Internet-Draft Cryptographic MIME Header Protection June 2024
Gillmor, et al. Expires 29 December 2024 [Page]
Workgroup:
LAMPS Working Group
Internet-Draft:
draft-ietf-lamps-header-protection-22
Updates:
8551 (if approved)
Published:
Intended Status:
Standards Track
Expires:
Authors:
D. K. Gillmor
American Civil Liberties Union
B. Hoeneisen
pEp Project
A. Melnikov
Isode Ltd

Header Protection for Cryptographically Protected E-mail

Abstract

S/MIME version 3.1 introduced a mechanism to provide end-to-end cryptographic protection of e-mail message headers. However, few implementations generate messages using this mechanism, and several legacy implementations have revealed rendering or security issues when handling such a message.

This document updates the S/MIME specification (RFC8551) to offer a different mechanism that provides the same cryptographic protections but with fewer downsides when handled by legacy clients. The Header Protection schemes described here are also applicable to messages with PGP/MIME cryptographic protections. Furthermore, this document offers more explicit usability, privacy, and security guidance for clients when generating or handling e-mail messages with cryptographic protection of message headers.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://dkg.gitlab.io/lamps-header-protection/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/.

Discussion of this document takes place on the LAMPS Working Group mailing list (mailto:spasm@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at https://www.ietf.org/mailman/listinfo/spasm/.

Source for this draft and an issue tracker can be found at https://gitlab.com/dkg/lamps-header-protection.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 29 December 2024.

Table of Contents

1. Introduction

Privacy and security issues regarding e-mail Header Protection in S/MIME and PGP/MIME have been identified for some time. Most current implementations of cryptographically protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. For example, lack of Header Protection allows an attacker to substitute the message subject and/or author.

This document describes two different schemes for how message headers can be cryptographically protected, and provides guidance for implementers of MUAs that generate and interpret such messages. It uses the term "Legacy MUA" to refer to an MUA that does not implement either scheme. This document takes particular care to ensure that messages interact reasonably well with Legacy MUAs.

1.1. Two Schemes of Header Protection

This document addresses two different schemes for cryptographically protecting e-mail Header Sections or fields and provides guidance to implementers. One scheme ("Injected Headers") is more interoperable with Legacy MUAs and is mandatory to implement and interpret. The other, older scheme ("Wrapped Message") is described here to enable interpretation of archived messages.

The older scheme was first specified in S/MIME 3.1 ([RFC8551]), and involves wrapping a message/rfc822 or message/global MIME object with a Cryptographic Envelope around the message to protect. This document calls this scheme "Wrapped Message", and it updates the scheme described in that document, effectively replacing the final two paragraphs of Section 3.1 of [RFC8551]. However, experience has shown that even the updated "Wrapped Message" form does not interact well with some Legacy MUAs (see Section 1.2).

The more interoperable "Injected Headers" scheme of Header Protection is introduced in this document, and is preferred over the "Wrapped Message" scheme. In the "Injected Headers" scheme, the protected Header Fields are placed directly on the Cryptographic Payload without using an intervening message/* MIME object. See Section 6.2 and Section 5.5 for more details.

1.2. Problems with Wrapped Messages

Several Legacy MUAs have revealed rendering issues when dealing with a message that uses the Wrapped Message Header Protection scheme.

In some cases, some mail user agents cannot render message/rfc822 message subparts at all, in violation of baseline MIME requirements as described on page 5 of [RFC2049]. This leaves all Wrapped Messages unreadable by any recipient using such an MUA.

In other cases, the user sees an attachment suggesting a forwarded e-mail message, which -- in fact -- contains the protected e-mail message that should be rendered directly. In most of these cases, the user can click on the attachment to view the protected message.

However, viewing the protected message as an attachment in isolation may strip it of any security indications, leaving the user unable to assess the cryptographic properties of the message. Worse, for encrypted messages, interacting with the protected message in isolation may leak contents of the cleartext, for example, if the reply is not also encrypted.

1.3. Problems with Injected Headers

A Legacy MUA dealing with an encrypted message that has some Header Fields obscured using the Injected Headers scheme will not render the obscured Header Fields to the user at all. A workaround "Legacy Display" mechanism is provided in this document, which most Legacy MUAs should render to the user, albeit not in the same location that the Header Fields would normally be rendered.

1.4. Motivation

Users generally do not understand the distinction between message body and message header. When an e-mail message has cryptographic protections that cover the message body, but not the Header Fields, several attacks become possible.

For example, a Legacy Signed Message has a signature that covers the body but not the Header Fields. An attacker can therefore modify the Header Fields (including the Subject header) without invalidating the signature. Since most readers consider a message body in the context of the message's Subject header, the meaning of the message itself could change drastically (under the attacker's control) while still retaining the same cryptographic indicators of integrity and authenticity.

In another example, a Legacy Encrypted Message has its body effectively hidden from an adversary that snoops on the message. But if the Header Fields are not also encrypted, significant information about the message (such as the message Subject) will leak to the inspecting adversary.

However, if the sending and receiving MUAs ensure that cryptographic protections cover the message Header Section as well as the message body, these attacks are defeated.

1.4.1. Backward Compatibility

If the sending MUA is unwilling to generate such a fully protected message due to the potential for rendering, usability, deliverability, or security issues, these defenses cannot be realized.

The sender cannot know what MUA (or MUAs) the recipient will use to handle the message. Thus, an outbound message format that is backward compatible with as many legacy implementations as possible is a more effective vehicle for providing the whole-message cryptographic protections described above.

This document aims for backward compatibility with Legacy MUAs to the extent possible. In some cases, like when a user-visible header like the Subject is cryptographically hidden, a Legacy MUA will not be able to render or reply to the message exactly same way as a conformant MUA would. But accommodations are described here that ensure a rough semantic equivalence for Legacy MUA even in these cases.

1.4.2. Deliverability

A message with perfect cryptographic protections that cannot be delivered is less useful than a message with imperfect cryptographic protections that can be delivered. Senders want their messages to reach the intended recipients.

Given the current state of the Internet mail ecosystem, encrypted messages in particular cannot shield all of their Header Fields from visibility and still be guaranteed delivery to their intended recipient.

This document accounts for this concern by providing a mechanism (Section 3) that prioritizes initial deliverability (at the cost of some header leakage) while facilitating future message variants that shield more header metadata from casual inspection.

1.5. Other Protocols to Protect E-Mail Header Fields

A separate pair of protocols also provides some cryptographic protection for the e-mail message header integrity: DomainKeys Identified Mail (DKIM) [RFC6376], as used in combination with Domain-based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. This pair of protocols provides a domain-based reputation mechanism that can be used to mitigate some forms of unsolicited e-mail (spam).

However, the DKIM+DMARC suite provides cryptographic protection at a different scope. DKIM+DMARC typically provide MTA-to-MTA protection, whereas this specification provides MUA-to-MUA protection. This is because DKIM+DMARC are typically applied to messages by (and interpreted by) MTAs, whereas the mechanisms in this document are typically applied and interpreted by MUAs.

Furthermore, the DKIM+DMARC suite only provides cryptographic integrity and authentication, not encryption. So cryptographic confidentiality is not available from that suite.

The DKIM+DMARC suite can be used on any message, including messages formed as described in this document. There should be no conflict between DKIM+DMARC and the specification here.

Though not strictly e-mail, similar protections have been in use on Usenet for signing and verification of message headers for years. See [PGPCONTROL] and [PGPVERIFY-FORMAT] for more details. Like DKIM, these Usenet control protections offer only integrity and authentication, not confidentiality.

1.6. Applicability to PGP/MIME

This document describes end-to-end cryptographic protections for e-mail messages in reference to S/MIME ([RFC8551]).

Comparable end-to-end cryptographic protections can also be provided by PGP/MIME ([RFC3156]).

The mechanisms in this document should be applicable in the PGP/MIME protections as well as S/MIME protections, but analysis and implementation in this document focuses on S/MIME.

To the extent that any divergence from the mechanism described here is necessary for PGP/MIME, that divergence is out of scope for this document.

1.7. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

The key words "SPECIFICATION REQUIRED" and "IETF REVIEW" that appear in this document when used to describe namespace allocation are to be interpreted as described in [RFC8126].

1.8. Terms

The following terms are defined for the scope of this document:

  • S/MIME: Secure/Multipurpose Internet Mail Extensions (see [RFC8551])

  • PGP/MIME: MIME Security with OpenPGP (see [RFC3156])

  • Message: An E-Mail Message consisting of Header Fields (collectively called "the Header Section of the message") followed, optionally, by a Body; see [RFC5322].

    Note: To avoid ambiguity, this document avoids using the terms "Header" or "Headers" in isolation, but instead always uses "Header Field" to refer to the individual field and "Header Section" to refer to the entire collection.

  • Header Field: A Header Field includes a field name, followed by a colon (":"), followed by a field body (value), and terminated by CRLF; see Section 2.2 of [RFC5322] for more details.

  • Header Section: The Header Section is a sequence of lines of characters with special syntax as defined in [RFC5322]. The Header Section of a Message contains the Header Fields associated with the Message itself. The Header Section of a MIME part (that is, a subpart of a message) typically contains Header Fields associated with that particular MIME part.

  • Body: The Body is the part of a Message that follows the Header Section and is separated from the Header Section by an empty line (i.e., a line with nothing preceding the CRLF); see [RFC5322]. It is the (bottom) section of a Message containing the payload of a Message. Typically, the Body consists of a (possibly multipart) MIME [RFC2045] construct.

  • Header Protection (HP): cryptographic protection of e-mail Header Sections (or parts of it) by means of signatures and/or encryption.

  • Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Cryptographic Summary, Structural Header Fields, Main Body Part, User-Facing Header Fields, and MUA are all used as defined in [I-D.ietf-lamps-e2e-mail-guidance]

  • Legacy MUA: an MUA that does not understand Header Protection as described in this document. A Legacy Non-Crypto MUA is incapable of doing any end-to-end cryptographic operations. A Legacy Crypto MUA is capable of doing cryptographic operations, but does not understand or generate messages with Header Protection.

  • Legacy Signed Message: an e-mail message that was signed by a Legacy MUA, and therefore has no cryptographic authenticity or integrity protections on its Header Fields.

  • Legacy Encrypted Message: an e-mail message that was signed and encrypted by a Legacy MUA, and therefore has no cryptographic authenticity, integrity, or confidentiality protections on any of its Header Fields.

  • Wrapped Message: The Header Protection scheme that uses the mechanism described in [RFC8551], where the Cryptographic Payload is a message/rfc822 or message/global MIME object, augmented with a Content-Type parameter to indicate that this is the explicit intent. (see Section 4.2).

  • Injected Headers: The Header Protection scheme that uses the mechanism described in this document (see Section 4.1), where the protected Header Fields are inserted on the Cryptographic Payload directly.

  • Header Confidentiality Policy (HCP): a functional specification of which Header Fields should be removed or obscured when composing an encrypted message with Header Protection. An HCP is considered more "conservative" when it removes or obscures fewer Header Fields. When it removes or obscures more Header fields, it is more "ambitious". See Section 3.

  • Ordinary User: a user of an MUA who follows a simple and minimal experience, focused on sending and receiving e-mails. A user who opts into advanced configuration, expert mode, or the like is not an "Ordinary User".

1.9. Document Scope

This document describes sensible, simple behavior for a program that generates an e-mail message with standard end-to-end cryptographic protections, following the guidance in [I-D.ietf-lamps-e2e-mail-guidance]. An implementation conformant to this document will produce messages that have cryptographic protection that covers the message's Header Fields as well as its body.

1.9.1. In Scope

This document also describes sensible, simple behavior for a program that interprets such a message, in a way that can take advantage of these protections covering the Header Fields as well as the body.

The message generation guidance aims to minimize negative interactions with any Legacy receiving MUA while providing actionable cryptographic properties for modern receiving clients.

In particular, this document focuses on two standard types of cryptographic protection that cover the entire message:

  • A cleartext message with a single signature, and

  • An encrypted message that contains a single cryptographic signature.

1.9.2. Out of Scope

The message composition guidance in this document (in Section 6.2) aims to provide minimal disruption for any Legacy MUA that receives such a message. However, a Legacy MUA by definition does not implement any of the guidance here. Therefore, the document does not attempt to provide guidance for Legacy MUAs directly.

Furthermore, this document does not explicitly contemplate other variants of cryptographic message protections, including any of these:

  • Encrypted-only message (Without a cryptographic signature. See Section 5.3 of [I-D.ietf-lamps-e2e-mail-guidance].)

  • Triple-wrapped message

  • Signed message with multiple signatures

  • Encrypted message with a cryptographic signature outside the encryption.

All such messages are out of scope of this document.

1.10. Example

This section gives an overview by providing an example of how MIME messages with Header Protection look like. For brevity, only the Injected Headers scheme is shown.

Consider the following MIME message:

A └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
B  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
C   └┬╴multipart/alternative; hp="cipher"
D    ├─╴text/plain; hp-legacy-display="1"
E    └─╴text/html; hp-legacy-display="1"

Observe that:

  • Node A and B are collectively called the Cryptographic Envelope. Node C (including its sub-nodes D and E) is called the Cryptographic Payload ([I-D.ietf-lamps-e2e-mail-guidance]).

  • Node A contains the traditional unprotected ("outer") Header Fields. Node C contains the protected ("inner") Header Fields.

  • The presence of the hp attribute (see Section 2.1.1) on the Content-Type of node C allows the receiver to know that the sender applied Header Protection. Its value allows the receiver to distinguish whether the sender intended for the message to be confidential (hp="cipher") or not (hp="clear"), since encryption may have been added in transit (see Section 11.1).

The "outer" Header Section on node A looks as follows:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: application/pkcs7-mime; smime-type="enveloped-data"
MIME-Version: 1.0

The "inner" Header Section on node C looks as follows:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Keywords: Contract, Urgent
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: multipart/alternative; hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500
HP-Outer: From: Bob <bob@example.net>
HP-Outer: To: Alice <alice@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <20230111T210843Z.1234@lhp.example>

Observe that:

  • Between node C and node A, some Header Fields are copied as-is (Date, From, To, Message-ID), some are obscured (Subject), and some are removed (Keywords).

  • The HP-Outer Header Fields (see Section 2.2) of node C contain a protected copy of the Header Fields in node A. The copy allows the receiver to recompute for which Header Fields the sender provided confidentiality by removing or obscuring them.

  • The copying/removing/obscuring and the HP-Outer only apply to Non-Structural Header Fields, not to Structural Header Fields like Content-Type or MIME-Version (see Section 1.1 of [I-D.ietf-lamps-e2e-mail-guidance]).

  • If the sender intends no confidentiality and doesn't encrypt the message, it doesn't remove or obscure Header Fields. All Non-Structural Header Fields are copied as-is. No HP-Outer Header Fields are present.

Node D looks as follows:

Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";

Subject: Handling the Jones contract
Keywords: Contract, Urgent

Please review and approve or decline by Thursday, it's critical!

Thanks,
Bob

--
Bob Gonzalez
ACME, Inc.

Observe that:

  • The sender adds the removed and obscured User-Facing Header Fields (see Section 1.1.2 of [I-D.ietf-lamps-e2e-mail-guidance]) to the main body (note the empty line after the Content-Type). This is called the Legacy Display Element. It allows a user with a Legacy MUA which doesn't implement this document to understand the message, since the Header Fields will be shown as part of the main body.

  • The hp-legacy-display="1" attribute (see Section 2.1.3) indicates that the sender added a Legacy Display Element. This allows receivers that implement this document to recognise the Legacy Display Element and distinguish it from user-added content. The receiver then hides the Legacy Display Element and doesn't display it to the user.

  • The hp-legacy-display is added to the node to which it applies, not on any outer nodes (e.g., not to node C).

For more examples, see Appendix D and Appendix E.

2. Internet Message Format Extensions

This section begins describes relevant, backward-compatible extensions to the Internet Message Format ([RFC5322]). Subsequent sections offer concrete guidance for an MUA to make use of these mechanisms, including policy decisions and recommended pseudocode.

2.1. Content-Type parameters

This document introduces three parameters for the Content-Type Header Field, which have distinct semantics and use cases.

2.1.1. Content-Type parameter: hp

This specification defines a parameter for the Content-Type Header Field named hp (for Header Protection). This parameter is only relevant on the Content-Type Header Field at the root of the Cryptographic Payload. The presence of this parameter at the root of the Cryptographic Payload indicates that the sender intends for this message to have end-to-end cryptographic protections for the Header Fields.

The parameter's defined values describe the sender's cryptographic intent when producing the message:

Table 1: hp parameter for Content-Type Header Field
hp Value Authenticity Integrity Confidentiality Description
"clear" yes yes no This message has been signed by the sender with Header Protection
"cipher" yes yes yes This message has been signed by the sender, with Header Protection, and is encrypted to the recipients

A sending implementation MUST NOT produce a Cryptographic Payload with parameter hp="cipher" for an non-encrypted message (that is, where none of the Cryptographic Layers in the Cryptographic Envelope of the message provide encryption). Likewise, if a sending implementation is sending an encrypted message with Header Protection, it MUST emit an hp="cipher" parameter, regardless of which Header Fields were made confidential.

Note that hp="cipher" indicates that the message itself has been encrypted by the sender to the recipients, but makes no assertions about which Header Fields have been removed or obscured. This can be derived from the Cryptographic Payload itself (see Section 5.2).

A receiving implementation MUST NOT mistake the presence of an hp="cipher" parameter in the Cryptographic Payload for the actual presence of a Cryptographic Layer that provides encryption.

2.1.2. Content-Type parameter: hp-scheme

This document recommends the Injected Headers scheme, and the presence of the hp= parameter in the Content-Type of the Cryptographic Payload implies the use of that scheme by default. If the message does Header Protection using the Wrapped Message scheme, it MUST also add an hp-scheme="wrapped" parameter to the Content-Type of the Cryptographic Payload.

Table 2: hp-scheme parameter for Content-Type Header Field
hp-scheme Value Header Protection Scheme Used
(no hp-scheme parameter present) Injected Headers
"wrapped" Wrapped Message

See Section 5.1 for how to identify a message that uses the Wrapped Message scheme. See Section 5.6 for how to render a message that uses the Wrapped Message scheme. See Section 6.3 for how to generate a message using the Wrapped Message scheme.

2.1.3. Content-Type parameter: hp-legacy-display

This specification also defines an hp-legacy-display parameter for the Content-Type Header Field. The only defined value for this parameter is 1.

This parameter is only relevant on a leaf MIME node of Content-Type text/html or text/plain within a well-formed message with end-to-end cryptographic protections. Its presence indicates that the MIME node it is attached to contains a decorative "Legacy Display Element". The Legacy Display Element itself is used for backward-compatible visibility of any removed or obscured User-Facing Header Field in a Legacy MUA.

Such a Legacy Display Element need not be rendered to the user of an MUA that implements this specification, because the MUA already knows the correct Header Field information, and can render it to the user in the appropriate part of the MUA's user interface rather than in the body of the message.

See Section 6.2.2 for how to insert a Legacy Display Element into a text/plain Main Body Part. See Section 6.2.3 for how to insert a Legacy Display Element into a text/html Main Body Part. See Section 5.5.3 for how to avoid rendering a Legacy Display Element.

2.2. The HP-Outer Header Field

This document also specifies a new Header Field: HP-Outer.

This Header Field is used only in the Header Section of the Cryptographic Payload of an encrypted message. It is not relevant for signed-only messages. It documents, with the same cryptographic guarantees shared by the rest of the message, the sender's choices about Header Field confidentiality. It does so by embedding a copy within the Cryptographic Envelope of every non-structural Header Field that the sender put outside the Cryptographic Envelope. This Header Field enables the MUA receiving the encrypted message to reliably identify whether the sending MUA intended to make a Header Field confidential (see Section 12.3).

The HP-Outer Header Fields in a message's Cryptographic Payload are useful for ensuring that any confidential Header Field will not be automatically leaked in the clear if the user replies to or forwards the message. They may also be useful for an MUA that indicates the confidentiality status of any given Header Field to the user.

An implementation that composes encrypted e-mail MUST include a copy of all non-structural Header Fields deliberately exposed to the outside of the Cryptographic Envelope using a series of HP-Outer Header Fields within the Cryptographic Payload. These HP-Outer MIME Header Fields should only ever appear directly within the Header Section of the Cryptographic Payload of a Cryptographic Envelope offering confidentiality. They MUST be ignored for the purposes of evaluating the message's Header Protection if they appear in other places.

Each instance of HP-Outer contains a non-structural Header Field name and the value that this Header Field was set in the outer (unprotected) Header Section. The HP-Outer Header Field can appear multiple times in the Header Section of a Cryptographic Payload.

If a non-structural Header Field name A doesn't appear in an HP-Outer Header Field value, then the sender is effectively asserting it was not set on the outside of the message's Cryptographic Envelope by the original message sender at the time the message was injected into the mail system.

See Section 6.2 and Section 6.3 for how to insert HP-Outer Header Fields into an encrypted message. See Section 5.3 for how to determine the end-to-end confidentiality of a given Header Field from an encrypted message with Header Protection using HP-Outer. See Section 5.4 for how an MUA can safely reply to (or forward) an encrypted message without leaking confidential Header Fields by default.

2.2.1. HP-Outer Header Field Definition

The syntax of this Header Field is defined using the following ABNF [RFC5234], where field-name, WSP, VCHAR, and FWS are defined in [RFC5322]:

hp-outer     =   "HP-Outer:" [FWS] field-name ": "
                    hp-outer-value CRLF

hp-outer-value  =   (*([FWS] VCHAR) *WSP)

Note that hp-outer-value is the same as unstructured from [RFC5322], but without the obsolete obs-unstructured option.

3. Header Confidentiality Policy

An MUA composing an encrypted message according to this specification may make any given Header Field confidential by removing it from Header Section outside the Cryptographic Envelope, or by obscuring it by rewriting it to a different value in that outer Header Section. The composing MUA faces a choice for any new message: which Header Fields should be made confidential, and how?

This section defines the "Header Confidentiality Policy" (or HCP) as a well-defined abstraction to encourage MUA developers to consider, document, and share reasonable policies across the community. It establishes a registry of known HCPs, defines a small number of simple HCPs in that registry, and makes a recommendation for a reasonable default.

Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality). No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all Header Fields known by the sender have these protections.

This asymmetry is a consequence of complexities in existing message delivery systems, some of which may reject, drop, or delay messages where all Header Fields are removed from the top-level MIME object.

Note that no representation of the HCP itself ever appears "on the wire". However, the consumer of the encrypted message can see the decisions that were made by the sender's HCP via the HP-Outer Header Fields (see Section 2.2).

3.1. HCP Definition

In this document, we represent that Header Confidentiality Policy as a function hcp:

  • hcp(name, val_in) → val_out: this function takes a non-structural Header Field identified by name with initial value val_in as arguments, and returns a replacement header value val_out. If val_out is the special value null, it means that the Header Field in question should be removed from the set of Header Fields visible outside the Cryptographic Envelope.

In the pseudocode descriptions of various choices of HCP in this document, any comparison with the name input is done case-insensitively. This is appropriate for Header Field names, as described in [RFC5322].

Note that hcp is only applied to non-structural Header Fields. When composing a message, Structural Header Fields are dealt with separately, as described in Section 6.2 and Section 6.3.

As an example, an MUA that obscures the Subject Header Field by replacing it with the literal string "[...]", hides all Cc'ed recipients, and does not offer confidentiality to any other Header Fields would be represented as (in pseudocode):

hcp_example_hide_cc(name, val_in) → val_out:
    if lower(name) is 'subject':
        return '[...]'
    else if lower(name) is 'cc':
        return null
    else:
        return val_in

For alignment with common practice as well as the ABNF in Section 2.2.1 for HP-Outer, val_out MUST be one of the following:

  • identical to val_in, or

  • the special value null (meaning that the Header Field will be removed from the outside of the message), or

  • a sequence of printable and whitespace (that is, space or tab) 7-bit clean ASCII characters (of course, non-ASCII text can be encoded as ASCII using the encoded-word construct from [RFC2047])

The HCP can compute val_out using any technique describable in pseudocode, such as copying a fixed string or invocations of other pseudocode functions. If it alters the value, it MUST NOT include control or NUL characters in val_out. val_out SHOULD match the expected ABNF for the Header Field identified by name.

3.2. Initial Registered HCPs

This document formally defines three Header Confidentiality Policies with known and reasonably well-understood characteristics as a way to compare and contrast different possible behavioral choices for a composing MUA. These definitions are not meant to preclude the creation of other HCPs.

(The example hypothetical HCP described in Section 3.1 above, hcp_example_hide_cc, is deliberately not formally registered, as it has not been evaluated in practice.)

3.2.1. Baseline Header Confidentiality Policy

The most conservative recommended Header Confidentiality Policy only provides confidentiality for Informational Fields, as defined in Section 3.6.5 of [RFC5322]. These fields are "only human-readable content" and thus their content should not be relevant to transport agents. Since most Internet messages today do have a Subject Header Field, and some filtering engines might object to a message without a Subject, this policy is conservative and merely obscures that Header Field by replacing it with a fixed string [...]. By contrast, Comments and Keywords are comparatively rare, so these fields are removed entirely from the Outer Header Section.

hcp_baseline(name, val_in) → val_out:
    if lower(name) is 'subject':
        return '[...]'
    else if lower(name) is in ['comments', 'keywords']:
        return null
    else:
        return val_in

hcp_baseline is the recommended default HCP for a new implementation, as it provides meaningful confidentiality protections and is unlikely to cause deliverability or usability problems.

3.2.2. Strong Header Confidentiality Policy

Alternately, a more ambitious (and therefore more privacy-preserving) Header Confidentiality Policy only leaks a handful of fields whose absence is known to increase rates of delivery failure:

hcp_strong(name, val_in) → val_out:
    if lower(name) in ['from', 'to', 'cc', 'date', 'message-id']:
        return val_in
    else if lower(name) is 'subject':
        return '[...]'
    else:
        return null

hcp_strong is known to cause usability problems with message threading for many Legacy MUAs (as it removes References and In-Reply-To header fields), and is not recommended as a default HCP for new implementations.

3.2.3. No Header Confidentiality Policy

Legacy MUAs can be conceptualized as offering a "No Header Confidentiality" Policy, which offers no confidentiality protection to any Header Field:

hcp_no_confidentiality(name, val_in) → val_out:
    return val_in

A conformant MUA that is not modified by local policy or configuration MUST NOT use hcp_no_confidentiality by default.

3.3. Default Header Confidentiality Policy

An MUA MUST have a default Header Confidentiality Policy that offers confidentiality for the Subject Header Field at least. Local policy and configuration may alter this default, but the MUA SHOULD NOT require the user to select an HCP.

hcp_baseline provides confidentiality for the Subject Header Field by replacing it with the literal string "[...]". It also provides confidentiality for the other less common Informational Header Fields (Comments and Keywords) by removing them entirely from the outer Header Section. This is a sensible default because most users treat the Informational Fields of a message (particularly the Subject) the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible.

3.4. HCP Evolution

This document does not mandate any particular Header Confidentiality Policy, though it offers guidance for MUA implementers in selecting one in Section 3.3. Future documents may recommend or mandate such a policy for an MUA with specific needs. Such a recommendation might be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling mechanisms, but these topics are out of scope for this document.

3.4.1. Offering More Ambitious Header Confidentiality

An MUA MAY offer even more ambitious confidentiality for Header Fields of an encrypted message than described in Section 3.2.2. For example, it might implement an HCP that partially obscures the From Header Field by removing the [RFC5322] display-name, removes the Cc Header Field entirely, or ensures Date is represented in UTC (obscuring the local time zone).

The authors of this document hope that implementers with deployment experience will document their chosen Header Confidentiality Policy and the rationale behind their choice.

3.4.2. Expert Guidance for Registering Header Confidentiality Policies

There is no formal syntax specified for the Header Confidentiality Policy, but any attempt to specify an HCP for inclusion in the registry needs to provide:

  • a stable reference document clearly indicating the distinct name for the proposed HCP

  • pseudocode that other implementers can clearly and unambiguously interpret

  • a clear explanation of why this HCP is different from all other registered HCPs

  • any relevant considerations related to deployment of the HCP (for example, known or expected deliverability, rendering, or privacy challenges and possible mitigations)

When the proposed HCP produces any non-null output for a given Header Field name, val_out SHOULD match the expected ABNF for that Header Field. If the proposed HCP does not match the expected ABNF for that Header Field, the documentation should explicitly identify the relevant circumstances and provide a justification for the deviation.

An entry should not be marked as "Recommended" unless it has been shown to offer confidentiality or privacy improvements over the status quo and have minimal or mitigatable negative impact on messages to which it is applied, considering factors such as message deliverability and security. Only one entry in the table (hcp_baseline) is initially marked as "Recommended". In the future, more than one entry may be marked as "Recommended".

4. Two Header Protection Schemes

As mentioned in Section 1.1, this document describes two ways to provide end-to-end cryptographic protection for an e-mail message that includes all Header Fields known to the sender at message composition time.

When composing a message with end-to-end cryptographic protections, an MUA SHOULD apply Header Protection. A sending MUA MUST be able to generate the Injected Headers scheme (Section 6.2), and MAY generate the Wrapped Message scheme (Section 6.3). The MUA implementer can choose between the two schemes (see Section 10.3).

A compatible MUA SHOULD use Injected Headers when composing a new message with end-to-end cryptographic protections, since a message structured with Injected Headers is more likely to be usable by both legacy and compatible MUAs.

A receiving MUA MUST be able to handle both Header Protection schemes, as described in Section 5.

4.1. Injected Headers Scheme

A message that uses the Injected Headers scheme has protected Header Fields in the Header Section of the Cryptographic Payload.

For an encrypted message that has at least one User-Facing Header Field (see Section 1.1.2 of [I-D.ietf-lamps-e2e-mail-guidance]) removed or obscured outside of the Cryptographic Payload, those Header Fields MAY be duplicated into decorative copies in the Main Body MIME part of the Cryptographic Payload itself. These decorative copies within the message are known as "Legacy Display Elements".

Such a Legacy Display Element enables users of a Legacy receiving MUA -- that doesn't yet understand how to interpret or display the Injected Headers scheme -- to view the removed/obscured Header Fields. See Section 9.1 for more details about how the ecosystem could shift so that a sending MUA could avoid the need to generate any Legacy Display Element.

Composing a message with the Injected Headers scheme is described in Section 6.2. Rendering such a message is described in Section 5.5. Example message composition and reply can be seen in Appendix D. Example message rendering which strips Legacy Display Elements can be seen in Appendix E.

4.2. Wrapped Message Scheme

A message that uses the Wrapped Message scheme has a Cryptographic Payload of a single message/rfc822 (or message/global) MIME object, which itself contains the original message (including the protected Header Section).

The Wrapped Message Header Protection scheme is very similar to that described in Section 3.1 of [RFC8551]. The main augmentations this document provides to that scheme are:

  • an explicit discussion of how to obscure or remove Header Fields,

  • an additional hp="clear" or hp="cipher" parameter to the Content-Type Header Field of the Cryptographic Payload to indicate the explicit intent,

  • an additional hp-scheme="wrapped" parameter to the same Content-Type Header Field to indicate the specific scheme in use,

  • a recommendation to mark such a Wrapped Message as "Content-Disposition: inline" to encourage Legacy MUAs to render the inner message directly rather than treating it as an attachment, and

  • a mechanism the recipient of an encrypted message can use to explicitly derive what Header Fields were removed or obscured by the sender (the HP-Outer mechanism).

Composing a message with the Wrapped Message scheme is described in Section 6.3. Rendering such a message is described in Section 5.6.

5. Receiving Guidance

An MUA that receives a cryptographically protected e-mail will render it for the user.

The receiving MUA will render the message body, a selected subset of Header Fields, and (as described in Section 3 of [I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the cryptographic properties of the message.

Most MUAs only render a subset of Header Fields by default. For example, most MUAs render From, To, Cc, Date, and Subject to the user, but few render Message-Id or Received.

An MUA that knows how to handle a message with Header Protection makes the following three changes to its behavior when rendering a message:

Note that an MUA that handles a message with Header Protection does not need to render any new Header Fields that it did not render before.

5.1. Identifying that a Message has Header Protection

An incoming message can be identified as having Header Protection based on one of two signals:

  • The Cryptographic Payload has Content-Type: message/rfc822 or Content-Type: message/global and the parameter hp has a value of clear or cipher, and the hp-scheme has a value of wrapped. See Section 5.6 for rendering guidance.

  • The Cryptographic Payload has some other Content-Type and it has parameter hp set to clear or cipher. See Section 5.5 for rendering guidance.

Messages of both types exist in the wild, and a compliant MUA MUST be able to handle them both. They provide the same semantics and the same meaning.

When consuming a message, an MUA MUST ignore the hp parameter to Content-Type when it encounters it anywhere other than the root of the message's Cryptographic Payload.

5.2. Extracting Protected and Unprotected ("Outer") Header Fields

When a message is encrypted and it uses Header Protection, an MUA may need to extract a list of protected Header Fields (names and values), as well as a list of Header Fields that were added by the original message sender in unprotected form to the outside of the message's Cryptographic Envelope.

The following algorithm takes an reference message refmsg as input, which is encrypted with Header Protection as described in this document (that is, the Cryptographic Envelope includes a Cryptographic Layer that provides encryption, and the hp parameter for the Content-Type Header Field of the Cryptographic Payload is cipher). It produces as output a pair of lists of (h,v) Header Fields.

5.2.1. HeaderSetsFromMessage

Method Signature:

HeaderSetsFromMessage(refmsg) → (refouter, refprotected)

Procedure:

  1. When refmsg uses the Injected Headers scheme (that is, when there is no hp-scheme parameter for the Content-Type Header Field of the Cryptographic Payload):

    1. Let refheaders be the list of (h,v) protected Header Fields found in the root of the Cryptographic Payload

  2. When refmsg uses the Wrapped Message scheme (that is, when the hp-scheme parameter for the Content-Type Header Field of the top-level message/rfc822 Cryptographic Payload is wrapped):

    1. Let refheaders be the list of (h,v) protected Header Fields found in the immediate child of the root of the Cryptographic Payload (recall that the root is a message/rfc822)

  3. Let refouter be an empty list of Header Field names and values

  4. Let refprotected be an empty list of Header Field names and values

  5. For each (h,v) in refheaders:

    1. If h is HP-Outer:

      1. Split v into (h1,v1) on the first colon (:) followed by any amount of whitespace.

      2. Append (h1,v1) to refouter

    2. Else:

      1. Append (h,v) to refprotected

  6. Return refouter, refprotected

Note that this algorithm is independent of the unprotected Header Fields. It derives its output only from the normal Header Fields and the HP-Outer Header Fields, both contained inside the Cryptographic Payload.

5.3. Updating the Cryptographic Summary

Regardless of whether a cryptographically protected message has protected Header Fields, the Cryptographic Summary of the message should be modified to indicate what protections the Header Fields have. This field-by-field status is complex and isn't necessarily intended to be presented in full to the user. Rather, it represents the state of the message internally within the MUA, and may be used to influence behavior like replying to the message (see Section 7.1).

Each Header Field individually has exactly one of the following protection states:

  • unprotected (has no Header Protection)

  • signed-only (bound into the same validated signature as the enclosing message, but also visible in transit)

  • encrypted-only (only appears within the Cryptographic Payload; the corresponding external Header Field was either removed or obscured)

  • signed-and-encrypted (same as encrypted-only, but additionally is under a validated signature)

If the message does not have Header Protection (as determined by Section 5.1), then all of the Header Fields are by definition unprotected.

If the message has Header Protection, an MUA SHOULD use the following algorithm to compute the protection state of a protected Header Field (h,v) (i.e., an element of refprotected from Section 5.2):

5.3.1. HeaderFieldProtection

Method signature:

HeaderFieldProtection(msg, h, v) → protection_state

Procedure:

  1. Let ct be the Content-Type of the root of the Cryptographic Payload of msg.

  2. Compute (refouter, refprotected) from HeaderSetsFromMessage(msg).

  3. If (h, v) is not in refprotected):

    1. Abort, v is not a valid value for header h

  4. Let is_sig_valid be false

  5. If the message is signed:

    1. Let is_sig_valid be the result of validating the signature

  6. If the message is encrypted, and if ct has a parameter hp="cipher", and if (h,v) is not in refouter:

    1. Return signed-and-encrypted if is_sig_valid otherwise encrypted-only

  7. Return signed-only if is_sig_valid otherwise unprotected

Note that:

  • This algorithm is independent of the unprotected Header Fields. It derives the protection state only from (h,v) and the set of HP-Outer Header Fields, both of which are inside the Cryptographic Envelope.

  • If the signature fails validation, the MUA lowers the affected state to unprotected or encrypted-only without warning the user, as specified by Section 3.1 of [I-D.ietf-lamps-e2e-mail-guidance].

  • Data from signed-and-encrypted and encrypted-only Header Fields may still not be fully private (see Section 12.2).

  • Encryption may have been added in transit to an originally signed-only message. Thus only consider Header Fields to be confidential if the sender indicates it with the hp="cipher" parameter.

  • The protection state of a Header Field may be weaker than that of the message body. For example, a message body can be signed-and-encrypted, but a Header Field that is copied unmodified to the unprotected Header Section is signed-only.

If the message has Header Protection, Header Fields that are not in refprotected (e.g., because they were added in transit), are unprotected.

Rendering the cryptographic status of each Header Field is likely to be complex and messy --- users may not understand it. It is beyond the scope of this document to suggest any specific graphical affordances or user experience. Future work should include examples of successful rendering of this information.

5.4. Header Confidentiality for Referenced Encrypted Messages (Replies, Forwarding)

An MUA might create a new message in response to another message. For example, the user of an MUA viewing any given message might take an action like "Reply", "Reply All", "Forward", or some comparable action to start the composition of a new message. The new message created this way effectively references the original message that was viewed at the time.

When the referenced message was itself encrypted with Header Protection, and some of its Header Fields had been obscured or removed, the replying MUA needs to make sure that the new message does not leak previously confidential header material. This section describes a method to produce a list of Header Fields that should be obscured or removed in the new message even if the sender's choice of Header Confidentiality Policy wouldn't normally remove or obscure the Header Field in question.

It takes two items as input:

  • A single referenced message refmsg, and

  • A built-in MUA function respond associated with the user's action. respond takes as input a list of headers from a referenced message and generates a list of initial candidate message Header Field names and values that are used to populate the message composition interface. Something like this function already exists in most MUAs, though it may differ across responsive actions. For example, the respond function that implements "Reply All" is likely to be a different from the respond that implements "Reply".

As output, we produce an ephemeral single-use Header Confidentiality Policy, specific to this kind of response to this specific message.

5.4.1. ReferenceHCP

Method signature:

ReferenceHCP(refmsg, respond) → ephemeral_hcp

Procedure:

  1. If refmsg is not encrypted with Header Protection:

    1. Return hcp_no_confidentiality (there is no header confidentiality in the reference message that needs protection)

  2. Extract refouter, refprotected from refmsg as described in Section 5.2

  3. Let genprotected be a list of (h,v) pairs generated by respond(refprotected)

  4. Let genouter be a list of (h,v) pairs generated by respond(refouter)

  5. For each (h,v) in genprotected:

    1. If (h,v) is in genouter:

      1. Remove (h,v) from both genprotected and genouter (this Header Field does not need additional confidentiality)

  6. Let confmap be a mapping from a Header Field name and value (h,v) to either a string or the special value null (this mapping is initially empty)

  7. For each (h,v) remaining in genprotected:

    1. Set result to the special value null

    2. For each (h1,v1) in genouter:

      1. If h1 is h:

        1. Set result to v1

    3. Insert (h,v) -> result into confmap

  8. Return a new HCP from confmap that tests whether (name,val_in) are in confmap; if so, return confmap[(name,val_in)]; otherwise, return val_in

Note that the key idea here is to reuse the MUA's existing respond function. The algorithm simulates how the MUA would pre-populate a reply to two traditional messages whose Header Fields have the values refouter and refprotected respectively (independent of any cryptographic protections). Then it uses the difference to derive a one-time HCP. This HCP takes into account both the referenced message's sender's preferences and the derivations that can happen to Header Field values when responding. Note that while some of these derivations are straight forward (e.g., In-Reply-To is usually derived from Message-ID), others are non-trivial. For example, From may be derived from To, Cc, or from the MUA's local address preference (especially when the MUA received the referenced message via Bcc). Similarly, To may be derived from To, From, and/or Cc depending on the MUA implementation and depending on whether the user clicked "Reply", "Reply All", "Forward", or any other action that generates a response to a message. Reusing the MUA's existing respond function incorporates these nuances without requiring any extra configuration choices or additional maintenance burden.

5.5. Rendering a Message with Injected Headers

When the Cryptographic Payload does not have a Content-Type of message/rfc822 or message/global, and the parameter hp is set to clear or cipher, the values of the protected Header Fields are drawn from the Header Fields of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself.

5.5.1. Example Signed-only Message with Injected Headers

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

A └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
B  └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
C   ├─╴text/plain
D   └─╴text/html

The message body should be rendered the same way as this message:

B └┬╴multipart/alternative
C  ├─╴text/plain
D  └─╴text/html

The MUA should render Header Fields taken from part B.

Its Cryptographic Summary should indicate that the message was signed and all rendered Header Fields were included in the signature.

Because this message is signed-only, none of its parts will have a Legacy Display Element.

The MUA should ignore Header Fields from part A for the purposes of rendering.

5.5.2. Example Signed-and-Encrypted Message with Injected Headers

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

E └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
F  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
G   └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
H    ├─╴text/plain
I    └─╴text/html

The message body should be rendered the same way as this message:

G └┬╴multipart/alternative
H  ├─╴text/plain
I  └─╴text/html

It should render Header Fields taken from part G.

Its Cryptographic Summary should indicate that the message is signed-and-encrypted.

When rendering the Cryptographic Status of a Header Field and when composing a reply, each Header Field found in G should be considered against all HP-Outer Header Fields found in G. If an HP-Outer Header Field is found that matches both the name and value, the Header Field's Cryptographic Status is just signed-only, even though the message itself is signed-and-encrypted. If no matching HP-Outer Header Field is found, the Header Field's Cryptographic Status is signed-and-encrypted, like the rest of the message.

If any of the User-Facing Header Fields are removed or obscured, the composer of this message may have placed Legacy Display Elements in parts H and I.

The MUA should ignore Header Fields from part E for the purposes of rendering.

5.5.3. Do Not Render Legacy Display Elements

As described in Section 2.1.3, a message with cryptographic confidentiality protection MAY include Legacy Display Elements for backward-compatibility with Legacy MUAs. These Legacy Display Elements are strictly decorative, unambiguously identifiable, and will be discarded by compliant implementations.

The receiving MUA MUST avoid rendering the identified Legacy Display Elements to the user at all, since it is aware of Header Protection and can render the actual protected Header Fields.

If a text/html or text/plain part within the Cryptographic Envelope is identified as containing Legacy Display Elements, those elements MUST be hidden when rendering and MUST be dropped when generating a draft reply or inline forwarded message. Whenever a Message or MIME subtree is exported, downloaded, or otherwise further processed, if there is no need to retain a valid cryptographic signature, the implementer MAY drop the Legacy Display Elements.

5.5.3.1. Identifying a Part with Legacy Display Elements

A receiving MUA acting on a message that contains an encrypting Cryptographic Layer identifies a MIME subpart within the Cryptographic Payload as containing Legacy Display Elements based on the Content-Type of the subpart. The subpart's Content-Type:

Note that the term "subpart" above is used in the general sense: if the Cryptographic Payload is a single part, that part itself may contain a Legacy Display Element if it is marked with the hp-legacy-display=1 parameter.

5.5.3.2. Omitting Legacy Display Elements from text/plain

If a text/plain part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • Discard the leading lines of the body of the part up to and including the first entirely blank line.

Note that implementing this strategy is dependent on the charset used by the MIME part.

See Appendix E.1 for an example.

5.5.3.3. Omitting Legacy Display Elements from text/html

If a text/html part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • If any element of the HTML <body> is a <div> with class attribute header-protection-legacy-display, that entire element should be omitted.

This cleanup could be done, for example, as a custom rule in the MUA's HTML sanitizer, if one exists. Another implementation strategy for an HTML-capable MUA would be to add an entry to the [CSS] stylesheet for such a part:

body div.header-protection-legacy-display { display: none; }

5.6. Rendering a Wrapped Message

When the Cryptographic Payload has Content-Type of message/rfc822 or message/global, and the parameter hp is set to clear or cipher, and the parameter hp-scheme is set to wrapped, the values of the protected Header Fields are drawn from the Header Fields of the Cryptographic Payload, and the body that is rendered is the body of the Cryptographic Payload.

5.6.1. Example Signed-Only Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

J └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
K  └┬╴message/rfc822 [Cryptographic Payload]
L   └┬╴multipart/alternative [Rendered Body]
M    ├─╴text/plain
N    └─╴text/html

The message body should be rendered the same way as this message:

L └┬╴multipart/alternative
M  ├─╴text/plain
N  └─╴text/html

It should render Header Fields taken from part K.

Its Cryptographic Summary should indicate that the message was signed and all rendered Header Fields were included in the signature.

The MUA should ignore Header Fields from part J for the purposes of rendering.

5.6.2. Example Signed-and-Encrypted Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

O └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
P  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
Q   └┬╴message/rfc822 [Cryptographic Payload]
R    └┬╴multipart/alternative [Rendered Body]
S     ├─╴text/plain
T     └─╴text/html

The message body should be rendered the same way as this message:

R └┬╴multipart/alternative
S  ├─╴text/plain
T  └─╴text/html

It should render Header Fields taken from part Q.

Its Cryptographic Summary should indicate that the message is signed-and-encrypted.

When rendering the Cryptographic Status of a Header Field and when composing a reply, each Header Field found in Q should be considered against all HP-Outer Header Fields found in Q. If an HP-Outer Header Field is found that matches both the name and value, the Header Field's Cryptographic Status is just signed-only, even though the message itself is signed-and-encrypted. If no matching HP-Outer Header Field is found, the Header Field's Cryptographic Status is signed-and-encrypted, like the rest of the message.

The MUA should ignore Header Fields from part O for the purposes of rendering.

5.7. Implicitly rendered Header Fields

While From, To, Cc, Subject, and Date are often explicitly rendered to the user, some Header Fields do affect message display, without being explicitly rendered.

For example, Message-Id, References, and In-Reply-To Header Fields may collectively be used to place a message in a "thread" or series of messages.

In another example, Section 7.2 observes that the value of the Reply-To field can influence the draft reply message. So while the user may never see the Reply-To Header Field directly, it is implicitly "rendered" when the user interacts with the message by replying to it.

An MUA that depends on any implicitly rendered Header Field in a message with Header Protection MUST use the value from the protected Header Field, and SHOULD NOT use any value found outside the cryptographic protection unless it is known to be a Header Field added in transit, as specified in Section 8.

5.8. Handling Undecryptable Messages

An MUA might receive an apparently encrypted message that it cannot currently decrypt. For example, when an MUA does not have regular access to the secret key material needed for decryption, it cannot know the cryptographically protected Header Fields or even whether the message has any cryptographically protected Header Fields.

Such an undecrypted message will be rendered by the MUA as a message without any Header Protection. This means that the message summary may well change how it is rendered when the user is finally able to supply the secret key.

For example, the rendering of the Subject Header Field in a mailbox summary might change from [...] to the real message subject when the message is decrypted. Or the message's placement in a message thread might change if, say, References or In-Reply-To have been removed or obscured (see Section 5.7).

Additionally, if the MUA does not retain access to the decrypting secret key, and it drops the decrypted form of a message, the message's rendering may revert to the encrypted form. For example, if an MUA follows this behavior, the Subject Header Field in a mailbox summary might change from the real message subject back to [...]. Or the message might be yanked out of its current thread if the MUA loses access to a removed References or In-Reply-To header.

These behaviors are likely to surprise the user. However, an MUA has several possible ways of reducing or avoiding all of these surprises, including:

  • Ensuring that the MUA always has access to decryption-capable secret key material.

  • Rendering undecrypted messages in a special quarantine view until the decryption-capable secret key material is available.

To reduce or avoid the surprises associated with a decrypted message with removed or obscured Header Fields becoming undecryptable, the MUA could also:

  • Securely cache metadata from a decrypted message's protected Header Fields so that its rendering doesn't change after the first decryption.

  • Securely store the session key associated with a decrypted message, so that attempts to read the message when the long-term secret key are unavailable can proceed using only the session key itself. See, for example, the discussion about stashing session keys in Section 9.1 of [I-D.ietf-lamps-e2e-mail-guidance].

5.9. Guidance for Automated Message Handling

Some automated systems have a control channel that is operated by e-mail. For example, an incoming e-mail message could subscribe someone to a mailing list, initiate the purchase of a specific product, approve another message for redistribution, or adjust the state of some shared object.

To the extent that such a system depends on end-to-end cryptographic guarantees about the e-mail control message, Header Protection as described in this document should improve the system's security. This section provides some specific guidance for systems that use e-mail messages as a control channel that want to benefit from these security improvements.

5.9.1. Interpret Only Protected Header Fields

Consider the situation where an e-mail-based control channel depends on the message's cryptographic signature and the action taken depends on some Header Field of the message.

In this case, the automated system MUST rely on information from the Header Field that is protected by the mechanism described in this document. It MUST NOT rely on any Header Field found outside the Cryptographic Payload.

For example, consider an administrative interface for a mailing list manager that only accepts control messages that are signed by one of its administrators. When an inbound message for the list arrives, it is queued (waiting for administrative approval) and the system generates and listens for two distinct e-mail addresses related to the queued message -- one that approves the message, and one that rejects it. If an administrator sends a signed control message to the approval address, the mailing list verifies that the protected To Header Field of the signed control message contains the approval address before approving the queued message for redistribution. If the protected To Header Field does not contain that address, or there is no protected To Header Field, then the mailing list logs or reports the error and does not act on that control message.

5.9.2. Ignore Legacy Display Elements

Consider the situation where an e-mail-based control channel expects to receive an end-to-end encrypted message -- for example, where the control messages need confidentiality guarantees -- and where the action taken depends on the contents of some MIME part within the message body.

In this case, the automated system that decrypts the incoming messages and scans the relevant MIME part MUST identify when the MIME part contains a Legacy Display Element (see Section 5.5.3.1), and it MUST parse the relevant MIME part with the Legacy Display Element removed.

For example, consider an administrative interface of a confidential issue tracking software. An authorized user can confidentially adjust the status of a tracked issue by a specially formatted first line of the message body (for example, severity #183 serious). When the user's MUA encrypts a plain text control message to this issue tracker, depending on the MUA's HCP and its choice of legacy value, it may add a Legacy Display Element. If it does so, then the first line of the message body will contain a decorative copy of the confidential Subject Header Field. The issue tracking software decrypts the incoming control message, identifies that there is a Legacy Display Element in the part (see Section 5.5.3.1), strips the lines comprising the Legacy Display Element (including the first blank line), and only then parses the remaining top line to look for the expected special formatting.

5.10. Affordances for Debugging and Troubleshooting

Note that advanced users of an MUA may need access to the original message, for example to troubleshoot problems with the rendering MUA itself, or problems with the SMTP transport path taken by the message.

An MUA that applies these rendering guidelines SHOULD ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting.

If a troubleshooting scenario demands information about the cryptographically protected values of Header Fields, and the message is encrypted, the debugging interface SHOULD also provide a "source" view of the Cryptographic Payload itself, alongside the full original source of the message as received.

5.11. Rendering Other Schemes

Other MUAs may have generated different structures of messages that aim to offer end-to-end cryptographic protections that include Header Protection. This document is not normative for those schemes, and it is NOT RECOMMENDED to generate these other schemes, as they can either have structural flaws or simply render poorly on Legacy MUAs. A conformant MUA MAY attempt to infer Header Protection when rendering an existing message that appears to use some other scheme not documented here. Pointers to some known other schemes can be found in Appendix F.

6. Sending Guidance

This section describes the process an MUA should use to apply cryptographic protection to an e-mail message with Header Protection.

When composing a message with end-to-end cryptographic protections, an MUA SHOULD apply Header Protection.

When generating such a message, an MUA MUST add the hp parameter (see Section 2.1.1) only to the Content-Type Header Field at the root of the message's Cryptographic Payload. The value of the parameter MUST indicate whether the Cryptographic Envelope contains a layer that provides encryption.

6.1. Composing a Cryptographically Protected Message Without Header Protection

For contrast, we first consider the typical message composition process of a Legacy Crypto MUA which does not provide any Header Protection.

This process is described in Section 5.1 of [I-D.ietf-lamps-e2e-mail-guidance]. We replicate it here for reference. The inputs to the algorithm are:

  • origbody: the traditional unprotected message body as a well-formed MIME tree (possibly just a single MIME leaf part). As a well-formed MIME tree, origbody already has structural Header Fields (Content-*) present.

  • origheaders: the intended non-structural Header Fields for the message, represented here as a list of (h,v) pairs, where h is a Header Field name and v is the associated value. Note that these are Header Fields that the MUA intends to be visible to the recipient of the message. In particular, if the MUA uses the Bcc Header Field during composition, but plans to omit it from the message (see Section 3.6.3 of [RFC5322]), it will not be in origheaders.

  • crypto: The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y"). This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output.

The algorithm returns a MIME object that is ready to be injected into the mail system.

6.1.1. ComposeNoHeaderProtection

Method Signature:

ComposeNoHeaderProtection(origbody, origheaders, crypto) → mime_message

Procedure:

  1. Apply crypto to MIME part origbody, producing MIME tree output

  2. For each Header Field name and value (h,v) in origheaders:

    1. Add Header Field h to output with value v

  3. Return output

6.2. Composing with "Injected Headers" Header Protection

To compose a message using "Injected Headers" Header Protection, the composing MUA uses the following inputs:

  • All the inputs described in Section 6.1

  • hcp: a Header Confidentiality Policy, as defined in Section 3

  • response: if the new message is a response to another message (e.g., "Reply", "Reply All", "Forward", etc), the MUA function corresponding to the user's action (see Section 5.4), otherwise null

  • refmsg: if the new message is a response to another message, the message being responded to, otherwise null

  • legacy: a boolean value, indicating whether any recipient of the message is believed to have a Legacy MUA. If all recipients are known to implement this document, legacy should be set to false. (How an MUA determines the value of legacy is out of scope for this document; an initial implementation can simply set it to true)

To enable visibility of User-Facing but now removed/obscured Header Fields for decryption-capable Legacy MUAs, the Header Fields are included as a decorative Legacy Display Element in specially marked parts of the message (see Section 2.1.3). This document recommends two mechanisms for such a decorative adjustment: one for a text/html Main Body Part of the e-mail message, and one for a text/plain Main Body Part. This document does not recommend adding a Legacy Display Element to any other part.

Please see Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for guidance on identifying the parts of a message that are a Main Body Part.

6.2.1. ComposeInjectedHeaders

Method Signature:

ComposeInjectedHeaders(origbody, origheaders, crypto, hcp, response, refmsg, legacy) → mime_message

Procedure:

  1. Let newbody be a copy of origbody

  2. If crypto contains encryption, and legacy is true:

    1. Create ldlist, an empty list of (header, value) pairs

    2. For each Header Field name and value (h,v) in origheaders:

      1. If h is User-Facing (see Section 1.1.2 of [I-D.ietf-lamps-e2e-mail-guidance]):

        1. If hcp(h,v) is not v:

          1. Add (h,v) to ldlist

    3. If ldlist is not empty:

      1. Identify each leaf MIME part of newbody that represents the "main body" of the message.

      2. For each "Main Body Part" bodypart of type text/plain or text/html:

        1. Adjust bodypart by inserting a Legacy Display Element header list ldlist into its content, and adding a Content-Type parameter hp-legacy-display with value 1 (see Section 6.2.2 for text/plain and Section 6.2.3 for text/html)

  3. For each Header Field name and value (h,v) in origheaders:

    1. Add Header Field h to MIME part newbody with value v

  4. If crypto does not contain encryption:

    1. Set the hp parameter on the Content-Type of MIME part newbody to clear

    2. Let newheaders be a copy of origheaders

  5. Else (if crypto contains encryption):

    1. Set the hp parameter on the Content-Type of MIME part newbody to cipher

    2. If refmsg is not null, response is not null, and refmsg itself is encrypted with header protection:

      1. Let response_hcp be a single-use HCP derived from response and refmsg (see Section 5.4)

    3. Else (if this is not a response to an encrypted, header-protected message):

      1. Set response_hcp to hcp_no_confidentiality

    4. Create new empty list of Header Field names and values newheaders

    5. For each Header Field name and value (h,v) in origheaders:

      1. Let newval be hcp(h,v)

      2. If newval is v:

        1. Let newval be response_hcp(h,v)

      3. If newval is not null):

        1. Add (h,newval) to newheaders

    6. For each Header Field name and value (h,v) in newheaders:

      1. Let string record be the concatenation of h, a literal "" (ASCII colon (0x3A) followed by ASCII space (0x20)), and v

      2. Add Header Field "HP-Outer" to MIME part newbody with value record

  6. Apply crypto to MIME part newbody, producing MIME tree output

  7. For each Header Field name and value (h,v) in newheaders:

    1. Add Header Field h to output with value v

  8. Return output

Note that both new parameters (hcp and legacy) are effectively ignored if crypto does not contain encryption. This is by design, because they are irrelevant for signed-only cryptographic protections.

6.2.2. Adding a Legacy Display Element to a text/plain Part

For a list of obscured and removed User-Facing Header Fields represented as (header, value) pairs, concatenate them as a set of lines, with one newline at the end of each pair. Add an additional trailing newline after the resultant text, and prepend the entire list to the body of the text/plain part.

The MUA MUST also add a Content-Type parameter of hp-legacy-display with value 1 to the MIME part to indicate that a Legacy Display Element was added.

For example, if the list of obscured Header Fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/plain Main Body Part that originally looked like this:

Content-Type: text/plain; charset=UTF-8

I think we should skip the meeting.

Would become:

Content-Type: text/plain; charset=UTF-8; hp-legacy-display=1

Subject: Thursday's meeting
Cc: alice@example.net

I think we should skip the meeting.

Note that the Legacy Display Element (the lines beginning with Subject: and Cc:) are part of the body of the MIME part in question.

This example assumes that the Main Body Part in question is not the root of the Cryptographic Payload. For instance, it could be a leaf of a multipart/alternative Cryptographic Payload. This is why no additional Header Fields have been injected into the MIME part in this example.

6.2.3. Adding a Legacy Display Element to a text/html Part

Adding a Legacy Display Element to a text/html part is similar to how it is added to a text/plain part (see Section 6.2.2). Instead of adding the obscured or removed User-Facing Header Fields to a block of text delimited by a blank line, the composing MUA injects them in an HTML <div> element annotated with a class attribute of header-protection-legacy-display.

The content and formatting of this decorative <div> have no strict requirements, but they MUST represent all the obscured and removed User-Facing Header Fields in a readable fashion. A simple approach is to assemble the text in the same way as Section 6.2.2, wrap it in a verbatim <pre> element, and put that element in the annotated <div>.

The annotated <div> should be placed as close to the start of the <body> as possible, where it will be visible when viewed with a standard HTML renderer.

The MUA MUST also add a Content-Type parameter of hp-legacy-display with value 1 to the MIME part to indicate that a Legacy Display Element was added.

For example, if the list of obscured Header Fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/html Main Body Part that originally looked like this:

Content-Type: text/html; charset=UTF-8

<html><head><title></title></head><body>
<p>I think we should skip the meeting.</p>
</body></html>

Would become:

Content-Type: text/html; charset=UTF-8; hp-legacy-display=1

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p>
</body></html>

This example assumes that the Main Body Part in question is not the root of the Cryptographic Payload. For instance, it could be a leaf of a multipart/alternative Cryptographic Payload. This is why no additional Header Fields have been injected into the MIME part in this example.

6.2.3.1. Step-by-step Example for Inserting Legacy Display Element to text/html

A composing MUA MAY insert the Legacy Display Element anywhere reasonable within the message as long as it prioritizes visibility for the reader using a Legacy decryption-capable MUA. This decision may take into account special message-specific HTML formatting expectations if the MUA is aware of them. However, some MUAs may not have any special insight into the user's preferred HTML formatting, and still want to insert a Legacy Display Element. This section offers a non-normative, simple, and minimal step-by-step approach for a composing MUA that has no other information or preferences to fall back on.

The process below assumes that the MUA already has the full HTML object that it intends to send, including all of the text supplied by the user.

  1. Assemble the text exactly as specified for text/plain (see Section 6.2.2).

  2. Wrap that text in a verbatim <pre> element.

  3. Wrap that <pre> element in a <div> element annotated with the class header-protection-legacy-display.

  4. Find the <body> element of the full HTML object.

  5. Insert the <div> element as the first child of the <body> element.

6.2.4. Only Add a Legacy Display Element to Main Body Parts

Some messages may contain a text/plain or text/html subpart that is not a Main Body Part. For example, an e-mail message might contain an attached text file or a downloaded webpage. Attached documents need to be preserved as intended in the transmission, without modification.

The composing MUA MUST NOT add a Legacy Display Element to any part of the message that is not a Main Body Part. In particular, if a part is annotated with Content-Disposition: attachment, or if it does not descend via the first child of any of its multipart/mixed or multipart/related ancestors, it is not a Main Body Part, and MUST NOT be modified.

See Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for more guidance about common ways to distinguish Main Body Parts from other MIME parts in a message.

6.2.5. Do Not Add a Legacy Display Element to Other Content-Types

The purpose of injecting a Legacy Display Element into each Main Body MIME part is to enable rendering of otherwise obscured Header Fields in Legacy MUAs that are capable of message decryption, but don't know how to follow the rest of the guidance in this document.

The authors are unaware of any Legacy MUA that would render any MIME part type other than text/plain and text/html as the Main Body. A generating MUA SHOULD NOT add a Legacy Display Element to any MIME part with any other Content-Type.

6.3. Composing with "Wrapped Message" Header Protection

To compose a message using "Wrapped Message" Header Protection, the composing MUA uses the following inputs:

  • All the inputs described in Section 6.1

  • hcp: a Header Confidentiality Policy, as defined in Section 3

  • response: if the new message is a response to another message (e.g., "Reply", "Reply All", "Forward", etc), the MUA function corresponding to the user's action (see Section 5.4), otherwise null

  • refmsg: if the new message is a response to another message, the message being responded to, otherwise null

6.3.1. ComposeWrappedMessage

Method Signature:

ComposeWrappedMessage(origbody, origheaders, crypto hcp, response, refmsg) → mime_message

Procedure:

  1. Let newbody be a copy of origbody

  2. For each Header Field name and value (h,v) in origheaders:

    1. Add Header Field h to MIME part newbody with value v

  3. If crypto does not contain encryption:

    1. Let newheaders be a copy of origheaders

  4. Else (if crypto contains encryption):

    1. If refmsg is not null, response is not null, and refmsg itself is encrypted with header protection:

      1. Let response_hcp be a single-use HCP derived from response and refmsg (see Section 5.4)

    2. Else (if this is not a response to an encrypted, header-protected message):

      1. Set response_hcp to hcp_no_confidentiality

    3. Create new empty list of Header Field names and values newheaders

    4. For each Header Field name and value (h,v) in origheaders:

      1. Let newval be hcp(h,v)

      2. If newval is v:

        1. Let newval be response_hcp(h,v)

      3. If newval is not null:

        1. Add (h,newval) to newheaders

    5. For each Header Field name and value (h,v) in newheaders:

      1. Let string record be the concatenation of h, a literal "" (ASCII colon (0x3A) followed by ASCII space (0x20)), and v

      2. Add Header Field "HP-Outer" to MIME part newbody with value record

  5. If any of the Header Fields in MIME part newbody, including Header Fields in the nested internal MIME structure, contain any 8-bit UTF-8 characters (see Section 3.7 of [RFC6532]):

    1. Let payload be a new MIME part with one Header Field: Content-Type: message/global

  6. Else:

    1. Let payload be a new MIME part with one Header Field: Content-Type: message/rfc822

  7. If crypto contains encryption:

    1. Add a parameter hp="cipher" to the Content-Type Header Field of payload

  8. Else (if crypto does not contain encryption):

    1. Add a parameter hp="clear" to the Content-Type Header Field of payload

  9. Add a parameter hp-scheme="wrapped" to the Content-Type Header Field of payload

  10. Set the body of payload to newbody.

  11. Add a Content-Disposition Header Field to MIME part payload with value inline

  12. Apply crypto to MIME part payload, producing MIME tree output

  13. For each Header Field name and value (h,v) in newheaders:

    1. Add Header Field h to output with value v

  14. Return output

Note that the Header Confidentiality Policy hcp parameter is effectively ignored if crypto does not contain encryption. This is by design, because a signed-only message cannot provide confidentiality.

7. Replying and Forwarding Guidance

When composing a reply to a message with Header Protection, the MUA is acting both as a receiving MUA and as a sending MUA. For encrypted messages, special guidance applies, because information can leak in at least two ways: leaking previously confidential Header Fields, and leaking the entire message by replying to the wrong party. Many MUAs also offer "Forward Message" functionality which has the potential to leak previously confidential Header Fields.

7.1. Avoid Leaking Encrypted Header Fields in Replies and Forwards

As noted in Section 5.4 of [I-D.ietf-lamps-e2e-mail-guidance], an MUA in this position MUST NOT leak previously encrypted content in the clear in a follow-up message. The same is true for protected Header Fields.

Values from any Header Field that was identified as either encrypted-only or signed-and-encrypted based on the steps outlined above MUST NOT be placed in cleartext output when generating a message.

In particular, if Subject was encrypted, and it is copied into the draft encrypted reply, the replying MUA MUST obscure the unprotected (cleartext) Subject Header Field as described above.

When crafting the Header Fields for a reply or forwarded message, the composing MUA SHOULD make use of the HP-Outer Header Fields from within the Cryptographic Envelope of the reference message to ensure that Header Fields derived from the reference message do not leak in the reply. See Section 5.4 for an explicit algorithm to handle this cleanly.

Consider a Header Field in a reply message that is generated by derivation from a Header Field in the reference message. For example, the To Header Field is typically derived from the reference message's Reply-To or From Header Fields. When generating the outer copy of the Header Field, the composing MUA first applies its own Header Confidentiality Policy. If the Header Field's value is changed by the HCP, then it is applied to the outside header. If the Header Field's value is unchanged, the composing MUA re-generates the Header Field using the Header Fields that had been on the outside of the original message at sending time. These can be inferred from the HP-Outer Header Fields located within the Cryptographic Payload of the referenced message. If that value is itself different than the protected value, then it is applied to the outside header. If the value is the same as the protected value, then it is simply copied to the outside header directly. Whether it was changed or not, it is noted in the protected Header Section using HP-Outer, as described in Section 2.2.1.

See Appendix D.2 for a simple worked example of this process.

7.2. Avoid Misdirected Replies

When replying to a message, the Composing MUA typically decides who to send the reply to based on:

  • the Reply-To, Mail-Followup-To, or From Header Fields

  • optionally, the other To or Cc Header Fields (if the user chose to "reply all")

When a message has Header Protection, the replying MUA MUST populate the destination fields of the draft message using the protected Header Fields, and ignore any unprotected Header Fields.

This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, and then replays the message to Bob with an additional Cc to Mallory's own e-mail address in the message's outer (unprotected) Header Section.

If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory.

8. Unprotected Header Fields Added in Transit

Some Header Fields are legitimately added in transit and could not have been known to the sender at message composition time.

The most common of these Header Fields are Received and DKIM-Signature, neither of which are typically rendered, either explicitly or implicitly.

If a receiving MUA has specific knowledge about a given Header Field, including that:

then the MUA MAY decide to operate on the value of that Header Field from the unprotected Header Section, even though the message has Header Protection.

The MUA MAY prefer to verify that the Header Fields in question have additional transit-derived cryptographic protections before rendering or acting on them. For example, the MUA could verify whether these Header Fields are covered by an appropriate and valid ARC-Authentication-Results (see [RFC8617]) or DKIM-Signature (see [RFC6376]) Header Field.

Specific examples of user-meaningful Header Fields commonly added by transport agents appear below.

8.1. Mailing list Header Fields: List-* and Archived-At

If the message arrives through a mailing list, the list manager itself may inject Header Fields (most have a List- prefix) in the message:

  • List-Archive

  • List-Subscribe

  • List-Unsubscribe

  • List-Id

  • List-Help

  • List-Post

  • Archived-At

For some MUAs, these Header Fields are implicitly rendered, by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc.

An MUA that receives a message with Header Protection that contains these Header Fields in the unprotected section, and that has reason to believe the message is coming through a mailing list MAY decide to render them to the user (explicitly or implicitly) even though they are not protected.

9. E-mail Ecosystem Evolution

This document is intended to offer tooling needed to improve the state of the e-mail ecosystem in a way that can be deployed without significant disruption. Some elements of this specification are present for transitional purposes, but would not exist if the system were designed from scratch.

This section describes these transitional mechanisms, as well as some suggestions for how they might eventually be phased out.

9.1. Dropping Legacy Display Elements

Any decorative Legacy Display Element added to an encrypted message that uses the Injected Header scheme is present strictly for enabling Header Field visibility (most importantly, the Subject Header Field) when the message is viewed with a decryption-capable Legacy MUA.

Eventually, the hope is that most decryption-capable MUAs will conform to this specification, and there will be no need for injection of Legacy Display Elements in the message body. A survey of widely used decryption-capable MUAs might be able to establish when most of them do support this specification.

At that point, a composing MUA could set the legacy parameter described in Section 6.2 to false by default or could even hard-code it to false, yielding a much simpler message construction set.

Until that point, an end user might want to signal that their receiving MUAs are conformant to this document so that a peer composing a message to them can set legacy to false. A signal indicating capability of handling messages with Header Protection might be placed in the user's cryptographic certificate, or in outbound messages.

This document does not attempt to define the syntax or semantics of such a signal.

9.2. More Ambitious Default Header Confidentiality Policy

This document defines a few different forms of Header Confidentiality Policy. An MUA implementing an HCP for the first time SHOULD deploy hcp_baseline as recommended in Section 3.3. This HCP offers the most commonly expected protection (obscuring the Subject Header Field) without risking deliverability or rendering issues.

The HCPs proposed in this document are relatively conservative and still leak a significant amount of metadata for encrypted messages. This is largely done to ensure deliverability (see Section 1.4.2) and usability, as messages without some critical Header Fields are more likely to not reach their intended recipient.

In the future, some mail transport systems may accept and deliver messages with even less publicly visible metadata. Many MTA operators today would ask for additional guarantees about such a message to limit the risks associated with abusive or spammy mail.

This specification offers the HCP formalism itself as a way for MUA developers and MTA operators to describe their expectations around message deliverability. MUA developers can propose a more ambitious default HCP, and ask MTA operators (or simply test) whether their MTAs would be likely to deliver or reject encrypted mail with that HCP applied. Proponents of a more ambitious HCP should explicitly document the HCP and name it clearly and unambiguously to facilitate this kind of interoperability discussion.

Reaching widespread consensus around a more ambitious global default HCP is a challenging problem of coordinating many different actors. A piecemeal approach might be more feasible, where some signalling mechanism allows a message recipient, MTA operator, or third-party clearinghouse to announce what kinds of HCPs are likely to be deliverable for a given recipient. In such a situation, the default HCP for an MUA might involve consulting the signalled acceptable HCPs for all recipients, and combining them (along with a default for when no signal is present) in some way.

If such a signal were to reach widespread use, it could also be used to guide reasonable statistical default HCP choices for recipients with no signal.

This document does not attempt to define the syntax or semantics of such a signal.

9.3. Deprecation of Messages Without Header Protection

At some point, when the majority of MUA clients that can generate cryptographically protected messages with Header Protection, it should be possible to deprecate any cryptographically protected message that does not have Header Protection.

For example, as noted in Section 10.1, it's possible for an MUA to render a signed-only message that has no Header Protection the same as an unprotected message. And a signed-and-encrypted message without Header Protection could likewise be marked as not fully protected.

These stricter rules could be adopted immediately for all messages. Or an MUA developer could roll them out immediately for any new message, but still treat an old message (based on the Date Header Field and cryptographic signature timestamp) more leniently.

A decision like this by any popular receiving MUA could drive adoption of this standard for sending MUAs.

10. Usability Considerations

This section describes concerns for MUAs that are interested in easy adoption of Header Protection by normal users.

While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document.

See also the Usability commentary in Section 2 of [I-D.ietf-lamps-e2e-mail-guidance].

10.1. Mixed Protections Within a Message Are Hard To Understand

When rendering a message to the user, the ideal circumstance is to present a single cryptographic status for any given message. However, when message Header Fields are present, some message Header Fields do not have the same cryptographic protections as the main message.

Representing such a mixed set of protection statuses is very difficult to do in a way that a Ordinary User can understand. There are at least three scenarios that are likely to be common, and poorly understood:

  • A signed message with no Header Protection.

  • A signed-and-encrypted message with no Header Protection.

  • A signed-and-encrypted message with Header Protection as described in this document, where some User-Facing Header Fields have confidentiality but some do not.

An MUA should have a reasonable strategy for clearly communicating each of these scenarios to the user. For example, an MUA operating in an environment where it expects most cryptographically protected messages to have Header Protection could use the following rendering strategy:

  • When rendering a message with signed-only cryptographic status but no Header Protection, an MUA may decline to indicate a positive security status overall, and only indicate the cryptographic status to a user in a message properties or diagnostic view. That is, the message may appear identical to an unsigned message except if a user verifies the properties through a menu option.

  • When rendering a message with signed-and-encrypted or encrypted-only cryptographic status but no Header Protection, overlay a warning flag on the typical cryptographic status indicator. That is, if a typical signed-and-encrypted message displays a lock icon, display a lock icon with a warning sign (e.g., an exclamation point in a triangle) overlaid. See, for example, the graphics in [chrome-indicators].

  • When rendering a message with signed-and-encrypted or encrypted-only cryptographic status, with Header Protection, but where the Subject Header Field has not been removed or obscured, place a warning sign on the Subject line.

Other simple rendering strategies could also be reasonable.

10.2. Users Should Not Have To Choose a Header Confidentiality Policy

This document defines the abstraction of a Header Confidentiality Policy object for the sake of communication between implementers and deployments.

Most e-mail users are unlikely to understand the tradeoffs between different policies. In particular, the potential negative side effects (e.g., poor deliverability) may not be easily attributable by a normal user to a particular HCP.

Therefore, MUA implementers should be conservative in their choice of default HCP, and should not require the Ordinary User to make an incomprehensible choice that could cause unfixable, undiagnosable problems. The safest option is for the MUA developer to select a known, stable HCP (this document recommends hcp_baseline in Section 3.3) on the user's behalf. An MUA should not expose the Ordinary User to a configuration option where they are expected to manually select (let alone define) an HCP.

10.3. Users Should Not Have To Choose a Header Protection Scheme

This document describes two Header Protection schemes: Injected Headers (Section 4.1) and Wrapped Messages (Section 4.2).

These distinct schemes are described for the sake of implementers who may have to deal with messages found in the wild, but their intended semantics are identical. They represent different tradeoffs in terms of rendering and user experience on the recipient's side, which an Ordinary User writing a message is not prepared to select.

When composing a message with cryptographic protections, the Ordinary User should not be confronted with any choices about which Header Protection scheme to use. Rather, the MUA developer should use a single scheme for all outbound cryptographically protected messages. This document recommends the Injected Headers scheme (see Section 2).

11. Security Considerations

Header Protection improves the security of cryptographically protected e-mail messages. Following the guidance in this document improves security for users by more directly aligning the underlying messages with user expectations about confidentiality, authenticity, and integrity.

Nevertheless, helping the user distinguish between cryptographic protections of various messages remains a security challenge for MUAs. This is exarcebated by the fact that many existing messages with cryptographic protections do not employ Header Protection. MUAs encountering these messages (e.g., in an archive) will need to handle older forms (without Header Protection) for quite some time, possibly forever.

The security considerations from Section 6 of [RFC8551] continue to apply for any MUA that offers S/MIME cryptographic protections, as well as Section 3 of [RFC5083] (Authenticated-Enveloped-Data in CMS) and Section 14 of [RFC5652] (CMS more broadly). Likewise, the security considerations from Section 8 of [RFC3156] continue to apply for any MUA that offers PGP/MIME cryptographic protections, as well as Section 13 of [I-D.ietf-openpgp-crypto-refresh-13] (OpenPGP itself). In addition, these underlying security considerations are now also applicable to the contents of the message header, not just the message body.

11.1. Avoid Cryptographic Summary Confusion from hp Parameter

When parsing a message, the recipient MUA infers the message's Cryptographic Status from the Cryptographic Layers, as described in Section 4.6 of [I-D.ietf-lamps-e2e-mail-guidance].

The Cryptographic Layers that make up the Cryptographic Envelope describe an ordered list of cryptographic properties as present in the message after it has been delivered. By contrast, the hp parameter to the Content-Type Header Field contains a simpler indication: whether the sender originally tried to encrypt the message or not. In particular, for a message with Header Protection, the Cryptographic Payload should have a hp parameter of cipher if the message is encrypted (in addition to signed), and clear if no encryption is present (that is, the message is signed-only).

As noted in Section 2.1.1, the receiving implementation should not inflate its estimation of the confidentiality of the message or its Header Fields based on the sender's intent, if it can see that the message was not actually encrypted. A signed-only message that happens to have an hp parameter of cipher is still signed-only.

Conversely, since the encrypting Cryptographic Layer is typically outside the signature layer (see Section 5.2 of [I-D.ietf-lamps-e2e-mail-guidance]), an originally signed-only message could have been wrapped in an encryption layer by an intervening party before receipt, to appear encrypted.

If a message appears to be wrapped in an encryption layer, and the hp parameter is present but is not set to cipher, then it is likely that the encryption layer was not added by the original sender. For such a message, the lack of any HP-Outer Header Field in the Header Section of the Cryptographic Payload MUST NOT be used to infer that all Header Fields were removed from the message by the original sender. In such a case, the receiving MUA SHOULD treat every Header Field as though it was not confidential.

11.2. Caution about Composing with Legacy Display Elements

When composing a message, it's possible for a Legacy Display Element to contain risky data that could trigger errors in a rendering client.

For example, if the value for a Header Field to be included in a Legacy Display Element within a given body part contains folding whitespace, it should be "unfolded" before generating the Legacy Display Element: all contiguous folding whitespace should be replaced with a single space character. Likewise, if the header value was originally encoded with [RFC2047], it should be decoded first to a standard string and re-encoded using the charset appropriate to the target part.

When including a Legacy Display Element in a text/plain part (see Section 6.2.2), if the decoded Subject Header Field contains a pair of newlines (e.g., if it is broken across multiple lines by encoded newlines), any newline MUST be stripped from the Legacy Display Element. If the pair of newlines is not stripped, a receiving MUA that follows the guidance in Section 5.5.3.2 might leave the later part of the Legacy Display Element in the rendered message.

When including a Legacy Display Element in a text/html part (see Section 6.2.3), any material in the header values should be explicitly HTML escaped to avoid being rendered as part of the HTML. At a minimum, the characters <, >, and & should be escaped to &lt;, &gt;, and &amp;, respectively (see for example [HTML-ESCAPES]). If unescaped characters from removed or obscured header values end up in the Legacy Display Element, a receiving MUA that follows the guidance in Section 5.5.3.3 might fail to identify the boundaries of the Legacy Display Element, cutting out more than it should, or leaving remnants visible. And a Legacy MUA parsing such a message might misrender the entire HTML stream, depending on the content of the removed or obscured header values.

The Legacy Display Element is a decorative addition solely to enable visibility of obscured or removed Header Fields in decryption-capable Legacy MUAs. When it is produced, it should be generated minimally and strictly, as described above, to avoid damaging the rest of the message.

11.3. Plaintext Attacks

An encrypted e-mail message using S/MIME or PGP/MIME tends to have some amount of predictable plaintext. For example, the standard MIME headers of the Cryptographic Payload of a message are often a predictable sequence of bytes, even without Header Protection, when they only include the Structural Header Fields MIME-Version and Content-Type. This is a potential risk for known-plaintext attacks.

Including protected Header Fields as described in this document increases the amount of known plaintext. Since some of those headers in a reply will be derived from the message being replied to, this also creates a potential risk for chosen-plaintext attacks, in addition to known-plaintext attacks.

Modern message encryption mechanisms are expected to be secure against both known-plaintext attacks and chosen-plaintext attacks. An MUA composing an encrypted message should ensure that it is using such a mechanism, regardless of whether it does Header Protection.

12. Privacy Considerations

12.1. Leaks When Replying

The encrypted Header Fields of a message may accidentally leak when replying to the message. See the guidance in Section 7.

12.2. Encrypted Header Fields Are Not Always Private

For encrypted messages, depending on the sender's HCP, some Header Fields may appear both within the Cryptographic Envelope and on the outside of the message (e.g., Date might exist identically in both places). Section 5.3 identifies such a Header Field as signed-only. These Header Fields are clearly not private at all, despite a copy being inside the Cryptographic Envelope.

A Header Field whose name and value are not matched verbatim by any HP-Outer Header Field from the same part will have encrypted-only or signed-and-encrypted status. But even Header Fields with these stronger levels of cryptographic confidentiality protection might not be as private as the user would like.

See the examples below.

This concern is true for any encrypted data, including the body of the message, not just the Header Fields: if the sender isn't careful, the message contents or session keys can leak in many ways that are beyond the scope of this document. The message recipient has no way in principle to tell whether the apparent confidentiality of any given piece of encrypted content has been broken via channels that they cannot perceive. Additionally, an active intermediary aware of the recipient's public key can always encrypt a cleartext message in transit to give the recipient a false sense of security.

12.2.1. Encrypted Header Fields Can Leak Unwanted Information to the Recipient

For encrypted messages, even with an ambitious HCP that successfully obscures most Header Fields from all transport agents, Header Fields will be ultimately visible to all intended recipients. This can be especially problematic for Header Fields that are not user-facing, which the sender may not expect to be injected by their MUA. Consider the three following examples:

  • The MUA may inject a User-Agent Header Field that describes itself to every recipient, even though the sender may not want the recipient to know the exact version of their OS, hardware platform, or MUA.

  • The MUA may have an idiosyncratic way of generating a Message-ID header, which could embed the choice of MUA, a time zone, a hostname, or other subtle information to a knowledgeable recipient.

  • The MUA may erroneously include a Bcc Header Field in the origheaders of a copy of a message sent to the named recipient, defeating the purpose of using Bcc instead of Cc (see Section 12.4 for more details about risks related to Bcc).

Clearly, no end-to-end cryptographic protection of any Header Field as described in this document will hide such a sensitive field from the intended recipient. Instead, the composing MUA MUST populate the origheaders list for any outbound message with only information the recipient should have access to. This is true for messages without any cryptographic protection as well, of course, and it is even worse there: such a leak is exposed to the transport agents as well as the recipient. An encrypted message with Header Protection and a more ambitious Header Confidentiality Policy avoid these leaks exposing information to the transport agents but cannot defend against such a leak to the recipient.

12.2.2. Encrypted Header Fields Can Be Inferred From External or Internal Metadata

For example, if the To and Cc Header Fields are removed from the unprotected Header Section, the values in those fields might still be inferred with high probability by an adversary who looks at the message either in transit or at rest. If the message is found in, or being delivered to a mailbox for bob@example.org, it's likely that Bob was in either To or Cc. Furthermore, encrypted message ciphertext may hint at the recipients: for S/MIME messages, the RecipientInfo, and for PGP/MIME messages the key ID in the Public Key Encrypted Session Key (PKESK) packets will all hint at a specific set of recipients. Additionally, an MTA that handles the message may add a Received Header Field (or some other custom Header Field) that leaks some information about the nature of the delivery.

12.2.3. Encrypted Header Fields May Not Be Fully Masked by HCP

In another example, if the HCP modifies the Date header to mask out high-resolution time stamps (e.g., rounding to the most recent hour) and to convert the local time zone to UTC, some information about the date of delivery will still be attached to the e-mail. At the very least, the low resolution, global version of the date will be present on the message. Additionally, Header Fields like Received that are added during message delivery might include higher-resolution timestamps. And if the message lands in a mailbox that is ordered by time of receipt, even its placement in the mailbox and the non-obscured Date Header Fields of the surrounding messages could leak this information.

Some Header Fields like From may be impossible to fully obscure, as many modern message delivery systems depend on at least domain information in the From Header Field for determining whether a message is coming from a domain with "good reputation" (that is, from a domain that is not known for leaking spam). So even if an ambitious HCP opts to remove the human-readable part from any From Header Field, and to standardize/genericize the local part of the From address, the domain will still leak.

12.3. A Naive Recipient May Overestimate the Cryptographic Status of a Header Field in an Encrypted Message

When an encrypted (or signed-and-encrypted) message is in transit, an active intermediary can strip or tamper with any Header Field that appears outside the Cryptographic Envelope. A receiving MUA that naively infers cryptographic status from differences between the external Header Fields and those found in the Cryptographic Envelope could be tricked into overestimating the protections afforded to some Header Fields.

For example, if the original sender's HCP passes through the Cc Header Field unchanged, a cleanly delivered message would indicate that the Cc Header Field has a cryptographic status of signed. But if an intermediary attacker simply removes the Header Field from the unprotected Header Section before forwarding the message, then the naive recipient might believe that the field has a cryptographic status of signed-and-encrypted.

This document offers protection against such an attack by way of the HP-Outer Header Fields that can be found on the Cryptographic Payload. If a Header Field appears to have been obscured by inspection of the outer message, but an HP-Outer Header Field matches it exactly, the receiving MUA can indicate to the user that the Header Field in question may not have been confidential.

In such a case, a cautious MUA may render the Header Field in question as signed (because the sender did not hide it), but still treat it as signed-and-encrypted during reply, to avoid accidental leakage of the cleartext value in the reply message, as described in Section 7.1.

12.4. Privacy and Deliverability Risks with Bcc and Encrypted Messages

As noted in Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance], handling Bcc when generating an encrypted e-mail message can be particularly tricky. With Header Protection, there is an additional wrinkle. When an encrypted e-mail message with Header Protection has a Bcc'ed recipient, and the composing MUA explicitly includes the Bcc'ed recipient's address in their copy of the message (see the "second method" in Section 3.6.3 of [RFC5322]), that Bcc Header Field will always be visible to the Bcc'ed recipient.

In this scenario, though, the composing MUA has one additional choice: whether to hide the Bcc Header Field from intervening message transport agents, by returning null when the HCP is invoked for Bcc. If the composing MUA's rationale for including an explicit Bcc in the copy of the message sent to the Bcc recipient is to ensure deliverability via a message transport agent that inspects message Header Fields, then stripping the Bcc field during encryption may cause the intervening transport agent to drop the message entirely. This is why Bcc is not explicitly stripped in hcp_baseline.

If, on the other hand, deliverability to a Bcc'ed recipient is not a concern, the most privacy-preserving option is to simply omit the Bcc Header Field from the protected Header Section in the first place. An MUA that is capable of receiving and processing such a message can infer that since their user's address was not mentioned in any To or Cc Header Field, they were likely a Bcc recipient.

Please also see Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance] for more discussion about Bcc and encrypted messages.

13. IANA Considerations

This document registers an e-mail Header Field, describes parameters for the Content-Type Header Field, and establishes a registry for Header Confidentiality Policies to facilitate HCP evolution.

13.1. Register the HP-Outer Header Field

This document requests IANA to register the following Header Field in the "Permanent Message Header Field Names" registry within "Message Headers" in accordance with [RFC3864].

Table 3: Additions to 'Permanent Message Header Field Names' registry
Header Field Name Template Protocol Status Reference
HP-Outer   mail standard Section 2.2.1 of RFCXXXX

The Author/Change Controller of these two entries (Section 4.5 of [RFC3864]) should be the IETF itself.

13.2. Update Reference for Content-Type Header Field due to hp, hp-scheme, and hp-legacy-display Parameters

This document also defines the Content-Type parameters known as hp (in Section 2.1.1), hp-scheme (in Section 2.1.2), and hp-legacy-display (in Section 2.1.3). Consequently, the Content-Type row in the "Permanent Message Header Field Names" registry should add a reference to this RFC to its "References" column.

That is, the current row:

Table 4: Existing row in 'Permanent Message Header Field Names' registry
Header Field Name Template Protocol Status Reference
Content-Type   MIME   [RFC4021]

Should be updated to have the following values:

Table 5: Replacement row in 'Permanent Message Header Field Names' registry
Header Field Name Template Protocol Status Reference
Content-Type   MIME   [RFC4021] [RFCXXXX]

13.3. New Registry: Mail Header Confidentiality Policies

This document also requests IANA to create a new registry in the "Mail Parameters" protocol group titled Mail Header Confidentiality Policies with the following content:

Table 6: Mail Header Confidentiality Policies registry
Header Confidentiality Policy Name Description Reference Recommended
hcp_no_confidentiality No header confidentiality Section 3.2.3 of RFCXXX (this document) N
hcp_baseline Subject Header Field is obscured Section 3.2.1 of RFCXXX (this document) Y
hcp_strong Remove or obscure everything but From, Date, To, Cc and Message-ID Section 3.2.2 of RFCXXX (this document) N

hcp_example_hide_cc is mooted as an example in Section 3 but is not formally registered by this document.

Please add the following textual note to this registry:

  • The Header Confidentiality Policy Name never appears on the wire. This registry merely tracks stable references to implementable descriptions of distinct policies. Any addition to this registry should be governed by guidance in Section 3.4.2 of RFC XXX (this document).

Adding an entry to this registry with an N in the "Recommended" column follows the registration policy of SPECIFICATION REQUIRED. Adding an entry to this registry with a Y in the "Recommended" column or changing the "Recommended" column in an existing entry (from N to Y or vice versa) requires IETF REVIEW. During IETF REVIEW, the designated expert must also be consulted. Guidance for the designated expert can be found in Section 3.4.2.

14. Acknowledgments

Thore Göbel identified significant gaps in earlier versions of this document, and proposed concrete and substantial improvements. Thanks to his contributions, the document is clearer, and the protocols described herein are more useful.

Additionally, the authors would like to thank the following people who have provided helpful comments and suggestions for this document: Berna Alp, Bernhard E. Reiter, Carl Wallace, Claudio Luck, David Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Michael StJohns, Nicolas Lidzborski, Peter Yee, Phillip Tao, Robert Williams, Rohan Mahy, Roman Danyliw, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Wei Chuang.

15. References

15.1. Normative References

[I-D.ietf-lamps-e2e-mail-guidance]
Gillmor, D. K., Hoeneisen, B., and A. Melnikov, "Guidance on End-to-End E-mail Security", Work in Progress, Internet-Draft, draft-ietf-lamps-e2e-mail-guidance-16, , <https://datatracker.ietf.org/doc/html/draft-ietf-lamps-e2e-mail-guidance-16>.
[I-D.ietf-openpgp-crypto-refresh-13]
Wouters, P., Huigens, D., Winter, J., and N. Yutaka, "OpenPGP", Work in Progress, Internet-Draft, draft-ietf-openpgp-crypto-refresh-13, , <https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-13>.
[RFC2045]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, , <https://www.rfc-editor.org/rfc/rfc2045>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC3864]
Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, DOI 10.17487/RFC3864, , <https://www.rfc-editor.org/rfc/rfc3864>.
[RFC5083]
Housley, R., "Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type", RFC 5083, DOI 10.17487/RFC5083, , <https://www.rfc-editor.org/rfc/rfc5083>.
[RFC5234]
Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, , <https://www.rfc-editor.org/rfc/rfc5234>.
[RFC5322]
Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, , <https://www.rfc-editor.org/rfc/rfc5322>.
[RFC5652]
Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, DOI 10.17487/RFC5652, , <https://www.rfc-editor.org/rfc/rfc5652>.
[RFC8126]
Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, , <https://www.rfc-editor.org/rfc/rfc8126>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8551]
Schaad, J., Ramsdell, B., and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, , <https://www.rfc-editor.org/rfc/rfc8551>.

15.2. Informative References

[chrome-indicators]
Schechter, E., "Evolving Chrome's security indicators", , <https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html>.
[CSS]
World Wide Web Consortium, "Cascading Style Sheets Level 2 Revision 2 (CSS 2.2) Specification", , <https://www.w3.org/TR/2016/WD-CSS22-20160412/>.
[HTML-ESCAPES]
W3C, "Using character escapes in markup and CSS", n.d., <https://www.w3.org/International/questions/qa-escapes#use>.
[I-D.autocrypt-lamps-protected-headers]
Einarsson, B. R., "juga", and D. K. Gillmor, "Protected Headers for Cryptographic E-mail", Work in Progress, Internet-Draft, draft-autocrypt-lamps-protected-headers-02, , <https://datatracker.ietf.org/doc/html/draft-autocrypt-lamps-protected-headers-02>.
[I-D.pep-email]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): Email Formats and Protocols", Work in Progress, Internet-Draft, draft-pep-email-02, , <https://datatracker.ietf.org/doc/html/draft-pep-email-02>.
[I-D.pep-general]
Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy privacy (pEp): Privacy by Default", Work in Progress, Internet-Draft, draft-pep-general-02, , <https://datatracker.ietf.org/doc/html/draft-pep-general-02>.
[PGPCONTROL]
UUNET Technologies, Inc., "Authentication of Usenet Group Changes", , <https://ftp.isc.org/pub/pgpcontrol/>.
[PGPVERIFY-FORMAT]
Lawrence, D. C., "Signing Control Messages, Verifying Control Messages", n.d., <https://www.eyrie.org/~eagle/usefor/other/pgpverify>.
[RFC2047]
Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, DOI 10.17487/RFC2047, , <https://www.rfc-editor.org/rfc/rfc2047>.
[RFC2049]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, DOI 10.17487/RFC2049, , <https://www.rfc-editor.org/rfc/rfc2049>.
[RFC3156]
Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, , <https://www.rfc-editor.org/rfc/rfc3156>.
[RFC3851]
Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, DOI 10.17487/RFC3851, , <https://www.rfc-editor.org/rfc/rfc3851>.
[RFC4021]
Klyne, G. and J. Palme, "Registration of Mail and MIME Header Fields", RFC 4021, DOI 10.17487/RFC4021, , <https://www.rfc-editor.org/rfc/rfc4021>.
[RFC5751]
Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification", RFC 5751, DOI 10.17487/RFC5751, , <https://www.rfc-editor.org/rfc/rfc5751>.
[RFC6376]
Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, , <https://www.rfc-editor.org/rfc/rfc6376>.
[RFC6532]
Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, , <https://www.rfc-editor.org/rfc/rfc6532>.
[RFC7489]
Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, , <https://www.rfc-editor.org/rfc/rfc7489>.
[RFC8617]
Andersen, K., Long, B., Ed., Blank, S., Ed., and M. Kucherawy, Ed., "The Authenticated Received Chain (ARC) Protocol", RFC 8617, DOI 10.17487/RFC8617, , <https://www.rfc-editor.org/rfc/rfc8617>.
[RFC9216]
Gillmor, D. K., Ed., "S/MIME Example Keys and Certificates", RFC 9216, DOI 10.17487/RFC9216, , <https://www.rfc-editor.org/rfc/rfc9216>.

Appendix A. Table of Pseudocode Listings

This document contains guidance with pseudocode descriptions. Each algorithm is listed here for easy reference.

Table 7: Table of Pseudocode Listings
Method Name Description
HeaderSetsFromMessage Derive "outer" and "protected" sets of Header Fields from a given message
HeaderFieldProtection Calculate cryptographic protections for a Header Field in a given message
ReferenceHCP Produce an ephemeral HCP to use when responding to a given message
ComposeNoHeaderProtection Legacy message composition with end-to-end cryptographic protections (but no header protection)
ComposeInjectedHeaders Compose a message with end-to-end cryptographic protections including header protection, using the Injected Headers scheme
ComposeWrappedMessage Compose a message with end-to-end cryptographic protections including header protection, using the Wrapped Message scheme

Appendix B. Possible Problems with Legacy MUAs

When an e-mail message with end-to-end cryptographic protection is received by a mail user agent, the user might experience many different possible problematic interactions. A message with Header Protection may introduce new forms of user experience failure.

In this section, the authors enumerate different kinds of failures we have observed when reviewing, rendering, and replying to messages with different forms of Header Protection in different Legacy MUAs. Different Legacy MUAs demonstrate different subsets of these problems.

A conformant MUA would not exhibit any of these problems. An implementer updating their Legacy MUA to be compliant with this specification should consider these concerns and try to avoid them.

Recall that "protected" refers to the "inner" values, e.g., the real Subject, and "unprotected" refers to the "outer" values, e.g., the dummy Subject.

B.1. Problems Viewing Messages in a List View

  • Unprotected Subject, Date, From, To are visible (instead of being replaced by protected values)

  • Threading is not visible

B.2. Problems when Rendering a Message

  • Unprotected Subject is visible

  • Protected Subject (on its own) is visible in the body

  • Protected Subject, Date, From, and To visible in the body

  • User interaction needed to view whole message

  • User interaction needed to view message body

  • User interaction needed to view protected subject

  • Impossible to view protected Subject

  • Nuisance alarms during user interaction

  • Impossible to view message body

  • Appears as a forwarded message

  • Appears as an attachment

  • Security indicators not visible

  • Security indicators do not identify protection status of Header Fields

  • User has multiple different methods to reply (e.g., reply to outer, reply to inner)

  • User sees English "Subject:" in body despite message itself being in non-English

  • Security indicators do not identify protection status of Header Fields

  • Header Fields in body render with local Header Field names (e.g., showing "Betreff" instead of "Subject") and dates (TZ, locale)

B.3. Problems when Replying to a Message

Note that the use case here is:

  • User views message, to the point where they can read it

  • User then replies to message, and they are shown a message composition window, which has some UI elements

  • If the MUA has multiple different methods to reply to a message, each way may need to be evaluated separately

This section also uses the shorthand UI:x to mean "the UI element that the user can edit that they think of as x."

  • Unprotected Subject is in UI:subject (instead of the protected Subject)

  • Protected Subject is quoted in UI:body (from Legacy Display Element)

  • Protected Subject leaks when the reply is serialised into MIME

  • Protected Subject is not anywhere in UI

  • Message body is not visible/quoted in UI:body

  • User cannot reply while viewing protected message

  • Reply is not encrypted by default (but is for legacy signed-and-encrypted messages without Header Protection)

  • Unprotected From or Reply-To is in UI:To (instead of the protected From or Reply-To)

  • User's locale (lang, TZ) leaks in quoted body

  • Header Fields not protected (and in particular, Subject is not obscured) by default

Appendix C. Test Vectors

This section contains sample messages using the different schemes described in this document. Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it.

The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from [RFC9216].

These messages should be accessible to any IMAP client at imap://bob@header-protection.cmrg.net/ (any password should authenticate to this read-only IMAP mailbox).

You can also download copies of these test vectors separately at https://header-protection.cmrg.net.

If any of the messages downloaded differ from those offered here, this document is the canonical source.

C.1. Baseline Messages

These messages offer no header protection at all, and can be used as a baseline. They are provided in this document as a counterexample. An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection.

C.1.1. No Cryptographic Protections Over a Simple Message

This message uses no cryptographic protection at all. Its body is a text/plain message.

It has the following structure:

└─╴text/plain 152 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: no-crypto
Message-ID: <no-crypto@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500
User-Agent: Sample MUA Version 1.0

This is the
no-crypto
message.

This message uses no cryptographic protection at all.  Its body
is a text/plain message.

--
Alice
alice@smime.example

C.1.2. S/MIME Signed-only signedData Over a Simple Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 3856 bytes
 ⇩ (unwraps to)
 └─╴text/plain 206 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part
Message-ID: <smime-one-part@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500
User-Agent: Sample MUA Version 1.0

MIILGQYJKoZIhvcNAQcCoIILCjCCCwYCAQExDTALBglghkgBZQMEAgEwggFCBgkq
hkiG9w0BBwGgggEzBIIBL01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtb25lLXBhcnQNCm1l
c3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2
aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3Bs
YWluIG1lc3NhZ2UuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3RlY3Rpb24uDQoNCi0t
IA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgEC
AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D
9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs
165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu
TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH
dZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy
6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/
BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC
BSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEw
jnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBak
DKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdao
x644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Na
r2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtl
uLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK
49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vR
hZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG
9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAg
Fw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTk
fCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DI
Ls7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TC
NO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7
ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTM
SiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwID
AQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
MB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYB
BQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDT
IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj
JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj
So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9
cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P
GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u
CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a
qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMjEwMjIwMTUwMTAyWjAvBgkqhkiG9w0BCQQxIgQgrhyFjywc
FLYzlCbb/xsgb5+a0sgYLUg094upq1ZXLWswDQYJKoZIhvcNAQEBBQAEggEABOi5
kcjRmMF4LK94svcfl92padnfUTSyjJtrIf6R6C7xy87VzsmPOPCmHgZOmTCuvY2D
iKuMId6WPVdjuRUaW6xkgYtgYjPDhy80NY0a9wXEQtjn448G0UHdM21cJyu9LTAg
orSzcT2pwEuGzNdsHW8LB5GtJKYct3RS0+jlbSr7WpZFY1mUrwpsm2r8za2KoOcy
t/E7Qz/8hT4HU52Na7pS1ZnxrasLr5prSjDSSKs4QK3ncJR8jhF9by0pDCoYgswy
zYaeJt0N+8uv7ab/kBaE3wfZlipMSFRJIlh+QeXCkIHo5fW5bn/REZHxMMdMfdPh
bqYT1i46156CSOqyxA==
C.1.2.1. S/MIME Signed-only signedData Over a Simple Message, No Header Protection, Unwrapped

The S/MIME signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the
smime-one-part
message.

This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a text/plain message. It uses no header protection.

--
Alice
alice@smime.example

C.1.3. S/MIME Signed-only multipart/signed Over a Simple Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 4187 bytes
 ├─╴text/plain 224 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="253";
 micalg="sha-256"
Subject: smime-multipart
Message-ID: <smime-multipart@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500
User-Agent: Sample MUA Version 1.0

--253
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the
smime-multipart
message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses no header protection.

--
Alice
alice@smime.example

--253
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCAB+IATfw3+2kO9hwjUYxzW+Z12sfFp2dTb1pmXGS+7
DzANBgkqhkiG9w0BAQEFAASCAQANJdfU8DtOpINW4FeIWpdexndYvHYy7jFg5ICy
wIkh1DcqmbdvB4PXcksbJ0zKSVjdjXPdYQYRS4E5ClAEevEe+OkFd16UoGaadoaq
OjyGnuiEJJbRG2UUZZWMyJW2g8OZRAGZjYgEgvbVflmxqRjFRaeLGUorHaHoxk40
LomKSVRTUG11eEhmRmxIY4wKhwc0U9PKjCQFrhu3t1ZkGSfPn9jvdNTJkg85WUpk
WqmOyrup6DH4Gb84By+0IMk3vflrOyAw3kbsj6Ij+zymAlH61YypnAvddFBIuZPL
2LYdIHPLmq8KGrzcgjkjP+Y58hf9U+6gp0KPuS8DAGOvxYs0

--253--

C.1.4. S/MIME Encrypted and Signed Over a Simple Message, No Header Protection

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 6720 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 3966 bytes
  ⇩ (unwraps to)
  └─╴text/plain 242 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed
Message-ID: <smime-enc-signed@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500
User-Agent: Sample MUA Version 1.0

MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADIBD818nNlepwqeI2cJmgD1E+A8coBs/BXr
FGaMZQELJBixXR/LI5fKL5qSZnGXbt7wAYwebjtw79sgvXRlBIkbFy8DV+IT1o/q
08/5LCJwS6E+tHDLb1M1/S5oAxR+ESDzfOgzD9CoaF7BeR948PFLXMX3a451TJ2K
zLwBNZneXWtLfz3mMztmrGdKMXcNPFP5prl4eNcZvJJqKRf5Zdk2ALDCi0xG4eHd
ODtArvGywVw2nF15njL7HTy7F1YJ9q7PlIDa6xapx7RjGorecVykj8ETWwMpjEfJ
83k+UzY2VcVLdkrQiBAatg3ZtFwGbaIBZ+ss7mXNNkEIxtgsEqowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAQynbJk0fDqKrGKQeF8/vQTyt
XrTM+1JXH8bDVI3RL/osK6UeuF/c1++ZyUqNkHwit34WjXH9rlCYZO/rKe6gmm+C
3nZocxrzAFlJ+CYP3u3tIjie0qF+LEwxT9+J3jK3VOZGKmmDPN6HgWPcJPpRVrXr
Rfr2GbZ7XKqCX6zdC8Wf5ucBEtwuPupNlAORr6GGl5x1ET00YKWm0X6gi2MsTMt2
DgjLXIkB/2c9J+mUVb8IE6Wsu3fYnjfPxq7v4D25NI8gfvleMnmJoEfzs3BxRYC1
Px3aoWR2c0AQMpD+YyDNRTsEHjdbvp2uew+XajyRg5iPW79lFjud0f1XEh1/ATCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECUo2nYA/G7A4T5sbYnptlGAghAA
jpLd/cO/M1CD/iZws6S8EHUjHDG4fiYo9XJ4B5qA+VhLWIM/ZgJA385qAdltYRqN
G/I0nGU9IHW+CeqcD6BsbsbGEhRUVFusfKSk3pJXnYlYUo6gfvNwSP7viEQ8/oYp
HNTINQQKWLHi7KRNF9pXXw68+k9UhTkzzIp8awvuMXnM5ua+vCoP8x2wjrhGBYre
PrX0Ro/GqCk10zKpVEbu9Fbv4oTeDrflLqD31EyPfFVHzEI5+h6CPya82VZTMLpP
Y3r8iimhYJnrCbijpxuyE6U63pn2IvL+oQnfTkhhIKQy+BU8MdIbti0fgjCjxTx5
QcAMGzAF8ze1PK1MaMWvCdSmWv3nn8l1MWii1rBzGep042XTyI0ikC1ZTAW6q0IF
KlbLN8U/Yml0Sq8gydT+o+irFOMRWorvIgBoyeI6wd8+EtIfaFD1dG8XuoA1IDUk
vOmM2R6nmQO7qy8abB7+1OgxQOu+3WSoGS7kmwfv5zp8YamhcqB6zAB43+vneaI/
fGhiFdIGzx+ARFdur2+TOBEkrdEawahV3aBl+W9gSn616xjIe7lBGGiOL4irlbeQ
QzElj/7MpOpmwXrate0wnG6VgcvGTOyvqQRHVrgIyEm4wAuLTqUIQqpBHTtDDAc6
ZcD4LVa/gR0H6b/ofGpx4+2DT6cq9i7+LmzEDEDSdg4Is9v/Kg/p0jc50EjVl83p
toFTBZDtUuSo+QSmLM3oYZh2Re4A9BC3WNtS5IZTW2LP2ziONm6Dj0Z64vbslAVD
kCADZZxYwiCL0ct/o4pTPfw7odKQpH3uaQaPtK2kIm4YtWESEQCMmh0mSiAUpNPH
92Lj8VdwpPx36EsO4+vfzbYqZ4Zd4MqRkRKZxvuNsFssZBh3sfmuAwniYttDIlOE
26OMVPT6h7upDLJvgBb3TOno/xhD2m3QM649A4zJcQhBjeaWaYxeOTIyyN8uRaY+
am7igSXfjjHSibvX64xxx5kjPBuhZVLbVzIsH1Iiac75YPavHBCJtZ6y3c6RXm3S
pCuglA9ygGauUzuSG8A1UWLO4Z9cqKzskPI6KnA183BndO3zDm9BbUqqZbCrpPvg
cqYD+T4lxW+cDQbDBdwlj8wo+iFYrKy9SZfUlHvlV3ubfd/FytPukj6tZvs99G7h
cvEQAvyX+DHkLQziual7kKzPOmJ5+aKr6I+/vhCiXKUFjITtm+SAb8p1zoPUvipG
VE2qO2FfRT0OumieqTjNnGvq+tdhFEgoPI2F2DQ4DumrhVfpz3WUvd62zYPYkg2E
XxO39ot0f4IS7IAdqlrMlWZ5QS4oncVYU2jBPeIDeNlDG7G2ccqMuUdtajhpR1be
yfQhExf3/PqgekJD3WdIiyk7Mc3vT70WKz1G+83y+I4KUiKpMqRXkhSdCJk1zILz
6Td8KUQ8avpN01Ppk9UdQRWSOAwumIKAQ2YT8oMSMLvOGsEzs9Pqhn2E14dVPhWE
Nrgoh7PCNbyKt+JgWXSXm1T1mIF5khxjeRsmq2dMqtw8MmPyG4AulBSbOH7CXCij
jEcRcEcaKtAk+Fp0Ws9bY4AtrOhd8r7NupZK7v7o0UBKh/WqLCk5uaTFc4DhY4lf
o6V/ldyXwaGTJHT2g/hw+Oyj7g9NF6ZnAUZPKARhbJSkH5i2/1UTgcevX4mAc+hW
V0M+QCSC2dfhQwHZ8ViamyBVT72IcO1v/0mcYdJNQtVIpGqvC8FedcB9rAo1QENW
yk3qBl4asdmZKZdXhp5NRi9Ga5l7ZyPGWb+Spqu+5M992sqU21o6oWs+p105Tb8r
7XZYhIyT1A3h9ZNy3NkYFD+MnYRcQkDRUjSu0cEo3a1SAJHr6P5P9Zdc16cmMsGR
yJXIL8bv+rXCs2koIcvOPtpFScnf/Kbq7RZzkWdQGbq9WpJYa/OCV+ZUK/1clFu9
NEiSI4juKVTP0zzaJuow4WDtrbdBjf1khX6XtBjNu9NUSbzgCzQwQZMLuo34Dv/1
fc0mm78dHlyiVwYmzIwlIwfDAI//AGFnARzn1j6Ilzr+iRX80zMyd5NFyDBG1L0J
+O9NYRdcf7EnHtD0Qv60iW+N/MwGBj/VMkuRsW90MS1xyvG2K8nXniEbJc483E57
AFTwkBNbKnlf7tenTuOJxE5sDO5TuCz3aBgofBQL6szj4dJOrE/hbgp/WDNHjGYB
sqQrhZ3mNFOuN5zM1k/f/PmuRQ/jpBEgHtk6egi/qvhjGBhnqUhINxqvwf+CdhxS
VbtF0WToiwwldLxGWvSOIBNFY9Vvyx4Gn41tfD7mjvmdoSM1k3os8+4TeufS6w+m
gIIhZm13MeCzL6+qWhBazxTZ6ymBISb/AK901bSNRWbsC2xEtzTvU+M2MOI14u97
m+ACVDzIgayrRjmffDgYrTwvE5DYFYJvjpRgWjztJ88kk65ADC5QgTbzVjwhypda
IUgNCDYID3JVmQls3VsdOLFEUBVWHTvMHuFgsu7qbioiGP6BfUNFfryTscNCVpvo
kvNFCFvZWprK9C+8z0F3UfAYFm8UjIFHkaOu/Cm/K2uC4PYeIrrMVy3YTNcQUpYa
OKr4H2C45/pv5QE1fMzTYVzj9bSs1L1SD/7v2CMVBeFATGfCVEfdUzRmGz6zVVby
yQjT07UWzeHlIugBr4KLJLN/46DtITrAL8JXUFj1pMvJ+24mY2dccxJr9nBlpBVf
WUaLMpa2UYUvBa0EdColkE9y7YKrMwANOmrdRjR5XjVSvqe+pa2CcIDZpW5wPIs6
oE6EsQMy7UiWBF95w4y2SQtUVW/bOKSn6HTKccmo93VGHSGKPumoHhu45izIsC5I
H8cspPfZQOw6KEK3GMUk2POOIE/v0zYZ4OJvcE9cFul8ot6M6AWnsKWWg/cY0VrA
KDN39Qx0XDu46iRM4X3X1nl6864GCOlceP31U6H00RwL/LsS/10MEA/e/0WiHwwO
7XgsjOvepopExNww1pWnA+F5mD4RJYNV7d/DfeF/9uD3TbePYjnmzflqx2uZtO4J
62gzQnElLXO1z8y0kwTs4iuFyMvF6a6GkfKcoYAtjIKU/+kVjERPPW8+o+S2EhG4
nrKbGXKqKjyiEHL9EMXZlbxKaEqr4hEu4gmaQjTgXBA9XGao/4yTWbDtaAhtHZy6
mK0hbV6Wj4cK7N5Q4bNQuKwxBgNAYdhApZUMul1lym0p95bUvmRXbae8fZUi/x/V
EWGFQsboysjMKBvSta2OXhngSpJqqKc2ZG8+4DUDLQvt2yW713BltqgaD7W9Qzde
L3pt0oE27Es1MAmxsDBK9XcuFDdV8VA39+znsTtYWuyCfy6KFQBC8MQKvcwM6jh2
mnv7Gj4EJpdFWDD7yZt9mUn38claQqbSLudeaMs8CoK36FJBAnaXMl8EYUP0N9GE
AMhMxmZ0R0kJFmDhAYlsMYc37rMHpYKCujGkXOHr9lZK05MhBvDYnBLfnti1WXXl
WbyN5MY4AKqPSCnClpLRB3+IRE7uKPuDC2nOKK5Pul6Vn8n081JnPwJrKEEA1x41
sFmLomG0W4hvLPBMVOnIvQEMKMqhDcqIoeF1BY1PztoLP5jEEMOjtRWA+VWmffr9
telJ28cUMpBRqvrAGPoGxNmd3/xzVKPAV4DmdE86fEOxIKOiggaAQckZI1oyDvG6
epRAQdACGysmJZ7q6672A6duBf6Js1BLAYxDJ9xvTISdsueAnaFOX+KeRCTUnCgH
HqNHnWEYDhQUTNIdqQXe33Yzf7/HLwIeD1y7QgnoMj3y30lPKFfZbRVuj/9xrpmO
Hf7LZzxTiK93fmuepNotQBp3gq3P4oLdzGa7NQVs5G3BCqeX7mDqq8UurYYj+wXd
BpKoLTGZmctjJjd2lFuNdQRduwP5yq99mTxonZ+GKzWtP5SkH6KEad0zamdaD6pl
uTlBA754mTbLAzZMtsxBviGw8Ek8gD/IL1LZmd3uBIwZlc6vvjxSGHSJgtGPEs9p
V6nV6Eny5ZRm6sAoanYnzTuq+9uC2QbLdf3tyTOlkeABKsbAe0x457sQJZSptFuY
pQ7Ipfih0v3kCyk8qC52QcErrn2Lz6gVCd74pJO6isPPezbe+BOEUjaKREpxr2be
Hv1wBT5zYYOlKNQ4gGlkCzMwnOJIR938JywRwRObbc5lWIGoERRpGB4aebdCA7rF
GrhamIGL8xmYUStlbVkbHg0IdY1rh0IRXfg05GhubbspqXPSrznPNjKothPsOEvq
VIu/VrQSSg9F5OKGTSndPoYiajQzOc/BzH3jlu1MFWLk9SA7uLzzg5YJlogUT9n1
uNehTf6J5ARzvfSAxsiDgcQKFXu9MAiFus9sGGy0f88rslW20qbw0snjnjLQHilQ
xbuM8wh7jdbYxFqH8qBMUS1N4dusDBlOEKPgcBoBrHw7V+yK7XXr7JKWbTahjeOR
aUbf1knWDVA32HvM5slCpATQAYxSUmfjadM4OkHAs4fbDwzk/Z9ojronADCyahS8
6xypStx5FkEOmEq7m/rUBSX6fcBNIeU6VzIu+KBigowCRKOd565NLlRMLWut2tuS
JlbfsLka1WEHqzlL8i1/MWW4Li0E3uha93m+5IgJ6TIjqh4zeJ70Spr6OM0gsKs8
SFWtvRN8Wz7//krq+17pgtNnmqUSn42nmxCXrLPIVvJokgEx5clBKvHbt3F1NCx0
UROlc6GSscG0+N4ZyBhyZw6qeclGadxnpaDabhlcnRfvqOWu8pLPT+kxh3lCnA4H
uu8PIlBSnk0HKoRpogNB5VrZz9NaLD3JsdnGO5ZGL/SaB4Gt++cPiCLQHlmhwZn0
TsZglWo4NafVGLOzna23MWbXkuEddFEHdNgvICfCXA7nxNCkgxWgqkSJyb+vTxiw
3Dbxak2f7t39ksHXVwImQaxYfW8QgrNG/jD/1uXiBos1ldTlGOlMN71fpWMHK9Hd
RgG83K1o2dJq+jZhjqakWiHftRMEG6jgtUalpR775qL2LIn0IekVmReOtRhUdCvA
KvHtty3OdRWapKa7WzX8B2GpzTIpXCtWXH5+gTEHxFBXuDRfB9VOVZyt3yiOtvj4
19TNatCIJ23Szujv4B9WpPE9tsxJGWdOl/tWGHM0SHc3RCfInS6X7y0psM2aAVkD
JToN/qb4wGSNPTVZaAp1Ook+tS6S2vOqEDD4yypSC5nTlNgJ32XQ6TycJQgTzd9H
I9JqtQRyaT4iXpuKmJ1HVWKdpDucZM/eHpj5Jw7cl2mVi1hOZo8uaxoJKS6E6QWb
M1GupNOSa6qQjhTwKhtZDDM72BHpDR7nOJSk3R1b0x0kP6I9sFoicbgACv16585n
OBaBpERtAGiM4ceCstETF0neQ+uT6TE4DclkyC+RCTyS+Hk+2s5miB6MlJvaav60
lHCgs21bpBDuymiuWVpjyQ6iqdLDpqZTGPEIwMkoEs5yx37UbjQwsR+UT9Z5ymoG
qMjovLHHJ168AwwYTi/Xaw==
C.1.4.1. S/MIME Encrypted and Signed Over a Simple Message, No Header Protection, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIILPQYJKoZIhvcNAQcCoIILLjCCCyoCAQExDTALBglghkgBZQMEAgEwggFmBgkq
hkiG9w0BBwGgggFXBIIBU01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtZW5jLXNpZ25lZA0K
bWVzc2FnZS4NCg0KVGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01J
TUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNp
Z25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4NCm1lc3NhZ2Uu
IEl0IHVzZXMgbm8gaGVhZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFs
aWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5C
VIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNV
BAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4
WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMO
QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa
lSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHy
A5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflH
UjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn
9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K
7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksC
AWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAE
EDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBs
ZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYE
FKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYa
ZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPk
fXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS
7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy6
6K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0
mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK8
0lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCC
AregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZ
bJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZla
V5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD
9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjec
F1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSe
wbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwG
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P
AQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSME
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4mi
NqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c28
4VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKh
DbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjP
Qg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9
E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fg
KieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUD
BAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MjEwMjIwMTUwMzAyWjAvBgkqhkiG9w0BCQQxIgQgOaIo9gniTGpem1eCbfouobxm
u5PauFDZN8OH0+72cWIwDQYJKoZIhvcNAQEBBQAEggEArVib6i8eMz5lcmH/qXhd
zEse7v9OwST2+Ive0hbZuj/qNb2B1jkkWMClfmEpAITBM/p2yEp+iyOIwVynRvG4
GDAqLMHlCjS+az81u2PkmTtoD6P2ZEZvDVpmWBs/kiE1oY3UZApfpUArmxsYWBHw
HiQGvONhDOMtUYY8Ixjf79EaljGVsTn1MLG3iVKihDEqnX/4vOgiUzGScRT6xOeJ
FgDZI5FwmC9zItIxEZuWMCKYYGTPKcVv8OI9H3ygJoY+VjaT4U20UIOBaOL0zKzN
IKP9PZ9Bes1LnPsAmB/LrB+ZYDpVXlthPnHimsuieo/aLxwG7RR37+JVU/genEU3
AQ==
C.1.4.2. S/MIME Encrypted and Signed Over a Simple Message, No Header Protection, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses no header protection.

--
Alice
alice@smime.example

C.1.5. No Cryptographic Protections Over a Complex Message

This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.

It has the following structure:

└┬╴multipart/mixed 1402 bytes
 ├┬╴multipart/alternative 794 bytes
 │├─╴text/plain 206 bytes
 │└─╴text/html 304 bytes
 └─╴image/png inline 232 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="e68"
Subject: no-crypto-complex
Message-ID: <no-crypto-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500
User-Agent: Sample MUA Version 1.0

--e68
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="f70"

--f70
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
no-crypto-complex
message.

This message uses no cryptographic protection at all.  Its body
is a multipart/alternative message with an inline image/png
attachment.

--
Alice
alice@smime.example
--f70
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>no-crypto-complex</b>
message.</p>
<p>This message uses no cryptographic protection at all.  Its body
is a multipart/alternative message with an inline image/png
attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--f70--

--e68
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--e68--

C.1.6. S/MIME Signed-only signedData Over a Complex Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5253 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1288 bytes
  ├┬╴multipart/alternative 882 bytes
  │├─╴text/plain 260 bytes
  │└─╴text/html 355 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500
User-Agent: Sample MUA Version 1.0

MIIPIwYJKoZIhvcNAQcCoIIPFDCCDxACAQExDTALBglghkgBZQMEAgEwggVMBgkq
hkiG9w0BBwGgggU9BIIFOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjUzMyINCg0KLS01MzMNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjkzMSINCg0KLS05MzENCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p
bWUtb25lLXBhcnQtY29tcGxleA0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25l
ZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRo
ZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdp
dGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQgdXNlcyBubyBo
ZWFkZXIgcHJvdGVjdGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhh
bXBsZQ0KLS05MzENCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1
cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVu
Y29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVh
ZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1vbmUtcGFydC1jb21w
bGV4PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkg
Uy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXls
b2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBp
bmxpbmUNCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIG5vIGhlYWRlciBw
cm90ZWN0aW9uLjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBz
bWltZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tOTMxLS0NCg0K
LS01MzMNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVy
LUVuY29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0K
DQppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFB
QUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95
d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1w
TDJqbzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldS
V00vdWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0K
LS01MzMtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV
fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK
tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M
RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0
LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw
fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu
OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3
QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo
7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95
0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW
Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC
n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9
COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw
HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAx
MDJaMC8GCSqGSIb3DQEJBDEiBCDw/DGldVr1aM/U2iIYH8C6YHSKLUihv8FIEUZC
JPECvDANBgkqhkiG9w0BAQEFAASCAQA/sn8ReNdvJH8O3Ejzs7eF6tBy6DYD5dFE
aLVxB6o3G6qHcupmwvHvL6zouALUoh+zkYRxuWNcPQGfbUqXoAC2cQ6ejwtz3Qnm
4L6amZZQC3NnwFfytOrIvGrMdT1M/39igmep2ZUq9BQS7vq0mYQzSgkGm148yOfI
QDeuJZGcw1EcFZuFUZPX4J9kvUu5twvDQoPnTitPVGJ9C2lB6PRkYjKW7JAmNtBL
qRbwZbtOjbrhAszzkRG5P8jR+35FIkG6abSF8hwYix0fJokUn3YnU7G6pRM7DSGg
S9MtDUy34GTkdUQ7OXFlLa5kpQfUFBbQ5qflKUvIrBsYX6qjWAVs
C.1.6.1. S/MIME Signed-only signedData Over a Complex Message, No Header Protection, Unwrapped

The S/MIME signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="533"

--533
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="931"

--931
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-one-part-complex
message.

This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a multipart/alternative message with an inline
image/png attachment. It uses no header protection.

--
Alice
alice@smime.example
--931
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-one-part-complex</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a multipart/alternative message with an inline
image/png attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--931--

--533
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--533--

C.1.7. S/MIME Signed-only multipart/signed Over a Complex Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 5230 bytes
 ├┬╴multipart/mixed 1344 bytes
 │├┬╴multipart/alternative 938 bytes
 ││├─╴text/plain 278 bytes
 ││└─╴text/html 376 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="4e5";
 micalg="sha-256"
Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500
User-Agent: Sample MUA Version 1.0

--4e5
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0be"

--0be
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="cb6"

--cb6
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-multipart-complex
message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.

--
Alice
alice@smime.example
--cb6
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-multipart-complex</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--cb6--

--0be
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--0be--

--4e5
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCDQTcb+2QaMhBSlslOnLpojyHSnq4gNzFYU45gwqAHj
7jANBgkqhkiG9w0BAQEFAASCAQCYM1/HD0Ka4aZwwLS4xMGoyFzGn5G2C3ph0jKS
mCVbpfAxeHnsnuFjdCYzgN/mdBCOQs4P2/rBGWy3DpDHnKdaB+Q2/IZmI1UgyRTM
oclbWWQfTLX1BuI/mJKqHBhJn0y17UXCUAnvSoYGFhjmqTQStR3k4PsdJod78pEa
9+Yx6lBGVyznuhHaGuB7lh/S9pxAYtoJFUuIVq+frSN5xhmisPXluFHC3UPu3Hyb
3w6gm+bTL4NDNWwXXSn5wfm9Ru05b3eAEv9pADPZ2TKZPxzrfe4wPNzArgYwdn3k
6NdLvgw4mZmSSiOyOlfKo3cgo4rZuN6CeLCgqZ0GjIJS43v+

--4e5--

C.1.8. S/MIME Encrypted and Signed Over a Complex Message, No Header Protection

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8710 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5434 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1358 bytes
   ├┬╴multipart/alternative 952 bytes
   │├─╴text/plain 296 bytes
   │└─╴text/html 391 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed-complex
Message-ID: <smime-enc-signed-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500
User-Agent: Sample MUA Version 1.0

MIIZHAYJKoZIhvcNAQcDoIIZDTCCGQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB+h41dWWKj0UhPNy7TcldhXjjhstnd0rkKE
324mh3jHlxfX+1jgPO+ZrGAbGuQ0NWlKGeQPuZBYScW7TrG10aK+h+E2hEkjDGOU
jR/LN+V+TqN+TV8lv93c2KnDBZccGf02m1xP2U9qePKqNJVyR8oKC/iOTc66b1iL
AefLAvS2tqIv+faKbsvRC6OZSO1EoESKuJFiUyfNcnjTTgcPk3rkU5mbxktlezA1
qKEGFaP1btBdNFR1apYVbLG5iMPN/pEoGMsVdUK96ZjlttVoqkjP5/6iluN0lTPu
9atUJzQfgTC5qpHY/dkpZ6FSqcfXwQaY7t3Wbwe8URabzte30EEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEeb00vJH2UhWW4E2Ws6vLqk0
R4YsrHEvzZ6sxwHBy3MabpBBnC7kNpGzf9HIZpna3f/vAAaxrVgnNkK2AjHtIeW1
kpKP1plgo6jSWhC3XDIWDRN6JDYfDIdJM6TMWChuVxqV0i/Qbtmi3DN9f0R1tcGN
jC5NSbntfSe6NBHgIrSB2wgSp1F9jwjsQsy2QnH1bXZSsuKWgOb5F/5Bq5wPGtbT
m1lqw+RXC+b+CLPUUnLt3GYPXwq7apVCYZKyP6xGjepQ/+eYUKgcmRqtaTQqa852
4TXnr5ddNDaTaZ4NYNMNTGFfjPFErxOXZSCYQnRmrzsgLVdf8Z0zE+rSL9r7WTCC
Fe4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIbYUldN9TCKXpVFn9VKefiAghXA
SlSPlQPaW+bBtGdgA93FoSoDRp+08wkZUwmYo3MXPh+neaSFw0M2ESJ/4WctXxyX
XGFnDqDyYtZeaXShLEDkILvYMPryqwWE+hdM7b4IPRdQ0I34mFnxbQp42gBtrCAy
Rqv1ywdId8cXkIWlrQpqT1i5DacPHZsjaKse9tM7JhzsYOfgGfEpb7K27dGKB6zn
jS6Er0MFnqzsiy9B6kd4jnnCcEx2YDEQGNsCNi6+xa2iH2xi685L6NLCBw0aNs+A
03r5ktIShK6/uORMUuHSIoLCTgADPByiGeV+1Q9x4yEs/mnzSevz+XDmtzPqh7oE
57DuKjJT3cxdo+mNcrCMHXCNIBk3LevgPWZzk/B31fvETMhk+xFgHmSy5wFP8bub
KsTHB3+cBtEI9bM5IJIavCT9mzs9L8jbxUoga74sr4G0hG6GGopV+6Q8QxRSnYpr
/XAdba8ICcLo/o1wb5hlDQQfQK4lGZMPhNHg4E26yPY3hI6fYi7yexDoNUrxO6lq
tae6YOl2QxNPVdZjuwp4B6JRpB4O+0mNKD1K4vXOm5c1LGZHo852MUTo3g2xFPwy
z+nLFORzVuGk98zQqGpAkw+S4K3KwQH9SufjgrKYrRbU4m88SPFRhk/y9vqvboSB
Kd42Q+Bl4UJCQDcGnEHLDmg3MfW2t+yGFmVrGO5FFPZdiyw63W04umwn0mdDvhvj
QuTS6fhXwIJjWhGhM92Ho63oZ2qPcu2alWnYWsQe2Qel1jh8vYodPFO17lrqKRVU
5boKPaBFfNVnUEl6IdRbe6sRylf4N4WI6Slk/e3mPeromY4ZSfqKxC08yAe4ipRt
XpsNcS5ekRn65ZJYCK4g28hcQ6l8ywSn8FBLveG8bI6k2XNSe12I1vj7Jn29cQYc
VKA6VU0X180T2wdIjWrM93h1NyyMJihPMN9VhspwOOt4NJceG0lg9wNpoRvsJWmp
iculWP+Je7zyWN/5rMGPKnhzELeTNHs+ltE0Hyo8brDLpOb+sLa1qclr5PPdFV8p
U4KJpXurk2UCqqRb4kIvVEH8uvEidw3umloG86YadXf+CMjgGJmFvHlKumPKb8x7
WPd6EbY9+5fIzsfaD7auyMdPp2JOIjllmE/9hCqnloMr6Il/aki37nI3OC9dHKMi
f2M21m0rMSu5y9t3IHF/26RC++g0uTJ4P+Tti5CylA0ndclTssDTQsFoUj3z6NVZ
pUyPPwj/r3Rkh7T++oRjxiixyfEeDZ6RdcuuYZrZ/VGc2MxlevmkD4tsoFbDlpoy
QD/JdOC5hn1hWrRm38MwGxIY49edLQjZdLjXSCybohjyIsjjE5jC4YVUGrrojgmA
KsFJJToDwena8rSiiMILYOnbsc0M7VBu20eCtlL0580VcNlbSiqWyFUJApPg4IYn
yAoNlTkWq73M19wqvczNLOQoKeGQXpSQrG12gh7N3JdPJHj5c2YqmTCm7Si44FF7
uOOdADQc/DSF8eolM6D4GIU7gwDkCpcLAJK42jBUTvgIgjWwZ6F8uI1IfD2ZrjOa
I7gAVB3dkO4M8mZYUcN5KDWMZOpcxJbBS5iq/Kupxyf/zTwwwZFpXOv10bpaInXm
DDUwqkxAoGFDnXt1XDVQmHxmodVSGIaNONzXajpufgcjyZDWBz6PjO5pR0+Oeihb
X2TvmrqNo9RXm9/Vuq5RefXOUgGuqlqEncu4wEZQBIfu4pNSBcA+V9Si41VIT8Q8
Z4iyKHwe2Bv9b5limtsuKNAPSDlgBKFG4anPvuhyvHlVbzIS2aPjtLmXa5o55+RP
C907Q6ZddTLvlTv72HrCVN79z2Q6Z4dgsv3X/vqzKN9nVUa1XhqvdX8XAGSfcMM8
ZsGuSsG5osigSdJQbs4D2ugekkuI8xyI3z4NqDWVIUAD1oS8c9nI8GZZ8xYy0rMB
a/GM0vQFdWh1NdvWutP9xV4qBOoIp1go6nmXCrkNqsdb/gDCqwv1vl/b/csc+pbs
+WMzqklb9djIbJAP+eFNsbXJ/2IJXmKJ/wiUIAauoc2MXi5pZsPaKt1GoWR0jMhM
PU8NWoj2BnUodB3QrcqcHd4DpHyBWV1Mmrs6luNy2MldgkrRBSJshUCI9RFhZdri
81xERWWUw0MM1iMk91loWWDc3ERsfPJXMUG9b+ejAH5wnWBFaE8Ds2KcYnAvvDL2
7XtdbHb1E3PaiFJqxHnmI1Ww9hGZLkPvD7K1W0BNbIPWECrTZKgpPOQG0i6noaHh
PpDVpaRRtS5utXKI/cb4cNCuUO8F12LSOPzhHTAmeSLfPsxAJioX7sAGjyZ4TqKG
+uxm7REOIt3fjkIAovaUzzXHJ1nAeuMRT7xkGceTBOIH4OlS7305M894WpAOv3Qs
PxVsS6psJGXnNNkRm1tNJ9AP6k+33OfE0p0uIuHgzTCyNznKsDxmimojghtFMLhC
Uh+W2n4zErMRkRiMbhqOaUJKM4m+IkMBfm8vyf4003U3wkzpG5I8awliOl0s0Xv2
QMxEDtan9glYDSR1vScrSbVLnwYA0dSpW9z3VygLPywCcEKgNQUVw5Q+OSd5SWpe
/peAWHdPlkwhVFJLmFnN+ruFmO22UGTGe93UPlaLP9nqOyZYt/GVSmp8uvadzjh7
rJ32/0IVKjLGBH2jPhK9XBBBIex/CMk/OCYD4gEKdGJYiA7v85CoWOTL7qGI9hHs
x9rEaC1lP8Twf6h7fjEIbKQtevtWRgSWd5zasQOCfWazTAce6e9Mdhl1JTZRO06q
5JAkgJ1fZFeE6OpKJpbEFSiAQSnLZJnbW/xiQfFJRZGv2zdQZB5+tLD8B6TywABs
hh/D5qPf4VAoYjADbFcJ5zjxzcbconCJiijx/HGKNCmzkK94v7gk8BRJtSW6Zkcv
knagto7UX8M29JUHjFj60YyPjvVEX5x8+NMM3jifFJY45zjDPeO1mLfNzWipt6XB
2hSJEQHx4txyedJEB9Rvx6wglCLCWZPbIy2PBAhf/k7mkHRBOho8OhN6JWSNtVPK
uMx+nmKsY5Q61e6H/ab+pObDA+dEL1p0IqS41FmYPsAazDvkp6ktS8GkTePLHUjp
n/QENZLiv82rw7ytIV/GQSbdtILexHfQNSsVZDsKDHGzZWkJ811c7wglnbLMAACl
1IvUii07bQ1MGTOzzDEINULLnSh2ia4eU9ps+wqjoqI5RbtYCjBv7l5sZWuXuXFy
+IlAx/wvKDfxRZyFmQf9TrBiMcmn8cbLt0OdtprbH386HAEs6AzOmsL4FjH0hmYf
YU+dHfouhf1AvV1eSKCLnJk8kKrhSti0Ic2UaW+0svDe1AdQmsMwHe1623AyXyzq
jHplRG9fqGHhvX1GAtZ9hhS1SvRg4w3c6ncMxxUNT3zf4xp2zPUzRXww61f4Q1HD
RyYgeMEdbAJD1r+yRlcB6KbHy02nD1NCKEDuqNRBnWO5sSrI+HTlJ2wD7kW48NIq
3/GbXl+QtTzJDkqK7obVcoXka1Ku+uNEwcg+HpEFcocmDe3RMDeePeUIhmamrXrI
LvLHi+sRMe2tzuXPYmaJKA6iA3cE+ZlnRFL2MpxYHepy/HKAJOzdM/rBPh8UARN7
iQNQiLb8x33waJmFlOX/0ucmGSK6wIS3Y/9U2+qVeHAOOXnYEHSov7mU3SGTbCDs
vKtYASZKBn8GidZMfCxLXFmbo7RUfTZuIAkgx5U9NAsNOtchPVzyVdg8/CTUGArJ
ullWg1nfiZ1cj5cMhEd+xx8hZN5qgGMk/2StNWnaMqIg1rLWbEockge7BSTcP4cR
QbMF+R+e4w899KTgPCcHfyocxG42CZvoha/i1UVHLhmBWVIMZsYWKq86GpZODImk
OR0lTyGtfgKU31jfNEjoZvXgydNjETQHRjReMnwvI4LTW7cJSTGkxEgWargQsmXr
u5wpU1yuWrW59drUt6a2iUYQh8+m0labe4AWNMcPhQ7psOH75vzaHkL3WT5vYTQy
B6BSrfbLDgKgiQDd/ZVqoCif+3hXGkVyifeB6Ep0R8EayeOyzEzRImDxwO9Yw/wW
X1r0utyaCprv6RcAbqHLjr2via9k/+V7d33hypdomQZTtzz5n6aFoA/1xzLGMilx
Jo3rnDRAz+grqQzheXgqz+r/0BRUV3X5RSaWqljcVOag/lO3dagYivzwxmeCdwu1
Z4WYjUjTqSowz/LDcU1NXz+qtXqOTVD+j9dgxzNwLUvQc9OoZK0GoCxnx4sZ7oL3
bnrpfPrpFBH3Q++CPlfwKUrkgkhhQgLVA0uGqBUz5NgkjGmtLt0vDyhLT83zVpiv
zy6FNh5FddtT2s7XYhJ3JY4Ar/Z60uIyKgsmPM/mrx7dhECRa3K1LcC+TDKH5HSD
Bg54oBMH2BzW0OR5A5fp/E2z7rEVnw/SXRGQhr8iih+6qQPw69x8PHs8Zm3ge1lu
Pj5sF4Jl3WdfF20QfAWwWxSfSMf5XhcrR85+s/e6ML/ymkazaje25JqvEHKqQT1G
hKaRPA3jXqB3v6LCOeCwiAO65dxBQLd8babH4uqkDZU7cyipK2/eutD29FP7zCMM
P5ZMhKIIXWUQta5iE6ngUfU5/UhE9NXTKuJBVuUZkWvwkr/7QA9k29Mr7dvuQcwR
KtENe0L5Z9LNJTLw/IufQQtYd2dc4qosUZhkEi7egyTs4S2dlNT5W19O5dR78ojX
7ECgMYTXhSlK08n+B7AsDlzsWgWSKh9YpQb4OgCBhvqd5YC7BUzAa+iK8ALe+456
xvl0TsUBaxf9fBE9Rg7xRoYCceGPCq5lY4rBShzZcWy6Eia5EBhcTR+KsjRMpqT/
+IdIBte67uTrJAy/vj0t9lPRSn4jcFQyMfeMLgTo3udQm8A+TqZcSf4YgMWfZxSf
+4Ze18Uq2y9/InMewe4T0Emvq+CNM8v7MmRme6byLzLrmyDHBwoCuq/PUH65QzAp
gNb1DANrH7HyiM0fLeQJt4yRLQwsV0E5Wf4sgTi4FqZAVoHvDoNdrYtfqfGtTHRc
h3uPzYg56TChUxkYx5x5G5KJDupcE7guyUFJmZcIYY2oSii0tc2IEWPUrUX5MCpR
PeSdqYQYR1CNG6IlxhVPBuIeXAcAIUA4QEXugwPaBmNFAJG9ji9hEi91q+dtFPmL
8/8Wt9D8/JvMGpIVmJuQniTW/Nk2dFTU+4C2TS4ZmHAIJG4TTjMQCMD4yOf3z5wr
C3BJea2t1fyCsurOLIlSyEDwRYmKlQ2z4L/7IvixiclNIWkI246/uY+D2DU0p381
Q2BwYfhj6q/yqLH9SJ6PEur7zFAW6D35ESjTU4uTwIF88+wbLfKVYig5WlEvyS9U
STaCakbA3ADJUIq2rNzy+aRvvUapwkS0Dg9kMjjwXXKWyMyjZ9DhMa09+kZgpUPY
P/5c68hN2JvIES1rL3SNdhZYRQ8ExLPSorQuN6gRlse63QAk9FQ/rukniVzyqvC0
jkqA3AC7yLMLCl94bAVmYjoVJOhqqlmSB5yO2s6lHwLFITpotlvZjwVtFheXKH/h
a/qSnIaeZoY+7Q/WCC6sRQLCMRzw4GogVF783pCy8I1HxlAr/kbEjFFzbUjUd36D
8fEiCrwcQDqE8Ls9lFxNTwcA9UIZ/K1w2rCJcNbIOGtv9OxSCMqRCYfC20ZSZdpt
EilDeHLMkeIgBcU47WVxIkcKM7wovhtFpFttEQ1GnnKCVIsiUIhIqlPSeyoqo2Pf
Clh3O3K4Umz3iBe5SHU5SQG3kjuBRqMObMW/7Z/O2S7bTuNe9eQc8MwwCyltoPci
ZePFx34jj1vz1OpsPhx7BkG3DfmuqMygfIH5bnqGqWYUl3HZxUXOm8c0FZmah0Gj
FziGno6VnxZwwrjMTIeEg5b26U1g+O6ylSgW/k/2t8p4KFpgIIhoyGkzBOWrAiMP
3ryOfn3jxL3gejALeJz4yMD4fekqXiLvJutB034Up0mmPOMct6Y6UfQ1UBPOyTrl
1xSuIoZH1b9QqHWHcD5/o4G5CoxuaoUgLyCn8T9MCSRjzoyj3jms2uSaX6qY4nEQ
WzQQgZvRRFDZrGsD36mTw1VZkWU9eOjosrX1PRMy1LtZrGdhrlsO13YTtwKVFdqt
go6Slis4SSePeqD7N32iXfKvtJUYjBEwHNjoYY+mUegw5J9a5dxLeRKp0rK/Rh70
3MOD8X0S+nH7H8x6UPhq8coToILCPlG7I6TgoLGMmlMPhjMbx6WWl42lQ1ZDs3Yg
vPAtgjJyCkVLPUUV0RIsBlUgVybyAyjjgkxnIfJSq2u0gcxRb7R+qfwtVID6MVhB
PjptmOBSFznWQSbUhkdxRM5NTkWY4waoVUo+6ZWysrSC9jZyAe08xlSNpSVWDDI9
ntwid+3FbPwgoxi2oh0S2YmkG68moL6dodA9iCtCgR8j4xuOWqUyTZ2PR66H27d0
Uhh8qiYiIrHvZL3LTJX9/dtXGmXVqDuvw1Qg/afaEBRJbmdmOqgC23WC2jnJc55u
hCbJ4XO135209agOCaJ0I9Xtfp3n4Thxrs+8HmTpciMuSTCy9kZf79ygHJ0uHQ6m
ZkG5rXMwzy4GJ4ABSb3nPxN57gxOjDx/ClD1eXX8vLmQCsK4b7bsUicSzN0wXoAL
B2xkuJ9KxZljry/LrchOjFPpz7dQG4FpbOP1unPx80Qt2dSMsTfIqE9b3jJef4z6
ai0GAowgJElKM9teaDPsBOqazxS2Wv3qcomeRU6B5kXaW5/bgVlAqtWBvyxBIwxw
2v8eyIM64X8ceuPBZMR2h/yOGkTJRO8l8g0UjJmrX4h85m+RwUjrWzhLtqbzX294
31Pal8ZdWkAhZvruL5lxiLd0et/BvVy09WRfSgf5Ql7BFXVDluUyQMsQrPyc7XTQ
r68tizRQRSxec/YNyaAU5qvssrVbOHsq6YVid1UeqC/njaPjiyy5QWmmKjnkeBS9
Jsc/cK20r3Zr5jYGj/+Js1/9zqipVovX/FxdUZREcKQbKF3gErlPPLxAcLSzW8m2
S9wJAqdh4sHMpylYzRdPG6+gtSgnA2nt1sUQVBejfWyPq+FpfvFyc5w1pKL/wxcL
R8FeXnbLPDLrmTa5UcYLSc3JgVM/QM0BphYR5FTs8NE/9C9uooEWXw82i8WbEvD4
ZCmWzC4EncwP+Hgkm8hA2uxyAcTLhKKDR8ieeWgrhqkIHoLiYezdqcgGmbkwhZBD
GkwmxgpewTfeA21Jy9ZE976x7RJU2oKIvqrq+ZSR8TiOBHUNOPshZz9b7U74vGmc
Ujnyji/k2dOd1jsDiDjS9QOjXujcSqymdXR3K8+ITb4q3aZXkaPujizDxKPEVXLw
/DojhCEotKw9LvRVqDuN85Q4K7bZcM9qzceFyPQGclO/Humwfv7k9Uq8B566QMOU
JV5pkSYVuHuqivMGkB32plP6wvYabp0Ez6BUzg84A97nfPY4a9EWv3b7kv5ZJs+q
C.1.8.1. S/MIME Encrypted and Signed Over a Complex Message, No Header Protection, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIPawYJKoZIhvcNAQcCoIIPXDCCD1gCAQExDTALBglghkgBZQMEAgEwggWUBgkq
hkiG9w0BBwGgggWFBIIFgU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImFjZCINCg0KLS1hY2QNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9ImIwOCINCg0KLS1iMDgNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p
bWUtZW5jLXNpZ25lZC1jb21wbGV4DQptZXNzYWdlLg0KDQpUaGlzIGlzIGFuIGVu
Y3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0K
ZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlz
IGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l
IGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyBubyBoZWFkZXIgcHJvdGVj
dGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KLS1iMDgN
CkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1J
TUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0
DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxw
PlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1lbmMtc2lnbmVkLWNvbXBsZXg8L2I+DQpt
ZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWduZWQg
Uy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3Vu
ZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVy
bmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2ht
ZW50LiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLjwvcD4NCjxwPjx0dD4t
LSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5leGFtcGxlPC90dD48L3A+PC9i
b2R5PjwvaHRtbD4NCi0tYjA4LS0NCg0KLS1hY2QNCkNvbnRlbnQtVHlwZTogaW1h
Z2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQNCkNvbnRl
bnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFOU1VoRVVn
QUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdT
NzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0
OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpIa0lo
QWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtERDl4cHBk
OHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS1hY2QtLQ0KoIIHpjCCA88wggK3oAMC
AQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP
MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpM
LcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7Y
OqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF
5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEH
AMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z
5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMB
Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj
ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE
AwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAU
kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKc
FqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN
1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMT
g1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYx
W2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIe
Morj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCv
i9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqG
SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijS
NOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX
4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4D
xMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3Cz
WruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog891
9MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7
AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr
BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQ
ENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3
DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doiz
cGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4
ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf
8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+
Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI
364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phq
zpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAzMDJaMC8GCSqGSIb3DQEJBDEiBCCUt4MY
Pt5UnqJv/nK8ibbNTc2fU+WPIDFsvQOoeAWUuTANBgkqhkiG9w0BAQEFAASCAQBg
sfMYEtCpA3WTfKL1q6ZQI2UipllDq98Jg7SfZxpKjq2gBeqwwBiAHvLrOSvJ/eHV
ox6yqltX5iQKbrRqSk7O7hHpuyKoM3iSyEFrL+Sx0ZW0NbuKo9HJBgN4tQK07OMG
E+KMByy2VT734GAvNcDVHKZH1XANtsglHSGorXNgcyeNXpVcFuUD+9pph9KNXDlj
av9De2P4XNuie3Uissh4AqUHQeL3y8P/DE7c33NAIZsrRl/hQS8JPPn4pozAcrgZ
TLRda9UAZpG7pBQXDvrQ3kZiFPyC0V5vLgUSlYFavZlXKrpTKYVqUw4eb3pANPCf
m/rW/XrgVe1RNMzuK5qo
C.1.8.2. S/MIME Encrypted and Signed Over a Complex Message, No Header Protection, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="acd"

--acd
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b08"

--b08
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.

--
Alice
alice@smime.example
--b08
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--b08--

--acd
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--acd--

C.2. Signed-only Messages

These messages are signed-only, using different schemes of header protection and different S/MIME structure. The use no Header Confidentiality Policy because the hcp is only relevant when a message is encrypted.

C.2.1. S/MIME Signed-only signedData Over a Simple Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4319 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 inline 642 bytes
  └─╴text/plain 228 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-wrapped
Message-ID: <smime-one-part-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:04:02 -0500
User-Agent: Sample MUA Version 1.0

MIIMcAYJKoZIhvcNAQcCoIIMYTCCDF0CAQExDTALBglghkgBZQMEAgEwggKZBgkq
hkiG9w0BBwGgggKKBIIChk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2xlYXIiOyBocC1zY2hlbWU9IndyYXBwZWQi
DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KTUlNRS1WZXJzaW9uOiAx
LjAKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCIKQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdApTdWJqZWN0OiBzbWltZS1vbmUt
cGFydC13cmFwcGVkCk1lc3NhZ2UtSUQ6IDxzbWltZS1vbmUtcGFydC13cmFwcGVk
QGV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAx
MDowNDowMiAtMDUwMApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4w
CgpUaGlzIGlzIHRoZQpzbWltZS1vbmUtcGFydC13cmFwcGVkCm1lc3NhZ2UuCgpU
aGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBz
aWduZWREYXRhLiAgVGhlCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2Uu
IEl0IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2FnZQpoZWFkZXIgcHJvdGVjdGlvbiBz
Y2hlbWUuCgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQqgggemMIIDzzCC
AregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeN
SiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+Ithj
LeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/N
kug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSw
qpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQ
ury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwG
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P
AQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSME
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4
oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIu
s8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2
AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gz
nbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqH
rg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RH
NrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/
T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5G
Otz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnf
itOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjG
sgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/
N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ
45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIc
l64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xii
dfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2
lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh
2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2I
JCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcB
VyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/Qqmi
XDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MDQwMlowLwYJKoZIhvcNAQkEMSIE
IGM0Bb/AGqJ5NJRsFKV2xMzUHlwsjDaM+g+RBZzqCz88MA0GCSqGSIb3DQEBAQUA
BIIBACy007weU8sMT9biCVk7tlLpLIah7tXNxl4sCBB8464hK9kfLdmzankb/HBA
g7WoxFwunFT4i3REIuqBUrDFBs1+aFUp/C3htaOgnmrLCaqfAgjEgVo4FnpfoJRb
4AbiNv696+tQwPhfyrcwiTDEaNgrv4sR+faCsWvnz8HFMwW1ILt+fdc3jWkaYHQN
GtRCL0oFQ5BJ7tBGJYq8g0dXk5i9MA4iTz+U4TUiDIwXgOrrvPCMz9IPz0fQcGLy
Dox+z+yYFvw2TwFR4ZT35ynyP+l/JJIWYu6aSlNwXPQ7ZBrEDR1wTCjqCbPazqDH
xtYLYzVCSVyoW9icq1+0b8XiY/4=
C.2.1.1. S/MIME Signed-only signedData Over a Simple Message, Wrapped Message, Unwrapped

The S/MIME signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="clear"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-one-part-wrapped
Message-ID: <smime-one-part-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:04:02 -0500
User-Agent: Sample MUA Version 1.0

This is the
smime-one-part-wrapped
message.

This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a text/plain message. It uses the Wrapped Message
header protection scheme.

--
Alice
alice@smime.example

C.2.2. S/MIME Signed-only multipart/signed Over a Simple Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 4558 bytes
 ├┬╴message/rfc822 inline 672 bytes
 │└─╴text/plain 256 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="353";
 micalg="sha-256"
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0

--353
MIME-Version: 1.0
Content-Type: message/rfc822; hp="clear"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0

This is the
smime-multipart-wrapped
message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses the Wrapped Message header protection scheme.

--
Alice
alice@smime.example

--353
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa
MC8GCSqGSIb3DQEJBDEiBCCpj3Xd0qosB54D5xd/VDcMmmcfDfTDeou5u88ZPjHl
XTANBgkqhkiG9w0BAQEFAASCAQB1cQA+hSutghUjwp6xoMsPpdb0QTOm6f6gG2kJ
UDCcMhtCAUR6udXrWzZTM9h0SJgXEFET5K5uVpSedJOlKvhYfTrmvLixfdoO+3Ny
gX0NwAnUb5iCm+9Irud37UOa4ghlt2HnxY/brdnnctCSAkEjK+ecolnIJhrg6xp4
UPbYqZdG4E172HCcT+esM/5J4NvnvupQn6qDwr5O0rfjvIJw57OApwa9FnX0znK7
AZ9ikQkW6XTyeiYO0NdOjvBqCazaGUiDthCdsLG3cZSEqMc3OqNVxi5cEBrBSzMj
3pYjjSybBptlrvEvZIe8n9Roxzb8vG0CbdlpcDsCDMB9E3nh

--353--

C.2.3. S/MIME Signed-only signedData Over a Simple Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4217 bytes
 ⇩ (unwraps to)
 └─╴text/plain 241 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-injected
Message-ID: <smime-one-part-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0

MIIMJAYJKoZIhvcNAQcCoIIMFTCCDBECAQExDTALBglghkgBZQMEAgEwggJNBgkq
hkiG9w0BBwGgggI+BIICOk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl
Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGV4YW1w
bGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2Ig
PGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDow
NjowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0K
Q29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCI7IGhwPSJj
bGVhciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLW9uZS1wYXJ0LWluamVjdGVkDQpt
ZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ug
dmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9w
bGFpbiBtZXNzYWdlLiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzDQpoZWFk
ZXIgcHJvdGVjdGlvbiBzY2hlbWUuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1l
LmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0
MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92
ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/o
AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV
z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB
BV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZ
KGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU
l/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Y
j7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCG
SAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUE
DDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIAp
FXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0G
CSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7
SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmd
zEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj
9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal
8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7s
rjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgIT
N0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7Aj
aO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPv
edDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGm
Fk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnH
wp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvb
vQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbA
MB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+
CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FM
X8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x
1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpM
z9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa
/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzU
szZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFN
UFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJ
KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUw
NjAyWjAvBgkqhkiG9w0BCQQxIgQgv3UJkDYplWRye8usQovVEnIaeF5+LEs04bQt
pwFmCGowDQYJKoZIhvcNAQEBBQAEggEAN0wwwoWtTq57uPIBWpM9jqTolZyCgy1F
e0vk5JV3XV2JtY3zGvjTjsaVD4X7vzst7fgkib5e0BwS1tQD1xYw7bdtSU2Qn8xd
4eoQta+IlxnQ/PGZ9zb8bSTwnyOmy0kZlgRUnVGc15yRkZ3DPv18PjjMwfD57PnD
rfzm7j++1KGFPmV4VPPcq1xixvt1bNjreNZSqje+612Nf4IrBQTDHK2gzFMV4+w/
nhGVToOoJvDpJUvA9P0XgJOOS297/bkhMrPm7VgMxDo9aWPwzOkrd9OeQuHXA91o
+n4x2V8fg9DJNl8Lw/25kjE9ykdBuXb89ySLTjAchmoAR4Ai81hOgA==
C.2.3.1. S/MIME Signed-only signedData Over a Simple Message, Injected Headers, Unwrapped

The S/MIME signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-one-part-injected
Message-ID: <smime-one-part-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="clear"

This is the
smime-one-part-injected
message.

This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a text/plain message. It uses the Injected Headers
header protection scheme.

--
Alice
alice@smime.example

C.2.4. S/MIME Signed-only multipart/signed Over a Simple Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 4467 bytes
 ├─╴text/plain 258 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="3c5";
 micalg="sha-256"
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0

--3c5
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="clear"

This is the
smime-multipart-injected
message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses the Injected Headers header protection scheme.

--
Alice
alice@smime.example

--3c5
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCDen2rV4PhomRzPEOfsB3NumwAaaP45WBSx22e8VOoX
9zANBgkqhkiG9w0BAQEFAASCAQAz4Xe62DcUakuoRj/F63aOt77yPddjUdnAOnw5
hnEiq3T4Fxopep5HEpR+oe4NpOpMVeNuaByvFeEUeByLyorGcyq7F7kekm8J+fP0
Wv5QMHzsfhd45IynGEp//bW7GweEmIDflrKe7A+yr6bJnLprWEx2mL3aJJgFQoBM
vG83XOfEXnhJA6RN99xBCPXX/1fputWIWNpc7hSCKpoA8BwsjUhFQfIZvh+Q/0Co
Nn4cBlROj+VFAY8Z5tsfOcFzS/8FQr7AEgtoqNIoKAZbyPrLDUIx3TShOWSpyofE
h39VF7jR/go4RDAsgKqLUYFM91CYC7CG0wFoFuRyidiAPhGM

--3c5--

C.2.5. S/MIME Signed-only signedData Over a Complex Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5737 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 inline 1689 bytes
  └┬╴multipart/mixed 1580 bytes
   ├┬╴multipart/alternative 946 bytes
   │├─╴text/plain 282 bytes
   │└─╴text/html 380 bytes
   └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500
User-Agent: Sample MUA Version 1.0

MIIQhwYJKoZIhvcNAQcCoIIQeDCCEHQCAQExDTALBglghkgBZQMEAgEwggawBgkq
hkiG9w0BBwGgggahBIIGnU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2xlYXIiOyBocC1zY2hlbWU9IndyYXBwZWQi
DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KTUlNRS1WZXJzaW9uOiAx
LjAKQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PSIxNjci
ClN1YmplY3Q6IHNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZApNZXNzYWdl
LUlEOiA8c21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkQGV4YW1wbGU+CkZy
b206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxib2JAc21p
bWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDowMiAtMDUw
MApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wCgotLTE2NwpNSU1F
LVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjBlMyIKCi0tMGUzCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFp
bjsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQt
VHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKClRoaXMgaXMgdGhlCnNtaW1lLW9uZS1w
YXJ0LWNvbXBsZXgtd3JhcHBlZAptZXNzYWdlLgoKVGhpcyBpcyBhIHNpZ25lZC1v
bmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQpw
YXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBh
biBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIFdyYXBw
ZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hlbWUuCgotLSAKQWxpY2UK
YWxpY2VAc21pbWUuZXhhbXBsZQotLTBlMwpDb250ZW50LVR5cGU6IHRleHQvaHRt
bDsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQt
VHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp
dGxlPjwvaGVhZD48Ym9keT4KPHA+VGhpcyBpcyB0aGUKPGI+c21pbWUtb25lLXBh
cnQtY29tcGxleC13cmFwcGVkPC9iPgptZXNzYWdlLjwvcD4KPHA+VGhpcyBpcyBh
IHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0
YS4gIFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3Nh
Z2Ugd2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMg
dGhlIFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hlbWUuPC9w
Pgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwv
dHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tMGUzLS0KCi0tMTY3CkNvbnRlbnQtVHlw
ZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NApD
b250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlWQk9SdzBLR2dvQUFBQU5TVWhF
VWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkEKTUFn
UzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6
dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpIa0lo
QWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpCnZkUGYxUVoya0REOXhwcGQ4
d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS0xNjctLQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE3MDQwMlowLwYJKoZIhvcNAQkEMSIEIPE8iIYhg4If
f6iki1+GXBXe8oAq/bjjfGZ+6J5/+p/yMA0GCSqGSIb3DQEBAQUABIIBACFs29h7
F+6794bhGGFlfIzWECoqqRX9jCslzYU1bzGDgN5fbu34RgxzzwzUKP69ySu3kJbr
eZ9V9mH3bt39m49XOlahem6hMOsnmYLHHPxLmlL6u+Hd6dK5LRTSlOyxiNxNRqYA
/2ZT/XXHHueUxxvUe0aWQjw/MJXR6dYxnFmgzExmguWNNY9UDJWzrXk2L7w9lZSi
RRS2215nlsZtnZuTUKZjCeh5LGQOuYy/ja9IrF1/hInWAPOpDrvyDGpFFbCTX4Ea
1hUW+/iD7Zc18y++BAJLG0wpYzloMgBMc5BBpzj4xCTvPacgE5uuZ7ZpVytvc5TK
o31UkQULn4eK38M=
C.2.5.1. S/MIME Signed-only signedData Over a Complex Message, Wrapped Message, Unwrapped

The S/MIME signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="clear"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="167"
Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500
User-Agent: Sample MUA Version 1.0

--167
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0e3"

--0e3
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-one-part-complex-wrapped
message.

This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the Wrapped Message header
protection scheme.

--
Alice
alice@smime.example
--0e3
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-one-part-complex-wrapped</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the Wrapped Message header
protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--0e3--

--167
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--167--

C.2.6. S/MIME Signed-only multipart/signed Over a Complex Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 5649 bytes
 ├┬╴message/rfc822 inline 1747 bytes
 │└┬╴multipart/mixed 1638 bytes
 │ ├┬╴multipart/alternative 1002 bytes
 │ │├─╴text/plain 310 bytes
 │ │└─╴text/html 408 bytes
 │ └─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="fba";
 micalg="sha-256"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0

--fba
MIME-Version: 1.0
Content-Type: message/rfc822; hp="clear"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="66d"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0

--66d
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="409"

--409
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-multipart-complex-wrapped
message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.

--
Alice
alice@smime.example
--409
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-multipart-complex-wrapped</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--409--

--66d
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--66d--

--fba
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
MC8GCSqGSIb3DQEJBDEiBCCvq1PYf6raBZ3V518T9jDOSbNzj5xwnk8Pv+s8DWFa
gTANBgkqhkiG9w0BAQEFAASCAQAA1/GZ7lnKoPvtqOTA8B4WjgroLMdP47t5f+EJ
68yslEAdueFofQ9L8RBpxAa9szhiUVTEMfmFI3jpjVNeVmJQ0ItCPJdKgn5gSjm5
uTEWyTd9NyQdFOxs+Vi//UPQtEMCwxYoMOi+r3Eeq0YoG4Qpsssb2dATnA21Hn++
bLaL0C3RW5las6lbPe5DzqfCZUoLJP+MmjTx9QrfFjrn/Ti3hfA9VhFC6gNQaOwx
mRbmQat+a1CEjDepU6x/fwxO70Hb8dXUvU/3FgbGjAU6AwyPqZQUVbpSgSVbKynA
dKlEs54Pl6X/E2dIbPScCFm5/nmpLymagI92TIt3usU8LH/h

--fba--

C.2.7. S/MIME Signed-only signedData Over a Complex Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5684 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1598 bytes
  ├┬╴multipart/alternative 950 bytes
  │├─╴text/plain 295 bytes
  │└─╴text/html 390 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0

MIIQYQYJKoZIhvcNAQcCoIIQUjCCEE4CAQExDTALBglghkgBZQMEAgEwggaKBgkq
hkiG9w0BBwGgggZ7BIIGd01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBleGFtcGxlPg0KRnJvbTogQWxpY2Ug
PGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBs
ZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MDY6MDIgLTA1MDANClVzZXIt
QWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlwZTogbXVs
dGlwYXJ0L21peGVkOyBib3VuZGFyeT0iOGYzIjsgaHA9ImNsZWFyIg0KDQotLThm
Mw0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2Fs
dGVybmF0aXZlOyBib3VuZGFyeT0iYTIxIg0KDQotLWEyMQ0KQ29udGVudC1UeXBl
OiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjog
MS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMg
dGhlDQpzbWltZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQptZXNzYWdlLg0K
DQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1Mj
NyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVy
bmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUNCmltYWdlL3BuZyBhdHRhY2ht
ZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlcg0KcHJvdGVj
dGlvbiBzY2hlbWUuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUN
Ci0tYTIxDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNj
aWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGlu
ZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJv
ZHk+DQo8cD5UaGlzIGlzIHRoZQ0KPGI+c21pbWUtb25lLXBhcnQtY29tcGxleC1p
bmplY3RlZDwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1v
bmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQ0K
cGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGgg
YW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSW5q
ZWN0ZWQgSGVhZGVycyBoZWFkZXINCnByb3RlY3Rpb24gc2NoZW1lLjwvcD4NCjxw
Pjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5leGFtcGxlPC90dD48
L3A+PC9ib2R5PjwvaHRtbD4NCi0tYTIxLS0NCg0KLS04ZjMNCkNvbnRlbnQtVHlw
ZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQN
CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFO
U1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJB
DQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz
cWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytP
bkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtE
RDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS04ZjMtLQ0KoIIHpjCCA88w
ggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3
jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLY
Yy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dP
zZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5k
sKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5Deo
ULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAM
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJ
eKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30i
LrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc
9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94
M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCq
h64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOU
Rza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnX
MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92
ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2a
f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z
34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4
xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3
vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3
SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCG
SAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUE
DDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYS
HJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0G
CSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sY
onX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3p
dpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqD
IdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9
iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyH
AVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kp
olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA2MDJaMC8GCSqGSIb3DQEJBDEi
BCC4TDBqWfbor78DZQBRpT1G4g6JBSqRKPcg0+lJPpS0rDANBgkqhkiG9w0BAQEF
AASCAQAcgz2I5ySoBfTI4k/i1h05qmHNrRawE8IyHaP7uCDfNqU4InBF1icec7oL
O2IxgWRRK+0jVHgg9ZlFGiE+35nBwKxjDTCkq9NfSeeJGs3rmpxtlS2XL3Co6o5c
X8TKqQp9JJnA78TIonWLMZZlpFFAu/zKxaRAWDhfjctgb8WqMQfwD4FxfylfRNVN
of+xnxr2MWYcmTBdbVnmJNO64hHoM2rWLcFJWVDcGfDmWfXTNbEyPt2S9Mr+2zwk
HvOFSx+b6MAv0O8rc5aeDp7oiP7DWHhtzxtU3g+fRhVpCoh3MjfJX2BNaSACAevX
ZexzJNnpX1G65DfFJxBE4+zSV8Pl
C.2.7.1. S/MIME Signed-only signedData Over a Complex Message, Injected Headers, Unwrapped

The S/MIME signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="8f3"; hp="clear"

--8f3
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="a21"

--a21
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-one-part-complex-injected
message.

This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the Injected Headers header
protection scheme.

--
Alice
alice@smime.example
--a21
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-one-part-complex-injected</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData.  The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the Injected Headers header
protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--a21--

--8f3
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--8f3--

C.2.8. S/MIME Signed-only multipart/signed Over a Complex Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 5560 bytes
 ├┬╴multipart/mixed 1656 bytes
 │├┬╴multipart/alternative 1006 bytes
 ││├─╴text/plain 312 bytes
 ││└─╴text/html 410 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="6a9";
 micalg="sha-256"
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0

--6a9
MIME-Version: 1.0
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="c46"; hp="clear"

--c46
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="d7b"

--d7b
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-multipart-complex-injected
message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.

--
Alice
alice@smime.example
--d7b
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-multipart-complex-injected</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--d7b--

--c46
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--c46--

--6a9
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCBYtFNxGFoXzYRUUwnDFPV+O5xYKM9Sfmpq+alkuA82
kDANBgkqhkiG9w0BAQEFAASCAQCLmUZVuksQB9kEgcWER5601p8B4njEUrG5sBDE
ZZogwSIOhpo7QVrKzOVdKH01vvT8bEvP6kzgrRzlQ+uz0t34nlwKVJYdrjiMjl9B
oD6VGKVAsiNCXB6M+RRXU9bqsWh7AdgLQMlJoYbCEJ1n5R9ZSCDYmsNXJ7M0Blpi
NYDoAxO5eumYr8Vdt0II0OIrutLV9+IBckNseaQ6uBw0pPo3ekMurIa9cIKAaMCF
QvhaQkgPC1LSuswhyVGkznl7E9JohHyLaYR7iF4ooua1Vb8N8TKwULV20UMY5MCU
iBXbkheWffpZt53CcJ100eZ1lPZEw97+OnlY32IFWleuJ9gF

--6a9--

C.3. Encrypted-and-signed Messages

These messages are encrypted and signed. They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies.

C.3.1. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7995 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4910 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 1022 bytes
   └─╴text/plain 322 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:08:02 -0500
User-Agent: Sample MUA Version 1.0

MIIXDAYJKoZIhvcNAQcDoIIW/TCCFvkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADCaiPSuzfmfPxJHHTulO7oLJvQyJDAM7HYr
pgL/gHHGZOjD2WlZUYrQ3jbT6NanMp5dT26oQSDgQzJ9mqx7H1LiKfI315Kqfv+R
cDjpTWnV2dqkKzixr4DgTWvJNKJYGxQVCcHOVse3G6/cD58ALxPaTTv2ad/I6alo
D04x2lYG7rLvsIT/Ai4yJuUAt8zY7n2RiNqt+8e1g99YLLyicDUUGMLwkJidXptN
KSvU302CtVLV76dXaK1FaH9YZYJXtH7G/RPb7mFdDSL1Yy02XmD8jT7u1dZvqNY6
SShZVBz5p8+ltnr66PNK6v4oQeB1FhGV1ZRbl2vLqq4h0i6D4WwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhRUTtmhXHiD0ZhoG9+e4WExV
W4XoqY2TL+JVv0D82MeMJD7VIk0sgSM/36BkwHk4CVnWJcsNPGZVlu7z5o6CLeun
LQlt8U8hNZoaeN9r9+nhPo1EHvJYZOKRHX2cyUUaNBiotyOsRkyqOdJwqsNU+sKs
+j/PlvWzDYSSmYqQzeMooaN09Z5sAvOIZZtfkIm3XwGiH6Qf17YkGnr9S/C4vupV
Tf4jDFFlDLj61luiLlzrnxq1+mRo2zm11+GdIzsNc6msFbMsJqc5eXcGQE4exOIa
qMGmlDxPFW91cr4Gmh5CkxvoxcXY/vbGteA76en6JoLIAwY9ng786B4k4O4nfDCC
E94GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPaC2AZwutvV9/u0uB4nirOAghOw
FQe3FbdU7TQzyfP1mUGudnLGlgozuZahjJWb82Kpsaop0yHy2pGmqfPKVHV6cVNj
uJqVVJzbpsN29cVq+qEb2sLUNytak5P5SQeKNpDY/040I572CL7iHyiNrnAnBHT+
O+zPwGmo3Ose4NBVBesNzQ1iEnN/a+at36mINXaHMhIzxuZChJgo3ayrujAy8euK
fyRjsWNO8MUm2tVGm6YWvrNLBqxb9m+Z4lMxkKZG/QLQjFQhMNhw+ow7FDfqAakQ
uT4mFa+d8wcmbYXLTl+gLDEFlRyboNsatN7cAZZnUxGE1WLgPnTfi+c/6HA9DANB
o/cZVte3NGMWJM1O8hB7CWnY5GEmLq7Jd2RAwFadYu6qZezf3cw2qxy5XtZRfuvi
u5wpcueG1zWc42UoxMXbfQ4UzNJ5yKlXLDJXBH2AbiE/7DW9JG/ruhs6ZlaA1jLB
oL2bhmRJrrQSjcF/gZfAh3JI7Rl/ZNshTjoOxFJn/P+7hDG9JNHF5mVfGExpvZsv
xIH+0UpchlEtkn3tIfhBJY6CdUQxsnYEGoiz9QrRbEnF/DqRx6dpTi2wtKbrBXy4
RBaYMkTzskzEG2QemriuvfsYmYOFe0kSYED0FSpkNSWGVRMA99svPo5c2wQ0+NvW
a+nybNvwrHkUiTwNBLPFtFHyJO7S6sqvixwTirqP08rm1aoYaq6cJ8VOa5qHQTHX
6P8xzMXdIKV67/kr+UmCJKwfGcZrIYhjHEGPISTEKFu1SX+T3KfpNeUR7UioDtrV
zprjueEOQbNd341iYq6Rjx0Oisrj5K3qEbZsOyCVFAN2cpdMvdaVU4JAJdNTtNKO
/zhkEFHsAUmL6+WpvNPdAPvNQuR7kVAcsish2HcMvoKgQ1mcwQLC6RBnoBM4Zv48
zJ39tji1cIe9cGA82k4KerMQxpCmrRpMSlADEAHZmR+3OSOFVy3F4MIxrhXs1wvJ
kyiALsIhffB/xcUwmQhlzOGsbImF3rcZuu8xepZLFBo9Oi4IYRT/tqnPCppoDiD+
LgqqSlh5h/GkSDMz01V6e6Zzt/swPEUvHI/AQ4RaSvLR774+1AuvLjnnnVIAKEP5
0eucEd/n8oxT6nj/4ig6fYQZCwMqxVjMWu37Ukaa99Q/PhAFFgqp+fMC1YiszWjU
ix2O3TAGp2N/8CEDnm+JPVIQaX3kSS/mUpAjOQHZEMGjy4MJcYDlhMo2mJKfwjsx
3gE81LuSNnt4UbDax+wFNedCKgvXxfYwWyyG7uV8lAbWj9ID4xf2SSdcnFB8PxRh
cFNrgIps1NF5ddPzdQOeoh1+j5Pedn4CnaMJxtFAq3bpkrv46XDxHSPpINFvlmsb
kKRiB+w04KsEILa5CiYhZqO/SVV5IMql8sXrfA22b8wpGcprhrh1LK3oA64g0BaV
YtOrFjTqGBRMefhu8oGlCXPB504NAPkuOlFwhb0FsvanLmCzrNLNg8+77NYKx5kr
YPy/G7JwaQoTRtie/D34CaDBKgd5tHUIILvGOsPINIOPPm/2zJr9kGaaomM6Tmj8
9wqDrPnIcwXYqGroCLMasHRz6ZHMrhShR+tf+rMNmnkeD7Za/GjOXXjvTU7nfxr6
P3iHiGeiC5ho5hf8qcyHAcF8OEnS+6dhqTbzlonnnECNyk6uwRieHeglcVPV4LeM
IVq9Kf40mGKinU/qiskhfoR5LERy+JV8QbfPrJr/fvWnlHCPcsBVhqs7HhKRlmUd
/YSx9gmGNRftgc2fCeoxnWvx082qqc7jrj2dn093Fx9FOi0VwrLoMnx6+wyGP/8z
xX4KN5+I6zXD4B6+KhK3CGdC3uL8ZEr27RIXKFN+DvonfBnEHZgKhIquNs7pcOFB
zo07c+CN/QC9K305zrd8FIPrILXvcUUeSYVd12DUzqxXmbYM5Dk8oTiFJUjo4Qqb
/FlVFAxNbJ8GVXgRSeUhI64mEeT8ev1nzdqTv3aQmEXsYxXLsJjhQDix0ozghjl7
k7gZ5zxfTwGZSaLpr+LDnjhj9gNjPORKVFppuqsW68GE7Ysj8XGkkCjVOyhXk400
MqM41mLjl38kVSlhzxi57ls0NR1kVZZJz3NWNYUQVRfyuk8qP2k+F/cKBaX6iCDc
rzhYDGFQ/kj2cJ5ytZ1l3/yCEjC3cuq1LeLGizlj94zHJqTd6bO+1kMmaXh3GF9x
NiKIKD40ktFSTpQZL4bf7eoEq9StrcSh+BWfZoh99/9G/9fFSoEN4PMsgY7oh/tm
8wHGRFUaHKX1PS/G+WT//wbTVQm4kf8Pr3cS3/DtNblcieU2Mpx2ZiFQ/f0thFMm
/ar2bD9zF64QP2QsPWQVMPGm2/r/uB7Cxq/6Ofl+hJl1QZ5VSKdrNEj+0a0l1O7E
DHyuhJ35dE63RbiWi70fYTir+6GGneKIyvfrujtPxbq43bhV0/ZKjNZzh2oGU7XQ
Wgv6AxDp0KHCe0zTE/gW9qNeI4lUMpd8u8Py3Ph6xFHZEQs1oQ3ENlzcfHp/52b1
QtJSFyJ2ZPsgR2i+JbzSgSeW+iTBUbCIBZoMy+6uR++RxOMAtpYgQHF8TMFDQNex
/PPdj5pAvssHzXTnx7pUVgWo9yORYYAdvwVSTA27Tuu7a97l4wnZqgt6OTIxNDME
BgqLHvmTJhDhMoOieLmjve2jCbquINkjXmztx7g76Rza9d2xVP88QcdAKRW7xGiN
tU0kES2XBKrv6ptb0/BhRwqakGhn6oeAv75YyWdQZhspg1yiDjvziNHzsJfNSTLF
GXGYqt+wO7tJ1Blsl3t6gAraXrekZFqVPVEmIx9a4bPNEVSwT0S4VTC2Y6hjyDxZ
ySz7ZnB3qHsnDQXIARl4vXGWJ/gW4n63ELdoOjJepy7e2KqUew8jvFN4K8H2z7h9
CDJUoI5OTBPOjVai7ErDApcZ27zuf+LUHm0w6WHRIxBJ7M/XFL6aVUPwLuc27LKI
1mYCJFSCBVWAWh47wC9Jd1vcyZBOH8j4JHzYOHunkp7VU6IVJkL2IiO+ByQ2meMm
uLo1Dh4NKlVoEsS4IpZWDJ7iUmT55WIc9iYj1vsqNCWgX6VMJKqE/g5TCMkwnOim
u47Q5b9DnRV3sp1rvJnZgsXro5PDBw8DvgvmZRQnjZAR5gJ+ODCjw6C80dYBaaow
PbaLKqGIpMB6HuG9ToLQxQ4BNSns1goHeLCRocEZHPtw+6W+VQuJEA+3j4ClkwNG
YTzCyPienFwr+dNzczbemiN2Cc54FvXGQ3hbEnngH/Dc3RgZidl6+ABzzxFfFVIz
b3VlWUPfRwmdgwz+wIh8sQzrVCqS6hpzFJlCR2t2fS23PWbCzYs2qsjal9LqaKn4
A37ajjkboDQb7qXJHeJQCgZdG3w29fbNPm8NrNyVD1Z0urOO4JMBf3wwaMZbe7VR
cEsYmex4ly9d1gPaKHOb4QkalN48BldD6h1250M4e2m/iyp+12Y2XglSePIzaMek
5O76Nz2jCO2UItnBn2tbCUyfjiZVsAdu2SetgbDrEWJIMo06eMQFJISRgbOsfYJe
Ci8B9CWDc+VNxurjW3uzDZ/0RruSyhoedalTrTbyqkc3huQXL4YIZPWdKBC8Qj5I
rnwZR4hS/8xfvQyx10cTiKM1ZxzoDJIC9rJh+Nd/rTqOXqbuLOzZ9S5NfqstmTOG
QROSGRC9nKQw1C9trt4++YigwOBNIqbPCHAPD+y6p4/O2GpJ5ZzXLPXLb2GvXZOs
/0aGqs/rg8UZRBjJVNi1TnP1cDA5TxWNfzOB8lwuEC8IFfPduYhvBKybqaD7fE+3
H2JmakJvkiNItjAN8upDaPOos25zpJVl0LWr1EtrJ7M4gP/TclnaLG7cqaagVqbJ
S+UC79lkzoVmg2AZZb9eI6t2ANUWoLUBI/3FEiVamuYKAMUGENr6+ZvwQF+mgGTZ
gwqSn2MAETR4DGCYO5cchhPv6uztU8te38hLx3S5EJbroDKDK6An/RoAPtxe39Zj
L7MhH0hBla0b70juY7Z6zv1dPh78ORf0HONMIaDcqzl8mR/VY7EGTA40HGpU/2oj
/ildG9tp2Gpb95anrztXlsU/JvtdWtOO9p/1LkLVYeRuoUq14Rr6HH4j37hdct/2
sYMBprbbLMv1RIHWZiI85PZDzVdM/Wgx9/wB9W8jteNhV3NLf6utn4Nicl0+i9SJ
EIWw3HTrTMqkS3wcwB7bg20MSwrlYdjGf9H9cMpxQQUersR602a0RJwSXrhYTw9F
m9F4VyNfUtqaTdQIhEhyg5XWFhorU3HYBNJQzf5H6IfL4AmV09uYH99UWT4usNI9
NTwW2deeXy1g1JlSbbmYiAcsoII3DjvJ/GvbtboGbzBBhb0DU79yy6C2MQ7x40qW
B9sv5gcugCoMjbuf1UvunaFk7CpV2UnRIKgMULiQxDCGq19lDVhE19zS6Qo4Dyqn
nczUJWRO3lIo/EnvnL8opxINioRa+2Bkt24xF87ydIsn9Yr872t8BAt04+Yp4Mv+
SJ6Evt1n2wpJU6nNXehNA2OYDC6Ff+ZJJjW4YP27yyR2Jd19siqNG2LtK4+nWBup
WKHHy0ddd3pgO5yL/xpWUEssuolm4otLk3dFqjjqSP4oqA/Ez/G+TaDg1hHCdIW3
FacPreiGUKdzMetpnuyfkgUcYz6Okyis8CVDp7Nx6u31vF60KDjqp2oX8m5kYMty
rAeEkWeO4xMSMhYkmTk6jU3NCyqAvDM8FYzf5eC4tcAmE4D2Sd77Zd4QFYIwjf9Z
BSEJ4NFASjynx/jQQ6BvZJu+JkZ5IvpRop42oRhL7gch23BnPSX104KphO7MRR66
gUY6scTIQyVhC+OjxJVFcUyHBaGwqI/B47fcOZ74oPPkXuxe3ffYoa+mpcFiGiaP
1Fq0FIj8O+cPVH53yMXicmIXjshA6B3GFF9/SfUgpnZsi9MggJmLiNvJObaTuAV3
xXpdUHEUZUxYydqrAUi9cypdZJEHGCgvJJbcIE9GpI4T0WZxV6XsTgrbiBZ0Ghqh
oRA5BdZflsZmkGRGm/erdKeQ19U1T5m9Vkz1BzTkAXGmNwlNh3mXURYfjjOey2O6
ij3UjCbPbRQqxtFWgLFD24cKm+7Z/RZT7E32YLPic0bSi0s28SJ1X0u30a1UpWO3
YiCt/bv0Sv/RqFOOgCDVaP6MBWtfXL851SO2pHxub+BaxfU7cGpaH+YKcZ6qiYgA
mYaFiaD3VOrjzvIB4qktw3Q2oQb4ypG7uxMSh6wQ6aGpUrxdx/q9geTGmIWJwph1
ATeIK2GnBF1G8ORJ06fcrJnZ6Y9MS2Uj3HtUpaT+INkv8bavPbwSbTQ84TDPFWkq
g6Hl+aGDTiio7wXfxY/oAjU43iDfPAqtsRHcup9uHhCqMBHjoBfDYFAQ8w11hMG4
29MtdAjF8r4vy4rOvKILL0Ur1x//kH35OwD/c3OID7dZV7hX7unMUn0yNTxAJ8o4
Itz1XcrecZWG3pM9F8ZbCFfSidl4jgkkuV8f/F0LJ5x4EsrQfnrvxARcNM6ROpR1
nI4WmjzaT7bsQwWuuzZqNvbX17icgwJonk9/b1Z/nbirlF49aveY4PXX7X4zHeEn
lclssUxL22Uyl8OkSqrhNV18MTUxvCs2Iqu1BY4Vs2qgiH0RZGwt7X5ux+K+fJPj
mXfzJlFCMKLp8Z+IqaQjwBaiasnDEm1BJeaA3F+TVp/f/mncBI50o/G+ul8ipUV1
bOjcqVDZjnYGEb5cyzyLF3EPLUWYGF7XasZzzExDyD1WV4xrFPN8L8HYgX5Lxm8Y
QYEg+sqO6rUxK9OH2yAN88iQ1e2L7zBdtOIHLMJ4O6ztf38LvA/6Os38BCZKGLzL
5YKGjANEntUvL9NclhW3/mKST2twUX99VM2GGmfiPBNW0i53dQuuSUIaR7lXyxDF
VPW3MU1TELFCAM2N8zNiTcAr7weSJqFtoAsUgq8cdKmK23w2w7jVQokMTrozBQTM
7ZhKwfflD06/vqgZzq1lvhHSqUdkSy9xYG0yrOVOAuRzM4OyMSOhLR3Mru0g0OeS
0Plu/6enhdWNQUGgsZ8yeAp8fEdCSBs1fUmyDtxjR85sF1LnZPytrrF2pFPVrenL
IMgFx1e4pFmDfQjw3nwQaj116yWzGwXwYnSwXkemKY+xy22nO5RXbOkQwiukcgxt
S3bhRv53qCUeWJS5FZcjXstFVTIdTC14UZtgUz3NBBwz5+/tx+or4hcnTnFKFDvm
bYuokckYhG6K9G9O/qvVaNoA/3Z17J1ECwe4qDbDh25q1atCAcmLA/LFMWRNhk1t
jlnpYbyVabg0/hF5oJfElhgTBTfmrZBOqDVmcteT+d4HjdkhTmotseXTvALHVxg7
C26y0olXcGfp3xpeXMpZ6mHrh0hQNUCesM1vdb1crJPBci4ksr0g8U3uOD1vsIua
gAD83O8E8rn/0QWe+IsS4UMqkl9LyYoh2kds82JZKJOKsmm5UEHpqz4O7nyznJ44
b5fAT8ui/nneKDrP4swXsKSb1+mj/IuAEHzaf+RBgoZaLzHlv4IEsRk1xfrHvo1f
XDT86lbedaLupR7GPjTT5oQcx9vdATX4z019GW5uZnksXGpHciTttlO7JkkaQgPM
zjVV9Wj/vmP2eNKxWnnDZIHdUUkYJYByHPEy5kOeEmMbKq4qO1mNW+sY9YwrTqth
vcGB7kMEaCcx/O0s3fvaV6lcxU9JARHKX0bmGmFOoPwmk1JiBwb1FnDaGFAJz84S
C.3.1.1. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIN7AYJKoZIhvcNAQcCoIIN3TCCDdkCAQExDTALBglghkgBZQMEAgEwggQVBgkq
hkiG9w0BBwGgggQGBIIEAk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKU3ViamVjdDogc21pbWUtZW5j
LXNpZ25lZC13cmFwcGVkLW1pbmltYWwKTWVzc2FnZS1JRDogPHNtaW1lLWVuYy1z
aWduZWQtd3JhcHBlZC1taW5pbWFsQGV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGlj
ZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0
ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowODowMiAtMDUwMApVc2VyLUFnZW50OiBT
YW1wbGUgTVVBIFZlcnNpb24gMS4wCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQpI
UC1PdXRlcjogTWVzc2FnZS1JRDogPHNtaW1lLWVuYy1zaWduZWQtd3JhcHBlZC1t
aW5pbWFsQGV4YW1wbGU+CkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21p
bWUuZXhhbXBsZT4KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxl
PgpIUC1PdXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowODowMiAtMDUw
MApIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMAoK
VGhpcyBpcyB0aGUKc21pbWUtZW5jLXNpZ25lZC13cmFwcGVkLW1pbmltYWwKbWVz
c2FnZS4KClRoaXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWduZWQgUy9NSU1FIG1l
c3NhZ2UgdXNpbmcgUEtDUyM3CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERh
dGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4KbWVzc2FnZS4gSXQgdXNl
cyB0aGUgV3JhcHBlZCBNZXNzYWdlIGhlYWRlciBwcm90ZWN0aW9uIHNjaGVtZQp3
aXRoIHRoZSBoY3BfbWluaW1hbCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGlj
eS4KCi0tIApBbGljZQphbGljZUBzbWltZS5leGFtcGxlCqCCB6YwggPPMIICt6AD
AgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
DzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVa
TC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse
2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgC
ReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqh
BwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/P
GeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0T
AQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxp
Y2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8E
BAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaA
FJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEy
nBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZV
jdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4z
E4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2
MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YS
HjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpA
r4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo
0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQW
l+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+
A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtw
s1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPP
dfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJL
OwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilq
kBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naI
s3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4
eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXR
n/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59
fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtB
iN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4
as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUwODAyWjAvBgkqhkiG9w0BCQQxIgQgXqCH
Vw4cVCtB305DBaPPOZFQTL4/b+hqqMqbbcEoRIUwDQYJKoZIhvcNAQEBBQAEggEA
lBq5L0qW+YobV6m5OeKkPV/+0s9dpZlC9yCLq4uQeABVCqzoig73hE9UqlD6QqAN
Du44/r7eGxu1ifZC2yspbHEA9vdGU3acQeEjESPkMh0S9W/QFvThH0n9ah411ewt
W7ByS87La4JtRBIAMZaLRKxBmfU1HEyr/LyWXslhCxeSlDZt99KCfCE8qM4r336X
6ey7jtR47Rjlk0lDHAv77OyUJyjWLdd3yOnc63uOsV77YcpstKAxJRM466FdiAP6
5sZn7Kxar8mfhN3dvYoZaKkdKW81uLOBfO0pQVbp3mXTWlXZMzSD7ETauut5kHhq
ggUYOAqvUvYTJBRpg6INQQ==
C.3.1.2. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-wrapped-minimal
Message-ID: <smime-enc-signed-wrapped-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:08:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-enc-signed-wrapped-minimal@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:08:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0

This is the
smime-enc-signed-wrapped-minimal
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Wrapped Message header protection scheme
with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7865 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4818 bytes
  ⇩ (unwraps to)
  └─╴text/plain 336 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0

MIIWrAYJKoZIhvcNAQcDoIIWnTCCFpkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAA3dT2phNyUaCSYNYOtjREx0cVvMCa+ZQkyT
6hIOSZSwS1o5APJ3kkJ5dkYlIMRue5jOEGZcddj60tvCMeCxOLYTXwBiGS1h/+rH
P3KYpm2mdUPF50mQ8ittYDseUvluSrKHbvSYrFPx5qVBOzUCZAzZyizQ6Aft/9km
oM3aHUSfqdDeGOI+qoHRB2mQj/9zDVJueULPFi/U8GuXV6/2b9p1MXlcqW7N2eZX
lzcUJ2V4qvmT0lf3tatxB5qH9Td1h7ziBONJTlwm/Nh0vULJGkTe3/23039Ohott
sSJMxTxziqYKWbfWY5F3ScyZzJfVeDDwgfWtXEs+1k+8wafzhl4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEARWvNkhaz1QXTpso6DYCmRaDu
lo4YtkkX7v1GCNSZMB3haBj89fjkfHcoD8THFCYeCWpzSIXkq4n/DxgPUIXDbhOs
0jKE3/itGJy++bohc1M8sSlEQ+Yn9269gXtrBQ4OIHFTjivjHau3EGLfV+O1Dr6F
PHKkbTZNSWf3w+HFVgkMjz54bQh1UXnHwkuLz5jZrdJGnn+A8+9gAaQTCxwH6Kwc
GOLb3K4//jihoyz/1vyCfYXwRSAHoMAQLzYjMn6bST9+6kUA21NGzcseB27UjYPK
Njd5YuJkJQmpvjEDtWxCOe8VuEYRbP1+FfASn6r9cHDVjIFhdghLnSON5iqYFTCC
E34GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGQpw5L1+kHivdYX8V3nRhCAghNQ
VPjifrejfoGz+7rFAPCAdAP7h4DcSQ8pYdNhIPErkv5h86pGTMM7+XLQ2h5fgi0Q
LdZok/qNz6hlEOPZz2kxMBtASUU+RPM70VxmZzWLgQEgulg7sxV9rkHE3c2G1Om2
f7UhFXfSSBD433MMeGnoZk4va12kxk0AsF5LB7BjxNCZ43ShKHxeI/vWMONcmsUY
GUz8cXtThyAaQva6l3raGNFWRReM2IFBlG7IPOU+329zXfJO+tNVZ5AWwwIwqvNp
Vzyr12j20ynuhSQIG0FNTtB/D4qWVvO//0FmK5GbpJIT8LWeDgy6EsZ4UHjlKHqo
hbJzCCqi3RYrPmB71mEPRJkBMzUJ6a6hJ5YaXOAlDmcJESsVCIK3fknPyYUeRHO7
Sc+nrnwFg7Le++fno487YPXrHMsXJ0VGYCVxvl4cxOEZN1Y158A2falAgoUAdpTL
JR3dfhUMjgHmvjJi2F+l1nevXk62XxTsEFPs0mHGI2LjUFkbuUrevmMH7590y9K7
wdf6HRoxS5Nr7Ukdz8gNn9OGkwH6g8uqrsEK0Mw8njVTzFHo/nu98M+OsSD+3MFS
24pCHRI6PB7Kz8K09rgUXv1kvEkWaKeFFhPgoL5h2OgFeE5Wo3xo8QeT/LrbMApc
BcesFZ+g5V+TL54MpEvrEFeKtwbtKHFgEK0wy8PGjh5TFbvfKQinBCVsdMSlG4ZD
D8zhPIpyQY+xjY1bJqpzoai6qmtrp4CWlVMtCpMEW1AwB221DzmT7gYgyy5pHZ9e
Gm1SFAvRdEM/caNmHOT9j0JC/kWGtnBe6vJJ79bQQZJ3A87QdDhOchIVweNlIf3+
YmvjnlX7VCJv+CNVtloVvpqhKPn9P+665RDk98EPX2bb0ZqpeC/opZu+9+nVaoqV
vfe6NIDVcxMgInBgPr4dfbVhv1V+5RA+/bjCMjvdpZjIpNAMNG5f10kJMGZIP3Us
PEce80+/GKSMWRgbyI+HRT8ENwus8nW8z+yzazQHXi2mgATVUlwVHN9IfLUd6sBa
a3FAt/Tg/+sATlcB4h/12EFFFOn3EMQaSMSAuYN/EwrXzFOT3V620XXo4BcCGSWS
1qFpXXxK5FOoXowd34eTOyQgAQUwDhq2N3/dv7JJQ6dy6MQgpFMg6OKDsruVWunT
1M5qvAF/iI1VyoQ3NhNpn/iR/mu2CzRZG7/2qCxKxHrDgVQYkQg7rOv8ZG4lLIem
vx12REt/hWEXsnFD8P8nVE3Okr92zYBLFdm3JEhEHul8oJlasoSb3d5hbWE+ZYlB
MjjuGdgNRiXmPZ+5MdxjPzf+pZ9Ch0MFOvX9pbGlA0F4CPWDKPHSOvu0SCowW38E
+GJXKQteLBHrOHVYBFEB1uf87YersbqRtbAgUF+u1DvfmW0Ap4+dhuL/PWKw2aAQ
ZWQtfON+LhsXb8cfjRQNVsjBzdZ51QHzOMafzQN2+ez3vHdXiZyPoilHvH5FAMdG
/qtAiEszQAB4pDejmxw0K2kw5ZRPPWr3qEv+UTTAi6z6AkffGC4xjMwSNDja7HV/
9yeop6JGEEfnPFUrCBGD5cNi1sQkKTEHhGJwN8t9EaGqbuTMurTXkjIl5hYedG7W
hs6z+phg77yIHftSNQqNJnrdahxz669pUQ12WlrU3BuIRL7765Kxof1kSCrptQbn
4bRV+6CoQ9CxwhYaxFWZY7iSnXrd5H/N/PjQUu3R9AHErRj43UIMelt88Xn4ahUf
a/ZxdEmLM3nWuyl2emtRKrCIN5Fr8GsuGmfqE43DwtjCw+ZskIn9ufFvs01snw1Q
8oQWIou0m6VivjzVxScnFcBENYYKarvoVVQBmO65DTSvwI/8tKBIFWQcGrlUo2YB
0JdI6i5DYL00ssG07uUQ9gUfARtpaLtawvfor+ENwlldEfWGihXuGMQ0Gt5CACGp
myHb0oqlyn+h15eZBw+ZyksBUSvYJjGfcIKwp1ssFcfI4VES/h6tPI90zYatRKk7
NVM5F7c+ddFRUof2mek7/TFl1PsQZz1aZeZgOQcW7pVqNKKzlfZbCLCFIJP3ex5j
vtIp18zvD4OSOyjw81sjTvyr7M8QLA5Auc/bH6clxbRm6hE/KanyqOtUiQ0djyU1
g5MVvo8XMVLmMOKIYxKHrAdnCS2ct+soAbpHXfxpIB/CRJBbUUqxfo/a2qmLXJtO
lZxX666zHIETZ039lJTEE0mR1541pHL9qzHD+7o6byWfZZjs2PRWxL+4mR4Lztfz
Vf5KnD/ZuEdRLzMeH8DFWiBRxiFHdv3tUt2KZxISrcKfZYvcnJndVJbEgzTO7wIR
F7Nd6d/vXfCkipWbnI41CFL9TeYkcVL43tfDchL6MydPrUS1oaeFzaF3H1Y68akp
mt6skhB6tiLWR80YZOz9MkGvSYYqVxXOyAnkyvUTTOFPEkylT2TVnD3381oAhArl
rjH04WM2HGOFOEGe18BN2m8oBYoKtxdrd8PWvtKmCmSpbpMxs+Hn8Fr+B3qqPA55
yOflUofr33SlRhE7yydOfXieJxg6KnBcthOVuy+/fNId+m/3UUsiYP6go2Q2AspV
iAw8SNhLKD2a3ND+65D/QeVkLPxd6YbIiEMc8sPCrrvQq65nDOc1GvlPN6gtJ60y
uchuenRszqN0X7Wb7+SCFb6bJ9SMcU5xIQwWG12HEp4UeE0ZGXozNYRC7d1VMY/O
9qwJha83u+AQPGUXbP9hOQWC1uLTkDNdY1Wz8tFZBW7a++rTM+glksTwED7+DdxS
wHKsb45RG+3x6i3sPNIdgMqK+O/EOUPKnbPiTENwdEWMt9mEfEnFLOlWhReI21PN
nzx/V8Rz32pcTblRy+9um3KBQ8Z9nAZzZOLmNQOSLMG3ZYPNRTV3E+yDnRSqjFTL
CwkZa5sKtwdeJYUw0RqqXd6EdGP/AOlIiIzZYCLFmRHicWvpx75SO801Ak/fZO5L
osJAT15f/qMt98kWR8TfXPE1WxADvaad+zPzlZXGMxrT+n5l37Zo4CQJGqTveqCu
sUyOBkcdPfdgA01Wh9BmaDtu2q3xiilE0ynrC9HhtIanMsRfSsE7HNDXZ8Kijt5P
Lhm4F2W/1v8YGOEs1MjnPd00RrJPRquNdQ4YDW8ePzqp+0GBy3YBElXvktx/r5Wh
gVficOUmWlD1MYUIciO7LC2o2zYLQhE6xxJ2QPoIBfxHjTdrLI+UpBJ+aHqMjh7K
DRW9Kf1labigvIqFA3nLt+1RzMLuQZZf0NiK7i10i2WkCH7mvHaWXq3TqPxa75dx
JUcgBTGXhpMhnEWZTpjCsi51hAh6iFo8UPgBRj8XUjQ8s1EYeA8fDlhi0uPbE42s
6WNhuEum/zC3mDRoaOIT5uLqJGsaJjvHotAGr58o3wetQ61OHoMQsrqJ0LcmACMj
1Ev7ofCPltc8AV/tIDdF4HExeRXL5wFrmPeE5pKii/B4QO6qjUlP/x2omgLwXhoR
nmxY5kPDUoO159xUbuZ2cypmZtoUV8zbFPPA0pLgoYkjX+eC7NPZJWRBePWpYF46
9eGB1JZFU6iaIJUlorlLmNVilb6MgSS1TqAVDqQ2RvNh3Hj+vWkJZkQlnvfw+0hF
le/bHX8BaB0/qkV8LeIEsHh6aaxiSGEAUBF6AYAS4HgJNmY655CU/nD6h7Xts8QE
EL0u/7izZG581BGgISh8ozw+4slbG3l0x/3h7MVW8JQRwVW4CMP6vQSjOGkuGSjo
qUkA+EuEpYyr36byu7u6Hf+U0mk//EzLf2MQgVCZcspmICvx06M8M4BKdzVnePlP
3fR6acBPreFKeQRMvc+D9HF0mMF7i8lyN+wZIHfWQODDEVn9DFcDupXtk2dLO+T5
3oflXj5NN6CwhZiXRYcynVjSe5v73bh63EXQucPz9QKm/XJDIAjTiUI4RC2k7N8S
Y2dIqzz/EunUxCcnBOzWvj+nJO2noalo4YUkgRDnKmT/744WvElp4lPv6qsHhy6N
Zs17JxuJ0Bf9ApXJtUKBzciiZkoKBAy/r6BtD/X14WsjQI7+xhbVB/POwSZQNxng
Z8mu58RT9rshDr/q2+SvYEgUBzeHwvyo1J/SuArkm9baDKU4g8aCBu6Az0qY++Qe
IrJT18C1MCEN9aU5rbK28lyeg38cDBOF3o99pyyYVmJWfp7s3KpsTRazyPieuFLL
SaBCf57X+Aa7Fz2Oy99P9LCJlMn349Y7uCGs3haWp4UBVujVjBOwQ+OSCX/B46y+
BYub0Pzv1H49a/wWI/H1Im2Nb5IusZ0GijZcdZ8LqkdaEGXP7LNSzqDTdf0J8Xvu
Mg2w7ii3ZJEvUw47I8rTAspLTtmotJXJMK2izgOtsU/LO4Y/JxpJkEYPcHY5Jdll
AD5ikA+Ks6wP45Z5Ut5pUkpulfqcXj9tJBceTg/6FhWXa8ndNmtHsS+tPo1p4M/f
VTsz709/uu2UgLuUNW6nw3RQCEnzEr/q44mwCOhUA2OlxtkxlMgJtQOWi6QAOF+w
hDotC3gqyqoddQ873G9RfuX6LhqbePaK5BozAJ2WolGt2HUUXPFutex+ZRySe/Mj
ceWvq6BQ6okkCFUQqadupBnTvN4odb2Fb9QPCTNYRI4uLCasFjlwfQRRoYfo5IW3
oKfSyfp7Yao14RoGRsKtFwHdHrFZqku047TF3rGXAM/nAmB09A0kkxg2Ln7xUege
oZ3V7jeVzaBEmx/LrR8N8XYgpiinmeqCC90keo5pCkRnr0gw+cyFWKmK6in9Nol+
1AAVTxaM9oDe42lMoD4tMr7tWl1zZJcjlmuwAnhgff2pTFjHcX/p6ffhDy2uXkl2
WRFE90E9Rnz6QtR8l0/hqO1I9bObcEOF+eEGKo/BPYIXCB6dSu4+HxDmxkTp+UGj
p870mFG4dquWmcPjf2PTCrnILxh92N3bR+ioG3d8WVo0NUbIAyspndURTHXyHOqg
zzvr/SYhZKP3sZ7piQGOTb/OUz1D6Spt+HHhZPpg2/YPGrLaYABE6PfYwGHLKBUD
PF2iOaNARRpBxAsKwemFxvOhlPd0V164YxrWX7R5McKypFgYj2D5dXtMTkm/YfjB
y9ILCWfvNzkTnxJFJcfjbnv+2tE7AS5u4TH3bVfx0AS545rJ0cOoAaDLhSerjICo
fG2c+qWalmYqCf4aBH+WQAKMVlCNcuyZnB6ZaqqzWYEN4IlHve6C7N3ST3/8HxPb
0mHHRYPMFYXi+yI7MieZH4X3EWjRO54hlkPue8tDUEBf2qa/tCFo6dQv8NbjINYK
SHT6zoCIvXYYXsexNUVyxzvgP+9cEysIMLPyDqT6Hr07eBOISL8CSeAsJkBaRVgv
M+X/MWXKISubBUi23dJFHUNxwY+sN7ObclItgagX4/Yc/lSQtseNjk+IteycessZ
FXJsiaD7lyBNia1U40SUDH7PODbXrK6Es9abbGmaiWCkp5U03owaIQ+ZBp/J0n5q
aj4yUZu/iMX5GMvQ66zwnLCDwn0pnGzMYEen9yq2OUbyWYErX803+YkkWoxXf24P
JYcKuVrU+0vhXg5VsEI9mkcezqk3sXWF7iCRdqXKF/+UKsCi3TbyeCfe7EgsuOB+
irvbCXhw5wwWCmec3vU8b4IYCRGgRNyVrKHFhJ+2FW6+mm8HzmuQN4anStztxW4D
PrP3clIaXZS7WjlWb9I2099qxNEXU5naEkxDhFR4rSRy19r7HjaIMMZFaJKusxzk
SPIV2oKRcdkWZVyAUUag2QSKASZqeppUKrzmU8RM7GxlQKZg2k7k6o/aIB3FTTi2
Iv93bv80DO2U/Bxj9AC2mb19kppTC2fgUWls8L6WjWoICD/SA3OWX8g+5/1oBIk9
1OlXFLNuuyVo6nBkB59an9SlAH1fZs8naMoGQrfQNRVGWH5Ff2RKp2cgbm5+toUy
QwXb2c+zw0noe6+9hskMNUIz9XC4Lami188Vk1wviSoC6He0EtunrfSRLiXXkD8g
x4UiIv5/CweFkj7of9USRqcp2aBhZqyViRG4yy3160Bar07rjwc/tCP0k4fKVvW2
al8DaXMS9AhXUwCsXcAEXWArtzTwgBlWdjfx2jeX6+b9Q2WqfS7OybNPlRc8z+ls
2NmnK/MRZz9qHa5EvP7BRZl1WB3BZ9voHa6rzi9NSU7chkYHKZWhZg4o4zlJvEA+
oPb68YGgW3Nb6V6G5qn0ay84LO9u+epr9C9nXpvpcXFq2W39zreiklvDCVnqk0ql
Llz2Dgjtq5E6sm0WgZkCTN1JyyNiRp4knECUP+OasM9x/FmEBv8Ebbg1tR+uJz9Z
pY5pSNDqIwItrp4k45BqhWALBzt+UlVK5kUMWxsghaMaDUsK6qGp7yfI3sWZdlef
7egtLKX/ff/8lkz8Ss5VQUFwD6nXrXXrpCHKpYv1UKBaht4yu/7jTbhT4dwGUWXo
a+48lBJ/+tAT+gFORnuUg1CA/nYGoFrzARnUZjD1vYdypmH5qeLWx5ZS7mCrdp7U
NVJ7ba3x39jct9ZBZFNEyACz8Sy6i6iyZOGrtYFXvCGywf4iALPlQQAGoS4d2mij
To1yRHYJ7n+O0c+lzHDcivieCMy9b3wQs/IMZby2qXt65RLkBEp3fGjQ7wtFYcFr
C.3.2.1. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIINqgYJKoZIhvcNAQcCoIINmzCCDZcCAQExDTALBglghkgBZQMEAgEwggPTBgkq
hkiG9w0BBwGgggPEBIIDwE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLW1pbmltYWwNCk1lc3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLW1pbmltYWxAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWlt
ZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBT
YXQsIDIwIEZlYiAyMDIxIDEwOjA5OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1w
bGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQ
LU91dGVyOg0KIE1lc3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2lnbmVkLWluamVjdGVk
LW1pbmltYWxAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VA
c21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21pbWUuZXhh
bXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEwOjA5OjAy
IC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9u
IDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCI7
IGhwPSJjaXBoZXIiDQoNClRoaXMgaXMgdGhlDQpzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLW1pbmltYWwNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYW4gZW5jcnlwdGVk
IGFuZCBzaWduZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9w
ZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0
L3BsYWluDQptZXNzYWdlLiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhl
YWRlciBwcm90ZWN0aW9uIHNjaGVtZQ0Kd2l0aCB0aGUgaGNwX21pbmltYWwgSGVh
ZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNl
QHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh
7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxp
Y2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6
i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf
8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjUR
ca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZL
hOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cO
NxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb
+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAO
MAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTAT
BgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJT
QdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxo
dvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQ
Lgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q
94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l
+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBo
lg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1
M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAreg
AwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MTha
GA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFN
UFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOA
Er0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hc
UqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc
8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJ
FhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWX
LJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1Ud
EwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2Fs
aWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/
BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAW
gBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfO
qaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284Vvy
VXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdb
EcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+
DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zw
lc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieU
Hx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIB
oGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEw
MjIwMTUwOTAyWjAvBgkqhkiG9w0BCQQxIgQgnhRFm9nOgaC9227M083Y7ATM3ExN
XTPt9Z4vMFVNUhQwDQYJKoZIhvcNAQEBBQAEggEAYgu+zND7NaTugRGh7Mb/pCJL
HY8EEzwO2BZRq0Y4tfmpBC7qOfXLs/zDKW7+fs5AIoX0BesntIBEjh8jLVbeB8+T
IRZSEXv8aavTeagzmP4KQOj2GmnBwGPheEqoXFsSue8kxPLvqaPF6yM7Xnijb82I
qrVdLwOk96UTrF5A4VHaHHfoZSMZeaWxC0GMUt7bV5B7kwcq00MQVGoQjKoRvhew
Bh9DySHgx06VH2JFoW5y9WdRmK3tTCJ8DqLFiQt6irjIivAzBnQPINbvrLZugyhg
8vn/iVSkOs+VKTY9RNW75F7UF8Ld8TWwfovgfx3A5BdV5FyZyh32ZOXfi6WM3Q==
C.3.2.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-minimal
Message-ID: <smime-enc-signed-injected-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-injected-minimal@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:09:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="cipher"

This is the
smime-enc-signed-injected-minimal
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.3. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8125 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5004 bytes
  ⇩ (unwraps to)
  └─╴text/plain 426 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0

MIIXbAYJKoZIhvcNAQcDoIIXXTCCF1kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGgfzcHH9hRFHqF0TJ2uToDwl32GdCFRsueN
hOnBTnnRmwwbcdkzkHAyjFumabQ69K+U8Z2xpIp69FucxI/LNdQFnzorJCWP5vde
zYWRMwhvkIpBdXG035u6a6+rcpWTIgczsvS8n5M2+N7K2qXWC7OUC0E5FonNCcg5
UrFy2nU1+agN2xGkuQfJewv9EXphcznxLsNnkuUfgzeYyabzujbMb9wUog8C4CQ7
WqTuip5DJhxO+aOLYUFzGDZiTJztzD2ec4hUwkZfkWwY2pLhR0RhfHQJbq+vJQWN
7wtwK4t3LOXO8AI8sd7e/agVIEnfeRg2VMslUnqm+eUgiPgrg2owggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEATu+QrNqgnYrw9BsyTf2ydFDI
WJrcJM15eNhfRP0fHAovqiajUIg0s824vzTYdHQoaxbnDRFnlQx4YU3QbN9g9q73
7PbsedSVO/gTSpwf/cvjrBWRe+6Nhdzj53LtJXLMJBiTVcNrp6ivTX8QPWgQviL/
iMVbGRKL0uGrnf/DCUr1CDgvAxEaKusU/Dj2vAfLlH9OnFo3ue+5bCrYhjfD8lHF
btwvrMbifJmL4rJRsNgg4JML0XGiMprdvGtugsbWHoJQsbzfaunsk1m9+yHvrvoN
kxi+mricbqwR+xHUQF8yOOkwdTrfK6D3BXw7nrpam9CWHSnlKm5+2wY9ZZ/dKjCC
FD4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHP4fazWHJBFT2LpRi2RZnqAghQQ
V0Z+bvJYJz7GBLNKehneeRNUxC7bU+V9NtWhjMSXZ3gmRdL/ABdcvWp0ZwGWAb10
h92OrpB9YpFT3trbGzeqFXjyOL4PNPzyuFmo5lrDPYaYF2/VKWXbuxi45DhCtrZs
SIgAFVuBqdo54qvN7mvq4QzzsXu5CI6ZMq/Hde/rle5xCftQbiOIFiIYFGddlffl
/AvwlCAoZh30TUvoKVbjFg3DcVbduAdSMM9sYZdt5vnXDVczDR3KkRUmeq1O461X
OySxDEWMosOArXGGBWOTpWXvXgluru2t1ABoFMlk6EAR2Ecy0gOE5MAbARrq3pUk
r5qIBk5xXlRofo5G1mqed2LMM2M+vYrpwua+9ng81QWX9CV4eAK5P8e8yF1qq4bI
dvTQqX42P18wItPhdzG5cRQCT04beMlS+6X+EAM5AyaN3NrEw0lbqQzt09YxaKLb
zdMELzYS6QJ4sKeTRGh07UyX4XtYsi1V8Okuh8D315TzBYeOGK18zQchXAM3FVJ5
RlNHTNvhwh6q9O5SQQ14NEiyG//FAa/K9Ic4KF+js42pXGU+4WfounjU6E8l5CI6
LUmM+U0CHdbHZtMF7lBOeDRKO8Zu2GQD7X8j3ZXED3AUCAKPjQywGuUDd130S73t
zBw+up80LZ0xb0VN4Wb46trPIfpiZbWI811RA6JLWeKYe7qh2iAdSyZmbpprMaYH
vUKZAEYfijFQSl/UVq5j+SLp2bQMkpnRaZzYX4me1LzW1RS3z3Go8NrrkeBfDObL
KkmM9/+sl4PcuOL+qyg0bCpQCAWuEdMaNkq/0x0HHGWAZgiSNr6eUNLtKED+O2hg
YM0OxUvL52f9ARRSMdJ2vpzlFhLa6bIAMw8LRGE/2wmpQ2C9JqIhuVIuTAma1le1
MNQaWeEt0MLDQ46ExRgSvBhSaL5JaccCKQ6qs83ZzFTNmYO+P1nMQd0/gj/A9VKC
66FWn4WSYjCnFnQCkr1r8Y6aYf13remPkooljxh74cTh35Dk71d+Wp+TlK3XdIhS
LQDOR1wNW4OBz78rI+S5595bDKjqiMbkJ7lHFV0J0HriSlCxi7RzJg/iiUQRMPEx
9rHwQGPQR+dwR5doFgkIlwC9vx04fEj8ZXbrrAxSitZ1DJwkcrCyFMU7eqlLqOA5
326kDUAjzQiTL588zaE2N0PDYtrMe5CJBOc5JOfN47y8+Pd56/IuTEpr+UGaKexB
3n5/5rvqirCRHSjJ2qVNLr3dEFXCxzVjZXvyG6nrDL79lhbYgTBAg/FETIbxIc/h
V85i6HHsQRoBBqcfa+ZimiuDsx/U+xeP9GmgC45SW7U7AxYoVYxfdRt4Dl4Q5Hqr
KFqUUGmwFMMzAMICDv4QBBZtOBSIqFD6Cb15DQDDAw6d9OQ8rhzajTVTMxsbdBp/
09nlDvs1cMNX8ZJ5ORt6B8EN1j1BiK9nkFkEkHek+f8c1iVG0tXin6JRzw9QwQtz
oPk2IyHQhs4ptN77+FN2rkjdm52Gadp4FZlfxDTOsk2CkEk43Ts5kJHdSGf1vtoW
ATYzbPcbE+fjuyeD34t+5Zay+sJUpYQAzzgIwvGtpWTt7BaHp3jeifxkKISIAOrA
KExE2kd17821dW5lNAqDflJI1f5ak0L9YMoGn0dYdLuLumrACdKav1m3pq4hqi7I
3ZeRAn2mF9JfAgluIDNslVIoWYLf1Sd9jagR5DtXVjh50i8SK6aFFMXs8M+qfDOv
uMVMdHmMHor8TIiQrk8WOssMRXX75gMekE72GoimUz1DxSPu13R5Sj3x9VbgWIfY
P0jxXOn4l2bKlLuUCenfKwUNfca12xzWA4i9VLR40HX627a4eymhrsnEJO5mlmU2
I8kgrItFgAAsxizxrvxnhEUy0g9wvoIbvex/xSFY4nOj1iaGRdE6iI6XnKnReJa7
PRP5d47MfAqur399GRp7Mvc+fl++SACauCvUST6YNSiffuhDMRzHqxuVS7/k5YVX
65m7e3hurRQyGXGnrZyrAcZRwjDiqRJAIw+/SX3VT8/yB7S8NqgWOc0JM9jqHIge
yctUyFN49Tu5k3FhzxByfaAAB/MiAWTgItARcZKJi3MGkbChXiRlmIMYJxe5PyNY
HxlJE0hFE9+lFuD8opHuTTGLm3VTMGnbojUze5vCA7sQ9vo9qMgEquFQ/zAEfv3J
X0RNfVBP9YF2m8FcETbJlR2h3rx9k5QO54iVT9NZVuEBVwwhDumuZf1VqWIpn7iC
0eELzs4dvs/FdqrwAiZW59nGJ1sZsUfvtVd0+V8orOZ6gWizeY7Xm8Gwa1sRTAmO
wS462hnyAw84wTLuT8usmWwiAg8eVX7WGivJ0gTczVKoJcJFt4PT+exbJ+BCbhLo
nXscOK6V59c4EdevXtxpOi+zwPi0mBNXklzw259xz+NcULVWxt6f2amBMJgGxx0S
xpo0Pt3JdgizT8EMMmQVllrxqiicFMkj0H3Uu752kVBsaBNFvTX3y7Gg8mwi62lx
NRYrBcqcpPoGxZd9SU2xvGh5Bl0rRpV6AR8teLt8xsIUs5GnL9GdvETCeKqwJChC
+Cv9jMNgZQSba+IOpSWDITFRkwZI15AfMqQfLDwBJLebSDHT8U7FoxzkKZqN9Gar
4FKn/KVFh/4R85Ge0Eq5IaCT/qKutmBLExuSj4dY8fcTDKK93/cpwp+xgoKcZatY
3U8wATdUhIF3I2e2XmbQQtrQk8RLNXztwOyjKGmyBb/jfN4vO8bNBIn1edt2Soa9
gsCRzNx0sZhiQ3afF2Ugc+B2nKP3SUCphGlwJqa6NuVQTVlM+M3rEngcN2eSE4PR
to21xeAzv/xH0Y4MRYmwiGZce0BSbK3B8c0otXHV+YC1i4kpxJbh7zviW3T7R9LV
f7m6JckiR4BrDcFX7RPqbEHtSmy6q/MXm2KBzjo/fcoZboUG6kzndPPXtEqWa9bt
AL9za/S+bz30vZNdzpoI48UtS8T1q5qE8FVOvEjjfGJet3kYftsiSle12EKYajIN
fJRAAV6oCtf7j4g/REHoLhOyBCU5kWWRopz+iPFctHpU/4yDPxBclWZOurooB5Pu
En7jhaZpxObzpBWb5gbEb2iNzU7lytjS0Nf3C0NR843Z2EYuUSRl+646kT/bvx3I
qpBKRP1nvXi7Tz5qhP0TfVKOb2jXzdunuKn3/dElN6CQJRcsNm2ZTqU8UN+s3YUQ
MlrKM0CssLd5YeVPprDpPCxK3QHL3l25M8WkNaDpSWMALpIvL0CHA3gd13q6p61t
s/WEwwzbXHuzDfQsPAVqxvmsAtCPHRWlrjIHY4rQkX7rCD2/yOoBXedJ5ToTKkpq
AGH6YJJ9JQLcNVXVNfta1S/kpm9gi+DQ+uxs5+F/JoQzidzEB/P+HIuv3W/LIMRM
bqLsPtf6v/XVtsO61ha1i7hml8/RchSuTCJ6vS7sX/9xJjL50qy1U9dsgDZHoCQd
e828Wujr+4HCDRIKakCPWh1yxUDQ1/d3su5KsMAdVJJMdJDDKsymigNJsrsygQS6
AkqRoKD6dRCvbsUBHXt/BN8qKeOvsndPhowudZ5hkz2fopWOTGUk0QpCtTUxtEJb
ddQ+CHEl7MO7jXCgvJZIMlflwe/kQjXLM+ZmiMtRBv7smdj4bm6w6nn8OxUHnfTf
/38zEwm7V+IlqQRxK1+u2v4dJIJQaK9IkHMeQywNirplaubTi20/IjbXHgy7LMup
P5Op7GDqqI61QhdZ/L95qF492rrMQGkC21P6tXdgSrsUzrHtCO0NyIpfLyE8PI8i
HdIY9Oxyr4xR9Yu5LwcPpRhXcT+ximX6//o8PtTa8WKLThutLmtnblCfeatv5KhK
ObSYR5k5AAanYUO/c/Ix+2r3DqabdFJ9wWTkSPL5wdE90CoJJzb1kAiPpCESGHYk
6aMZFHMlS2xX3YmZv8awrEJm7QJDRrU+AN5jN83Cxf0IN6oTsDm0UugvZOc9L0Za
WVkCuqGsg/PI3daJhJEV4FuzZSYvoQT0q1ssbt4uqn88sfQthdsfikeDr0eKXuX2
iuEXy7dm35GqcCBQYXjzEJEDOO/BF2At97C44JyfIB7+DaiSLd5IWi8rfeKK1AAt
dWAcZ051NIXkdJ75uuATUFYSX2TRJchh2oAxAqn4BNrsyfc+VCmFgGg038dCh7E1
S80zvQljOLV/TKjop4cs/L4RXvQJFaXoyRUUg0wbJHb+ULms2mNEnZwVMe08v2/f
TXFtGNLVdGqbpkJXh2Pz72IDLqhZgOpyS06JgyRGSlA05/rG9Rkjkw5zeSN5uOLN
suTqF+mBjIJW8JdhUTdIyxd4lOjnRsBE7UK5XMidbda5s1Yf2vvgjAVFNBDXw0Z7
ILn0ZVD4C9Tl0U+vAIQFs5tgSZKyfjvXwAZIH15q3CsLea3ekobaHwF0EzfynwnR
FYHLcF1SQ/VIUe6LgSXlgnaK2ilbiMoRrfoeENUoOqxiz3G7VSgl2Nv1ip647nT/
ukAKjGoUSlX6uexfUe7jtZVaE4Og6FyxIhV/26CDesI747v+GO7pS4vg43HrbrzK
CqBBVPxcHOjp2If9buRtKpuLNUiYuYACjtO22cEDkjNERor9B1fjqK33bFjdxi+9
/TOX4/isGcgXwcUx6H5grIbuGvaLYgqXipSasBwqJRjnfPaJ024A4s0W55HIC4CQ
vXfZo1WTNGZDPP2vm4AQZT8HVPrCbiDrPMNKEf4LuyioBJCi9oraLmkChnULpk9c
kcsWjDfaihX+lMMTptl9Zox3giPpvvkAvHpW3pdRMROZNmHfI/3NF9ZkPTN1DyJ0
9q4ELNtLPlDfkKdScv/MiX3ZzeCNhRVzP//8PLLllg9JyJ75BlRmHwcRV1CtP8yL
TKKYqNzgrTvLphUC5qNyMDzMHRj8yGW66vjxDpjlT0ez6URhMrDE6WyWhmZrklCJ
hXGa90qXDTDXY7x2K5fmBVCo62vT+cjBzB3Nnu/v+ERtN829lYAh1XxpZVmiXXwa
UCj1IZAwR/PfgtOMtoWqyqFEkWcYlyfS59UpGYybcEEJ1baZ9v9w4wiMb1wqOM9f
xFrYXZhz3gkzmlKRfGyw6O1oQVP4xV8Eetx5Sn8NDWIWnKnlngxAnIaCLpn14r95
jbhkkDMbkqeI8VnmFSw/MHdas5JeoDg7bymIv7+OHRdQCG7ksdx8Vh80ACB4UUpb
zFqfiJLkkDgAdOYDhxjxjKE5vWBcFhxVqK9jUJJUGe/HqrM0fIzU5kP3g8n3GNg+
S+kvi7FDf8j2wpkHM6SywxABCEQ8MZ/fEgsvVPXSdKXQIwkTj+6rHGhuT0KRbiJ7
qC3YdF19juhv8bs7dYH4njZ0BgMWp+md/STsHW1gWOYLBf1kYRRnNALwo0OFfh4N
5Zh4X83twwO2sc5Ry9QqkyxT4ISvZ+cUrzWEQyfh/XgeXvuABg/NJZYBH6L4evrX
xbmQmqCgbM2UzVdvh7BBjFztl5SaOghW9E/zOz5DrJsKA55JNkhAGakAgpr821FD
nrRgW+4Rkk1ClMqxwtCqoJa5xdSMebXIw6mDotOJ82FqK1HMXDXyhCnUV8deStmZ
+AGgs+aGmjcddTkJc5bbXTHBMHyPf4tv5IhCj3iCIX2UTyDBZm/Uwye8k1LcA0en
AsFI9OYAzt2VXvxcecZJzwXlgucqW4MaoqEUs5OMLM4dSbhOH9IU6JSpHkygs16M
AWL0+DSTl3ihc9t6va2uY5O9HS/aAYhzE/yTpi4v0e0Y79nATogpyJGpyM7CySz7
yns1s2fz2MO6sVwZkhqTBhUCs0xJO+6mrjBOjmq3VnZfXBljULbb3L34nr/zq0bX
cDpeVShCVOFLnTEMGOrkYy0Um2rV1WnSPb6S4hT+ZnQkdZLtIMOAHkJmvcm0DarR
KZO0xHGNpj5HY8cTt9VcsMVLcDbQTkLK04ekT2qm+L7q7Bj4RRHvWLXPtXFqNYCl
BpzFjRJF/0Vw9uz06jVMEocgrNTM9zKKcTaUC4RQlyOh2tVBoEYFau6nmL7hrYf9
1xbe6vpFBdAZ7mvKzhQ79GCLvIQa7BR0iZmt0J7E3yer0+a2nGQtaC4juTMFwyb6
VGY6Fcp2LUiPqPVGLKcGURNJZyhhvctY0ptf4kCv/znmWjDTvALoaNfYPK85TFVJ
NipDLjISwC4BnjLptDZ3wSkH8fkpj5BOF2tytzA8GqOidVS90zfZlmt62c2z23nc
/fgtp94EwJdrrVr0CZMjlm5BQOrNyjwu1RbT2fblsEV1VyFo3dHZdcjsbcQJ/n4Y
RMXbjPubIbr30yDfkE81UfD9sbaJ2+hYPwN4YENDrFBDVe+eqny8ESYTt7FN6Fxs
4kr80LI95mtKsqk9vFyoD0IlQS/MHG2gwTNDkwXDoYmkoCrW+dhSK1qpZ16hlu30
A9S/S1qjY0VCs3qvivVFWe94av76DILMuOVOQCqyfLnW2A+pVZWD9Gk8I9Vp6H4G
e1nC36RCUWsbXxY4X4xiafckSzVK9/nW5dAdRA5UGNtHc4se1GFtNba8711ojSFW
IM2QN5hK5XFb3jVQFkB2xOKT6Dfmglel8yJMt5EqFE+ZR/SpWlw4qyOWZhDKMTtO
t8I4msRTpj9uOKVHIBHrIM6XJ3ULCgsIrDecoQQK26H0PQylBnF4Leg3U4H7kZav
Dcjn7/hc644WrYSweyRxuoOaeqBAIeBWvMhS2iQ5ZCTOTOg91J/6RFvz77g7IjJv
10An+hy+K6A6VuZmxwT0WpCoYJmWrYziAqDeoHWyoUMiMMkQ/hqNaR9cS/r6Y3xi
6JD8tEj6e+DeDtAfJ0EqRmJb9Kaei4GkgiTx8NETz/reVRYqMtuBXm3uC02V9+4o
C.3.3.1. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIOMgYJKoZIhvcNAQcCoIIOIzCCDh8CAQExDTALBglghkgBZQMEAgEwggRbBgkq
hkiG9w0BBwGgggRMBIIESE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLW1pbmltYWwtbGVnYWN5DQpNZXNzYWdlLUlEOiA8c21pbWUtZW5jLXNp
Z25lZC1pbmplY3RlZC1taW5pbWFsLWxlZ2FjeUBleGFtcGxlPg0KRnJvbTogQWxp
Y2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhh
bXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTA6MDIgLTA1MDANClVz
ZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBTdWJq
ZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6DQogTWVzc2FnZS1JRDogPHNtaW1lLWVuYy1z
aWduZWQtaW5qZWN0ZWQtbWluaW1hbC1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVy
OiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBU
bzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQs
IDIwIEZlYiAyMDIxIDEwOjEwOjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2Vu
dDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L3Bs
YWluOyBjaGFyc2V0PSJ1dGYtOCI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiOyBo
cD0iY2lwaGVyIg0KDQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWluamVjdGVk
LW1pbmltYWwtbGVnYWN5DQoNClRoaXMgaXMgdGhlDQpzbWltZS1lbmMtc2lnbmVk
LWluamVjdGVkLW1pbmltYWwtbGVnYWN5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGFu
IGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1Mj
Nw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2Fk
IGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQgdXNlcyB0aGUgSW5qZWN0ZWQg
SGVhZGVycyBoZWFkZXIgcHJvdGVjdGlvbiBzY2hlbWUNCndpdGggdGhlIGhjcF9t
aW5pbWFsIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYQ0KIkxl
Z2FjeSBEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5l
eGFtcGxlDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDAN
BgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVs
YWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQ
J+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+a
uzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVe
A5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShp
lcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5
NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+w
hUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgB
ZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
CgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8
ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq
hkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2
XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxG
wy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/Qs
hlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8
PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K45
9CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdB
BXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0Eg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5
MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcw
FQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2ju
wdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQ
wXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO
63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf
4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I
6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAA
MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWlt
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAd
BgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcX
DKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqS
Q4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/K
tmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVf
nbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/R
CGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4k
m3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2
cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqG
SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTAw
MlowLwYJKoZIhvcNAQkEMSIEIGWs9gV/QuaugrUGnH9XPHSTaYsVGz67wo36lLeH
bXWVMA0GCSqGSIb3DQEBAQUABIIBAKB2tUkLdlI9F5Qa3JCiLK/6CdSUxchU91O6
bEOsfdOoWwI5LkLFHQRhfXoPSSWQ5nsvBTI7AlLEo7sv6BKC4sMlB8zhz0jQrAGz
OGhFGUQyM+MvB6CMLO5t4+e9eUEYl3bpviUqaCY5vvJes4a/YMitXrwqSO1jP215
2UkU6VxOPw1bR8LG5Z6xLbyxVS5g3a+4xt+O5h1QgZ6NfeIMZw9bMnuseY+FKrq8
aQCGKsGvNXxZ7Je+D0/EzKDfrG+cJmy4j6IK7bT5M4Tdt0ACJz/Mh/AMyTBpV2pZ
fl2468IivtgP2XONRG8vWjtwQH4K/CdDiZ92og2FgnrTzXZj6fQ=
C.3.3.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-minimal-legacy
Message-ID: <smime-enc-signed-injected-minimal-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-injected-minimal-legacy@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:10:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8";
 hp-legacy-display="1"; hp="cipher"

Subject: smime-enc-signed-injected-minimal-legacy

This is the
smime-enc-signed-injected-minimal-legacy
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_minimal Header Confidentiality Policy with a
"Legacy Display" part.

--
Alice
alice@smime.example

C.3.4. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7910 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4840 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 972 bytes
   └─╴text/plain 320 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:11:02 -0500

MIIWzAYJKoZIhvcNAQcDoIIWvTCCFrkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHyjHHlwzp1wvAGnGKS7xWECWH2C5kgZxkH3
PyNFQu241MFBi3F+HFDmQkeyWuPmBv1CkxoGbGTaWHd/MtoXek1MUehaqFue+Erk
+GMt9lwybJdVaaDzccyY1OFBfLJ8kO3RnqqroCILGjWdP2Nvjs285pCqnNzrlJV9
rBj2JC/DkAWIU71ol5S65bR3FY7REU4XoQgXpz9JXwR5CzbXyjWcBnnSmjtrQ4r/
aucrTqYJsilmZMqY5cRyyEIWUdNW5xd4JZsiXiTFt7F2IhO73XcffwYET0TnPhNC
NKKviev5y37enVnKo24/bwnRUFrFrZVYZqH/8/YYdHpU9omUZbEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAnl8cK1bTcwpFR7BpG+LN/tm4
Jc1KnEvxvOWaW6KrFxifwQaE/kkbsfSQ2GsO0AhYLKCyhd9bMKSNfpV2GGALjLjO
7VjKBBBoGh1dgWJc6TjVdP6DpdjaIRvnQOC0PplYnaEjOoDc6kvZO5hg3pKcLkmP
jY8gYKdpdlr7pYyeZOQnj9D73vp8zr6eEV4FIl9oc21ZLXgXTYPw2uFX3TPS2TFU
BRSQxZ/3dTjZEOl6C053rW5MmkrMS5s9Q4BycsrTiNjIKJvhcA3hCARUM/uLPOv9
zoo/v+P3vCyuyFvnlQ7f6BEqTvXr05FCuKIrjvUJ4zvn1bsKNPQOuoSTDlEcbDCC
E54GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEENtaAOPfEJnw3pPj+aCqQ+AghNw
3wj/UQwYegC5zVwoQb8keNKs3w7C4XN7KKVO/ygXKN9n9XF3eJ8vteyyIYqALXAp
X4lRJ1UGcJDNMpKu14sf7DSpRGpSJox65ZSV6jTUnGW8WGWnnNm5otWNgM7hCGOR
z3U9aLGWSphQgMrQ3WJFpmJM2oYXNKsSZFFjyd9odlPwSUwLhcyMuBO6ovkeB38t
HMd75uBV7xFd1d5BtZjgD8zdNWfak/dBYA4+FCNuYwzOM7LuLClVT0MDT3iew2Cv
qGL/l0nzCT141THez68ihJSox6tUTicN1Pc8AkGgWtmweGx865Qj0PS0tZN16Us3
DG3ouipMXgo7xMYR7jiyaxthzUg2U+l5qMbbFJo/3gxZpks1kJ+GJRbtEhI59xnz
5ZT0DbEl+shYBswKf+YqE3+bfJkBy7RSN0pOEzW69nFy4i1B0pf7kMxzEzbbTrwj
KO07yIm/+mqdzDoaoFOX2Nbf1MKXcNgzwhWO/Te0uLOIekQ5hjz/9skkPJxL0wRh
fQeCx94fh37+xpevfL6WN/6+bBfUYD1y4r+16zQ2SyRi4b2Hx/xgwrqXb0mQwSq3
9xlxiVda2AMN/REqZNvTW82xbEQOw1kO6D5SSTS/+RExkXC3EYPlYRCCJcQlENRn
KMiIkVwXqa93s0qAoy5mhxDFO5RbFMgvBCZYcr/tKNPirnf2MmXprPttNf1o3EED
tB6iwvCCEshvS446j/0WZ6RKpSlsZLXuuOIA4InKUC3DD5zuL0P6Nwaw4kmiBk98
fS+zmvfME5y006xHJLXUysMyzWh60DzagLazx4hrH6AmAaoVhr0mK+2koSR3HfWc
CJ/RYxa0wjUvUOdyCVEUW/45FQC7yuMgjh8cXoP+tqqL9NC3YVx/c5BkNKk3vIVN
nuxuOg4DT486vgaPpljNk4vc0npeWiblEwyDUxsyg/wUoGWuYxv0xQyIjJsbN5Qc
ETOjz4veb8XlysdVCB1eeCiHNCboVQzlxHdQwq3DvH+img8WGcoXIV7s7F9ke/i9
lNpJXPgKhZJrZBbA6WkpKB3/ZImarXBrWz2TnChgUlU9OgwCi7ae8oIVUv4M6Cw7
R0TghdX4li3BzrpnphQK95nRjHL62rTtdF2sjYd5Bc+1O0C7gzG6svPe9ot8OMS3
vP4n1762C6WWDIRylUmR+FjqV3qCOJv2lbYqGvoid/LJ8ox02YetiGxGkK/ZKo8l
KipTwF2prhWZh5OovhZtD9WHjT0dx5o2VSonquQklUoNZpplmdmokdOwo/KB/6wI
7ppjzny/mxJ6mc+84gsl139sez616INLaFRGHGM1OhOhRon17Xs7fs35aACHjTlB
FK+ZMtobPW+kw3g451XLF/uA1GZkNOsHvcTOVt1aVl24C81hIgHzR5dqKHdiXZ4C
7onWy98TtGq8PlSwH2CG99TySctKdp0y06zx8LAbJ5W7JLMAHwIQBfIGlu33Sj1i
1EzSj5h0nE/Chk4YuXdEvkdRaOquvK3mupnnEVUP2bmTCmfI9v0yeTi7DKAbQLJ6
ZG2ICXDtfvxwOJO4K3Znyi6oij0NCX1w5Q3JGTiLesdM+xZw4QL8WJmy+DbDf2Fl
Ri6y39seOhSB5KeWzAJ1vEzlDW4NzgB/zaMV5dKvOuNbMQ0XbuTjS47vBY+j4eg5
3ro+7z/VrMcffhDgajk4ggJeO+WoSCRC934+Dd7RwP+rqseNTEb3Yy/gx3REOEXT
sEQbQUo/y9mNNdn3w5Hxpq/x564rJkMp00bl3vsLHg6VGYdQiyN+Vbd+cMuxBifg
xk+NYx/3HyyVzG0QsCIFqTedhFLySR4cl2z3EduA9TC0oC5wFs2dy/fTn4jxBxhp
jGxoRlPhSik0i6pZs6ir/G+bD1xlUI/6YkixmUVmhY4AlvYscxob6wcV69EEW2KA
YwElt8kGc+IwNO88YqlsNFvJMszqzh0e36M3zCfvPdXhsjdhp2LTj+U6CL9HU82y
95VvAKn/zn7YmzVBhHJGhvg7VY76w0rwWlZbsOkMVBfKkQ1HDlrizJZKXiXNE+9Q
4MoihNLFuluPpZi8p6NGo7d0J9XtpnHrsondbEsq9Y0itPuDctX1DDUZWMxm4Q3S
CmHa/7rgUadeqHjtn5Yd7qyxCXBamTPSr//uhg2toCwXBGuEO3mqN8I9YPnVymMP
YptN/18uC5VwsfS2YBdP88oAJ0t980taoUEY7uPHSN3hcm9nO4T9UVCgxgoKico6
O/tdhVrjyH8o4a1U9SXKatH1GdA0wcga66UYfIwdRecBWqkVN+vkmq6f6EIxbh8h
GGVm958U5U4fRTrQqzSl8RV13c0aoql+Mng1CyryGDHKu5k7WTjuWWvEsA5rU/Kk
2uZbekDaBBej728IsdiiIKf7ojytkE+wcRn10HrZyvmWyUJGXzWCu3IVXt2v5+xu
UHAhTFgwLpJzVpmNFyJKgp2ATsKbRoEQrmqh54Q9u/BJU3G8jUmtwvEd6rUUaU5c
xrbwx9IwabLuW4r2fPYXaHFQJIQ9aaVunZvGMhTNqZPW5VPM9ubBZPg7t4Ftq8hJ
vqZhXecAl3Ls6eXqcxI+srvIXiBXtGfe8l4howJ4m/iASBwReNkos9/xLeR8Drp2
qwPQP546FJM+EO1UkKotO89ot4d64u1uHnB1rld3rUvpUv3tEbE+LAawGShQSBKC
P34MmK2YWHzgwj17VzZahRZdJz6E2vEx/09Vrs4uhAB2zFlcZqaNcYQQYVVj23pO
7FLNNuyP6V6qTEx3zuOIjKs/wmQ7ecBypadk3m7iMqSDSkXdDEkpGLApRXOJtv+X
EuiUwXT/9oA/cMq+ybQjT6u3MkNlfQ/D1LsL+EdK1iOVNUmPzNZ9Q88MCwEfDJMX
XOQwAk2je08LV/mhtR5fblAG4nWwlEcv6TCpf9ZkWYeICfA2Gx6xoOYhDX+hE761
cpSwt4cCr3Ir0CqFfDJF7qjf4/X+CSkHRKBAtPnJsB5n1e+aMm7Bd1nDgovPtd7a
+oH2kNr4anb2/msm+jiYhCq3tb/vK7U1t1qrUuo5vq41i1/Yy/MhrtWSO6FnCYg6
8kO6+Yt2IxPJRgyJG77Q9cnLuVXRHnueOF9bsATwEmzsYYscas41e/0lqYoOvres
+KKi0THFnbqy546W5oelBVjrDF2tlVzOtnVAK7jQvu8JqFJklBeM7vO6G3VsQhH4
yGO4zfmC9ghYHs1kTS0KntZs7wx27Gw51NL0QEEaw/v3Tx/3E+N3hTURavo6uWwf
Z0ndX5cbZLM60ibw3YOldl2KkViY+LsQK8Qv5uyRc38MTI6D6y7JJyCl8RTS1UjY
MbtfsriyoJH0PvpeKY1y3nPeDJzp9z7zxYn6p1VP3Q4VGeXRz5TgIpQYDu1GyQfr
zjEAGF24nT62U3aPMgIWChClACSA5jLQn1AlidsucaAxF+4QNfnMHNtvzx52zw0p
4ZIWi/SrBXOAilrMruYdTI66KTP9eCczddAhDp4lrw/e+8UmEK5t+WEo9Tzdkhbk
BWIvnzB6ijBFuJpULoAYD6xXHoN6AfFqKAUlP3goupB4WyZ3W6I4UTr3NvdgAYp4
Kni7yjESzgWq+xPZ5erKtzpeufO3LEyXdjnSxavLKlzRDTr5GHB+1eOe+7AK9VXL
DeVIWMXhzMC5+79mYQwgGhhIcfKN6z5vHcs12eQej5ftiZiPBAUfS3NncDWhXZOO
uMTM//nWB4lMhNNo9QlcjW7cvJ6Wd1bwLS7pw5bjndeF/b5RjPJ9XFoHbjvl3uWe
tUt+zaQvOmXDz+HFhYKce2WbkjnYPPpEpPuL1f592zRLAq7N1VoTl0RcjCDL45E2
naAgzN3cUKexR0TCFPFlSaNYebB+KNR0CIvEGZp42KGTTLgL0ywYrxKcf003hM03
EOXJC5n5btH5PB0omYAw5SytkDvkHDz1O7q4sva/gU+dp4xxqJ/1Bmkfe4CiHiFz
IMXyrdHBOxyyqlo0ucEW2pt2TctZjISdzST8f7f5KsW+hoyJQYynHKGM9AaC1dt9
LgCyI1CumM7RjXD5pFRymt78fKyyl3ATZVSP7l43GGCCwthyOKKmJcBDENQhQ2F2
rXoBmWArgV3m4tmRKvum7mEuvdCQ3k1cDCgJWWZGYwaIQHQKu012dZBm2taIEJc9
Xf/4KUMVoNljPEyH+0FaXcJt1DpLX+PhHy586FU98KwXMe6pcIVfUP9KPZy5fdeh
2xHElif2eUWhvBDbmtuobstN+LvHkmL7BQTqLhYF001nHWqsG9SezjFx7bagZ/KT
3xhZn0F2W8ua4oGTr2h4bmhkC+PhWsjhIxfCJtTQ19wwudXsJXRLG66Pz8vt1m7p
yx53V9TjDOhKXkGPZxl+QI485ycIOXmf19CmvG9U0sul4psSeckFiphRZNhMjBU6
wLAJKZBvVLKk36M4s2FyAng4Bng6G6L30qF924ae1DuZbVhe9Bo3RinSZ9g9JYR2
mqqc4EhcSCHvpDaFgA3LXb6Q/JFw6Cdt+ZQWqQnFlyqU5Kpi99E+pboUiNsENpLt
osqlKJr12vBcEZb7IdsKH7669i/D0d8JChZwFEAuoQ5tpHD9hXTZXV3i2MTtokoT
Du7FY7ysWVqEek23w98I+DY65r2Ly6qvp87Q609nBgU4aCZs9+3BQ0/LTa0dWfSW
b+2Zctys+IlIl0z6f+9LbLrgU8f5j9Q23Oz2INIkrajdmvU0ShdaG2CemkRJl4BW
23Can84/5O9nY0IyUP0yPh6vE+/FwmYx286Blg/ag3p1axeyLqqukqwHRsgDBz54
AOLVpTaVSttp5RpHy+QCNpB5iHiB/3aRPDKteKG3uyWSPkFuVzX5cbBR3FObI9NU
hJGBJ2h7milBveBnqPKBX/MR7zrrVOYLsBSbhIMHdDYoOjpH4HjWvRsXoYSNXLx2
CnSEVaiYNScnhtSacA9Rrx7G37csqGSV2ViRPkwTVpXYotX7ULZux300Ga3EYgg7
iYp4RBURGogsWR9TDAeEGqsRuCD3WyfzaXhtjPuDLmHWnH3GibXDsYSv+30G8M/P
H3wkvzSRWNXIbaY44IDAfv0/0mQnMscZgSTQ8y6yokwio3Tjf0JFv0309EYc42wr
2RFdCg1RV7XhlzguekNOjTH3o5NH/e5HxDf1rmGO2lGflYYqzss5IsRPXQ2TP7Od
DYJGlju5wP4e889RRX23Q63VEIvlK8h3VWSnv6uJN8jEdWM89tABrvzjT4TWQctn
PlQT3bn/cyUnrmJcoLzEukQT9hUOUdjzaWbeRT3BDxYV0BWZI1wO8BLdi53yjwcV
gSISOLh+CJkYu/n3p9ths5WUPu20JtWAr60kgsSu0KFtzzwG0x/FAhwmA6wBjthJ
xC0UC3S6NUl7/FNVrpIQIoKJUN7wLW4oKdTmJgt0YkkBpt5AL+WC9LTMok92uOx4
Wxk2YFNvJaJylIIfoz4ZEuUSejOpIbxpOxPsbRaiZMrN/CWkovKDKTEuAhBpZJlP
2yebWaod7yM9gdpoEJmTLuHO+JvZWHbH09a0mZmdT1SQRAZzd7g0Hbw7e9LsLTax
q4vDma8peQI/eHPueRzY6ymcGKKkcYqVg7SnZSnTur8QXy14dGfUTHCLaZl0m/QE
Bcrh+YvabYmbuU3gJjyceOTKS2CrDl0+9mWpz48rp+t03vmvs/raJqA17HlG0zZj
UzcAwKfFTyj1N+fgZh1CFL3oAwfANCwtaJpKv+KF3gXcoyFkqdDaX3vsfIjFOIXr
CT294z/F1Rb6jO5JK83qROyXrI0RfJXkGGhj8wG05Dv0ejcIVxmgC/MDgd6Z+RVd
5sn5rbQ9DDND1MRBJAJP7kUfpNc3aKG0QMyCXVGD6bs2lLwtzmCvD22jul+8p/aB
laBySdxssGvkNoxI9iqtsmC8VvPpcYMPmucDQl0bob0+XNlO2TR/aRBdNG78hXoq
XKoZdtyVAyDla6HL3J8yDKOj8uxbtKAdMvGIlvPOQQWNvNbYOL0l1MqwFWghw4HW
+EkW3hKakqv+PsJ84aHqFcAYHfujfguMHsSjmnhm+y6TzXJb+huOrmLfD0dnbpMw
acOufXQU5JzITIhrgLR7d8PZn8mFvnTIo/oxyFtrB/x2oorkARyANCv5euw3yswg
N0ZtPV0NJTKkK2pjhwAymkCRV8y4JOmEc29x1ClgNehDv1iusyQwVNpiTKRAI8qs
WZ5Z/9jTc23enMFt9KKWqI29TGFUZVfSVo1rR7bF1Wft1rJgR/ac9JBQobbPcx5l
q6xoE759cEM7ghZHL5vfGoQE4PolbbG+3H7He/8tyI/KY/1vw9xHmd4soCca4csu
S+Asr9b0OORl6zmmdCTsYS/F/UZ/SXMrIaSiKxmWCx9Lc6Ozjkf5OuDaqDPeHEm4
nPYNjasVofNXQXhgEoXwcf5amgVU4WnJjgm48kq9F+mD05DoETvoqgDAYLH2MKvu
rM9WXS29QbMowC0Ks4cWEJahmtm3tk6hkl68d7zVnG95SBQybAvP3JTvViUdNRUF
eMxHCxDefRc8Y78caXhNOnd+8SidzLSQmSI7l+cjOWyIe5r7zQ5YCNCsKSzg/Cv8
ohDT2rImWfqhZ3BpN8HJ8FFJNepIo2MRkgWXB+30fng=
C.3.4.1. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIINugYJKoZIhvcNAQcCoIINqzCCDacCAQExDTALBglghkgBZQMEAgEwggPjBgkq
hkiG9w0BBwGgggPUBIID0E1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKU3ViamVjdDogc21pbWUtZW5j
LXNpZ25lZC13cmFwcGVkLXN0cm9uZwpNZXNzYWdlLUlEOiA8c21pbWUtZW5jLXNp
Z25lZC13cmFwcGVkLXN0cm9uZ0BleGFtcGxlPgpGcm9tOiBBbGljZSA8YWxpY2VA
c21pbWUuZXhhbXBsZT4KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkRhdGU6
IFNhdCwgMjAgRmViIDIwMjEgMTA6MTE6MDIgLTA1MDAKVXNlci1BZ2VudDogU2Ft
cGxlIE1VQSBWZXJzaW9uIDEuMApIUC1PdXRlcjogU3ViamVjdDogWy4uLl0KSFAt
T3V0ZXI6IE1lc3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2lnbmVkLXdyYXBwZWQtc3Ry
b25nQGV4YW1wbGU+CkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUu
ZXhhbXBsZT4KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPgpI
UC1PdXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxMTowMiAtMDUwMAoK
VGhpcyBpcyB0aGUKc21pbWUtZW5jLXNpZ25lZC13cmFwcGVkLXN0cm9uZwptZXNz
YWdlLgoKVGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01JTUUgbWVz
c2FnZSB1c2luZyBQS0NTIzcKZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0
YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbgptZXNzYWdlLiBJdCB1c2Vz
IHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lCndp
dGggdGhlIGhjcF9zdHJvbmcgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3ku
CgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQqgggemMIIDzzCCAregAwIB
AgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQK
EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBT
IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8y
MDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwt
w/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6
rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXm
bk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcA
x3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnl
sukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB
/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNl
QHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQD
AgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSR
MI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwW
pAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3W
qMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxOD
Wq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFb
Zbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4y
iuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L
0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZI
hvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv
BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
IBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI0
5Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0Fpfg
yC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPE
wjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNa
u5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsC
AwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
ATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsG
AQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ
0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcN
AQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNw
YyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhy
I0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/w
vXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5O
Dxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjf
rgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrO
mqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ
KoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTEwMlowLwYJKoZIhvcNAQkEMSIEIKf/wri/
4eq8zfmhxRsyB4DVmnTTFiuZFrhaLhmMmui3MA0GCSqGSIb3DQEBAQUABIIBAHSF
HqBeNZPrn3x3cNcjk8pfOzvN3lZwnwfGVzMr5jjZSjj1psvFXoxTspkizofGGedX
VxUcISvQpHrTTb0OKFggrskZpRSH/XwZQPchIsOCzSML8TT/Kxn6Mvh4eQrCVZYV
8QYAOiGVPxQQLdkS19l4+tzNEHCqwDEIwM8vWMvLCfbyBe9iTq79i6swU4G6YW1v
SCGpehn8IQUjBQta71Imn0yTLByoI8DZGBDXv0mYQf6zpB3IoWcxtQ2yPEkK35YV
FJL1h1oRmbnt9PseV8GoPjTIZUrokOStRiRfaA06pb3n+vQFleFpK6Fe0ZApQETH
3ChaFAL+9V8b9PF4cpA=
C.3.4.2. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-wrapped-strong
Message-ID: <smime-enc-signed-wrapped-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:11:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-enc-signed-wrapped-strong@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:11:02 -0500

This is the
smime-enc-signed-wrapped-strong
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Wrapped Message header protection scheme
with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.5. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7780 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4744 bytes
  ⇩ (unwraps to)
  └─╴text/plain 334 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500

MIIWbAYJKoZIhvcNAQcDoIIWXTCCFlkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADiZYmFEiVHQskX3vvJL5z5mh6DVOaCsLo6U
0oQSXzNBPjp6PX74Qw9ojOgZQsigQJzFBg15e2LorvG4O7xtPOfPbbIDXB0PYiWH
F+u9Xa1+Qq919dExJRRILz3Pu38h0tTJbTk3kHdfU6Qa/jMewAAur5lkb/LtaA9/
+AW8RQDSKIulLTKivpPfZuEbG8KVOXMxrzk/I58rzhUOlqefg37lgvR1WpqbLPfv
CMTdCoplr/vWPGscd9cwjuWaj94QQNIhBwVj8oNWVlgNMrfy3MEJBieuJvoYlphj
fJxHLdNsNtD7YWkIU8JiIJds6eaq795WXvaKxLv0G1kTPW3gnkowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAqKNJ00JoWcJTK6imDaxQfbN8
ua5uAN97Su+u+qk3Hy40vVzc2q3YA43OhyL9N2DE7mRAvbtSjJ2fEjXKwd2YwBCT
AWKPSlra0F9ZEj3i7Pjr90++4/FZlUgOEGflLSdQTJ4zXfkGYd+PzCP4ZDzoq61K
f+OTh5dMHFG5fyHj7DtG+ehUdXVSRNBlkHLQL3u8KXlMzWdqk+V/Q4+ZlXLWL5KT
hejtsUVagM6/MwIssd0qzRKfBJhWpfyCP6XAuoktFNQHxY4FX9VSKdbVe+TR1W2N
8WfFeyAmas2O6MONZ2cwLD9cOeCv5l5ezALaV5y31PImWYzReyoFN8opO+odojCC
Ez4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELUTGd2CCtV4A3TI7/kfCXWAghMQ
IM7+Cdvp94Xf0/eOF/HE7pZ3ZTffSVniDirlVihkyuNl9FqGzKXvRhkV1i35s1k+
kCSyElIs2sR8PMkbYtjsUZw870VAa4IoQdFC4ETo5chCc6JtZZH72qsUKUc54qaA
59wRpM7libQDl1WSPFT56b0HtA+cskOrmvkTqfO12UApZ48lTdeoCx9emwd1sGoL
lqe9nftyRqRRcQn94R+IyhRrN7TjqP05kIHUEgX0xQYYh75l7bIgNzTNQZt/noWT
RVbifmSzr6vJXmTfwZF4D9KZ8vuMZfQFm+Rp2PufEdyq4RvbJ5KKXOYdkGt+9EF3
XTZC4dc+ri5c4v3Fa7cjyjFFEXFeE4rp/P8o4TT59OO09fWrTWRcWt10kmKrQV3a
fLVes5Z/qSh/L+hWKXS4olXyXhitfMnklNiPtGN6CrLE1R/pU3W6JM2P7D2elQBR
GgolSoH0IYQkdIfwylCGjP0SMVeBchK97AOCVzXm0vhh+asrvZBpUNkeT+yH8n3C
A7xudEHfnh5A1O1Jg7GM9j/M7Fwzxtb21EkOQ8/0U2lcipobEElnEcfbkNzQ7+tC
1FN4Crc+qhUtUnU65T+k8pwzoxZ+YW3ATE6qPC9h2xFvZi17l5Ot8n/xcaUt4EOi
Wx59bz7P5mfKmOX6c38rLpNGzUZOe8FGnAFeXWQ25Twzga4QMH+L6GyW0nis/K39
R/3GY7+UM/YDzuBNxEa3Akhckgn9wqz4UNP5rBI9E/3bhz+5FXtc/yP91E4Du4ZG
OjRlWNcl3kPWtu/plfqk3rI/uc0KhOE07xJeXTH0Mmmoz3TjUBmfLn66udXcJcM8
ESm6yr3KwlkSRrTA1cQp1/dGyTRsery+YrdTV4ODiMCwx2IPudHqhGRMc6+WiYJX
2BikavHg4+72bHCb8AYTevbbXFfEDBJDRoI3bVm52HpoOCWOS87oVYmSoHxcp9Jr
ZABkfKonHdckhZQDA+WEHquXwQ2qyRS+KkIrQn68TGEjS2vZIRfDYdrRHDc6yqvX
qm1EGolt5ZqjZYrYmDKPGKbcxuzgqZTF7/ifNMqEELVHkP/AbTupeNSON4yBmHmr
RPQpoGwz3pTTrVqlsVrdjJlp+sjGWbSUkBfnMWERfsq6jpTHjGpWnpw7DnM4gmGp
140Qj+4g1B22LRns2WQI0HHprlRAKf8e3FxmephnA3z3cgXSwGpyxx27anT1Bf0f
OppD9B0FB6Gppkx9b4rDwKBVw/+iAEBrcK5hQ5y26w204QhXsaXJgH4cX/9e7zDF
tMH+Qzn6fygfzpnAFSw1UW3xFjPxJqIr2nPdg14nSNjk8BtXAscl9yEilEy4h6Y2
SvQ965ZHisunmWIeS39PM6jItG7UjsetpZB7kj7V1yTGtz1UDdAhj+qrQiU40ABi
Sq84Ix9/v6PIfeb3snveHDAutV4IVl72nTpcEL63T96pI3aeQS3RSjo9zkYACCU4
jJHQthVxMZ8sEzCJC+qgxIldUnGI5Foykqj3F33upKGq0mgddxxEqcSdPQGQGY6b
heSjhGnQ0W7QYrbGztPLzqUEj0E/o0Gd5NOMYDcB8AoZh99cD8DMbzkDOUe1QuzR
YEzElg8RMrkPRT38P+QE8o8VcmcFtzZXITXy12mnRE0eQO8L+QrHuay38dRWuqUr
YQyUQZJqAvTEM7YNfUj+bSePVUPdJpGPiqtp8/EKjd7FUSWw4shT5aQRgK5HUsGS
5lvDd/STztPdbEbXNvKcecwNjYoIUofMapu1kUqQDwCE7UR5eF0qiqzWHPOJRr2P
QV3AGj2mQHT/c/6kuImEjzwvDIvTF4/EmXGsNihWUMn0FnU15X0qdZh++b8bBtvd
p9bpWrDbGOfnzOPJN9ukCQcina+d3p08Db42/WW+EHegZM7cad86G6QDlBuAwEFO
XlWGPp0K6tvOsbQjR2VHi5hlz+A5bhbfAm6eiF/pg9McWOOqXr82VWBMJAxq6kE6
gVl09GOiO9tCN/uU/dIMq9Po/aKbsDWIdsH6qNlWUd2dcfVLeBLE9cZzZraCUl64
1lNVrlxAz1NzhfRcjUZA3QdFCTiqz9yulK11BiGqMXl5YAhVDwSQAcg4Ui2hqwur
EkAPC6iEL3eLAadGAE+gi+OkS39fWUwwKmC8liDBLehCEdMvhB0ivlJKsRHOVVIW
lM4Qw64fCKbgx5BticzSzqoApjrKADOCPT7J74CsoVw5Hx4p7qRw5Ul3jWSLSJk6
lz93udANnqL2pj3QNn6Wm5h2hkOCpiuUFBeKyOJ69peMRsP94ASruvioecrMw2MC
OVhw+jB1vDAy1BtNGu2Uh2Aie7cxmIhfTV0m13FjsNKUmoxP/7fsXG8QcIvlt8hb
7OkyYb43dmu7kwrFPqTBHTMY6JvuRLWnBKeAUGr6DssXRFEkVUY9kg9RidBW/54k
bQU1CKUbUmC+ibmqPuBrkM/uHpJ63rQVvWhL38vLBmGVq/j0Zu7tZ9ZhJEyN2qfw
xmgYyu4xT4LBNO4wbok5amZlq76sKt4yPClyqrbLsCq5WDmW9/P0vqFmFtZ1IzpQ
0AFzb962p4UImU5olTfa2S0kOqiELjlBMG7AJaO5PY6zXVcXSseMU/mGz5DSAb9N
lvh5uZrPYuzx8BvY6vWDmScviWlw20nsipXiPrtLqtbKdBsaD1sugiqmCqLK9hg4
JlD65lqBQnr/ZkRPUT7QHfdM10Ys+mOR/vQyGyd+m8J7HamytkdMtrR45TpA1936
Nv1WRotlAXuqyW3WDuloMA80uHWVDz8hHpCTVyoXejCkjrmB6KSrRrPhczl1C5J+
1duLYgQ/at4Xop0R4cczSHc6aZQHLmyzP20OV150hz99h1meZCBlT648NlZnivZb
OYdinbQYGUZcIqVAPDi0sIrD2g2LJUGWnMMl3H9mwhM/QtcjgA7rIAslzNElGqc9
N1DLOB5F4y7cGdxfnOBppr69aq9DI7vcTGHUmZQNJmAHDaPtNuDXe2xwWICk2S3e
oepoa0XijXpNHd3VBwapRxvL+BAsMJQpeueEtFYmCqpB3YOl1Tf/E7T9bVAxd1+H
KJFjHMFiTvrPmO3cQiYcLNO2EQU9hg/jlpPsoZLIVpeCwuAK64AaF931b11H/n4Z
fN8V26qYhtxECpFwr9wWWC1iz73JO6CLUr7kxsPQlSLsLypCtWEICANCUYDPPnkd
sce8pIk9my0n/LOCe+S55dVb5TStyhOFNlegFbnniA9Oz9scBV4uHQsE4MtMSdSy
eTr4Khi9S+u6y2hhZm+42ZDbNtZsdRNHXIaFqsqPdAmeQApgiRz9e4mmORjcHeSj
sA2VxInJZHPyjtamPgssCrAe+Wwdtf8synwu8iuPdxq+tg12uOPjLqYEriY7PCbA
BRyG8vd0i6I0dcBM0aU+dRbiK6dgxBw+WS9xrc5t7HGDc3A0bU9AQoj5eHiUbM4X
mZPEoNwwUgiU4hd4iwX82v7QWgJNhVysMSwWtw4y6idKS8Z8I148EJUmxjbB74KU
uANm+D1r8nCtMpn0vFNwLlAOakbyiJ+6X/zs0ey1v3dXra0NXz4BxJY1ytN6cSM7
5tmW8c7xAvia76bbcY91RLdkDfevP2m/GHJU7wazIFwAFQbp4apIyqAqJjt1UId/
TfBkcU0Co9Sq3FONwXPdhbJumesRbNkCBc1eW5YaWZHCTC2GMWKSqcdYnbXwhCGF
gwyv99gv6JxWiBWKbWO2BUWOiQtP9arkEXEZ0IOQOeOQnnRXKgxZQfJx/gn8HjPp
kiqHmaRH+yYK5sF5PdkWY+H0Tgrn35k6n0mkWtie76G8MaEIy7rFDygSSsuClqQ6
S8/Ow6v5uqQdFyIi/bJszAm1GQqXyRWCUSpaGa28SYC51Q2vcuNmq0buYGJeh3en
DeYimZqJieIISIkcONnh7DvM8vinaJFjdrj+l7i9o1eMd5vvF6dqqWk7uALjEBKV
AVGoV3+ohre051I1gzXQmgctP/xZqfIf5xHdfW+HvpsPBxPHqwwgAn4v3o4z31iL
WSSNXT/9ojVKLH+Fu96uJ7hMvrnob/8+g5v34N2+TtDmSou8/ddncBwIhcsAm8mC
AJP/2ZQ0TbIITRjCromTYw4PpTrefgq0KpJhFNZjvyaYeNVsWICq2XCcoFYo8XmC
cHxeujdRgssrFvNtvuBSclRawYn1l0AxOchlLxlEk3amBVng8+hUrwhkX34q0PP7
9pf4b3Hf3aZuIIeEJS7Vh19Ey34Ssgk4HMX12G/JcJgVTGwkUCw2LJcKQNLG8N3G
AvisjrAuBSrnXdJZsu/TlqPYHhNEIXbEc74eqAcUlnLj0tvv7gf6F5we6C6nSBP1
lp3yYmj3WOGMjRBapxFqooTC7aCXBiMaeTfvDKtGxmsdzbN9Zp/Px3ZcPZBxnS4z
mTL7pukXN9cOMLG4VlhpJSn6D4rTDw0kFWOoPfhT7pJMHyvjwfQKmlkUQUUk/KA0
aEc7uXEqpiQayR48QhCysS88NOGWvQFFjO5wfQ7WgSv+TPxTUkSOJycSqi1Ed9+0
BuQdY3IvJT6EmiqA9AXwEB2HVSkP0Bp2cy2Xq2r6LKfWmj0q9T5i/21myNZkaxYP
WJP/1TYTc/RClB+nXypLW/RrvVsXWdfPSUSWkiHE9zLpYirzSL42l+DTT5qegtXX
KC4fx1v4pJojHy1Kw2UEUZsswGEA/M3l+xhRONFHT0jPH/+H3LSxAo1Zbxbqg2WS
BM+AZ3R+aQFWCXW7ZemQHI8+mxR9KIc4YFK8IV/HI82UyQILkmifUrKPT1c0uWp2
+4s6p4Ds36laZDElk2jnyIUqdw/d59N6emtq9na6hiZuYEDL5bZnEwmW/cExpWAR
Ha4Nhb8FMiU5dTzRVHFWgNHoUBlSZ9KZGM5ghmXiOx4xuMVnsf3jwBkeavHECdbi
NjtjLbBp6OQYTWRG5aSdeAex9p4gsBY70yDRbdIdDc3ZpoSXxK0/vOUFM5rYAd8L
aA8mby1kcsl5U5RfRfiwVaMFod/qFy4xpynCAZAco2wVQWVWDme093vVS//HlXDz
qxagAfdH9xl2yhrOrVb1zuCFZe+7ZOvviYP/p00tv4lx1TRZVQnFM8iclmNc0Flt
MAOaA4x1YPj+8VYfwWKSK6u20TJKIlYznu2NzOE6ktWenODpUYQ1lKtbIzGbUJJg
ahJ2EPsXUdPhK8MBzZUj1yiYsW2vOu+xBFKoA+mJU8gF+KF3PKNfUPRr/7lTaAV0
25bsQjIfjBOaF+jG1KBbWAicwIdZxCskhIkUwtPP3xuFL9zh4S658aaNfomVle1N
WN7AfGPdxjilb+anrwPvUhmst5QagvI44q4JghKw3cBcvXUzMsIP2SMgC6WB2Y2R
XOFZ09lzF8+LjIuYQ7zBLztxzVcaUBnaY56EB+RxFPwzYlEGOZXSJXlGux3XpsV8
kw9zn5dpV+amQlVpI/5LHXaSlNNdesm9WpPESSS+6d1gMaxG5PgUxIPFX3TcnwdQ
lR/WsXT/fWu82LX5Z5LRYE/HqyEJsI6I2sdIKRxPGJro86Un6133hVGWszCJlMye
IYzUqLCxJQCY9bGABN2iiup4Ht3Xbn6OEOHQImq3LnVQ4XFpx5zQCuV9HH37xtQ7
3yDi43UkYqBX1chQoOBey+A+n/JHkOGiQThKMtmBzeLcO57+2XKIiqNTM43igNo6
PeKrxEDvCKZTRTaXVf3j6QcfUCdbHT6a2a61svr6/n+Jc53Z5RcU2U/O5HHZVVk+
3J9qHJTdsfXALrxscEaOhXN1RVwrNw1bExoftWXB1WwQ87RqJ7/o6V/AOLAbbYmN
YuB8gEYoLwjm37R8DT5AHZ2iwdpC1ZYSBLbkMOn3J130bHdgaeW3rq03fX86LybR
C8C1kjU8Rv94OTkP0pJ469ca2OgX6RxxF/GeeZLxwcryGKRrkyz0TXP3wqQs7AVf
/W/oMbKAtXD4ddzDAKEq4gFU04k+1NjYeyof9jOhY3v5Qv0pnds2TP1/bmqnlXcy
dumk5AbAXPAehYpAgU3L7cgNo+pCPAHFi1tNHAB+Rpchq8PZRDAGc28ATwQyQACu
YG06FH3xoAzEgjT9hq0KTbmG+TIMw0a6OxktP2SO5SlUi3HMPNMJInWjDB+9ocib
Vmmnx+PESxRdXR/V4SmMRfCbHP3UZpjZT/sa0GTyw2VKeXFjGOIgK6gb4GeWiQj/
uwct7Aw3TnRVeGltLsNTudb49uelWm+BraSbKPLMsQJ5iwBfmF0A2DpUovL28exG
Cig80cf7klU6imSDGWyDcOIHz7Sgud0AxC5IPTGv/18kST6C4Mn+9MMCIHl1OPi9
ggok7WygdLbveKAay/G88IwItiPra779B2gGZ/OcsdpZmgk3CPxVTlk4WbgrR1fy
2zolYiQEMzcTbxpFoL9TtXigZz1Kc/rEiRpLOv6jIzg35v2bUH7k8oqsfXAUNiEa
BXbWDCKVnwCG7Wwntr93Nmn0UsKZkmxLeE4WCkkX1XY=
C.3.5.1. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIINdQYJKoZIhvcNAQcCoIINZjCCDWICAQExDTALBglghkgBZQMEAgEwggOeBgkq
hkiG9w0BBwGgggOPBIIDi01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLXN0cm9uZw0KTWVzc2FnZS1JRDogPHNtaW1lLWVuYy1zaWduZWQtaW5q
ZWN0ZWQtc3Ryb25nQGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUu
ZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0
LCAyMCBGZWIgMjAyMSAxMDoxMjowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxl
IE1VQSBWZXJzaW9uIDEuMA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1P
dXRlcjogTWVzc2FnZS1JRDogPHNtaW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQtc3Ry
b25nQGV4YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1l
LmV4YW1wbGU+DQpIUC1PdXRlcjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+
DQpIUC1PdXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxMjowMiAtMDUw
MA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCI7IGhw
PSJjaXBoZXIiDQoNClRoaXMgaXMgdGhlDQpzbWltZS1lbmMtc2lnbmVkLWluamVj
dGVkLXN0cm9uZw0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5k
IHNpZ25lZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERh
dGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxh
aW4NCm1lc3NhZ2UuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVy
IHByb3RlY3Rpb24gc2NoZW1lDQp3aXRoIHRoZSBoY3Bfc3Ryb25nIEhlYWRlciBD
b25maWRlbnRpYWxpdHkgUG9saWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWlt
ZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaK
tDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP
6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp
1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6h
AQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXj
WShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2
lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/
WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyA
KRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN
BgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1
u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZ
ncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fF
o/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmG
pfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO
7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQIC
EzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1
MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
I2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD
73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aR
phZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65
x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL
270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8E
AjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBz
bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG
wDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCO
fAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3
/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffR
TF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9v
sdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkK
TM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4G
Wv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s
1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1
MTIwMlowLwYJKoZIhvcNAQkEMSIEIAQnF4PppplKSOO8i7fj1dMsjzgZv4ZfwxaL
ZGFapoo6MA0GCSqGSIb3DQEBAQUABIIBAFktym4lF2xqGlPIGC53Dk4bg5zYOyU0
U0nZyl9uZ3bnGXZMRObUPWXEtlUqUTZluH8i5jGu7pFiUnM3xplMEShuh5mtfDP0
Neoc8k8aUghbkhZbmR7L3Dd+LnkrzQZy0UCmvps2PTMW5iIbL4JVrmLfpvB0cFOJ
/0gjWC0yxAOW1rHO3GTla1IZta3ulsW/Pv/NXkUjio/sR5hAtdJ/cUlMa+q0sFp2
2kOiPkfjtqBNm5HWd+xtGoc/b88/ROROIbVfxqZzBezX7IH0jWSUrpovp/bCaiKE
IFKB0O69SM/KKZTb/SaUF8lP+z264FXu/iYgiYwh1xN06D4ae0wan6c=
C.3.5.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-strong
Message-ID: <smime-enc-signed-injected-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-enc-signed-injected-strong@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:12:02 -0500
Content-Type: text/plain; charset="utf-8"; hp="cipher"

This is the
smime-enc-signed-injected-strong
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.6. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8020 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4934 bytes
  ⇩ (unwraps to)
  └─╴text/plain 423 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-strong-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500

MIIXHAYJKoZIhvcNAQcDoIIXDTCCFwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABUnjmX8F+S5sIVYKVE1TM5eKHgGg9Grx02v
RpACI9IXe22WwpqpefT+Lu3+kO9EgzCLtfSXbdG1lKnvXT52AKLOTobbthJaeoOo
7wtvIha3hTPWBc8YVn/6nQmLizbfPj8+pbdQD0q4kEVcrLaPdm33RruKMTsilxRe
Nz9rOGOtJW/MKZlGbqR77TWkGe7DgBsgWwlLXBEshMZxSMk/mg2sGExiOp7TTmdp
LbWmTo1uK2coeCKIQelRk6zckJ0uPktFAxR0pplBwAk5rD1d4A9CTrMKX/iVwLTp
RhM3i8DJcnet8pxCiQeBmpo3Es7UFCQM4f0bNxlFxPxbUnPA8RYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEANFWjK3BRfD+QnQDNUFuUaQRB
zXJwARSO5YPR/dWfM3z4tCwA/awDuykFWPwb3QJF4ZosGSQelzHi8u5NoF3Gr0U2
FdwPl/yudoF02+XUwWa36UFP4Ic89yv1tYLf38ZaNF6QzO9J8ocz11HTRk57JojS
BxRXZJ0Alm13ryPkoiAgYViswm/RH3qsVYObb9GZ61bB2+xSgzR1wqbXKAVFV2nL
8Duxzwhi9bT/8Zt526v8ZjGfH4IqTzPnlVnNJYo9tWQ0j3jcXR+CBFJkEMyqg7wm
78xD8dl1vRiZdGOw8nQHGz/OrrWFcKBZ6DkwSfJF3NPTImi3DeyxCcex4LVAKTCC
E+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECFs+domnyfX1X+NOdiuJFaAghPA
KWJ9CCr0LmhShz4MSRaZEPBc4vQuH8sFNTTGeG4GrnpdHbYb0gFDqjXPBldj/CHC
NW1o9MrHXGpukpmX1Itp84iA9NecWofYCm8bL8Ft7C3teBvClZroPTKKJeBV/CEK
yb5h0L95WwrxqwOzv98GybDRCTs5NKGigHUoHmJVjyZqp0DxUjhkkXQo5u+qtF9P
QqNqUk0oApUOh0NBV06+hc4ihrgIqnO3LSt2plHT98uMD8fYX4HX2VZU+OHGUXqX
15plLQxx+IcdQvUJAo5sHFuaEhbVXU9bCFJvYSPh4iHnrCFwPq+nGqyhFs8rWuPe
ochMIUX1CxVzc2IMGL77isi+QsYldNbh1JN4O5S7F/kk398l1aoy8Hd5mw2miBcG
jzVPF32nvWG7VJV/0bWTef5V1p03jV4O51DrjXeha78e4/XegTL/2jbIjIM/OHN+
67ar/JMpTqprA1qLhUD1bxVtF1s9ezXvUlgsy72IJGWYtC07TNb0FiAjaQ+kU+6+
l8hg45z0Q2A/oDrtHqaxCOy7nWkGuoeqLJqDAQoRdGUttCSIIAhaSgMh8omFe55q
n8i9wKXPSdbxp2y1C10GAKtNAkwW8acNOZgb1Z+XglNmSa1X6m/94szXpMcnaJut
ds1FOrvals4Nbq5knqtE5YFJOs1hwsfPjCq/+9biAfzhxW8JscSjE0O6q5eAoazq
128U1vFKunpWn4ef3iQ3VjFW3FEyFrLZPR1EY4yO4FsfpKl7hchzYxeMx9byAGFh
ukJeLWurGWArQnK4SQ4IS8CAthkMX886WTQIvCxHsPYxhS9O3JQ1MeChVlXZdZ6L
2czH7t33l8+J8dicb0vB6s6gW8E7BtqISqET1K7jd8rfR+HX2cAhB0DOEMHD30Kd
yhIBI4X3iZawftmRcmtI1X0wTOEn3zK4tmAmWjS2wbmV/9bd7mywtkmW+fOte4RO
DNLHl/IEQZm/6aMTKsY6xStox27qi+vJrDPe6gQd4g7hmBV4YLnbOyOgElYcV7ki
MNP3O4s6h8ow/8yZak2xgThznGBwOPfODe5BIHeHUbgC2WyIpPYv/2q3rFq4vohy
2xSAzlGLFIM51N0H3NVQjei+qC41WzTScQY24mNfnGpKrgJn5jpKaIp7uSTrZnWg
58BF4bxE2FN/MtKvHxnrPmYZwHWyt95kIxN5HP8djPlubpZXcw3Pl2ho89ffwPGc
z0iWNCN0DupQvxA77V+TJkxFlprsMNmFGzZfViRLkoILEnG/y9LpkbOlc4Cn1OF5
QhGQzI/oaneJKkycTvfhNT4uJKhxX1Z/vYr3e8/ZQIdEfw8tAysEOPFcurEr7kVS
IqUE3CxZCQJnnBLsOw/8WpQuAiEfvOOGHM0uhumM3h5OgrGQzmEIiMB+vZVbHFef
W0Tv+51Kj/Po3P+wexIMWPjaBjKm9fn+gk0xSG9/vpqIDhI4mouUk1adHkyVaKkQ
nB3ah+3dcrdGQgYXu50XBDETVUwSQ3QWVyD4iYRtiHA1VIHMgZWLlWZsq2nNy/x8
prmjD6WvoIOjCF4TbfCnwkiW9b12FcEqWpAfU9B+DdWavB8jk7NTgcqk0p7UeQck
LjOkZlZvEAHr7bSyeRELW8cuwIjsoAcaaD75aClqgTMfgcOfoqRgDT4f7o9/sirM
siXInzVfbUd6VNSqHz7V+yhj9d7+JWwuSb7Bi7VxQpnsN1qhWYVOpNQx4h8EFkJR
/wItNXPpuOfI90hZsPkEdifKFWZP8GJHaNBH3I6mOpJgSBKmuj6jNi0VzbbAA66/
/c373Ed6p+O3DmIlIqzrmB3FFDBtXtVX8FoakndXMJyj2WH0dHmrnzefxGZI5xDW
3BEtqk0u6kkjXNJu87CBcgGgw4kFP4ADFpv4PCFFWn7+mqbLgDAh9h8sk7mkwCZA
I+qFg6OmMbX2xQGZ0gh0qnM/pZ944XK+AP+JlbWWIW9gYhTTycg4WEh8L13wMtMN
DNJGifmrX7x5epUV2Vx6ZTDdN3tDld49X/IN30hR0BQSSsm0+v3YqHxvv4gg7Z9L
nmXC1fXiLz3ddwRlEk1tsaPRsx+a7qI4ZhmEBaWTqubMiIC7YWBUj4doqT+MfQu+
OEeCj92Vjz5MsHziMSDmUrpDO6HsErFUfWA9v0BCUS6Pr1HKRBcmhLEA1ppArYui
8II44cQMSDxEqQO61u/CDrc5PVa8hM6YsbBZoKwWJBMytCJkalds7w2HXVKah/EG
Y1UFfWhHouPYJo1SoRvuveK6IUmYftCrqcaij6k+J/epw9JjidamRAD0nDPkVNFs
JvyczKP6y66sBLG9rgJhMGkntg+jgaoxb/FguzrgRWvY/A+r7jolHaEP5FnBf9HW
GkGKEzEb4GR7C2JMOBu1I6Ef76INJgF14OkaPwt3Hsye9lomcA1G8q014t17DFJq
6Ly9QL2IrVsb5hcbeGAb06FXAX+8z0J2qgsUQO6JkG32MYeJLoZLxTFsW/9RQAtN
VRZXHOuoNc9bk1wgAFG9cIXM73eSvpHDicpgzyI5V8rh3Bdg0qnZwvAiYc+ZzlMY
rOwJsTQivCtAEh25m2E9m2fSWRAIOQEBlIUbBgQuK5p1HBm+sLoebmE1ZXpdjl1e
8wQuI+wpYCXGVlt27HjteN/Eb4/9v1fUw+ehHfOgGklqPIXqHH8kwNCus0hpk1hW
OvldeajnVYU2l7GpahoAp8r/bihzomaSq7Xev6H+p+pkPiEWCjEIbypbLkUPyR89
Oh9U663ZlSAULVEt+SBdPSV5jyrzKbi6ShGfYb+P49ha0yNEUwtH4rjKDn9W1rZN
nBpqGtLkAdLuIAWSlHbTsjiEEhYb7f1LhQDUSfWQ5pOd8ciZAGXIcMd1VrViPuDt
petT/nTEfIGLuZoiv6Fn9svEI5aQ6o6qhai9NFNYSzuCH61xlB6h4l4NRdIz3MYU
WB8IboeXawhVQ0zDXLUnmSvZH3UpvEPc5B0F5CTOAK+v/k+Uef2Pfeh99SY+7e5p
Y9nrR9XWLkR+zWr6tdCZW88fVpPxkGeWLwEaIhUqu0VREiBzMw5l9XUGOudz3Snh
4WHBlZNan4mf9NrbV6VsVoRdHZfW1wP6tOL8dkRkZr+OdZTDeDT8fSOxvLjxG5Nk
zGp1rWNgrkTthPH7ixTjNeDOxDAN/p2fYG1EoFf9IY9xEBRrztbGOKY74WLxcLJv
okRTRXtccx4Jp4rPwpmztIeaqgoBquRI59gRBEKMc36wMEFdZty8hvxnzvrrNMI7
LtKSOdvOSJCVyuu8hiAWyHHrNV04Z4G61gLnjEkiWo94xR2WY6PuPVJ99K6Y1Fog
dZxcPfuiAvyWWak5s/J3rg+TDwUhZowUt+GxHw/CMDIWNWmOYBD/LcpVOy9BB8kE
2vMfmFHabc9YqZ0x8bjppFcuNcqV64RVoFRrCj/TpUK71pODrgljMCKAT60fpHIz
NkgvWeedaOKWF9IfuUNJsxLZcyBQ6rKHG+/2+EgqYrWCXESnpzHwt16CdBh3Iv7B
iSJ8GQVSPPrTy1xozaDPfgbXbNdusq0rhqP+s/8uIL/Xei+yG+ZsVUL7YqQkDMrR
pkO6Yxc1CemDg8DGNP5sT8f/s+OKdOJlT1ylh7+Fsme0wJfhQ9jHG3Ko+R+2bwSr
gv2GRk2pBuoML06iMnq2tpbEYEC0SMTANI/YRhmf/vnd3N/W0FSaR9sbEhZnZc7j
ikFNqrPVN8vLDz1h7NXzRugy+cM2P7twIVkcNCw1RN9basliJkRyE41MP5gRSAZU
q40N/z8lKYlOEEvcEcgUAIyacya3FOpDhKvuZys2f5Nbx6M5QUhoKcoRm7+Z+s84
yqRLZYzlZ3ioSPo+XZKoHGWKmVsMEj98bfpY6gl0CqDKXFZdv6+Gjq+D9McLfDkG
zzKlQOodQGkcQl7h6FaIWEeqvJ1MsUJApq00G83tT/iu7WpbJt0uUD03GAfYvJQI
zGA54s7TGapoIDB3+Lo+8YlYJCOnMBi0VVFHl1GHhp9+MyH2Gb4X3G8Q9a9QYbNN
dPPl7LbXwCnapOBgIpHGDEOrsdQBOV+ERbNha7a+2xHn/L1L/k2Aj/dnqmW+zdHi
1ykkJhs4a3CkFKO//sbovcXClag4C0jFyMRm4juBRv19ZqlYmqHPpWl5dhjnCuyc
QtjllFwnE8p7IvbkdGlmphGtm2EjoJRG1NUJMVdrGU4mFq5us+Duce1X7PkbS+im
y+Sb5peMh0CWLjjzkQFHI7rn1IdS4HorhQ8IKwbYG3xTof4BUqs7fs2WvFMgEZpn
DzRDjKEiprOxYnENLOuJizjHseUp2fb1AKrZq39IdTtw+LrDhvN57s8SxK1MWEQx
iequcg862fzYe3GA8AZvUuhqsS4D1+NK+zFH/MW+JeRyKCwL/gMQlv7bmbVEbJef
oVUykinoP/6Eky8PnDTrqnU///jif+phoJ5m1htjyE2cqHG9bjuXarHb1vkuRvUb
vD/GixvIOyqFxZEfPDiFvGnyFFTbfIcON9Htk0kxwrcgzB1uhEdCv83TqCCnAUP3
FkNyxNsxW8jLs/Uws3NQsAFgqb7TWjCB9aAtYifgZb2ArvB3LVZPkjKqpDw4pdHx
KeHKkPVuJZ4GzwNB8s3fog4RP0FGPcdH1Hl4mhQdrucwZcQ5w23H3XLGEtHcHiyH
A+Y8CLsz1fQ8s3APkch4OU8pQBgQvu3ZzQC4EWg/TjibwpCTAxrHthzJ41qJw/A0
xgUKzfi1X7t0bbPn0f0G9+ZMNX6blQ5Ja/rSGmQHPLgebRRLn4hw8p2uhwWBBppi
sHYkhNGdFdEyOcdFhhFiKDv8wwtAEKajDaYqc03B/8bVeW61Op5ryvQDDBk7xp5O
9JhDrTuAfPth3iMisYpilSFXbE/ARqf8tWhNAcU+wrwELObN9aOmn2M003jp2FaY
53ZUXK2R0cNcxUIsAcrprt9lVO3EUjVyxudI9h8xTU1h6KUPQCM44PIudSaFUxH/
PPkMIAegIMcQC0Qx2v0hCGN4JJuR3HiD6avqr++dZYIEGRsJpKpoKUMX00U6mGIj
/BhySSYagEwS0mr4aINcalxETtUlGV+br+otPzPCEe/QOFVyTMp4fIYH1oKi4go9
y3B4n9lR3DICRzv+HiAUsGxe2ZbB6hb6H1gorYwY8dj8vsQD5w/osOb8ftPzjpAz
Y7HWpI6H4lfY9ssKrqlTsXG4dmDShQE1V+th4Dxlvhyo1JSHog8zi6tNI6qh1N7i
beAMr1wYl9BOwHBklMBud9enwOCyY3Zr6pbtSFEIo3oZvtgvtLgtpK0CJiXkSb5Z
v/pMM0VpHW8XHy2s54p0DPuQQ1h7+T0yeDW7t2JlDqxvIlav9domHHkix4m/vN3m
3GJgCh60dq5OJ556LSU8avm5ByRgB0XDz1yvHcpe3xEpt3tMr4r62BgYOSUoZLz6
XRMyC8dOHYIeME/LuE9tU64geHI7PoAPKWBEaj0QN2kN9+rdX5FbYWXxx89q7Z+7
6rqiB7USsQCwgAAA8I0XNwAmxrcr/bg9uEKf9sMp9AUBNW0afde1Yyxvk/DEyeMa
6prGLmYQ0/FUEXfT7uq1Pjf3XudVrI9z7N5JpiCNifZQL2vON8tkZP59N+Q9FdJg
ksDHgJG1qdgFE9y/h+CoHKYhem6Hd+NdR37YmA7E2u8bMZrY0RL43QU1fY3LC1Mt
IlPRn+IVtqoYnws1DYwpIas+pZaunqgHi6JxVnW3q7Rr+ElUxMXDCqqtUoJ2k5YG
j8k6FZLklgd087Md4fwGhgDkAIZjWNQPuQcHEaUAmLe4m+7wZ08afGjY43QQaVvY
jpYRfHXLldRZzKwp0ZvSZ/6MdpgxTXYi0x8gGb//dAoD+UM9vyXn0yLBYu0v5h/Z
BUS30G8S8YqzKuG16P5nZNdyClAbhx7ZHCZ4N+YcNSkHFHZBmFaUrm//5zUNUJYq
/6fDUg4uCezQ7TCBiR5P5Ut1+mjJ3dIS11UZ2aQojxhnL1mQ/qxLx4AHI+N3pgYu
0RNhFKkt3NeX1NjnM8qEVXKXx2+mfOkUIFUHVfOuYXi0gasLSWs7Hxu0th7Bxqbk
GAx75VF7UViktHvKkxbUNLS2i8Sfx7ZOWP/GKsMsurjgg9W0msV/VqlPyRVwZnvo
w2TFs3q90lvYcrRRwS6eNOg+zr4c6j5R/berIzqLO3rqcKVkeh39ppAhyV57X69y
FgxSEpaS8SElXluoO04ZrogjNyS7G2wkx+SXTPkndXo3y+hrCaMIm9SjP/Z6NboG
PJ+bQTVrUKWw1RfSmfpdOXTqdg16C/2Qoxm7g7kK6f6gRLzK4FjNnBc9bzgSlWfb
gNlqUWXaHuucBRq9/uauD6oRrLX+tPiBF5ENxGw1TGZxlUv95mjQ58X4NL8kDlGA
+nbsLam+C7U9c50e2LAZGyMHOJoD+utSn7SYRx88CKnq5YUAbjt9HlWk0DZ7ByXe
+fGZD/jHZfjnrUNFqfFi5ANWU8kiMCuWP0xiVLesWCQrDll9Xzw7YVi5HFs7/Tjd
Yk9hqAFZXdxfpDMCrCro+pLaQYl+/VfMX3qC/CyusphkBsE9bejGkLlN5umlAfoy
oWSBFWnzJVc4dmnAgMaP1zf2WO6TJzC2xkUfG5VrVtQotLo3MMhN7exq2wwbTLKB
ObSp92O4ctyvZGeWAx4DLMd3QyaLwxmb8oGcQU2worYLmGVmSV0vqPSOyDCymUg2
LmC5xvc/uycxt4oQRP/gaw==
C.3.6.1. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIN/gYJKoZIhvcNAQcCoIIN7zCCDesCAQExDTALBglghkgBZQMEAgEwggQnBgkq
hkiG9w0BBwGgggQYBIIEFE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLXN0cm9uZy1sZWdhY3kNCk1lc3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2ln
bmVkLWluamVjdGVkLXN0cm9uZy1sZWdhY3lAZXhhbXBsZT4NCkZyb206IEFsaWNl
IDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1w
bGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEwOjEzOjAyIC0wNTAwDQpVc2Vy
LUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRlcjogU3ViamVj
dDogWy4uLl0NCkhQLU91dGVyOg0KIE1lc3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2ln
bmVkLWluamVjdGVkLXN0cm9uZy1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVyOiBG
cm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIw
IEZlYiAyMDIxIDEwOjEzOjAyIC0wNTAwDQpDb250ZW50LVR5cGU6IHRleHQvcGxh
aW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSI7IGhw
PSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQt
c3Ryb25nLWxlZ2FjeQ0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtZW5jLXNpZ25lZC1p
bmplY3RlZC1zdHJvbmctbGVnYWN5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGFuIGVu
Y3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0K
ZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlz
IGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQgdXNlcyB0aGUgSW5qZWN0ZWQgSGVh
ZGVycyBoZWFkZXIgcHJvdGVjdGlvbiBzY2hlbWUNCndpdGggdGhlIGhjcF9zdHJv
bmcgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0aCBhICJMZWdhY3kN
CkRpc3BsYXkiIHBhcnQuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqG
SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnC
k4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8on
Zm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZ
p8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeV
y+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swds
zUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1
AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr
BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dn
jq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3
DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5I
EcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9
sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1p
pMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANH
pyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpu
ob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11
f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREw
DwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2
NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNV
BAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuM
UFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3r
z4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8
gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGq
qaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpE
YlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYD
VR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4
YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1Ud
DgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJ
KGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtu
Z2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQM
xH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGym
WtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6a
CHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczis
qckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGC
AgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcN
AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUxMzAyWjAv
BgkqhkiG9w0BCQQxIgQgsePhCi7sObTokgqdebEdibowlJjqm/Fs1TjyFzEI+80w
DQYJKoZIhvcNAQEBBQAEggEAcAMaTTkbHrP4iZjcMNlP5RgpXRFnmboBxG2eSctE
URN14Phkswf2Ao9gz+d7UX9bFEVLP7TnEyFOTcPf1wpDon4EuvUYu4eE+KN57uG7
JLgbNJbg74AHmrFiQIdl6ZtrHQqFkqbaRGVyc+euBrkqb8oTnT9fS7QPAdodYsPg
Y+tJQvhAJbAeIs0Y/MqzxyWJlj6kvR4sEMn0wdTz2HPGX1fJ+Oj8taOvR5ac6dIF
QLLvbnf67Yl5fkpLdGJIBQIAFf0ZCzGiTyVmiBHXvu3CIH7p+iOM3OMwB5FClRUL
Ki/jRyhQo3RWQ+pul4nGq2X+Z2j35ne3FAqVV8FXbdulyA==
C.3.6.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-strong-legacy
Message-ID: <smime-enc-signed-injected-strong-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-injected-strong-legacy@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:13:02 -0500
Content-Type: text/plain; charset="utf-8";
 hp-legacy-display="1"; hp="cipher"

Subject: smime-enc-signed-injected-strong-legacy

This is the
smime-enc-signed-injected-strong-legacy
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_strong Header Confidentiality Policy with a "Legacy
Display" part.

--
Alice
alice@smime.example

C.3.7. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8495 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5276 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 1292 bytes
   └─╴text/plain 328 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-wrapped-minimal@example>
References: <smime-enc-signed-wrapped-minimal@example>

MIIYfAYJKoZIhvcNAQcDoIIYbTCCGGkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGKSEhnzbHKOGTEJRGXMBJk/VIrIGXapazVh
YqA+Tuwlsyt4YY5oUD+vpbLVos28hkY0PF8o1ielAoJ+tIT3eHmmeqjqa27KByIR
4gfxiM8sXkSWr1y3y7iXu9NSbpeyA6vLjbQ3G6hioCqRyG/M5oazNGVxqV+rqtVK
aXs7yjhjUqQSrOSfPe0v94ci1hSNfyeGw34NLqFe8g7eO2xBtOD+bK/btSUskPxu
H79qbQf36pDy0Okyn0GWepkhC8RIHRgX3noL92akuKjvifZth1Z5dJpgWNs5StgJ
LpiiiIH7OzbZxHTdLLWiKFSLkaStKeoezlWFH6YBb13yr6pr1p4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAJyw2hu/EsFHxeeK/iZsZGcrL
sJFSc2np0mcaW4eRTF38FQAarlhAqLFSiUQyZr7mrLIGgoakb8zPgF4HX63xED6m
50A+Vxz84IdqF9YYC4oiGHACAS3obXFuYrY00d3YTwvk82vilFcaP0HyLgYaE+hR
GEQH/6tu3uWBixwGrYRFcEviuFq7sQE+hW5ShnYwQYeDpPxRCVCmiQ2dEKUDmQ06
2VSQyK4i1GJGNsG0cm/F9c8aNU0NozMjVxGyrhZMqXYfmdGxGrqRxnMi6Ann1lb0
AU3HFooxNp0v/NWK+mR7xl0OtscEeXayvZKZcBPTJxPzaAJAeJpAlFQ4FD+gfzCC
FU4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGsaaTMeNA9TQboaMPVX9EKAghUg
Y9j0cBotrfYAcUnHwDbb4R/j+Ga22tzJpZ3zq9TqNYzDjLpUJ6jOtRSJ8badr5eA
kIgKS56Vtc9OSHhHVC1rbHRMFwNmwqSi3Mkb3mtmgSErciPMN0jQqW/7sY3CX4gL
h1k9VBy/3Ur3YQESMLEmXvqV6O6zlJokPyeefPzLRnFQBbS2508pmAhFQhS2EWZg
fkWfLxFkbexXk6QJD5W3Ct+IcvU04hfgjZn/rFpdNIwQaQKuLdXGAuSkvWWlY5Kj
pg6g+kUJN+5aIc5DYcBL7mRPFerXCSNfRG+U/66WGCz8qxU7Wb9XXF2civJAUoVU
gyceIwukATZoOVRDVSFHeewBBbKK5lsyDCtG7k//tFhq/NqvImtIJXchcEeNnTQe
xceVG9tUZArRLdPz+NBSuhOieywLvEnXjcti1EmKv0XEbYhnzmoU6nUFfezRj0Xb
yVUtii9DlYXQfOXPKXi/w2dNu1bSmxmzn2vbjYqLoUywR4z1BKL0h1TvI0+pSF4c
SXojikkRHuRmgKKIKNC1q0/7UxKY4rrt7pvkWcrlpMTZtrgTatdNTXm4J+7buhAU
+CtC3LkAqwWDnY2mncoBVmBooepqhuMuR1mFr5wm7v55vjEcHDkdDstgLXP86lYV
jqzoUOHru2VdvDmHTw2RyerO1ICUMtDoMT9ixX/gR7voRGvuHdjdPNCHvrduckMv
Em7tjZ4rmZRtHwBLNlGDgupTj0KUoUhAlJxky4rL7HQrtNyrt3RpsimEKTNmcGec
12tu5OzvHT56v201i3kAwsbyHpYZftu7nONHs353HVFa2heji2r8VOJASWYoPyjw
UzB+O6rJFjNBUDZCMlMhPD6eCmqJN7kDth5OUv95IuQArkwPtcPrSbwOV0HoTH0i
BF3/4szzV+cne7d3ZZiAtmsaBTuzb8ULFg1PFt3T0g09Px8gPZtwyP7Ujm5ApTYz
tniglkPD5fGstIB94BFyN+GoCD30KQR4J7K20FHjr963fGkcN7GwO6INWfdfF6eZ
YQfQwqsZdaXLPIQb8zuP+ZNgfCjSx0IDwOl/Y3EtHL1afeJ2ML2qsRxHDDhs+2lZ
eUlVLJoCm8u5eeiNGhJOR9beB90ZouJQ5ub9S8yrpVXE4lRRJMg3T+8HoAwITbdH
rRdIz8ssEE0e6MMkW6O+Sw3JLvCFwteAJb7PY0ojJeJsSnwynopSgw2130sxO4MJ
ScOdgKCuDyOENl+LJR7JzxfvGjWSMmURQmGbT/ZHrWmc7816VSv1M5I7nbtCu9WH
p6Oi/uGnMXLU4cmgQ+T3Xm0oYsDVMEDXabbeQBrjR8UgOzgiAf+b7CmIrnWtXbo5
UDOmhrrmsHJpEbJcbdDUOBhn8tKWpo8nzoPM3o0GXl3AVt9jcku+KD9wpr9lop7M
QB5q1CCQiFWpk761JJlHFm/uPKXhyDdHcNgxFJ3DbZeImeNOKrmA8DBqb0+V/ixe
QIDGrXt8gvy36QIEKSUBQBmM4F8GZgbqSqPbtm+pi4epz6dSuRoUZy7L1eI0BF0j
VBUBeeklB6f7CINW22oZxkcqhmbj2VAMVPcTnZNGyruoYGwXPpIJc1DalMrVUFHF
f7q47PmlwNIQ+vD8yT1icN3m4SRRJfSnN/FC1Khsue2wwg0bKqio9+wGB9gt5hor
7HFLxV3OfFzJzJ6CjRlaGreTGTvmHl4qN4T1RDQM8ZF2nrjbiTx6H8R3HlqYDgOf
xAUvoNuMS8wib7be8Dm2zCMgjmQyPLSQ97LuY2mfnNxBPJY3sB+hJWBj2cMAdwoy
mOH9acilANmH0FWB22jaQ2yoG4X/mzZC0R5FVK9EAK5MTq4hV7BE8SWy6Kou/dEI
blLkK8scK5Km0FmLrQRbn9yRBhrN8TFwTcCjAxWQh7VBRjWzPKG4p4NSBuqO2onJ
7MqqTEAClheIE8SFPG1naPmdquPQscHtFy0N2XxvAGtN22IRulRaGK6b32L47QKe
GR8M9/uMdA4Ujrv+XELV63bEVbF4Yy3KosHSb0vSMu3KnIl/th99MpfiLssyU9up
/DtNfRjFM6pClE5Fwb0fShFB5qPHbk/hj9+UoAyZtTQqjzqzgpAz99jxsK3eFVQP
BmTh8Fie8B0Q3DFMcUBTbb2/XbIHHbvTQiRFP06Oeye4jrx0QE1TSsmrnbIJf6KH
d7E2jeV7+HAJi+C7wHEf3z6C3XgolyYWy24tA2UJYI4hGFqDqy4/D8avBtV3gOx/
EUeavOWFDQ9UzWjIvU5SfXJ5mGUW6AWXc7cx1jbOybd/PnRiZVMtiCg/V5ZBl1C9
TsTvsYaSCHXCty/HT6HVQda9X5P7b53gPKSbZlsrv5k1fUotM73FFZTWA1Tu7X0q
rMo/ZVvrTHU9DLbt/MFQITLhdj+AoUDzmVv9eIKJYdLhwfXuQhQ3EoBgxGf67/HR
+2u6+i0vhPgA+U8Wc9DYGPPlIuP4aKT/6LRFYaLTk1V1niJdDzxedyprhx+oCKBl
xpYH4LcfM5+ozlU6T6U2rW4xHdJ+bf6tyBlBkuuRzjTMDMfCbPSjZd2KV03XV6EF
RUTjmUF5y68SqBmqrADYuKJ7e+r+O4wdc0uYSdvqSaiL70oRaYyGTuWd0Lepb0ly
PpC0I/S/Jci259bAEhf0egUrx7udEhhT576TuN7Jk3muwvai9VHhduEixahw6kSq
AUrOPyvFxhHJhknl789/BPIqQw4xeC7zKteHcXChClOg6qcLfps1KyWxAFpgDTy+
IuZigqRADrVL9fuVYynIB6APRAZAlq/BAhFN2W3gVCk3BjlE8RTNcBv4oWDXOUIR
GQrgxvJUysQQtJY5YG5kYqKJiX5eqAMgyWRdBOB4Odje8/vkNGDZnu/wQXx6nKCh
A5P9Wj7+uldPQQBfscCeBuluxYaf3ZLRdeepV/5Wo/tkgd5m9PiakPPQQ4sssEDj
wO69zn8ouapknS2qFRdtDAAkfaM84bBuIUF+8aOwetDEv/dIPGZLaA2bToTQI59k
D0QcKfee5woDns7zSV4jvw8j98Ddqi7NF4wGUSxpNGvJ+F9GZiREV4UIGKA2HClG
olYDRSX1EPSAjiWqgsAi87KAh3kfUtFEy0uUFbAR36SLT/vm7LR2RikAau37N51j
lwVNNMoKUmk0uhHjDrMtnWfqzY7TGd+RPhLq2KYPJndJwZmLBGgfEzK564D0zdEp
tzuwC4kIXJvU31fjieCzf3YfrD6AxXun7/jwbWZKfpsTyUsS+kdKuaBYVgZH8TD/
VsLVqBxMF9UtBOdI5nubc2ua5M0jkh2xbxPvlLRfjgOE3ajAZlSE/bjYMfvYHUhm
ZxKdmeBgm6lkwhWBk8v3SrFXe+EmdOmAPlxGXSvU8D5G8qEltDWu/ewqyvEXHRHl
YTt+prnq+Fd/thYXggd8FO+Aalc+snBtGku1UqkV9TRnl1ZcS/R1qBO96Nvb9JOG
6KFFPVlTr97PXOmm5Q+yI2dD5NwQxjtPNyo9h5pfPUK5607jhShej/2qA/swfzdm
yvKO5WiHDPvbkNgfrvZuWU/PWVGhCBYc7a/A2jFjCDr8oDTksIHiwuOBN2p+kjx2
7FCLD7pd0B9JmmMxSVfiYtV+IC/rlItlBqEdPs4esXQLjodh7veAFzvAvEjKiTee
ELZXLplewdNE80oxqXr9TnPiY7D9mVw+5WayWiOHdGk626yCVeumThr4eVexnSDA
dX+KiyyP6p+vEspkRg9dQ3v2PilZV9BM7kzqaFlSPSJT00jX9P6Rsyh6S0GdxmfC
rEDwlElqI2a4C3jwpRSxU0V51zATmB+Gc5KmnuNe646jysm4KlNpTlqL0c7rxTQ/
OISRcwotvSKZw9Fq0lrSh8RyoUuvAXf/soo3hrkECXGYk/OTm+HGGiWNybI9007+
FISBiyGOFF5cQdXA34LjoSJEZ4RuDfhm/BdvlkbavIsigfCq0MaENElMQvzjQzTn
YKEPvjAVm7f8tDmnlVX8t+NKy4Rbfaf/lb+Bhmm5wW52fobtKExNe+4Zx7PsKN9s
KjW+4rVSIwLaZkI5s4gFLWWk9Xl+iY55Nu5vkOONzbLxp/a8f8Wy1AJ1TJDxw5mq
9Ft5TZNXRUbcsCY6AxiJcLoHvifI/o+T0A3CecEyAa6sEPdatJVM2SO3VlxbOx84
4Z9ErhbZI1H+j+0N2nkVX0tuw2e29fWr/hlZ3cMyoxo4K58F0rnIAUCJ3ArySEpE
SkuN6dMguXlpCvlMmGpSdYH3VrT/H/82qZNzXEjBCDtasqzVrY6NS9fk1Qlx51qZ
v+7L2DMIgKbY+l3vxm7ajrlOPiteAAhYLWjHP8p3JWKampEMSM8kVAOSn1jbc2jr
QMDtwEA2Jox8RlvQLdanUEYa/mYUxbLB2uNkGFdkh6xtWwcrc6iUVddyS2/f/XP9
bSdEsh8ItfpA4LhADCGCkltmhnPKGDr35mIqXgKoO0u5NFtGcHKfTLQLwgZ3MqAL
FWpK9btWHKKzhlle/BrPAaBZFGZKYbPvvnFO8as/X5tRgLfjZrYqXjTcJmiIaOc6
28NOosMG4UWsNplMJ+GTSBVUQ7c4wrxlycIWAyj76ICT+DVLmm4JjOSPB0mn0/V+
flEab2d1fY89145vjfePEjfIo6IyuwsDIdhy67DgJnDrWMipHEQVfeoMex8+siiu
qBsUzYPd0cfjjjartxbRb+/W2Gw8XVrygZL/eBD1xNKs3xrvmjQY+8FUnPxY0haj
oHMoqNqYLkdW+E9CoTt6He0JKrus8+jAMUGzxEyeOAH0voT5ZkpE3TQ7lTtePhUM
xJp/e8T6fe6MgWOEzXfNwzFxmT/WG38S9MCwFKfnAYG7jw7NWlUDQJLNeA+L9iYO
y4WzpIYzsku2OH7sp/Ay92thEhEo8c9Bp4uMqNqKhzCOcL9uzaObjz7jwBtEm6oJ
OeT6xn8fSNu37FTkW7rbj+JLqJjDxlART1iI47Oe41Hh5QF1I0givonkn9hko0iD
7Q3+U2ROapU5g2cuEytorUd91zSmxhVVLlRCTRMALlcuIUmOjOxYTBilP1NuxDQ9
0iT4+yzaFWKBKnFqJAH6aIry7qAeiCPMcMxMrE6G9uwh0ZMeJMY615KwHExun+6g
8unTzbFeAvBLDZbgguOYwgPhEz2RyKkdeM5uLANM7ztPijxOlT6BQF8Fw6d4cdhS
bJZQQTT1pNEtQZfVt49iBkHmfOHC3Fp0UBds/OO+AmUJE7xAzQdHQ+Shb2Y/rCyc
bu1vwfc+ou7aWnEHHoz/hlBCy1cUGmpd2gpXqWjQC+rRIqoybbK35yCZqv0P3Cp6
GTaSVZrHhvLIkd5KZ+zJkvrOxOIErLONCz+2aQ/eLXbzEzfiCbvPF9paaRI69WTz
5dihzrNSD42O1rCsPv3elXbB1VnlKl93bdDkpMiluGhuEuiIZl+MGdbFqj1Fsc4H
9sF3hrcEJvN52cEwWgwlH79SmB3JY6ql0a1pvsoqUxCE+mqaRCbRVipfiqVjXqVH
vrjR7xUb5nP8YVWVZJ4m8HeEaPcSMjFXBPQiJy7HFj1M6hfE3FTvTdGk/EDQ8kR/
ur4nV9h1jS1NrwhSJPCB2LulaT4tvzFxF1H2l2vz1/N3LyKcMv/LCTId5Qk6ugqb
9xhPS+y+fcB32rPnlvLGEFUg3XrmtZhlsAsGCW3PNaEQMs8z+6sWfDOBBPTgPAdi
fWOhZl1MRWavoY5R8wIJ280AF78+fbeQFjRK5u1vcSU5GAftsiznWT/GeOjiyKKG
k9IRtpbxSct6hUoSqJL1IQ/Tsxb2g8l0NVldrPEzXutUH/IbDuRgq+MZaQEL+yPq
Gni4CMfW5KxxXRnBkQcT4C2Odk+3YsyqPfVN5wKyRwtohY/rGS9ZqS/4PuY9/jj/
CORoRLjzdMME4g3VnfIVDEPYVwrXfDzXpxaMG6umkteMhgQRDk2r0Z2DUgNJ5DqJ
Abnuv8kGq2H6mse825z3HG1GuRHNx6dJXadFT8LpVvtOq3MZvpIphQ3qkvc5xI9K
lmqHTJikqOSCwj9iKnXcX6ushcI4EBpm+cBDkstkIcO2nr5y6vGATY7qtC6i1Uap
8cvYLR6eQ8RPVirJ4IHjauqxyhPo8Kr7APJ90Hi8D+/Kjbk+J+/B2JlQFTuTOz0q
qCO8kxcjN2kxHspmpZQx9IrH2byzn4UBVb7cR3FOBFpO7aRUQxR9m8lMZIZJseG1
YRTXkhcX4pNRUkbpxY2haapZyMmITxmX/Y/fUnYv1gfJOejgcW+pq3Ff9v2JA8Ns
l+RHjlfB885nkmccKjIx16sLOvsc7HiveuKHwvkJe8nmpYuSJi3Wqi4hGb7pHiw3
w+kIH3cS4tbsqF2Vcuxz6oCVtyYGMQjxVIrr2Feb2m+BYMJxlEfy8TPfL3l0lKW+
EuFbpGF11KFPEawlVhvLUzKpwZmO11kpRFqpc9H5q21+0zbkW42Yett912Bwe7bJ
0DOQ4BSsC152FQFCpeDejiTk7mu/9nxx+6Yq2Ex/6sOMPhwRSotEigIvCbW93FmB
xCxinwdBmd5tdLupXWHZPrN2G6rJQqPZsVaB99oq8FMMBS3E58Q96fO05qBOA5wX
jEGCVkGNfLyWsyAuvmSMEW87rS0XR6SQp8ndokfTQeN8xsFTdUbUiWdXrkgKlPOD
WoqAHZDjeEuxwcRsmsnDZDt+pdhQcS2BYyAk9x4/8z3wVm9jsc/z2om17fIrBfv7
EyfxzcZ9K8flyuFdDrY8WkqfMKA4H8JjKIIgCWCL2oXUjpsZLeQZOCwFstiM2iIU
4qChsn8HCjERThUHJum+ufG3IILgNbDKlGd3sqDBU/47Y+VlucgoPM7ua7MylK6c
JDgr7qhb9F+POQFEQtsQk8H8pEuNwAY7AdUHm4mjyFRBHFzCYa4q4DTfO8tTtdOc
wiACXoPTJt7+rzuk7fsQtdBV4f9C/aHC64LlClDcFmM3uFBat6dbwGqnE52rYp3o
lBOpVK4W1jbY4lhoE7X3bf343ZwcCh44+APDvwJXV4+7xLk/M0HoRCehJ+zPDqWR
TcEU12SQPCgQUIELyYXTpRSgRpjKpYA4R22l+fbjRPUIMgnGkK5C3KDHbR3QuJKQ
NiJ93dT0GAGG6U05kN0/B2K8DaXZ4gQrY+C1kFKBuHf6wINQveQx4YUZnpbpsClD
nLbXWR9uaJnOIeC45MMu9jgThwJP7zYm9LyYmNOgLg8=
C.3.7.1. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIO+AYJKoZIhvcNAQcCoIIO6TCCDuUCAQExDTALBglghkgBZQMEAgEwggUhBgkq
hkiG9w0BBwGgggUSBIIFDk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKU3ViamVjdDogc21pbWUtZW5j
LXNpZ25lZC13cmFwcGVkLW1pbmltYWwtcmVwbHkKTWVzc2FnZS1JRDogPHNtaW1l
LWVuYy1zaWduZWQtd3JhcHBlZC1taW5pbWFsLXJlcGx5QGV4YW1wbGU+CkZyb206
IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxib2JAc21pbWUu
ZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxNDowMiAtMDUwMApV
c2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wCkluLVJlcGx5LVRvOiA8
c21pbWUtZW5jLXNpZ25lZC13cmFwcGVkLW1pbmltYWxAZXhhbXBsZT4KUmVmZXJl
bmNlczogPHNtaW1lLWVuYy1zaWduZWQtd3JhcHBlZC1taW5pbWFsQGV4YW1wbGU+
CkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQpIUC1PdXRlcjoKIE1lc3NhZ2UtSUQ6
IDxzbWltZS1lbmMtc2lnbmVkLXdyYXBwZWQtbWluaW1hbC1yZXBseUBleGFtcGxl
PgpIUC1PdXRlcjogRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+CkhQ
LU91dGVyOiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KSFAtT3V0ZXI6IERh
dGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTQ6MDIgLTA1MDAKSFAtT3V0ZXI6IFVz
ZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjAKSFAtT3V0ZXI6CiBJbi1S
ZXBseS1UbzogPHNtaW1lLWVuYy1zaWduZWQtd3JhcHBlZC1taW5pbWFsQGV4YW1w
bGU+CkhQLU91dGVyOiBSZWZlcmVuY2VzOiA8c21pbWUtZW5jLXNpZ25lZC13cmFw
cGVkLW1pbmltYWxAZXhhbXBsZT4KClRoaXMgaXMgdGhlCnNtaW1lLWVuYy1zaWdu
ZWQtd3JhcHBlZC1taW5pbWFsLXJlcGx5Cm1lc3NhZ2UuCgpUaGlzIGlzIGFuIGVu
Y3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNwpl
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg
YSB0ZXh0L3BsYWluCm1lc3NhZ2UuIEl0IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2Fn
ZSBoZWFkZXIgcHJvdGVjdGlvbiBzY2hlbWUKd2l0aCB0aGUgaGNwX21pbmltYWwg
SGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kuCgotLSAKQWxpY2UKYWxpY2VA
c21pbWUuZXhhbXBsZQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49
NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
QU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNl
IExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovB
ouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CV
t2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt
8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4Tg
DqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcY
bwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA
/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAM
BgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYD
VR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HV
RDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0
WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4M
uxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveE
RRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/
m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYO
nUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPU
XTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMC
AQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP
MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9
LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKl
QHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKa
w7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV
+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyX
t1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMB
Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj
ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE
AwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAU
kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmg
aSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1
iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHG
Vy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6m
rYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXN
QC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f
7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBp
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIy
MDE1MTQwMlowLwYJKoZIhvcNAQkEMSIEIMFfyyMf5l/s5cPAanguRyiS2PErs/BJ
hBeKxEit9FyLMA0GCSqGSIb3DQEBAQUABIIBAHfAUkjezu/0ef4322p23YJsfeQP
ZHON/2cg5IJ2osVqGWQc3qaCW0YHZMEzgN0vvSNs2Scvcz7FtDVlFQKJKR6Q5eVo
W1tFBZ8a4HBuH+m2Ge5YzmXV0KatJMdB6MRxYzD6GQMxrImV/SquqVcU+nbCpt0v
AFD+C0C3aBTAL5IV+IXjYsit0cBF+U0vABx48P5A0Yqh2O5M3Sq8A/rz04gtgUbA
2qJyOnGhOsjByiTplfnK6XGyEUMqQrJtA1BDtlt8Qj00w83dYRaH1wKQ8392Ox1I
nqp1Z0zQHKwvVKxKGtJOQkZgyDAlbs6a2B0CUYwnnqyHiOsL32Ow22EFy8s=
C.3.7.2. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-wrapped-minimal-reply
Message-ID: <smime-enc-signed-wrapped-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-wrapped-minimal@example>
References: <smime-enc-signed-wrapped-minimal@example>
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-wrapped-minimal-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:14:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer:
 In-Reply-To: <smime-enc-signed-wrapped-minimal@example>
HP-Outer: References: <smime-enc-signed-wrapped-minimal@example>

This is the
smime-enc-signed-wrapped-minimal-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Wrapped Message header protection scheme
with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.8. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8385 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5198 bytes
  ⇩ (unwraps to)
  └─╴text/plain 342 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-minimal@example>
References: <smime-enc-signed-injected-minimal@example>

MIIYLAYJKoZIhvcNAQcDoIIYHTCCGBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJdtyAZqztspc5n/+SKp6jT+yxf1cNlbXct6
jOJBm4DpKXtTLCAqOKs1PcpYZSi87Bl3OR8nbcUv2Dg+JWljfKIPlFB7G8pCQ9hR
15uNzH76328HZdSu3536Ehnz3B3y8Aq3l6sM4Csk8yibJIupL0rtARAI74hMQem6
sW3YOIHdMBeqwfmuVMD1uPTpysMnaV9qRyNbNLqE8BY+UlB1wKAh0EZYfBBsZ6/C
BBMNNA2xa8m9i4rd42xVy2vQnl2N2hYD+ql0P7DPBzFgeYSg8AWBuU+VPIc+wyTb
mJpUZf/MLc33HYrN5jfgR5qO+LDiuusx4roqfdbHojjs2N3/E4QwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEANhN3GL0d5fTAeLcZVW94Solf
tY76IETkd20FbZhXBhuYEU3cw9sCEvAFI0cyGuzgdOKYE9b5mn3hW7U8/9lsHH6w
SNoIDZs0W6iASEbj9V7O8vRtTn0MVYftqJuTn1JP2Iusgi8UbokqtpaA8PYY2HlW
f7HNHuviYIEiPeH8/T1WZoHFtWzqr+TcibFXg34Ae6PTre4UtDZllKTkxnI0QSuZ
kYlY3GGUdTUFyHU6Fncx4LbPFLPsvMuv+N33z6hW3Oye9ezO6Mc2BAqH7ewaYQL6
85BIVAKiIhXTM6xvdvc8glTi2y84zXExC+2zuwcbgK7C+sUksvdfpkzIepdAATCC
FP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPhL6QKT4IFfsnVdSly17JCAghTQ
5DUNaR3+B8p0vl/r0eV+lCp2rs2SJSotpZd5Tbg2Ta3dwbGwxvHfvtpAgmGQpP9d
fVHYCuGYh9B2lqMhBbMP4I1UoyVCFT75haL8gsJ5MEGCoUt/mlFFh1Yc84sSBQhS
hVsaxcVf5WN1Oq1wf3AalBuAHcv6SSaDSPuLnVbyWcm0PRgeec8xbdmYvUtt2CjW
E8pz0Ib2KrNB46O2FKK3Qi8ViO7MCYxoVhZZjx+OjljTMGNexg9EOMGxVwcWBiEY
FL0qiPFTS7Ir6KBtIh057sAHLUAedryuAwAnf0IMfcQLo7+YdJcznKhXF1u8vPki
sGLa7Xw94kpHveyMyfJlawfAMMy/wIddd7jiiodpOTlimyBzZnZXxfmDMic9OQNU
ucr4F+3FFGsHLQSTTiE7n+eT3mDaSvzhOls30kAGvDnV9N3Sbly4Q8CL4S7PoVaG
pzLt0Cge4NrxlIwD22rSbDWYnJUPUDj7PrEtrinzZFTjI8o2vT6TwPTunH0NKBUS
uGGOImE3q7FTxHR+CXhWY3XP0HS72u3EZZbSMoDjm8BRTHCa8QT0TT7IYnfKLqIr
qKawB5Bedja1Q+VkeTB8r+W1k1Z9JrAP5rhI7IgQtn8XNkv3jNf6U3f22E+Riy1S
0fDAH798AJaXMoVJgPuvhwB+TL0HHbNmVeJy/3008yPNWrWGGbYvMc+0ChSKAafK
iXwHE90D5aGZxujQK4EaCHJ4ifz3GQ6w+6ktKCvuA/FOESRQdVxL+zrHyNp0Oa2D
dN9tmNtRG0aHC0rgJySiTwsy+UGbnqg3oElghRQZX878AIS+D+tL+I2VcsbStzmO
iGlJArSl8Tetx2SICimWhgsItjXDhTq7bxDnM/x4+jD+guLQp+mIM6HDaL3NHfhM
3mq03DjADfjoma+v7DxlMM5jlP/oeJwTF9B7WRjEbvLvTHeRilqHcLYG2XuJ8j9q
VoyBk6elVI69R8ghMN+Okq1WMpqJp0d4NXFyjFsM7w4nJ08QA5LSF3xgqdgXy1D3
FejNZTL6d8aZH370ZA7eYqRm1E/5H6nR0n0rBH6PfqZezPFLshLIoBXhyEof8OZm
/mz+Z+Kap7VGRox/JN9rpm9JSG2gbzOIbDIwyP+SR5v9Xo7gGFq6FicL0qfSGtNR
1x1NfvOUDhJyiAHhEGlYuoR9Qct9LicqytsR+2WrBUc8+jURTQ5FCJVPj7bJAq02
oTCK1uT0jyXjY6qycEWU/jJG4ccO5/NZv/Z/Bf/Rwe7mLMD5ftxHmX1maUYFWfkc
yBmwnDYaJnk2aFM/PCu8Ez1dZdcyhs/Xa8Ru117OmW1jvv/Yz10btqcKLHnUE85C
w90I9HK7sRwAqcZa8gneIW6MPhiT3kaPU5KLILqcnVhHoPMB8Vv9cA5fyFOAooPr
k3qMk9pFfiLeoRrvOuGNEjSKyqMWHcqVeNSbiqOxmDlzMWS3V291vMgp6ML9KQUL
OOLcLiiBAoo+1rfgvtikXWtvF5WIo7PXHQI7u5x13S7spSP9abQzkbfphzZXoa/W
MBgkJ1sevI//VVdXJI2/cIcvLG1psPZWcuB8AIziSuuF3RFHtY6IHt6uljLafim8
BdUf123TxWyF6U9mXIANYhfIQ4+3hxZ7R11f3MZ+dQEk20blYmFmbRwQeDCiQkY5
zV56L5iGPZQx2aziBl+sHfF+4URApk5+yYlYDPPUiGMDwbsMaYprwz9vZ5/djWdl
bs//ge35A4K+ghfBIBehz7Iul/a35RLQkwMSzMbAzJoxqM2WN29aO1RLj9peqpYa
F6O5br0xV3DUD+kSGZjs8Vk8zru6aCqVl8G6HdbFS4vQIhJZpB0y+ati2Q0TGLF9
ef5K9EbA8RoN+EXlriDFC/FcmFD4W6hA6gvfL8f/C89v+g3VD1aP5numsGrq7JHr
hEiz6Fdc5LF6oWrFnOTJS5UfO/0Uq5ut1Ae2uP3WQOUT0vWSUDPu/6O5hwg15o+7
MQCulRFNoCfVBJzVqvT41uOffask1a9wnZuBdvAie75Ycr2ipWEkXsdhRyeHEDUO
tXGnBKdriGzc8eXMxpYQD5K/Kf5ZtFfDcthMFTA6NLOGeg3oq8Xgy9g04cpk3Qqo
1SEu42nt0fysoCW2UDUntjg7Xvq3J3j3wly8OSJtUeJsYB8vVVXbzehp1Maxj0Z8
VGEF9reZDoiwnk6ia5cz1ouQxg/j2Kt17hyzvZGtyEwWo0lRduuOGCjCTNcjcswt
rxItmf+jHA+nkDcY53ryYagG1cxundqIGDH/GCmXCUAcZI+39Twxy8bxVNiRirP0
/obmR4Nix4DWaibIxkXBvdeqvlkiqNZL6Ww3YSaqTk9Gqpm1eUEP+c4/52dQ8lwh
44vppGW1q9zAyYgROxZkM31/UI03oSf+fkZCRHd1G0UZZT1dww3TCumJEowx9V8o
UfX7V6Cv6Az5enoMMKpsoffWG2ONm732xhkq6nZi7wM/JeVpq82ABVIVIRSLDW0i
bxG8UCRjbIP1hNFonT4YR+zyoH/8IQuXiXy+2m1lpzBVZNpA0vDlWeTVLntiTfy8
MPMPcmyBJm6rXvAu/CdPOx7iQPpLckjJ0RRTy8qNDYf/p/tLCWI9wVsccnLQKgqv
CKRGlCqLblKYhajoeQ1q/7k3+2DqtsqD16Seo7wPYhDDyn/1XnCm/TuY7zk4GIvz
cljKBxKld7r7z4/B1QF2fwidJZMLjlTFURbWguHWFhgGvr+h+Z2AWkpHzPrIZ+7q
BNtWmBesqglSfLoTnNeD4vKhlRHkCD2izJBMOPhzR47FDKRo/IFOzb66W2elIlWJ
c78F9A19gyXbG0FIYn/uqMMqmdeipZittxbehi4M2pjg+ar7EKhDn59A8KWDurhA
SVs5BqYIJEgTjPPHiDRlLlqJviMbmqAmA2LasMa1D2HnmMvsVVtdgUBFU0V9uLBL
b1dANPkkZYBpsPKdaceTesS+y5q8DVouO7ICX/ptJMndfUtI7qNSA5IAklfJWV2f
i1hR/dEiZuTN1wRbX7Gb6l59puGaKhzhoLjbFEASWz4utbgQ0arVllaMHZ2kILMD
Fv+96SxSKFbOenpdfJQoRLNFGXOITIzzrxcNjLTphqW0VPZXM0thbKwn+hNMIvoB
exzwzC54Yl1/PVj+BY8yjCdOVgDBVHBDERVGowymlS+lkFhn3p1xwOxEQHTVc0p7
lUt2dUnQ2FN+beylVc9BkCSHVbxrmZ/+ashzJf8qyURl3LOINXtIEMm4eFr+QZuV
N4eVTigKm973qpoHcLuAan8De98HlhGrSFSk51O9FiiEdUpyzpMjtX5pRCuAHyZB
KQhTMLlTLoaVd9pP7963pb0F5OSur6OvYkcgpgyZ4XffKfY+ILX/Ri8JDDxJA4As
8CAZScAGdaSP1HPeFnP2wC/H+9zudGwvAcigWd6rFRGt6DQtOfZYLIESCGsxnp+t
bGoUkIr1cPzhvjlx8S4sSQP4wcA8+IswI3mNZpm8daHFgmEzJLNOGLKcMgVA/HQu
g0yuQ4lUcM4b7LiwItHCALSN0YHeGVxCmMukFE0aeFh6fsZU1YEMmVmL8Iw88KZ+
SXuEWgw5Y5SSIP+tCMCy4ZGjovciKzivcL6k18XZ8PLPJnP5lyPX6DB8dgTVgapr
3k66pXsVF/Zl5rtO9iecoLXzJY+FUpJZ/raYNSD1iH1hZF4rCTnnYmHyF8i+eprN
OwWMMfjvPHUYfzkUEXk/fjR4OgcradPUjMKtBfRGrSfdFOawu3hR7vZGKNUkgnVb
iT1MZlo1WSWP5HtCHMU7vsEONrPo9oPEQp+08TVqGthgfk9HNFtVQ7SoGCrsUox3
65utQ0WkLLDjUwENFVBeNQ7405sRQHJ301+iKi75idJyOB+WWWUb5JV4L20YwmwM
jCP0AgzSHABNtb0hOaRU9fhIVDfQGZbYmPK3Q/wgfTGYnjlUSyK+cIKh5yaRd7l2
oPis3vLirgTvy81Soj8HjmDRLOcjiyuTHwxYAqJ+lAcjRYrc8PS1ZuOVOI7gnoh7
rSmbgsSiWFOpYDK0/ahc3EiFf3aFgmV57X7MxngosJ5XDx0Z30PyGrMInV+xnrhL
+onUfJ4WZmd3OgDcL9FvmrwpBkbnznYKA68Cg8rbvJqWF3nVrX8RIsy4AjGs6l+y
/DyatF5tfCRS5fDz4Y1lfpNpRC6OrtFFQgyMhKKdaBYrE584puiUhbbabYi23ZF6
5uoihK12hqh3uHb67W6mIfckjbBPvHB+YZLjajOQhhsXKZAcsk9oK7ioJGHT5SkM
EgFp/N00rtvkX/CEixlinyDpDcJ06bA6fpBEu1ELGqxlGXtUKW513H3tjskkEMb7
4izM196MFOcUzZMKHCZATDDLkNHpcX3KVUVmW6ZarBxumdRaOwwOlww/nI+7CJCb
RlaInaRtSKqtCEP+mbI3tl2hJ0qlw8rQ1DdaDZJxHT7WVUfwPdsbyxwLf4g4a9Tn
lpMwEtdBMuhz7h5XVLC1qyds/3f1PYWAfsgkSjrCILEQXaFgt2VNzm/sOYb65TDL
F3zbgXWNY6q6QJmYEMJtV2SKhf5oVRdwEROGj2s8u3eEdA/Htr6i9sxFivUp7DhA
XMSQ2pK8LMA9dUxcP1LVfZkCUP28YHs18gmSZKm1VVdGfWm+Wnv7MnwUmSTrYs/1
qf5UEFnoxdtoErZTUM4CvKTac1aPlz1Usp8Cez9ZSeEp5JwVoh+ojVb3dq1ZLkLI
35E0ekqlr7wesxFW0aBTgsxwl8l74+wFbDPNBhIpibkHLALEIW2hCvnVIzf6f4kN
Oc1F0R69449anIPok+m3gigz4x6IXg99k8SEWPTxDHbGj3YQ3s6xXiRNjQ1tEUW3
+CHCvq/SUC73U+vzws3MlIOkoai3L1TWmhFOIedlpdZ+37A6D4KP6n98oD5etIee
oOnCkH9wvD0prq5WDcXRpUZCw0kAsH4r+IFe+j8D1oz1aCPlknJjpaR0s3SO0tWg
c8TB+7oNnlUo3OxGBeG6Vpt3hme9TzWwVuE9TFNMBweTOtUd+BSXdsYYsGWXxLoi
G4T6C1EvuRFxLEq48ZeWa7blthkA/cW8UxIY3lTi4AJny/KlHXu+jEqUtQaTmvgR
AwplZAJuOlfp+1bNhm4UZK2j8zJvKhw0xW+pklJsrVjTa4iHcRRI3m9APeIa1tSj
xOAZd3M4Q1JOIhiPI5vjDlHVOcRYuhPo0F3HUFWC0SzZjsuq+ingEcjF4Xnywd+m
jrUc0K8DRdWEVV7CjkZE0B0Gfp23FRXrqpN1va2DrFa43ofRvJyjQ6/YIxjLz+HQ
tZbnorPdsQSimhVZMJnViqbD0S05ZWN0TUdyIUekXAxGBa+AJu72W5O5DY56WzI7
AAa6IFwhonLgV63lt8E/GWN0Rl4vpXBjlt60JXvNs+drLXWql7LUtgH3Z4onTgsj
DhC2vxtfO0zN2BSYmhLJaB0a10WcXaM0DdSZ/rDdoKbMZtq/IFLqzSj1n/eifcyh
VySd4aHuVRSht5lXXpeyFKHNF4CFnA+Vl744uPYJNLAvS0n7SlW7N48Q5LOkHORA
MFklrR6W0PlKZESBTvD3tBEY8ANApvAu/6SDb1/FEQtTekSXnnPg5odRQFUG1L1Y
0If5j8xeZkfxYm9UzYQOSJ1eoDIz11qn37YnOF+blftc4clr/35osle2Pe6xN+W4
rKdX9D4XPbkNXn5b6axcU4TEghuZiUCGsFawEqyWLnNzTS0sLpw11QLwFjQgBl08
ge3ytiwJ75Ookxn9G15ueZy7Db3wut0T75gF/oew75hHN0Yo5etAsQ5vxUOyShpj
hXvn6lrAD+FsStiA40GeoGMZxvW0D6wPbKcXjky4/prBYPyeuaHzBov/9w27ZtXk
3WKdMW1uDDrHcn8lTyWb1q8kBLKYNtBR9zinUXMxVPlCnjqbXfSyYGsOd0hLIObv
QEMJFJQxEtnyO0Y3FLEa//9X87ccLz4bbeTJIAx3+xEX+NxO0BD8a02ZHDpP6xnT
jJkoXx80FC1t1mu1h/WVkwoz7HA+WSW9fnsSjJ3jTKs3h4KBO9TC0rKENPO1KYOD
J0n1DPdl4QCfizovskd7+D/8qUlSBmfQO9OqnIEZ01cK1AA2u5228qCIJy+Wnaps
ZZOpd1cAt3uJKQZykxMsoo0eLpH2XjUYE2P7dTI9iEkEkeu7ewRJQuMudHKQf0lm
fefUfiuh4czajkfyBqrH8StwfcFanHhmrLswR8txKJIL6kOOcFzb9Wuv2fmrIiRV
v9PHPb0GhsEpKn9abIJT+m0EOhWX9Rlxje4JpJMHcwQ5MYF0hfwSqMVZP4a5Ltsg
JGl4XXsoxF/PN09FUP+QyrEZrCEQ2VLeZ7mppaOGv8Jf2OEWN2Ldgp7pHksi+kJH
RScgUsn7YvB2tvnJSAyS4xf/lWDRQ7bvm8h8rH41DqY6UCLVkZRTdKzEuu8bftTE
7g2tBTKcwloMARhY2y2ppBfsvUP0FvPgdD0Zu24aQCdPt9rG5sL7prLCozKrJ8Bo
UY17JpBTH/9vQSnkKotCTRe6zPou9XYKfS/dxU4XIh55n3+RD7PVfwIyia2fcQo/
6ZbIvW0ycgOkZN4uZuwAiZ0+B8C5rEVjfC3rnQ36kKpsMaTh1o586YFBptVTHqdP
b5qMrtESurIqlxzQw9L0BE8iZkMcZn+ld9SwGVO4NLHF0nnQx/LpF2SHTLkufcdq
2s6R3BjbW48TacrrDmVG+LfOZuwAuTw66KZuWqQ/0p24F1lZb2lWyIYvjo+/SYKO
6R8ivcgaJ3CW7vQai/m/R2eVHP2/IAE0jrTI5BHIixLXg504KQOMdwDfJrSoIQqp
hl73yMVUCgQNNg3JuBMG9qblfBLGAP+ltIXAs5BNECDbstqRiv7cs6oED1D5SNnf
TGhNwcUQVg5gaMsIc80UozBlIzuR7R0RAAuMUdib1cqW12E+27LF1mM+odiAdwcc
AUiCf6wRH/iJco9ilDCJsZtLX+pg82f5Yk0L3f4uNzb4Am04yGycnfQR+963a/72
n/dUl0uzn/rIDKzwgu6ohlbs3ZbTL5cd/DkY9OlEQKS3M+z3AxpnYLksH3ssQid6
C.3.8.1. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIOwAYJKoZIhvcNAQcCoIIOsTCCDq0CAQExDTALBglghkgBZQMEAgEwggTpBgkq
hkiG9w0BBwGgggTaBIIE1k1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLW1pbmltYWwtcmVwbHkNCk1lc3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2ln
bmVkLWluamVjdGVkLW1pbmltYWwtcmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNl
IDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1w
bGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEwOjE1OjAyIC0wNTAwDQpVc2Vy
LUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNt
aW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQtbWluaW1hbEBleGFtcGxlPg0KUmVmZXJl
bmNlczogPHNtaW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQtbWluaW1hbEBleGFtcGxl
Pg0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdl
LUlEOiA8c21pbWUtZW5jLXNpZ25lZC1pbmplY3RlZC1taW5pbWFsLXJlcGx5QGV4
YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1w
bGU+DQpIUC1PdXRlcjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1P
dXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxNTowMiAtMDUwMA0KSFAt
T3V0ZXI6IFVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91
dGVyOg0KIEluLVJlcGx5LVRvOiA8c21pbWUtZW5jLXNpZ25lZC1pbmplY3RlZC1t
aW5pbWFsQGV4YW1wbGU+DQpIUC1PdXRlcjoNCiBSZWZlcmVuY2VzOiA8c21pbWUt
ZW5jLXNpZ25lZC1pbmplY3RlZC1taW5pbWFsQGV4YW1wbGU+DQpDb250ZW50LVR5
cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsgaHA9ImNpcGhlciINCg0K
VGhpcyBpcyB0aGUNCnNtaW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQtbWluaW1hbC1y
ZXBseQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25l
ZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJv
dW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4NCm1l
c3NhZ2UuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyIHByb3Rl
Y3Rpb24gc2NoZW1lDQp3aXRoIHRoZSBoY3BfbWluaW1hbCBIZWFkZXIgQ29uZmlk
ZW50aWFsaXR5IFBvbGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhh
bXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTE1MDJa
MC8GCSqGSIb3DQEJBDEiBCDs+6PEP7Onuv6ZtLRJ7a/+wdOIeU7katH07zwM0CJX
6TANBgkqhkiG9w0BAQEFAASCAQCoqpoe1ejf8kQ6sGejdMKNwFe9+6k8yi+7cCNR
LEKBIYUUf4YYjCxNGXXWC1ufSBskfxdCmrD33Aj4PCte4m1Fy3Fw9gun36tv4f7O
CPeve5PSY034IvUCkNe7mjEeLZ9kJlviTOsa519RuIxJHwwdqgr7gqKVZZ6JpMgx
jyugVKwuHCXiD3tqrL93urN+oVaK/1qnE3vxYs54GS3jaeVElj259OlSjLleg6zt
awntxCVW6YY4ECzMppGdTbQLPK0tYeXaYBymqHN3yZyqJge3X9b2uLbrF/NjDfTd
sksuo/pXVQYWFYMKqFo1yCmm50z9Xq91JMJSJKCTaTWCVW0S
C.3.8.2. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-minimal-reply
Message-ID: <smime-enc-signed-injected-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-minimal@example>
References: <smime-enc-signed-injected-minimal@example>
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-injected-minimal-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:15:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer:
 In-Reply-To: <smime-enc-signed-injected-minimal@example>
HP-Outer:
 References: <smime-enc-signed-injected-minimal@example>
Content-Type: text/plain; charset="utf-8"; hp="cipher"

This is the
smime-enc-signed-injected-minimal-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.9. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8710 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5438 bytes
  ⇩ (unwraps to)
  └─╴text/plain 438 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-minimal-legacy@example>
References: <smime-enc-signed-injected-minimal-legacy@example>

MIIZHAYJKoZIhvcNAQcDoIIZDTCCGQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABg8nhpiInyKcYQ5cLuez4QaLUOm3O+SpNSE
ULUIB+xmbgidHBGd/fLz2LCyNudgtdS79wvwbXnqVCGe7+A9iNZCw8dbl6oFHfaC
15IZtIwMNXxL6kgsclfV1HfELyVpJtoq/QvF1RejnC5vC80qUWiMnR79gv/AdEgb
GeY1j6tb5xA/U+klrVGIVOSLdm/gwHxB9dcvh/ZqYgHOLX2p8J71J58h9dqDA7jb
lddz0L3UkQT8PSKX1QupYJytSSLF6JHy+Lo7q//sbt0g4EfxAIEUL3Q4hfHRbLxl
qOl2Wr8bCeT7XlY2si/IQ9NfCnGSKy2NZAinD1RgvmHuAcTXcNcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAYep6SmjjYOSSjQEQaS+/4617
sGG+A7FD0zYWNV2AJxh6ZHOAdv9ZaeT/aH/+d0PJtP2qAHyrVuloVZMzqrQh2NMF
euCchD4KAER6A/p6TKfFlOW7A2oHLkRHJFEzBnTRz2ipDr8e8eMSNmvdqoS5mexT
EjwcNKaSjZbvDwh0UxjniOd9VVZygYHDtw6m1vq7aQ6j+0qMBd51oqJTY1AS9FV1
aTqjuZDh/Cf4b7+TzPANhzhRNQKHFx+yBd5M4jObzjDeIhZb0TQFVIq1C4EUsW3e
3RmrV9e6HtmFwc/KJPm0yZfTb0fKgVV27DihE7YD6o4mAKOSluVO3gV4juHsrDCC
Fe4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMeZrjzph2ECLSEYHuSV7jyAghXA
Tm9fW41DSFgrcI07Ggoe/Ni+3l3NwFP6+RNAjq67UB0WHUk8a7U9gfUHa7ZdQIbF
+93uK/tRtRjjCybwxQFYXyB8BjXLT03Nof/nxh9hy7UnV/x7MXUXwNwWSmuc6/DI
RSyH/58ZtnJNQDL+GJHEQwCuRcLDwVzx+H0voq1W7w9X8C7GddiJrDPr3lrAeyK5
9MdMiJ4M1mDZrt0H+ys/Zf/E6LaPShrEn8/Z9sQQJAp5zW00iaW4JDFrZ//V7ghb
YL1eNGM8qfnCEOk+5TCsI8gc5JZV2339puaNpeo3ema6L+c3/G8uz38oZtig01CI
JxwZ7lMEBxt0YQWr4MNLJBkRKd+JGLDlJoU6RAFHkeul7mfsDq0lBedLxVRx+ADO
HzjBNTnyZWJ7wjsnofCf2Cer8LnbH34t7QF67lU8bRDN1EyRdrI98A+X7hrapAdH
7TI1LQVz4tP06rrgjWw5XCBvnFLZJl+eJ1CZMpScrOlSJTxNgyN0NR5TnRb/95Gi
D9QLibrGfuXFm28PXy44D7oPBokR1YypR8Led/8FcFnVUf1Ki4pbZ26gucDEqCSD
iD9wYZgFdA2bympZzADKcg10g71dQamZ9paV/+Cnw/X6RrhsrBULb7G6exZsukQp
AApyD4yyQzGqBw/t/i1QehhI2XiqLP2SXhwMxVBxPuNiyIZdlzmirYtXXlBsbduk
XWDGxq4MdOUfZxzAjRWiwnOEHrfrRyaYV0RsGEvHXhPM8CCK5IqsjPX9hTfKAyxC
Bjo4hIOj/ZK51FphA2wGU7yRbXT8rs+xBWQ8L2/OO7P0NZhPIg3kV6GuG2eI0TF7
F/NiFeHT5QobNVvDJf9hN7Q9TN9/pov6hsfFmuiVgfe4zeAT2NKBalGeVC/Mckc0
FlCW6o9cn4ta+OKUGt5HA3z1hMg4oQWs7OGAg6+sSjsggNGuLuadBUm7RI4K+SpS
8bJpZCKCgTpLyw/BLvb2VNDyoKEnxiLrOdNUSd2Y5+7R8k1uc7ATICpGM41pCRcT
mnnQ2urh66vYkGbKNLv6wopPivMgGdO0AZ13HXCR/6vh+phNJ4i0jQPDsLoobQOX
r5Lre15/QAiIOJWNHMortbV3eitiCoo91CT8sq26dQM/0V0S/2iVjU8WzR2RYMBs
fQRdNDoxrX96wxilrIj/GQPRdVDn5nTL6RdeY3z10ulFDQEe0VkCrjgLIZ6UH+sF
nZrYEWjjRbFFsXAKyCpP4IVtZhja2wecW7TsJrHjY4cM70xf3j2GiB/Et/nn9Li8
AjVIO7cMyT98W27WUmp5GnSEyLKAUmCn+1xd8woUiBrTzR53oanc/+U3XOQx2t2L
yM+zwejaXfz9OEWdlYyQsPlTjD2gqItsw8x80r/EGbIdS5vuG9NY4VK/pGlsJ8dY
uwGoFXO8Q1GraauGwgdHdZs40QsxjMUjz6vZADdem1oh6tT/RRoTlCgz/4n7HxVd
l1XNhSYCRi/JybbTSvTY1ejgeYraIu55o5inQw+1yPt925fHahBqs9+0VRUnsDjp
JaqIz5l41ti9m1O0u0Ah0FmfTYcmvG5MGHOC/lAtCxz8sThHBb3y7D+elgg5wY34
xKb8oJlniN3SuS8gUuHvqgY79fjDXcpsYM0GZN4yDbCeqPBMb4GKCdp6r02q1iPd
7YSx55q7tOzLHuta7xA3WqVWEVO4zYmgKKcVm91UP/1l6H2X5yMwS6H3egmaw91M
Exq/ReYd4UpuLWzep++LYQlubxRNqkflf6WYf66TPS7f8Bc5tlaq3lcMojBrl6GE
s95tZoLcZHVFnGAzgxX6Rv3hAH5eP0w+h2Kmlq3Guodyj7GfPcD1xi/ruuwXAYNG
Vi1B1TQBZ/QD/Nb6YB/6rU7EPqjy3ew7jZH4qoxE1frTcHbrU1ueS8jj+VJJbMN5
muCrH78CJwsMEobZMHxH8N3fgCnMU3r3z3MNMK459/D/3UzMaiFrs9GhwAzL/RHC
QsdQZypeGUukKSyChzeuZaBt11yhXN/7itKulafi10n/qfT/gFQP/65mAwRBCcBr
x9PD0uB4Qmb5xJN226aLnLMA5WpXeZbgvknU6GuOSfmL8nerAv+qXI4qhXiImeLA
NKb862/nfKt4p5IJXdJ3pRyxCz5Zu8wUJJe8DoJo+bVaGEPAkgvMxcRtpQ+9oJV1
QtFXYOXeeEqDQ4VAmuL4nAOU6vdaO5c38GuqILGnnEJZvq6cZgH9g/LtNzJbire/
33l6pSXD0H6wn2HN/fI/NLm1joCOsL/2tbkt5UFLZHhg0t1JGU5xTeCpiTUomsju
X4EbwkMIx/EsjiQ2rweCdjJAziKP2WbX/cCh+CPG1gw99PcKY7wwZi0zrG9v4sj/
WEaIa5eFS3QRpmz06cqSA7f5aqhrE2dA0PwOGIVpcFPC+tINAkZPbbKYmkqvJ8Yg
9/7Y4TBpx336Ih7BUJwg4Z5EUF3/g/Xj+caIhL4DAsVZ7Y3KRWPW2LpH0nFLAE9n
z+BdBaa4SNE+RdMxGcZdJV1ZdU2B0UhCctRHMEQ2obQ3OVGftTt4hn3iA4gbNRqA
7rkH6nI2x+c10j2cUehdXEtMaE3IsUtsYWNgidGshOblfbn24nKqIOoaDsJn2hT2
axy0SScekm2wnWUcBfiMplcVCopX4u6zwahefqVYI029xP3Rjkr2WmRoojOmL+8K
91sf/zJYbT77jbQWgoTxhDIU5jrI9JBzSjZ7156YnxlPMzrY71l8sEODCDPxF46U
4BtyFlwnMr0Csg2sJJOSVXTfVKdfE3LnWpomMBU8E7flL7PFWGh2iObyl5MBikeN
2jd4Rtw+idCJs2Uu3j3JgTEZib0BbL8cWfdDhHLQDNGPH2OwBlPQFowzWMN8ng5x
b8QQLO/N8BBt/13DnlLspZs4nbXtNBChtoi+TWSQYXoTX79NDPHO4syzEtQt0CAi
TfKA1AJ1uXNGYOPhui0N2/JCMb/C7w71h0m7RaNumQWPsLbq0ZlNP3l8BjDIAkb/
clYbjH/xBfgTDpYQwfrAnV5FW6ydqf7tZpQmZuuTadfy+aLsu2SlOE23k8RUIz9O
dni6Qf05ipS9cXIKvEKLZuNbFUREskQCJSrGgsH1gqROJ5u3TFOuEC1x17kf0T6n
Z/BSOyDraCEzvurBVQzUjlDtPsnZzXjrbY+b/daBvRPng42Cpr2d9Jh8pjjSyMyc
Y6c/s6ts1e7nTyhVdRPXe3R0wYkBd3WSIvtsdmVt24qG/OqAsIh+33D4K6X5j0qI
vYYgIWG91lln7isgZTWIdRkeVCWqaFrSorWR7oB+sic7K4FJ713bB9HiEpJvn7SD
wDRabMsPVyedFHeP9rWkpT+1NEfN7PVs8ZHcVlZG2lRH0MnFvu5JibMrXFlL8d43
VDmWrXDwXes4mk9UF/+0vFZirDFpilgenohyb5EtWPDqedfKLxrLJuLRuVbf6y57
iYsdS7Elw+ZsN4la11KRLFzkt6Fih/TVr43jpUPc931T/GhWRHluHyESv/FIBtzt
d6HhPz12eKZUm2jnuLyUql/Wf4K5kefdfclVVpekR1Y/eI0T3WztOeUhjtaJHyGQ
RGdcC2Ss/sCl5cRyDj+QQnv14ybTg/PmjHjdSuohFVKpBBNUoglQJSqWpSMEyYYD
vAwTrWwoKYSWOluPFanKF+lEujkSEqlwTSxT2Ex1KpJIKgVmOGPc3IPsd1/aC4u6
4l/n0O11h5bWA3r7mvLGNQzutFgTmKFuNXg2jAatQCrGqM7vW9khVavHL9W+aPdV
sax0Q4jFoWLvBncfxfGyZye3QEjk8N+Hxr1pqjW7thhZoSUHkJuqGF7dXMjeb+SM
GraYtXX+cvO04vA5RyiQrqwuURD2UFixwJ74UuPjSRFVGx1u9uQh9YwAlGkF5bP6
OyTGnHRu+DGyLLoO87T/Ne6CGZMPrHu123r2fmVRcH1MZHp3hCTN+9U9GixlL7QN
K86unuO1yevAi5NeywAIPElY+o9kUHdE8cBzGu4yrk9cNBp+0WZ9otv06/YM+7yi
TH1IUbt3lobmEAWE/95mgYEBBnp9PiDWe+Z/HfH+t/OEQgeagYlpwb3zuGmsUOuS
YGeTsh/cSBZlP5ni+5lvBoCXzOFlLC5zwFba1wJfoEL+OQ0sky4xi3uh9TM66QNV
Oii2LKSAHw62JKq///ymXLdj+lnSN3cea7Hd9VUAvaJClCNfYOljBCSLhU7e/qNw
p1SXPhyFaWnVakDCIPqW3mo3U2P1OkXTrHFkd0Ww5A7G/WMJ9gU6pWszMDwseFaZ
Z14qqNa3m2X0XFtRilx818hDRwqDL8t+bSuhHUVh/Qvqq9EfgftrrSVRrb28wSEG
c/nrlIaY++ElTdwFGMBoN6aI9Y6QLFkv5BnYghsBHP4LNT1sncDM1NHpEjhZH89d
D+j0d10Sz3wMCNwqaGxwF0xOWQX5+vbgiXAZd131u525opG5rLZed34Rq+ejPtYW
AWBezTRai2kEgpciAN8CuPPfr4JL3W88nd/9dD+SdNS5fg2jip89bkMJWJjgiR0o
Ts8u7jdnCS3bSsaofjExigLVK4Kfm8PZETzX0eiTC0At3M9zon8Uvfy16fwC6DEh
W8PmVQLVHLuWBIvzqVXfeFK77drIQFS5hgOznb79p0ay3TaicpOEHRx50iahfCBN
FyIRaSxfJOsbfKQOmy1sHO/CVxAXvrQB7SmYYm/iT8r4kbhONn8FGHCd2wl5clXu
wCMOcnL3Aq/hmWINwCZBicHIY+zN2/6OYZK44bODceD0nLJj0g2EpertBmgIR+1o
QYQLnfRbfe2C22vZu/BvcCA+eczABCjW76jZbWAko5IzZ7DSoC/MSbh4yirjgVLI
h/XT2yRYQ38KjeWV1sjm3FypiUN1bpDfZWDf12edf6dOSFWerWrGt16yssq/X2bQ
gXlw+hlgiYuiU5WSQLpl0rosNPE+rJdSHj7NPI9pcV6JNwHuCi+upMvUUDO1kElt
mLSFSztZ1WxvhBq6itkhYYBO3dISo9e1rCOyvcfs5Ttej6dicsqn1VvaTozh5aZf
D7NUFyr3o11agOfE2HVF097M1w3N+PzVSyAnl6DJIlSJr+8Tce3P2z3z9/8kVFU0
czeYggfbguVknOy+iVO0XLxj446G5Wv9q58bse+ZRp/4VvjC5IZgSRjawYBbLcjK
pfnrtU6cWpY8Em7SB8Neho7ZU06hmymZz0pyacRqMoREgh1Z2xxhs/5BAqrD8kfK
FvpJQmmg08OmQqE9lzZoXQdtOHusY+lwEcaXb/awVoPo2Ynf61TSU6lbuXZ5Tj8i
zJmrzMxLKDo8ME5itqTwWtmDFLIzV80pBAEL6gdDC0FOV8zUKsrxLhKk0J8bAOH5
xJgv33UXIwqgCFMcvZvpAdKSe8cY7MjEZvpXlKilRc7mcwomzDbkx+n22azXPP6B
4Wadf6iDzGGZfeYFxB+nTodnuMG7ngmy9zYQXSgmrbI1/xTiZITZWMHG9XoETHgD
5g+E/5R9S3bncsoWSR1R+dWgU5z644sTs+UgXExHAo0JSVtjvDmJOvGJsEg0b+VF
92dKAsJDQaExFJj7ffKaJyCS8DVF58mm/6sE7M3WKu/hPLnNTtGN3AJFvR86ECPs
RLs+DNbyhS2TS716FLhF2Zn1/fByzGtMopxdzdhe7UIrsPvpbs/ZZOfcwJNRTfaN
btwXn9bHRYPI9vZnXPpLjgBZb2E+8YZYJaVH6Ncx6kTxZ7N0PhdzyxIYlHbDWClX
80R/XXa5rMgqIEeITaAzrH+foFn3qTnMwXdL2NHbPPGtpm8hkqoOU98XhSLbGyRy
lBZUuN9xsV9F7OJ6nD6U3qNKZD/lSt3UVdbix/NTH94g2L+Zel0nBeZ5zj6mf37Q
lFyU98Vm59I3hymUuul1wazKgaWWEMIWb2mkb+aZ6FgVKgRZ2+c7iex/+M6j7tnB
xxj06CA2xiLfpe1rGLKwQymgU9+1jO41tSlpWtWdOJmYeS2a29YUVIP7VoqWSfWp
jKlsBwT+CtYZLREAPQLNHoEbFv0f9O6c+B805kNU8m4JO1Jr+iWJ2YkXB9Z7i2j6
470Cts+FXdnc80a95cT+paVLBeNPncDZgDXO6TdonTSt1L1nUlI3ahJEHUKWulDS
ypqFsWja/Df1zCZ0cqBKQ9BrWaXgBhgfxkqqpsKnuU3qPbK3BHtQ/tHCkBjIBqyu
JnZboNwvNMwj5h7zdbf6nDT92ArwiQ0PDzLSWgZjVuU1MKadq9gZU0KsiP/LMEh4
0uK6LXOfMVvojlAnb2pbO5+tj7Gga+Zi5/4IFoZUfqkb9Tj7ExZ6EI+HiZfPsWdJ
KrvidI0hfoRvG9DHrjWTrK9DPL03xRBHyAu1MLzmyBGKvLPM+hZuXFMzfA5X39Py
V8Hvf4H72gsaaW7MXEnls3Y+GMk9dfkx8hZCKEs4WfHbvZvR8rraKjHZYXyWeZjZ
3WF/TczcRH4sTOpA0UO5EWuHhLZusPS5YM0AohWGMGI5v41xDAp9eubyHuqIgm4f
2a6zByA7jwbAdWagV5Xq6KkW1jaJm+VjaoEn37Z3b/PHUZUIdySBAbLFGOqpbMqN
yjP+yW6QRmeqhJM6QfsY/wn3oyHakLB4gxs6HRcRNl52obkXinVZ+4fU7ZPIWQ2A
UWUPN2Mi+STkKX9YVN9b8IP9vqdLd3uICPPnl+8wBvqevAeObVJpFnXGAh/KbFsJ
55hn7gKuXauxMwsf8Jm0oyhXqzw+IK1fYrDnVF38keHwjQBrvScab6fHihEI2rb6
dtuUytnbJxklFlfWEwSBrOcA9bY/v5+ic4wbrS7tSmOriO3hRswQ8jwmBWx+9QKB
oucyyvpsHCLWx20MlIWqiPUiG5VcBylBSxK1ioT243ZceUngRCG7ht/Pvu4zEwwg
q6z99PR8knkLCMiyHECTe/2WkA5QKNf+bGx579BaeK+8ZD7lWwAC02tlB3LOR0Q/
AyrIaqSsueIPD4ozHnEGOhL5NrgOVDmitD2S8TtmdoxtsYBnesel86oEM4wcgC12
V/9luTzlL30nRl8k/PPO8BGG8bowRsyJ5R5nhld2ez5XDniZYaZo2D/pPptkbrHk
H4JzotqgdKrJOJv86asN1fkl+HezXL01kgRWcFOEo5FxU0jPmLomd0gE3FZfQwz6
TKBkDV/xBN4+x6+/oxoGrDLfMB8jYKXhVKSjTa7inf27jTCH2z3Vf4gP/9ihG7tv
QDEPh5Zg4a4B+MY3k2S8fqMAFd7HM6mFh0cah4QogFGz0ptyHK75QZM2Nnj3Fqud
V4shzQ+onVqkk6kd2dEDfHae5S2uQzvLHTSS1mdSX4TxFE1Ogm5RIPMLYrFyssjH
UKs7UvR97IkPgbSMxBHmha93uxH8I+gsUDLQQOkUpKWbprLMDv9UVfiEg/0sT5F9
C.3.9.1. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIPbAYJKoZIhvcNAQcCoIIPXTCCD1kCAQExDTALBglghkgBZQMEAgEwggWVBgkq
hkiG9w0BBwGgggWGBIIFgk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLW1pbmltYWwtbGVnYWN5LXJlcGx5DQpNZXNzYWdlLUlEOg0KIDxzbWlt
ZS1lbmMtc2lnbmVkLWluamVjdGVkLW1pbmltYWwtbGVnYWN5LXJlcGx5QGV4YW1w
bGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2Ig
PGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDox
NjowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0K
SW4tUmVwbHktVG86IDxzbWltZS1lbmMtc2lnbmVkLWluamVjdGVkLW1pbmltYWwt
bGVnYWN5QGV4YW1wbGU+DQpSZWZlcmVuY2VzOiA8c21pbWUtZW5jLXNpZ25lZC1p
bmplY3RlZC1taW5pbWFsLWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6IFN1Ympl
Y3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDoNCiA8c21pbWUtZW5jLXNp
Z25lZC1pbmplY3RlZC1taW5pbWFsLWxlZ2FjeS1yZXBseUBleGFtcGxlPg0KSFAt
T3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KSFAtT3V0
ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IERhdGU6
IFNhdCwgMjAgRmViIDIwMjEgMTA6MTY6MDIgLTA1MDANCkhQLU91dGVyOiBVc2Vy
LUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRlcjoNCiBJbi1S
ZXBseS1UbzogPHNtaW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQtbWluaW1hbC1sZWdh
Y3lAZXhhbXBsZT4NCkhQLU91dGVyOg0KIFJlZmVyZW5jZXM6IDxzbWltZS1lbmMt
c2lnbmVkLWluamVjdGVkLW1pbmltYWwtbGVnYWN5QGV4YW1wbGU+DQpDb250ZW50
LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1sZWdhY3kt
ZGlzcGxheT0iMSI7IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1lLWVuYy1z
aWduZWQtaW5qZWN0ZWQtbWluaW1hbC1sZWdhY3ktcmVwbHkNCg0KVGhpcyBpcyB0
aGUNCnNtaW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQtbWluaW1hbC1sZWdhY3ktcmVw
bHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWduZWQg
Uy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3Vu
ZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQptZXNz
YWdlLiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90ZWN0
aW9uIHNjaGVtZQ0Kd2l0aCB0aGUgaGNwX21pbmltYWwgSGVhZGVyIENvbmZpZGVu
dGlhbGl0eSBQb2xpY3kgd2l0aCBhDQoiTGVnYWN5IERpc3BsYXkiIHBhcnQuDQoN
Ci0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6AD
AgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
DzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVa
TC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse
2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgC
ReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqh
BwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/P
GeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0T
AQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxp
Y2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8E
BAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaA
FJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEy
nBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZV
jdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4z
E4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2
MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YS
HjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpA
r4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo
0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQW
l+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+
A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtw
s1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPP
dfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJL
OwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilq
kBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naI
s3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4
eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXR
n/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59
fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtB
iN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4
as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUxNjAyWjAvBgkqhkiG9w0BCQQxIgQgCAaT
PYEnSQj9VdOYdNHkm51sA5hALN86e2yLMYKQ6I0wDQYJKoZIhvcNAQEBBQAEggEA
YoGrT/UPVhqjg8LzyWYqxqwfV2sHz3/ND71LYPTJJp66xIwfm5x+AuQ90tk7MM5C
bbocxsitQKt9kXLIai4T9tAsKJ4EmlJvkqc4/JpjzaTHSrvc72yXYPN+imkH//Ad
rr1ov49Fak+rTru/JTnfDbSM/cgMROp3WshiAsDPvv6KpTqjMLqL/ZPlxlvtf3ly
szrgQjf7BXqZUT4CEdEi+c3doXi7BeVq4LZXnGxXhxHZpKfc7rEccDMSxfKhcqfk
D2dTRArfHeAAAsCxiYSeEf1sy/5tYmKli4I4JLGl0CQ7mS0+zDCJpYHRHvf5IRpJ
BuCbZpkZTWeWKN5TbHqHcw==
C.3.9.2. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-minimal-legacy-reply
Message-ID:
 <smime-enc-signed-injected-minimal-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-minimal-legacy@example>
References: <smime-enc-signed-injected-minimal-legacy@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-injected-minimal-legacy-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:16:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer:
 In-Reply-To: <smime-enc-signed-injected-minimal-legacy@example>
HP-Outer:
 References: <smime-enc-signed-injected-minimal-legacy@example>
Content-Type: text/plain; charset="utf-8";
 hp-legacy-display="1"; hp="cipher"

Subject: smime-enc-signed-injected-minimal-legacy-reply

This is the
smime-enc-signed-injected-minimal-legacy-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_minimal Header Confidentiality Policy with a
"Legacy Display" part.

--
Alice
alice@smime.example

C.3.10. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8150 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5026 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 1107 bytes
   └─╴text/plain 326 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500

MIIXfAYJKoZIhvcNAQcDoIIXbTCCF2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFuacLR7HmqYdaa9OKvnsTHHx38/WDFaTa3K
EnYaIRMpx/PqqUAet3KDuQVxQfPlVRBvWIO0/Gxah3Ua3mxb69DuJ7ga199Rejcr
H7LDIoSLRYEWcGbjxghsRzbLHVuQJYvAyKVcjgLYHE8FLxnx5pEopPfh2Wf7sxjo
900Jre4SfEymyI9qo/tHK+BB020xpKxrA+Y6f36ZXoLr6NEZyyqPGNNIV4ktJ5kl
zNL8g8q+QKjXpUMGy55Hmzbc1S7T8cY7qKWjYVzv//IXnc+PqqFddPPs29wp09gL
y59h3e9NAbfLWgzA5/dp8NtOttWA5bXtGfBU9LvBCD+4dkngUewwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPl545Yea69g67ppXELT1GE4n
VbyBi4Fy9a17D875Xiv33jpJjZMCCQopNrwdnHZYU+AdS2PGpRXUajuDsm03rUh1
FRUzqModa9QdXAuQz/3GcUcvUoQBt171hdWgVFXqSNT/13rcZKxlhSjv90hbMy/5
Iz27r1xl0XIKcgghaUJLBRXPvXYu8uZ+jNjOwrNsrvzGsF6Ic4Txwd9B87LGm639
zCowx9Imt26/u4Z178gp067fnJbZm1hhpxjPjgEwbYWj4fIupsmcH2NZwIqmVuv7
L5c421SoDQ40YbgSzZLUhqJKVhuuxGMNdi7dIBT8xDFVdyY4llaUMSd+TKJaBTCC
FE4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENcXGXiQCdf1jfEpCQzTf6iAghQg
LuJ1YsQAADDbRxNV/4TAKHjWiz5S1Lh0ZCjcqjJpK9hNUeMwLt+2Z8y3nrN0On7W
oxGmZe/AQXXsoDp2jrXTSTqlVaSA3q0nqZC0jb7f3nD/sUhl7k7hZYoH90QRkDOI
caj4Utwj6GX6Kz1cUjusoxHLul1scfJFs77LheeKrFgKtnLPRnkVSvgiEkEO8M5E
jrH5K3VwGVSLE4pRM0DTfqAFuQN5jGwu51tOMxW8ytNpamLKAKbjMu8PEnQtmsul
sKs3vy9rU1Iztd82nkuS2jjdUqpiLSf5hvjVjnxydW8Hjsgwb5FOmKjTwzPx/LtP
PuCiGP/kw5toT0tt/FQhMm0KemIvdLB2kFDxAJjk4ecOs8nHMJMmKb1/ExHNoJ35
eZnv3jnNgNmvWYJjh4wKxroZzz8k1D/DHMmrjT1SylFUW/w5RUDvS/Gg42NpFN5v
mFaIKmOd34SFJh1lXQw3J18tQExEtiGNi5sLyPFzGCvzG8BpVx64Xg5OMDttMRZn
O+kvNLKJ5k0ocuxoPZAg8WtphSzRqSE6dNL+qnGP7P8P0C5GqOv8MJ3upzg/Jngr
cQxlhDXC9rwzclTGZoCALNeNWIyvFL6FvbCXbpQTx/qPn3FgrHZEV4wtNfJZK5HB
kb4CfQ+G4CmqhziOf5k7IX68nfNnRumylOjUpGTBgCyzNXClvS0bIMsDNjPaxQaj
dT35IWS0bqgxufNHMTAcX+uKxRtBLHPWp7lVR0r2K8FzY3BEgTDy01j/skkeLPBz
uKGaBopZpkdy/oHIDWxOTj17kZDbti/Ayh9hOhR175BjDwVpBAyJE0+dsD5ACQZ1
vwMekyePK2SSB9MfYisK5k0iT5F9hpKU5qxacHbhP59AQDQRnQMfhrR/Iwsp0wux
kRh/6nIJ/nYdb95ORFcY5lmGAF2m445Tnf9HnJHbDpWeGt0C2zVjdnESyg2yftbe
4taYBGLyIlgXPkPsJm2UR35lYsFDz+dlEC8OFKEJk4RUa9lu8+TBqSoXw8NJCPVA
BGgogQF8sQcrl9Q1Gv14+dX5xGZTRc+FQEEagcuM/dIl/PV0H+kNeczNFiZbG5ZJ
64tpuCu1EZpZQFGZmqnRgWOeWC0JBSS23aWYT9tOnnAtNBkPa8RhqAj+aRd3WdGF
O+cnu9Mow57+pI+b/d8UelvNrAQUxcJSV/V6BkBRAKXEesI5EGZFvajZ4p5pC6AF
RXMLPfyqLl8QQ9fdxG/WD+LxPKb+6S4eai5x34v2j+Ispfc9bqxQUAUm9TsLJBd+
gf3ciCY6h8vWpVAAGz3vgAyDdkksR/vGPJlNYx9pbCldfjaAV5RgPUokJhKro/gP
KmjIziyvPNnRlteaJ2jlIbuEe040LCy1gv4EwRFFovvHifrd4MkShYs5BD9KJsHz
pLlnzDTb/yF1UEJIdcbAR+1KoK9rCHbqYIJZc2hT06QE+CzNKf+Ppmc6pw31JVTC
tH0loQ+wcX/OcoYObOAiJ0UL9g7g41c9bIPn7B4nQqMNcf5soPRtjncweTI563m9
H2VdwUeK+JK5g9x6BZkp/8SDLjvdfwG8OF2yjTLGwFetoZw9DL4G8kNWWu4whce3
XKSYOGRZaTTo74XUiCA8+hmIgINsLDenqyGQIr+JpTTgv4MEcg1wTALAxSPHXtJO
xHwtz/O1aqtZM7LX8WNyH0ENtVImMKK+20RsoxiSjNQXrY0qPxkX5s4dQXv9pVhw
ZpM+LPjJFNG3pGT9sddivhLwzcILYskWnmR44BD65MfamrLveduhvTN9eR/P7tL9
z3enlr3+ZuN10LxvS/xyle4g/sLCVxF9LfpdFuQ3DkRBDjUu9R4xw8+1HI4pFZ1T
KntG21UltSGa0FeklcM1m/fmribNYSSV6MKClhLTFrKB1bOQAhtAiKgAbSgKtTQ7
Lj6JK3EYV+rWmd5ehOpdPX+YR+0wxld1/FGLCqxEhxoWkxliQ5SbLh6KiXAGBMwt
NOSkGfmkrzw8VElNvVTlZJ24VwCYAYoOZ7jyPAe23YJo1sJuJJr1OEJ3IuKOvPVa
H8yAiFKi4oOMFl2cshVoIgL8N4YPjEiiEODg1hNBvW1tT7an/DDhi8xhN4hlBO/Z
x9HiRNBdpwrWrwkipcwne+2c6jBoQS4EHC7JmQbvJC2ux4wroQ1+VLXKsdyogJKP
7kPboTjg6JDJnLpECW7DXQQhCOKnHyQVj8Uf/WpTr0owq8QBSXqIM7R9cttrdfux
zPTGBt9U1XfZtN49T1w5EGLYTMPL49cHjjn0MMswKo5cFuu3cIv1mHTFpMoc1oGW
yKB6iX0QLruKeltnBkgnmO3nzp/5X5hlwCKXQ6q0BmjiyKgwYH/MM30QHV75Thw/
9hW0I3x7tUc1rDB/Ymlp1Qnv4r08Qd4A+vEMwI3+ARxNoHGxfwNKhr2mOtFhrUpk
CAS6n0vw0SIBQepXqYmjmUG88XsEeF6lfJY6T4p4u/9E90wZ9aYBioqMhElO1b2I
cKz6lAzJbja+Ej8n56zN+nARHlQ/tH6D+bh0ot1awtPzNBGSGWQZhNx+ujOFGRFK
Zcez4U72fDn7o16ub1+PBO87qscx3pcgUEG0zVYl2PFQKT31XlpKz+BLxMJceEN7
oNnidFYkmWTeObNLlLHKbviVgUJ9QpAB2W2JLgtFSmaq4+3aCP8Ch+ef083/9ZKa
doxcOPg2HjyRtdvIQInGmL+VwzFpWeslhadQJotHptTNVEMVL6lFz9EU5udqRqfA
7nO17NpWbRdq24rlekD4CDf5r1Wj3Cb06c9gWvWk6CstHglX+2BMLo29oOFUeVbV
skcIYt1R8UviCjASNs1Jn2TA1v4bqBi4K0eXTwdrxa8XLUgMiJ74mWReq8dKwnKS
oxS9V9TMyiehm6odHUVoKWvki/+XXVYvBZTFhEwRnXWt+08CKdE/ICUF7HRKMISi
3YQNaARdhs80md89r8yO07A24gtNDJ2lRxBlasvgal3/ND/kunEIWd+kVXsgIE/e
Tnn6DA+bkGC+O37Btz/mQUhuIzbSLm9nN8AQyB3mFoOACSXmNndzimg4CU9uVEKI
n/sj1eQQ5Mu3EGeZ7ct9jlgs/7oIOcBJansdQv9pL6bNvM8GgGxnj61v3QGUEwOu
SKtbyhJrlBuzkyShEJuGibtZzQNcIWR9ahSXKmcnx8R+teuM9Mwv/4wE2NJVaw1M
RxWblbTt0a6kb0vjBaop5UCZ/OmfMZD0VL+iF5dH63PSblbjXrRrAs89xMpGOvr2
sMkrsnr0ACPI5bhSJzeZHm8ZVr9NgWZk1+c5JgZFDCT32BTzRjUhKH7rni9RJk4I
FI6uQviujl1Uej07kAL44OMKbgfG6aSvU09Wkmd1SjujkUGDjGLbY9g+BWLYX9H2
zG/PwZeGuX5Qe72/jQ1T2/tA47zFSe39ozJ+VFd5nwU15GShMS4lFnfWsqoif6rf
qfHr6HiX7yNfDlrLcwqDVc1gmopuLRpYF4TlAJoQECHFAHlWgb2+kx5rVZ3EYJDw
ZhFr5bkcAWtLeBNKdweh151mcWDbC7IJBkEK3NeGbcNHifBHx48ynD+Wscsx3jgi
nz5oB1+v2U6JMK6kdQlm8rG3PNAor9v3Zozwm/hVpyi1htcmL1bjaDZQY0mlt8Eq
yzPk2ztJf1cxYAU39p3G0i/Q/t93wSVFZhUc6s0e55oc7koP0qe4E0ZZ/P2a/HiF
UDB0eD2amCYPse4dQLjB5CfTsqAHHabBy6if5SCMbR8NNu941Q69/VT7ydliL81i
EiuMK7UoWCdtH67ES2UVczrM1eZCJm/2/Evkp40yUa4BEiEjREM5CjSaxamFkFC7
88fQZsGFSCfulNUAhp0ViE6OtsopGF0T2bG2S9EFyhImsUWxIaSWWhz29bpep+VF
43Mr+fjlZv+99nDt91OJ11RwU8ci/vXCSHDDJR6pOYPjS3h3H3oAB2V2nNYZarz5
oaZ36XdtYQn1d3qP1M1q87IwDtfYaZVA15ukS3A7b0S/FQgWR9wTTscCPIKjbvWU
LIBWi+H6kkW2S12NPCHNIWcaE0Nd6GeIf/DR4dMDL3DrvGtNJRLgnN4iY6oYmeew
EsFbOWdBbBFrAZwgajLVsEe5iPfb0Ygq625u+GJfPKQVIhtCcC+o0ADeXnHFlySB
q0JU/0PsQJK9E5d4UpqvRJjJV26w0I1oFYKFhBN4I/VplY/GdlfvvodJ/6gBgGL3
xRYfzKIT769sdfTES1uUdijUKI84LVKq4WkQOk+91g5j5KMSSx0tKHHSDrHBaohf
Wrk3WtFJVLVbsJnlpznriG2wemrN6VYdgv7jc7pLvq/GPhgxPZEwj1bDZGGhSnaL
5D0iJ84AORfajCJnkcfR2ik29/GU5VFD4hWprmlVfPOQCGN3Gxlv2ye6JZy6jJ+f
/dEslrZ+rqXQg+ZO11gPvpr7Pl1onRwd9Nvxup1TNKFx0Y8y85jI88bB6qkvpXzU
Y3shyPTPJ/4B3rrM33azJex2Dc3420CiSj+uG1eTN5rg5vXtYh3oZQHmGPr2yEMV
3Z9Twd1b9pD92CByLsQa42XZHID90U3CEhVaMO7XaUz0FchU8IU67zOWWFOXNyAT
eFRtL7nv0/UQbG7BQnfB232dLoqX+wLNZAjRFMh+YkV9XiYQsEnFlom6UpSPqrsH
370gnz1hR07KJELOIsUoBdB6kKfG7rQJ47OQoEbAhDMOYXaXfMEsNWunUuwDS+iM
ith2tyWMLEmimoJxmDr5UhKq9oIMFgR02PzKrJ52HMtttpU9S/sIwkC98OfKUOGC
E9iPU7eQM5O5DeQLzZHpzPKl0b3rFfUCt3A+p/VB7KuB+5Gh572HcHzyzHgg3eFH
x5/IxujQaKsGKZmLlZd9MUzfJrO3G7YAlurNDvgYQEJCCyeUzYgiVTwmR0kGuyBe
cwFtISn0T+4nuo0eMn3fkfjHyGP5mCGYRZ2uqY67poYWJmkCm4eaC6bWX9ElGBdY
pYUqFKiup4Q4bIUYjRqtYoTobFae1U+4GOWYmnK7fQeEIuAgPBTi+f3HIFrY8970
I82l+B5b6KBkBRL0MxYq5+28/5dI3ywvgGZIvESUTIF62WNFd4yaIbHvDdgLcN2V
dnrb64dyc3Dw9ikXNXluAps5mnJm61MRW7NMJzwwGylyhPo5YF3X8RB+vGMGBIJ5
YqaiOIdkuahhG1Hr/s7rUHTgGAUS0pgh2z0XizFVQwLZ/d/fxdHthsAb/ePGDjZv
2H88/6uagKvYpov4c6TpCDOfcW3S+3NPCo1sItMa1tzD4ez740q89vaqRU58XI7d
596NGqkPIdXjLjOfoj8qfpEs/pNVrd2daCdEit5GYBlsZyX5b9nfPX2xnhJ+SfQk
RxD2ut44CVWqwsb0tdQw37QhFvENwtSYQFxBz8IZO1OBt4l1ez/M2owmRtSKdcO3
zM9MDLGDJLJimyR4wt3Txc2bf8dChtBAa7HmSC2vw+Kxjb7svpcDC7BXtxUHdFgI
kRpVigiE9YF57RM63QPk8sZzQWeh9LLsIHHtmIr8UjynLMsKtAlzBGQewFDTvmGQ
QLJElICdEPBM6+R9Q1Qacob+N316ant4WgqmzycotozLQJ0Y7P42ENY9P5CwTso1
TtBrUWaUUroBfvveKtgfLTr5hWZLq8s6wjWi8olYlIbx65Zj1OoNfxFEsmGonWU8
gogBMbzJ2LsONPJMWD/QO3hJVcdCSIDtwD5RMIYFEI+iKyzY/Y+b4/hPgkxT6mAC
bqimhGuvrXYK/N1WHYyvjexeib7JDKP91JiO+pLxulYy5/N2B2UVDS67T6Jd2GMd
5FSTE5hZZxiyGdYPG9g017UbYqiDNCt0pZ4P+71+YTkfcEg8HO8FCUstDfqHNgX6
mBoVxGNA2GUwnfE3VOkTxHFxvO6jA0joUCPh2rW2l0eVPuQQWYjqFKvlHMasnmti
k0TpnjPfDs/ytM6LsSMFpoglNn/NcrI+mkDDUzqOk0fs5MOAGyxepFyXxqHtgaA9
3dV15n5EXeFsGCzK72I1mWEQZigg+NZE+vdGoDQUS1Cf6troNXJhFrSoS1JJF/cB
YgrHx8WjQc88t3+cgE6KYO7aI6j/2DPpjylCTe8NE+zUvTIHOKG0oykcrI3QBAMj
OoJocqIm+3pdyCEPeMW7ozrHUItYqsf6UaomglPETuh7MKvfvulh4Q+5g8QB2uQI
dfkbU5GAmIVYzIgO1Z2aWtKS4+nRSKhBsJtSbsNXRaMWQ//M+Rq4q9BqG2LiUAqr
UUJ5RhlocuadeuXKZqdCbedLv48ZFdvVY9YPVLycLHMam8Afr4lcAbYWUa7Pf9/4
cNvzH4QieC0sP/jx+YUAIRtoEHyL6RNpQqkfpj2KR2uTjSNXCWl4366/2R4wspi5
ux/gVX7a9darS/cEsh7YKsNg7XEVHYYla8nNmmZUkev8oVSQeoQlOmQlnNR059VB
QsQpCJPfBCVoIZIJeaJbbqbvuC6kEApt9k2Jh9HFfoIos0pMnSSAQLiUwgikFb4d
w03HFAHfIvck9leOsA4oDGxmmz7ei/E8LMXcbVkIIQ3FZd7BZMBHWcLoJCEWYNz5
j89+/eMhd/ab2lXptWGnQeYV15osyc+XOUNHAkqHJFvYxBYOhL2IbFWRZgZEm06b
Q9Eo2rl2A+ErFjVm7hwK+CUx+kHiuYHwEo1HCdJ/rD3CxJ1tXXH+1FZbgLT8D/Ol
bqEF8JgJfcCuTIZ12Ci7H8Hu09iF0gnzdnmD0YDlecxSrZo3aYebzkqKWXLPjtQZ
duqoW4js8H1Gnmn8GOV5gR9k/SxXb2slhFrAtzk8yqsjwHLfBmSX6gU37G8RpP3P
CIRZ2PeQ+YHLYMhWpzghhQ==
C.3.10.1. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIOQAYJKoZIhvcNAQcCoIIOMTCCDi0CAQExDTALBglghkgBZQMEAgEwggRpBgkq
hkiG9w0BBwGgggRaBIIEVk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKU3ViamVjdDogc21pbWUtZW5j
LXNpZ25lZC13cmFwcGVkLXN0cm9uZy1yZXBseQpNZXNzYWdlLUlEOiA8c21pbWUt
ZW5jLXNpZ25lZC13cmFwcGVkLXN0cm9uZy1yZXBseUBleGFtcGxlPgpGcm9tOiBB
bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
YW1wbGU+CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTc6MDIgLTA1MDAKVXNl
ci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMApJbi1SZXBseS1UbzogPHNt
aW1lLWVuYy1zaWduZWQtd3JhcHBlZC1zdHJvbmdAZXhhbXBsZT4KUmVmZXJlbmNl
czogPHNtaW1lLWVuYy1zaWduZWQtd3JhcHBlZC1zdHJvbmdAZXhhbXBsZT4KSFAt
T3V0ZXI6IFN1YmplY3Q6IFsuLi5dCkhQLU91dGVyOgogTWVzc2FnZS1JRDogPHNt
aW1lLWVuYy1zaWduZWQtd3JhcHBlZC1zdHJvbmctcmVwbHlAZXhhbXBsZT4KSFAt
T3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpIUC1PdXRl
cjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkhQLU91dGVyOiBEYXRlOiBT
YXQsIDIwIEZlYiAyMDIxIDEwOjE3OjAyIC0wNTAwCgpUaGlzIGlzIHRoZQpzbWlt
ZS1lbmMtc2lnbmVkLXdyYXBwZWQtc3Ryb25nLXJlcGx5Cm1lc3NhZ2UuCgpUaGlz
IGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVzaW5n
IFBLQ1MjNwplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBh
eWxvYWQgaXMgYSB0ZXh0L3BsYWluCm1lc3NhZ2UuIEl0IHVzZXMgdGhlIFdyYXBw
ZWQgTWVzc2FnZSBoZWFkZXIgcHJvdGVjdGlvbiBzY2hlbWUKd2l0aCB0aGUgaGNw
X3N0cm9uZyBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS4KCi0tIApBbGlj
ZQphbGljZUBzbWltZS5leGFtcGxlCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmX
Ss5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1
NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE
AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9
ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NL
FflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQ
lqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX
1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AO
EksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV
HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh
bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0O
BBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko
ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyX
WAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP
4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6R
GDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GU
Tkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ
+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIID
zzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAw
NjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/
KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhY
dZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP
4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5I
CjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZ
wLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGs
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQX
MBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYD
VR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNV
HSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEA
c4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp
+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oA
JKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x
0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6
zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTb
Y4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZI
AWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMjEwMjIwMTUxNzAyWjAvBgkqhkiG9w0BCQQxIgQgH3Bh4ghOIwB1hf8JhZqX
ahbjyjx+yx29f9cdYg8Vi1YwDQYJKoZIhvcNAQEBBQAEggEACO7hs7jry2F2Qon/
QTLZy7K5gV81gNh9GwdxXsVr8XLfBXOEq841pjXjh6V33QgpRJEXK5CopXoLC0h4
EDl1+15+PqTTgfJe8qQmmM739xwlJdNuCKVtu2GQ4lFyNIYzr9/6tJt9IPOn21Vt
a6GueA0HszuuJbcgRPLE4pOtZ9jO6W5jVi0FCN8s1JQWOKWfZg6eMeOtjcIn9vg5
ieY8rONL8pCRNHuNQubDuaM8vZNmSoHN8PorJxw8DNaqFXufvLFwdnXGVXTAa5qk
A0WJkllgq6ZQoET4wEj5oumKVLt4LGxYpzOiSnOvsEw/XC2WY16owJlU3blSaztN
RhMmZQ==
C.3.10.2. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-wrapped-strong-reply
Message-ID: <smime-enc-signed-wrapped-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-wrapped-strong@example>
References: <smime-enc-signed-wrapped-strong@example>
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-wrapped-strong-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:17:02 -0500

This is the
smime-enc-signed-wrapped-strong-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Wrapped Message header protection scheme
with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.11. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8020 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4934 bytes
  ⇩ (unwraps to)
  └─╴text/plain 340 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500

MIIXHAYJKoZIhvcNAQcDoIIXDTCCFwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABpTLM3fNCZJdFnwUDA9MmNXRLEzjO2/K7N3
FI+PpNBKoc1DjhqFEfqKRYM49iNBDppZO7pZ7vs1rvD7gD+UvRxc24+qUztqd6Mr
spiqVuLxAfNNLoViXBC7qayN2qFwL3yEOwSiEMW6Q6TlXzPShOcZ3JhN+A6pVTCh
6GoaHgMtwd8E5tSU8z7gU6QyTkMLnJUNZeFSjysJ4LrhzdUef/vrxFZc3cAAcQvJ
de8VO4FRETLVipCLAGsRhDAhYK6wCW09qa1cPsC89vOD2hZqUcHckndVuEZneVQ0
TL9n4zWBknx39xdDKzKvf2c/BshiA8bgsNQ/QLOMxw+DQ5WAK5QwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdrk9+8+GZE2VHuNm+vuO8AHj
Tu7nR4GaQe5bh/MS4hXBd2NjSJKUekzx633lWm54ETHLVA8h1eYGcVtLVDjeyEdI
BdFVCn0/o6qCCqYmINqq/zVTd06vTznmm+T2vCZwup2g8wv7t0L7Giha0VPBrZXq
wb0Q28dKFNwWrp9J0J9l4BDedxt8aRdhy3YjJeXIHhltxJ7cRiohLtG67O+8y2Ve
ttT1Cx5qgCwxlOxoYEKOoXpQZT1shvZXT3DNnSOjwUzsqq7Zzbz+AX94z0c+J+ud
qYJrrJua4iZJcCeqVO7jmAh5u2j+t/oYvuI3R2zJ+ZOPcVj34o9o/sUing41ezCC
E+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELcfz9geRRRsUJScRAWxzHCAghPA
AVIv2Hva32JSWFvBK44HioPmPLo4Q7n4O2DAMiT4J/VAy4red3m67vmWotRUcIPU
Pv7fvXi4cld3ZMcB15OdlPDMNs79ZoeUkg4BvJN855pPg2Xe+h+ElU/pR+8i3QW4
Gw05XByisivc6xz5IOpY4gDpS9rr4L3/K+6ANZryw6g8GOEIwHTiosS/a/HVHS8O
FnIX58U6VY3PeBDMYrQIk+vFpTW2cRIbl7Ekxuy8NcEzkct5EYkxxboC+dwskFkk
OeGEbD7OdJxiirXteLhdDSqEkjaOp4l13EQ0Rr+QbkcGwBE2rkRZ2oytOS5zW80Z
kGPBLF/usIPCFNe7qVHdQqnfq3RJ8HKP9lIVSLDB5plYx5jFCq/rnw+AvS0I02tV
NWIs/B9XsP8XMiRrh8FGNXsHjlCrqozhBgY5nI8j9k87OHcYZjOTXM85kthn9D5Z
4JpPSSebQ1gmhlNXK3cjeKcFWkfwxTGjTz89ovx2AnBXRqY0+I3rkqMTreoIsPOL
r8ENbX1bTWeka7vvNW6WLCTfVDHSUvxnzU3GaBiK1GqQ9lUbNUqhl9AqRfQeYt4m
zFOsrMa9cerRNi6i8r5rfXKIw6oj5GLTkQQWd3h7DQHCICmjqqYWzTC1vUHjWBaN
0kdGWd7CUQGvTOBIQw2cjh/j84oVbkbjYWFvAmSXm40VvdvAyZEonblI5JSZjlMc
1+3jNDyFubBm0Dle6l/t6c31/KMfcadfaHS6mAZVWMVlp9HT5geYtYl3eGomOF93
W3BhbaxEihhAMnVzjAqE8iDyZvSgP9SZO5CO1wE12yl0/09EU/8DGYcIGkKwjISO
KuznykSwxN25FSaQzx0eAb0ebD/3RPxSn4EUjimktrszfJH565rAwXOlo42J8Ev9
9dxO5n+3LgUtwHKFs/2ogL3Elzo0AnKiPz06pkednACfNsTuX5xbtOGh54TUEVQ6
0feXC+8W49f8BarcKAKzhrEyDrPAkO5UlBPduzeAN2DkNEvn4UFwRd++yMSugBJg
3WJRu7/ZBNJYo/3NudeHC5QOHexyRNiIOwIHJPoitT/2QYvnQUuheK5gvnAoEWPL
+HjU5Bli1wdwyn874jeyjxhVrlckv/0ndYI4sKwv+TfAjvZZ5id+2MLGbbrAfCfs
C2NxSWLtqXGPMdbgC+Lo82XCTLIpY8ujwf+KVHT50VPz7f5ZY+tZGnWhO0eDyLQ1
F3mE1cPci9VDGQqIObYYU+P0COAsUJnlEzOv6FN5OTS5IVkd3H3q2dkZcRefJmsq
RIj5L8+r7F2J2yxAKIpTPTSstrolB4/QiBU/AWWZao/ieFxGBpB5gIW80cPpe+nl
4d1UsGYTeJ2AYmafVTNTg4OIAIaUc9m/aBiuc3wj0DAljWHxIXfxX/skrhbw6Es8
+YgmVtrM9dSu0nTyfihWEu5XdCnP5oido95b3DD1F70XyGJpOa2UHWH3rvfiBsLV
AwWXk/30Fgji3p0vmtPwDwXH5D0Ld6OeE0IIlBQyogs2ELsndth7ho3WvqmrjwxE
G38k7KmKF2cMVQwLYl085dQTRCPk5lq52amOQ6JnQ8k2MRQssMXPtTuIAp9yBnbC
KQXoZNCKf7sZynnOCNtIqbYM81z8I/L58tj+JpGymDRD0bU2gUYPbhS3tFP17iOm
o3u9RluIy+1w63iaPOmaHpf15YVSES7jCo/dWe7Bvfp1TiLM9ucODAQiyxsu4vMz
PST9IYbKy2kYvKqUZ6W77v+UZoGZr4vkGQRo266ycoK8U2uplVWyd0Wo03lyQGbA
jcOtkfCX86g8Yxu+p6lUDwXY2S6RX34IbGOSjgKnG5KB+n5q5bz+JvqzNux16Zjq
IdujDuqp+jgmyMuBUUzMZrfIqRCQqWUM5W9+Dvl9KuaQ1dvh6NYFWXN9czKwWOqb
s8dzapa9W8q27hDDhEO4EfrtStPwZe/D1H+1Z8P2K9uB9eKcpTPs2ni0kMR+lPb6
/7uNQDF/oiQ8S9Oi/KGdM0c1DQ9oBQJhEGLzeRia6L8RP755gbkeI7OBusQTi5aW
OKXRyFs+s8Gu5YyQlinMtj+c4VFkK2oQk+HwISr10kFmXa9A6NKv7J4WoTwOzigk
Pn4NGWcWp0VSqKVN8vVT1GhVFcyVK6PjfPQM6dhOYrrg/8a5PQ3N6eOpRRvWk1m7
cD7NxfrD2kAyxt5GHSzCv3R7AypIz0UfaX/xePodn/++FAHD83v9+W7Wxs5KM6dI
5n5XnZBGA37Rexqq+rJVGLAFEnT1ONm4s30cwvXRZCpAc8KZLy0GmLO9+/AA5Dtr
nf7cq/DA1J51FzrCOthbij5EJoexgA113XRTam3k8ZJsHp8y4aB/FC4iufNqfXyW
sX0IbZ4y3MeJ5xD1b3y9jO1RjBNWnF2Sxnpu+jed4I6XPEGcZFR/AW3TAhGHej5u
b3foR0TwyK0445A1cT9pKmEh83yHck4BfyFzm4Ro3LQhMZWGBhrmoHqRT6JszLpd
WKgl3ddofMaMGphEYl11fD/qdr6t6LP2iSq5rRsmR6sFR/tXtxzEnvj5J1qHuIIc
ql+IvWMfmCimiQnEbS59G5ndDNS12lQNyemev82ZwI2zCDqwZfyM0JgNmbYl4Bd/
rDlaPbd8gZVY2vWql0mUYo8DzLpIy9SWyhGVtBnjKD/JYOh3Kn9dOQUKXq6KpQdT
MfIY5ECKzmjeI/Z9iF2VGhNRur2tzb8orLkI1VUBZmd2l1gjV1/dcNLUzyxyPcCm
awphB2jy4FK08ZZ1ClnCxci64ljOs0aMfsCbYqnGuU3zj9qb2aBHUuz2y/MhiWGH
FYBeUKERiXlPcZZS5l0yPJOcVEi14o4N0oB2QDkbbrk7fB1phCarnCdX2c0VN1hi
22s+13gEPbfrTr021YebW6nJWL3A4NHrvSC8uNAShF5DYp3mky//D/vy1eX3xeb/
3NbvAJCqjuSQbqBqsHpLLrPtp7UDif8GjhBgq/Y3/gxqdeiWEPtscO11Dgcml16m
HZ+7lIqtddQ+9LuV1p79z6xGW4d5ee1lu994n6D3NqON9l2ReKzEZVC4uPAUAqek
qUg82xSV9TUqgvL5K4ufUI2XXq/Whqrx+8SspAxdxEodgvvxtsZEFCrVebMIYjbQ
pPKwlBNPJkMMcun2DfDMU1O0XbzCHo2eC4Vr+nFs1LuK/aVc380t4Roi9TsrCF6x
SMV22Ndtfk/gmywKk3M61sEiz9zm8q92qd9DAkhslM0uVwU+9L9rLSX3ZIOO78Ga
eLhJHqT1BYXSiLDHaNWAxOBge0XU1BPKSMSq4Pg3vCRwCzJucSaNSA8aMUVvBdVR
46seGw6j2E1z48nGH39py95UCRfjQrDqQw9877UtT6L1s847AUcBdeMCuWtf1UD3
jzpGsMlYn3aaw6Y8VdjkfU/uq9WfLFjTOu4Ql3ksxQB0vqoEff/SFHBkbHs9kd9o
238V11q/Fk94L2CK7LEG+G8J5hvNfr9jl4gpvhvHCMtrXk8SEcdAsY/Dcqe33LzI
j1eF0Y2QaUqlbQH2OUanudGCQ88l/UTRgjwYuBapL4y8KHfiEPfrsnEsrpySje+G
SDhS1ucqUOdmSnuGYBn1l9oYYIjyFjRFwNkOwIqtkt8KwhWKKPanUblccukL81cI
3DGUZdzhOoZ/ogR77xOdlvPB7y9seYME+z6Xe+rKOBnXUQORbKIW6IFXsSYw2rYz
F0xQ2Z2f/+blbhbp1PBgJH+jD6Ki7HiKs+C8YO+iVdF5QWALp1aCWwYY/DrOLyM5
fhs4ZpaltkkrX08I7RrC+JvrbrUQOQtkrqubae0W+VxvZn/Kuh1/+msAjsut+FJ3
h2O5YvHnZKasunjduKHZsMuWoyabwp//k7nEX6shFY6oViKA8MVmsp7V6X2MoDXh
YKaAP2lgkRMZPCkEN1knoptV82IvqKFzSL4lZqK499rHV87Ze1Q58NZI/HR5y3M9
xvEPRsRUMnq+iqRVaogxgcsBNpCgVoVYU6nGf0VxDwR/MyLCXE2bFkVL2rz9w1Dj
d91vhmXFiyAqZE7lFKr9nv68unkCf4KGBH1JKL0SrlU9pMoGRFH88otzUd/AUcEM
A0szszsVG++P4H01sCIHXoYLKpRncRwkpAWfHtK8Xzos1fG4XZqyQDpswUDjFSzl
QbgP9p+Sly14MdOionPLm1fGFjRYokjrVdA1+dLSUmd9Q5MbR+T4rx9y01NRHRLz
jv0NEkGvKEEtUoLlaVXXxhva18LduFWpvkvTEq2sCw+TuDwTJhIYUgiqtcLKKTmz
kvzBnTNZV1aRzkkE3a/q9mVGbRiroLWOHgDv6QU1J8gHauUUrlge5dE+L7kY6a1G
IhFBf3sKbHq+Z7O2cFfZu+tVHapTYA9QfZ5buZam82Mo8si4fQYuib3WSPSu6TuE
SBuADMCIGXs5gBI/2spnEEcs2INwhKQ7w3xTdbjL02SXBVoPtYUt6WKrvf3stfUb
IKH4ee9MJ+pEX/URG1yBuaztkgCcwfjiu4+Nw3UQxTiuo1Lf40haok6ET91807KI
iq62CjkzQ0BtYNIilNpZJwW+3nT5AR/mwP338pi7FDmQLckjE7B+PrXXcSj5r/i5
cK7Hg8xaPIFTINAqqCTvVfD+E6gGTC/2tiwndi9J5miiaynWBtZpxdcfdwukwkm9
H6ia81gx/PQVKgd/mG3E52vDP7FPoClTZahvvTXszPzOKxEFb14L7P909+PbC2PW
84iwEofB13xP2+z85nVORM7XjkfZskm9pgUYzraazVOqgzIgsCkqq7p3tHIkA6OB
j1vKbptkKDTcv3dujyRXsJhKb2ctEDGfE9U0OR7CcUWVzQGnwCTyg/ZhRZlgEkA8
rjkk65nxuWySIswAuBMjbMejQIBcCV/Z0ooVusEUdr3JhhNWbhvW092cCerFjfAM
3pMJJXicTt2EijZKwCAQiLU8miU05jE+UW+mDoGFsl+JypQljLRdjD3Bel+1ObB2
2a0tXq/i3Bhhntf2WIra3eRpbT/9TiubiQsRrFRIpkXIlUO+BxI4HAiIzo8PFBm9
dB7GktBP+gR0qQgOkLOx4LypKGlaJdZKnrI5t94Z3Tuxq3DjApKs2RHe+IyJr/J0
QNGTwYY/mgtbs6Dmpaw73gWCBieqNd27yNBsGSW5gtDbcGEK5HKyEMxR7Dysv5kN
+pO5Bc2BEC2QshXK/out4xU+xpmiou3GWkIcKIR2oWIFux9tA0Lg0BTcPs7eM72E
qnes27DdMkMBbcGt9jHhMrFRUOagTbVXmJ2Y/RTWTkqnJK8+jnN+vMkrTlNvbF7n
DW6dDIrG9rmAhcykvhu8kTPkk39CnxK9UiNMD28+Wu74B7J01yhGBhJ8OFSYvtBN
ZZa2+OXnuYTYSHw4KWJaAlSHow+sw1Lm3KCW7LlkgudbdFow+p9Yo4AsJB48wjJ9
MbOsY6OWmOYYaBjkK8osKMUIRsC03WKb806c8WE+C+TIs20BLt13yrJ4IxGS4f0u
3agKgWC6u7GttEqdevRlM8RU58DK+KUNutVt9y/f6igc+eYmYsp3O1wrLyGeiDzf
kFwzJZhLIpwv+WeicXBYpkf7GwWmfsdKQNGDOgs6HlLEB77Z812L5iQuRfiMsgcA
9ckOeDZPravf2E8Pfy8CI6LLe7CCDhuMU298QUL1BqlpY+nlGdwKnIfNccZq8AA4
QJpYu034CDibyoA6c3WFemwAeDf5MuKqovCRZNS4DnQge1ew1RyDcaiNVQjBReCf
fneSA0yiAfiAPJPryuTFWuP0ZRR8Az5oJyzq1CvjCWNoxC6tqKoTW5cwsqCEim/a
lfw1ZYuiuTWFbchGJtu8T91NcxkswuWLZQ7FOIXkX8wHTmoBn7oC8vtWZJThElRM
iHYcXCUKlbKM6+woWt0QaO7JBn3HB+H9p+iQzjprSV4EEtakI58y1cXbOHz4bR53
6enJ+B3FfQM9sR1Md0BamtZShR/Kycnal2vdzSuUkZxBacUG45ZtM3roVQjYbgFn
gm+mhK12VdCvl9o9IcQXmWI+MNlBc8+QLUxDxP5CbgFkN+gTwiUPjPRoM71oSrkw
9yC08nTGJOkCyvVAeKuh13Bon4nX3yRNQdtCMo2502H8cbdTPdQCmJKqAO6i5Z+j
h8+ADiHz3Y+fKTS2FiFKN9oOGgt5tuG4pfsGOfSceGcrFsETwAsdiILAlsRWFEqs
dnCgd+Z9/dZ5G8FOHFZEAeCNj1t3NTXmxW93QJRWr/IMHhmxKk6TR/Bsu1SXHD+c
jDxqVAcDf31rC3nDStF1U3dxLHZZ6F4m3hFJ/ZZggzx5MAn9yquW/2hxIB3ARiKz
hGcLw091STBsJhumyBEu3D+cX7sIlvFIxrJvjAbTnpObYJs84rHhfcVF6bTByujU
jrCgJ4/oXO6GTJA4EkZblNIDnZmttHx+6MtthN1Mk/zxjoEB4zqmnGEqFoevkIzx
vfq0dk3s51xRCwwtUsaxUTiryVImsCApgIEXhEmVM+gyu6K3sfl5uyrswdjQrVwY
CJwr82VLwG6hKFqeNIa/GxiUZ0MsRXWwihzrzeFPX8gLSrBNl/yMqqQewvvsZddq
TigGWFLJB/GgVYAewdbQtmja1B8JM3MbKZdTi7jO7Nw+VPJXRZR3VFiwItq7CFdP
qeLh6d8z7UjSKovXpC4HxWrlnVdbt5hFvqWAL/nCBe1f4voB5YMzvYnQnhDxv5ey
l9fxBzWV6lPnQXh2eqvN/A==
C.3.11.1. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIOAAYJKoZIhvcNAQcCoIIN8TCCDe0CAQExDTALBglghkgBZQMEAgEwggQpBgkq
hkiG9w0BBwGgggQaBIIEFk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLXN0cm9uZy1yZXBseQ0KTWVzc2FnZS1JRDogPHNtaW1lLWVuYy1zaWdu
ZWQtaW5qZWN0ZWQtc3Ryb25nLXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8
YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxl
Pg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxODowMiAtMDUwMA0KVXNlci1B
Z2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86IDxzbWlt
ZS1lbmMtc2lnbmVkLWluamVjdGVkLXN0cm9uZ0BleGFtcGxlPg0KUmVmZXJlbmNl
czogPHNtaW1lLWVuYy1zaWduZWQtaW5qZWN0ZWQtc3Ryb25nQGV4YW1wbGU+DQpI
UC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOg0KIE1lc3NhZ2UtSUQ6
IDxzbWltZS1lbmMtc2lnbmVkLWluamVjdGVkLXN0cm9uZy1yZXBseUBleGFtcGxl
Pg0KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0K
SFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6
IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTg6MDIgLTA1MDANCkNvbnRlbnQt
VHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBocD0iY2lwaGVyIg0K
DQpUaGlzIGlzIHRoZQ0Kc21pbWUtZW5jLXNpZ25lZC1pbmplY3RlZC1zdHJvbmct
cmVwbHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWdu
ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFy
b3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQpt
ZXNzYWdlLiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90
ZWN0aW9uIHNjaGVtZQ0Kd2l0aCB0aGUgaGNwX3N0cm9uZyBIZWFkZXIgQ29uZmlk
ZW50aWFsaXR5IFBvbGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhh
bXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTE4MDJa
MC8GCSqGSIb3DQEJBDEiBCAZPLTackTzEJOh5YCJltNzMxlUjDy1djkUJYrBeWeP
+DANBgkqhkiG9w0BAQEFAASCAQBCB58/f4fboWwBZQ3QAmjIkpuXzhC2h+NGOmR3
u+NQDFmakyQwT1pQqawI/oK+gyEnkun1rruKojJ+4vG2iu181pIqULXPEzO6FH/8
WE96gEeEYVgc3cWqhg4oO3ktYJzUp8G7hHsqbEIP/qNWnIMC7YZyzl32Adg7ONZU
GwHGBR9At4kCrGdvSDrvW31w/mT1s+zp4yR8lAGtwgYl6D9vLV9SFtGOu7vjGRxt
sDnNonatzTZ7gHYkGDfl2NIP9QS4wPuctTswvjmub9/6BDP+t7ScJvB5eFgQNl9S
rDKQnk8H1WwcuM3W5tm1xe5yd/ldH6iUmOtE1x3fqf0dB1eK
C.3.11.2. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-strong-reply
Message-ID: <smime-enc-signed-injected-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-strong@example>
References: <smime-enc-signed-injected-strong@example>
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-injected-strong-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:18:02 -0500
Content-Type: text/plain; charset="utf-8"; hp="cipher"

This is the
smime-enc-signed-injected-strong-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example

C.3.12. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8320 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5154 bytes
  ⇩ (unwraps to)
  └─╴text/plain 435 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-strong-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500

MIIX/AYJKoZIhvcNAQcDoIIX7TCCF+kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAInXaHbT93RcMsd+HSesA8d4+h7brGT7KkEX
1lgZnmsXMfqBZDPF8UK5WGFH9TO9R8YrvP64TZaON7Q5qU3iV8FoE2YofBvb8dsV
+6du2i6h5uq4sqsABtaOiZcMCgswc7qcdctJz2+zHSYN0BGkt7jeFr8chDl22hjG
2vqSjDXhBk6sXjPXFvqZfJcvbBr2fBakREcvWHdWkiFK/uFwyntAXXcPQ6kqz1vq
Wmm4O/cP7Vlgbe5LmAQC0xOzuLVSobqHDybme2xO8LtyoFuTwpQdVqt8qB6ZZkmC
fV4iA0YUtxjWIkPN2oKZqJ3oAkg1MGsmZByi2K+HkP5TjEGVyhowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAfJChxcI03Ds/+aMkM+Bdrkc0
++2drULQUxt2bP4ykiODH9Ox1oMqGx3b+TwN6xUOm2C16KI8fp5a8F3b19Wy29Cw
lU/rgSirNLyvBk5QQVlfsuA/5fgigvgTNXCPTH+gC00ePfGf/qowOCOay2SSsJDF
dm5se15RM+dv5rOhqiH1G45MMa/Nngf2i7Ex20pVeEBeujLrJI1Qty2O4HQnLEs2
LGaCr9F9RKquOfk1km1mT1Qiz6MAv4XgNlArtDLHPg0ka5QDNxvfmW5y925JGSPz
4sT1TYTJBNBHQ3uzCSKyQ8lfe8mWNVQQ/QpyehAqRkvTkMahQx2+uxR+bhozkTCC
FM4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEEfDHaAC+lREqKnMbYFc7nyAghSg
BWRMUB07f9L5HqYp+G2+getQEjCr88Xv8IRSue33kMrvIt++kZNP0T8Ji3UwF5Mf
dQYcXsCSZRCWKu/aJAJB+kDZXmTYZtF5If4G8sKcKDU3BXk6EKEW7Ya2R1HpCqkq
fstWTS+ps0tZwponCcXjn3C03eu47vskP6PFHBXXO7U0cSPIwYVLVPr2NfUnIgOd
gUHdFFM7B8SHdXaZc1YHwym7keFb3oJdZlsnrKR5HM+GoBKpzWsI3FoJ/7NxJN+h
8L5VmLYVHOQv5D1IdEYme35BQ5cS25JzywGUj/K+xVZE7Y4QVLcWLOE3o2DRAaqc
lcOytths9oN+W5AfPxtErNJj6xG2yHsGifMn7nLDBMB61ACpouUukqhCAu1lNS38
Po/PP65ng/myIax2YpEJeJa9qKh2SFVp0ySXch3IYVG1dw2xodyhxCS5QsmcqMYN
+4qq+3+rGBjiivzIwjD+IykBm9tWmaISKHwHw2iJn3B96PqoZSoIyHdFts22L4U0
H5fRGpXxCROJBuA5vsfJAic19yk543xwocT3AKdsnZGMKAk0F+McJv51DxZ6Hnp0
q43fbHx/x3lHaNYxItIXRb+RUH0Ju6YtNX0qd6Q+kUSwAoH+mI60dXINucX5d71v
iPGZhL7mzzGxalasJlo4lrxjDos5WYcjxZXIE2oxlXX6wDw6qr1gX7eUoDmU48Sz
N4jBiC2W1iSWzW9Lsc6GUmqhBywB0Xb/EssLruvoX/9CY4mJO2FBv8t6ykD3lOa3
z5Bk1cOk7SzIpzExU9ZImo7hz2srUl3eYMgRDil6e3Bsua1Iy2Itj7nHCx2ewa/4
azqd8hLHL1U1g+BXHxKMa2oS2Zq1YBkbVuY4qpKZ7ak+R/WLDMZFidtw7ccBYzOh
oNJ/shJqcCWkKKNwIn2AAtHSKXRkXBEgOh+Ff3Ir9SzsxFw7nV7v+VllxImaDSiH
eL+wV1uyutsJAZcPyToWM/OJRYpQ0i4GwponsrCIjAcc/lq+xgsOUtpim64U50Kp
3zag5jW2h/uhCe43+UDaaSZ2CNr2AsbMH9SapHYG0rRY8OXJrbw1V6OlwnyVNCqx
tor7FXnE5dUk5/wkFQGUrWY6WtwM3Az8xiVL95uNyUMV/lt+HAqPmgu/LfCfqO38
XaLt//vP6D55q7PtJKAmMbNzEbFYEu5oyNrJ4icrVQAlEINbz5qAdFSUnc8Pt+1W
IH1x2EORZG/c0OWRTOZRQEBMRNPMFSlPouAUChxYtgNYHevkJRtggxXsRCmgRXBy
f/s0+maaVmB/e2vaoTgKWIt/WHWjEPKKG1HvigleLYojel7NDfYKxmycmZSgTr95
3pPa7jrRwaHWS7RGpZk6+KHckXsdrlmIUXLL05QIwu793ohqNjz9XeD5SPpqX2SZ
UpOQ2OpBzn7wPCCDNCAa+i0NqkIExh9TufNfC2nj+WfW09wYzUYyWZAgyGqH7+rM
XhUFkW+xrhSWq7iZOCvJBVPH6JsAbYGeUfcA31TEjLsJyv0ixJiED1VwVrJeYFdS
2RxWahwF8lKK1Q5a4fg0aMfa3dqVy7B3ZRwaD684dsBPwUlNXAOV/NMnvHZxQx7V
RAF61uzfjm8yN+bNluJYjCV08qhfx22YywabZwIUY63t4oHMtqXRloH1xtX3cxQf
2pvCviCe1E9mOIUKbkP19YOOCg9RIq8XfQlUtIoKWYWZDHlZ36XqOsJ75P5IlAMB
pHMx6bsACmNNpkvPiLc/WFDim6fY7+TYhlZGmLGXgGxpII6beCiEy3ENfI9n/SM8
Z57z/jkXU7GFhTjlp1sr52Lv92N3cqyoWTQmM3BTn/TH5nJ06rz+LODb8+CF7hKi
j4ZMIU/ruPustPGQnGS2EBMTDcWZkZ+Y4fI+bDRGvCbccNmLRagr4uyRsWVcKFb4
Jcn1WRS3jdsJHhFQYe0bS6YsLOW0zj9Ro2kfhjDRAhovcNqPX7A2iid7Jw6KjLtz
lpC4U4ehFnkkjCKPQZmvmftHSaottgk1lDW3tIW0X7/NKM7I1DWPt2/FBzIekOfn
aboe3UWyZ8JEyVn+lK5GP5gb1Zt1HidGZDyUBin5YA1lX40QpWk4iV60wnqukhH8
pfGBu4kl9RsOW/En+/HwXjWqQbqBvzvai5TxJtLvnFB+Tos1JVldRj1X4zMj58Un
53ndsjLQR0wpxaMBRME32emYoIfa4qE/CMtjVH8eArCRHAL2YW+qoBo2enMoafVH
JzT79LGVwX2wodQ9ECp81SHsqen0egJhq+dsmyDsFp3rJqfu+zTOlkpxsPQqL86t
AXG9KatOReVnKb9qT2pZ5HOPxKj84N1VPoSkklI1oo2EpCph/9fLLms1VxnGGwk2
/EVHIDQcnUykjt+SbrwNcIcewkMWlNTDIwVRvcTmjP13dk1fjvJzm+YS9kU65fNZ
NX9ipWy+qvSg16x2/N5QrWY91MmTE4trsV145itgYSmVuPM5dc/mjKzZ57NSspWm
kXTGLRxX4wli9gS5WWWQZE4HkmquJn+2f8DHmlAepx0WG/cx9CpmYYB5wqudlDLL
qNdZq3ibwl+81/CNnfniZEKuKfCSxLNvdLoE4olpjITbsdnpdzqFUTcJlin5JqtG
pWQ2J4IVUsm5+uiVT5IHDY3KUp1hHzwkomHiEMCvQSjnb6JjwTVYCi+Sqn05D4xm
Xa5ysLEDFzkViTkv7uZZ2BtenL1g5e76uOuAZEzWJDfsKFuqZOYrzRUCIma5wl7Y
xW0kBh24ln+JEmTqxbFlb2kmgjU0B+sWyFpQOmpcCSFDe1lds5/XNh+F+FZurumk
5oieGn62RptQ2Q05PF9xmj2QfzuclhKtGv4rFjwdbpH5ZQIwaAbM2DNLKOsXmycE
1o8BRieCpGwtZKs5B4022zELd+3mybGjt25aEawEfapN3To5DU/QG0yiNwZ0FA2h
XaHnvtbQlq6KLR2qgb0CDNBBx24YDwdA8zC4NToxf28lDwNw9Dc2VEQW4vNg+OWA
4D9f6cbjnK60vynZfud7yXRgRrqaEf+QX0KcnET+oGTE4WttpSIePInXbG7xo4Yt
s3GG+2qnOkxgrZfM4i4iIsAN8K6kGhAby13IJ/DdbKWFg5nHg6xIgiFR+E4iA0ul
+QX+SAGfmR/TZTtJHAADFitsjRuywEKUzy3z3YuQIg6u53bt12SD0/rfoTJgKmjZ
wBOQEbMPTOQZigiNe0Il1J79oba6LNnUHDDtIQMy0qgnvxcpVnXABTBhVOBQlyGI
bCaCDHCLkfrThLKDBheCnZ1Tl5Pf1DG8R2XjEhKoJ2oGN6dLXnXI6Uirsfb9I/ws
sEfNY+Tl137pw7Rn1tJJc4pxjk/RO06pzaHe2ZPWDKTuxOIJ5tfEerblTN4j9ECz
BW8z5cfx5v4G0OsyYmfJ9JJjoq8SRFV9Kinil+Nb7layi64mz6Vut9jX5CkZKXMM
ENLYjRBaO4rsJpZrJmcVlOWLy9cAFRL8R40E/n9tNYQ1+Uu4bwesvAfbeJ65Sxv1
Pr/pAkkDL7j35/Q2pWvjLUGb8bVv3HUL9xEQ1kyCdc+9GFN+4yvHT1KhK5vhjB9P
kqn66mW/KoIt6o/9ChpSfJIeZiey9IqvRIAsJdcvyswIMUHEuiwN0zybC56ena0r
4j1Qt3fne9KGBD3RnexswDmUd9KgaXiTdlQj+G4kSMAD39dx97GrXHtHwfYxOBY7
qqOk4NT9UAsD9+cZ8Ld31n4BZJxA1tUm9eVxa4034kHLnYPDK7bUhAvuAXNu6Ccq
Qke1Y04mY7D4aqWWMzAvPwWPRco7RKGsitrq/OSk23v2biSZXJMBG2FdeJXnYdwf
EtNdbGMoh5h6TtioCiael//LayJzF3+BWuGyIV7x7npYTd0U4afZBuhfTuMtpJcp
JHc9WLH2gPkHTmuQqhXDsVuA6U7cJJ3+2gDFyNxqNH/nBTvPmxOa1b9ywYwvSg79
8dcS8NQFvsOcOqiDfklPhkIG/lFbOGFz9XT9Jw7tPwTMqa7REDtbVWqHhlBF/DmM
/4uMAFfLt4JNzl5cHH4ORq0HdPECRhmew8Zm7itnHr+S3C4EQ3Bq/quk8KkRw2KE
4G1R/pcVCL6Yc44d8rLPwHeRKt6tSUwga7j4zYOcDJyDUO0bN3Uzn0sUjuxs3vXT
zayTuKeIVI3v6Pp1z9/A6lC8DqflEiyWvRTALqKRmoSkHrmSJsQKWseSUvpSlZpo
K6b+cxKkv/Sa3EhlMDfb8WM1FiOEvQa8FlD/c6VvQ7n7rG4qV7NJG5VQ+PX8T/Yq
CdJVyomEmShndjRwgCUFoeSDYQO9vXqGbyPnKbw5IvbBM0O3+gCrftf5Y6jPkfBh
rHAT9qPd5Fb5r+n9yAKLTHG2VGQJwW6ETwKlSAXyiqoyS5YCXBbIyA4AUDXhrcd4
9UNEY/KrWdfXhvIqVJoN+uNehEa3VVzBFPbc0ERh9MrWSUfiGSLiocofFgCY7T7i
4hIKbnj0SdShDwqHq4X+SRyGe2y8pSaidrqG6/GlWAwtDbAIFl7kjaxtfHKP4T/B
xziMdAmjjoZkSOS+Z0SEE4stpkPA/xrbWn68RMK4l0D14hZ88FfYSfradTJEnu19
9kAnyw9unFKBLRGPxwwJzsyp22gcE3j3NUw1XHj2mHAYNKVJnnQL6eVLrAv3y8f9
oO7z8OOEHgRbQPb8O5oSMSwem/K+5gtPHUAoEMpR7kSJ5jo15SNsheDdd7mNSJ3a
gvcQRlomAdI63hK9fm5jOYl6SQ0rKfr1Hoc1g6FU15+dB7A1m/jPdeUck1JkbCjy
AIcP+J3ue4QrtnJ36LbH/UJoG93tI61FkQrUEBVcx+TwEXuxxwFNpMFe3T6GJ7G1
UvFSVv4+mWvZ3J0yODh/J3YkdAAXsznoRPE1NS1kxx3jSKkaoEYCtqjzQSDCnYmS
Imj+xMfmX66qzG0P3R7rdIJuxLQfkXoRdjcpy4LTYGd8i6RllDdvvnRLDbstS4I4
agu+QrUaaMLpEtwmJWJIOcJqIrPjL3Yax16sXLPrtz1IJO12SIpCQb3FVxn0HMMQ
t0PeRxZw777v5bZouH46do/s0AaAg//CyxzqbJn32u0GAe/6puhyLSG7FTJceTuo
UPs/ofWMQmEMA2hZKx0mGamPXoX1d6buMNiAeWtKIxbqwjs2NIhqqSG+cKmGDyx8
0w3Sw/nDG4sTIzkH+zsdL3e1EdiVuBmdZBL8XVAVnlZp5XKQ6OXdrUxMoVbmjO8z
IwU3+LtT4vczEtSs7XJV41r8RAgPA5dq61350G3KGNFkOskQsjUaIzr3zC8WdxYn
KqC7RNdqWj31kw6cp2oOma9D82RkyCkgT8ng8qAlIaL+BCtaW+zOVibhRKowGHJo
E6DHnb2aDC1mn1XePggx6R2z5l8h3v+4pe0X6uHNVb83sszt6/mg9TjQ72fJ9QqY
gWxlATKRGPO9PIUZU1JuCy/fCQkDd7fy2Uayxsg4/JD17ecrnhlWlKRrA6Ct7Aac
0PWYYKSIk28rqjXBbrxvoXqAnSfeQwpnRcLXRAmU+FA5fi4s+A7b0XCr+arPNeKc
9kuVDnmbAie/gzNw8HVREnEPPoJO/aPftruN9SJeDNIIEHsOXmc+LtTEgkhCzWre
tR2oRs6tDtr3vo6nK2wwokFJelcIDiNREYTmIzbeTdAg6E+O5ImKK/W6qI5l/x3v
vAVnDbo9+ohOPi2Ze1i/FGYm2IZ60de+LoMCFGSF7+mITDg4XcrCzXfochD+Djep
AoGwRm0dwbsK+tQS8tBuHAwBtZ6hiY+agKi2Jc9drfQWW3FvcBhS06DyF7kzABYh
pGdkDyqPXI8IpslY6BTBLafXmfXzmBAwtcc/XYGePGejVL/NxOjppuA8L9pA8yFK
89USg6qZLFyMOxmlpLIAXyYtRQBlgO5WFWwXF3HtnYnKaIg9cpAoqam7vRcB6aZo
UCjVNbrWNZGeabxfXyZ3AWy92zFNSeqp2CucKNf7kI/k4CCrZS/MfHOoULepucVz
sf6DQ/UzY3RCNH98roKS+2Bmsv5XbDtxQwEBF8Q+4tD27AP+CAFMNHdYMjm5f4jN
P4Z9pRSzpvGxsNrnmbZeVMK3o5nravhHE98DNuw0Iv5+7IMki5bATAxzInypQaxG
668UtdUBbIyM/uMu+UMtFObM14xxMi7secNLSAduf3CiwkI/mXuCpxlbkzd3e6BD
+qYa97inkbNK8pNpzpR/iXV8A5MuQfcuryCVow9quy8C2p829fhVjTcmkqjL6NLr
MY9A/d+hbcrW9OrSMwbyKn4qX27C13n3Vq+Qf7oLaopJXaMQeD4SLE+lffC+oxZ2
ppkV+tUOQWMAHgCmaPRhnzbfmmqVfnz7DKoL7vYEiKh1KE80FNSKMhrz0RvYi43M
VpSp1X1MG6sszw2mSRE9O08glVz4UqfWRo/P/IeicidNKj0FY+HOChnH2ZMhFiAB
L38brAU+mbsGT0LKakvVMWG7ii1Tg+Q7fLcrcuIZm8TDIs1RqfIKkksCk4KPsCsS
jiIgDHXfvJP7uXGIEWp+XHPs90eArV0LO6RddsYKC+rcf+sa758gT5V4Uk8I48zZ
oFOG7xAzztbDP5xpeWcsQeNeHeBFRMY387F5q680SIvwU4bgXL/beG99ox1WeONb
I3jizKZj5K1Uv52PpBdlRawkM/HV3/ZtMH7j9WXQ26VTjzTdY00vh1Rw3JI2cp0+
GHmvH16gAZhDxy74LuLPz3aUoXREWBC0pFEhmbVjwHCe+tlFJYtngWcBesLw8A/i
RnylQAitLYq2nY3MnsQsGw6QiU28j/o8wteYlSBJF0XsUrh9HuiY1Rbt+aSVCiBs
E1Jl2QxXa51Gof2wYJEuF+KX764MIvqqXJVtZkCAGsTcTiibz9ZVmKovcjfXg+CV
cRmCP4r5C1PEE1h4eZsb0J+XUCGkVnLrjfo5jwwL06MiuPaF5lTNfEWYqOUYPhQv
q9gRDQ16NkWXGBsiUxo676h4gEaOtxkKCY2gNFFFQ8q9QvPVrRbVxG1EB5jAkPwr
C.3.12.1. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIOnQYJKoZIhvcNAQcCoIIOjjCCDooCAQExDTALBglghkgBZQMEAgEwggTGBgkq
hkiG9w0BBwGgggS3BIIEs01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWlu
amVjdGVkLXN0cm9uZy1sZWdhY3ktcmVwbHkNCk1lc3NhZ2UtSUQ6DQogPHNtaW1l
LWVuYy1zaWduZWQtaW5qZWN0ZWQtc3Ryb25nLWxlZ2FjeS1yZXBseUBleGFtcGxl
Pg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxi
b2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTk6
MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCklu
LVJlcGx5LVRvOiA8c21pbWUtZW5jLXNpZ25lZC1pbmplY3RlZC1zdHJvbmctbGVn
YWN5QGV4YW1wbGU+DQpSZWZlcmVuY2VzOiA8c21pbWUtZW5jLXNpZ25lZC1pbmpl
Y3RlZC1zdHJvbmctbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDog
Wy4uLl0NCkhQLU91dGVyOiBNZXNzYWdlLUlEOg0KIDxzbWltZS1lbmMtc2lnbmVk
LWluamVjdGVkLXN0cm9uZy1sZWdhY3ktcmVwbHlAZXhhbXBsZT4NCkhQLU91dGVy
OiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBU
bzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQs
IDIwIEZlYiAyMDIxIDEwOjE5OjAyIC0wNTAwDQpDb250ZW50LVR5cGU6IHRleHQv
cGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSI7
IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1lLWVuYy1zaWduZWQtaW5qZWN0
ZWQtc3Ryb25nLWxlZ2FjeS1yZXBseQ0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtZW5j
LXNpZ25lZC1pbmplY3RlZC1zdHJvbmctbGVnYWN5LXJlcGx5DQptZXNzYWdlLg0K
DQpUaGlzIGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdl
IHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4g
IFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQgdXNlcyB0
aGUgSW5qZWN0ZWQgSGVhZGVycyBoZWFkZXIgcHJvdGVjdGlvbiBzY2hlbWUNCndp
dGggdGhlIGhjcF9zdHJvbmcgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kg
d2l0aCBhICJMZWdhY3kNCkRpc3BsYXkiIHBhcnQuDQoNCi0tIA0KQWxpY2UNCmFs
aWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5C
VIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNV
BAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4
WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMO
QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa
lSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHy
A5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflH
UjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn
9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K
7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksC
AWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAE
EDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBs
ZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYE
FKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYa
ZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPk
fXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS
7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy6
6K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0
mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK8
0lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCC
AregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZ
bJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZla
V5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD
9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjec
F1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSe
wbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwG
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P
AQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSME
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4mi
NqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c28
4VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKh
DbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjP
Qg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9
E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fg
KieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUD
BAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MjEwMjIwMTUxOTAyWjAvBgkqhkiG9w0BCQQxIgQgUmbnijC7/i1QImcskP/EUdul
4PFv5Z6HjNW3rAmmfEAwDQYJKoZIhvcNAQEBBQAEggEAOrD0v7qSEGNBAN1DaV7B
rZqamV7mD0eMJ88k7mB1KGvmuh3x8mhFncdBSV/OGiWYbJnUkjq2Wt4cW4ihip5V
+y18teEWa7Zz6kGJuWjUuaowvzGrI7ASvMAk5I/b9+kuulsF4xn5oNDuK86RD4OO
1Vt7/d70KFgY0GyLFENdPKiJf20AGgqR0JFbjrLQ4AbmGYVcqhwe+A5K/uneY0w6
qbhTKEgbkNnm4GwWb43jNNZHQH0X5nV4q+NhBHjTCbDjpPdrqFDuUZldSSHNAFgx
jALPbhqlbWYNo2vvJcZKgFqjOCe86YWt4vCs1F7Ulr95x8qK4CwsiESqxvprKkbi
HA==
C.3.12.2. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-enc-signed-injected-strong-legacy-reply
Message-ID:
 <smime-enc-signed-injected-strong-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-strong-legacy@example>
References: <smime-enc-signed-injected-strong-legacy@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-injected-strong-legacy-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:19:02 -0500
Content-Type: text/plain; charset="utf-8";
 hp-legacy-display="1"; hp="cipher"

Subject: smime-enc-signed-injected-strong-legacy-reply

This is the
smime-enc-signed-injected-strong-legacy-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a text/plain
message. It uses the Injected Headers header protection scheme
with the hcp_strong Header Confidentiality Policy with a "Legacy
Display" part.

--
Alice
alice@smime.example

C.3.13. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10140 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6490 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 2173 bytes
   └┬╴multipart/mixed 2063 bytes
    ├┬╴multipart/alternative 1134 bytes
    │├─╴text/plain 376 bytes
    │└─╴text/html 474 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-complex-wrapped-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500
User-Agent: Sample MUA Version 1.0

MIIdPAYJKoZIhvcNAQcDoIIdLTCCHSkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFnOBF62Jd/5iD+4GlWHNEXp0kpS7i4JNzBO
LtZb2TFS5bNInagZRASOmpdaz8QfvZ0y07jgjG5CLwU8PZMxqb41ZfHizbBH2z9d
UeO51fbbd4okNgyXFBj8Ojse+6R7gYtCxiZ8Ly749NCXoXPcel7HGKsO1mIgUkiS
qFQGNM+yuzXR5yKTwSYEm71OScDCl71+UIIRmOJP7SwMOPGlDim4D2Y2w9lcmr6s
b82Rl0adcFfW7wFgPI2tbw5wR1mxLwvqsKB0slUBEf8Pumxj+lbV+Z68MiDbQQwH
7UJmz/Rnr0bLiBhhBzhLja8QSvTRUjQaEw5CbH7Q1RYdH9I5dIcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAM8S8M8VLxQZu65b8P2U7rK+0
OtZkaYwH5S/JEIZ//lIIKGuyaRrcGrUkCGAbHChCL9Zx/8cOHDXVVsa9q/UG6gIi
ZDmhAo0jLt7b4LGJyzwKLDnl+cVgF4bbSu/049oLJZyUajOFxNw1LiUgqseURElY
5efyXqIyfxXEJX1bnSfB29kETTOAID81zRh9k+6hUBctTnewlI8zwvUBa0dyQSU1
p2fMKGb1gbQ7R2ZzMxKR2/ClJEHGAGwVQDa0VrVziYaRJTbXIpSXEhSS6rKCE5ex
nBMafRHdu3ZqbK5Rd+RRP2vIs3KupCNIK3JlhDmmsPArY1NfQ3v5jgxhi3fDFDCC
Gg4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECWwmPNX5o0neaqGeTqa8seAghng
Ld4uC9A3cswVeBlZp4+dY/PmrjyquOH5GV6tjE7F5i0NUcQaJlLqATbZx34wBi+6
dOwNSh6udyzsMForbJr+tTk7hLB9DK1WCymEj33wrVDdV8WLhIcL3PdwJ6cKcNs0
sR9eEaYSYzLQgoQ0Mr3KkcAum+4hB+ZClReOtmkhzECbU7wmsYa9qBEpalMN1mpt
ZXmXYRe0TC/PMtZyd3yi8IiTS6TiSaZLHSxOTkvxPHyXHk0qiFjOBVUUyD/7wdzx
Iuaqq8AOP7jooofNnTrb9+XKPw82qE1Drzogavx6KR+kbnPip1Vx7N5F7SkSpkIK
8ecgnyH+o7FZI39w7Wscat1+IQIsqCbzVmiTmq3eO7l5EBd4HRcPV2m79cF0vL8E
INpMZQjZdib2I2k6XQfrjkX+V/gQrZNOUqaqkI19O4iSEAfxPaCSFyv0Tak21PYU
9NiBo/M/003RgyTAbhd/cyqd37fccFbLVXjbnDvrZTMtqGpENVKI/qyR9FBgdHly
j5NY1ZCmtyz2MbKlbz3w0vQdReUpdVwJnTBdrTjgRxKlepHBB40ALU+v6ZZmRMO1
Ya0HCe/qjsl5l6CeJ4Mv9Szl4PiCABrZQ5ietFigVlxHPdXidJwVTlJUrw87jyT9
fRsmGDdWv9x4VR4RiOUfdWK7MGCWoT2sUk0fQmVelNFdIt0MKlwMe1biaaxDyx0g
7KdoEvij1l5a5CqLssSCr0plN/OFAY6VvKsyDjzL2zws1Opf21uGPIKh+V+hAG4p
vn1mRtmbuh+vAGUwjEKQFAqSCGRTIM3BfQj6esEmzkWP2map0ANpX2W+NVpSzGIZ
5aAyw7ReKHod/ZN436Il3BWhra6FA3oJradNSrw+kUo3sucHeTrCIbgXr7kwPjBl
Q5RbLvENaHY3xJCC55Y4/TejBqbC6JBYobpCWadMi/oJRQodf2p9r+iIAs5oijPB
UTYyMtWXzmIPwOfHFuuoxyGLl++jowkWyo6uc+xJ0Apm1c++ruQSzJhNq4ALalL2
IOq0ex8GM1z8eRscVezKT0+RriIhkYvGJRrzrbtV2J0ZI8ShWnjVXm00lUS2bNsY
X5tfhej92KDkzN4GPOCifxKQuVAnrbzpo0RnKYOeDoZ7eyTMGCkzy+VcpsyiQ939
8udqYqbonhmG7uf6BpQDqSoBruphLUXKP8IQ1spzXFUAxv9HIcXDljhuNnlTUZde
YGeW/FSWvpq1473AFZrSxdOoaI5inwJTg4GLkhqpK+6rRrDfpIFZmGDyT0b5W5Al
6CsGes5PZpMOxXZQ1dTY4CSkb5Fk/TyOS83qrg479j+BuFvIXGktZpLhCBK+qhNT
Kjm78xx+WggDi4OSofK2UmoTsPiQ9/SdHXKbhX7N/f9VpU5Rjlt68PSP4OyynCbL
/dkT3DIq+88JgOjeNeVBgX1GDFbysIBol89IMJAKKVPetYKweClZ6h+eNg6VqgfU
f7fT+ZVn9PJYYnSefDK5MbTaowVDDIR3tGOhXWFUrgUgKLcZF3nGkUkGralowxa5
obt/R3KrfMxFMedazgPXc3Nz+um1dIVDW+fsdhqyoZmbCzYdL80ipPiKqGHJovvj
/Iw05Efk4QcpHOxbmwnr0jJkRxp5fxlMwEB3Uk7yGy9si4mx3SCkzv81IdiKfEkq
IkW1xAag/q30P0y9VTYCyEantYTUruWQOWfScCKBc0nRNdLT7xDoQ8KA1ioFUvZ/
0uDCMKVkQzxAWo1VTNv1n09KnAwqD0NG5Wdh4QFYdM9kQ+SIXlzihw4dWvgP5dGH
ae0SrH3E5xhSzRwnf1vmupiScENyJBLHJVYR5LyUrR4e3LJgeqecYqy6WcxIZFta
fVVN9Lb4Fh+X+cV14ybgco2EeUzBtaQKdN39OMXQOgcHOp74/uedqioej2RtqsGf
HGP93NBtWiyV8bZOaZ4x9gd0DcxjjiQ9l0c4nMq3AaQDf5ZCeYxruQsZJUyTCn6E
w3wNzqwIegE6SNhAFxn7/8VE1DB6Q+gpAgBuNOhtdNpkL7CrnKqSHusGhJqj8Ehn
YGxr2Yb7FSd+VGzjnKXTxpjWumQ2LIm4diSj093Dm40aV2Iv7U8yfD9Nef4b2acA
QPoamHP6QN5k1vEghIvIdcNTV8lt2brESNK0bEjpSTKYe9QwzjTcSVXMf85NE3+M
GayVeTz+G5mpqwjQXj/qhN7IbCEUwH3qXqcziHRp0wwLVeYbdWaXp7VL6SOxkHp9
9VcmZaio0rQqc15deIV5swSPiwSYn0Hf68QYdSY6JgDGZnxs88ZZBr6bL8X14CWu
3iNBBg50IpfAvepz6yxwZnq9wMe/Wk8RtqSZLjh+8ttqkfn+GjymYW1C4k9VJB6q
GY0e+HbCVbIYKDo2VQ/6lTvUmbSlXxdECyRS1SxcjXlu3SRKgY2BziqIZg77xpeb
vcqD7L5WD8b9ReIn02A14pG/pMzgepOT6v1ZoRRBU7ac8A+8HIKCx7YJ0GqviL+0
H0/qdJ51G1gPBRMTwNJzqnEzR8mF+NjBIX6JXQvcqTgRNRbHy8+J5SbqdfH3fr67
+PIksIEM8YspH3Z6s4P2BdTzpgjYOvEPkzV1IlJUMbctgp7D5w/Ldnao/6OME/w0
aEG8ov6Zelg5sKDMVRbiz/0Aa8y0NKA7gRsDn3KFytiUnRBL3XWFUE6+29UzppQi
beescOalfPL0Yx/1Pym2D4cvmP5nvFQjoPgZPIY7iN9+XotmYg1bPmIYtfkJh+6A
rBPApmlVCDtvvavwbkXWpYYv2YEpkD0jnEjfdlaNHrIcVEn6RedoBQk9oq4Izakn
1rJulLbUTTiyDVm8JQwBuSkxwqOh+DWuveE841ctUyFDqJHCbvPT3NygWrlIO0ie
taoIZZsKhKfMAp+j0lrbf3yZSCiPCH+xzveAWPDCUXANC+1eoGbCFEVs8gv+jt5G
k9Qdgsr5DFY0t8MNSqObDIHrvWu7dUvWDv5fNNqw5x9fSvZk/xOfb93OWDsFWOlz
DM0LIUnz0jyiCWPRtE3e5Sz/9u7eOFHo4GbZzQf5ZpdP+2FsabUGflyhvuh0XmSl
ebz4bay0vPHin8HicpPYCudBs8VxKks9RICGPuEi2K3Q8Vh6RT1tbxtIyC5oAwJH
OveeLgrWzd8gzElyK4d1U5/Kb/U2g92AUtw64LTziUyFfePJBgf/XHCAWpKKYinz
C9e4Rg/TP4K2mZR+22fWjs7blEK/x0FLDuz4kfIRlvneZ4ctXhf326plwSul8rfz
OYkC/FjoY6A9MlHdglE0EUqGVLuBVVKkdXty2Rudf3qRjKgB1BsF36ZmiJUFCty9
ej63LLmNdtPYqcUA68/kosjf+o6OVP/i7/Q3k0EwmgCK64gHBvVc79S01eA0crs9
Dv742V1/aMzDuDO1OjTkPMFlt5P0QbxZ7eo7hihjLM3aCBfO0b7DOx3sYLkSMTlL
+H4FPSpjipeT3FUPZyseXUpKP48LyD/0ys1TLN5xPK1mIjo6tPJwzna7Bk2diaqA
Opl+7W57C5EgHWjI0V4wyow1jm1CkZsgqSES7dcEBGmeuiP6wum9P65eJIIo8PWs
xxYykRlp8JI4tSJiEUE0N3mYaSkgVDYlH8BkISgXKak9fG3uI4Xcu9E0kFrR6wMb
feAvCfnhguOzRLFpSH4uZyXk8eZ6H97yf259xBSRyJetlba05DFXXhmnQfHM52zu
SYqorxO1DknjA2wHpvz08seCAmJRqZUFht8tcA8E6wh0Y1gaZ+lXGO7KHz48I6WS
gf39LGgyZWc+1aN49JT8V7I60Mg/8J5rezOqO+w8V7dZvkrfs3loRONDoralkWeH
4NKNlXEVxXbzxKekC6rhstv+ac16ULDggQpYn1fVZy6CIIICLnP9wEh0P3wZ3pO+
C2aV8C7f0CNYjSvaNC04kwTc7shtMu50KRjqor5DtVu9Otb0h0z9TvUJPvukpQ4I
UJKrF0Rn2z+rXoU4zU1ZdBz5kLcUYCr/DQRiYLShZAyj9QGs9SdnhDrIIG/gaUWx
G4EsnJB2wVYf8NrejNcb6XjP5KJM+7vuPn/SmFvqagwzYYISIxSIkFY7qgZz5DQh
+cbM7sg2aMBtstcYYQ4NAs7P7lsjfoSMpVHIG1DtCzcBT2zRWVjlVztpBKRaXOr1
JB749S7HFKRhyc2S48EMdFhP8CyFUFnozcHb8L/3yDRhRQH8qCTHhM4ppDkxbTyT
OSaDoyEtNrgizCSK+3vihtnCbI79VsuRS+jCK+38cgoDaSvWIchCRj581n0SfEBo
6a911A94Ye+yRU8SIhCJ9bWP0tL8dRKonrLBI4Nv/fZIAmFmPxX4rVPNlUQtnCFI
P3JQ15P4UlE/jsXiQQxeimIMbhj7mchBGNIk9rZjS96Xeqt9cHlUMU/uke4bGS4d
kEJWR1VDtzEjfsF4kO5N8jzisEo76QCFahXefiJLsWRIfXHdkgxqPvVrGv9goo54
YLtE8WxxNKHTVLas7yopDPHaqGCEJrDuU/CbhJjAIgR+DLfAVLsg3ilSg875JcbG
hfvdHhcGuJ/sLcFcXTqp8cg2N4qEWQ17d0ZnY5+4Ur18MQEwQ2/zBiGMlA9sb2N6
V2cWt5H3lGrhfIN4Zg/7mug85QqG1Oq3/5Aeot+gG4SMHv3baALvHAbiRktYEzS2
lxtQu9LEssXwsGOJQfXnVX6eLZDaIylkC3xW/rUnmfmi1UxA2xTkTjNGYpjomH3/
K526PnY+dtst88PzKLj6L9fNZj+ViyZYDFeVrG8u4rpg1ecxrw1TsxsSO7G2i3V+
bZdarQXBNXFA/4oScVTv+ISfTK2Af4ObyrJRGc4+3u4U+TEr5O02KReBx/MWzGTc
cWHUZEWUESENKaEdU3JO43ZDMoZcl/tBCLToqJXSHRwTYPSv434L2gAn691SxytI
LQtDH9fnJnS6UK04wPUhAVkBPMAzvYdeYzvpd8tJpe1lqW/xdym1G5NgT9zx9EUw
QwdT5bunumwriBAuWIzOfJmaPjWduuUS7mKo1megYH+1i8Chs6WXUD3Pqr3C/1S4
VM5EVnQ7CjGINOJQ46YLgkND2gT2XL2GdKBu2Qm7SST+2l8LRgLhOrqMeDV66TW5
/NeNg6vWjRTpO9IPXRM5sNhbLpYPhMlHjBKdrbquHDG5EIhMrANrqC5GC+G+vK1F
NHUg+OvhBo+0+hGTSKmTQMSAX+2eQk+rppTe8D2ncNmNSHVQrvUzIRTRKgHjVMBy
zhYg+ja0XEuF2c1ctvKo27KzEe9xxszUg7Qa2qD+gsLcHziTecMKUL00MeFXWd/O
bf2UKtQ0uaR238yzTVqmFaM0V4cEEt1EWr2vi0gXcsAg/O5XWaGiYZmA+x6ESY+W
8w2OJnjDxT2XOijJBe8tR+HZdnWFusfwwTdWIJUg6LD0xEICHzSEAm6kElcJ5UdU
YDmAsQzHjm0on1Fwhe8VxMAG9iPQ0ditDaDkfhJZBwcLcK5M9L6h7oI+dusjYC/S
/q0DXKcrW2/OLUgUhuNaVSC3Z6ypQdtlNb7hhw8mExp32HEHGb7i5rS3DJdX3k9Q
E3QE/gek9oTUTKe/yR/r0xG+5p59kxZ/HcMlVzWvWzx0dwSfATUkTiegbZPGGRFU
5p9zfH7yfM4DilSgm3ekkLsr8NYAQYFqxI3j/ZyyXMze3W8d/BSOJsFEJuNQNw+0
pW5kVk3IkZ0UjdcFmzX03gH9n6bdg2+dU1yk1WbSZ0ySkteqSMvi063EjcQRCxVv
xGiUyfkhYvh8SRYxoM0GkmFnDdt/spX9Y+LsVI+sFbpqyXOQP8EkC0T7zg2E5uHX
qkkEJMSJUhyXg04J+o9+Nl3TKqfqEjy33o7nKS3hJq++WbFi7IupatN8NFhdlag+
eItJ9B1LXXzAwlUX5MwQvnfcD6fdj+zybTBxTf+nAVYxtSROaheC79vFegWfkgc+
rKlFMOb4jbn4pVvmR2YWJh47w/pRZtcLdDcV5ZEfokTloWISzqLuDtEIK44A9Rvx
09mW/zGD2NeDeDFWdY0a5Zp1GwYldgYFOGG1vMrhBdT7tZSOSTky2UOgd3RPJRiu
bIzy5C4EkD2Dp8yibcDvNaocwJBypvj51BGtmyTCc0jEfmpzFw5aAM1aYFxlyRFP
WSN6yedNMX9lIkdbuUCsLjFu0+DHJMez1SpqijSfITGd8jRcyJJfI2fJzq5G0KnH
t8cISm8TwcXkfKRkR8yNUgVeF9JbGTeWA09jfUfG5q10nLDkjKaaeXCg6CUdvgHD
4rJaVvat7UjKBiyTrEpRWWb1YBXHPwQ1FlcMQJMwGFBa2XmuCYDHjrcaEG8uYS3R
9E6CsbOcXbwz8vygXQ1uKaxsOFlEpLd5KKmP1KMerWvwiG3SmBVqfzytMAjfrbn1
txr1ccDhfzf0brVmReMHmu1r1YhknUR/9flpMcOlcDcOSno6elFyU4i3l2I26nwC
mPHQPyr3qgDtoqLdn8vARvxYe72vB28ib4RR+Jhm+zT3+lVRidYV0F46ypt2kqjp
m3rqwLhFxdKhn1LvFqFNvPr5DifJCVHyCD95CKzemZL+xWWkDa9q43Heo/g43n3Y
np31v851o2oI8wkEwvLcWukcH4Wi435wpDncUbyk414ZQwSVp1UTDDuBytAe/+4D
4cGEo6yeiDUO5QQ8L5QwmlzG9iovaRur3+M+S1FVC5nCBeA6U2bEA4qZazcvL94+
P6b8f+JTeS11bbSirjpIS/zgy0BtmU5+jXStq+tTCcJ5OBg9zYAiOlFK4ItF6pMJ
NMEnOF7cbxtv2lZShKfMPx3GjC68eAIpxX5PBbDvwktE+uI3iTiXtYOqx8hh7GBK
DU6GBtrT4cIm5Z2r1RBCFNtHsu3SP1b4qMQbou0Ak/GhkLAkWfdwJMu0Tm8Gn/r5
yL9tjLXjdhojuFRdXC2g8Mb+KEaV+5alEMckbPapYsC74N9dPzHvM5cMyw5NZzHd
RnPJxqqaStos2n4f8UhfJr32vv+EzN7ApH7rEPFNxiZzLg18rjTcnUNZMfZAaoFd
U6oKswdLrL/ZPezOyhKnoV3tXEBU3x9XUItBlK3YRoPnfUt6/ZBQlRkfGb08d4bQ
uEdXE70SFm+bPMq3+Q/81vAkXu6/NNoKhnyjKxiOI1jQh7GI7XndV8c7sXhJznth
xVO7GITai2JT0GP0ZaC9nxrKOcnBwId3U6WSu9FnbynYMLkVgCDoXH7Uq9KuLJHJ
y1PplWp9i6+uoKrYAGW723WuUwquBNdFRnwRBD+Or4FGQouAKiaT2fUBGdOJbtG6
Kfk3dQxdDed//faN05ZolUpegJt0bBX7lvXsYq4M3hYaCOgp8gqLXEGgE/oUOrdm
bi1Ou6+ls9zY1ZG7cNBdKikoCsAccX9Fvhi7qwwvYpD9U5dB1KpZyzWvN0b+JRnd
SNrOa3yB/rCateWlEBbizTkGzZRbsASxoLC4Gtq7tVa1WyHYZIAQsm/r9tkrngan
GfG/k0bA4XP0AO44wTK1UJCUu7j8Cka0FwTkI44ocV9RNe8cA2G3fNIHbM0+ATJ/
lY/vfAKPa71JtaRB4l4jYqe8B6S+1YCCJhmoirJ4g/VF+p34iqRrhzYgVF4ToWy3
aBCP0lHuP2fAHiS/qGSPqTsAFE60rPQA6JFtDY+q7vlHhwN5NryAsNDo2Fm7bARs
yaFcQnlxj1jYT+ktqNAVwMS7OVCCENSAGXj33pfDOhnOWg8/dqwjRmJ56DA58HIK
jkji7OHHoXHSDS47juwD3TrBHP1YEOMizzAErSPAaNnH/Kj1rvsu/quhJkT6WmRv
dNZ6zo47wXIMRLf5vGqk/v/JRRxk3sQVrqWHDwAhFLHJAUpNQJTBh8HrRoUDKYTP
bjVpDTi5N2TvhdQ9LjF0SkUG7LkdkDNz7/01SPW2iyjt00ir6sgCq30OtYG5ZtB5
PQafZjfU/WHkSaxCby69UsrI/Gm4/DEuCSh/9SANYlC+NFbj4XlS6szGaq5rq9DO
WR3cMaaAeW6j0F5Fd/R2r6kIWXn5t5KjhLq5eWLWBge3VUnZyRhYQd/gR+R7nuRh
7AGzewsuXAPqExYOQQGrbbW0DQdkFZT3+Age1bGvdh2pxPciVnbE9v8BBzvSTLQ4
Rg2Wdddq5M3I2JgzZk9UZs3G/VvKTIHSUz4yO6FN5S3O6OCErMoMJPqMkpsRcqHe
egY22tWUic+mbiAYV3/29tYppFLGdAshbKXCFNWWSxUPWNoHoB8tYjcDN+XjdU8T
lnCDDuw5QIS89ZgV/Ld+QXBjy6jWWLoTM4KfFTjJfzySN4uQ5nAUWupskohY9Rxq
Qwj7mQanG5GSogZP6+Q3aiLifnlPpsUm9mIQMbUER/OgbNk4yzEY0IJcDM/EUidl
SpZ9qfWlbhpmONQpJnzfBDniWEQpYvgrJtQH/PcYPMHfZ9wumyHpBN7u7dJlausE
dcfw43rhyRlPkGS9/2vN9yk9ziTQs4pmsNAkMkHeq5HS+mWhib/RF/aCWDx4DcoK
aZ/IqQj1AWNlQUogKjtXfMoSXIJVz/noKeQjeErP75S2vSHGLX4XXvMETEhXAFCj
bwnvNH3b5PpeiY1+NVGXaKyydmysITgFmb0kAgL1Z12A26hK615MjAcF82XNNUj3
RNCIMQ3CjAHQHy96zllHDaHmfvxTkZLrmmP1CRq9kN5++zdsG1UQFwFV1YRrw1/U
I4vCClBUSUqPJZZTptO3ufWZhZh36MW8n5wp/DPFSvkHZsBU4/3aoKdsepcQdEpO
QqmP2MaKhCgwWoh0Lz9APJbUDTnx3P5Yqz9EGbAeh25uFR5lEo5EBBCG4+QTs6GO
C.3.13.1. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIISagYJKoZIhvcNAQcCoIISWzCCElcCAQExDTALBglghkgBZQMEAgEwggiTBgkq
hkiG9w0BBwGgggiEBIIIgE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iNDQ1
IgpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1taW5p
bWFsCk1lc3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBl
ZC1taW5pbWFsQGV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFt
cGxlPgpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBG
ZWIgMjAyMSAxMjowODowMiAtMDUwMApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZl
cnNpb24gMS4wCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQpIUC1PdXRlcjoKIE1l
c3NhZ2UtSUQ6IDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1taW5p
bWFsQGV4YW1wbGU+CkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUu
ZXhhbXBsZT4KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPgpI
UC1PdXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowODowMiAtMDUwMApI
UC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMAoKLS00
NDUKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0
ZXJuYXRpdmU7IGJvdW5kYXJ5PSI4ZmUiCgotLThmZQpDb250ZW50LVR5cGU6IHRl
eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlzIGlzIHRoZQpzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1taW5pbWFsCm1lc3NhZ2UuCgpU
aGlzIGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVz
aW5nIFBLQ1MjNwplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhl
IHBheWxvYWQgaXMgYQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
IGFuIGlubGluZSBpbWFnZS9wbmcKYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgV3Jh
cHBlZCBNZXNzYWdlIGhlYWRlciBwcm90ZWN0aW9uIHNjaGVtZQp3aXRoIHRoZSBo
Y3BfbWluaW1hbCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS4KCi0tIApB
bGljZQphbGljZUBzbWltZS5leGFtcGxlCi0tOGZlCkNvbnRlbnQtVHlwZTogdGV4
dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSIKTUlNRS1WZXJzaW9uOiAxLjAKQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdAoKPGh0bWw+PGhlYWQ+PHRpdGxl
PjwvdGl0bGU+PC9oZWFkPjxib2R5Pgo8cD5UaGlzIGlzIHRoZQo8Yj5zbWltZS1l
bmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1taW5pbWFsPC9iPgptZXNzYWdlLjwv
cD4KPHA+VGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01JTUUgbWVz
c2FnZSB1c2luZyBQS0NTIzcKZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0
YS4gIFRoZSBwYXlsb2FkIGlzIGEKbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3Nh
Z2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nCmF0dGFjaG1lbnQuIEl0IHVzZXMg
dGhlIFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIgcHJvdGVjdGlvbiBzY2hlbWUKd2l0
aCB0aGUgaGNwX21pbmltYWwgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3ku
PC9wPgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBs
ZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tOGZlLS0KCi0tNDQ1CkNvbnRlbnQt
VHlwZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2
NApDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlWQk9SdzBLR2dvQUFBQU5T
VWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkEK
TUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3Fs
VCt6dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpI
a0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpCnZkUGYxUVoya0REOXhw
cGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS00NDUtLQqgggemMIIDzzCCAregAwIB
AgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQK
EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBT
IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8y
MDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwt
w/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6
rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXm
bk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcA
x3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnl
sukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB
/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNl
QHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQD
AgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSR
MI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwW
pAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3W
qMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxOD
Wq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFb
Zbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4y
iuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L
0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZI
hvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv
BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
IBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI0
5Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0Fpfg
yC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPE
wjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNa
u5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsC
AwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
ATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsG
AQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ
0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcN
AQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNw
YyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhy
I0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/w
vXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5O
Dxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjf
rgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrO
mqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ
KoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDgwMlowLwYJKoZIhvcNAQkEMSIEIJ28ol3q
l3rJQb8E33lRkhRXp7f6MiflBlmSVD/ed+8QMA0GCSqGSIb3DQEBAQUABIIBAGiS
w+vzf+n185ROCyZOzkM5JM7D3n+dOO42Zan8xgAjIEwzc5ejfh5Z3UC6V0V8RIAG
9A+U/uF88JgX1mOmjEzKUZL965yNDcZ3NCOzFl/WqaFqHiBQC9Pr91AdTCKj5lvI
uAlj+XVuICitCcIerNtRWYEJVB9mMxh8DaSpl3sq+KAZ9Ch1cr7WxhHI9UZrO0x6
bhT9Zu9oouVhjgHiX26cIxdQLWs9yB5Y0bX2iVnBkzh8huZDS/mhTN+gHNLBRQcP
TWa1dDHF73RApiqcEdw296D9TVrBEbJF/eROXZBu1fNkYLGuKSgNU8qrEurS/c9L
WL88ykR3132/CB2HxpY=
C.3.13.2. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="445"
Subject: smime-enc-signed-complex-wrapped-minimal
Message-ID: <smime-enc-signed-complex-wrapped-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-complex-wrapped-minimal@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:08:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0

--445
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="8fe"

--8fe
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-wrapped-minimal
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example
--8fe
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-wrapped-minimal</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_minimal Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--8fe--

--445
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--445--

C.3.14. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10075 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6452 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2083 bytes
   ├┬╴multipart/alternative 1138 bytes
   │├─╴text/plain 390 bytes
   │└─╴text/html 485 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-complex-injected-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0

MIIdDAYJKoZIhvcNAQcDoIIc/TCCHPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFBmUFj5A3XTaViADTdEzM1xvguWWYVimplV
M0MNhkdXqntYz/3JDmYnNPv/PlqeGfTMITSKk7xIAQwxr6lE25EhgH0BPeeIoSIx
bxZif9UPcbRfIrhtfVAphPm3LNLipglZx1eHk8Gs7G7rujGIW3HDtSqqba5XrSO0
A17+bda6WTdlgikAgSogIjiAxEW6kBmIaOSrjyH2oyf5wTmXF0HH+PKaKIGyuuL3
elOtdwgxigUazRJkeL2ayeOcfldVpHdCEy4to89rHJPtPrYDiEdxPLUdvcy7Mf82
GCWJkm1EzIpnI3eQyOAuQ1SoYmsRtcwwJP1oOLTtSSKeARxJGS4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAchsWz5C5+RfqXNKZHCww20iv
bJHBCBqWhukl1uY11Wa97kqyHJqDgKkIJtGqnc7pWEWcdHU0JiAlcPYe1t2fpndZ
gRMsxK+8hFIAj2LfLFO4k91FbiZqPd87tSjNlLjNeaoWNmRRPQuME1dHm++3Syt1
ta40bumnFPOfA92ObVMEqtR0kjuigh5rJqCg46wjmA32XVbsQSfgmGGbuy6TmjVG
bAWPIPEb4Qv4dESxyQ/Ux6qT2yXjBkK9spzRANdJhFpbxl8DDYYll/wXCdBL984+
+rWgFyIrf+g5n9fWVsiNFxhoKDyCvBO6d6twreEz3LnYbmQ90B7mobmIuFgFJzCC
Gd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGYE2wOpbo93BzPOeYl8aWGAghmw
HZHvOQXwnF7IcXKRfeHmWlgqDdpRhJsJlOGCzLHTi23RdXjr5DQh5PEo7MBGEzFh
KaTJPMEXic8ytve5IgAHeYCdAyfIAyjL4Dv8b5ZfpxSEeuX59JfLUqIOAGtsY+UE
aYHskoOj5SyDCw7I6RcjAF5NuHKR2PTXIL9hj5v77rAATSMDzdD5MCy7/fbEc+9u
JSNFRUV3wVlb2jPTjBToMNMei4YrpxZ60Ru005s/VZhzk95E4xmpLhY4e5fdouTj
9zQVWmjZYrdTWEMI77Kc6ZcuGRpNncdKVfpMTd08qOIbr8uHW4jrNqIdr0Su0jGM
FjLMGz5hxM5adSp1tdJumH1m7KZDGYVT9sLF5JlccpmIEeR9uKTUDy7ePX6E5eUp
j3MbU1yq9+WI4WIFgMOsc9rDumsSVceT8Vr6+ln/239o9MvdzlzEsIjfHx8t+GNd
yz2cZI0G37fKy8ON1epDd8Qz0sLollVs6ogtodnw+fT6Mt2UIzfa65ydiKl93tAN
yUmKDmqZWLOeH9ehtH6OUGbibR8yv0n0TmB67RI/38GPsDGQ0H+VcUgwIxUqLC6A
W5M8cfHl3GC5F09Yw17dGQES0bQ9z1zpaPaYF9eXRWA0GQFI0eXJPLZ70DJFYf+M
hzrfsPSvbpbHGMAW3AQbUxaWv/WTBCFGPl+yCmB4rtx0Tt7lhU4VucfHvu/J7vH3
GIvIWtKEU+v7h+rsmfWFYVNz9AjmvS2OUjNoVOsOfr1QLG40pvm9nUm3hoazN9og
m50nExCcoH4fsK7bbKENsvGOxnI0yIYfN37+PWCYgmLGb+nknWRIk2yjCWHHdtrV
Gosm+GI4cdxQbHf69fJrCSkFng9KWMbqG8uF5OZM9pJn0F1jFim3ykOm7ZwQETQR
oTIkcNFALoMOe9L7NW4a4PcoJSPTpAirT7zgy1DpN7s5WPO+GEIQw3I28CXcHNIC
PZm5LC02XOZI4z8cYlYi6AU519Y5tWrtQDF/SJSmTggRV2Xy8bdemUaldkoFmCFh
CQ1GF9frTbb9ztk4BFIgBQmnqLfZKAY1gch2IVePwgn+KCIV2jouppssWveZfBJt
XoIFgC1yUPWHHDxDL5PIS8r5yHEGirjuAtWmcE/KY8gkH8jttNXtBaeiFRiXMa43
o3KkWcNL1ijZSi+dId6+j+4Pbsw3Sr3re4m0yuClb29S12INCafJS8NfQVC0Op2c
9oAcWgqlU4FU5ea1Nltf7T6jZP2LqYxcorrhSh2b+wdj3EnnOfOPE2J1WDRUDIN4
KlzfuOdtdZevtLqsisr5Yj4LXdB9XwPCvW6BA6IU3zJxTGGNWJU3P9vSy1EH6GQf
xmswnFDKdbtCZdQ79+ohfnUOB/g+fRPx/TGEa33CSO3SPHdnUvdsjQ49qmuGoTdH
r1qBLrAEM2FATaxGkBNV5BPfjdPNZZ5YE8+Yc0rhn1zSRoJxNi9khEkLRyThh+9T
cEm/dqSXOSSLNHhHfRpXZX+5SwpKUQUI3ijBW17qjlTevddigWBE7O4bimPgZ378
LwcWTo2UUHW/bPT9UEvnHKvWA9OeOphEFZyiu9aTR4GwCmGdkM421+3cIrY2w5CT
X0KwLc9dqR59TnL3sYjL7syh3VUKEmYR8C1GHY1g1EFITcZcDydRSzacrhma9Ycm
zlQ12i6QlzEGaI2T3OH0/qUUgXaQnzw24MNpBgwt/ibuz9k5FwY/Y3V7xeUf6flE
mnrZNaOjZSjLrFA6meFnIzDdRKDhh/VJkqqnlnZ1HcnswdbH3S6HlF3QQ+kZaedK
+PobT5Rw70cwERUa3B+RlWgbW5iFyZnoFWcrtv4TI+qnmSZcpdlqYV8YsPnaETl6
p70xc23LkG+k+6Mo9GpNITyJXPDygFyRV43gnUONAMXedt9txQ4dUZDwfOV/zS/o
aBNU0L+5c7rm/mi+2JOQbYqKv9nX3S3mPr7sRIxb2rIR6HjP3Yv5afeiC/clzesF
N+ZxojppSW2BX+nCzwLbYSGtsFMTSIWP2gcIabqWiiABpRwyuXE+XmOlSSUsg8pZ
pzE6goVuPw8oC7kRq9sd4thCkNXWZZfsFFP+roirYmDh01JrkQc31miEkZVM+AfC
E9k9+KRaocdElt0l73/0NNjrgO203uF2dl+nLPo7tjPLyZVHylPdsmOXsGTB/Ftj
h6LH4wngzzOEchopQz8TqAyDkU9OiV3+AauNegS5hGFWgcBWsXTNnvB1V7qsjWP3
nxcPUuWsWZq3MuAGb9GZONg/uwPYavG6eh7jl0dHGmxaMYb/6JyxuyK8hnmT6xli
hqVEiBJcc6uQRCs0DsfdNlfMqElcvWNahJO1QMN9MOwpYKTxIUHT1Li65Io5FNed
C7QlTyKJ07R30ZHx0x5PYoGy973/16wF7OXOpHDoZvf0LpecAhSir+5qXRZXB1TB
Wj3Xr7GqNlTrETz5qsrdYdS0WC2UwvmDt5PcCVANkKL9ZIbWaaGaeIv/h8K6+u0D
qplKVW3aG5Y2OFfE1SFyEmLdT4sHzDFXXDzJuXSnH1oxZRZHWT3L/0N0b8bszvv1
yx5yaK5Uy6UB+NIsEa8bmBxk4+5+n3RoWjjlw+t9ByNJeKZj8n9e08soI8ZIHRBR
T6C98YBGg3Pxj8vKB/lNDSqkKGflau3sGgT0bxyRJn7I0Cx+wrbtaNExEFyrLneo
0vcFmAaEAgGZCBkhFTAatmYANT95MhJUNa1I4IU20ENWOTaA5l8a4N9vTcY9b1LB
LnrPncjDn/E3tifjtpZXwOVZOUvI2q4UNUnNmVqJiCoscNp1MHYFIZh9ewnvRm3+
mWKB2qL5aAj5+k0Iqar2mwEyIiyZwHqbymMD3UqH6kLx4RBIjdXUAtL5I0ncUG1u
3Cje9CvzI1ubUupH0LSDjsNgwF1i0n25R0bgNFV7GEaCwPuLHe7WIiSGjRiv1S/G
FQmCSMhKeDTu+SMSwqFVT0HR+ln6qjjCBhXmgCyUve7aSP9TWLpjmbKenJH2pNQH
zegukZYHOjE/eUcUpGmNYpC6pHQLUurJLlfehyOdibQo8bqMMU6B0XIJrsJiMl0g
7PkidQDrBBlz106CcyvtAoCCPXKR2oaiza1ZO5QLdToEMkg+S2DmseDQsvxFrQ6q
IsqObgox+o03CfyRBvWwLFRJOjmaNB4CW7DZjZ4Lq6R8v+3ANIcsKP3sppyKFWlN
W1BJezsMtvOGD+VTxsjVMMn1ffliWWHB+fnKk2yLmybTNZWqq3427FKcrU3GgfXw
fCAM8YeaDgDDyTzcuRu1TNFSVwoHiNkyFpUUCJHRzlE4w7vjmZ4txCUaOy5FaAb1
0C4W9utc9+7GS+JOC8GeYlDEimlQSbLecs6CHOGyUkFeYyQoLMrVyARQIEEbx/jt
/uMiKvzrB10vrvg3PfVT7yUTUUf3GjVcmgePNuUMxZnwW/hOf6ee3wSw+iLrpkZg
jXByzD1vsPXWwATJzaoWAbwQaFEezAYOpkeeaLfcIPSRyHpW42EuDNdVg1EUqTPI
oxx9oCRB2HadtpshR4T0YsMqQLIXVcEvh4x9oDsQW4+ABwiS6sD4Iyqht+0+nuGp
W0B3ztZ+WthpHVuKmnHyKitiwTPmgN+/g3AN7X/Fb4p+JUByhjSu+U4VEUiYm0x+
+Yt7lOwlxqDBCmkYkvrgfD7XarKoNLv11pmFKH46YHFFR8MkcoIagC8nnG2AHPYi
KjuDvbqj34fIrBBxANb7D8pCSVw8Jd3CfLiacWGRkPBxTypI3DJD79+R3wzK+r7m
MFHk+/mnxrgaIJqOUn2Kui4snWmrh3UrJLpaU7Tof4iK6oSXq1Ck1QMVmuTeq1sm
kF/iZQqUmCqH4cLlsQJaXVGJQAUtpmyjKuo52xM2XWA3Q4oIWUiWMg5Q16+psgZU
xPDfLDGWt3J0cg+VEQjfw5WS+zOar+nwlNd/QysuT/MWxAalxTijDJNL9GWcG06a
y5ZWntwuoFHe8cpfYqYr31lx0kpuSCmJdDpDjJQBYIGpnayQ35Zj3bwwGIH37pnj
Tp/xcc2mV4tgjod8K+C6JdPLQ4mRgQOWrk1Q/yh/Oujy7bGnQaBck/MApbLUCSt3
fqmgtTEqxPySpzU7s64PtNe5KIEx2bficJip/OmQs1G2dk9eM92TYLH208EVqoWT
Tc4/V5MBjjRJoyNR6b9zLZ9AAyHeKPw9Eic2IwGWqmQK5mtuNWRz2SIrdzn2w7eO
Ec4aXmjXcO0L3h+y/y9SNOyFIKVZORk+Gjb7k0FeqkKQNC4QbK/C/uRD1Tw3nXOy
pzjRdeaRZ5DTjFfK0Avrpeu4rAcofF861l6kUHeahinH+MRaUEmRNWDnfOtw4KdI
QriGt5q8m3mxFe5Y6Fa2MIKkv/2PvEpeDyH4husIqrcE2iGXwP9Dd0QNAKoKtVs+
XRR1rTpWLTT3sJifBF42jD0ZXHhJJHU7kQzPhKzNDbAxA6hclr5CIeK3fTV7+1vD
HdPq9kO5Kz0Ad1hUjonAtVNtMEV2qUvSk60exlmxkUnvTrG94nZgGs+T+2eTx0oo
rYrPTC1nO2wsC3lCD7bUXw/lEmkJa6VrxRxilrclpqDU5U/S76Qvl4IGkhI5g4kM
6NAlNjnWdM3RcQ+Sb+B0dGXyp0oREFX82RjZi5sAVomVpP8VjU70yGFX5l30AxDI
JVNNz0o4Sj/NBYCiP4gM4Sk6vMXe6d+lp710OfEnXr+pEqT8iYM/AEXEMaB7ybMr
6tS2XX1+2H+Pr+g60NOXDtq2DjByN1SZNyro15K9zTW+f8AbDkiGTdSVAfsuEJkY
/sBwa7sR4S0R4hopG65UW7MKkMI69/GKSKIVWTPBaiRaJnmjkBoE3YXOOzXJhznR
uMaiWRMJygEfsq5XmphA+/Z6s2Rb7Muh/Y1goEUatXD5DzzH8v2BdEob+Mqp/KEA
FD/wQBcB5VV1qKpYEFmZlql63TyGltQ+vV8Gaz7cnbtomS2RKfzS1u7FuX0VMCx1
DhkXeaIy+Osa2ejQaaarkD26lc1V5tOZf77k1KnovqBnf7R7/LJHxgslK+Kf099Q
58wDhljLyHzRnLhFVoPxYvzF7CA4cTgwivtqArrsY6NCQxLvThLfNG5vhsWxtQEI
jOUa40oY75uY0L1sKgBpStVdEUQWOT6dEcZ57CU7JGmtX/wmTTporrGLrXPDIauU
BVKP0E8AXGx8GtcLhC5IOF6EufgdbQNJ7qtGHO0HHiU7IHG/db6Sq29iH8ba/u3p
wk28/2Xz4LBkU6FVtAnnZwECR9GVnCNjdEjOzaUoPnDEIaGLVWxCWBhP4TJaP+Iv
8nj4iLnHqxlFqahHU2qwD/Uwoi9mEs8TiQtbRnwpHLFZVjc3zZeh71CAM1AO7NNp
MvTkrH2yFeukyqpZEcfg9qqXbWo79DTAFxizHUAxCCJRZHyAICjnMUarwtkLueVS
8wB33BF+FYPxN9BVPpxkoTxUTNLxwwN8YXrmlYZkXbaWbFd5mwONNpjck7O1/F6u
A/ju5F5j3JdRBETFdQo9kcCLvcNS+MB7A+icUL2gSSucz03+78C5uz3Y/9m7c75g
pe0FuF5TJeX12syQh/OlNpGiXxOMFUx4F/Szxyfh2/hDWonw5+ExdxRcmtmbSIyW
K06SI6IU/XdzhwbFUYf7Z27mp7kyKxP6IXpx0NZ7ouxRlN2kN9ojC2dKphrLMFNj
xIIrT2L90MNzT+pKm1nwL36m+lUdDzul4awi/rGe+LPwFiEvtGn5UUe2Bl92+Qyy
brdQwSiOpLpxtPrcyLUdh2ZmnLKTmQTbjUm7O5ZRVq0bQevbzBUUZO5bPYyBbyJ7
N+lWn3WBG5UOom2J2P3yRT1+ymQBQbcA/V1pYhritE8pS1CcWL0+BL03SEJC+x4k
8DYK4dVcFUFvRltuZEN954Omq6ym7chVzVzaTl2C25rjo/9yqAah4rPQ3mE6wX+P
NQus+44JBq8oizB20JEOr2EsX+E5MsLn9dYRWIc2QYbBcNMTOVpv4NWU1KCWkqNs
+R1Ydbfvkrc66Qq/SV+HImJkZFlhgpO6EFY6yO+Ps9mgMFFTl7jnVzpCk3s5SpSV
bORGLn4Er7oGqJiye1i/fa+11SfC4sqAwCR8vnCtqzOyjhQUtkY6hdaNKM3B0+nv
3M3FhXl9Gaai2DBdchau3h2b6T6JvxxaTu7Zae1Op6HbU5OxcbjI/p9rQnDKbu0/
pK6Vg4+EGKNd9l+exFXRUJ7RYOYz11N2G7/v9eZTELFZzy8eCJ6gjPsTxBu75nLn
WuV3xPTTS/cyne/uhbUZAq5X4lgNeTiF3NOeTqO/xGsW+ctKe0/yF06lIgmOEMc5
U8rwagGJOqgCicx/sK2uh68jJ4WFPwytDk/GGD/s4C8o8Sk1e1QydQb0yN5S/IRI
tjDGkUYjFUMDviR+PcSypJcFC6rydn1Ou1m3gOhKwL+krzD81f0MgA8ISpCcLkWL
Tt1y9ngRdBbRvj4G69QaYqp4Mvhf1JxE8QnTWhhkBqC1pT9oKoc7CgWBhqDDPfOR
/YmKqqg8ImQlKkkV8DQzlFsUp2aj4TVyFIWRz1FEqk/MSXPAb1DDnvBCMk/hOn8v
QujlsNoBuX8MOXmIxOh6zBt2XlZfSpKka3N1teYnw20h16TJNpwR/RPi8EeyoTME
wYjP8zH+A0D3c/nwG9orOExzn68pFn9pbA4eggkKkiMcSKv82CHGfVYup5/0ylXx
bbxSLlQmN+qmD4yv4cOB4OZkHhXICDaVlTTejGZxJ8wyM9ifqCAl/FsadDuWGJLo
wmOpGKdE+QvZNX6ELNTrcou4BWYbl7Ke75XUirOiSALQTs/f2Wo1SFRmUWbymvR/
+xUtwR7aPTg4c247RXZm16fGVw9Wj+6VSo5O0tkxhb5D8KX69kPcHGS6j5Y4eOVQ
vCcSUXIo/PgyHr6DOAfu6YD3tT6pdu8P+U2xwDqEXbeZ14zc6ucIy3KO04LBkFPJ
qXfOGTlJOfzCAJp9bHhFmv4sUyqaBWnJzL63EJT3XojJrQUWJOxMJp4Hd5Jyj/T7
3IYrenTzxq+Z5YBSROUEIgdVM1VJ6WqtHwEkcRLBYVwflUrqHK8+BmKkzXAJw5BN
96z+6NnLKxBZEjdIdbVOwFeIDd3Cp+LtebhYp5NbR2Xt18BtiKfIV5XXOnj2kJtV
bw5gN+oKFYUvQnm6ynXc1LD8ufR7Bdb8dBfbMt1I+3vGgTrXrBtwMaT1RCGBdDKa
kbPaPLnvbqta3aocfYZisp+iv813iyrTPdws+p/IvAs5n2qEMAjO9LeubZgo2eVq
5X0S+3M+FtjLYhQhkFl0CLCwjSSJOpOAT6GDg6n05TMAC0tSobRY0aSFwJL+NjUb
RtNdqaeOLiywDoT0YBZzFhYoC4mkItdbwFFPHlmymcpXmMlayr8HRfBX8U4Zsc7n
Ov8jLk1z0abuoKxQ67piWac1qL256UD9DDccc7yBR7MCFsZxj9B0IvYZfCQQVDsd
ne+RWzkQPgEeQFjuohHSDIJ0nDyIP2q0Ag009FvhfaODbu6NmJXgowrLrJAN3Aep
FAvHEJ6EdmXP0PliORm6ffR9r8s4Jn4BWgjHaSFSVTDITrKjHFHv3sEqO8Vfskky
H5oixbpFQNPvKG/75eQCqoDJ2OS+rfA8DZcLOBGl6mOz4Kk7ZRdES/EaHZ9itTIA
gzRmUzBqEhNm99cVGhrWBOgab7bRYSTRSG1h8aa3e9H2zWNzJnxkC6qudZ/nS6gt
Wh8ouq3jVGEh0T5DKSPAubmuGZafbFVHmqWAK+tzj9+LQ7vmujI+6QsyZY7u6HBy
PB/ACzN4QxPVwrTba9awEGcM5jz8PNkkhBi0Q5EclFjCKQ/H1Wyyx5PTdtr3nlnJ
EuBk+R13N7CtsQnG6A9coEMuXuGqJDrkAVp7t2KicWgqHFGipz/lgFBln5vF3LgN
59ySh+UldMbRzl0aklNepeXuK+y9Gp3eAjAKDWsUa/uZe23U8cz20ZaOCpT9s+lm
U8iH3gmcs/xCIJiZTQNUBfYigl09UupcjFhn6RFJaq6FJlA5NRb3QXSMrbFcj1wF
D+Vsn5CcPr7j8WkdArMF11xi8cRMiaIWxbvekjLN0Edz+DN96HLeKYaxwCGtoh7S
Tw4dToyLn/cnlo3vvKRF0GjeMwxkuxTvjVAkPFCxbqGkBSYSfMZEPOKhMKIUSTKY
EbvuCcolT3/KGcu0NPIk/025j0AaZ+5Pqnp5JequzXhMilnDkYXQY3OL7SCJ5S+2
330JFiALMzBCtolGzPzGkjAGoxYnhvfHEht6/94H9+Byw3GOkCM7gkThJztFn2Jl
cX8nE+jozsVJzSQ5r9Eq82sF1bMREdK1eOBaWNToTqgiCHI/quGvIXPALjg2OtVw
W53DEhP11rnT++3xQejORcvneyHROB5UZ+5CqXt1NPcAK1CLoCYQAZbG/lDs0Ur1
PaT2HaUJwUs/QWQJ/0650T+fcaLDcx8LFgylf3AAZ8sJAmyGSkl+adHwKAUUFQYf
A12BLJ5o71BEOjaqX+g/aZAqNulIQyzwyxPFfxgZH+EI+ut6a5xJxtz9V5YPr4hu
c7hPo9I+zHZX0qt563m5rpYHFPZh+0SqwvF9xmUrhJ9SAHoJalFNWOgNlAldCYY4
0/0WjzCwSH0ZWN7MFD6CyL6LhFkU/HM++MLtpYn/O0kXdiO1Mx1jVot44dgFYqM2
yh7KozWolPdh2lEg9Sc5xDpGKB1HGPuZ+DxRNoWatM/PDCs5Ga3aNZVkS4oWN1q/
C.3.14.1. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIISTgYJKoZIhvcNAQcCoIISPzCCEjsCAQExDTALBglghkgBZQMEAgEwggh3Bgkq
hkiG9w0BBwGggghoBIIIZE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtbWluaW1hbA0KTWVzc2FnZS1J
RDogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1taW5pbWFsQGV4
YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBC
b2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAx
MjowOTowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEu
MA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdl
LUlEOiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLW1pbmltYWxA
ZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhh
bXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQ
LU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA5OjAyIC0wNTAwDQpI
UC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29u
dGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PSI0NzQiOyBocD0i
Y2lwaGVyIg0KDQotLTQ3NA0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlw
ZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBib3VuZGFyeT0iYThlIg0KDQotLWE4
ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSIN
Ck1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3
Yml0DQoNClRoaXMgaXMgdGhlDQpzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5q
ZWN0ZWQtbWluaW1hbA0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhbiBlbmNyeXB0ZWQg
YW5kIHNpZ25lZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3Bl
ZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0
aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9w
bmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVh
ZGVyIHByb3RlY3Rpb24NCnNjaGVtZSB3aXRoIHRoZSBoY3BfbWluaW1hbCBIZWFk
ZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VA
c21pbWUuZXhhbXBsZQ0KLS1hOGUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBj
aGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRy
YW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp
dGxlPjwvaGVhZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1lbmMt
c2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtbWluaW1hbDwvYj4NCm1lc3NhZ2UuPC9w
Pg0KPHA+VGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01JTUUgbWVz
c2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERh
dGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVz
c2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVz
ZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24NCnNjaGVt
ZSB3aXRoIHRoZSBoY3BfbWluaW1hbCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBv
bGljeS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUu
ZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+DQotLWE4ZS0tDQoNCi0tNDc0
DQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZC
T1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0Vs
RVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1lu
Q3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8w
NDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3Vs
aQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tNDc0
LS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqG
SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnC
k4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8on
Zm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZ
p8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeV
y+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swds
zUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1
AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr
BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dn
jq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3
DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5I
EcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9
sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1p
pMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANH
pyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpu
ob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11
f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREw
DwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2
NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNV
BAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuM
UFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3r
z4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8
gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGq
qaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpE
YlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYD
VR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4
YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1Ud
DgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJ
KGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtu
Z2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQM
xH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGym
WtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6a
CHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczis
qckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGC
AgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcN
AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcwOTAyWjAv
BgkqhkiG9w0BCQQxIgQgs+PAkmBxjBKkPIRiT6micozFiQKAvvSZhTkYgfm3koAw
DQYJKoZIhvcNAQEBBQAEggEAVsp6o9N8H91WRUIBcneVBlUPuD8z5VmhW2CIQygw
ikGTkPD05UAH3d8iWsV1Tp9CuClEM58G5zCDqoIM3gFzpAmLrx8/IyR2EWCIlecV
hmxDDvQGfFj/f4B3PIgX2jZ4QrZ8zx9RzoUXyFd4vR+VM/h28Rme25kA9izmIVKo
Kl0cJ/QcEHeKvN89dc3bQ6fGbLtQZYTcGuxRg2Lm28xlnK+xLUslcKH+1xvrYIzs
UyFDI/mT0Cd9mCBWqtvxc92JtszY51gn2IrmsAGl3XjzncDk7XrncyE44FRnEYvv
hAfInyeb4PGJMTz0/z8NqPujStUIUX5Fx04MzXjwx8x5YQ==
C.3.14.2. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-minimal
Message-ID: <smime-enc-signed-complex-injected-minimal@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-complex-injected-minimal@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:09:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="474"; hp="cipher"

--474
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="a8e"

--a8e
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-injected-minimal
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example
--a8e
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-injected-minimal</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--a8e--

--474
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--474--

C.3.15. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10705 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6910 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2406 bytes
   ├┬╴multipart/alternative 1439 bytes
   │├─╴text/plain 488 bytes
   │└─╴text/html 648 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0

MIIe3AYJKoZIhvcNAQcDoIIezTCCHskCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAE7nxLZK/s05dfUq5p0/u2f6SM9p2UR3TtvB
KF8TaONGyN7lTA4i0/ELq+dGLfTcNvij0elToH/QJo6BfoMuJkOQ0m/7i87+9Lql
3ie/jZCIdQQ4+49Xc66NvvEfA8eOXb17vxlRwUfsoTSfYfGGiNO5xTt6cGVReGjY
QhiMntKi+CAJTQPxku4EbPPRpDpdnqQs2r3ZmH/UcMmDHB12Dj2Q4At98oJuGNOZ
ep/ftjexgomxkGKPd6Rc3aIfJsBq0/zyiXS6LZ73igtWP7oFv/+gf64ukdTPOuHY
vQA+SFvevrRCRqvcl0JXX6LUbt5uDGxzOx6ePELwxRpVVOb9bNIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEANXZcEvRpKBuPoYOK9/59LEgH
I+fFFgj2be3AQWCTPGarUYz8l+oNtumqotsEdWuVns9XclOW+tiNNqHCRvKg17Q7
bBfLI3pK3WPN3cGMVxPZTaGSvmqd8Vi3l2wogV3opZge2Y49WLPU2atmR3Kt1Axg
uZkUUCtstHlT3DNgKE9UFooogE6WITgTnrIuAmAAvRsBbn+i8btVuYugeFHJ3XuF
CspCu3120gRoFkkiDScYzNXW2uQoOSa2+HbQEL4eVLMOhOobtRWLt6vE5g6Ozk8S
GrHzOYRchYjay5QI1lo4oIWCME+s0OedoiqMlqwb2JnsY1RGAHQDAoGU+SeRtzCC
G64GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEK2sdxcPwLCfr9SFm7QUmB+AghuA
QjbCZFKJGKf0giz8UC23y0cwDf1tG8TgxFhOuqlLf7W1x+ux+apWbuH6yq66VNtZ
5n/RwhHw7HoUumEfgRfc93BHo+esiFTdg6PRkadNrDPmHr9V19QmUt4/E5MFprYn
wHRXRttJPeQRpW8UZixKBHWZpVAjoldJuolMWLQIq7iDXX0NaGBSx7XRYvHxexLc
G5XupeK1foIJ/AeY/xPqyQhfqK4nmDO2mU1h5VK5zlUzz7YKbAS3oIMeMivyJnOG
8ZG5XIZ+Ruj4qMP2d9VfqX1c8I5dOO8Hu4tJuEa6ftmaFMGaTByFcnL4XTOrGeGF
RGwJYqOPrsBVTd0z3BNtrgbiUwLWn6OEOKPkMuT9994PxiCi7gD71Q2dF431YJBH
o32pM5wPSum6O5l0k5YtkQ+uFb6zwTrblhi1pC0zy+pcFlCMeafS8IMVLnFIkGyy
C+qgeesYgvEBN/D0m0nAQfhdBvMQCmTT/xXkywhO8VPbKcLECCqVwKJ1cBvHkrNV
FgSiEIkYpSJNnudj0GiZ6vyVSwIdirkgFB9C4EcaQJGyHtDqy1+nkm4EW+gXhrL+
P8FysL1DVR+bYfebshtJpp8DH74/GqubWapja+l9oSK+Ia8fHVBKTbCE8vhfdowj
iCt1MJ6xqpTTizvMdpbec78deEu6May/vtV7YxObPFa3zq7HEHueZg1woM/4W8dT
7fqQypZlVbZUpZWlQ6Rr60OavhEMmDAMLJqLZO5/XBFt8ZNDaFE/NZ7uYpJYk6ai
D/Xw31eMo1LjpHg/abiYcAlu6/J7qdav0xRj8URT4d15fEAwi2DjLJj7OqYFLEhd
VoAQUyyUe09ocHJYopKi7gmCbe6gqEry+31v0RdvW/XhiRKrVonMDIWtaAAWjeuv
Q5Z0QB5PT4/4eWBY8S+tvDwfy4LV+c/bb6ePES4dV9BDMc/2HtAYWwXZ5H8echNN
upxO5O1Lot5gU8F3LcZYdPD5Xt9KIIJ5q9XbgtwQ3w3gx1+WPLHq6k26469lt1cD
Z7bNTwYWKDLFyoM+qzobtD/H8+m7HZ5axXxFiMFw/pQ1T9zxzaGTIoIDpkhmTJlR
jPad7VFsZs9Zpq+s6ZkJXxPdnoYIyy5/CdAxz15Ouy3j/FJ2GCNejwH7ulyxc7N4
col6uodHBj9k6SLLQ96ZBRbSdpHv2Hyy3hGKGS99SS1Jv8kWQRFk9hdjqvKxbJo3
aMMjefScoW+K5tLtcQXJDAbQEtkvEy8bmxHbqa1d2JxTmnXWXVyisAVTl81QFay9
dgzTMMOsUq72Ng4rmPMfHWcPQassvp6PS7M9B1mhdjO9q3+a8gqlY2rNgeMEcxYp
XLRrC8nyJVGODVk2ypIi/A4NWq2Ad2rbLnoh0duBIpStLC1aYBiRXQuFuBB38NXU
TBZKBQCQpRkDKeT3sy8Osygp5ouEZDfcxlK6b6vIX2ABMA/yu87lFqq3PVrtBK3l
DX3aRSwc7YRCmFtrF1OXzU27B9p3RDzq0XGhTmz1aBkTgbYGJbSAuJI2PbpTJh3v
N9zdIWObu9gEBIo9etYEEUCIUhl45RitYS35h+kjpDp5JhsCojd8OOmO+USiGu3i
dp64R/AKsNc1WdZUZl+XGYlRc5pytrd3wMkgDYIWnWXfigb9uVKxnQun8DW2WwhW
FfeD3KE3JuV2y2kDqO6uH5d3WMSwBMKiHkM46JpiidyBcJdInf8E+9w2mpiYqwCJ
CLFbcSg4Ep+twz+ybjX73B6OvEtS2sBAOpxYLfWWKeOWxP0gnhZi2Pt2ho4OrZS8
PaBBNHh8Q4oKwegXe1spQh01fuCzGdMy+U6agtQL6gIdRBP0CAl/iP6kRDhMcCzb
4LOb+Ag8LTFP2+Yh8Md5aiH9OOCgGT3p04w1xNj35FcEQX3Y/zAYWqJ0/b+r1hJP
SRs4uaCx1MnyVjDEP3LY/jgwIp6+2AVmi3Tm42Rq3yGiKu/k3tJiR8laR5oRd2+A
zHDsoDRNxUxYrjXNSbbQeQmYp/44LdaG5bBsIrSVcPl4GuLr7gJ3sA6XLoLIMgb4
8MRNU1KQsulHDh4t57lHn6br4JBesNKhwrIgrm71CAE4ZCmDSc9rkIpTGOJxQEl+
riMRXbNuNVeFN6y4Aw35+kI77n9G57jXUc7+QcsCuwNLH4EvVL92GCiri99bft+W
bEGazQjI+9+v1JgWQsAPsVFSF0RlNhDzUN1NQ6KRGo6l5AsTQK+VjZBD7jCPQyIw
Cuk4nnS9I+hWjBLJraaFPe9swHjuQcxY5Vq/GFAAT1MWqmhqQVm7VWfioCeizvRX
P4WPmF9oq3ALgaWPTJM36NjXcHUrzi0mmqP5B+hV2FZdoXHKPm4dx1p5x15IWcMZ
x7ll/OJ464YoUTsbgY+OoOF7B/lTCOghVKKTkQ1o+rXtIzFrlC6PHMQHfa7Q2RKz
IPikM/dXk3qQYGmBGQrzDo3aBps1XSN7ZyjyHuVyLjJj0NwfQiOAJvgn3zs1k/vu
EyXsUwxKBioKS0EBv1GeRmmPUWN8nk49kcjCJ0W0Po4yGdJ9RBQbL7K2Ns+1B2T2
3is0DOAUlW3lmqOW3xyMgvhkDueKxyjk2eLdU6ZXz2qb79MQwo8ALj54/MsH3AWl
89RU1du+ONmO8kP87cPRq+sayYhRt7lAhik6g+fm/nzBf+HjrSj5gfoRg7E2cnU5
m/Zcr6ZKLXBbk3uwtWMm6un4Cyr1BHRmeYTcUZtlxANPdalKOUXg5hlQeSOIBY/n
v/1opJ2KrssYqqF9IIFQZ6sOh4s6L/HZin7xNgemE/MnTkvZgWTfF2FM3tcFIDVR
rbxP+iRg4KGRZoDks6wl36VaGoDITg8Tnow/Z2flHWoW01EqQWvYGPvGBu9xZ3hR
MrL+bCOHQnGMXpkzICcVjOUFRduLqqz3PrIz5stMbkYbhqNxl6u7SzGI1DKUv5z6
ECisYnWNVyuD3IQ6wS+KwTA0JKTmEAfa/VrW4srjgDrRU7NZ8uvcDcTzFTvk7YZw
Liy5ZF6t7nJ0BNgPkZAIaLCO19Mt0RV/JS5gfDXcOLjBBaXTUA/8weatjNjmxtFk
+tvQQD186a6oigjKcyA54cjdiED1rjYIP4O7nb3gEb8QOsxazTdI1IcNxAvPI6Jg
uewa1JYenMLsjGxZ8egHzCtpu7mKlDbae6vDLm+jEFmkzFHbImhNnFgK/bhuj3CH
WXJ0LP1ZptGua3/V7kOzOGxAxQ+DNlT8VU8Gxo1FwjOF52MWLRLyZv5+F6qBVLbY
pnt6k7ILMNp2r9tJKFEVwfJRLvnD+15Qsew8h+a/VmF7h+EisWjI1uPcPP5IQuxp
QNHlTDpfGC32yRNDbillni7gMt92VT42qOBA1LJpUEvhDgB6tkKUVH4Raiuf5OSo
IbWCK/zLNh1jENTTveNhTviMQaXggOxIlIlmZW5do9RdvH+uNIy4TRPYPeaZzhJT
QmCPfTs+oKg7AxSgErVOsdK30JFfIPNMYrZy+/ol0PiSdCBAJw/ICrywtD1vLGPP
26Z3rR4QhSPdKzjIgKYDiHE4fVK1iUR6aLxIUVYcku3xjs8zcHFNSrRdZr0/Fhzp
QiTINHwQ2kSQoFjVl6SW5PignXIK7W8kptCcG7C3scUli4eOZnr77TRryJC+p/1e
/+IYmN1ijtH6Tdgd5ru98Ovs+0nRAlN6JJR9+wYpskFVl3Jwag3uUrhDS0hdgnpt
4FLpNc9VdNsqzAdqge8cSVRl5knGtRt2hfviJ+4yNTswyq6096I2NaWlHHZ7Js6H
wBvYMgohaRdDwLS7qw/GuBJaBmUMVtK43VlWcG3m8v9bfe6LXkJpq92QIbnAnb3q
CAnpxxl0+sSHiobJYeRnx1rf97ybU5zZm/9T5kYaoLn8komaL07sMvGBPDW2D6SS
2gFWFw0SpLuBVrpMJwlyK7RrOEGbY4nEsIVv38jbxZyP9pCHhOLCWHNfr3MJPAoB
8iVJFtt4N7dVX4Bs/6FpSCcb3dDKCHNBMxmd9ctNxs9NWiggdxQ2TuCTz8LucZv4
1gl/ACYiMOgFQmvsNHfSpHrTFll7hPqO3rBOQm/bLeIXRcbip2PtfMWsNgFLtKjk
D19oHVn8Tv2nrL8RV/Uke9tezT3KEfr/Y9j4UE8v+a+92LxWbTN1kho3werolj3M
uiDclG0R49Xr49cShelmKOY6+4ek4boDEgAX2mQAdIU503q0U6k2X/YrAv3O4kER
acJPoLjaX5zFTrtxQKorhntlpf3Mbo/VP1ENO9vg/e9i36WLcrgANNe0NugI7Jxf
auK66OP3qcYXLDdaIOFYdHJy6qxmej2Wzdf6S7zTxAg64yZORzHgqCrBOjSa+6NJ
073YNmdOckNjnD7MBHtK8VJLwf1gec09fc58bRFqhl5PfxN9bZhw9/JoeZrGjSDV
IdS1tD1S335cg/VVbV3Zb4d3BByLmDkT+bp+0L8eOx9JcZ44dqBBfBE01KFFyh33
DWAQgeB+iCi7SPAMJTnlNaVPoMHnsGETLh3kwNgfVKTegthK5yjWhN/lUfuvs8BI
yi+0D+dlxeWI5x9ZImlVgiqgsDVONCGjwBaVLGR/o28AVJw5wzgkLsBc4CpOpoyb
0aKd4Rclg/w9AlxG0liItoHZHVXLDeElCdyid5v7DTck3KYuVWCCcHMukq/rug76
QLWknimm/KHrzociFUsAnSDChsCLVXxS9GneMo0zg5TejrV6PFbSfCR4LLmS/Ybj
0/dqzv3lBCwYWogh+it/thwRid3dcJP0DgQlgpb4zwc1bDigNbpixnpOEqO7Taxt
2h8d4XlN6Jvvtirllo+1dKYekzFtO/kfvHDlGND9URRN+R5mE6VdvEuzDs00UnT/
S1nD/D2tDhK/o/Ws/VIHteB5OMkOgz/psayf0UCcu19koenzR7Z7ue3/YD8EmFwh
mzqskUICkxFjrsXPF8e/5vaYAtGhi8pZVbMQXq0jeIXwDDQg8c5shnKDb327GT4S
VsfySUlR95F87CtqpcznYPx+eORvhGvuh481EU1qjwuCbMttEdPjKoYzuIi4bCJr
dP//fBL5oMmvZ69YqPSbngdznFrXfi4DaK67xahOQKrukBP3rRvBXyMKgOfDkd3i
oZEQ+JKNOdVEbdKRUeRelYc+ExZ70RCt+V8WUsxIH83Eaq0ywDi3GNob5C7qx+c7
iF0vzWeEKSiTaaKtavCOOZ/DAqPkGkwmUi3yt3p+3Szyr7wgE86LZK/npibQtecQ
4p7frM+wgfVqINbdau/GRX5IGM5BMnC5IzvuXvuKjAV9P3xHaHYGkR04UKBUkZ3+
kKCU3Z1C+jwCA6itATxJ40zVs8UOka8RIpRUBF+BNf/xTeYm83h60o3J4D0TEge6
WFn3GVWRSY8cQb+xN0htvSmWhcUjbKYPD0PgW6nbZm/93dOZZ3/6bAW3flg+Vynz
bIySWB2CRm84HBl0vtQBnfyiq9nomkW/P4Nqe/Xfin8wWpYljEVpjvJ0Mk3JSeTO
6WUEdI7J0hmFNHdbo+QyWS8/NWsHrnl0HC1wiU3YTeO/svhFlWn0+wUVUF2uNKuJ
LskIbIgVIxPVSqZdwEqwApN7Qrf1mW7SopnCj3Rje/BBQwRkX2r9iTdObqQFpzcd
xxC+RhW9vxG/EaoDXVpOC1IRGj5BemINWLAWFgVbL3ZY1xRSeWXnPt2/XOD0pZDr
e7k05yxUsGBy5uK3ZKXRWSuZmzS+r8euBnULQ8filA5Kl0S5fxeNqHRdeKw3DVae
DLhBjrkeQDFjF/n3j+9W1H7qrpH3kkcfK5f8UHAzznQXY5idx/6nDq6WHw7rdB98
wga0yyUVMd7tBcYh/sAB8SA9WQLoMGHE02VipgCA4g1gXniKj5yB7bnpG0jr9QLy
gEQxeh9VIkQdTaQuni7DM2k75wZx7T7Ur0n/4fQx9H+2PXC5pwYNQnAHe81IDROc
aXi4Rr/imgAC0AXzZ/Hv3HzwDzrrmspVBljW8Pe78HRevjhMNzJ2JhwyACsWi3Ps
zELkzZ8SLOaoURBlsDhgVHFOttaZw3hmXRUUeqxkQeG/ovR9YuTTDtD8weRHvNbH
UUxZkAciCMW14U9jfsXtjGV6VNnUOGj57Vhhk3jJI1TmNKwQGwxgjM3aKU1ctbpG
zUSvPviuk7SM23FOIQ9yz3lOjzAMpGbkp9XRGpLsX02sawuSATPLMJtEx28lvD+J
Fu3vgjVIM5x1mX7zEyBa9qFPAtgPK0nAWmxNILte6aIn3dv0ijQtDMiPdHz19UWO
ILEA8SrA40pv877QR3pzTSaEHruS6GkBS3yL0VsxVvodRmTE0ddj6ijdFunn53pu
q8ffqfG/E3V6xb6DHTFWQWfJmyswO0ZBmKV57LTalyY8uwOaLlOlMpRNOe1F5uDj
CZovZY09LFSXD16vqJpNdOh5HwgcQbkqWvbhMY765bjs1dAsuCfg5PDgFzK139T5
UaaM2UESqH4OOz5nH59j/EwW4nG8v48z2hR43mxc+iZD0YIb6+EIprd/d4iqf7fC
zswq5Ro0k53E04YP5FalOic437zb93tb2FMAzqSnZSFGX72LpLIxnrQcrE2ILbjR
oxmc+sH3OPcopzWOi6pnQEcTI5P0pKYeYfAu4JJoF60nt5ZFgqGHkL7rmEcMNpjT
ryh3vPN5uQm/sKTJuJXueFsn3tRCa5XU3wKCx3+42hVEpS2ry03aR2rAL2iE4+tQ
XX+CtdMh3MlVI/qfIRFrKvAcIM/CWvefkKt06kRRDYh0ZUpuedF+LYegT3mHlPuP
S9PMieNCuiWviRajaonug/dOVCnfOj6jZRelpn0yFKuAH03s70rsYDW67AEJvcP3
DzzJUrKjzSolyMufMRvMwdWUAX3k/3wQ5HXH3atpUI6fk2s8R8iSBZjzGRul2jWH
tGmSOLVSXO7KG2uLxIxwYrAUbgLbBszQSqs/aIn4gYv6NBbd2SAyHvRPpa7LZH1O
MbwlvxW6av/ETk4FbMxKzx7cUpz/u9/rDDp26ZHLejM3hyVxB8bXmDJ8nQynrwz8
uKDZ+l4jdkbXzGsWo1LBfH5YN8YWXS9iWXNAOjJaqxKql3cvfQdfIPwFcTqHEy4z
kjga4O1Rfm7PX/jvKYBBAcRykHpoaJ/muQuGq+doiOQAzqre8Pviad/Q+C26gHF0
amZu6XGgAADtOKeKIE4Fqz0vee7uCVzWuTHsCaH4K/tkj1PvF8ERQabh2f94+dEN
ONRv8t48cpyuucz5BSeXWk0RBUhCNUcJRKYgrKF1wG2wLUmMfF8tH9+JjNKG0vIA
DUmmlZZaPf7DLUkGFfj5z1gwzmJtaTvKw8Uokp8M88Z6nxe+e9Z3kiN0AHfoA8Fa
uBwKXPfmE8CUFEdg+HxhfAPNQ2Fi3gXQaNdaoiS849+vYc7jy70nD4j6Wr+suS24
vQsnuh1ns67/y1/GQygs7XkbJbIseT0MAnWhPWQ2i+PQmqMeGqiHARJfmAZlQzdu
TUEu8RNQ1FXkH4Mdiw7hXwRXoiscl4TtOFcBYhwTDKF5zGYX/DUs4Ph38/KQQSw5
H2wzpNl7779wdvzaCGBwb/R3O+sODVg2Z8BoBlYTFDhuverhuWsYl7rM+ygnPRDK
hh0+hKSNSA/pVoN1H8HrnA4jVeGbMjjbyYmGw8EktyC5SG16PtW4soawgR9x6HZb
7XUkwpmqThmAUb45kyxhSsX9bjEejRx/l74aJlNHHnRDi7Iiy52Qv/AB0HaB+oH6
adfyPZW0pnwb8sQPmRP3Ss749jeEFe76ZlLC8kdkL489ORewwVvAEHOEMfEAA9M4
T36GP1RFMGHOT+VX1UPHMxa+Mwav6YbwRpGhQeI98Fb17xcxVXMOXLcRUW4wmCgq
H9SZxXbi/k2Hz/cOuxKuDM1CiQJ+gOLtNgrn0VmBmcMRsXlCUzJz7wC0PEuBxKNL
dOylcOqpS0U+ZjWnYJWlSzzdvs09uhYfFTKrP+HwXLANmieM4hurnqRYyiUCAL+h
5w8eF3IaV2X0mCCCIe9UR09/ePYFMFi3jCAn+idqkoI/l86yOIDiUME5wYUrTZYe
avlJHVQp3UFUuZsTrn4cS0YktPcMOIV9ioYkydTLqBwvWgVv2LEXREQJ8pOsjeAj
VRaIr2TMSucN1IyBn6bDsUgLZ9XiirUtOmq7unnNLP1PGoicKRPll3r8OamlIX8v
Bogf8tPr/jxqlbNphEg2h/mxbj+Huwf8jtIgz6Ffm36RgxMmj1r2Bb5RZBz8YDn/
T4IiWQL/VNtRkAdfgvMFDil7kfs7F62gH+NoicguXM7ZArYl9l/7+e7smIgzaP2t
bDPaGxqCFBqMkCn73WJnlmvOYWFOePEo6FhO7DaAGGBhGh50uY4ELN8iscCqRk0z
WFSjwpg5B/ca3/gp/2TRFENfMFsfu/wlLNvDAMp8MDN+xCu+yYZA+LZMv0GIhlJP
wQ1H5AScnSxowBpOhgB8SMTxaV80AXZ/XtuP8Rh6M8h5ZSJOOFrhvuD6O4MBh/wf
HpzFQ627n2b1u7Uu+nLUWWmOseIkvAm8DM3SFTjfEZBiHT/6PZaxR6y8tUuspaZE
J98EMjuHv3f1eTZQc8e56LDG1/thJIYP4kmtm+Sc/XLbNGqveycQxJmgf4Q47dVp
ojswWZgizstIE7b7wpiUysJMB2cxwr88buVxQbg3sgKwmAzQ2dt38W8A2qSvzTCj
dTcvvJ9EYmm0ZpZhm/QNB1zZjQhAA/BJPk2qset9JuMojsXchrWvnVuFBLWovBTi
MrQR1of26uxc8iOPfD9o+pP0QEBnVA8MFBVqsyDX5tJ9aY6tSMZSDNXtgQgBhgcN
oclIB12wxYumvUltkUfH4qZbtRRE/eSWx5RhkdZi4T2n+CPxFsyBlaDyOSTX9TUL
bJyHyklllDG50us82BUZrjYpDZ1NB4ZnDHWUk0xsVo8SkXKYmW9stobYTQaui55L
Q5cMaRYchnENgQzv39XjsaZka+oY06G1dBdWHtjCg/zG8ZCGq2fWQ4znGRYwnM+B
Wi0YfPSZYvS777AV9LI5e8LgVwUKd8sfCCDy3S1WsgPgmFP+rWvBJ+Fc1UwmyTst
qDXeVp34+0K25lKtDEP8SGbv5LdNpcGHpF9SjW0vfTGWkdUGs+VmLb4R4o8vw0Nl
JGuNzJXTSWbZTLimXJG8vKcsf3LNiLtAH1NB8CUD7OltMHZuYpL+s5esTRjoEkUw
czP1ZGFZVWxvgbMMLJ5A7rzXxz4UWUbCJul5yaSFCm0gdiTsS4owi+GCPd07OXdM
nfesrkSnJlRG/fyvUAkSILcvSLafXkx7joKWpE4uKnNlKxpAutm1qr22nLLkdiA3
rhxDzNQPTsYsh1WrGrNsyIKGTcsj9HoJ/kQ/sRbk2Ic=
C.3.15.1. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIITnAYJKoZIhvcNAQcCoIITjTCCE4kCAQExDTALBglghkgBZQMEAgEwggnFBgkq
hkiG9w0BBwGgggm2BIIJsk1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtbWluaW1hbC1sZWdhY3kNCk1l
c3NhZ2UtSUQ6DQogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1t
aW5pbWFsLWxlZ2FjeUBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1l
LmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNh
dCwgMjAgRmViIDIwMjEgMTI6MTA6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBs
ZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAt
T3V0ZXI6IE1lc3NhZ2UtSUQ6DQogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1p
bmplY3RlZC1taW5pbWFsLWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6IEZyb206
IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IFRvOiBCb2Ig
PGJvYkBzbWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmVi
IDIwMjEgMTI6MTA6MDIgLTA1MDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1w
bGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhl
ZDsgYm91bmRhcnk9IjEwNSI7IGhwPSJjaXBoZXIiDQoNCi0tMTA1DQpNSU1FLVZl
cnNpb246IDEuMA0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7
IGJvdW5kYXJ5PSIyY2MiDQoNCi0tMmNjDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0
L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9
IjEiDQoNClN1YmplY3Q6IHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3Rl
ZC1taW5pbWFsLWxlZ2FjeQ0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtZW5jLXNpZ25l
ZC1jb21wbGV4LWluamVjdGVkLW1pbmltYWwtbGVnYWN5DQptZXNzYWdlLg0KDQpU
aGlzIGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVz
aW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRo
ZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdp
dGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUg
SW5qZWN0ZWQgSGVhZGVycyBoZWFkZXIgcHJvdGVjdGlvbg0Kc2NoZW1lIHdpdGgg
dGhlIGhjcF9taW5pbWFsIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdp
dGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGlj
ZUBzbWltZS5leGFtcGxlDQotLTJjYw0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9o
dG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEi
DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxk
aXYgY2xhc3M9ImhlYWRlci1wcm90ZWN0aW9uLWxlZ2FjeS1kaXNwbGF5Ij4NCjxw
cmU+DQpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQt
bWluaW1hbC1sZWdhY3kNCjwvcHJlPg0KPC9kaXY+PHA+VGhpcyBpcyB0aGUNCjxi
PnNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1taW5pbWFsLWxlZ2Fj
eTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5k
IHNpZ25lZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERh
dGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBh
cnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcN
CmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVy
IHByb3RlY3Rpb24NCnNjaGVtZSB3aXRoIHRoZSBoY3BfbWluaW1hbCBIZWFkZXIg
Q29uZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGENCiJMZWdhY3kgRGlzcGxheSIg
cGFydC48L3A+DQo8cD48dHQ+LS0gPGJyPkFsaWNlPGJyPmFsaWNlQHNtaW1lLmV4
YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS0yY2MtLQ0KDQotLTEwNQ0K
Q29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rp
bmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlWQk9S
dzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVR
VlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0
a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpvMDQ0
N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkN
CnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTEwNS0t
DQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG
9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAg
Fw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpOD
xxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu
5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afH
g4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvv
BZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1L
Y4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQID
AQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
MB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYB
BQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546v
zfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI
6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1
Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTD
VEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6ch
MZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+
sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9C
qaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0
MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQD
Ew5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBS
Xkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A
/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp
4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmj
V3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJW
iQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1Ud
IAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFt
cGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4E
FgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShl
NhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj
/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/
sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrW
g9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghx
wYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJ
Dd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIA
MIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MTAwMlowLwYJ
KoZIhvcNAQkEMSIEIHSYbWFdDDAPhYUWM56apuUijfVOo+PifhU5zx6c+C9sMA0G
CSqGSIb3DQEBAQUABIIBAKMPtesRfTkEQB+oNH7Q3UXQ8ocwDb65grg8QC2zhq1n
pyxiT8RfLyXsjNF1uSunZeGuqYq3uTDVhN/bGlMle5mDeXC4QmsY1QqZz2qy5Ub9
KGgMYBS6LxlRmtXw8zg1HU6YDCEeMaf6GK8swyXh/3YHcdU9nW9/jhz1g5i/bYqk
U2iElzDMLmdtRo+Gr3rjzAqUwkTA+c1qQMJa1cHhX9YxwtoORT2JSamibQzYyynL
cOIklTF/bS0se4Ztaske2TNOa0PmPI+K9zni/hUURMaGn5Xr6Q5BqySfib6K0Syk
ZWhUa6Wuun6cJaHc6ESITn9GTKVJAXE7gnpoq+9ElwU=
C.3.15.2. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-minimal-legacy
Message-ID:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:10:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="105"; hp="cipher"

--105
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="2cc"

--2cc
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
 hp-legacy-display="1"

Subject: smime-enc-signed-complex-injected-minimal-legacy

This is the
smime-enc-signed-complex-injected-minimal-legacy
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy with a
"Legacy Display" part.

--
Alice
alice@smime.example
--2cc
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
 hp-legacy-display="1"

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-enc-signed-complex-injected-minimal-legacy
</pre>
</div><p>This is the
<b>smime-enc-signed-complex-injected-minimal-legacy</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy with a
"Legacy Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--2cc--

--105
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--105--

C.3.16. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10035 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6420 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 2121 bytes
   └┬╴multipart/mixed 2011 bytes
    ├┬╴multipart/alternative 1130 bytes
    │├─╴text/plain 374 bytes
    │└─╴text/html 472 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-complex-wrapped-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500

MIIc7AYJKoZIhvcNAQcDoIIc3TCCHNkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACTMUsGCtAtX6syPNy+FoyPdn7ZClFybHpwG
B3SLcQ44hIyLA70scwBrb+IlMrKK89YrOiEiIXWg27aeYWgH0ZM0rYDEfzxKFeY2
XebiL8uxI4BqAH9UfWCXgpJfwLJx8bIL7bPbn/iCtFyXIuN4vKH9EQiUltm3aa+A
4daqrj/k8smPX6FQN19BrgiyeR6aWI/vjSNJZ1DRRylolBwm/dVwd3xHW5vClu0w
f++YVM4GWTl5rOi91CPQezEq7a0K/HKd0pS5n6rBTqm4EAB871UUqmku4hmex5T3
8bSpxPVadFcLxZm+NOnWV3SPO4VRMYfqia7g88lIhoVEt8zZqmkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhMzKfyQ50nKJl956aj9bQvZR
B985em4kKO/qrgbRQu3z+nRivXio8IxEsqry+vaRWIc9QV70RPGpQI5l5Al/q2Ub
HneSm/rp0X1wFs95eu2nbebsY/h4Ooz9LjrVt0LgR58cXa6fbhwR5gHxIelJnWIX
NhKq6GuE2XdZ22D98WqqzU698F80O5kZ/BlgmWHkqaGkRRoA5cpyPC43eSj4OkbI
zBfmb7wCHYKnORy7cowfyy723apnQN3ceAyK9gqmoUadMRSJdezWWwVBV+7J95Cp
Kc4ew4tfFg79MXiLWLOvX8F4c8MruW2DQBYGj94RRzWhgVf13F/+SaKj3FH+rzCC
Gb4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJZZJb8eHhkVp9CXXyDAraeAghmQ
vHu7+64+/bYk+1XDkPJd1Xk+y+Qp1/X2L0aYCjNYUQ/txB6wYxTvomYQb1gIN9TK
8tCFpT9EgyT9XQKUneRf0lgv53V5CvBXLy0aADS6iSAthS+NFaUsC08r10m5yTxU
iIFDRxhtNCLc21UMdtENQGJ1k2nkfwMYA8oLioLaPp4cNAlR9r12TEKHh7ARvVo4
x0aQEbs/UKKD+NSiG9IUCzQ+fwZAj10MzEra/9RkSZal6Cav9Nldrb82m+px/DRl
IOjft64TH2ncAfZUj0858QJOXz2Hqk5rqXF3DvbjTEI9SQDrnBdCk7tHNhdky62j
zaxfv/PTphJILtCpFk/naoh7dwGlqD7HiX7JuO/tQA9BwNfMQObti40qVOJ94XN8
ARx7pMSdmnnYgnfgng4j07SRbtoI0IMvYCzPB44NzWTTNVY69g4MgLzobDSMXCYv
Xg5eKCs4ShFdbdF/uMFQ6GdbC+cKkGfG3YPK7T/YqPvtPRV2fyqYC6XJluTQQfcI
VuwzQhh0IlJOB0JDAbEdCgP0eEqhlfUoj55Q3t6n3JC+vyDpvpgpOEJE8E1IGBXb
s/vOx1q1iPvbRW7IaA4qBA3Ijc0jA2E+tX5cV56ijKG26bxVYHu97q+DaR03Qegg
FAdN0YkKzBAJzd95jngJQxDq45eGtlFIVDVOlMdfvA5a08O6lKVhMZVHjfErshDr
AuBHyvkwS428xkGDqr4hATbLcgqgEU8XUrwj5xdIpeLUMcFL7qs1764jSNxtGTNO
JZb9ChvSoO37NlO/iQD8zMTBUuA1dBxvy+oabX/uqpAXgOH18ZjizAqlEB/35ZQh
njzprUb/YW1MEQANijCuc/+dq97sBXOFCRqDpZwRQZdX2pbIWa0lpAa3NeLg+xkI
rJrPKgMJtvOL1BuWjLBz7EdEAJaKLB1kMivvaOuI5mRg9oyx4VkHTN1UYYciuhlB
uVeGEjwCDM1l/2YadmZGIBFYEHfwa8dIyTfptKOyNGgnXnWqlZWUumbql5d6FqmK
kXL9VK4BRJQ8Ls1KZ+xqa0bPsmWDkrO5C7bLWbzgEP8aeuKQYJIac331+yJhkfQZ
5R1maW7jC4+Plg/jtTKsKozPoPaUVv4ie7SIr5I2mIbPj729CcV0vivZ/uNKTTji
g0+/77dPwQC0RzCWmrl47L8AnqafFoMh2Y6N8WL7y9ICQmP4QWyl8tER/Z1ylntY
QuY3UiGB5cV1ym/gHF0nbsQoYcqz1Z/0MGzMRqGv9VRezyL3x5KeUb3yxqtkW+BO
PVIuWEN00COg1Z8HkwgtagScpkLKQYuMVXHm6Nn7vVgL9YKwZQ7XvbEKsP1OYZTv
twJEuXvzDrFqdbqkPy8aRQ+uCN2yACpFgsUkPV+cmpcRSnWu5HHic7w6oFelxkUR
ieNpYssWu3bjVDfF0NDdi6BVIV7/WxfmsQQD1tvDHcD9DQ2ce6xjtzjbmlov2ddO
BL1WHzABxKuND0duo1iJDVP5m/F65F2ZWzB/M8/J7dqDrfb2CC5lDmb5R+tK4WY6
OttOcM01cfmU3V09DtcMi8o+W01VG8BU8Bxle7C4OSz4DPSdG/+D45EoktpIY2qN
ZYAsgxWwStVzzMCgugQmGDqDRfLqVRgZuUGjJ1ewtA/aW2HvFinIrgJ2USsbLpCP
2N69lxYoxqFwojI+WLmojxBLFU4jmoaH39lW5mhIXApdFOm7FUO5xlFXl7LnFeoy
/9DFqWXU9j8TkybJ/cJ7e8z5kFpjhDERoxmBckpFaGaBFoLfe2UmMZCAoLkkIRSw
XdOSWBh7gNlqUUacKnNpIMFeeWoVNdrMQGvxnXEJM9EEBA4wEFpYxUIQtG5OI159
OcV5dB6wtV06xn/zapz5jTfjeUcDtucSOvTPoKCnrp/2SktE4UwhUbrx1mhbpiNp
w3/HwqBSebB1oVUWwmlsDqpsQhXz5Xh8+2MnAdG3r2pBhVNUbG9EHxPbCohCVzht
mYHJEx5aMhhmuh+2LroULgK4nlfFKeeXoKeDg45xctgrUE3MTSr6S98boFsXS5UA
ttGfia+qJdkRGKyirMnUGrqkifnEPp/Me4IaiW8xGMxemxlEB6zzsK1YARLPcggH
LIUUW61pKq+Dvv9xyQeZ7/SyzFeMHkb0KlaDZjPadCwRJWsPN0L+f2kwJSxCmfLi
CJOdYDypKW/jfdHwB7LpsryMwR3fSMOMb3gUD4hL0qxtp8zsj/UPmJIW6/5DZy0G
xPnzDJ1/uke7Pu1E1Arp2UJLvYJ0vt5Dfy9707ZDv8DhO8/KUIqePxEY6pDW8vai
bL6TygHnIhAApMpK4/wO9fP+V/dkzCGhqM0C+pJrszcdISUry5ph9csA3LlQusfl
9sR8RX81jmjb3/wmnXfRty0E9M8dOlbruyj6nVx0bPddGF1AG8CIlvcyhudH7LBh
vApTXxro2qAyzASc833EeBZZjKCUmv926coI9ZzINWNAvXlIqgdUmBkk6hev5JrZ
dmT+aMfRaVlvqlX0jVBZYim9mNJNcIxTcovUsEUZU6rwSIhRCVI1Xp0fYgoF51r3
Yitnfetz4SJAUBaQvrl56Dt0XSNaRd6Nvr181TG6OKTAq7lMsEXCDWdYmreX9Qur
y4GcawgiHWdHLdu1YbXNxLRwEKSXAnMbzqV7jZP9AKppZdgTHzjBEsUCWaPt2UW1
MisFQiZ/IfhFMlROlc4iccIFucKvviWQqcAeXaLba3o1MICIUJK5CyaQziXY6S87
r/4FydQBM2L/AdsdnAqISj9CuPAwaXLx/Awek8TcMpU2FcRpjXyKohjDQpo3rAsy
mZid7Sa7C2jDV9qe0j/bNJthC9pG/RKLAcviO3wRMf4xXtZtdi/+qVoD4RSPpva0
CcQyAnNoipAN+3SuprooOT/InDOIkhacXbekt5Btd42ZbFHjSdJpizE+H4woS/tA
wS0aylP5vzH7osKtZ8Mm/iJf8JjC3UewFsyR/GkLETySHAg2HTPdrRonkgOZAMDz
6HVY2eV+QkQ0L6W5ADKpxPFvY4ELzt4LcmN6VA47FOiYahrR7rzy7Z8HIycOS/dW
Wh4Ufz0M3S3N/gHwYZ4//zCASY6/3tWuI1KWds4EY3bXM2P5twE2euEcFV7i9H3/
KqbN8jeL+ymV28M3XaatfglJnRhGzwMxIO3sCtCWJABLsJXGcY1uKmClr1slusCN
Kj9bla2KAYTHoVUru9VPD/cnSzn8eyky+gLxehl2CLdmYGztB6vxHabqZqhoQblr
ZFilgVp0Nf/B/RRFoKh6jwYsvqfPtMxMvR38zBn8VvHcXFIuL3l/Pxz7rTheQWr4
gcfI775K9HGzab4IP1f3s7rzwUuyDCIG4Oel06EL2v4Plr/0GrL9vuOuX0G2jikJ
JA/I4Y+pGdwuW35LUGRwo6tbebv4iFbKyz/KM5XOXWCk5MCirTM6bPzPDW7mPPmz
ywaUqRgYUcmz8tE3VEZAbnKw1EeyiqToddJz/CELPO2hhksi6Ib8wQcKfHTk8mB6
BkiPQNcS7h6WGMO4PaNccF+Ei83HJHV45gyBofcyS8N/hh+6U4s9jfBSOdMyshKY
7YNAIQKrnnSIrStzjkJ6SK4+BLXCFcJpEXXMHn/z6hKbTpQDir+ejI+Z6Pbm9yBV
qyjtzfe4Rt1ewa8ze7pqmnubxvzM5I2rj2yLgznU42cdJ69z5ukaycjaA2Ad+t3d
jLedM2PzhDKHpmRM5b4jnVPUJHh22eH++iyiO4/fYNe1KjiZdISmBxttgVtAZ3q5
CouCaIeBnuFj/L1bx8ZGLu72aJLrjko77AHYZnMcTPRfemL/CQXHTa7SkR4KeBgR
RNQLmYaJUhw3KsvpaA8tglmiHjtOibdu5ZfoHeNCGICISXlew/XJMnjjBfv8Y9dt
OyQd/iSWezQymNR1HGSKHOqqRfukbYzX1qBdK41hzP7EMVqfwDj4u5RgZ/LLbXoC
o556bFxmH0XR8LkOgGb046pIeS+HeC6/If0rWwwzAETzpkF8GtwEXo4urYLSK+DJ
G9e+cm1Tp25R/y2uDWNinQlAauW5ibNg9Df/DelO9TGPSJo+EBO2v7Vf3zxHtyxN
+yo1eRJMw6bqEPdYOWoGmAXBL+DYS6wK5cRgZwMCyoDozedzbjrDRlXpTfrbnJlN
Vax1itYmc/SO0qruzelORMmsjs8bruhqH7m+0Qn2Ag3lp+oxOb941eJyi8tfAyfR
r0YqVBuyQYp/K7IQMZm0rYRhbhTKIet49++k6QfOeKtY1XTSssXfA7m9Vs2vvHQU
ERFl3kIJVblDaLeLz055Z/lrQqCc6GkhAh1l05J8k2ebSbHHbhktbYzHbk41MMWa
/DzB+oN7m0lPgeeW69SAFOmhfZGQt+NaLekZxf/ZYppumFrsXqNGawgBkT4RXBZy
HnjLBs/nt/jdZtE5QWvopBrb1iGAZTUWu380VGk8cx7XmvCJOXBWtmSVOEzxJp/F
VXyLFvfnFebUxce8sdDZ/o8hZ9+UMwdf7Yxii92IvHJHjgSGUYJ0pSUNqEdnqvDq
oBEv3uyVziGlDYYUlXizCtybylHFtp9w4w4FC8n29OIaFZ91ernOjXaX72O/MSSs
rqy8ncECh9ANnt3o+/KzL0uW8HlBhkRlnd3Ke+oNVdpQtfi4GPsJjEvs0yEpK5+B
UWHu2kyw9lUHWkW9YjTda6ISGIXnvnfqyaR2nWCtSZD6IYpHFaZ0rtrJYWBhdydN
CZRlcdZtosjJiSriKh45HmlKuAXUSJsXYXPbgstjw2rfMLiknJDOhhY2juh9Py98
i1YAuDLnmu7ky9Dvre8gU0IaMrbp1KgOQMoILPh1fTieqT/0S2B5MlEmsOYzkinW
p6bY+bpJkX8Tz0SP6hupHXnoiFSyYMBsMr6+Wi8HYSR3DqoZIfTFjJFGltSAxcc5
ERvs2Vs2EfeSQoKuOSoRl0MslD3OpaSSf3znm/4R2fFI8fwnpZPk6t3I+CrT0t1V
MrkLHqFFC9qTMIaTAjoc5o67TkVuB4Wg2RTHy/A8QfHwHWxy27YGJFOD5+pVPiIm
fkyPAZBUCP8nongCjhrdGq4FothBfnrYplTvcWXyweyAnvP5bpIyI2TBaSTguc3m
2ns/eJJzssDebZgi1hRG08L+7LghrGY5RczCX6J5UDpInL3S1PPLDR/5XP78Sm4v
t5OKqf8HFB26XHF/7VsoF44friJG9TALxLWg5CSNgg3lv5IxmjcVDrlxVgfVea4t
l1q99P2ZJtZmhciWSk+apF1LHnj1BYJrTycDt7tCpa7SIXzV3M7i5iBeH9NT201W
+DLXtpYJgjgHbqgW0Y3Dry6px3U/5lTWIqKyakhlXQ6yy8QiJDIw57061Bj/5fpq
F1P5pCWB12zxAoGNgBgiyy21x3GIXt4BN+WjuJxY8NZeDRYCza74YHcrVaSXbgup
CLyvcLbLqAjOiy6Lbgr04rO9KtRuU0Yhid60lqokoAyBu6xuSRQ8FU00UU0tFt2t
antrz8bCvaOPqNTXJMJrEc/3bx5swvSImuDa7KFd5AfAGfHGCQl2boAAw0zEv2Or
d7OcMqocQqluFwGtVM/u1NLy9MNC359K+fdfnqRRDRRdmozj9hLwftgEg5327TI0
hAs0k3ZJiTa8bzmq2L9py0VfowUxvXUkgEFkmJmpw4Jm4/EbA1kK04Hl9zicoVyf
uUnCefWWpmft47I9CI6j2RbMwiK7Cg0O9Yme3h710wyNnDhSrZVhOOZmsDIAJmPt
bZNBuT0aBiHsD+JP1Ai2tklJzDp3n0Pm+QH30UjqgIoOLMWZ6w6S0W5ZgjiHwFOP
Uw4GqDDKFnJi4++mcNwk3WtB8JJ771mg2jHl/dhUqQC2uEZDCkvBv+zplfXdrG72
A4QzP2ju2JBsKh/TbwTG7idfI1v15ojTKuHsjiaNJWCMYZ2GB6NGqTtqeJEF0T5O
VjUJepsXzq1gYHslUX33+UDdNNXzO8GXKkRr1GpBHlCZHkAQ9Q1aNU3ooNtkjcVr
Y/5cIF07KmfOFX5wfbDE1BDxc/6x/usJ+dLwPc/hpw7yTe7RwDP4FHUykkcEIvpt
W+aXpqGHrWXtEKJ6YEhOkLUFm1mbl90TnBaN4HI6mUFrPq6k4dWzyaRLt38ATWzW
A9M5/hXY56D93MGJDqCqZAhNlsX6u7gwTFjIrDqnHkVDbdmW1l1AawLKnEtOk0wl
pc83fdyV+qCub9OADOZcBd4bh9Q7scakZzSAXU8dIrAUkGrQqQlFWVTCXq0ShzfE
oNtF/adWi8uMzqIfqqFwrkuoRzVhKKQbgLloBihzAyqeyjqwqsKeNA8O9NWyHtFG
cTWAWZVIuQofzynihBcgnrIHqRCtpQFnmT8MrKhHGgqbpxlT1M4a32WhvWjYXQYp
FSrnprHlGZKuj8IxOhKnvXgN4707jbhEKxO2KrNGOyqABWAW3HRuyRJiMydFW/wl
ED7gO5x2wD5ZDIMzPcjM//wQIMPv5MaehwCyAqH2wqjshtlQfnLPjDF0eCWzHoNG
Xo9D2jbGbcmmzA0SxqrmxolmNZO/vISRC93yefI9io37w6Pj7E+llUKAJ/R52TBR
LqWjyVavOubVUeerqUHIB2acJNyAgLC6LAvUPI+oQS2ut2seJd8J7Ze3IDSrAfuO
eHEv6cePBa/8lX+oXsBzcRgEkFx/6UV4qdm8RRYBaUOkHk3pOF0hLVeimwX77gz9
fkIbn+j2jQApWuWyuH5Vhvhgw5QlkfV5/kyGpBfEyVy196rp6qacC/TFh+GEtH/3
3T0YTdTAJcrGGevQpWGg+07UBXUxJYR8NkoVTrkB8Jd6i6UEa8UVYlIc6vdNhGXM
rMS4TBPqD6TSh7moTMnT158LbY8JpmDNmBWIXyU4bvX21U7L0qGf/edXgP+iEG4I
fsvEa10in6tplEtnsS9J5RlW2vqERJ3A+620iIWGsbwAKgXmaAnMH0N3jrDipTxO
LEcLG/xi9GlZ+/fclDqWyoMJ0/rBpR/AM7wZwswjQQY/axPDEyEZTujKrN7Cl6Ly
y5cNg0no7LNqlAvZMEtH0OWxAWe2Bnx1Co0heArJBUOL3VgmO2dCdowKvsupNhOO
i7MiY2gZjVnEn5bpOmGuiGZUkJyd/xPiGCj0aRcDs8a5UquS/mLbG1JzK60SDG+9
1QyM1HbUOa0mpfbQ95G8hw7shCVpFQfKgnP+IBxJY2o9lSqrXXyh5rBE25GirycT
9XCWhjHdCnu3ARyB+ykx7piqIqrLioi0YHDRQ50G1PBSYa/7z8nJns/Zutpt2B5E
DCyUi9Sl2xJbmpRX5bM1X6ugGgdsY/NN21Sl+Pc0MZC7s6HLdsH6OD0+5u94D+sn
tBMuqRTtEZ+nbJ4BoX49yrpmJzcDIImoM9i4erVIzhT3YHw3PPfuouqyru+JrNv7
XldDcB+yNAQ0dMDj/n2oVs48lJZWUzRliY5o4htkuLCPYeF3AMTeX9oFomH4z4GE
Qhgubh/5xPJxKTrRmlrL3q6QjArrA0OiMq66Ca4bXlDHRoYvRGhH1EhQxddfissu
MSBmR2L3cuL2zlo8NNrvt1CDypOfMbL9DvubCAJX3w8txgAXOc776NLepfifIqCd
UfoUynGIBgg5De/2orQhcIiQg21r+VHPQXXABM1XktzRNsRtZaW0BSe71l1ORCXN
OP4+2hbmLkXucu/POsiR2IaKaFJSoikCde7DobJxvXOeXl0Z91YfqW9/pilsSFMy
V2DbkLq5WbmS0AdXFUGL6JI0STNyeNsgT+2vZqtGx5QAiR1FMkyKQBkvYd6v0JpZ
3e8rABQYP+kgr3hV0V33lkhlvnjAmMyMxdKJ3lRR2YVRopztjj34JzPceAKoqUw2
5K3GN0l3m2hQaD7wUEsnglK1LSsl760NNviXeUoKkFN/K1uj4GgvY8EvVpWVXu6f
RJvNmhEyIwuAKk4wV4YuaD/Ih89lv+bxUxZQGb9foxI3kXRQd8lHFaSpjQKZpKCS
yA5DSQ+edcQJIXwjD2AHxgPc3zS1y5qSkFW2mVM7azPFaj0LnkGQ84Mlpv/6s+m3
MbLM3Y7v6T9NEBMuX8kGlLowTSEX7NJbUikIWQRWFLveTSDhAcRS/GTIbV+qNr9N
rWFJJLN1mvQj5CKifeAR0ZKQ7/u/hwScWvjFc/yvPeUWTRApE76ybcCSaUyniJYc
gaTKpkz1shHrRdGw1X+I8oaPl/5t/t3mNqbDwjrDpCyGBK2RvLyl/7MWJsPPL2zs
hhC+rOLsTEsJyuW504qmVFLDRvUYngJWFVLgFrmiWN4xW5OvCHo7NosR7RVOb4ZU
gYIDdriXE2mnbxDWFKbSuoBqEPv01n9STF6SJ5Y2C9WLUr9qUG7AAo2v6EnFXwZe
imashz8Efpj/Dx1W7RKLtA5cue7E6kbb+fMrVC/LuWU7IJGUInvY3+pRaHcZIZ84
zhKhcHOn+tuG673sXxkqYPY9i/2ro2lhzZbNhpDsms1YUePMuo3VDxuFjTWE9RJj
BNOuEKXdCjx5eeYdBeZ9tV6oiSysCgXuW+UU7z5/TlB9SdfqYqk8ocMgY5WBvkxH
2shVquE5v+GIqLYnRskIuK2gyR3ziQJ1lSjS58Jwwik66oI6I2XJONpbqsUH+uGC
cGw4eve+jtjWi1UWI/rbaMRTN4SWiM90XuqhYjqI4gtdO884IP9x+dervito1WRk
u48ECR7KQCoLX0mipx8OMg==
C.3.16.1. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIISNgYJKoZIhvcNAQcCoIISJzCCEiMCAQExDTALBglghkgBZQMEAgEwgghfBgkq
hkiG9w0BBwGggghQBIIITE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iYjlk
IgpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1zdHJv
bmcKTWVzc2FnZS1JRDogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC13cmFwcGVk
LXN0cm9uZ0BleGFtcGxlPgpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBs
ZT4KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkRhdGU6IFNhdCwgMjAgRmVi
IDIwMjEgMTI6MTE6MDIgLTA1MDAKVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJz
aW9uIDEuMApIUC1PdXRlcjogU3ViamVjdDogWy4uLl0KSFAtT3V0ZXI6CiBNZXNz
YWdlLUlEOiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXdyYXBwZWQtc3Ryb25n
QGV4YW1wbGU+CkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhh
bXBsZT4KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPgpIUC1P
dXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjoxMTowMiAtMDUwMAoKLS1i
OWQKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0
ZXJuYXRpdmU7IGJvdW5kYXJ5PSJiOTEiCgotLWI5MQpDb250ZW50LVR5cGU6IHRl
eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlzIGlzIHRoZQpzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1zdHJvbmcKbWVzc2FnZS4KClRo
aXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWduZWQgUy9NSU1FIG1lc3NhZ2UgdXNp
bmcgUEtDUyM3CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUg
cGF5bG9hZCBpcyBhCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGgg
YW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFw
cGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lCndpdGggdGhlIGhj
cF9zdHJvbmcgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kuCgotLSAKQWxp
Y2UKYWxpY2VAc21pbWUuZXhhbXBsZQotLWI5MQpDb250ZW50LVR5cGU6IHRleHQv
aHRtbDsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1sPjxoZWFkPjx0aXRsZT48
L3RpdGxlPjwvaGVhZD48Ym9keT4KPHA+VGhpcyBpcyB0aGUKPGI+c21pbWUtZW5j
LXNpZ25lZC1jb21wbGV4LXdyYXBwZWQtc3Ryb25nPC9iPgptZXNzYWdlLjwvcD4K
PHA+VGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01JTUUgbWVzc2Fn
ZSB1c2luZyBQS0NTIzcKZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4g
IFRoZSBwYXlsb2FkIGlzIGEKbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ug
d2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhl
IFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIgcHJvdGVjdGlvbiBzY2hlbWUKd2l0aCB0
aGUgaGNwX3N0cm9uZyBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS48L3A+
CjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5leGFtcGxlPC90
dD48L3A+PC9ib2R5PjwvaHRtbD4KLS1iOTEtLQoKLS1iOWQKQ29udGVudC1UeXBl
OiBpbWFnZS9wbmcKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0CkNv
bnRlbnQtRGlzcG9zaXRpb246IGlubGluZQoKaVZCT1J3MEtHZ29BQUFBTlNVaEVV
Z0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQpNQWdT
NzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0
OWNpZGtFKzZLd2taCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhB
ZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkKdmRQZjFRWjJrREQ5eHBwZDh3
QUFBQUJKUlU1RXJrSmdnZz09CgotLWI5ZC0tCqCCB6YwggPPMIICt6ADAgECAhMP
LSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFC
rS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165e
rnT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc
1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5q
DTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf
58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAw
HQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwH
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU6
8ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644
DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2in
C0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLih
ne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+q
YC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjV
D6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0B
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4
TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7G
xVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12
DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkN
BR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR
+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQAB
o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G
A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH
AwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZm
czAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F
AAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd6
4roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27
PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31
wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnY
xs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgN
G/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcw
CwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
9w0BCQUxDxcNMjEwMjIwMTcxMTAyWjAvBgkqhkiG9w0BCQQxIgQg4/4MoPV5+SS3
dMUwgSkDu9osXvW/VGfkdy8flM3qb8AwDQYJKoZIhvcNAQEBBQAEggEAmFU6zkp2
o5OAWmgYj0d/5rz3OCI+vu7HVm/Uev7UAmN1hhq6lp+wDg7Okv7C+CaRf52+vCik
ZUM8mwFOfvYsujHqXpQlagA05wvFM3cyD3TGXBJJLwqMlhvYqkInefB9zodHMYwb
Q51CgSZ4XZ3xuW77dyoms7phK8IYV25z4VV5/KKzTZMkW6RKS1+Yq4veos4Uh0Av
VK7vsyKjFmAE43qlAyeBLYrkbcL0OhqHy+ak1rNY6S/IqxF49RhgrygMyP/I4nQl
+iyxSRGDXqj8crbTa6XxahM86ABXWm+wmizP5ZouQ9/jyxp/DJ8wN5jPAl9U3p5s
p1ZWZhyBeXW6wQ==
C.3.16.2. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="b9d"
Subject: smime-enc-signed-complex-wrapped-strong
Message-ID: <smime-enc-signed-complex-wrapped-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-complex-wrapped-strong@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:11:02 -0500

--b9d
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b91"

--b91
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-wrapped-strong
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example
--b91
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-wrapped-strong</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_strong Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--b91--

--b9d
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--b9d--

C.3.17. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9990 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6378 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2031 bytes
   ├┬╴multipart/alternative 1134 bytes
   │├─╴text/plain 388 bytes
   │└─╴text/html 483 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-complex-injected-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500

MIIczAYJKoZIhvcNAQcDoIIcvTCCHLkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEyfTq6Uu5IvtmlefqcY2YVWFg7it4QKjA+c
3D7o/2lzxEJEzuTDh2oV7U9sFeB/FGIbMOZhkjVlYbM8E1U7HHDOLoFK8QLE6QoF
U+H0yW3u5m5WlwCqDfApumhH8UdVUGqK+LEWkoz3aX5qBYiSkFUURa+WDBtTtrY5
LEtVTRyFH0aW/cKqj0qv3tPTQz4fv/m9766Rx0/Vy+zyumY0AgIxYTFHlNmindKk
QPl8lcxYmBZ/a+Hv8py8tRRqZu9D40o4yS7bW9A+bDFh7l6oTvNIoR76WTuGh78l
7TpuMuYxxGhMtAEP28eliqpT1Si7pHCL5QFEZU/Mz0nvts8Nr/8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAOuOryrN7KallWSMZXi1vz7qm
BjUC+wiqRf/JOKXYQHeu1bp2/tXw79LhfVCc+hS85gOjnPeUsiRiNbU3pfyvPt6L
sv8SzF0EAPsE4jH/Y8Ytdk2Y4PuGcNxEnfxDY2N9nXCrkqPeICFtb/R/fLx6INRW
ueInLsAlwzaIzPmjVp4hogGM7RsUM9aarYqy1EM6+13dLrn7eGNKShGVioQEqVLu
KsJr344I67Rpg2i4X7Xed/Yw2A2Z3W6axksPsxod56wND30MkqnhNQJk0dlA8aCX
nIROBHkWHSh/lbmoGjkqPLyNMM+JAfIIfdY1S6srz/GJc3XKbyfwyeQh3MNq1TCC
GZ4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOgTlHQBLbT0Q5kkDf1RkpWAghlw
IINRo30galCWujahmVmI3uXUQRi8NbbLc3wH/E6QWKKflldtHhMNfD1Utu2J3hd9
DNM78E2tXEyb0HM/VQyRrgk2zi/CMmTv/caC/FN1SOgC5FN++CanaDBpe4yBTqnm
XLLiDvqN9S/dOvmEUhjA8ydhUUqLYbT1k9mMoeYB8xZt7y08Gtieffo+5ifSP2fJ
3VdYyREJI2o6QrMTZ3rczHzBXYJny38/L23tOu5/uUkfxVeHkGs8lCA0EOQFAiEC
0yBUL8gPCbVPjQ6ilsAHmDr5Sp8alhu0APledhJyaA47hXG2WVq47w87rsM04Cou
xf4nZyfrefWdSwLVM+Rc4MdrZxEKd6UQqTvmP5I30JKgothGBBcXLQ5UiMJXFBNv
HzLZgTIScbgOHY8f6NVLHxAbItg3nIiugebk8TpXkl86BsV8kszxkwEPmhOXXDHf
Ozo6GD8r1eztNpDRcLNHaxPO+6SvUP2VZVu8a6lsZZQwlC1xNdVjbdhONgW+wktC
NAXgd1PVI+HR+9+tFYXBRUZkKprL2OSb4NVAJh1Ph9Kfznw/qg8Mg+EkHrqkVsLt
/lahIbZJgzFQgtsv88i0a8jOeUBrkIw1pQ3tkXPoVkj8jwPY1tyDCbuNLjwfVz5J
XMm8QrzYg3AXAWesEM89bk9FrG37U+s5bQ7GSA+dS9aDy+VjoMmTSUSj/Xp2BrG6
qgm+dP7NqvHHWoI0+QhTJEgSSpXrS6di80sEHpCFTbpp2PzlnNFRpo43mSjLx3QM
Xx0y+BVnHmCspjexEpw0ebuFIQb13+8/6+3KwcPdSneCkVxY6/+ZYcV7dPRQ5D1A
r8flrlVpxLhNvcFlYEOJO6YHNsHZ40ZvUR60E0lx9PBzV0c02keqHGxSwFxyVKFQ
2Vjgaa8275lbtE0lchtx50SmALlIodSSsV0WhYXJn3vhlzfXTpIVV5R6opWwXOpX
ZQQZjmknMZStKySESlCLZnrB5JEDs5N+c+g7KOdpJmxekcMjFZGn+WfB1sQzByMi
V7+IvZoEYoc41oMEjI/rm6GEiRihO1Xd8/+omGVmB+xfifwlPuOBO2UayM6aHUjD
HDiyByy4NVyiRiq5MLLjGrF2JEgNZG9awjYHGUTaZnMtUpCaFwDmI9boV2nZfgIG
glvlxgsw3Ho+98kwakiRslPJZeQyk2PcY+c2jXcRM1w2sfPMt99qrzx9URJZCdB1
yIWDxHc+k8T4mzTAwjVTgd+bF8SPVI9ynUHDy1PTp0JsBj7s16GOdQEy0fU4WpUC
4JpB+HrZicgmBxroo+srlPWw4VEaRu/HeHumio6UrCChsH4rmNyJz62MTtsSpL0M
BymdaCANCS4qjU3gBz9oj/WrY1nDLg+tU9jNvfQwFNJz63loD9R9XjAyoN/nFU1q
GkSHN1Qwa6HUyOHgmwUS5ilhx5pNGuCeZ5V8XTveqijZczBinVytr9yW+xocKbAU
BcbHk08K2ZPhZqnDWQ/hb3dUQAFbMZZ7Xlj7JYfUOriwF0OTmxB/rXQyMVXN4De4
QcAPqNXQXP8Y7fdqkeyBtMLC9SgKoNMyqSrUuonL2re/TquajVdVSW6xwsk1TcL4
gmdA1gta3vU9jgcmA3C1ki/o1aFKobWheGgi1GGQdWjW30ETfiAv2GuVAJ/Jv4YW
NsM9TZR/hg2XjZzpPGssknJJzY2HB2TRPB7Z7n8YJV2HeQOzeE9hwSHgdbi5pokx
cQYGRcJmuA/WyM4zsw3yZYZckMbfCKLtXqm6AxOtzjJWZCiKgbXlPMk7SOPyQNDA
KQllVKEFr/JprD8vw5d0pb3EyjA7p5536vZnJ8lClq82b3MRY/Y9neOAYH6VyAK3
1m20e2uI16HcKj+jDiEqVE1UIom8PbU9zh5Cn9G1q8RByDqLIGdvKBiwJ+IHomoC
P56C3vRy8mz7pJD5ZpqcHeAy5KBNW/dLWBbvkw2AgjQe+6oVhC47jy0JZEEy122p
ArZ980W6t3IuWSMS03n9Wvm95yL8PkT3vUWMrxhi/lnKvsVXodkzRWTP1TxTfDFA
42mD1ncJIqu4ejBo1E4qcthtAfL8NM6/6BjUxT9IJYu2jLi+5hKWU3WSUPOj4mP7
C1XMxy0jJORkdI1ue2ByceXttqqfN8u+EiBL/Ft6L8vALoidwDcPbKT5pKDkqW/N
DapliWUT1w3vMoFSRdVh4qeIRnBlIoeQKmhqyGEV+Ar+katpwESRXD1+mGVSUdAJ
fy3oMu1MjEf049eV99SlHZ9Zw980ogieNcpVmQT7BG8FnOoQ0xHQBYKG7toklPo6
HvRzi5GA79nl3ms5xFVGZbdPfz/IWA29mJDaMTxFmBiIUvDrU20bYUtrojiwufhw
0ruFJDnbz2tD9ukZELBX/agEY2ggLaih2sRES1nE7sekm1gHHqt3KFhQrDdBRfop
a/9YzaSw0CUE+KTUMRSbvPfL5JcwGE6VAj4oybIhlDicElItI7LcH5j+Ra5jxx7a
yK/8VUZTT0ydr5cvesqKM/AWskFF2pGuS5MckFE8cfwyJRNAIhNrZGFrwJnTfh5H
05XVd4of9rMqU8QobjJWMwzLHT/6XSfKSe/duBd0mbxBu7nrZ2B3dMxIrqhZgZGu
JOznudAalMvlbWO9b2hkOBCZLMZdvN+pjx4n0Xqdwdg+QjutLtzsrZlupkL0Btyu
6oDTxfP1dwKfPIiyg0lGs/pu0Y5ayxL9u3K0+dTg86GChrGeOqoN98gaJKZPVP2O
nb8EEEEiE9re0fiyshRT2XMlbzSEIXkMF6ZtrihpMc9lzo82vB3Wq+jxP8Q1qlb+
kr0QkdTRP8JAJOnjyTTYzDThNTlaw8MzGOOMpZuxiv0Fvh4+kpLcX6CVeTkO9xaC
zW8Vh1BOX3l3HtLdWFjyesU5qPtoCTDXJOGdL8xLiKmGNTZTMvNQIBCeQWgPYoSG
zwrQ+8XLdf1rg07d5sxD1gqqowwpeSWQ/pnc/KgYE9Od4VQ92/gjHQIq4mNxhsDW
i16VVC0kKGTA4Rf5vdrYtvYwY5DXtoYw/Fx29R7HNd9q0qeh9aexbD9/hVFGirDP
5Qi0XLJQ+6+B70SgEczO7byDk7Jo14h1Npa3SKl078cKIAb2PH1YvQ+sNb773oQr
Y6DENnAvgeHQNCjfAVbsLho8FBGG+VjskpGhnH5tHbRiUa6Nx23Zr0LWhSx8bHr6
ydEBqskGe00P6sfAitDqWFGqhfLRpJbPQmJKj76N0hck6jIRX76DhcdsSbxS1gOB
Fpocsy2BK5tylxRUwrweubkQpv6k6PVQoD1s/sJwRCVe9xPe1JrOqiX6iaAzPgZ2
HOnBgiXdAw9domjxTbJqxuNfi0vKyE0Vi10onSlGGK+SKcRnfP8k2LFB2wli3gZi
cCOxvHR+sY+xnIdiOBAMwvkMooZJxPwm1OQH2l0PfH1OpElJJmGKrK71YOjLj1oO
R1RBaQvpKkHlVzv/a6eBWJh+7MGdRkkGrA2WaSAFoSUbj6bq21hcODTG+0wZNdhX
1HJ8n7tYXo7KeERjofyNtTqbj0iRoOaJRKkk/ZvLZfvEgdDCCXgHecd08TUWfzf9
aW13E5PV1pT1y63QvW/04whPCxY+hctnGqo2lYY5d4ZrWX/cZLit3tn06Uso6WdB
6DYVbICCwpPTNvuOhoSl7Tg1rdQH3AiWaC4LNs7M6/FfunfY81F0NEykmtr4XcOE
ANKEcUoSIsoNBKfTQayG4aRRQvDOat9ovHKOHNXHJN7IBhQie9WcwKlzs8N1wAa6
MW1da9oLuLkmtVPrivhXIPYHPQJ51Ug5TilE6sqPi5PJoyl8flJXCGJ4mFdArk4u
TLXsCkKr98DGtzpCz0vidK/FZ6hB01krLYTlvlbncFgMEq7GYNCbZpSuWx6eMucE
PRHHA5YGiz3Wb3/n8W9i9XOaTx5pkJHZ7uTyLhWw+IpCY8cuqi5cmykrJ+r0axKr
41xJn9Md7qXphcBuw7WEs+/L6flZpnekZR/bs10HMHveFuuYUINLngRFv5mIRvi4
vfQI0EuRagKlX3kmHkno0R+IZL5zLPf+vtC3qlhW4l2MZCjFmsANGMLPIxiOxrm5
2DslS39ujY2x1J/H8tQKhSWYhEelro4F31Bcb/c/eCBZ4BLDK7foQo0ZmsB+ulmu
koGSMlQnYcMH0OgWu4x1wrd2CM7wXA19LphH7DVkOuIficA5tgslG0RgmuHx5/9y
iHos5Lv3ej2Ks9Vpu6JgcxPN8SZJt7dChNXjn3oajE3hDJLFBTD3XwtxHh3ZM42Q
GkoN0jwY5FQa4x/qT1yR95bsHdXeRC0u9+etyBMi+DAVjB4oMFn5OIPDWHv9VOS1
uqa/tfoIhoXEzWhvlKpGM6/hEdbzDM5Q996Kg++Z5Kdf1u+hPJbKMU1t165wSJOV
gedOkxNKNSfqY6EPWG109AQscjvvykTpoIwVFVzyXIowJLcMmmF576Fjqz52DFg/
wonzZpdIxWTqmoB2fVzPZQxVXKxCfdKvaZRepSz1cgvzPBXKaoiiG3INf85Bjw2a
7BO7Gp2nA/J25ixLu14sTsk9wpBXCjAxbCupnS4lzgeE5l/volxfzKfwqnZ3zhU1
W1tvRvAQRv99fzLVoZ9B0YrGYmZHZnKCgS1i7Cglt/G9BbIbIEsoeF4DeajeQ/7q
Na+kE4ytfN2ngkbnZtQZhxarZ3uixHf7dVRiNd9RWaH0xtxwidALuzbrCa5zTeN5
FNjR+Hn7f19wDfIruN7tsANCcbz8jXboSdAStBCJiP4gCHoUWrb8HnAB77SUWfcy
fYgIzd7MBAuCnDmlGW3D+MOqpaUh2huupnIOYIOI2GFsgJm3N5cSzjKQOTp2RGHj
HVw6xaICYF7oXNw3gsWa9X9DKXv9HlipVNQ5FqTfFVap1XoZuGQ7fKBZnOq7sd2j
oZNt/OvMOHt7WEyyQ7O+ubKkvSpH8td/hMTSue2PHhu82VUv8AATeZ+j/2DzjPfL
AOoQvzSqz7pPHeTVqZST1Duc2KK2xLY81pIrL6OyayMdYssjUqxUmLQhxoq3Rakj
vlPwArS4LaE7iaXUoVPdEMAKoneCquCUIxtbof44L1u1FPNZ2iTOlPee+S08UjqA
mVMM3Z3M+e/LAgq/kLyh1nBitgccDYW1yuWmMOhfJjRFxjVtYeSDaBqSXYV2gkxd
NMSrgL/4KgEU4zTWkEkQ5dyJeDmtnf2NL/cB+CtTteQPL+Jt0ty7b4eo/A6PhDdj
Hf6kT0h+OK6DvC3aIYHtJ1g1+zxuTCPC5UoBBWbKxVMUFXzAj/V0iVxklwiqsRIy
XzG35Elkm1MKDfm58VY2rnOrPX19IzX4EBj+Z4ouaurECg7sriIOQRC9sz5fIKMz
vX9FlHTXjd4nDA9tCYbFUsoto47vcckh5zNDNDJLoYKDXiH/stEPTPgKu8NBuLem
YWktbdebnOpFGFJDlNPce2HgZx3IxE/e7LdqrAzQ0y/1VHlX5c8Yl30X/1VhKolM
faTR0RKrC+r87GN+2aZHba/oojv5wBKW47yR4D428IUWeD1et8KE07BMr7nryyQx
DOLyu7cxAvtsMa7yPLVS9H8QkopYRDlEOOC896knaXmDEraqCaiayed9WmsJfKdG
yiWsFhbnW7wKlC6+XgRHPD3p6KA9hBEssQtP1HLOD5Xz9UaeoPb2DD/uDtJyTOFJ
AYZStFN9/ZPpfxlV9vLzad0KWxlkO5HPxrfttZUpbhSbUFeOOlyY9x5F8D1TSsOh
POMir1Fku8V13ijdtrwKWnd0wcwNw3nF+SYWSKk5fFxHon8JGtIDRwrIwJOxTmm2
nbwfe2vsD/rMlbxpUCuZNsLkKPZP2y8nJaX6WNyoQaNcVVWVF2mB/Ez1qA/TWClZ
xPmrljocn6EJdrKFGTFL4VmKvRwU2zyNhnv3yp7w2eSMv25ruknflYpHr5GVqv54
tOjkt91HtNBYow0/p+p2lQ/YyY77ZePA/LJgMaJJp+/4ycGWDW3C2wYhx1WzA4TN
UTt4aro0BapiEbTC6ig6b+o7wlKcmwCKUu6eTW54a4Cwu6HOSS02ehEasBThqc78
AkgejjXxMqlqu4wGDVghv/IQzkjxcn5u/yEeAY15fRSD+kM9sFr884zeQu/6hSUQ
IeJpom1JV3XTObFnh1/lfGDP2T2lLzp5ZNWvA3XsG2tUYauWFKGMIiPcb6mpCV4r
jW7HQHnLva9D/Ge/TpJB2ucXt40NggJ9Eqpgmui8UKKO7tfSn3J98z2K0oO/Rk2u
QK+5rE4+o98Q8rJ5GxmUqaNY8p0dUd1U1NXR5AqZvHdYh1QJZpUjJzDm+lCYQh9V
8rJUEpfmPjyLppXduBtUD31YsTsnzPv92rliIWeNaRLfeqLUkLoABFkf0yIQrorb
hgVEB6ckKEg5yU6/PNFszEuLgmQTKfUjHHo0CyztPa+Ga0/RCeJwzp93cKpcG/wj
LSF8SB61yr7TIDmmHmWi4Tn3De7eyjni9HaRBZsVQ9bgoIUN4yfroZshUqIfc8WJ
K35SXDzzTKucfvHqaazQYrahD2Zql+lzaZL5Y14uqcjh8c9vxlDxcr2/MWvXCRxf
8UqMsBiwMwtIvxQxkCs5j4nD/cP019przoKwT8b9jStahRsMnxZfdRH5zbs6h6/U
M125oKWm9QUnvOJxoLkWi54nxE2rErjrXR6zjAgzIdFfLpPuKn/vf+eQHLq6HoLL
2RzJxyACeH/XogMKKg4CWbkFf4MWnwuEL7aWPzHCMFg0427N0gyw65kLkea+q3XO
IvIcG1bHntzIgFjonIhZHUDIdPEeZDR1GQnxYXLmpp5mXnp3q9uNC6NI/IV2hHlS
iCjxKoe4HusikxteLgdVqEeArN7XpAsNC+3pUrg1b83Y4OH+QnOTvXBgFoTVp2Mv
i3QzCeTjZzH5VczUkD+Pw1TqoBtgESCyap6KwPvkypLC4v0MafCggYGfThuD6tD+
z/mrb7j+K7jXdu3IuyyiZS4aDlma/8hVduHQwimpiJJpBulkwMTgmq5mUX7tzQM7
UBBj+SuYDX6PVShkhhbkzz2R1wFJoXYgn7TUmfdWD/qLAq1yR9aEzSwShYrpEi7m
HsgI1lQNa5JJnC+GVN8gPXMlxhqpSMW6SDp+66/MVqwxldJuRTFZuTDPLQvCsaaZ
ZqwwkfcbXzpZvID7gO+5MMcKW8AdhI+UPPmrJfn1kbjJa3Ot2GSms3t7keLHdP7I
o0wmpNqEHSp2XAzOc1m64LfYOULYBklehwEvhvYEf5vCrizc3Xx3b3pAtsEqIwcc
eJQtxEIV0ECIHHlSOJv5/b15aH1sShuvQAtOz6qRnQSt7WXMytT8geKXC/ds2kc0
ZB8cTlIBXj0pgQQWUKfeMsAPHJ5P7RNdU4on2UqpPNnICLQlhwbgSvr9tUcuIz+/
0VyFeJMHKJi7DN9mrZ16Y3dJ5tMs5oJ72OcMx6Gq9tVLxa8rMPCm/U4bvaf4LX6d
e0n3QxE8k3Pe2i/97QDBQXd+0fO0WFGNub07zvCOeTqBIUhdtaddbLddOPsFNiVS
vB3CdwLzs5uzEO0jfCk5z73J9R/F4JEjJ+Q+jvxFg/1poSpiE+vivCkbg7gGW+QI
QMxolbpNQyuhzCGBES0Y47wk0Ea67plHLfVfa4wId8zXxI40697pHhnZ/YGlaDCA
GATW1245nKkS2vyC6YBl6LGHj2tr/4bHHGeObx9KtNOuV1PHVc+50IPnfbW190fQ
jEu9ilFCK/7s3U/h6WrbH/Z8sscpf3Y/F73Z2Fndy5Kua3JzmyjSpzIRAuRxgaDT
7kvP88WoUXwph9k1ro1zHFL9r7Wj1sKnj3eQGFa48WMrC0+DLE/n6DIfK+NNxjAB
E07Iq42YpWj2UHR4KdIuO+w+/5ADEPNzxc57C2v96frWLZwSwPl4dMUEfSLIrWXs
yf6xvnSWba/9PP1kKajKP9G1dgNucNod+8oG+DStJgaCaOloy2iqQfHDiUFM2RWB
mWxP3DZkkTkOVn4n9+OnZXjh6q7YIvaR4jqMK0AGrw6pstwCjNQ9TOzlBhOQZ9ZW
Gg8TPsuWxVjGRyObcAeCKeZx89zMDzUpT/iAPR1O+so7IGw2QAmOu7ClMqpwSlia
hWX8qlOX/MAkWmqKCBZ2L6+kQItZUj3IjrBHcav0owgFGYheln3ivyAIa2xeu+mD
zCkhiasQB75BmXRr36pgHjnh9bGKqzZRMw8veKm2zK0FASZpO54kQnSSjDJ6zPJA
3Yz/sYRZU5gCduzJqY9kPQLbLyBZt7YisaJRAP/Aa0YJgPX3veXhnDlXXlUVgYPw
W4Bt02hagHpDhjIXzSyGaD9HVxgQwOfS1ug3v6v3CDoyMlrmZOFVLD/Qnlq4PkPC
hT5cPGfFLDWmyzFYs22DKA8+Z/QrNEhq/64DkPUIMnLCBP1R8qprvLUSz57LZHQu
brteOD5OUby6D5NtV0OhH1bXBV2jyepVEi/zVrewAzzLag+JkyB8p70IAqbkC+aY
tudvWua7sPy7PjCcGAgDIS6nMrPJp7KpQaVmw2WU3ztUz2HNtV5oPXSR3+hlNcRo
eiFuM+Q4TDn5ZDf3n3HWlRN6WD18ac9goEaQN429I//942yWrLIpEzXWF5mG6PUt
Jr+/xGb+Xpoqirquvn1HU7UB00Q85BdBZvvD/F10X0o=
C.3.17.1. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIISGQYJKoZIhvcNAQcCoIISCjCCEgYCAQExDTALBglghkgBZQMEAgEwgghCBgkq
hkiG9w0BBwGggggzBIIIL01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nDQpNZXNzYWdlLUlE
OiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLXN0cm9uZ0BleGFt
cGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9i
IDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6
MTI6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjAN
CkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6DQogTWVzc2FnZS1J
RDogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1zdHJvbmdAZXhh
bXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBs
ZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQLU91
dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjEyOjAyIC0wNTAwDQpDb250
ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9Ijc3MiI7IGhwPSJj
aXBoZXIiDQoNCi0tNzcyDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBl
OiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJiNTUiDQoNCi0tYjU1
DQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIg0K
TUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdi
aXQNCg0KVGhpcyBpcyB0aGUNCnNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmpl
Y3RlZC1zdHJvbmcNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYW4gZW5jcnlwdGVkIGFu
ZCBzaWduZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWRE
YXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVsdGlw
YXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5n
DQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRl
ciBwcm90ZWN0aW9uDQpzY2hlbWUgd2l0aCB0aGUgaGNwX3N0cm9uZyBIZWFkZXIg
Q29uZmlkZW50aWFsaXR5IFBvbGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21p
bWUuZXhhbXBsZQ0KLS1iNTUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFy
c2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxl
PjwvaGVhZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1lbmMtc2ln
bmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nPC9iPg0KbWVzc2FnZS48L3A+DQo8
cD5UaGlzIGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdl
IHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4g
IFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdl
IHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0
aGUgSW5qZWN0ZWQgSGVhZGVycyBoZWFkZXIgcHJvdGVjdGlvbg0Kc2NoZW1lIHdp
dGggdGhlIGhjcF9zdHJvbmcgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3ku
PC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1lLmV4YW1w
bGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1iNTUtLQ0KDQotLTc3Mg0KQ29u
dGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6
IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlWQk9SdzBL
R2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0
MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RL
bmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpvMDQ0N2dZ
RHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkNCnZk
UGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTc3Mi0tDQqg
ggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0B
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY
60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6
kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b9
7enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMs
wt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5
chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQAB
o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G
A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH
AwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3
DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F
AAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX
/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U
8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXs
U4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZee
gSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo
2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJc
OvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha
MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B
bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0
iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7
pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rB
X7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQV
tkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/
2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVC
CpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQ
MA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxl
MBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQU
u/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpn
HGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40
BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeq
AH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ
2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYTo
j1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6h
noQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB
/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD
VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3
QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MTIwMlowLwYJKoZI
hvcNAQkEMSIEIJ9XCfAStQqfADh506xxVkteU4f5aNyk2VNLWOc3PzZkMA0GCSqG
SIb3DQEBAQUABIIBAG3rww7NxkeWT7qxiKHfqCH+rBn3+nq9hEd+ifdqkPGEfZKJ
2GNVGbCQfVDgZFyOcbHpDECvgOJsRMennCU6gCSlMxD324RogHVuunQ10x/9Eelu
/3tg/myxjl5K6dcD4WnI6i2SJOmgC8JPwVt6BBMM3kVJKnOAVDXrEVwSD6dfumso
ZCR3L7AhLM9NCqaEbtTh+JIgfvs+sekjK3MOZsZqDY5hI5LNLWKiJb8C5TSHxQex
uHv7BljdkqOtmViLMxi61XgQFcSrRRWUW7L/GXyHFUHmu2aFXfcwYbX72JVx2yzV
D2T9AG/6I+FIlkFjqsLCxEbUwKbMuiL4MJFwajg=
C.3.17.2. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-strong
Message-ID: <smime-enc-signed-complex-injected-strong@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
 Message-ID: <smime-enc-signed-complex-injected-strong@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:12:02 -0500
Content-Type: multipart/mixed; boundary="772"; hp="cipher"

--772
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b55"

--b55
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-injected-strong
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example
--b55
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-injected-strong</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--b55--

--772
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--772--

C.3.18. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10595 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6836 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2352 bytes
   ├┬╴multipart/alternative 1433 bytes
   │├─╴text/plain 485 bytes
   │└─╴text/html 645 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-strong-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500

MIIejAYJKoZIhvcNAQcDoIIefTCCHnkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAABMP1JZzkhbWfTPqYqST18noTXOEaR05mG5
2trJ+ZJsXTP7mtinViusj+EmEW+5Q294MGsY2Ak8IOWadyc9dUSpQQDNvKiUmPbE
eRR55QhrkljvjxCkSgnVOfeTY9lKWZh3KcnqeN5dNehg8dlHY9XdrPQr6SFPCQcx
A4h5FlxJzv1y2SXZs+la0JM/QkxEV7HngcRo5rbil1SoY264dhHEflz2hgUtc9V2
zVSGfRTFb/74PmDXdv/Yu9Xrx/unAJ1QmFn06IpA6DMmzrfpmoTXopBxCD1+LPp3
KVNYRWYiUUMcy8txjLV/IEux9rQx5zZjYUPboKqG0RSpw19ajFUwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAiTpkpni7cd1ymS1NxWyIlv+6
rEyhCFZeCGWXva8QRGoQjFn0tmLd6wNfZ8i2ERDutT1g/MDHDWao5XbXijCMD8C7
fZg0Q/Llg7RkkNyQgkxFCqebF8ye4E5kY60TKW4LOZLAJ2f0qdDni1V6hvuTZdD4
n2zUfHIvO5oWP9tuEIgJfFYX8QiUBx+SFbkR6Gnn0/saZ+1hmDNiYmM/OcKwu8MR
PzF9cGvv146nwuekJS/QuhMaZPU3IHwe0+QltKwtHQjY4xmS57VrUyUbN6eX9Oeh
XluTafTzorhOrQufqWxP/qm+wo3LzgnkaI1byATNF567UoDLgnR3+Q3DxVs0zDCC
G14GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENV3RlyptGFZNNUKm+ud0ymAghsw
601iOKcQxZTpQHztsRKDIKVSshEqy9BJkMWQzYVT78kpfP8FsaUKgdSsIKNxVmen
dKXhYUZCDkh3HFegbzud/4F1AgOXttVs+KsUrNLI72b7IlEcM9GumayZpvKuHC9Q
iQINFVZFiZM5BN9BcG1xl55BgCYN8zuee4SA6CBvwZwka9EOTMpv9mnGM8MvfebJ
NIqQXoZ6gcWGcjqFL13zb433krqfENWTZlWdazpo0mlQA8ayF2BjhYiJZRbRnmIt
CQWcJbMUnlp88d1WNcpVe/yAC5MhPN5oIiTziXiIz8rbRlidnAXKpxgg5GpCBq1V
plDnf/K0rsNapjapyMgA+NADpSq2nuQqHXfQMSHV0Lbz1+zEWD1wFRe6MN4oG5Lj
rdEGsNPUhgIQ4QBQC7Xr/mPTqMqi0Bt9JqZmJrbdMEsGWiURd0dZ7eyczdsX7i3X
0r7K07t5UwtzCI1yEus+XbGmAP/a5kDffn+8+6BNtNL+sm9LL2N5A/R/NJYeiEbm
7QdCUhFhqjSRqsVxfa6xivhLHukFYuC9qWf0PGhfNnHSeJDQjuGhyJ/7kdSC1ocU
yIK/7acU0z6FX9KszwU4zG4iV8rWrI3fSV/NthvyRtwFeoPViIRE0EtZJszLp6C3
uF5gjDjMqwDitlmZYtqAS8qH5+aO7X0wH+4wjZ5KDrpsLyD63B7+weRXkYsYOjxp
tY3LFUW6P7pUUxRI21fhJ4ztFiWoVX0ElrP3+MP/Nm1LSWB8qetnqTjoR4GdwMV5
wItyrulVleHZtNxNu2+VHuPPdCl3Hf9vzWQR52j1gsojaGpgRYFx1s4MCq1bL47Q
TXP1hPcRgYNGIhcGOI0eclxti/H0J0cO01O7QhTp6UvDbPCnWLp8SYB2yS0e/B11
Cb8LMp9f9kH1dJbETWDPeEBMGyFQlPe4auQV3ClO5hoUPbbN+ukQalmxuU0wAs2h
gkPmxIPUC0uUhFp0WALSHLsPOJ6pXDVbd2QQg+SlSFNlsoCaCSCQiIIdpf5VgeMX
uyRQrLFzCBAOuRseXa4cuaxn1aNhEFky+1mCVXfe1Ao0Z4stxlM3EV+DhlgmNaPK
zK4QUr+baDF4TQ32cApmx4OW6Qry99Wb8zplU5VA/hPuCeHriZ1ZgMdIilyY94Ia
k6Zx67rV7Yv+NCjHDemVa+M29+O1Budn43NPYE6uP7Gzz48Sl2Gv5QLtCrHOA2By
wTH2DzZ8nISLhBkFizE3ybVEj/z/sDsqzSdIC5QOy0qMz6XRQdxeNulJ/dPWCu3g
Xb+oHhVE7Pa8dlBtpuoH+MmTOmqEnwCKy2Jj0pnI7FFOIjYvw6hv3/8kMz/uKI3r
G8Kbd+78sJhqaDW3nh0Cplz4zp9D7pNO/ZeuKfDAhi17mO271G1H8kiJAoCb3ByD
wVTRmUcqusC5dPVD2Q8hPCeY8+CuCP1BT61AqUZsv/Mj1y3P88PCBzZHyO9R8DHg
LVU/NgLJX35IIX76J09Wnmcbv84kTw7XGLdM+u22QGpRPnsT5gqi83YzHvrO+hFT
0SPl+NIZ668PpG82kbOFoor3OHbCEDX3yksjkfmfQi7GEVYfpdkX6Ro2h53/l3cp
8nUwoejl4LQud5gk8VmY2WvPfhtUnWjJV/BwpWaX6JzaVP1qsCCKxXsKddtWPuv/
FzkAPAMjwy2YNAZhJi2+rB4u9vAEfDD0BQn4XHgcfBpotiJ6tZCB7c9V9zTEVMIH
UC7xpUW+s/NPVMFQ5qzk3sX+q097Q4Ccdfl/yhaJ/0OxDbgYGSTOP1Dm5e9U7tLR
yr7jRCPhVYUhTvGvRAI4TNhqjFDsMERH9q0HOTNILc1EnMixV93L3tq/xjMJcLeP
pnaQuXq/Ndw5mN5xxNaWYQBKfdRdi5z/QteXQoAXqwyxkYv1x0/af8hq6ZiHe3iC
iW3q9y9RCE5fK/ycZ5P2Y0FGwumGnkui4b4a0LOg97Y8TsmnjV3t1gHs7Xha53YQ
SiqUg6MuT6VBSUxOc+EOT+jgqmN8cFGTxJ44/54+nzG9VQd43lMTqF+IJR+FNyj9
d8X0rBJPHbTxKy0uHS0ITe36Aa8bCwUy+9jUGURQ8DnMkAHzysCu5PIJmKwaypNO
d+DA3d4LFmqISw9kRLHCg+s3KptdCqGvPBemZ8tDNa9grp2KHy3hpaoTZ74ipcuX
bBWaaMFVdypX3JwTwRxnh4ADXRNFqw6U+mlFCgdvPgX/QFDWqwa2udM7Cf+O/4Y3
ODNYTkwgCOzTtKrw85ZbySSdYiKuHmfjnKwe4HCAT74A3lW4BccFod+jM0PBRxRK
Agwu3jflMIX3ekSSdhMa+4EPql69x8z7JmtE7UI1hdzYoKmmi9UZDN7nrFye4GzN
xhODOkRzMt+nZ1iabIF+VhFqkaAy4dYIoi1bWafJFuMO/qFmSM8dyzhtKrNgWsBD
Bm1auxPbp+BpLI3PnHfRo+Z34IZ3nkLbctLapBXhuFHRiBrBKTOs0m8PZcQBZY6E
zoQ+e+k79DEh7JimwvJCBt/hO5mMcO1xPHxZKZLNGmk/4T/LBZn9d4UOHRw+VfwQ
1wGgFh1+sMU6FzgOsrWGB/QaP/5t5AoCGpJkVPjNfgWBy0HgFGwAlI815XTuecMX
5fl7SzoD6GurwBAStUwse3n++n+mViOyREcz4gY2cjUNQ1nfxuCF70qtBGTj6fTh
kFsrXJR7LpSVXNB6e5lnfZUFPJOZK1q6jUc7JEmJ9wjWzdeVsrF4Sh9vYnPr0UdZ
Fim1TpmIBajSslFk4LOdLtOVXdfUIEPmC8iVc8g0DN8KWWnEGdWxIpMHqzm/kU9p
GQfA8kVcK4A0Y1tLZPL+QvEjzjQATI0rMQwHbh88yXObAQE9BEEOvpTxCe1xNknv
8EQ91VsdpJQbcOz/ZEj2NW1Dh/TPgpiVGFMwBT8wk6ydc1ZahsQUrEZr0YeXRycK
nWzsuH4L/cI3xt6b9VTgWIvGhdd3T4j50EN+7/V4O95fDNWLfjAb5Ze9K0X8K0Hh
68oGbETHFHASubjVdCo34RhnNoB7ONrDzFavHlhNp1vutH0xjJMehMe3gFCkD5Bu
Hx+BaFNtMGH2uH7K04Ji4KqnPWl0KuNr0X38iWn/VXNT2OtemZFRPknuazMHy8LF
BK1rCxkIrJAAevuX9yZYUMrpnCb3Cux//FiJGtF4LYMx0UPLfRKA/J+DaRS6WZqP
MoYaSYIhaQ16cuAa5yNU63TwklTMLYSXf2IZjx1WLHm7bzBz7B9UfR28MlaPecuV
GXi2XoJdQ0Dpk3mHqYCjAolNQB68bQj34rbIlRtcz8AHhLsKPrNq+tlX3YoWHxbh
q9mFlkr3SzaMYJ7YQ20x2oPoERP8YAjU35J9SwKIBuLIpjK0mALoAjJXBvaW0/wd
wdfNZBtuMjfrfNsIJxYP0tVyKON5xuUJ+cRA0JLdU85898+l+4NGW7cN7ry58fgS
igToasVppuf/j2EEpX3mHu7Ze21lEnLzccL0jXgQxQN6Y7ISHsoS6kwTI7ZNoHdY
U/GjyZ1ExKeicvmo9xmOGWP/hC6HPXTg2ZgqAZ5HtLA7DP1nQ47Df45xKArixUz+
Ctl3eUW8e1EjJER9FttSDzLkjJK3QW/6bOrpddndQi336XC0i8QWoiqIrY6OIB8g
2HzbtLjLWGdssVzOJ4TARwcuXyid3zs8u/OASqUkQIYDW2ZL048ZGA29iL9JHMgZ
EOPArO5qz/669GW11UtWwu8sd/NHbcxNzKeg1gOcE2wmDH13yQSNxVJoyrIJDoVH
OrqguGGgJzF3KUt92whJevRPIZglKBB6WR5zy0BvjmSPaYolG8XFwI6VINDQossF
i2frB4z+zgLlScRLsAnKSBZhwFZFDbAk80EKJut5yPP+bQvJ4uPPG2WXS2/rFfvn
Iewi50DcpagPJdIdsfrhIEaWPyjOVgY3Q39xSn72eKtV5VCeSRp1P+c5zJHxoNEa
YH8gSvGmlIMmK1Lv2sCDEYosdF0OVoqh/AfyTU75cTV6dQyEZ67qqLmpvMnt2KKJ
zSDmThrHzZ3Z9MxUsphjtqfopHTheNPL9Crot73p5cOr1jQ/0sS4oKKZvlE4sBBc
89YdL4QyISua41C0eHoUKchFZxGUkX+DJka8VS4QckbhURZ0tdLZt1JQa2rZS1sw
9Q7sKPc/r4k735YwpmqO3V5u1EQ+aTVu/dEeET0hz/SJrDtUvL/SKnDbyzkXDnul
WfLaGQCchEA/jcedJhaKJV8ufgtu2jlhmW7L3Z6VZrGchIXURFwogf6wzDCXQZT3
OSCvHk0hef126FFv4sK4ACkqS4wuziMp5uQvaHEHrpvNAZwpMTf72iWNphMlzOd0
X4bWc01Mnq7GUxa0k0NWyt49dQve24FJQWFyiuuXjcvO7RztrQcqVpzCHajbMgvQ
6UPErPAEv4Wrc0NygF8HNHLI4Byp+kOoV7EyY31Jsua0VbCsEPwOeqUNBRav0SaE
1PWebZRLqHXmN4wRkKop6fcKTsqTLIw+AuGPJDdxhdag8MT/hXRU4yf641OtSc5A
DoxO/VgfJ2mZn+OUxWaG40cQA0awEAcJZJGakGaAEuKzLgbuwL5llJMTHNF15S2S
MwOiBZOGmvVSqsHV87oHcIfzYsgwVOZ1b9/QF4kFBaOr80kJ6YYKL+8YtKHxWeUd
zOAJK3jGFfBWs895NM6Rfs5EOzv/FNeG8z8bJMENqyoASVfVSZGvpRJ1dXItUoU1
6fLo7NrQ0L/daebF/k2NOs8ad1Eq17EFngIjJlHzmZAM0NLd/QFbQZStXkKxaI2H
lEo4qpRh29L7bh+udOvGI7Tueos9uUx9keoFYrRWYBeeA2YG8SCFnEIfNl26i3RX
ldgHNYMz+g4OJBMCfYLrMnsvFFqnRQ8Kn48QiR/KdZB3bXpdq5hLAFq9E6lzf7px
YAxu0XGNI66erDor7O1F8BgbiMJHP7R5XdGMDPEnsshpMZfTCaobMiduV25GNk5U
ydKYgAP/bIfMMSFZbCPfMFGIMTr7i9fl/mmXGlsWvmkI+CeZ0kXC2+y4XPCAPe4B
P2WFSMomif/N0LUL0dbnu3OM20LFmaUz/UhEXygw1FtkGnNlRsTbBBL9ag/bmJ+W
dTkoLNgU7FwjKBfJx21NAtVPk6UzrFm+lpTFhbM/uXEIwl1Nk8RxFMH6Q0kvted+
mlmYyGTLue45c0UwgzUGgYUdtEVQNOls0DGHq7apEESHayTVQHdmw0N/LG23kw2e
jk8SbSLGa32+egtEIempkfJtScuuBUBKj+LiZLXD6ulQdvcmdWcYJfOLpjBQni2y
sWV7I+ClCUvKIs6J8B99Ob+73T3CNK2+2gttCrZu4BHzziMrob3FDhEpAWqAsZgt
48+gOlcmpwofvxrPYQEeiIyS67mc4G1UtTOCwZ37oGnimJe3+PXh8JCU4jefWyiQ
dFN9T7sRpQInR7YXdebpj7ZXKfqj2+S0Y7JadNuKfLdSqTig83oRial9KcKVBChH
UlzoAv8gwiyuLSRAOA2fXMjxkx4VrDGCtaWK24yFsQMcTwJD8waiOkCjczpgRtKG
0vC4lONEHC0DF6s26abXLa8jbd9WtuB1L3DELVOGFOcaWXHu7gOsohbIwjS/VIG+
KK1/tAtTb8B8fE9HgtfylSjP4vcceTIzymduec6EGSh4C2zMnrx4nIYxbEkOTGWn
gmY5egiQF92rAdMTISvv+x79Ngxi8V2R5WT3f+nh9Fg+CgQWCSteup2gyLrVAn5V
X+RBKIEbsglgSdiCMH5Jwb/SaKs/fwkUof9F7w4XlzKwdng+0dEt/CAHQbd9TCDy
5nw8uHj4X3IbCc3BfW5ZkIypAgGVBzY+1SqWXXQ8xQnktUBn+Qkjdz6TkwdHBfaT
07C2+yfPD4SBOlJkkVJKwm/5OmGCCdv4wvZVQF/09vEMmqpjdYU828qJva36KOKM
QUttCv22P99/EHIdmafr9GAKjrOQOGTbRSev2eCgLMhv6k3+upz7L0ozC03KWZ/W
W9gXmLMFwn90n/7hcpnY2f8LZCsijQCDw1K3eWFu4tJvAV9VQ2Op6yUuaCoHARYT
FwFdeq/sZLXQ16ERgKiEzU6RitD9Jm/BABlVR5EGGs3qPLYlOWPiNfWF9/0Z52da
6Gknu3sLXdLGWKMv/E9u+kROpYChUnOYDZwN9+0CwuLYBIe7rFCmMlyCug1irKnL
3KKcK9IEpr01nuwYrFdQUTxQPfEwp8lWptEvaw745cklgZh3J9loBuq2g9/0VHLd
q9UeewoVuPJcwjdzxGDUtJ1MoeMoZagU7KAogt5L/OYVvF8D1MPDzoD5teS0fJRE
JBszYp3erYVmTIODc4pMWTilj2Hok1FGH2SyTWSI1MU1OacRurKOEVCypnVFKsfy
8VyZVWxVxvboqxlzWHXCNHY8IhRChOvz1DBKBb8PRP8cmqYnD44l1s++3bi9S4EF
AuF2qNTYTPykf5cDgGbqX3RwwQ+vvpYWMLZLldNVQe8ocezx8POBpU5ao6ykAYNE
N2rHifrOK4ADb3IDqMhQhZHfOLdQrzYIT8DdrcP5pNusN+9TG1ZS3LP20tJpqohA
7OX4SI6WjZK2gMuMxL3TsCOiLQ+vRlvsXLavdIBCaYUEYUgZtP336rl0K/3A+utu
d8pw6j4UrIGmDYzCWKhktqM2L03NWKGgVlSsD0IhOfJAfH9T+ZzusK608ut4U0+S
+f4Al9fS6yUkxX7NUPYcyxZhvPU1FO98Xo3SX7q9pZM5V5F0vQzB0fZhvZjUBsLD
mWBoeru9HNEo0N09NWXwBWKd+hcScJYk1nL0BP8KtpdmMnmdaylSKFjKcAeEEhWD
hOUwGiqF22B/cQZBEkcBwTAXQOIJvtAiPKOOaNssHoG+oMX6bDDbRoyTPIXOZASw
7qcPiX6t0zHhE+LIYttevaU3rE+d0atX4Gcrrk95pUoerQ/13Dcj3/CwDBGpwC2t
UKfWlTFOJ9f8l9SjnNbi2Nx9UdrHVmQ06TdFvTtp/t0QN8EkRmN520xC2Onlyjdp
GGlNPuINr2uE6YbyHfkIDjr0p/j8yN+EBwryQCDDW+3tYHjzFzicFQatsi/Ad/mu
VSlXIk4TrtVL06FfLdtuAc4Mjb+y6mzJtwArnhAl72H4hvQhg7Spx5f5IaKYYWhe
kFQUO1KJ05JB+YLrcwp1jbeE9IJa04+OTlq9gQV4FR6EGsIj+tmkBltYTFKKrJzF
QjDAMV0A2OoUAl/HovyFgSfesbL6tGBBR+GVV/VfE5Z4YzuFHMbY/DxKqU/a5UWD
BhSQeJtmDookV1N5QFrKJj8FqxQSAaYm7EZfMY+m7JY/jGdxRhVBUbfFKPXRtgIn
qjD4f/ATN9X9/fMJQBJ9KhcH2+r5ejGRiB2NfRIbw+lp2534p3asDB1syWVNKVrM
Jh+dJtJro4Sk62tlPK7kjCePosJ9LiyVfChSyaCw/29Mvr6BICqhAVsHUa4CT2eD
QvHBBto678EefRdc5p7ZGBGv/6A21VhFGfi/nRqhvc2wgUR6268wEgbRviED5AiB
rOxdbsSEnunV36LXGSE3KZ3o2S64ghQD/t5L2oQMo2LU+8OSiQ3ze70c/3bzBzsb
xQWoqk/DVWG0L4CiodsxpvELPlb8UdQWG8Y6r9rvP9PEW+to8NSzz9M+gG7NSQ4G
o8JrekUzukc3FEqrgiViynNqj+0dWQfYDm32jz1d8b+U755LnDrSVIG55nD29qp0
rEaprf8+/06rC8/wiI+8vhrs1gYxsPIyFgrCkJmoTrre7lmqbJosTxrn+uLy3Ir7
nSfi8ykIs4NpfFNFP+LAl0XLoZx9eUmz1rzFv8opKree8HipWs301QMkpTWudnqT
sCk222Ax4MNZZzy9p2OqglIWe90SdQOFc0T9igEgOGCe4pztrRJI7dkPFdTbTqIs
U7fXYLFAW8TlZ3Wzan/ZlG89gqG8KGmng/JAvGDCE4daqG3Ql0RPzkuTHo2PyvPL
5zuqi20wnzNDFegqqxICcQ8Z48lShBly78XfYeeOFUZmvaPgskKs/hNrBbb4rxVn
pRjek3m9zKWdsZx35OVs0YK8gegRBah97ThDbyeYyERp7lbPDV305vL3M52wlwfh
rP73rc56y/o7ghT8yi3u5jBX6HfIp2yRZ7sls1f4JRrnWoC7+Mwj6rDRfaGjOfPn
haKbS7ZNA6ILLMbmYAAZ7uKi9WW/S1SU6qFHQaKJME1UxuA1oRglCV3/zoPK5i+T
CQ+zqMclh80UBLuV/2+t8jDnNkf295HYvuBkr1il+dHXqeSPU04Tfx/+G96CCEkl
DuLYKiksXvL7+U9scGKYGWKzGlWCnmziTZFnfHHHsygzJxsJBQ+/dR3X/7hCEq3B
WBUyUfaQ0/nrZp6smeZyBwujs6fLdDtoqHWYurOtMBgqixYnyPF1eaLSwaSeDcHY
17rAWivAlO3KNJgxs4zpgvbVWxS4KXusvmZpXl47lNIHeYSo2IHTJgHylvhvifEz
9yE258CmBafMVFvYKcg25XkRShN4gbBhScsjqA9QRb0JaZWUYvmvI/wOcFpSeI0F
1C365r5Vw7dMvhlrOtjM6G+TAwlzV8h9psaOckApVza6YgqdcgaEpWSA4sRw8Zjp
dUSmE7ZEA9eBOMP0RPnRAnb19nPskBbbyifR+5pjXlYqRF+sxp+vvCY7rlf4jYCn
+Ksq0PSkveT+IgHZ32w2Y5k+wRE4X5KNhGioZlcd5t/Z4nUwcQBnHNZ3cbE+8RZB
ZuxyH+J0xgshDlj2mFLzH/PbcKsISYfjk+fM2n7CWGRmik+cE4I+xCM2G17+TTxw
j1ZKcMAy1uw1Rxxep2aEFAqo0D7deq5Ys6PghmNg/CrpxEXlAATynh3uDcIedS7l
uDDcL3MyJclPEmV658jk2OR/rUGOXVOUqhSsGNGQIl5Uus2+Iv6qNi4dVZki5yF1
XtnHG50MMtJnyu0vBVrMBSK+Gbg3bIUt2ZLY/LG9/xC9SJ+uWL82zOCpO/GhYjmv
MP4/dPzg5BsSkQ7QMF8SIiorFaTsidPPca3MgEep4BrAcPBZja89sb4L9w4k2bPc
DBeYiZzhCczg5gcsJvzM93a6bpr4mTt5eg+Lnu/xELmE7fnUg0f69TyHq4n+LtYg
QwvcxX38GVl1rhwWXgi6c4LWz4XbldhHiZIXQ4XsrkMEQrd+hNNKaf+LjPP3eZE2
YAAgjePvQ535IJXUEdhvXVcFkW0uHwpv/QuKk7yZSiNqHhmCYXxtYB9xsuINBn6P
C.3.18.1. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIITZQYJKoZIhvcNAQcCoIITVjCCE1ICAQExDTALBglghkgBZQMEAgEwggmOBgkq
hkiG9w0BBwGgggl/BIIJe01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nLWxlZ2FjeQ0KTWVz
c2FnZS1JRDoNCiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLXN0
cm9uZy1sZWdhY3lAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5l
eGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQs
IDIwIEZlYiAyMDIxIDEyOjEzOjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUg
TVVBIFZlcnNpb24gMS4wDQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91
dGVyOiBNZXNzYWdlLUlEOg0KIDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5q
ZWN0ZWQtc3Ryb25nLWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6IEZyb206IEFs
aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IFRvOiBCb2IgPGJv
YkBzbWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIw
MjEgMTI6MTM6MDIgLTA1MDANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVk
OyBib3VuZGFyeT0iODM4IjsgaHA9ImNpcGhlciINCg0KLS04MzgNCk1JTUUtVmVy
c2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsg
Ym91bmRhcnk9IjQ5ZiINCg0KLS00OWYNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5cGU6IHRleHQv
cGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3ktZGlzcGxheT0i
MSINCg0KU3ViamVjdDogc21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVk
LXN0cm9uZy1sZWdhY3kNCg0KVGhpcyBpcyB0aGUNCnNtaW1lLWVuYy1zaWduZWQt
Y29tcGxleC1pbmplY3RlZC1zdHJvbmctbGVnYWN5DQptZXNzYWdlLg0KDQpUaGlz
IGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVzaW5n
IFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBw
YXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGgg
YW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSW5q
ZWN0ZWQgSGVhZGVycyBoZWFkZXIgcHJvdGVjdGlvbg0Kc2NoZW1lIHdpdGggdGhl
IGhjcF9zdHJvbmcgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0aCBh
DQoiTGVnYWN5IERpc3BsYXkiIHBhcnQuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNt
aW1lLmV4YW1wbGUNCi0tNDlmDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1U
cmFuc2Zlci1FbmNvZGluZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7
IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSINCg0K
PGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPGRpdiBj
bGFzcz0iaGVhZGVyLXByb3RlY3Rpb24tbGVnYWN5LWRpc3BsYXkiPg0KPHByZT4N
ClN1YmplY3Q6IHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1zdHJv
bmctbGVnYWN5DQo8L3ByZT4NCjwvZGl2PjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nLWxlZ2FjeTwvYj4N
Cm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25l
ZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJv
dW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0
ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFj
aG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyIHByb3Rl
Y3Rpb24NCnNjaGVtZSB3aXRoIHRoZSBoY3Bfc3Ryb25nIEhlYWRlciBDb25maWRl
bnRpYWxpdHkgUG9saWN5IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0Ljwv
cD4NCjxwPjx0dD4tLSA8YnI+QWxpY2U8YnI+YWxpY2VAc21pbWUuZXhhbXBsZTwv
dHQ+PC9wPjwvYm9keT48L2h0bWw+DQotLTQ5Zi0tDQoNCi0tODM4DQpDb250ZW50
LVR5cGU6IGltYWdlL3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFz
ZTY0DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29B
QUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZU
T3hiQQ0KTUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNM
azY2c3FsVCt6dDljaWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVB
cmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFR
WjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tODM4LS0NCqCCB6Yw
ggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUA
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWU
nnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6F
UH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXy
CjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/
Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80
RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8w
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO
BgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8G
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB
AQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx
/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOO
oHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3
web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb
744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWd
NeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phq
zpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
QU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNl
IExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4
Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNf
CwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7
QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAe
LqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7
QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1z
Q1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAM
BgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYD
VR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syy
LR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0
WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6
BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzco
zmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukK
Yr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IP
kazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s
16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEB
MGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMT
KFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXnt
dX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqG
SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcxMzAyWjAvBgkqhkiG9w0B
CQQxIgQgdXpkUBkW662h/7bjcq98W6+pE7KHc7/Xj7ikZ7CBuwUwDQYJKoZIhvcN
AQEBBQAEggEAbnJxbsrHmM8Bb95L8OUbG0QODN0okrB64vfVM0i1DmEQvSySWeST
48IBOQsl19cZquno3UhBDsdHJn6fSOCT4mrjArqr5RGpPUkBL3vv0gZHz6pMKljX
Qd35VKkg81xpUTjPos8beajEPe9/+2fhJSBfY94nj58X1BWGLMTQUu3ynNR06Tpj
uOb7w+YUcfttup8nCfaGBvcmyr0WKlQOecWrbHR85G8eaaHsfx8idgYDvfuoKlRL
G4/s0mhiX5Z9ODToEZg8FKtl3Fw9BDRVIqxZe8fpWuCP+soy9YdgG6Vp3P24kc33
addRplMXgigvnNfDT+DT6kgpi31QvXbuRg==
C.3.18.2. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-strong-legacy
Message-ID:
 <smime-enc-signed-complex-injected-strong-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-injected-strong-legacy@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:13:02 -0500
Content-Type: multipart/mixed; boundary="838"; hp="cipher"

--838
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="49f"

--49f
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
 hp-legacy-display="1"

Subject: smime-enc-signed-complex-injected-strong-legacy

This is the
smime-enc-signed-complex-injected-strong-legacy
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy with a
"Legacy Display" part.

--
Alice
alice@smime.example
--49f
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
 hp-legacy-display="1"

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-enc-signed-complex-injected-strong-legacy
</pre>
</div><p>This is the
<b>smime-enc-signed-complex-injected-strong-legacy</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy with a
"Legacy Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--49f--

--838
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--838--

C.3.19. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10705 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6910 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 2482 bytes
   └┬╴multipart/mixed 2372 bytes
    ├┬╴multipart/alternative 1146 bytes
    │├─╴text/plain 382 bytes
    │└─╴text/html 480 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-complex-wrapped-minimal@example>
References: <smime-enc-signed-complex-wrapped-minimal@example>

MIIe3AYJKoZIhvcNAQcDoIIezTCCHskCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJRNvEcigh72oOJLXjEgxYpwmMd9BO0cIpwa
OtjO5ohnv6GodttcjaRmafiWVWxazuZvPCJWoQJs1YsdTXFdpTg0sutvuti5Yhxl
VGe775vfRavY4BieXoicQbwD9KX17NHsj4DKVs5U/dxTdS0tOxLjO3WGiN05yWG/
fPODumqT0vvmriLlMsLKgU2vMok0zCGYOUrLignQiII+EXqpd8HyXf+wBmsMOex1
eNkJshalnqwdnAg15qeEGNP0GhurdwEiD7MGuNZuGBxyP/pJulp+IgH4XJC40yIW
YZzkyGLuUTlEdPT0+2k2VL8dkUph91yIDPJamU+D5C+pYO7I1SowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAlyXY+AyQgiW2kIjcb8VCg7qK
E41kA+UC85VDPCH/W/boRlyi/bZrIq+rB1MFgrIEutwae0RpP0mCSGnd6MPosP0Y
DdnMCmAPcDHElREfMJU+7k9QBeZcIY4a4jZchkL4QQVJpKAH5ABYtZDvWudeYkEW
BA7A1bMuwbTfwXGxzvuuDvjbtd6il8BhlipCVHMtxdaZQBlmUGS4iGrx9hd0YCAy
zoz41p7eXMhkxDGMV1BoeKdWwzRhEK3fbufmkKPUQncaUu2+IEPKUIgxpPCzDwE/
ZERg6ginOUdFiDmRi0U1tmUJa+mNhG28pnaRS8M0z2CLj24YMnhpIT1kqAhmXjCC
G64GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHHst6PtsO3IoLJJ7jonI/GAghuA
2RND2fp+YMl2YG2vxHe/dv2vIeEiy6xk4kadcx+ARKdsb0q/pcd/nnNRxc9mJFpV
K9QneI0gq7+wYrQazNZMihAKiVBo3zvbyBbyD0jeimPQal5JU0ERWmkoLvg51bm8
hsGCCQxtoz+YDGiJtTyGJaGVos4XbHC+rrYFyTLonRQWGfBsvdG38F8Ao4I+hdzg
l0fPTnGT78afnz3QymMyDO8UbuFjHxF0KtzU2eW/wX6I9ncycq1JurZE1vRPN4EL
w/5v8+lyfWxIG39SnT1HStNQOW6I9UiEvW+eQy3owoq+iFNiZ3AVtHqgMSFNUDWG
tC5hZcHEqQx5pZ9nksiB/EORk4jze6q98EW3vZ3cnZmJruVZjwoy7eU3Rbl/p17o
gdE8F/2EOUX1XwjMQOfvzXckdeuCJlVE0f/2sLgzz1X2yh+OEgQNxR5CkjmS8uOa
pUOzmWQt9PgZMXmnnlD+FfLOh/aYKF7cN8uK9ZqdpxpwI8WBuVC6G+CEhW0MeGta
VB6n8/bCsNAgNQ+XSoAmhGyTY+f5bCYxd9p/GdDg9zHO7MLYE9OuKgJu6QevP8ns
M5yi3padgd0WQ4mtVsJq1H8N9ly5PVAuDrQhjih4i/sBy8lMLIKLZO7CmDsdCMvW
GanFhIaD0DuXtkG7n8U89OpkkU7CyBCn0w7su5C1V5PJ22TSY9RYkp4iobsC9FCq
t6BK+bQ6weCWHaGzF9up0vMIEIy4R7MfvsF8UN/e3UTbVjmQc72GJfXjpFZGG8IY
ljsWbrNRcRgf+MlsNhbDMIW/daWJ0Dz7IIQf43mgiUalV6C4u4UbgsLI7f6i2RaV
QPjWo5js+wqIl2iWBtDz2EcnmG3QfTl7CojrPD4gHJP0BKQQrTnThX77AF/JXOot
Ex1kHJ3SC1vev9kninP1PDLFoXag/k7PPjVyXAXtAzS9rLMHHdlz72dEztoJiv4R
57Kg/Cijy5vQv0NKWxRjxA4mXOErdWHdvrpNHvTI5BlbluD61S0coiXkyO4GoeN+
iKQqZ32B/nJ6BBu553ul8XMVbRb4NuuU0ZRW8f7ELEuO/09ZK2Id5BTOY5a26V9B
8RALHd6Oa9gn0pyUXRmSVC1R/5kE5heGwu2/jGI3Lwqr3v7pt1RqTkuLyz56qKW+
67BrJhS8Bmb56ersKmgKO6Nnz3LT5D48vFHLQ7yY5AFUoekI/WQjnF1+muyxvr7n
219vRRIF7btavqr64PMTApmc4mYvZI8Zej/PJXPXp5qu4HsxJx/xdnzwzN8z77r4
nSC4UTOLwNiPfQr7RiAckG4iWWLS+OIFotwDf4ZTRvnFmf8agOn8baKwmVu7tXK9
zRwXMHfKQPC+GrS0EIm8gaOUyNAMhm1oN+bq0uFE+J9777hpluJCJLj9fKPzvKhX
MngALfQidQsq78AITKo4ZtT8unxgzy7WaRjc8UKHC5cmGPTuBHWGwosmldF2LcAU
JIjuAc6IlqaoPYWsZGTGas3cyO0vsylNIsDe5AmndTe6UuqecOyfVYeDnjC92ElT
5rZUUUtF+gZgXqC2aTVbxz4gdzVwuNMyt1lt60XKPzsN7QgbeGNq+ym0vAAURgtc
tmM/C46d6fkYASzD8W2pg1ysc7Iu6S1Cxj//VrP4PjlDnsnvfeRDMs003l6vxA8Z
3pnDY71Qkwz/IglZIgW/uomRfpfYQvDPTMDxgWMvetkozJjf1DtSQsWhlcbHbFw4
ehSm8H9zR15P8iWnEjy9DiUbeCNlBvvGirZHV7KVxheMjKMb2bogNOQyx6Heo7Kr
jrvzQGlCkvmhMhmYTL1mZs2ClQJTliMT8K2Fn1gT5Mq24PxAisMv/ZwodL1YQFc8
b41lAfNZ6UOVexQxS0Ub3i8x3pz36Z0NyLyZ8UEchvoVTZr4ey+Py7yBk+mB7b4A
7P5nMuSlNAXtcSm3LSPuKca1Yx9dzpMpvyiNHBaD+vnlqZDjJqpJZjgDLz+Mj3GM
oKZzOmvcgqws+cF+//kIEQDKVFrp8Sz35KgNyicqraXNDru4M/+oFFCO6o7mNZQP
4sN9zVq4YhFQID8RjRFBNNr7n09v2e/tGywb0dZEPT/5My0ENDqiq2yN0pCxMRRP
nl69QVLoGydLJzg4YpXdXJtY9jHKoB60fS4Nfrdz80L0Rm1pRYBNTfP7N3MGLLTQ
wbczYeVkYs+JX5dQGOvm2wEPKRKDe0sUGYZpDuZN1odirhWOnb9soEtUGFOc7tsS
TZh91I4jgMOch75LR+kHDtjfQYfeRyYQfCq48A9OjacxYwO9F+yd//Npe8Apvess
tyVXnOeAqSWIiZqN9+vS/mlXcCyRjTBD+B0WxHSvEx6NwEXi4IFN40mwGZzwr/KP
h4lh4jLFDyr9FHDPDQX4m2cQMBEwCLB1a0rg9LQtqjAmlBkj8iJ2wLiDA5NO5mZn
h/pHM6QuMeelL2dmFBAaIvb+MZi8g55QEfGraC4Cc+D/cjzne4JoU4tRiE5+TJy9
qIsASjKW3PiSJ2mK66GrXeaSlbs91cTK+EF+eMrijHmF8z5yql28mrsicOCkRtcl
bX+IOsyyoN1euB27qxPd9OeLi1EE7sKzVFaBhGCEHba8uYwbmdk7VGT3fsydmq5l
CD22LhBJDDHUQ7sDb7h6ORaTniea3ckPZ6cfTpzxwAbT9sFwEGQh1j1wiekn0d+f
ekkWomFBgQQoLfPRBSw0qm+6GDx4/9OXeOaBEdvnfMwLIeWWt1Yy9Fkjp/ISX4D4
kJEnQkqeVXTTI0UE4FoAhhUSClHoexN3ztLYGsEdYPmHkt8Fu9kSK160AJM/Csyh
CumHeZDEsq9tGMcjuAMGQaqQGyH1B4BWy9KMSXQt8mzRZZ6mjS2S240aIVZWLO/x
Aobsti6OaG6zFo+7TcPsRy3oZQKSrxHCLC3fdAyMvIy4oZMWkObm24FHpcYjPz/s
qljHfnfGAhWk4A4/xE45TnrTFn1NFzWGshQRFqGxlvMFTGjJUXSxJb25F/VkB5lv
NmatEsoKMk7JjOdkmrtbPM5iYLk2QtqHyK9Mx1l7VUpFinTpEFo5lO7ZkE78u2TZ
wsCAwo4bHcFmcqn0AiUS8x5BJhgzL2pLUWzyfNWYfbc+vi2hlIekk6gsb+9vIHBP
XqLXVwnzj0eiNcltBRmK4ZK+h2Af0pyovreVXisilKAxk638XRUWG5QBgH0jUfNn
XfkQKU/ffJPFK2CGOjCGCAsT+y8uSu2yx9qreKo7auG/fHvfzW2qrE0kNaIeRD8z
VuxAVbHjBMRSxEIA8Boj5hOvaoTOtV8GpyuNq309JdXiajLvDxgF57RQF4TfgWFD
RodaOGKwM56eqVsM8EfCRaDt254I3j9ddMrpJRJCtnGlicsOdzx9apZiD3KRg46j
uzY7qJMiySJaL5kIhXh4+Fypfqqx8YWBl/8L6X5To1U2d4ON7X5aWhB9HR9WEjtA
W9mikaXWPJTNDfk4tJqsJr00LLOrdSovhJLVB/KGu57pwC/m/HztWylJVftd0TwG
MEfLHy7V52U86Ye2xCZW+qqKdusXFEzPa1sVqpxSZ8HWxKUe4S7fAMiJeNh/8x8g
XYvPpED8RejYjTd7NPipBo27SBPi177wbg78tLeLxg7p1Pfun/gLRvRfFpdZwzYN
aZz6fwKGEJ8cCh48BPkOD/bHUwWv6Hq8mFJ/7fTEeyCSaSyb5zC5Ec/TO6rWPe34
Z63qqfuVukW6jI1BT3oHXdqPkWf/QFyh8YykAgZH7DytNbewXTxxwEDYZleRJiHK
aYZNJHZM8Sg1VK8odWEFNBcuzJ9HoiLtLGjub7vcRogOR1sFIAocEVzKGIulo0dI
XWLQ3bXhXRZGUgZdrdkPr2OhdcumoqDT+5m7kqSXlp9LZtvWcQeKnx7kvfFPvoYK
Z4LsCnFZB+eR/r9S+zlnP+SUa83vlh4n5wB2qRDnSbMHKjfxIbi9ErXPONXxSXZx
VDYjsy1KrIwiBrCB01m6aReEZwCr5ymOCQQUIjfmN0IU//6vEVLlW5tdHMNcralH
3mqJGY5KOMaQcoM0qy/R2fgM5sN3aQ5iq3VC0c95HyIhLe7oUzxbYmjEPfl80UGz
hpvI31hv/qPXs1kgUcjm7HL+3mchltVZnYoRhL8gGdaUdy2VDlDOr0a26phtmqgZ
zX3Jfk2iO5CY4bpw46mwg2ND77AgQ8nOX6YHkCI6YwDRD6cqwkJW/t57GBWI25o6
29ffzCPmYn+0PpMLFtPwTblKrRBfhziHmC1HezBExgFyBtog5kzNW9lbq4ro2Ee1
TplNrlBzQrbB7JYqsrt5iJIk2E4Y+oDd3f/9lfqCW/iiVrSPJLJWo0G/tUdPcA5T
FMFYBHYjUou2cVJ1NbJHoTgkiOwOhWewdbaS7DGIFaMvXDoY7que/RB6zcUdRNyu
ZuRl7qcDJl3tEv4thzP/V/BGfiOiALrX0Ns/ipl9x1FCkB+CG0uJB/8+0gaaXUvn
RmZRJ9BANLccfXp902pT7lSSME2rAjrshIsVWGNoM7YwrMlFGEXtYnUR6jYJYHnP
wXBXu48mWzHPZX6P5uTfVzxZ9qIAsbsRpseG/vud6cbDnQtd0MkskgZN1pOS0bcf
RAlTzws9SLhgUIwn3Y4f1tbswnh83LBOiNgkz5RE+D7gLM104mDRbMtlXwl1BIbs
dCFzLZFCFe2bVbVIoXm6VupmXu7R+5V8H9oKJF1hH+Pg3csmdELioFL4ujWE4DNk
lPV0e8o4m4BPNxBU23ifPhg7/dQSQJoWfT38oUTZKVgASiI5D20M8iXkyUw99Z/6
h+y2VF6dq3U9T+BBW2kolzZLpoKsQGPFBhN4XN6FxzGwWUNCSCQGjUvoyWG2O82T
ki/LFbaA+71KbcfIXackMvI6d5oi+J3DM3pGRjpZg6m9VceokabJ0hVI7v7pnx9L
MRL9gqEv0oD/GhQTf1IWf74krAvEx9zFRPvnj1nb7bc7nYssTNbdXuf4Y+rdnrUh
QDTc+s+Ae9VGX88HYti+NhWj5kAgZbGzU4/+Ya4O0+jMUYA/qn0ZRCf+jTOEBVkS
/qTgg+ZTAEgQYk5duToOr5nb07danYra/+CITemCqXnWayQFF6R9CP/Ac2rJ+WJV
es9CIYfD4BrGP0opQSgOk/yJUflMkLC2b06CbF4CVqkA5oiVvlKMvBU1Q/kWrfdT
EIkpmxiDAsB045Ydg4HkDWxEXsCBPJa+fggTpC4OKxNlrbKq9rOMqs0tYnndwmw9
ugI93I12GbJRE8EgtnrNzASmOpP4HLHCRJjuTjTqp85xtbdtpdB3z9frpDHTqi95
iYMye1q09ZTfy8xj5+AqaovTZhseB2kAeCrniccPkGfoH7IB2Q5fpvxw3pYIA6bc
FLgTXSL/2yhc6SYFkYxfbul2C4/Q5xhO93QTcRWwd40qLmbmbQOvAepDd1UYbBFA
HFDFFD4X22vBd0qAvy3RG2tTdc5w6B3PYTaHTsdoDitvGX7fnnhRwIs6bhRPCYhi
s2xJTGCpg9QiS0VDGwu141X3WWvG64JKNr2HWXNWHWIaCROSulwYOtHhW5Ip0Xqt
Lwt/4tKEs7fykUI9flFzM1uRPoI++lwSrs+HY59EXiqOknSzxR9BcDSfMx8X/5rI
9GO2fBIO+rSTFAq+IGJ+Y9qYMS09M8GW8ctFaePlX/28P/clBW6bZUcRrTKx04JN
CPVIkxOrsAlX5/37ECJZZJ4fKkGT9c3+pGhUgmYpiq/TsSN+LTyoMo7BaYjJt+Ok
X5pzEXYyGnVExGZZD/GC10z+n3ZJBnRtlqk5Sq4/vySOli/7L/PGDNiFXGm1tmLq
2bgnObr2/T52abhQJvWo/Dh9ZpelfzJZ1Ta6gj85LgaZd7HE2Pj02sFaVhJn3isd
O4TahsjMlDtKUnEiQaSQ5nFvKRa8RcGjyb7ShY1JtkYkqtoe4LVKjCKUMXxSbUt1
xTAgJl/md4jQPdXGu91WYmNblDkPDMYXP3WVaoufjbhFVyjq1r2FJbE/WDb0mL0v
iwdH1O20li0XQ+vnFTOyJdXIJ0S6lI6fbvFytX/fPxLUP/pImMybyKvULj4CGaO8
GDGAuqLgrpmpt0diR/ZRxw/+YFkoLQA1oDrZuaYv7uS68oo5Hy+kzw48qhtzUWVE
wJDnB4XE7jKh/53Ga7acRUKhkDvRr7nQjdKw88tnqM7zwc2kKgmBamcqzHBvKrjh
Dpw6EpZOCErOPnA7zPekeQLnfsr7F4pAd8ir1TmTHmSeFxuqwseIPcfi4y9SbCoy
ejYP4vTPdlyP3XH3ACsL93oEZD3CRLm9q50k2qDhNnEr4GlDpY208LBwuWHnCkMp
Gpq7S4dVEHtOfi1A3OlX0TRpASEwDA7JSvPVNv0Lgcm77VajyYUK2Ekaty1geg7A
mKJSE1mN4iMfHgRuCFVw4FDzB6U+xKdKKw15GWWynrfo1QQAL3toExiyTn4UtYF0
2BusBqwUWXdMQeOYIdgkFBzaeKgdFN/RROzSugHfKjZWHTrA6pZGrm2XNZgjiIZz
b7hs0Q0bXplKeOMP594oAVAfU5gZOIdUnmfQu8/iH3J/794nNwG6UjKiPkSDLNt+
RobmKTwHFTMSu/PNhvJoI9bWPGTRZVQ3/FwETHUbxUm5bBD+ANFi/wCG48R7T93N
9lZzo1rakOnd0VPJReRW5vzBjCadOS/C4b+vaYWRMmtl4Izw4xYwAo++aZx7pEz/
wKuJeei9ghUMVOgmpua2s83FupexOeCvhUK1i7x1pHlUQCsMFRvOhbFs8rcEOjyb
hMoIlHbg+3r7FflNaK3nbe/eu+zz4reTQdnuomCBls4p/YUWIYbfdIpQkAzB1Do+
KMP11hhzwFbOCaionXB8cyWq2M1Dl1mAbqG4aZo6FWadF6RTnqVVc3Mr6Oye2kJR
2QSLJ8sunBtHC7vg4sGlosn9LIZHvoAOJDDFncdjWoCMI8Z0qi24YsBAcgSDrTnt
jFLoDKGWzvgBqvurqwXZ7Fx9Ej6SpU/4MEPjRW4U6Mq3nXRl2SYzg8n6ZdWFL4Vh
C0HkR84WYQu8lOZCf2GyE2NeHpFlsNyBnmvr4joa5ONqMqSXH4Qd1QXxiuoIw0Bs
Qm7v8VykNxJJsTiwEf5/BEKr8pylyAPUOYqeLVTjr961Fw0mysNCV6q+9SyHQihe
pHC63Ec6nX05nCUIbpuLFLMUH7EJG1YYOuYorINoQtxTsn9NNEA9N/pgVkr8rg4B
/BpByUTOjP96HK1pc4Y2qnHIGw2cTuW+UU9L4gs1MEL0I2K4aH7iPyWepeFOT38x
Tx7yqDBLKufsrN/UylcojFcGd9tnVKRhcvaAM0o6FN8nJOXEbwMW5WrVy2HYny4x
QVev8cq5JFs17TgqMjnSEzyQIjNvoQdjzOXHHB4Vm/2zpDxobKbeAKwVA3NLVVc7
6I/1zYspVH/YHz/moFGFZiWombVGCgGB6kvyY2m/j7brH7BuJ1zXgPbnoLJIZtsy
WaExUEi6divtnhdfqjyIh8M11UNDeZykHUJkliB5KG6cmHuJXAjaAVu6IKm9WS4Z
rVoYThIJ2fLTKSgoeA+011JSCuFE2xq8ZJeiD8iV6mJyuI2mrkbtSrmVBRLte9Bm
gHIrhZrUGXPU3AjQzyFo1o+iOI9C5bwdEkShEAPE2sy6CWbk6ojHqan6TjqK3R6e
92QYEkUbZOb2dF3KQlSnrYbMVvBIojcfXozdoZdMqdiVCjIOjLFckOdCmiUIqBFO
l6o2DG8EKy/N063L+5VNRDlEgPDpy/MCydDOQQwlgg2COxaN8thYDDsd1dIvvq3v
HX+tJjyHWIbPihdjK0jb1WMoAA5+DsD8Zvi/1CoLI36pKIfM5zrQr9eqYiZ28Gxc
5yJltlUNz6RXx3geHNYgKKjokWvDeCicDitKAGEJotldZCbYe4NFxfhuLfnz03Zb
a/FB4BGsfh7egY0mc1Wx98VUbu+EoKyViiYLIwsNjpDcwN9VuY/tvQG5UTo2JAxc
JxUweF9kN66W7u3PIMvob+MR8BJatxP8nXfc2RljCcrPvEdJA1fcq/H9EbU56tL+
4ZNAJqBJYx5K7dTGDGysKyKpymFh1JXQA+YxQZv2Gx8hyK3BtO6l5wv4YCg/KrMs
fI6TU17enVuoJlmqH2q24xaqxtHaP/bdWZNn2qdzFEp5Yejv8Dwf+9lnssDjMH/m
bN2kvy34ROz95rSiy2jSHFFgZ9RsAkOcuUKeMSovKgep8DdyWtNuy5FOp/8zBufK
fLwsn+onRFIB1/Tmq7j+sB5EEECUWZobJvQpCtRnTbFyjS7GvPPGDSduAedPKMic
Dy04NN8KYpYWpjeSFB81ky42zd1QJnuzK13cs1p50yGzHBBMbLw7a0r8+d+lawi8
w2TRoYvwOXsmiCUC5vuS7E2zTnyIrJYhaA8UL0xDgz9HdOcv3Dw09bkfxXNkFop3
u6HMjVUBKXAyYmMv4NhHdbKOfehqUGhHdpACw/4j/jGsgCnOuk/prixrf3d4+cnS
P5KlPychUdChPeqjiGGTeRS42ZFpdrbjUznDy1J7ojQZ24l5KukNz6ZyqF+lDFwW
jY5dbiVsmEYWVWv790hCUWcTFTgUAhK2YSTwXq/zolRN1i2UXiWige08bAzKtmfH
pzgm8wQD8wHhZXYw5FkY1q+yc945FvyNqgQlpcCHqU6dQ2jwUHbBn4HOec58TH8H
2fQ27oYWESXgp1DMs/Qb96f29i78ZdiBduzw2YvCbUIsRgSVCh0327Kn81umTmEz
E37rb3UPxxTouNQ20dfqQr9JpSQKC09Vf/Su2WI8Srs/KuKVpYHzbH7dYDMC4f0x
AATIdkhjEOddyIrQL0Q5XRoJBJfIxD0kf8w/0UlRYOpAj/G77DD61n2kIQE+lfgG
Eemllca5pdGXjCQAetKm1k13IkXV6FDCxg7u8n2vUot+l7wwupQhcPJmaxygKxY4
H64SLfaSmOKwYCLCZBAHaOvqLmISCYpDOM3D9vSQTI74MPNz/poVCP/LSF4vm5nz
fUCKjp+r824mJgMkQIH/kkgcf9Aw2YsqfLroit0fs+cBDGUy9cAMCm6iey/AyVSW
Q04FKs8W9Wg+k9hly2hnbMJjboY8bN8IHJWJO+1b4Xkmk8dNa2jeyXbIAdfuKoha
Q/jcC2MmXFL937yAmDTJyz4nAG95ZuOXTo0i1zWwgFdEwaY55xhZT7+HAXGRQtvK
5VAFGHH4le42tYDcuN6+p+s5C1iZvwLcAvZ/Y3BoaJDhuVsnwBF4zuUM0t5xVhxN
hi8jBmDtclxiKZYpoUeNmJSPXUTDBjV8eIjpa4+DMhaK2iB70O4q1pCS7O4b1rHG
/18e1q41YbNAOdz/t/59EhgxkGNx6b+QBnICmUMvWy8=
C.3.19.1. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIITnQYJKoZIhvcNAQcCoIITjjCCE4oCAQExDTALBglghkgBZQMEAgEwggnGBgkq
hkiG9w0BBwGgggm3BIIJs01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iZGM4
IgpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1taW5p
bWFsLXJlcGx5Ck1lc3NhZ2UtSUQ6CiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4
LXdyYXBwZWQtbWluaW1hbC1yZXBseUBleGFtcGxlPgpGcm9tOiBBbGljZSA8YWxp
Y2VAc21pbWUuZXhhbXBsZT4KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkRh
dGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTQ6MDIgLTA1MDAKVXNlci1BZ2VudDog
U2FtcGxlIE1VQSBWZXJzaW9uIDEuMApJbi1SZXBseS1UbzogPHNtaW1lLWVuYy1z
aWduZWQtY29tcGxleC13cmFwcGVkLW1pbmltYWxAZXhhbXBsZT4KUmVmZXJlbmNl
czogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC13cmFwcGVkLW1pbmltYWxAZXhh
bXBsZT4KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dCkhQLU91dGVyOiBNZXNzYWdl
LUlEOgogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC13cmFwcGVkLW1pbmltYWwt
cmVwbHlAZXhhbXBsZT4KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBzbWlt
ZS5leGFtcGxlPgpIUC1PdXRlcjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+
CkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjE0OjAyIC0wNTAw
CkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wCkhQ
LU91dGVyOgogSW4tUmVwbHktVG86IDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgt
d3JhcHBlZC1taW5pbWFsQGV4YW1wbGU+CkhQLU91dGVyOgogUmVmZXJlbmNlczog
PHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC13cmFwcGVkLW1pbmltYWxAZXhhbXBs
ZT4KCi0tZGM4Ck1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlwZTogbXVsdGlw
YXJ0L2FsdGVybmF0aXZlOyBib3VuZGFyeT0iZDE4IgoKLS1kMTgKQ29udGVudC1U
eXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSIKTUlNRS1WZXJzaW9u
OiAxLjAKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdAoKVGhpcyBpcyB0
aGUKc21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXdyYXBwZWQtbWluaW1hbC1yZXBs
eQptZXNzYWdlLgoKVGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01J
TUUgbWVzc2FnZSB1c2luZyBQS0NTIzcKZW52ZWxvcGVkRGF0YSBhcm91bmQgc2ln
bmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEKbXVsdGlwYXJ0L2FsdGVybmF0aXZl
IG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nCmF0dGFjaG1lbnQuIEl0
IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIgcHJvdGVjdGlvbiBzY2hl
bWUKd2l0aCB0aGUgaGNwX21pbmltYWwgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQ
b2xpY3kuCgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQotLWQxOApDb250
ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVy
c2lvbjogMS4wCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1s
PjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4KPHA+VGhpcyBpcyB0
aGUKPGI+c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXdyYXBwZWQtbWluaW1hbC1y
ZXBseTwvYj4KbWVzc2FnZS48L3A+CjxwPlRoaXMgaXMgYW4gZW5jcnlwdGVkIGFu
ZCBzaWduZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3CmVudmVsb3BlZERh
dGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhCm11bHRpcGFy
dC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwph
dHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHBy
b3RlY3Rpb24gc2NoZW1lCndpdGggdGhlIGhjcF9taW5pbWFsIEhlYWRlciBDb25m
aWRlbnRpYWxpdHkgUG9saWN5LjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIv
PmFsaWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPgotLWQx
OC0tCgotLWRjOApDb250ZW50LVR5cGU6IGltYWdlL3BuZwpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiBiYXNlNjQKQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l
CgppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFB
QUFjRWxFUVZSNDJ1VlRPeGJBCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3
aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oKc2dyemZjcVZNcEwy
am8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldN
L3VsaQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0KCi0tZGM4
LS0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZI
hvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv
BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
IBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKT
g8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidm
buZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmn
x4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL
7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zN
S2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUC
AwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
ATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsG
AQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeO
r83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcN
AQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgR
yOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x
9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmk
w1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0en
ITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6h
vrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/
QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1
NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE
AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQ
Ul5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evP
gP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryC
qeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqp
o1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRi
VokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV
HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh
bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0O
BBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko
ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25n
Y/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzE
f7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa
1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poI
ccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKyp
yQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYIC
ADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0B
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE0MDJaMC8G
CSqGSIb3DQEJBDEiBCBA8yY3O8ynRCFxJl3J/YMY/XT8pE/0W4lK3u+3tqvdijAN
BgkqhkiG9w0BAQEFAASCAQCKFPlDiBDnAW7HC5aJQ5TVJRRZTVXGY1BG2LCbc/O0
cz1wVgReATj2EPKCTxeWw5TuCoMyM3FsDkSeBgsOpi2d5E9+wEsxz0cAivMwl8Pf
cRFuQnhKhW5/KxQXY2g8TSutoZayOaHtEHINknQ/D8Qh/3h88/vHQoYtyR7dA2QH
16tnimhKUcOjdzfOA2OSOiF9lOs73U/XoQSMucto9BS5qHidDIqzMjUOutRbY+sB
zTnVDrKOqeHLtEy2NVlX6SqHoe5ER90ak9kyOtPYvv1zljRaj4DAz77sopw3Frfi
QHAD9XmaJqmuo+K+lHngStIGXBY0zTUfrd64yQYayGGd
C.3.19.2. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="dc8"
Subject: smime-enc-signed-complex-wrapped-minimal-reply
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-complex-wrapped-minimal@example>
References: <smime-enc-signed-complex-wrapped-minimal@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-wrapped-minimal-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:14:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer:
 In-Reply-To: <smime-enc-signed-complex-wrapped-minimal@example>
HP-Outer:
 References: <smime-enc-signed-complex-wrapped-minimal@example>

--dc8
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="d18"

--d18
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-wrapped-minimal-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example
--d18
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-wrapped-minimal-reply</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_minimal Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--d18--

--dc8
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--dc8--

C.3.20. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10685 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6890 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2395 bytes
   ├┬╴multipart/alternative 1150 bytes
   │├─╴text/plain 396 bytes
   │└─╴text/html 491 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-complex-injected-minimal@example>
References: <smime-enc-signed-complex-injected-minimal@example>

MIIezAYJKoZIhvcNAQcDoIIevTCCHrkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJCA6jmyLuEhegQCxi/O6QEbEX5u83paN0Sn
LAqt87TCt+dq050TtWy/8DV7G46tNqm9Hw2U8HTlsO/OMkCHAye4VSL0dndpjima
dQjNRVQCcENPZXlUsrsumflqJ0k1P2R68mnq3tkdlEWNUn2uoTSIEIgh3fHeqZAW
ABgNNnxL+Y8VAhd/Y42TixHsfEiQZn9z+SCWraMn8Fso0dTzB9Nw7ql1LuS80F1F
IsJzysNZqtlml3BMm8w0I1d38mZx9RVx/AUfm5qRTFIx9XWUezO4aLUpV6z2RqWw
NS8ILyTRb8sVPbDLLD8B67cHTEdU3/uRZzMbV6kawo57tWkmcpYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAXaEa1ByJzbhZxGxrFZ8ph1S
YODV/B7JKDVQoU2rdBJE0ILIc+cZlJL+LiMkUWZRtKlYvwk1ebqf1l+yA5YO2aC3
XQVh+5lh+qf8BGoJauS2aQKF3yd6OBvz7gYru7WX5kwiVREsjVVUO+EhYd61GhMX
c3xApE1lkCR7H4v+ndcs4Jvif4HuoxFGeBdfVFBvOWXjb9tFeVmMNlah0nnJdxxa
O7dbxW4KJeQEPo4vH7dy3L3nLZ1lpT+aFXI0BuUVLNmpQ6ZZRuNmRnDUKj4Ol9IW
A8ubxODg0C/n466bFi2IYJDD/IOAPfWhZzq0k4EjN+v938UVy7VcpLGcW4CfDTCC
G54GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJKYFPsK7rprsBMOkl+8Y6WAghtw
ohLT+5vAFU5H7hnggNj3jc9x/24554nDtzwphjxA5OjiotF8OYVIorUtSjBS9z85
7374sTE39mRhxHjyLRi3FGGSfOp4SgigMBkyr/zY+PN7ghJWsQKWoJXduRtAl4ti
h8Up04YIi9vBMzBwcLt2phzKeTLabhTXvP0NFW8MhYdn2Yl/isXm6dRPfkAbDz3e
6jlmIZlgnMZh2BTcoQ4A1Fzosk2hJ+J5CRRJE5R5rjfmLqM9066Y/1iEJUDEZYlA
ER7RO+s7aEqcl9FoJyl2N12gbrMEddRJv3szXaFYXZwsl0k7YQrX7GOFVhrIdxX0
ojeZ8GHQHHHT4znRUjiQSJLMci4Fh49lth6OkJ03Sbhs5A26uks4UEH8PJ6Q4Opk
y28mPq4RyfudC7Ml2RQ2J7MwdLRyfOA/qR3+ZJd6CTmhXdyNsXwy2mrsZwmGH482
yQlq/Btg9FhpSXqqedXfjBAMHrAJrolcC0GZA3xK5m7kwhuPkxJICHr/kDkLoprZ
+l9f4JBWUr79yIVw5Xhbfn/K3IRxkwnLn4L7Mea01RQJWJd1mskEfLRx3duQr2Il
dtoDGmDJSpF96nL9/fnKo1fJe7Hs1czErrY5e9qH4H0MM5zkyPmo3wI5NEmaLKiG
MugpUDsFWC9L82Q+6XmJbPd8I5Flk7qDdCUG4iuFrKWGuI6hcvajW6izLwuWzthZ
BxHHpYwMNIi/mn1mYDHsPsYMZBtqlj2qagHKI+895LnEAFwPrZYhfK6J7zhJlQHC
NQy5pKj8P9wk6uX7AkM6YC72wIagaEvl+E+iZ6QSEu9G4evkLFXj36jMizqFvX+Q
ZpJflplYOieSMoojBKEK9+BQ0bqa0pX5RB9U5yEHsBMyR22TkzCaUl8V4rT28r89
J5M9enpIAbFVEw2rvwbw4uWLvBDYhDC4FnFBIGg+mq1qPLbvfpi+OVMx2EDeWim7
1Adb8gyj13pvrcPEcGVHnBga4nKAJKji6J6pqJPIpLPxC7x6XzxFc3PcG4kgxB2F
CwfP7Zq7jwFrxj2Rl3YZbKoNKQGXCMPT3Zp/oYlXvGOZ+HblwdifQA3UNfy/S7QR
5F7GC9OjTs5HFZ1k2MPPR3NVOtS9XIRfFf1wnjzqP2HJeZnI4tGpF9+hTHCRmnN1
79W6r1VtoLflir7mfUfLZhMzARmT4/OqZISFHM7K6KV/t9D/ckGaC/AtYTXHJrjw
cYz5dUiS1vFxG2tnLmUs+4gF3DGVteYe7fifH7UV8x/y7WiWtCg5tGXZyyEo7UeN
2aShHDJc5qFl6JsyVj3neM03C2IDCPD0PhUEelA/RCIQ1jFtLjQbC6I41JmM1XfB
YdV/Jum5gRrVW3QSf95/XNQPOs3Wqaga76wPo1a6vvVyREoAwnH35ABvpEbEnd6k
cOPBBTu1SCxPGJhXfeKVNGYmEGwtypz+tv56Tr8sH2NwM05rZYJ1F6E8QJdM7HVU
9Z1A63PkJuB8aanVkQeI2G8Uv7CSfUEQS1LxhnexKDRqrrulyQspZcCTr4hT/crS
QIl780zihYhI7mx+VnzR1VvDnvswSQcV2ZzPqYctvVT+41eerrcag4yKwD84X2NB
GViRjhj1QMADP/NiuhvJOFbZdTYOCtsiOvGdDxQSasmlSDpRtNrBh2IcIjnZaoY7
hwxCaV9+bVCKg5bYgMmz0SkNyoglENQHKz+FxpsJdM8XQjjYzvHTFMVyflM0VNT+
I7hInkTvE+3aicbwZqVT8GwkJ1ptfqrxxc0vv/RhKNStWeRuy0WvqDIQDTJa53Z/
7stKPwTv80wIdYu2g31BGWMkxNuLuPKaWTxCgItTfQk4h10SVyvzR0zAf5NCip5o
wi2WBp63BRJ9CNO5yvan5pOK8fn8Y4a9gmH1YeCNHtTmedUIXQ9aT3p0bpYrVtvR
2P1MTbh1Dy56lKOv2U9QB1RcU+DvfHkUYsz8NntY+ff9Xg2H/Ae/PIklOA+IBXaO
eDUG+bYCzoZI1++fabgLY9Qx8OsTRm9/77ITgZsCAW33pjVZlUUsRZNVQxd0oDOK
SX48O1GX6eaVPZTiHk3L3SzKBffQ+vUzA0Rm9X+Jf3c8NRGwlWV1znJnpnvbyHNd
DBi6lc9e0Hz3RAmdRrgaANpzxIPjG0HbBNCZ+qtG025rX0VULNTIZF/FT1PwhU2C
GOPf9LEpGbTCV3toOGZxdMuj+708Pma1OeqdiAA8mjRBUoWBuuj31v808ANZcuy7
q+mQmBzn0F5K/22eDEb42omPE/Dp2qE2ixeHGbNipSpAC95I7MgKQQsPekMIHORz
GPYeyAK/nqsvCw1I0O1Rrz/UCAWd7+t/Tm512zOHqzfPnSORMCBlBv/DtFns0VBB
gPZmRwcM46e6/v1vl3PzeYDI0+FgV7QigIFdHzAhIrFz6LUwhXMHvEqcU79mgNwT
yIUhULX8n7PljCuWNEG1rTq1PqQva3m/36d/SZVJhjIA3kH0LGgctYUrJ/MAaS6V
ADINeIXzC2JlSvLvVpKZEfvmirw22sdhMhVYPD3LF8DiEFOQ03OhHkIikk4shiwS
fDdfVV1/HDP+uPZsz+5FXTKhbOxshqPReKoOAx2K5u9zQrkQOr3HhDw6T/ALmzuj
I4L3USxfJXabtS2OckUDaUrPjS93V5NniCQ60iRNVxZcP3Ert6LfsKbLrLxIwMJq
SIm8h8J7juyZJHnVB0lwWlyVuWbww76suXmm9ApyvhvJUSG+5i78F2xAYdqExiuj
QLFHJoQyNxXzXF6cVVBJckFUcigxWIC1/52Bo4c/JqKUmFqLmpG54EMnz2v7SNOc
rHRPaMZuv5sVUx50DWYyydbKudN1ZzXSQBSkp5Zt1rvpuroOZXHPZ8CEgPTloBGl
1DtP9mQ2iZLaDpcB06LpXpZ5W8vmtaLRcmkSGm0fbeEWjXrmYOHtbQYvjhgoQpRR
SWX/yko15pf9NCzXRDui8cNmPpoeg8rCqvnPEM+lorCrngetlp+IYAQ5RzUW4lAk
B/ZF7fOziHFvn8VJMpXQjgVzyRMwXcW8yVwQ2orymZUlaBbhvPcvPahe7l7Z4g1f
9gldLouGYxvZCjA3vG+tPFgGzwIGvy9h5p7epbhIJ8Mla8ZdFheC7gRIIii/JQaR
KCSs6WG5y9u6Ro/tzR/La4KO7TIHHH8MQFAZAqpqobQteXYn3wi4L6/RRnJKxCKl
yxAudDP8DM1Hc9uj3lJu8zgkxcp6EJsoz4yGFXRL//mEKye+zWQX5dTXFsz7AIWX
pIwk0lTioZ49qM5/5ZS48Yo8B4/UmbTVQb+KUBsixkMqon4ncRFQFzCBmIrMUOzf
BwotfhLoFGrYonwkiBoK1KIqhwtxYoY1219sAgLRQD7Z+vWpJXWgQy+R9ZQTG4Fm
wg8LOzqv3cmezOd8GDlzQHTKvYxgyeeDY/D0TDZiQTMNWRQ9XWnEP23Ho/giuwaB
HQ0Hxo6yFq052Y3IBnf6ptVGRA56RzxF48T/wO8gKatNsd4wDkLOzfDspc6bEx3/
WqJ7IZuzpDJ6r/N0tCYmudgZWM7vG2fuEeaHbxiYVprRGmDJeAzHpFK9/FZ+2LZL
vV+LD+52t0PnnljzcrtsCXTUvXSOlTz2MzXM84N8Sm8hoy+PoDjdD1NysETERm3n
4roRv38w7Qa4SjICgkJunjOT9ts2RqcDs2LGph+AMSfplaJI36v4CFK/XRDkx+9M
O3+VBb+mvoG9e72KvFobGm43Y9q0w6RqCAGaNlkYcBngr0cv5H9IcYehj/oxXOhn
KAuO2pspq9PNbQjSYGuT6i8cHEkIkJ9eyhKMukgYQqWrvPrEgc5bO2uFYXyNX1M+
jVv1ga8GwfnN5k4I0zyLkoJkWbtZwd7pg3bmsPegU1cKAfEwz5LyaqhUvO9klIem
2CPS+/jmDQUS5o4WDOpp5G94Ena22GE1P5wcKvizxYOXgT9jnheRHsUopjh7N+Rc
mbOSkf+gso3oDuk7LuPodtjDnRovmSBVESQBWW6MeTx8BUHKfuHU1vqTmtWrHAKn
xGWQ7AhEVsiFUZqzG1LeRygiLwWBFANwlKPcQXtXHad0fErQd1ENdcL4cbmo2PF0
LE9znUHqPXI2oJMaHTuDupzAZWWS+85rb+OtNeDHuLL/VcqYS40/7/UYI8ZyjS+G
mGxLr+FuAZ49uRL891CSQ0TKXCqzg8PFyC+/afFDShFl7QC2Z18ZVbwvrmIQs9/d
q2UYXm/RrIkubqxtyjvQzu1A7c307PWPcMNxDZuWVgzKFz37uXbnR4vp1xsoG4Ib
nxTv/IhGmlQCy4FmZyIwU5X3Mz7JUncceWG5yr4Dn4qVmr46VofPIT7zbWhFjM1q
6OiJIkVrKJRneV40rcyGcB8iD+tA5ItQpYLibDxCxLyYY6ItLeLRDTdLYHsA2d5y
Juj+iFDBrZLC8GyslklwBKQwA3XKdWfLdzsPtO4WRipQvNyll6Cqfwh3cyG25f4J
13OiGZtmZYKTDACaDnlV3r+j5kXnW8608vhBunLc16iwcYbCMRHnNme6D9TkpiQZ
a3D9g7Yz82neHDtwgCs3k9U/P5yHOp5Yp2OjmJhEBrrcOyx0mvr1ruKP+z0IpHQS
ns2e6bhmnWazT++IBlzF7Hrw+Rv75MVnA93b9KuVRPmoJCdKE4h2Y0WghJoyBgYF
mjOc8ixxtTwbvhA0ofPMkMkXIE5SdRrWK8on7OpXUDwdVyVp/IzHr27i8d/gN5Bo
Y2y2UnKCZnZoEQWXIxEQlqBa+BfM1L+ernDhR09/+rPb5ZehsvysxG6xWZgT9TSc
r1GttN553239iJqMvRojsm3PQcwdQwCFEkgeJeNKiytejUsjB2VKLbfC9Bq22795
QtrPzQXtOw4EZD4oxUac/dL6e9zubGsaS8PKG+MG2RFOF32On6XBKV/UVsatj0Fm
S1lC6rlyKTdbzcLzPv9DXacYP2ItB5uQGCUWypGC9X8TUJ4bTHER6h/iEgWKYxj7
FF0NLgN848W95rbBwcbltIQIvOtvV/7Ld76/hIiIFLIFgV804lG2eC4xVbKTHHSI
cqqdzuKJBjEu2B3ch2ULVExRNmK6TwULulx66lGbys1pc8rLa/ZAll+wnSr57PGe
7z4tUU77AwfQgXKidNXXEl40522voi9+983GhcWUlTpVHZHiHMFs5pqWd14mpX6w
bD6Mw+ewVjcmHbbnaouMujrhtyOe36Aj74GIM4kkDSBnZYC3U7u/8UkKaIqgTENH
bO/P5O3MDaE1CpAJV1pfgKidx2X6UTQ2mGRe70vsCcAebwJK8xLlWZDhIx5vnW1z
wnUqkoH5m4SlReyKxsw1fp9bwC8L+yJ9MBqOwYIfiPgAJRi/gJ2rAD0mBxH0259X
J1oQNhdMNAqQjsGPvz0pwXH72RoTonYLuHZc+T1nLSnQjuhlv8m/oCW1OzsV2i4T
1m0vW4r18Cg8tIxQoWOV1V599zjxc+f9OtctwoD7xKY+6KXp9sFdzpE2UxMpvBmE
lGuCVfKoPC7YD/i+RejmfVIxL841cfUNV2eTRGJUQHN4UwoMQaY6kwvipb3wVyEO
AfAPV4HK2pzSgVHX69cu+gsplhffe9fWWsRmPXG9XDVG1D53/3UxhDTzYTq9wKYc
OvBYJuWEBC6Jmqvx8l/qIFDJalxBHyVGRNfaguKjOyV2DW5lYSE5J23i6F1os0vF
UMWcW3pyB/OYwil35YLNguMypm6O0gL4pZ3u0Xmm2zfsTKgJIZYXDY8RZrq2bl/q
+Dw7qN9cgOlrAFEfArhj5jdw1mIamP1NXVE239zvbPU2CTC4ZEfMW2xALVN4a6SO
VtQ4OG4YBD8NNQdCShfTvrm6kjeyC0GiaE1NJQPGMwZ9kjWXmemhcdAlyjVeMRw7
WfkfNTGP2LUin2s4kT5HG9Snc4ZI9mUChJXme7SMVT7QzzDAKzfpiUgvISDqOYG4
31SH7pt32+QiCjClVKuwQ0l8Wg8We4Swm+GeeN/ZL3rqKrYv8Ct+MIMTuhzZ909D
YQccu9BkFZVCIuVRyYKkhPe+GSNdRG8RSlcjgyJW8T2TJcE/Go6ObmzSjoquT1Bq
CAK4JN3LrBwyfD/b4t+iWhEumq8j3duoFhs4/htqxbeEPxuqzR4c/TboZfGaZdXu
fxdC2HRQBJEX0WNrgK0CSi+6IwUTQ2MQxuJdYd2iZgRtTfAe0/lUJ6EGQZdO9S6H
KyeOrXsdarX04okagYv2MtoJ+T/P9aYMlrQzIKeN0vMG1xnnZGhsg/Y11paCkOsW
xRKPcMAnqgSHkZhH9WreyACfq1xFWBB9vq+6BqFI0tWWhiI9PeGVYi0X9SG+fNjk
F8DL373djWkgVEEQ1XR76mMJCL7e9B6+rsKUS/B+GtCPveC3gTqrPYSfer0vwNqm
XMOkz7D/YjElqeK5b5iGR2bycTRWiWGu1xAHVi4lhMxO9TXx2/ZvUPegdbBP9PbK
vjm0LJD9lOpNkH1AynhBNtOe/FUWz0dBS4Qq9D1Q5nAQ7NwjyOH6dJFTukwTNSC9
z6Tup0mnsZdb5i0G5v5zx/lp5iNXwdxksZm1l691OahM9ws12zYT51xZjrqNhDuA
qwotddJb3+2cObnvtcxNxeGkftT5+YfzjH45SYxlf0SN6yGOLVnSoNt/SSAyxQxK
H2PJWxKnb9nFHN6M8Wdk99HFbw2u+wvhmrLVwQi5TqxWlybPTC5hOSJjLHy1TaLU
LDuMHkZbRtOykn1ESwJ7lKpJ0OpRTPZBX1M8zEwBoyc+Htps2Njsfx3fVmK8QiDO
yOhJnhHSIa048BU1c9lQMB50AEr0UHI72nccLQX88JGywGlbO11DQ3egDwK/72mn
syCDIsQMsOEyw0PTGUFOfs6Tg4bs5yI+TYtEo01WMqEJDFU0IociZhZHUhIed/G7
N9yaTA17pnikx7Jfwf6ZgbFcsHIU+tDeHhtpH5IB7inTIC4uor7DyI+68R/vLNNg
6m8bYHD/sf374C2Y7GB4u/LQPSbjsQvgmVSxJjyi7bhFlGjaX5fhZWZ7Y63iLvK/
cUH2aDlA5BAJKVUE6kNWmPY3vTMLerFliwvjVjBR4sRMeoeQ12kun1yJ2Smjh8X3
YIff54HGdbTKMfGTQnsF20DwMBIlppimN0UsumJxJ1Z89xe7kirdvly/WsJe0A21
7GJ50NKdq3sJnM2/+1YSDotFf96mWAdlSyfZKSyHtWim7JiKEOqWfNLRJpA/ybp9
yYLoMvaIuPf0AJPZnkAOcaPnFm6Uf0wq8pik3icVHelieOI8QpThpgzxlOSQ+art
DwJfqPT/CdNAvsHAsXkT88nlcsJCm7AQT+p5WS2OdzpEB5bYlSSMX9R42NQaH6N/
HzdxkyYWfmr0Hh4wrJO22EYUeZhJXTqXpsZP/UmnYz6BVxpxptqsx60hC4LbN/Fg
bOeZmag29vTivko6nVmnwT3YjpTrNelW2FLdZf2XuD2y6WnRHd59VNrUQ/M1jadM
NpfGLbX/KQzL/vlDSy6k+/DRXGpvZGIGRfbqzg3ms7UguDO3jAckxchYotigrywM
ziuXAxZNDjY0k4+zvls+kZv7KuzJFKHAWa3flmJ+B+WENm6cmCoCGzpHS1mg8KIU
K8hA+i/OzEP0hQTQ48Cx5p+1iwf54JF+mU5KWqBjqK7DeLiKYAPK3RQYpwveMPNq
97LeJo5KAsqDH5H0NAREk3Sdd+60GEvYX39XZqv85aUzD2J6qxWw7HfRvgfNDgYt
1hHIcvPCMUsSDO3V/qNIrNyErbeFKHFQ+tZ+GfaGxsee3Gx5TMRDvu6v2kEQy3XL
kno0TQcEGyXIMhkQ/is3i86mIHmZQ0g+BCpNO9VKEdbvrW/MYcZLE8O5xISs88sF
dzZXfy2w+2vRCucSe8599EXL7XYwbMsRVZBEjc5aIRefycnBDu6LeyF0jRXZ3rY9
XNcoLBvxf5vH+tZvqoKzLcC28YgVHWYTHQ5fPCQyIfKQ3PZvVLT8aoO0G0UvUDcC
nyfieFrLcEz1WcLWWYH8mv+GF9nNri8q/3LONzzgzYyx5vcuoIaw8T7XS18ZH+tt
ujGFRhD1rO65jLMFkvyechnSsqmtFuluk61KXB3isli/dLT3Q8d0k1PxQXgWgbFz
URlOJI/aPM17/5l2PrtNNy8R0d4YEocGZVnkKPCST83V5/PuzLzhraBEqj4N3E1t
9vZkN3WDmP3EmVYMuNnEyUDY3lc0UyiSDz43Cj3+tDvO9yxe9sJ0HWoqYom5yo8h
7rbpCafSNGgPQX54uUo2rFLyV7QCZktmdgw/G8k03aU42DRJtzLsq7sSnP8/nKtF
4KLmOqmgKFgPfXlYs1CS/xBykBGBwWy1L3IeFcll5Oi1Te4elKqZlYb438ot2EKj
b85hOHVowFqOqrOeGHrqs4JoyohaTzJ/rtc8Mambih2KIuF6c+LU/CdqegqKZ8js
YYB07isI9EQ5K8fR1P5ZXY2V1Sdzy9wm0/TF03Nwpqr57SOC5D5VVN1H/d8K7kJy
Xi+poNzjOxQJwEiqaTZiLPy4HBykwhcDXp2U4aqqdCqTMk2FtaKBDTB45K0vrcSA
o6J2tZ/mYehBg7giclp+HTN5/vEtm2awtKi7u+a41tRJaYdu8hlZOH0jIqsPOH0v
pvZcznyJc6/kBvnMfRFx7VSEsExE54KpjULakSemRVhTTGugj+ozaSjJUsdUlqpj
iEEnlCuXPvwROrvoI7bcQdUjXL59gY9oUbqDPuyyVKlU64p1kKnWOLaEi+WBZbJW
YXqGv0dIf8nhR4fTwe3s/HZZlvL2so+nodxQPOQ09UEDRywCGNjGJmhgppMEvXT7
liyaUuRKUq6+ygfDC5wWiHUBNeCOmyjgtVH73PViX28hNXcutU6hrIqg+0UGo1g3
Ncw+IC9uY6OLo60VftqWaYGd+tHaCMKGQn4uex753m37R1qJF38s2zxMwuPmL0XZ
41ny7yPFgXtKbj41s+pFt5IbhBzTIzb72Q1phkbctumpdgiBPZK61iJHtZb50FT3
nWToJQN9/93WAniRb3obxqix711LqlyaWOXpRC4PATDm72vmxk40f71Pa4JYPvqa
gEK6m4z2G6MNIhA7Jrtk+3b67gSaBuljnlJ6BfEuPvjGErO3xzl87iDujTlmb3+d
PuNox9gfBIu7HYVgVATHh+/R9JjMu4p/4f2knEYGoEfTGpSROtS/gtGIxOgRl7NI
ZbxHA4+0WcWCDZhzpbCzWn+/oPUmwR9Clrwty5QG1IrTn3oP2maAaSM/XkXcOrKi
0YiQ1fr/nJJrZy+fbXQkeJBTpaVcLAhWbpJ7h5C9/PQta41iMZV2JUX/KlQp6u4P
uvNIJyRz9zJleFWR0bhdQQ==
C.3.20.1. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIITjAYJKoZIhvcNAQcCoIITfTCCE3kCAQExDTALBglghkgBZQMEAgEwggm1Bgkq
hkiG9w0BBwGgggmmBIIJok1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtbWluaW1hbC1yZXBseQ0KTWVz
c2FnZS1JRDoNCiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLW1p
bmltYWwtcmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5l
eGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQs
IDIwIEZlYiAyMDIxIDEyOjE1OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUg
TVVBIFZlcnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLWVuYy1zaWduZWQt
Y29tcGxleC1pbmplY3RlZC1taW5pbWFsQGV4YW1wbGU+DQpSZWZlcmVuY2VzOiA8
c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLW1pbmltYWxAZXhhbXBs
ZT4NCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6IE1lc3NhZ2Ut
SUQ6DQogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1taW5pbWFs
LXJlcGx5QGV4YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogQWxpY2UgPGFsaWNlQHNt
aW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1w
bGU+DQpIUC1PdXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjoxNTowMiAt
MDUwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAx
LjANCkhQLU91dGVyOiBJbi1SZXBseS1UbzoNCiA8c21pbWUtZW5jLXNpZ25lZC1j
b21wbGV4LWluamVjdGVkLW1pbmltYWxAZXhhbXBsZT4NCkhQLU91dGVyOg0KIFJl
ZmVyZW5jZXM6IDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtbWlu
aW1hbEBleGFtcGxlPg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7IGJv
dW5kYXJ5PSI3MzMiOyBocD0iY2lwaGVyIg0KDQotLTczMw0KTUlNRS1WZXJzaW9u
OiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBib3Vu
ZGFyeT0iYzQxIg0KDQotLWM0MQ0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBj
aGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRy
YW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMgdGhlDQpzbWltZS1lbmMt
c2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtbWluaW1hbC1yZXBseQ0KbWVzc2FnZS4N
Cg0KVGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01JTUUgbWVzc2Fn
ZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEu
ICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2Fn
ZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMg
dGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24NCnNjaGVtZSB3
aXRoIHRoZSBoY3BfbWluaW1hbCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGlj
eS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KLS1jNDENCkNv
bnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoN
CjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxwPlRo
aXMgaXMgdGhlDQo8Yj5zbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQt
bWluaW1hbC1yZXBseTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhbiBl
bmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcN
CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBp
cyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhl
YWRlcnMgaGVhZGVyIHByb3RlY3Rpb24NCnNjaGVtZSB3aXRoIHRoZSBoY3BfbWlu
aW1hbCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS48L3A+DQo8cD48dHQ+
LS0gPGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwv
Ym9keT48L2h0bWw+DQotLWM0MS0tDQoNCi0tNzMzDQpDb250ZW50LVR5cGU6IGlt
YWdlL3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250
ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVV
Z0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFn
UzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6
dDljaWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJ
aEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBw
ZDh3QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tNzMzLS0NCqCCB6YwggPPMIICt6AD
AgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
DzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVa
TC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse
2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgC
ReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqh
BwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/P
GeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0T
AQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxp
Y2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8E
BAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaA
FJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEy
nBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZV
jdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4z
E4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2
MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YS
HjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpA
r4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo
0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQW
l+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+
A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtw
s1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPP
dfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJL
OwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilq
kBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naI
s3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4
eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXR
n/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59
fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtB
iN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4
as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcxNTAyWjAvBgkqhkiG9w0BCQQxIgQg1LrD
KFP1UyH7cPB4nNGB9WTP0Qf3RpTIHh6bXWUboGYwDQYJKoZIhvcNAQEBBQAEggEA
KNKdgV7deVGMLwz1c7mylNoCuexazR5wKxAx66xbAeGfEHdcy5IpDiSdtxQ/Bupv
FWr4QPC+KqszKDD2KHiWRnZo8tSxgCrvPqlEWY+tICRfdfMf5xq9+FGNzSh144NM
VJw6+R3Bqr6/6WiIVqpwEI5O75prfM5qhPrkq6BovqQhiNemTtgrplQhkl52k5RB
7VlQJscR8vpq5lYF0QjyPMAzIZKGI7E8CS698f9D8pXZh+NiVFhRnkkGbiIRQuEC
msyMm3+F4O7PcI/TGIv9F94Ho2ok/1wgLoNR81QflvxekgKburTlQaFRINpW0Gmx
JT06nYXT5t7uaFvfd45qkQ==
C.3.20.2. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-minimal-reply
Message-ID:
 <smime-enc-signed-complex-injected-minimal-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-complex-injected-minimal@example>
References: <smime-enc-signed-complex-injected-minimal@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-injected-minimal-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:15:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To:
 <smime-enc-signed-complex-injected-minimal@example>
HP-Outer:
 References: <smime-enc-signed-complex-injected-minimal@example>
Content-Type: multipart/mixed; boundary="733"; hp="cipher"

--733
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="c41"

--c41
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-injected-minimal-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy.

--
Alice
alice@smime.example
--c41
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-injected-minimal-reply</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--c41--

--733
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--733--

C.3.21. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 11310 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 7356 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2725 bytes
   ├┬╴multipart/alternative 1443 bytes
   │├─╴text/plain 490 bytes
   │└─╴text/html 650 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-lgc-rpl@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
References:
 <smime-enc-signed-complex-injected-minimal-legacy@example>

MIIgnAYJKoZIhvcNAQcDoIIgjTCCIIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAD4BPh4nns/OwI/nzL5ooMNHhIVU0t+cvJlE
rIpvoi53CwPYYD/NKIKibmSgx5yQ+rQK25/y5rJcXeHxmS9czslS46vRMhO3aI2U
V6LnwHrfSn/FpbfgVSPtwsHCmQ+P1/lTwKxdsS6EbBEr61C2Yq68NKOzUB25USj6
UVtCyBDkIshFqFXVmykJMVb+ASQOUPOsEUtH3KZtqb85YV0+9WANQWf/mS3xSXM2
xONCw6z6/0tb8IALTWaF8Bm0I1SIUpXohYCeUkB4Idb9BBbz5vL/lk9WA3KPyVaD
fNz2yw6RRW3jCQ2DXE8v5IFiCEbKlVnRoKGnrN9JPxLTfbxpqgAwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmtxpv7uKeuAfhsEb6GKvRlt7
Rouf9bQ646sal5YY12V2ODjrf+uXz9I0uoCs2dZjCNADW+hmkWKSSa3s7sunMXxx
piE1lYBXQS8sKsvaKDRg2Yj22hIMfnKRy9t0kkBgMzJxn5Brktx4DnV47iypv5fT
Z9wmbd0kJJoN4KYIAfRGvgk3cnlRxDzyXW4vQV+298g+prLk1vGaJV6xi6/2Ihvg
ky6NABVuq4R077ePoz5fWuDwRojCKWzyFRKyYL+EqaM/wnj3mtwu1ixwIfRAEnpm
XxH9djEturLvcLzOX8Bsy43wBKdoNVD/BTP0RMWoc3ZOq02RJNaBK3zUSiN3YDCC
HW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELrp9ItTefiyQyyIPoW4DJWAgh1A
xbN4FMvAk/vLmopbtkYDYNS2ruA26neJtsAPr064LqTgNcQcAqgs3T7AMv2lboA1
9xa8dEweJJe6pTA79ecD09AEy7j8WhN7Qk8Z2yqkyXRKITeoKNb9SZjxiZ5z0PbI
8ngyZ4I3p40JUZN8MBmNOtKGhu9N+nwSF+yxNlOP/X0mKaarJz2ErqvntPkgnX8a
JKUJrBvyMi0mro9C8LbQbX4wVKai2WNos3IBQjZg/ud7ycDt9zKznGAPQIfVQGcR
5uzbqPGZDBmpYlFHs2Y6e2CW3k/j4quM4ccTBzlWKjc2Vxknwiq161RZMXQn6gzK
OoJhKcYtKQr+VIhmqgmiLXeXXBem4AXRKoBGVmyB4BS2LqvSHgnTyMasrn5k465a
8Dtdpwi3VYvIE/lK4znDafabF7v10ek1MbHAFSqyqb2Ca0eAJyCsEJLIveuXg0sG
WtoGSo0lWJTAVG87k2VLJ6Ip4K5BPXDHdbu8j/14Lp6CY7e+1t/grtlGeltpaO8W
AIlX58LSOZ0rV7AKwt6R+f89S94Rz4Gu+g+KJJHDWL3sFyl+N9HAoS8nd5cB00ue
soC1OlQkINMFbedZi4DvyV0xaUk+McjNPn7RTZG8phSSM8KDTcj6pmqsV6AV+h8M
sxl9nTf4mEMy8EHL7Mi/Wqu91wG80JvTYlBYTFMSsumrC6cCDSA0WVeIrH0bRXq1
tHsxCDjER/pBGpzxPEcPB856DRtVoRZur/gxdlN5cKWsP6jQYeHIsexaqPD8XxsK
1EOSlPjwBBURK5QUwgu9sq60cdC1kwK3wMs1LEHsL3fFJYqpvWCXBmF5rkT/KajX
28QJ6YN+yL/F22uUgHTtu3U9mkJvD6EIaf9bLnkxqsigDJqd/U+PQA0w86hZxLid
0helI0MarNp0WnmBJ8XdSD6swgYm5UuIEjNLqOkSr59dbdwrZUpZeX12LdWZzjf5
8iLKTa7Bz/nP/hRbMwM46FiPE13dNjh2VETkLDrVkUFNmiKxFiJu38ErfLAKVx94
/59abgm1w2gDc5TaI64i+Sp9EA3V+DgwH4BTVxU2DR+o8v2moBfpNNtrxpK+Kzdi
fq8dwlSdPgdZZVOJj8wt+LH5SXsepRjx+kT+VurgYRoKT0b5h6uU6c+U8PfpTOHg
OvDPXehIIVa3hEKL7AfNCvsbj7MJhBcCnxf+55QTpfDRmQ5bzA5xijGhtCMtmmxC
IQNJhc7vZAdwXr4/706NBcr1FvaYB7EVMXAucwh4txG37qXHYu/MAhqv2Qz4kbUF
ddfweZFvpE+eyv6/z4jvDqPnTlMlqrHC4tRd2au/3IZYK3mg91PR0NdbrA90JlAI
bGUZJE+GoO3nHUAzKHHX6kxooawCmT1NTnMB8VLncbA0QjLPmmWUuq/DXyVMLXu+
tzgcBkbhxjhSW0srHZEJtVKfLV3uy2vgDp9QCNdNLWK9PJ+/Tc24HMyhs7qCr0y9
KgXsQyerFp8wnprNqKurkgDCIgSpQ+TFvW3bG8kknmbtMbBetqnWeXsjQinZg0Ds
+D5GfmISbotwHzmIu3oI5aQTSGL8ZxJAbKSkW46IX5JtSvNlTwOcSqhq4JJKEsgr
gzVaeH4uRnAbLSm6rLdAvPiiIelJr1zCjaM/Mxavk3pTwsQQOkcV4Ql92vOurN+h
Md0WBjAz0FGt86zEbB/Ow0i5GW7BTdUIOcMsRMwpEyN9VOEyt5HIPgb8GighccOq
sd5Bz6CUEbqfgpMSa2wxAfwwBF8fNs5EaMHIn9M7PXT8Kra1tN+XVudUxsliKZ9Z
LfA1F4zYo8xQ7vVry7hRfP+WorHS+CpFRRCV1qQxSOJEaEWhI368EE1ZCaV4hgSw
P/2Dw2UsPjvkwghlkvdvkIYfovplO+WFAx2GJUY+cCcaDWdz0jKGNKzDqmMQiWr4
BLQbHkqGZRRGVUv+BHTl+DjwDNSL5YH70uaN7+YexVLSN788WaCY/nKXrIZO/1g/
yqGdjZ6ZbT6d40t0gkmIwOU1lLq2VgoCee4gD81KVWrvo6xnYuNFQVjEA4CxHZKA
hGWEjS9ReikWPJvuQDNai3715dCb7fpzaO3RPhzNQl5bXoDAKAk9R9rsACLmxySc
NiXhHSlwDrqpTDvoEmSQsiso0V0jMz1yyttW9hx/U5mHgQQRDvPK+v599EG1zRUo
YbeJE0NkJhk0hVQQsN4k87IXx2lqqq/p4hYUF1zCrW3XFqzZ6PDvcJpKkWZojKTC
1DBfNYqn5NCN7hXoIXDr31XGzja5Ij/aF0K8Uqr5Z3arRJ1FzFunauZEN+l4CiXZ
orR2wBD4sdetUNUag0O5I1Qp99+TEa+peYN9aWpKHAPSmX2YFtaK2UwkSHIwX1Mb
WIzafWFTunp5mBfKbpEzmdmeCsApmpzTOrjCag3sQBChmbFvUb60T7cnBLj6Fhia
tkS6L7LijzrcYNFPt+7oGYyvh7bGNW/ImjtLV1+E7/EdYuYoT3XYnd32O/NbpQDN
vHWfvmQ9d9NPREX+wnQEbh6QNazTUbtv0vUDYNuONQbwcOwoC123NooZkWSTVKA1
C87snmsRsinGD/Cr+amKDPw04s3NaGXX7sMUk4LykHlPxzvVrg7Frc00GPHsouT2
q66f96HqXpuN3H2OFSU/Z1BTokIt/bpobUwOgI/e0iSfi+s5MjNvGLL/Duv2UXm0
mrTLfgadT9ErEQtqwmTlC93BY3pGt0Rh6G9Acm0rRtNaIx26FB8nkqx4fApT7q42
pexFJQubLK7TS8QedO+PEEclUHBguGBDLi0Dz/1OfF2M4WQpHXk0yabqSDXgHk9Q
jlc17Oc9iMBiG4Okk0shgt6NY/Km0G+KmbFSm5fvjfBdgxH1kEWQ+xhhclOqFAsn
CV+GEZfKsdlknXj1npAeOJ2dMmO6BwruZmkGA4njpOMcinDC6TZFdcsF57DSoH+X
T5TkMP3MX4aQhi2DvmsUil0uU2yFMsaNFFKe4jqd2+3TMUqyegbVfWhxnwpZh316
zgs9hJNpvMUo/KbhdDfv45A5qZmGf0yUi/st3vDlcZcu0xsC9rEbps9A5dF3vHAN
Yk8t/230FQRT75mqjVXNBFdIsZ/h9I+XRfeQRLR7rl7jeTrIi7fM0NpGVlZ4SF4k
jiy/js6DZtwISh9JD/ifGrBQqaYIpPpFWjz/frLUvHJMvYaVmx+NwhY/dJ9mDfdg
BIABdKp9D6St3f+qUqoqu1VSrF8laiBHNX6h1yk5+ccYQsWcs6jyIh7xQZrNKj8N
dCT+4U83By5K30zL/M6i21wlbqPbJM4dQhmviLBVjT5SZauFPraDeMsG1QbWNz36
jGy4G1pIUFodGBUPKLgnq8sQlKFcOnglQUG7vZRYa5qcFJQo1gKeWh5Nv1g9PcPH
jOmddpCVfiAGg3hB8jtD3+I8NM4Xraxj1JfrsVO0EqA122bo9ZrWh8ETlx73pA8D
Vfu7X+clg6Cq754GIkFbPOzh0R8goyfwHOKc/hxMLB2oGnPiB2gT3hBr9l6uJHXy
nzJA7ISqqH5ib5H2ziksFT/9kR/ecCE68FyfduHetddepFD9oK2f7et3bfTHJKUp
0ZjZdLGfldk0+zZ5RdnNlmZOHF0dT528n+Jpr71lmMiYJZ00Y9NKa1xW4C8+lLFE
jcly/b5Ixn8CYRREiraGUBD2/WWIIQYxPg9de1ZAnVk7BDcxs/ANbMOtgpZaIYLj
x0lbtd5mFomfKJVfvwoOSCWGUTd0oPzryJZhMApqh5hUPpISCAttBcNzLXd1pQGh
WjClsTEZUNFe7APaGaxBW83wrvtNqcGwWnjF2FJwqyGaiyMRh7iVhn57QV0Lz1ot
la+/c1DeGJM+C/6tKEsxY/BrhNRRk/Weipz71TPad4IHU/G1TwKuMyfciH2qGWGs
PgD4vIu+246MpLMbq+S9nb2yRUvs3ahMhQlxs7+I3uwqPYaXEBowSfveW2Ws6uVv
QnyBWU59QT5yzgAKA+pQyylRWM5Rlyra4rgSlCqluAZaYB0uJougAuFC7QaFQSzY
9AwdxXCaL4gFsPQ5YMVFmTV4Kjev1wSx6GK3e7b0hzxTQkcEeF7ISI+GATIPeH2s
Wt0LDCFqOpjBFj0pE41JsOWICjE+X92xSfUZLwS/gMTCBt/iPeaW4MkjW7AGc5Ke
dHDQ/wBxfpq+TZtFyAXzc2qgSMnUBXTx01CqViWrRRpG5/SnDGdUFt2NaJgWDkva
xE4badgbkYobNPwoi4MrwclTlEN/SqXJgyf1/LLkp2sLYVN3E3GvZabp7UFkuiGB
r/xmBr8Klymfp8wZXtxgy+tapkpPJKEHJ9SdHwjVyH1LF27IYxUAIqIqLUDHek7d
amCB2y4G1rUmgJT34RF39dxMQTu0nt1IagadaNRE5XQxYiGBD+4gb8gZv3oPn7Gp
5z1y+fHliQ7CjScTJ30t4CWWh9nQpoLP9oUslinY9blkjWtTvDFitsKksOI6HRCN
aUzIwdiBCqCk+iGG5i6E8Gktxs8/t3oj7ck84msXV0ljQL698s7kN2SYgxyqEkpf
NzxsK/Gh0Oq2kegSCLNa3SlrQXai2pHQBFfx0sxL/Kzw8YwNif9JQ02HVFssxcfg
J/xBaCAAi8Jk1rJbrYL+ZrhfT2Ziqf6h/U9KUbIjY5FNQqAyOvukhyJc4i2+i813
N5uiJmnHUpCY8hgScCL71AdzqdamWHf4s/EzzhBLgY0wlxvlENdqhk7PZgfbJZ2N
ppoW9OGHnY+5PBhr6ivf/LpPDWNSNrff2iQRS4rA0Mn718pGy+7mo2Fn8Etq0zTt
0y0wz868okZrV3XGXnRJPK4rAMIvnphqzHXhNzlBR6RsCm37ZyU+XWsgDwwoHWG0
5iQjotCLBvKoO3mxW4vpFN5ZZ1OdaEHiIgFMN2eeIV+CFcvXTPJrHVuhfbe+0MW2
XifSNHBc39ECB4N9+w5kOq2vyARF5UNK0zOS91XUKlsv/td8N1b/PuLwDOzs8HBE
xjHb/qBItB2vdb8K1mQPXNTcCFBSDJJxBEvVc4YH5cqq7U4lfohiHvI/STf8eBnY
LB2XNW0oOt/YwZGGL0Kf6GlMJJOvbUSF4Ax2yPZk/6ULc1V6Va3EYPPRVmYL+ToB
O0M+fEuy7UaheUO2w9X40pg0QQKpWXTtiye+CPCBRwa6GiVI2NwykzeFPezQ2pM1
pIwQxYI3EtOlOcBS4/QS0yeOuzP/X6uY3Ic09ohuomunaHa4nCF4nnSddqBdpK4F
73J3fm6yTvgmQEinZ6hInizG2rEOeRfStTB9WXDlEsD15YtioiUTBKoQoyhNZUy6
/IaAjEvbNmk2RBlZAWBcz/8dOP1sAX+7gi9cK+cXVLreVdz4lGjIf0Dg/gGEOJVp
HGNuxNYDjjthLQb90Kcvd/oCQ6k0pA4xfdBBFBUNeqN8LEZ6gFeqAI0eSS1S/R/l
pah0xP81lH3DoZSbdHeUXL21I4kRlGUEcUd/Y6AdQoyf9yv/tx+ppB93AgCjCS/b
Gxn6DC1SV0IidlwhaK2kHZEIcVnbhN7kvuGVmEGwDIQb30fwPZP2GNlmYf8fLje3
qCm0qnK2rDn01fV2hDe99DCoKX5bK/BvUWjGy5AYsu6G7TNV5wPO3oSkngSDpbuv
QPbMg9H0BEoUDpdGMVcFiBltJKDLqj0Sk0QqU37du1LAkkYLzG5XEaV+aUzdVvIn
P+fszqU2ORgN276fgqfkO9HgM7Wpvmhi5hkL172SBS11PhLIpLFVOC8U2yhJnQaK
c3Pl6goUg9AlDUIU3FpPUf4++lhsjgM9G9X4eQhTEhE15OvF5K79FtqIlZUD1xY4
IYsrPry2nCfdbrbfVcYybX6kGLWnRV9H91k8Cz1WvxVyWaH7hxHn6xW0UzvOlFPc
84svl5aQ8vbtBuRv9nR9lYkBoDGdGdA6KGH6a00InZZBSMkpEW/9EMR9pvneOym4
Dv3E4Pvf+0f5/2JDmksptVmQWKWmDUgPPiYfUXyK9hPNkm4y/vui5R8KhNa5yNGv
M2O9VEevBIdkdq9T3/kzlbtUle08E6nE8gs5yXHWCKREifvQejFPyjIY9mFu6evC
ZlB3TKyjisHIwbfy3BDevJO584w4ZVllrv6Px+KsIYQaTd8czkcvqrLOt61ptO/M
ITXGoSr/Fq5RFGUCMoPmi27U9RVoxNEW0IT0nbvjKEzXOPWeqDCsnzMtTKrHpRrd
umWz5eFMux1CxKkjeYHBUK/Khpold6SbkiEJyYOdnKqcJmzYoqs4bxwMWpL+inbJ
4BJ8COpLpNzHwuWenS8YWc+nXNUVm5re0YOGKfyFYVK7PnpB0z5JqeLAnqy6HtpU
4THJhUNK3NaG+3d1BTH5mL7nUBjXwSC+fOKvg3Kfa+uBgt/4he1j0cZdrjit//nH
7R+G54F5Doo26TJl4grmac/PZ436+b+JGxeFCRMR/bbGR5hTatsKkjI0VlTE9ZG8
l46Clenc9u9yktZ6/MwJta1CKrS/AaebiGtm8zLe4+IU/fwJxAQBtFRsYrbBYgSp
m7YnRSDOAyx5Ewo2JXjXHlHRO5cpxyFak63hW7Xyryur03T8rxpFungQzzGbR79F
LTJxwhL4vSB0YcVNgrLLOdgXeHeWJNjqxsz61tOFEshO+ehhB9nSSqGIc5PVAeVx
uEhl+pju+3J/CTkhIcffI7u18n9c7h1w6axGPE7BrE/hGxvPATvsCjU14UKQRw1y
JOWFQwlkgwJoZEytDvhxdC+0Y+YfXl16Rosj2jPvkuFyoeMefqn91i1WlZ4DRxRR
bkGMb87Pb6bLJOnggH4fp2p1v2uyKdi7gnNGwtRUoENUrNqgG7RwSbOEebDSRsTe
4dsyC+ldXZWj2bOAWrbzhE3kGieXcrYadbGeE0k2D+ZwQ693T+muFtXSJ2U/dnG7
k2E3Y0dKYcIOr40q3lR5LpjDomeDA3lUBE9QE9K8JNJoct1VJzBJrvdKsvJAZfK+
nhgSPfLfEC4pWiphD9n8HsypkYt+MpKB34OX3d/MxNq/7fbXzlzQk2rHAOTFQ2c/
K4M8v4o25qqZlWJ505aImXthWyURU17FwK0VOfZu9DVXYscvtS5yFuUDVAPHTMXZ
WnUcIHT8tbkPY/fT4EYNKjDJ0wJ+yBBhiUMfDUW3rmNAfRYS4p22gL0al5hNRXbw
hGP9Jz1kBbUqw3cXEp+Ksn43L9cmwmxToMjgadpAj3uyVpeBNmgCget4A09y6w0O
6tGZMmrk5C9msk1i9pSdqp6Xw5HPqfLb90PYIhbh7hHZNDz/rlydAZXnxhJjwvP2
XSc2bCO7yiOACRJHj9lYJ3ugYI/qE9Ko3kpIcxu4rgtqm2sYUTSj7KINYqA6Dupw
ViJr8dUFKvs7ODrhCopoIxpxzqgN9vn+sYTq74TKRnp4w7oruOCdE2L8+jukMX8o
x5o6Kjlg7aFQbx3ULj2Tw+IiKp41m82qwP5KPFp75HlMEReh/SA5+fPWpZ2lu4iN
9Ppz/rtjHSlbyYwBde4g1eVsJk7GSkppDniQVUFMpK/ayhHdxigu1TF8H+GxcN2E
Q0YBe2GGe0K+Yteq/yBOPHCrd8yjOhfX+f2PtBbhPGQ+uf4pxI8fb6XsIu2vvK1L
EAmD/yQX5YKOL2QzzUp9deUORCr1SoEcZ53Hksea4E6/OygvXCe/8WywzpNKkqYx
jX1iQ6kva5yE7JZTnXSwPhEHELGwtxsFZZe1Cad4Cm+7KQneAqYwp+Un4wqqlOtc
GOdlAK1wY+LVvPU0Q6eAwL1Acdob6tx2XUXklp9QBw0jjuXzeKG4ZPVOG6aW9Aiz
qbH98mwB8zfhmtK/3PMBAKWWYP3cLX+oO4S8F+Pq27NgHJXfDsgh9H5I6yrB96vM
1nGNwc/DieKho97jUBr2wjw34EVcKVCdj6Q9sNq7ddc1xm61wrgfkdJTrsQ9xAfm
QH9vBg6SyeFsu6y0T0+JnOKUAVUWKr6/2xszUmP4X9Lp5h9nKW1mgLUCcVrTWOcc
Jrp0G3uA451gPu5YB2CK/Gb8qCjHif7b95HlCf84D+UwYluKVR4bwK9zjmqmsMyI
pEQXHGsOLqxkd4agdAj8aPN9Y6qYE7P1oRtH7I2mZEYpC5XB1J1GR6vsDVj//Yof
NB8wogfD9DB63xR0fQFFbiYpoZgQvU3b6hk1vzSSZr7EYdTFQeXnZIH5dXdzML87
9oPkn8Smp0HNlkARP9+nrA9uuyB64ohB0GKNioqOUIE/IT7KG6SrXWkL2DlCeQ0D
sEKsVWY1xfiTWdU8YglYrwmhJ6bOK2KiM8IRGs9I7z6mfsGGE8+mzd9CIudOaMzN
EEwITEeyxqRDBnnPekQPJ2u1672TdabcQ7B+vY0nciGzdHtJDG56MFmUpx/Tsf3G
H7lWNgN/kE2iXCFRbfVsg8K1cwT4oUl68e14fvD7NM6vu1ScEXopfUD8Z5N1b9aq
OKWzEcItZsF/lQnBa8YSpQ8aiy9V9XZWw4XoKwSi8k3d5p4B1TCAOHs8mj2D0dXP
TdDjlLTcuKqLfORUEXuez0s48x/f0uRAMViK4clbjEaLx+96U6OibMZHZ5LTYKvW
2T5oD5rStSlLPzLSfSnR1paYDHp5XElt4Ub31W731/mH2juiloYni/ezMbvVxv+n
rors2Coho/cp3qMmF7Ev3xUoxUaAMmqwSuk4x5iku5lM2LXRIaZw8ydyuOJn3C8O
N0ZHaNsHJNL3WgjkHX+Mnpak5I4MszqL5J1rmZRZr+VN0bGm5ttjYODAORK9EPhl
3h3/GD7moAEWpZeoF+ea0LRsuGc2m4wnHr2Xyhy2JsQKrQNgDcCr0Acw3Xch5XPO
BMpDe7jjtZpkPeYbeJCc0kfkaRVno9lFamQoTX0qAeO2zAsqHhDmQ+PTSqXaJPeV
g4+6GE9CCmbJgw2fcvBr5nRaCVB3x2C1w337rCTKHSKtjwOvQwQ0/Yfe+Z83PiNO
RSg3dhz8H3J9JnheNP82CRRof4ZpHDSTyr+goXvD8IF4+E4xUrc77XjOvZvfUt8g
ghVFPC2jvixN43502rK2ekqwy808wTniGk4Druq+SYMXeufbv5WduQ5Atul/JNxB
uQyBvT5rc7QVADVhS0coZnNdRkT5lTe9zdQ2yAn3jq14TVj6jZx0TvUUvSjeeIkZ
Bigkuza/6XkeOx0V+7oFZGayEQaV/WQzmT0ODvYG40ou2hrI4pAEC8BttSyfYoxO
yCxsFt82xH2DSBJ3AGjlGFngRW7oKXFNhUsONPZT+PKaDnfxekwl6DaT95CIPa8z
7My6eY6CtB8y4kholqH65L6oKeFO0fjyriObfmDpoqL6dQApTNGHQqql0BL0BW2W
ssy0rb0h5EPLzI2GxWSYSnivPq4yBPVaF3rfGuwfk8Hivrat8Vrtiw/6vsI67QlD
cvKqXvXiJxjuz8C12Q68ndWKdk8pD0psDt0BMi65TELiHinwsek04+M8wXD/pdCE
lgM9lABLiQDfZpMnJgC/ozkFI/3/5QS3gu5+OPWdLckXPVViHDVIhj69f5hQ0cSj
jRJ/CgIIF5Px87fmRyQ0+ktuwXYu532lHf18Wt6dXVBu2hJBU1wny+dsCP6Yu2Zh
tCFrmv0iC6dXufu27Zz4/ieu5VO4UHTv+GLCsbC+gZb5YmXuWOVHEcjQRy3CV+p0
QccPBgT9jNyaoskTEwJPFRJKEV70UU4VOKp+Tc1u931eVBEL/W5M0okFfBqyFuFu
B//w2NQNhrfb636qE3gCV9ccNNabbHp8Gr77nY/tfD333Za5iWGq6f++NrIaUudC
/8oRWCpy0bmuxwnYMMSgPUoF9G8WlUvjCP/AY82+dQ2r5TLeFTPswNi06EAjLxLu
VDCfw9y6VSOYYm404LmKdx5QC+1h20jSg5ieE52EhGTEeY141y60vLPK+2/3O5TE
bfni4LNh8k5umB8u06c/BzsYGknq0GUrKAoZMV/UtGk6Cf3i0UVl8PBn7yXg3hRG
C.3.21.1. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIU4QYJKoZIhvcNAQcCoIIU0jCCFM4CAQExDTALBglghkgBZQMEAgEwggsKBgkq
hkiG9w0BBwGgggr7BIIK901JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtbWluaW1hbC1sZ2MtcnBsDQpN
ZXNzYWdlLUlEOg0KIDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQt
bWluaW1hbC1sZ2MtcnBsQGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21p
bWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTog
U2F0LCAyMCBGZWIgMjAyMSAxMjoxNjowMiAtMDUwMA0KVXNlci1BZ2VudDogU2Ft
cGxlIE1VQSBWZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86DQogPHNtaW1lLWVuYy1z
aWduZWQtY29tcGxleC1pbmplY3RlZC1taW5pbWFsLWxlZ2FjeUBleGFtcGxlPg0K
UmVmZXJlbmNlczoNCiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVk
LW1pbmltYWwtbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDogWy4u
Ll0NCkhQLU91dGVyOiBNZXNzYWdlLUlEOg0KIDxzbWltZS1lbmMtc2lnbmVkLWNv
bXBsZXgtaW5qZWN0ZWQtbWluaW1hbC1sZ2MtcnBsQGV4YW1wbGU+DQpIUC1PdXRl
cjogRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjog
VG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogRGF0ZTogU2F0
LCAyMCBGZWIgMjAyMSAxMjoxNjowMiAtMDUwMA0KSFAtT3V0ZXI6IFVzZXItQWdl
bnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBJbi1SZXBseS1U
bzoNCiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLW1pbmltYWwt
bGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjogUmVmZXJlbmNlczoNCiA8c21pbWUt
ZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLW1pbmltYWwtbGVnYWN5QGV4YW1w
bGU+DQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9Ijlh
YSI7IGhwPSJjaXBoZXIiDQoNCi0tOWFhDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSIyZjMi
DQoNCi0tMmYzDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0
PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNClN1YmplY3Q6
IHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1taW5pbWFsLWxnYy1y
cGwNCg0KVGhpcyBpcyB0aGUNCnNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmpl
Y3RlZC1taW5pbWFsLWxnYy1ycGwNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYW4gZW5j
cnlwdGVkIGFuZCBzaWduZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFk
ZXJzIGhlYWRlciBwcm90ZWN0aW9uDQpzY2hlbWUgd2l0aCB0aGUgaGNwX21pbmlt
YWwgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0aCBhDQoiTGVnYWN5
IERpc3BsYXkiIHBhcnQuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCi0tMmYzDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9
InVzLWFzY2lpIjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSINCg0KPGh0bWw+PGhl
YWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPGRpdiBjbGFzcz0iaGVh
ZGVyLXByb3RlY3Rpb24tbGVnYWN5LWRpc3BsYXkiPg0KPHByZT4NClN1YmplY3Q6
IHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1taW5pbWFsLWxnYy1y
cGwNCjwvcHJlPg0KPC9kaXY+PHA+VGhpcyBpcyB0aGUNCjxiPnNtaW1lLWVuYy1z
aWduZWQtY29tcGxleC1pbmplY3RlZC1taW5pbWFsLWxnYy1ycGw8L2I+DQptZXNz
YWdlLjwvcD4NCjxwPlRoaXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWduZWQgUy9N
SU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBz
aWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVybmF0
aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2htZW50
LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90ZWN0aW9u
DQpzY2hlbWUgd2l0aCB0aGUgaGNwX21pbmltYWwgSGVhZGVyIENvbmZpZGVudGlh
bGl0eSBQb2xpY3kgd2l0aCBhDQoiTGVnYWN5IERpc3BsYXkiIHBhcnQuPC9wPg0K
PHA+PHR0Pi0tIDxicj5BbGljZTxicj5hbGljZUBzbWltZS5leGFtcGxlPC90dD48
L3A+PC9ib2R5PjwvaHRtbD4NCi0tMmYzLS0NCg0KLS05YWENCkNvbnRlbnQtVHlw
ZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQN
CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFO
U1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJB
DQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz
cWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytP
bkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtE
RDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS05YWEtLQ0KoIIHpjCCA88w
ggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3
jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLY
Yy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dP
zZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5k
sKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5Deo
ULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAM
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJ
eKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30i
LrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc
9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94
M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCq
h64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOU
Rza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnX
MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92
ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2a
f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z
34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4
xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3
vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3
SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCG
SAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUE
DDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYS
HJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0G
CSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sY
onX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3p
dpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqD
IdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9
iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyH
AVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kp
olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE2MDJaMC8GCSqGSIb3DQEJBDEi
BCBRjes+Sq3Fo+aEDJAZ4AtCykBh2dTnuhw5Qlll5NdDcDANBgkqhkiG9w0BAQEF
AASCAQCK+89Ka7ae4NVDdTvYwXbID8oaPTGt7234OGuH59NkM/fLhKcn2Kd+LtFk
5nrEI3Tp3bXxj2I1wH19DFrzzAOV/I7h6L14HFiMvIdi471KmI/W7cJ3O5ouZxgy
ZDO7nRDsdA5wkFyRh4dzEKiuEWJ5Xsw9wDEHDcq/ZG/L6J+8eoEXj9vJZSWPAgbk
VHfv1OCF6PXrErSWTar4UpUvgqtGXHhb2WPjIsar606cBvZkqef7HU55zeiOf426
+XEW5a+IG2b7xjffdDLY8eHfQ+N5ks4CB0El8bUewjlDUOQlrukO5qA6LW5T3gkn
Wf6oKm9gqdNhIxStvwihTii7HJL2
C.3.21.2. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-minimal-lgc-rpl
Message-ID:
 <smime-enc-signed-complex-injected-minimal-lgc-rpl@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
References:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-injected-minimal-lgc-rpl@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:16:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
HP-Outer: References:
 <smime-enc-signed-complex-injected-minimal-legacy@example>
Content-Type: multipart/mixed; boundary="9aa"; hp="cipher"

--9aa
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="2f3"

--2f3
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
 hp-legacy-display="1"

Subject: smime-enc-signed-complex-injected-minimal-lgc-rpl

This is the
smime-enc-signed-complex-injected-minimal-lgc-rpl
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy with a
"Legacy Display" part.

--
Alice
alice@smime.example
--2f3
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
 hp-legacy-display="1"

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-enc-signed-complex-injected-minimal-lgc-rpl
</pre>
</div><p>This is the
<b>smime-enc-signed-complex-injected-minimal-lgc-rpl</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_minimal Header Confidentiality Policy with a
"Legacy Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--2f3--

--9aa
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--9aa--

C.3.22. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10335 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6634 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 2277 bytes
   └┬╴multipart/mixed 2167 bytes
    ├┬╴multipart/alternative 1142 bytes
    │├─╴text/plain 380 bytes
    │└─╴text/html 478 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500

MIIdzAYJKoZIhvcNAQcDoIIdvTCCHbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAA/5lrL4kmebJpSEzLmG2eAxf00A32ZCqSb/
4tZx8rN3sjyrgsuWkmPTcLJq8ue9QTSvExXE+E9IItSXSpjDHlJyI5ip1is1A8+c
C23b+UdTyqg7AFYmpeBYF9r3NcJyEiiP1ePOSQXiJUDFSCyW9R5aQvn7EdPuvdwN
o24WkvUT197woB21b+EaRqj90YA3fKIh6IP9zW2dUjWymoopWl2M5lHpLI1nstQH
NL3SbD2AcMJYlxjihno+Ebn82yJx0QNM6h7dccTvg0K97ZV3+hQBJ+r/A9TXYheB
R7flkF0RNRH8sBl3qMAdUCqEjmSqlsZ8F7vrWj6y4lLr0TWY8i0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhbToqdixQDzsFZ2CSALrfLQe
TurTZSbd9KaS/mD8AvMtxw2q6bMFvQdVfgLF4vsDzeJkCIEAptD+TgGQjZwYadji
wo6qCGizJw19Sd32kxLBg1ppuJiJM/W6bkuT7MCSceTEGMwaKdbubZmDqPu2y+oe
W+UCqE3RgLQQ6bcFDP0ySZ5bqBeqLgdf1+zrDfel4pq45UrJ/xdJlE+MPj8Hhqlo
z0Owwmplxs9HLWbHjpLNElgEAM9P0yK/sIAbZwmwsLF6DPCYIliuAFv7w42mijyD
0HEN+GLzgDSEajcRnKNb515DizxL9lk43wWXbUoa6VojZajlWPGNl1x26zEN6zCC
Gp4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOWqHtqFS+EG53aet9QZShuAghpw
z3UHMbDcUIEau5B85UP4YdH/6MRqPeWx1XEFMo0XPR4Xai32doqjqAl6R/6nXneF
Of1q76QlzTnwjbLFaUzxD2bh/AslgZPC0Bo2fCLwVdSaXqpXe/IEtezz00SnmLdE
S0OVcQFlQxUq0VwA9wSkd7Bx/ThDnkllDd9Ul+c9HQydQfQ8+JmT5TcCVkPtPjf2
VD1KjDVN49YNkyjILZKrAObZWKByehaqW045x9GiwRm2pFINyTROF1uIh5gkqFlb
iMlZUjMjdD8ef1pGfwA9ONVqrOlx3pf0ljrDtV0duyzw3gTgUpuMsSdftIWSyhhT
GwrC2w6Am4ynncrjy4TD9rF1kmw7p1onM97if3NVuCpGQm3FiZprecI1aysXrIyY
nAPtTwfyEQ5hPDnVRHOLk5IM8hWIz+6eDM6mo0A0EJP9H5MShlYdAdsDoCmLWcKB
uB7ELbDlX+HCVqxq3spQM2YxgfkZz3pQtS87imV09LSGwZdsK2TkhG6YoPoRR+t4
3LAQX/zJJQygWUH5Bilyp/jaUEZNTS2kzm2IQ5Lfd3Z/U/mJs1yM+G2ScT/5QX1K
YU0VzldGwLAyVaf54sOMSWGrxP4u3e4H8AFGX13bR14J1lXC+5OotKpFlCqFBn+C
+GgncHnAUnJTCxgm3u5eFcsIcPY1BPRvyiM2b8bSiSf9KV3ScAbNkfFTEQBiNNhv
5rgrG3ul6oj/YshrtOcP6AUiHwIedeDj8+m9n+KQGBOEg9H3kdTcUeDR1Olt93YL
DGiIiqJC6PkwfnVxWX1P3bvFpmC3+Mx4bTXtiw1U1n2oOpuY2A0i1SQ6kGMRDOG8
vy2NlskF/AEtC6bqFkDMfIXMW49Rt3RZYi19xI3GQhKwnt5JXkQmzctIAuPbnaQO
wjIuPacEpLNSHVbz2Wwe3WsxrM5rMCG6UxW1gk1FEaewoN9w5ZH9hR7QIF3kCprX
6L9JrzoZYYG0lOULh/IEi7yhbcU1NNapB2SctrBX5RczhlgZRu7+qjU6zAZX1Co1
jaXlGLrhmuUidnYcRGdxJohPx+sP2gC6VY3TfgGczGwx7fQk9tbH2A8ilFyzX8zl
kb5KMwxaMAjaRMt70x8BszLn2vx42SPBrdu3BRfnz7tBqmc9LvZKt2eIwR9MtAAn
bgMuSJ0b+duSjIiJpLzXGuLNKr0hHwLsRCRa7YvXaXjhHcTQGArKE2PHeDcNj/bt
G/dujf7GAjHg73XdyjCf91SUxfdRPv9yzcyQbvocl5VU4DHOvE4m9skFhV5p9hDq
KHU6/xcCWR5HRrwGADN0pAeJtl3bG5lpqmuF0kwtlS2z0HO0/snfhdXc+eKvrhgs
Z/P06zRPMxjpALzMwtqUo/LTIBa9PhN3N7vNeptdw+7kBYfh5w+Tu10gjsdjDkvz
+fyenGOtNcnt6V+dfsSD8auia/kIIeSmU7UGy0wLt0pMlrIroIYn9+z1Bwsb8f7y
q+LuNOltNTvicJvljJjmILUiCDqU3Mkc6HFUw4rmCQwNQ+AfUaOyRY0+RSvWIVIe
ccSAMk01m4hwRYyU98D+2hLuV66laoTAmBxslRd4+QRaZarZgpUe6oTcgAX12gnx
TWYPg19anqa4sVFSbGdmxcUaDlKmXZFyqGJqSQztUpPZUOAEcyZfWuyWXEW26i3A
FjgQEB77P3TYmGygpTtltJRkzcOM9Au80GOlVjKJ+y1ZV1cqwvGVb5PDOUzSNt3J
q6Tf9nS1GX2IF6t5ZEWyYilWeTNOi6kPMZ33LS/y+c8/4tZ+4Wn5qhqWzq8Il4Ne
0bjI4TcZB7/qbt14l0kyvOGjbLi/23RzoShPqcLZ3hzbuwBvI+12vH32abUOfXdW
UjWkQ0oB66L+/C/L8NXKuyZwC7GbMxHwlA995YditCGT10Qjzq2qKA8E4KKoHc33
HEmHV6c0DzCqREqh8623ZC9kpE4HIH/8Yg7qHi8asd5pyMe2trKNiVUcIoe74rMd
pQ4PK1KdlrallHgcXIYEzK+AQ9mFvkHRIE2dgrTZBrfB3JfO0zKmW1wW1hyKEzgT
m0orBDO7UyvoKNM6id3b1oB2o9za6qYy4EVpthVlv+MuTlCWKLpo98X8WRiHSCNK
20bQw4N+1B09CNhuhzCdixmCsNd8UJ0fK4aA4A5hlaeHzfoUy16ffBnV4Gr+7WEx
GhM/VKQ4F2Y34e6hJZJCm+immfM/P44Gto4r0cdvq0fPY9OGjPoqyZv8bdY2daKb
YhI3+ux9Xb0+hBMIZmo+M6nNAGPM/YCW/6Yu1pN7PoJiST9TtRj8EjpucUiqsXHF
45jY1JdBmIx2x5M3dmuP7HAAdtxbbJWYS7jb/63ddPOKSztiysYXVY1xAnZx9KOL
zeW0pN+ekWFsbsVPRVZZoD8+rub+LoITm4yKdCAuEduuZQot5nHM2J3b7DAgfUel
JbiLYNKldgOPNSs3uXUgQnY+ufb9eYsrs/r6lISwlvJH62NhiPlKWs2wdqvUDFYf
KO1pFUMJOt0iGnP9mnq58lnQAMmOEZElzwMWndWjAJAYoxcdKkf45Q4R2P1yzK9c
wECHdIXotEQzO7p0s8jxdPIv9e+UMO0It02rEiF1F1tbnHwmQlzBT6R/iEa88mOc
P/v6csv7qaTiT2ICf1bnvTcVebjm7zVDSYgeSVQjNhGAHlDcXcdKpE+kGuk09jHT
av65NICYDqKaD5Tf2GnuZdP3pdmNOE3mVIlG7RxAUV8cLofPz18S8zxv+jaHs8Vn
y6P9OclgilDCj0KFEFfhAI0bG2ag1dEk/8GmrIlv543zJVf9efUtm5aaGAKdu/Mv
V/YBDGW3MxGUnZri99u611fWTN45fQ99f2EXPk4AyetDMhLEC3ZtYiVYeGjsqFlK
26I6YyDrUUSaq+AfKaOhoObH8rstkkxiuoxQIHP2hn1/CAMSWwX5KnOEJt0LRKdX
ewKqUeP2H/oPUyTH7v+EaA1dJMLPBSvx/TBhlhAjKCmpbYM9LnTSGHsKJ6DGechc
RKZsDt3jmu8cx5ElfTMhQouctavtyDod4Chpt6ifXu4m52+h9NiZME1PjMq4fDSN
hlX7G6aEi5vM56eh6lbwlWnL1miAc/V16EMclVLFBn21z3ikR1HtXH0R6sUHE3rC
dmWoKFBqegxQyryGlnIaC2JAPJZyJMltT1aVJLpYeHC1mx4AkYB4M3hm/zUZL5tR
IA7/4N+72eN2qhnRdI48Au5D/GfRITfPPmnAAnUKeo+xdkVPdL24le3XI0JfrRrp
tY8Sbuvj9sz+JhUAnZUAEeLknS1OZ84kcUQpiN/J3559b4UIlKkd9mrxuKQThpDO
OVhlFuGrRuLuQOy6miiO+NcxZfAmSwa/4KfcpJNZVnxJZLceeec0p4GN0UyXfwI0
b4yORgZ+lvkSPNpP4NsoKO0eztjK5LZh+5qSYlvYuJrmZ5xe2neJ02nvtUpYhMjX
6apRKIoqakw9Q3t35MLNVBwU+/Rpcd626npnvtMkPPeiv964aIopMCj37w7M3by6
czmNbtb6K1QhEDSAHX0crBMNlVlQ637DEB9UKbPvXvtgPiwowX9qIQu0rtM91fhN
ZHwaFLeczBv9ujvbPSnmnPYd1i6tGWk2cR5VNHmTsLHhOmbHQkxLOEfP1JpUp+Em
s4I182PZwaI7rc3sDOLAIC2/FgWIn9uzYEZcgxMfQiUmuk+I1xWJUGuB3E+XFwDk
XgHRgLtUSPpcPrGmsAWqfzW5BsYLa299xcmEeMWIF4+p14i5LeJWa2gxNIydiJjo
OLfrc9Zm6LrVhLxkrSsZ7TYuATFrBwCt2X0UPcGktwolOF0eKEswH8Th7cewvEa2
oQQptoiLOq44QXOXkdr8XMC4Zon2gxbmRMoVkUFLxdTxsOTjhAfiGu/vmqjS7v3C
RC2vz9Rmutj/3rlMrvNcbt5KWwgI5K5TxxP86MKAXostigwer+hRVeCktpyzma9E
HyYKrpivj+e2/tbJJ6h4RZ1fzhdp5f+45ktPfcs8poafdPnnrs9KC0Q0cT7YPbtX
U5+LRqEaQI9Y0RRPglwtu2e9eTyddy/aitspFIpvuyuR7NtFEkSXSldq1OtBneqc
gFolnTdpJadRgtDGr18dQ66GHoCUD8ETZM367H7E1UwjWtV0NStQTio6njLbNgnp
BSL4piVHNko9IlngUMQLHKSD/OTbAHpGMQGwkN4/AtSAZ8ioSuIwnEMNnpSigdrF
gzNw957Re90snnQ4wpUCOkgcWLF6CL0Xlfw/rFu2rQJ3N3DhrQY7uagVYKhgdS98
p9UTjb965PQ5qtUQ3uJSKWDwhIxFwQPWOjxte0/i1yU7SF9nztQTvqkeMvoVOlcB
Bh4u4Cpqiwt0hl19Il0KnVSeZQc6D/jih+eycZD5yNA6RjZr0aKBJwMorFRWV63h
2WiyvWcVBgYExNW3xAVLkWC2P1Zoe+HUwurkSGrcqTLaDAATPPQcmauFw/QFiOl7
PbVilQSMfY9b8I2PJuWGNAvWbNiRoppsWRpO1E/2tzrBauvhDO4y9ZjA8QLnvmqP
EpHiuH7sqIo7GmFNpITCsyQlwXFD5HYLfBNaYPela+TdRoLZ4+Hid4lR8ZjLFBhi
12uep3hLdN2Iqt3HHhcOg8BskukrGMz4IKl4raB47/8ziqm58NdKhdsV7ATKL3Jd
Q3c6z9wZ3jl8XCEXDuvWolltYxBeZw6FHBzpLzlWaJNPXrlqOSxjqVJNVqBvnQsl
ipu4llvdQZ6INItTSQwvDnrrpRDb6RsoutWik/Jxe+aWF7y7UuXJi4YrYv2nQGu7
7Tba5T+e2BCqowDCSRAzUb9zNgZgX5ONys7as+s/1HLsisSs6dOg9gTodfwNlwfQ
/WQeaVT57NfhOAAtwzKqnSYQk89/jgAzO1wcc/s8Wvnni4XOkB8ubPdpdX+XeiRR
65Ig9fZuq6oPYr1J5hcwZkMrNizb7gDNuzioF5eQwBml7ZGsSuQpwfTvbvc4Wzue
G8uGZtHOnM8gnmaIfJ39etYCzlcJVuYM96/3vIZLKZzu8vpxMVmscStpRWi6WVFn
H60Cnnxw6XZ0lMoHDqvSRPjFpaCdhqFH74kFPz1i6MjlnUIEiVRp+1gj/lsT74A/
SSCQw3eCpjeSvVrRQ2Hl7sd4isGV3Yy8PEsO426LS81vEhcKqyqsr1zEx06aP7OI
nE3GxeZyV60JSF4QDm39wShYhziz7dYICB5J9y4GdZTBmmal3pUl1kukJ8cQKI6w
rSfJJM0yWnzyU7flxlNBgnv7MzdiPSSbrabGt9pEzimyepZuZW3vokcGbY1r0fGM
l33SDMf7hg7kd7o9AqDgvqXhLci+iVIQdiJoR8kwsg0h/odCM+qKiGimEsNDg0bF
KO9kklYuGj7RYNrfp15UNAUq1w7agRTf/gml9tooLclPGXDAIEr1BZmKORNrfWA3
+qVIp2I5NZ493UGSANeCa+CFKS6v51QNgV6lLSfBea3LChAa7nvMidR+9MRhWC6b
3NqgtN3anmnBmIIyFS2CDxbh1aUX9wtKsrDV6pQcRzvjgFJeI9EUx93xXTPxaky6
ngPgYT6hLa8lDseJOK03oW7Kq9ahtbmrINV0ydhNPl6mPoG8et8LxOv8lJcznWP4
PKkrNKLflo4NBmNr2nYDhI/GnJ/id3Mo46mCVj6A4V3PJuFHH8N1beinDOHHrVv/
NhXFvaZHsM6+SLU4DszM5u3YoJOr8ygAZl1CgxljAPCQVYMnUZi0R61CgtUZUM3Z
NpaHo+DaY9tHlI55yu+8Nz8rWW7/nPP3uLD6dYl+jRkKCRgXd9Nw8LrMqUNuc8m0
AoKVg6NrPuOaB68GnIAmUrhoaCYBmB5cOrgPY27rPBehN+MdqqJJWe7YxU5Zmacj
4FQfsTh6JoKfIneDqJ0P/3V5bc85Rnup/GKgrDo6wRLvDmprCiCDR5vvFHbkwyy/
AFQUdHEzUEiAQFY5UiMCvw/gUVEcckLbd6OJWciDeWtidSphbE6tQhvJ1q8gFlbo
4/pQRlFOXqupoAByZTq/3wij9NQYd/dxzxKBfDC3LyMwKSc0yMqaXRhdZ61XD4OL
AVa8QtIwsycFmaNjFiIfAMyHxqVGTgRw6E2aYBmZpJpznAwSRmlrXVSaRIclMcRX
/lL9uRPQv7hKF2wVWRdtyb4h/Le4EwjBMlNfymM6eWBo0ASpLYSRclyURmb5dvCH
z5+5gUDGYQuro2sNNBqvC8qmh1wEVewzxGVTpH1uxPPJ2g5/B/QaiC6WsM2UcpL6
CSQ6dY26W/oNP74JG8ACECpGB+FdBeICmNgXjLBNB5oG0qum+kJO0ZiWABdeRvZX
JriECqy2dVk2B7WzpI8mnrn8k4+a+0Cu8g0D8eivQ6w0S7fhRKW8bWSJ+SJ2Jw8s
mZ4qpCX8IaDa0+6DYFeZt44c70UIZ1w5vqAUTK3HqYCIllOZt3AYF0agbjj9KrAy
fKBDKTZPcWvNU6fBG3AirtANz31f6Ty/62ev8V6c4SM7F7WrCngBsWNdZdurAxQ0
Jir5yalGQ/76MZZbkatuTJaLyvhw4xIVRAaryYRjJz+xcn0igZCQsIZbOG5YyoLc
XVkSGciQvQRBwedeV+8pVnO2fg+rR/LY4X8hhgiUjwIut9ADuubyw9gE+tqeYrmd
TJxe0hbBL9f0bqAcVKqOFRd9HNa9jfpAKctOsdDZpZPI2AdYjCIEKTnNChqTvIFY
7kntCVQ2AaM2zG5xJQZnmvgYtpSkLVk+PiKSjr46fcbyYYfqf5RwpMghPurM1tpg
q55kauMMsxvlD6k4g7A2ruVtBq44HyNoX7ZCETeZREnt8WP+q+os3UczL0wsGLEE
PJej2a1fcTuVcaS1AxfMqx0bxnr9NrgmUuNKi3gsQfjXz0rCyfqquKzo4eCCXEks
+1i++2STPBx71TTCDACXDl+4ZYVg3wp46dJbUXDZEzPxoB5+hiEc2vPL2sxPUlHY
0TQ52sjwQecc2A1IOVrEn93s470ECGK8J71lFdbe+cPLjdzCu+8wa88Dw4+Jtwf/
GSt3Y+NRkXRlj+FGRrrRhfWZAblaOWJvduwiyMB33dmRCn3taXDJ0R/+seKlJdE7
w/lLOcXROg+cM7zOLmzimZ0E/OC5u8glOdaqlFtAsFeyLy3TTawGZXYH7/8qA79G
akemxHRo0rkGfEAGi4FSIpqwyUxlP16FUGB5rBKnh9zCzmsGJQLEfps2iwsmiNOK
gXRCWQiFxoZnSjoWyeArScpoo3MuNyBSDrs9GcSoYzTzDvp1iH5yAH4lP6eD/l6/
I2n0Q2cspR5BYjvSOIJsHDJgXr2lEivoKYZrJ8MuN2ETls5Rm7jNieXWyxLG5rlV
cc5TPFGVQVFghxz2cd0RbKtwCB+l0OUe+5ZijJVY/3SjiymPnxZ/CAhLlqliBeei
XHj7XAikVpT+ca+z+o6I8L+sOeS1W7Y/HR2FWhM+/Gj4+rgDuk/AmPYcKQMuOeoN
k6SZ319WxLe29DkCM45Wj7j9iz7zB0EtySGeH0A0S7l4y6rVO+9vIzQ4ONjfkrkw
X/2RQoe+L+9MSGu4uWtPC1ZaTrXW00y9xtQUmNm4b1km124iZujAfXVzLLbIE7Yw
43GbsruAVWVK24RGmWw46JWRSniVBzHQpKtxNqnC2c43sPRuxKEyFn2vSyWsQHMi
cebQ+tk3bnjZItND2xfP9S0SOHPfuQynBxFDvlDjC20ETngw0/fZVE45/s9dhLxK
SXg5dm2IvT9M1ZvhRVXJQNhJjfw7eV4xEV3EdqRqKAGpLsodrMos3qGqsatzYGeW
GI1JGSiUnFmxW0o4LwIBMfDax5f1nV17iQviFPHrK6FM1G7qPZ8/BgrAkxCsbx+3
vZoUDm7bIvk6jsVnXr2+3sDR2T3BpzIca9iSSnu1+Q6Pn4QDZ6fuAuPyiXDo+2HN
7o0vS1XBPhxxcQC92LGYmmvr7k+/3cGuts0cmGx0tZS+Tp69QrZ7YtxubgmyhxIn
vE2z1SckkW996MJx0/d9lB/MBPmXJUs9yzSfc1mXEX3kNJUTBiHU+z0Ml7ZPD+hn
r72zsxcIj6clL8LVVRX/r4PBiyxUN1tNT9nF89g/qrl3z7M9zoMPOSGhVaNEmCKm
/lpRQxGH+9YZXvgKVMLH9QNa7Em01Ox2nfsnG6cDO/tq3aBtoxaGRrjRl/vKlmv3
fFW5MWrinEDiTOad0LoGvxOFGCC6GIynvTKibIHEKzh6yt0ZlYTkpBN43w2gooUe
2va3jqpnNf8ejXPCkRbxSwRAYvwW8bZgXYwJopVE1ohPGeozpZ8J6t9lpnb/JODD
Q+wvT+T1122CPIRhCW9CRdcQTrvQpSo6+XNCeUiaCCvpAsNBlNg2rY0uG9xxPdu2
Cif6ShSQeVGa87ajtpwwdpEyBFGh8CnXsWZNaS8Q3hldn2Du6X19SBlZOWzSJFWK
iYslUI034vkrO6MzXJpxzUI31OkL5mYqKK/JH7VzmJpibUIUsqshJDcXxaikeUP8
QZDgNznK0+nI9Zn4cYokV7AWj1mtE68Wk2Y/ZyqYS/y229Z8k8dQH6y1nXd7QeHX
/kzj+Agu07eJw5ghGTRI3sxjUEMmLD2n5gQe7Ff5HQOmXgzxgR60LziQzIK8CFcj
uFsnzECn4mxEZ6hm4Wx6G7FVkIv8ySsKAQScqx6l4E21zTahayLxWewtvpIwXx7q
SvkZpmoScXeJXgSpCWoQHMiS5TpT1laJA/aurtCbLT/N0TtEopHRC4JwejOglaeE
MTWIrQguYRCCst6cA2q9jMvppNX5NsKCucORq7pfDzCLqhzcg0+WVF+BxRDxM+Vo
/QrfgwsuDBu2UfsOjKao6B291Fv+971zOBiPfChl17/4YV28/DstlHNK0ff/eBgT
ylm3I4Vt4NTXs3y37Zavk7AJ3uPadopinswu/6WK0I5jV90Ux2FcIEDbWq7OPVTy
lyzt656xEiTsikuuTc06uMObj84k/Ee0QWMOSVZoMnRWfXZ0xMNBLw2gKMCyEZ7E
C.3.22.1. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIS0gYJKoZIhvcNAQcCoIISwzCCEr8CAQExDTALBglghkgBZQMEAgEwggj7Bgkq
hkiG9w0BBwGgggjsBIII6E1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2lwaGVyIjsgaHAtc2NoZW1lPSJ3cmFwcGVk
Ig0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iNGZm
IgpTdWJqZWN0OiBzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1zdHJv
bmctcmVwbHkKTWVzc2FnZS1JRDoKIDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgt
d3JhcHBlZC1zdHJvbmctcmVwbHlAZXhhbXBsZT4KRnJvbTogQWxpY2UgPGFsaWNl
QHNtaW1lLmV4YW1wbGU+ClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPgpEYXRl
OiBTYXQsIDIwIEZlYiAyMDIxIDEyOjE3OjAyIC0wNTAwClVzZXItQWdlbnQ6IFNh
bXBsZSBNVUEgVmVyc2lvbiAxLjAKSW4tUmVwbHktVG86IDxzbWltZS1lbmMtc2ln
bmVkLWNvbXBsZXgtd3JhcHBlZC1zdHJvbmdAZXhhbXBsZT4KUmVmZXJlbmNlczog
PHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC13cmFwcGVkLXN0cm9uZ0BleGFtcGxl
PgpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0KSFAtT3V0ZXI6IE1lc3NhZ2UtSUQ6
CiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXdyYXBwZWQtc3Ryb25nLXJlcGx5
QGV4YW1wbGU+CkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhh
bXBsZT4KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPgpIUC1P
dXRlcjogRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjoxNzowMiAtMDUwMAoKLS00
ZmYKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0
ZXJuYXRpdmU7IGJvdW5kYXJ5PSI0MDIiCgotLTQwMgpDb250ZW50LVR5cGU6IHRl
eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlzIGlzIHRoZQpzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtd3JhcHBlZC1zdHJvbmctcmVwbHkKbWVzc2Fn
ZS4KClRoaXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWduZWQgUy9NSU1FIG1lc3Nh
Z2UgdXNpbmcgUEtDUyM3CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEu
ICBUaGUgcGF5bG9hZCBpcyBhCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdl
IHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50LiBJdCB1c2VzIHRo
ZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lCndpdGgg
dGhlIGhjcF9zdHJvbmcgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kuCgot
LSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQotLTQwMgpDb250ZW50LVR5cGU6
IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4w
CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1sPjxoZWFkPjx0
aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4KPHA+VGhpcyBpcyB0aGUKPGI+c21p
bWUtZW5jLXNpZ25lZC1jb21wbGV4LXdyYXBwZWQtc3Ryb25nLXJlcGx5PC9iPgpt
ZXNzYWdlLjwvcD4KPHA+VGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBT
L01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcKZW52ZWxvcGVkRGF0YSBhcm91bmQg
c2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEKbXVsdGlwYXJ0L2FsdGVybmF0
aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nCmF0dGFjaG1lbnQu
IEl0IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIgcHJvdGVjdGlvbiBz
Y2hlbWUKd2l0aCB0aGUgaGNwX3N0cm9uZyBIZWFkZXIgQ29uZmlkZW50aWFsaXR5
IFBvbGljeS48L3A+CjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWlt
ZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4KLS00MDItLQoKLS00ZmYK
Q29udGVudC1UeXBlOiBpbWFnZS9wbmcKQ29udGVudC1UcmFuc2Zlci1FbmNvZGlu
ZzogYmFzZTY0CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQoKaVZCT1J3MEtH
Z29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQy
dVZUT3hiQQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25i
Y0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBl
QXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkKdmRQZjFR
WjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09CgotLTRmZi0tCqCCB6YwggPP
MIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2
NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnel
N41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i
2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNH
T82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+
ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3
qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgaww
DAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcw
FYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNV
HQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1Ud
IwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCB
SXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9
Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz5
3PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/
eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744g
qoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXz
lEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp
1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5N
mn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDc
DkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFt
md+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJ
OMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFec
N7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq
90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0G
EhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN
BgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7
GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd
6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7a
gyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazg
PYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jM
hwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9C
qaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcxNzAyWjAvBgkqhkiG9w0BCQQx
IgQgKRHgmdhJI2Tf+K7JE1TSxA3zTExkKzVZUQVOVW9+yKMwDQYJKoZIhvcNAQEB
BQAEggEAKbi/JmRcw0gpEYalPmmBkAA8di1brSKUmdXhuiR4XDQV3JLIsh51kBcu
aBKaSfyJokhmkSxYD4n9O8r3QzI5J7vbmcfhRydej4wrO/GUkfw7DopCF1xSYsvc
Nj5NluPusqWeeAStWaQPYDgPsokagqWN/yXQWif93riUrT6gbVwxk1JzRry1rkZX
UO8F2nQnJ16QroYmDa9mrzYS5h8eeaZ0uZnGygIqub7Q+Z4rHb2cGjUrsh/bqxA6
2b53ptk1Gge/tLHhqUW8qy3agPlUR1aLVlnjrF61IjX9cUFRgjbUoPvX+1AjWV2D
O6cUaQmlwk4Y0tZlrEGgN8NkQjJjBw==
C.3.22.2. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Content-Type: message/rfc822; hp="cipher"; hp-scheme="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="4ff"
Subject: smime-enc-signed-complex-wrapped-strong-reply
Message-ID:
 <smime-enc-signed-complex-wrapped-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-complex-wrapped-strong@example>
References: <smime-enc-signed-complex-wrapped-strong@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-wrapped-strong-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:17:02 -0500

--4ff
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="402"

--402
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-wrapped-strong-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example
--402
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-wrapped-strong-reply</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme
with the hcp_strong Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--402--

--4ff
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--4ff--

C.3.23. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10295 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6600 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2189 bytes
   ├┬╴multipart/alternative 1146 bytes
   │├─╴text/plain 394 bytes
   │└─╴text/html 489 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500

MIIdrAYJKoZIhvcNAQcDoIIdnTCCHZkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJpRx1qb8imXHlvxd54NywfBM+4WesLPuWdH
iIx/demZvX1kc2+vkfSRcTzBTkfQd2mVsFT9OPsikYvPNlDayc4zF/9xbSpK1cK5
O8fnjipEQicPXJOg9bhI85cRTk4PKiX04VTF/mzbun0sR/3JCQ7QS7yUjXMHNE/k
IwipLBx5ES5+YiWcRtIOlGj141xFkChXpdnc/+9YOuCezWXgwvLClgL/Zhs8CG9U
s3usMkBnvhRElkMkKmGARYaJTKjzNSFd+TbJFksBOx6ctQvWdANyIm8uC69WYCls
2oFXgMw0bT2LDwpK7IbVeoGTM5w7PKhdx+O3fcoa8y5rTThYirowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAkdOtrDNvvWIxwW6IkqXTPAnz
B/9nLA6V8K7oOf6JKIzrCQJ+m8PDhZWsJI5yjRKz5SR1IjgWUeujoUWHQSPQZesE
6LYfacRmzAQlZTU0fKvkYraiw1JEVVbv3s2t6wjU1xl6nwJyPqlxmZ+RSMV0DYCS
Pd8iegKe0g2Elf/AdBVCn5OKMnXeiVAM6NxAWfi4I6ZwTzyEtFxcBjzZHTM32cg1
DoNA9VjMjFj73gRVtE3QwDCwpZ3XHDDr4CSQ5bd6LmK6kdCRXWlwjvIAla7PdEos
/4pOdUolZZ2K1521tkoAdWt9IbcJM5Lh60NcajJk0PfCSUbXeNdP8cbt+kC2BjCC
Gn4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELjlZGJvxvh0NYRpL2seosiAghpQ
QZ9Q4FELuGRsMfdLBEbn9LGhAmi5AGvDcOSykHUlOK9MLsD3N2MuLFghybzTDQmQ
3f8jNDfcsl6P6ds79L+3F0xT2ZGrwtGCvQtmqYxJfsrLBO8sSwOOhtqzrt36VSXx
C9OWVdWrWGrn583gp4LPVkjm9KdO1FBFv6VnZzZHmGsuaMxCUMlhXy+BlbJ26l39
p2EPEyUGDNAG1wRRyuOH40apWzNt5ZUPIXIAGNsKxU8MUe8WV3neVDgqWdR1ytyp
TO9kH0ToOQxo9EzYzeTE8De4BxEcfQqQPLM3AR8Vy3VQKScjfXC4Uyv3LuGv2cTu
LqWZJ7/Iq4on7qzhjRPPp5eW8reK5j2741uYzSkPQlgVgK9Ee1OSG9x3u725d73T
5Vb6gaVYAAvjN0SXLhb5ARULhNts3jW49nRRl60xP9zZg6dYcj3Hoitwl74UOcHz
f//wO9BkkiBmu0KeHVGa28Ed5l/b4BkLUl4+SH1QwfQnYIEfQE5V80t5FXYSZOER
ayqDbahEFmC5o/j9sIh782aCuWgEYgjS7EQ4Gpg+YwCRnPsWrI6U2bjYykT3Zj0T
+w8D0Up/wNAIW6L22iV6fNCzJS0VxsPsDmgvbDkXtsfNLSKlIdPA0rj4jRcIMXsB
S5EWVrp3CcWebtbddGr7F32fIldemoNavl5nYkvGvET3Q3ITk4pBZcJAknGj8Yv7
axH1/5bbDAUgqQ/UKpyBQK9aOpMw6i9LyOViPruXGnbAVjvH+P0r9KAN7bt3hM9g
arv95nsTWfQwDxru6uZCXRxzIGafA9DFwXqiIqfoRxCz4vKNjFyGxTu74sYqycz3
X1XXXYQZbyawmv0hDPCJkSUQc5ZtgNDjneClHkX+4TTcZT57r+VUdo8g4bjFYXLp
BtNK7poZBqKO8lNLX2aJkAWNh2lh6kq+QuzmDJ66XVJ356bdytRCJcL0afDWrFNP
RLzFMI7f14wXVIMm9clfFdOZjvI0FaNcleCOhPrBZljkhyoN9moVNOZmjWNXKxyU
pfpEWAK1ZZE4+hkMRxp50blt++YuyJ+aOc4jv5yFw5uY75euQ5cJBcEr31DxdXKV
Ax1S6mEO4WvmX9z2Uz7dA54wR3BskOWoy/k5eyD12ij8M+mdD5d4/xntk2kyHLQP
6fbiO67flDT5cg+NYn6jpZWsr1OxYt7GJVzeiaC3hmk/rxFSq2m/5An3WquSvFfH
6PTYkJfR0bhFuVLta2H8CHb221EicvS6Teb3PO2Ozmy3AjPWCRank3lFF3/h7jAb
EQnHGAbbkWa1Ej9brAuxfXP05gXGbVKRQCg9vp7Ygw9XqriQ6TnlXRHE4Yo8HoVM
wttyfp1shItCSP8zrR6R6kSVx7DPI0iBNYYs5I0aUn3MCMvM46TfYa+M1+NBEUwa
APg9CnmDm+s9vklR68oT7GB8kGdCiMcCn5w0p5w5EAi+HYmbrRsMiBmM+sf5Fx7o
LW3KK5aLWkaIvx5xHCgVcYgre1jIho9RXit8wRMBSV+EquArPV0/U7sidNG/TRW0
bdwIphVqj07W77HhW5qUVDbif7bAzG2lGJu1wrAI1//xUHy1Ib2h+2jhm0lVUN7P
VhSuMGXDiT+cVLLpYArt73wTRRZYkkeiSgP3mr91uxos9ryabQIf0AbYOso2NJYU
xPquQH6uKI8JBmJDY+adkIH9XAjfSzC1b/0KRNQY8RJRiedm3TcVxYKuT1eUx0CL
8XXylaoK/nAmYbZuPzxvVOtrfNOn7qigK1Cc3y7SzlmttjsdeS0HU+3pPx5IOkh0
75YU1RJugSW8AabZ3piFgrevEM2aVE7BHgNIylZ4nS+2lkH+phrxbFMruIxNtqZk
2VcsbQtXc0VPkCAGdXGp+vkJSW9mrsxwhvROXskGtKxM+G2Nj3wLqcTNmQM5way0
YJr70al3xk4NuXnoLrPKvrixw7XRgLI/qhbtGoouXU0i8CQAJR4AqaCNYVCUVQic
L1U4z6dP4RauaHNkdYOMslekgklh286UZ8VlyBk20IK74ieZXdeLgBDrkTevM9Q7
SPxQGZJkZflQecHSsQjuecvB6B/jex4zWV9kY9tyFe3nlmTt47WijNvyEFRSTLET
LbD4sg5pRAYXLZIvYSxPl2Tng346NnBmXy6ek9I0l0x9MPp25yZQI0VB6sOAX6VV
Zul7Ec1CEP7nZvLaiwMwnxmjqv4qSWYdsgS2i/udURss95TZXPuDsvzvm1MAT3pU
Zj4s1SztKXZUODGTU9cXF6nPYO3AiPCtwS+aLSpYV8orEEdeUTa+o6eLZ/r+aGPP
0XZkonHpYfwam83FdC7BIHbNCI1UEgq74U/qwbpUrLBa3RjPyN2i/IIWYZDVYIKO
DSMAQKXYSkCUl1UKHRnZ0NCMHqHtza7OWxAvWbHveu775Wq5g7DD/i2UV4v+aGuj
qlyTkjO51q2R5seTkVsk8x3yxCqNv1VzzwyDur/JgFoHV7XJR0DT9Io2ZG3rNNNu
jgHEuJHDPakvzQcrxxOzBBO5jltc/FSq0++PYJ0YRnkzpMAVkiP9OH2fJzzIxDXs
4AWaRsDTbvJyeoM+Fv6XkG1a1yMazV4WAPpC4AzhbRVihevjoWaoN88a1R7AejI4
0ngt1v7b11mVS4nl2Ea9UThT/DfYJ3g1qOxoXj/jyj80FYAVX3aJYhR2jwPCK7Vh
k/uKtUCiyRCw4LK1pdXFlJHaRDKogzf9Bed3vGhw6rn8hlMDg9YfCTenmuqBXT21
CLGOsIYALpwiQsmzqzsS3h7stbuwKGKx2D1zOi75uNUbt5drYOVhAJ2x+Cv+51rc
BCi1CKmma/TXwOvmehVgrk+pr6aJ3PWM+P9Qt6haLZYDF+KQku+FS53dXi/t3124
ekgUa6xw0dixaByt/cEryBa7NZdj5WSCQlhKwgNp/6TDFVNV60to/o8zOFPRzE5m
kWVs8D7vRNeZx9UtEN9lawI51su8mIxaNYkBTTEMHzsN+THOsmwCgumagyBXsDvw
UmGvhO6i/ayJW2mdkRqgBIKSO3z9OBEzCsioS16En51fsfyY0vJorcXe1fTx3oYH
sA9yNN5aQtChSlRr0JF0NwMKmYH12R3OP8qMdwJeHd1B3IEkPA2I4l3azG2kmPeQ
nzOa4ktSOHoPfjBh0AxvV3cfv2fbDMkYlRPN9YR7X6QUbRLhNOJBArM6xreGjTbt
YZ89gM31bpg0/tTrYFn6GlgGaJZarbudiYsifd1d30/nN59X1Mh6c/lgbGQgwLH/
ItbxlKxAxm0rW/mEHN0nykz/bq7sOXIn4Ge7s25nWGbtMs38Zz3TO/vs2/sS6MK/
PUImny8KVBtDp+KGF/+9tCEGPwszTmqiaD72qzoTEsxXYmeTwLQ5CnTDxbwR99+W
7HH6SKJEDx/gw1AVGQoPSFRf94/fcC59rxe9B6nubpTYobzC3DMLFDlezsF9HLCj
arshSx5zNGXN0MS2qN6bGzeDioe72wCVKNczbWuupqiV0n7vM3zEudhj9e76SZiG
zJCU9k9FsqFsjX1EIZt5bussB1j3b6eTagdFa4cgW3KSIdE1P4WF1y4IbJT3fVW2
Zl4ym8xo0uR5Uzaa4i+rLNsK9quwbP0sWuvNeEKRQiEERcA/RLxzx5lD/Co7O+fw
Mhuvh5zF8Vx1mSlO4S2WKwBPmHSkmG+Pr4asISeS/2EcdisyV8rbk71PiM3284Fa
2lR1KE5fRjxlxmSGPNhWL+xBcGUZZuVQ98rHv0RwOpDpTJws7rs0DYn4T2dugpnc
992nf4hbUlFH1InOEYEUZrvBuGKpEHMZgxI3l0f89xEsj/YvWM8XAzUknwWlYLpW
DjTzlxYLGU0cwmtv+vRP0nf+8Gd0ZMI9kBl9OBuhYrqwZGlyLDA41NUTvYbDHdZY
MLd9D8QPyxJzY8/WRkDuuV1OUL5c5fHXODEX9pzsA+7TwHvKfzpapaf/JVLI4+Iu
P5VjihuiDmen/c15KpwzgUh4+UafFT58eUasH+CIgjWw76FuG05P4jU4UVDs69l4
SeDjMtCG3wMmtj244DaeYN3vdlNgj6PctJa0DUX83+5s0qbKDCDRRJbVfCcIK9Cm
vKXeYsHOlGBlgtgYuvWu3tO7SLzNwmCKF03JfXgnQgwp6+6wMI7wb7ejptoXCTYP
+6oQcugS+9FOXfUc+NIj9NlhQJGoA2M9cbm9i6jjZv3xOfh2kYkLJF5ekSMNibDf
PLMo1BB0I/bNktPXZ9RjjfksbB6u/Wu1xd0OTkuigpHGb4PhClh4pWzdnAIPhS4/
JjAx+muL4Tq4kweIFeKd6JY8s1oR9nzFZ/ofG++t9sGNucLoKfBsuVQ6BV6L44Fq
gVr6F7SuSUiiALBEaY52sluDWbG4pga2XzTWGPuGF5XBHZthKcwwT9KGJ8W8UYEj
w10/Kw3pa8GT/WHiTY6fP7KD4MsA56hIdWdmmZlpxTyPnpZQPoNZ3zwIwxlq/Agv
/UvClh7sxs4KmOTWFZw4YO8iFtzBAeBqY4TGgoyGXAYElFPEYGmHjxPdbAE5li2M
nICJbB3A1/j69/mek6Ofl94eepxRDgw/9ri0bmfNqZ0yYA4bIucd35Qq/gpGL7Ez
sAaVP7isjQBG0IuHxYDQ3HBoeJcXuUxAfmgVytZr0BAia+udVo4vawfwTYzZ3NRD
+7kvHaXbh1rXzyYli8ZOxRZFAuztGzIUFHs30rw1EYuWBAjrEQBDc+3pSUzRpBSh
/lxE3dP92dplCbGiZqgFTAD9RCvPO69Zq8VOaFI7yJowhDaoBVMLYdi/OSynGUDC
azNJIVvDIICXM24g4JlSlyLddWRhgmYgXsRScCKjroIB6kCXzoe67Vxz+P04NL18
vm1U6wRJEUrsXkfc8vXk+YDAYP9qUnwXZQvO12EIIPiu0Tu5RRF4aj8dT0sAmopV
y4d25WQlf/5xhwTZUHCxFFFeYMotBvNgT5cCB4g0t3+abtRH+zrJwtQEz/VnC7U1
SmPMN+XWA+vHPzp8+SOGpSt+Il4euSNl2NbJKmtLeWEtTNjsc2ycZKnnF1US1oNf
SMPuX7rPZyOS3HDixxS5y5tn9TVGQZzJDBuaiIBGTTThODaxjdLOJqW0+opGvk1T
SjrFzOl3UEadU6nUOots/GVBMpKQ3z+z97S0IJD6zPfXyH8HjWzUU8iTDVgk35JX
alJGZ3jfEPDTVZoYBREZDPx7tujOu9LUne9FuM3Af+wbMxI9yZrRYfzWDfs2FNxS
KN7SPPzbyOzEdLvvpC94Chk82kYdrO8jaVYhnhsCsfB9BYiQ1VPEMGvcK5ccnxsy
zTYcONCxtSKNBYMhveytnoOnd7qoD9sjMa0yMQ+xnMQX47K68ZZ0sCghlH9Sopgg
DjM4HuhWXPyXB75VZ6igaVI/VK0vbdmzhP2FKyFPerD69fs7Kwx7LA5zYVUD/5+b
+TLQoCyMPBEvOe92lOJNixM7cQiHeqXCY1R8NCn4qIXtLTUVUl92guvw3wQNRc4y
tcFLRewRtZnqS9SWyLJN89yooQVldAO1NkoOZtByikeel/jd8NZ1OHX9BShN3QZT
QXqkgAN3diDjA2ZEgDsItoZoMbsk1Ho7LOpfUc2IHA1pCCHSODvPG+1BdagSjVsW
NBmOuBCQAWBqaM9Lm4sc9dV3vOTAoHpAnGJXb4YYbCK5990O1sFb5jhx3IDHndHb
dtOj2lukCNnvl7l8xk4jZGE8GMzPVEwBxQ81RaolChN7PiFpmoUh628JV6huKUmh
/HKBFmJanx9JJDIWBKFH9va1T9DTK6HOpQUCopBtR95jlOwusMRgVZVZOuN2Oo1G
39mcYyhH6N7BuzsPMAGmSTfhxO2xyzqlIwgFmKZ9INa2eEIMT07+P7CcIH6HhwA6
JNzoJhJgcVPyeqLgrv7GvekgQjhyR24bPnwpXCOssVG8a8xBzDx5QpGTze3Bt1ZP
HhuEjmnTD9a5HMRTJij78ijFJ2+N9zmQMu6VJBmkCnuuWL1ac/LVWBLDS0G+E2Tb
TYiM8C/+Yj7sZgwSlMmxK1dK5W0o0dlysR/XNAmJc4hdr3poSA0PxzgcNvnd+oNS
jO1lF62grlNcmHN+nwMUZcEGwJo0FQKxI3w5/uoPLDQWKIIkdSroIi3yPeLq5x1f
3gVYB9zG/4mwpEUnbu5Pe5/WMTywJUoxvzCjQhMNSBfQnTt9tkm1luC+plQAtbbx
/UBO+AZ8smN4t9po/on1RW3WSOf3MOtb4fQ+k0pmmZj8P1QJpyHXTc3wOoHC9TJd
NnrIlO3X7Q0sCGwbS8mR2LnRaNxcqyL46rn2QHxk8OlfFWV9fjE0eEZffHhXGP1P
26btD6rgIBo3H/3ExMk5MwwhG4eOsl+IOmho1i5ToVnwacjI9xELfQAiGT5IzqyM
aV12sQ5g14y7i3J4hHpIp0Ml1hjkGh5lu0zf2uXqCmp48fXxUzIvvABJv1dngKyz
MJzN7xneNkqrAZ5HXyDiLXqqesXYaneO6JH+jbD6V+nAlMviNsPuPKCcgIT2pcVk
HqoIqlStwJgjocgmGI2Lh2fgFgv5v8xxE2UeoZ92eoRXg4ed0GxWGCbyCxr4L4it
uugFA8pC+X3SffJGMHeuIF+y9Uqd4ova0exf4lVCmra6FlGw1Pg26WYuh9wv/Oxc
r/iS/7sX4Z+ILtumBxKrmGCanmJuKock2Px7+qu/r1CeEDr+zUdVYj+/GjLQQIFj
NRs+toHzMYfUnqNEzFotwqxNzmYCMYo05ZSrYgSaOSDZUpm32QNQADw78h+RNItt
5LjN8m1HJ+rDN49urlL0mG4bsSSV81mxB7MQsvvKitcwNlOYCrY0BoS9Y/+Cj8M/
ATQFo7//3aNU3G6GiumymoUQ4BTGzTAbjQPSa/8uCrw5an/XTFPXN89AZRNtlvUa
ifQ3T3hYVe3rkDGM/sAhzpCxIn894NI3pjfk/q0rn9ZzKOa4CQLnLM6o3DFbq3Bh
5TnNmJE7rBJfWJgBtcxTGWgSgClE7nQFTFgdrVm1IKTCYnpeiuTgjnohlBmeygk6
75XmeQs2RPyobk8mG9LmfrTf1E00ijfkC3U6Tp6c7mwfNqJ4GUigFzlyC4r06Cb2
53SGm0n1yYiuGUMV7bBSfYYaMXbvoPxNx94nLcv/jvtLRE12mubcupTckI8jXu77
akdDEQm04ccOOIqarTmEKcP1WaDS+IQYXTXK1ALs/WmT8fDYD7c/my1vANEwzMJn
IaQKDOrNwq0WtwUX1knyf+WKF8/oXOM6nffclTMAI+BglY0LmGIWwQTRjv4r/vj8
N6Z90KquWz/IaJzA4GUp6JAGNcSCqc1Mhit/ZxeXVJPOBoTT+n+pLxjAJu9K+E5O
KiR+WVeTLk3OG+NBZ/9bzG70wb2KtM7xLSjut4xNtmmiqly5G3iGSMAgnDcV9bio
c7LOQR71WGjLz9v3GCOEgf78nheQ0/r58ZVo2E0Lt0KtmylFjajDE0r/vGhCSveh
QMcJkFUxtcoUamDAtt3BFaQpdWugMhjrNnkXP9QMJEjwL/WP43xrqa6Z1x0mCFjp
5gv4oVjvVCfqtnzMbp9OnbMtaXZg03bLihDJD+rpyHPjPKz+506Dge9yd9GvGj7T
iss1jv7hf6gSd6AlA7DCG/ZaOYr7QoMhHdbNNdWeunyh8NGYEYGMmq3XsR6+ly5y
sWd1+gGyA7HsXwTAfjvWJjAA+UOwSeTNqOHMnlF7eMMnY9uTDoIfzf52PRYZ25d2
bKghIv6A928yB8E22b/XBtYj1pM7awHZ5yecQbjH9chpKfDYtj2q840+GcwAHAOL
kKy9uvpsTEGOxvopfa+MGbC9BkGNG+kqR14VkNIGG/7IFN7+PBOD6l74Yni3Kc8Y
A/wSwXvwzAWlek/8ERw2qB6iZKrvOwxTy09tEkx0JvQ8qYwqV6xTgF/sUckh30ZK
xT3yy25Ul0gSOuJd7qgp/DbImW4YJr4SZh5ATiskdMKs/L4Bu8qs97f5iFMykgL3
uAvVDwHhDtLVqY1w5IsISf4Fize+i8nTQubKolBC56zTK9LfcK9Mx4kDDUP034/7
gKoZ5bcSKlTfYTV+hP1JZt91GbZPLIR8Z7MQq72vPLfN+1RFR/qibbFpFNcUEmJ6
wqRLxvY5+Pf+4ESnN5dZPBsh19hIaF08AEAaAZMtB4GicYKKgiFsfMTHBX4xVUjk
A5su6lEqkjvcti6iOy8naVOCCULF1ZtgQRPLmqs+KlQgRE0klomOBXcIFrEkECFG
VmmhORjiimvW7ccHxrGn8LQdh0AGpOcb47mjUaiwI5Pn45yYHSitmYHRB8c4ho5X
d/HqmcgsjismZsenQFML6QHw8Teb9H5OyOeXG4AXj4HTQhe06HfM+meuM9U7uaon
byAhWCG1qG14Q8fFuvzIxzaCkxLPNfKU4LOXQTRskgTvYoUoYkSTYB0fdoejvfYL
Go/DNBkMGqyrT9FEaD2NhMH/mFLadC++gQiiHBsUFM9tLMRcTa3Vb+YVJw6ycUjy
ZmsPbSqHDB6xcy+M24oqXx3UnO4hBYoAuSH5c+ZD9yTSxELruwWu/e9L098FGyeV
ybR7nEe8sgeBNqJU/CRKrAMpV2QyrjOEpq1t/DUgWwo65sA9g//gLzH+fMlJ6TZz
AQhc4/9hZfTz8GaL894w57tQdZgq43wpfLAxMe4UvVAZEcpB74jeooJzdOzHlsfe
b/Uh7WdjLJsEB8s6EHJxuLC/CaDbHbMy9Tq7A89z+7ScaCUF1h+9KIOAbu5Vqs2r
8t2cFtS327iTZKnLxop9wyf11rNySanlBhjL8+Sq/xjN34oJkBy20GldPpsbfMdy
S4740vGOBErZCxkSy6piV7SAcDs7CQzSdFRYpWUcozcsKXYS7rJOdEKDvb94RQA6
tyAxr54Luu6veh9iXKQXBVR58wyDm3whIR15kn4LKVmQwuPAiaukG2lygfML4aXV
+mlCpqSunAmZKxkki1Zjbg==
C.3.23.1. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong, Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIISugYJKoZIhvcNAQcCoIISqzCCEqcCAQExDTALBglghkgBZQMEAgEwggjjBgkq
hkiG9w0BBwGgggjUBIII0E1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nLXJlcGx5DQpNZXNz
YWdlLUlEOg0KIDxzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ry
b25nLXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhh
bXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAy
MCBGZWIgMjAyMSAxMjoxODowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1V
QSBWZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86IDxzbWltZS1lbmMtc2lnbmVkLWNv
bXBsZXgtaW5qZWN0ZWQtc3Ryb25nQGV4YW1wbGU+DQpSZWZlcmVuY2VzOiA8c21p
bWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLXN0cm9uZ0BleGFtcGxlPg0K
SFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDoN
CiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLXN0cm9uZy1yZXBs
eUBleGFtcGxlPg0KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBzbWltZS5l
eGFtcGxlPg0KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0K
SFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTg6MDIgLTA1MDAN
CkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iZmJhIjsg
aHA9ImNpcGhlciINCg0KLS1mYmENCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50
LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9IjE2MiINCg0K
LS0xNjINCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXMtYXNj
aWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGlu
ZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtZW5jLXNpZ25lZC1jb21wbGV4
LWluamVjdGVkLXN0cm9uZy1yZXBseQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhbiBl
bmNyeXB0ZWQgYW5kIHNpZ25lZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcN
CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBp
cyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhl
YWRlcnMgaGVhZGVyIHByb3RlY3Rpb24NCnNjaGVtZSB3aXRoIHRoZSBoY3Bfc3Ry
b25nIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5Lg0KDQotLSANCkFsaWNl
DQphbGljZUBzbWltZS5leGFtcGxlDQotLTE2Mg0KQ29udGVudC1UeXBlOiB0ZXh0
L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjANCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhlYWQ+PHRp
dGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUNCjxiPnNt
aW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1zdHJvbmctcmVwbHk8L2I+
DQptZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYW4gZW5jcnlwdGVkIGFuZCBzaWdu
ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFy
b3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2Fs
dGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRh
Y2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90
ZWN0aW9uDQpzY2hlbWUgd2l0aCB0aGUgaGNwX3N0cm9uZyBIZWFkZXIgQ29uZmlk
ZW50aWFsaXR5IFBvbGljeS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+
YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+DQotLTE2
Mi0tDQoNCi0tZmJhDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29udGVudC1U
cmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bvc2l0aW9uOiBp
bmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFD
TmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1RwUncyMGRxcGJm
QVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWg0Kc2dy
emZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3
dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdn
Zz09DQoNCi0tZmJhLS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh
7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxp
Y2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6
i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf
8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjUR
ca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZL
hOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cO
NxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb
+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAO
MAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTAT
BgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJT
QdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxo
dvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQ
Lgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q
94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l
+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBo
lg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1
M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAreg
AwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MTha
GA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFN
UFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOA
Er0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hc
UqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc
8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJ
FhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWX
LJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1Ud
EwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2Fs
aWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/
BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAW
gBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfO
qaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284Vvy
VXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdb
EcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+
DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zw
lc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieU
Hx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIB
oGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEw
MjIwMTcxODAyWjAvBgkqhkiG9w0BCQQxIgQgDlCDYbnPMju62pBOiIgqwa0lfQWJ
HM+muG7wsizUAzAwDQYJKoZIhvcNAQEBBQAEggEArBMx9cHbOGiwUHmDr9cbxcw4
8DIqsgWmwlqDf0Ut11TjWl7w7RTb1fu6HFWpzv0akTq775OzLT8gBcXiglJ71vmL
4NC6R0tVLUSJPjAUFqKc7Xe2gLLTrkW2Gg9Maz9sxofeHdHqheuxuy1pGAy1t3QG
JeykdVFBFQfeFTjoPbye+X8BeaPu66ebx6CV7ns7Aw7i9SouwN1qwYk5yoSGqVi0
oE5mQvXuAODhNQ3xN28dE3gjH0MbeXMjs0AAMWaOy+Qk402rebgeJrFctL/M92Wu
hq5bgKoPXe0E6RE5+/d74e4OKg+qzjpsVQYPf72s9S+DJb2e32i00RfZJfVjIA==
C.3.23.2. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong, Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-strong-reply
Message-ID:
 <smime-enc-signed-complex-injected-strong-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-complex-injected-strong@example>
References: <smime-enc-signed-complex-injected-strong@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-injected-strong-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:18:02 -0500
Content-Type: multipart/mixed; boundary="fba"; hp="cipher"

--fba
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="162"

--162
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the
smime-enc-signed-complex-injected-strong-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy.

--
Alice
alice@smime.example
--162
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-injected-strong-reply</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--162--

--fba
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--fba--

C.3.24. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display)

This is an encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10965 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 7096 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2539 bytes
   ├┬╴multipart/alternative 1457 bytes
   │├─╴text/plain 497 bytes
   │└─╴text/html 657 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-strong-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500

MIIfnAYJKoZIhvcNAQcDoIIfjTCCH4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFUxXNxUNcZT3kJ60Xa1Tt7zUYKlFNrMLSOG
bUyIxlVElWw2Sw+T2dwdzL4/DrUHfAEw0ZzPZNIIM8bORMxoVh7LWqXhc4k50tND
/yeqFno468ioy65QVZx7S2rGmttTsjRVwQJnENaNLHPLp2UXsEolqy3bqSTO+llB
LtpjHAckmFpZ5v4iuXVoD7Lj3WHKBVvc8mik9f81tjsYpDkkWf3Vnvu2EhSfUYBM
+6cWlee9cs3h2bXG72lndybW6kbXplN8Svnvo1Si4HVUTXyYOw9BgNzx4F2ITbS3
OwcjLP+1r9mA8cUHHr8qbuHKXHthgtQ89V3WkxI9cfctxz8XyA0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAf228n3whn0uQ4M1WvmWr1QEm
3amx9ZECE/q2bCMv/OXwCU1cJST5wXgpmM8yLyYPB59Puefm9ieTSmhGMyWCCGrA
qsn9Aq9y2genA5P8GkDp320KC8ioqEXxn5qNfntUKn5G6KMZhaxwZmsgqLEp1MU1
nRQMefXOc0YwLYhIZicublqDWNRnC014ajRsfO2go66sh0uzuHJ/8MUn9Mnl8YsT
r6DA3Rv1loi5BItz1iR0ULuHbuzDb7t05GAjWXsGSyzOA8GaujyYEpEv8O13GYWU
WvXeWMd0BK8SyWvYRRN5nFeNQXqx67GgMwN/IBoCM37U46bPfjvBducm1ykPOzCC
HG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC7GjbLfapPmro7V0CMTUZiAghxA
R929mgldWNjIKKDns52hrh8JO9VL+r/Tn+/ekMu5XhLtjofd6kkmLM0NxGwDzmyE
JUi0GOI7nVoPKMbQFvRs1yfqPGxOmBd0mkico7veMp4908a/6GobdF1GIQ3lX3xy
XTepl9fBydQRSAUbMaQyge0YT1weuezsQ0nhple/fzYe5cqOLzhLXQnqmtFKSGYG
prv3EZ7hSwfCKPvV+oHo/jRSG+eV/6dJNXxEuyPc/2cqtItPyPBeTZt58yiiYZl0
eu5k/j0y9wY0skyzFYKICHbmbPB8s6mFb3Lg07AjQNImjmFhdeCIgsd7ToqS4OIl
y0iMKecZMCNkMfyHSSvFH+NuWsXRNRFUaUql1QTWeGtY3+ulk7ihLl4EWuLD2a4g
SlOoGdDcRmf/Qqb60526fc0EmzrzPFBbtwkDbzGclOghJCRdAX6R02i01y6QihFz
Yr3jrx8dYNpSGH5QTkOy1XUMMLNgsgf1wsB5ftEDS4N/GHULx2k3odeMuYva+1XY
ppqTIf+TEr+cJY+thuI3I7JrFbxELVaJINN9Q5HfIksA8CBjAW1XPNx3S9qhboZz
ABwav4S1XUpjq6iebipJRfhb3kpiCZWAsoAYHJCLe30WDALPJC0ZvEajD1ka5hs5
FdH+B7JTytA1HlDt1GIzeNoH+iPPohaf/8VG15rRHG8HP6DRRGKhEY1ackWE9zKM
oP4qSXpvD4P6/aoAjEc26P4iNKPx/YIcaTCH/VgysPzKuRI9M2NQ20yZG7YLfIQO
97AD2uKopBZcYlhJq5XsF4wwmBsjFK6Go0bJUjIbyiSeUXpkaZ6mq814+U7AzKse
+msT2lNORdOAZ4iSKx46IbV6f5DgDrLdAM323M2rAbCh8qJLY5RX36Oo5Rb0ViaM
dbWvmB8iYdkLXrBr/rb7VfvJbHAqFNgWerZ5myeUmXXjk9JSwokpElcSq8So+0Vs
MzUDk4p9CaQIRYyirUrjn71t9LxMRab3869iZr1AnSKtZQIM+Wmn4svwoZ3S2q7C
INCLJ/AdjvGRHYWDV1bsWnlB4Ma7cxeA+8jiSCGbTFjv7hY1dtxBxNqJTO47Yl75
+PuDcsJ2MzSgp7gJsCt+EGDGTsjBrK0ngEZ+1U+CzQ3swZjSdp5Du+aGFQ9z6vzn
o1NVyzX200082s6EFb1CWeNw6R5wm078tbi1mNr+m/Ba0Y+hXJi50D5J0Bk3maqI
s3xgA3smi3NJpsoo/yjfaPnfr1aW1Ng2XKgPhfeoioil0/OO0LJHUGOYoYAlHJ0l
hx4/TCw0Ml9tMvDsemKbZ3rQS1WT76DsgWAHlWZaJuj1KvDKKrq9HFTOEoVwJWv/
eBH1qcq73G1P3+NMxdsNUQmSnwG8SrTtUP0giNPQ1Z9pvM5CVPzmbMysSxJMqHM4
OZ9bnAmcjGFBdZlNcwyYrV5VNmRGQqgyVHnqheQqoCQT+eCfwMa+GfQM7dgTxOp/
zNp+uPzh2mjnkgB3WH4k4QLU+9CxhrxkyRupTNu2xDRWGEJ7sXiDl46o1jOXzn4J
gkwr3SaXJckxYreP14Z/CUz48KOMl8cycvfmYLkmNlNuH3Gw4NoBZEPbFtokA/7O
9g8PJ0lNeuqN/Rrb8lKLCTDAm5NYzm+WtR6pYs5HlwrNmgPXw2ewUSEZmvmO1m+U
5Zs6tvyksYCAV6iI7C+FG5b29jOWDHvrsnvn6rHljLVZwSA0ifp2uRsrQxpR5tlt
xoBd/KHwkDXUduizgf9Y4c+HbyvvXoqAUWvyeTLfST4y1GEGNLKVRQ+am+cO2iLF
o2mkZTgi1Vok78F4vFkJaJNIGtQ8wqdPsM5WJMTrNosGelOJ6+oRaAW6jvllceiG
RU2K/vgDNalAkJQo6QOjNiAxh2FecPHqlBoriWDxZpDgYqq8Jb+3Ayc/u9QP95dK
nqj/YHex1yx1XnC7HhruVJge/33mmwLNZJxEycchn5J4L3yKjBDYJ5+ZX3eD5E0i
GZWfqbTskNkRsXAFmVLxWiH7FufWH/1GbE65s8PTdCvGYd1+zDjDKpIRDu9WvY4G
acofMNtQTMsdNuXOArpLWCt/ukQSXpgDafNftHpaIS1QDsrpOHZclGu7qcnmhNUx
0a55DhKjWv1j0Ve2ElP3U/b4yin8PRurcXqBaPgLFT6bjBm2V07PrZDplGBEal5O
UB8yzHGFsrIrYquIFMTNFG2Vy+3Gh708TRzXLrzXo9cPYsvzQ4kGDlotba3HXzoC
JHyt4JyfrRyCFPegtOQLOUzUp/MuVSUjrm2v3E+6q5lWFBlX6gpzSy+P2JvYlHBr
P3fiSexKOqk2G7xhok3rLO2eMt1vcayNddhyKHcCUV34FPdSgZGKEtxLBDERoH1T
IIUscoogDkxcu0FJl7yJuNV04XvctW50tuN6/HxMy8j4foDVyxgRB4Psa9dOl14L
JkRZtcHA8o8ICv0nhm19+VihPNxnlMjrqyPcETRReGHtnxhNUx2kBieI7vIEseWt
5SGcqDkbjKMJo1HvmksvtqGMSwRtwrSgqYsb3rAVIk2zl/Ko+DB0mPcX2kaUx7li
iJbvyFvMeb7MaAmQxR4bFM7ZJPVXNoKDSbF9ok9JwkNPocNqhSl/QAycOfCfMNX8
7kDkEMuOy2zFDlL2nsJor1WZCq5EhG1Lczhf58s4Rh//+ErEJhCK9yoQx55uSOop
Y3aonRotuiFf/WwM+BP6wHJ3IN4vglAsKqzhntUo9qq0yeaigBEJTXNg4ze1bvhW
ldNF+sZjlPQqNRHpeO/Lah8zhD/MpRodmndtZBQAwRCJ8X35v6Zjpg/r0+5Ie0zP
JPmWWP5HEbV3L/w3lvqNijEXfMcmOmajVsZPQsJQJzwdToWLPUDbcuvPznMUGJJc
uF26SxsiS5AaaIeK9Eb/klhpDoO8ANeenF6FAy05Rae7GZfh8aVH4hZ/tR++S5an
T1FI/ZAcNhf7Dv9C00uMy2cmUsL3FeKMAOOYmksSl2NqleXC6lSNLU/RkvSZ9ngk
MQERhy0s6X1AyNpJdhqqoHx8yAzKWzKpz05fC00Q+evvAg+WdlVt5DF833lw1O/v
RwfriVc9tMEaY1ymVWUHzdkjLzdifbiQKt2HNK38lcXoaL128fioKxNy8a3W/5gx
tpkv6/o7WPJARjZeFsYOlAX1e1dx35uOcF/PD7k4QshRZL5fy79G5/oGrGZCyKlD
f+2XCdq7GNnegV1/QVRUeyv7n0Y1kHMADFuK8s6eLAaLfvp1OztBWzOjOAsWaAgo
I2Vzz968sGbupMWtHEDV0yiY+prEoiUd48rWWQt+EESKBHr0XY+tFi/sYibs0c+h
h/7v9tjyMT9wni4l76ofujiPhxo37OoOHNH9vRjGAM5eBsicLfXO3LWHKev2tt0O
7ESO5JHirjbmHpKbe6aWx8WyCB8von/6zUkldI/J0rTYruw1+cY4p1CG5dgGRg2I
psDzxMFmcNJqC2beeXuR5Ub7h6I+RlOMF3/soVKhxjFIrev03TKRl4I5vRxJ+YEY
+cV+omO0Ew2IwNFVUXT0KmXccT+OpsDRbTAlyc0jJkErQSIGSqT+j1UcBREizDpJ
4mQJV1ZNkyE5UWDWfzG4MF1aFQi0yHpwW9nPNFJ2D1RhsESwBKDFOalNT5GJOrFh
AX30EkK+G89NiQ4JatUociRgBdHvbFeY7iXvJytfFqenX3/kR2jDsGkSDKQw3/iw
3GwDbL9SGNdoBXCR7VuEEX6vAPWQN0/mybM2Ouc863jTUX/Y/4qWznng3+Zxceq6
qN2DrQ9TqoS5zMZQAr5/FaR1wV3w7ezXghAfOnzEorfslPK9KSuZaQ+VzpzYcYgO
NrK/aQatKoGIqPTAQhC3Ei2qAh04/Op6C7AWsZfKkBXxySfUzD4cpbRYqQRWcnuJ
WxG4JKJQEHawGMHHNQABGiflrarpZ6OhkZ1wlLJYVqzcz/KSK9ZukK7pFqQvY24d
vxUrGHEJnGx83rOrxM0H21rEi2fw7z4RCDoPTNzHDNtp2i/fS5YWQFDDilOsouN7
RFWY2+9e0IO6Us60ajzULP0W4KN99eBxu+H2SXvBY0huvmKIaIUK0hbV41HOoONU
4HQlsGL74vbUR+iwGfKQWlkvucQZrqa24EDZ3INy7QRFxbsj7pBgbSvApZ+hRKBK
qcilZQVLd5X3QR80ZpQjgiAwuVrr1jPqKp6r6uMh4Iy1r73vUHD+ZYY46RtLGMYD
e7QM5GKGvZ3pJTt8w8gdqeAMuhOiPvc89m6mWB8yHuCwfLPiKjgXau4wTUb2ONLN
kjoGQ4IIwmd+rR5ep8TSbH2k82WwpFLHOJb3inquaau+58YKwYGSshaM6D2id/vw
SKTG00zyxLdtN2paxPqKvX9jahDP0HgHya0Sgbefh3IpeKQLFwOG1VarfIVa0Kd/
wFIpNliHq4QwQw8CbN1TWKqfZtUPegFDSk/MMXELeBnU5qyyWqq1O71UFZUPmjmP
g6lKG7OEJ+uMJI+WV+oerb0BoabXorPSwHjpw3u4lEGoU4pDdnmwm1fswg24ltN9
yd207SzDV0lwsfibIfct7UlLxXgaH6vTV3Qx80nLzZ6MzgAmsuN4hNeIFTsZDS2g
WEaRV+6Fgrffm94ckdoWNbCAPhQ15dLtchypBCHZkqx4Mntn5P25bW7vSE6HOqGO
j4/Qe0LpEOXmFGSR/UWvNQ5w7Lwx72vJBfvHO7wuxj5mfmLO9GaYn1tw+HcWddwB
BF++xrZKExeHbpYMVNIj+vWXmkjFAYckpmeJy2xU10qKde+A5a3E6O6Q5CWGm9KW
iieQwcbGTIvjAU2jor/Fwbo+smVkF4XXp0qsvQSvUWwTu72JFoVfxxsQbflTugyM
aO8qtFgBvQaEhtFdQaVGtOpdnDN2zYskcmxcDL/iku5KG476NobkfLyzWvx6OCL9
A9AES39YD8eHYsL5eorhK+E4+lJQZGOgj3Akn4SumLWwXtGqhZonraBEXQltp3i6
NK+EoKhjBwCAaVkN2Ln69TjcJIUR5mxpAAREldFiJNZv2AyjKSmT6PNMBhqnNgJe
Ix7kcTHUG71MP4uyJyQcaJ8EzI2GiY+SDJsSNhRJaH6AhhZeUBGcq72sCxGRTavy
j7bRMOW8BrzAZbzQnKEHhHR6SQ1xUqrpLOcajwvSOnkVdaP7OSg9NCy90OOHcP1P
g5TIToGSZEd1NG7YIkWQhC1lM+w1oPoorkPN/lfQYNfSNIA0r1ELiQvW570Pqfs4
fP3sdxE2u7NwcMwaGGax7fHU/1X1/3Kc3y87eKQaaaG2F4aWRYLV5bpJ3hD4EDKH
T8H6+ixyLcjjUmW+lnVWJfFRf5fy2xPRvyDHxyTQUf+SYMb4w2yyjGcLutwBdv19
xsX0yKDJU9ezgGgYIsLifN4IKo+YQbjultSXWbNRUw8pUboE6+0cNrB9imhUvla9
95e+GQibSybUh29JPyN0fDppXLxZpkzdlYf6sIVYYTEZRHcuwFzhdg1CVwj1QaGB
QY1xNGCjXoEeancn1iil7D49eMIFqx8r8YVlJEe2syyWlH4FkWtnAnkstxnOqyox
JZhONe2D/biPTiA8niK11tv/eZsAg4RHH26s3hbD84bKICNI6OBdHc3cQt4W5jrY
urXkKY+RQzTYLUjb/olms+3ax5Q6JD8DEGzFOKy9yCyE1o14PW4h/caw0IXZiHtd
v4MU2YLgt/Q8RSNEcK2Dg60U5aggp+iPX3m2pfdFrLdPWyza785LraV2pblGGg6a
z/cOdBNFvsQVCTvvNvh2RH3XBOuqKPkYp5tZgznBodH3E0oaQTwjNK4FOHpcavI8
oV/KWJuuKpYO7CEh3yfGScm22YksGcPla19qmsgyTGDGExkd195SyxM8jtdw/qTC
QPeg0xg8zRdd38zellG9dJVj1Egjk2KkjTi3GrrartKDUPZB+N0lpiZCuykBnoeO
ffuW25C8scI1vZaVNlr8LZQgfBTgHjVxUSfvbQLzz1jgC+xhug53SqX/j6g97/1/
D+TGEqyihfVtFWbnuRaoMDd8ul//yOC13DRV6gMaQgKcH8nbBYXZdGaKYCNPLuGN
dOKgJiZupLtPfeHYNxBn73k4vDYLeqM8dMGNoRvCOUSP4G6wNgKWm18JI5B/RGOV
2aSAyE6G0xQ2B/fIeedadQe5CBM8PtzAPZwUlWfC+DYU8UAEO75QoLhyCSbm8flV
OjPANL74VYP9XIfUSklEvZK013h9pAZOTI6/c+SZazC8Mylj/7BPY2b3lcr2T3vw
8p8OzfUXFIbeSr2PnUVCLmZvWWyJ3xoqqOUAKbJcYyozU+afJzEP6QxMtlL+6PfL
l8e6WGHFpPQBJpBUgjSCW1g3X0PGIzYa+Feq4d8efyz+ccTc8Sq/xut/rUbImwU/
QVQ0weNXLuEfzP6frc16/Z+2UluoOc7cLNJiF/uunx8iLFsAMUIQhdUvyUFZhuhx
0db0+/861wHfKEikk/8wJxcxd0B57FAdalRyFNd7JZuiRpHX7EtOhIcXHt6wxyq1
hrAdbpJpUD2M0u9ngObV/n8oCBxkjg3gfahitc0u82I4ulJ0aooY+nzd6tZRXTb0
zLC4ViBpFMveRJacj1AN425sjY8LYmMOxCj3xCmGT3XhM8geVj+XwNe22uY7sS6v
oj9Xx+EmauOdOTCNDjCg+7s42M6IiPaefFrihDC5xvb2y8QVTy5saLL53+QeinUi
xP1/847hSk686h4Q7iesy3NQBz60BwVYYnk2Zi/bfEFmHk5c778vY9aZYH5Q6LGo
o15GbgDwa/N/JPAho7bw85ApoLQQjbtlDxQ4PzKGbWTVNXPmj/ODDu9wobQUMgl3
7E8GdTAZPIrDhg866v+OJODviEu8em8wXn0r92/GLos0UNKhx6XSe3u97C1EKPiA
3D3WhJlw/Q+dO4qGLcV2wuLk/XqAlKIxl7zXXlqviVGnn8bvYxBIpzRdf2zdyYxn
M0iiQlqMUKa/7ezOJgWnH1dEMx9l50SP2/s65xd+derbQB5hDrkl8CZDHBPzmxAH
5UpQonSzRST5a1Wv2Lj616fJ3Olv28WJ0L8QRFJojqrHFUtjE7xw+AG6JOBQOobj
BWpnG7ZBZY4KUcVwPfzMRI//YMzg63PgorqdVIN+lCTVMycvAJzevXT6oINAIQQO
b3XS3OF2sWu8MBszSmS0lN050uZ5oZxGR2fDGf+HSFEjX/7TzAt3+mbsrCZuZpOX
rVgZTo3RQCuX2sEeKIAWjF3eEMqgf2ZkklJp1PXl9UultOvx5LOuLx/5+Ioy2kZf
RVpRLcO+Yz3qSglmn0Ktganw8cmbSoJSlSHio/wKaFqWW3J1BYRfU3BK6Cq8Bu/l
k799pBAJgQc9vjZkPDI1WMoXLN5wI44QmMIwCYihxS1UfOjTImTMpBlVr37NLlJv
I9wx29pIRA4TOKduI6kdrQh/LjFjiuOpsTV1wZwQ21nQvbEU8UD9Xd2Vbg+xVWK5
nCnHq+f5OwUI3s9rsVFelnqaiRyYAyR/SfNAteyyRDalEPCZULtYjCIkGytXnZBC
iKlCowPCxHHmf2ZRdn7hNZz3NmZWeEYUelehVjG+TkeAAEXgbPMmriYP+FUipKG4
2DU4Za10etiWDFh530P8qYUYMk/h3PEy0naobH1PqaOq1h+v/anVrWCxFsM4pEJq
NeTkOf1/sCTGT5zadHUkXXgcmOT2Y+evW0hAveTVbZf15oEyuVsi/oqa/N5T3hry
GlwSdTf6pvF6FdRh4+rZCLM6Ou+6jqqTvax5iN21wZMLFYcUZCwjdn5JsgpohzoG
jAgOEuvLIvQmUjFFhtMzs1OkSuZWus7Nk+x7BYoqmwgRZfJCl2YRkMh83prQ52v1
qgkPkrBxDA2yUyUJceAMPhrYydrjCP2yihT38enZtKrxDh6EvDTTwzKeGmztPN5h
NpxF8F7eJ9HwnkhnTMoouHdjwHW0KcBJ1C/SP0nh+0URDgqE2DGXxEqP52sGGbz8
B9eCzoGAiKTZr9PmSTM6hyssG8/aq6pN++aI4nLmgJPDCBH25LVRO8U5CtoKNwCI
lFp4KLv3Yev15qL2vifkCJgX/luJQDyUYiWF/O0ofa4Xurn9AT0BG1yxVwA0KpB9
bD25WT/xxzMHzl8nq2JTlayDboyY6RR/8UvUzW0ugzqxyPdBb51icd0YSRe6MbXZ
Z7pwrIU4cJyp+mp7ggxZOMYPqWFTiURBgm7xlWvwEBnp3JB8eXE24EKzhSRF+8AR
j+e7uRADxMUY7rxixO6XdlGmEBi2fsRQBjtNKsMvyssxYjsrilwR67e/FQqQ9G4v
R1OATIALx/ds0z7Aq54qRl0Vnek5WZXKwjS3ofw0lv+XCycU4Jahe/laYNBmARgM
pQny8S8fHslev6pyiEmcpra6AYBeOBHZ5T8lbWnqDm/l225StrfhkEAx1Rwr6C/K
RKlAhQI0BoSvNUjWo+mu/k1PpVP2xQRSA0z0bixbAvHB/ioi8n0MnBOYVddtOUN2
v3lsHUu/7e+JU/vRNhwzhDJ6E65rv9bh2iyKXD06JGYoFaken71YHXNkF+gJNEoj
hZ/jssyGMMYJpRnH5qBahlFe/RMYQw3xu0aWjx7+riCnD6zkUS2JRCdHWbO9gaZl
yqXmVm+vbD6VLWkhOblF6InHwMgzJL9gcsRnvaoYUftgEWGJyF+QPraOYJzkwM6v
PXyYv61u98MO78gQROQTV3QiWgJ1N5LNQe4OLqcFgComj/nCFD5rY1bv0Kpn7pw3
aCAjJtPIxrQBHncueTwrskrwBRkMAR6NN39E62jBMrXcVah8M6pKyirXgFZnP6Aj
6bVV1/UeaTjLih09Q5AlZxjsKBwG5mDmoVPkPmk68Z86OXlHF8KQbkztWoHOgkAJ
ukHDoxJymqQ1r5An8TGDLkiiR6OXimYHTi2z6bcYGYVdVj0ODRuTOconU+LKVrAq
S830y0Pjm1wZ3mK1f1wTmD1p5McW5i+uEV5UcYUvY5Racw06CC2VhFhyNGLTTkEv
g8OJTfrByR+xPtYaAXdxflN3pWF15VrDJNVfKUXdpu0EsukLxlFc5btGfgfF7DEM
itLcsh5dD9wrVTXGf934LPCQUp8oKuF/yuEJs+SNOYvf71+NjRw1P9teCDbiP6p4
7nmPgWtITXv/Y1sDgKzdbxyqS/Fdilef+GyLLVNxNxRPf8qxlvY83fn/FBhqv7Pu
vsnajwD/hJS+u6sNzdLjKRQ5hFlLOqY35ITghp+bV1D09GDfT+4veAHUfOTSmsbg
oI/lAqyNeAUjIE+ks2IwqSHUwzoW9AQ4ZXoSU0LpbLRXk+27fDt4bApW7HFMvVkX
MNUL7ArDm6AbUD7nvwlxijJRTn/GqlZVy10DDWcZZIAuPsv/bsCJKysenSf4tlXn
zYYsnk5xwvVl7/jjcLuPFWq2/PfAApPbCOi4Su7h1w0JBFJLRdTvWLEXj87cDm2/
3izWZX0+G2ZfK4zCqpSLmOsTnptqQC8mEPnY8Sfwv1jXZxn2tOFP2e/libKak56I
jjOfWqBWbWr/S+wz1QKHaxFKZxvay2OB7s6a0GfqzbO22Si/gS5yaVx61tLmuoRs
GgPA2A9uk2F+dV0AFhlQHtKv4cErbjO3k/zdpuVP9D8=
C.3.24.1. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted

The S/MIME enveloped-data layer unwraps to this signed-data part:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"

MIIUIgYJKoZIhvcNAQcCoIIUEzCCFA8CAQExDTALBglghkgBZQMEAgEwggpLBgkq
hkiG9w0BBwGgggo8BIIKOE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nLWxlZ2FjeS1yZXBs
eQ0KTWVzc2FnZS1JRDoNCiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVj
dGVkLXN0cm9uZy1sZWdhY3ktcmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxh
bGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+
DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjE5OjAyIC0wNTAwDQpVc2VyLUFn
ZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpJbi1SZXBseS1UbzoNCiA8c21p
bWUtZW5jLXNpZ25lZC1jb21wbGV4LWluamVjdGVkLXN0cm9uZy1sZWdhY3lAZXhh
bXBsZT4NClJlZmVyZW5jZXM6DQogPHNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1p
bmplY3RlZC1zdHJvbmctbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVj
dDogWy4uLl0NCkhQLU91dGVyOiBNZXNzYWdlLUlEOg0KIDxzbWltZS1lbmMtc2ln
bmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nLWxlZ2FjeS1yZXBseUBleGFtcGxl
Pg0KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0K
SFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6
IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTk6MDIgLTA1MDANCkNvbnRlbnQt
VHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iMDdmIjsgaHA9ImNpcGhl
ciINCg0KLS0wN2YNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11
bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9ImI3MCINCg0KLS1iNzANCk1J
TUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0
DQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsN
CiBocC1sZWdhY3ktZGlzcGxheT0iMSINCg0KU3ViamVjdDogc21pbWUtZW5jLXNp
Z25lZC1jb21wbGV4LWluamVjdGVkLXN0cm9uZy1sZWdhY3ktcmVwbHkNCg0KVGhp
cyBpcyB0aGUNCnNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1zdHJv
bmctbGVnYWN5LXJlcGx5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGFuIGVuY3J5cHRl
ZCBhbmQgc2lnbmVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxv
cGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11
bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdl
L3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSW5qZWN0ZWQgSGVhZGVycyBo
ZWFkZXIgcHJvdGVjdGlvbg0Kc2NoZW1lIHdpdGggdGhlIGhjcF9zdHJvbmcgSGVh
ZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0aCBhDQoiTGVnYWN5IERpc3Bs
YXkiIHBhcnQuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCi0t
YjcwDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGlu
ZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFz
Y2lpIjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSINCg0KPGh0bWw+PGhlYWQ+PHRp
dGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPGRpdiBjbGFzcz0iaGVhZGVyLXBy
b3RlY3Rpb24tbGVnYWN5LWRpc3BsYXkiPg0KPHByZT4NClN1YmplY3Q6IHNtaW1l
LWVuYy1zaWduZWQtY29tcGxleC1pbmplY3RlZC1zdHJvbmctbGVnYWN5LXJlcGx5
DQo8L3ByZT4NCjwvZGl2PjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1lbmMtc2ln
bmVkLWNvbXBsZXgtaW5qZWN0ZWQtc3Ryb25nLWxlZ2FjeS1yZXBseTwvYj4NCm1l
c3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhbiBlbmNyeXB0ZWQgYW5kIHNpZ25lZCBT
L01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5k
IHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJu
YXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1l
bnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rp
b24NCnNjaGVtZSB3aXRoIHRoZSBoY3Bfc3Ryb25nIEhlYWRlciBDb25maWRlbnRp
YWxpdHkgUG9saWN5IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0LjwvcD4N
CjxwPjx0dD4tLSA8YnI+QWxpY2U8YnI+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+
PC9wPjwvYm9keT48L2h0bWw+DQotLWI3MC0tDQoNCi0tMDdmDQpDb250ZW50LVR5
cGU6IGltYWdlL3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0
DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFB
TlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hi
QQ0KTUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2
c3FsVCt6dDljaWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsr
T25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJr
REQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tMDdmLS0NCqCCB6YwggPP
MIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2
NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnel
N41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i
2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNH
T82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+
ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3
qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgaww
DAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcw
FYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNV
HQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1Ud
IwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCB
SXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9
Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz5
3PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/
eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744g
qoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXz
lEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp
1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5N
mn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDc
DkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFt
md+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJ
OMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFec
N7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq
90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0G
EhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN
BgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7
GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd
6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7a
gyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazg
PYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jM
hwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9C
qaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcxOTAyWjAvBgkqhkiG9w0BCQQx
IgQgFqqklRz7JHCK19lnOkADrzmRRIoVl4cAtmiosfbXeRAwDQYJKoZIhvcNAQEB
BQAEggEAoIov52zejLtV8Ydkf2mLypw8iY2Q8yjL11CJU9J+RLcbTRVpjPkFL9Tb
bDkuqJlC6fe7zq9KqRef6ovCrpm+Flmiz9splGbvauVvEFcmvb1sqaujQBz2+WrK
sCCUkYYEiNUSQwkzSLQKlZi1RyoED38k/ZmCQHwhrmVL2z0mUflmPcR3R2eHiprT
fg8/wFhXuFqHnz1VWumXGumNLYJMDoqgvL87ziLu2+iJuG0ECiMuoKhPgqWxfS2z
IWMZlTe5WUuv6p+Dh0yLMvHHhDQMYEXfi371P9nkPgBuB75sWEEJqw2/8QJqkV58
d8LvPDgpjlXSyrpxPXvXBm+stxLxfA==
C.3.24.2. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display), Decrypted and Unwrapped

The inner signed-data layer unwraps to:

MIME-Version: 1.0
Subject: smime-enc-signed-complex-injected-strong-legacy-reply
Message-ID:
 <smime-enc-signed-complex-injected-strong-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-injected-strong-legacy@example>
References:
 <smime-enc-signed-complex-injected-strong-legacy@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
 <smime-enc-signed-complex-injected-strong-legacy-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:19:02 -0500
Content-Type: multipart/mixed; boundary="07f"; hp="cipher"

--07f
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b70"

--b70
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
 hp-legacy-display="1"

Subject: smime-enc-signed-complex-injected-strong-legacy-reply

This is the
smime-enc-signed-complex-injected-strong-legacy-reply
message.

This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy with a
"Legacy Display" part.

--
Alice
alice@smime.example
--b70
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
 hp-legacy-display="1"

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-enc-signed-complex-injected-strong-legacy-reply
</pre>
</div><p>This is the
<b>smime-enc-signed-complex-injected-strong-legacy-reply</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData.  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme with the hcp_strong Header Confidentiality Policy with a
"Legacy Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--b70--

--07f
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--07f--

Appendix D. Composition Examples

This section offers step-by-step examples of message composition.

D.1. New message composition

A typical MUA composition interface offers the user a place to indicate the message recipients, the subject, and the body. Consider a composition window filled out by the user like so:

Composing New Message Send To: Alice <alice@example.net> Subject: Handling the Jones contract Please review and approve or decline by Thursday, it's critical! Thanks, Bob -- Bob Gonzalez ACME, Inc.
Figure 1: Example Message Composition Interface

When Bob clicks "Send", his MUA generates values for Message-ID, From, and Date Header Fields, and converts the message body into the appropriate format.

D.1.1. Unprotected message

The resulting message would look something like this if it was sent without cryptographic protections:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0

Please review and approve or decline by Thursday, it's critical!

Thanks,
Bob

--
Bob Gonzalez
ACME, Inc.

D.1.2. Encrypted with hcp_baseline and Legacy Display

Now consider the message to be generated if it is to be cryptographically signed and encrypted, using HCP hcp_baseline, and the legacy variable is set.

For each Header Field, Bob's MUA passes its name and value through hcp_baseline. This returns the same value for every Header Field, except that:

hcp_baseline("Subject", "Handling the Jones contract") yields "[...]".

D.1.2.1. Cryptographic Payload

The Cryptographic Payload that will be signed and then encrypted is very similar to the unprotected message in Appendix D.1.1. Note the addition of:

  • The hp="cipher" parameter for the Content-Type

  • The appropriate HP-Outer Header Field for Subject

  • The hp-legacy-display="1" parameter for the Content-Type

  • The Legacy Display Element (the simple pseudo-header and its trailing newline) in the Main Body Part.

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500
HP-Outer: From: Bob <bob@example.net>
HP-Outer: To: Alice <alice@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <20230111T210843Z.1234@lhp.example>

Subject: Handling the Jones contract

Please review and approve or decline by Thursday, it's critical!

Thanks,
Bob

--
Bob Gonzalez
ACME, Inc.
D.1.2.2. External Header Section

The Cryptographic Payload from Appendix D.1.2.1 is then wrapped in the appropriate Cryptographic Layers. For this example, using S/MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-data" layer, which is in turn wrapped in an application/pkcs7-mime; smime-type="enveloped-data" layer.

Then an external Header Section is applied to the outer MIME object, which looks like this:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
MIME-Version: 1.0

Note that the Subject Header Field has been obscured appropriately by hcp_baseline. The output of the CMS enveloping operation is base64-encoded and forms the body of the message.

D.2. Composing a Reply

Next we consider a typical MUA reply interface, where we see Alice replying to Bob's message from Appendix D.1.

When Alice clicks "Reply" to Bob's signed-and-encrypted message with Header Protection, she might see something like this:

Replying to Bob ("Handling the Jones Contract") Send To: Bob <bob@example.net> Subject: Re: Handling the Jones contract On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! > > Thanks, > Bob > > -- > Bob Gonzalez > ACME, Inc. -- Alice Jenkins ACME, Inc.
Figure 2: Example Message Reply Interface (unedited)

Note that because Alice's MUA is aware of Header Protection, it knows what the correct Subject header is, even though it was obscured. It also knows to avoid including the Legacy Display Element in the quoted/attributed text that it includes in the draft reply.

Once Alice has edited the reply message, it might look something like this:

Replying to Bob ("Handling the Jones Contract") Send To: Bob <bob@example.net> Subject: Re: Handling the Jones contract On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! I'll get right on it, Bob! Regards, Alice -- Alice Jenkins ACME, Inc.
Figure 3: Example Message Reply Interface (edited)

When Alice clicks "Send", the MUA generates values for Message-ID, From, and Date Header Fields, populates the In-Reply-To, and References Header Fields, and also converts the reply body into the appropriate format.

D.2.1. Unprotected message

The resulting message would look something like this if it were to be sent without any cryptographic protections:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0

On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:

> Please review and approve or decline by Thursday,
> it's critical!

I'll get right on it, Bob!

Regards,
Alice

--
Alice Jenkins
ACME, Inc.

Of course, this would leak not only the contents of Alice's message, but also the contents of Bob's initial message, as well as the Subject Header Field! So Alice's MUA won't do that; it is going to create a signed-and-encrypted message to submit to the network.

D.2.2. Encrypted with hcp_no_confidentiality and Legacy Display

This example assumes that Alice's MUA uses hcp_no_confidentiality, not hcp_baseline. That is, by default, it does not obscure or remove any Header Fields, even when encrypting.

However, it follows the guidance in Section 7.1, and will make use of the HP-Outer field in the Cryptographic Payload of Bob's original message (Appendix D.1.2.1) to determine what to obscure.

When crafting the Cryptographic Payload, its baseline HCP (hcp_no_confidentiality) leaves each field untouched. To uphold the confidentiality of the sender's values when replying, the MUA executes the following steps (for brevity only Subject and Message-ID/In-Reply-To are shown):

  • Extract the referenced header fields (see Section 5.2):

    • refouter contains:

      • Date: Wed, 11 Jan 2023 16:08:43 -0500

      • From: Bob <bob@example.net>

      • To: Alice <alice@example.net>

      • Subject: [...]

      • Message-ID: <20230111T210843Z.1234@lhp.example>

    • refprotected contains:

      • Date: Wed, 11 Jan 2023 16:08:43 -0500

      • From: Bob <bob@example.net>

      • To: Alice <alice@example.net>

      • Subject: Handling the Jones contract

      • Message-ID: <20230111T210843Z.1234@lhp.example>

  • Apply the response function:

    • respond(refouter) contains:

      • From: Alice <alice@example.net>

      • To: Bob <bob@example.net>

      • Subject: Re: [...]

      • In-Reply-To: <20230111T210843Z.1234@lhp.example>

      • References: <20230111T210843Z.1234@lhp.example>

    • respond(refprotected) contains:

      • From: Alice <alice@example.net>

      • To: Bob <bob@example.net>

      • Subject: Re: Handling the Jones contract

      • In-Reply-To: <20230111T210843Z.1234@lhp.example>

      • References: <20230111T210843Z.1234@lhp.example>

  • Compute the ephemeral response_hcp (see Section 5.4):

    • Note that all headers except Subject are the same.

    • confmap contains only ("Subject", "Re: Handling the Jones contract") -> "Re: [...]"

Thus all Header Fields that were signed are passed through untouched. The reply's Subject is obscured as Subject: Re: [...] if and only if the user does not edit the subject line from that initially proposed by the MUA's reply interface. If the user edits the subject line, e.g., to Subject: Re: Handling the Jones contract ASAP, the response_hcp will not obscure it, and instead pass it through in the clear.

For stronger header confidentiality, the replying MUA should use a reasonable HCP (not hcp_no_confidentiality). Also recall that the local HCP is applied first, and that response_hcp is only applied to what is left unchanged by the local HCP.

D.2.2.1. Cryptographic Payload

Consequently, the Cryptographic Payload for Alice's reply looks like this:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:48:22 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: Re: [...]
HP-Outer: Message-ID: <20230111T214822Z.5678@lhp.example>
HP-Outer: In-Reply-To: <20230111T210843Z.1234@lhp.example>
HP-Outer: References: <20230111T210843Z.1234@lhp.example>

Subject: Re: Handling the Jones contract

On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:

> Please review and approve or decline by Thursday,
> it's critical!

I'll get right on it, Bob!

Regards,
Alice

--
Alice Jenkins
ACME, Inc.

Note the following features:

  • the hp="cipher" parameter to Content-Type

  • the appropriate HP-Outer Header Field for Subject,

  • the hp-legacy-display="1" parameter for the Content-Type

  • the Legacy Display Element (the simple pseudo-header and its trailing newline) in the Main Body Part.

D.2.2.2. External Header Section

The Cryptographic Payload from Appendix D.2.2.1 is then wrapped in the appropriate Cryptographic Layers. For this example, using S/MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-data" layer, which is in turn wrapped in an application/pkcs7-mime; smime-type="enveloped-data" layer.

Then an external Header Section is applied to the outer MIME object, which looks like this:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: [...]
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
MIME-Version: 1.0

Note that the Subject Header Field has been obscured appropriately even though hcp_no_confidentiality would not have touched it by default. The output of the CMS enveloping operation is base64-encoded and forms the body of the message.

Appendix E. Rendering Examples

This section offers example Cryptographic Payloads (the content within the Cryptographic Envelope) that contain Legacy Display Elements.

E.1. Example text/plain Cryptographic Payload with Legacy Display Elements

Here is a simple one-part Cryptographic Payload (Header Section and body) of a message that includes Legacy Display Elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-plain-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <text-plain-legacy-display@lhp.example>

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A compatible MUA will recognize the hp-legacy-display="1" parameter and render the body of the message as:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display Elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

E.2. Example text/html Cryptographic Payload with Legacy Display Elements

Here is a modern one-part Cryptographic Payload (Header Section and body) of a message that includes Legacy Display Elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-html-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
 hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <text-html-legacy-display@lhp.example>

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Dinner plans</pre>
</div>
<p>
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
</p>
</body>
</html>

A compatible MUA will recognize the hp-legacy-display="1" parameter and mask out the Legacy Display div, rendering the body of the message as a simple paragraph:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display Elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

Appendix F. Other Header Protection Schemes

Other Header Protection schemes have been proposed in the past. However, those typically have drawbacks such as sparse implementation, known problems with legacy interoperability (in particular with rendering), lack of clear signalling of sender intent, and/or incomplete cryptographic protections. This section lists such schemes known at the time of the publication of this document out of historical interest.

F.1. Original RFC 8551 Header Protection

S/MIME [RFC8551] (as well as its predecessors [RFC5751] and [RFC3851]) defined a form of cryptographic Header Protection that is similar to the "Wrapped Message" scheme specified in this document. In fact, the scheme originally defined in S/MIME is a subset of the "Wrapped Message" scheme specified in this document. The differences between the original and the updated scheme are outlined in Section 4.2.

F.2. Pretty Easy Privacy (pEp)

The pEp (pretty Easy privacy) [I-D.pep-general] project specifies two different MIME schemes that include Header Protection for Signed-and-Encrypted e-mail messages in [I-D.pep-email]: One scheme -- referred as pEp Email Format 1 (PEF-1) -- is generated towards MUAs not known to be pEp-capable, while the other scheme -- referred as PEF-2 -- is used between MUAs discovered to be compatible with pEp. Signed-only messages are not recommended in pEp.

F.3. "draft-autocrypt" Protected Headers

[I-D.autocrypt-lamps-protected-headers] describes a scheme similar to the "Injected Headers" scheme specified in this document. However, instead of adding Legacy Display Elements to existing MIME parts (cf. Section 6.2.2), "draft-autocrypt" injects a new MIME element "Legacy Display Part", thus modifying the MIME structure of the Cryptographic Payload. These modified Cryptographic Payloads cause significant rendering problems on some common Legacy MUAs.

The lack of a mechanism comparable to hp="cipher" and hp="clear" (see Section 2.1.1) means the recipient of an encrypted "draft-autocrypt" message cannot be cryptographically certain whether the sender intended for the message to be confidential or not. The lack of a mechanism comparable to HP-Outer (see Section 2.2) makes it impossible for the recipient of an encrypted "draft-autocrypt" message to reply or forward it safely (see Section 7).

Appendix G. Document Changelog

[[ RFC Editor: This section is to be removed before publication ]]

Index

C H I R W

Authors' Addresses

Daniel Kahn Gillmor
American Civil Liberties Union
125 Broad St.
New York, NY, 10004
United States of America
Bernie Hoeneisen
pEp Project
Oberer Graben 4
CH- 8400 Winterthur
Switzerland
URI: https://pep-project.org/
Alexey Melnikov
Isode Ltd
14 Castle Mews
Hampton, Middlesex
TW12 2NP
United Kingdom