccx1co1Vf4To9Lc3X07Svh5L9ZouJ2IM
NHqP5tv7V3dCyPfiLo4R0LGfQ9o3x4vQq1Q9Tt8VPi++Z93H7SqIy9/XNYAMtp2b
erh0i5Qc7p1zFgMN+oL7cO/r+jM3/Xt4uBdenLklWs9M9CC21Pg4vLvs7f5XNj9F
nKSsAqo/zxxnqrwsfLCEir4nIZaOSmQvFATKAumiIq/Bmljy3yJaNFhNuo8k44mi
6C5rChBO59FkqFJI6s3s0BW/ARDMpRzwZzLqEiaYQxXrvh/YWatmzdMcOGjObivG
R6cgEjJ3ycfymZ4cl/dQVqqeNGSfcuumI3eimiIg4txhUFaSQwkp8WIl9n0yBnFm
ygdePhIuatf5n9yuKNLbTxamloG4Kd9m2iHGp9oYETf4xt9icTvNa1q6kEjkEj29
jAl7hx7ws5uArlNIu5Yo9dmgzQ9c5DToQr3TPsNM0SnNR3S4nujNc5zyAybkgD9N
oirZ0yz3BMyWadhbVACK26hYMEjdM/eE6Va2M8yg2aLXU+d1H+hR/C4RN0v50u7L
xnBmTU8y+AY/vbl4042v1TcvL5IC0vOG5moFRgUziCcsncVcE1h5EBbwcK52dvWt
OCE0JR7HV323h/mBe2uMdCrsvRSdIO9/VqTU9PbVbl3xGwz/mXpQrRjf/HLk1Bxx
8PNZU6gLQP7Ktgo9RTKV4ZgEcbsFrg/np4m0wb+wQrI4d6XXlvHMPit0ofu6M/e4
FoyKwg0Jf2Bcfq33eCeTa9tioa4G7d0ML4NqZi6sxaGG94XMMzu9nD6ewUN8hlxa
mhn+uLGFiE3y1EvhI3ICCeJnZNfbPU5bXq8zuwqp/YJUU1hoshBna+VO891W217v
koo01YxZB5GE/BvngnYDUPY7cGyutF03uRofOHmc2Q76mWl9hgdc1tFfCO950nre
d0cNqrMsmtryp7tJ7FpsD8QE2t/jWG5PlCk+m/8GbeRk2qimvkch0M2jSIEUhLTr
ZNxIQ0dVtrMTtsLaATMTG1sH/AiY+Ajuzhbp10G8YVilyIYpxx6RSpRb6hpvLqC/
xZy4kBsoJfcppiODphgcRLyNg+8ogdHwg7LXqT8vHQ6t3wfASSVlwetnwCQvfB8J
XjnBSSUXoTHhqhvpJ9SXxHRiA+XHgFYc6BOAepLYWMcuIzvxTweEsy6feQynVKWG
p9DiKuvc/v2gqse50u2E+E5rPQuTj8/SLrGUbw12i1TkQhUIYZMI0HYBDFxu9pyD
u1zx3DsnSlLWTzJr//wkr3lJd5L3WUerfEp4gAaq5hGCqkSZs4yC7YfnjiNyGWS2
FPFhOo2EhGBGLHCO+mSSYxMNkRi+sDUMzx8d1jVByeM=

B.3.18. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10380 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6676 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2248 bytes
   ├┬╴multipart/alternative 1425 bytes
   │├─╴text/plain 482 bytes
   │└─╴text/html 634 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500

MIId7AYJKoZIhvcNAQcDoIId3TCCHdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFyXL5Bdsrj47hCSCMZg5HssJuT0Wkfqzrt+
Uauk+xOG9fu/C2qZFlc6itV0sTYKogOf2UOEetIXbj4ad9TeExHOn3YdEbbKBp0a
KnYn5zyuaRc2VmBGwCrAcPaGLHL59ul93+Quyvp6t6T7L+y+rvgtOh6tMsCH2yVp
TGUj2FVg6FxB4kg63f1FB1ofpU10wSB8nn+dUzUqxD/Pwvt0yxhB89ea2+3C4ncH
36wQPHM71la9981grPRH7RHBcWdyvny0LPipQ8v9p8bweJyVQ4oDqLdByO4XuNzL
XqZnTKmhXugkRs2pShYJa9P/YnVf6fPhc9mlzl2R0UXZ00ezMZYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAiAf5NTfAC/vD/MMeOHO+9ciT
ntt01b98dS2zwaGnUR9B567tVQjWS+hXSWYZ7BSdp4Mnt1QyeIsFadrHZp9RGnXS
gxfzpCBQm640OPesyumvXNwJnjIsgFScVJ2cfyFhdH8DM8yKCdBZc1ueiaTDTHXb
efDBndblmGaJESe99TIzSWu7dqltVm81u7NnPdY7yM1IHPp8Ij0mxrxm/5pXN9Nv
ZK0QlvoE2pBgdQZS2gZIoevepePkveqNYsMk666ThBmSR3RAelucLaRhCdGJ1utn
my00M75Rn6A9UlNAEUa6HXXqqIx4G3XeRFvwjEX3gW+sd2+qlzNaIOK5VKVPDzCC
Gr4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOSKKKhbXhpNDoX/l0pLf+GAghqQ
fImfWw1xwLL9IO5jrbrEB+Nwv/IEPx/eZR77kGkohfz/lD2J14obHrkGO8DF+6l0
d1cXUtVeJ4EJeQdugoF3Zf4lulAF+skxo/0kbTZuReffOaGENU3beequQ0fi8yzd
UDGRc+HvYpmKFgy8YXdNexYYXaDGxBCvHx4WrPmczGeLE3KdnR8BR663OxU8zcV7
zmG9LH/7N8JimcVvphNpKpbgC0W4vck1wsJ4HsQ5/5XQ9bIrXvWxDLqCL7wNJhFy
MDHc582aczLwOcb/RVr83VN1JDLGe+FR/snhhxpM+yFNblpXcZiDnzVwpr/kVE55
B8Z5P/9Vkhu+dG3opNmronOWOgoUdul0H4BaebYmIIRzvFFWetRSYmh1IZeJ2s4u
dCc1GclveZBB0fmXWYRjFlmbEKdo5vVN/wbilQaIfjbm4iQ4YkZZBmRFhsSqv1pm
GqTE5pm+A+4oscp+dnqMGDl0jzAWnyN7tlbkIW5vYlcnoDdRpT2r93ZRZ/sFggog
pkooYY5q9d2Vw+ghVPS19wToG1RoL8GuQ6SRTq8FN+vuJjT1dfyNhsYp7ia9+ttq
Y5KdR+3e4u6SmVLWudC9k4jsglndrKNqXvVyd6NBPQpmeGaXGXhtQkzy3FBBfcsq
mjwgKUmkpqsY2a8YZqRce2PgCuDSsXeYZvVfs0EDj17XnPadzjIBdLl9oUGaaD+i
3q6j5y7xbyvjGc8T4TJCss7z50Louuxw/g5VBHHDz4huywugOR3SICAOFn665uTS
zSXXuNi+jII1aLOtPttqmOmPa4KXHZhQFiT/F8D578Wnt5hGV6fwHXOjvvi1JrsJ
k5X0Eid+vY3THdmE0e+IWOg5ViTK1j4Yc6I36CX/Ek8k6sjjLl1qKgKo0XXon2a3
2MdZxnNuSPvx0EZ7b3GE1okJyChNPguG3J3yxOLeb24pQ+jDLmka1X/pLALIEZtR
HUks6pNQ35eYoULzB2Sc24t3Xk1C2As9dS6xVXCxpoC/2f+SDOMJzCDi+3Cig+dU
SZcqHGNmKdp27ScsNmtgeGp4qKPB9EVBClSYHdWwuAlhj9bOuBC6zAEMfr4FnL1r
bH/K7K1HyHjBwrIZmfvbEOMF3CYdX3kFwUnv71sqfwW863DrJpW6o0Fyzi9zecJS
MHdj1mL3t5Yp3u0+z9+MVJpfgJfv3GDwoM+Cb4s2+kH/P101tUdZcAyohu8gcylq
eJ1mfgRbBSILwrzLr0egML0guHdXWp1LncSswqYm52zcUWuo2M+gz2/vD+6t16OV
Ax1GZQE4Vwwd+z765wfiQAv9OodQYhrdX0zblgdDSSUCrlI/rc8CE40qZQM2q+Bx
ZVzvFLQI15SgQMZ59IjZRcNcOsunqtnN6VqUrbOvqrdYBFHjd9VI5qTL8CtvEcJW
EBw5nsz2dPYXYjbZkQsxYGVxeEKiNyOt6XhFKAv2pFiiECi26XbnI1Pcq0BU+8iM
KTv41Ku2lGp+DVFtSxaBY2ge/hyYpFp5zTPelPSvDw8VEnAZn4BzFd4L5Qb5nNGh
MOsOg2nbU2CFZJg7515qTODfgdeCDJkAbDjG+3g9Tp9rMb4tNsZlj82OqoCHY4eE
iHgw96FAF1vR3BSk7w0rNgAbCEt08fBKaDqp4XOivsNk6ows/3E3DyCuZdpW0hWN
RZ+fdMWVgFaZa7hJAiiQxeX+b3ClbHBuEeRIPHns93uAA7Y9+Bicm+9lp5lMwefe
yEW2wH9V/d1vOPUnUIV6VSe64vB1kdbfexY8/C6z3owe6KyLJHiDnLK8sA/wHOrP
3pXMZ9ldHweG4pPeUmWFfQWgYDufiH2uRWSe9qLImGdL01yuKvt5bV8OznIGhhdn
wW8GGIwZtzpL9IfShYVk3RAAEfUVO1elB0C22fNaQZJZf0FAxByW3g/nkVxMW1nF
9IRkiMWWYXK8f73YVrxfCn/NpJKxfkm60r8UrJKapDbbqbQ/phLVPyEufA/12/Ql
qKKlcxvTUIyJwnmMCUAv5P57QpWCmpJVhRzKJGgmquf2bjq2UKdtnuMJNcD5kVlz
Xa+4oeSEFahhkDzoeJPCGrc8s/+OfObp69YMMLrlonrbaAOuiVyRL21tUpR4Nexu
YVEwHRAkwM0L7qL9dMngEv/p65OqsiXXMuhn0oW2QaWP7YOJYCvrIZCDEsMiwzfW
TgDArodbZ6Z+X4PLf9xLALXZEGanQwc3Z6nz40EnJAYN5FKodLjMGUyXAtYfkUTV
zF0e2RqVSRQ03/0Sz0nQEjgo07UhHIytprIX3JKqNENqzQFp7TON9RpTTgykmxTT
6Drz1yn/daFZubp3am80Hg704V9CWHGKiO3E/Pm09UcQSb6cPbTe08QVZd3O74ne
unrho139pO0UdBSiWAllRcAcBiH2Am4g4ILgXMX+E5JTTUWCxUbtMtK7QXX+YzYu
BdwnmvzNr4nLgM24Tcq5c+lDqT+fxMc8jyOO6IegdtABgGUqGdW/0jfDWID+v9Un
FTf82vMpYCwZmeCX7/N4BAdLHBa6tjWQdN0kAhZ8QWNXO6X5TGQStEtpW4zrSe3s
QWjJNN051ajQKX58QY95z/PntOWUrTmWC+pJJZhxFVWBAFOFlNKNse0WB6OFzbqZ
C1rN14gCb6twVR/F8nIJqICeOQHMBS9tFyl+FksXg5WwmrA4kflorihZ+I9AbhBL
PD5jdJJagZeLYP8XlW0AaaSHa2p5V/cdDumDz/rnkzpbiA9VN8/pLy2aWsvQE1qE
R3Fxb7N8bU+1c/FG+ekaiC+mzBfaOq7WimFqk7rKV0gfSeHXTQVolkNceeIowKDY
9YeodW61yVClzWyPfh4x/icE2xzD+0hjM/beUpfUOCWlehut9dwRmjujhwK7ZivL
rC4ex1D5KrT9npqcB+cO0wy1ghr4xjn9xpiBIFmo4NJ+76777Puu4khUBuV/zYav
fkupDpG7Ml9n0eX9x9oXQSLeEDagQXnqOVgxbOgCsJbssADsy9Q85mDqc4jJxc/Z
MunEcErg0lNIEOeu9wx/yiNu2ioPoVvIUf9qRzh1i6cZzpZOVkpsfC7KaunfyU9a
BlIuZaI5ZclbeuLxjC0O5tCCLzpltdLNBBXAQzQEDz0CNDExsXhvsmQ5oPWwbHbF
IrTTyWl0UYhiqfzKqcqjL56sd4cPz0AEbxHRbi4TGWjG41lFkgtTjle4wRK+EGWm
JtzZ8DwgU6szLrEc/R36Jc+vFNDI4+UE4tQxOioR7/yRlJeACjiWcliK3G20aM8h
s0Yt90pHZc7C0c3v3ls5g4i8l15DL/qK+4Q8PJNotFG9ScytPiMd2SRNcHK0RAHz
mgEe5+MJUKxRcTLM9kXYC5lcPnl9yjRoJYVB68kyaC5sxs1DqS2cTTN5h8LymUGx
pM1PUGdmKF+AV6ovcV5lYTqm4FivtYFfYIDfC7wSfgC9trWeFZuhNIjzmWXzYuTs
o80LVeeBRAfMgIbFS3fBQ9EiUs4IIuoVGoG64vg5HG4Fxpia1PHDdHJB8eT0CZ7i
XAQK/ml/DHino+SE3bNUIArL27v/e59Fc/USW5BeII6hrsmRhJgmzDf90Aw641nS
DKUdWYJVyMGAoS0hv8AGvxDDh93kSjAw1NUHieLCA2Ac6H8iv64napmdaeI4AOJx
DyRjzUT/MWJijxmfnUlkszqQOIwq2ClFHKAO31P5T3e6CyGIp8H1wM6IvYIiGu59
w1CXpHbhCxMS/BeZX8SFq9mIMdyCu7HUQFaxkbpRh0uMkMJ8p7ej72XGbNY0v/Ur
1WrQyRdOUFPympv4tOXFygDc0rjOR/Kwnlh0Kxk3ocm51mDUvWXpTrraSfQNIG0W
R1YUO+VCoD5D/F0MZ5cjPYBHF6EkKysfZ3sc1LkEarkW+iONWsOaJ2Ax77fz23ob
NaG9SYBkHV9e+xsmVTMt41RgtTsF8ptFxmJPJQ5ERDp0Lh//nPtmXYqtIrzIs2qK
2AuPwR8QjqHZ+wjeo/xkjBsyHnQiB+nxfH2oQhwp8umEs9Kjan3qa68fITchKZ6f
z6IzV9w4qn9EdLaM713n04ZizXpN6SKOYQfOsfDyv5uvSPKH/jeskupt3JBLpqLv
aEXzY2DNZApFdvRmbjd17t2DuyX1zh9bs8tP2IpMaV+6T2cH8AiNVUumoVzCFJSG
NFb0eWzhP+EFiLojHP8QfG7y8QX3YjbpGSfnapiXV3/nPg5xCaRZC6ryz1G/c1j0
7HDfOmMxdllF/hSAi+CbRmGAsp8WI7cYH2Q+lwGiSwOsOYU22t1ivqdRm6cNux/Y
BeUDqWOfYPdGn/UM1FGxKWvdqCeyrA3j5k1PTFO1AeKY/+QGRnASsnDC8UUP003M
VbiMD7Z0uB52J6tt/mpHcUXnZ2LkoLrAacFdi5wxbz/LnN5A++QP+rkh6TMg7puM
FgfXQCg43+hYhbrkvwmiBFAJz1B91j1LSL2G0HzszyGcKNL1s9YoBKjb0xx8wIfw
eEfuYuoQstu4Ea788+n7ozmNS7kFQ6hYtPhCmUPhjUuTrWtWV1F89Zf4JiFihrzF
WUFj51aAjou8wzB0kf6peInRy5xJ4rpwZIizM9eJruIvDD+HmMwU2UGcYjjpXN9E
yi50cJEQQZoP7JB7fw9Emjq/WGlODxRlezbmOHUfbqbbFVM/KP11iJ75OEQdKw1J
M4iTZWZ24e/aEqoGZ/R87dfG9ZKuu8o7i3QxOvn2cm57ywdG4NQV9Xj74FdVrLoM
U5nTKeimdkYc6BUhNDrWeoTzjfAWbGxBomgWoy2+mne6f4hVX08Kxv2YTG+yDeAn
iGxK0LiUW+F9GkqUlHPqAejMoIH6Z2zTyuTVJVc8ig3gUQLfCO2AJz9c0/pQILgH
npBgpq+4WdW0Yip+9lr3BP5KGU5mGHde1wxxmL3A7/p6tMaCOwOExhfIKIwUtE8c
1CXT+HUS9zjONA61tTVTPZkEY8KIMr6voINHuUCvbD62P4W9ZEbxWuSoucc+XHo+
Bqk5r4vFgR5G3emt7qGsFennb3siQu/aB+jENycjzN7RnlRCYiZvJAlqy3dLEeE9
S/M1IfCWSLijcJMHgMvm4akifigl+wCrNq+S15End4xTAet/Ur7rzh1VSfQHxRM9
OVP5rL3vLgbYnHNOnBWgM8FV4hDBzsfLy4CRvNUvYiJ0eyqv5Wsift+4sSj3nwLO
COoNx7+oqX1ICOo7yiClW/DhakIVI5Ydm2TsBchKh9dSg+W/Ez6C2ph2v33x4ZBP
ucurUokYNqz7U0VSSYEtB/lEzBCWAM21PXdMphtWAObQFtO5/8l6nDY3+QO+y0Au
81A5nhgzXIEoDwPafSjWJ5YUJf8tnftD/CiSH9KbmwQ1sTbvXAe49Jtdx28Jb+Rp
9E3QBexiFqpkkwAPi75CIb8yPVjauqBO8kJQcA0yookzBya/ouZC5uC1VmACNrYl
8BA35zxa+/f4kmffuvE0abmUCTGxwVwJOan6uvaVqVMIN5Hjlj2TZcNmdqZyCwMW
JIAAldAI5bTEYkUdctqD3CrV0eqQL+b/LvlOJZD58R+1iaNsQaUGpdsycW2aBfUc
XHiesdGlYCS/J2biGSDIrYYKho9ANkNRtMOXRAUR/dUaVikL8jMN2ka89RDyX4lN
gdQH9OmUQP1oQcKImACQcB00QLl62WLlnEKoP2P3VemkyMGRSditD6QPkfutnOlf
6D8LCYRTb4/p91wzIxdov3XvpbaX//koMOWHWaDgDsBPK/MmRwPp8ym+yE+tuz+S
JI3Nv8L5KkshFraFsEUpPcx41njBvQV0h7vP/hqwwnbFSJYPm380LK3Os4rD1g5G
LNyaBIaNTPrc4j78SknD0lI0KhA1JXSKX2Ul5TMmgOOyuP5wGBUJjAHpYqvTnZ7C
fUihEbg8mBx243NZP/XrHlOXtNzGv64BJdGNx8bmwW3guuo4fXG5aZ0AFzYlHMCi
UfFtEWAlB//GVpj4uxZ5B5nd8zNiQrMGL7B/xYGilhAhDYN/JLwgnNkFWP2Uo8dU
2MPzCBuglZLvzqXQWBRl2M8JX17iyXKfKie+592lWocB32ZSclBCrpc9cr1vzWfm
YJyC1GvHkAAY/b4XvRGrS4NmvDLgjzWNzkDCru5dEc9+oPvf+/rsyP7709Hsde0Q
qAP2IwEF/YHJDIgVwqEIWdWHRbkfasLiqsEyXHZ6BGNFBaywfQCaZ4Y4dVUzryDC
mtz4YgXwsvOHcaY8UvHLU4c3/+FwYM+0Xs1C5oYbk7D68KNeXxw1lui7WSBySa1f
IGcm3OM2tZfwauLzXHwSRLy5gtIZj/RH3gfVQZ06ys4S1kzIbJgo81K6ysgyDIQl
iHWzSxPnGUVz0GOJ2rHb1eYyPzPJlqqJkIgajvDh3Zdnb1HK+GkIJGgXhgQCaYdQ
1hwIJzHOX1R/usdFxyGA396uz7cSTejY7D9SN/taXdHUJp+TJi1vm20xMWwHvpkh
uyjbjVJTmyM589Oj7dyTSBGbRFdRl9y6ekkMCdDi7Z6jYyEi9pMvMGUnWO42mHTL
ehLtRFG0LX6vVF1HJocqMLvcs/yInAPWnfTtgBbe2O28/rfWpkFnVTEkmEobl1pP
mhWSue/ldrOM9TL8TYtLF8+zF4+v/E11vEfBlBiRLZSA8+D+uG3gGMDq20Lg4XOV
9cv4I4x2KSYKivv4MnwJd9ih9IodTr4sdgeLLEd3CTl5/fziP5jb9vfD+2c8NhzY
Qb7/0YPqtPZwgNrp5dB9n2qNm9y/cVhYf1C9pauNnLSdNIXBt5yXRu4kzNv/B56K
FtbDalYVdfLbhSEcW50DqpBFDKPzbtGdpCsOP/+ViQE1mtNNuTJYwQW4eBtIGfiT
37N/PvZyKn+9uoVDJaNG6iTeKj1WB/kNz+zdmuag3yxlkttcljDpchMFqRlCUKDj
+SPrKp+DqlGC0TpvO+3JiN567WDV9CvjdfttHJ5zpGPe31C4Muu0VYASuN3UrCXB
eQLee1ty7rk61M/RlgIizC8JAntPx4hfBb6ujZnyrujGRowG/TLsdQNODvj3Fw8r
i/huor6VwkJwC/FQxvjTNWcEL+MUu7cBv+O2Pd/gL70tyQP7eg0QENUcyUsZ5NXl
f/BJLERQWEsr1O8fRTbkWLHN6/nowUZ/0c3AqC/SNHTuMky0Lcy5+33Xhlktb1rz
6TRBojUl9yjD+DnbmpGY5fDKhQeOUV+ydFSRUCu/1X5P8mkU5+kja8KIWP9HTRDu
3QtuUN/MGQ0iok8Hwr/3U9spCp1E5KsxWfxU+M/l0KIqKWPcyW1bX8JUZMRMmL5s
qSiZIbkE7yuXFrZw+ubzDnoCZwNM37F685nJ08Wuk6giK6wl/q7tcKAv+mMmrq8+
2iKIrT/oWIA5iHkEGI56VrvqetNLoWo0HKlf8ZjsBd3Xc8SIYn2eWticKy8cH5n1
LyI11qNjphhUCz0b7wSLOA7d51cZ7yCPgWs9uB7bMlHzefIjTGVNVT8ktRm9/4VK
OqQugt+L5OOKRvZ6UpHXAz/Mkd0Y8lcM39nD/hlDfxA/oIoEM9Ze7NQS0sxD+PCG
Pylc9Z61hys8KH1onuv7tyIZ1a2CITXJzPl1cIi/cqbrUdBK6XVNla9exfSxVH2l
XJPUcB3UIvSl750KAXJXVT+Hh+63LCzhUZaVVwPR21tiYZI9exGKh3n2H+Mm+H8g
ODkrO6y+WnmhCwGFZLGUKJA8f2qq2HfJcL2RGV6C71ACc5PGQG5zbqUxmEXidQmj
cpykjsFcy7CsBWI/wmH5vX4A1TNl7FFE2Gutasn/JICUXE2yoeabr35F3SbFMnLa
A+x4+MPbsq8eR1RK3/X9eGooP0fkQbuQDklJ8B9md0TlyXVn4DTDSSsxNBK+HRBM
Q8GBkIVisBV5lAfEeqIDYN6rklhEwAEi4Ulc4Uv0IN24vMdaeX55wE5o7JjNFNcT
c7qoChUxRP65LsjoTOxM1lE6Ra7302PwaJZK3dsmLIE+7jaqdm3w689tw6sr9Mzc
hTK8nUWfkXWK0OiLplESVIUG4E14xARjYgQMltYlrA/wgFLoJkVBAEVMvVL6hRoL
JOKUTBDqwU9jvu7ZhgaseyOQ48+yY8yPET3CM2XCDIyoGAbc58qIC7vn1meuL4+F
otjxJW1xn2T6WoUtTUi6yCCRHHe+xcxlSvt1wr36M7i7IapqGlUdrRoKZsiPWHDP
liEPqlY7105hK+pMZg58OmFB1eRkSZlrZDzRZwCPErT7vGnZX3InSRtNuhjx7uTB
qN7yqv47r/xMPEPVshGj/KQpEu6+PtMZn8OmFlCqN69yPhc4OVtNwyQwWHBBZ43j
Gx8v2IHL60HGy0yhdcSz5NdNdsBwhs0Yqn72xxMKYY/Ax/kVO4GP8kW1lF2mmvPq
a93lxxKUnuKRY1Jwl1gPnJOmtLm4WjPqSXxgY0D9/vnDgfv/9PXjK4hNnDNvi+Ji
qwwAW7nLMF4uVkirCndrt1dhIDEaq/Wju+gvo+pCl1ggRZJyuQhCwm2swB5jTuGh
c7V8X0KEgunWe+QXzMMBddU0MAIoHddnA1d0KqNjIRfnIw0Eb93j9zYK5U3cDjF6
LKmD9of2rbA8mWc7DDSiN1ZglQQf+wwLzJ7yctHadK3dzNZdMiToQb41KtuKXdxM
sTHmhXcbeC5cPIWzbr5tQA6AtbusfwgUFek+jh1b69cw3Ibm8nCu2okSbJ6DEaX0
7/Q6D/wQCWV1HSQRpzCV1BESRzg823D/VPK1Cnx5qjlFupXyPHlh1jlBEongTwwl
7LrfK3UGH4zgvr0aqlaMgDpOofQ36DvMge8Rmho1dlMRHqSuIzRhJVYL2zlAWaz6
unVy00hr5FlR+5FCynUNxu9XjofqNp4032Ihd+0IiOqORfObfPhFMLDFQgWCXnO3
W3LZR8epSit76AEYaw+6+FmrDPVmQGab0JgEOLctPNyYPm5XoVLM3/675GyKz/3E
dx0HTSm6BLyrY4h4FMVaI/nCu+MkizmdZx8jDd4nSHya3NdNOjphJv5nW//WlEPO
6BOTjzVrI6YvHJuqkC3FssUY+VWZRC/+0iYlDYnaBWU=

B.3.19. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9880 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6308 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 2041 bytes
   └┬╴multipart/mixed 1977 bytes
    ├┬╴multipart/alternative 1144 bytes
    │├─╴text/plain 381 bytes
    │└─╴text/html 479 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
References:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>

MIIcfAYJKoZIhvcNAQcDoIIcbTCCHGkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHFYOk5t8YYmCqGNQFi0t40df2k+QBqVcbvZ
0esACWlsXBOJhF4G7txPmml0HxWoUn0F9WFB9pKwlRQiBqpPLbiGZp+Y1HwNurou
Ut4NBKcHJRPvMaDZwEdyhfuTss0jn8LAUD0JbgQ6TFJM3m4ZZg+ygn2bHp/BK6o1
mCypMij4JNJVC+i4BhMP8ovXbnQVSbJTUqL7jv2d8xAu97M9d4t6HCdGVDiLgl7r
TFHuUOfWxEPVg0JH1onFe7kZKr+GGHGZ0Y+kl86aZL4hOIPSI99xerO4OGPKRpyc
XfTufz7KLjqPejWsDfjfcrsP5PFkSisucgEylzszOueeetfIuR0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAp0zIjG+dP7xx4dpqPIyi0G1R
JS0qxsoRKURwEt9NQBC+5jsktsP/bYIljUHPDs3IQh9X3hor5Xf5rbtZ+GmbNbzM
nHtfebgoU7LrErpmaAE3v/wjSrHkk3WV9J16jJ0v3WRk15vfbn/40HC5Mz/MHrG1
JH50LDrI3otxV8ypUOclTmPCNYKyYwWCOtrFZdSdEQZ+QMwVI2Whfd+4XI1R5IfE
Nm2XXNEtRPpDctgDzdnUjI/AZtIVPwHJr2btHkBT87ZIOQ1+zNmjBRu8ppVtP1C0
wRcP5EVSDvjs26PUnQNJ8tLxA2JzsVwT/9dani2N9qZ0d8NacmCQcD30/G8VojCC
GU4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFqySNSrP1+DE6YxKIi5jwKAghkg
UNGUxkrRHOBJDt/Nxw695AiUFrBKf5vOLpploUg8zk2+3SvCL7efPa08PqBh2rzr
1DjCf21Hi/Z40fAAFIwxTEPQN5hau6P3BxNTpbbtF/rCtLaKkS8L5NjboHr3kIIr
NkFqRiO/m1SOKfcN2+J2ZF54UYFJpXQd4ZThv6TlqXF8k9rVLZWkBNpEbfrQR/x6
B07bqwk8VPYM9QlK7lJg4WQkYSlUiFJzMbDMFED00weY21LW04SxtK0OHAdkQYfI
LWVr1HlG2nklG4kng4X41wwLvJV3g5Y9LXiwMO5wujUsL/vbRjF4coF54kJu4RwB
eUeyYSB5O5dZXJnEa2GFvx98h44AQNAaKtMRSumaU+9P1/3Ov9pwouaQR7e0EaUK
HdmphGvEXZzXGG1GzeKNRiz6X5JtTQR36x48T74hpvlDtqrUFe9Bf/e2tH92cp6R
+yTDZyA/DVFooZvbXgxqlL2L4ipFw5RMqOBApsJ3GBlFb5pYGIbkda3UcgawEFYJ
pcGEPoaRT1dj8QAbiN/I+MM2e0bm1pcw4lWO8KOw1yciSamYPISFHno0PLz8DMif
h0qbiIQ/uXl8Fw0PTl6gM5rEbfAUuWa5RD1nQgSN8lnFmT1wB3InMfzNOycOTxDV
zwqHevZJbQUT8YsBr/H8QuDD++GUgN+EY6+BZhX6WXeWJm9m+LXEmOlyHb8JIe+z
FawWoVk1cRIJXr1c04k+UrcsOaIVOa+VYDdqANCVfudDNEOab8UOyZUMkD8dYFAt
f4a8iBj04CczbPuqSxgzQbVzmKaeNt8osiLz620gwsruUGtho+qXp9+jNzLhCB6U
03dZKpMxqvyc4XWSnV3GEtePzUynDIFSZ2R118lFlSvGJXsKyfpY0Z9fVkzUFCbz
AE8llOE4cJVCP6UBV4YrUbTAVr7dw1j1UwbT34SlBAj7IvHs9OcBGdtNwKJdxGkT
9Kzp4XT9Xgyyqg/c5T7FXou5ZWpWzAe9UI5IiBcUZuEZqs3ISUgjHira15oGbUOl
ulkAYRB865mq3lsYdQd7ZKerYnCeWmln2OBu0DayKV8EZLT76yUogVAcmemP9XqM
YqUUH1mYlhbbnGLy0IsBSZg+TPoqWgg7ATURzD9CrPGcWE623cvPiSArwyCvjO8T
K5GCYmyIH1dQaFaMUWKedpNBZlYr7A2/arw63v1GRrr2eJJeeNOiFnql49eFr1PM
8iq96CiNOHi/9ei+koDPZE132MaPgZn/4CiXUf5nAUEP7+V4MadRL25PRq5eQeYO
kG/L269ON7cyivkM+ACDx7klJPUFswmYlmO/hhTL1YuKe9Bfk8HaM9O5TzIF4dk5
pi2M12jf5QYKoV7ueEtir9M5wEkE21tL6aCzeLLXjnonQJh2OAVslanS5TtyOqjw
Wwdcd3HdGPVR80zTNqR6zT6aO09KOGwv5r7tgiZMzw8S681wpG6bFJdQj11mbrls
FUDvJCOGS+lQeIJoVYhZJIXAY+TgRxgAds39aL30BAZYmVy3KHCRtX3hsIR9s91v
0ITV4jGIhohiJd0mulql0FwIqneYcFaMFwCNs4kZw1TJc6ry6iWbQYUogoBzklRn
4Bg82AqjCiBn13YRNGKNd7B2Q2jm6b03+MyxEndVoZHT52WI2f0elHILwI/eNe8u
98FxOEcfNRMeWKOt6tqTyxlVtF6g6balfHdzYbb2U1ExRQBHsI9/8q3tl+T5xi9x
3FDXAklrSlyfofDceauXq5Xuo6R3J9qqwLuBPA2B2v1BE/9T7Ri59PLvSoQRnlD9
dLy9sGqT9+SXpHTVQdkjE6a17nmSuXYxr6+fzJizh5W8Ffd7TnBYzJhvXSJxm9wo
/QcblSJlThLmNYpU1ItX5SNpjmIAeUiF4OUaTDcGggr7QJItNKKLd2YkU4zFAvOu
guF3mZqIImhv5aX320yn9/LRTcZZN5fZDhbD+WD0lMUDWwe460WEd0eZKEZPi/uw
a/57s5NPSJIhsugOKR+AWR2CBSSwo70CV9BU+Z8KnUAKUbxxEEjHJ5yqa2Enx4MK
7hULKwaxFZsbEAUtSmJgc9IYUTTPxlTVhJDjJ6DvlTA8EH5MRKBTQrHrK35f9cCm
3Wtr6DTqWJcU2UMmz3rUEPOse0mj3//ESDxKzGInzqdq7WaaZLdxN0fx9C/cRZQm
XN3+KnhiEHM/2f8IZV33/AWN6jeOCAW6CoDsW2XTpBh5sW+Rs2Ej3r52cdTgTo2p
nphkq5r/6u2Hj38NIXSjDQG+ETQ7Wx7v8HMfp+/+6bsAiYL1EQyhrfmSNgGIDyqB
Gc9w0mFnWFeW0j/xmSTQjnAs8a5TfF9vlV8D6Yx6IFgtKN0dh3XifLwzf4KnD9n+
7ZbSCk3tHd6zte20axFG0T54Iih9CQJTh2DuJmW+3ivfcCpT4hJoBFu4WBlfdWxa
lvULWvgI1oldvlbKmnMrthT528hY9fSejx22BXG+gWd3XnIwvox5lMjWgOCVDxog
D8qDKlPWV2qAfWJ0eOOrjmTA6sHmQIzEuCDfyJz9Q/d6wlRQKmJ0/DdS0IycSvyb
tqgxT9vH0QZW5/cRtjczSw5SqQbqzbh+FGQs5yRxuMoJrLewnvBXQO9MW+h+wY4P
PViuBfaUv89ZuKsx2fJWSZOB4njZx6D5YB4PWkN5pAmQ9LobFx6TBjbxjoo+BzF3
uj0uatyBXEguanaXHfj1d+rW1dV0Ey2IcufOLtMZFgYMAAO9JpxPXtQt4ff4xSVg
bPgdsTGiInc0fcb7AgzDtMi0KhGSMbMJu8B/Hk1DBrjXVACyN7LYnpr4tmop/gMQ
kNJ6eb7qcnPVRDba/f6+4CY9ZdbfUr3A2wTTfDjMQ4GfdgY64EB4yAMOTPU5I1sq
TCTclnbdDfdCHG97liJbjHq9lPnqS7saQRMXcf5wOM+nyUuLN57jlZRuEKU4tvsJ
BIrCq5cK8PtYAfsfdINcs4n/nImgeILsN/s50MCBRQkTPCh+5832pYhE0c6Fb2xV
i3Wv2Pc5M2Xx4kiH/xeGU2IwqA3s6Jyf6wyWu5YixUBmb6/o96oQbi0/9/62n7Hz
9CpIfrItfmWpvwgu9g8AGzt/wtwjlrGsflUicofAOcNdDt0A1QyZQnGgQ+hsKAaA
YMdGflKNKMWJn+mdPS66UO0C+dNqTEd7iG5P62alcqHjQTZy5nsDWifrZXl4R6bZ
62YmCIFyx1kZt0EsI6VDlo740dC8TB7dITH1YDwksj9kqHTQpXzLsIX5LfGwvH14
dzEUlT/+t8aFpyHPdZBw6D5w7dQlUdA1N0w5xND3GWIUzdi1PmApylLK4NOm6vqG
i8CJDqKe0cs7FsAK2bAPI6FtzGRiv3jplTXlFIHSS0oKr6mzlhkiqUyIQWdEr+6k
H3fRQYwg2MyYh5ZgOKFaYidYFwfBsIHtGdlYED1+9Ns6CyohrYiyF/9fU+RpBnWT
0fpoZc1c1XT+0CNUqSnPBpRZSNWPGp102sKgkpea63ozpWTDBCiLv2127CfLPWqD
iwCSiiOhxcUsfTku8+ku12bIn4wZXdenl1yci//E8wVGOJ2UVagiYbus0fxYLxlV
nD5rDHhH0wnSptNJxGYiBNU9fzuHTcl7USGUCZmMXEGQhPInGiJYrELGkzrghXZH
oxma1CRKMXdmce7+mDdUNor5tq+w2Nweci4SQTCb7eVU2YgyUX0/slInbIpV3I9Y
JJYyDTvHlEdA/WTsXzx/pQVCwW2yLCNIOMkNGlhrTOZqR+FdzlEHVNvcbrU2/2vP
28ho4AKPP7ixOgoqSQx9T9P6hy2x2AHVSGr+ZgA4HGx4uDV/jQtMS8huBmodd76P
qWMZYHRuX5xQKPSunCb1m+FK1TqLj3HslL6m7Dez9W52jsRkqMKl8CDbR17tTkgD
FLt1fHY2LU9ih2F2OmYyXClbO/RgSVe1unm70vQZwGVzycb0uLxhfJ79yuZYChNW
9hDRpMt6sDUilVKdXrNF0b5ZR5A8q8XqaXQJt/jLw4CTxENWL3XfETk/9JkJQm9r
9xw6RvaSxLeOUx34bknlHgK+wnXlF/7sFdifwzbCFuLBW2R5ho1sIy9dvKSRJFgX
kE1SwUCOn+pirjP2veocg4EUL06KdgCelRBXMDOaZptdMQHbPrdFfkKwyLRdLNMC
FNeo8hu+th5qN5hmN7dlcaUuQzEZh727I0N192eP1l7bQfq68/U2GIPjbAqHZE7v
rmFM7bjX+G6NJSXC4+/LEOdhzHEcgBV+MKEzTcz5IasvmxacqyDyABj3eIySSn6X
O+8QAOpuPzOBdRmgjI1DYBTsql5cVTpv+oFfO7XMSKRUNmiHfZxaqgXUUmO0Q/Hz
DZ0G8FGRPGbrgmEadez6j7nRHjK7d/q0rnHSRZhNNVghnpS8jRWIN0D0jQt9cmuB
TW+3sp+KZQn0K895UzrDyBOWRwM9GlUlm+UiidH5j29ykU0vh45ZrcDMiFkrRCRD
ZDikboYerHnvS/W5lGEhao1XXOOzjCzpFUmYHr9lGNv2kC5qyqbjl8mHp8bhozbH
HnHC7pAdefo+qx3VGjawvWJ2Ql+0M0T9+9LXf/4kCf2dLp5LiiVez4P1KI6vVN0o
P5Z1iVjMTE0O2tLLg8i2ZoPmnEwlD4VGhhIHu6I2bZuAisgE5zC1n0yD1Ho7KwZ3
r1l9J3xuVvjq6FKvsUsPg6xQGCaWdod8JW2G5pjJs6WeKC9RUu3aqDNWJ3wqug3b
VNrRqYP6iMNwKv/Sefzkc0475r97Cmm9XFl/PqtM4kNdeL3Dx6QceMP8ABXvzASc
fYwIz/Apy0DjrswotYdeV1UGY2Xqv0iEmmSKCY96712cXu1UH/hGnruftug1khU7
vPKa8yutPyGwSQp1FamQlY42f9fEUGPS4S1MfspWNuDvzfrMWip1iAWe64OPPgZO
LjjB74/8h05iArEguQFinhZ5mFCgV0sCT9bG2jWPaHjAQXWb+MXqG3ssHjesERvN
LmTXCgNMGWRNEvhI2WkEJ0WrlkqcK314tP4uUgIXszu1AcywES6nn9G3XmyE+TZz
ZaNIEGGiwYZlHE3X2QDxPeu6nUhzZRUtSfrMDga1sdJSy9oZOC7ezbLiWKm4WxY5
XxJoWi51/E1fsc4XRWvPVuqgK5DuNVLUBYi+h6Ma7G+c3Cc/MgWbdNwC08ETxqLa
c0zU/T+rceb3BKEbPfPsoN2rp27T92H9UenJNQ/gCuZZ0L397V+f3kS9LG5c9VMl
CiQNrsvCiuGt38EDqq8zX5WG/R50aJ7I5p32GTQi6tlUZ6rauG4bfmLxCtLgr/gd
Atj7TX/hU0LOopXAi2RRZULyOSzHZgqEa9Z4045f3p257oHY5iEWfok8aVU1Zju5
lP8JFscNzzoTunqqg/GdPDFkbaZhii6swu9quTfRm4gMYkCLGz3UEuvRcy7L3dss
YhZBbFzzwns6kibbn0myP3ZlLSovtNipiNDrvU8H06WEPG/teLJa3tvBaq+Ie0F2
jIO4Y/qDH5lkteW8MUNG6DAJlO/hqRKCQCJJ14ER+zE7URzxMLa68567pNqwKsDO
FxNG23l8ex4dfShJ5HijLsn/xBq4eeOQ7tAZVl2oC+vX4FtVsTp1DN1wi3kloofM
g0zeFzpdYbBnQW04nRr79NNqAFxo1fsVlaw76V94L25dffT/dAwuad3w6AS1214+
pi3MGPvjcW4wXyxxt1xu+cSO+c60jcnCktOgFiU0OHXDY47pE3JvExQhSpiSRWV9
HTORF7B7UeuMsekwqP4qFTleBqauOXo0CKP4T6rVpO8zZmaJKkPYw2z4pjqszNpV
rYImxx5i6MARxgkAlTnKEqiQaJ9WI8olcbJ/jZoLpXU4gEz7QHHTA4kncWyPNTRU
2OdilDSLs3D8vM631waWjyhndiscGHIWATANWvGxQpEgzvy4PCaIWX0pelfhizUy
MFKH3jtL1OT6mvopdhXkMrjlr7xMh33Gdahkyjbkz2HGtWvQYRpBfCj3mREkC1WY
sSnmWF25c9cRjWdQmf+s4T+hYFkcS5oPn4SfIjq9BH3c0M7grFZ5q2NatPgi/7M1
b8pjoWcIs+iEjnXaQwrvw2xX3RiwBdrzmnr0JhdyNlx5pdnWYvW+qkMeyq6FtjU5
/sT/QF7Ss1x/3Vk/gaJCUwmjud9ZXzuvhgHM5LpBkyydJcbAkeTgveOZbIX/W1YQ
MgGABBGUvgyPznWze36Vtz4/I345TBylHDVN2zjACj5v6NHAX/fwl3aShfC4kZuM
VH5idzdJNKreQZs4B55Q2RawEpRMVFBZKCXKYC3A3l1OroMijpuTSNvHqq1Kd+Co
HVIt3hToPUpCEpynxEk4Oq7aRqUNWrp8W6qpOM5hGjfOOv3BAwzbeSR1YUS3rdZT
Z8pXInXzbP/5to5wyIUuHpV6+9bvW3NDDEMIxKQdQSzHzga9J7JMYPlI2SDfebnm
D4NPoZxV2cZQrzOhu+kb8nSFibkqLlU/TQ4Tmt/O6dOiQif/b3SFU+iixMINjA6j
VxVjgNSbZuWE6PP7ce3qGLnNZWZgfZ2Ikze4OLjK39yFNIGxDu6a0Awh+RZDQ7V4
sGvHidd5mNygog9Eiw/f34I6DA6YcRyWI33CWMmSsPeaIjDyJm8d3n0YFIcWHXxL
sTLt/haVeCRWl3mouzPIgABxMsMPzFmlp1NPMub6b6AKZvQZ9QVUe0tnmKUTRP3f
ftsD6dAUVp81zdwDRvSN07N3xQ7trOhEOQJOxIZHm0/s1svN4sFAu/g4R0NxSBEf
3ouobyRMxgDiwK0X8UDXt0ymF9mS/VMRPHQOHwdl3y3ccRU6pSkgOacO0tKFNirG
Cv7WOneKvkuLrHJMN4yiRqbVeCZUA3w9wwWr8WPYyoJ3JkML6CwMN0r5TZfLQQ0T
Jql6ToSyeCTLPl7YpxiRT0UoHoL8pXoQLpE2nrUmVt32M0xQyuNjzhYnA7vQLWHh
0SLzEU+AtYyVKl668epsN3A1Mteemafw9PczLegaXLZs2uYW+xMAbJu1PRFPUVp7
57I/loyM/N6Q9z3zzyskmRi749Fc5o+ga7cBJEdR+DXThjDbe/21ZkmwbNBJiD+i
nUOKPgSu7nzxsymm54s+aeyjT1aiq3larI6VawSGfHh6VE7G/XPXCvFNspbjr7Cd
crdsVfw/7YLTPSEmXeusozdo/Smg2OTBBvnJCX+DUFALLl90fkrJgum85FDWkPrv
Hm9wT8AuiAwcux93xRWbl8AS3h3eRm5oG9TuS7RuKPIjqwRXQDdJDqFy+YDIC568
YVtsPTLfDaT+QjyDg6AFWYtrXJBAX+viDkAI0BAS0Vrs8SUn6LjADmfzkWb/T7iA
eWpPdgBIz6hj86OvS8FABJZWf8ARiK7f1UaK7b+9h8ZIGcO0IKhBnzIZPNQ5jUMh
rF7XYjm9rSnOFPrmm525u3JKbcsLk7QbHr2zfPC4DWdmwAt+1PDR/TLhrHqVMV3n
yJtdpaaFpv8xHZCHS2E77Ft8V8kAy+6l3T6X+cVLIp6eVMA7lVIkqrchPLSN3CWA
j+1wvZUZpaiPO0HXNtkYzGjJtx90uRWp/xZ+DYXvFJeQ1e5ydiqbgazTCc0q4+ly
0EpFE+VjgTc+zFvTTpvh3oL45eyKl4ech1P+byx2a4hGxBpNEJKdDkawCfE50kIw
OF/iRsP6RSFW5LY9ESLK8T5vHHSYvxqsd/GTfuUZ1nQsBU/5QQAQJGvEXwrEupVk
nS0XNPo9XHzJOp5Cw7Cx0I7YKTu574xUQZGkLFU9mMsomTDlzwif/g6K/Ujov5GA
6bRfb8Sb+zl9yIXvI58NSWdnvq503fdl1JLVOl5CMtlpRbFg2xR4DOkVVLHvvJIG
xOLJc5M3qnNvPtLBvBlcNh8apNm2ZN2VO0EF1lCP0Ij8OVDDIcgFKse8cNHhssCE
3R8zL6Scma7Qkyyo4TPiaaCkaypevXe3FbNUZpy+G3t2E9x3gPKY6WBEDXRLqxi+
Ypy8z5jYQ9rpWrpjtykpqsHxUKOV1UPpQuTwynR0i7nhj1BdavHD4bTyQnJl0GSS
UyuPlebG0b74SNX6vhwaicY71oN3Ccmbw1Aqp0oZHwYpjR/CxL2bs6eDyNwc2elh
M1GfQngacrJBKiNPr4ZjVxvXb54Z3E1q/026pDVux9Yhg8v4G+gDF6vpmageT5ar
yLTP1Kj4hqX/rFJE+g+9SMgwYTIMi44JSKBsfOGDLbyzass42nqLNDT0jGEtovfI
KhmbGBUH1nixUtSbuVoMhgFnfENzA//5XesusrsbiHhc4LutDlFhTDvRJTt/D9w8
MVM5280CMPj4/0UBcg2iSWbT2fjQmp7mUFM+5cdTZ7/YD/uiupz50zRF0ALcnrXq
WZ5JgqINIRHNgublgx49+5lz8AnDO+c1/3nL8c9dPqxU+oY3C3+6KnaofnAGVZcw
/9w7RaaXIoJtTM68b5pX0Jd2yzMTPyeUJCX7lwt3wN8Zui5/7LV+gSfcF1l+odYQ
g7CkvcbaIFaYP25E3SnDBVp42T0qCo+VZwK7dK7BB3rjPlM6kBatg+93x1ZJq0OE

B.3.20. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9925 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6342 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2009 bytes
   ├┬╴multipart/alternative 1148 bytes
   │├─╴text/plain 393 bytes
   │└─╴text/html 488 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal@lhp.example>

MIIcnAYJKoZIhvcNAQcDoIIcjTCCHIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADE6mU323yt3WjthHoiqYZZ7xRs0RSluUkr5
I1v1OlSNq5YQ95dD5vNuhMvjt/EtfgCJ7AO3aJNaldxCo/jIwbq5I6odTQZ7aEWN
BkZ1KMHtu+gDoczq+jPyGvpYXl4x4yUtSwbp0I8nm2VMoYvNY9nBaqaXuraOLnGE
VeqcJ0lh+hkyb0rcx9cxLk92xMk71/HQK4lYD2uMSnec26UemFmvSbijnBoJqqhi
wDG/iUN6/7yO5UYnku7+66Ub9Jj4pdtjMXAyF7LvVBNcQ4L+aXMFJQQTJ0K6Rfh7
bgogVv/ijZtSRmB6jKJZ0wHruSgKIGFi3GdUhFxf7URV+Xc6/QUwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAc8xsqG6RvJzmyeWC4l7tECW7
cLRsPjr0ZP+NZ9j5BjhHOOA8KUh8deF6zC99DixeMVHxTWgYETK/yAKR6VASWglZ
jT/PXeV3uwjFKFj+VfMzJ7OZmToXAJN5d1PzYeWeLjN7qRxo0/DvyjmvNcfwXI1/
uwiTkdmokX8dyMk93E5Y1wwQ3fKQMiRIt4gngU8r4+qMZzpy7oPWQ72EukdIySkv
wga+KasO7PeTLj8KS/dQ7DxQ7BLMjVF+1zbQ1vTujOPQmQ13u7+sNe7YbsIpMEmN
R9CHHVfml2QdRm7KQhKJ0TMC2YeW/alCrLGnJ9eK9QzlBfcUtJn9hWVsivj9fTCC
GW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBQNnirHKPkL4TpSNOfBt7iAghlA
yX9nf2uy06ybPSZFJaD/uxbWjJNQfItZY7VyFAQBImHBg6MOT21WdzkvQA2njMSF
xQx2zKxBaPtnRUKQCYyHaEygqrCT/cUcJx6nVSoEntZQcTTrgSiDL6TxHgSyp8O9
d+VfULsu82GGbdylE6wesW6wZxJUCuD1DJnfonJZUf/Zl2Lvif0ol2csXjaYpbTc
13GtrcWDVDg+uqb57moD6y1inulseA1viro9dBUT9mki6073hZAO99/kbDfgSdTU
KJ9qIZ19sjifNaoDN5noumSWzUiUSjIT03RE/iATAyjnrhW9Mwzbe4PtxzfHJujE
m5hgiQHyk1h5wv1Qi2vJ16joL8nSmU1871i92+x8S6dFBhpo9l8+mFSvWPCO+ZaS
4TPoqFfY27sAjL+s0h0mHE+AzkQ2aSK23uowh1vTyFxY4VANikyVIJWNW3ULA5Uv
iNirhafgxPwS5p4xiymX2ymqM/t7V9//sePvuVDzQolEzO260iOlsFqTd0tun4Aj
P3j0FrvkXv9BDEbq/alL1qkH7+9CyQtoRb0/hjCe+ZClWU9T6b4Z7bvsOsibnwPB
koEXLPuPMzxQMe1Q4P5jOdcTukoDJMX5nVjhHbQwZ6P+SSaKRntO+uJcGnUCeyG/
MM3PHMzQOP3QcZUgpZxG1wxNQHmDlG8OnLS+VNWU5HQlaKg9xkgZi/ru7a0uPRLq
GWI6EYurZRSBOfjdqi/dAwsYSAmekybCdBYPMDhNK3MnI2alBh6YQ2ML2KHDfLXm
9sHgMA/0CTP1AbVgp49G4QhjfPK5XMEKqTqoBXILeGxwMABWV/QntYrdcj4oShx9
wHz/47YxRSALjvS2ZBATEavEzkIVSm0Mhvjv8mSPjkDoth/UvMIeiIKavyqpZPJC
b6NVrnkYhiINruDUheOU/N4pPr6yF7Q+DdoJfmgRmIry4G8vj5j/36GDqs21hllK
rtNsC6A8hqBK1XvLobN+WSmVjolH9xjHbJ/TtAlb6DGPr4n5lsPx3vHU8pSc6vR6
Bz9OT7wm8UYvRdyRUWbl6jQW0FhO2jgsnKEXMuu+5JUR1J2els32hfPjBrr7B4px
MYnh3O7OXTjyx/ES8tsOdukPqbFfBlLYbdvTNVjyvkJA1aek4+3o/XeC6Iuzuook
EECWH+JSArJpgH7n75dnpmQTGRu/ZnhqhCHrXUnIsKIIXpThI0WOuzXCrufxz+2Z
NtAjJhfrJCxK0+miSLeZv2bsxN8Fb5YKNNYpzTqH+6nFHqbZg1spkQMvDFuo3jP7
LYrcE0I/WwbcQE/xIC3QgtimfkPodf74l+2ZsNarHX2SB9ys3DoQZ1e0ryX7HeL4
WImseW9kY/89f4Hbya3Q1MoASes8pZcoxcGaQM0lDXVYwRszcpgD8OxMA5BY7z7T
r38uATXNDwecqCb649/MYQMCvRX1OyUQvApPVY1hf9N7LKlawCJPMLPWEuHPEs3z
cp9K+zVWmne3o7uZ/Rxo/YwQoLt5lBT991YtjZ8b2AWRAuzfLu8C+sugpE3WDBlk
SdYxzACoUonQRa0QAPx4O9P7s/HKprk1JpzmciaNVV7qL0YVm1S3RPp9wI0HidgC
CSKcHq33Qq23do2+mKU1eZ6QQIm8ZLwgGuAnqSz1wo/SGSGF7FuCURzVjSabITsa
vYlb2Sey0OodZyFyjoc8suyDbv3qUDRusFck1yAbAJithEuzwh9slgVhP+QCLOGp
ga4rgZgb/mVIUqfBuqzv20+IKfeE7Aj0ETpokFjW43Vaf688NhdPqtYVYle7aHpm
VZWx5dRr1Cp/sV/82MuTgpI6fdxi6oOOoITeOB/xOYVaYROSPxG2g8d+gxI5fMUP
isKIGVPdgfH/oyJ330J+rO8eH5bdwQ4ZLJx8VNNZ5DQeJ1deeG3g/KLDKDXaUi3c
wmIRLwZ9ORAsirq3GQuVqgV0h5WRpxE9trhtLBUuuNyxC1lMcvwZPQUfWqNLImQ3
z/5kNguw/qmuzVcd0Zu66X/PiOyhIJINvlbrGtGQm5PVlZc80XAtxz/UjwZaf6yv
+tukIzP8XHo1NSYi0I8qyro/DY3CUSdZZm0e0AbTSbX6GwDLvo4jqg2ZjJMI/aqa
w+lbBrVSVvS8LsUGviRYCIjQTq4q7rGBS5DDcdO9YGjdLn8swV+kZQ+Q6HORy3FI
CNq/9f9GLn8On1bKFLDmRR3eA0dCP/FcMa+20/tfhweawpFcw4RQEVt5qWxSTwRu
1lBghRZ1VMyvz/c8Jtk1bTavZcF96jliuqRnU3svEV60fiiTkvMemb5kReBnH1m0
F2rgLSsgdPzLZX7jNnvZlojlciEOVfqZU6ieS+yEfEDG5DKEZZ9bMUYVUUyM/PbI
uVTl4NuNHc0VkNz5D68iICSXZFEugGH12xb812GRpU73qve+Vwe1CapVxrXCnOP0
MEYCu/ENIBTy/LTrfOE+kJPhWj56LZq2eJ7wTHwd/fx1Rjsvth/1qMLpWBbWWdPd
IKcskR1SLU3VgYOoE4Ph1gaQpd4IjGFFfBbgypjmBUA7DlaQlBzwbHCpetKTWDcc
3CeCEn7AuFzFIL5PdFRbWZzR+Yoqlz+Z15cznBEwyU37fwNWIpUrFPbRp7j3fh5e
j44Zz4yHkCB4iIvszmOO+PGIVvQW2PIZB9JPsyQ7mzONb9S3qxD9VHs3+UCmTD91
IpJWdQBCcosDWgIGSsl+Xi8ty4rp/Q9ec5v4u3fOxqUX2s65N5eRwup2pfNwexyc
H6qsqFVkP9Y/bth6PdrO8qYDxYAP5iwKvQqh7/5vaHdJGOdnm1zJuiajmYTXKjMu
hOEssRlZdT2d/ivnZnSQyCKkKxSIUIIyWb+UrDoIe+GSUWtplaoVG8mTc3NfxBa2
wPyJ6lpIEkNQABO8OJPfj1QXvqBnr6fln365yIKoG9G8va0MDgjGFYHk8ZFfxO8t
MgpPS+W5jlL56+i1qb8V3dixzZxTD8prgd/xBU+fn5559La9faudpl+U9TwJZJBm
Q/WH4V8Ql2sd0qATT6XUccYu0CX524eGUh7bHELejrjO5EW2W9N9hBiNy1InsPbP
UsCBCUujCF+VEe4oN1UuMqqbDOkVgd4d2AcPuhjfYpg7BJSwdxaTBtkJHXYTpvmG
7XhlPj9YCZio+mU9wmHwD8Fv3S/V01tBYrboQtFu9Z+q4hJ0sY+ZE5qtmOpb07lM
TFq26vAwGAOFFtx3xvf9feM8yLL09PigGmKg15RwlVovasdEPajMy74UwhnMMaQl
P8XQldV0YUIaGT1uvoMGs98gXJogJ+1WObrglKhFVsPl0wGyPEHfhnZ4HX+4IMvd
wiolUltWUtdMY2rsgsz6Hp6Gc7+Dke3OzvVaL25RCwyHX1D9Nm1ohY/8dSTcr3/9
DtvBTypw9GZofsmErjJuig4UCUZe3llsLXzqxuaWlYd9qOUJaXugCNtmkctc8Xsa
dXMfxAZc2igIMDDT0pVCufCm7DoA5zsnocDXWXTTf4Dza9Dk/EqyK4brFecXq/sE
Fq5csMWmyHysJAjEswhBxPKz2oIvVhRSOLpPIdlvrg17i4UasneOxMptLRWMLC0K
D6x6o9R74e5QydItuawdeQ7VaHcPdOcmJfKqW3RgOo4qyPUxUnnYYMmMTcH9p8/d
FKJhhr11ECw6hp7g8IwFsYV04pqv0lgAN5wfwu1C/VRf2n9zA1m+lCfRCldfvbtk
W7N0qD61af13Mt5HdcuTCUNNg7chnDPAMQ5PIl/x1slZtigWaAigxIGmVn9eAW2e
YLv/ckPed6ovZlEnqw5qb3b+JBf80hVLjekgzYI5OE1kAiEs8fDhH9UIOGN2rv3o
V7gn1Aux9h8mBJKvr4KvWu2fouP1cQXJ1X77Thdj3asxyd4q7UrnAhzLNWGXYS+h
0jwLb496fameKx7qovgnCEPp2TUbJunP9kk/aZloVgunNe+W6c74lw3X7a0a73oq
LTdPZ/fNkWdpj6tEw2ufJ5Ez5TZ1RtNCdh9H+uk+tbiki61qmCSjwZ6wgZF0P9QA
VkO6aMCl+8oXIsTbP8R5YRq8YTr+Tkft3WmUGRY9ssBweUJWJZCt4nMWMzzZ3M1E
YOOhhZnreEVxo3Hn1RAF3VUGHrkrR2k47jF6lFI6GMvMZBqYW7vGeSOjZW/gfOoZ
QGn2AFBLAMH8oCJoVBT6N2MMyIQxKBQrk2nQ09a4DbZeLn3IBJgiTYsv6w/Wrr0H
qTGflN1O8OHaCcBGqRE7lx8OwKkltPOkYcQBITV6Ha+c0wT4xV4FY6SB+Q7wRh0z
5t2FuqHaoIjvLnGPip/93GEnpFiS3qDoROFiN3xDkOM60CENAd1Bh+h4ajDm7eTa
b8wqsBqU9X2j1LOJYepG81MadrDvMvYnEPqJ7zPY0MZYfL5pRKA78+DHdeYuCikJ
ELq81GjJboHOI4ZLTH2smh3cBDcI5dqv0ZTo387037NnOKT3KEfimaP6cQbEWDmN
L48gAVsGndEOQiea2j5nas7VszypAH4XlCZ/AYgQP80IzKZp888D4tMTw/lx8be5
EMU96NzWvJciyw5aQ33c1qJrF5UB7JJINYhQ3b3iVrPWScv3GqHYrgZrNO4Mvbq4
jS9wFUMGc1oAbd5p5RnJ5ewZxOJDncuhAG9GejZbJ87Dgd2IP0dqn9DtHVjuVb0E
XzuNNxhuBpKk+dwTDRQ6vNdC10fQg1lyZiiwzahsR9bqHtpbWQD7+8MGS6Kh1Yg7
r4uc+MNjuJvc9pMLAilzq1ejKb9JZcWa3v1Yxlf+8AmF80ZaDgiLKKxEb1oQlhIt
WYd5b8S75fGrQugw0up4268p/X97GKLmkJQz5YeSSEKRA9ycHpxB84nmFd9hMFNX
U4m91cwpxSkrkf9pDGaZJ9R6kYigj1tvlDuNtGHxLDJXELHr9IVP8shWsQwQUipT
wZ0sBWwNpp14/OlIvbfErvBe/pCUPMiQhjLsgFEKcCLt2hs0iWW8yfTcCTEKS8m3
7aNOZJjkjKvm4/KYO2kvqx4sXt85fXxfCbrGWUFGGXgugklcKo9jMC2WzY/iEcsB
0pkzkOLLAlYxfPc2HWmIK3jz69hoQwYz0DAbwtQQoChb/bbueyM/gwJxUuor4BYP
bWKXSfcdWDLBUFNK316JHb1nZ1VDxMz3Miqtc6vZrW9zfa0Gj6KRooDTd+TzprGc
uzdj2WJKJusQcU4PK0SiPCF+hMpFzvcnH/8d5JwD9BhJTn8ITFL7zHc+ju5k0Vtu
2c/ascRhbbnm6roX/SeZzoDs4kcYzQioE4GaDxyuzfbEbNt0We5I0pzdiV/lpd9Y
NqdrIRm1D1NjuBpDQSZGkEwCtd3y0RuYpR1LcQg1HI6hvhu5Ov6r3cBMXsQPycOn
mvjzTOZb4uv3Hd6uck1fGIqarFfhfoLPuqIvwVXJZJXFxkPEi77GbaVGcRHCGZC5
aMn+VjvRJSiAs0IESspjH/bQTIjP2hnrqQoYsd33v9dre4enTrOgzRQyo1GXE0FO
MsNT1r7QThBw4LdjPV1h1IchoebmOAixwh+HY9ahXkUoPl84z2d6P31ruUpbd40p
l8i3THpExutzeAPfQfsOhU7K6USyHT8M1a7NacGVqRISBGbMVg3QZEj/b49c5h+M
ymml2xXYejmQFVGLiM+3FnwAX9o+k93MZdICMi3UQHCVFdCb7fRqxrzrRLagLuXI
oW/M8CD1CLem2/wMINJwzpITtFRRZzB+op4ghtnLuIeOCIOtdRIrBTpOK5XQY+U0
fSmY1FfQ+FEBlyh4UNwarnSBdaTtAs6jyXzkDqtU6FYL9PxqilbTruI9Mk+7zOXe
p9N3hHMZwNvN40PnzQgN2Bw4clcbbqPHhozVfmbWsAFINw15FrrFzyAgeBfF1hQU
k3D/Rdq6H/07XDqshc1fjgZZmev78S9Oj4cNC0lxnxihU3/KA09fnBMHSYp4J1RN
+Chdh6sIm6tObJgKEzm+e988A3AgFzcYKVWhTX2nJ7qlvx/zb5RqCD2vVaBhS3Vf
0S5HrkC5r19alwLbsL1LbGNw8dkcL5lnhufvb3zbqS9k0JejpJfs5JEM5bM9jcDr
bQxz6W9YWClAHnHDNB6K5aZx4r0y17cO4QVbUSAzULYQnCfJ5qyUvJ8/j3f7eNRZ
dmdj4Hkqda+Ct6tTJ/KPvefpL7Ci8QdiuSJN+P6pbO4s/9Z6PQjNnobj4StX+hA5
hxXc5dIQZ4Xdin8A8ujAbj0VjhbsBbu8bAIrfldPOfHbAG8onYF34gtzLLyC1o3g
PWOpqGcmGZkXzxwN3N9YfPEZ+VZI24EEE191fKQKyz2UE2/FiCa4cGdtrDrrfw4Y
RK9Eer1KY6nvqF01VzyeI1qxUv1ciTi7jd7Rpn+q92CGVkquO1PHOgMkBtWBiBHw
ep3X/eZGdV5WWZm+qnaloOd/TxqiG9vymJkPzycrrxds7LgYlK5pLijT9fJUAyfL
JCnVsFVx10YiUDmWmwSmRp59M4cTI+0hz5T7m8VIxB57bWmhkXEg79rQm/EczvoV
zvO6tj4B5kFtxKKuAcYrgpZqdN1CQln0ae73eCdIZl6goNWty7N5wLaMhf6RsB+t
m6Zga36Ka98a+y6J46ttp1tvpW7wWpUMsDN0LRRgdCflYQAWM78YTuK6Aob4DMlV
kgeDqA0ESmLbgB0c/mah50uNEPQD+/X41i8jV51wj3LV0nxyyzf3ehne16jvMu1m
Im+2vGokh9POvMPhIRJmPGt8QaoW7QyUDVo5G+n8t8WyHQBT8ZpCS1wg0MIuSMIZ
eHP2dr1uSkiNIQ9fwnQRO0qQgL0K2iALtGCLE3BBYy1tKxDyv2K9jgxGvEkpOfsB
CBajFmYED6+/Ox0wTnT2bHzzy7p49vqE+EkQRVH08z0jzLa7KNEAMoku+27oyWWO
fPqiMZv6yoOkpG3LRgg9tHmPbCvqWIxZufAzZJuv4/W04+Kq2Zq4uicGtIQyx7Hy
KyksxWIAVi18/bwt3MzjZTU3cav/kP2FLDos55ioXC0ZAC1dqqrMDZ/OqP5GsjZB
WKJQpgi2L+zs0SiXbHdLmJTEDUQp4FsQSFE8HFlAAnHd/xx79VEOJPwubSWVXDda
dfGweNmFhaqacc7LMFraCty6uAjFRGeBuRc4nlISbhfPbAr0AgOmUduGXh/QtmMs
hpcs5QNGNWeuFMhKDimpGe530DpPXWZtf6ERioKuacZVCEzmBkmHLTz8K+zml5yf
lHwx6n8s/hP95EsHZpQLl66mrWpIowCODCyHAgrtCqLMRtxO2f1O5KqCGPRXvxzm
He6Tiq/O4Eiz2NrE1GsykFIkXaoB/uKNEXYU4MYG3hglCoPN4BdQrPhkwf03ApF4
aRZ7qbZzkiuKGAVMC8oFGWS26yIwoyxDP9OaLuzake3NLqVV/RwhDLAQtJDD9Qbc
i0q+ACKRSlXxEKRLj8u/8zw+MAPE/zcVg+tiPH7dS9sfERMa0PKlfvWhfVVEiCAP
2j64xuWMAHgPMTleDsvLk/fvpVLfPo2qp/tC2ybmH+obUAgA3aD/repVvtH1BDLV
x+r5pDZCpfTCgZKTYzSoWYCOfHw1L1DLbBe4lMUCSWPIQtOxLTTctv1qISuxMq0W
5JyRfNaZ5OXYgqIhUwpZckycThFt4q2IfJ3cS06rqgGu47kCVmFytVWLNSuczkhE
PDBGhv6uMVk8r0vk+Ojf8wJh/wL5evIY77qXPUIyufVPfoWJhy85oVVnJFqbDwX0
eoDk1VYGvi+0yhe+gQKMmXWE6GsHHPhRfWDkNnAPPRJ8xQqqtVC4cIHZ3KOHofFr
vYG8JnwCpdy2vkv4PtCLds+/jDIRLRvuCWD/HVk9Ove4eQH7Bjcs559eInQ+JSgd
Tq60srKAY1feM1cm3XeVOlFJst1VGq+5DzD/XUIVjVzbEPMHKhgwZj/Dznt6AeK9
KNj8apWhYaYA4jt4wYA2tHyU3UuKvPEIr8+BOf7YLwDAWamXmlS/94454XUJHuHh
DQ6loKR0cuX2BY6Ze7J/WVyyUQM/qt1Q3RlTQwd5Hb+3MG8kFvn9EW2vnkr41jLY
AOzr+fMQyX5H4g/Vf6g/Ek6KmNAiNVgW7exsz7ZQXlraK0CExJkPDzo9Q1e++0qh
O2XX2kr2FICjb5S8QoS80Z1Mwpcc+J8dAztfk+hLj+vN1t3gz2F2O/rB1XGXkVlK
XAtfo7GngbrG5PnKE2Yh7x8nTYdOdmWXDRnrvfwgo+q4mxeCiJbiZW+gohm2iV9T
FkwZ/AS7MDpR8pCDpvQfRyoTu68BmuVCuc/9VaiRz/icIg9jnLAYMyfCc5LhYUxy
spUrMiLp33LvsTd2GhmNnMXh4mWnIZ0Hj3HnizJrRzBhOrA0V87w0wUcDUzWfdf/
UNFtOX4IzMcaSTDxAjDbDCkem+z6QugMYQ55x2FEmMLGjP0QsBZp9ESbpfJmqWJS
Ak7nYxqVtdJzFWSlG2btA13H5i6yynX335T7tlEm1cAtVcraXRijWOWz7ZoLtgZ0
MzgK0bU8ViUqT1G3bmwP1qFyjM75X8AS2rx7olard3CV9l8zGppn9ljQHcW5LByi
zYHKnN97GVhKnRExnsrTQIe6OrvtrkKtOoz0rPG0gSY=

B.3.21. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10510 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6766 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2314 bytes
   ├┬╴multipart/alternative 1435 bytes
   │├─╴text/plain 487 bytes
   │└─╴text/html 639 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-lgc-rpl@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>

MIIeTAYJKoZIhvcNAQcDoIIePTCCHjkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGR5655q11dQrEn1+qj1lo1Gr+bLsb6vwGIH
YA/sZqZfUPrdFQZRoIqGr+mw9OFYhsaTjR+ZiK/19IZJUDSXOIqAN02kCRaLbe1R
822KrjNTYSKYNUI8mEMu1s8Mm/J3Rf6LDss3ZgcKKxDg5XqDtBG39VFTXgHVq5p5
xYKt88FM1CHe6oMOBVnCEKLu9aNm6iaQx/1IPGUYpQfEY1VEFHEyJeD9UenyYR+f
O7UYzlXOk0l79OlIxspqqbRbehwsCVirzy9XfDzWFc1Al4GTtMp8n+7wm7BchMX/
7S86+FiypOQFv/nHoeEgE5Z4Cfm/m464/q86fJ80tv4iTNQ7mGIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAIK+kWhO1GQu8sKhJuZfl1zGB
7uDFNxt/SEB+I31lUgQJuK6BjfXoFhDy0j6Wwi5KFfCOGip5PdSd/UqLIdl0TJD9
R7/j4ZIVZL2WBKNY5aFEoiy4v6/RAXRYY7VNony/vSeH0ZTHyC2zC2mn5R4BU5Ry
pcNTni458AedkjLZGhyh9qbf4XOBMWT7Se3P//h8a00rJsPpguLEr9eYk+SEmdor
s/dvtN2Fa/c5sgf8Ha2j8zFEET0fe5727t3b4TPhLamne94RF2Ban2hYKyGthaOd
E3slE24n/cJP9iUtz5FBFeL72Z87rQS6QKkRJUjyuutwsA2HzgqcRaizMRVhyzCC
Gx4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIz0JLuCYpHS6PTGPdIo13qAghrw
yOPDrc1OUUqt5eVulaxY+qP6Irw2lLxwF7HtbaDzcOiOv7rG7l22glmfKvUf3vYS
k6c2jZYBxR/f4ngS0oTGiZaRnEbD75gEuKOpwlmQDOc8Yv/NqU1t8Iqx8fq75VaW
51SK+rw+BZ8AW/D+AIOKJxjqX89NFZaAkJEcohjAGTRz4wrUoLEpwFE5V6qzSqgF
jJXm4SoDXH8ZAGmAlVyxxobZ5P04Agqn5CXxYkdLV5BoVhkzFizP6HtnKPdlmaMI
Ct0AajBvWjdC+vZ11igU/txiyp9io4VLFUNQjROGzk5p9gFWwQ6tWIf3tpsqGU+n
cqhiSLig6DvL8I0v4Tl5fYW8j09rOSiEIaBGRL6PsC4U6D5xeE7FosGOlK8HVxfq
IIqoOFr4f7eq4+cRxuegtLn/podCkfmfKfMFb5Naqsarc5r/63GMSufptc5RKROZ
8ReYolOJzNzgYUUyMzerv2J6Qya6ybcVHBfLsK9j2XjGtfMG5MiXOHOb3gJEl5H8
yWsNtiew4FXhStzWLwFHWJjPwZEQExqJxMRRmlCfJroW3NqCE1S8AQCseTAb1jRm
M9mVD78fG51p98iPe0JHYDrv3bsB0FaPhCaVhnxt5cdsqU42kblavmH6VPUqoygx
QgKojyvQUllzyZ7udh/M70eWVag731BLa62h5zCQ8V3F9Jly8s6r67da9h09dq3K
5h3oxWUBcQh0rqKMWd23X1X2T5D46LoJAQIqOmb//askhoNr9BKL9y5K2gFQjI+T
quMLP6ysZd+oszVbRtyNfKyFyJNmkS0s0NZ5FgeLLc5h3y/fOM0U559PZvET/fEP
R89dIDTt4lCRrT7N90YESQ8N+e/hajahnQDS78VXlq6nnrIerI/WLXr8eKQIL0Fs
Quw/A7YQ4DOytsxOLUENGRunIPBePzu/gF37Dd8lZdcviTIBToLylhIOPIMw2C0f
vaqy+xwooSnwZNQMh+FifuBOOScbhHmHKUjaymT/Ybx+A/8saXRN+SfizVi8tLXb
XI4faBkFoVbYvuQh4PYHogTz8W3UjWhyVtmCicL55kMk9TSksxu5SGn+PpIFovJF
zuxSk0Xm+7it3gIisd++sZSRA2a/dYyFPOUnfOIBl5Nsq//H5sL7IYo9ynujUd2R
AI1wtAyymPt/+stRjbSq31b39Ilb9A8rFyv2Dhi/p66Z6XLTSyM9gvCdBgxjvcp4
opNEUsriap5zFtvDC3YvPm1YaWo2jK94mDa/F7VmJ52R32NGrTPf3h1prs+ma+2c
wJRT/P2gVip86VOxTb+KgJSEGbIHhdJ9+gFjTNq9y0dgwhLqvN3rWFwU8H/nTa3v
ymRTNEi/CCxcKctLgSckRZ5mMCjEJMqtqF13tT5BdMtUSWd75Iqu/uambE1iJ1/i
9O3ZRB36f2uHGILpWfJTOyL4wsW3GqqteXmjBx6qyXhJ4pNc01y4HF0XIiWXKZEE
0dIY8Rpx9c0Tw056YP4qHXAc2t/jJqTM9M6hB8y7Pdnh5XIw4ltCc2qLXuZwKdqi
uWHnMzCVmIykubDh87yZgzZb8BaWZbjYFnwXFsV+XgV7hiBGMBoQYRWFQQO5synd
LzvG8WKcBdTDTawuwvz2riK4n0p0YVBNTnJZBXsvS3GG0Jhjto5c+pZ1rLmRAUnu
eosO3ZOboZ6bZGt9goGHAydoIiOinUyMEtAEs9l0k334nCnTh79FZAd/aEInLupq
dx2aNBzv0IdCPiERuWvMu6QLHQ7vyqoU7ibu0eLWcS/IhJsnMXLj//qxlCedax/5
rerO59X4kK33h4IY0Qlo9CF9Xs1CVhpVnVwuw9Hp3C5i/fTdq+yR3xdQ8CAJWJid
UfZb/nIbU246OJAnRvNii7LFW4Wwywv6uDbC3zTeVR/KUJ4Zg2uIMcpLCUSVXK6U
vTviCdljyuUxDoPjMPpf/s+4kCkR3ALqyZJMf6owMTBw8sQ6U3H75UNGertSkPEY
A0sStLy/K5wtqoHbsANk8iUNFmlUdVh3yEAfzz1gNxuW8y7xCN4ihlaBF6UBJf3x
PggNcA7802kUcJeAfQqC1k8WGodnaCy01XQA52xF45pdJ2HzGHRpKm2hqRYBjNOA
2kS/8eTiufFmqHvoaXVvNspEwNaH+aJrsk9Tm1Pk5m/lvjB3kYsGofuUp94MPYAv
PG96GHJoPNs4/KRx8ECBQgjVruE9oZj062S4EeonEIQOipulAj6CXxYiQv5L1YO+
HOOgVlAKDa506Yf0rcQF1ys7IVDGokVScJqCEYzIOfubhrw413Y4Sl6ka+ZgLKq9
DLzuMXkNMqL7WqmkK4pLx2kHvLqqLP5XjynagJHWNm0zYO8JDgWHxjbQxmaoNf49
oIFXdzESzLnz3T+lK+OSyJjq32IJZbCWCzWcc8PX829b/KnO/a9VD/UCpMMz6E1E
aSxE+ywyGo/gpW45d4ZRJxzWBTo0BVvhrUC6NYjseSoNLUorVmWbzkqpnfO92bfi
L5Fu4YnKbh6VCxnEUOmAMaCzXIWOlLMg5Myep9JrNnVPb+PYKhQm9QwVpwhxKwsG
+/MKZ0eOjMHd6jk9GZxNDV0VuCcmtiLPuBW9+AxcAxjU5h4GH9fmH1ZMJDsIBDaR
qt/D1jTognJK26lx8KmQ7yI/zUAKzOlwALxBBnV3f26O0LQfqrA2MpTvdt0YKPCR
brmXI8ROZjGX0H3HZ607P2NRum/9hJAQxl/ZR74gu7FpPUUIJjr3JEHQ3icNcS4h
9icI4wSS1oFngY3ONUdVH0tvCEYsMexrZo2rk7qasTFHoHTrbkjncbhw/dc0LXCX
79wCmue63UbkamFUz5827rDiRpEd7QwWg+RexkYeZ+b52Iloyti82ivolKeBKp+f
vsF2Ni+mag0zUPrraO1g0QYmOklZiCm+GtYNp1t0ROT1Yhlcq0743B6qvRBkqSM5
wYqMR+zIVBbqK0Kme1+C9AfPF4K6vsGmJKnRPWHXdsEt0NzwGM06HhUhKXSKPYTN
EKdsM2Et4dWFjHDYBiijVna47yQbHVCm0a/1l8tA7xQTETyZoDdxg8eoWS4NnYSM
0nUOny1bKIN+N7Qj4brWegRmOFDvxas9He/msMOoYNMVWXMoKc64UfLL4mRcq7fK
YVY90E5YKanWsNDku0NSbK9zIlQTz9ASOuvohQniIPGBNGO/X9JAgIsg7hy5/z33
58b9JyBpufXxeCUP430eEm3HHQkNWk72BxsuBZKlNp28fdFgstOVsjDXFdmUpFtf
0jbiQ+GM+GwCCYkfX7mSV3kCAWdLHJLOCEVjlXZbhtK6y5o0G9YP81m5nQnqyvyM
nG87JkhY1MpzPGKIKTxRHCPTKrGqxkVEIOVEmvZAqZ3fHXzM3cRvRYER6RB70KYU
C0gvzTAgBr6W1OErYNKysjD+QG8FyfzbfYH/zXumG8jiiEqNKFU0YOAxoAKHIQYH
a2Cz4Dzcbt9YdTf7V1FSFWWZspRivCGCmqsFD+pbz4Xc0REJf+fG6K4ytaIJFJqY
fVkVe+Ecdt3oo7N+LL54jA2MBrbktXhpnHGmD3WAksG/JMorMTKpcKEM6JOou0AX
q/TeKF1fUKP/6ig5fN4HwCHRwXxGNThBvFzg+gXUvZ8IddtYEqOpSqJ7z1PvD610
vqBFovrswn2E6hiLMgwS6n/P/o4HHbLXVBCca9w5sApMsnfAQK5DzLxKiUU3xUjP
FIsFIVxWMJ0aCi9UulfTA5J7IOdCeo1dJ2j3BmAKfHsNcvN8MfuG3gHLX3w6n+Bi
oXQVQqqD7plihfXccgxYk070CtCuxi8OMB0mWFvDm6BHWEJx6BNNoCOdpVFTiF36
g0Hb9aVIcO6pietUr45MgwlAGCB05Tj9VGOROnErdQZChEjOw7LsoZfNT1x5wAnz
okTLIbvHcKKNUTz5Lb9WwEl5o1DRxmHfa8e0jYk8PrjDfJ5hSL2n/ug+SCb+w7dr
hzFsIhhhAFPt5Ezv0vdad3LAG8aO8pgr+K+AbAtwth9Oa6ufLMMeUkR3AQrbTL4/
svQX+yVkQsbEp65SgN4h4g46ZJL1yY5i38yXi5a8nFusWbLH/gW5qHLCN6103FuZ
NQP5L84K8HiBs7ykqVE0qdl+GsjtNKUND0LxV6IsAobLtcX4WoYUE8d2FnfY/I2a
xII82SmhXgL2Chyymz6odQNf29zfBVY0NZS82NlJroHHMrwvI/ys5odtjNve9kT/
xKCjWAqj5X8rcnmch+kL24HNpFntNbddiPdfVcV3q5+Ma2V1A/ZH0BokPsjl5yrt
CDFK3+4x5bRnFbNuMWUACVeORO0JlDHMWydG8jhqFv96lNsYnKrVQShJwjMWSifP
I6VaR8kHo8ZJP93NNpXy7GnXeByF4hDTy+PDS97u1Zu2eXo9/5txg4Ted6ts2tVa
L6nBR225Nne8tfasxOLnp4TyCOFbvAskPLQzFIAUv72Rh2iGxPq6S6300grFXD0J
kiHNjwh+IxuZ+lp1GsK5oafrG+dAX09APDibR8X09iBhWtIJD9Rs7EsW1EX61/T8
y6kV5CGNSxbFjiYgkNWF28EdSy18ipmd6a1wczNJ/uqvfxef/Vn94KqwrHkOwuIq
UwtXr2j/Xl8+0/RBVeLARpvILQM37pWKB9T7+/09QyAAEdyET375Zs0Hr9sYcSgf
w/3vb9HX74/cAGQVtQz2qeqCr1cSgKBd8riVirakIvdgGI83DoIim/EcHD7rKh4B
Uyb2Z0V5Mi70uncXn4MHsJwrpfiFZmgcXUfOKE35gNAqbTNi+m01z8bmQ+VO8qF8
Fj4hW8JJmfnLxwjfE/gh7RjYOYrQM+JEtY8PFY1x6A2iJ51TKsCOXFGO5oOObngv
01rRy8LFOLncR4f3syZhymcccrR6obIdqwdcz+l+zWDoLxoQsLQKrTqKnJez5GXC
kRXQ4YNJ98Ly8M+wcAz5bZCeqoq3e5BCCB8Z4g+I0ryLKirnFvSbXxlQWCIqV7sG
QDRFPve+moQkBjw9UfVdD2C+ofjPUZd8m87tlbKdxoz3lYSGVNy12b1McsNUtQRI
Skyhri4OiIvcheXuaAEXZ4YCW787ABIyc54DLvlXSnb22Pr/OJGLSjGDLu/U7Fe8
3iE90fCDPsfUU6yAsfNLRr2LcZhNrw0F+siRcEHe/naDOuntYq3W3UB5Vji8k/bw
5kvLoTUEIEb/UJn05uHX2tco5qIqdTyR2WL8BCLekJdpvzg52M+e88BX4S4coJ+w
MlgyXmG8TkSXT9GLGua+JEyE2qk5pG9dmhTO+K1CqKdrJX45N1CEh7C617sWC3rg
rdc5CQFh2gYv10Z0WJ76wn+LA5gUTU7pvhgdeDCES3dTwyNHjCFYJedBH0jzFG4m
oJrThIYxfMkPTBLa6htHIgutpdOG6GD9nP7mKimUXq1jP1iaJMHTaQkoRGYsvP7y
2O19eMvOQm6Ppm35lZOMpJnAO0UwHLMJJwH1WvTvhlvKjVKMWKscd79fybBk6XIt
hFbWKRHQaVQ7YvPUDjYfuyAhnJt1016fRiRN1MApwTTHg3tVZE2QoTfkKfM4km9h
+VQdyiUwkbpg5rfCVhQWI0+imqKFWoATjQm0+352eJB63jgvH7o9myg5RU+AK+6D
ssSVGjhp9vgOC3KbGY81dHVhFjcWEApJ39REOxe4YkcCeaYTDMqhldlhzIUWNbPZ
EdCnr1GaZlEGeMQeu+Q0mIBM60ur/Mwr712cwMtzmbasFiC8zARsbkZQZh8ujXep
yMiWkXXGPKdYClal4pjoBmLrPaOXlrybD9K5mKZEOpbpDPGYzgE/C+tvPYCP8KpH
MGmaHYUwWdLlIPI2YDOFL3WAW3fA8ugJUNdnYV7I2sRAOql9JOQZaYxeGby1VJZh
EWRSybauamQJ7TUORdboivZOuJNoYKP0wJUIpEiK7ZgJR8pvP6HLEoSyXu8dgVTS
gi39Nrfe34xH+TMpuDp7K2f1orTNMVe6WMryOonuTCln3KxD2nCXr5pT+AtUzmZm
4O1YzwDgIBlyNgSpxX9FML+mFqfT3mtfLm9Kt5YiF4/SXiEFi6Go9VV4xM/znwIg
RlaORawjDtZ+CzPsRU9v8Dr78xHFhiAp0ohwrzmOVHGbZk4d9jtI8yHqLmPEpKHi
mV8vvDNgBbzkpst2Z6ahBMa2hvOiI3JzE59PUXdg4GBQz20pieW6ghRaIyIVJVg7
Ot0cZ+wp+04X9pyUtKaEZMDfQMJO3F2Z/dvSP1538NsZieYj4PNuFlToGG3AbB6a
Ccs3wK7TzG4bQtRnEUk5121U2zm5uxoUJTOrfS1iOKs5jGXN+mxow5H3D6QEGYgI
nZbhB5BUuRoiAJe8uAbUnT4r7aSB/LFxV6NP4HaF0qJv2YCE5KdV2//2dHNgL47k
pqL9CW53XRjr3xUnLO8+GjH5MWNfVwVLatSLBNgQrLSwk2IrbHjEHcECrN9Ctx76
P4/CkOcLqx7wSlFVu82Pm6UHQhb9Ke4K075tNRDAjIDJ5v88/zbsu641AyfVXxma
ifHuNKgYhd9mklIEjXfTvJPouyI5a9FabSs7kK9S+awuENvyhSJ6PQ0+MC+J5eW0
yW5SJqcCIXSkIKNhUTdVLUmEgj1a7KRrbDjYF2u5GSa/sey7l92laHnoXWnC6W3/
rGt+BsbuJhf+MqZf24zVWUcFhMJW6t6a/jguD2QH7opt9d7NLvzLNNStARxR0NAQ
0hXx1dj3fk/6hrVO2IsuxPSAysG1TQhrwEuNsp8ff/cJhCjlXQ9JGoiWYP3+niaT
ZrYoaTbPRA/N0ELG3Kmdsinzn8+EClAKsh8cy8EwtNdl4MGiZNr0tZVJ3Y1YPzFj
wRr27iH7c1IzBfcK0V2oxvO/mEYhYxLffIUid5ph23QtSEa/4r2/m1HlLMD3ZlCx
/6XOyeDx1bQBjnh0SEVoElS6ATwS14sGE/DrNdVhotrdDHEBv6u9vcOzob5o4us7
mWBGFo28ypruRWxRaQ++H3ysrW1GPZY7lOjLjm0BwRiMg4aY7LxbbzJU+tF3mRBm
F5Brb0zRMKiniZtP5zKqIPTBIfvuymfQbrf8pEElVnSHgd8ZFWRUeBFgIFGHli3c
VdL+n+tUTjXUXRSkGKgXc21AaS7sU3ziloPgi2mU0TsJY20F4kWznPtUFGn36zbm
QM7sH18AFw+rskI6R9kO9vlBd/SqBMxPl6Egy0u+O92O3iNKbildpyiFSynhd4Yj
oR0Tzr4KZf4KQlzyclbVgsrGNJKx0L6SmqYIchkwaP71VoZPdn+XYr37WSPM6U7l
SkRkJMkxr++p8qqnY60BHXQW7u3ZBJgkSXuJk1zo1q/THVeNe/gDA99Qt2bC4YYZ
JD/9naGv4a6hzT/oWXvCOLmcdp4iN9Q8Z7Oc7GrQDLq5GdBnIogVIIhCCUY3WBn0
XTlLv5tZMztOsIxYEA/UsxgtMU0C8kRX2PhYSWFFyRKiF+I1EwZ+7NjCDtRI+1+2
hIG6DvYiOxi3FBZtyZxkBaoggv5Ah3wOPf4URjdS7s6HjgvLdHMDJkuFL6q0dUsG
fSn7+jRCAiJGkf/MCMBEHlbZQpnY1xT+LB93rguGV/PkoFFM5nZ0c9ZjPCVZ/ewv
ItqkF2oXuidYmLd3STxoHlMF1P5/qNrucwYrAo/M7dJlWl2zMwE9Dr4+VJlOBZkw
AUlSd14XGTI0Lfby+cCS6RhSMf8XqJ2d2hxUX1hNgOAizsVpl4HCTddKCuVfyp1z
t/HlEZJnar4UsLIcWsgB7vYRMMMA0XAhIn4RMi3Y8HZga3/jLwHtGdPFYelfVwOc
6VVefVA+21vmXS4nKcOFgGWhLTQ/u+xhJMfY9mAzZSH5f74KK5FcNspC9/mOUQmv
tDVcoIWIJdxoHVNWcSuSVW8+ISl+25wST0wShD3sKaTVhgFPuQGbej2wCgirZkPQ
82FCxLDkzhL+goh85EGV8FuxMoo6gb1krFTxDF7MGdEv6RwOyj0PxLEgG/ctyu0e
Y46Peb435ScUFXTa5jU6yGOjHrzzjNN74wArI5FtFI5qgTDcd9DSwZFhl5Adbj8l
TamIMutl3IE6n7v5kuTnqEAM2y4He5d0Vnv/Ms5+lal2LaPgwpykbz3WdScD1Kxc
+oFUTNXGfsi9C6/DiWdAB7btcMmXVA0KaFPql1HtUAoP+qxrqwwL3aa3+rtC/wbX
EqG9W+6U6eMBbPw/li++M1aiAWSq7e2Ny1T7i3wy1V1cpSSFhrn2EX10ISlVmPwn
f9yzUwQ6yk3r5CaOXg+LmqWrebMnqXmYtHICGrzkk6c25sKY424S/d2ggJeCkUp7
MHhl2qWj0rUtei+DKx3SjkHXhct2O+t5E0zmaGQgGKL5C1HR8ODX/pmRH5qWILUs
F1K8Uf+NP6Vwmf3sYpyWchMKWRm1AdDibSGfh1fMarEh9kpxEXuGdcvqxIXfWfHm
ksitbzmnMzHhfXy6UtN6VTp5BfYma3rD9dgAQxmkgmGKhEkKnEu6RLq7MVXwh6Kq
H63f1dMdx81Dphv6tcpD57BS2748MbIkGpVGekpwg/HQJb4YY9bPOPTpMKzrZ09w
aWdf5qJ8NK638ZEpOYFxoq7lEAOjL5JrmRmhX9OuxyyIhbR89v1IfnCPnozN0s9D
DRqTLEi63UbiVMfSYTJzO1Di0sFoQfMM14/8vqwh4NQU3blC9GcMf/hOQyezuKvx
/UHnm64IeGuF2Q875R340q4T5xF/iQzMb6uBWAHCfVB3kDrETQ/nSGPu9qLWMkeG
RkCBrotadhbkddytBqM9LaqIWPA2ROdr5W3PU0h6ZLUzh2hGRiF9pQ+wLj7lYmIX
5FXnT3n2KzCEVc6XHpU9c+6PAa2nYfIgcsli8I1yyxJERzDeIBNh7m2ihYHyFQ+1
GGkjF2pWvVIN2hB+KS961UAwm+1vvRN9wxl8YSpJ5T2BKNkg0pucDUYP7KYsiRd4
4TCHEqK0JeF3CzYYt9NvKHCulQMa49LARmcEndoKMS2975EqTpq0aP3TpnS/81Uc
E94iZftUsFKhs0yttvYS/fw2OSp62hmT2JIab230p4jd2wpwP8GA1KHzWwjjbRjB
F9vrhTYbWntat4k8AeEKj2ZjHJMOGmG3sSx33JcaBwWug69Pg7nEcxdP+GxbGyTZ
fPCC/s5GOgxtUc+Xk/sv6wI7gbdlBYAQnBVs4wUVNMw=

B.3.22. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10100 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6468 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 2157 bytes
   └┬╴multipart/mixed 2093 bytes
    ├┬╴multipart/alternative 1140 bytes
    │├─╴text/plain 379 bytes
    │└─╴text/html 477 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500

MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEi1pZh7AmnBEGXfphoKLU0XhQXp/9lS0Txg
FwCgcwRDRn8s3XJd22kU3e5xwZmi0yL5P88jdyCw64+4vhddnBI3vPu4LLlHRIwF
Xwu9w552EXbA7MZUeF5xNSfVvO03KgXLCmI/AzEeWVcAiwbHol/A53jNzcIDC8Ts
dUK9hqWsARFnSoTeHO4A6G1QTNdlq/4YKVJ7Q8uoYo6fOh9yxrEw0+Ja8RuDcdgF
rLDYAPX8GMHxwkuf5LpCOHVGRnkcZ5hZSmGDxzO0nxhHROKh3B3hbH0lzvxZ7FXN
HT/2Qi9bBJSjnsxu8yM4Z8hEvMbmDvAxCjUwFyq+VPRE/XEe9ZkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ/OtfPQ8mtoRsepKqJuyEUxr
RcMcWUGiScV4FCirbXyrJ0sCXf+79WYdpVkPxVAIAJ+iZauktCUSgR1B1sgNaqDg
sjd+P72Lvn0nNZMHBg2ySKX3L5xw629/UdbqRh/63W+5+sQT0CvgoChL+l8Clrk1
HSlPjASvObdVtPg/Zrexavex1YDwn43s25dwtPobb/KCmeG/sQG/w9UrTsNvdQM3
5sllrSAMlCphcm8JQ9ucCmdDnxva9brmUxSuiMWJrzPQr/TvWxfszozZfVnC5UVa
umBxVZJoMWfiTeFKCM/5861WLLjbgZgdBOE5lWJ+xCDCebNh5/Aozu/Fm5hpMjCC
Ge4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEA+hXgND2G824Y/DOutsdCuAghnA
2tWFiGAPgGZa5gcUloot0iF90TjM5QeFJr3fpGga9ybi6lDzXSsxsrE2QPCht8i/
08uA0PVRjJTjA4pWtWZcZaVJx6tX5C2gJBmw08ku9RhuJDDkUBA+2yqW8nalGg8o
sbbC+syaArFaardayp9YTzTeywj+8dmPpCH1XL5/WrFEISxy7L86jXSOHvmqBDFY
CKbuAv2iErdOcS31MV7jLyCacbjc1S4OxX7SXDMuXbb2NT26d45gPP38+p8vto/G
Opll9AB+AtAWtGa6m8m2ZPzyyJIYsONN9KSsPCxx/H3C03h1kXT7JHYUqtLWyzBC
UEW7oTRvAGilfawg8ZwTcBTcwYNpqd13otLGS1hG5cUULeRH2cA2t7U3nXwPL/Ge
zljbZLvkoRE5aA1WXXrdAjkiayr9fMTlnqgW8EsKyOfZofu9h2/M8t73ddcAziKW
YlnE6S8NXxChg1CFy+xS6USGDr6hn+U4KeJI++ifLQgSvHqJgtq9tq1/UVibcXW5
MnGoPDPWPZg81IvV8qH6bCSeH4UC0Dzsnj37BetqJdjNfx/MvwcJq/2+JO3Kt4Kz
LcmGOtot3mD4zyivEBOeWincpTnUYEJffMZdc7g4yLFvyty3EuWTLokJf95E3C9C
Oegu8QxziNspRwThEYrO221TqVO7yJZeUDWS00Fp9s+GMLT/uBPHoOrZaM+ZbpD2
BKshP1Ht9lC9mcih3XdE62riUPRyzEROmjZgUhaOnaw/NhC07KVsfi89K2UpEt+0
bPOamtlcBeXVc8Guu1CpOKlyrHN4hqdm/uDC2zlegwb379imtCroPJZEIPw2B2wl
2SliLzy2KhEvqSo8iiTJweUjsftDKLMNvjrgZCCIZlSJ3SwiuBLjsmTmiQb11jEI
0vQVsSekYaRtzpBMmSVHt0iAP6tOvjjV7dKT2TpEsIcF8pgV7DeKhoi5k/5PYZhW
nJaJhgS61XQcte1iwXrTbernqyA04ER60gawFfxKpLPVu88u8PYy4/rpQqAqBED5
pG57N1yTxH8UjVMFAmhoUR6l8En2o0iD5Kwc3eV1Z3JUrnXlycWhevce1pl0BFPW
3/zMxX2ZFoRMukH2Y02H6CIRRhIGUy1hPUeGim8g6vDgd5dLW9CCY0QxBNtdlvqf
RIf66fwO9XDsvnZ7T7aURjgy6DB9p9z0lySH5y8Azl0OpecTU3CeqqwLNvNlxyWN
WLhBcfHtA6cLMxSNgsYTJimKW/SnYcz+B0djd3fD+mUxXvViWIEwrXknjNSFEwaY
FQOORvP4faF89R9I5BwB3fU+/v+TXwg9iQ+PtsMTdmwGokXb/qnBBeIjTTynGI2z
sgEfgHqOb/MW3wu6Gvcta3dDGZ3mPnhn+KuaMRwizonMDgzZNId4Qo5BXFhdV6HM
t4UPcc0QUIxAXFk/iSERIj1lWAIUCnYXW/PO8RGbAz3CC58lNeKHHMmqSV0iRKsl
MhJF1d0SA0BToQKxemrSioo59bujmDTSzxywoRTroJIyIu9pLxE4+cR7ABMHWEJq
GojyOTin63OltHbwZc6IaDZ7rTnjxvhka/IDARaiJ30HKpl0x51cYmBgjZN98Hoj
KNJ3v6uljImKNBXRhhXbhgrKKkLCS3RtuCF85uupoSyJpOHKBaSsJLr9ylIu74U7
djsHBj1Fye1qrbK/NylHzMWaEnSk+dJWwEgeZEYpxvMp90PTekgjcI7hqixsPV7V
1QuziuaKHuKKk8j/kdYUtOJ6c50kgv7k3VkROw1YwL2+gLiBMLX7SFC7FHVV4AG+
46LfWadlc7QKcfG4JnThp+AxysFKXb0KIBqCsn7JjEhY6+h4yxZWPbl+GSGkEUtk
FipPGjlc5i6jN8o9udrhS4moO9rQWeUEoCcQI3HcZgqAr0Hui7n/+fyGPdVKVtcM
4s3YsHYx4vkQoxObM83K+26ISBHslDQTee9vMuBzo9eQ9gNuYQzvWPp6SDPobyk9
w0l56dqug5xK1h9ysDv+NexkJrwElm1o+UeIQKIJzakf3AJdrW98GTZmHOHRFJ88
4E2NjSxGvZnj6W8IEKaD0uF5dd0x1m99lIq4LpOTpLOtNl+fSTnNsq/CmbVPdLfd
J0rCYaQUbO6J2y3iZg5KTxxNh/1mw8D6Q/ANbCUB5SAqClXvrEIWxqhNzsQBBbwh
5T06/AyKEUJYDkWv4+MxV8Hq8W/X3x9egOeStvkyVjNtbfcAGqvyEMYzGx++O7R4
qLhufCPgNjrDj7msIcbQvAxNgw58avya+9Dr6GnZNAmx7e6zDjAgdIKzilgg7u/5
S9kjGOJgvC0Nk0S9a5WIkGty23QFuWLc8A1JypV+DitUblLlXna2++nw0qN9VrBl
cjYnGW2t4Vrs9BeeF9QbQrBcbEju0pypFgYT/QCy9LfjOIVs+p0TMwdVfkz6+21x
/D1faC9jkJGril8m0TwaDxuCeGbXLWgueOI/HDxAqH0dz8u+9EymTjM0K9EVNqgq
3m7Jj0zYAEnfavGr6EtGz1s3Awvb8fL7nyYIkU4x4GAGVm7wthWNh7OumlTY4M3j
wfkQunbR6M1x/aCb2B+VN01T38T5X2CBLNZIV4OKArumfmXosBchatnzZ2No2FE3
otQKW1zTTaivmknlNj5NcrZAZiAVeVQji9fK6M4evwfffpx0ABv3UEIUlvtrTEf+
fZ++HbaAVeB4+OFF52IxwL1wwqTdOgb8VwQMGDPG8UjA1Gy7lf9S+dvcwIdj2Ukk
VAhac4TnK2WkRvqx/XGRKYXNH4gDtiTkSdDwYui/HY9xMOug6DqdR2x+QzkZ1Ta8
zvJ//w5XvBZk0Mhmu4YHEh+cxnzGunx2YXbWTTLuCElxd2EmdimzdnuG00RVWDuK
9lxsUDAHbryFtFIjsgkq+2lbXBFilaySMstAlHHX2H/L604Ii8JLXr4VCp5shfjq
cozjos0t5epjGOY2g0muQhnKAmUHy+kO03w6LSGK3LCA9i6anVL1HtRPvKLwmvev
suDv8rKGe8V/Aot9llGyDYbAwWz0p36J72LeAKU2NdLEPcBHO9ZJPX167kJ6SwLf
Cl8Des+u5NqAhSQUieOyGRoqT+hsNMD5UxuoRVkt3qz9crMt+TbAaXLLAh2NZjT0
q+JhBV8iMWa3XXQJiu/zvB7SUKDMWP+zoMyAwwURFfiSjK0WWVTTaxU6LenGw4Kc
KSYCcY2nmkvuX3aukyKuDa/BxTTmSgYpIQ1cCcV/MaGrcA1b9sjDj0JXSKbRC7Q5
DPI+NLgpx3aTkILh/qd45egG0abPgbegxRrcUuR62LSxWsdxSplr+dn3lhKq7Y1V
m5w/ZynISFiXHcD61RszxKMvja6LiJKifKuxTy9tmYG1bdEqmAF7N2K4/dEY39op
Z1+4RNqopa5lwfjdTJrf6CBSztISZDhy3yW1RzN5K67mrU1y7hxoZRY/Wwr6iVom
s4cYaEW7uWeM9cyTGjs64Cls/4IJqOByXimDNjO0R6rt7YbIzkxhAqf3Wt8Dxh7W
OMZWzikBDnu67QichFT27KS4g4FebNUZEZr0DpYNllLzT7Q/P3xpsmERJ7X+Znea
mTa10XVrSvWmGue40olHyiy0NA8Cc3qVE3HbEnjj01sK5LQcVxsIor96kVvoA1IP
1/kPsX92RhruHXNksvZGiXuyQW5Pe2EFcWj8+RskX04NXabRv+b9JOw76uvAx9la
z11Bquavs3OgG1DnHzMTLpg94v9bj8vWBtvvHUTm65CFteCBFg0/r4PRJ0EA7OSK
gd/6iUJQ1QoOK/6ZCZOQUqhflfx/vsBOeB5ybN7UnbV73l4CtFs7lXDAhspT9RXS
7p5v3woa4CsbWRhnsTPBlC+kclTuiaq8znU5t3YlUmLat5M9HrWTjE8OJO1h5pqj
SmneGDr8zBnXFzauvibO+1pxUHvWDumneoiXtVKKnKanj0QLh4EFAAN3c1UbZSuc
oqc1jAe/3KV5PTc9btDsY82pikMb44HsfDji9FizCsTnRWXtoQ475Sf/JuvEc5Q3
Mt1LURFn5F1B/nx26latOieOtW6FuS0J66R+Tt6K15QR1EbGhKPjGBJYSQUEW05p
TMNuVr0Ro3/gSq42QpukVB0PQjItpCYiXjJLsrR5prH34EMiFWQEQq/u8ymTVM1l
uW9xq8nqq7M5tWyaLHPGZp7CmGE7Wph5RGPFoDegwNufHroIef2PfPK19IbXOehD
MLnR3JU/KgSl58t56EgViEK+UwGAV2J02MBxV/RoFyyLvmaJht4dmjL2tWtsV4cp
MAp1ZObjp/UgKx5fRJDqasSDJp8lMAkcOAQOjZX+HmmHctCxIwLngeiGpU5WD8QC
NZP9ddxxxqSZJxO1/VyfJ9APxN74AG5CwNnXwJvObMp5uvJRyhYK3QJoxpvGKIbE
wRg2dKKvSTfkOfMdcSLn8Iay9g+0D9HrpkyrchvA/7LxgSlGNXjeYAL2h2mdwf+7
8cupnquXUxW7mJnpl5suLquPL3s1GnyP4WUPbAAt3Q6ObZg9jqMssfI+CLRW19Rh
UntQ5NQceE8ygNRc0k/+TTYTZRuT+zmgVqobF2+zxbexlkxdI51wqaDC04HXcSi8
p4hyRDeJ8yo7gqMbKFzBf5pp1CwKcBHxiQyq/lz/Yk4f7r1wXYBqzSBmpFNvZX08
DZYJ10hQzgCPvVc9UQUQ7FUjk+zKKk46i0DZ67FsOiAePK4/isWr1NzjAW6L1J9H
yPZf6m9+0wwahIYAygKA4Ki/1i9RZLNUy2vxAt427BhX6dHzBdjnU5MvknrP4Mv/
uqoab2CEKZza9+eJPPnAqX+xJEbUXGScbE8xW5nEZzfcVoKYt8cPcqWBVTauoUb/
GlzfylstCR6yiIN5yf0mWxZlsY10nMOglEPDlCoTE8DRJEZzvgpVHZQqkjkEFJvT
XrvgB+q+rs+H/C7ibxK7GjB7Osd8YAP095ppWA7lXw58Q67zzk99LsTG8iULvM6s
1yTarzrUWyLSW2mEtDdvNmzxHRbpmAS7/QnXPLQ0DEa9uShRc9WyStMJCAYgUaLc
5rI+9j8FFpUPkrebnV9oONlK2sYTj7njZsaBJJ0XeNqmnwvXkpgMUjrIKenWdNFe
oahQRAK68T7AzlUGlpqQDpGrTJ5ncCzw9aa1LMqYpEniIwd8bU6DRz4Xr0CuG22Z
8sWMIZy/T5/cVp8Qf/tRvThtgT3v9ikJ6zbdXloigpFUlhKOdO99942RuhZ9BGVV
HrhegYZOqsGtWvw0elQWEW2mRzwNpOxImtq1jj7HxsBryH+z3foDElOkG50Ia0dW
2x5+YMqIZuhv+Ncls2SgaJRFqcBpBAGPwZyPxLdgB66sjZGvVbvSLCRL0+lfbcXl
M4+uiIcY8nvAYlx+HxyEwbNfjJnlFeBEqsgRwMDyWpWVOXHGyBFrJITtKSAFyw+h
GknIslIWYKkWR3HGl3McFZB5PKDU/o4lsx8ukAh6xbhkE0tncBrw0rr/A1rOuL5Q
RDU4g9hdC6ZVM/3pE+0+vV2ErsbQj4onTN5qJKAqfjqrGd1j8avFmYBE5hSH9BOX
8UYVc8lhfcx7YoHGHa7iIsOOBPu6Jk3x85UAzk9UbuUujJz7IG66FPUm8DUU1Dpo
FodQoHyB6aSluGWgirSPlihIyH6QVn5wTcmbbpBqQQuiePC2BltRLzfBIF4pDd79
SFwjx5gLEWuSPPK9KhxxgG3i5zRVfodi7Ja/wgEJWtkkoEK9cvEJMWslQLH0HDU6
FItWlyZJY7RsHKOtq9rJFAAz8gTu2KedWmcxujNhHnHCBR2V+dxvtuaJy2Ve4Kf4
9p+2EFsLUnYxNUqwiK2gn6bKmNK2PHr/Vkem+PSHeBFVyQTy7/utirx6AUT0epjO
PdfyFLI2e3LAI4tRLvX/x/VayMV80LvWIGFK8S1MIuOf4DHpVwyS0j6PM/ncXi/7
VcTacendpI9oBu0sSHc8Y22z1t7kPu7ZCDSslfFHjepwDxbgcHvbvCinYujda3N8
z8B6s8FdvsUKuqwYd8kq1PbfKXN9fm7gOSWejRqHaDMMsnIwJ4HGHJsVHBAYq86z
t7PBc34NaOHS3hIHdSKj7/1Ez4CZt3sxfM3r67Cmr/YG/vxCAV9Mp7h3VlH0dPgc
AkjyxIh6atzX1DWAgQiL8eNL9omlmgSpJ5KP58ovkGMg6uf29ApTkd5aTnm/YRjw
b0wEJSp1jdCWz5EN05/kQillm28Lf3hRDyindpGIBeKdm2MH9TNpd6AhXGZghuER
t1Hew6YgaBjRsbptOSdl0VW4h6khn82Xk7N4jrJC/OEfN8Ys8i1Tk7UOXFNXBjf0
0aHQcyssfrzr2X95jZDYoDFIkjQ8SBDrCURYYwL4YpaK7i4aQ5i9ZM7Uw7b3Mohb
ryJndjEsm+j6RmStoJw1XXRpL/5rN+/iwepViTPbzicYbkN4FMQUFLDMG+nMTU8t
qOPYPsGQ7M8t0+VyhkJwmyG6YUht34zZVZp3667h/VrSYQhVZuEUaQr+lJ6WThEt
+UAgWyUGkyZ1ixfdljdBcxd1GSRLeOg3EQjzG4QnKGGnZ1SbH3jNR3cTke92WJWu
FUNjCSFeLshTLN5adAJE8tvJH27dbSzEG5k0eB8bCdungbxoy8sZ1kkS/OlQplvd
KHtdyyUKrurOwGRFW6yAOrFX9g6yzQvuHWgwG0ZCQHHDV1owxTDY76rDJkD7r90U
HhnCjoIM0yZccj99cXvfdGPAYgBCxUCeq2d+zQl8GBafiAgpw8k4bMirFFxC9kzk
053ePjh6q61TD5d2Nk25EdNGfG71SVH0WP7TPgI87aT9l8yS9MtHmSHdshf1JGAp
6W+o5CY1FCePVEv61UdjuJrhe7Y63jfCXF1hUxjPFgKs5DdjCx7wMw2xeB+KVEfw
TW03JNM9O50u974OwDy/LE5ilvtNz51jnrPu7lVXjUX7DBXry/SfiylWK1vv14Ql
NsLryq+hWwyxgL+d39JmnIhtO+AhYfRsDlXpSQk73vNruo97n+kfvozXqn7biSmQ
BVF99mx2/X/na147bAmZuO2BuLsQc57aO6YVJ8tJTCpyIh9zOAs/St8oX7BpLrUp
Urey5JOlETg53eo7yuUK4YnQtH9eCH5KzXgxjpqhgYCFs1RGDpnmBkYbP8iXhYJ9
Baqn2uT364BdbnVni3WRqUoW1Vb/6nsSliT+RLG8yN1WuM7eq7wb7g/3ZejrBcXB
nxNnyV7eNfuOMgjW+iPezBOblFmSc6p7/iX/qman0rx3RrKgcSBbS1iy3KSrndzD
ACkw6goJY3NjDEZlODr+YWcvkoDVXaW01jlAMldGHA1HTvz/H2ohD8iQK5frFCU1
jU2ZYggiJw4NZQ0aSqhZiE0yG3FjDLzZmQ2+AkNlpf5IoY5eHrd/1J/4zZv6oO6v
EonO07mTC42uf5uPHDWwxh6Ubu/nq50VttjqRjgPdTzbfeIW5cC/dXndjleT7dsf
c6KjQYBNyzSOabz20Ng+PjrpdXTTvA45/3AbdfNDl2chBlpJV9OH93hDFl9wlyHH
cH90AhHXx1arKPkeS+/dMXIKGioIcx4WbB8bvBVXCiQhHZWDAOZGT29e8fnVXrFK
Q1ik220eI4yV5UbObHQRl8UMUeC5ZjDPMygdQgUKb7SHG4u1CLxtW+NBQrtSn83x
DsNOQXvKrRVoLY2OMC/TiaG/+Rh+fmV+bwgiOUQu97DKrTcKIx4Zhsv2HDD3Ldkj
pO1F65yj57c9HsDiEr0S28PVCbd8yOrgmpkHtns1sDNcl23BJFbFrn7ukFAUt095
9OtmEKyCTU9J21W9O5IuyLVJc7VSHnWF3SdLAfOyEFjUQ4LF8W7YO0VhtcP2LbmE
1FIz+2EpPbSlGqc5cl5/jkTRztcfSKDLlyAzG6o2fuPNqn5uN7yF6yos5S8LT7u5
YZ8XcATFqKReTM9ob6yk7qgtTCENvR0Um7qO4m06ukI7zlXgZYkY2lrfNZFRdQnf
Sml17rL4fuq9QkgxtERWXFg05yhtYw7+p++QMr7KVSAZmetohlNFwHS30xA3zn4n
/OouD2ArBEMJqAIACC4DGxotT1m4TrkF82IQAQ7sJ8h6+jzobwKji/lzp1nHTOKF
fI/L7UvCxlifY5gTBBZP57XXjsf0YBLrbQ7cnqekpoOwMh/0Lk1O4FFgsX6L/htb
bv6fwWevajrWlus1gOgeGUHUAe1H6cYepKAYDsXHJoN8L58ASqFZgK7Inus7ANpR
hQtT1JIcXZi1ZzrXA1kahdvU+wcqNdx4pwLCNrn5XlAnOQCrC1GoBYgcgCv0h3AM
DLzefo1IDewuTyCFf+oQL2oaPtDwC8ghdBeDu6u6e3z40xsApVOtZ40+PPKQjA88
s/+dDWZXYCYBPL7Oa6Hq19i7aoqG6gExvqhcFGZzZkTwjHUyF4oqlMsRVcadXucu
dTlY9xpu209/kQXky1RaKn+SS1bK8bXZCYoBRHUFFNGXrHCyCZHV61r/VoojhKAE
AS8nAvH0NjQIMfZl1RUZ9tKageZY/X81bDI0SFx2JBBa/HQpsMNFdlceTZLdJfRj
1l+UECHZWZOA7EbhxjSAjz5/YjLsmdjb+alc6PuTSyRQMSkjRy162hMQEZbwRzqP
Y4v8jDwO3PaVjF5dqETA5u3fgI0bUoMlhRq/cJsRIv9OTgRliJPAPt5JMxEVWwWS
PNPLQx43DLbnnrAR6SsZhH0a1SvLHXCvgSvHTj/iEoQiQSslj8Z9euTL6YsyGUM4
IRn6smNANIseOn9/xbQ8yA==

B.3.23. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10140 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6502 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2125 bytes
   ├┬╴multipart/alternative 1144 bytes
   │├─╴text/plain 391 bytes
   │└─╴text/html 486 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <c6774fdb-3ef5-5293-ab2d-eca8b66b4bbf@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500

MIIdPAYJKoZIhvcNAQcDoIIdLTCCHSkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHw/91uDg1fJb003YLEnXot6ooUedmQUuwrV
0+AAMXpx+Ag22aGkQndo1Enr51SPudU674Rqcmd8GhOYv/SN7k2hJHcVJlNB1Bqk
KBlndk8OZ3CmHiV04gDZUaH0CvHsXFS/SV2fixL4CuPjl/KolO1AFuOU336iRXTe
cxiI6UL/n/feSVf0HNqSFgdnQs1/3pQIOA/33mSJBN9gLsZIohefKGYgzhjIO9EU
T3PKk7A59hZhZiso1DMUSnuHOMRRHGbfPK1e9mMe3s/H8LXkqRXFeb9Dvme3R4pC
GHEEsT4zJJqOTwYC2o1qn83v22k1Tych2daG/sMgDp+1nYV4KIQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPe52qnO+vt6h8MkYH5DP9GdZ
UkyDSFBx4fkz1m1OivGHVrmeMAacHrU0EIthagq/gIoX3VL6+t0czMIm+l9svu3a
tXUyCjDjOFS3gXmlwxg91rYWunzlMj7sMBRt3RjvZXUKhluL1kz3f10J77Y9GoG8
rDj+BnVM4GHuKknTTSaQDYsXnarJOFTLMHFTMefuAf4bSxn/WyNU720tNYG1M0/O
pE+SZPEA+we615WjdMvjwsBZTlhQKxV8mFsAmsiukjWYAWHn5ZaPS0xA8W80NyEh
GF68xjy1tYBwLExtii2NqD+4atl6aXj/odar1/FTLCG4fUJeBWH3/ea6keEr9DCC
Gg4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGkoJQ9zwq8mv0aBdHyfuSKAghng
Z6pgVbu/KHUwPthP3sxFazxNC2ZfrvCGWwuFAxAZQQr5D3WhHqUYWhWoMRP343rZ
NjZzzBNA3KqDRoZ3Oj50M2ekjBb8d477Q2ytFz3wuC6+0jxFOl7y9OUQBZnlBI2z
HdqO2YJhdmlaLKoRThsXHCdSzr1Jxlsp7fhkA83CcKAi7z3T890f4z8q7pu+AUvG
v1MFYxQ+d63eZTucWXdjbbxgzN9iQGlP4kq21IeccX5Fr6gzwwoTRcQSxj/wyTRX
pWjoVWfWedOoiMbAXsol20+idiam88MhdH0kSpxve/DAF51x14X7mMJJFogrsNao
ebrrzg+hojwO9CMJvLFBNVlmy3EcdrFpeFsxUWKlXnc1UycAv5jNHkERmz5gK056
a1BQFGkD38VsiH028KT9uNbpInx1FNsvfJ0u1YMrA04kuYcOvbuBDnF/ha8Tdj+v
d6No2bO5O+jf8OTBlIe1khM8jV/Cy3pYqixAm70gH+USuvVjvjLhBp/EJ2xWA/mv
MbvbesuyVERZpnvoQlA3bayJAV3HyDZ1oJdmEM7/ynY6J1GpQaloTQcfvFbhUnYa
ooV199V2kXAWIJ5cKEWFoLFHv3wgYQPK8lBpqxKlp4/ZqGpnjG6I7liFNxDc7mzU
dNCK2fUu2XbSuXz1gz2XNML77LkD/0Bbv7clktiCQ6nNCd+Zhb2oeGO/WO1c1m/a
5ZFI3pW07vLNIAaOTQx1mBUOc7tvYi0PVmnj1k+6UshdT2MJyUagcz6yPRWJFtfg
LaPNphyRVTYPCAoY7TmfBNoy9VssOAbbxq8JjJOL4aV7mS0J56BHzLUNH4GQMYso
nEr6b75sRMoV1sYAinDf0fg2gAzWrdAOO6XjNQ6rdgrYbHPN7WqYhcstN+vTuGAP
Ze42pN5L7ayKXKwrTIvHB2jliP5pKNat2jZ/MiLCzfzEvSgburwpYVqkk9t8ZvEE
ICmsUK+vaF+GePy0LO3/G1bVBFPHGdFBTB3DAbo6R1hF+sys2/xR3Lc/8+mPJThO
3gAoMXTRRgBxF4pTgilTGF7JjYbSQybNZ8f4Yl3IOZ1uStTTXa0f85G0gYpTR3dI
cCk+fTDU3UALldQEr8sBm/hdWxYJ6yL5kw34R84/vL7yZhs02z3rfVV1/WNfNF/i
TX8Gl4PYT3IZo6AeSZ5Y01Z1/xx81D8t/azHhX+ln7LZVaZj2M/2/tqI22wWNjZb
yiORjDSjeJ5TvyElqVIFXYw7dz8vK0GGzjDTx/OS50hlmVhJ1rfY/IWMrHNhSVAP
H5vcjQ8duMhbPIWj1/w3bhOL6UWiI+X04lcElTeABE/ZLfgA09EoN4+kbXWGBJMM
BYqWTsp8/tKqZQC1jWS6drh8v08jP7aMRNbLNcYS9ZG4fpMdTJ81onJgDeLdUks1
uSH1CpGop3XGbFvOHN1YS+m/ftSMRvfJUXKIixKHRLIhhclwaxKXWzvfn4Q4Tsli
jKK8UeKOTXI2bdaNGkDGVW2Abo0YdiDqCe5v5lXHiPecPxoGvzU4TT3625sKlmfi
4f4X4f9X+E7e+6iSIf8bs5rJZDEnE7AwDLqGpupCYO618Oyuq/VDcnHFMCsgvvCJ
yaBk9nRIYJfL7H0uJyn6tjlCqbu42m5zCM4ONiQ1GNl40SgJykTKe5opSy5nkDDy
BMyBdnspo1Ql9HOdvLtL923VfPD1coS/MjSg7kRVPqOJdo7odN5sjUD9ldnFI6he
97w39ivE9zeGQkWMe9gQts0fy4QN6bLxrqSbtSKpLvd0afpbaE7/zyswtPu1yhsj
AidFKrgOqyuiRdychkA06J1qSsbiBpvkOsFmeADqdKnG7lg4e3tmGME0rooIBfHq
txCMG9QzMebaQVI6TqzA2xs/ta2OrokiN15YzjjHhLgwXN2Sr3eOXxUR3LNF5SZI
HrzY+oBoamyDFSFEJLAHfOJABA/bruPwCzIzraXq7YtkOJNZGSK1CvMpk1orMVrx
vdMcoGCT/UcGOLakk+3r6OeuHO0T4UWwO9/vEyxWWqUZusYiiR2hlZTgBae8F4nt
QLhb+sZquSC0a7tf90228eK7nfmUjXyhk07wTZkFL6vdxPvdzfrAVDMTMsEOl9aw
XcXgn7cMshA1qoY3GJwnFKvvHwZD+x81crpVEMXUblnN10nseH35EWm3DHvHJr4H
ET+jbiQfXiRs/qEZAvPIzE2c4UUkEYyKPF3fFNKJ1/qWgAh6o3yURYD49ayP+7gW
wJYQ4Y04aaGPxURZxBAXeVS3t7oK7ptTa93isM8fxGVJZofraeCX/I8VIgdTXzzC
QI0smZydy+GKcQi60U2/S0eoQ0zmCd54Fh+Mg7YzJsyfxGhCoIVEkDknyP4rMBr3
71BZD05pxqWsFRoHun8Aw2nhb+TIUNAHK/6iBHqlRNljhEsfc5d7yEZDGvA1RVDX
oZAhXBxcKz1GJGd1At/hzZDmj8MsxoIhRN6pCvBrN1x7OxJybtnp/6dKtE9A6VRM
ek/zdWKIdHiZ0nNnp5SBnamRCx+pHECFtTuQyVmcvzbH2X/itmxrLPIAfdLk11tW
Qv19Vo57I3MKfEWPVWVsMQs6gDk6n+hfSplhIKHS1jv49llB0RELdp8Av3ijCVae
jjAqi23xwAFUE6EtniNwwGyFGKMdbHRRNgsNiaUS49VP44x/60ae4cfUQ0t1qLXW
Z/fmGSB1LeQUqlnv1igfRW6u8bL0bRwrN+jOPWmxxAdS2ipjB3e8PIbNHDi+sYtW
B8SRWcQ1pDUEtyY/hGl7pqRtxFBgRZWxAQWMXwVh3lcexasEd6j2cIRklCk/70rf
H5zXVSw3LNDps90Xa0k9TnP5x1Yt1L89SDILylDUlfpzhwhsyS3V5fhoGCdxbilS
qjA/pYvqjC4m1IS1ytjj3bMUvbP3x2etnqoVSGAtaH9ewHfCEndFIkMGIqlWee8i
SC8hvNR8TcWIANzWxqlUF018EMQEN1OTAjE59K8sXa4gluyXjbN2K/DibdbZG7hL
XY+oQxLsW8uJdlZvfiuqLnmu1sNogAgrJCvq0XTG6dx3MuaTC4UcijGpWvS0r1Xh
FO+4qmScEs9tg5xXRqRRhbu5BXAJ/TRlZ6vaSKUoeLQ49MC7CeBO6XTKHSPPo6x5
Fjdyq189O62hnqKFa8MgMfwx+vpyyA4KSVPN36Wl8EPmYNABkTMlTbL1+SHwAMVX
qhDuDNRZv7ol76CYrQrBqunwzGhV51vhkdT8uyqV9VtdfdpL3gpQHbqqIjSQT6/k
iDfMI81QLdHXv028jFSNl/huldQ6GluOI7tPsBWVoIcaKCFOz63dHfOQzPupT4wO
ZmDv/Yae7wLuhhDCFoe26A4mAWufXCkfdKouP7GygaLVzi4V2bYVmVWO36XDNDyI
6PETY9bQU+fOHEhMLKdMpkblLZiWTclv9PIoR4dwKnufsnncbZsgAPankJmBjP8p
tHvDrctJvqYCZHSyTqT5IWgOAp3c8K/RxD9lwiFvCkEcA0uZBUqTLwZJ1bbKLxEM
hLmtBn412q7ic+ud3zT5O2fAeuAw84tKKKbpT79jxiaz5EOATiBeEYmR6MNxux3u
TDvBabBA6h6Sc6NbQB5QpU8knGmoGyJTm7nwNPsJtud7oQ0pjt//XIKAGE4xBLAT
qB44uBhwJETObjkeWKqVV/Umnv/TYf7CZaKIA5udixJwglOLldPAXgNXRZVX2+2K
ArZABmju+eEKLZGqF1LIXO/20BaIJUbpK+DSappBovKoTGdSTfr83OECfVuP0BNu
+A2IkB74WzoVJm0orGRhzJZlJlC6X50Mqc0+RXTm2LBaa7kl8RfnUQpRrl4PPJ6Z
JL93AmfFZgGLt9N8ITg657MHvt2rtZpTb8c4vBDsbg8kuDH/CMyZFt4CpG7TMhTC
neVVRYNHwj/d7Kd+9T6UMly9LGMnJtP7yXPWu1dLGLv0qklwRQCfVN6ePHHLAW1O
b4Or6tL2kURqCL0QkIVxmJx3Iypyq4mRSnWcZTJ16hvWVW9P6elXERXUSWf0GHRg
9JNFAENt+p+x8rocnrV4+AOg952uhH96f++0szz6T0aM37SKfUfAvJV8XdtZwyVj
a3LAh8vJzhfV0WfRv110UxIZUVP4qM1K+cTpj304bE0hi1gQL6+26s34Vrv836SG
Gae+hYTGX1NFjReMi9r/X4YY9EDpKC5eETSnnZYSkP50163vDsVtTmZfkSXyT3vY
7p1UaF6AvZTdhapMKCelEq0yMiOMNSIqXC3VX12bd4miHuP8Z6FgKIn8vtc2dNPc
d+d3EA0+Gpt4L33lokogHAnEHokiiZkvWJHyw6UDunRmJ3p0AxR1zmgGbFGLeuYV
BTPlXlyYHRHuWI+TVL+QVc6c77Q5QRvX6RVLxeqSW+drnkHCtGX4eWz082xy6lS+
SBoOxt2JVPYvyiCA5cTkALyVhlbak9dHMPVeO4U1f45c8mApm6xPT20l87vnVBxd
gWwPxVaC90X1qXvaTvowO8yvgLQPE0+eISkRCm3X26Wfyck8W6HsMrUEl8Boa25H
/Txq2TdRTjkIkaE8ek2YOMdv+JFnkxbgUEijJjRt5rYDzD8M7yTePkrq80chx2WX
0qUjD5dUkXYXsGAB0CyoE7RRwsHuzc39c3NMuMzKm6zBY2Q8jcC9N4ANzS22iq95
1nhN5/7dUkByuRMpXNqhKmkP6AA7h9H7YNeG8hdlmRB+3BeFIdezv9tlPGs/mtdZ
lmsI7yfIPDTXF/7gF5KpcwAhWQ9uMySeTHBZwrLP8mNoTcoH/0r7PRGUOR5Uvf9A
5GnEH4BhgnMKf4MB/TbhkNMoCB1Jh2NFiQ+HlnJRxRoXXjZdIQj7wF7evcwHIZxE
I/BSUSCrLeYOsO8QnOLOHbfiJZMlthyqFJC2Hc22zmeIu7wNRMAlyQZMv/0z8qAk
Wd1MTpT2jFBn/uVFwuEBv6vbKC9Dm9NADBS9xg0P39FmhYtzCmrWuG/gQ+JP9RIe
vuw9wwjqxH+VEUwSxNtSAOFPyHlm2ggWSQuTBRFflSfj95PUMn6kgNFwaIxzLpow
quFfqhz5HIzdjLlAYFOzl+MepHXGGNm/H8UMAV8tO1MjBIUqbVjbGSkF1p2oSVqT
+9q928fB8cDHy8rSFVUjEMiJT9uEQHBr7Xk3d2gOHBJA2iivjxcYe2yWa5qJZ1WB
ObKTXaLVbLvHac5XdX1vNtzzF+qo5C5UGRng93IIbFYxw6V1kF6kQYJMusgceMLN
9aWDHsuVtdQR+mNP9FOKktTQ3GzYM/szBDi+ZaPmkswmnvA80Q4Qbrxp//TZFLKd
HlTiqPTk4XgQwS7k4K4kv16K7Fn9snqqUBq9ODaxrEfvH8JS6pvuIvf+wvU0ID9H
23jaZ4wj1CkmzWj11G/jWBHiMhaXc8lvS6C6lOKyvVFoiJWOvSdhqM2jgm2TYBSS
NI6hVgLpAQvFNgZuKopRgHJt/OQXfQBCUA0ijEBxBJ1ZDzk4xSxo5bsw+85W7Zz7
vzePF0LmT7Cy/qkGQW+RO4ID96w8Lq3+qX0aAi5oPwvA7G7Jtp+BhPucvehn3z5r
bl/aMEcoIgTd49gpcYZLqDPaD0SsOYBicShs/CtwqdoYDgwkzi1WfQK3KIrsJxPd
Us2VG1us7Els0zQKz0pJuFUzlxdyz0339tuh04Kc39DNPzv1acwkPHMVsYHjOqmD
zeWxpxHpiVJYX1V/CEHaOCtQHu79WJZDHDWaiaXopVp9V96toArzz9nZffM+pSJL
Gqv6P0DZbGxecnSXqQNw8nucoEK6pXSoofCpCCqWFo+xi29Mv3gA982UDEDubW7D
zpc6b3luSYEw13p7VMqWsbWsitzjt9MBq9g354SWnTMoF5yabvRoZa4gj2j3Of8Z
9pEkpEgHO2cQHEgrHvpFuAiNHk2qBmFiIp0/MUIeUOXVsrD9mUzoTe2W9YYeIAu9
4yE1cT1apMhOoFGurW35lkxbRlGQ4zy+osgikbuK3kAsk0HHkibRR/sXLMrHgy9Z
gdi3Kw2aU4nyzzMqueoK3rtC5u1IEfHMsRU1E76Q6TfS1gcITGDXwZJ1T9z3pfa5
lBet5lV9MCBpOpQkvxGt0OKvmVcqdXVSz1ZF3j15qkyz20pn7uyUWrl6r4ppqIPk
KMkiOzlCKIIWfnnA3dDiF8a6otgX+bYGgBwxOoZ8GIzIhqLkrJNvF5ufeZGaGSCo
iNT24WGBcnKJot6Zrr2K4mo/eNuvTrYv4dZt/rmWBUdEyug9VK0fiSGfYED9hUDA
uxGpRXxIU1Fq5w0HlH1tNH4mzQRIIMdS9nw3xCbvPDIwOlodalk6KDXF2fy6Emgt
xSCLb8AlWS8/S0VtaDornyN1ApTvXWX/tDSUa10swZpJBNB35vrYh8NOcK49j7Kb
ldEnsuzSROZX7hPZvwc9z9jS8IqNuX0nPr0mNLi1gpxPOuW3UMDNr6gKBZnKqcGo
HnWDll2Air849gN1EAXcGcORuWb4O5dOhu61csSvYKvaEj4Mct76vDaeFECb5Pzj
yUQ4Z2UFpp/KsnP3B2CE1zdxu1AstDRdO/x2dcDWLJjUy3c2wM+U9nvHvbxTnM12
gx5UVlM21UHeM4kiwAhYKjOMsnpx/HnNk8kqP50OBlWwusS3JTr76tzBtzQfocqW
HEOMvMy35x2Bh1ql1PRTSh9c3mgSpXIPut0l4xvNBtVKh5GG3rTZf44qJkMbwy3d
C36hOWWkV/z7y5e0xERArT1CsFP+uDdGny3XGUPi0yj7jz/XFy3UnxzsKGVQPaO1
E90Ezi8eMNRtx/gBy0s9KwgUvam+3dG525ylGvbio2mrgLuTI2CKZiQBoTICXkP7
/A1RGp9W4wI23/Xt3hDW0XuBgvoJb6UxlNabXMBoV8MQF/KfWVJ7nnhqQDrRujuo
ya9Id5L57bLdP4SEHCWLvPERMDzRk9wpeVgivKN29Q2hhAU5RCgO9KjXWd1moJku
4FAlTZErCqfkIHdLTN5GKeL+kYFIfUV8CVlr6D6MVwpN5QGzX2Y/+iat7iS4C4dY
MZlHqMwkBRdxyjBBDYBiXGILjhgMGQ8HyzV/sJSYv3pDS4WfqhTW3mSNqQ5OcVz/
3uGZeNe6ZkbE9EyGe/rRVCiBT5HkCpabG1l8Bj8MO+Rl9CM7ddVvO23WbaKt+Vw1
f+yzK+LAELR3XfAfqJPo7nK1UE2/QOLFDw0W4/uPbb61lRkp3lMW9NRznAQsUAuT
HgLQT7Q9hn23wBTiQwiBS3kej4Gi6wVW2Cj4o/8EPR0qn6ne6nhGhgcYHpkw1Uz6
Ql9vjLyUFKjEOo0NWOu6pgyDcfW4uGNzvsdxcnvRQ4+qVyHeXLEM5d2EhAw+TzW9
vWDpgYTTa/ZIILvJv3f4iKNZYs5PeUJWLX1IPQbrPPKFevufJk3ld8K8QRuxtNvx
aKp+scqFC36GXvCrGsRlHVaawBCGkCL6DYZVTDtaWIwztIvCXu0zOR9D6hnsbmFn
t15MSUwr2B8GWm1I0yVgxp9U0tF4uTDUfo9BLnPpJ+2QYjUEPXvlBqjEaw3iQsBK
h6XPNfRJqrRXJCbpCwZSiqSMKPgh88PB3F5Hjr6//UgVY4ZlwfYLSUgyZFIKBmKZ
8LAdeMKui2WTsIlHMlTv+yWcbf/6m1F6qx9Rbl11Q7OxGAP18JkfVBdNuFqu1iLm
ir9x10Y+8j/GcaYOEwC/CHxduAqprr03sEz45oM0kSD8ZfhbHfuYH/QrbEdZQd87
FkCzNVdV3ZjGiaOI4o/0CpmBfhU5xN5G4tXY9cCfIXEpkqvO3/guoOlkbNWBHJJU
WGLKvluSpoa6C9bfnaS9xr4YZjolD1W9odFC9uE6aHyMNFKTt71YT2sTMbVG9Ylo
BWKv+DQAcai6BECVv1bvy9UyhicbzGLFXRmFS+/pGSi6h40eF7uEkUivmlZYnN/B
yKL3yEqV7CqpUYrBmAC5RLj0pgWsBER6B9wf5gfRL8LMZp3lO6g/w3yjgH434L9H
Su/VZmVjrCzZIOxE/ZG1GGMUc61+Z3D/9lQMeVdWs94YhoFT4nn5SREDVa4+4YWw
sUokqK5i6los9mYlu/SJPxnwdCZxk/GyRRqH6Kk7IW2iWVXO8DEn2+n5szNLhv2E
7OazywsBB9jEH+CfJk1mgC2gL7RbN4TDguMZvNGmtK3y50or3wRDMsCBX2iWG4r2
9HYAChFcmbEWlCL3A3y5MGIFTrrfIYmKAWB8foM6hhWWFVVTTIxPqlvSZ6QXz0MA
VA7VL5TVxltJotzLAbCKoYSRVmtJSEhsxTXHcWPX8YUpZvop0/dWsY6uJBkaadjv
Xdp6MyF0WPqs3TYKFjZCHueaP8vq46vr6jP15h3tpxi5Jj+TWgqbOGmmn7reJKvx
xNFpPHjydvLC3FbHoda/sE+cbjDup/bbjsUdZIVGulg67sMZc0Xk+eIIw3RIzcso
f+c0AJz+6bGZ/k8xryPcGO1pud37J6F0nJZH9TrEAsjFJQtVmZoYbHDsZq0MVHw0
J0YksygeZn0aYHVA3gxfVcG2PbQpeXfnZyUsQtfjZOoEH9Wh1vh6bSFs+5TFbIUC
Twxyn5ssf2yjxTrI+kCxlRfIe7r5/etsBUjQzpKju5VlXcg5msTqO2xj0QFKyjyZ
wci7X/lzVJvf6T/v//ItTWzmUFEJ+Bux0vo1jqdxlsgg1wPyAEgKBoXVM4E4OJCL
vjC3vLlb8Yl134JcymIrLk1D8etIJdhNMsoil6oy7yFtyxmqHjJ+9EqbJRhef1au
JWP7++n1NNtheB5YoLlGoRfgxA8pIpDrFlUxdYKN3mBX+IdaTk4f+gXoNpTXbtRD

B.3.24. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10790 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6968 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2460 bytes
   ├┬╴multipart/alternative 1449 bytes
   │├─╴text/plain 494 bytes
   │└─╴text/html 646 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <acced3c9-111b-5a4f-bd80-34558da32b4d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500

MIIfHAYJKoZIhvcNAQcDoIIfDTCCHwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAAqBquNyGXBsi563D5scoeCEhSWiHeZcEBof
53CMvSnOVtdWust0R7xoMAJyq8ZDsQ/rIWOAvgm3xYi/8hVHowZtCe+dZozlkiG8
yLla7UpcJVoqRZfMKoHwgySP0vNK+1BhgSQSPO6z1ilT2HBMeMBwjJ+6y9/CwOnr
hRXiQOWlBTBcLF/P+rpuAsFtv6jdxm/jzXEMgQe5j/aConPchgGzKHy9XiCc2YOz
RZDJs5Zc7cmnefTA3f0IH0QaO41g6ST8EnqimWsec/eNaAEakZOZZJRYAhgLXciD
1qjuByWAAn4h9KnKXWg3VtZpX3I40YMPLw319TGAJGnP5kh+DScwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdhmdRrcVpFpMT38ZFuEl25Pt
kTT7HYAcrOSov7Fuohjk7kukQyTQCG4y73sHeu/FZ1IPKzxkOU3kfBEbJunPykkc
VuFJPQJmrDpk4j5dvSqikvqU9cP/GliakTrCBiLdb7DO5jsA/8o+3OmN4S8F4Mjw
gA6BY0DOT97FeTKpMohtlGhGpTtrVe8cVe1C2QPD0rKBYEgwJ7t83mzyaaj8Yws1
sUAkjFY9hoTuwLspdiTqKbuUvEZaEaKrhO10WYqoTpLPjbl33KCo7fhtwj8zeVbR
Gb/1JbKsc6y/raPG0sTZXrCMQRmAJzEaNiYAmYaP6qdL0VuBQNDhEEf2bPopuDCC
G+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECnSfmBIh5urf+GVWT5DQ9mAghvA
jKFFJHAo+gcmKmrsfGJloYSxEavtMlOlVK8qttlITxGFRxoi2frbYzKjM0ELjKkE
0QSux6e/uGdvnBtx85/O0x+zECTF4jTU4u75oU+pXgAKDHkHQvn/SAeTaDMR2iKU
W1KJXpL98HqBBmaKzXGpXXt0WNKG2fnNs9+xOqzC1TkyUTTNOG81N0fkosHCBmdx
VY8Uslp+BjRKQ3DYIEHi3e0ktMCkSRh59s0J3rOpyAPeL8xtQF1SzjCSBociz/8H
OOECaDJ9RyrhkD9E8t1oeTWF8PD1VMsGq11F/eWPSGnDvKL0fvHPmq5nA5KMb9i0
4wgwRigvIn4yadhughQigM+wveRj7EpCXzaGeMusjc5Gzfau78VguIoIVPnBInwk
cYAm4hLR4SjksWjKctCREwCB5HhYmrCl1adob7AkLSfVbGEGW+wjcOByHSQtLeyX
pjsImxrygb5WpczagBwIEt6AYk6kgWMsPtHF1FYtCHjdfv1Lr10zgVPuEHROM9gA
0kWUnfSEdckaLw+c+YAde2q2NCt52wq4c4hcAvhJnJP0x25HWG0DOsoCp74zx5jz
DuUvv6q77RFZtD/+ykYLYXHhMysKNq7d+3jUuQ1I3LStZ0K1xxeHsKN5l5AGNK7V
3HT6LAo1W4oOUOBh/+bZRm6fPNMLsoTC+WHAiB4rOTUeljz7PEqTvpeDSbHbpORn
Oh5UKUuwTEH6FmfFUCMSlbeqyJoSqhsa1F5ccEJKRzKVR/ujYRcLJPoxRTVEWUhG
agsyQ5893TjSixMFyvB2ZFq+I1JdL/NU398OiwGWyg6FCck/UndwbV+DVrQ2pfgK
s1e97pSnL3w0JjMXpxs5WLWsf9wy2eTajsVMA9RWaHKXKPcIgTmIC6M8q4jWxie7
i4ZfrIVAHTbKaDaL1bGn7Y6nL2aWj1pLke9kE/gngZpKWEiAuG+MjY27lAbNZB6x
zJLl8Btd4VuzhmYnJCPBZ9q+YGV1TVtgbKeq5c9/O6T6QvkEzUlQHUwYKjXvZAEL
ZbGGzDcXVuWoBbP1fbzzpWKuhzqrN8Jvof5e1SBuKe8nnQFUAKiHxzf2shWkQvG7
gPkhDJdcWXErpohhnnmEzE/deIGWRp2Kmh27/FWlFfKbF4s/UiYI2za6jNRmCSF8
FoTtHw0U23YdKfSqg+qx6Cr464wVlV7jUgBIfdMdHk9qx+lNb3vnBpYnhg2tVHkb
aCUfOQxHN7FHySdDTMunZSJ4DLHpS+e4ufY6jEmUwdgz/j+qTTDon9mwH3liyisj
o1nd0vA1ftBh4qfnjV5PQJ+C9vYhHU20V/uJt78jGdFP27qN3lZPj1Vq1/gPT/r6
BJzPXJx5FUqwhEkMUE6B5hD519hNNrrAltvS1jugJGsoGUwbw1qffE29nGxTJKch
+pMJUOXRUDelO5a75M9ui4r2nFb5yUhJh/KwBxTgfsuzQ2kZVkSv1GRWzFOKeV/U
SoAJXR7mmxpKqcf0O2XdQYQq1kO71iIGqxTQefTGNIsv+VSCK9VTjbD1RHBOOft2
lxW0GyLejwtfvRuFBozL268ZfyUI0xfqVRm/mjT27zBNoBDVsF3K8AGvuJRCIoVe
Pw2akifn2+n8w9n3EDNkck4JDxkL9RQBULMYkxAcUwfxdXzPT/ixNHiEqj7VCu6k
qTLPr7Yt7qLe/BbndIs8u/rDc5SVWmdjzX3s0po7uw7XiII3ZvxWVmBhi65rJUzD
bx1pzA1+lrKGcnCetEPpnZuirmb33CKBrzLNXH5XTE1UfLr4g+kEWnFJL/ZvIwct
VzxwIGkeWfrkpdR27chlbGwXyZGeqhR7SgwYoev9wvj55VKfGajWsb09Sw6l3FgS
lQ9fmgKv536pYlSYClfFSshuQiB0FVDlagtnb45FNGA2HaNtZuT+IWfwBpj3O8zI
fEGrm/NzhFFGnB/R8xqX3pB4nEQgbZ09Kbw7Bvd7XQ+2v6zQjHy82TP2Q2+vnDJN
fwwwJJ2mzT9QPcTjUu84RAT9ritBJh9QqU/pskeJJ+LW9s37uCExICMnbaMT0btG
h8JBUYpxJ92M95l1NSgv9pnex7PfUTdAq6CEyqnN2K5XFZQ9kVWYABucxCd++sO5
uLOTbepB3MRJopgKpMYThCHaqd/MCc+J3oO+Jw/g/zTwlq2tXiNw/smN1tsRO47x
ec/I9fK9VkxzXa34HQ6uhjhbzw+pzNUimIlCCr/ZrAGGyUx+GqiAZjUWXuRtETFp
iYUpzM4+0Dnv5ziQQNTWizAFWUTW++FmHpU8Nza4zqiVUkuxsFQC0I4zR9f1C6Ch
2oqRkuFIa2O3tf76D7h+BwoBKlNm0yWjZFDpb7lfbckQJZUQ9CbdpLdzYlSW1jyD
rO9sRMtZeW0rE54k0XMyZ08MIUbvor1Xiif94QdhtWMFz2ne6rjBfgh4YF89QDtA
zjRBS0UeHXzv2N5LnYLaArADFGbhm4bhZVmgdQeHiPW5EaUF9PbaiWXs1E2dz71O
DIgZAaz5ij3mWgRdu2uqBio7Abibsfhd0D3ImyEoB1AwiisV3x8ucrTLjlm0Lt4f
UX1tfF7hDqRnKrtgQFe94pruaA8aWD8hMhLyycnOWhpmBHbWEAe2KTh3xC3XpVbr
V8IQdjSxY0AY1n5ktoAZG26Uoi1V34I6olmCyTTLKqbJv0KaO69Qszj3shoIJbtF
k7WeKn8xgSuqjl5t+n/6F+pl0e4Tszh08+d2F11aBY27gGzxjf7HGBbXY6OhBZxg
vvC4DtZj3iYmzFzXIRgbhgJLAjvtXRftxs90kHlHAfxlAgnrJWmUeVFzVIf2/d10
VmJw/yg/u/d+HhFDl8XXR8YRUHjCAsnewhs9F2I6B/abUpWELATTnL+SPYxdF0kC
Ip/+ziCiOZ6uiwNwiecu+VjzrZ0iGVARGHHHZOjTxlPlOcIsryOPOrJ6vGMIusyr
cS9GYERRszavcaAQqYv/SF8Zi9VcuJA3ymyIHT1MaAghJYYzVcrr7NHWrU6+qf/S
zL3zJj3OGlUftX70tN41cJG9THfciWKIlFgn5AdKiqOhqR2r0WffWy4E3/A2tKBe
AESRwu3p0K2UuCniE7UAg2P8C9jS/OdKQ7fepdUEwSCRJxb+jmm9o33NLvnkTItw
4jsHHjDfF4HxVx/vouoJ37SQqArYThgLcaEWHRrNtmx/vPtYf+MrYviKGdCDgncs
ocBKiCb0Uzi0NYNjnMp3j3rr69jZfxOHI4WsmJlM3ANsyopuI9c5NeXEZIiB1Sne
GAxPbcpIXERxd3HJ5gOB8+D7amyejIvJgqUpQIpBBYCYLFSIHukonEUt+Bj4HcfN
lBct0KTFVaEZsjhPywdqKmzWUuPn6Y4IVoEeQnxP3cSkk5vhgwZq+pfVk6CMPnYx
ihmcuEiuzddzFL9IqaqJ57qni6yduEbo7AqGbaSDE6ISXtMvwjQHXNbWEAMbnQSU
BbmidJA0BYy+GzjeKDX2SF/wejnmucBvVGBVPDyZ8bhj0ZH1jSBRvoeqxCnP7JkT
K3SFIWvTx4iulzpuqxyfQNIWFazRQRyrQqmVk1z/u0Ot1mlrozRKPVDhFA6CwN15
djcA+pBv7qMXDPSjNwgZLm4mhlwpuQM1m0frNdWjLjvo5X4k4B2SCLp2eRYLw/24
hi4Q0gs3yNSbV3VODnCj+VIpLFnwoOD1QyOH2GrEnREjJKSjqzCGbgBkXcvP03oE
dSioL/OvppL4c5FbQY135rQ6YtN8Ibww4QgCt3BEgPjUL820Pod0u/Fs5nOmOd0Y
/TAPlSUASRNoX3huZXPvPws4wHXtymYobUeiTz7O9iJGN1htySDhq6hHNBbzoIdh
OBSI7/j1UwOFLE6gAGIkxqxBRCKur/xUEia5MLfWsIDkd+MiAqRdtyHLZuVx4J5K
SgF08VucGPJNSkxMWpx3OM65CBMc9t7HR2EaMD230L5iF/maNyMH5X53OHib1Zg4
y8PaUdClk6eoJc5qVzDf7a6xtuSr2d1R5gymyzG/22dLIpIL7o0jwcfrsAZrMou1
LoDtYkWxf8gHHMD4AmsrXY61PBECvrvI/s4CQlMvr8pChdtQJcuSH+lvuGUqqtFO
KnpdtecpSIAlh0Eemdhet53LcpT2EUVY7Ns6N7PMHCgtQHOTPLJMkKRw4c3FWxpH
230C19w3+Wvwnv+EDp6Eqza5QahCU7Yey1teE2EY+ljaOFqe+j1eTysemllwz46U
wOS0M6X1zJhwNR1vqag7Ld4ZgtAUFjQjazR+Ko2IK9lx6x+gxXkRDBtsdtUrdnLA
e0SVE8JdYQdJ55i7xhh46npC5ld5xX7igmlWFWpWj6V/5RoTKNYCdYo8UXK4NJ7B
yLYfK5yHF9KnLd9dTBxUuvOKYvdvKzgasfDhCd+SFwxLlRO1JM8yDxmyy4rZEUwt
f+Q9DTtlbINMcIowXtJCi7afhzQRsEnDy1bzuaCi72Dor6d266tnmDNTIQdLZ0jl
AivVD66/kTLb6Pp09BzZRY9x9P6SBHZ5RI50uyVJjSrmlSFjAKxxH/KqkpS06b6f
RBaSy1Jj/oBOFqgEehDZtyhFSKAftkd3qrfn9YhObhP1tDwgOrUtSXrSpazqSzcg
kS/zcFjd9e5lwPH4mPEOrrZuRJzWwrC2G8iZtAsVR8z3Ns2AWxoSDRSbE8IWxJYo
u9DbnvvJV4Ri39N0u1cfadWiNePn22TMT5bszIrcqA1XiAMobfKoklxmAgPWlnAK
AaGhXgvumPCYp6+hNItX/PGIdO11iXyURVW9Jq/q9CotmaRM1j4q3JoHuleARjjW
Uf/jgzmcEFBYYwftJJ6BJQtqhJ+HiBCVmJ1aFKNAXYcSfwBLaamN6SCQ8hXBuITe
TDqnbMo98r7amvNaI1iwXtgYtz+FkfRZOwjgBDVJfrELmeoXbM8Ioj/zvnqUW8Yl
cMQjkHetmeIqGU2Ay9GduVQW7xV9Gc7kkE7SIpnm/dQTL62rkPpA0qG17t5cPsBW
FUSCjbJR2RSlL0UcgZ1z1X6peuCN7XZwA2AvPPaZ8u2IWEqhyneOyms/4Zp5cr1L
ZfycEWokZ33zSGU7D8OPIXDkEcMas/a0hP7zYh+zQr7yazyxMOpncl6MNPJ4Ekeh
Dp1f6Rr/at8JRAdz08iJujlWmcbdycUagg6v19gS1OmD5v7gcScZH0AOzYcYpntz
f36dd3VZfDT2heEkp+dmlNo5jiP/ZxANGy1qU+Dcq5vp/6KyHn1QZBMHw9KEfIAw
H04zUBXDBtiWIsX6UqW5bHR+nhKaB4oHpvnGPFekQZO1+5v/UbkAwJpEd3nPa96M
Xgt1oX0WRl05AYfge1OzJo64KDryolmNNXAqw2gOzN9blHOeltkiNIwFdIU9gGHH
HdT7F3M6OoInXO7X7b2Vw7y/7Ze9pWTnACP5k75EXXMgd94OlclpR99OX805kwdg
yFc6ZKVqEK/5rHRHwL12RfugI6Z43aY5nVtTQpJCUgw6HS4PzAEbNrHAQlEd+BZn
tGXvbtfO9ps1l5AO2HRS2YzdlrcQJqP5wD9gyT1hIzoTn6Z7eyIzYXGgte2GChFa
iC6V3SgPAPi6XheH50GBjllKFjPoFRYiNJsqdJF8Oy/Ywo6ile8sByRx9jiASUZi
QSDxdMqt3m9ATbZQ3JoEGGuUohA5Wwn7ZhUDK1sfxp61h/lD2npjsS98hYuBdgck
a3jYMlyR9oh8KVlpSQ9ebaz2XXqmU2Egn9IOHQdQJ0wwqD7K5yneQ04/a1v3/0zG
jaliEfbgS81Dj4+iuucJUqTtS50K3H88zr11s1vr+KtFA0k8TESWk9ncDc2Uo+0w
jLIumCCdXZk+ZiUbD7bAdTYoCBKaPPj2RamY5K3/CYxRGdhuEra38Uyfk6S7Tjyr
UXvfEFZZVdP3UFvOO0Pw/p+iXnJusPZ7vZw7Zg5SCnO+RXtVnq18OS/HP9LbvX8g
3jgjABxluBtH2HmWyLiNhxZdG/OtgRzVYnBExVafqaBRtP7qNxIl8u36U2p9IFn+
99UNm1uZOup+yqVGzMDH7KUSTf36Oz9QpEghKwyohmK6u6s9FO3zHNVCkg2rvIOG
6iY8ro2q/KC4ioShoU+KM8DyBzAe8t8Yz/c06ipWlae+cMsBgulhqF7oAyyRJUX4
LMX1DAILi2FzmA2Cu347axP3woiquwG9GYiC+a3tfgzsnvVBay76JBPPUh2myy2L
1mxv1xewOjE+VRfBMGo6bPouwNqflQGnDhWLwKyNzIAI7AiL/BHK7xhT4Be7+xWH
7P/Pd+9OZbYC4heifbXg/y+wYHBLVENsM9sM7qCbuJSACuWQkNBBHJUQC1IZeGQb
Z1OdcjBQE+JNyJO8mo4cNhfIWlmJNH5lOjHRAzVO2qerF80ucHQF7xWGV3qKg8P8
x5MAQDTiTiqKFGOHj5onM3Z6rbmRSRdbn6CJu165GGJjx6EnfXlpMG7IlGCFHv1U
CVlTnop5onytADFQih9LmjNvpHxonEOQ8wuEN9CiKEvFo/kleDiI/qRQhEV+KrX7
j/zsGEYFjMMbY6Uk40cPpZ70CwS4P7coHdTJQIX26inNN26UvQR9u48mhA0/ezuD
ttm0IHs7uK9IHOm1MBjSmEJxbDEvwND4srbjlQ0cv84bSPX3HHR0HGkwtPE4zqNq
Iw6eOpYUsJDdNyToq3A8Q+omzoz30YUzeBBRVvbf/Mwrd0Ci8+QcT9DbF4qUkVYT
xwGPQTnoLt+5DDPsfLESLb1gXyxkYFavbnSlvNuAFl/AzD7C2T9GRvK7x7pleNrA
mwstYUVDPAL83egLxxqKDYeS7IPFZal3MJXO+/L8fr5zm+ZLh/fDFcHSTdkW/Mnh
pZfTjjc9NL7O1W2bpKUAVatptOqqsDNgX81mXd2qetYTvVdc0rHrxz6moG8qtb2+
tzbi888edf6l5de8UTF9u4rTgN82IACEZC/78eeaIVOjOgUaQi/qY2yxtjFPOCZB
l5Vwe/KkUMonf4btXlMAU0hSr83gQbhZR0ikKc9R42MwucOOri3mWafVmjN/rB+E
hoF4756QzdkT7N93iGToMeiicCu+nHZ6Mf/4wcOE2GzQ0w8LGMI2AxMxW5bBJTEA
/g5Eaug8JQ4dQ1srdw5Sn9CvaiyGOLvqiYMDj26YfPne75m29HmfFTgPI6xphEc0
Z/MCRP5kMXJuAm89d0KUZmXmRveNoudqmZ0VEXYzO86wn6u64Pj7RoN9N4gQYdZe
CZI33gShQfhpGVKMHK3lKc8tqB0I4PoPZF9QZu7pYa1Ki9VreFv4SA9X4l82NEHM
sLOHlj+7Mr7k0zLXaFOLO2X/uLUz+58aKeho9TnH72j0Za71C7BoIcsVhdvlvHDz
+nw8bmeCHZA7mrThb5DUSG6J8TTDcAqAHxwD3R+vocAJGNDtE/6FvPHIIUmLXOkY
Y+HPzvJhx4hN3plTXfLeB7ERgBsAQnnJYcZ/91sNNsC91ubbyC6X7Eu//V102nvv
Qo4M77evEo+ZW9vxyVxF+GjEuceiSCGztxKFFBhb3Z4XNNnClGP03GbAWAdnyI4T
T09QA7A0qwK5t4BtS57fuE8VgTEE2d29JmXM2J0vYqr1Bu7VWVvK8RjieqWi6g64
pA1NJrfACyitfbibkU51shu7pqrNKOrjiwewADLyUH/8s+HoPJCFellNqialOvMN
5Zy2nYs7lGfW+Be6iNvLBef2vvVhbnhRMbPCwMuQteJp3Vk1u98n78rVY0Q+G2wy
xGoJ5j020LCkboH8IBIsp0tl9Cb28x8AFTQnwWnXpjtmNAWwb9bakf+XvpLPkTlQ
/31+cHHBVIWzPBpbq8am8Ct2Ha1SRcOV3gFlU9jg3Us1pYdX7p0gqaQRgJOumcCu
/3tE8jye4VDUYwHmCiIsO8mnyFGNq7qBb/Iq4AXegXMHTN/loDVWqlKaPoq2t23X
lUWly0KzV68q7jYQSyJCSAbhXl/K/lyY6YiRPukCu3cOjE66SFuVFeVbEPqsNuvU
cgTWLyDibMP3dzP1YTjVtjsdxs9kMoJcKyRG6uPVuD502Q/zrF+tB14Fu8tBscjM
q4xDg5OfcXVH1HAZDDqaPYJEANRVVAEfiOapnrHC7lW/Wit1gCGKyHtwpXNyGZqi
gTdtdDQMIOtKXYcbA4qzaFRCXHAisVVALhzznSlcGPwKZuIKOR3FprlCqbENzOwJ
959ySW84J3qoiNCgA1+gEJhXzCoRmb74+J0XwQxGJNz2EdPaQ9zn7fzS6EaBvioN
imKS94YwzD0bw4viUNxv+V9++hs/3Q5UL/TBrCTtaoUpzdkGGR/zoemj0S8LYLO2
6J17+U2N3i/Wcnpm8Y47LupdvbL+zddh8WQkmdJ7X8sHVfHsUzSLxvYWnIQzdETY
+7xxzAY+W2309MSTJhGHR+xOcLe/FB013ifpZo5qFRNasTWVLuPBZkwF3eFrSjCH
bnGre4WFFWLrOYR3VfslZxczYJinI93N59nQUDN0FSTuoCT5ioIS2GQklWoAbzRL
/7erGVX40mppmzB/tQ9wxXQoKZdWUyAJMRk1wV4XhnpUJScxJE+2HtBkaUi6I4/G
5wUs4i/cHAfrWkSJOSII9zKxlEimwOGc1WcntB2+UCCb7cTJ2I5V6qmhAFK2ReX+
0Bcm8j8gmRJtEEKFon5Pp07CR/8FMr0X39D7VQmpc6t8hyA8xPhWWiRDdLwibMtj
7ZSNtVfiNMBofj+7k/INPNSe75DIuGaO+yAhizYYIJAF+HqObyMv+eBImiM3A6IT
464xi2PN0JG0VHkQb9ONF4GjkXXUe+4JKu9FkyxfaNFNMkhKgcNcEO57TLwyhKHk
vXGp/TDgY+3QMjhS5ufjVD5rOZZQyNclbJ+my41wu8BR2Xkc+uhQaMJ/jOjla3ZN
fgBmxL2+DylgC21hg5X/OFA0KsA5iyJa84lq2k5F/KlGhWkyPgpRSbrEtTWWQ1KM
cbhQI1v1D3/9yZLcrtLr+JnDmqX3Vl71zzSwhwPsbDvf+c5zOEXagDgXWhlWs+sI
bhh1ozpomjyrER6lwPwRIl1JcSdAgRugUvMIGQ6OosIEodRPMCI37esvBv/0XAmX
gsaJ9xT2a4TxezWjBUQInTcv9dRcDXidNt3py3F1jBqx9MkTnEbrYKOXZ1wk71fS
FZQ7IcPrdKjwY7id5j9ABHQfQWy8bRECh3woq42JisX17wmBXlmtjmeaPUkZynKA
taPBG5IM5jRqxHntADcWQRXg5UBB/ssj2ziyd8xSpIZnikMcJQUZAlOWprCXm1kC
LBYanEAhce71K/o79v13de+Ynox5v0smvsMF9RU7+90Yzx/2dWzbMSwh4+IDoAZ3
fYUFootr14wPHVA4z34Vuyc30BR7UMv3JvIXmU8awdENHUf9yVGOTbMhu2MOkp5O
9//u36yzJCV9X6CcF8I1NrDaoS7OSzt5kWvMm3t3nGZAibf12ZGdeVK0+ypaIcVA

Appendix C. Composition Examples

This section offers step-by-step examples of message composition.

C.1. New message composition

A typical MUA composition interface offers the user a place to indicate the message recipients, the subject, and the body. Consider a composition window filled out by the user like so:

Composing New Message Send To: Alice <alice@example.net> Subject: Handling the Jones contract Please review and approve or decline by Thursday, it's critical! Thanks, Bob -- Bob Gonzalez ACME, Inc.
Figure 1: Example Message Composition Interface

When Bob clicks "Send", his MUA generates values for Message-ID, From, and Date header fields, and converts the message body into the appropriate format.

C.1.1. Unprotected message

The resulting message would look something like this if it was sent without cryptographic protections:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0

Please review and approve or decline by Thursday, it's critical!

Thanks,
Bob

--
Bob Gonzalez
ACME, Inc.

C.1.2. Encrypted with hcp_minimal and Legacy Display

Now consider the message to be generated if it is to be cryptographically signed and encrypted, using HCP hcp_minimal, and the legacy variable is set.

For each header field, Bob's MUA passes its name and value through hcp_minimal. This returns the same value for every header field, except that:

hcp_minimal("Subject", "Handling the Jones contract") yields "[...]".

C.1.2.1. Cryptographic Payload

The cryptographic payload that will be signed and then encrypted is very similar to the unprotected message in Appendix C.1.1. Note the addition of:

  • the protected-headers="v1" parameter for the Content-Type
  • the appropriate HP-Obscured header for Subject,
  • the hp-legacy-display="1" parameter for the Content-Type
  • the Legacy Display Element (the simple pseudo-header and its trailing newline) in the main body part.
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"
MIME-Version: 1.0
HP-Obscured: Subject: [...]

Subject: Handling the Jones contract

Please review and approve or decline by Thursday, it's critical!

Thanks,
Bob

--
Bob Gonzalez
ACME, Inc.
C.1.2.2. External header section

The cryptographic payload from Appendix C.1.2.1 is then wrapped in the appropriate cryptographic layers. For this example, using S/MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-data" layer, which is in turn wrapped in a application/pkcs7-mime; smime-type="enveloped-data" layer.

Then an external header section is applied to the outer MIME object, which looks like this:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
MIME-Version: 1.0

Note that the Subject header field has been obscured appropriately by hcp_minimal. The output of the CMS enveloping operation is base64-encoded and forms the body of the message.

C.2. Composing a Reply

Next we consider a typical MUA reply interface, where we see Alice replying to Bob's message from Appendix C.1.

When Alice clicks "Reply" to Bob's signed-and-encrypted message with header protection, she might see something like this:

Replying to Bob ("Handling the Jones Contract") Send To: Bob <bob@example.net> Subject: Re: Handling the Jones contract On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! > > Thanks, > Bob > > -- > Bob Gonzalez > ACME, Inc. -- Alice Jenkins ACME, Inc.
Figure 2: Example Message Reply Interface (unedited)

Note that because Alice's MUA is aware of header protection, it knows what the correct Subject header is, even though it was obscured. It also knows to avoid including the Legacy Display Element in the quoted/attributed text that it includes in the draft reply.

Once Alice has edited the reply message, it might look something like this:

Replying to Bob ("Handling the Jones Contract") Send To: Bob <bob@example.net> Subject: Re: Handling the Jones contract On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! I'll get right on it, Bob! Regards, Alice -- Alice Jenkins ACME, Inc.
Figure 3: Example Message Reply Interface (edited)

When Alice clicks "Send", the MUA generates values for Message-ID, From, and Date header fields, populates the In-Reply-To, and References header fields, and also converts the reply body into the appropriate format.

C.2.1. Unprotected message

The resulting message would look something like this if it were to be sent without any cryptographic protections:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0

On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:

> Please review and approve or decline by Thursday,
> it's critical!

I'll get right on it, Bob!

Regards,
Alice

--
Alice Jenkins
ACME, Inc.

Of course, this would leak not only the contents of Alice's message, but also the contents of Bob's initial message, as well as the Subject header field! So Alice's MUA won't do that; it is going to create a signed-and-encrypted message to submit to the network.

C.2.2. Encrypted with hcp_null and Legacy Display

This example assumes that Alice's MUA uses hcp_null, not hcp_minimal. That is, by default, it does not obscure or remove any header fields, even when encrypting.

However, it follows the guidance in Section 2.5.8.1, and will make use of the HP-Obscured field in the cryptographic payload of Bob's original message (Appendix C.1.2.1) to determine what to obscure.

When crafting the cryptographic payload, its baseline HCP (hcp_null) leaves each field untouched. But it also knows that In-Reply-To, References, To, and Subject are all derived from headers in Bob's original message.

For each of these header fields, it observes whether the origin header field was signed-and-encrypted or merely signed in Bob's original message.

In-Reply-To and References derive from Bob's original message's Message-ID field, which was merely signed. The To header field is derived from Bob's original message's From field, which was also merely signed. So these three header fields are passed through untouched.

But the Subject header field is derived from Bob's original message's Subject field (by prefixing Re: to it), and that header field is signed-and-encrypted, which the MUA can tell because the HP-Obscured: Subject entry in the cryptographic payload of Bob's message.

So Alice's MUA generates a new external Subject header by applying its derivation rules to the HP-Obscured: Subject value from Bob's message, yielding the value Re: [...].

C.2.2.1. Cryptographic Payload

Consesquently, the cryptographic payload for Alice's reply looks like this:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"
MIME-Version: 1.0
HP-Obscured: Subject: Re: [...]

Subject: Re: Handling the Jones contract

On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:

> Please review and approve or decline by Thursday,
> it's critical!

I'll get right on it, Bob!

Regards,
Alice

--
Alice Jenkins
ACME, Inc.

Note the following features:

  • the protected-header="v1" parameter to Content-Type
  • the appropriate HP-Obscured header for Subject,
  • the hp-legacy-display="1" parameter for the Content-Type
  • the Legacy Display Element (the simple pseudo-header and its trailing newline) in the main body part.
C.2.2.2. External header section

The cryptographic payload from Appendix C.2.2.1 is then wrapped in the appropriate cryptographic layers. For this example, using S/MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-data" layer, which is in turn wrapped in a application/pkcs7-mime; smime-type="enveloped-data" layer.

Then an external header section is applied to the outer MIME object, which looks like this:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: [...]
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
MIME-Version: 1.0

Note that the Subject header field has been obscured appropriately even though hcp_null would not have touched it by default. The output of the CMS enveloping operation is base64-encoded and forms the body of the message.

Appendix D. Rendering Examples

This section offers example cryptographic payloads (the content within the cryptographic envelope) that contain Legacy Display elements.

D.1. Example text/plain Cryptographic Payload with Legacy Display Elements

Here is a simple one-part Cryptographic Payload (headers and body) of a message that includes Legacy Display elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-plain-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A compatible MUA will recognize the hp-legacy-display="1" parameter and render the body of the message as:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

D.2. Example text/html Cryptographic Payload with Legacy Display Elements

Here is a modern one-part Cryptographic Payload (headers and body) of a message that includes Legacy Display elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-html-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Dinner plans</pre>
</div>
<p>
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
</p>
</body>
</html>

A compatible MUA will recognize the hp-legacy-display="1" parameter and mask out the Legacy Display div, rendering the body of the message as a simple paragraph:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

Appendix E. Document Changelog

[[ RFC Editor: This section is to be removed before publication ]]

Authors' Addresses

Daniel Kahn Gillmor
American Civil Liberties Union
125 Broad St.
New York, NY, 10004
United States of America
Bernie Hoeneisen
pEp Foundation
Oberer Graben 4
CH- CH-8400 Winterthur
Switzerland
Alexey Melnikov
Isode Ltd
14 Castle Mews
Hampton, Middlesex
TW12 2NP
United Kingdom