Header Protection for Cryptographically Protected E-mail
draft-ietf-lamps-header-protection-21
| Document | Type | Active Internet-Draft (lamps WG) | |
|---|---|---|---|
| Authors | Daniel Kahn Gillmor , Bernie Hoeneisen , Alexey Melnikov | ||
| Last updated | 2024-06-13 (Latest revision 2024-06-03) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Reviews |
GENART Last Call review
(of
-20)
by Peter Yee
Ready w/nits
ARTART Last Call review
(of
-20)
by Bron Gondwana
Ready w/nits
SECDIR Last Call Review due 2024-03-25
Incomplete
OPSDIR Last Call Review due 2024-03-25
Incomplete
|
||
| Additional resources |
Issue Tracker
Mailing List Mailing List Archive Other Repository Mailing list discussion |
||
| Stream | WG state | Submitted to IESG for Publication | |
| Associated WG milestone |
|
||
| Document shepherd | Russ Housley | ||
| Shepherd write-up | Show Last changed 2023-12-08 | ||
| IESG | IESG state | IESG Evaluation | |
| Action Holder | |||
| Consensus boilerplate | Yes | ||
| Telechat date |
On agenda of 2024-07-11 IESG telechat
Has a DISCUSS. Needs 9 more YES or NO OBJECTION positions to pass. |
||
| Responsible AD | Roman Danyliw | ||
| Send notices to | housley@vigilsec.com | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA expert review state | Expert Reviews OK |
draft-ietf-lamps-header-protection-21
LAMPS Working Group D. K. Gillmor
Internet-Draft American Civil Liberties Union
Updates: 8551 (if approved) B. Hoeneisen
Intended status: Standards Track pEp Project
Expires: 5 December 2024 A. Melnikov
Isode Ltd
3 June 2024
Header Protection for Cryptographically Protected E-mail
draft-ietf-lamps-header-protection-21
Abstract
S/MIME version 3.1 introduced a mechanism to provide end-to-end
cryptographic protection of e-mail message headers. However, few
implementations generate messages using this mechanism, and several
legacy implementations have revealed rendering or security issues
when handling such a message.
This document updates the S/MIME specification (RFC8551) to offer a
different mechanism that provides the same cryptographic protections
but with fewer downsides when handled by legacy clients. The Header
Protection schemes described here are also applicable to messages
with PGP/MIME cryptographic protections. Furthermore, this document
offers more explicit guidance for clients when generating or handling
e-mail messages with cryptographic protection of message headers.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://dkg.gitlab.io/lamps-header-protection/. Status information
for this document may be found at https://datatracker.ietf.org/doc/
draft-ietf-lamps-header-protection/.
Discussion of this document takes place on the LAMPS Working Group
mailing list (mailto:spasm@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at
https://www.ietf.org/mailman/listinfo/spasm/.
Source for this draft and an issue tracker can be found at
https://gitlab.com/dkg/lamps-header-protection.
Gillmor, et al. Expires 5 December 2024 [Page 1]
Internet-Draft Cryptographic MIME Header Protection June 2024
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 5 December 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1. Two Schemes of Header Protection . . . . . . . . . . . . 7
1.2. Problems with Wrapped Messages . . . . . . . . . . . . . 7
1.3. Problems with Injected Headers . . . . . . . . . . . . . 8
1.4. Motivation . . . . . . . . . . . . . . . . . . . . . . . 8
1.4.1. Backward Compatibility . . . . . . . . . . . . . . . 8
1.4.2. Deliverability . . . . . . . . . . . . . . . . . . . 9
1.5. Other Protocols to Protect E-Mail Header Fields . . . . . 9
1.6. Applicability to PGP/MIME . . . . . . . . . . . . . . . . 10
1.7. Requirements Language . . . . . . . . . . . . . . . . . . 10
1.8. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.9. Document Scope . . . . . . . . . . . . . . . . . . . . . 12
1.9.1. In Scope . . . . . . . . . . . . . . . . . . . . . . 12
1.9.2. Out of Scope . . . . . . . . . . . . . . . . . . . . 13
2. Specification . . . . . . . . . . . . . . . . . . . . . . . . 13
Gillmor, et al. Expires 5 December 2024 [Page 2]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.1. Injected Headers Scheme . . . . . . . . . . . . . . . . . 14
2.2. Wrapped Message Scheme . . . . . . . . . . . . . . . . . 14
2.3. Content-Type parameter: hp . . . . . . . . . . . . . . . 15
2.4. Content-Type parameter: hp-scheme . . . . . . . . . . . . 17
2.5. Sending Side . . . . . . . . . . . . . . . . . . . . . . 17
2.5.1. Composing a Cryptographically Protected Message Without
Header Protection . . . . . . . . . . . . . . . . . . 17
2.5.2. Header Confidentiality Policy . . . . . . . . . . . . 18
2.5.3. Definition of the HP-Outer Header Field . . . . . . . 20
2.5.4. Extracting Protected and Unprotected ("Outer") Header
Fields . . . . . . . . . . . . . . . . . . . . . . . 21
2.5.5. Header Confidentiality for Referenced Encrypted
Messages . . . . . . . . . . . . . . . . . . . . . . 22
2.5.6. Composing with "Injected Headers" Header
Protection . . . . . . . . . . . . . . . . . . . . . 24
2.5.7. Composing with "Wrapped Message" Header Protection . 30
2.6. Default Header Confidentiality Policy . . . . . . . . . . 32
2.6.1. Minimal Header Confidentiality Policy . . . . . . . . 32
2.6.2. Strong Header Confidentiality Policy . . . . . . . . 32
2.6.3. No Header Confidentiality Policy . . . . . . . . . . 33
2.6.4. Offering More Ambitious Header Confidentiality . . . 33
2.7. Receiving Side . . . . . . . . . . . . . . . . . . . . . 34
2.7.1. Identifying that a Message has Header Protection . . 35
2.7.2. Updating the Cryptographic Summary . . . . . . . . . 36
2.7.3. Rendering a Message with Injected Headers . . . . . . 38
2.7.4. Rendering a Wrapped Message . . . . . . . . . . . . . 41
2.7.5. Guidance for Automated Message Handling . . . . . . . 42
2.7.6. Affordances for Debugging and Troubleshooting . . . . 44
2.7.7. Rendering Other Schemes . . . . . . . . . . . . . . . 44
2.7.8. Replying to an Encrypted Message with Header
Protection . . . . . . . . . . . . . . . . . . . . . 44
2.7.9. Implicitly rendered Header Fields . . . . . . . . . . 46
2.7.10. Unprotected Header Fields Added in Transit . . . . . 46
2.7.11. Handling Undecryptable Messages . . . . . . . . . . . 47
3. E-mail Ecosystem Evolution . . . . . . . . . . . . . . . . . 49
3.1. Dropping Legacy Display Elements . . . . . . . . . . . . 49
3.2. More Ambitious Default Header Confidentiality Policy . . 49
3.3. Deprecation of Messages Without Header Protection . . . . 50
4. Usability Considerations . . . . . . . . . . . . . . . . . . 51
4.1. Mixed Protections Within a Message Are Hard To
Understand . . . . . . . . . . . . . . . . . . . . . . . 51
4.2. Users Should Not Have To Choose a Header Confidentiality
Policy . . . . . . . . . . . . . . . . . . . . . . . . . 52
4.3. Users Should Not Have To Choose a Header Protection
Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 53
5. Security Considerations . . . . . . . . . . . . . . . . . . . 53
5.1. Avoid Cryptographic Summary Confusion from hp
Parameter . . . . . . . . . . . . . . . . . . . . . . . . 54
Gillmor, et al. Expires 5 December 2024 [Page 3]
Internet-Draft Cryptographic MIME Header Protection June 2024
5.2. Caution about Composing with Legacy Display Elements . . 54
5.3. Plaintext Attacks . . . . . . . . . . . . . . . . . . . . 55
6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 56
6.1. Leaks When Replying . . . . . . . . . . . . . . . . . . . 56
6.2. Encrypted Header Fields Are Not Always Private . . . . . 56
6.2.1. Encrypted Header Fields Can Leak Unwanted Information
to the Recipient . . . . . . . . . . . . . . . . . . 57
6.2.2. Encrypted Header Fields Can Be Inferred From External
or Internal Metadata . . . . . . . . . . . . . . . . 57
6.2.3. Encrypted Header Fields May Not Be Fully Masked by
HCP . . . . . . . . . . . . . . . . . . . . . . . . . 58
6.3. A Naive Recipient May Overestimate the Cryptographic Status
of a Header Field in an Encrypted Message . . . . . . . . 58
6.4. Privacy and Deliverability Risks with Bcc and Encrypted
Messages . . . . . . . . . . . . . . . . . . . . . . . . 59
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 62
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 62
9.1. Normative References . . . . . . . . . . . . . . . . . . 62
9.2. Informative References . . . . . . . . . . . . . . . . . 63
Appendix A. Possible Problems with Legacy MUAs . . . . . . . . . 65
A.1. Problems Viewing Messages in a List View . . . . . . . . 66
A.2. Problems when Rendering a Message . . . . . . . . . . . . 66
A.3. Problems when Replying to a Message . . . . . . . . . . . 67
Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 68
B.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 68
B.1.1. No Cryptographic Protections Over a Simple Message . 68
B.1.2. S/MIME Signed-only signedData Over a Simple Message, No
Header Protection . . . . . . . . . . . . . . . . . . 69
B.1.3. S/MIME Signed-only multipart/signed Over a Simple
Message, No Header Protection . . . . . . . . . . . . 71
B.1.4. S/MIME Encrypted and Signed Over a Simple Message, No
Header Protection . . . . . . . . . . . . . . . . . . 73
B.1.5. No Cryptographic Protections Over a Complex
Message . . . . . . . . . . . . . . . . . . . . . . . 76
B.1.6. S/MIME Signed-only signedData Over a Complex Message,
No Header Protection . . . . . . . . . . . . . . . . 77
B.1.7. S/MIME Signed-only multipart/signed Over a Complex
Message, No Header Protection . . . . . . . . . . . . 79
B.1.8. S/MIME Encrypted and Signed Over a Complex Message, No
Header Protection . . . . . . . . . . . . . . . . . . 82
B.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 86
B.2.1. S/MIME Signed-only signedData Over a Simple Message,
Wrapped Message . . . . . . . . . . . . . . . . . . . 86
B.2.2. S/MIME Signed-only multipart/signed Over a Simple
Message, Wrapped Message . . . . . . . . . . . . . . 88
B.2.3. S/MIME Signed-only signedData Over a Simple Message,
Injected Headers . . . . . . . . . . . . . . . . . . 90
Gillmor, et al. Expires 5 December 2024 [Page 4]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.2.4. S/MIME Signed-only multipart/signed Over a Simple
Message, Injected Headers . . . . . . . . . . . . . . 92
B.2.5. S/MIME Signed-only signedData Over a Complex Message,
Wrapped Message . . . . . . . . . . . . . . . . . . . 95
B.2.6. S/MIME Signed-only multipart/signed Over a Complex
Message, Wrapped Message . . . . . . . . . . . . . . 97
B.2.7. S/MIME Signed-only signedData Over a Complex Message,
Injected Headers . . . . . . . . . . . . . . . . . . 100
B.2.8. S/MIME Signed-only multipart/signed Over a Complex
Message, Injected Headers . . . . . . . . . . . . . . 103
B.3. Encrypted-and-signed Messages . . . . . . . . . . . . . . 106
B.3.1. S/MIME Encrypted and Signed Over a Simple Message,
Wrapped Message With hcp_minimal . . . . . . . . . . 106
B.3.2. S/MIME Encrypted and Signed Over a Simple Message,
Injected Headers With hcp_minimal . . . . . . . . . . 109
B.3.3. S/MIME Encrypted and Signed Over a Simple Message,
Injected Headers With hcp_minimal (+ Legacy Display) 112
B.3.4. S/MIME Encrypted and Signed Over a Simple Message,
Wrapped Message With hcp_strong . . . . . . . . . . . 116
B.3.5. S/MIME Encrypted and Signed Over a Simple Message,
Injected Headers With hcp_strong . . . . . . . . . . 119
B.3.6. S/MIME Encrypted and Signed Over a Simple Message,
Injected Headers With hcp_strong (+ Legacy Display) . 122
B.3.7. S/MIME Encrypted and Signed Reply Over a Simple
Message, Wrapped Message With hcp_minimal . . . . . . 125
B.3.8. S/MIME Encrypted and Signed Reply Over a Simple
Message, Injected Headers With hcp_minimal . . . . . 129
B.3.9. S/MIME Encrypted and Signed Reply Over a Simple
Message, Injected Headers With hcp_minimal (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 132
B.3.10. S/MIME Encrypted and Signed Reply Over a Simple
Message, Wrapped Message With hcp_strong . . . . . . 136
B.3.11. S/MIME Encrypted and Signed Reply Over a Simple
Message, Injected Headers With hcp_strong . . . . . . 139
B.3.12. S/MIME Encrypted and Signed Reply Over a Simple
Message, Injected Headers With hcp_strong (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 142
B.3.13. S/MIME Encrypted and Signed Over a Complex Message,
Wrapped Message With hcp_minimal . . . . . . . . . . 145
B.3.14. S/MIME Encrypted and Signed Over a Complex Message,
Injected Headers With hcp_minimal . . . . . . . . . . 149
B.3.15. S/MIME Encrypted and Signed Over a Complex Message,
Injected Headers With hcp_minimal (+ Legacy Display) 153
B.3.16. S/MIME Encrypted and Signed Over a Complex Message,
Wrapped Message With hcp_strong . . . . . . . . . . . 158
B.3.17. S/MIME Encrypted and Signed Over a Complex Message,
Injected Headers With hcp_strong . . . . . . . . . . 162
Gillmor, et al. Expires 5 December 2024 [Page 5]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.3.18. S/MIME Encrypted and Signed Over a Complex Message,
Injected Headers With hcp_strong (+ Legacy Display) . 166
B.3.19. S/MIME Encrypted and Signed Reply Over a Complex
Message, Wrapped Message With hcp_minimal . . . . . . 170
B.3.20. S/MIME Encrypted and Signed Reply Over a Complex
Message, Injected Headers With hcp_minimal . . . . . 174
B.3.21. S/MIME Encrypted and Signed Reply Over a Complex
Message, Injected Headers With hcp_minimal (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 178
B.3.22. S/MIME Encrypted and Signed Reply Over a Complex
Message, Wrapped Message With hcp_strong . . . . . . 183
B.3.23. S/MIME Encrypted and Signed Reply Over a Complex
Message, Injected Headers With hcp_strong . . . . . . 187
B.3.24. S/MIME Encrypted and Signed Reply Over a Complex
Message, Injected Headers With hcp_strong (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 191
Appendix C. Composition Examples . . . . . . . . . . . . . . . . 195
C.1. New message composition . . . . . . . . . . . . . . . . . 195
C.1.1. Unprotected message . . . . . . . . . . . . . . . . . 196
C.1.2. Encrypted with hcp_minimal and Legacy Display . . . . 196
C.2. Composing a Reply . . . . . . . . . . . . . . . . . . . . 198
C.2.1. Unprotected message . . . . . . . . . . . . . . . . . 199
C.2.2. Encrypted with hcp_no_confidentiality and Legacy
Display . . . . . . . . . . . . . . . . . . . . . . . 200
Appendix D. Rendering Examples . . . . . . . . . . . . . . . . . 204
D.1. Example text/plain Cryptographic Payload with Legacy
Display Elements . . . . . . . . . . . . . . . . . . . . 204
D.2. Example text/html Cryptographic Payload with Legacy Display
Elements . . . . . . . . . . . . . . . . . . . . . . . . 205
Appendix E. Other Header Protection Schemes . . . . . . . . . . 207
E.1. Original RFC 8551 Header Protection . . . . . . . . . . . 207
E.2. Pretty Easy Privacy (pEp) . . . . . . . . . . . . . . . . 207
E.3. "draft-autocrypt" Protected Headers . . . . . . . . . . . 207
Appendix F. Document Changelog . . . . . . . . . . . . . . . . . 207
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 212
1. Introduction
Privacy and security issues regarding e-mail Header Protection in S/
MIME and PGP/MIME have been identified for some time. Most current
implementations of cryptographically protected electronic mail
protect only the body of the message, which leaves significant room
for attacks against otherwise-protected messages. For example, lack
of Header Protection allows an attacker to substitute the message
subject and/or author.
Gillmor, et al. Expires 5 December 2024 [Page 6]
Internet-Draft Cryptographic MIME Header Protection June 2024
This document describes two different schemes for how message headers
can be cryptographically protected, and provides guidance for
implementers of MUAs that generate and interpret such messages. It
uses the term "Legacy MUA" to refer to an MUA that does not implement
either scheme. This document takes particular care to ensure that
messages interact reasonably well with Legacy MUAs.
1.1. Two Schemes of Header Protection
This document addresses two different schemes for cryptographically
protecting e-mail Header Sections or fields and provides guidance to
implementers. One scheme ("Injected Headers") is more interoperable
with Legacy MUAs and is mandatory to implement and interpret. The
other, older scheme ("Wrapped Message") is described here to enable
interpretation of archived messages.
The older scheme was first specified in S/MIME 3.1 ([RFC8551]), and
involves wrapping a message/rfc822 or message/global MIME object with
a Cryptographic Envelope around the message to protect. This
document calls this scheme "Wrapped Message", and it updates the
scheme described in that document, effectively replacing the final
two paragraphs of Section 3.1 of [RFC8551]. However, experience has
shown that even the updated "Wrapped Message" form does not interact
well with some Legacy MUAs (see Section 1.2).
The more interoperable "Injected Headers" scheme of Header Protection
is introduced in this document, and is preferred over the "Wrapped
Message" scheme. In the "Injected Headers" scheme, the protected
Header Fields are placed directly on the Cryptographic Payload
without using an intervening message/* MIME object. See
Section 2.5.6 and Section 2.7.3 for more details.
1.2. Problems with Wrapped Messages
Several Legacy MUAs have revealed rendering issues when dealing with
a message that uses the Wrapped Message Header Protection scheme.
In some cases, some mail user agents cannot render message/rfc822
message subparts at all, in violation of baseline MIME requirements
as described on page 5 of [RFC2049]. This leaves all Wrapped
Messages unreadable by any recipient using such an MUA.
In other cases, the user sees an attachment suggesting a forwarded
e-mail message, which -- in fact -- contains the protected e-mail
message that should be rendered directly. In most of these cases,
the user can click on the attachment to view the protected message.
Gillmor, et al. Expires 5 December 2024 [Page 7]
Internet-Draft Cryptographic MIME Header Protection June 2024
However, viewing the protected message as an attachment in isolation
may strip it of any security indications, leaving the user unable to
assess the cryptographic properties of the message. Worse, for
encrypted messages, interacting with the protected message in
isolation may leak contents of the cleartext, for example, if the
reply is not also encrypted.
1.3. Problems with Injected Headers
A Legacy MUA dealing with an encrypted message that has some Header
Fields obscured using the Injected Headers scheme will not render the
obscured Header Fields to the user at all. A workaround "Legacy
Display" mechanism is provided in this document, which most Legacy
MUAs should render to the user, albeit not in the same location that
the Header Fields would normally be rendered.
1.4. Motivation
Users generally do not understand the distinction between message
body and message header. When an e-mail message has cryptographic
protections that cover the message body, but not the Header Fields,
several attacks become possible.
For example, a Legacy Signed Message has a signature that covers the
body but not the Header Fields. An attacker can therefore modify the
Header Fields (including the Subject header) without invalidating the
signature. Since most readers consider a message body in the context
of the message's Subject header, the meaning of the message itself
could change drastically (under the attacker's control) while still
retaining the same cryptographic indicator of authenticity.
In another example, a Legacy Encrypted Message has its body
effectively hidden from an adversary that snoops on the message. But
if the Header Fields are not also encrypted, significant information
about the message (such as the message Subject) will leak to the
inspecting adversary.
However, if the sending and receiving MUAs ensure that cryptographic
protections cover the message Header Section as well as the message
body, these attacks are defeated.
1.4.1. Backward Compatibility
If the sending MUA is unwilling to generate such a fully protected
message due to the potential for rendering, usability,
deliverability, or security issues, these defenses cannot be
realized.
Gillmor, et al. Expires 5 December 2024 [Page 8]
Internet-Draft Cryptographic MIME Header Protection June 2024
The sender cannot know what MUA (or MUAs) the recipient will use to
handle the message. Thus, an outbound message format that is
backward compatible with as many legacy implementations as possible
is a more effective vehicle for providing the whole-message
cryptographic protections described above.
This document aims for backward compatibility with Legacy MUAs to the
extent possible. In some cases, like when a user-visible header like
the Subject is cryptographically hidden, a Legacy MUA will not be
able to render or reply to the message exactly same way as a
conformant MUA would. But accommodations are described here that
ensure a rough semantic equivalence for Legacy MUA even in these
cases.
1.4.2. Deliverability
A message with perfect cryptographic protections that cannot be
delivered is less useful than a message with imperfect cryptographic
protections that can be delivered. Senders want their messages to
reach the intended recipients.
Given the current state of the Internet mail ecosystem, encrypted
messages in particular cannot shield all of their Header Fields from
visibility and still be guaranteed delivery to their intended
recipient.
This document accounts for this concern by providing a mechanism
(Section 2.5.2) that prioritizes initial deliverability (at the cost
of some header leakage) while facilitating future message variants
that shield more header metadata from casual inspection.
1.5. Other Protocols to Protect E-Mail Header Fields
A separate pair of protocols also provides some cryptographic
protection for the e-mail message header integrity: DomainKeys
Identified Mail (DKIM) [RFC6376], as used in combination with Domain-
based Message Authentication, Reporting, and Conformance (DMARC)
[RFC7489]. This pair of protocols provides a domain-based reputation
mechanism that can be used to mitigate some forms of unsolicited
e-mail (spam).
Gillmor, et al. Expires 5 December 2024 [Page 9]
Internet-Draft Cryptographic MIME Header Protection June 2024
However, the DKIM+DMARC suite provides cryptographic protection at a
different scope than the mechanisms described here. In particular,
the message integrity and authentication signals provided by
DKIM+DMARC correspond to the domain name of the sending e-mail
address, not the sending address itself, so the DKIM+DMARC suite does
not provide end-to-end protection. DKIM and DMARC are typically
applied to messages by (and interpreted by) mail transfer agents, not
mail user agents. The mechanisms in this document are typically
applied to messages by (and interpreted by) mail user agents.
Furthermore, the DKIM+DMARC suite only provides cryptographic
integrity and authentication, not encryption. So cryptographic
confidentiality is not available from that suite.
The DKIM+DMARC suite can be used on any message, including messages
formed as described in this document. There should be no conflict
between these schemes.
Though not strictly e-mail, similar protections have been in use on
Usenet for signing and verification of message headers for years.
See [PGPCONTROL] and [PGPVERIFY-FORMAT] for more details. Like DKIM,
these Usenet control protections offer only integrity and
authentication, not encryption.
1.6. Applicability to PGP/MIME
This document describes end-to-end cryptographic protections for
e-mail messages in reference to S/MIME ([RFC8551]).
Comparable end-to-end cryptographic protections can also be provided
by PGP/MIME ([RFC3156]).
The mechanisms in this document should be applicable in the PGP/MIME
protections as well as S/MIME protections, but analysis and
implementation in this document focuses on S/MIME.
To the extent that any divergence from the mechanism described here
is necessary for PGP/MIME, that divergence is out of scope for this
document.
1.7. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Gillmor, et al. Expires 5 December 2024 [Page 10]
Internet-Draft Cryptographic MIME Header Protection June 2024
The key words "SPECIFICATION REQUIRED" and "IETF REVIEW" that appear
in this document when used to describe namespace allocation are to be
interpreted as described in [RFC8126].
1.8. Terms
The following terms are defined for the scope of this document:
* S/MIME: Secure/Multipurpose Internet Mail Extensions (see
[RFC8551])
* PGP/MIME: MIME Security with OpenPGP (see [RFC3156])
* Message: An E-Mail Message consisting of Header Fields
(collectively called "the Header Section of the message")
followed, optionally, by a Body; see [RFC5322].
Note: To avoid ambiguity, this document avoids using the terms
"Header" or "Headers" in isolation, but instead always uses
"Header Field" to refer to the individual field and "Header
Section" to refer to the entire collection.
* Header Field: A Header Field includes a field name, followed by a
colon (":"), followed by a field body (value), and terminated by
CRLF; see Section 2.2 of [RFC5322] for more details.
* Header Section: The Header Section is a sequence of lines of
characters with special syntax as defined in [RFC5322]. The
Header Section of a Message contains the Header Fields associated
with the Message itself. The Header Section of a MIME part (that
is, a subpart of a message) typically contains Header Fields
associated with that particular MIME part.
* Body: The Body is the part of a Message that follows the Header
Section and is separated from the Header Section by an empty line
(i.e., a line with nothing preceding the CRLF); see [RFC5322]. It
is the (bottom) section of a Message containing the payload of a
Message. Typically, the Body consists of a (possibly multipart)
MIME [RFC2045] construct.
* Header Protection (HP): cryptographic protection of e-mail Header
Sections (or parts of it) by means of signatures and/or
encryption.
* Cryptographic Layer, Cryptographic Payload, Cryptographic
Envelope, Cryptographic Summary, Structural Header Fields, Main
Body Part, User-Facing Header Fields, and MUA are all used as
defined in [I-D.ietf-lamps-e2e-mail-guidance]
Gillmor, et al. Expires 5 December 2024 [Page 11]
Internet-Draft Cryptographic MIME Header Protection June 2024
* Legacy MUA: an MUA that does not understand Header Protection as
described in this document. A Legacy Non-Crypto MUA is incapable
of doing any end-to-end cryptographic operations. A Legacy Crypto
MUA is capable of doing cryptographic operations, but does not
understand or generate messages with Header Protection.
* Legacy Signed Message: an e-mail message that was signed by a
Legacy MUA (and therefore has no cryptographic authenticity or
integrity protections on its Header Fields.
* Wrapped Message: The Header Protection scheme that uses the
mechanism described in [RFC8551], where the Cryptographic Payload
is a message/rfc822 or message/global MIME object, augmented with
a Content-Type parameter to indicate that this is the explicit
intent. (see Section 2.2).
* Injected Headers: The Header Protection scheme that uses the
mechanism described in this document (see Section 2.1), where the
protected Header Fields are inserted on the Cryptographic Payload
directly.
* Header Confidentiality Policy (HCP): a functional specification of
which Header Fields should be removed or obscured when composing
an encrypted message with Header Protection. An HCP is considered
more "conservative" when it removes or obscures fewer Header
Fields. When it removes or obscures more Header fields, it is
more "ambitious". See Section 2.5.2.
* Ordinary User: a user of an MUA who follows a simple and minimal
experience, focused on sending and receiving e-mails. A user who
opts into advanced configuration, expert mode, or the like is not
an "Ordinary User".
1.9. Document Scope
This document describes sensible, simple behavior for a program that
generates an e-mail message with standard end-to-end cryptographic
protections, following the guidance in
[I-D.ietf-lamps-e2e-mail-guidance]. An implementation conformant to
this document will produce messages that have cryptographic
protection that covers the message's Header Fields as well as its
body.
1.9.1. In Scope
This document also describes sensible, simple behavior for a program
that interprets such a message, in a way that can take advantage of
these protections covering the Header Fields as well as the body.
Gillmor, et al. Expires 5 December 2024 [Page 12]
Internet-Draft Cryptographic MIME Header Protection June 2024
The message generation guidance aims to minimize negative
interactions with any Legacy receiving MUA while providing actionable
cryptographic properties for modern receiving clients.
In particular, this document focuses on two standard types of
cryptographic protection that cover the entire message:
* A cleartext message with a single signature, and
* An encrypted message that contains a single cryptographic
signature.
1.9.2. Out of Scope
The message composition guidance in this document (in Section 2.5.6)
aims to provide minimal disruption for any Legacy MUA that receives
such a message. However, a Legacy MUA by definition does not
implement any of the guidance here. Therefore, the document does not
attempt to provide guidance for Legacy MUAs directly.
Furthermore, this document does not explicitly contemplate other
variants of cryptographic message protections, including any of
these:
* Encrypted-only message (Without a cryptographic signature. See
Section 5.3 of [I-D.ietf-lamps-e2e-mail-guidance].)
* Triple-wrapped message
* Signed message with multiple signatures
* Encrypted message with a cryptographic signature outside the
encryption.
All such messages are out of scope of this document.
2. Specification
As mentioned in Section 1.1, this document describes two ways to
provide end-to-end cryptographic protection for an e-mail message
that includes all Header Fields known to the sender at message
composition time. This document also specifies a new Header Field:
HP-Outer (see Section 2.5.3).
Gillmor, et al. Expires 5 December 2024 [Page 13]
Internet-Draft Cryptographic MIME Header Protection June 2024
When composing a message with end-to-end cryptographic protections,
an MUA SHOULD apply Header Protection. A sending MUA MUST be able to
generate the Injected Headers scheme (Section 2.5.6), and MAY
generate the Wrapped Message scheme (Section 2.5.7). The MUA
implementer can choose between the two schemes (see Section 4.3).
A compatible MUA SHOULD use Injected Headers when composing a new
message with end-to-end cryptographic protections, since a message
structured with Injected Headers is more likely to be usable by both
legacy and compatible MUAs.
A receiving MUA MUST be able to handle both Header Protection
schemes, as described in Section 2.7.
2.1. Injected Headers Scheme
A message that uses the Injected Headers scheme has protected Header
Fields in the Header Section of the Cryptographic Payload.
For an encrypted message that has at least one User-Facing Header
Field (see Section 1.1.2 of [I-D.ietf-lamps-e2e-mail-guidance])
removed or obscured outside of the Cryptographic Payload, those
Header Fields MAY be duplicated into decorative copies in the Main
Body MIME part of the Cryptographic Payload itself. These decorative
copies within the message are known as "Legacy Display Elements".
Such a Legacy Display Element enables users of a Legacy receiving MUA
-- that doesn't yet understand how to interpret or display the
Injected Headers scheme -- to view the removed/obscured Header
Fields. See Section 3.1 for more details about how the ecosystem
could shift so that a sending MUA could avoid the need to generate
any Legacy Display Element.
Composing a message with the Injected Headers scheme is described in
Section 2.5.6. Rendering such a message is described in
Section 2.7.3. Example message composition and reply can be seen in
Appendix C. Example message rendering which strips Legacy Display
Elements can be seen in Appendix D.
2.2. Wrapped Message Scheme
A message that uses the Wrapped Message scheme has a Cryptographic
Payload of a single message/rfc822 (or message/global) MIME object,
which itself contains the original message (including the protected
Header Section).
Gillmor, et al. Expires 5 December 2024 [Page 14]
Internet-Draft Cryptographic MIME Header Protection June 2024
The Wrapped Message Header Protection scheme is very similar to that
described in Section 3.1 of [RFC8551]. The main augmentations this
document provides to that scheme are:
* an explicit discussion of how to obscure or remove Header Fields,
* an additional hp="clear" or hp="cipher" parameter to the Content-
Type Header Field of the Cryptographic Payload to indicate the
explicit intent,
* an additional hp-scheme="wrapped" parameter to the same Content-
Type Header Field to indicate the specific scheme in use,
* a recommendation to mark such a Wrapped Message as "Content-
Disposition: inline" to encourage Legacy MUAs to render the inner
message directly rather than treating it as an attachment, and
* a mechanism the recipient of an encrypted message can use to
explicitly derive what Header Fields were removed or obscured by
the sender (the HP-Outer mechanism).
Composing a message with the Wrapped Message scheme is described in
Section 2.5.7. Rendering such a message is described in
Section 2.7.4.
2.3. Content-Type parameter: hp
This specification defines a parameter for the Content-Type Header
Field named hp (for Header Protection). Its value is only relevant
on the Content-Type Header Field at the root of the Cryptographic
Payload. When generating a message, an MUA MUST add this parameter
only to the Content-Type Header Field at the root of the message's
Cryptographic Payload. When consuming a message, an MUA MUST ignore
this parameter when it encounters it anywhere other than the root of
the message's Cryptographic Payload.
The parameter's defined values describe the sender's cryptographic
intent when producing the message:
Gillmor, et al. Expires 5 December 2024 [Page 15]
Internet-Draft Cryptographic MIME Header Protection June 2024
+========+==============+=========+=================+==============+
|hp Value| Authenticity |Integrity| Confidentiality | Description |
+========+==============+=========+=================+==============+
|"clear" | yes |yes | no | This message |
| | | | | has been |
| | | | | signed by |
| | | | | the sender |
| | | | | with Header |
| | | | | Protection |
+--------+--------------+---------+-----------------+--------------+
|"cipher"| yes |yes | yes | This message |
| | | | | has been |
| | | | | signed by |
| | | | | the sender, |
| | | | | with Header |
| | | | | Protection, |
| | | | | and is |
| | | | | encrypted to |
| | | | | the |
| | | | | recipients |
+--------+--------------+---------+-----------------+--------------+
Table 1: hp parameter for Content-Type Header Field
A sending implementation MUST NOT produce a Cryptographic Payload
with parameter hp="cipher" for an non-encrypted message (that is,
where none of the Cryptographic Layers in the Cryptographic Envelope
of the message provide encryption). Likewise, if a sending
implementation is sending an encrypted message with Header
Protection, it MUST emit an hp="cipher" parameter, regardless of the
HCP in use.
Note that hp="cipher" indicates that the message itself has been
encrypted by the sender to the recipients, but makes no assertions
about which Header Fields have been removed or obscured. This can be
derived from the Cryptographic Payload itself (see Section 2.5.4).
A receiving implementation MUST NOT mistake the presence of an
hp="cipher" parameter in the Cryptographic Payload for the actual
presence of a Cryptographic Layer that provides encryption.
Gillmor, et al. Expires 5 December 2024 [Page 16]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.4. Content-Type parameter: hp-scheme
This document recommends the Injected Headers scheme, and the
presence of the hp= parameter in the Content-Type of the
Cryptographic Payload implies the use of that scheme by default. If
the message does Header Protection using the Wrapped Message scheme,
it MUST also add an hp-scheme="wrapped" parameter to the Content-Type
of the Cryptographic Payload.
+==================================+===============================+
| hp-scheme Value | Header Protection Scheme Used |
+==================================+===============================+
| (no hp-scheme parameter present) | Injected Headers |
+----------------------------------+-------------------------------+
| "wrapped" | Wrapped Message |
+----------------------------------+-------------------------------+
Table 2: hp-scheme parameter for Content-Type Header Field
2.5. Sending Side
This section describes the process an MUA should use to apply
cryptographic protection to an e-mail message with Header Protection.
2.5.1. Composing a Cryptographically Protected Message Without Header
Protection
As a baseline, we consider the typical message composition process of
a Legacy Crypto MUA which does not provide any Header Protection.
This process is described in Section 5.1 of
[I-D.ietf-lamps-e2e-mail-guidance]. We replicate it here for
reference:
* origbody: the traditional unprotected message body as a well-
formed MIME tree (possibly just a single MIME leaf part). As a
well-formed MIME tree, origbody already has structural Header
Fields (Content-*) present.
* origheaders: the intended non-structural Header Fields for the
message, represented here as a list of (h,v) pairs, where h is a
Header Field name and v is the associated value. Note that these
are Header Fields that the MUA intends to be visible to the
recipient of the message. In particular, if the MUA uses the Bcc
Header Field during composition, but plans to omit it from the
message (see Section 3.6.3 of [RFC5322]), it will not be in
origheaders.
Gillmor, et al. Expires 5 December 2024 [Page 17]
Internet-Draft Cryptographic MIME Header Protection June 2024
* crypto: The series of cryptographic protections to apply (for
example, "sign with the secret key corresponding to X.509
certificate X, then encrypt to X.509 certificates X and Y"). This
is a routine that accepts a MIME tree as input (the Cryptographic
Payload), wraps the input in the appropriate Cryptographic
Envelope, and returns the resultant MIME tree as output.
The algorithm returns a MIME object that is ready to be injected into
the mail system:
* Apply crypto to MIME part origbody, producing MIME tree output
* For each Header Field name and value (h,v) in origheaders:
- Add Header Field h to output with value v
* Return output
2.5.2. Header Confidentiality Policy
When composing an encrypted message with Header Protection, the
composing MUA needs a Header Confidentiality Policy (HCP). In this
document, we represent that Header Confidentiality Policy as a
function hcp:
* hcp(name, val_in) → val_out: this function takes a non-structural
Header Field identified by name with initial value val_in as
arguments, and returns a replacement header value val_out. If
val_out is the special value null, it means that the Header Field
in question should be removed from the set of Header Fields
visible outside the Cryptographic Envelope.
In the pseudocode descriptions of various choices of HCP in this
document, any comparison with the name input is done case-
insensitively. This is appropriate for Header Field names, as
described in [RFC5322].
Note that hcp is only applied to non-structural Header Fields. When
composing a message, Structural Header Fields are dealt with
separately, as described in Section 2.5.6 and Section 2.5.7.
As an example, an MUA that obscures the Subject Header Field by
replacing it with the literal string "[...]", hides all Cc'ed
recipients, and does not offer confidentiality to any other Header
Fields would be represented as (in pseudocode):
Gillmor, et al. Expires 5 December 2024 [Page 18]
Internet-Draft Cryptographic MIME Header Protection June 2024
hcp_example_hide_cc(name, val_in) → val_out:
if lower(name) is 'subject':
return '[...]'
else if lower(name) is 'cc':
return null
else:
return val_in
Note that such a policy is only needed when the end-to-end
protections include encryption (confidentiality). No comparable
policy is needed for other end-to-end cryptographic protections
(integrity and authenticity), as they are simply uniformly applied so
that all Header Fields known by the sender have these protections.
This asymmetry is an unfortunate consequence of complexities in
message delivery systems, some of which may reject, drop, or delay
messages where all Header Fields are removed from the top-level MIME
object.
This document does not mandate any particular Header Confidentiality
Policy, though it offers guidance for MUA implementers in selecting
one in Section 2.6. Future documents may recommend or mandate such a
policy for an MUA with specific needs. Such a recommendation might
be motivated by descriptions of metadata-derived attacks, or stem
from research about message deliverability, or describe new
signalling mechanisms, but these topics are out of scope for this
document.
For alignment with common practice as well as the ABNF in
Section 2.5.3 for HP-Outer, val_out MUST be one of the following:
* identical to val_in, or
* the special value null (meaning that the Header Field will be
removed from the outside of the message), or
* a sequence of printable and whitespace (that is, space or tab)
7-bit clean ASCII characters (of course, non-ASCII text can be
encoded as ASCII using the encoded-word construct from [RFC2047])
The HCP can compute val_out using any technique describable in
pseudocode, such as copying a fixed string or invocations of other
pseudocode functions. If it alters the value, it MUST NOT include
control or NUL characters in val_out. val_out SHOULD match the
expected ABNF for the Header Field identified by name.
Gillmor, et al. Expires 5 December 2024 [Page 19]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.5.3. Definition of the HP-Outer Header Field
This document defines a new Header Field, HP-Outer. HP-Outer is used
for conveying the effect of sender's Header Confidentiality Policy
for an encrypted message. It does so by embedding a copy within the
Cryptographic Envelope of every non-structural Header Field that the
sender put outside the Cryptographic Envelope. This Header Field
enables the MUA receiving the encrypted message to reliably identify
whether the sending MUA intended to make a Header Field confidential
(see Section 6.3).
An implementation that composes encrypted e-mail MUST include a copy
of all non-structural Header Fields deliberately exposed to the
outside of the Cryptographic Envelope using a series of HP-Outer
Header Fields within the Cryptographic Payload. These HP-Outer MIME
Header Fields should only ever appear directly within the Header
Section of the Cryptographic Payload of a Cryptographic Envelope
offering confidentiality. They MUST be ignored for the purposes of
evaluating the message's Header Protection if they appear in other
places.
Each instance of HP-Outer contains a non-structural Header Field name
and the value that this Header Field was set in the outer
(unprotected) Header Section. The HP-Outer Header Field can appear
multiple times in the Header Section of a Cryptographic Payload.
If a non-structural Header Field name A doesn't appear in an HP-Outer
Header Field value, then the sender is effectively asserting it was
not set on the outside of the message's Cryptographic Envelope by the
original message sender at the time the message was injected into the
mail system.
The syntax of this Header Field is defined using the following ABNF
[RFC5234], where field-name, WSP, VCHAR, and FWS are defined in
[RFC5322]:
hp-outer = "HP-Outer:" [FWS] field-name ": "
hp-outer-value CRLF
hp-outer-value = (*([FWS] VCHAR) *WSP)
Note that hp-outer-value is the same as unstructured from [RFC5322],
but without the obsolete obs-unstructured option.
Gillmor, et al. Expires 5 December 2024 [Page 20]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.5.4. Extracting Protected and Unprotected ("Outer") Header Fields
When a message is encrypted and it uses Header Protection, an MUA may
need to extract a list of protected Header Fields (names and values),
as well as a list of Header Fields that were added by the original
message sender in unprotected form to the outside of the message's
Cryptographic Envelope.
The following algorithm takes an reference message refmsg as input,
which is encrypted with Header Protection as described in this
document (that is, the Cryptographic Envelope includes a
Cryptographic Layer that provides encryption, and the hp parameter
for the Content-Type Header Field of the Cryptographic Payload is
cipher). It produces as output a pair of lists of (h,v) Header
Fields.
* When refmsg uses the Injected Headers scheme (that is, when there
is no hp-scheme parameter for the Content-Type Header Field of the
Cryptographic Payload):
- Let refheaders be the list of (h,v) protected Header Fields
found in the root of the Cryptographic Payload
* When refmsg uses the Wrapped Message scheme (that is, when the hp-
scheme parameter for the Content-Type Header Field of the top-
level message/rfc822 Cryptographic Payload is wrapped):
- Let refheaders be the list of (h,v) protected Header Fields
found in the immediate child of the root of the Cryptographic
Payload (recall that the root is a message/rfc822)
* Let refouter be an empty list of Header Field names and values
* Let refprotected be an empty list of Header Field names and values
* For each (h,v) in refheaders:
- If h is HP-Outer:
o Split v into (h1,v1) on the first colon (:) followed by any
amount of whitespace.
o Append (h1,v1) to refouter
- Else:
o Append (h,v) to refprotected
Gillmor, et al. Expires 5 December 2024 [Page 21]
Internet-Draft Cryptographic MIME Header Protection June 2024
* Return refouter, refprotected
Note that this algorithm is independent of the unprotected Header
Fields. It derives its output only from the normal Header Fields and
the HP-Outer Header Fields, both contained inside the Cryptographic
Payload.
2.5.5. Header Confidentiality for Referenced Encrypted Messages
Some e-mail messages are written in response to another message. For
example, the user of an MUA viewing any given message might take an
action like "Reply", "Reply All", "Forward", or some comparable
action to start the composition of a new message. The new message
created this way effectively references the original message that was
viewed at the time.
When the referenced message was itself encrypted with Header
Protection, and some of its Header Fields had been obscured or
removed, the replying MUA needs to make sure that the new message
does not leak previously confidential header material. This section
describes a method to produce a list of Header Fields that should be
obscured or removed in the new message even if the sender's choice of
Header Confidentiality Policy wouldn't normally remove or obscure the
Header Field in question.
It takes two items as input:
* A single referenced message refmsg, and
* A built-in MUA function respond associated with the user's action.
respond takes as input a list of headers from a referenced message
and generates a list of initial candidate message Header Field
names and values that are used to populate the message composition
interface. Something like this function already exists in most
MUAs, though it may differ across responsive actions. For
example, the respond function that implements "Reply All" is
likely to be a different from the respond that implements "Reply".
As output, we produce an ephemeral single-use Header Confidentiality
Policy, specific to this kind of response to this specific message.
* If refmsg is not encrypted with Header Protection:
- Return hcp_no_confidentiality (there is no header
confidentiality in the reference message that needs protection)
* Extract refouter, refprotected from refmsg as described in
Section 2.5.4
Gillmor, et al. Expires 5 December 2024 [Page 22]
Internet-Draft Cryptographic MIME Header Protection June 2024
* Let genprotected be a list of (h,v) pairs generated by
respond(refprotected)
* Let genouter be a list of (h,v) pairs generated by
respond(refouter)
* For each (h,v) in genprotected:
- If (h,v) is in genouter:
o Remove (h,v) from both genprotected and genouter (this
Header Field does not need additional confidentiality)
* Let confmap be a mapping from a Header Field name and value (h,v)
to either a string or the special value null (this mapping is
initially empty)
* For each (h,v) remaining in genprotected:
- Set result to the special value null
- For each (h1,v1) in genouter:
o If h1 is h:
+ Set result to v1
- Insert (h,v) -> result into confmap
* Return a new HCP from confmap that tests whether (name,val_in) are
in confmap; if so, return confmap[(name,val_in)]; otherwise,
return val_in
Note that the key idea here is to reuse the MUA's existing respond
function. The algorithm simulates how the MUA would pre-populate a
reply to two traditional messages whose Header Fields have the values
refouter and refprotected respectively (independent of any
cryptographic protections). Then it uses the difference to derive a
one-time HCP. This HCP takes into account both the referenced
message's sender's preferences and the derivations that can happen to
Header Field values when responding. Note that while some of these
derivations are straight forward (e.g., In-Reply-To is usually
derived from Message-ID), others are non-trivial. For example, From
may be derived from To, Cc, or from the MUA's local address
preference (especially when the MUA received the referenced message
via Bcc). Similarly, To may be derived from To, From, and/or Cc
depending on the MUA implementation and depending on whether the user
clicked "Reply", "Reply All", "Forward", or any other action that
Gillmor, et al. Expires 5 December 2024 [Page 23]
Internet-Draft Cryptographic MIME Header Protection June 2024
generates a response to a message. Reusing the MUA's existing
respond function incorporates these nuances without requiring any
extra configuration choices or additional maintenance burden.
2.5.6. Composing with "Injected Headers" Header Protection
To compose a message using "Injected Headers" Header Protection, the
composing MUA uses the following inputs:
* All the inputs described in Section 2.5.1
* hcp: a Header Confidentiality Policy, as defined in Section 2.5.2
* response: if the new message is a response to another message
(e.g., "Reply", "Reply All", "Forward", etc), the MUA function
corresponding to the user's action (see Section 2.5.5), otherwise
null
* refmsg: if the new message is a response to another message, the
message being responded to, otherwise null
* legacy: a boolean value, indicating whether any recipient of the
message is believed to have a Legacy MUA. If all recipients are
known to implement this draft, legacy should be set to false.
(How an MUA determines the value of legacy is out of scope for
this document; an initial implementation can simply set it to
true)
To enable visibility of User-Facing but now removed/obscured Header
Fields for decryption-capable Legacy MUAs, the Header Fields are
included as a decorative Legacy Display Element in specially marked
parts of the message (see Section 2.1). This document recommends two
mechanisms for such a decorative adjustment: one for a text/html Main
Body Part of the e-mail message, and one for a text/plain Main Body
Part. This document does not recommend adding a Legacy Display
Element to any other part.
Please see Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for
guidance on identifying the parts of a message that are a Main Body
Part.
The algorithm proceeds as follows:
* Let newbody be a copy of origbody
* If crypto contains encryption, and legacy is true:
- Create ldlist, an empty list of (header, value) pairs
Gillmor, et al. Expires 5 December 2024 [Page 24]
Internet-Draft Cryptographic MIME Header Protection June 2024
- For each Header Field name and value (h,v) in origheaders:
o If h is User-Facing (see Section 1.1.2 of
[I-D.ietf-lamps-e2e-mail-guidance]):
+ If hcp(h,v) is not v:
* Add (h,v) to ldlist
- If ldlist is not empty:
o Identify each leaf MIME part of newbody that represents the
"main body" of the message.
o For each "Main Body Part" bodypart of type text/plain or
text/html:
+ Adjust bodypart by inserting a Legacy Display Element
header list ldlist into its content, and adding a
Content-Type parameter hp-legacy-display with value 1
(see Section 2.5.6.1 for text/plain and Section 2.5.6.2
for text/html)
* For each Header Field name and value (h,v) in origheaders:
- Add Header Field h to MIME part newbody with value v
* If crypto does not contain encryption:
- Set the hp parameter on the Content-Type of MIME part newbody
to clear
- Let newheaders be a copy of origheaders
* Else (if crypto contains encryption):
- Set the hp parameter on the Content-Type of MIME part newbody
to cipher
- If refmsg is not null, response is not null, and refmsg itself
is encrypted with header protection:
o Let response_hcp be a single-use HCP derived from response
and refmsg (see Section 2.5.5)
- Else (if this is not a response to an encrypted, header-
protected message):
Gillmor, et al. Expires 5 December 2024 [Page 25]
Internet-Draft Cryptographic MIME Header Protection June 2024
o Set response_hcp to hcp_no_confidentiality
- Create new empty list of Header Field names and values
newheaders
- For each Header Field name and value (h,v) in origheaders:
o Let newval be hcp(h,v)
o If newval is v:
+ Let newval be response_hcp(h,v)
o If newval is not null):
+ Add (h,newval) to newheaders
- For each Header Field name and value (h,v) in newheaders:
o Let string record be the concatenation of h, a literal ": "
(ASCII colon (0x3A) followed by ASCII space (0x20)), and v
o Add Header Field "HP-Outer" to MIME part newbody with value
record
* Apply crypto to MIME part newbody, producing MIME tree output
* For each Header Field name and value (h,v) in newheaders:
- Add Header Field h to output with value v
* Return output
Note that both new parameters (hcp and legacy) are effectively
ignored if crypto does not contain encryption. This is by design,
because they are irrelevant for signed-only cryptographic
protections.
2.5.6.1. Adding a Legacy Display Element to a text/plain Part
For a list of obscured and removed User-Facing Header Fields
represented as (header, value) pairs, concatenate them as a set of
lines, with one newline at the end of each pair. Add an additional
trailing newline after the resultant text, and prepend the entire
list to the body of the text/plain part.
Gillmor, et al. Expires 5 December 2024 [Page 26]
Internet-Draft Cryptographic MIME Header Protection June 2024
The MUA MUST also add a Content-Type parameter of hp-legacy-display
with value 1 to the MIME part to indicate that a Legacy Display
Element was added.
For example, if the list of obscured Header Fields was [("Cc",
"alice@example.net"), ("Subject", "Thursday's meeting")], then a
text/plain Main Body Part that originally looked like this:
Content-Type: text/plain; charset=UTF-8
I think we should skip the meeting.
Would become:
Content-Type: text/plain; charset=UTF-8; hp-legacy-display=1
Subject: Thursday's meeting
Cc: alice@example.net
I think we should skip the meeting.
Note that the Legacy Display Element (the lines beginning with
Subject: and Cc:) are part of the body of the MIME part in question.
This example assumes that the Main Body Part in question is not the
root of the Cryptographic Payload. For instance, it could be a leaf
of a multipart/alternative Cryptographic Payload. This is why no
additional Header Fields have been injected into the MIME part in
this example.
2.5.6.2. Adding a Legacy Display Element to a text/html Part
Adding a Legacy Display Element to a text/html part is similar to how
it is added to a text/plain part (see Section 2.5.6.1). Instead of
adding the obscured or removed User-Facing Header Fields to a block
of text delimited by a blank line, the composing MUA injects them in
an HTML <div> element annotated with a class attribute of header-
protection-legacy-display.
The content and formatting of this decorative <div> have no strict
requirements, but they MUST represent all the obscured and removed
User-Facing Header Fields in a readable fashion. A simple approach
is to assemble the text in the same way as Section 2.5.6.1, wrap it
in a verbatim <pre> element, and put that element in the annotated
<div>.
Gillmor, et al. Expires 5 December 2024 [Page 27]
Internet-Draft Cryptographic MIME Header Protection June 2024
The annotated <div> should be placed as close to the start of the
<body> as possible, where it will be visible when viewed with a
standard HTML renderer.
The MUA MUST also add a Content-Type parameter of hp-legacy-display
with value 1 to the MIME part to indicate that a Legacy Display
Element was added.
For example, if the list of obscured Header Fields was [("Cc",
"alice@example.net"), ("Subject", "Thursday's meeting")], then a
text/html Main Body Part that originally looked like this:
Content-Type: text/html; charset=UTF-8
<html><head><title></title></head><body>
<p>I think we should skip the meeting.</p>
</body></html>
Would become:
Content-Type: text/html; charset=UTF-8; hp-legacy-display=1
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p>
</body></html>
This example assumes that the Main Body Part in question is not the
root of the Cryptographic Payload. For instance, it could be a leaf
of a multipart/alternative Cryptographic Payload. This is why no
additional Header Fields have been injected into the MIME part in
this example.
2.5.6.2.1. Step-by-step Example for Inserting Legacy Display Element to
text/html
A composing MUA MAY insert the Legacy Display Element anywhere
reasonable within the message as long as it prioritizes visibility
for the reader using a Legacy decryption-capable MUA. This decision
may take into account special message-specific HTML formatting
expectations if the MUA is aware of them. However, some MUAs may not
have any special insight into the user's preferred HTML formatting,
and still want to insert a Legacy Display Element. This section
offers a non-normative, simple, and minimal step-by-step approach for
a composing MUA that has no other information or preferences to fall
back on.
Gillmor, et al. Expires 5 December 2024 [Page 28]
Internet-Draft Cryptographic MIME Header Protection June 2024
The process below assumes that the MUA already has the full HTML
object that it intends to send, including all of the text supplied by
the user.
1. Assemble the text exactly as specified for text/plain (see
Section 2.5.6.1).
2. Wrap that text in a verbatim <pre> element.
3. Wrap that <pre> element in a <div> element annotated with the
class header-protection-legacy-display.
4. Find the <body> element of the full HTML object.
5. Insert the <div> element as the first child of the <body>
element.
2.5.6.3. Only Add a Legacy Display Element to Main Body Parts
Some messages may contain a text/plain or text/html subpart that is
_not_ a Main Body Part. For example, an e-mail message might contain
an attached text file or a downloaded webpage. Attached documents
need to be preserved as intended in the transmission, without
modification.
The composing MUA MUST NOT add a Legacy Display Element to any part
of the message that is not a Main Body Part. In particular, if a
part is annotated with Content-Disposition: attachment, or if it does
not descend via the first child of any of its multipart/mixed or
multipart/related ancestors, it is not a Main Body Part, and MUST NOT
be modified.
See Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for more
guidance about common ways to distinguish Main Body Parts from other
MIME parts in a message.
2.5.6.4. Do Not Add a Legacy Display Element to Other Content-Types
The purpose of injecting a Legacy Display Element into each Main Body
MIME part is to enable rendering of otherwise obscured Header Fields
in Legacy MUAs that are capable of message decryption, but don't know
how to follow the rest of the guidance in this document.
The authors are unaware of any Legacy MUA that would render any MIME
part type other than text/plain and text/html as the Main Body. A
generating MUA SHOULD NOT add a Legacy Display Element to any MIME
part with any other Content-Type.
Gillmor, et al. Expires 5 December 2024 [Page 29]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.5.7. Composing with "Wrapped Message" Header Protection
To compose a message using "Wrapped Message" Header Protection, the
composing MUA uses the following inputs:
* All the inputs described in Section 2.5.1
* hcp: a Header Confidentiality Policy, as defined in Section 2.5.2
* response: if the new message is a response to another message
(e.g., "Reply", "Reply All", "Forward", etc), the MUA function
corresponding to the user's action (see Section 2.5.5), otherwise
null
* refmsg: if the new message is a response to another message, the
message being responded to, otherwise null
The algorithm proceeds as follows:
* Let newbody be a copy of origbody
* For each Header Field name and value (h,v) in origheaders:
- Add Header Field h to MIME part newbody with value v
* If crypto does not contain encryption:
- Let newheaders be a copy of origheaders
* Else (if crypto contains encryption):
- If refmsg is not null, response is not null, and refmsg itself
is encrypted with header protection:
o Let response_hcp be a single-use HCP derived from response
and refmsg (see Section 2.5.5)
- Else (if this is not a response to an encrypted, header-
protected message):
o Set response_hcp to hcp_no_confidentiality
- Create new empty list of Header Field names and values
newheaders
- For each Header Field name and value (h,v) in origheaders:
o Let newval be hcp(h,v)
Gillmor, et al. Expires 5 December 2024 [Page 30]
Internet-Draft Cryptographic MIME Header Protection June 2024
o If newval is v:
+ Let newval be response_hcp(h,v)
o If newval is not null:
+ Add (h,newval) to newheaders
- For each Header Field name and value (h,v) in newheaders:
o Let string record be the concatenation of h, a literal ": "
(ASCII colon (0x3A) followed by ASCII space (0x20)), and v
o Add Header Field "HP-Outer" to MIME part newbody with value
record
* If any of the Header Fields in MIME part newbody, including Header
Fields in the nested internal MIME structure, contain any 8-bit
UTF-8 characters (see Section 3.7 of [RFC6532]):
- Let payload be a new MIME part with one Header Field: Content-
Type: message/global
* Else:
- Let payload be a new MIME part with one Header Field: Content-
Type: message/rfc822
* If crypto contains encryption:
- Add a parameter hp="cipher" to the Content-Type Header Field of
payload
* Else (if crypto does not contain encryption):
- Add a parameter hp="clear" to the Content-Type Header Field of
payload
* Add a parameter hp-scheme="wrapped" to the Content-Type Header
Field of payload
* Set the body of payload to newbody.
* Add a Content-Disposition Header Field to MIME part payload with
value inline
* Apply crypto to MIME part payload, producing MIME tree output
Gillmor, et al. Expires 5 December 2024 [Page 31]
Internet-Draft Cryptographic MIME Header Protection June 2024
* For each Header Field name and value (h,v) in newheaders:
- Add Header Field h to output with value v
* Return output
Note that the Header Confidentiality Policy hcp parameter is
effectively ignored if crypto does not contain encryption. This is
by design, because a signed-only message cannot provide
confidentiality.
2.6. Default Header Confidentiality Policy
An MUA MUST have a default Header Confidentiality Policy that offers
at least the protections provided by hcp_minimal as described in
Section 2.6.1. Local policy and configuration may alter this
default, but the MUA SHOULD NOT require the user to select an HCP.
hcp_minimal provides confidentiality for the Subject Header Field by
replacing it with the literal string "[...]". This is a sensible
minimal default because most users treat the Subject of a message the
same way that they treat the body, and they are surprised to find
that the Subject of an encrypted message is visible.
2.6.1. Minimal Header Confidentiality Policy
The most conservative recommended Header Confidentiality Policy only
protects the Subject Header Field:
hcp_minimal(name, val_in) → val_out:
if lower(name) is 'subject':
return '[...]'
else:
return val_in
hcp_minimal is the recommended default HCP for a new implementation,
as it provides meaningful confidentiality protections and is unlikely
to cause deliverability or usability problems.
2.6.2. Strong Header Confidentiality Policy
Alternately, a more ambitious (and therefore more privacy-preserving)
Header Confidentiality Policy only leaks a handful of fields whose
absence is known to increase rates of delivery failure, and
simultaneously obscures the Message-ID behind a random new one:
Gillmor, et al. Expires 5 December 2024 [Page 32]
Internet-Draft Cryptographic MIME Header Protection June 2024
hcp_strong(name, val_in) → val_out:
if lower(name) in ['from', 'to', 'cc', 'date']:
return val_in
else if lower(name) is 'subject':
return '[...]'
else if lower(name) is 'message-id':
return generate_new_message_id()
else:
return null
The function generate_new_message_id() represents whatever process
the MUA typically uses to generate a Message-ID for a new outbound
message.
hcp_strong is known to cause usability problems with message
threading for many Legacy MUAs, and is not recommended as a default
HCP for new implementations.
2.6.3. No Header Confidentiality Policy
Legacy MUAs can be conceptualized as offering a "No Header
Confidentiality" Policy, which offers no confidentiality protection
to any Header Field:
hcp_no_confidentiality(name, val_in) → val_out:
return val_in
A conformant MUA that is not modified by local policy or
configuration MUST NOT use hcp_no_confidentiality by default.
2.6.4. Offering More Ambitious Header Confidentiality
An MUA MAY offer even more ambitious confidentiality for Header
Fields of an encrypted message than described in Section 2.6.2. For
example, it might implement an HCP that obscures the From Header
Field, removes the Cc Header Field, or ensures Date is represented in
UTC (obscuring the local time zone).
The authors of this document hope that implementers with deployment
experience will document their chosen Header Confidentiality Policy
and the rationale behind their choice.
This document defines hcp_no_confidentiality, hcp_minimal, and
hcp_strong as a way to compare and contrast different possible
behavioral choices for a composing MUA. An example hypothetical HCP,
hcp_example_hide_cc is included in Section 2.5.2. While the HCP is
not strictly a protocol element, this document creates a registry of
named Header Confidentiality Policies for ease of communication.
Gillmor, et al. Expires 5 December 2024 [Page 33]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.6.4.1. Expert Guidance for Registering Header Confidentiality
Policies
There is no formal syntax specified for the Header Confidentiality
Policy, but any attempt to specify an HCP for inclusion in the
registry needs to provide:
* a stable reference document clearly indicating the distinct name
for the proposed HCP
* pseudocode that other implementers can clearly and unambiguously
interpret
* a clear explanation of why this HCP is different from all other
registered HCPs
* any relevant considerations related to deployment of the HCP (for
example, known or expected deliverability, rendering, or privacy
challenges and possible mitigations)
When the proposed HCP produces any non-null output for a given Header
Field name, val_out SHOULD match the expected ABNF for that Header
Field. If the proposed HCP does not match the expected ABNF for that
Header Field, the documentation should explicitly identify the
relevant circumstances and provide a justification for the deviation.
An entry should not be marked as "Recommended" unless it has been
shown to offer confidentiality or privacy improvements over the
status quo and have minimal or mitigatable negative impact on
messages to which it is applied, considering factors such as message
deliverability and security. Only one entry in the table
(hcp_minimal) is initially marked as "Recommended". In the future,
more than one entry may be marked as "Recommended".
2.7. Receiving Side
An MUA that receives a cryptographically protected e-mail will render
it for the user.
The receiving MUA will render the message body, a selected subset of
Header Fields, and (as described in Section 3 of
[I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the
cryptographic properties of the message.
Most MUAs only render a subset of Header Fields by default. For
example, most MUAs render From, To, Cc, Date, and Subject to the
user, but few render Message-Id or Received.
Gillmor, et al. Expires 5 December 2024 [Page 34]
Internet-Draft Cryptographic MIME Header Protection June 2024
An MUA that knows how to handle a message with Header Protection
makes the following three changes to its behavior when rendering a
message:
* If the MUA detects that an incoming message has protected Header
Fields:
- For a Header Field that is present in the protected Header
Section, the MUA MUST render that value, and ignore any
unprotected counterparts that may be present.
- For a Header Field that is present only in the unprotected
Header Section, the MUA SHOULD NOT render that value. If it
does render the value, the MUA SHOULD indicate that the
rendered value is unprotected. For an exception to this, see
Section 2.7.10 for a discussion of some specific Header Fields
that are known to be added in transit, and therefore are not
expected to have end-to-end cryptographic protections.
* The MUA SHOULD include information in the message's Cryptographic
Summary to indicate the types of protection that applied to each
rendered Header Field (if any).
* When replying to a message with confidential Header Fields, the
replying MUA avoids leaking into the cleartext of the reply any
Header Fields which were confidential in the original. It does
this even if its own Header Confidentiality Policy would not have
treated those Header Fields as confidential. See Section 2.7.8
for more details.
Note that an MUA that handles a message with Header Protection does
_not_ need to render any new Header Fields that it did not render
before.
2.7.1. Identifying that a Message has Header Protection
An incoming message can be identified as having Header Protection
based on one of two signals:
* The Cryptographic Payload has Content-Type: message/rfc822 or
Content-Type: message/global and the parameter hp has a value of
clear or cipher, and the hp-scheme has a value of wrapped. See
Section 2.7.4 for rendering guidance.
* The Cryptographic Payload has some other Content-Type and it has
parameter hp set to clear or cipher. See Section 2.7.3 for
rendering guidance.
Gillmor, et al. Expires 5 December 2024 [Page 35]
Internet-Draft Cryptographic MIME Header Protection June 2024
Messages of both types exist in the wild, and a compliant MUA MUST be
able to handle them both. They provide the same semantics and the
same meaning.
2.7.2. Updating the Cryptographic Summary
Regardless of whether a cryptographically protected message has
protected Header Fields, the Cryptographic Summary of the message
should be modified to indicate what protections the Header Fields
have. This field-by-field status is complex and isn't necessarily
intended to be presented in full to the user. Rather, it represents
the state of the message internally within the MUA, and may be used
to influence behavior like replying to the message (see
Section 2.7.8.1).
Each Header Field individually has exactly one of the following
protection states:
* unprotected (has no Header Protection)
* signed-only (bound into the same validated signature as the
enclosing message, but also visible in transit)
* encrypted-only (only appears within the Cryptographic Payload; the
corresponding external Header Field was either removed or
obscured)
* signed-and-encrypted (same as encrypted-only, but additionally is
under a validated signature)
If the message does not have Header Protection (as determined by
Section 2.7.1), then all of the Header Fields are by definition
unprotected.
If the message has Header Protection, an MUA SHOULD use the following
algorithm to compute the protection state of a protected Header Field
(h,v) (i.e., an element of refprotected from Section 2.5.4):
* Let ct be the Content-Type of the root of the Cryptographic
Payload.
* Let refouter be the list of unprotected Header Fields (as computed
by Section 2.5.4).
* Let is_sig_valid be false
* If the message is signed:
Gillmor, et al. Expires 5 December 2024 [Page 36]
Internet-Draft Cryptographic MIME Header Protection June 2024
- Let is_sig_valid be the result of validating the signature
* If the message is encrypted, and if ct has a parameter hp=cipher,
and if (h,v) is not in refouter:
- Return signed-and-encrypted if is_sig_valid otherwise
encrypted-only
* Return signed-only if is_sig_valid otherwise unprotected
Note that:
* This algorithm is independent of the unprotected Header Fields.
It derives the protection state only from (h,v) and the set of HP-
Outer Header Fields, both of which are inside the Cryptographic
Envelope.
* If the signature fails validation, the MUA lowers the affected
state to unprotected or encrypted-only without warning the user,
as specified by Section 3.1 of [I-D.ietf-lamps-e2e-mail-guidance].
* Data from signed-and-encrypted and encrypted-only Header Fields
may still not be fully private (see Section 6.2).
* Encryption may have been added in transit to an originally signed-
only message. Thus only consider Header Fields to be confidential
if the sender indicates it with the hp=cipher parameter.
* The protection state of a Header Field may be weaker than that of
the message body. For example, a message body can be signed-and-
encrypted, but a Header Field that is copied unmodified to the
unprotected Header Section is signed-only.
If the message has Header Protection, Header Fields that are not in
refprotected (e.g., because they were added in transit), are
unprotected.
Rendering the cryptographic status of each Header Field is likely to
be complex and messy --- users may not understand it. It is beyond
the scope of this document to suggest any specific graphical
affordances or user experience. Future work should include examples
of successful rendering of this information.
Gillmor, et al. Expires 5 December 2024 [Page 37]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.7.3. Rendering a Message with Injected Headers
When the Cryptographic Payload does not have a Content-Type of
message/rfc822 or message/global, and the parameter hp is set to
clear or cipher, the values of the protected Header Fields are drawn
from the Header Fields of the Cryptographic Payload, and the body
that is rendered is the Cryptographic Payload itself.
2.7.3.1. Example Signed-only Message with Injected Headers
Consider a message with this structure, where the MUA is able to
validate the cryptographic signature:
A └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
B └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
C ├─╴text/plain
D └─╴text/html
The message body should be rendered the same way as this message:
B └┬╴multipart/alternative
C ├─╴text/plain
D └─╴text/html
The MUA should render Header Fields taken from part B.
Its Cryptographic Summary should indicate that the message was signed
and all rendered Header Fields were included in the signature.
Because this message is signed-only, none of its parts will have a
Legacy Display Element.
The MUA should ignore Header Fields from part A for the purposes of
rendering.
2.7.3.2. Example Signed-and-Encrypted Message with Injected Headers
Consider a message with this structure, where the MUA is able to
validate the cryptographic signature:
E └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to)
F └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
G └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
H ├─╴text/plain
I └─╴text/html
Gillmor, et al. Expires 5 December 2024 [Page 38]
Internet-Draft Cryptographic MIME Header Protection June 2024
The message body should be rendered the same way as this message:
G └┬╴multipart/alternative
H ├─╴text/plain
I └─╴text/html
It should render Header Fields taken from part G.
Its Cryptographic Summary should indicate that the message is signed-
and-encrypted.
When rendering the Cryptographic Status of a Header Field and when
composing a reply, each Header Field found in G should be considered
against all HP-Outer Header Fields found in G. If an HP-Outer Header
Field is found that matches both the name and value, the Header
Field's Cryptographic Status is just signed-only, even though the
message itself is signed-and-encrypted. If no matching HP-Outer
Header Field is found, the Header Field's Cryptographic Status is
signed-and-encrypted, like the rest of the message.
If any of the User-Facing Header Fields are removed or obscured, the
composer of this message may have placed Legacy Display Elements in
parts H and I.
The MUA should ignore Header Fields from part E for the purposes of
rendering.
2.7.3.3. Do Not Render Legacy Display Elements
As described in Section 2.1, a message with cryptographic
confidentiality protection MAY include Legacy Display Elements for
backward-compatibility with Legacy MUAs. These Legacy Display
Elements are strictly decorative, unambiguously identifiable, and
will be discarded by compliant implementations.
The receiving MUA MUST avoid rendering the identified Legacy Display
Elements to the user at all, since it is aware of Header Protection
and can render the actual protected Header Fields.
If a text/html or text/plain part within the Cryptographic Envelope
is identified as containing Legacy Display Elements, those elements
MUST be hidden when rendering and MUST be dropped when generating a
draft reply or inline forwarded message. Whenever a Message or MIME
subtree is exported, downloaded, or otherwise further processed, if
there is no need to retain a valid cryptographic signature, the
implementer MAY drop the Legacy Display Elements.
Gillmor, et al. Expires 5 December 2024 [Page 39]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.7.3.3.1. Identifying a Part with Legacy Display Elements
A receiving MUA acting on a message that contains an encrypting
Cryptographic Layer identifies a MIME subpart within the
Cryptographic Payload as containing Legacy Display Elements based on
the Content-Type of the subpart. The subpart's Content-Type:
* contains a parameter hp-legacy-display with value set to 1, and
* is either text/html (see Section 2.7.3.3.3) or text/plain (see
Section 2.7.3.3.2).
Note that the term "subpart" above is used in the general sense: if
the Cryptographic Payload is a single part, that part itself may
contain a Legacy Display Element if it is marked with the hp-legacy-
display=1 parameter.
2.7.3.3.2. Omitting Legacy Display Elements from text/plain
If a text/plain part within the Cryptographic Payload has the
Content-Type parameter hp-legacy-display="1", it should be processed
before rendering in the following fashion:
* Discard the leading lines of the body of the part up to and
including the first entirely blank line.
Note that implementing this strategy is dependent on the charset used
by the MIME part.
See Appendix D.1 for an example.
2.7.3.3.3. Omitting Legacy Display Elements from text/html
If a text/html part within the Cryptographic Payload has the Content-
Type parameter hp-legacy-display="1", it should be processed before
rendering in the following fashion:
* If any element of the HTML <body> is a <div> with class attribute
header-protection-legacy-display, that entire element should be
omitted.
This cleanup could be done, for example, as a custom rule in the
MUA's HTML sanitizer, if one exists. Another implementation strategy
for an HTML-capable MUA would be to add an entry to the [CSS]
stylesheet for such a part:
body div.header-protection-legacy-display { display: none; }
Gillmor, et al. Expires 5 December 2024 [Page 40]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.7.4. Rendering a Wrapped Message
When the Cryptographic Payload has Content-Type of message/rfc822 or
message/global, and the parameter hp is set to clear or cipher, and
the parameter hp-scheme is set to wrapped, the values of the
protected Header Fields are drawn from the Header Fields of the
Cryptographic Payload, and the body that is rendered is the body of
the Cryptographic Payload.
2.7.4.1. Example Signed-Only Wrapped Message
Consider a message with this structure, where the MUA is able to
validate the cryptographic signature:
J └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
K └┬╴message/rfc822 [Cryptographic Payload]
L └┬╴multipart/alternative [Rendered Body]
M ├─╴text/plain
N └─╴text/html
The message body should be rendered the same way as this message:
L └┬╴multipart/alternative
M ├─╴text/plain
N └─╴text/html
It should render Header Fields taken from part K.
Its Cryptographic Summary should indicate that the message was signed
and all rendered Header Fields were included in the signature.
The MUA should ignore Header Fields from part J for the purposes of
rendering.
2.7.4.2. Example Signed-and-Encrypted Wrapped Message
Consider a message with this structure, where the MUA is able to
validate the cryptographic signature:
O └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to)
P └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
Q └┬╴message/rfc822 [Cryptographic Payload]
R └┬╴multipart/alternative [Rendered Body]
S ├─╴text/plain
T └─╴text/html
Gillmor, et al. Expires 5 December 2024 [Page 41]
Internet-Draft Cryptographic MIME Header Protection June 2024
The message body should be rendered the same way as this message:
R └┬╴multipart/alternative
S ├─╴text/plain
T └─╴text/html
It should render Header Fields taken from part Q.
Its Cryptographic Summary should indicate that the message is signed-
and-encrypted.
When rendering the Cryptographic Status of a Header Field and when
composing a reply, each Header Field found in Q should be considered
against all HP-Outer Header Fields found in Q. If an HP-Outer Header
Field is found that matches both the name and value, the Header
Field's Cryptographic Status is just signed-only, even though the
message itself is signed-and-encrypted. If no matching HP-Outer
Header Field is found, the Header Field's Cryptographic Status is
signed-and-encrypted, like the rest of the message.
The MUA should ignore Header Fields from part O for the purposes of
rendering.
2.7.5. Guidance for Automated Message Handling
Some automated systems have a control channel that is operated by
e-mail. For example, an incoming e-mail message could subscribe
someone to a mailing list, initiate the purchase of a specific
product, approve another message for redistribution, or adjust the
state of some shared object.
To the extent that such a system depends on end-to-end cryptographic
guarantees about the e-mail control message, Header Protection as
described in this document should improve the system's security.
This section provides some specific guidance for systems that use
e-mail messages as a control channel that want to benefit from these
security improvements.
2.7.5.1. Interpret Only Protected Header Fields
Consider the situation where an e-mail-based control channel depends
on the message's cryptographic signature and the action taken depends
on some Header Field of the message.
In this case, the automated system MUST rely on information from the
Header Field that is protected by the mechanism described in this
document. It MUST NOT rely on any Header Field found outside the
Cryptographic Payload.
Gillmor, et al. Expires 5 December 2024 [Page 42]
Internet-Draft Cryptographic MIME Header Protection June 2024
For example, consider an administrative interface for a mailing list
manager that only accepts control messages that are signed by one of
its administrators. When an inbound message for the list arrives, it
is queued (waiting for administrative approval) and the system
generates and listens for two distinct e-mail addresses related to
the queued message -- one that approves the message, and one that
rejects it. If an administrator sends a signed control message to
the approval address, the mailing list verifies that the protected To
Header Field of the signed control message contains the approval
address before approving the queued message for redistribution. If
the protected To Header Field does not contain that address, or there
is no protected To Header Field, then the mailing list logs or
reports the error and does not act on that control message.
2.7.5.2. Ignore Legacy Display Elements
Consider the situation where an e-mail-based control channel expects
to receive an end-to-end encrypted message -- for example, where the
control messages need confidentiality guarantees -- and where the
action taken depends on the contents of some MIME part within the
message body.
In this case, the automated system that decrypts the incoming
messages and scans the relevant MIME part MUST identify when the MIME
part contains a Legacy Display Element (see Section 2.7.3.3.1), and
it MUST parse the relevant MIME part with the Legacy Display Element
removed.
For example, consider an administrative interface of a confidential
issue tracking software. An authorized user can confidentially
adjust the status of a tracked issue by a specially formatted first
line of the message body (for example, severity #183 serious). When
the user's MUA encrypts a plain text control message to this issue
tracker, depending on the MUA's HCP and its choice of legacy value,
it may add a Legacy Display Element. If it does so, then the first
line of the message body will contain a decorative copy of the
confidential Subject Header Field. The issue tracking software
decrypts the incoming control message, identifies that there is a
Legacy Display Element in the part (see Section 2.7.3.3.1), strips
the lines comprising the Legacy Display Element (including the first
blank line), and only then parses the remaining top line to look for
the expected special formatting.
Gillmor, et al. Expires 5 December 2024 [Page 43]
Internet-Draft Cryptographic MIME Header Protection June 2024
2.7.6. Affordances for Debugging and Troubleshooting
Note that advanced users of an MUA may need access to the original
message, for example to troubleshoot problems with the rendering MUA
itself, or problems with the SMTP transport path taken by the
message.
An MUA that applies these rendering guidelines SHOULD ensure that the
full original source of the message as it was received remains
available to such a user for debugging and troubleshooting.
If a troubleshooting scenario demands information about the
cryptographically protected values of Header Fields, and the message
is encrypted, the debugging interface SHOULD also provide a "source"
view of the Cryptographic Payload itself, alongside the full original
source of the message as received.
2.7.7. Rendering Other Schemes
Other MUAs may have generated different structures of messages that
aim to offer end-to-end cryptographic protections that include Header
Protection. This document is not normative for those schemes, and it
is NOT RECOMMENDED to generate these other schemes, as they can
either have structural flaws or simply render poorly on Legacy MUAs.
A conformant MUA MAY attempt to infer Header Protection when
rendering an existing message that appears to use some other scheme
not documented here. Pointers to some known other schemes can be
found in Appendix E.
2.7.8. Replying to an Encrypted Message with Header Protection
When composing a reply to a message with Header Protection, the MUA
is acting both as a receiving MUA and as a sending MUA. For
encrypted messages, special guidance applies, because information can
leak in at least two ways: leaking previously confidential Header
Fields, and leaking the entire message by replying to the wrong
party.
2.7.8.1. Avoid Leaking Encrypted Header Fields in Replies
As noted in Section 5.4 of [I-D.ietf-lamps-e2e-mail-guidance], an MUA
in this position MUST NOT leak previously encrypted content in the
clear in a follow-up message. The same is true for protected Header
Fields.
Values from any Header Field that was identified as either encrypted-
only or signed-and-encrypted based on the steps outlined above MUST
NOT be placed in cleartext output when generating a message.
Gillmor, et al. Expires 5 December 2024 [Page 44]
Internet-Draft Cryptographic MIME Header Protection June 2024
In particular, if Subject was encrypted, and it is copied into the
draft encrypted reply, the replying MUA MUST obscure the unprotected
(cleartext) Subject Header Field as described above.
When crafting the Header Fields for a reply message, the composing
MUA SHOULD make use of the HP-Outer Header Fields from within the
Cryptographic Envelope of the reference message to ensure that Header
Fields derived from the reference message do not leak in the reply.
See Section 2.5.5 for an explicit algorithm to handle this cleanly.
Consider a Header Field in a reply message that is generated by
derivation from a Header Field in the reference message. For
example, the To Header Field is typically derived from the reference
message's Reply-To or From Header Fields. When generating the outer
copy of the Header Field, the composing MUA first applies its own
Header Confidentiality Policy. If the Header Field's value is
changed by the HCP, then it is applied to the outside header. If the
Header Field's value is unchanged, the composing MUA re-generates the
Header Field using the Header Fields that had been on the outside of
the original message at sending time. These can be inferred from the
HP-Outer Header Fields located within the Cryptographic Payload of
the referenced message. If that value is itself different than the
protected value, then it is applied to the outside header. If the
value is the same as the protected value, then it is simply copied to
the outside header directly. Whether it was changed or not, it is
noted in the protected Header Section using HP-Outer, as described in
Section 2.5.3.
See Appendix C.2 for a simple worked example of this process.
2.7.8.2. Avoid Misdirected Replies
When replying to a message, the Composing MUA typically decides who
to send the reply to based on:
* the Reply-To, Mail-Followup-To, or From Header Fields
* optionally, the other To or Cc Header Fields (if the user chose to
"reply all")
When a message has Header Protection, the replying MUA MUST populate
the destination fields of the draft message using the protected
Header Fields, and ignore any unprotected Header Fields.
This mitigates against an attack where Mallory gets a copy of an
encrypted message from Alice to Bob, and then replays the message to
Bob with an additional Cc to Mallory's own e-mail address in the
message's outer (unprotected) Header Section.
Gillmor, et al. Expires 5 December 2024 [Page 45]
Internet-Draft Cryptographic MIME Header Protection June 2024
If Bob knows Mallory's certificate already, and he replies to such a
message without following the guidance in this section, it's likely
that his MUA will encrypt the cleartext of the message directly to
Mallory.
2.7.9. Implicitly rendered Header Fields
While From, To, Cc, Subject, and Date are often explicitly rendered
to the user, some Header Fields do affect message display, without
being explicitly rendered.
For example, Message-Id, References, and In-Reply-To Header Fields
may collectively be used to place a message in a "thread" or series
of messages.
In another example, Section 2.7.8.2 observes that the value of the
Reply-To field can influence the draft reply message. So while the
user may never see the Reply-To Header Field directly, it is
implicitly "rendered" when the user interacts with the message by
replying to it.
An MUA that depends on any implicitly rendered Header Field in a
message with Header Protection MUST use the value from the protected
Header Field, and SHOULD NOT use any value found outside the
cryptographic protection unless it is known to be a Header Field
added in transit, as specified in Section 2.7.10.
2.7.10. Unprotected Header Fields Added in Transit
Some Header Fields are legitimately added in transit and could not
have been known to the sender at message composition time.
The most common of these Header Fields are Received and DKIM-
Signature, neither of which are typically rendered, either explicitly
or implicitly.
If a receiving MUA has specific knowledge about a given Header Field,
including that:
* the Header Field would not have been known to the original sender,
and
* the Header Field might be rendered explicitly or implicitly,
then the MUA MAY decide to operate on the value of that Header Field
from the unprotected Header Section, even though the message has
Header Protection.
Gillmor, et al. Expires 5 December 2024 [Page 46]
Internet-Draft Cryptographic MIME Header Protection June 2024
The MUA MAY prefer to verify that the Header Fields in question have
additional transit-derived cryptographic protections before rendering
or acting on them. For example, the MUA could verify whether these
Header Fields are covered by an appropriate and valid ARC-
Authentication-Results (see [RFC8617]) or DKIM-Signature (see
[RFC6376]) Header Field.
Specific examples of user-meaningful Header Fields commonly added by
transport agents appear below.
2.7.10.1. Mailing list Header Fields: List-* and Archived-At
If the message arrives through a mailing list, the list manager
itself may inject Header Fields (most have a List- prefix) in the
message:
* List-Archive
* List-Subscribe
* List-Unsubscribe
* List-Id
* List-Help
* List-Post
* Archived-At
For some MUAs, these Header Fields are implicitly rendered, by
providing buttons for actions like "Subscribe", "View Archived
Version", "Reply List", "List Info", etc.
An MUA that receives a message with Header Protection that contains
these Header Fields in the unprotected section, and that has reason
to believe the message is coming through a mailing list MAY decide to
render them to the user (explicitly or implicitly) even though they
are not protected.
2.7.11. Handling Undecryptable Messages
An MUA might receive an apparently encrypted message that it cannot
currently decrypt. For example, when an MUA does not have regular
access to the secret key material needed for decryption, it cannot
know the cryptographically protected Header Fields or even whether
the message has any cryptographically protected Header Fields.
Gillmor, et al. Expires 5 December 2024 [Page 47]
Internet-Draft Cryptographic MIME Header Protection June 2024
Such an undecrypted message will be rendered by the MUA as a message
without any Header Protection. This means that the message summary
may well change how it is rendered when the user is finally able to
supply the secret key.
For example, the rendering of the Subject Header Field in a mailbox
summary might change from [...] to the real message subject when the
message is decrypted. Or the message's placement in a message thread
might change if, say, References or In-Reply-To have been removed or
obscured (see Section 2.7.9).
Additionally, if the MUA does not retain access to the decrypting
secret key, and it drops the decrypted form of a message, the
message's rendering may revert to the encrypted form. For example,
if an MUA follows this behavior, the Subject Header Field in a
mailbox summary might change from the real message subject back to
[...]. Or the message might be yanked out of its current thread if
the MUA loses access to a removed References or In-Reply-To header.
These behaviors are likely to surprise the user. However, an MUA has
several possible ways of reducing or avoiding all of these surprises,
including:
* Ensuring that the MUA always has access to decryption-capable
secret key material.
* Rendering undecrypted messages in a special quarantine view until
the decryption-capable secret key material is available.
To reduce or avoid the surprises associated with a decrypted message
with removed or obscured Header Fields becoming undecryptable, the
MUA could also:
* Securely cache metadata from a decrypted message's protected
Header Fields so that its rendering doesn't change after the first
decryption.
* Securely store the session key associated with a decrypted
message, so that attempts to read the message when the long-term
secret key are unavailable can proceed using only the session key
itself. See, for example, the discussion about stashing session
keys in Section 9.1 of [I-D.ietf-lamps-e2e-mail-guidance].
Gillmor, et al. Expires 5 December 2024 [Page 48]
Internet-Draft Cryptographic MIME Header Protection June 2024
3. E-mail Ecosystem Evolution
This document is intended to offer tooling needed to improve the
state of the e-mail ecosystem in a way that can be deployed without
significant disruption. Some elements of this specification are
present for transitional purposes, but would not exist if the system
were designed from scratch.
This section describes these transitional mechanisms, as well as some
suggestions for how they might eventually be phased out.
3.1. Dropping Legacy Display Elements
Any decorative Legacy Display Element added to an encrypted message
that uses the Injected Header scheme is present strictly for enabling
Header Field visibility (most importantly, the Subject Header Field)
when the message is viewed with a decryption-capable Legacy MUA.
Eventually, the hope is that most decryption-capable MUAs will
conform to this specification, and there will be no need for
injection of Legacy Display Elements in the message body. A survey
of widely used decryption-capable MUAs might be able to establish
when most of them do support this specification.
At that point, a composing MUA could set the legacy parameter
described in Section 2.5.6 to false by default or could even hard-
code it to false, yielding a much simpler message construction set.
Until that point, an end user might want to signal that their
receiving MUAs are conformant to this document so that a peer
composing a message to them can set legacy to false. A signal
indicating capability of handling messages with Header Protection
might be placed in the user's cryptographic certificate, or in
outbound messages.
This document does not attempt to define the syntax or semantics of
such a signal.
3.2. More Ambitious Default Header Confidentiality Policy
This document defines a few different forms of Header Confidentiality
Policy. An MUA implementing an HCP for the first time SHOULD deploy
hcp_minimal as recommended in Section 2.6. This HCP offers the most
commonly expected protection (obscuring the Subject Header Field)
without risking deliverability or rendering issues.
Gillmor, et al. Expires 5 December 2024 [Page 49]
Internet-Draft Cryptographic MIME Header Protection June 2024
The HCPs proposed in this document are relatively conservative and
still leak a significant amount of metadata for encrypted messages.
This is largely done to ensure deliverability (see Section 1.4.2) and
usability, as messages without some critical Header Fields are more
likely to not reach their intended recipient.
In the future, some mail transport systems may accept and deliver
messages with even less publicly visible metadata. Many MTA
operators today would ask for additional guarantees about such a
message to limit the risks associated with abusive or spammy mail.
This specification offers the HCP formalism itself as a way for MUA
developers and MTA operators to describe their expectations around
message deliverability. MUA developers can propose a more ambitious
default HCP, and ask MTA operators (or simply test) whether their
MTAs would be likely to deliver or reject encrypted mail with that
HCP applied. Proponents of a more ambitious HCP should explicitly
document the HCP and name it clearly and unambiguously to facilitate
this kind of interoperability discussion.
Reaching widespread consensus around a more ambitious global default
HCP is a challenging problem of coordinating many different actors.
A piecemeal approach might be more feasible, where some signalling
mechanism allows a message recipient, MTA operator, or third-party
clearinghouse to announce what kinds of HCPs are likely to be
deliverable for a given recipient. In such a situation, the default
HCP for an MUA might involve consulting the signalled acceptable HCPs
for all recipients, and combining them (along with a default for when
no signal is present) in some way.
If such a signal were to reach widespread use, it could also be used
to guide reasonable statistical default HCP choices for recipients
with no signal.
This document does not attempt to define the syntax or semantics of
such a signal.
3.3. Deprecation of Messages Without Header Protection
At some point, when the majority of MUA clients that can generate
cryptographically protected messages with Header Protection, it
should be possible to deprecate any cryptographically protected
message that does not have Header Protection.
Gillmor, et al. Expires 5 December 2024 [Page 50]
Internet-Draft Cryptographic MIME Header Protection June 2024
For example, as noted in Section 4.1, it's possible for an MUA to
render a signed-only message that has no Header Protection the same
as an unprotected message. And a signed-and-encrypted message
without Header Protection could likewise be marked as not fully
protected.
These stricter rules could be adopted immediately for all messages.
Or an MUA developer could roll them out immediately for any new
message, but still treat an old message (based on the Date Header
Field and cryptographic signature timestamp) more leniently.
A decision like this by any popular receiving MUA could drive
adoption of this standard for sending MUAs.
4. Usability Considerations
This section describes concerns for MUAs that are interested in easy
adoption of Header Protection by normal users.
While they are not protocol-level artifacts, these concerns motivate
the protocol features described in this document.
See also the Usability commentary in Section 2 of
[I-D.ietf-lamps-e2e-mail-guidance].
4.1. Mixed Protections Within a Message Are Hard To Understand
When rendering a message to the user, the ideal circumstance is to
present a single cryptographic status for any given message.
However, when message Header Fields are present, some message Header
Fields do not have the same cryptographic protections as the main
message.
Representing such a mixed set of protection statuses is very
difficult to do in a way that a Ordinary User can understand. There
are at least three scenarios that are likely to be common, and poorly
understood:
* A signed message with no Header Protection.
* A signed-and-encrypted message with no Header Protection.
* A signed-and-encrypted message with Header Protection as described
in this document, where some User-Facing Header Fields have
confidentiality but some do not.
Gillmor, et al. Expires 5 December 2024 [Page 51]
Internet-Draft Cryptographic MIME Header Protection June 2024
An MUA should have a reasonable strategy for clearly communicating
each of these scenarios to the user. For example, an MUA operating
in an environment where it expects most cryptographically protected
messages to have Header Protection could use the following rendering
strategy:
* When rendering a message with signed-only cryptographic status but
no Header Protection, an MUA may decline to indicate a positive
security status overall, and only indicate the cryptographic
status to a user in a message properties or diagnostic view. That
is, the message may appear identical to an unsigned message except
if a user verifies the properties through a menu option.
* When rendering a message with signed-and-encrypted or encrypted-
only cryptographic status but no Header Protection, overlay a
warning flag on the typical cryptographic status indicator. That
is, if a typical signed-and-encrypted message displays a lock
icon, display a lock icon with a warning sign (e.g., an
exclamation point in a triangle) overlaid. See, for example, the
graphics in [chrome-indicators].
* When rendering a message with signed-and-encrypted or encrypted-
only cryptographic status, with Header Protection, but where the
Subject Header Field has not been removed or obscured, place a
warning sign on the Subject line.
Other simple rendering strategies could also be reasonable.
4.2. Users Should Not Have To Choose a Header Confidentiality Policy
This document defines the abstraction of a Header Confidentiality
Policy object for the sake of communication between implementers and
deployments.
Most e-mail users are unlikely to understand the tradeoffs between
different policies. In particular, the potential negative side
effects (e.g., poor deliverability) may not be easily attributable by
a normal user to a particular HCP.
Therefore, MUA implementers should be conservative in their choice of
default HCP, and should not require the Ordinary User to make an
incomprehensible choice that could cause unfixable, undiagnosable
problems. The safest option is for the MUA developer to select a
known, stable HCP (this document recommends hcp_minimal in
Section 2.6) on the user's behalf. An MUA should not expose the
Ordinary User to a configuration option where they are expected to
manually select (let alone define) an HCP.
Gillmor, et al. Expires 5 December 2024 [Page 52]
Internet-Draft Cryptographic MIME Header Protection June 2024
4.3. Users Should Not Have To Choose a Header Protection Scheme
This document describes two Header Protection schemes: Injected
Headers (Section 2.1) and Wrapped Messages (Section 2.2).
These distinct schemes are described for the sake of implementers who
may have to deal with messages found in the wild, but their intended
semantics are identical. They represent different tradeoffs in terms
of rendering and user experience on the recipient's side, which an
Ordinary User writing a message is not prepared to select.
When composing a message with cryptographic protections, the Ordinary
User should not be confronted with any choices about which Header
Protection scheme to use. Rather, the MUA developer should use a
single scheme for all outbound cryptographically protected messages.
This document recommends the Injected Headers scheme (see Section 2).
5. Security Considerations
This document describes a mechanism for improving the security of
cryptographically protected e-mail messages. Following the guidance
in this document should improve security for users of these
technologies by more directly aligning the underlying messages with
user expectations about confidentiality, authenticity, and integrity.
However, many existing messages with cryptographic protections do not
employ these mechanisms for header protection, and MUAs encountering
these messages will need to handle older forms (without Header
Protection) for quite some time. An implementation that deals with
legacy message archives will need to deal with all the various
formats forever. Helping the user distinguish between cryptographic
protections of various messages is a difficult job for message
renderers.
However, on the message generation side, the situation is much
clearer: there is a standard form that a protected message can take,
and an implementer can always generate the standard form. Generating
the standard form also makes it more likely that any receiving
implementation will be able to handle the generated message
appropriately.
The security considerations from Section 6 of [RFC8551] continue to
apply for any MUA that offers S/MIME cryptographic protections, as
well as Section 3 of [RFC5083] (Authenticated-Enveloped-Data in CMS)
and Section 14 of [RFC5652] (CMS more broadly). Likewise, the
security considerations from Section 8 of [RFC3156] continue to apply
for any MUA that offers PGP/MIME cryptographic protections, as well
as Section 13 of [I-D.ietf-openpgp-crypto-refresh-13] (OpenPGP
Gillmor, et al. Expires 5 December 2024 [Page 53]
Internet-Draft Cryptographic MIME Header Protection June 2024
itself). In addition, these underlying security considerations are
now also applicable to the contents of the message header, not just
the message body.
5.1. Avoid Cryptographic Summary Confusion from hp Parameter
When parsing a message, the recipient MUA infers the message's
Cryptographic Status from the Cryptographic Layers, as described in
Section 4.6 of [I-D.ietf-lamps-e2e-mail-guidance].
The Cryptographic Layers that make up the Cryptographic Envelope
describe an ordered list of cryptographic properties as present in
the message after it has been delivered. By contrast, the hp
parameter to the Content-Type Header Field contains a simpler
indication: whether the sender originally tried to encrypt the
message or not. In particular, for a message with Header Protection,
the Cryptographic Payload should have a hp parameter of cipher if the
message is encrypted (in addition to signed), and clear if no
encryption is present (that is, the message is signed-only).
As noted in Section 2.3, the receiving implementation should not
inflate its estimation of the confidentiality of the message or its
Header Fields based on the sender's intent, if it can see that the
message was not actually encrypted. A signed-only message that
happens to have an hp parameter of cipher is still signed-only.
Conversely, since the encrypting Cryptographic Layer is typically
outside the signature layer (see Section 5.2 of
[I-D.ietf-lamps-e2e-mail-guidance]), an originally signed-only
message could have been wrapped in an encryption layer by an
intervening party before receipt, to appear encrypted.
If a message appears to be wrapped in an encryption layer, and the hp
parameter is present but is not set to cipher, then it is likely that
the encryption layer was not added by the original sender. For such
a message, the lack of any HP-Outer Header Field in the Header
Section of the Cryptographic Payload MUST NOT be used to infer that
all Header Fields were removed from the message by the original
sender. In such a case, the receiving MUA SHOULD treat every Header
Field as though it was not confidential.
5.2. Caution about Composing with Legacy Display Elements
When composing a message, it's possible for a Legacy Display Element
to contain risky data that could trigger errors in a rendering
client.
Gillmor, et al. Expires 5 December 2024 [Page 54]
Internet-Draft Cryptographic MIME Header Protection June 2024
For example, if the value for a Header Field to be included in a
Legacy Display Element within a given body part contains folding
whitespace, it should be "unfolded" before generating the Legacy
Display Element: all contiguous folding whitespace should be replaced
with a single space character. Likewise, if the header value was
originally encoded with [RFC2047], it should be decoded first to a
standard string and re-encoded using the charset appropriate to the
target part.
When including a Legacy Display Element in a text/plain part (see
Section 2.5.6.1), if the decoded Subject Header Field contains a pair
of newlines (e.g., if it is broken across multiple lines by encoded
newlines), any newline MUST be stripped from the Legacy Display
Element. If the pair of newlines is not stripped, a receiving MUA
that follows the guidance in Section 2.7.3.3.2 might leave the later
part of the Legacy Display Element in the rendered message.
When including a Legacy Display Element in a text/html part (see
Section 2.5.6.2), any material in the header values should be
explicitly HTML escaped to avoid being rendered as part of the HTML.
At a minimum, the characters <, >, and & should be escaped to <,
>, and &, respectively (see for example [HTML-ESCAPES]). If
unescaped characters from removed or obscured header values end up in
the Legacy Display Element, a receiving MUA that follows the guidance
in Section 2.7.3.3.3 might fail to identify the boundaries of the
Legacy Display Element, cutting out more than it should, or leaving
remnants visible. And a Legacy MUA parsing such a message might
misrender the entire HTML stream, depending on the content of the
removed or obscured header values.
The Legacy Display Element is a decorative addition solely to enable
visibility of obscured or removed Header Fields in decryption-capable
Legacy MUAs. When it is produced, it should be generated minimally
and strictly, as described above, to avoid damaging the rest of the
message.
5.3. Plaintext Attacks
An encrypted e-mail message using S/MIME or PGP/MIME tends to have
some amount of predictable plaintext. For example, the standard MIME
headers of the Cryptographic Payload of a message are often a
predictable sequence of bytes, even without Header Protection, when
they only include the Structural Header Fields MIME-Version and
Content-Type. This is a potential risk for known-plaintext attacks.
Gillmor, et al. Expires 5 December 2024 [Page 55]
Internet-Draft Cryptographic MIME Header Protection June 2024
Including protected Header Fields as described in this document
increases the amount of known plaintext. Since some of those headers
in a reply will be derived from the message being replied to, this
also creates a potential risk for chosen-plaintext attacks, in
addition to known-plaintext attacks.
Modern message encryption mechanisms are expected to be secure
against both known-plaintext attacks and chosen-plaintext attacks.
An MUA composing an encrypted message should ensure that it is using
such a mechanism, regardless of whether it does Header Protection.
6. Privacy Considerations
6.1. Leaks When Replying
The encrypted Header Fields of a message may accidentally leak when
replying to the message. See the guidance in Section 2.7.8.
6.2. Encrypted Header Fields Are Not Always Private
For encrypted messages, depending on the sender's HCP, some Header
Fields may appear both within the Cryptographic Envelope and on the
outside of the message (e.g., Date might exist identically in both
places). Section 2.7.2 identifies such a Header Field as signed-
only. These Header Fields are clearly _not_ private at all, despite
a copy being inside the Cryptographic Envelope.
A Header Field whose name and value are not matched verbatim by any
HP-Outer Header Field from the same part will have encrypted-only or
signed-and-encrypted status. But even Header Fields with these
stronger levels of cryptographic confidentiality protection might not
be as private as the user would like.
See the examples below.
This concern is true for any encrypted data, including the body of
the message, not just the Header Fields: if the sender isn't careful,
the message contents or session keys can leak in many ways that are
beyond the scope of this document. The message recipient has no way
in principle to tell whether the apparent confidentiality of any
given piece of encrypted content has been broken via channels that
they cannot perceive. Additionally, an active intermediary aware of
the recipient's public key can always encrypt a cleartext message in
transit to give the recipient a false sense of security.
Gillmor, et al. Expires 5 December 2024 [Page 56]
Internet-Draft Cryptographic MIME Header Protection June 2024
6.2.1. Encrypted Header Fields Can Leak Unwanted Information to the
Recipient
For encrypted messages, even with an ambitious HCP that successfully
obscures most Header Fields from all transport agents, Header Fields
will be ultimately visible to all intended recipients. This can be
especially problematic for Header Fields that are not user-facing,
which the sender may not expect to be injected by their MUA.
Consider the three following examples:
* The MUA may inject a User-Agent Header Field that describes itself
to every recipient, even though the sender may not want the
recipient to know the exact version of their OS, hardware
platform, or MUA.
* The MUA may have an idiosyncratic way of generating a Message-ID
header, which could embed the choice of MUA, a time zone, a
hostname, or other subtle information to a knowledgeable
recipient.
* The MUA may erroneously include a Bcc Header Field in the
origheaders of a copy of a message sent to the named recipient,
defeating the purpose of using Bcc instead of Cc (see Section 6.4
for more details about risks related to Bcc).
Clearly, no end-to-end cryptographic protection of any Header Field
as described in this document will hide such a sensitive field from
the intended recipient. Instead, the composing MUA MUST populate the
origheaders list for any outbound message with only information the
recipient should have access to. This is true for messages without
any cryptographic protection as well, of course, and it is even worse
there: such a leak is exposed to the transport agents as well as the
recipient. An encrypted message with Header Protection and a more
ambitious Header Confidentiality Policy avoid these leaks exposing
information to the transport agents but cannot defend against such a
leak to the recipient.
6.2.2. Encrypted Header Fields Can Be Inferred From External or
Internal Metadata
For example, if the To and Cc Header Fields are removed from the
unprotected Header Section, the values in those fields might still be
inferred with high probability by an adversary who looks at the
message either in transit or at rest. If the message is found in, or
being delivered to a mailbox for bob@example.org, it's likely that
Bob was in either To or Cc. Furthermore, encrypted message
ciphertext may hint at the recipients: for S/MIME messages, the
RecipientInfo, and for PGP/MIME messages the key ID in the Public Key
Gillmor, et al. Expires 5 December 2024 [Page 57]
Internet-Draft Cryptographic MIME Header Protection June 2024
Encrypted Session Key (PKESK) packets will all hint at a specific set
of recipients. Additionally, an MTA that handles the message may add
a Received Header Field (or some other custom Header Field) that
leaks some information about the nature of the delivery.
6.2.3. Encrypted Header Fields May Not Be Fully Masked by HCP
In another example, if the HCP modifies the Date header to mask out
high-resolution time stamps (e.g., rounding to the most recent hour)
and to convert the local time zone to UTC, some information about the
date of delivery will still be attached to the e-mail. At the very
least, the low resolution, global version of the date will be present
on the message. Additionally, Header Fields like Received that are
added during message delivery might include higher-resolution
timestamps. And if the message lands in a mailbox that is ordered by
time of receipt, even its placement in the mailbox and the non-
obscured Date Header Fields of the surrounding messages could leak
this information.
Some Header Fields like From may be impossible to fully obscure, as
many modern message delivery systems depend on at least domain
information in the From Header Field for determining whether a
message is coming from a domain with "good reputation" (that is, from
a domain that is not known for leaking spam). So even if an
ambitious HCP opts to remove the human-readable part from any From
Header Field, and to standardize/genericize the local part of the
From address, the domain will still leak.
6.3. A Naive Recipient May Overestimate the Cryptographic Status of a
Header Field in an Encrypted Message
When an encrypted (or signed-and-encrypted) message is in transit, an
active intermediary can strip or tamper with any Header Field that
appears outside the Cryptographic Envelope. A receiving MUA that
naively infers cryptographic status from differences between the
external Header Fields and those found in the Cryptographic Envelope
could be tricked into overestimating the protections afforded to some
Header Fields.
For example, if the original sender's HCP passes through the Cc
Header Field unchanged, a cleanly delivered message would indicate
that the Cc Header Field has a cryptographic status of signed. But
if an intermediary attacker simply removes the Header Field from the
unprotected Header Section before forwarding the message, then the
naive recipient might believe that the field has a cryptographic
status of signed-and-encrypted.
Gillmor, et al. Expires 5 December 2024 [Page 58]
Internet-Draft Cryptographic MIME Header Protection June 2024
This document offers protection against such an attack by way of the
HP-Outer Header Fields that can be found on the Cryptographic
Payload. If a Header Field appears to have been obscured by
inspection of the outer message, but an HP-Outer Header Field matches
it exactly, the receiving MUA can indicate to the user that the
Header Field in question may not have been confidential.
In such a case, a cautious MUA may render the Header Field in
question as signed (because the sender did not hide it), but still
treat it as signed-and-encrypted during reply, to avoid accidental
leakage of the cleartext value in the reply message, as described in
Section 2.7.8.1.
6.4. Privacy and Deliverability Risks with Bcc and Encrypted Messages
As noted in Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance],
handling Bcc when generating an encrypted e-mail message can be
particularly tricky. With Header Protection, there is an additional
wrinkle. When an encrypted e-mail message with Header Protection has
a Bcc'ed recipient, and the composing MUA explicitly includes the
Bcc'ed recipient's address in their copy of the message (see the
"second method" in Section 3.6.3 of [RFC5322]), that Bcc Header Field
will always be visible to the Bcc'ed recipient.
In this scenario, though, the composing MUA has one additional
choice: whether to hide the Bcc Header Field from intervening message
transport agents, by returning null when the HCP is invoked for Bcc.
If the composing MUA's rationale for including an explicit Bcc in the
copy of the message sent to the Bcc recipient is to ensure
deliverability via a message transport agent that inspects message
Header Fields, then stripping the Bcc field during encryption may
cause the intervening transport agent to drop the message entirely.
This is why Bcc is not explicitly stripped in hcp_minimal.
If, on the other hand, deliverability to a Bcc'ed recipient is not a
concern, the most privacy-preserving option is to simply omit the Bcc
Header Field from the protected Header Section in the first place.
An MUA that is capable of receiving and processing such a message can
infer that since their user's address was not mentioned in any To or
Cc Header Field, they were likely a Bcc recipient.
Please also see Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance] for
more discussion about Bcc and encrypted messages.
Gillmor, et al. Expires 5 December 2024 [Page 59]
Internet-Draft Cryptographic MIME Header Protection June 2024
7. IANA Considerations
This document requests IANA to register the following Header Field in
the "Permanent Message Header Field Names" registry within "Message
Headers" in accordance with [RFC3864].
+============+==========+==========+==========+===============+
| Header | Template | Protocol | Status | Reference |
| Field Name | | | | |
+============+==========+==========+==========+===============+
| HP-Outer | | mail | standard | Section 2.5.3 |
| | | | | of RFCXXXX |
+------------+----------+----------+----------+---------------+
Table 3: Additions to 'Permanent Message Header Field
Names' registry
The Author/Change Controller of these two entries (Section 4.5 of
[RFC3864]) should be the IETF itself.
This document also defines the Content-Type parameters known as hp
(in Section 2.3) and hp-scheme (in Section 2.4). Consequently, the
Content-Type row in the "Permanent Message Header Field Names"
registry should add a reference to this RFC to its "References"
column.
That is, the current row:
+===================+==========+==========+========+===========+
| Header Field Name | Template | Protocol | Status | Reference |
+===================+==========+==========+========+===========+
| Content-Type | | MIME | | [RFC4021] |
+-------------------+----------+----------+--------+-----------+
Table 4: Existing row in 'Permanent Message Header Field
Names' registry
Should be updated to have the following values:
+===================+==========+==========+========+===========+
| Header Field Name | Template | Protocol | Status | Reference |
+===================+==========+==========+========+===========+
| Content-Type | | MIME | | [RFC4021] |
| | | | | [RFCXXXX] |
+-------------------+----------+----------+--------+-----------+
Table 5: Replacement row in 'Permanent Message Header Field
Names' registry
Gillmor, et al. Expires 5 December 2024 [Page 60]
Internet-Draft Cryptographic MIME Header Protection June 2024
This document also requests IANA to create a new registry in the
"Mail Parameters" protocol group (https://www.iana.org/assignments/
mail-parameters/) titled Mail Header Confidentiality Policies with
the following content:
+========================+=================+=========+=============+
| Header Confidentiality | Description |Reference| Recommended |
| Policy Name | | | |
+========================+=================+=========+=============+
| hcp_no_confidentiality | No header |Section | N |
| | confidentiality |2.6.3 of | |
| | |RFCXXX | |
| | |(this | |
| | |document)| |
+------------------------+-----------------+---------+-------------+
| hcp_minimal | Subject Header |Section | Y |
| | Field is |2.6.1 of | |
| | obscured |RFCXXX | |
| | |(this | |
| | |document)| |
+------------------------+-----------------+---------+-------------+
| hcp_strong | Remove or |Section | N |
| | obscure |2.6.2 of | |
| | everything but |RFCXXX | |
| | From, Date, To, |(this | |
| | and Cc |document)| |
+------------------------+-----------------+---------+-------------+
Table 6: Mail Header Confidentiality Policies registry
hcp_example_hide_cc is mooted as an example in Section 2.5.2 but is
not formally registered by this document.
Please add the following textual note to this registry:
The Header Confidentiality Policy Name never appears on the wire.
This registry merely tracks stable references to implementable
descriptions of distinct policies. Any addition to this registry
should be governed by guidance in Section 2.6.4.1 of RFC XXX (this
document).
Adding an entry to this registry with an N in the "Recommended"
column follows the registration policy of SPECIFICATION REQUIRED.
Adding an entry to this registry with a Y in the "Recommended" column
or changing the "Recommended" column in an existing entry (from N to
Y or vice versa) requires IETF REVIEW. During IETF REVIEW, the
designated expert must also be consulted. Guidance for the
designated expert can be found in Section 2.6.4.1.
Gillmor, et al. Expires 5 December 2024 [Page 61]
Internet-Draft Cryptographic MIME Header Protection June 2024
8. Acknowledgments
Thore Göbel identified significant gaps in earlier versions of this
document, and proposed concrete and substantial improvements. Thanks
to his contributions, the document is clearer, and the protocols
described herein are more useful.
Additionally, the authors would like to thank the following people
who have provided helpful comments and suggestions for this document:
Berna Alp, Bernhard E. Reiter, Carl Wallace, Claudio Luck, David
Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars
Rohwedder, Michael StJohns, Nicolas Lidzborski, Peter Yee, Phillip
Tao, Robert Williams, Rohan Mahy, Roman Danyliw, Russ Housley, Sofia
Balicka, Steve Kille, Volker Birk, and Wei Chuang.
9. References
9.1. Normative References
[I-D.ietf-lamps-e2e-mail-guidance]
Gillmor, D. K., Hoeneisen, B., and A. Melnikov, "Guidance
on End-to-End E-mail Security", Work in Progress,
Internet-Draft, draft-ietf-lamps-e2e-mail-guidance-16, 16
March 2024, <https://datatracker.ietf.org/doc/html/draft-
ietf-lamps-e2e-mail-guidance-16>.
[I-D.ietf-openpgp-crypto-refresh-13]
Wouters, P., Huigens, D., Winter, J., and N. Yutaka,
"OpenPGP", Work in Progress, Internet-Draft, draft-ietf-
openpgp-crypto-refresh-13, 4 January 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-
crypto-refresh-13>.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
<https://www.rfc-editor.org/rfc/rfc2045>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864,
DOI 10.17487/RFC3864, September 2004,
<https://www.rfc-editor.org/rfc/rfc3864>.
Gillmor, et al. Expires 5 December 2024 [Page 62]
Internet-Draft Cryptographic MIME Header Protection June 2024
[RFC5083] Housley, R., "Cryptographic Message Syntax (CMS)
Authenticated-Enveloped-Data Content Type", RFC 5083,
DOI 10.17487/RFC5083, November 2007,
<https://www.rfc-editor.org/rfc/rfc5083>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/rfc/rfc5234>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/rfc/rfc5322>.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, DOI 10.17487/RFC5652, September 2009,
<https://www.rfc-editor.org/rfc/rfc5652>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/rfc/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/rfc/rfc8551>.
9.2. Informative References
[chrome-indicators]
Schechter, E., "Evolving Chrome's security indicators",
May 2018, <https://blog.chromium.org/2018/05/evolving-
chromes-security-indicators.html>.
[CSS] World Wide Web Consortium, "Cascading Style Sheets Level 2
Revision 2 (CSS 2.2) Specification", 12 April 2016,
<https://www.w3.org/TR/2016/WD-CSS22-20160412/>.
[HTML-ESCAPES]
W3C, "Using character escapes in markup and CSS", n.d.,
<https://www.w3.org/International/questions/qa-
escapes#use>.
Gillmor, et al. Expires 5 December 2024 [Page 63]
Internet-Draft Cryptographic MIME Header Protection June 2024
[I-D.autocrypt-lamps-protected-headers]
Einarsson, B. R., "juga", and D. K. Gillmor, "Protected
Headers for Cryptographic E-mail", Work in Progress,
Internet-Draft, draft-autocrypt-lamps-protected-headers-
02, 20 December 2019,
<https://datatracker.ietf.org/doc/html/draft-autocrypt-
lamps-protected-headers-02>.
[I-D.ietf-lamps-samples]
Gillmor, D. K., "S/MIME Example Keys and Certificates",
Work in Progress, Internet-Draft, draft-ietf-lamps-
samples-08, 2 February 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-lamps-
samples-08>.
[I-D.pep-email]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
Email Formats and Protocols", Work in Progress, Internet-
Draft, draft-pep-email-02, 16 December 2022,
<https://datatracker.ietf.org/doc/html/draft-pep-email-
02>.
[I-D.pep-general]
Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy
privacy (pEp): Privacy by Default", Work in Progress,
Internet-Draft, draft-pep-general-02, 16 December 2022,
<https://datatracker.ietf.org/doc/html/draft-pep-general-
02>.
[PGPCONTROL]
UUNET Technologies, Inc., "Authentication of Usenet Group
Changes", 27 October 2016,
<https://ftp.isc.org/pub/pgpcontrol/>.
[PGPVERIFY-FORMAT]
Lawrence, D. C., "Signing Control Messages, Verifying
Control Messages", n.d.,
<https://www.eyrie.org/~eagle/usefor/other/pgpverify>.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, DOI 10.17487/RFC2047, November 1996,
<https://www.rfc-editor.org/rfc/rfc2047>.
[RFC2049] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Five: Conformance Criteria and
Examples", RFC 2049, DOI 10.17487/RFC2049, November 1996,
<https://www.rfc-editor.org/rfc/rfc2049>.
Gillmor, et al. Expires 5 December 2024 [Page 64]
Internet-Draft Cryptographic MIME Header Protection June 2024
[RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler,
"MIME Security with OpenPGP", RFC 3156,
DOI 10.17487/RFC3156, August 2001,
<https://www.rfc-editor.org/rfc/rfc3156>.
[RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail
Extensions (S/MIME) Version 3.1 Message Specification",
RFC 3851, DOI 10.17487/RFC3851, July 2004,
<https://www.rfc-editor.org/rfc/rfc3851>.
[RFC4021] Klyne, G. and J. Palme, "Registration of Mail and MIME
Header Fields", RFC 4021, DOI 10.17487/RFC4021, March
2005, <https://www.rfc-editor.org/rfc/rfc4021>.
[RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet
Mail Extensions (S/MIME) Version 3.2 Message
Specification", RFC 5751, DOI 10.17487/RFC5751, January
2010, <https://www.rfc-editor.org/rfc/rfc5751>.
[RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed.,
"DomainKeys Identified Mail (DKIM) Signatures", STD 76,
RFC 6376, DOI 10.17487/RFC6376, September 2011,
<https://www.rfc-editor.org/rfc/rfc6376>.
[RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized
Email Headers", RFC 6532, DOI 10.17487/RFC6532, February
2012, <https://www.rfc-editor.org/rfc/rfc6532>.
[RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based
Message Authentication, Reporting, and Conformance
(DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,
<https://www.rfc-editor.org/rfc/rfc7489>.
[RFC8617] Andersen, K., Long, B., Ed., Blank, S., Ed., and M.
Kucherawy, Ed., "The Authenticated Received Chain (ARC)
Protocol", RFC 8617, DOI 10.17487/RFC8617, July 2019,
<https://www.rfc-editor.org/rfc/rfc8617>.
Appendix A. Possible Problems with Legacy MUAs
When an e-mail message with end-to-end cryptographic protection is
received by a mail user agent, the user might experience many
different possible problematic interactions. A message with Header
Protection may introduce new forms of user experience failure.
Gillmor, et al. Expires 5 December 2024 [Page 65]
Internet-Draft Cryptographic MIME Header Protection June 2024
In this section, the authors enumerate different kinds of failures we
have observed when reviewing, rendering, and replying to messages
with different forms of Header Protection in different Legacy MUAs.
Different Legacy MUAs demonstrate different subsets of these
problems.
A conformant MUA would not exhibit any of these problems. An
implementer updating their Legacy MUA to be compliant with this
specification should consider these concerns and try to avoid them.
Recall that "protected" refers to the "inner" values, e.g., the real
Subject, and "unprotected" refers to the "outer" values, e.g., the
dummy Subject.
A.1. Problems Viewing Messages in a List View
* Unprotected Subject, Date, From, To are visible (instead of being
replaced by protected values)
* Threading is not visible
A.2. Problems when Rendering a Message
* Unprotected Subject is visible
* Protected Subject (on its own) is visible in the body
* Protected Subject, Date, From, and To visible in the body
* User interaction needed to view whole message
* User interaction needed to view message body
* User interaction needed to view protected subject
* Impossible to view protected Subject
* Nuisance alarms during user interaction
* Impossible to view message body
* Appears as a forwarded message
* Appears as an attachment
* Security indicators not visible
Gillmor, et al. Expires 5 December 2024 [Page 66]
Internet-Draft Cryptographic MIME Header Protection June 2024
* Security indicators do not identify protection status of Header
Fields
* User has multiple different methods to reply (e.g., reply to
outer, reply to inner)
* User sees English "Subject:" in body despite message itself being
in non-English
* Security indicators do not identify protection status of Header
Fields
* Header Fields in body render with local Header Field names (e.g.,
showing "Betreff" instead of "Subject") and dates (TZ, locale)
A.3. Problems when Replying to a Message
Note that the use case here is:
* User views message, to the point where they can read it
* User then replies to message, and they are shown a message
composition window, which has some UI elements
* If the MUA has multiple different methods to reply to a message,
each way may need to be evaluated separately
This section also uses the shorthand UI:x to mean "the UI element
that the user can edit that they think of as x."
* Unprotected Subject is in UI:subject (instead of the protected
Subject)
* Protected Subject is quoted in UI:body (from Legacy Display
Element)
* Protected Subject leaks when the reply is serialised into MIME
* Protected Subject is not anywhere in UI
* Message body is _not_ visible/quoted in UI:body
* User cannot reply while viewing protected message
* Reply is not encrypted by default (but is for legacy signed-and-
encrypted messages without Header Protection)
Gillmor, et al. Expires 5 December 2024 [Page 67]
Internet-Draft Cryptographic MIME Header Protection June 2024
* Unprotected From or Reply-To is in UI:To (instead of the protected
From or Reply-To)
* User's locale (lang, TZ) leaks in quoted body
* Header Fields not protected (and in particular, Subject is not
obscured) by default
Appendix B. Test Vectors
This section contains sample messages using the different schemes
described in this document. Each sample contains a MIME object, a
textual and diagrammatic view of its structure, and examples of how
an MUA might render it.
The cryptographic protections used in this document use the S/MIME
standard, and keying material and certificates come from
[I-D.ietf-lamps-samples].
These messages should be accessible to any IMAP client at
imap://bob@header-protection.cmrg.net/ (any password should
authenticate to this read-only IMAP mailbox).
You can also download copies of these test vectors separately at
https://header-protection.cmrg.net.
If any of the messages downloaded differ from those offered here,
this document is the canonical source.
B.1. Baseline Messages
These messages offer no header protection at all, and can be used as
a baseline. They are provided in this document as a counterexample.
An MUA implementer can use these messages to verify that the reported
cryptographic summary of the message indicates no header protection.
B.1.1. No Cryptographic Protections Over a Simple Message
This message uses no cryptographic protection at all. Its body is a
text/plain message.
It has the following structure:
└─╴text/plain 152 bytes
Its contents are:
Gillmor, et al. Expires 5 December 2024 [Page 68]
Internet-Draft Cryptographic MIME Header Protection June 2024
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: no-crypto
Message-ID: <no-crypto@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500
User-Agent: Sample MUA Version 1.0
This is the no-crypto message.
This message uses no cryptographic protection at all. Its body
is a text/plain message.
--
Alice
alice@smime.example
B.1.2. S/MIME Signed-only signedData Over a Simple Message, No Header
Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses no header protection.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 3852 bytes
⇩ (unwraps to)
└─╴text/plain 204 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part
Message-ID: <smime-one-part@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500
User-Agent: Sample MUA Version 1.0
MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq
hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz
YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh
Gillmor, et al. Expires 5 December 2024 [Page 69]
Internet-Draft Cryptographic MIME Header Protection June 2024
IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp
biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD
Gillmor, et al. Expires 5 December 2024 [Page 70]
Internet-Draft Cryptographic MIME Header Protection June 2024
fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB
UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL
UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO
HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F
KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L
DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW
fC6Pm51fEkabbmw=
B.1.3. S/MIME Signed-only multipart/signed Over a Simple Message, No
Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses no
header protection.
It has the following structure:
└┬╴multipart/signed 4191 bytes
├─╴text/plain 224 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are:
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="052";
micalg="sha-256"
Subject: smime-multipart
Message-ID: <smime-multipart@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500
User-Agent: Sample MUA Version 1.0
--052
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
This is the smime-multipart message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a text/plain
message. It uses no header protection.
--
Alice
alice@smime.example
Gillmor, et al. Expires 5 December 2024 [Page 71]
Internet-Draft Cryptographic MIME Header Protection June 2024
--052
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
Gillmor, et al. Expires 5 December 2024 [Page 72]
Internet-Draft Cryptographic MIME Header Protection June 2024
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCDAkJYhqVAHhprkzEWP6PweksoYhj5ULTLbcfQ9Tu3C
zDANBgkqhkiG9w0BAQEFAASCAQCJe818STb4M4utvQsdcQEH0CZR7I38uL5TSZF3
llKmD9PuCDuV3GIkfdmZISKRuffBle1xaNc2av/0Qogr7OaFF485DAONVAEIQ7ah
t94pwgAE4yvXXWKmFQkKid1tnMXbnHADKWU0YC+BQkgd/5J3zg4ESeMwOUm0+b3C
GDaUBTIJhHfu9sqlt7jXa7PbzQEfemYZORPI14/uZSs86SLkPvNGUpWb4mN6olC0
2h/U4SCpq8Oy390oNM0VNpoa+nsTu5yOFc34pMIvjwCJyIOYPaDnvw9FYgr2oOp7
cdOgFcSJ8q7I+Tx2yg60VW8tAT7UBkifc37UUuVbnOsqeVB3
--052--
B.1.4. S/MIME Encrypted and Signed Over a Simple Message, No Header
Protection
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses no header protection.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 6720 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 3960 bytes
⇩ (unwraps to)
└─╴text/plain 240 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: smime-enc-signed
Message-ID: <smime-enc-signed@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500
User-Agent: Sample MUA Version 1.0
MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABkhXjCE2R5v6AnfDwZavtMgZTjv3IvN/oqM
RXa8Ux3HsfW3Onz3NJYd9akVrOrV++agUQ1yr3Aga++Ame174SqPIRpY+o/f2S7D
vU/ChmuqB0izBGZ0pIYDxy1YjtKjLKeu3KmC4vDQFVrUlBh6s7I5rf92UWgJN7eK
OVPb1kdUABVL/krl6fwxJEbDy4n01C44k14HdnBbBocdO+eLZl5XQ1bcTqimY1fu
aWaZGYgVDdNdyj2xiZy4hLSYoy+vJYur7fju1M0cSeLwYbQ64R9uJgbgV8UG6JwB
DBdNF6WJPdugiOQZ7RJ7VtfwTARJS3sZC4h2IesT+wZYK1+qlhwwggGEAgEAMGww
Gillmor, et al. Expires 5 December 2024 [Page 73]
Internet-Draft Cryptographic MIME Header Protection June 2024
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAI/JaOhGB/OqAT+oMhHSbtULN
MXL6++GGnRyd8KP+YVeqLHYCTbyKZ491pvJVdzcuO0lRTe3zZbnYast9Tfjln96i
f3dgNOZAp6De3FnVkOoGHuZIKUIdeTe3335V1exB5sQTNKKJNUmng/6HfANLUNhj
Eer4NOi56koz5dIBnhh6YCEBKtoQGcbhUVtimldrp+1P+4V87Vv6+Ihh3YTDsKd+
BYNcwjbR8e1Mit4ZuXwd5pKn0D6uiKCjq2EOlbPrfXvjQrZvbi/RRNnN+OROopgQ
+/qdpZAF3SW/wGePa8MSx4EWa/q4H585uCeu66vS9FdedWuYsj/pWu5MgPeyjTCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKz00cOFtmQhqDpL0ngaQuiAghAA
CT/SY8tAntNxBNl1CGUiYu+iq7PPD/WuBdGTfuiwl4cxmIsRTi/cOK8/0UGs/Cu5
LBxaWswJvR1U0PdcgSCF11LbfsCSjlrXHAZN0SSGWUqEQDwpywsRd3FfvSKnkI/w
fZGxio3estykcuAvqHQKM+GYncjbFUJ1Pb7py7mEoq2mMlZM/N3Vxuk2CGSAfhTo
W23yuk/Owcb05VUkRiMqfuzMwKIpex7ZkrdJcJOrsfPHx5ZK5s57kAWuuCo0HApN
tIVsrQ9JqxbV2mZtlJ2gz5r2QQhoH31+65KQk8WEdhbY/jkJer+GzNOsCRI8u0Jg
MjcqsTRUWrRHUK1o5wGq9B0d4KNBvysbr8sUkFsv6XKFvNb9DDJZO1hB/XnY0KyJ
PtjRR8dNHj1H4VpX5qSJyICsqYo+tP5zIw9W2I/+i9stJW+kXnvnMHSOHL6kCDXu
QaUsx5KIlWkw4sBdxmyudMnfbBfetUQnaZfAKZgkw0o4X/4qf4GtR6MX36WUc0rj
Qj51TRpgS8P+iIBTQvk2YVXx7mFpy7hHyvoFYqNob0tbwFKFWrg/MzPE4cNrlJ4d
1bpY5PbCECrwXrB0GFLGnsHvsjcmXlfVX6LHbEI0kMyJlEgnihurobXHAgf5uBeb
ECfZVpXzJTTkKBsniRCudUOBUmG11Ag8zd5OkjHCtDD2R6X4r1isP2jhgN62ejlN
82gQ7V2VzsNOhLqiw5k5su9UIbCMgtHmzUG+UxudoGm+gt5YDKFgu49KjtRy8Xmy
ZWYet/18X1W0qbXuhfrf8ExKQ2wMtcvgUmOrW/Ep9XeU8Z4LJCU5DICWJkdOqlpm
CurpMZuH6zimt0bQcV0Vaa+hYvj+aXJMEr3SRC2928nXgV/Wdl1QZLQfuqLliNI1
OQg9GS9hG6CxuG2DBAe8/9dbY2RML7+bLZgzGRy+a2zkYvSUum2h0ghcOMvzAWgk
ci4pkjzEdF/serPhra6vkbeudfq18NW3qReSVCwjl15arhNkveLwG85aNZCUHPcH
KRyukCvNtLeu1m2eK2vxwjA4zrpLXWEPKvRphSLD9CtZBNxocFUdKZy/ir91EyzF
qvbWA40atU+GP4AsBwjOK3ZeHy1V2xN6aZdNWUxWsRyt2AF3StN8T6rkw/QYpT/5
73QGTQpMUTY4sUQf9Wlg9HWvo44+H7ZVmv8CPMScwKC3YZ1+E0bPWz4ZE6OgW7qo
tChRV7qtZ7PHSLZdP0DiSIai+gXmeQJBH6Tsth0nrq+J9D7J89H+HGQlasxX6mhD
xJClpCkzu40/F2JIUyechixC+9fLqlsvTIxaqNZsf79Gf7Fvbu0E/WiVoqL6OFEr
06qBNQI4GNMYQDDFepxVfwTYQRBBmwxzbqqprFaS2x6Pmd0aHQ6V6ixe8G8CrJEn
0k38+vukQ50NtmWHsqY8u2gGiy5eN/HOVX9MWzOXLybq+UULSaUeS3Jx5W6uJImX
preumWSD0/WojmErySEjb131jHbXmWFEqUfNhXzt99AOHyGwJeJ7lzz8pKWY9hbT
r3fPZfSaAeViMfYgM4TJBuDsBcf5rNfYplMVjWiC1a28yp8XYuiUVRosvKMW7SaA
ojGnElZoPf66h3UUqdGkSkwdQ7aE/CGV8TPh12KIHwWkatkCUHLlEBxk9zBnlhkt
K6AsBqp/xKOMLb+e3JiLaqmMM8UNiHIBsJBjcPvxBKB3wb7FFgfEY4eKSBfYO1MH
YtLTHJ1tgJsgx8qUlPsCHjW15vmlhV8TBchKbstmswDl7CJiMLqxfzAVBLdiV5LP
cvK2oXxRPgCHL3qp+GM7qhLJVxsvMBQG/T4rQM6ORq0ZJRWGRlrrrWD061eQQ/eO
1SP1yeNL9KINh2UUgkM9OyvL85HzpKsHbLp+VSPvPe5++OFYyw0N5WBt3kZesLWG
pJmFsNVCDm7rbJUm+8Qm5/O+xQrGNP38juvxqZmuFT3MyT+npl6qnq80Q00TM/yH
jgEIc3rvL7Z2A1Nti+NDvPyd+q/MbHfZQmm/YZfEnavjDVIO/XO2GoCxmKHuDYMJ
9EQ/25UpfF4fbYhF8ZYhlqQNozU/g8BKNxOds+uiNgewBHYI0izDRftNMajSdmN1
5t7JjOmS5txxwU5yMakl+3mWc333ZI0Q/2QRL7SIJXUnLpx2FgeNREWJfaJAJZKF
PQBw4TdRjwK9+FZvdvHd08HFpOO4LMERsGlgwYULbsw+l5qQ8d5CX8knebgdAmJC
cNzFCdLpJ41Weg/om4FejeB82iezgmiwTX68AvFrbvAnllvW46b3FZDban2PcQ+5
72NpMfY36UmsdKcC28a1Ap+Hx+eMWK5w817SwMZuWuHDjyYIYvXuZDFJECxzA8zA
reOAe5sZS5gCBqPjYMo751x52vs1SRVoYWfdr2hKDaeTWuC6DQR8DXsVMwaJ6J/N
pLmGccihFrKUkKzOQMa6ZMeUERzjywcMPB5Px79D511lEPhmejd3U6rS330lja8S
Gillmor, et al. Expires 5 December 2024 [Page 74]
Internet-Draft Cryptographic MIME Header Protection June 2024
R7iuHzL4i+PsSfmM8zmjXGVG9pMmy0u83j9SHH2vsWbSOWavgsSJTn7LdUdRAxrG
pmHnBMN+AcqIoodcZELxGW9uGbG+VB/dnr9HldQO1vH0hSgOuYknhuQ7IM4jhATj
mzWctWxuEf3PfWShkXCLFDly4avuFvJLnIzRWXNHZK009SkLjYJhvKM6xZjM2fWN
oRvdHFITiZRDolQGUPMXhQJHMTMtF/yBuDdC529FXcy7ID/gRuUjX7oXibsN2bbW
FMx6122ijwN4vPU0ioO0HJCrPK1FMaOd3sUZCEuYqDoBBvUjDBox1BID7lVGtcRn
jr0H7B7dRn6hDpTIlrH4hUu4WLgeyLYgKB0t/F1eyc3uxoxsSg8yHy9dzi/eBa3/
xDky1/ZFZyjQyQaXOMv+1aLLy9cUxSdGfFH8o8ziFBr1FTbX+Pjx4YDOkqPZkCMI
puG8KczO44pUwY2ZGx/u4WMeIY8N5MPY3hxoGSxfUyfZ7jzGsD1Jrc8NIELwwr9V
ZzzlSVtfNwFV5RuXQRJIfFzrxoe9+FobCM/+6hKrBkJ1WxeCd7ZTvqj5plXLayVS
bhx29NtpauqA/HCWQz6/26yTtL7Qv+KeltomquvHMVjdoHRCR32cdwLinK1q3p/z
AgWk7YjnXhN2QZPg8iqhHE5MEOcVWAxnGA3NJYw/0ky6FAGxe+4utVicpJJCDhVY
6wFtLpF3wygdlgv0uuTZRLKTc/U0170ChR5r43uSSTQ61HWXM5AtPKM1b/tRQ/yb
Sv+oB3VlOfZzdu6ZlbgNINeaguYlDbV+Du0LkVL6qPoYbJsn1v8hmZXlkJ7ILEN4
hyDg9Ik0Jx0QrezIgPVXPuRTwivXSGoFy2TLx37JfclnB2A0haHd12w1dkbG1+S3
4+mc4hPpl6JXt9MrhjJuxvXzGO4x86zk0CNmeS/hptl7As44SQQrbS01fmI2bVQD
W3l5N/TK9q72ARxWzPHFkcFFAp1B/mLMpJxMt2cq4stDuz5BOPq5/7YYInw78Q0r
fZozLoHPI0ByzS/yGiNZfWD960i0BPb/tk2BdJYPHDtLeCQsI0DLTGukCA+gYSQZ
wUp48ZL6JXG5Urx1AT+QZ+x37TZeRF0fviVJGHTfz4Xi/dinmvyc/SFIBuLbpTf6
b16RmyPg4RJAqY9l44W6gWfnMK4d07mhymC0xrPZQzQJfm4iG8U277zFYhRNnDv/
kPg3EyJKqXrF+ixFC95GB6lbzgBxS0DyOxdxG4cS8oVUc6gFkO+TCAaNpB61pR32
ifn36SU/h8HqVwIQfdQHAy022jcnYHxG1IALb122omFwmDf+8GsrYl3lAChxg+1x
OR9HWTyVAnjXHSpLtEpCMSM4KDYPqAYrVYHhFp3dRoWjoYMvoDYmtVLRG9jPgT3N
XjLrPedjjX/GS45HTdwpiFfNUrdoEfvJceMU+BqNMU/Ci1GCFm8oTpA53CqbXKeX
9iMNMnDeiQMZj7CAz6avlHR+pRM6X+2MMXJw+syi1Y0xSdxhagWoIciAlu31/6To
frOBOLH56Iyduo62e1jAM4c+5meRl7ZU5nvP+R30maUDKri9hbqcu7wGSLc38+IO
Etpt6uSKr5d1cyULtmFYMIx9koIE1IcI/0bZa3tc5GpjomLQsDMGXSIgkHO11QzG
7uJEPIuonpPj3HmEtBNhyBwf6/BM3vLD5BDfV9tWqy25sB/phxKbZkdZQJogvFz1
5g6tOSi7moswXuzKMDr9XpUhpEXv72As5CZxbXHppeVjG3dJID4ZvP4fIcNZNJf+
TrgqnYK2wBmW+B8UPeL+uyO1Q5KawD+iCTcb/Z4JaRHiG42bldTfYfegmYlc+CV0
wb+Ct05aggP+TCTVpCFTZUDqZlgkWklzEpw3pZ7AY9vkNdBoydki2E36rMge7lu0
+8nUUDtg1XjbKzqaNOfEm8UdJX1uzBzGpK0z8EukYzgcA4ah7IAmgeu71kkfeMp+
EDA6FmPSti0Ut4O7ZkN4Lid5vpE8QiPPhnFknBQkDqa8ESi48XBQ1V03nNtJw1U6
CRPMgJBhnI+z3D9LhxM3Hqpg3k41IMM7FD825HxHh/Mdua4Bazb3Bfwl2HKtIt8G
Bnz4ND1JS9KQ8bwy85Fu23fQQPKxiw0sy/KXqRsoy9QiZKgjVbtyal11R5HiChvC
zPqk82csjnkUY7YkYuCQkZX+oo+f/qj9rY+YaX1prAJVvSmw1gTayQsrYy1KHg7K
d5ZQunDCHOyeCobH1xoQ4XICZTzRANsdzbJrIvVb/FJm5Bk/ZcAuw73loPS2EtOq
kvTM/Xmiz1WSGbEgDYnjIEjik2A0P1+jKzIIGy44Rul4tQBXr0fzlGfNWjWLjMY9
MT3DIRJdtEe84iUAmu3+5PIPHmCTZi8rtbAbFR/Sd+NbJUnEtD68tSinkQzrUbcl
jl1pKHCGNH6nvlkwUD7APAHX4f0oGotrEF4x8mwg7kUFR/R9j52NlKgKsK6x7T4W
xKgCeE3r0mMEE6eEWyyNaR1tccfOKM/UYe716G4TRXzZTzsdXX0JRJKd7liENzJG
RBnPez0k6A1yD+7FpRcF+MQ1IwslmESI3L/Fu7ojB2UV3HyoS5ktDZtZFmRQCmHG
OEgSuJpq39fn7nfr8g7SOoq362dVBZ92tQo9tMKSpJeSz5nqFf7fChoxQTpwwYRi
k1/ZpxZ3lAKA5SGuaABeDhoXsln7ph2IRpF00YJuY50TZfl2HAEp4AYxelf72ZDm
EqCSYEvs1awZab+WRQWSP4QrcTAVr32PJDR4dFFbKGDiXsb4TTenDGS2cBapnxAX
zupE/1Pu5gyZ8J9Q/PCUjN1ks7NrZ4mENiXrIm1qfRLhuh8YBKyCVrB5QhQCm6EP
uXCEUFUPn+IgaQe2UdbYCdgpblvfXz6plQ95OHM0xILsk7+bfXuKxkLJY83Iw5Yo
jcUYvsL/sr5y+vJpvpyY4g==
Gillmor, et al. Expires 5 December 2024 [Page 75]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.1.5. No Cryptographic Protections Over a Complex Message
This message uses no cryptographic protection at all. Its body is a
multipart/alternative message with an inline image/png attachment.
It has the following structure:
└┬╴multipart/mixed 1406 bytes
├┬╴multipart/alternative 794 bytes
│├─╴text/plain 206 bytes
│└─╴text/html 304 bytes
└─╴image/png inline 232 bytes
Its contents are:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="c39"
Subject: no-crypto-complex
Message-ID: <no-crypto-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500
User-Agent: Sample MUA Version 1.0
--c39
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="05a"
--05a
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the no-crypto-complex message.
This message uses no cryptographic protection at all. Its body
is a multipart/alternative message with an inline image/png
attachment.
--
Alice
alice@smime.example
--05a
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
Gillmor, et al. Expires 5 December 2024 [Page 76]
Internet-Draft Cryptographic MIME Header Protection June 2024
<p>This is the <b>no-crypto-complex</b> message.</p>
<p>This message uses no cryptographic protection at all. Its body
is a multipart/alternative message with an inline image/png
attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--05a--
--c39
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--c39--
B.1.6. S/MIME Signed-only signedData Over a Complex Message, No Header
Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png
attachment. It uses no header protection.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5249 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 1288 bytes
├┬╴multipart/alternative 882 bytes
│├─╴text/plain 258 bytes
│└─╴text/html 353 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500
User-Agent: Sample MUA Version 1.0
Gillmor, et al. Expires 5 December 2024 [Page 77]
Internet-Draft Cryptographic MIME Header Protection June 2024
MIIPHwYJKoZIhvcNAQcCoIIPEDCCDwwCAQExDTALBglghkgBZQMEAgEwggVIBgkq
hkiG9w0BBwGgggU5BIIFNU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjMzZSINCg0KLS0zM2UNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9ImUwYiINCg0KLS1lMGINCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt
b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN
CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
IGFuIGlubGluZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh
ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCi0tZTBiDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt
YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+
PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4
PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg
aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl
Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l
LmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1lMGItLQ0KDQotLTMz
ZQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5j
b2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlW
Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
bEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpv
MDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91
bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTMz
ZS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+Rp
wpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPK
J2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ
2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3
lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMH
bM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpq
tQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw
546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXO
SBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2M
fbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHN
aaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwD
Gillmor, et al. Expires 5 December 2024 [Page 78]
Internet-Draft Cryptographic MIME Header Protection June 2024
R6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459Cyq
bqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXnt
dX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRr
jFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP9
68+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dK
vIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCx
qqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATK
RGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNV
HQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cb
bmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVE
DMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhs
plrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnu
mghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4
rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYx
ggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDEwMlow
LwYJKoZIhvcNAQkEMSIEIMhGVzAx/S4dUwqko0cb+oa+gXfmEqw2Iz+svSKpWzC+
MA0GCSqGSIb3DQEBAQUABIIBAGtNM3MMhWZVJdN1nlfSk3mhNk6E+LFoOqG4aiHz
e+HEQjN6bKft5zulMCqh7NKRpRmDcEE9RXDGKGYQ9BKBf6Od/04lolBY/xpPu9G5
XnUTHN3MmqubrTSP3xxU5AozL8i7XmkB68VxKBQ2YpfcXBFGbuvlc6FXkbh2QtRX
UgBZEp+GSxG7o0UVJRa97t6wblUdMwaQ1ONrtBsmrO46bThv4cgrlGBvz8tGfHwR
4HbS/Rp+6jNAS0K9fZ0PQxy2b4M4braYg3f1n4q3dDH8N0XiUcwG8FiB9XQo18+D
fdkZwTVUoDHWjSVdIREobdPI2wdpnGxS/AB1VuiYpcebi4o=
B.1.7. S/MIME Signed-only multipart/signed Over a Complex Message, No
Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection.
It has the following structure:
Gillmor, et al. Expires 5 December 2024 [Page 79]
Internet-Draft Cryptographic MIME Header Protection June 2024
└┬╴multipart/signed 5234 bytes
├┬╴multipart/mixed 1344 bytes
│├┬╴multipart/alternative 938 bytes
││├─╴text/plain 278 bytes
││└─╴text/html 376 bytes
│└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are:
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="452";
micalg="sha-256"
Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500
User-Agent: Sample MUA Version 1.0
--452
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="ac5"
--ac5
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="813"
--813
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the smime-multipart-complex message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.
--
Alice
alice@smime.example
--813
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Gillmor, et al. Expires 5 December 2024 [Page 80]
Internet-Draft Cryptographic MIME Header Protection June 2024
<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--813--
--ac5
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--ac5--
--452
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
Gillmor, et al. Expires 5 December 2024 [Page 81]
Internet-Draft Cryptographic MIME Header Protection June 2024
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCBwnBPnNMORN+JxFvMbZIJ5PtqEBkyDbOtU1Ar5RuGl
LjANBgkqhkiG9w0BAQEFAASCAQBRpXYXiiCEQ/lshkbhpH566H65wAf9rZbGn+r+
o8vLTFSs84ER/EAHGhePmVDiObJS+nXIC7Sa5Y+tUe8JitKPXBQ2oDq2+3tN7tY5
G398yv+LnmYMMf91dlnlyPnQujsEfPSLXYNToa0qBqp1DThm/pfn6RbbOqpZjYr9
fdcNdErDql5+CKaf8R/JDW+hiLyvD0KCpXucWLHb1okt1Jpld4kkaA4wu9Idh9fK
GlN20s+dBXoytH/G6K8NhOh3Qaf3lMP1R60gkvJVJ3j9jIs3/ZG4qH5qWQJHLvi2
WLSxDhkYmZ+dYSCyfIauNkq7a0wauSpZj82elFA7HdyZmNp0
--452--
B.1.8. S/MIME Encrypted and Signed Over a Complex Message, No Header
Protection
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses no
header protection.
It has the following structure:
Gillmor, et al. Expires 5 December 2024 [Page 82]
Internet-Draft Cryptographic MIME Header Protection June 2024
└─╴application/pkcs7-mime [smime.p7m] 8690 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5430 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 1358 bytes
├┬╴multipart/alternative 952 bytes
│├─╴text/plain 294 bytes
│└─╴text/html 389 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: smime-enc-signed-complex
Message-ID: <smime-enc-signed-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500
User-Agent: Sample MUA Version 1.0
MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACdEWqIYhnnbhsQFyFwYMqTkNaMM0ouZTQa8
ec8nVpcuS9opnjPUUFEIv4Qdkgj9V4aYW5f/imWvfVNxMB4DqnULnXK5JdBWgRyu
dIRGt270UWwu1vyFU0gFvKOJLr7sV2g+1VafZ9MGddRQkZEs+ATdIOD3q7oPK7Mh
0hMA8XsfpAhHVmQ3hvaEGL3nQWyMCmRRiWIxFvQ05iuqGvYeFc31OIUIr3x929+/
Znn9uxNzMnIgr4S+vWGAFeC+min5rV+92ZoxPEUSE1TX+TI5a6X3aowSiC+lToQ8
DFwo3X5ODpWqNZobTmySTdMYtGq8LJAKxtjbQphJlcAHEuiKQKIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAqjZyK9gZ2TtaE7FUQPOvu5kK
EWNmIqK3ctcmGnNiiYlRN8vmaEWjryluaHVBZbnaUAohJDJ0Z34zBGQj9ktUaoVg
tSLJOpJMCKF/mCWVJLK34M8WOK9wABV1wXEObdG+O9fGoPUwSggY3bF0E23lIixI
YgG4Oc66xHXZ+7y+KN15asKjcYqzzSBPHIsXFJqtUTnuWsEGBTEHwydMhjwsJWGz
Echt+6XmcHtTg5gj8K4hDf19LAQG2LPrRN+egQRsbF77IGjx8XiEaNFE8nFa0wOF
b2hC43z/zntUD6GfxBFfLmOZKIOGfRcQZGyvQj5BjtG3IMH1h/VXqE4pe93edjCC
Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKyJM3yqJd919lahblzKlQqAghWw
N0wultNQeTBJ8hrbERNuiX5er3BrmjGdxvPeGSbt7RKMTudrME2heSnA2zZU7UL7
szre2VkLyMjrbX7l+ZWF/f6jlLx06dUnVkf2NrvR6xSfKxDHrIeffi27ed2ET6eR
T36e/UH1KRNWQsEyM4jzpSj7x8nOJb3T8eVb6FQ7Y3XaTKTUPGPS57Pu/NBN4iyp
Ie5iVDJ5dPFSHvuixsWhVKTusx2Djc1xCBQwu675SLe21uzcD5jdQfk4p4SMJfDo
NFzGjfjCw/nuwsil/jMp88Ec2BkWRzXx8zi3sHAFG5LkSJiOjMximkIW4woQOM7s
76xXJww0Sl/wysg4O/MC2qJZ0uGNjrU02flindptwGAkozKEjZ3WTIpOP1K3qiQl
nKYTt0UdItpAtULUyzsUcBf5gOzGiEMOAwkX7uzENJoZSMkAr2uLEM2o9861gf9u
PnR/RAbouYiegx23G8a0yj8oW9Iug+eaaQqCEFscNUcoT6i/oY6Dg6M0B0nITqp/
Gillmor, et al. Expires 5 December 2024 [Page 83]
Internet-Draft Cryptographic MIME Header Protection June 2024
57uPwrTT1knZK/ESpL/3xa7mNeRaCMbxvSgMX9SiL83yrQR09mv73YxS0LXkH2k1
0f5nWTn/Z/BTIiQp7LtOs3WBSaFgvAre4pUU61fDVeH/hi+zLqaxs+DDnmVDcaaX
oYr966zre84zQpn8s7gDHdY9QoJ5aSuF7FQDnv6V6tqKFjQHZhNJ2fNvmqTsV+vl
d2WyIlBTVLCYn/WBOWGuIay86YnmOon/SrcAOACyPMT1XQLMd51O+aQpwSPdeB4n
V9eRqLAh3npzWLYbgVdsrSKBBV/KsmEYerBHRQgw8qZ4jTCuLb5XbkY/iFStj6hy
pGeq/H7c9MfFAK4Q/3fOPL8OCcVUuhDe8Z3Sse99nEhASvWh8vFEgnLr86i6ztZX
5kipj/udHTnkO8CjpiOTeLbtrk1YAUQ/cHWOgBgA3rQAfqVqKOqfz8BCOsmk76nQ
zXPIp2aeH9iKUE0er1JqXd4MUD7/752/d6vbk1Cnl62Qq6Bfk8Yf3gB94K9kypD/
J6kubsTtGacrIwv84WZMknC6GpU6j0y8nLAIL2il2ZwtK8kVeu0xm6kSK5wCclzV
Kj4npTMiWNp90NBDwG2Is80P1nLqI/86A1DIKrMqRTFddZI9L8MP5Zal2Cg9EcGT
TtPOkYv0wYusi+t8IVU0HLzWgQoh39emwrTed2m5/hd4b57Z0AXV+cIXw+WNf5c+
jTMuSIG/i20KCEXxpV9ZoxJ0Rmdf3CjnnK25OTbbg4TM+WghVahzt1DZONDEj55g
zucpp6qUW7ZnD+B12DnZjWIY1a5EJzV37vLAvAs9ginSYB+1XgGiiT/F11dK8aLv
58JfYYceuQABCdiABW/76OqF3mWXft69U8+0czzuRzRFVNJ66aNTvH8CS5OSYMQA
c2V/su7Iz/kM0QS7I4CQxV3qhfSCjXaBzRrjbbSkWl8PxtM77uWHeO+5nUkOqtkM
NrCFbXmgM4cYkApO2W4AgeMs2uUCitIIHroRNl1Cy0Hk0gQzJUKCxwiIdseOWo6d
OU2EcbDY83hGLHIPVc0U77x5j35qM08l4wU8RzQ7ViBXdODXLvD/3tjat1v7sG9w
v3W+us5s0/J4UDHEmYevVVzxNJuWMSrG8VMe/RsHPA/XUZhMfVWjey71SjgzmeDE
hMnmqJ+7Mey3JbtDyJcB3YLcV6PB1pWgJxouCXwDdYrCpaAJsyoc9FSWxQL7w85H
+29cQ2vjpLFvUbTYBVXx9QJSjyAH71beHArdd0nMA4e01fbXPj655wdfJ1iTxQoy
39PqUKJQ6VihJ9Umv9ykvFWQKNNeKVhL7CYmO0gQd8naSIKAq0mF5B9rcgndfpoO
FWSM1mEdR6xhWrYEuUcb0QS3qGFR7qmcPsU6TzhfDdz8OmaCg5b97C/TH5biz/9X
3xxqCyfCYrgi+lfJ2G+pRZkzR/igOecFGsUCgKOgZUpdYGw0T934vz3jinkRJ1VG
Qu+5YeUvpRUAaODKGwiXkVW+N6LUTrWaS1lj61YaRJVAN2OMjXJb03GsK8X+b/+P
wFtbTbO8M0gQe/wn3Tuzc2kV9Z9oyFnCKWs57VagmS5qbwG5aypD+QGBPuozvBwC
fFnx2eZY8xw+Mo9OP/tM5F2PSYWS4Aw4xtS+btB+zdahqzFA5Oy4RYZe8rpvyxIW
Lv7q2takDvBpyTxas2a9pTEcq8vO8D5KFPDn84RNOKnRrNihuDdAWywOZCl8c1Nc
QiW/9yTcexmyMgrBxlYUenuOMQhaRLb8bJSgPFhVn4zLeZmMBVw9VOs4cYqWkJtH
S+k3arRwDvtS4HkLm07q63UVsl3t5GfMqUfwHvl8avr+hPgbIGuKFcrJw5BcB/i/
VEZAF3oYcMyiuZvW/KCdAgknhEwsIa+tdHGgTYemtRxH0fxiPeYGGnOdCygfbPoZ
RvgFTKAAd03A4sl3qmXAtgas4ztMz6FBYwQMv2iOJHd0qRjSRmY2EpTCzxKJ2ywJ
0K9miNeYOd4vizaV/t8osNrARbNxqWSx++hYtCNb+/0ZicETVIHEG9blxWnLAxVW
H7LyZngPlrFfiiXpNSk19ZQIaDhNid7+qkaKAjsnyvc4oU3dNap7PNcgRfrMTHmD
WkYGMHtUBcWdfqSjf8bXXV1JGyjZOoBC3ezaYKphVFVUyW4lS0i5UXK9KpUx50R+
uSoDlbtMG5LaH74OW11hHPmSkZlSRxFgB8E5dt3E30fbl6SaL1ooGf+dB8ag+cDl
bI5/gsmGOV+2pZrT1wPMoCQ7ny1/nG9H5yCIZtdIXAgIQXvZe3hdhZg9GLNR5GID
2Q2YLtVyPLfKEvvIN7kg0bXxtkODc7j7LQ6kw8woRuBFOLFEbzbgMfxgflbdJJ9N
BgmAwQTxmE58tKDyy6N7y+2uvs1JC+EwoI0kAiM9ddMZnUlKaau/T0YEyooKN+IG
R/8ilFaIfKmWBtrhzwGQPhgaCwkk/v+rZ+gDG3/jjbYui2Pk5mrw9S9Qans7ZTJM
NauJx3nDdZxX4TXbnIRZsSSyrPdqYMVLWel3KALYGUT88K2rh1HhxYBuHopd9Jh4
iWdhMok1w672QGEyWBcRP9rfcN/gma8D6DTGHyzJKgIAI1nsL6TcpVSqokTiJqOc
3QSH/FpPA2dMcQZTskkxUcjBcSAf1anYmtecRSaCyEza28ruNJBuNXvSSIL+wtdS
hZ5eB0MeoIfEzBBOGgqesoTTffMp7Msa476q0c1Qb7DniZI0Nu6LweUShzYoaxlf
+k6QpG5emrrEb6faAV5WSRG/APBZ89ze/lT7bSJhDP5Cn7EJ52s5bOsaSMESs+/I
I7PxTXK3EKZB5DGPOVOIRGa6ihPJ+utGEqICn2aLZdmfe2lyWpzCtVhGyT3pbNNo
ePRyvnFZU6ZKf7ntMfZUqCUF+JT4BmPyjDhHCQpwfgsaRhj2NzVoYtmkF+hRfyeu
VRcK3qRZbvPUW/Sk4zv+DjZ6M75g4RbMaNRXd4oqQ69yUQj0knCKvErtJSsIlT7w
RgeESsSdXXv0QuI8zMdvn5Cvs/lEsLoB6HCZvPsSyfxuhTGsRFhAbq6Tf7Yl7sJP
Gillmor, et al. Expires 5 December 2024 [Page 84]
Internet-Draft Cryptographic MIME Header Protection June 2024
3WoyTh0JXHaiJbzTyHgRAxFJ5vtTq+i8h6Oi+8XEtYVy4mE+RlkrxwCse8ktc2Tx
Q28hwlT35iuRzCT7xjm2AXF4Ef+E54lu/zQ0/EgHIF/1tXJzmEwoqohDkWceDyXa
Mqd1Ja6WP1nJBn68qMvNV9uFpsop/hAq3R2k68/nMM/fQaSIePToEP7lYOL0N4Kq
yiJ0hbyLoVGMUAfSNX+pmmNWCoU5rTnZOMau9QxQNdWroMTFZl+HdQByZqqdaHLt
qeSs580ScbVaFgbYY70UBj4p1Ti7bnx5Tw6qWgMOvk6EfCACixOmG43MaxBabMIG
ZrT8rbObDvt0orV8HJQGxyt7wy5IH4sGvuQP/sW/iztkgWV92sKkcaPoMvkuWiVi
eTLgN7l9xoUK0ei2KLD2MIMevTU00dvrGucx73Vm8/bv/F/ubL/zwce2RJ+GiHd2
WF8+fB+/vu8g75IM+2hAzbHeP0/iE7QpZPGNlMeoVMAiBQp/3A+eB/f2zMdB3BuN
9PGkdC8BVuRM/DnnIHAXWnSvPCjelLOwBKekyfBg20kgz6T23+qPLyWeUqdjQufT
k7RCdWzLMLo+6A6GwgbqdqNXPehfHDuzhkObw05MVVR8hYgZBxt6lYEAGQEVhjGS
GoVWvI7pMw7+VLI4ke2YU2vzBJHKhpZ6RNPSROoKbik2i0b8zauuaN+Og3L4cZRg
r6jRbGzwjml8pPBJlhxYEztV4L5TjgOadbLaNFtFrrkwn7aZFqU95kPGqvqMQ5kr
QJSWHBSnI2VlMo54cDx9YQXbz0i6i/JjQ5en8lvlgK6XNpjNN2DM7Ol+Gk/ysEOO
JsSKEesq3mxv0+Nv0EOjYm+Do48bnLp1Bq6nuz5EWt27C8evtC/CjBNd/WF4KUxL
bKiH4y4YPKeNJ4n2jXYwBX8TZBYrOvQMIijZvPalFNeXJwaSq5BdGQPq3UfheUeP
CekuXMnysoUSGGkSXRgWzBZVKscsIitTErsKQheY6Kynv8OdR6O3yz3n9Goqeouh
VUyrs1eN7JYY9tmi2A+jQCzeQWRNpXoNq/PLDxkdQyVefNunWwqM5MspjvOvTJVq
L6nzi1zD4elhyRwqVyD2ErCcbor63Ql3mVcWph/oEfWhqSr0iFlfdnO/tNg5gEij
ehns2cM0FpVzXdPKgPZtRabf8rud/cdxAa1JQLEAeouGxBGN2xbDJWcb+L3YXPu4
Fb7ZffH7eYQA3+lpLBlv3uHxlWHyVsjmSRvT0BGXiClhxjtmV7Orq9+P9p23WKRk
ms1NgAON6/Q+78OOpeAgZBjzmlSe+bCkbF0MX/RNMr5Hf+UerUfvEDah/HhWXkT1
zdBRC9t0A1x1j6AZS4vw7kDckW4m5GFzP08uNNGn/YDT697M+S1P6kwzlpsdWed7
+Rpl13YT8wN8eEcIT2KBcmf3JRkfPapJGR3KF1w+LWic9k+nOgdtXukj6FZ6ieEh
JbvNK7fwpjrebzYPPuL3DcfaMInmE1hK5ISa74KHgjNnpj7livldxfGuNCJT9TVe
wFvZGGfza4bIsDiLUk2pHzi0bp7LdggD3wo+7yYYmbG7talfdzE78YJZZqlPOMzg
yrcWf1+RBmHyRsQszlewmSvbJnD3kA5Rk9yzr3QoaALeOCEvwqJLXSbPOazyccIR
nfXvqwUyzTtbIYW4O++dYJXyZ6vdFoWATmc5Gwz5MqG1/No2MUIro7lep1b/2f37
rwGi84lpdLntRas4yBGc/xqWmmJpxFVTEKULtMBsnvpL6bRe2pl6JwsqWvQXrp5y
OnHPaBMtSk8ALF3QIVR/2H4bRGF0goyNVWRKZGY0FQaj07BjOAJjyxDpiS27qCcc
j/HX6wKDJxNBV5SauBsPdclHpJQi0gef1oEqgCW+00cWN8J6lE52/n79fXp0LAkD
2EiTfdlf/pQ78ChICbxsoDcsuKIuqGBSLsKQYstxzoavF+wKRTMslPO5zhpzMpy2
HeHXrqQMNOeDzSovSYAy7xmY2G3vyNl9BmDVbUE22aTylWzgzFZp8w23W2GGD9tX
PSa4B6L44cu6EHkW6vRKZAUtlub1Jrryx1BiY8evH05Si7QepjazDibJhUEF04HQ
+k5Mgwl+WkXJScsbFhX6BLw66HW1rfO3EglUCc1UTl7pbLlgeyP4ZDzGWPtxfzCo
gAYsALJXz67J+Ia/4rzDIVZOidFknHAJUCw7Rd3jsj5NnUV1xNnUfWSXaiRHrcc2
D1r9FtfxS8V55C82D0D0sWII41OW3HGQ9oCA88atZtDMHM2oP5n83fRt+lPgOhnS
LsRVXcokPz83YsK/NVor6r9NLOOWJjia/rJdYjhrMqzfNBjHj6qvFqwzURV28X38
4pt6nG0m+SIc8+bFR4k7I78uXfrJZWn5ykN6oj7Ig0YHXloLW9ykIiCefiIzm8qu
3eUD2JZQaR2563IddYyagxDOXKR4tzZEgos9HqDzthAeEv8Zgn34ZQnrfkTAcguz
fFAOAVD7JE1WboEJwj5xIRM/V6B2HEQ4p0ZRqeb+tjmFwSxYYrqWtrFwWfPAOIXz
bcHGoG9bVp/apVzW7g3JUKoi/RADEaxNxRVjQKKsAgsGS8y1qlOhLDAg17PO54pp
4RLBqLO2Rcb+JVV41/MbLAGiY31siea2d3jAN1kLEPNnjiN37leh3taCO4k5L+a4
XPyxHGkCK4DYeDEeVcuEp2JTjJsaHTvIfvGOSMAdtRDjxllagGM0h1XGNw3gY4P6
ZSAG2BB9vJ/AgRhmjeYLB1kNYw+7hYWFCc1eeGIYb3t1YqdkEGD5vPJnp+qwiK8+
+5SbF24l4uJKGUV1c2xeKn5LdW6PraIGKcB+K1l/hC4CRJ9fkxelZb2b8nSycHRD
CosMkhIzkANuJagAnvwExeYQtHg8bum4jQve6rIHDKbBlop4d+f8HwLyfVES/IzK
8Z+HKwnMZhnRcyIYrFPHsiM+K1uhdWLytmytiRCzMpDJdeQkWqNxHRSAPy0vzZiN
39HhvqPWJcpSm5XYK9qb4CdUviS+0FkywYBOXxYGJvjh5muj+i/QhpCePzWEKwyl
Gillmor, et al. Expires 5 December 2024 [Page 85]
Internet-Draft Cryptographic MIME Header Protection June 2024
F7xzIJFIZOKH/YULprTPVy3Ohqz5zfdyM+BINR4nR2CVA5DcOO+Y0Fei8HvAPgr+
spfaPFbmFjLr+CZLPnvMsKAgPNzwjlrDINMaXA8efYvmlleuQTelM7w//rHXZsmA
JSMBIjDXfiwK340OxkyNwr/VzdpL1SDCOGnxihCSxCO8S4ZX/Rmu0roKm/mkkIob
6DpirctVAMHl6KXUbODLWQeuyrYCSANEU8ahVWTISWla0sBdyYsM7EWkaUJY/6wm
YWvqaCANUl9NpUnT1cBpEFA8cBSEg5ZIwE3uvOmTlcPE6U/SNGGqZSW9su5GE7PC
CD08wIu6edZ4gO9ozf1OOLpmFM5aW6R9qyko80GMXDsxiJtkX4QoUpAx0N4QDidv
+mTIgUYXgevV7fsgRtL57vTEc2wjz3wg63PtLlwKn7md/6cWcqhPvI9xbqFFcCpi
u6R/lPKbZ59t1pZEFdhUSH7Rh7JCTmwH0kkmW3WM3BV/4RXO+4Zb9r8siIFDJMVp
WeIBcE2zSJSo6KVEVjzK0+3TIWtOOFZ8MrkJeKP7FFl+54bDje6IJpnncLaOvm7s
70Wa8TE2jA7g+GNkHIPBIG024otAQxx2MZ4hU9UxBF/kRrkto0BWtjPMcUenZ1bw
pxjwIIRgXca4Dwghb0cqFqfKoWX2xpzbfXp/Q87YE7MJG2SXjjkDrcQ1yXcni8PD
h5NQC+3mRMzcr+ImbLRySuNaocYh3h9kkjJFPa+WdIM=
B.2. Signed-only Messages
These messages are signed-only, using different schemes of header
protection and different S/MIME structure. The use no Header
Confidentiality Policy because the hcp is only relevant when a
message is encrypted.
B.2.1. S/MIME Signed-only signedData Over a Simple Message, Wrapped
Message
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses the Wrapped Message header
protection scheme.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 4323 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 646 bytes
└─╴text/plain 228 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-wrapped
Message-ID: <smime-one-part-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:04:02 -0500
User-Agent: Sample MUA Version 1.0
MIIMdAYJKoZIhvcNAQcCoIIMZTCCDGECAQExDTALBglghkgBZQMEAgEwggKdBgkq
hkiG9w0BBwGgggKOBIICik1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
Gillmor, et al. Expires 5 December 2024 [Page 86]
Internet-Draft Cryptographic MIME Header Protection June 2024
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2xlYXIiOyBocC1zY2hlbWU9IndyYXBwZWQi
DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KTUlNRS1WZXJzaW9uOiAx
LjAKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCIKQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdApTdWJqZWN0OiBzbWltZS1vbmUt
cGFydC13cmFwcGVkCk1lc3NhZ2UtSUQ6IDxzbWltZS1vbmUtcGFydC13cmFwcGVk
QGxocC5leGFtcGxlPgpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4K
VG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkRhdGU6IFNhdCwgMjAgRmViIDIw
MjEgMTA6MDQ6MDIgLTA1MDAKVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9u
IDEuMAoKVGhpcyBpcyB0aGUgc21pbWUtb25lLXBhcnQtd3JhcHBlZCBtZXNzYWdl
LgoKVGhpcyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NT
Izcgc2lnbmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbiBtZXNz
YWdlLiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UKaGVhZGVyIHByb3RlY3Rp
b24gc2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKoIIHpjCC
A88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAw
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIw
MDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNV
BAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSe
d6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQ
fiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIK
M0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9B
yb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG
5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCB
rDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREE
FzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4G
A1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYD
VR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEB
AIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8
e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046g
fPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB
5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvv
jiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ01
5fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrO
mqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2Ug
TG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgW
Pk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18L
ANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtA
wW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4u
rMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtA
V5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XND
U+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwG
CmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNV
HSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLIt
HQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZ
Gillmor, et al. Expires 5 December 2024 [Page 87]
Internet-Draft Cryptographic MIME Header Protection June 2024
MA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF
0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjO
ad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6Qpi
vtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+R
rOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazX
qMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEw
bDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11
f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZI
hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA0MDJaMC8GCSqGSIb3DQEJ
BDEiBCCOrk0lj1GiG2Z3VRmbH0+SZhfGpt7UBHISWw12EtMv2jANBgkqhkiG9w0B
AQEFAASCAQAmLquqT2OZ/DOlqK39a2tDIgWLFdnjJGlI4+PnL8SJFxBCjEuxsRz9
LIGZNzhEApVWaNm8TXryceWGWwycFGxwPrU6Iwi396GR/GtGHwTZ/vthsGxHt7H8
uy4QKHP6w6ENLLZu96wv8K7+yOzLl4AHuLEQ8GtcCtDnwn7o0dl4CBnF7d2HeDpu
aHMe3wzBtrr2LtK4YYv5bfPd3RPqG3PGt3ovWcVmSB5BlH5fW14e9j3YfX/mQPoR
n6eBQ9gn4JjaVkeba/Jul7v59/JFlmd5XD8DaA6IFPETVCAPgEw2O4nyb3lxxvrU
PELNw/LDz/f1kKqIzpn2yC32NkFop34S
B.2.2. S/MIME Signed-only multipart/signed Over a Simple Message,
Wrapped Message
This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses
the Wrapped Message header protection scheme.
It has the following structure:
└┬╴multipart/signed 4566 bytes
├┬╴message/rfc822 inline 676 bytes
│└─╴text/plain 256 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are:
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="6e5";
micalg="sha-256"
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0
--6e5
MIME-Version: 1.0
Content-Type: message/rfc822; hp="clear"; hp-scheme="wrapped"
Gillmor, et al. Expires 5 December 2024 [Page 88]
Internet-Draft Cryptographic MIME Header Protection June 2024
Content-Disposition: inline
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0
This is the smime-multipart-wrapped message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a text/plain
message. It uses the Wrapped Message header protection scheme.
--
Alice
alice@smime.example
--6e5
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
Gillmor, et al. Expires 5 December 2024 [Page 89]
Internet-Draft Cryptographic MIME Header Protection June 2024
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa
MC8GCSqGSIb3DQEJBDEiBCAtj7HE6LFBWUGpVWhIbCiKErHipqkoXIvou8CvtcoF
IzANBgkqhkiG9w0BAQEFAASCAQAo0/INbEKY0zvDirRzlbrxe4OhI52tco099vRX
f+9394Tz7g+1aGNUxe3K1GODDEFW9RuDGRiny2TYR/k9VI+ZrfrMvfnzuzeXHasq
uXbjhaL9muRIUK85FcBnXU78NirmUeI3vJNYJkgaOjsf4DIQIrmKbG7duhPzA9NO
lVMk7X+S79nuECctTGrQF4F39T3Cd/0ikFUL4atobJQX4e/YWaOx0s5/9r2Fye11
bDr7FDLHQpdENeDFq1Tvzvq1xIOxzrBg/VXaktZcVJTOUO2dk9+keXujnQGXN23x
0jGON7vZb0HdkoNh5d2KsNZRZFKQV3tEZ0OFWuZ1ny18Rz9b
--6e5--
B.2.3. S/MIME Signed-only signedData Over a Simple Message, Injected
Headers
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses the Injected Headers header
protection scheme.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 4217 bytes
⇩ (unwraps to)
└─╴text/plain 239 bytes
Its contents are:
Gillmor, et al. Expires 5 December 2024 [Page 90]
Internet-Draft Cryptographic MIME Header Protection June 2024
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-injected
Message-ID: <smime-one-part-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0
MIIMJgYJKoZIhvcNAQcCoIIMFzCCDBMCAQExDTALBglghkgBZQMEAgEwggJPBgkq
hkiG9w0BBwGgggJABIICPE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl
Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l
eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTA6MDY6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAx
LjANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBo
cD0iY2xlYXIiDQoNClRoaXMgaXMgdGhlIHNtaW1lLW9uZS1wYXJ0LWluamVjdGVk
IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2Fn
ZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0
L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMNCmhl
YWRlciBwcm90ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21p
bWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQG
irQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFN
UFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTAL
BgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBM
b3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLj
j+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdm
adXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKe
oQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l
41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8F
tpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxA
f1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYK
YIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1Ud
JQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8
gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw
DQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsa
tbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV
2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uX
xaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1J
hqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00
juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgEC
AhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
Gillmor, et al. Expires 5 December 2024 [Page 91]
Internet-Draft Cryptographic MIME Header Protection June 2024
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwj
sCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUBy
Q+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2
kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiO
ucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dU
y9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/
BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC
BsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEw
jnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkj
d/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn3
0UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcv
b7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2J
CkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAu
Blr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e
7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
QU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAY
BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAx
NTA2MDJaMC8GCSqGSIb3DQEJBDEiBCA01Jd9eAZUdVDiCuNxjBSFrWzGh/t0LEAi
9j2ygIuHaTANBgkqhkiG9w0BAQEFAASCAQCHuLBqc4WRFrW6LLfReWLAgKIrTpMD
iwztJGPBodgHsEWE4Qqh6NiTh9vqpGg6zFPFHLzsVG5V3xPFtAVbNGjlQw9f92Cr
8MSxtUnqwaO8j3/xeeONMJtkTRGzQlPSzDUahJclB6Nk9OOgj9usEE4Vsp08x1p3
XqsxahWrKcXapHnuT/MADIxC7XPfGSUbaccUyJ2s348yEFkrdxL9NTWWH4kvfWxF
JcpKxPhQwvsuJKo31SM64j2vQnqCsBA7k2lY8VapYlQ88NsfHJJ7JAx07/QWpt4z
2nfB0xQpHENQDCrrK1EID8Eq2oAVfy1xBwyN7bOEDxsIosVd1rEOoKQ2
B.2.4. S/MIME Signed-only multipart/signed Over a Simple Message,
Injected Headers
This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses
the Injected Headers header protection scheme.
It has the following structure:
└┬╴multipart/signed 4475 bytes
├─╴text/plain 258 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are:
Gillmor, et al. Expires 5 December 2024 [Page 92]
Internet-Draft Cryptographic MIME Header Protection June 2024
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="00a";
micalg="sha-256"
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0
--00a
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="clear"
This is the smime-multipart-injected message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a text/plain
message. It uses the Injected Headers header protection scheme.
--
Alice
alice@smime.example
--00a
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
Gillmor, et al. Expires 5 December 2024 [Page 93]
Internet-Draft Cryptographic MIME Header Protection June 2024
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCDjBfBkJxdVNC35f7HFWD1M6TjhMn8g57GIC5YSWcFS
ijANBgkqhkiG9w0BAQEFAASCAQCRvDfxpemF6ufn0hRUrfKZY2V/TqUatW386HtU
vwGpHEOH/RLhj3x1gs/eEH5nuGh4i3jpEnn+jqeTTlx40x2q+0IH2+Ff/enYEDRv
qnMphrag+bURmXrb5FcpTA51aEIvcsJka2aJRs1LAEd/wZjoZ+Jyt/mwc1yo5Vre
jPHXdt51dxZ82i4o79TZhv9LdL6qvSLuSEPFnsBseUCEhMOxfhwNJPrGX3FxIDys
kwlsJcliPiRS/K/T62+Izn65oOCzNIMAMmbQbGCjgfQZo9IfnnSVI1TEvriCDtGS
fmf5RvdafW+h6+I0Yb7QZTgb4EXty0M66DajUo3qSl1B5Am2
--00a--
Gillmor, et al. Expires 5 December 2024 [Page 94]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.2.5. S/MIME Signed-only signedData Over a Complex Message, Wrapped
Message
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5741 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 1693 bytes
└┬╴multipart/mixed 1584 bytes
├┬╴multipart/alternative 946 bytes
│├─╴text/plain 282 bytes
│└─╴text/html 380 bytes
└─╴image/png inline 232 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500
User-Agent: Sample MUA Version 1.0
MIIQiwYJKoZIhvcNAQcCoIIQfDCCEHgCAQExDTALBglghkgBZQMEAgEwgga0Bgkq
hkiG9w0BBwGgggalBIIGoU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBocD0iY2xlYXIiOyBocC1zY2hlbWU9IndyYXBwZWQi
DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KTUlNRS1WZXJzaW9uOiAx
LjAKQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PSIxZDci
ClN1YmplY3Q6IHNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZApNZXNzYWdl
LUlEOiA8c21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkQGxocC5leGFtcGxl
PgpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4KVG86IEJvYiA8Ym9i
QHNtaW1lLmV4YW1wbGU+CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MDQ6MDIg
LTA1MDAKVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMAoKLS0xZDcK
TUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJu
YXRpdmU7IGJvdW5kYXJ5PSI0MTMiCgotLTQxMwpDb250ZW50LVR5cGU6IHRleHQv
cGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlzIGlzIHRoZSBzbWltZS1v
bmUtcGFydC1jb21wbGV4LXdyYXBwZWQgbWVzc2FnZS4KClRoaXMgaXMgYSBzaWdu
ZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBU
aGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdp
dGggYW4gaW5saW5lCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIHRoZSBX
Gillmor, et al. Expires 5 December 2024 [Page 95]
Internet-Draft Cryptographic MIME Header Protection June 2024
cmFwcGVkIE1lc3NhZ2UgaGVhZGVyCnByb3RlY3Rpb24gc2NoZW1lLgoKLS0gCkFs
aWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS00MTMKQ29udGVudC1UeXBlOiB0ZXh0
L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRtbD48aGVhZD48dGl0bGU+
PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMgdGhlIDxiPnNtaW1lLW9u
ZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZDwvYj4gbWVzc2FnZS48L3A+CjxwPlRoaXMg
aXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25l
ZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBt
ZXNzYWdlIHdpdGggYW4gaW5saW5lCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1
c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyCnByb3RlY3Rpb24gc2NoZW1l
LjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1lLmV4YW1w
bGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPgotLTQxMy0tCgotLTFkNwpDb250ZW50
LVR5cGU6IGltYWdlL3BuZwpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNl
NjQKQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lCgppVkJPUncwS0dnb0FBQUFO
U1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJB
Ck1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNx
bFQrenQ5Y2lka0UrNkt3a1oKc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25K
SGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQp2ZFBmMVFaMmtERDl4
cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0KCi0tMWQ3LS0KoIIHpjCCA88wggK3oAMC
AQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP
MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpM
LcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7Y
OqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF
5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEH
AMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z
5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMB
Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj
ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE
AwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAU
kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKc
FqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN
1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMT
g1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYx
W2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIe
Morj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCv
i9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqG
SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijS
NOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX
4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4D
xMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3Cz
Gillmor, et al. Expires 5 December 2024 [Page 96]
Internet-Draft Cryptographic MIME Header Protection June 2024
WruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog891
9MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7
AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr
BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQ
ENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3
DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doiz
cGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4
ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf
8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+
Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI
364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phq
zpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA0MDJaMC8GCSqGSIb3DQEJBDEiBCDSYbDd
NXVAWmR/nZ5MeQ+IwdExaRq1rICm2KwRz3XsAzANBgkqhkiG9w0BAQEFAASCAQAo
Z0zz14L5HsfuoPKmVovFfTaQ2DvhqKHN68aDbvHKJqJByoNsBGNp9DfRBha8KHOs
ti4J/QAJEqHjfUm4jiLOHJX4SzzDTArwPQPIHkDk+T9Q9BDslFBPo2UaMoffDt9P
jd5AOjUb0SnH7figvJfJ2vc0OlRrIQ0G+Z9PdcFyNH0jNiJ+SZiBx8J/Yb4xJfmf
FNiaApBKq+0gyQdU/fT7DNoudjzC15WHYW8DSFjm7kW0cmbFZsm90F7FbuhqZ85T
rOP9u1/BZkQYVFpuFUSeXw3g1mGpyZNkRip66NlvN2dHTxyiV7kxeuMevtSxGeHM
0zgF2srbeywPACHnbUuC
B.2.6. S/MIME Signed-only multipart/signed Over a Complex Message,
Wrapped Message
This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message
header protection scheme.
It has the following structure:
└┬╴multipart/signed 5657 bytes
├┬╴message/rfc822 inline 1751 bytes
│└┬╴multipart/mixed 1642 bytes
│ ├┬╴multipart/alternative 1002 bytes
│ │├─╴text/plain 310 bytes
│ │└─╴text/html 408 bytes
│ └─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are:
Gillmor, et al. Expires 5 December 2024 [Page 97]
Internet-Draft Cryptographic MIME Header Protection June 2024
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="dce";
micalg="sha-256"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0
--dce
MIME-Version: 1.0
Content-Type: message/rfc822; hp="clear"; hp-scheme="wrapped"
Content-Disposition: inline
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="a30"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0
--a30
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="844"
--844
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the smime-multipart-complex-wrapped message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.
--
Alice
alice@smime.example
--844
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Gillmor, et al. Expires 5 December 2024 [Page 98]
Internet-Draft Cryptographic MIME Header Protection June 2024
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-wrapped</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--844--
--a30
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--a30--
--dce
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
Gillmor, et al. Expires 5 December 2024 [Page 99]
Internet-Draft Cryptographic MIME Header Protection June 2024
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
MC8GCSqGSIb3DQEJBDEiBCCvgSlcMngVAnJhSaGqFtmhLPGrR3fuKOm2RL+VlaoZ
wTANBgkqhkiG9w0BAQEFAASCAQAhkMgxnYwB4O/pPxgYNzRUBzhISf17PhzneuWJ
CNUB6V/vza/KfT7rO+OZIFSsg+JH3T7XrtQEGq+QSOPr0AAIGthkYiiDfPOV2Eh2
i4JzWV7ZIVY6QfXSX4k28fBONk7ZIDjVudnaLCROvktqBXQCY4bEv1imS/0hQf4g
jmVe8UqHvyD6XndNQre5x5rkRHMBAeafPTgWl/3RQP27+yLmzypgA6ekSP5WX37U
6cTgm0gmAo4F45d7zoT4ierx0oI8EU/Ephjkr3TmRqnTn3+maMaZE8ktEhH6AD+s
gphODpjMIdVXE0vCx1NUqujEqbzuM6qSO8QWLoA+QT+YX8GB
--dce--
B.2.7. S/MIME Signed-only signedData Over a Complex Message, Injected
Headers
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection scheme.
It has the following structure:
Gillmor, et al. Expires 5 December 2024 [Page 100]
Internet-Draft Cryptographic MIME Header Protection June 2024
└─╴application/pkcs7-mime [smime.p7m] 5684 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 1602 bytes
├┬╴multipart/alternative 950 bytes
│├─╴text/plain 293 bytes
│└─╴text/html 388 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0
MIIQYQYJKoZIhvcNAQcCoIIQUjCCEE4CAQExDTALBglghkgBZQMEAgEwggaKBgkq
hkiG9w0BBwGgggZ7BIIGd01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs
aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpV
c2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjM5NSI7IGhwPSJjbGVhciINCg0K
LS0zOTUNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFy
dC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9IjkwNyINCg0KLS05MDcNCkNvbnRlbnQt
VHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNp
b246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlz
IGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkIG1lc3NhZ2Uu
DQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtD
UyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0
ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZQ0KaW1hZ2UvcG5nIGF0dGFj
aG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyDQpwcm90
ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBs
ZQ0KLS05MDcNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1h
c2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29k
aW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48
Ym9keT4NCjxwPlRoaXMgaXMgdGhlIDxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgt
aW5qZWN0ZWQ8L2I+IG1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1v
bmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQ0K
cGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGgg
YW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSW5q
ZWN0ZWQgSGVhZGVycyBoZWFkZXINCnByb3RlY3Rpb24gc2NoZW1lLjwvcD4NCjxw
Pjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5leGFtcGxlPC90dD48
Gillmor, et al. Expires 5 December 2024 [Page 101]
Internet-Draft Cryptographic MIME Header Protection June 2024
L3A+PC9ib2R5PjwvaHRtbD4NCi0tOTA3LS0NCg0KLS0zOTUNCkNvbnRlbnQtVHlw
ZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQN
CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFO
U1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJB
DQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz
cWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytP
bkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtE
RDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS0zOTUtLQ0KoIIHpjCCA88w
ggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3
jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLY
Yy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dP
zZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5k
sKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5Deo
ULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAM
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJ
eKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30i
LrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc
9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94
M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCq
h64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOU
Rza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnX
MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92
ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2a
f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z
34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4
xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3
vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3
SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCG
SAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUE
DDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYS
HJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0G
CSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sY
onX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3p
dpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqD
IdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9
iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyH
Gillmor, et al. Expires 5 December 2024 [Page 102]
Internet-Draft Cryptographic MIME Header Protection June 2024
AVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kp
olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA2MDJaMC8GCSqGSIb3DQEJBDEi
BCC9T22TSfVitsPfqvquGs9miXBEDYvl8Hw6TLcBplUESzANBgkqhkiG9w0BAQEF
AASCAQBpyvgJ1AidperdIwe6gIZalVIp/0paaViGK/7/AyVsZCTTbewtsHhumc5/
Oq4+2Ki/nfi257nSi2R2LxjXkP5kPS/F2vInYJnCU6m/Iuxbe2/3llSeGFWiIXmy
2OLVpmnnohFJdfC0ypLhV73PNB99ZfBavy8IkhNxKpbNmKr4YxaaIOShSqk+jX1z
gnmDQtEy+sjaSEX1eiwB+bYgO0/V0KlB0lxu+m/hc5MotyA2+WG6L3IFJ9hZJIMC
sYgXQ1WoB0gHfS7paSYSabt7Bn1ue/eGRztUyNwWFIV5fZQS1sHkOxhm25nPi6JL
xNj1AL0xM38U0UpHrnARvbIVtyvd
B.2.8. S/MIME Signed-only multipart/signed Over a Complex Message,
Injected Headers
This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers
header protection scheme.
It has the following structure:
└┬╴multipart/signed 5568 bytes
├┬╴multipart/mixed 1660 bytes
│├┬╴multipart/alternative 1006 bytes
││├─╴text/plain 312 bytes
││└─╴text/html 410 bytes
│└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are:
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="361";
micalg="sha-256"
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0
--361
MIME-Version: 1.0
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
Gillmor, et al. Expires 5 December 2024 [Page 103]
Internet-Draft Cryptographic MIME Header Protection June 2024
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="099"; hp="clear"
--099
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="9a5"
--9a5
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the smime-multipart-complex-injected message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.
--
Alice
alice@smime.example
--9a5
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-injected</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--9a5--
--099
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
Gillmor, et al. Expires 5 December 2024 [Page 104]
Internet-Draft Cryptographic MIME Header Protection June 2024
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--099--
--361
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
Gillmor, et al. Expires 5 December 2024 [Page 105]
Internet-Draft Cryptographic MIME Header Protection June 2024
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCD+x3WbFH1LBQCmbRtNyvC8efR1PB3qCQYWUaMirsjm
WjANBgkqhkiG9w0BAQEFAASCAQCLgYVVHSsTcIvqpEo+Bd24+T819R6cQr/V9S2S
bIbkpBmfiAkrxnG0Q3qtgsrQWWuiO10svXsglU6amxdSkPjxcYuFPx+KBIQYkmsG
jHO7S3pukCLvjPWWov7LcU8Ns7TTme/ePkLJaXb48zAjoATq0NddOPk31Izamdkj
E9k6FnwSC/s27JwJYGeuNloy4lMb2A/teAQEkd192rlxlf0zZ01R3W7hciwvyyJT
ScmvY5njTvg+VAfP1CwxkyC28BF31ij216b2YHfQ0rGEH/mNBN4c+bqfXkuOx/3f
ZrISbly6chhrq72LOrzSAEOzUX2KD7D9+MnFtl/4LD3uqgzu
--361--
B.3. Encrypted-and-signed Messages
These messages are encrypted and signed. They use PKCS#7 signedData
inside envelopedData, with different header protection schemes and
different Header Confidentiality Policies.
B.3.1. S/MIME Encrypted and Signed Over a Simple Message, Wrapped
Message With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with
the hcp_minimal Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7995 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4918 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 1030 bytes
└─╴text/plain 322 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
Gillmor, et al. Expires 5 December 2024 [Page 106]
Internet-Draft Cryptographic MIME Header Protection June 2024
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:08:02 -0500
User-Agent: Sample MUA Version 1.0
MIIXDAYJKoZIhvcNAQcDoIIW/TCCFvkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACICxsTNP2Wfj+auCTPmco429F3wDfe8ssLY
difpreNPKzAMFeYLHOuET5VJxkP3b9GpHtvqcJ/mCwyvisV1w4EG4kkHgk2NBjhl
MrmXUrXH7z+Mqcuqagl58P53Em/YpSKt7X7BjjBLWrWT+qKiHCybXpw71sHdGVbe
YIPvR3cTHvDJV9YpPQL0aKKPp8MduQFumcsMHy0o3kKlCGAVDrVbYRYv2fyv4E9i
gE7nUkg0AWl35QfieEHAKK+DPs9a4yixOeuuudlS4hrNFgxTtFvRUsNyDDRNiyZz
MWWyTqnz3mpL1ZLTwH0jsM+obTPLs+2wonCc1FmffRejjf5wYlkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAedmJT3c6iYoIMCi92uEP8bcD
R2GEzgDJ1JUnSpR1aFkOZjPtyE9EI4os4oOtGZi+QONIdE4b5k3BYhzLy6AnHiwc
TbH5fD0g5y5y0HDpBaEPzvZWGKE16RIpjkSaKsur+7vtH3vaHWHYUGHXMowQ9rX1
Z+V7OIefXiMu7nfyuH1FqjlT0xkIA/VjsoYBRtVemAk13vdX7gfM9G9/q5mU/C9y
oJeZiLnWybo9SJLQoK0KHxl5zIHOnmK0dSo/Mea9Z3PDUZXEfDqnBTQNM/REXwu3
KKu/778xHD/hs34BqyBHJCEtV0mhVVRuGkjNeXL0CVYx/kgQnA5orbkw8lGc5jCC
E94GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECB6Fp5QtzZWOymWQQV3n9SAghOw
/mG/cOOLerrDwP2wbVyTgI2U3sByAWIci60+GEnGCIBAmKiXWLaKoLGVLUzXCCBP
oh03dVRpTja+qSUDEzIGnuWrs91g0EMZ6tuYvvJ7PnrjH70OHwrIQXgAVyEBSWCO
kERALcU7YNPOfC4b+26hvTnGM3Ihy36yKIfoTJFYNLSqBSn9s1d/CNSlU9YeJhkf
Sl3N6GHq53RRyOLGHEa2eQj7xcAxbGdgpgeE/JR4L2Nm5aA0MxYImLfa62lsUfGz
2DFUnxxMcKJob6DxSV70qoezayWtcVeeOMw5KJ2/MPf+f6s1X9MmwUgSnml0OOwa
36elt7xn65r49vxoI9YgBB2Vbi8dgqWMSB9x722JoRYWIYGQg0alA/LWRfcpy4Hf
oC5TCJmkGqX44CdESbPhxwx9qR/BZSXkSyoD1R4kRZN/q9UYjJg7ip62tSZvnKoP
xlaps89OtHfHVSe7068j14DHZ1mFluONSCFKyQ//iMig7TyJlWgGWCIwH5dO1bHT
ijBQKJrJtu+wybRszKYJH7nZUd8yoeT4AaXpdZqdXnIgAwCDV0ji5YvrtXi+SYjw
ZnSFjCjiJvPe+hM4YkK8prDEP0Shh4M652PnC79yCoBS44CHml5tg4eaQWhTZNFH
//4T65xgTqhgXvooFi5pbGQ/V0Va+5uoTUMFoD1PMNdmQ/xMNWsRCMTkr/XNE6p1
xijsFdgq6u++yTaIuMWjiAxrreUVQ5brA8FmodqmN3ZEkf8ynX1AkxHfNv4jPEvh
jHhRdw81vNg2HfFvuGUUAHaZv5GmeQTGOhqzW/yqT0mFucK3FUF8Afh04OaqvwIm
O5jIp92BN+kTwOoNOEAtJLxfZMBhLcTWQ/jvNuagOhhJy/+sBu3taP/2zD6o77ju
s8Y9QXTKT1LmyimqS/LFNl0NC77YCex2VmnTe+1DhEZWX29PX5rW8a0wGXv24B5Q
g+vWfbbV8EHot9Gn/0xB4/v3FEUOjAMaj0Qo+l2/hPNnrF8isdtb/kkLJltbOPAY
Z/2EfNlZv50HBFDOXC3tnewv4uInWsSHgq6PVFtgbuOAyTq9cqOmjVXmK4VGIPxD
b4S5BUXO1gkJnZEYaZYLt93tYub2yxUEBCzhV+COnEYZ9VDRn3B6z/QPqAzqZYHk
gsr840WhJ3vrwp8ana3JMCeQqmPcf1GaCdfhzkp5uQWFj38gOlmb5dkV4LHqREFX
ATg/dQ391roQuxxso4+MMkVu3CxIWkZG37ayiv/RBctK9lp5/X5wFsTl++/OH6on
TOqzguE4X8QWOspypNgINPX9kSfjii/K1eQpZOmNtAC2E6a+GNbq2pe4mlcC5ecX
Bam41X6rT1rwiOCuY+AD8ntuoS8GwCqsbBKOAGnhb2xbwzBL5vTC2PjNi9jNjHAR
FO04KdAdfOyyqpdDJok4rcZt6yYcYiF0mpULm6C8M2zJgqj5CoKMJZiVwXS5QOel
9efulsuvOJWNd0bPPtkpsApUSq/QNK5QKqXj7Kf28qMp8ldfsE3PGeqWOtwTfgwR
lPxrv4v+YEHvm2Q5SPdtGwJr7CrzXmSS1zzRIVG92xI93P6bO8aX2RI782Q2ssMI
DG5Fjiu9J93eApqR/eA/LlR3VZof7NC0tKKgmw0ZYDuikqEOuKBKoar+cO5XOQ/u
Gillmor, et al. Expires 5 December 2024 [Page 107]
Internet-Draft Cryptographic MIME Header Protection June 2024
92zSD4JtvlprPdhuybNfMUuhUi1B2e3jOw9ztUGpOl8lAuFUeDhu4dGHItrx2YYF
t1Y0MYWNvjhTKtRBczjC5Zcw2+mJpPRAW7komA5jtnRG0l0rMH7/CrAg7hXJFLyQ
kBlMZbQZTO6losQuvEhQ/xCWV+x1GtDYkT5Ex9nL1wBqzWE1K22C2Rwt+hiwbTL8
P91WCgEjTs7RkUCGfKXAvrLHZEHpGtgOXl45IFj5fCHzBH/+Cs9P2GvgFypt28qg
uz1RUMek3AxkSECgevAcH+2ERMpWnPEMc68S0Q928yWbT/AO1hNWfcUU4JGyu+7P
hnjbBTBuGvk3zI8S6v9xhr0H0CaDSFkHsCHfaYJu1L2s9jBxGO/kLvfXtQdZclrQ
ZEdYNGClgfhN+m0xZI7WvkkYI0iBkVoYL1RYpgex6l6LDFB/YH+pfdUBFYbztkyi
fjl+SzawLlofI4eky1RaW2knnRcv0cGg/KKo2kliD68sHeZ5GOg89oiRl/d8dEZH
b7O5Y3tALnACKT8hyTQLGqrcqcRtk+62V7dGP7JVH4D4Ov/knz55QjKmtjFAyHjX
zA6VhQxhDK6rmTSnHXbmb2iTGpoSWyiX0y8HpjAMaiJCJAfz5unLcbkJJAiqAPbL
tKmBg/D3uak2aF8CPkMqSZJ8auaIwH6KF6HweD/sO+RzOz5wifS0Yd3Ria8QjREG
2pI9aIZ7h/QHE43saFJcxBN3EHbCHbBAeOpi9UKfR/O1a8AGoVO6HRFcOAGIZhpJ
3Fv8yQmz35nkO+9fYok1Lpx5DYInTEvaeed6Y5r6aCy1q7ET5to0HVRkzkFcgFEY
UtWalBcLuQNC3/Y4YXob23n6OLH8JN+W1RZCpmPB9raGcFq5VtarE+dGfaNOlVi+
3uuPANMFyRbb8R494Ox9PyuOnkaJ47qTdUWVNVMHNVkDnRi6087TOIrDIrNhmABD
BtULVaVB12j99Ls1StfgDgIQhe8y0VkcLwvylwlTZP8ZS2KO9VxeOGCqhBU3rjQz
nJyHz6wq5+fnHmAXdtJL0425Nh/WqDvds0e7x7Js+vZyNswWTrGC213uQ/g9DomH
2d5UPA9/b4Hk5JXo0TQfPGdCDwtNlOOX2xYHxc+4zyHWuOdf/fD0/T87VEurCZCy
N/sf4n7sOvuQREbSAXFwPCsXMBu+pu2XsFidULqcCkRZISPVH9Yarw5WmunS7ps5
XvlSTKu/zdlzJ2qAE9vifJSJ1c+jLe6FPy9GzG+6NMMMeAZSyM5gWtV6xyW7Jw0w
KN/9nWsNyg8vN7W5Eo1Q/ApdLcCkAwQJifyBkWM92dj95YJzDnUCo3Z8UhoQD2i6
rrhUiKt7j2dXGfXaOLQZhsnmncSzlXjifgtY8Xw/Qk8rqeH0ho5gUqh3cQxMTLo3
VizzTev+CLH1muONlYJVOb3BhuwwfkGAqN3mHuCd4V/S4l7PH4JN3IivTYjd1/Hh
GwWo9Ykk1dDXBOx0L5B0Yeq3hOPfG5+VShcwjQVqgsllciOdfb1AET2TkGmYM8Ik
umZBp5SXG4F9I0QImMf+g2hn9ycMu9XgRw7dCJDD9hvRpHn9OWSy29M/+aJraTc2
aHnRBO14piHjesFE1pMJjEqh9bNNAeYx0Kkb2YAImUwDtePgUo6g4AixQvN6uIJB
QQ2BNzSt3h3Z58GH9oJ1pnzx1JEsn/4JQKYJm8HEuuSqEEwNxYo2jEfaeAf6gtfO
iJMTJPWUa3QlPbR9+4zHs9mkfwQpGbXu/L5KEnKUgaPCIwk0dVnrVABcP5eMy+qO
mZsjHdDnejwTwzS5oCPdnEl1QZf5y79WY9BoWcXJOd0K4Yx0eUfm3K0ccZRekIIU
nYXk0FmyvPEBw1XGoMVXqsrEdzvrfLxq0P7DT4aJXKKgqxcMbcOIx2be+02WxTUs
jhK6TVfO8Y5ce0Sb7KXWNDIUA0jjBCa8K3J6WCvg57dOZHbnFaF/rpbdsRjmhhGG
fD5vyx0k/dj0phA+mcQYKiM6EMb/OZeHQ8q+0J9oHtKta5QPZ4u2z2GKcgsrm2ck
H9R4OzX0nKFhgqK09M3iGfNLxVxwJv360czI9H5J6NlmBj0OGlu9e5Proep/POI2
Iwifgh4jSo0RkTolokpipu0SdyUpFK6+dGC/qrHRwda5VM6E0AXnIbwu+b63QuTo
PMUldLYjslJJ63JxUSZvP4zNIC1VVjn9BuD36AsKgtML8M8hMC6zvGRXJ6oRv9GQ
DOWIS//kOVJR7kMFvHm6YNc6z8n5AiH9c3i4NGLZ/zmPigBqTwk6Uton/VvKouhG
vf0nGjZy6toWMR5T0j+BhsA1CeEFqmWI8Ziuvte0+7eb4Iapfo9059irERYHbf2g
ysQ1gI0+J5U6UEbWogtyD/Jk8mOPU7QAgD7F67nK+Un1UIZ6Aea8zU8Ct3r0mXir
g0+6HFa8FpWwGqRmfqMTmZ5Z5hwpb9IfTQQEMWBSBQGbhOsJxv0p0UzRCRt0WjT/
wV5Z2LFyeWIWx+DonVXeF+cW2Z8yYuJFMyrRyVblGUVeHw/RSWXSaecnE9BmnP3J
V8LmjJ+dttLGnC9Cx0FJZ/t5g0OOoubSaOKLTJWR2+Q7nWtTeMu4uKnfFSyfkoMw
yfsw1I1N0GwafqN9wUgym4dzXsiEnYyzmx0AHEefHvNsJLUAI1EbK8D2ljskF+8F
R1+x3ukIH74Gm+etBCW7VdNFFiVzEe98a2PyOG0GGkeYLWK+Rd5RXse7aBN/6auy
7agH12GQKcZPYMCOb+ylRajiIU8Fp1Ykdyl35XT6HtMlHZXNgrlSIy7qAp6N0Hov
Elcews+kl3ZSZbJ+4ILJ6UWh1vWpyfXvYIS/wXMQXNNoqIfg4M+GXicH3ae/qFfI
DTu+nv9KtUWO664sfcDXzkz9enW/uJEVjm4NkUkprHt8JieZ0gRe+W+d/+Ic7u5h
nFyEvbBwcMoZgtnoSD9XGtBxvuLg9lnizfWaTdRoDigT01XObrqJgYJibMPQ3ZDw
SGQA+pj500uUtXv4Q7vkiUfiRSbgqmtiKYwWx0WFejwSazpkH8PDluG6i3AN7HGy
Gillmor, et al. Expires 5 December 2024 [Page 108]
Internet-Draft Cryptographic MIME Header Protection June 2024
SQPJQotx2mJ9QOmgvEo8dh8vCOv748lDPohX+JJTH608/zD+ytM/EG0P6p+Ou+uq
qy1glX3CkP/FzjaTdSby/kfpnBOgou6uAHmVEtto35UsV/3qeTlf5e5P75bTvGs/
TEWT7wzzpegdVppzLl0XT+LwPs5TqvVVN47muYlJuIVgE2UffF5f0THAkbvQws3y
iS5V06T44MnUvPfzXNEYNRvy4r4gKVdmKaAGVh1XhcOlU3ypjfvMMFQJ5z5MfYHp
8tKlS21hoMH/Ctx52S0eKi5wyQ0pyuucrA5Gs1e6Ua8UY8DolFsrt/eGn1Ms0IRe
kHuc/7UnQDFLqIN7lGL0lo3Yi2uiJeOopQy+Q4dTErcX0AEsW9fqPaU5pwYYhcHi
vCF2flgVB9n9tsJ06H10i1chRXPDuGaUHJSLnfNMBRWd/hqsH+ZNm5zZAOPxu945
pG5lHbxW2s/cqyqOdRJhfOzP6EuaXcgjfVVqMyWzZXHAX/jS6XRM+yaBhtEJwrr1
qQ9wkyCiHYL3h/xGL9O3JuyW3hA/PUK6hv9UDJu8VIsjvMoFqd8SnhxB57USwjvK
jKiTx2F9QL5ZMh+HqPo7Ktlun5q9FSFJ/cDqMqJ+DKmDoxbyqdhwnqM70T5QMmJh
wNtkSL7f9dCn5cwuXGRCOHAp4t6BthyZBvuNONTmTcjPRkOrdoq79on9+GGd1+wu
q+I8DT2L/xhO718J7oUy3EAeGoLpaUj/gojL9QOyqpclXeFdh0qVaLhhBUV/Qbvk
HqpHGMp6362myQULU+Swn49kYRs8yuhknYmeAmEJPrWckTtEFRseFr3pDkeAQat3
CnxqwTMWQOeibztSgb7rzBtzKuPNE5XVjb4nPeH+9y4B/0Oxb4upFJ7mOD3HBw1M
5ZwWAWgf4pxgB05Q9svExdSwLw/BNaMYQPp1y3BsipFVhMK4BcqrfilV8uTkQK3U
ls8av8nH1kpqIUN5Cffy1jH+0hQX0tHs50//W/M525aSQwhJ4EJyimJ9cIFjBzqF
wlgey+7W3SoMhr/5I/Re0vbLbzzLUIpNNetVxHAZwfNIveofSYYJMvpMPOVjxrH0
p38KCLMzL+2S0VLXslH3gkEI7kH56xNCQ9hPsyRK0I7IaYEMgz2s8wLY6eBXnK0P
jakJH9HJDaReTVEa7zhoCQqHUL7Sb4A8R1sj6lYbjAsnVnQJuF6/VHYKrygcP1z2
CCCgplB0B/YDrPTgZWjxGibofcOMIGHBbRqi1pKrHmvfWrq/VSsYfR7kuKLWlwNa
LeNk3qEk5SkcVJH8VTdE4avPqTsB3kwWmev2RDVUk93WluywLjcASo7touf5E6i4
1u4gMtpieDMnfFn61Eww6/VZqchSLjPHMEdd6kuCOq5SywPGyRTJmPXYfpscy2Hf
4hNZ8oQ4aYt4kFCUAsPagSq8hteOGX+1CEz3ey2CbWgkNOm2R3zXkMcHcmB81yUz
duS8x/QNUkUKuF2MGXTasDgibEwIBQejjyXc+IJXxZwGaITRxINqCwMAcz8qiLv9
kHm+5wFENGaG6aMK89i5gJJvKjBMrffz2ZTVuT6FJq+mPV2C/JMvEWTY6aHvt1Eh
ndJfcORe8xRELqTNc95d5gvEbEf3pPiPv73VaLzVwByqOGw2+B0lknGNsyE3Adie
RI8tFshkC09aba8ElJtVOoIA+dV3qEgBs5v8+yiA50PipEOz1tae7STIn4m0isnM
N3OuOs5TuM36LOyVOmONI4WIIPuxpYmMZXGcKYB2GnFl0c2rj9hnE889RZZELh8v
Z5FTGiUBTlHBOkUlC846SOxt8OfXxi0rM0sQPrWtbRrTf93vd12ylkVM/MZHyMaW
H4HpNi9jmoL614k3M4mVENcaa47yYTX3/aOpvPny5BidmoQSmz5xDreuzPv4Tiv5
2GsFEErm6OmW+M37EXjvSjXQamf+EY8Cb96TtrJRD+/CHkcGzRJbOJBVga01YVwL
B.3.2. S/MIME Encrypted and Signed Over a Simple Message, Injected
Headers With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7890 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4824 bytes
⇩ (unwraps to)
└─╴text/plain 334 bytes
Gillmor, et al. Expires 5 December 2024 [Page 109]
Internet-Draft Cryptographic MIME Header Protection June 2024
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0
MIIWvAYJKoZIhvcNAQcDoIIWrTCCFqkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEfZpB80jBl2KhUJZD6w5rbYlznovLJ/GU1z
dC1kpitjcbPu/tugkiP0rVjOfrnr80fR9NMytNbZCyjJb5ZZIKHr/iK8PJc6UegJ
Yk+B89REQRrEoHJssUAvUTe0BbaiwxxEYYt+aw0s30I8txNpSrI8TwpJ2nN8pjAa
3PyyOLeeuyD7u3NzD1QVvTMA7GoHBFH8tKKUg0RsIdvaCAYnuTZsWW3lAPt9BxjC
b/Jlc3E8hJZg5qOYRe972MpB8j2xdfBWeTa4fqYZZyf1Jz8DMkhoyXCC9V9E02vt
3oVtXJFV+ylKF0zT7KraY8z0HBYcui8co+nNbnHt18fSsCq0daEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADFAx3f+RhXyDOaYhSzrSIeOE
dH6eeFWbx1/oLfPnaeuIo7CDX6wx6IH78XZLBQasij22DC1qlzRGJUw2+rAFuw9U
c8pZiDnKEAhrQgIZjzaMmv2WItUfi8TUpB6q5RXZOmWhSH4pB8zgda14XSlbmJKD
aWhzw5stVw/UXdFaQbw48l5A4IyiZrRN9Tw2qXltqQYpfiMfzfzY2567Z1vbI50T
JxK+AsW5+gFCAz6PunPIn4O7rOPM0pAVnoGtAfwkwrhFRgJu/mrDo+LrQyDeVZHw
Uc/quFSUWXm/ea+vqnj9Y+ZTfUnHV+PAZQgsWbdswcs3BTZjZ0qzySw+7Zt54jCC
E44GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPMQh9B+sCDqhBlC7T2rKemAghNg
BkTqzHPWigeje5K2mn9PfNaZcbXk19xHkbUomaRve/byQ43w2DQ6XwYRvhdt/D44
1W0EsIt24+LxHx+8YS38Lf5KQwHVqzLS70fmq1Qqin3XwID/Z3yh29NeTylIo6Y3
52Sp9+fng2Ge61npU0ILjgTU8jG0DDuLmRJ8+s9daF1mTeXvzvlXibNavVWGU8gF
94quxMUjR6H+ooY1aRpz3N5P4YrBn66ZrC+rz2HEMOjcvKt1nlUhm+ihLf3TWFVZ
/NrFtOgLS/WBjECpcwirqfwbzNqwF8Ali7a9TEXCP06iw/yH4aGAlViG4qw9knrv
K+igoqe5pNPaWkTPciAZVNaS5RKlRQFewxijK7k9TRsE2ivgVWxLI5DiDySiseqA
dd6btjBwWujx/Gfhnn4n2HT/RNWCZDixssazR0xf6ioWotJLrDpQxnq30gKLaidL
Mr032cHypOeYBD1lPFSpCLWUvXrFXWo0od6aijJwg0CFDU+xkXe9NHmAWBRCaBMJ
QVVxR/UNKl6THBVfUMz2qM7aGPROSqbmmdaGon/mQeMDFnooixcAR/QQyvGRP2kr
e+ZaBHYoP4PYb0vnXV+1CeZia+O5GnVQV+IQLK8UeIxUiI7GHseMzzIY9Ymy31Ji
mlFOw0cggLCwTxxDqO9QTgSHU4pPxaidaI0eWEBaLKZTTm6fgaY4VSteXxfAmyrq
qXeHuJAq7g/kc55sdREOktAOixn6yRCN35kaKjLQ/HLPZpYuMgcjsfyxPohrAijn
PD0p5xDzBrFC4fRCEW2VB4mDWpg1Og/tHCE343jYKhlaCGu5JONs9jlD3h/am150
YabY3kQhcmUmU6cogciOqNRIlWr2ptrPD4zy3GaA07ULIsftWqxV225XxypoJ7Qh
hXxZgkLKrafzs4qlDjh8sQ8fZTjIpwaxabFQdlzBPX8nrvSz/vL9D46i8jDQeCeg
XOHg7j7JEST3k+rMOtRDt8NPY1Pu/SlSMWPJytAAvK3aIfRc9EB8XlYo0yFsqPsT
HHllDhn5BAvY5Bzzhy+olAFKGMz61OlQiPxhE0HdsmZhTbiYkeFhoUHJjMS+5MEH
3H0NKeABP9PVSObi9PQTYlbCRr0WM/EcUENljsH52gL76waJzaaC5cFowt4k+7Nf
Gillmor, et al. Expires 5 December 2024 [Page 110]
Internet-Draft Cryptographic MIME Header Protection June 2024
1ecX+oKb/iAx/YHECpZgDMPJW/Qe2c3GFgHHLnG+vfb3FeyOh5urtVBQ2Erc7z28
D83XtTXE3nu0RFDnqdh94yDFTqZyzGUnD0w9Tk5+l6GSvuN2FYD3cTEk5HKR6BDB
cucBa2WjJT9NQfEgUjtbiMPWOZ4eHfOpjXJqoZJig2mmHTeLmYzcvp5/UaExGAFO
CPkPJN0SgUcbdWpfQ6vspboX7/PKocqmrFq9TjD/UKuur8u8whcKjVTENtDxwQWC
zI7CHX999D6SxbPYzQojuNIkqu4dztbg4rNpCTX+PuqUs1x6MXKL8rJExgn6LftS
ay+TNDjhu+DImW9+FqLtbL9Pkp50KKIW1ZLzNDUUUShXHhTx06sUOMBmRtu/In+l
2GT9afisD2DTeE4COI3csio/9M3b9PqbWHaFvheQmh3IPOL9tIZ8M5ihztz/NJSj
hjjoVMAFmNhkzCYQ7+cr0BGFovitrMAkvIl1AvBklfA9G5WJuLMnC9vemQUlVKHp
8tPi0Q0cSr2G1ePBvXDzTNJttojQd79ESlKawr2Hpyt5c/c1OE8oQV+kj5+AyIVr
noaXinbGCNByOGf1Wok4Trpp2Fnd3zid9yaN6JeccvYWf+fhCyX06x5ULteiSYSl
BwrVDV3CA1b6rDXVwOwt92VVJdPBQGb+52Xo+b3Aa8OUJWz30L2NY/1lMrN8Rtbd
IjlPjxIMrV9fZl4aErH4fhJ7LjJ5NzY6koU339Yc2KxZbXIgx94IGJVAH97jfPxv
nSV+iAeZJSisKRMH6E+IWr0WccYv4FS2J7EEpjNqURtE/eUdxWB++oZ+cfGiGPmc
nsNVGlRnL0YYi2rsOX6TjZnYiOCP+vbrpmqx0MadQG4WUyWR50RSSEPoS8WNFsUN
rs+EanKamrLPTwtTXpErtO5GO/MD1dWu929ih72HATooBDUpPz0FFBTkVkVThmm/
TMRJmPUbnX3uId8k4j60/QCpMWiURDIcx9QzDWGg9jX6D55WmXFQa6psqsTQga8h
3/pYXvEKSQj1fMHo+EKbzmM1SMQUQOqZE7pxKHuPY06eQG38i6m+qgd8dRKgvyAD
WM8Nypx86ZNgX5YX5tRkyKHlh+SvJ6oNYrnx7pgcMFs5JHaD8L5eE9ND7Cf9T26q
VJzRAQZiC6HlMe9Eej0By6NGIxevoNRhH/mBd0pG576dkAzWm0vbtvY5jlsJ136e
xwVcGwc7CEXpBZcJc8IlrhRdpJaiigvEed0eNdfBbRjKUkDnmXP/33/tH0U4/bJp
pIf40irPLilVqw+u3ZEknEj/3URxNKg5zcyAPkjn99yX5GfkfCYoV8yEgcpBad+3
2ZBkG9gnEe2v5LL+8kXcRSiZBK+XlnsMkanSNJIV1js6YigQc68TyxE5xhV9pYtc
oLc43IANwOLJFM52m/sniiF+jYIXH8WeuceMkJydl4eS/PokqtVAMlnkUfS4aBXT
mITZNWTVrVCWfioaY5FLPtonYLlf0WbvNSQPgJha+1w0HdpcXgSUNRXZ9V/YN9dE
d8s9fT2fwWfO+yN+zV3fqK9c1Kvbg4n/IONG+GMmfmIKyUL1WzE3SHH6Yb5I/ora
ukFesJgveM6JLjERwAu033bUx5Ceyv4yksQrex5EjXJZGQjafiiYhg1jBZl+gjn7
8/y8Sx8/BMd/RupdVuwroaClI8xy4Q+Fgc9JLQT9ElRhf172cwZfDAS1vI5z8Iu5
0YxNCNsPzuEqC7FwTqMNN077Hufnj4WpGfKOolEo0YRaYz+eBnwv9zCBn+dgTj3F
m1hsQI9Mr/E4mxED4dGRDl6VYACaqvfE0eTsERcATLL4kdbUcSDMQdXngzpDVHqT
/Il4xdkHI8dOXaBBVOQOMqHZV2sNJf4PHBnBJJLirqFCi+UqZ0JMPsEMpKPEDdGi
D6OR0T5hikzK7GnFDNlRhq4hW5MuQ3fdXzKxmmNlR1d2QWwfWTfyQmmlbxNqwawi
79/aMqvrm4xuWk1HQtPk2bKAAV/12Gu+F/RbOU8fjWNdZjKJBCGkFtflm3mwRu0C
f5xkfFdyU7ZsW9ZYd8XgXaGvh232+Du0LrL6mGANvBUnk9y5OURRSANPZPMFxZ5A
riiYHf24xwdaoX3mCzPzjYV0U4yAgTBUpIwEKlx1vAn1+dQSyApHPuY1TyOwNMID
xthp9Ceo+IIboj4kU+RmsptNQd1GBLVVubvfoJSY+LwZJGUbno4hUEOPSIkuWE2m
Ao1z98Frx0gcmKTcqnpD0n44p8uUzVN3CeBFCDaa1IuMSgRj4UqlqTFROTYGQtDm
1xgUkIh05xSuqWocnpGDI86gn8FhbP7yCbcm2dhw7l2H+m1RgmpTT3VSVjFr9Iwd
k7IZomVRDzi0zPGAreMLEJLT4QD2bg3qjdYhC61Jk2U+AKKGPF3eq24WpRIPoJhS
SR4gj4lwrnRfdjRf4DDWpF3MFRne0M+1HGd74Zr3fBMdfkI1KizxGLnxMa4Cx4f3
nwePqbuWUMZ+nPpjwuLL1fiIPsezbMuLzoWXfWCFGuxOO1koNe83+SOzFlKR+5a1
79WQJjCEfC6BPpMGNO8xyZ1SBUy8CMbkTKQCyrzLu9gasELjmFvEC2XtSTsF5cvd
Qg9dnQWWWt/+jtPEyHk4LyhhLV5RRX3luHdN8lQXTIGuPlFJegPZTZCcb/iFQAse
XcktuWSvQ6Rs1vcCmg4zZSf20JuerUB0tRBciLKisB+SFRMf6T4/pbRq+IuYiiw0
Z1waelejpvnKq8+AmoSCD0ethUQLN55GI2gNhXh86YXYDuuuY4vLzz8Xm3MwcnZy
sKkYgxbfKP9SP/k18aVphRaZnNPeClIrXO9ic+L/e76cJQwvW+cJdgmmljbFmkVe
VK0VGBX0H1TRQ8xpQoy8dD8ACQpQ2LKeXQx0FugHBFUJROcTj+yxxAjEpqZ6WKpl
7g7Yx9tp44XB3wug+ae3je+9WdpWZjfNbH5lTnd9/Rk2ERCmqDydtv/luqVgQ73Z
jB4xtWNlRJolGTf6GnYbUTjU+lmv42KzOMkf4KH8HC0vvM2xuEFNgZwDy8sdl92f
Gillmor, et al. Expires 5 December 2024 [Page 111]
Internet-Draft Cryptographic MIME Header Protection June 2024
Rat3sdLmTcOZaTcgbhx0Ih0H/CQNfbybd5o0NOGVXvkbieZc4BHuJiCWUtaJmHAg
tzIrhuKjvj/IYxdie50IjuVAd0pmK075O7NCpuX3gMqt1JTu1iyuXv8aZHfc8hKE
s5udnFzGznXYmdqsWJaO5rFEPCLo0D3WjCcr2i6FxexcBvp5mSCIZ7wW2KRrpO1y
o9GU7IijiseKnnKCNL7L5Dl2Wff8jJShtWQUXmWXtaLaT6r9ecDkon6EDsiURE97
cu5DTSMLnS5Wr7hn5XwkUqanubGrToNJDd+MxmZy2mdVtzbkzr0X8byYstnu+dVg
lECQNtdfKmquQBg7L/riHbpperJaOSnANt55uFhXB5wiPagvgKcODX/aMAeN0n8y
BiqTeonSAv809qqyXUkfnnqF602lVJnskXIuOf4QgiZMUGYSPlNPSV6py1BWTdDh
sOjmQA+5mReaAJj2y8Gp7TbY0E89AgQH8zw6n4g2+/nPpdeFZpYufy9gVy8KzrBm
6LO2aYARrnsHu7xY3Ysj0pAqlvcSW3DAj8mkEqgRWcpDffKJIk6fLoB5ytMnXtfT
Aos1mVo5Uj1D2yNu1czvEmknNtPAdrqBJsZsjX/DYOMfWOfthfcAevkvXuom4KDz
WNz/Fc4qKPQomD6o4DNCfai/R8pWcLK2o1kVoftIXsn+I+d1jL7NjZV+2Kv7Tet/
l7ir5T5oyONbwacu6zhTwji0ogfwH+8l9+EJ9qaUHIX+v8w6OWGfKxJ0dhXn8AFF
SzubBIrWSvwOCUIkFB6wYhgDr6xATWoc10GUlmKg1KCcHf3zr81o6JhOQH4OBA6y
t+dL/RGhKg+xR3avt2rch+04LMEGjuoKAuvxrYuWjmGOV4JKFJmrVmBdqTMPyjKE
q8psXm0Bh6GOLbXEXOFF98Htvj076aYaFTlh+T8xY8KVsMn3l9EJ4vUi0YKBuggc
5OJHFVoclJ+h0p1d8FaYh2UA22MOa12bF3lBlvetbC64o73g9bDkc+8qSup6rsYZ
miGKQa7UbrigVQTTbE8tJJLHKy2MjxA3rE2fZA5RbaVXIf3IxUzngAAZHWa9XKyR
W014dOCpebNZkxWNnAPnUvUS6Yvbo9wVW6rTsiU2WCtkX06LsRVSq86Jfh2YYtcn
cOVkTdCGKHVfc7qo2WcLQGJqwksRg10EuiAmyAJu0hoTnq6p33RTNWrqmS7piYF+
lFgv9LjKzym46jATDx/kc/fugzbMdZLDTS47xJs/vDcwbHmAQlLyLiKa1th+AU3B
378aUqOUhOl51rP2SBvD+tYGqxMPLzCy/ttBD+WtfzTn1iBY40Wj5riW+FWjzI+Y
9LrsoIuiDNGhjSY6OSFcymc45joelSeGLSvDE+9buwHvwUStUF7873VgfoyKbtq+
eec1iw3WsUlq/bnAcKVjAOIMuQyH4ZuNV1QfS/RuArZsLA7BsUo56zHUPBppnwr2
YEHA+uu5lD6t3TYzO3mHxDnV/UuiCdr5bYk2wtJpuzR9MXRxtTsnQxO0XCIIwVxg
ur/QbuHwgCkZ9C5ZrjgP1dTln56Pf1nFMTLKT+Urw5pzRtA/cN5G675mR+SpgZo+
vJZW4LiC2qXLZDxJmNfvSEBKRo9rh5OE8nA/NISI7zNQhXWOQ4hC9CSrKg1QnJ6x
mcO0Y/fdc6IhT3TzOZ93ny/Ie72qvsM6npvbMkJzXBdjb/YmybUA9ijD3vbXnLBs
8aYhsomM+ADjHlirT6mKIw8ps8hLr6YaJhkRUgwX72ROQGHlbCKo3GxWgvh4MZw2
weZnnHKQjF1bNqeAkdlA54K67N3uSdnZxXSwQ/lEdBN1HORrCgkid/HdApjnR7TE
SpJHaXb6Yj9LY7NhYTccCSU9TRMBbfJqG507qbuxdiIlHmU7PmxEu2ucsN4OFL2Z
83h5DoLE9anX/D/rgAmCs9AUk92vEdM74Qq/ocwUiF51R6n0oHjzJ1vegXyZ1Yf4
qT1MziSbiy4OtSRpeBltM8pNPOVBCfbk+OEIdCeeH+jvvVU1toSmie8bVZ3zvZHi
ocmGMeV4ziVgG3hYjZhZe4Uzx+Axpj+yYQJKHhZXuiJTrdyBI9epTVGHkg7d/8I1
u0bh+FztXcqNYK3PHSNriLpv+qBXbtOrF5uQTcXNcIbAIFWAxHUyyHEHtmacByT2
K0MfMCpQw8BJit67gunfSWn/5d4x6wcY3SRE4yQKNwQEvhBquT0rqgJv/xysIxk5
fgQ0wBp2hd4fysyvJbKeMhiXr/fYcm0qTL8dtD4fdKcISQOOos1NHGinQQ1I7K/U
4YtUeGUij9Ybd63MzWddwPaY/vKTL4PoMvOu4E3iV39rb9DrZbQT0To/83pKv3Hk
l8PNHYOOYyMuMO+wsECqLQ==
B.3.3. S/MIME Encrypted and Signed Over a Simple Message, Injected
Headers With hcp_minimal (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
part.
Gillmor, et al. Expires 5 December 2024 [Page 112]
Internet-Draft Cryptographic MIME Header Protection June 2024
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8125 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5008 bytes
⇩ (unwraps to)
└─╴text/plain 424 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0
MIIXbAYJKoZIhvcNAQcDoIIXXTCCF1kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFj1yu1O5JEfbIpvs+tM3hehST317tgC0day
/S/bx5dBj5JR8pVlfwAuHPLwMEQJwf2RS/jCk8cZCQZwMnmHt0MBD0tf6uCZm+lJ
nqN6K680uI6Olpit6hhOETomGB5FFEuBI54IBNfRiI3HB4V7OZ3tpx3THe5tmjQc
lHRp/H7EHe8FT/2pfHk8MsuFaQG4XwwDFXfJo51tEq1aQUVk8jZPwW0CsJlVJSkK
QOiz0+TGOtWZSsMLGvu8I+BUvdI61mZd4Z+oWfkEGxnIFynkiBTJRW1JerLP1MAK
D48O84N7m1DfOzaWdx+S96Qtmbl9vAxr+HJhdFTlGp7aCZ6umWEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjasgOeUnKp4VygdBwibPIww8
lFrEquB9fs/n9gJPUkxvIv58IRQqhh1rceNX+Cuepnch06zqxR1vw2mSV4I/fOe6
PPpm2dnW6c3W0WyFKDIfE9On0QKI08tD7fT9v5q/3WoNngCmaIKS0Pxfpp4Tl4Dw
AXs2sQPnDjNjSTbKyaoH+kOTPM9bnjFsgQu+moLF1ckuWK4sA59vqDHMVlWnEJ07
KzEkU7o8vsFJs7lp+lFgugL65KTqf+7fUAiamMMEEXexTv+Qm/czEpRaG6dH8K+m
eAC8D54+ok20GtR18tu5uUpbtzHelIQu+k0o55Nv75W9ZTJDg7cRmzB9wwv8KjCC
FD4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEE5C4GiwfjtUZ1FuC0w8MDaAghQQ
TcyL+pP4MwtaTKxWXVgPb2UMBDBrY2cuGNW2UGoTolCC55gLytA/HlIJZePppA1w
RghqMLdgMih6oMn+utQfldsi6VNszGckisHWf41slLN3hdVmqGHrB+aFOJqJN9QA
hnYae6lugbSP72zllZ1M+EpWsHH2zr/6lbreGdRYwI9ABxaO2KvPeO+X45/lf30u
XpBrledlyJVA0bTtLgKPyuvvRYLn3o1ia4usneJB6gOoiNYHi1P3HIB1cmeOgVDT
WRYPtAABSAl55jKbSiEJOQliykJW38wmUvwdSxCVoHTrQti2Yytl261z4xL8DDym
r8LkugcO1gG7AB9pGy9PspVdNBc+iXHlS4XbYN3cU+w4rwDJxy6GZFpaNhGrak9y
PdU0doaaFXSg/rOmBgBbujW/r/ggP35RqX9kPZSH9o0v0pFkkVQBRErdzbHtL0Zh
y4iwbOHoeQdAgvGjva80/dYhzy9eMG/Br5PexQpwipfMxHLb/IXSqB9ZNxvWdlC4
E4kaiN2pSJG0u4LeG6UDvHvsUEdJQsby1kX1Sofj449cEKYB5wvxF3WErEGavl0d
Gillmor, et al. Expires 5 December 2024 [Page 113]
Internet-Draft Cryptographic MIME Header Protection June 2024
xhyRPyf2RxNDvWHhXH8d7iqVx30Y8McHuPF5/6OAEWrkDAmQ1wpE+iVxfU2oLyds
Ds21f2Cz6Z6TPwKYHB7TY76dMcFzL3fBoRAqOPDd7cpEN8W8EJZpfYPH7r0QnZnF
6fobQV2XxX/24fyqNXjjk8iK6+NsclZ4Ttni/FQcJFxVc4BazsQpnJ9LCXQqinDr
Y3fIExHaZzLW/riOzhi1mwAy1qkAQ5viRQG9oFn+JA+4ZMXxoCbcNcxuDe1b/com
QTomtcyO3rmTWQNAbTXCTKSGrHwPqeZNR+86wMeUV5Y5J/LR3dq3jhjxpraeCFVt
ipZW+echQLLABx9Y8QZc74NEDdI/CYVrkLf0uEK6Gv2u7r/jYGj/uTO2fd/eRpYr
VMfMTShyFQ78PRdupuDYSPviEdhS1+BNhwI/KlCtxqFaGs7v+yt8JjFqQbI2oJMn
kjFhnE+IkhEHLKVLtI5yJW9rfdZ+WtvwvhDmazwHkPcF3+oPCdEerhSVjfO22UyH
MsDnW3D46xWgyb6s/KWh1yIfxu/Id9i8qKjpApL4PmHmP9/NdmicF/J457nlHmKp
xHJz2yhRY7AddOzFScTdN7RvHZANrXAcLlkQA5s2proXEq8jIgdy4sEjaKeF6P3B
3vQNqNAQsei/l2+lg8b+ndk7sZMbuNzINSFbwNU+/BCqUGI/2qY/pSQgSRmocXhc
5qtTDDLHUS7YDRaiZGgr4PZRQIoEO2NUAGs+6nOoAnFBt312/qUyNm0d+JULrov0
rN6UCnBTr29BmMGO4uPPbpzRWTXL5v2vq+CfuhPKkpvVzskDbWpU7ZAsO7aOo9V1
RzQUsWiPAMUFe8MT25XZwzpqTACPQI0BHwgLN4pA6euM/bVAPqV2R0mKl004EB1E
Yv91qpvWbdx2/WFqNJD1qjzbh0MDxgvK8dQD3msQ2QT3/KKp4RvX9zsydPDWflbE
i2ycWMmeZpqT6KNS4RuiEi0h51VfCh/Bdsw4wSQfS9XIT6+0Q0vGpUHwB6ZxQLgb
KuVXF1ew9Kki1jkcujzmUNH2yiGZwMPXJbQTyWkINKpJI6pzDWL88Q8usTvL8Oc7
0KgAbe7ce+54JcTEpUy/66k+YPj7Hnm7CZBAy9ExpMkk0v47QgdRYjCFrUiR+gaL
B6vVzqlSZJ2pcPzDgFktVYAzkf0FaF+qDoMPpoYhno9mQ1l8joShaVWT42QaqkGx
kLmBBrX8AU520gVNpnVxj0c+fRnELEV5sbM3UZ/60XaC2ol5aZPW2hxX5qd6MF+9
JwwsfIzdkgTG+sxihZ7saraCxPlow0IE21FIqqKy3+7UOEtgea5ksU+lfb+pbNxG
bhm8pYftCx6mS+Ir6qPlmbKmemJcUZFBXstn277E8bpmNLKYwhRF1ZXy0I36X5o8
+oxdgA7HFpfOJsNuAbRdmhBBTfkwAW4gvvohCz5cFLiX/CoKUEXDSbG3yGQ0iraN
KPFMyGvcGtr1qx1xX/WIvISWq7G1CwV5bqZJxwZrbNYN1v3iIZvtdro3jmDl1huZ
sGKIeZiWZW3T/ZpQ8srZHZarKOgPW25U4BEPYP1SuUxJ0jB0jA6RcxYT83gEJJjk
t10e8YJfcDNh3WxiLuVnqEj5BSz0opDKdLA0zMOo5DE0DfRYZqiWdhjnzFMLf3nF
J45bpzZOy2la/sIwJCxAuV4HJt9gT+Mr7RAN5z2ACuTRuUkAfVO652fzUU5mJzpR
kg6Yr1xlS1il2avD5o2RVxMz0EBM02KtPMY1W+uwr2O7xTY3OpkrhtGOpeGPvfkC
Pc2985VhoihZhFOzuzxXIZ/FGAbIrZLApW47uIaMnQXkAVcQHnE2O5n0pi94dY/d
hJJY7ez8TU9KPgAI0KAasKNb2VOL9lOyUhD8QpiQEIeCUFD/8dEJ3Tz4W34TnB4l
4sicVnOYjgmkHQ/mklU/AdIMQuKj4UglYzoxXThaflIh/uMzT015gidmMX3AX8Qs
FmV9hacjEd0ewkDVXjvi6K4G3hNvNPoAfYb6Hzeb8ddnlVSBMIIYTGYAKuZn3AjC
S3UprteC84wb9F6lEV9Ej5b3OP8g8nvIo3v8R2CUObY957iNt66IQRCg4KDkb9pR
qk4zyYrjdXhqY0eJXtD4xQMFF3+7kYdxJ9Dr7MCNruh+64XpxCfzs1dWSv1F5DYX
c44BhDyOTjZ4O1jb6hjAk7VxuTLjXeyn9wmNtstT9hXzgaPDfL9XkwmN3fEXf0GC
DwWVQAVJI4bgrgpRyvU68b4ZsxcEdwxWnJxgavRTnsWZ97rTXM3uSAxkbTtahgsL
jRibDk0Z8rqFZcb5/Ce0VFxHWMTLCN8qdOZ2JCiqULrPxHD0N3Pmrmrwrirx6/Xd
BwU0pe36FKyRHR3bLl08XW0swGyutck+521aj/p80N47tgmUU0wRxdBPWaZs5ipk
N409uoXN4n3SasM8ZnnWHKtp0BscLiPZdYuY+o2e+f16T4lQfvrGtP0E1ChgKk4D
pGhN3PCHRemkEow0HZhK7vwQuMq45j7bPI3C92a4K9Gv9hSHpPwt2+usqdPT1QsH
XLukHZRuxbBUHcTJs8Vf+OvPkWQs5cVOv8pO6XECoB1xHUgqFXnM1e50BjmTcEBY
Xq6vGxgghhRh+ecIYEa5toeajNSB5pOR51rRw6dSmSU1r6Fdn0hUtJXSysiI3vsi
ff+TkIU8uTZ4Rv+GuN0dAVSq9vsBXrQOYoG0T9BrreSfBEnavCLPPX9GL+y9vMED
2Q9KBD3dvgGJ1U8TaJztxxDn8RvmJd6Am2g1Gvg5f07Ix0l8bOtMCxs813TgRdN4
kQqVk4op5wHZyHfVtXfmBFeTHI7OYGwX+dikpDiAGEHR1pO6iulHqku75PwLO9f2
7FGzoUZZXj6IhuFuBw6DsJpXFI3FuY6PwTVYYqsjXcNb1dLhPo44J+nYypvFjFlG
Zjedg6Y7RvVp2dVoJpyveMHqv1ZqHK48KPUbixI0CDq8y22dkCiVegK9xG5yghxw
mDKe+aKLPiGzizPLKhVpLSjzr+gxjZ4jIi7K5kzLwgoPwrf0ocMwkFdAseN1UgAp
Gillmor, et al. Expires 5 December 2024 [Page 114]
Internet-Draft Cryptographic MIME Header Protection June 2024
YBqY/EyH1L5n+2eJ33VGwiuTOaO2vsEfDgd33Alc/9owmbXEptLKaDRSoUFu52yO
UCBEgx5F7dmBAOXjLQgYsBwyJgc1u0FWA5ycAEQCVihXao3GJZI/S/I1KPBZeGR4
xoFGpvgTV2AftDRUNKKeJ7Ru7CrHv8ve6mITs9Qia0KV8zqqfqwdJg69oY4xTFEi
AuoEvOjLXVplLdd/Vxj7vTlcI8Uq5bBG9e2tligI84zACqKdJiWB0Fs42PXXwGh9
a2yFdBYjFzXfccN1RbWN2GjoSnKJ86Igmw3S7dgRwTiIFvtO02hpqhbJyc/YnJ6U
ksBNfiHg3u6RW88MLzKPqCp4fLAs2gUrcosQqtfBjkGYtwEswjbbwnGTkMrJF7xy
5XWziyBKNH1KeY7QzBg5w79fDT1PJTk0L97+rw2lyW4bJANZ/+PAQrLdjPjlJueD
y0a9UQLdK2jIuLilYiAIRKvtQHPcIp7eDFSj27t9ff2tadt+3EzN7kcDk9QbHdau
n+JitCzx1cAZyQPjJlsRP9QI69962teYPFC2xpWDuyWczcKijNM8DMkPep5iUWPA
tCkN5bdG0Iw5ZyMNOK4gtgS/uFdsXYm92PjMeKPKX3upLl8+uPnBDoHD0Hh2HP0D
ms8rWnSLGw98gpdkfyvK89VdU2URyA9klkoV13jYBXRxem3p16EZSbsEwYPVg5Ux
m99xq8m2jLgncBm/eosV8IXr6tWlraEZ5yxrfkHblyJCYHj/Rx+gBetTbdWCuw2v
uT2+UneGBj8+0MbP/gOcYtCZuUoLDOJoqacYjZoqdTSsDCa1J54jFhGguFF4wE4+
HPIJYwAVARjo+6XnVjkvCgs9nw+cvvBeidFsFKt4FYfpFT82lT7VP8gK2skyWKPx
/NhpX5iqN4y7Ki1mEdJXs9fwQV9+fkcoAkT5SJ2XDdkWmfAAWFZ1QfmfDAAhx1Cf
k8F/f0L9AZTgPFy2pV4tpZBWv1iC5rBylpZTp4bqDb2rZEISXRBZXNekmE8CV3Pw
Q8q/x5bvhSdl2r4YIyWkX7xtJW8AGmNe3dsSZAa4ZAvMDRZMNOM1qQo+XPkH3zPa
Zv4HLEQiBKeoN0NMlqu1ToIQZShVpEv09cTRYCVDkP0vkh4qoOyAQqs1Ee72oQgI
Wq/iTYjXNPB4hTXr/I+6UPfcycTI5DZPN/TkaVkajkSpxt1ZYJ9Z1xTT20ygZgQ3
yEh2RSVMIEf3JfU64bwNwnFGn/we7uqgbm0vFO7IIJEaa4ZDJP7pOgjgBQ3s7VsY
0cXmiZiT2EGn2KhFI/5YPO8WrYNNybOq3Ww9oLYnwc4ktR9aA9qrK3zfFrLriDjw
a4ikl9FOStgd15GYe+RHP2FgGoV+l/XISyU3jBmtFzRm4/7ayBWkiuA1Mqq7UH2C
4miEFlytQTyRqUyXScM2OVQHt3/tEQt75AJax8Yfl/8NaOlpcFrp3oYcawHT4ix/
4wrBsRDj4iOY4XcXo7vL+/bZ6jy4noAF2JhJRIHn5N6Jz/tLFtAcfCBFqaHnEsmx
R2qDQ1HgCaKBcDKP7mMzn0+1wPJmoQrvtUnsdqe3g2YzTuaEOjZGNfgWQxUWDXAW
gc0D8cLpaZaKBd5J3uNttYJl8GA8uJbq3l7TqOgiM3KCqOPQDMsK5fNeXR8gss08
960mYLgrdFihYtQIZGwlpCBTGSQciiF4R9mGfPD8xt53hXYlqpl9iYBYCfVU6jol
SNM3qoEI/z6X07WDKxEeAR0urO7Py4U324If3DGA2kmAND1L6IjtPdP/RjF+Wj0w
u7HNSX5hFOI4XXMfBm61GP4Y0V8TFwKCGDaqsWgL2ysiTpLwlkLYqQWtPiwxyIR4
SAK7G0N2FJSoRvYQ8wDYOj/B37pjK82URth9ok+3fLD2BdKb8yicI9saMSrziXQB
E0tFTNcCgoHuEERln26QCGbUwOXvg33fEQuE+hoEHNlibg8yhKAwCSlEQxpFvKdu
V5iLrKUypB+NT7LavjDiMapgy/4jCK7FzOiYpI7o7urNd8/jpnMrY0MM30yVFzT5
g2zZWoHgS9p9skDm4qp/wBe3cHDkjKHPDVTqZvPMvhylIAqgk38PunJlrLA4pmFV
/HDfUIHQxghKyMBVFsDYGwwJaKGDk0iJcTndgc1xxiVrBz3Vo8rj8L1CuygKzEcP
uK7FjUlPh97Z0n1UzbNF1jDA2xFHkKknXiyhcPaytmwDRsRFGA3JapJr9A651p+C
nigpld4uFSLQU0smA1gJr5nksNrEb9tc7N4op4mxt8X5j2lOfC4h5gHW5JNeuExS
Br2/UwVrMgm4jVO3IDfpYec5l7xu4gHtBsV22AiWrDR2mHceP6tdurkf4cKXXLEK
8+WV1Q1eaheysAKKA9yL8LvBCpidQtrIcFDpvws8Vs2hhlXDeWDX9TUB5qHUj5hV
9kTJrOlUELJmpbQIguJRmL3pkuhf2OEXCGTV2DHxzy9QkK9Pua/0iX+/gLa0i6Vj
IzYNg7c+enp4Gy36iRbQMe8+NmgJrL2P4CWfhuJFv1Trg+LSF13TisUdh8atnIYQ
VsZFgGSqG/RjAIvxlMIWeYdHx7q4Dd/pjTA7n+SCOyq740ETPubVaWiMlpJTUask
A7xSHnZeEJEyHBfqHVLje0zbjfPjMrd1Y16wLET57YdYu/z+Q+cReXGmys2kJJKA
uIy6wCyaL+KHovl0/iSlx2JJb7luHenJRZsx55OnvpwNWHMMeGrviUE0+JjCKKzo
19IpuInlzL7swEYdXhJTLolZOoSVroTF+mqk7dfjDbOU2Yc7wRSiqyV5RR832ULL
zvSvd3utZ/F05Qfyx7GvUX369tJDTyuPOwGpwCAQICJUBZ1fVtFPN8rgpf2ohIQ3
fNCD8s4zUNBaEIoGN73OLGAd+4oNeMq+2CcNd9WX0v6CwVRmM/MGG2taIw5L1qRM
5ewPM5pyBdROgDwQZ5XEfsi153dNz1l79mMg0ctv0MUeASQhGIMdDBYoNzIcKNcv
rnhfM505HRDkZ2DZC1xIcV+POerH1bIZGalBflX0Wdy6aVTRFjfgXGGvQdHGQwKQ
Gillmor, et al. Expires 5 December 2024 [Page 115]
Internet-Draft Cryptographic MIME Header Protection June 2024
Yi3NOuGKejwhhFS2ELeQEeAe8RDnhiqNLkYoqOSG6dLkgxWN8QUZneK3mxbs7uaU
Iwp9yJ2X9t2K5zyntQOoinap4zZxLt5XUELhfP7xfCrIUsRo2XC9ZwlU6ydJZQDQ
B.3.4. S/MIME Encrypted and Signed Over a Simple Message, Wrapped
Message With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with
the hcp_strong Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7930 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4856 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 985 bytes
└─╴text/plain 320 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:11:02 -0500
MIIW3AYJKoZIhvcNAQcDoIIWzTCCFskCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABheN6xKbAUdsr3b3fGb22mDISyDySh/bhaH
msyRl3Spuu5kMmb5kHE8hzz/q82XyChoS37eay5vGHmxpfdorgDDE/XMhFKKcSQ6
wH4AeyYNdAUp89PoB/aJZxj563x6xHDh8r5c+84TJRjVdXBmpCS7jrBiId1cEEc7
lzpjJ5fXJPyoj4ahY4A69MEUHBJkp4ALTr8FAceG0ODtzXnKaKVqLUWBtYtLaW+0
OUhG8TYmzZbbCkJEalF+5koxKlcpyMxLnZjAq72hemF1OZITpXUHgrERVkln9ll1
OMXoAZhEvmA5TD035IDtdW5ME6W0Q+4iYmQ1KN1ElA0/nRtjFD4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAQVWtDv1u76hM7/jQRMbuHmvS
ZFx8Gv5860ue38+4S9GU+L9B7q6ohO4QWZ3Xb6GeYOl+2ZMAqjjeGZtyhywnXuks
XexGaMeJDbyPdYQ+ihwBfZihORMrqP3dEvM1mzbCOGcwucDjezEp3fzU7G59DgVD
F8r7U6QmlCG6KG1h3CaBHTTM7OsPpfTdDYWVOUsVfVSDhw95qW64JAKUwCzTAiS2
plqkJS3UKXcnY7LKD/at/PVeVu7KV2ni872PPT+YivCYK2mJtJ0co8dYNzfY1o3b
y3geXXBlUSHTsiMMJStTc71m+sASF2bhiyK/43OwP1o+A/NIwNeYMwE9dzJnaTCC
Gillmor, et al. Expires 5 December 2024 [Page 116]
Internet-Draft Cryptographic MIME Header Protection June 2024
E64GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKbPOCQ66pELiejugz+uH1OAghOA
r3Z7/OeGE/z7j0miiivR8z1W4mBJAruou4Cy1T83JXCSbpUYQvHjndIm36AxGm1c
94SQ9hMle0P9oaQA5XjIa1AIQC9wBCPz1C0s6ScHgVXOhCFl0vWcaAKSZvTIoqxJ
wNDjpu0hb1azTQnn0NfKrqKc+o15NCB17V82h1fCIaX2sj/3h6KYeI/dD3mI1Yr+
qKMm+oCrLpYMkCjga/99EszsnRDvJxNwEAbCN4i28e+EvVfrjaeFheofdJTZEBFe
yvFyue7DUWurqtDWdbdPo1f8Ntnhf8ksVqgHq+ewpwNvEN4KQgaGZnOB3sVcLYLK
/UZpLMT1Ml+kIWTIup6RTWOhc0OEoSz7jdZ5HpfFgs5DKkLajm0BmQJmbagWOUHh
oQVMs6CpJ9JyfPncbrEeTpXLKbcs8Jw60pwyU5wBVUDg4IG47k/dl779ZanVjzAh
fYPcoLhWUDZp7aTWZi6U6YcBbadR8/gAm4mvOpT426p8joV6/3+p/LO5Fz53JODS
wBZlT4TWVxoc+1VzHxUwpuiR8cYAbjKNKT38Te7xtx0GqpF8rIZl4Nx5Sf44Y5z4
2U5pNMcPR+nW9hx/5/gdWCWbEJSP0mrOZktKekgOkkjGeToLffVLEQP/ByWLo42X
IBZh/bOzZYpbavebcii2iIz9FCuYNwjWc6+NqaG1JQPdL1XjMOUu6rkApaF8SuUt
tqXOVoYXhdTlNk6S6w4oAgvVkqumCoQCvOvx7XZnyn6a+IjEcw9qbgrDkspiLQ8y
Lc6/prtqjHk7BEVZeD4fOLsZ20wGFnVchdBjbDCqxipzeDyquwQ+DN+EeEHtuObM
4W520PJsogRsCtU88aDcXvoPlHgyfTtBqc7sSKdPVtl6blFY+tO2EM4bWXJBj9/N
lXULdEdsWNXW0/sse1PnRt0+Nds3CH4n6TovxdCbUBdLO6zqPG6OdO0Ah5H+aCCZ
5MHhzDkeYWZlT72LUjrEB+hkGqzgW7LxcCq9cT1FTH+oOtp4Gr93KgSngTLvRDQg
JC5CPbr9lvXzEuYja8OtqC+PfMKYbtU7ULeiFa4aavSpgt1UQdiUjKPfC2HkBLnP
FzVu7LLiADJzdnBb9DCWkl5tJgqbsTLbVl2uTZW/Lt9CmgIwTULe4hLrnuZ8bdhe
9qhqnQoNLNt6kQJzU1tybMUS5zszTvhGxdzHkniDHniSN2nhU1M7gD9MosOsroiP
/PI2L5D+0DJpYknhJw1r6OalWXZYjhuR53jEO0JQmFRmb+Tf4LcUIMwSwhkGxlc+
CffJ5BMC8/nrpYZszfSEJ4d9Q2A6Gx1fTFbhycwLUMs46WbJBfMRmxBY6rug+mXh
oglwY7MUYn4B38e/vw8BnYCqizLDhpjH+0FNhlqpvP26N6+nx3MsPYlvZ+C5MHn1
vGAujXGP53Y2O1ndr3dx3ko42pfZKker+4FeYI+cZoGaUES+Ja0rC53DtKcaTua3
cQuscN29r4WFKRyhv+n5U5S/d3JGR7EMPkI3aIwW8xcxvDwMdCqUxBs7ZVLuKIwF
QmjROMFQf8g6czbsTb8SqmcToVNPMjy0uAMirLt9kt3nC4Zp5iLOol0tiJnJzdwn
WAxSGvBMRAk/5DSDzyvehrU+AE54DzJ9oHqU5NG4GELeX+zS/SLm6Z3Ah6xSfKAK
qIssggpDH0io0k38GCRUyG4KxqbBm0LcdyfsxDkChcyqvRI+8uaaNeDnKxJx5GHs
sb6fqBSUQIiV75ROY1dMG2fHLZo87tP3zLMmpVQTd3LBArxknacgdzdAGXWZywhV
fFKlvGLuw9oGOk3mcuEHoKxg1+BTxXJtGE4Nea1OtdSEJu7rnv4m+TB8BCPLmMug
SXnK4CMST69uC08vepaI3vkEr+hc/aLpl5yF4PP+2/YXsDYne2F5GFNyefWNxzcK
ScqTW8zDI3s881jSWw2yZbokEm35LaEE3/GrgyTj8Ugr8CZJryERYOptjBgBf2wS
lLmR7LLDasv24166tMKPboyqVIlgUkjj9baL4v+QvwPVcMLsClwtqcPOQjh9dXea
wtEmTnnnjuSQhalaO/uwU1GV7J52gexYUUJ1k+tgOOHJCeFFcrTuogA0NSnEHtAW
ts3NX1zhXVBAgLA0fSyO5rTd3Ls1A/bsiO3QHF27dm7IoZ3LOFrzN2ki1VKmHNOM
slIAnHz5XUINJ2muSEcNj3uFmv7RScWeses3oIZLl82t5l0gtjq/eKC67WQ/zEza
tvrRk3WCaAn4/erjGLUSJRbQcuJ5pYz79vEX1pLFAsElE9LN2pxOJxj559PFJUf7
fqZlDZ2vKq+R59IR9y2pexQPUEzavTmjoF0zccPtLl2lA/WQPVabj++d1ygEEznr
p48eYWN7TiWkBTetxwOI7mHRc8C07SwhCFxm/Yh2VwKEA7wlIhv8jZuWYasOcflG
YpKrsBywrmeKfW+IL1BY4ky49rPi9QcXxka9sKdhGIgoEmKaywCj1sD5i7A7hXIH
x8U63pATKdNWEvws6c0o6LXkAFRlqr5pBzrdsh44/qWmQzQyVl0Ad3iGc0xUHT7e
hgw3uCFiGsIa2G3rY9XFG7y/q9s0faqch0+gqjhyBuxzIPMGCGVKOckpykx8ueFI
oa1bGK7dFrSNke83Hp9UCvYRj8h9H7pKpY1klSnw1M63bNsch0awks/tAFWGALhe
fyfoEDy9wFqEWRjEGY2F/FbBHDHzDhq0ffXteCcZJhQDwjs8cduoKI1Fy7koDk4/
1MbYJblQr/fy59hZfEJqd8QtoDbRG8raSvun6RQBbM+yCwPDyGJWKH8urKlHKvPy
gqUn2A4p3GOfaM8LMf5VWjJhRqqe+l2KNzBruT/OqkqfkaVaFmQ4NzR+w/u1+ZaT
BvN0zUi3tuDlBeYjaGtZOawu8riQCX1FnW20tQsLVHnxn+T2Myu90+Aaa7Y157jB
mGbMhYM7PF9+FpIEz/kpWwWjB7sWod9vHEB3Equ2ttwK3ljVJO2T4vfMJ/Xo/X/0
Gillmor, et al. Expires 5 December 2024 [Page 117]
Internet-Draft Cryptographic MIME Header Protection June 2024
6ull4fHiWIMcqrUXAghpj1Xpp1J1SrSTauzSVB9w7XnBnf0sQFfLZEqOV4WCjdej
5Njl7dBWMhsXep3/Fam9BvWRPlb2AmVPWRFhlYfTr/dPABO3n6TbEcmE4WZfzCl0
mnVDicrLdM1Vj+oC6Ko2cLMhIjC+Eeftx0wTn+CzVt5Ism3QApu+3bc64Y8QKBR1
mHcju5ai+nBchOc5MU23X9LndpJdz0uh6NSIZT3T5EhG1qInIHRJt3sU3+N60xFc
FqoI54rPQvNRyDdHQL2f4DhA+Zg2kSe98J2qvNoejW6yRl7dkSPZybrgbS+dw+23
xVVU0vY6TYBiZe+S6s+IO5YaXKJwd2Ps/W4+ROF2hFEXrw8UY4J6wCv7Fwtudu7B
B0bd3c82ZTvOYG2jpwqtRB9Xbj9/NoflDXN8obWt8I2GrwsYxbtlkxzFaWefubTd
sCR3LoAcbRDwxVCIu5A57Wslt/Dc9WeDuewloyIbci0JU4umXljJ5TYRlMfPgGbZ
tpbZoOwI1WYYo9TPPrgdh1kWcxsfW2Gf4ltLZFNb42RatAtTbpuHXNK/tfe3QGC0
GNg+Ea8FSF+EjtbKJ046RqjS3u+8nwFH7VydOxRIKT4/qZG9/5BwlvnxPw/Ni2T/
0pG2Vfelv0hgoBvol9Egh19M+JHB2kO9ZBZ/L3ggOSd7bNDC5kPdhPdeRDpKzlIV
wvC0eN24QkHzlaGet+1xAUWS+AY80Gxm98gVXrgBhOEIKdps7/sVQ6d4AeKrz7fU
Mrg1Ai/ekAeMqAD830ruhocee2xyYDY6uWxwKQxhA4hwQJ1zfIMCckjPq+3vrhjP
OGOGQ3fhDc0USzMJpXjF2Kqu4swKNI0h+TgJFmQUaC/L58opsVDO05VWrDklcF6X
d1jbEk22HOwA3n+49sZYNFNpUto8H76H3w8tLzPB+LwXA9lUGWRm6MKRPcuwQJT4
nC65fSNxChO29jgn7TGTtTi1cQEMa7kqZPQdZh3XHMclKCm8aRTutELGiZEfAXTw
65N5Ah8TW1xxCSyTXYNskEig/aqYc5oI4xp+BZ3UVSw7lAzcVXb1vvr2Ew2Ey672
Olqy9Nsx0696rBwZ6geAO33NtLZOgAHdGLrgzsN3D2fTONPwTJfMnBYyPC7Y4yjf
hnzc9hDWmPbrkhgfPl43Jpv4neZlojEEUc86NYRMahV0i2+eMHzICfEAhSq7fzuE
BGRp9DVF31TVhXJBQrZdnYo23FZhxg9YE1D/ZB5wVXA+tqMIsSp5ntLvFbdi+lPo
TnkyGI3eTCGthlbFZ/OQw/9coqZFmfT3xDCiSJVuG+wCDf1bSa4b6NEMuEAV+2rn
S9OqIKxLe9J13W8WHf7inCPepOoxuBj6rJHdjcR595Y6jxWMz/+g4os6pB5y3JRz
eaeq/xOuw0P9qolNZdu4ORP3Ho3JrCcJIiH6ck3JnwpcetuWRUWgkVSqCAaUJejX
bNp0xxnMjHpfqG7VRBIlkQHuwF1WDDcjqE2r/NkA2aSYF/jhWRURAX2TIPyIZLIH
JHK7BsiffJQLQQ9NDd/cb8myXbweUbJfaot4KLjFhyl+3dC98DbwcnvaMEbDXXow
VcVHgzsJLZFMx8cwtMfG2lmRofzvlpZ56IGmazua//4teCxx4BklC0WcfxtkASYJ
hTk9w867EnJDoKqeGLIlLhX2+A1B5D6ibb65zt2GKFk8UImJdnZXr99h0CWJNALx
9KPlIwQxeGfrYopAqvWbwcYzwVcCeOlW9iNkqh3jvDcVm5ccmK1A1UW0mASeDJB2
OekuU4/P2AJmgaNxYBh1N9BC1xnoa7mFm4W7D3juDZDDUeLhu954VQkW/t79gWgb
UUw5OfNDScaKE+8blkBqHzbP/73APVFSc9ZF+eqpqyc6W+vWkmvfyYPwIOzFSmA+
ZfrSKNgs6Z7vB/Wr65DQ11UHe4hb62Syav8Mk4buotKTqdAE+9zYdk5aJGQMPeBa
xZbP2pOWPsADQsOBKL0x/L8IjZCpHto+ZcpvAMdMXHJtLKenM6mr894qhRseMFXI
vMvFOOecw93CWmnKuc5INH3TernysKyfDhUJO257bth1RKJ7+RnfQtR6Vyg84ODs
ZGtFnGEajPNyXuwL/x9jHqcd3LAFZ8voRmZ16FlzyU+umpmDJkKFnVMz/IxEOEJG
e1jYGenXrz43goedK9jOG5PFmUFyhnsxCwpVh5P6QxQXYZuMsg+qYx3mfNpsEJSH
YC4tde1cICPIi/SGS5GJkIyLi5KKrkQOrn6XZ8gO98zse2XaDHf54+LCBjYHSYhO
JILlrqdUxLitEsnXI3RB4ZWItzK7zgrrTJQfNqmEZ8pkzW27S7O33yNzN4YGJvav
cfd5Hmi8q9YFA9a5Cu4Lh7/5uNp1nAyGJ/cFM7RNa7Tykz1rX3hzeh5tTdQNXNYU
StUZhiptg4tw7PwEQVdLmJOBjsZ0WBdbP3YRsbjdgWPamcappcnoiBHYG491XZCM
NSipuroBbZTyg/XCUxluiagCyQwbUQq4GAeX6yzWODujyZsdCpbJWO03AeMz4pZE
ShI6lfFFDK0eZgNkYOyGenGcVIKEBNRLZ/3lxTHcGLf3keCWHj14agBeh7Ncb0lu
YdsVr77WH2s+WYzuw28KREWHGSy7KsqyIJyxsjBpYtqPpAbdk8ZymFIY9vDbNU7w
2pxxNP7r2RckdhzUOVFLIwqugBNVdIZU0Sm0UWS7WrSUBO5VyB6t8WEsUUnyeb8B
pUxlta6S6PgcBU8ldvackDlEvhCUeAsXeM28/jF1zfNHzF0wdV/aE6sPqVA5Sckn
cbbjdcaRKoE1uxgmwoFBYZLaFFiiENTg5WAndR8eULw9wLWRwzKKgMkd+G253dO9
sxYsV72p6L6DgfQIFChNaAhN9OPedqohIh/wYtmlPeqkVyw5SvJ5M7Y6dQbrQqh+
NSxWmsBmPwESz1mkrWWLzR78ibWqPb16lVerxx76Sr/pk/AuG4LxybaEvVFHX0Yr
7Di4XOGCpNpX1ay9bI48Y8V0T+Deosc/rtwis5IfPltRWj3KbfWt6NKghnXopm2X
Gillmor, et al. Expires 5 December 2024 [Page 118]
Internet-Draft Cryptographic MIME Header Protection June 2024
kxknYsHZ4EzgLFKE8Gaoqiu7LqsM2oyFEUr3jZgdXvNNF6MX2ZL7jdn5m/mtevoT
3TxngGgaK7QISDVaFe5wNVfVjy6Q6WMj64z+DgKmNR2ydlhTyTzVBjG8mHNw3Muy
DGnRGY1ZKp4WbvXsq5puh+yCsT+3712RKeDPMF/rbYD1xaRhUXFcZdxZXIvAoqWT
LWa7n5dN2HhUXc+GFFsheGcsZA7npxEyHXOq7OaUpmyeGr2A2GjVwZbb1sOjh4Sh
l6O2+28NrNjXSBR61zUyhlFORbIPlpt0s0qY8X4Wd/zKbDQhi7OHiMC5CiRoqJsO
LhzX+gJD2vWardPV14aHMM4U9AW21WU4nmdEe/Me2ywc3jl9uNp2bWAFG0Iq+RFv
QutWPwX+7R0T0Qoa6C42fWj6ZCQ/QpGcljpMbT0fNx470bU9IWnM2DS3DsN8UiBz
aSFvztQopojx4gNAFqjrYu+EzduJ5eTC1iadUU+INmIBTzNHEa04A8FIH6bBUcp5
mwHTH/6EF4a3Pn2QeZ+z4emqnqCYj0pd8EYk8XtpgIwexM/Wouo9XnrRhV8BfjFh
B.3.5. S/MIME Encrypted and Signed Over a Simple Message, Injected
Headers With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7780 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4758 bytes
⇩ (unwraps to)
└─╴text/plain 332 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500
MIIWbAYJKoZIhvcNAQcDoIIWXTCCFlkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAAPEUxBMiR5wjFUYESXlqPUNRxKt8fCR3UYe
hFL9TJG/Fw69gzE6fKRMIVmALWOfwN0HPoi9TdqeAiXAavKP6G1BMhjPmOYs6Ipv
+eGggMdIIeriUAR4x8/6Im9R9bU6nZvEnADOFo3Ce9I7PQ7TkQh3X5MjDai8mCFu
x9ePDUWYTPeQd+bKX2TwVXtruwNHZAaNdsV60CJB0finymlqt/X8pWjv/BK530Kq
llrXJw1icXmhECNMgl9kLt5jIaSWZfA1mCA6InDR4LpiDhDq4zeEEWgLJlCBcnAU
8Wn10Q5BFMFYmILzHLBJTnIF7zwVp6CJn9S+8hYJspY9vTElOQIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
Gillmor, et al. Expires 5 December 2024 [Page 119]
Internet-Draft Cryptographic MIME Header Protection June 2024
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAgME7wQMBs1J3sFwgbvI8pGra
F/zjlrN2RFSQCHKhkx6xgIuMqgOeBHC6ICpMORzFJedwKJu3Xcb0TNU3ZUrmsY0S
u54kpzAfZeCFqmbf6ezP7K7LHwmfA4j5rCWEWIlUu6AVbqpS4/QJtbpznrLBJoKB
ih/4z7qzYnOvgGNrjXl+g4ZNP9d6DMW1vm3AZZiOdPuJvVD3d7RqIJExV4tEXYBo
hkn2TR68EpM4W5fBkwZ0t6gWFxsgX7VBC7wokG1Z+NFiOUcgogwYryrFLFEiSp/R
zRHrKpIWnutJR3kUib7VzxHE4+K4z8l1KjFzqA3Z7N0fCjIdCUUFLVj+D6RPDjCC
Ez4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKsliZtATTjcR8uZDdM42y+AghMQ
1Wwe0tD3fu6ak+kelBl0KE2ODHsJxFYIGKRBgRx0SQyscJcDNiogs8UeQxmhVvG0
0TJJNv/Ousso7PlXxnO6fDSrOjF8Qnaoa4276Tf7VO7QBbdGo8SK/EXawXBEOt+y
gg3j4aTYLfXogzmOFa3ZenGw5d8gvu2BgTk2IehW0MP5dnvfreENSI9dRaKlyCJe
1s2Y7FWdd2Opbejs2TMrFaWCGFNKW32Jxw8pjLgDCV1y+YSC5LEymBUN7EF+1sGO
Qmbm28borO2pi5I/7g8Qh8TDKZbd+jPU/xq3scapN7+ctytL9L6hBX9K06ASfOh0
Nr1H8uu7ybPArJGClbCgwYYlAM/7M3gZrDF4qR1mu6lahT2HdM17pez+ax/CtLFL
nD7fTqNX8udwyIpR6N045qWiGJt1L8HKySnSZ3opQhQrwYAjugYvYCzCZvi/K+DS
dzDD9zRfc7/mCpsk9l0rtdReQHnLJ7i8kTWLQng9tNoXKUj2Opis7mSqArnup4+/
TZYd4vihTcXERfoOgO5B65Q3zvmjEwaskzO9cvs4HVxMKeCDQVmNie4GyOXCWlM+
gPSZJ6afP4zuhmuziBAHlZtHnFkAtjv4bgA3vRWb1TjdUqqdQMj2YBnIvWtZEpVA
xm+ty0KdXa9yxNEPl/Yd7A5zdrTUINC33N85P9celsT8V0dYcyaVE1FpuQeqqtLm
ZSWfzWPkSsPXg7320JcCh1GPITC+RVcNxz+CvWOJDpW1Qwd8oLxN4sMWHOKPeftU
/zFgVWzXfNpH66hsbugOXshU9NZD2m1YBHBYfEW5YDxycqKqNCQGVHSCea88C4Ff
lXnyA913yXAvi4d2yW4IOLk1nLz3ZGLP6+bmU805RQgfrkTnkz2Hc7ePSFky33cp
74WGy5XLnsSatWZ26j0XLSfprBlDlSmbIz3aSeGjG1PG+ogMLvyZJXpHpy1/JZhA
FYfODdvlqxqkeyh1rXKeNqdnfWkHLAaKFRIMtUkf/W/z5h+iJzWPYO0i6Wl4WtzA
pUeJUWb0m3le/m8IKdV1BvX0bn72+4acbRlHfKVp5gQwbFUmP//ErzwRQrs6jQGi
aA01eO1g3S4hFRJ8zYKLDoWS7v9AoUp53jZG9F9BeSrbm0pKBDzKvMFflOzBhsCh
SJ4wATxVpUUB2yeDpZP3SS3jHqkUsmRMJZaIjA7hRyixFPirYUxBR+l/gRfe5WzI
DtmWReXQNwlbkAgs7tTg+mIooWBbPs53HZ57A7LhiVj0j1Oh+tZb1WiZWyz0R6p3
cHbEtosMqHCMun4BA+tdpfxiWjJWvyNQ1JHJsPLI3B056SD9L7jdI6s8up7AmSjE
rLN1mSFew6kDCCenurghR+O8nZek1huO2/ZP3ka9VI77c/kZ12aNRBfHvaKTLMWO
1gDo0AwWhT4WzL0c+Rj1XOZED+iCTkv8c8eOEjGXA8/zAGvjU2UAXdqGeEE2lJ/e
jdtLCWophL5VXi7eq78QYCEWks8ZmIcPEMSms6x5CJi2C18BMHSvWAIzSoAsXLoG
0+re7ZFPuGg7C8owHhtTmVBT56fNxlbN1cCRG3DS3wFShw2XxAkL3ILZHOkZV+/H
d/Z9yKn25fOCTXkV0UDXyWLyo+UhNJufvq+lHc0/ulUDSrxGRQ0xrIre6Yu0pn6l
TstUFVkupcfUwd+MG78ETNISp0l2VRRFOHK1BpJK7m4EmHtMMGVB+5ek4xx5XG9S
Ihsn/2s64Fd4/RCztuoTNX5qMnelMxuxNqBl/symZNpLoZE26tP1QyEt/HDUEKGm
dxx+rB6QKeurheyXw1dxs8aFoai/N+gglsJDoYEtr6+xVebbHsearsu9LIOvj87n
e3VgNBfZmAK0Ve7S6zdI0WsR2uYQFk0mrnG/y9n2xGMKYEmrGoEK698KklL7f9ns
YskmUzsZaI2G9+WEI88quX84BUWR3p6k814Wkp0FqJL+Xpz40RuDfOCe7Z4Pmvq3
kL3KwL/Uxs9kh/qFyvXflgAETd6nNEe5G8XkgNHyR8KvGh4hfg7+WpghV+wv2SSl
3ZvYoMcelokmNkqlTdBRgkZFXVkdIO0rcOdLfVZ2tsfieDcQixaGOQAdQr+7JEli
XtuQRIphQyT3acYnkctIDB5KSmDDkK0ilSFmJZ2Vz7PU3P7fK5PMp4JvUlh3vmEg
aECGAAgADzz1Tm6jgaXEhLXm/UyG4hvCkRlsckaHyDlBGnDnxFpNV7Fy3kUw5qag
TZzq9PuEmAtq0FAvBZ5nKImbgKmwTgy92lv6Ii3N1mVRuwckWLP6ZXeu3GR7JQS+
3aS7WRLPFvsYYKrSq8q6cREI0iMGI9SgYKkMGwJ1uP7WK4KuASQNeWBD5Vc2aaTD
4nEVvKiG4ERe7plfFxrHVxBLlIT1Db6nlOS1c/XNP63i0tX4FwI2BmJNNwo2zmjc
Xd3JMOiWJyIDyUVX9O4VpXj4zjJi2+86I1UvvM2Q15RS2zBMiy6PnTy823CSiI/D
bzojNx55RavBNEDbzm0v2N5KI2AufNU25sgfZ2QJp0kWXFGHB/AnQxwnxBkByV5Q
kwa9ypNREDHchLLWororxsJnwxXQCwwgEaqxbjWTdVr5hx70pFKe23k/+D86J3GY
Gillmor, et al. Expires 5 December 2024 [Page 120]
Internet-Draft Cryptographic MIME Header Protection June 2024
8PYknsuosv9VZJUblc0YQDU8FtIDmz9hKN/f46BYp2lkkXL6S5VRPZdsj9L20xww
ZAmXlBmNGYqb94PaZPsbt5f2WxZzOEK8vawBL1JbPUmAcB4SDj0LMGnF0cRtIuHH
A1AXoydkXKSZIPA5supJJ6ER3lq5gfbsAvb3oXV4srCApEKNWHO2GNtq8yJbSVWD
jNqVOMx97+OeBCvsKx6Kq8NYMdiITW7N32PioZLWohMCMeziOIZiV1mq7AB2WRLC
x0m9iD+uvVUOgV+gbKZLfacaFXZZVGghGGjFgQwkUYZ2swWVnYEax+8c8n6BSdqs
WUoz+sPx4sSEzQeTPXLd2bs09AKAuaf+VH9Wo+zH8lF1JKrA8J/rifSsl6PaacUU
DYKeZ3iKJ+DAZd/QzUoinj7+b5UtpcRsi0MF5EqxpHs1IfVh6NNxOTPk63XlAW2v
+/o/DwssA3IeFb6ZR4AlWVPNI55s3pxS4pFOAldDH3yugtl3Xn7yYueirHV++saH
B5YRcF9i62BY8U83rBdxdC/dcTwwmRkrAVfo28KtANAwyXEfHjYbnIBJUvtXPSBB
7CHK/iJtdEVgbCsOM5tAy2Engs1nErG3abGpNsh7oKYJzSLbecv64mGjfsE7QZUj
G3pkDdL255P6wp8cYCgZDds+V9wd4tjerEYDvYyIl/dD10OPeC7960V8jmk5P+hv
IoGo9JDfxEKCUCNhHZG+lyKHRETlzVrnud6jbKy/+vPGWSeYjiuZpt8dxH4D36F3
9f5GH1KjYNCSjUTmyEoixUR2Q5cOsJOBpD49rFbklOTyabdq5ouCsHxrNfjOuup2
UYnwvGRKrgETI9dFBjLL/0AUyCQL1xCr7jH+XnCroybH4QqPl6HqjqisI/fFMf6z
kEEmQw596UQgNaeGEiDBQ1Xq4zt3quVAPyUI4ZXFkx7rWMe9cD/1/cWQbTEfHmZ0
66kpW4p+GYEYgMWOTPgvnbrX1TYofhSp2qeKIbIKW+zPzO7lgEO2AkbzpnRNExvf
ULRkXorrvF3Gw67uIy4OOJUj7gUby4ZCwqiNclyFxLWu23Udm+AQf12q2g/jLiJs
FEYVLDDWZGt85M+0GH/F0BTJ5JC5lwvulJ/IT0vmC6NJrxTXhaNHoN3K3ejhloEJ
xTbxy4JuOrjd2F/EYpD943VuQm9mb1hBIVR8Lh/IiDDtzBZRNN1KOSIi/x0Z7bIB
Po5iZkBmRRseFgxL/VklehSlWjolVNnu+oMMZxrrr0L/4O7PKwkFTwI0JyWqeAaK
rqc0OmHZj8srxi+hhzp44ZI9IZ6IZPqu8BX62cJhMtmWNCjAOgN/F/D1DNiHNQIs
wTjJDWZqe6Zp8nEHP1oC8n123jb2Ds7DxeDcFFn6CejAZWroXIUUCj2cgXY+8oX7
G3IpdT8A/BGVz6U6o2uFVtKrnIoZht80HKQE9vlNT57XXv9YEtnTUTeLCDLXAkoU
/tUNj5DOMHY6tTPl5iyMu10rqyzE4U63r6VUXfDymGOw7CYuyHSIsx5qtYmantGJ
exPRs5o1dCsqlj2K1a0XJL1Fdfg07D/V+bYouwICgUs0OjUWfTXWUn1ZOSQXc39R
xEiJgbeu9eLydShNR9BFzfoYLJQ8NYit9+Wop3BWh7s7pPYUzfiFdR/zsnxArhwa
UHAFJfhUpd+q8t2CCmvwu4BIWcu4cQHANMIosvK14aP0jQ4Il0VjWlLY6kaEf6qB
xho+iS6EoezC9w0zQeEb1G19LuOVYuHvo9NMsp4aBysvo0nZzz54M0JPqx2KF0VK
SybWu+839aPCPYhBOHwhRg6OVKRhI+EkuR0D6IcPAgtkHKqbz62b/+Wom+cG1CTj
cbOu0KyCPdiZRzgFE/jYGlfTSquYQSl6XG5xwwISOC4gEIoyTuT1xS8n9RPTE00X
qoUHgop31Eb94+li4Fk5d78vQhOlV5Gs13YIsT7+/mbq9AepwglEZpRfdqAYFK8c
YGO3o2RZR0s3dh8+vU5S2urex+oi4AaVTL+hhyo4zz6HHTcQ57nfQCessPsx9DjF
BH4Z1ptbaYC/J8EO7EZ5xwQ/eSQubcJISs8Pa74davSIQbJABbJkC4wUJ+rZgF7g
toeIQzU/jhNyxZG7QgQuqG6i2eUuzih6wEzoBEpFn/nN/YbIexTQ0aGFzy8BOaaG
sGXA3vE6Er8q6+lthT4+PX4Nvv2sFnoG9B+bcf7bZLrt0NVnUhM4/CEGgBBlCC+7
PgNe6/CfVkvgadPwULVgn2eAbzjpfUr2+B+ubwtLW06N9I3fJutVJf5CYkSscVvs
sNVuFRqTVzqSO+8bFqDATGErBCrKBxV0iC2DUvU1IWP0gthC3Hhnf5dj0OLKkIJt
GbiOFbZzZstH0ItKKbeUglB1MjEkuaToVUssPSh56jlB438sjL8eFhcppiEpj40F
knY9DUZsQD9hpJffPqV/y6sqDVo2yXvyKrht6HW3kIZQTBH/dABjR6szJGXSeYfN
cFZf/efQjjoEQPTN8csA7dxuNb6rTZzd63mpePYuUcoznFMZueD+mLfwSjVe249d
OsO9qy0wfw8h6ztYAoZQb0gCBhi1n3dBKpZmUSqnjqaGK4MvRqIvxlwt1QxhhnS9
tQdzukg4XSIdiETxHHQ3r+5oHvQYaldQimzqKwgBSkcUBG+ByrgRYiqgh2qRch46
MGuFfjvdfqsdoHHDeVokD+Nye1hg356bln4W3XYs1DuDbKs1GNYvr/zV50yfWTDe
JoSolWACN8khCmHRtaK2bIqHtQuTr/neCsOgvTS0JmNfDoyXHInCdvvGr7GvA+Pt
zA1qmG7rqhWE36EmgW11JZrd4xMxsuhmAUfm/hzXTSNMphY1N69jBrFX4Rql8uSK
bJMEpQcmXX4iPzCjwAEAsP8+6SjvEkLkf1CMvex16eVLdevE3Q+PfBMp/7dO43Bf
COlu/sNCLQxJ/c7FwdWtQf+6EJex4y4O1iXTpB3aZqfh/VHzI06ogK4rpcOunOrC
rcqcN89WLMRutpWRyWhvcBkWBhq4g+bNFIsG1TgEQUlVsMGfKHyGuvpNVJt3TQ00
Gillmor, et al. Expires 5 December 2024 [Page 121]
Internet-Draft Cryptographic MIME Header Protection June 2024
zxnnvX3hfHDnNm6ECUaCaReWqUJzELv2upLanxQablbRRXef2i/WU7s40ZvVjv0O
vAT2Kquwx/fK2i2yqnOQp7nbrdipnm7C6ndQlEQGYAWCvnEKNfsRzjQagzCrZMl1
13KUdFcqXYHEq48WDjpQChGoCj2pvJYsWirmMKbGwUoCI74DFlMRT0rdHFtSzeHx
7x+g64EdTOo/tldr1pKn2EyFu2lFARX21oUUIdtg1wJ61Zg9Yns9Hux9GIHVXZay
sXPN7zbu1E6s6/tmNOsilR3aXY6xmnwf5NVT443iTQSZq1Gyu0KeskWG+/w4tRDy
AMfKN2TCO0KZEUDXpbEJBvi2GeHBsvgivsHUhgNC+f7eUyO/tvhoz3Mrr1DC7pZS
3tuDhXMl1V1/mxb1s1z5Shr7wfnkbfIR+vHKU30kviPFzW4cdass0/mJ9GwpEMuF
zKaHKEY4QaL1gdQ94BEqBhsGqaPPUWCQnrGaftvgpx2C4Ux/PPyqayUnIK3VHJWl
3vQxnYvIggcGZK9NxBNsTdsKcOiE9tPuu6KLNntqM5Llu8yP51Pl2JUbqUGhBk74
wh209rUITulgrPwmY5swJLOPwH6zs57omOeC7tZsJjhXFbl8A35Zgpoi94IuhlPT
NRllICfFgZtduARgWl4qN9nfeZgPZNWRQYQD2pJR3KRkpIy57N8Mhe1dgAfRpFs7
uydkYF3NiR9imQbr7ptieYwS8mXnLRDftYiV8+j2QqknZM9VhVAj5NyBT0bH1G/F
4vBoV6EVcPIQHlwTuoBJjDkXgxIh9y60mu6sP+ngbK8=
B.3.6. S/MIME Encrypted and Signed Over a Simple Message, Injected
Headers With hcp_strong (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy with a "Legacy Display"
part.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8020 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4930 bytes
⇩ (unwraps to)
└─╴text/plain 421 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500
MIIXHAYJKoZIhvcNAQcDoIIXDTCCFwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHla6nXmyozkpMJZcnU9CdZDBexdvzfMV+lo
rra5M01NXCG+zsFFYvbRfFi5/Aueh4IAumsze1IbXeHVl6G3lQ99Mc+A0a9pz9/q
Y+HIK6kE+oNwbORzLPQ+dHQ4rOs9jVN8LBQtL7ZOus9Zoo+NQsOhRS6mY3sV11yY
Gillmor, et al. Expires 5 December 2024 [Page 122]
Internet-Draft Cryptographic MIME Header Protection June 2024
/u62SA0O2zJkPaQFz0dX+sGSeqnHLiR3PoFFlX0WdT0MYexBPVSaxFJUBtA9vAZK
dmlFXdIXH8anusiBcqYZKFvFjiMuWTJ3jLyJwlkIsjxDnIiFt8+YIwwmhkDDAKGj
DFiuu3NGCodSnFELxpvFX6FJCmvdd2RGnAP24ENas+AFG7VYsMEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEANQYNvUVxvU3hXTsN9XQUIxDV
3Iuz5Qm+QT6fWc8smLeujpAviD2QN9sTXb5Wc8Lm/ztzUpQmtlEh6KxJQyO/jBju
O7lm/uRJLzCCaP+2r3/foyY0zMq6tgrE651NZYqIm+zc6YMI+r3l7k5GqfeeZ4QD
mhxU3IyNuCa/+O8u2CuHJiAOJo6jUQQXceVFeEheA+LuFG6V0eZXjy/puQKyhitt
ioKnqvVt8ldnGpjnkbEut7so/dUyuRNI+4m1pgWVw9PwwYboyM8DKObRbse9Tup/
0kw5yDYmG1omcVI5GjGSrJoxyWB4BxFv/ojTU6JBzI2DsN5llG6hxG/e7PgSnDCC
E+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOYvC6xMCBY9WGWTB8/BC1OAghPA
GGFQIU4eVViZrRmlBlWyucMWl78U6kD/jYSZwpRmdt8VXqN5MrxYpXuuEwaqA4dL
UtHlBU/cbvZJ+VgD2dqWiyWQ3I98lu5OGjdWCh3/T3EFmJ74tojDSwPwUBh3NLwH
6AE0y6BS/N0b4fSZFLoWx6m0M30pW5CcCFQOL20LQ/IFazOeOUm8UwPyI84oicOK
9kh1u/t95AT0NLWdAk9N5EIJ8Xdo5td90NXCQS7E9XKFHHz4ctLqLfHP3uzHjIrC
XZ4cgGtsiWtGm8LZph3UN3/X+JqQYjG5UvT1IU3+rNeQZ0TsiCQcYdIX7Wv0Y2qW
66uCeviOV6tyCD1C6zTjT3Q9VOBblLdRW6kBDtWBnVRGXJNsKC2lT7y72DR9XoUX
uKbvEaZHvCVi39jF90vKriEdT2ZSNvkNLxEVwwt3XvqBPql0QfnAI8n/PmhogBzP
9n06PQSRYeRhrdRM6BLOrqdNSDVvFHXzshYfet/tcL6n461a3q0bQqO8y9c62fT8
FumaHL0t0Ruqq/gH7K8FRl5JCrc93zU2sgNYZQ/l2hLZlj9wvT32RTiAM58BbZSG
0NVPdEFxBHw0E9xX7tLwvVKx9znG7Umk1IniOVXw5V4tDRgfB+NcJo/oksEINoG7
0RMVTyySSBeYhz5HI6yuyZ5M2ngahJg20uXY7By3i41F2/3S/htaDVShF1LpxGEG
VY0BEF7TMkmGFJzTCVaEGlobAhkXNKtSJZVOb/+ywqn7tSsxhJfIUP3ue9uY9CqZ
qGm2kRIPkdyZ77marJkI04SvSZYwHSLvOtoh3kveC8KJ5TyuI/Gn+P9aC4FYCkT1
d/Ih9s/9AxOQzrYRDwO7A6NcOd7BMpDH8QcrBe2QmGGHA6jm0ppbhDCmaVBZOJC0
N91zNbznTT1ySa01GJc+0zVAqjnFeuLVYc0gekZKqeJyabc8onAqiwWw5fLFkTP1
ouvyNqnbt4xbOM7Sm33hDRcpTGbGk4rlvCsDMWPYlDarocII4Lq4E36S6/n+yffc
EDH10WApz/kCNL4AHVTVmDHH0bg7zRZRFJi1aW5xXbAuF43bW/QacyviF8Ti6mEN
CrtpljwPbF/IxnqN53wdwDopVQen/Nd1A+qEcRw36Gyo4g/A8su7LVVGd+rDccF2
LAshQZHTPK1FUy0q9iUyrB2BBj0Qkmwhqkfe8V4ITw4bjNW3eQR1so0ih+2WrUFt
LmFCJv5TtoLg1lISqccePoug/H0B+oDQBzmjoSa9rQLvSwFjliuuwnhhg9+8SuNe
4QYiRSwfwUqgmDwqTeSY5ZlmDf1ZuNMGAjnP3wq0GQiKOYKBg7X7G9Z+HbBsEc1S
bDhgITQsZBWE3KKQ+eR2+Xz0PqzkabTBJZAiayVGTTa35eR9p33wWLUYlxM2tIP6
7u8ND4N05vRk+uq4zdyYT2ZjhBY05avFq0uJwdg5FB6pGdGRRor9cp0n7tEL79Sz
4Xo3q8nw7gTIK+cmTF/jUTTZfMa1OR41E/a3WWnAihVf6Vln0MWt6gk/B5d95iYM
2sPWzdvRZcK+2/PZm5y+n4g/wKWWLXD+hzyuSjn8BSzMu83KdX8fl5FrCU693p0K
z0wPDRX2ojGjQM+ncx3lfWTNVTIcAXEDbOgTqKGBq2GU1ed/euAJ8XKO5+Ld46ND
p88iDnOgI9yqGIkAdrb/9n5t2fMciGh9zTKHrqYQdHOCmrsMW7ST2sk7cigbv17m
PxdRWKum3S/wA0O7b5ss7uNNL0hSF2e+wmAvJKz7a/Tp1KYMYAUgh/5+wVXBHPTW
kc4kSq4cCZZ3cCf0uq8PkrrTYrMgCFA3P2BCKGvunBr3CfYR8v9qIb7s2Aiz8sOp
7jpxey4flE/vHixdEbyUyinHVogRamBK2mQoy4ZeqjKlq3497pbL2EXFXnWYqz4D
0kVZwvEc+wuaE17XQg52SOIIzZoYIWjz3SYoJu5+jKyFr5ykflrLxhoPZu5ZeJQX
16Wu7OJCL4cyEYHHI9miY0MxdVnsCg3SW0T4sM++0pWS76alWCdEO+BaJmVFRn6f
dnZp1I9W02AAYzmXcjzVZyKYE/Jvrp7j0z/B7bSTtCy8TbR6RNeMOrA4n+uxcCws
81D4KDwg66U3hLp3BhI6t67HFFvnVTpFE74xtM7F2h4xTbcxaXxhlI0j6OQVUIXQ
bitwapRYaqYu2r4gk4C8jdwzwVIUYJ5mjelhgLU4G2bXk97Lj+LeDXka07C1XYw0
0T7/eDNly/iEKb/idf+hnEh93zOLbDsQPc1JMgnrPwQ5i5PsN8xdnJ23M3fBCAD+
Gillmor, et al. Expires 5 December 2024 [Page 123]
Internet-Draft Cryptographic MIME Header Protection June 2024
iHolg0SfR+6sibgBKY5rypCrf2j203PER8rX/Hih7tRMyJIjOS6TAqDhqi8SCLJB
t84tCGNEgjbqp92f3zMfXxgrCNx3rrauaG5EDqHbK3aKQgLdSS0f+9entxHWlChX
6VwXQaPugJFOvunaDDDos/KmV1yeQke9uWXoTQB7Gi7e3TkWJWTo8tCXGmxO9E4+
sdg5IEmcL1wDKw+ml8nr5bf1wi9fxt/t5vU00U23z+ycDsOMtu0IhFhcvU77GgCu
9knqBBtIw4sYXGW/zEDtA1BVZtQ9UlwVNyBLDE7YD7d+YzbH51Ny8T3U0gHLBGlJ
ZpmyDZFkxc9chskuHkBMNaU3ez7z8IkysdmMCLmi7DKXqJ2sakVns/dNzCNebzBw
BSmEJ7T241tscxRL5CvJYa+eCryZljpYOmHbRogYU5jLGlS7m2NGJwTXfgyhVVXv
mftP5gwqQJo0MisnRE6iHndrTFOmdVW44qxJta/WKMJA9DvHRocJ1PjuWyj5nZZH
NtE3+DtFgLE/9S4l/pao1ik+9ngjf7mtxLt3xILGZQovM9f6RsieO5OETnxpfLdB
WOhe3+oE8bpx/hCy9E7ut9xja+aoHnn4GGCNIbuTMf4WR2EIyTtYifNnWJ0fajSX
KWa49qQh2Gxk3FzhIi4TjU43/odybc1OKOr8xqEjHKBsEGTTqVUuQRAD7rGeCTQR
JP70JsS4Uv4fL/9IKH3QFjVIQdsoJjowZQkE8grm1tGW3yej+4j0+OtPFbm0s/mU
1wuWuZ/qZKu+3M6OByid2iFU1VwdWbAlHdEMv5vovIi/ZIQcQfa5mnkK6ShU6i4q
1pH7LxLM/tR5cNs9JPxR4xqKiraavUEmm0n8fllfbyJrkYxfjL7zoc623Of1/Hqy
o/BkTLXv25QigbRJB15CRXc+Gvm1nRR93DleQDYoHktEutm3GQwabLDSK/o+wDnL
dCql8gk/hkft1MIg6FAT73SWNwpOsM7MfcxMEs53daDvJ5iArszJKUHGdS7uTtsK
RC9CZA6/c5uWJZ3G/XxTBj2v6IKb2AAPs16SPfOZhX4ceGAtoX/4mxzVobO5aHxH
Cq6XXHb+Ejxg9RMPU1oSkUiYJ5zUjHp5VrC5LtJtJU7/9Z1Z2ZxWGGNFWiuYtDWo
kYD5rcrxOnkgSUn8SNV6G6pTIYn6jIafyib1PkD3wTYljcRYuK7w3xxv+W72+d4r
IkbbB21jR4NOxZErp+bIbya0WZR599efz2CMLzCppvWFWsG1w5zb8iWH9HqCpuyV
RmeY0ShC1uqnWZJSlqPw58FPdSnmNjMy7IMx+TIGgFGFTOkAMEkaDDhxUT0ARrHo
jbS8Nv5IdeY5TTwVcgZMMXx4rm6lNIiDlj4udJyi0Qi/DX+PdOybBv6xrkwn90WF
MlVXOeomUx1B2CsPQ3NiL0KaoGvtitLZN8AJcGYW4Fz88wVusmIDFs0JJFpn8X/4
J6lghOXjcodxQhQmCTJ++6Sg1H8MHOlsoo/4ecPZWagN44USRoeA8QmskfmWkpud
t9ZKhK1cSqftH+oUjrRhgwVKjcVzqjZMA10Pi6wDU2y375ILZKi+HDf+Y28EBrEf
EICwGuI4g6gdj7G/2xcGSsuyFSKTFpOH0dh7J+H+rXqknbYuToFjbWKd0SDwNNx1
wkKqRgRzXFQW/1LDMKBz6g2jLjVWgu+WzdAgS0X18SSMhfVxWZH7vKPmbabehRKM
WEC6qP2Q2PXF3fd3IzQuOxgOJRlmvYaN1rhY2dqD6Jz7+ZVhiqWAP2bTF7qYJsF2
bQMqy85LFaX3QR1/jjx2LWGQtB71B8eFFYNAl0N+pjd5BjHjexBsth7HGm4CSvdQ
UbswfhvTuQM7iDNTaVk7Op+Khet7hQ7AUOIXeWHSvv1pwkWrYw6efhNPHIRYw+df
eQYB/by3+C1/pI4xXNoDQgaSljax0lztwvNVfhatBFoD6fDOam8V5Pc+VBJln8CV
A2IkN/fnjOkPj8niEIs0W4RlD0jMNbFHVVhESk/++Zn+lNAwsJaVEtiQ1S3H4CLl
o/gUdsuf/XP7F6ggmf1pcj8hOB+UuTGLj4dghJbWiVGViBWnHUcsSonmTCLcBcIe
dDpPLWtCaSr7swck0yQ/5y/0VFsYVZZ+YJ4FPlBPwB54hrUmm2UorE8UpyPOzmgw
CnSyhruIKJusFskhJCTyiQcs9yQi7PdoSa8KnqXM0WIhUdlZQp7xDpIWAmHW64SZ
1p+oH6HZB9SCAWqeK3dFR7NTIU819CoPm+dj+13L8NH0adzL3wVGlDgetjhM1b8Q
tvEEYymLW3PVJaa2r02OdF54a5XOxDxWGSGQQWgArp/A5VxTdB4zvv5LPd1fP3nv
74Oapro5BGvaHw8bvm22bG/FKoDVgeuaCMEV7fxQsnJY4lXeZEDuAnYy+t6/oAnN
AKMolfT5U1bH7Mwx/doGNcIXzI4tV4gzXIhyHHHrcZNCXm8HJUvAmeaiPzVFg+zC
ITwOvaf71iWnPvNZdlSiNFrC4jNPFOaHWm1dkI5AHtii+FGnCXzHlpqAzO7YLDmO
jMQnWlK2KNXgmoaYwQm0f3A9LtAUhtNcqsBmLdqo08pinvIgJaGhtJTVqK/vE0zu
clMx4yv/i0NpNDei42aUVre+vSxDtgO3sE6YqM1VrnP4Dym5v7J4Czkb4HcebP3i
9v1v2DXQJb2AM9zWG+KVKUxDHHALpj9H41QhpXyWDZunHkXbLNuAhmbD9Tr8O+sm
mDW/9O2N7HGQWhQ+JjP0emD4vaPN3ihSCPjj/XRSD4uuwLiWPYBQvvwBZlNushqx
CzqMZKxlqO5mamDcW6i6KpgPYlYcMiU0KVFcfbeulN2f7pnRmCVMRBjHPnNNq8By
/+HJ4sIW2glJn3UlE9aExUdf3uxOiCMZJK6LuXoli4ajKldXBfKU1+Vmpjq31ME1
DTrwf1TGHjImek+SZRd9cu4v8523Rn531v5jcm/Q7HgSDDYmuY5NId6G6r22VdQL
8Q6sBwxVtrjy06V7Ikb9ogVnUS2cnpou3T4KkaD5CfEcypRuk34c8HzNfKAUkYJG
Gillmor, et al. Expires 5 December 2024 [Page 124]
Internet-Draft Cryptographic MIME Header Protection June 2024
vZS2PmF240+niXiJuZr7NnFWesqjKTH1RZqKjDJgEKV4ZwtlzSnQcZh4T17yveYR
WeQ4fpR+NMc2aEgrzZsr2CnvwrEx7FLBx4xdJ7HKCttxe8GiRhvphMZD1OZ/JLr8
3+uuveECqcUH8oXRCmS+cWG7jpX5Eqq0AuJUdHjMZlPBvL34ybMBinDGOlOHmE7j
9ddkaSjtQgJ7skHQavUmFOFkRWpmwK7Jd9ryR9zrW3QWCn+WjkmdnQ3J5NejdXIK
jZX5opNod/PAbKQUKgf8w8pPuV7BwU4uqgEDMpvKtKY78Pxhl3VQqQLFqvGIBIzP
gbOojLFn+nD+iu1tK+aiBt2cV8IdvyqfK509Y+KC8eCzTPwPhMTvry+dCF/DCYJV
wfL6cFuwjVEgydAVT0Pv7fzqySs0eDBE2tijJIaFgfezherjA0Vk5pyEiY6pthbv
v+F92AWd9Li3jftSML8oEu+PPsN3gedG+XHc8TVnBfvB4EumMkyHQsvJ+Z9zDCO8
YWQ4EZsAY/c2ywSdAwNS1hD6W7DnYAZ91dO+eKYFi79ZjWkgOnz+5kN/OtjjS/E/
YorI7H5DlbQBFc01osG0MA1sslyOoqdF6RukDGu+jyICarpwKlFYfCg+/ACQxbTa
bm139+V6JcBojORX/cFyhhvo+PhYRAV8agj0Qjt07RlzFVLc08Tgj6GJzFE2PP8Q
qTlVmJQlXFTCFBbcUgjKcL8dR/9kAkep0NriEhNkWxNlXHTCUzt0nM1Kb2sCx/sI
+wB8IfY4V8CiZHCJHojVis5PKpnt/Z9oKo8Ogd3Z2Y3N+epd+wU8D2P1l/N1pbuQ
OyjLi6xxBdPQfoH31y8RDEiBnvyg4OGtGV0B9iWLHa/53xfV9C3jbVspEdYXrwKr
JpDrUO0qAEXJa+KYYWKIa3vCX6v8uQLCO5QsG7syV2gyXOMDNMBx99k05qsJJW7k
ZakD59IZ2Qts7/ogov/k6JDRm1aYyBB4IE47dJkZZhOrRtxarQcTbT9vYQn8zyvh
5ZQiuFPGI0d1E4MTx1Qbr1go0/qGJD36eNdrWwn00gZPwCxM7HupSej7/R6FXM2V
NpVS8n+/I5MAygRATz5lTq4lFXWYCir3/oclsctmyNdPHXou+Of/ZeI1u5Vxjie7
PRsXlkMEtvCt/xkUJ5gyOhNxCoJXWDfU1aVXaDkY4lhd96QsMSHgVQD+50Ndg8jU
p1CEVG8QAqSdMbgnsxFQcv6jWSv8H/pYNJhWKS92d/21aDVQTTeq12Vw2N26z9yA
T+/LbjfZEuqWD2YyuEHiWiub3dB5eWgiVxKoHl6le7HikiJFOTu14RTCNjUlDB8G
NnLefbIr+GV87rtPuOMKnw==
B.3.7. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped
Message With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with
the hcp_minimal Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8540 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5306 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 1312 bytes
└─╴text/plain 328 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
Gillmor, et al. Expires 5 December 2024 [Page 125]
Internet-Draft Cryptographic MIME Header Protection June 2024
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-wrapped-minimal@lhp.example>
References: <smime-enc-signed-wrapped-minimal@lhp.example>
MIIYnAYJKoZIhvcNAQcDoIIYjTCCGIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAD0jBGAom5YWH93yWSgJlrvGVo0VZOx+YDkF
SFI6/btRY1famS6Cp6SUcGkobWHSXAmuDDNtP7iGp8Pat1rxT6PnGEyRAVCzLMWm
FkdxqPmh1PCh4SQ7ewXzNZUhBJxbKjYn1aH5TR9tPZL918CX3/wvpIjwbPkjWUAQ
m4/Xdsh/bEKUKwdkY6tFlW6DEduIKSgSuVWrxmHU3+FuH17Qxb2bVaYU33aGxG/5
TOvVIOjvdYnSpGs59gjWYONxBTn2n9/QjzYsTVgU5mE+womez2MMUMrZcFmDbh3R
9DT1w1/WsQ9vQkc9uRPhwZPmH2hn/FXlB7t6plp5q4+MmofgrZYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZPeE2qrWiIjSoridQCeiPkrk
z5xQ3Po0fz8Tlmen+zDvN1TLbtkLBBHEZlrw31xjOQpTHO9utnCIdzc83IWe/OIR
1h876Ds+9r3FuTZpYOu3ZYqX+NLIIi/oBNm4Zmq1wc6qWcJ4z2ppVPzLoKBCLlqH
Jr66LRhECuhwfjXzY+rh/j4efPUFVUuebewd07YFb0O77prC66i91CNFRg9TQlP/
DXQ79ipWMDsFv2IbGAoAm6DEM0cfSXWM1Jwd4dQ/+DByt22L1zqYMzYLHRO2Wyg9
+P62tPmOvCXOi0elhtODpsqrlRtHqf1GR5ZL3T1rq5UtQfiDzaFVeCBv5NEcojCC
FW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFI7eMZimyObfvTIo2+gOlmAghVA
hOMPd3nlhAVrxwVyT9X7ReLwqei3SYmV6+l5hbvzi+3HTunmkbXCg2Z8WAXLIve3
9GOp41xfiAhvrIWn7ZFvDBozuVBmhOLof1Z4t9BFTFJ+RHD+6wd+jkvivYup5vQx
oI4TKomswmjLWF4Dt+hb1eV0ZCNYek/WMmiBq4O7nIR19y3pcQAnztYgGy7SU3yp
RP8IuUjI2YqJQqtVvxuUaVTyq68PQqjc3rdAE9R6f5+IM0uu86d6+UBp/G8urHV+
+163m+7kw5QzBI3jGjBazkfDdQ5OfnzQdnY+CXQA7smUT/2WFanEWWWZxrpmrfVR
UJcERwNALfDNNIpeNMw7xInACJXoJ7FRvDUqzLFo4xCWf3XkJzHxdKibbGCxDPDu
riaNPI25MBTvQqom9aYXYZbd73ikW7TIneOCkSLowNvw1pXBfJWLujH+Jbve/2ej
HgF8z5/4ubZrKXMufK7H5pd33tjKMJt8HN7TxVFX3b2e+hec1WoqGcncv1NX8OIo
9EI7FRlj4Hi7ioU6oIQvYN/mYFXfTNS3V9HXqvey4kD4bQEOey8OzhKzOyPEqOLM
wxufT74pqGmw+K/+SBsVQyIVLXzRmn/PRCac6ehd+JsiD+qSSBtrDj+KRKKhmFBi
iiZkqtertESrw3qY7dxAzJJKQ0alUObAAifwy2iRU9jTPbIjPGKRJhsnYueCWfcn
N7iFlJgDd5wqk/866vOrJbR7GFeFdD0B0ihb6dzCHzdojxU10HIT5zzxDkM7+gyY
kxuCt2w2vUj00BlxJ6GfpjBTkro0MDai8cGz714ahBsyRrRBUVgvk0iT76lTYyoR
QYyYXq9cRoV4M8qgA0pkL42qKHZNw7+a2PswampNB1LBx5efGSMdBLVCRKRz0I0/
+8nZRDaI2hVaus/bzD/rBgyXU2bo+K77tkcFsTSslKjw63+tGIN/aX485dxkvhu3
EMf9xpd7SzMDIJyaCK70qcWJTOoHqrw9cht5QnrCx7UoSSZeHDD6vZnRUjfmXW4I
8FNZH9OHAgvnl8ELrNKloxExcY3+91FFNErNkpxYGyjfRYqond4L7j3r7CaDQSBB
9ECsl8QhxBZIbbww9pMEe6MsblJxvHq0wuuthmhfSBZbDtBUF/eiDU7QQbuInQea
INshfrW6OLY9TC8nyBQPNxjZom1VbVrUSAITCmFCQLIiZ5CdUUQGhMNAZkcOxf2P
X8BV5XKjciH8DUxwefPswlrf58C3o2PfJbE48qLpP+d8baf/Xxj2rR2Iz5QuMtkd
EOVskZ1JBrd+VP/jD1Fo5utxC0R3zzxHaMreOeN82Clco+x+d9KPeiq29GO4FIl9
m4Kn8s8P61WNWSyv0AN8oe0UMK8wpmbypkwJ4RVH7QeFy6H1W0G+FYSc4MtP9w0V
ZGeAf7Lxedsvk6XpRoRHWCMf+wJssnoW6vQxbc2C2mD1LNzlJWCeAC8byu2O7/kO
ZWKJS2fqtjXkmeV5ogKivnrdzM2todhxDxHk5aYcemSBefVHDhhut19AT8sf12Zj
Gillmor, et al. Expires 5 December 2024 [Page 126]
Internet-Draft Cryptographic MIME Header Protection June 2024
WW1wyryo8+sef8zV9kDkfOhIkChb2lBxeFB1TCWttE427oAX/3vj702kfISGj8o1
7WlI6K2ufDi6wv5htWU3Gvn8VTrvW8dpQQlVY/ZburavgJDRWKlh/Xb+4HxmMBI8
RB6MWBpcfvH4fq39pmPX2CdHcAUf9LkLycCWGw4Z+Jk/uSU5sVL9dZEJInu/Enkq
PWXdAmrPBdLiE6nGUxvAaBjf6xTGm0yHI95gtJnRLgc427FPG7YXhZkuYuLFpF2K
Is8hTSwn4L7Kg43out+VZ7TDFoltfMuxQ3QzHmm4CcG//lml2emnZ9j+9GLLS6FU
KziigmchW+BYF1eHvtUI5xxHl4mr/ljVhekYePSbqehK9A+QctaO+yMTgg+qMcXA
iJCRWHSz1ZxJyheyE3ChGYseRpaTB8Jc2GbvhwHqw1wEZB5jr2KCIrGfFHjxyJ/G
ZQMMazhSlqyeDPjNWCpymJ/D+/SFPH7VWFj2ITYwCaOe2XRAdk4rJ1oqRNYaUjc5
RTncFZ+AHgb9CTeCELjbbnV1WYZI2H0lbuyXPNkxc+ppR5YRZB0bMaYfoDgkQo98
AlJfRdCLEMy9GdCuYjgD67qC5YcwKTRKn/2p5Yl18N1XZZWvOiq9NP+zVn8qtbMk
bnuP/Tp9Ejqhc0cwN3nUwWGf9N/qdfUOKB4j9wpcbPJo2bmXUhI+1JmfNUMn7GuP
gAC100MBakZfFW62Z3TzMtnzTjPWxD30YYZN8Z5HjKpwRwJkmARps6XbwQaZAOOM
ikZv8l0hdRExTvGb5bh5XOvK8kk7KVF8V0ey6WlXx49wf8Y6Chf9GWM53SsxQirw
bqFXINx+Qyz1mFUdDfrnZflHZx0UbP+z4liU2Tt8ZQWSm9/vToJ7Sloc1IEklwa7
+bU9TVRZizhbN/40Hwue0pOeW5IAmgyq39BQBAijQ7jzxuNEBrbMfasNj4ZxYw9W
7em20FbJs8qiTspT53KtPBRK7EnocfEfnwg2s1oRtn6NmjoaML+ADGEmjXywbFI3
R3oognpH5d8wAIV9iYsj+kbqPZQTjf2Cep8V4DkGRrcBOWvjiAWvMQ61MPZi64ms
ygb6HeLzMa9wbwtOUUmN8j7foJhr/7eCpfOc+X7OmfljK94vzZwNkf7ykjIquBb5
gBktRPRFv8RQvEOs5mqLCA+kNuNUQiAcHxLmmyge5UTC2DlKtas4FpV8AGciQAFK
6cd+vJuDGLn9BQe61in958pqt+VhxpzWAgB0wOvzVSrX+m3ISZKxDNFJorQUhS47
6VrB7sNB78FpUw9n/eyOb9Osv46+ruvHH01TTac6ASQ7dt5yH1tYBQBZ9kVtMwfH
njCJpISeSavsGrj1cv/QsjIi9K4xiXQWnOvAU8FTqHBaLn/d1tJ94bEQOt+hcAX6
ukJXD6mqfqo8EjPcYXbctcM4+YOAp8xPNP036Qm/60MLmrb6XZtWDdfDIlrnmQ5I
4sSdqoWkaBpvSi+Gib8l5QCAtMFpdiRzxLftUk+h46X+WB3svcUAlHcpHCL+plWw
UQLGPthKikpSXW81S68XggA9sdRMmnWN7GVYvxHfiuJs1+WiG4h86TvBjulBGm9Q
jtKGos/YROWfk0939qgCh19AjUlYV11YzwbybJ74JAs+wdeTvlwKfBokxat5Eipp
BQaNJXyOKP8t0xIYEjXaWWmDxgk5JZR9lfws88FQrU8f6FRB08sSKECuOUxgefXh
iNm9RlVrtIL/JUydEcvjoj4rZqSr/3yuOZaAWlP9mv24e9Y0weQaLeWWG4oUehMM
3VxXWpCy0mku8cgeMgqDScDyAuvfizH4HIL5PbiC3WlQtpljDaS2gHKFj9IPPWRi
lbp3NQuE5SAU+TUakDBVCP1rifZLMmgZkj4hcLIC55IVxuax515N0sImjpGxe0tR
rDyAD/KPuNbWBAahMTXWBV4jWrNAi5Ya36GgRuUA8t4/kjX2uzLoqF41HgdcQhLA
kQF5BHcBT7MXh3zm1Hack+dBHU0Z1ndv7oHE6iQx05LrnqnWfJMIwSfjo0f/Y/Vi
DDcVrN8NFdM0Ef2bzzGhPnrNfyHcYusjJmTH/6zw87ssApkcicC5qQPC7lg+VU8p
bXji90ZqCvVT2Lkagu9PYWyXN5pLOWZwMJTdlU5DMXqADeYeQC0VVbgOQR8qmk6y
PXZVI+gpQJYu8agxYMzVFS0m0Ls67UEjiKmrauvoROsFY9U1oxuXoTp+GX+vNLKo
ktLzThxUC4qNGKTQJbsLJMv/layReZpcZt2aZAMMD+QCt6RJoAQJfhJ+qSXn5pqf
zYJocBHEniQ6W0FReUJ/oNUvcDFBqkrQdCpUOdxJY7jN28IU0YuRrD0w2aWXplJf
G290/bPyj0SeI1XLyDyrWGMNPoIJSt15R7i84YqdS1REUSdtW0L6NgfTMVarpvt/
Plmi4V2Uq3wwEQYsxGpb4eSnIzObzJ6iWZzjqQuuoGn+5barPMz/qr5Hva/tWr+O
fVU3Du9b4MPPS+FtMf9etuecQlP068FjIFwCgu89LSgyQxeNxsj2Sl7rasML4qNQ
9CycV0Z+OT2U6cCTf/ZCvHBJggTbNn3owtrtK+j9YFH6oVn1kAh924NRbsr+4ZlB
tIs9HxpA7T10XH5cWOy/odM2F+q3+Gf7Z5MtxxxpXS0dnBv9O7e7tIExW8nEmnar
fQMD/pK9BlM5V6BUtUEMGsoSmaTe/QzjcW6LtbB2luWMROUuSxjD2NFaN69Xg52A
It0Xo1lIweDnCorvgaNs2J3bjVlZMp7lol8iDunNHfd78sEA/RbQpP9++v5plWct
IYwSz0hwmYAB9ltbjNz5ts6kQ5A1J6Gjnumb23dmaTR4ykVwG40SNc/PgzdDRjz4
SNW4r57CpO82huVsax8d5OeILGsqKZonfzLsZ4V9+04crnC3T2lwXBvTRCufs5b7
ZoWoFt3e7Bdt+6D7snNUVznEiawKHhjA2g4LcTdsGrag2hSUFOXwJo2txPSQL1Ru
gfyka+nW2kdAEzQWPBzpEeRIwdaladubE19K0lzla18BW6iytrPQaoRnX490Cq6Y
Gillmor, et al. Expires 5 December 2024 [Page 127]
Internet-Draft Cryptographic MIME Header Protection June 2024
8IyYqBJPhkXdinxnOzJyfnHkixSD82A85WWzptuFtxshVZ4WnrEdxp5/h+BqJNjP
HnEV2GAA3NmwZMvlihEnIS81b/uFT+yiPX1rGo4XhxL6zqiryxfu3lQ5FTxGPAIQ
996ZRwqHdngM2JblGhr4qFmMce41ma+2NRjacF8W0Cnw7ogECtaUAVB1Xe4mKEFS
AwTqhFGqtvBsEu/t8593ffrR0F2BfhtRNgBO+xfRgLkqjb5/YaISBHkMRO1PTIrk
FUhG/6JS2Bctj3cbKS89N9tWUlxKcpuf1Dpihlz8EUNKDdq3o2/OOTT1YWBDFF4y
bKqzIvw5XznNjsQhFbEUdF13ldVZWwu8RzxJwro9IhVPXmJps+K1j+EmcrdnxVD+
obXS173GBLyk2pJOk08TD2cb9vWcpDMMgLGpNpMKGiJqWQNXYiMfHhxGll3LSZ7V
YpMH9lt0isgYp7GlLi8lIurd+AUy9O7DjErZeyuEVOC0dr1disGNAv23cUL7jMZA
YZPN4NLCZ22w7tTa9idCwOM8bwmRGXoLVcvNXF15OTg0dxsFEGht4BXKeyuTMKSc
LCPsfOTjASeSHwHGfJlL0Fm7vzB00UHJP9Hl6RmXXcAo4aMwnFrGdXBFV5MOVsNx
79SE0AjRI9UxzTttHLqnojL0zIzNyryyxh3+9IbWYLkYflwVyF92l1NbVoqDUfx3
8notPW1ZTEOGAki9eNtJxZYU+PKPmGJXz2vBrwUZpBCNFv4iowJJ7j580XBKnY4F
IX/FJ/u9kn8CzCrZfwoMGJwThjGek1XQoSVLrc41qWABS5mDZ8s7j6qIScwJOpwm
xUuACM36c4tuuYXvV/PWg1To+5lVabQZqaVb0TD/ggaPBLX2AbuQZztRAXai7B6T
Rk61bXVwt8LWnFNu6TDfMhmu60/n8SMbyRn8l18qGbwGVqp0Ukc+63IrwOEMORh4
SWjAQWGLnBLgn1Q6PAZUOSeqIV0d0MaQmwJ4XM0hsTGIMeSg7jcz54YTZr7UiSOa
3k+8Bw5+G0DWFpzqav9pjHOy6gbSWpigiOSDNpDEednKO+jk6Bo8IAsXyPE3cEsk
1dSQ9qP6XLxqHdVYPfvJWk5dpvYoqE+0BlUClX9YI0dNbWqRXR0GUekfLEmCNFq0
DFRTWoL4cpFdiVAXhMOJcUt3sg601iD2oiZCG9bKmMaCBqrYNAKZg6E0G/Q/duaX
T/r4qCLx/uDO2We15qrtljf2pM93N+m/BZoFEY4ahcif7OqgeYaAbnFXXHbh3w0o
NYK2ds6qBSRQMuresN3JBVCXSlO2TKSPZPyqRyAZvjiKlDACNqbq5XQDob08h84H
kdRQQp59Qvzjr9GZbHFCm5ujlRKKsf2M3EIRxzObJPzwb0ItwKF7Unr5M8nGJTGp
u7t+Jt17m/Yn6TCY5Ck0uSW/Z3kqymgV/n0g6mUXznsuLjk7iAFacd5QQsXh3ojC
Jx+Qnuk2oGK/yBVurfOd6sOSJrlsqVK+P4JDlRCZMsmiYQfq0v5viLfGbflUUgE9
5DL0TVq1rK3Qw0nc6Ar40hIFgQvERKNw0Ga9/2XJjYOhPUm2g0Bv4SbYM1Fwd1dN
fGeggCfvGr4arJ6nQA/XSZuJNve8vCem0UMrbqpDv430u6YjIBgz013auI1W5igz
c5o7s15ij+hd/1L+k2w4bLU9vRMRUxJs5VTryMeotmtJgdk2DNswulXKQW/44Iyk
N8ycy5h65AOiVfJGvE1vd7CzC76c+l0FGQLaa9SIyeFi6hQ7YrU/evZAuNeARYnS
9vKO0d5kcLjDNApdfx7jqm68cAStF3VwUhxr0gDGzN0nYL2u2kTVRab2/3d8DzsV
2/1VuWZdn0y7QN0I07enX2ii2W1JdkC4d5h6eEnhKAZ722T7Y0UJJe1Uxa8buFAP
rOVMLy4EskKTTYsCueVtMp3ETgpa3qw4wzebju3KhmUpt83f630b1SkPOUvJV/ob
7R6J9pT7LXzjoX3/I8JIb3A4eaaelFfWrQJqiRjWdyTFZL0q+QH7BRZNJvnG2UV4
HLXpVBsRpHcKwlZe2xSwyLwxfqv8atVFaSSiIU36SXkc/Og49Dd+AR3i774/t8Nx
p/Zb9A13D9T/AlgTwzuAo1gX60mVu03dasHYGEFxHKYasIzNfxfYq62CYelZVX1j
nSrEmNgocGmQEtaZXuMgW9lzXZ1S4cC2BHOkFxGQaeynLhvQ3ZXXoFkyViMUqX1f
qRmBdi2GL2kzcT1FgRvP10TgddlIN0UwHlzyRbxQek9a1xaw+L71vnl2TdcyTFWr
8SLIY1dHLNBylS6l4JnZhv9Yx2LzxhvwY3zTRiBL5zHTxBrNNLBhlVokjWpp3Jkx
I8a1Or1Zh1eFj3VZYHAJTBUBk6UUYTOzQz3TANJFtNljbROxFSO4g0U0IHpbq/dd
8LmLqlEn9OyMc+nTpQS8nQK7zPy3mFMdyzDNiZPddF1A5LdWCbGvUQl4iLFJmMjL
aLczfIQBLEXXJxugtCKUoL42vQP1CDiD+zC/MhTizdbQCiq2oun2T39tLu70t0iM
C1yU375LzxEkpRayE62/oESDYhdySUQEZBxVrzqj/EAVx/pIf+q0ObMfyt0Hnehg
ef6XBv5PFdye2CyPow3mZQ==
Gillmor, et al. Expires 5 December 2024 [Page 128]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.3.8. S/MIME Encrypted and Signed Reply Over a Simple Message,
Injected Headers With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8430 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5224 bytes
⇩ (unwraps to)
└─╴text/plain 340 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-minimal@lhp.example>
References: <smime-enc-signed-injected-minimal@lhp.example>
MIIYTAYJKoZIhvcNAQcDoIIYPTCCGDkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAF1syNZ4ZiB69rEyP8oqqB9DtnUulS6KKXV2
awNEG8xkqgzMXS7joZtRNHzDQtLBGE8N9B7NCGQOR6xF3BuF8clPkjqfm5xTAvYt
2EsWGhEzN+M3Xszp0cK3KsJZY2b/TinyaT4xy2ui4vo84ARVY4ZSPUKzdsTr27Mz
289rAPnJ4KA6WUmebMofnKR2i/JQ8kNGx+g8NpxgDhTg4aUNMrvsyXLdIbGcWqJu
jGmydPBldHnA56EnJTgY2VzWWUFfzXOrgF7Vnq0b55WRGpOAdn6Oyq3mLxHAA72B
CXP7JEMUP5N5PdvBfJaFs36FckudwpUNktDKeYJHoCO2rU1xA8cwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALBb7Ir8ALmnVLXTtAxoNejT2
AU36m57HvPn7PoBmxnhm8Yv/O1NxW/5OKOUgHSAOsnP9jr289wxh95FjdfIBNxQD
gYFHsJ73KQev+rD0aw71c3akqkJhMSRU6d7ZxcMhJuBgCN1VRvh0Q8n5S0mgFoz6
+69PAMB7GsANAKKtoTlumc02U/BD7RU/GM/Enq9ol1CxXRAv32XxIUGT4ERh4Ydq
bRVNpSWAR3eaay4CN9dwAHtkVbS9cfGsxqGTG2PKWuE5WC1i9+ew6PD8jvV7MuBj
A1V/6rxVkYtThEGQT+wE5qwADz34EAwi1RpxaSyoyU3Jv9AXwm2iixLjJdvLoDCC
Gillmor, et al. Expires 5 December 2024 [Page 129]
Internet-Draft Cryptographic MIME Header Protection June 2024
FR4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED08gvwCe5wZWeU4qUeJUHeAghTw
CNO82Fa9N2AtItaJfxpeuh7jKrZ2K3Rbndqvz4l5MM+LiFmgFsfmrGABLYtmCSjJ
mv6Tf/K/4LJciCwzw0CyG1fonW4yKva8sZDu/grSS6PpPpnlLmKSHUBH2efukk1e
zhs3wVFJYXOiYEaTj1Y3gI703Tux8dT0nBUnSYddmNhbHt8RQfA3iC8966Ze8b77
g76576bReH6RxXvJCSXfWSj6tylf1X+ibR/V7h6b38XvvuIKjZVYaJQ5yMYpAYRW
xtSXbzc6DxnCGughbfmOICJ8tP5f4MeVdbfq6qCeIlDSLDIrjVGYXdDozi9g5RoN
7aozsyH1Uls1y3o5G0lF8w3PL/DkKrE99AXVkJe70OcmatzCAi/Tqel6zB2eCo8X
ejWWu/BP4knp2Lg0khLtvVpH589BopEQYUrDEgMtr/kXxXkKRCru5ozHMMJ9A/OC
rRN1p5uL66jKKmVRHixM+da+oWJTOLO6ys+p1UR0xSO9jVGTMlZTfvWtPKG9tKwx
+RSOXw8xmzHq3Hm3x2NY2VY+jJPlJGmAbMntgOvWMd0R8QifCN82LH5zQX7TliY+
4ICEHds2m14+hQmWls4gs3bGkri2vDMzfk5JHxPm2g8Ap8dZNG8uIArEEMOevCFq
1/kL6+Xzg27NgOCXjUIxCwJn7Ug6v9AmRI1BRnsJ5S0mhBVGd0Zr0vSmhJjeCM17
Q3/38+BaxByotb2gbNr5uJeymoir1tIgkvdbGM01IyspgmwZ22WOobqvkc64Pb5G
rjYaQ1+kIxd1Ca+p/mTi6RasLN2vAPzqqd/oZg5yY9XkK/aWZTC/yp0LAfrndXth
iiW5lpyp5x35zMi+is9ydBzFknbJPQ5neuPCWXagewGYu4GvkteK05Um3SoZh0bX
JiiRaNOqkXBGTgwleEjrckgii3WgHjgsvPcXTDWo6/7fejXCJjVGQHgyqR8RVPns
fdLTJxl2O2uWDCzpZCGf8BS6073DJ45iPnrhBcGYc6b/c5el3dvvuZUuXGvOL0FV
3j5Ivd3wpcjXcZfpQhG6GtLksLQZMF181opoVWNrMLF4FBiGiTow3dXe9CSqPApm
3UHR4nZhmp8SgjI5RBnr0urwycDFji+KM+CxrvgiPG1KWvStnSCrwunCjuetfZ2r
Z2hDWfby8+h+f1igtkoji8TOiXogzBYelsYwM6c/OX8C7tz7JV7JSjAHauHZm6/w
4C4SFfw+HTTL+SAU/+T+E1nx9mpMQ7V0nlvZ206e1HLAUvdpeg9R1tt0Y3A2GvpW
lzP73ukgD354BGR5+V4DU689JgaaQDttK/rrbSeQLnj0vg/r/tPHRQZRpdV2hoEM
ELh+mf4NziYE/zz9K4o49WBAEVPidD2IsNBLt4e/LhDDCNtvlxaVocGNfV/+t+8A
ooBD1qWtDOqGOjE4jw7X+bE7W35vWCMlZq0QWrKh7aCSVtho0uVG28MUMDtnGYoo
uMV/Wf/x7B3VaT6NV200+9+afLvRkNdurdsg5W7tGu0rIHESSlNYskjj3qK/wIsD
s0pd+Q+5Fi0yGy8ELFTjsFKGBquUlQtaw03yGsgu+tqJDgEiuWWgwqvUJrNSwwgg
iYbBe2qudNeSyFGKmYD4q2XZ7XYHdjNApHuhoeBhO9oh6T0q9T42x61OWGhfV9aE
UAeAGH+kKhB6n45/yl9RzEuN6gB+gZ/ef01p6ZyzOLetFEL8moLBEidCxpRIE34j
m4JQa/o8m/ANspO5f2NerwPuOfMvEvw8hATbU8RXWLUU1XyqX7FLSSg8XI8/HK+T
2X25ZcQbxPFhmJzeuxbFlQLSgEA2TQM8DARD1gtedpnnqy+5l7ZGB8yZRNKcUBy/
xtSsr2baw4OOc3kYoW1TmO9+WrApPe5qRSv12Py7kENeBccP+Kg+JcgnfUfvb9VF
rSvUMOJMD83LC1lXXhcGj2LkyHSsQfn/r23YglsSOCpJgJUD64DAfz3A+/lpAP2V
3X5o8RIK9kcGRgbZK2VYQqXel1kmcT+OYxgQ/trInPipKe+RO68VfFnKuhHlLdhz
/va2XyzenRb/6isyqM+g5vyoPR0KYLdZFwcldEPTXLyN2J44JXZzUkh8uyjlCpwK
nWWv6aRapOCNBNwwVNaekk+ODPFwhInJ/jjMzuZVv9WdVzRYT1rh+te1Pkj0oksg
ebbwr1BKuIJOHpva/QMCIqqg8uEUANTpG9kdSdTpbcuf7JxZjRaioDIWIcW7WZDn
Z4w1IyHlK+6OJ2V1jf+KWk0ZVX901o6t2Ni7SlacgagCxrlyM6Z1MwVpQ7NJhSZJ
2040QClmq/tC1ObegWL9xNzR4+vYGSY4TRkKEAx9tj3IWwG//hIg/j1ayGXy6GrY
5x+gACTWfrMOcx2LYHkAQ8OnDVEkecwlGM6TNyRszazENkTDtW1NT0IDB8fQRuc1
8BnSruUYSqRm3mZ7nygyX+sQl2/qSaXmN15DPUdvoD6X+mNhEokqxLtaP/w36SfT
rWlqC1K58Zh84HKn/5nkLqGlNSmglFjnaliuhXuDa0FCMNtl1W/I5+hu9C9jYUNc
oHvjWImvvz+BPbReS7DrIilN9q67h2Pd6+YZ3B8wzzUyubRPlqz7GpBkceSA7nKG
NqRMm4BOlHF294p1HAwAfb9usug46lliqNkrPCjnKKgzhjoaj0vA6DrskUv1z6zw
8I5D1q2nIMpvyzjPnwv0dMRam7mrAReWu446yklamBZe28X4YkSl8ryEv1/TbkvV
r//mF4j2CLsQ+3WM8vO+/IWAt5VFpLfnaZVzIOiYaqgIWBw8Ab0Cij2LmBuzVrtQ
oF6Rh45Uul9IvoSYAUKYdWicHIeFd1YolTfB0x1zxevDpdQlTg9mKGUDEkI98wwd
wxYa8IuZW38iYO9oeBuhlSztBXktLoIUA9/S04T4vZMuzRSh7MAPk3HQDGnKDekQ
6/W5UfZ35ointy7X0qBwGlJSQ6reazESZenE8J8dxY1NEgszJKE+Et/bnMOJvF9f
Gillmor, et al. Expires 5 December 2024 [Page 130]
Internet-Draft Cryptographic MIME Header Protection June 2024
uicGRJfqlP0V8DNAeaXk/Jn/zews5EpnO6TV17fQSE7zoGHEisuV97lPHwHtqCOR
o8ojUMrI4rty97vPU2YDeOZ7Wiwj1QJapEHInGb7qET432SdHx8waAxbu5KJMIi4
imGabgEE5Jm9PyU60ptAv2OR6OKCQgpaM97QCzvLB3wDRIdtztM0mypQkLko7Ih9
kivkHpMNngLOrAIqoWBsCGkyntu7vgOcYOv/026Suc3VK3ArmyA2dRt28mgV8mDF
4VogJAWLyZhXkod1GtLBKJpAAJniVRGVulCM+gY+Ripc2TAzcxgyRDao8htmK5ci
f1khXmO1JSB8g9gz9/szsVMNmQvQDSmLFY5RKaPDQDmtyqPeXZ0kTbKhtE1GvcsN
DviK9jvsbYugnkuxgayP6NTPULELyL6Azt0tDZU09353c82lsU191+uEQP8yKkQi
9RJ4cdfbuP/IEMsUP4nlk3APtQzjvvtbjUhJkY/+5Qm5XS6DHSBU+OLZ/fr4674E
cHv554vi3t+mpOJjExOqcppOfZCIObyy52fD2zT7xbkQFobgNafU7Gpg+8OWzBAD
U/bT4+LG8AhDIRCTgPJ96LrmJAj6rwGM62DIl9Xu+V2HkgS90zlTzLbsuI3Q8Uxp
volvQh9bhI5M5inDG6o6HL6Rme94oOFyI/CFLb2BgsrlZAowdayweQbzLRaGxtyR
K8VbFH/eoRhGAT0xylfLFLADELsqBJZS9VWCw3Fege0CHKA7Mnc/5Q/3djf2u9l3
JOgfYoPbFfFDjQ4vwjGXVsoQOUyoNsGOjtLW6rlQDP485ijL3tFxeAnimAV9gtSv
gl44zJknlDw/OfixTvnlvJDP6IjGPYJxJVb8Pjknvrgqk3tue85KOSYQQ/PEvMVZ
SI8Or6wh3ZbRDiYqb1ZrBqSLwg+2df5BqD9CtE4D8g7lGT1CINoFHNw12nLlO4ct
FmukaACL4xIHtax6T7vg/YqOK4+TjAk9QcBnE9QCXM6DzCCvcMiJIlU9KgLZ6nk0
jXcX9tIDzyAJKc3Ikd/soIdka40/4BGQCeXoD3JgDlr7cLPHG3BD0LKthnBQUnqh
TlV8/fO+Q35r+zAFMlgZnoylIPbQPzJsDUlmNrkqn/CZdOxMwAWoZNDU33qXWNMX
6MaYT2gyqdEKvdejegcN0EJyaBQeLrmuz6LH4HCca1NzQLBkaG7KSaUv46w6NeOb
etJL6Q0chsfGR+BvuYuXnmmAHISGqJfzBVEHJqfbbZkL2p+95Lh+A/au4X56ReSo
fG8kz+X+KMU1Z2qOBli7xUgVaAWtqHe3EehhgQNSmoxk4nO0EWTybv3AbM+BRTOV
R/BEzzwZ1lIfpTlO/9nmcQ46p3vZgoHVcwflN+lO4VmcHpeoDQRK7NcqncokrL6f
nP+9KMkQAgVPFSp/K2mma05MoggxCvRIkr2j+UxfmI395gvOjIrb4v7yapOeXfdl
acgrGMUxxs/3WQ4XnqgXaO5k0deihdR0mdqxkvmSn3VY8O6u2WH+5H7HQxMq2YHe
Kwv9Ny84MqsUbT1NAR7gQbIDpe9zbvNMYSSUnJvMdvChAwGJ0eWG/r5Q/JOBhlNL
lTanKHNJ6CY+8XDX6l7APkhP/bGzrZT4heF50sR7o6u34C5qjkcC4pb4jNzzy+93
4IQANQZzn2lxCLITMnhBDgtYylEmea7YlLjn71wiEI2X8hsU/qltPX5THEJK5x/q
sMiju/eX1eTuLxr9Hqb7s8j/GrUKQVi/UwWtF3TWV/hZWLqxeIp538iMZpO5Vggn
SD7GBe0VyUcwWtnOzBRcyZ1L0p0clo0FeVg+pBs5XIqIWIotC2qZGq8XenUZ8rdA
aTJiaXlWPhBv2ZF2DQMsn12EN8A8S7+fXFG6Wt/smHY+MS+X7YWAEh4q1luwtAKe
XasNxj61EuxyqHCt/EBpwGQxpT3z4IAMqpnSe7D+qmTxDlSYAE2RYrhEv6lPIYk/
VqufGumvuNbV/Qm4cZ4Me+pIMC93iskPUNgXw2WRRj+PobZs6YbK1E9Yla49lGRq
iJ+83r1urI0xpl8SiCQOY2A9ihov/zLpRfy0YEfaqouP948JXSM1wPCIUYCfK8D0
eGEnthEiZK+SGcvB9hUXYv5l4SgguJOZtGtTUazgk1HSzZwIF6KRiwvRcYi/lfU5
NQ5GVLx0OqgWpCW5iqmvGPel11cCFViGnO6osl8qDMUBNveD6WBWc4hSzUz6MQvc
zPGwSh5tSJmD5S+yMuxHKo2KYWAQAsYXFp9uy/IVEMZrWKvOEvU7eTfRla/YkT3V
SVv1frzJmSspNTajvwNYWou+ji+sIoL9hNXZh1Z9tZoy5vkejGCvFrgmCw+6mAHC
pCANUzYDH5+5XJh8GPsC+sQUKjVyacNkmp73aPkTMJdXqubjV54qX1wxhSQv5sZo
JPDJtnWMDO7p1H7qcIz/qslV4LGPn8dPXKg2VIwV27AF4xGguylP7+f7Navkz0/4
nV6QRGycRtMa508nbOeA1xOgte+m/VTArSwaJNbOC9lP6KKrv0T5x8oozdILXGxw
l620/gd7in5mq8x/JpqjaS03mFqmGiMsTvizNajuDKTPOVeMNRW/iQUZ6OZ1v0Sd
BT7adOvrzrh6CvuRH+XAxVFZ+AysKrksiiqchVRp8SdQHLNiAmsp1AmHkVzi1oFC
OJXqISwBK2dNCXBQAlmzz+P/uInMLdrwyHHBYnhuc2pWh6tzw5Kk56pJDrwtqnA5
amytKYq0zXB7rhQ9yczbJ9tXYy+ZkAjzyUcm/5471aEMfPomcDZOUEYA+f0W90o3
5ftybm6t6q+BIQ90IgkLC+CfZGogFbjUiA+6g81z4P7e0C0z3Ojs+G3JP4Vda0/k
t1m2g3sQM7+y8kf+G1qgcVpnfjpwn7IR3ht0PNpcVbfoMhqTL+Q3KIkNrQLrnyGL
tWbP7qZkl0a2hukE7X7To0HRmgkK7KEbswo46bEP1dK3ao4awlOf8u57Yh0g/1zI
bR8QwcBcc/TvlN6LfftG0AY88vUolLluDRabp3NvsHk2BooS0h8ZB5Iz2ennUzkv
Gillmor, et al. Expires 5 December 2024 [Page 131]
Internet-Draft Cryptographic MIME Header Protection June 2024
fPUq1wvhNVpjQRlTocxTbXXNOwD2kzR+dDootMCRSSHon8AxrJ5cvcLTGqy/n8zi
Cb/u/ixiYYvzUReLtCBS+z7ZKyda7rpkKKe50ejoYPg4dBjNME0opxDQMhmJGU/4
zanDcxgHdkIi4Um+L6CTGaV+5LfS8BjL7HlD6c63uIZlBzWXdCar+Ch3dstSYBpH
79iGOIi4zI5zRkt2EoATCWbNLMjrzw1bDlVTjorZFkjA9lJGAzuzFMwdDAKICe+c
BFbI7tdJMBPVODU5jNsrVj1vxjTY7AjLZUwZi3UKG0MvZYmHfHKHw1O9rmn0QH9W
VI/1iEnlu7YHUAq4elCJvwptcU+2pWLXY2+xhrAnT9/hgRQ/oTpZkhC2hCzrRx+D
Qr+cgOVAZEIiW4LkdND26NfqwPeR4mEi85U6bpm3KDKuHIRh9UMS+Ol9f1qJ3aRH
smP5icqZYrFG57PXnTU/fxDJZMrVW1VtgFtWM+LUEa2VDIJR9pRRzpG0uXfKiOTB
aDJEQud26ZszyWCx7t8lI7CZ/0nAU4qZ1te7J7fCvz+1F/0UZspD/Sg8sAjVcx+X
f7cwMyvmLmR2rF3lRbp1Mhsu1qp71nQ8he/nT/us8WbKB3teNxnK9kfhVrDerrSZ
1vl3QZ8PN9gWQ4yRhjqVgEvDjZEeLDZvV9GHtrwCgl4lCkoLRD/j0rB/SggPKzS8
sp6PskwgP6/25XiAuN3c+rtte+ff/0EzsnX+y0ej9nBvxxlKY2WH+c8rydIReUma
BzkdJgxgkASJV5IbdKgOvQrSu2hUIzTYEl0qBYJuD5pvCtVIN0u5Bv/uNRAPnpoq
hO9+tEPZNDrPnHgM9xfd3+EFPZrorbf0H7vzuCN8fW3A++7I7duel+C0KgRhmdZW
4m91xPD9BJuko0JJMiFrB/a/vs58ZWgCQtQLPyFvGzOnJpKZHEf5o/7moA3fJnk4
I9rRq5Bdd9UYdmuNRc7fnlLqEWHOTddVp4wgkbJUijiSTLmlJGr19uJCvXyn7xwL
N9lJOgPulTt+paMgD5fKPZRFNMqszV3rlJK0vKJYZ9g=
B.3.9. S/MIME Encrypted and Signed Reply Over a Simple Message,
Injected Headers With hcp_minimal (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
part.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8735 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5454 bytes
⇩ (unwraps to)
└─╴text/plain 436 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
Gillmor, et al. Expires 5 December 2024 [Page 132]
Internet-Draft Cryptographic MIME Header Protection June 2024
<smime-enc-signed-injected-minimal-legacy@lhp.example>
References:
<smime-enc-signed-injected-minimal-legacy@lhp.example>
MIIZLAYJKoZIhvcNAQcDoIIZHTCCGRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAERQcovzhAcwCSgbk+Cvznyx/UBXdy9+vH8j
lcTMATH3fghqXUhbhm7gVR3uwnxHOQn2f2mIyrAbLrljBXr6zfghg9N8gGGtkAcS
9Uyj0UbiVOEfxMjrJT3RJ5pM0NGeBkO3z+UQhjvjAC0Lc2ql5RuBenmqzriYoUgP
J6k8M2Ro3OTf0TFxmH8saqicQgcazSi3Su7vw3guCo6VAazquki97RD3DN7/l11W
gkjvwxNnw4TJzWnzqfOEgVl3pTQUZZoJwedJ6Lp6Lr89pZBGPE81giR7G9YSy2Wg
baUwE2cr4wU90qqnOpH2Vu4zJ7QvheDEmBf77LdIoNzk7eLo5h4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAGhrYLfFJDFtJK+mucFRTVPAn
Au/t8i9PlGUBa8P/ip4rBSngfYAFx3Mn6fLSBVlLTgi/NAx0Qohm2/WyLYAxw1VS
16MpeK7MzeZzlMos2uiooZNLVKvUqON3xclKHP6FD0nGY7bG2eCAPpsGI6WhljAX
ch2/mMj23BbOGJ/rz9ln0yAwvj1/W/TbaPLGI7tX02vYL2Qr0p0aBZVkUMUwm6ad
lh0e0UrQ9gG9SoLcIjuu42Gn6gUm87x+vVb+X2SqGFDu3XHraxHv5x/7B4QhOPMa
zxDbWJq2ONLnseMZwcyBvv5rDPJpIgUmGJkGX/U0tJlQDMwbezMBTZK7ign2bTCC
Ff4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEERlcTkfo1YsKt5cToXzvqiAghXQ
xMQgIAGpqL1JSLJB/rsINTXpOFoeQZWv5dzL02g9pHiCvbwW+PcK2gMfpBsswnAp
G/8j48CjcqGdrZJNm07R2nxZ0L6TQi8KjqYj0CRV6XoZ++JaQrRthdViBQ6t5Ka/
jYqRq8g9xTVs+aF7czaYve2PAl0i5thHhQknKggiR3bK9qg3APXI2n/xfvVDN6BP
ZMDOeOajPnQ1IrPdGtYdJiRSWfU2zRYUG/s/MuRHopLMfU7wxDuIPZ5efhefTfV3
nENlKNAz14AV0yN+w+kzLDHF8gfNs9vC1o2HijBdeAdcMuZ/DlHO+h5GNLMJLK0C
Wa5rdt36pnoCCDMwc/TKoHLyUzqPEzo+3KdpaYBQs3Vxjh35IPNBvr78k3E+fm/a
7XPsRm44Zes2TrBUa6/Zy3YFjk1VdxYv3aAsF2iUaAw8XlfvPqGYrX2bArUTZw8v
5G2ZxmmBjSIcmTa0EIT3Ul5lITojDDibHljcoizsBB26YymOEHOGlwn49XYcmPmT
mhazv+GYM2mTguVwcUjjpJEDvHXTycwFs/GBv7lvdl1pFC6VhzfD27XETpu2e7ZP
X5OY0UdPzwOXM3jxmoZHdfT7OKfKU5TtGjV/nx8dKzLsH0vRk2bsSwgEykgVrHKX
TferDf82DakOuugSx7lt1+FF80CV6KoE4/hqPqqkCUZ4ZFO90Vup0kYbQ2J+ew1D
g5vg7Zptn4e57SVEJ0fUXPoCofRrF5C804X3aBycqYKx/wuGumwQH/c4oVz1EMjH
GjvtqAb4pFv7y4Dj8LrKAPfrx2eR3W2+59wV2B4wj/BxI8qHAVhPjEGBXoakSGeS
N4838Kw+vln5mu/ujJ3wYeOf2aoVmP8imL1bCqL2XV03icPkZDyN92YSiQs6LMWv
v/V8/ULz/Dj4pNqjgXs29sm+IMLmkdIRzaJ4zmY9QWuN5IjRO9sV7kdeGBQjr3J6
3+ZKHxwBiFvIzLl10I3uxoQOh3XS1vZltTn2O8RGBik8GPI7h8htJBx2qa8J5SY3
Er4l9K0W7Gb6yuOLKLGf9ooPYUcEkJWaXUxVAKWAAa2PkRZy0Vikdq53uvJs2Mj3
gwFrVLkWE2Dz2bFM+drSzIJ7BS6/BRt0wZjDdIht2WPkIWTGi5KEULYpH9Q+FVtU
zswTJjezioMaB48L4TxtEfQa43+WN1OekeeIRELKdOnYFgSS8i379lbc+h5cz39h
jIP2ccCOFcw0dtMKiUTLXYRO2FLRej2S5y3a/fmrjJLCvexuNUbdlRC2j5VtE6TK
pqzFx6mN/KCEwP7Ug1XTBR7vTbzf70n8ot+S1piw/Pr5EBjvgkPYhiNibTP2YcfF
QIT8f7o5PFk3PkaGLcv7EwbnkDCCI7m9e5ZBwzxRRzNtjzMal1MkH8/2nwVgovVb
oasR8VGz+Ak6rK0tRB9JuhnNZhDjhEzzY9pzT6LPyB5aNA6cDDa+dln+NJXAWNz+
H+iEmLS9ju5Cx1NRs4qofgqehQeyPHcggBEKnvbWpqZB3kkRUd73k5C0ZFYmbJ5+
EfpS4QulVTBiwGcXf5UsKMvwcSeI/YEm05Yq/j8atT3TCREFGoiBRYKKUa0StTl4
yo7p/X5U3LUZQI11w/zcNJii/ww8HhcNIlS043TPtaIw1aYn7NusbM0U5FNzTfKn
Gillmor, et al. Expires 5 December 2024 [Page 133]
Internet-Draft Cryptographic MIME Header Protection June 2024
DsNVJzXitjO0FoOX9KidJDrM6e0gaF2w2B5QEXxwYKkuRXdyYGVz/UfVYZCHsN6I
uKvBj+74ySdEJG4gKA4UBFesHvOVYpqNAAb+BhWF22ImAqc+Pb8TPzI5LfmuB+me
eltSWx9RQxnXhXjaOGaVpehBqkiKZEbBnPqOc/gxfKZls5NVT2IfhESlPodxqryk
AJ+rjuAX2J/fjN7W/35NgwtGlh7cA846E//G9UBz7NaiMUY4c9oq2vrWYvKgHpeP
Pv6xx5Q8YXo57O2pO6gNu7121JpFgnYLnCnWOIEjnTfIgbDk45qxScVJJWcGyqwF
Hlc7sFruSVdJkN89SIDx27GS79Rx/0LEyfRg4mxDMGLhnvmSFHiDXaJYzfzOAnDh
HRLk+lfPdxG2c55aJPY4NGxrFHBModlAhtuhJnGjKnHbhRutRvIDgJYTNsjfZX1j
OcqgMvJxb1fB2WiXq6l69rPiLc/NS9pHHP81rXjiPBPkFjvhuNXTVyJHchDNO6yl
ePANpB35lSW+swUtEJQu01adL10ah6QuLX8eNeDicwD/nu9awoDFbv+qeWNXbwmZ
BT5lYTYfzYprYikPmNJyui85mufJ1PKrP8NbsK94DAQIobJmijtNDdcaJZ7lHjS7
sCWMDFtpVrPwacqgtberY8VDZL3pBQ/m/aTGoAfjIi+Rdqoq6Ko+rtQA/3Uiaw0V
NWa29ZURcpfED2stqosk+KNjnGgBgjR77AsvlNZVoKfn6u2GrC44NkLQP91xWTUq
E3iqU9xgjqjm6IbppEn1HaAKkXCD/vsiR2FB+1SLHvuRTO5jknT/WGuDmModi/3M
hz3RAnRrIUZGWx9GsrswKdRPHretwgdOPdVFafjWYXkDFkrebuzeS0J6QnBQRyv0
t5EyCGBG9eZ9gyXm38tjGyXXzK5jb1K2syzg2108yG75s14vU0Q0puNK+i6ZT8bE
/CRstFVVGF2L5HZVrS+YpGlbpQYo21OkPUGPpj5W5EzynrgA9oX+c71gi+PgAnJt
ceAEUInWEsRkqJUdqlJkRMscDsjdn6nDU4hKrr06PT7HCTrKNxY8vppSwU+fVHiM
dpn++BkXtsvmD9MfQVnNuXiHhwWVbNoYszq+MJ6yR+qt7FUAIwyPiNuqAamL0GG+
McLFQOaJjDFio7JS3sozs2QY7UwJ8IzNxQ6UA5g8x1+S/GvjH7f7kw2F4dz0VjaA
G28rAJII2ZZGCFr4WLSNgDB+NnZ16l1XYaLJYK0HQNyA5iGTcwBpvDdj7hcc/XGE
IE2zTJ7QPv7StWBB9laqPiI2yf63Cs+AV9LJQFpG3pCspNVB0dwdb5p6d794NJ+r
srtrpUdY/RmK/dY8J44NQBL44o6ZrxhpZ8bWZqaEJNIiDetNzb24QPK84gVYZV15
YUhbLm6aFjf8mOa3Sph5TZ8iaR8LwJ4TK+ldWhDH+Nko4uze9jvWho5lmjWyE/AY
6HP7m1FQlKvkHHavsi3OswEQei0QphzlbTUVIFdpShahjnZI0PFBG0HMcmBlotPC
m+i2UtM3kXLK+Hd3FCQ3l3NmNzIoX/J70B9cw+mD72JNHHjbE1iX9p2oHI3UkQWd
Z1QrOUD4XTQlN0hBBNOp2cSAC/WmQf4tieE3/jLkobuvHAQhqexT0burHi1ZfZXH
0usF9GSj7m9VeQxtG87LZUaKyBcuE6cNFRM6qAeUV2xupipNZP+PkktexeGggxcH
rCb30ym+2l/Hvb8GVYwjw+lzYoFHZMRN/ZbxN1QJQBd+G5o+JE3RUZLO7Z4ivFRr
KbZOtRciqwYWtpf0NtWBPuEw5E0ARVSLhRfRmIzru/SmqBWNgUkOn6SOJhNMucW1
nMfvbzpRjRTPVucSPGiKUU2IwKlRLrk/IBnFpxK9Y8VERc9lsH2dWO+J8c64spag
oT3zTwCcRQylkQxqy6qPzIxZGnQbFJEfU4WbO4ViN6BkANVXuSmmrTrrbfm3n6RZ
IcTdB99RLhfcdap1+5ulGzAnSvyN3vINVNscUgU2A2Ogr6rwaHrZxzdwJO3ZLmbM
BnBf5QqG0jupLcclhuNJmxPHX1dj6FXPx/FrsW5Ap1eA8pxag7u6qr/WP58F+oSc
1NXu+jDg/N0MBaWmQrw8jhf+oHokTk4F/Wps0jYShd4WLTVwJJ7b1DBQyX4ojiv3
g8r/Am0LZ+K04GcLoetLxNyDYJBQhFsLHxhQTijGLLfEBzh5cpBElv2jCU+IvBeR
n0Qu5SjQVRacaX7vYd9LX1G+ISy8v0dhZouOA7tNNgDaTwiIqMiqP8KXh4I5+cgV
9jKvgNzOdIjE8HUJdCE7nYYhjpXTRmtuRXht/jEsYRCF8xWgH2ncc2OdiJ+5xc2y
yNbQEXX+8yZ2I/PHSwua/XxY8P6D6txCwLk1fRVZUiUvpwRJKemp++Ggf+jFLT3d
sV9qflyiRTkrTE4saYRDr5gsDL0x6laazrU/qC89uemF+HmcC7QUwEwIAacYqA0g
u6w1pkDXkthpKQLDcfafiOki8ruCu4CGqf4/pRK+gBx2F4vXexHCtTrg2+I6P661
GQ1gXxBmANrusHf87jemuVImOIHk+FGrEBAHiicsM55ivRBEahzHtSrP9qtk+far
3Oi3TCXtoY7b0f2hWC4JWo8YbO5zhnHlwEQwICrkFwfuuQE/pls4DkMH9K5lmdOh
QYte1bjSZkNq3TQIzv/Cajie0TJcMMPOXbngkKShxEB3Wu/DSl6o76viNTBj8WxC
m+josNMExOPVEd6k2JTvFrJqwVjTGM0BcnA6YnQC+RMwJduWTwJZWj8VI0qPMj6j
bhI9Z92PDLNe51/eS49TWJh2FJ9WCURK4+425mwzGMZC/T8dwqNqVFHnSWi4MBtK
o8x9PDLcdK6W3hACW8JBImogHzvtEA3FezxMaiBVtbbQjVM4aL8MKKD5DcH+35xl
x/wRj3neqOTpjCFfPzMIj7Czm7zYCPFEbZ56diy9WQHu4xOPjBw4OnUPfPWRNKeh
yabUMMb3Iw37oL7t0IcI4nu3/OygpYIGvppht14xX2uuhQ4icpfigr0zkIxP9/gQ
Gillmor, et al. Expires 5 December 2024 [Page 134]
Internet-Draft Cryptographic MIME Header Protection June 2024
XGK0ulH7zi1YMINweFBwPRhYWWs/CIpDt+F4/5ZzxKlk6DEIYl4Byol4YQH202xU
/X5HPHBm5fFIJvx/kR307B+jS2FcUlPXjNcUmbUdHrKhRw9aOSwp/amRdKSghVCq
LkvbZwusTJPgPmL1LdZ6ACEj2qKPA4AjtdyuGW1kLwhPvaINsnWbmmCLifFzOOeS
6sT960zuI0LuES9W1hnIGeDwxQXALfNcNUmDL36kQLc52UwEyyF6xJUD6yQnfStv
RNVmRNH8YqMVsus71jiM2iALXjtq/JL3qE7V5O3pOGrdq7+aLRpnRnodWIqP/NKa
CU3+/t0KcB/hGghmGfnpuPUzArupOUxXQDEBp6vdx0HD9FE4fylH1UN99qfSa+bm
SzRQ0hVj0WO5nuTmlK+6do4de5MeXPAZMu+SGeQXKkJJWdGH78zzTAZqRqhhvc1R
/znlXVoU+dgaQelWunIah1Wj5oXi4xJlofzS2DvPKE6gG6mmnAtp8qj9UEHnEcrN
JBzU78v5jQLnGKFWiRhF9X0NhJURJXDDhcYh6yzk7lztbaBNLkIw/C2OAIk4A1FD
Ixn04kTgnCidKFLuvRJzFGycRCHLVNTn9vet5oqovPlodTSEBE3VieaqHBZFhjfF
A+Og4QU+Wgq+MY1HFgpPc1C+ZMfxSDNFltE2CI73jyZI4GfyAdNSqFjaGLqzmfN9
vlmOXV2shzplYbFfiHgy5+JJYfpSQPM0KgO3nzEAm39hpebgoH/QLzrvoGgER2es
Ypk4bcniR34H1FkvUam6p6snt5Xmlx0vx1Iba+om/BX0ruAyj+iNUtxUdc7FnTFa
aIfcNFgACxdhGPyC56EWi0xk4f5n95tVdnMiAcWC2B6NecLt0vvNrNLZ5UkY1nZH
IiK247prA1RmoWCL9+n59W4+KXmsD5TjTlDkQgGMby+VUt96J3GhB3avAVJjqnTx
S8aoqcs23ZGVv7V2xlu4FWswbPrT9vOaf4MieMyHjgA+zZHrr85EcU4rOHVkuZuC
Tct62iTU8S6XPE2U/HOiykEC58i2iUU3O0fgL/INoMzrwPkwfjmBP1ePNVZKzFwB
SM9kPFVB9zpnYQyN41Pt15MlWqmOXmPkwuMYWbDcthJGTmkt99hlXaoq4sQyejI9
NsJWBQwFgpyHDZ58oA4pDnrFtt+gStslp++KLMPxbsNwVw5zcfVWkJCrcrK5aTLF
XCXIt+wGptazfIcm6kKFiPGm6/XOFz6e4X1HPA1KCgf11A1HlpD6rr/cMLwC7O59
ZnII7CPgLyvp2thBlIJ5jzRVPTe7+CUfUUSj48zCGMEyAX+K+KppCya5z4BVXIJ6
U2D1yLM9T+YyBCOS8radbEN8fAxWMNcpKQhMltds60lUw4VQZz1RIdoX7Ftul7Ks
+sJtHbtqhrhaI1TsWz6SnR/cj4VWOf5fEcTir6h3pSv28ESIl8zexVrfkI3W+vs1
rkTGS8OL4gk3MPaviT5ntvc5g+ePGS2936xGsi/nDX0gldR1A4qBUZSABcqTxFNk
bB6UnQiIj1mGhpRm2cLMmRlq3tbB9pBOKnTRnLF+RgmIokE+lj6aqd1VuxIRSyAa
HY0DZ8KMexD00yLVYJY9lg6meWtts+tooc/pzeJx4cwvMU0uhL4qdotW+qt9CXHT
VAFGYXtl3cxz/ELgIG3OqGQvUFMPv8Ax1GBe/rQAMcLdP4sEgTusvRxMgJzYpQ6C
PLEFuUPt+wfC3uPA8d1flvQZaENhuJSa3RxN3G9PQTdt3zgAfdJOfL5GtnQMQNJg
UdfD3uPqK5BCmv8jI+68sAybk3wLsESXh2BTwfsXsmYRUd4c3SHZyTTWxSMJB4+m
Fg3O/b0ZR3vLLiy2bAq8Up7YM3vZhDEyszJD20x5ByknOlH7TIsNNZGP/CR6Hp3+
xYvgElh37Duk2Hp/3TYcPEDUeOZB/Dfh4gRtYCESsF5pVd1wATzaYwwIP2HFNiBf
MRvpg7ahfyMHzdNfFYsOAbjBvcFn5Ip04MnLj8K5VD0oSzD2xnkfgopW9SdpyOQp
RkAUmfBGY9TjjRkeBhud5eSEoEUR1lgbH5VUfQjHy7EmRHNFDPzrGno1Q94whxZa
KZ4V5CVPdG9+tAyDAadAAO/n364limAUKwJRvvzIa4T++n2gok31WLiQsWdgg4T2
tSxvl2efWpAuEh8aIN9SPofR1XQEMDXcJdq1lQa5RxQwB9+Z4kTPzSc8ufUFoqky
dgwa6cH+jByfVDPyXG2Q/19knuX/6+6/lPFDce5dn6Uxl/TR7OroUixM6DWtlLgK
/7mZ520v8T37nFTn5YqDIHCTzLmIjkJgBT4viwucQk3y+gWitjCMxqev57u8H5df
d4lhPZWstN4qACNolAnLaNJ59vfa9WAeMTSOAAmsPrZGLU8Y5qGhAKFxsF2qWawY
b2oQij229zkE3EhjczI7ruE7H/vx/yzpiDj0vsIdDQZz4/HIt2Lbfd4rk+0IsQcJ
amM/cP5UYaBxWFsytlrB9MQFrr3SX3dH7D9nk4KybayHEO1Eo3+eOEIljVLus5z8
xBGBvOCIkf+56wUybPe1+aH/aQGnWuKMQx6nQCnhqheUxjjatI+YjxROfXhwij49
k8CM/iGTBBitB4wsG4jbR5VffpG8+vrsgFtiUUTL0B7zeyqRpqB36f9ED76TS8ml
dwmGza6zUySbLPKRXkqn9g==
Gillmor, et al. Expires 5 December 2024 [Page 135]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.3.10. S/MIME Encrypted and Signed Reply Over a Simple Message,
Wrapped Message With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with
the hcp_strong Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8170 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5042 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 1120 bytes
└─╴text/plain 326 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500
MIIXjAYJKoZIhvcNAQcDoIIXfTCCF3kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEOjOUiIMkscw575XdJgtFwOUy2Y/AbOC91H
3FiDgiCsmEzXP7CLbYtneLQQRnjvVLLexesCUVm6nRTEohJVcJYHcgtDJMFVdCLz
q0USctI6oLoWFFMLESjiCCyzDlnDdGBcxsF9eTufLG2snwyMDla9837GmUaiS4gi
7GTCafAWdu11c5XIfNy834nRdphcHekNhkOYo4TLI8FpLb6KktZ6d/PO9jRlKwgP
Z9x9MZ8pBfd70J++tg/YABzmmgaKL1iUL9qEZvoNanpjHE6s04HjSTP3eQGM+vHw
53ur0wggTf3HQMaOSa6WQd6MEIWVTqWdcnP3xeWgCoXcZeuPGpIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABWLTK8IqxyVvj9e6o2IXK0JA
0GGhSPF5ItSu2sR2Nl+eQ5izWF7aNMRvWOPwniqXKxJFFG1jbuxHYbFLVyaxILfc
jeR2UoF5ybyLbGQTB5hl0fcp0JPlXWfsxNs3KeAz1eLFKoiwuD077Lo8V0fT3N2n
jtbLy3FjZTweziaMcmTwRcdg/vUbkd5gg9DGAgM/wrk4EwHqBzX3uUWb8TNc9uPK
QUW3qlvM295K3RB78j0gE3ojNDFzsPVs2uETi2MD8yNSNjm//ZnwSI0h3zNdF9VY
koeDJQ6C4Ky0LqlBldV09WAgr0QgFOb0xrKsKNCVW6oMI1oSn7OUUz/fK3XFPjCC
FF4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJLXHqtHLpqKzL5UXG0nRUmAghQw
HjcILt4osfPLuA7G9r8GRpbt0SqyWUOajTD4WMolyM6uBLXYXOPdkU9QlQGU7iXJ
2q6ooTzbniRvovqLH233cfQKNLNtaCH1AfhW3fC3a0mukbc9C8LGtDJepZLrB285
Gillmor, et al. Expires 5 December 2024 [Page 136]
Internet-Draft Cryptographic MIME Header Protection June 2024
7IqYImCBcdL82aBnG1eExUJFHeSebFua8AHKliyJBEuM2sL+q3YjLgtB1L0WBGmS
kcVppAQkvm/1SAhDwDwgJqXRV0RZKMGvtPm6CE0zgURo9WFFBC00LT5ehDY5YnUm
dfLpiBsdGocd/na0YKk7nGoVXm/6pivyZSzVQ89Z4zeOVaBdgrBHkykJWdNiRqnY
bGpEXgfdaH/O7FBgVQ5XJrqP2KpNeorHYTsxBw6tom0ZgYXt3kKVkRws+G1VwadM
tqSnXofcqjPn/q+HY1YX1KNZcdXGfOpQ0XYpX5+B1m19pApj1L7L5KB1cz7PVx+C
sCo9iuzBJoYGBmzoP/NxfFThHAZLDIWHyYnmQ3hL/n4VY1lwfFiACSzZujPQ7RQq
PdTPb3/ar6K5zZzYRGG5cVJR0Y9JMR3as2m0b1sFMBE/FXyaZTxqt9HSrjkR78Ls
/2B3fEtae8+ybIS5gED+yJ2pWgFjyrqSU9M168qMArtrs2/dtoY9VKUatoTnlCJg
gVOdejRwS+/JFqPuDxHntiAptgcohVU9/VchmpG5PTtiwbKiSmbADNuxEEQ8ztTN
GYfGDGNMVssbK3CNuPjfNdd0A9gqQf882dktuKudMZI3PxN3T6qr1UpT+FORtZH2
GJ3BEXfWbYBesgopgnSTlKbPX3s73YbgCIqX6TFmBmBWG27531fuW47UAQ10umNp
441fiDYD8wqKRAv2KboVIBidgh/6DLM/puEgeFtfAfpFyYk/cIf5EqNYe3Hj53hK
KDLWsnShEnfhrf4joAZxV5iE9ABZp8Yymer9OJqoA6OHrc7COLxkR3c29caWqIN6
qijn0VRutFGMA5rjmzKL/ELKM4+8OLzFkAFRi90zl24LgUsA90ZEkHnzF+se7n5i
ucapWHWuEmpfZE50WKijBDpgr0Rt0RIGixI/1kIiZPg3gTmD9aBHLE3ePji49fpt
NioBhTIVM6EakdjsjlZ5t+o6wYLm11QhLXrznmszu95LvejNaFJX5Dhoi4/z4Kd/
4maaVPHZbHTw2HEzcYuPgqwcDxEM4YH+k41FWO8C7+r2jh1E5fruFpD305Amrz1/
5A9HxInsh08SFr0iFRiceX/zQsrnt6vt6Rf3vZVB8e16kFqddslKHbWUJe6lZeea
WvlTwFJVPGTWQYl/05ywPTVIwYtZnB0QpNM0yyLOSKbHZk5pwpKsZjM1nqzkvKpl
oTpiwDYH+9vYPqAa6CAluJnnBo+aVF5Yi4pGrTdQaukVDzh0zxMSrVBRwQWBA7zp
9c5n+ciyYm1fYyv101b3nIl6rAnbGNtAVXQDssC2nq4Rq3xS79MN+939SoUosMA0
eGG8HAw2hIEq7cIq1DeaLoguGC1gGz9icvkOURHJVfhzZACIMEAuE6int9lasgu6
v4aJJ3fm+MkThccKZp2K+Z1Xm3RD02mILjlWjDYAVqhY07bp9OUTs3/E8N86yaQ/
30f+WiDKOKZSTDRCngZNj8IGaY8iu7h8j151Nz1iNyRknmV/QCdhwTiVduYKmjjK
maIUU8pLtFZOH8sZZ+qxP9EOny/g8L659wa8LAXOzwAfPBHtKtgjt3QKfemvFjQt
uzMgcZ3Oyxhy/LZzNpaJKy1QOqIl5fAiRUYtsUnFWBFDlZoRqtLZdw+tCfsoRllB
UUOT/CX6rTjUIkO1PWt2ti45aWiz0N6dlwzR6asYHzne42SeTTZ5NEBhVgDc3CjH
PEvFXm3OrZubvmk42Oqzz7lcSOkcyyaERWPv1VSRKJi/b2eI8oe1j23/tTmadMus
jIMJKFRmp3R3Z6f0aTX5PXc1ckamMDqAf6ROVQa4pkVYKBW+LHegFDc2HAqCb6v0
MkdI2TjRmXg8tX/FjWN4ecHVuW2+l8qVt5JiRYHBAZJxozF+d4Ykam25eC7jq5Y/
qhhKO8MoUzMPm5Ufbb6bZ9+QORwR0dtuf2ZrVuk5pnenK2aC1E8OEFzJCHevymJy
ET3aJz6gaTVw2ADF1/yrehKsjtu8Oru4aL1hWpHUEiHien+FXJ1vr2uuGkX6BPJp
1aHGy0V8rBxNdQ7i5RKL0zwLHWI37qVebemi/jzAZuVQFi3AN3FJH5gsjlBkkq0R
2GQaD+55u6Zi1hvyyVotOz4QOxZXeNRUlxyWlwmjlGGMTuxccgbR2cwRrb1Gw/XM
WJdNpF5T7jNQpc9mMZejOIpv0CHfkn8jHG8aplM9yw18wMtFV8+BtDxtS025IRIq
sBmHZJLy7tfHA//E+uL+2eWNmVR0d2MU6Tgdhko0iEsWx88C8fL6Xk9qDeCsP8hQ
vUlEyy+jAvl2n+qxZQE2RhTzWv1bkwKcM9JiKJ6n1IDR8cM+0rh8k1iIX90RHVMs
oZcItRYbZpHn62S6MIGcOzDSOHxx+Setj4FB0vswesoX7xriyfIN6Mn6xjOVooCS
TQm/ZyCRiDumYMvFWTxSglJJ0IE8Rg7ODf6d16SzKptWWUP2kLFvBZ3sZkUDsCU7
teFEwbikmUi5xZ1nbMQE49XtuMVXdmDf/HO6sbs2IBntsL4uzYnS4bG4f0BLNpuo
JQTGBaGaWsjifY2ifFC610zV0A1Z4HbZwsMiHej0X/Q+HmD7sye91vwODw8D8AWD
DliBg8EJrH8dMNQIveZ0BOkp9/bZPZM5u3nbX9hQZZGZK7GDNVN8uSJJIcd8M3Lb
VHaUFkC4FQLJF5BxZbdvfHG2dILsMQvTEsjd4BSXOvSnNGidndcDgkf0tBV5WxbE
H3u/xjzP70gkrpJPkrbf7HoY5rieHvYWGPrjUZISQlNE1PNse2fw/Z1KBACDTwiC
GAfFKy+kCYkoBzna2qr1Dp78Yuqb0s8BWUdaTWy1JFfiqdBcLoZibVq4ZvSGo9oE
SQHc8NArU58acHTYPplnVDXNrpYrHWXv+imuhk522tGwNsCp11rnvKvaXjJUgdXP
mnLjiu/E13jccaRXWJV+Pqye0FdOm4qEpVJgLSVhMGiYcXT98wIyTmLzMos+DFld
1bgM+pjEmLr26PpdmTeERKFl+cnChSMI1QuGSo/eRzJgQN/TG4j0rVX+W8TzSa2T
Gillmor, et al. Expires 5 December 2024 [Page 137]
Internet-Draft Cryptographic MIME Header Protection June 2024
S9SeHlFKL+pz89IwE4jlbxWWSiEo3NhT8wCb4tIFlEoymGajjqUvYnu+URYhQ4Sz
/00nQFg8F7g3zWykFUEeumyNPuIYZUfCazYXXKbwX+3UT9GdEZmr10XU7e+EtUun
Jvl9ypE+yb7l9NIDcFPa6SsFG7U9DbJHPEbN/9IRPeP6K21L7ah+l2v9kNfJBoEB
7vj1DLCdFqTQRa7Er59ftP/B0VYpeuTuLUNUgk/EBnr8MkLECA0WBDHaS09YVJ6e
SDAfqKOj/drBWlFtQ4ObQCNnooBpzhu5yWP0eChnaJYmOI+ubsBkbOi9K+siKprs
BIYBVsjERFfvM0rBJ+hQTRcQaJGmC1H0dOXcCyDLpigACwbGSo6cHyQXsI7gWjEC
F2rRBhy0m0oimMvFwwT9N9OcAxbDYAx+Q0LXy/kYOlLe5fxcsk4oz6d8s1bOJgQo
MUcftakH3HFFEOtrRXFLLlHBE4Hvd0d0t5Qeh/VDvqEFA8qstciscRg6bCGcTTs0
qRxe7dSl3DEQ3ROs5cQXNCFUkWyCrMjJMMfzLBLHgZcKNuPBa3gELruHiXRPE6rQ
Nc/ZlWAZfgjLQTkqsbP30sZsSNK+ZZecCg6SLFWrxzYrfrvLAq4KZNGg2men5u8s
C2FuaYV9l8UHsln6cZXjvtaC4yAyfbn6iITAMsLdGI2WIPJRkhZYwnuJT9gmIKqC
XZzw6p0uFXGtQ66J6oHNfGLfZkguO1Gbj0jJDyhWbFkMASQAMcP6XPU6v4yT8UyY
Y7V/dBpmhm9wZC3DQGogBD9aHIFvO6PwnzjvQG/G+1WqaonvR81YjnaU3b73R/Xv
F/qEPtqMsTC+qvpaJSjUn0DvuO9zdHFwDD/r/mtdchzmvxn9I6zSBT9DwYagB0MW
JHeb9eDL0j48UePmfFfMMIvrdDERtcD13EzKLyj/+OmMBFaM8VXv53kvq3RluDdO
ktAnv7pqTQzrKGuoYM+sas2ClOX26FwUsfFEoS434Inw3iUMpWAe9x+/Xv+Qag0z
W9dxeVPOkYxROW5ENUvhxGs+EVFxVauPIxHfy8ceh5Q2x+G6LMfBp1uNP6aqBhDB
V62tF8oH4MsRzxyoEfR2jA5kng5fu3jpQkc5bvBf616PzqRMRo1RKw/rs/mHWmcw
wCmpdhFLQhtuDtQS3iubz3WzRZpG2ACQh3MAVSM70Nn2l1LftYlCxCQvYaL554CF
ahLbVOI+GXZtbnWeHN4rx+Ls/BtpSthtVguLxov8byCW2yjafFU1QD49UCWLF0A0
TFequfG2XL46tV6LMVnFhc30SqPeZhTWIDfWgeZdS8+85sjTEVm22RIGQqPRBxJP
bWYfr+5yYeEuO4PPtSayassAnQVDWa03WCEq88K6yYj48/65ESlZ1uHhPFAXywyd
XVdndioabfNYuz9aDz2B+FUtMxBlTKZYvrvKH2/B88NeeibmlzRm5xdmsW9sKPVL
m+b/D0lvYI4/s2erj1bWJCPQtPnO9czoHrdUFp+o5886KKYj/UylW3RR8pOGD916
bqph2GWGFtxBWPnPqqcpWc7pxIQ0P3yXjMXAz9A6rnLeCn56Rj0J2c7Nh015NP/s
JcUyn9972VdpeoyfvKw65H1L1bQjAeca/r8f0wqBrN4ktUKcYjrK+8bGdLw7vdRC
UWiA6feWAFDCr50ZqR8ydyDqrga6gVtoLSJ5csa+SaNcad8Cm80m2z67mp5Dyrid
8GRs7WghMB/O2okTKm7c8fHEjM1U38aBSR/y85hjpAYiMsFw1dZP2CaIHCS1VLYh
NMVcHYx1ZMRwZSkOuf0rXTNFSe8/IibAPpUcD63F8iHqQgfuZtDmGacm791kCcb0
awKAmm+IEZ8txkXTFJiExIWPpuYBjxCy9GYBiAoQ7dSbrcq6sykzE6AggbNvapQN
P2RTUf/giqDcNvkALBpwZ07jmWcmZUbC/NKn1QBTA2llcODaInlmhGB0a22hGywS
n2TDf3pcU3/ki4fOaq4EeKEqyv38Pjyj5XgMOayW+RAkmx1N1tgC1QkET8MTOYbd
SLx9VfqvcA+8zMEcasIbcKaOFKQWgQBV51u+usskZVgy4D+HsunTcqQrkXqVVj2T
bYphwaNwxLs2C0nTufRpKtticWq02faAs6u3Nm/ciCGTiXVRiTtYf/6q81Jx730z
I1Orw35PtHVQH+/fXgFKEM0k87XvI6ogW4vK+DIAFQqXr0wrQD4E+amE9zAILhO7
OWoWxfOgqOC9+nnCOH3THRbqrIukoW7c6zjDgIAqzQaanYTyDVrcHcDGPNiIP1JP
Cb74Wrf/y6d8yfZg7EXKBFjsA2T/okRMCFYD00qyZW3FRe37g6ZS95fc9lz3KFaB
3uWdUHAUDFFrw47Rlxr4gV9pTWq60HoYkoHIAg07BylrcPU7PuwOwwy31DFOoj4v
PJRJfXvt8rJvQImSY9/Du1A3hLk8Kj5u+ud6k4fjGDp8+i9PTojm3ANonKUfWzAL
uONLaLk4A8wUK9TKSeWtahpKFm3FbpNQzQYPQtgkcnFe6YB++qzjRlNT2URUbIr/
nIhJ6Y3PPVVYKfLHrYaAJZimPEsOoH1odVuxLHRb7uFAGjfhrwL2iqH3YbjI9DHr
aDPs64nGtrb6f9YPjzzKLgypkYZ4gsVMu5b7Znb+taa3ElCO8mHVdMkiaO7wDdeB
TOVQ7h20mazK2lh7LGy777t2+bxGFosGsKTtCrIbIXnXSBW228svbbstJkcVQeQa
APZYlK0eMIKrsZrtCF9kTyOGSqos5xEHbhwmrOYyj8/oXTinCgPUgPS8hMWyNbfX
ZOJk9+e3ddh9W6Fxb8O2vtmpU/19111zedrWa+jgkb9pXzKl2RNjkwHFyOG5WjVr
TZfrKENVe4/nc4zJMPgyNxyRLJaIzhyd1xk7o6/93aBcpMbw/BNVYvZciAkMsq4d
rBKrQqEB2mZkI6Oqa8L3s8OX56U8fhtb7hLXT3+tV+lh9FSvHwQq7Atsc1TqxESm
ulRoBa+JgpS7e/T0i4Itk2/hQjjcKrwUOQe5iF5TQxllpiqyQBTTO3Ybk7H7BM0M
Gillmor, et al. Expires 5 December 2024 [Page 138]
Internet-Draft Cryptographic MIME Header Protection June 2024
eRkNTR2+SKwCG/knuIwnasofHNPGXDFPkLHpsrWME1OeDlrybSs1fysmFZUqV0Qi
r57QW50bsX4Otm9KSb5svdfBg3NN9noMr6B8wWxFVIMxPPA9WfVCoFRyXJ7MldSE
LNz2miw3KPAXgNDx8RrUSI8skXzbRqs/Jdn+66saXmrqL2Cm7nnfZSurk0/swBCK
sCWnquRWHJVOjA1txLEcX76NLyBxOxKqsGPSgJtwRQ5yMzNUhP4ke54Wn6e5Ad/f
CDH/MqhxR9Gev/JQw3AyuLdIaxo/udIFsix96gsqG9RtsfUCPexbUuZl+lfZYjMf
FJEBy+GRsLjSu4bFIVt1sSPhXid09z2/1wD3fzSkan6+BTfEvqLv2HiydvjfASMI
BqFzHGbKP9z/S3s+nJ6FrzLnz3Q7pwTlPkYbbATgptzfrDZjezg3B59qdvgfGe7F
E9yRhnhClWgJ/XKGf2jftUTLBY/EJebhjHJWirYSpmuFNN7ZGTOC6/Cr4mXgQfBI
ltvij0UtMMyLYjSYU2dmutfA9Ww0bME5SL2/2sV80frZc4+SxxqmSsIWvo8alfRz
MslpwFzazxna0qTZ0v4pG8pY7hlmAJ5rfzprGRtouJ8=
B.3.11. S/MIME Encrypted and Signed Reply Over a Simple Message,
Injected Headers With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8040 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4950 bytes
⇩ (unwraps to)
└─╴text/plain 338 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500
MIIXLAYJKoZIhvcNAQcDoIIXHTCCFxkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIf8E1Jz5CRMcenMby4AQAPsE4ACm+sauH6M
l/ZpoQGl+VF5Ct+GG4SAg4ElhCpCFrtLB1egscLCneeyWSF4afbx8l5AjcXcBYFv
OGEc7AdC0FgO43MkgVP7/nMPpXANmh4UH2xj1aB13ZZdJ+SY1cxIhu+Gv90VT6Ce
8Yt5wS42uPwhbYOH/8DIJU/PCCJtN4pXBoWWL0ghaeXCQwPXjNjyX1jRSMjp3DxO
RUONUBNc5LIbvHGKLbyXJncLPKtVQdtvVcQ3QE2kOFn6Q9gRzvVw03ASahfWDNlK
xvwFhJs3NGoKGltzmJEwOZrmDWKdV1MRk3dARP3EVwEhAUZ3XggwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
Gillmor, et al. Expires 5 December 2024 [Page 139]
Internet-Draft Cryptographic MIME Header Protection June 2024
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAoEYJpM8AofI2D7XWagCsb4Mn
2pP8LajzwurxhwWvSa4d07cexewF6pNiM3cMsoGq0BnMBXTvCTtT84P1oZITxNy9
Uxxday7PoOabTBWY8UYhA1I9vMAsy1c23TTrsANyZ7NENBHXPZufuOONdDcPKePO
M9QUPuGaggU5SLVtzahB8OVyyGmv3VwY2jSMbimJ7UML4Lhn2IKTtmbCefZzeidE
o/mzGN9MfU6RgLJsSNlaUGcnKIksU31oJgVKRfoQV8Pph+qeZ/63CgxxnIArjq3C
3k8psunl0AE/HXRvQJ5ikBrl0vdVhGtWVS5a3cI0fnfZqRpTAMpAU/960nnH3zCC
E/4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHAlk83CTfnzCyRK+GUvo2iAghPQ
uKi7vnM9kwHMLT2uEIYW/IPz9Zdpa+0DjHMENArOKPZ7SFuzFCnrszq+q0q/HiZs
1EzewHPt32kD2+w+vaCJhWWlUuoXYulXiHioWSBMWJoeSvuMKY4u8lgAG15hvAt9
RGA5kGQLwl6ITCLXj8uGmgH9x5CnclGSYfGOBdO2Bo19w//5/k2npNcfL0/cflFw
ttSuBnsA0wUnGrLs9zLO2hv+ZHzkeNI0fNXBEdR9GUAmH2zLuXWKR9aMyFhSYtXT
pN+0OwfI+VJ6a1G3BKLBG7pSaF7gQcu/SeyvOOVu6+OLAskIhNMQ0MvNk/SQWWr9
RmYPjr2dIe27s4cQaosSCYYmTrwndhCShCt/s1pyHcOOhduX1o0pdF6k4EeTV+yW
Litcs7ta+fHYYWYYhRc1QuPfTQlc45ngeLJbqy/HIKJImEonjusyQF3rgcnqcc1v
vE5WwIU2td12pYLARLzJAgpCmjFX9nPnMVTUNLG8uimVWFwJikxVeae6/g2JeRK5
4zbgfoO7UGZbmrPWVknyiO0W1T3hsS7sqhKrwi76BQg7TzmZRKe4nlHY7K3sFvnY
CzPugm3zIKT8Np9Ca++UM0O6rdOvxZSKVJxpXMABYoxz1IupZkqNaZ/JvcgZtYmw
/zQ7ddcUGPr0zTCoSyhl4tjenBcaZJkR7U+1d0n2DHrAoKwkeyIf1IbVFhkFZ4VL
dbuqtruLF4n11zUgBOTcNS979POBAJSgRnBW9lK6LBSY/Gfjzdz8HeqdT8t3D2aU
Bx4HJbOeMvdiuuDQlp0qqkd6W2+Ux1HIDQCOcqYSWwSerwZTZvM9cuXuwSxQwH/q
INXTqlMA8unBLexWattiUM68eWr9kJda2DI2OshN/cX7DHyJ3hm7pIQKjkaGbT47
1Q8E8kFzY59MoZjX5k5QAVjl/LjNv2Atdhbsv0ob9xvh67Ur6NECBiFUx/o3qaIN
yYC6QjG81i/m9bJ48Qxe2x7jhOZQ627acjhK/2SdQMZEI3KR8QfpWrAHfH32cVnu
DDTFNVgoFHN6VAvgIkV/E4W/xZqnXV/mNuC4S/2/RZdO1gk0oNG8i4WSS4+of7/x
flNJbeeJDxjxal2RDiWUEYcohvB1wi1SkgLcUyMIfQ3JF1Ensd0X6Kz7dpRVIXDa
OGNMa84//73DzeIEzROVR7MnjkQKP7K4abqcDGyLVZPSxyXIxyBl0MjI6oWvWWx5
YLgs74N/ve9UMPtb4c/yIdTPumA2j3829yu7155Y8wRELGGd7KLo8Qi/BomVxbBk
irSrdZDqQm+oMFmGdh3umD6j2LkX5+r+PXQmmU/8c792ABXQ5+vUQ4jkQCfFECH8
dwA5EGWzDNhF7AuSj9jVN0y5JTuTB8EgYLNJAbustoZEGokULYUUC7V+7X3Un/BH
BiVXp/bk+cGQlWRMsbvqBX/sWzcm48lp8UIdvTm53ahVyZEMCO05ulm0IjQeLJdl
etdcRmYTL7YLNZYD7DUHouXPBeXArutwJTkdpoKc143s+8u7Upa6Qs0bLeOzJdNx
8sSqLiz15nG+m66udY/97mXnjDWZvaWbicylKB80VThVkQlAIV9D+vP5Q7CHjXEF
rnuq/VXHoF5H6rq3oyeE4AdRuWA4y9sIOxRpvICN2hPQllqVzWVdcUEB9JrOGhIs
r3raOMpRjf6Xx43Q8f7Ii3dYhNNaxC0qO3lO1ARfIDToWqxl5Dm2FCdpLTGl+lAu
KNplmoVqtoZZVXbG2Z2DUgqawIMsC3uQGBXnRIUUHpnAV+N8CZ/zjmVdSuCE8tN7
L7cYqzDUY0SGOoH7O0LSuf5IcUOtMEXW8CDVHt/3hWIDY8/2w94PZYsMTtjYNKzU
eBzBFHb/zlBDqfPIs2m704Wrj11NQhWuzTVaovKHOdtjGxZHvLbKa5qScvpU9Xzj
pAizjkiWH7YME+FB3FLWpxKaxh6yFZfZakJsslt/O3DRnv3EdDm9xyXEypeZ6IaQ
2HvP7YxCyNX6q7l45OpBoWPp+vGRDBdViHZaC5Bs3RtToceSqKax7uFGu+41oqbP
qS3SpRpmfvhfd0YPWTTtRC2MRW+4TartiOhQHT5qUluu0j2fCTCjcWQVsLlUHBf/
KksONw2+HORecZWKdmVp1o2ySyR3qMY7FCtZ60uJVPgd4cSuAnYp9oBTNhGomWWL
B6IFCBdfYyKPAJAJ5MmywQICd5d16/7ThHdUNhjxUXn3aJmX6rG2MqEWXxtlM3tP
3AGldHWswQxIqT1CNGM4o53F0ihehqiZomy33CMIsLdk/Pa6wFqLAT3bzCrHUd4Y
m0ohooLwTtShNYPAp3R/8d+3R1BuNm16Xa5Z596ngvFuPbdb0RR9Pz5ZX83Jn+Lq
bJwcEhCMbt7vieYQiuR4iQRlgJwhKGJV2TpHuENSJdMfcIm4xnY/nV2t5lyllERR
yB6KApO64SaoOeWMjTPfAX/WcNJw6qDqQQLmOSj5nTVB91vox3Bh0LkDonQJPHwH
5ZbqBirRLYxg4/tlD+0dyYYZ7y7jO32iXAWq5pHbuEDEzNYSSNDf4AXX2LpqU1XC
Gillmor, et al. Expires 5 December 2024 [Page 140]
Internet-Draft Cryptographic MIME Header Protection June 2024
V/3l2oWbox4wAtoZY5dKcxHQxl2GUX0U7/d35vlVLV8iiNu3Umj00C+woLEkcMhw
44Glrlrv4/9GV5gx41jXPvijvodhG/1KvEN8oWPmL9wiN8OuwjB/JjpbuQBVrxns
8StMuJ0JD9GcmJdVqA5dXDNPtZeWJQQRjAsNHv95V36PgOKY8Pm5QGwqrSNfnE44
EBRxaSZcgIyVHWikBprFooGN2+wJrDDehsJiIDvY4fAxAfJ8hEoDNISuBNLBc3ey
UnLrxAjHGi6d/doG+SMbDRpFIqn1TS2RMF0XaEqCPBes4IA1gTZZxID3uhTNQ2vf
un+r96n+DzSUaqxjNODjGNAHky8T5LLMlrAIMr2bykej8zIaD1B9J+RSeGhENmao
PpMk5a4BqFYUO2IAZkqT0U3lzx2eR+IB+DbC3YbCoyFQvnemve7eM0ZF8471CAI6
yhdlLzxpnchUmjQDp2b1oTBqiJ3swTaD+gZ5pE6X1SuzfXEZc8pqZE+j03b5IKyD
uINDptUnCMO9trXRyxiHSz6lPoqX5+mR5ntjOjXUlP6q50f1Urc7NfxTqjV3JAlj
2zrTGRdRmcTM21rVbBefALtFgUukUYir/E9U4Nnyq2oxGooLhPn+gEm5BlvNnKcg
lOtQCP2kfmJIgzDzeConqQwhse6sOSbnTf+eGS+GAgRUY83GEvB436Hi/NfsnW6y
k0Kc2O2TSQVjoBG6w8B84OzvlgqaPdHReH2aghpBPFwIJiHhYd3HjYVwLU9JSnEu
T2wIxeVNSV4ruSNOnJ/WGPUaU5Q4sYhsKiO2WdcSFSgMF/pBN3GyL/gLoPTodRNa
M/Xu+lkFo7q/DirI/nDk0bEwx9QutOVOzubxzViEORXfctxz8Xfp8kB4u9OLKdYb
c836fAt0aXC8Ggekje90aM15KLtVBTPjaXlRdJDTBZxver7bokWrcQmyYRYXfIEy
ffF+0dOJM3Z+qbNf/NKfhI5wiTe+Xs/mJRUBmTyi9aRKVtGnMArBQAMB7E2b8KI3
FbDnChk9dcwDFU0eN6JIfaIdQhiSePxvLyC83umNwxJvX9/bNHR43/kf4JsJwgCe
QX+g8kKzJhb3gTS+rEh+v/YKLTdKHsLKjIQlwvdzE5HokY/cCOBDByvAhpLAcmX+
9Xil0uI6j+245o3z4tiHOgF5Sym880cYd15Mj5cn04xVsZuasO1vFNpt5is3PBhf
DTutyQafpJHhBAEcdqumCU0EIofB0n8oTNiWPe4rxOGFuLiL6dg1XIQejas4P84r
2ejXDPik1RWobOGQt7zzSDlaT4ndOJSERR4YsIshjJ31IWxoACaJrtj6Ar034hnS
VByOwWOHOXFbWTRfdwXGYFV2OY0adZb7Tey/vImJDKrUGid7JqrCPm7P6WHMZ9/Y
uilx8E+hMnfZIQ/8D3hx9VLUj4VYL6FTLZ+NabSBQHJ7YZ/PonpaXM50eVC+UyAP
JnJ0/Wz5q1oK5vSFO0d6eJGS2qHA/vNoVPF6aEJfVRYjhzAtnIVWMljkgrZjin40
SL3pqBJbRypvgKCDFNiyHrMpenawmbHDLJYsLwCwjTY+9OsZiYlONv/ni7a7x/Ti
Xz4tk1M+HZFXchUG/23IV6x+QdMe40ggdvvyuC4Ww0C73bU/oGKtt7aFpkvnwuO/
rjU3qiCY/LVwCsLq6lxWPwQ8MDYkrq7w9iIDI5wAnh7Z8afTx3TbwBdnxiknvuU+
bcHlcrkL6EZ36PfxchX+kS3vja2GYrF4Md4zat6/fOvIf47yL50fI7ro75O952V9
h2dQczWRlNVsHhvFgBzcXQFq+85Ev0A+MALchTpd8IQKlNEBpsULc7Kxs1YO2aKq
Q3kljm9ZFQOWwIxY282ko/QVmgxzciDTFKWR2/q/WIyNmaQM7asjSIjQnavg+5D/
aKvf7Q/P4QwrLZT3TVJrw+KyLjkMzC1tTOg4PbuVqHlaSd5g4gGAz29jPD2KbLD4
omCl6t3MMYYNNTnOtv3KcA1EKEyWWybqgREkPVP8nivQUkTbogNdwXM8kZYPu0T0
YxgugjiZhewLfAxwOEFg8YB6Pj3c6nhT1Wk3a0wNT8cBXDDXEAjSrqFV4wcX5oij
df6knyiYICdCdeOfTJJMFVeERyCNmw2DsVAr64WpkNLLjOGXNJpBM7SWZYuE23Wf
tx3DUblOtzjXk6R6/S4+uDI95Vm6Xwjy/XAV7Usr8WX75xMiMSHAsrXPLTCf5I/B
9u9vm7+l1EP35J3uSqQR8yerjhgGOWgw9dXr/GGjPKAB0/Nol7lr4gGXcEOX5Eyv
ALXFK1QVE+U+JtwVTOGnGFcKUaF0qvwc9eLodWdm1c5FGGH8Dpwyh18et1jqELML
h02masDOiWHXP6vN/xdvdy2GjUF+1fQGgJTSjS4BnlifzySmsN4cmp2VlSJN+7TD
35CfVAnESHy5Yzcdi6WPcYyA1eKro/hT9i7ao8jVCfcmS7ZmhuEi3w6VHZO2PW2D
4R422edIpQ5QuXIIbrU2/HJf4oGwaIbs0Jvz+dXSsb10hLWuRjzoeT86Tu7caVnf
AFb/JxJotRmb8oIeqscocEYY28auuIqQGAohY/gicDXhd46lePMKv13WcaGHxFK2
c6J5DpFYM5x3sjahLHqEK9lEjhwxkSzPkGyazTlFsEarllnLuiIEfgYqXnJbXGf/
74HyhoFAKQocJYcatrvL5PKsIqYo+KYtQfWstjU62BTHtYannzBLduhaEW5GDgat
XiPUFaoGc5SavAZM5zgueAKaFobyktpTpUm2TY1uaVohunwE6IZCf2bEluiFNsiA
tZs78t9q3erigpBCuvpgcFf47XBTWjzKiqd/FF5fd3Ohgy7qgH0gnPlaTqCM8g1F
fvhLSEh0gPNh7MD0ASfNeyY0X4Qwpi8ei32jgnGPjsxbhg4mEsLxNzLO7/2t9t2j
T5caRKaOTDD8y7OLLFhASqlA9KuCaxL8TBAWq/6GC6UkDiPtkovz+TSt+9iqkXFd
ovxyFFET7qkF7MevKh7v8ZS/Ee3xmYhyxpj+3jnvgrXtGpVR8hvt7Gpka0Sp3cND
Gillmor, et al. Expires 5 December 2024 [Page 141]
Internet-Draft Cryptographic MIME Header Protection June 2024
jSKpWLwsDK1ETmq1HBkLqqXtIQNQ+Kgui8O7i8VY3LpiTWaeOMf0iDnDoshrgnF/
VFvlxfZSwklwAsb3ZdL55xUQ7eBzxgaYcVZBwDuNfroEVdAENEmFokfqfU5ktGhr
wKErFB1ZVILsgAlwfrBjDtcWwdTAB5gyk1uj7TwMXX0dBk8EXFqA71+tHQVWkxq2
CgT5vSNzOUUuHVPVbAPiuRliD5kkrkY4EHncesljMh9pliKjdP3Z2SLJzUxCGFg4
jL8Jq9ZXpsAzxWZ4386Rp3er1sJZYyUXNjXNoyNmf67eMnwNdasq/h6pzNmCavCy
gIu+wO6uiD3RNgMfX8gCDQy+FczjrMT+lcUTAcRZ5Pr1ULlH4ukv+OYZwrTgtsDt
QXD/UZ+aEyEUnILCJvklEspZLstuRN3xkgCPAttCz126m9Evi9mDH4MrapmcMrYE
QGKkVpLXI34hOywn+v6HEPrnPzx+R2Wd07ZrCyoVaiGmt+FWa+4aTjGLAt4Uu5B4
+jg/bSqQTAp+ac3cV1IckS/oFuzQfmCSU1K5BP7r3giQSXFnGl1onFxgUxdMQ8Dr
muvaXERd+i5Lu5UlPMYvShCNJAc0AHb3VBCmKMirnILt7Uj0DxU6uq2z3mH59WvI
4xI3/rW9HSxuOahl1P0xmwheZhdhhS1zj1qpcZOfi8mb5935yWtMiYiuvqniGJAT
EtBf7/de2+BX156ysMv6uE9q4l39kzWkaTti2fR9CRwqxWy48qIwnO+JfSZdTfNr
eUYU0krSl427PwPHYSHiuTNCSYoVDnU/QodPlqqMEchCxSZnvbgmlL79XvuYyJjw
b+v+b9VVnZxkgFN/IcBGCdbs+I+Dz4CZUi0xTLJeDF2fLi9c0hAGo54wf2QTkFoo
8nPyugKN6G+kGg8WsysXYP3BDYOMAW7MmFj4sb7YLixx4+fYvDyTUJYHIy0LuqDu
Y/EA6Fovs4DQe63Nqrbggq9VkMfxZyNb+9S9LS74wu4KDwOr8yH7SE7+M3hVXJhq
vsrPPFRdWXxcs2HyxdC2rhPq7saN9LHjQo+/OUgb8baH5CliO40A+rs7Uwsk66Kt
rtID8QPn4xHW7jXvxBkIM8X7cuvWomfuKzt5Lp+uG/0=
B.3.12. S/MIME Encrypted and Signed Reply Over a Simple Message,
Injected Headers With hcp_strong (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy with a "Legacy Display"
part.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8320 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5148 bytes
⇩ (unwraps to)
└─╴text/plain 433 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500
MIIX/AYJKoZIhvcNAQcDoIIX7TCCF+kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
Gillmor, et al. Expires 5 December 2024 [Page 142]
Internet-Draft Cryptographic MIME Header Protection June 2024
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAD5nNEm/J8y7qGhLtIw7nHjytOrzwTbBx2QT
XXEGBmbboWYY6+bU9BfRhTEYQxHi1YGHsapCuE3M5mYKD6oNkwvwtY7+xfMpEnNo
Y3fJNkE7Ij2NvD5VfNBK1rBI2G7neFsIqCcsrl/lSowE9g840dXTCGTtb80tt+zS
ZqNnWlnFUiI5W2djcr1SsF7T1NzgzL9ZuLRT/BUM7qxx7+SOyO2DTEi4Ro9uZxAB
3L3vdgbEkz8Nk4BrCWQCyxVxG9Ce+y+CF0OxQunN9j96AWMpO3aGYcLKLjvaQIaj
750ZVireCFRBj1aNTARwQX8HevsPUcqgThmY53jwmGhXENS7e6kwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHaxR1Roz4Oym+ZCqo6x+BVWg
QnkB9ISlfDbFWC6nGUU51uWu2lKZbyDmEr/yUrHdBWd3dfH78CPfw5fbwtz9XgIR
jMbqr7bbqAIgnSPNqC1ioCMTus+mIOyogy+YsY+EsSBGLmfhXgqFvLnovlF/yLmp
Nyuw/bgw0BIKyHr+yxoThwDim1V9RW/Q8OY5dJx8QP2vlbDVOjE2sT1a07te8QqU
LPZiMcCLWL4HRrKJSUwBWwMdDBvbteX9bQfb3YmDskCjZjBObJLZgLbuUM+48L5M
d8P+SX39OhI8e7l+/IeAmMeI1RVL18Lvitc3J+RzbM7xNTy6yoJnly7vwIQZjDCC
FM4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEI/DTETJGdtswTpGNJZfr8aAghSg
xBYql0IWCkFnU56QxKLxTPnsd8Nv5olJKsbyJI+g6m0phl+1pZYtsu8s9JKutCEa
DAiVu3jPHeN93LYFDP032CiPqN6FZJu/EeyG3eFFn/k3ZXtEqCWoBat/z8yY2bel
+8i6HY+Za3OhyqDq0u48JDllcJZdn8pnTRZExF+7p9I0dZGTc6MespS4/38A5C3h
aYkQq2sGcwxlxW96JzjL5jvYF6/ina9rEYoqfeWJ+su8zcBIKOmw15/y0NtRtXfI
8+nw/A2739o0FWMP+RSA40Faj1o2nLyYY9Ls4ly2itAY31dsEb2XTkcJ5gAdy1dY
RHRIO2WE08x52tvBMF3AJfLP3KmSF2X66IXqW118j3Fb0b5g7yjEJHw+4GR2Dzxi
oxqG4e/00V0QKyqO+aNg3d7+ViISkZqJN99rrN3HWMyq2dNAna0d6ioTzUIYQgIW
j5T4Nuv2MluZw96reX7kq1MJtA44qJEgWyQKVuGRpLquLlBzU8/6vn7onjlg/EN5
YUDsKH5XjNLorXLHTVjvqHVmwKFCqv9kprzTWVMGKMP7VTejasOlKy0hcXTO7173
OZzYd57lr1IwnEAiPjjs8zRFqNL9ui2bUeEIQ51WWZ38MEg5QQAuPYX1r2DsEIgy
YPNZclw0M+wIMBxazy+9XAQsbc+hVRGebORqMrNF4Z9PXyGce85Vz74M7us9K8f+
spHZJjAFO1y7UR4NHiYi9EYruABJJitv/MKh25ItMr8UkmVu+kORpAS0k49ihPyO
n1iUWUmmYO56oSeXFrwiESlYgbSVaj2GUh+1pzBYGikDMgalU3J16lAy/as6tkn7
SsjllScPd6EN3TOLDrxsFmU9kMgD3rcMWBqHmzRvMeeISmCm9nRdauW91JdORt8f
UpKL4JKTieyZoSqaAAubPK6o2jCXouzrLU+/QSy15Nl62jsafQQ+Wbs9dnQTvuwj
K+b6yIFHccaz2E6QHMnno1Mxp7yZsNjpOf706fqlziBKbJYscCbfo8nIKh6Y6w9y
/lxb/IvXw7O1Tj7MYnCrOVFZErgmfWHGQcUCGDKbqJ6vBw0T/WCm41a1KU+teFuU
bVpJk0lcykdLOUqqutCIhiBodP6230RiLnsqtnvDhTKRW3P0Nvh1T8iiWnQg7rvH
9cO+eQQKhQiX3vAglFIYRl8pfoG17iTzpfAt6xTtJu0miY2GvkGL9c2uVBlXXNNh
ojMD+z45Lkbynz/b9VbvhZ4giHj/BmS6csmW0Rhk0TG+a2CmN8Z0wWeScrld77du
CP2Kp7cMr0/Z5EW+d7TAs4GGtuTqhYfPgaWou6blUrfWrdbRC8jtzXU6mcGFe6Fs
7xZhp3OuPys14Av/RR3eIa6pvWiPSLplRR0heXcwZ+h2n08FMNCZcoGFhP4Lh5F/
Ki1J0yvaHyHOxcheKqnLVWPqB5oxZHv8cZTVPwG5Rvr3BPEMilXHF8bdWLsBwmhS
keyB+kic/aEbqZz/UxvJSksrn2Th3+tstJc4CiaK6GSmWQHWAMyk0r1DtDzIsViI
QvA274JXAInryOD5S7AECNarQIO87PcoMCKGtBDPgb1UE0aS2dchzoNUCmNm11TI
2orFUsmQ+y8G9mnoLwVdRD3LsaYRQNh5im0FRp5awXoVmNtdV1JCpv50HpHOmhpn
ucZIhKje4KhsKxNZ3IK59kGuam5mYHwppqbOeumsYi3u//210IIfbIjkY1Enqzh0
aOTWtCrBHEbZMQUuS663+5goc49H+QytqtCS9nnOmy9PlxT/aRkVvisLFVNZBTzv
YSdkJ+hSKU0IiOIoQRZJIXLH1WvHxbv/WGvflysUiEeF4JabC2WO1ybvF8qJoEMS
xUuzN5WPjmIW49waSjIaxZ4CcfTd0Ek221NkSiieq+BIXV0b05ci9OIEZf1sLYMy
DuVUQpK74XAtL/S420pRCfRVXEnxL4cbrPhn4wCwJ7Gp/HTQcGYcwbvDag63Tfos
Gillmor, et al. Expires 5 December 2024 [Page 143]
Internet-Draft Cryptographic MIME Header Protection June 2024
GYIB41hAp/P5R6JBrgCCmbaN5rMto8AyjBQypwLbYpwANXOD/1q0zjxqsNn0tWhC
mcFxugFYH3s8KAN1UAx8meuCk/ZkYyl2muu+WKIxyUIeEEVEA3zcx4fibfZnR9eN
FpHnuOFEbAvwKc5ECmALl4p6/KNAcb1r2d7NtfmLgh5OUIV+BTkQgX5HNZ6mk+YC
E4NDBRL0NAGsxOMOz66izUFltwMTVcafx8dH2Skm86/S4wKBEggZNZdLMDKkBHMo
h41v+Brip/wfCgsuwHT+s/sGazQBgcLlQaV7zx9WwQzGzxmaBEszkfiDTnmxE02N
ZhrFVqO2jgrfcqZk1yYzvYS3pPg3KQuZfzQG4yJXb0NxLY+14hwv8doZNKTo6GgC
UKkGx02OhlE+WrzlRO8ImvYeoPEy5vF4y7nqso9b+2c+a18dlNbUMsphC56CPVeP
M/p+25xI5aFKuEGe6FIGi/EzeLbDbjnUYPm2uvPRa1+qpWE5guwXPZiZPrwSSdZ6
U0RRVp+ylKtoaVg7S8yCikG8yziFU7o1o6Lw6G2ElOjoxBxHcgEu1d8ebxT/u4lr
R1K68/R9P76fFly9y+wiC4f4Pbyd+9LsIq53dPBkIdAbqNEZEnDMwh+JFPpFn2vh
emsz6yrpk4p0/wVlaD2tNrKV/eLNcz7qR8fbyV2blhxLFuWqcTXMb+QD3F/mIMlf
yUuHVlYWIpXBIvDji7r/cuYskKaTJZWHPkF/6HaHZNfEyXFMLnNa0G87KOXHBvbn
m1R154rdoWcv1mVE/pPnbVIRrOP6WmCwTAz9ku9jmDk7DcMdlGQEfVIUaEZgc8Nr
ql1d5HNJ7bQ1HRT8E5KcYb0E5JQ4vlHSZbBdY6jlvwGoUFsoAtdPX9iylonfYpUL
xO+AawhiaZcC3pXVbbyDG/SPPv0evdp/j5jKDP2RV4pvImhPoSN9ykgGtltz2jM3
tlKY5MX9CewJmRKj0eBGk1AUTm+zyqSDUfvEEHpwWMtS2wEZ6KMrjF8J0lHF8KpP
VW1xknc+C8avMdHyHkcgNGfyhmKoEJ1EqvIO9Aen30lC5fBGjQwxLsIg1PsPuXQ4
yVH162Se6PPbq6B1fhnXO7yLUXROr3smSL4oqGJHjGPm6ajhcRrHZVTn2fE0eU78
mfEKOMOtO9UFnH3xVSWcO+3+k2ONnlcMI6/Ota2dqdJVmxvvGeUJY1AUcp+qAME3
qODncJcdhH0RqYd2C/f2a5ONcpiUBRV94EDBnUTIzym5TyCpVHGggs0/pA+acD8S
T4SyaxM4Yf6lQu8nLKMldWbl3MquWi+GVIZy+wQH77OvMOOjgKk1Mj7FvGublj7X
AJU3vKxAwcsgt56wq7ekMCVpQHKfS4fuLFBrBYje2ApBNoCS1VLptVdw2xXt6uze
HtWz+5rABmKlrlzxY+eGH0icKIbpVKk5wocQNrVxEImi8udrDAiR9HHd9SRX4u58
p0KAvO1u8ElbpNOIi8fENVTFVbN/ZvG43CPPYCCNP3m0F6sONvjnoMP/dlv8KVbL
Hz5aTBoN79L0UFRciIklhvBY8rutk/PU34IVgavI02uqFmcm7xk79tAyaYL8y2n4
ldTXo2O5PdU5dKgNQ+NEUJh6nj9wX02+UNt56DRm2RvaugpVK79ZD2CCb4K0UoDA
MgX8TPMkHcKnYE0BXz9Eo/zQpPgu5tBxGpyXvUpjgorV/xs2mnekBluEVn7Fs8kx
HT6ABapLAwSgyqMOVRQaWwtINKAqKyXsK+FTUp9rHxNSmAHqhI0JuugF2cxxUhZB
qQixEc6s3FTDDSt3ygSeHsVr+ajqbsrXx5+my/6NZ0ZZ3G0s2lZHnxOjhtLul0DB
Ne1iQrQXpwIBl5ewgiKfFrQd1EMwExY7bEqE64MMfMoXtfA4gbkvFDtH6z+7qDnV
jsyIJ8PbXKVUWHMPOtdDWACRGRPuwQMmckuxm6yeUdLMnxJaBlUyISgn1VLy+p43
CnFslrS4Yok8+bkl9ZIeZhA99bzqxrFekDiFevrVOLshroZY0Pl40dVUljXz08Qs
YdtbuI0iVMgz8eXGSeY01nTfkDql+1KRqIrtGFy1J6VsJawIkaiypnxPaHDb1ioe
t+KVm+V4MNb6LnFbURbC8c9nHeMLy8jPRApbbff0zBx3NK63BcTJaXK2BeNbI8mu
XE89gTzOaOsWRPKJDCPz3oAb4hXDafVj6oBR5o5Fb8QOmQQjzpJdlKFW/Imv0h9U
LpelcK5OJwRZAfanQ7QNUYTDwMDXSvKWOicdn/ITXeRrbOoNEaloEKEAiCpVOAFe
+I7vBMYiO2CfWtr9oMc5g6euLEgw/L2ZP2zFE6gNtLbep9I7pu51k56Yrqcph5IY
5AKkwGuqtgCfZ9E8YBbR/TJ6ohkM6W7Y0St239uHZw9r5szw8PgI410BOe5b5Pmk
r6t3VjjearpNr3bKczF9Lkf/0uTfy9ytSATwjrnu8HFU2J04jFPHGm/nCPjasMkP
PTSdOwD5PpTqymD9icsAozkH3EDtqRyxVc3SLeaps2t1yqLYzbR834DN+R5CLcB3
C8BwhkpP0oZZu5dJgAUrqIA57c6zyeo9tDzTWjvx85qda+GTVa9cJhtoETU4YCiK
k+FFF8dKLnAOsVP464K0I2g4RK7nqlJkcP3MarkXiMMW36ZT+uG0GOSVUSfpqz9P
bt4TgpoLodccAbPKWBJcKHI0TZszg+aodvjuppaDwtP5g97iKb3uhCms+6S+68v/
RY2b45H8XHbaguzSTKQH9cq8X/PSGeSGtkv+qdPQWKOEjvAdbNu0m6U4rhcWwX0O
tC0c5sAZyZc/Fc/45QaI/7/TqgutehnW8k/PDh7lrFdBXIH6xckrr66HC9I8nfwV
/BPjcSSg/8s7KC/p1dxL0l4DuccNUx+y4Adc0qbX14q51ODKQsHaTEs7/k59QOk/
n0/ImIHXyWhyGg0aW7ir3WtkmCh1dNG3L7+/mDcwJeHuv36UINu0mCm9NSmgBeA9
pAYYgPkwBW46VofI/XCQuDNBHJZ8iC+sYA1ZQEQ7KI9yHFtKe1rN4NtYQuzEyoTn
Gillmor, et al. Expires 5 December 2024 [Page 144]
Internet-Draft Cryptographic MIME Header Protection June 2024
hojdFQ59/Xj9llNG6lzSsvvvWKgE5cKP2P0VKeFiwvuV9Fl0s444SvcpDL9KkAii
qyYsGAk5hOrj8T4mFkAHZkneU7WKT43DoCjSD9T2FaMO82v0ftXMGWiv72VRvvgR
KFehfjbZh0WuQc5tOiZ7gCyQyEG2Ub5YL3yJSgA4VAjgryryvepr32rl+zWHnDgZ
C+OU94i6r+dB1KhqLiu9TSVVvrnvZegmLUSjYIY9tmAW3MX0XRAe1pc0hNb43Aby
5HNYrGKRTKRBWEEeH0XoA0B9Fql6uycsg31gzAu1VT1l1wGrLs7LhUTy4PLs1F0s
LNpX8YoJ3xMMwub9lx+nqUZzh51pBkzX/+rxejcLrxb65itohCpVN41CIr77FKxG
+A0SibCX5g2oRlQFNi4wOOhPDqU9v+bPxDRSh/HusHaUQA+fCCeCBc77UH3oUKBQ
foDnBEMfvie8rNOMiFNgV+YLWCITgMbPrJ9wR7r4/ItlbR3Xw4bOtDV8PqfEm/97
82XHJ5NbWb1ggVYlDPJoCoLF/3EsI2V69467TJ+fQXUdOdveURXusVXSO6bcgvaH
GYdSDCiYgn+HcQeObsz/4TJbgzVnPV1uuGAfruaLk9WXKZOQhNqMnUJiNu1iI2B7
lRDPKdXNLIFOGeIAx2oCZPghBuiYNLUp/JAZ1Ddvj9hCXkAFZHvfqh/SEh7Y2AWy
eGY9CX75zazEPFsHnIe9YYqSSRhOfGyVTeeiR56F9jH21Dd1EL1fQjwAYviGApxR
pHGkugktk7WaIkQIj+Kos4/NfnLKlo+k3H6tV3EJF7uxxslgXOOaTjZZVnrdOwfK
VeP6oA4cEe7+pPLzOiFcnTXhBHPfG9I3LvrEmd6th0yK8WkhduoMRIBzkG6IUmjn
YUvT73H8qxEWYkC5/0WmKjO9MmfED4N/HV4PtrGcg90iXACVsUGpkAYl7YAJebxy
48pmGWW5y53TaqmJgtR0doO/I6YoVzkWrOdIZ6IMloumW+sktqawp7ocnEKAgAvl
/5R9002voDETKJRfFg0p21ZQMnGnAN+RFuNxF5GIyDsibISg2Ix+1xwrRUg/f3Fr
AbONTMjz6PFbmEG5e50U/ve5ApFm8jGfQY3k7DTfKn4LSZH0NBINRPH7svLBQQlZ
IsABoPE0XGSKxEyAHjWuJk6hWK+Wu8hKVqmH7eMIq5DCCTE04NKcg0jpUw1lnKVV
1E6FHub9G6OJg3lbya8gnAmUxcXM9e5Zx9nIAXqCjsMPKwV2JSsTWhJWZVh08ghW
K/vNInh2KyMpFxeolSnVSLROhXd1uD6dj5IDPQQwlaSiQdD2v2+N+AwX/5gtL4rZ
sn3VrHfwW7tJy3af+MVjf0BPbP8z8PRFs7Cvz45mUUmYwItF98jWZImgfk2Qz16L
E9LdDsWJjBNjuepYp0Ap91uKShh1bWq+ylYrGN0vqVkGXPq37L71mtMJnIUgMgoJ
pJKzZpan02UXfW3KSEq6l2c1rIu8swkSiiN6odH8jYUL7jaoZ4dR8pFdWHh9hD5P
NerHAeBmKuFIDzj/piESY/CZ47KNZr4IHOKynEvct0vZ5EAPsfv38M9Bts1K5MaZ
uP5/K2XIMrzL4YcwwLltOwEKjTdWRfu3J4ICQQG2G6FDDPMT4vEgZOHab0t67EfO
h11ko8dsxiVimkoktCAwziW/+SMSxbpffWgB8UcH6wkNvRotORzetmQi7G97eCMO
4lpqdtCzTlusidZMVEyVDDdyYptYZ+Wzd0SC6fM0exhoOfpAQ8W3yTtZthLc3dku
9R7LQrRg3glCB4eDbYK/7tYskzVzChV9zIIukiZVgOxX1C2nKWZTtWP1pmpsP6C/
1JMB0IDku1T0I7BmbvzgbXh9gV+efi2AGMRI7a+pOANbkagR3mgZVNFBWM3U4CeN
zu1BdIUX8xDeXzr98/EbgrSfh29fbvPwSDQepAaLQtSSzBhNjVwgXJzPQ/qNSkDH
B.3.13. S/MIME Encrypted and Signed Over a Complex Message, Wrapped
Message With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_minimal Header
Confidentiality Policy.
It has the following structure:
Gillmor, et al. Expires 5 December 2024 [Page 145]
Internet-Draft Cryptographic MIME Header Protection June 2024
└─╴application/pkcs7-mime [smime.p7m] 10140 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6498 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 2179 bytes
└┬╴multipart/mixed 2069 bytes
├┬╴multipart/alternative 1134 bytes
│├─╴text/plain 376 bytes
│└─╴text/html 474 bytes
└─╴image/png inline 232 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-complex-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500
User-Agent: Sample MUA Version 1.0
MIIdPAYJKoZIhvcNAQcDoIIdLTCCHSkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIuaE+cBpt9AcnXx6qncG6nyAEoj2Jr2tlEg
4jEUwcOJEh0i0GiMGHaWfTGN4rM2ne9cGoySa1Y7MxzBQgfgLlZHu7dDRyEwyG2s
WL18YbokxItPoisVYRMZxzDh1Xrtv9jYp/b3N3Mdz7k0fzHecpCaVJXsouzHPAyS
7fgE8YVC2FyXER2T6If0JP3uWSWbIpnyNadrF/4AbX/x1RVphcLD4QUBXMORy9Zj
GVynee8lReJlhCN6bdncCwKlsgipTYqCWYWKl6AcPCYU7yPmpwHsCKL9a5becLVe
6naNvr433XhA8gZxajo3moSAn9d08Y4Gl5SVa7tICUrKGeDA3jowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhgebg1I6ozG2iuD0Q1mqb0eC
b6lchhxvJhC7zrdXkWW6//KfwZOUTP/yChSi8KMf4nLZuExmkOB/V7HA0GmZb/OF
JtmE1MH0ZbKWLOac3v6bMaFk4OmzqaUL8VhPe9sv3u77+F4nhjXcgKP/WalD8XeH
pVh1ngIt3NJiMHK5YIWcLZiT+hv+DyiZ4v+W2l9yXlsAhADU0ftLqjj8o2dWUwv9
3wOx2lNlZvLI7Fs5C3EPPH9CmoWAXOpX9VR6IJcwcTj9UDsilDdUyXpYjCIREWIv
t1fJ9TH5GhfgbfUpgLympR4fhPeWR1Y0KA5v5lsy6DhKGXcgxg7OpVtC8eMY0DCC
Gg4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELU+2NzltuUjwoRNycQnQEOAghng
RA/c/Rl7vn+jFqMrhJEAIEwqiR960ytY2bscgk1+1whrB0PBqvsXYQO21Xr9oJlh
Qjau6f1YlTOhxng3nDARxSDPrR7Bx0cV53Lm8ZoVFW/77uVRhFfGgMSabQFAXgDS
ADNT6ylD4y1kOqx5jSKEhxd6P3TEWBXQ62H1jk6RCJubIFkGEf11mWyNTv7REPHb
mEeLTczQ0GcM1TK5uJA5zY4iwKAbtdspQceRAzkkX1Q5Ry56PBOElfcYMN+rv9Yk
2j0DIYeGb5HboOWEEcmWEu6XgiIs2Cn9CYVb0rcITuxQUmGH4NmtwsbtpAngm7ye
914kHn6NCxKnICqQbCze/W0Fx8/t95l5qoEVYeG0F6hMgZD03Xhd+aXSg7o0nY/L
Gillmor, et al. Expires 5 December 2024 [Page 146]
Internet-Draft Cryptographic MIME Header Protection June 2024
Q5XGJyTBKZif9JzPTNz/Uc28h+sh7ddgnaZxboKUDTYCxDpfIH6EOEwafyCAwTXU
pZwkmS1P9AptTQraKRolx2QrZfxqfTQZx8bs3TvzonfC0yK7E042jYg4dc2saUrX
ETfa3fwKZqfcUOaiyEqZVerfYz7dqwEDtb35iKGyJi+k7CstwEDSrvbmCeynu9bL
G1qP17my6ta8f2qBBsIP2vgYOJZ6qXrqhfVgFeydC1SPerk2Of/j5BF8Iwn24f6o
C81gvF/V8zhh+xVJTaCL2s1P156zt60emYHyenh2QBc19SVAH+4fiI7sBXR8f0io
1DZmXMrd7uQee5+2r3OQKUaEX4GbxBuAhkkEf3iAzrjwcas6Rx0tGgGIn3QUUt4G
tU+IOH5y+2QkhXK2KOF5oHnTy2rScmSttOXyFvcEQgwxdZnR4yH1fPKCQ6ADAYJz
xxDYm00KoYV4mVvVX/gxQzXsPzxuCncGfN8BQzrkjigwgT0Wi2Wql6SEjOPpYdTW
3nkP5TSaidiW68esT8Hl8dEDVZeDSVoRoWz+LeA+FQ3sDIHDB6Gai9CxkGpzQCYW
4M0XkizJltK5/9RuLYYQJ8bq5ppsuuzYyD9xNGmqzYPOZiCWoA3N4LaXZSsJYl11
Z+DFPVjb3V3nFP6vYmW44Wn0tv1UYaw86F5xYdzZOmBXd5LHx56Kg2JKVP8D23LM
G6TY66Zm1Fyt70spDKihH5kXYACi1DKGAdsbGvv49Pov4QeX9CvzekB7OH5xyl/0
KbO1x0WTUuuT0+M7Hc86K0i0P+CZXlGEHLquM570MH/9FaFypO2FgjvfIOvo/OTV
utlaXaBRq5b5XIY1LkyAIJNtLadabpnive6pPMPUJiNRY0Qa5UCw6lC+/m+45y/p
Dt6CAcG6J/J1DJPxKsG57O+2VDre2Y6taaQtjjca2Y2xHDI3P6YIILIlMiwfGjG7
EPjkFyaDiS4eY3IOaguIrv7lZFFv3HupPf1cNfqwEjU1daiKCrut+gwmKrloCmbZ
PtCOj3obepTL0AJK13tvd/XKIE3OkFT5LUwSZ98UvtYSWdM18AMdY3jCLc4lWFuj
X68qtEl4afy0pf6rHHqsBIzp73fxEOVDoL24E1PhLv5dwhMH8+msJDYdO6MN9uij
gR0LDZljPJReZKbjfET17lUAaqJqOebHGTXYrXmLudXfUiAZaHU1ki1MoNv0l8M7
01b1A9eZ0Vfkec5qUSdwY8phoR+ErdausH0mOKHwEqvDAlu9iy/4Ps8S2L0izwCx
43J3qomMoIDYdQ0hvhsfmmBtUAaAFI23AiuRP5kKK8LVhV0sfQniPizDqtZPQjpk
9W/LK2Asgr9h9JMaJw4wHpSEfCUzKwV4lnuq+FlaaVtXpNfQo+cEkX8chl9k29Si
GU1hIolMuyKIKz2rPz8Ns8PTLPVfrqXQdh6jRSuAIAX8RuhgwzhA5YmajfeBD3mm
OPOva+IG2TZlugtpfXJgUHNZEj+hru8aUwAQEdQCMhhIZaxMZvnv4uyByKViNp7s
QOIj30ZLjdtGfc4aNV7LdDWq6hlZJGS5oqaG0zJI+3u7AvUYgb/tVZXY2G5FuyUD
VRb63PearbIN6pUBUWguU5aw+LSsNJNHOy4tea2WpophaXzogJhnX3wrSaHj9NdK
2hZdMHBXCdRABlB8XDeMBrAROYcGBAoyGKP7eVcR+TA4Evm3LJYNm7FyCqhWmC+r
GL7snEXToT/bJ80FTrUeDRoL2QzxyHRkO9OPysDVEKCdQWphYwdqL1eJbWlYIIRg
Rj20WNKXdNz18dgD4YyytQ4AV/+jAb1XBsGaORsOZ5GtLRvgWrhh6VcKIytwLhcW
Xxgutx+aYdSrSE5yeSLS8QaswzZqv6zK4X7bLWNGRtDIgLYpRwlWtYIWzEPWROaT
lqSA4IuM/yVORTftnUsaydnhgc5pruIO8dTJvuCUUsT3nGIBPXNNrM6pLw59nCmX
eI5Qeo2hdXXLEpbLxWRE/u9tTmtAR7U26s4VrNjhEkSfX37+mYuGoPi0vKrRBrrz
LsSJ8OvrV630s0WIrPOxToi2kam0kShinyK1DB8+8abiqb4z/8/DPwWeer4R8EIA
GPA5og2xpIYL0+1YOLTxz5QMk2ribFZpdU79GDzFVs/2NWWPbCTWB7+an5arO7/e
g7Gfpr6kRPCCqJ2VgKOcNy3ZA2n19G3YPB3AjOOitiaYkBwO/SdQipor4z+WpTey
n7JQ6QBwHBhPWK7Bmm403lRtYoFLfM9UXPUxm3cLYueK363YTkASWoD8l4n3uSpo
c7gHsFU/yuGryqEjgiavz7/zK4c3Gb549YeNUjXho3XWxlXfj5TBULUd7tubf9Rn
KxNxRXZ33JQsqvnCiNT95yV1xnm/qi2SFWa3f9tWQYf4BTATC/gv6V9lf+EDQ1i4
vTtchSQW10f87yIxXgiZmpTFlxw0BrmuY240QJ9i9tgX8ZFq16O7SEiLC7hnaPhx
XrUhgDnvEUggQ06aoDI3vgLF4KJExYqWwnu776aXzC0hvOgDvkXscz6WyVu9q92X
SQVE9UeFK9W6CtifDqI4iQHNewexCE3esVhERh4/owOt3H4SLS5BfSBikbqfY58p
o5DUsIghmKtSope/hSqExn1hJSnpI/ErTGjRpRiuhc0NrBft2dGUKxnbX7u/AAA5
8pF869xUMObXFEEJ4eybPLF7xL6CmR0E7XCgVsYuaC7px1BAP4j2rRihBQwDitTO
7ebLktrBWa9AGEGQ7+pkweXmCclwYDpIRlEzAS4aMjnHCdNjre7zriD+LvS8mXWl
e29COS4HJXda48xtc2Avr1PJidgcuMUmSd/JbPiCwBCq91vLA87S0VFYgHd/5oCB
Vz3p5MrCBkrfVN/LWLTaXM0qHQvndgINEBVcbAX82ulX/vNbxmfViUvGtRmE6/Re
mi8qlthxsAd2YSOzuJPrCUiBz+5wX09YRCcIyQSxU3lUEwFFmvHflYHVmQZ9uK7c
E0U7xSSZSRT5agD8knv1+0itVsrbvTt9Yr6ON5KrtZRezXzmH9zCGe+A6p9faBpp
Gillmor, et al. Expires 5 December 2024 [Page 147]
Internet-Draft Cryptographic MIME Header Protection June 2024
1iER7/m5qrcN4limTRRIEOj0vGCMmuBXkOTKrNnkUnOpKqqrwxWDJovuvCLxvu8h
NiFyBCg1AsfSFXignn944JzhU2nhbtK+W3e9fh2t3v6tBHKY6qUyoqOeJ6fUMykF
VbygANa9u3/JteDYpk4PVy5v1ZTgRJNtpfR+FfUlb3EmT7XyLc8ZKUdPOcbmLt3F
XHvBOShBQv3QeJ5VMVdYp6GOBnzZXJN6haXSt3Yqglu3JTOYqoehd3mBzBIjk0rO
aQGQzj/nxUig/7kmRxoMwl7x7Yx/jxq95XLAsUBdQAD57hPARXdZI77A1CCzUDoR
7MLX8d3og1J7T8VDR3zsghsW1XVoCsbO2c6F/kDqjJUTQegkTmgZZw3wZdzhUdxW
H18IkRsW/porfeqqsV/uJkOUBIEZMH505BehCXZt6x2iF+cFk/J+aCAJKwXLlAfa
wsOaoPxLNa8d2Y/+9Icn6YcQAGdNIPCMyL/g3eCsVgv0ehyVl56heMqLnd0p3tK3
YItt4xfIkKrkvYRZFT7KGuKyFl6LB+mNTR+XztXP167JzcdFSpsVy1QM1gtyT/5f
Ws1Hw4QmZkQAbJ6TuFONt/IFyOKkaURovXQ/CsnO8/LYOg8VEa9WPbK3rT/Iokjz
GsVJCOTwjafOXk31h3O67fepFrY4kGKzUO3AvBeEy1JjBmoFg08gjQLgp3DPg/v8
tZzds1V9A/gZ1GYzTmdDV7Gke37c/GzhodvsioLRaKgfuM+iFaU6HJhZXtFqiifd
nP/tf17+B3xJ/0jGsWBTIu4xiHFhtb//tUM7eI/2NvFkWgNNy6Uymo6eOWZF3fvP
aKMw7vIBMvGH0pXpC3+o8AyFbDy4eJ332S7XNScUnb2biHZaL/RC76AqZeZJekmZ
2ipJDF76eymqjRXQsHmVraASinpOFhBGQ0IZj5HHm2tbxglbJaE1ItszJ4/+ZVtH
lqapGNKqKkB9WcqRWn1KjYzQVOCk+6wXZZ/oisIn/rWNH5bvtcCUjd7Ji5NB7TC8
X65InyNfCe8N18U1jv6uBdM+7fueJeZSDNlhsrouvB7+qjKlIZ3HtG1v1S99uhOD
tlwmikSrai91W3WMYU9n/nJ9AjMMKD7XM/lgo4J+/Gv5wV5E9WiqT0ebvK1n/QyF
PkHdaXszOuxHM8wqSLvQ2sWWKcL63yqnF190+qTvSJOkMFaSfK4LC2IOObemcHg1
OHmHFodVIPyGWC3+hQELQohvgz8xj74k5LYGsjG7SJf0L8B5NBnr8zUmU3wC7Zg3
/sPkFImED2RKAH4UocJMmPpldFimelsnVKmraCfiuxrebJkkXRD/sQBVBzaiqtLb
TluyDoAd4cAPB8Fq1G38MZlckX876RUyAExjftVFntxnjExlAY77um74HeayXkaO
JIavauOHP/mlwOf3+LQWTCXIkwLBZ2GhM7CpAMEcF7WYunl3VOVNxJ1WsY3RB10E
hbtL67KwIzXQ1NJQk3fQ8s9HuI/Zs3ovPbNyRHD4oBJqdynwHdQqMMtkRmO2F7il
v54QeDcBCmSdmM3AZhJldZGuESNEPClKaoBGiP979T3QYXt0zhq3aVy3sw1FfgZj
nj3x2g0XXzU1sZTSk0pS2FbO4sCzVoD0plKYBc2somIZPfhWIea7oHCdm9VVs5HT
bTUfLgnL/qLfG8fuozLuFO+Fs7RX+91KKmt/CapiMe0cMXNYlRMqFUo2F7KlDEvB
DlrcVnAcxEQ/1ioCoqT1JHPd+2LzC9NAgejTYYDHBbuRznXaT3QPQfIDO8H+EfP0
iZrmCu10D8DJGL7E16qaBx3l7Rn8JAnsR/SZ23K8eI1HBAevcG/zG3dirxlgnLhk
LPdyUBbRqQrUrXspM5HA4KpFWT8i825MVmvfXJrwMPAILmAKQLQvnLr4s5VHvwlG
wdts+c+azKxdzez7pyoWuaTis94vm4uoO/kgu5FPIAYgSnK4InGgbvPZ/RgPG97H
Ru7nwwpMTxtCanM1jms+eLpNv/i/XS3n3QDbEvQADHO9xpoeUZVPk7Af4TI7foEr
IW1tCY09/fIDeD2MFN4Dl3FGZ28eZ9G0RzpZ+5PZveJuSxEVBZ11FlMQyLMdXUzs
edXiiiD7py/RurcSG9eN3R/axfFqVsgndCXpPlMxd1v1mATXwEIRIAvBtKsMnnmT
n74abdKebB2gB/z+SBvTC7aUdfBTlaizFbhoCDwbWDHxRreUMclsjRBGNUraDSEC
49XjpCa4MMcSW/i026qJL87UBYcOkiujCwWC4GRrfJWmOcdTcWnN0xAtdcrKW5Lg
Z3b+/nBssn+gVB60lHSncsAgCoPG0z6baMj+wBDsk8ZwS/V/OR+wKV3nlYRRhtkx
F3zjyo05CpL2RuvPb/lJ8ig7XnLM4zBiTh1l5jumFgzUgzVEVkQk8KELG3JFANJw
Im6W2vTlJikQA1l/5fnAplAB6LPgXkU7dyeVSgcqnuON025ulRFXQDlR9BxLB7Fh
ErxeJVIqGB1vtupwGqFtv1lCXYjAq+f/eGW6XWDL83EIxBvbNoVaswusc+36eSRc
A19OEIhCD804dtjXz1ZIxOFe9u3/ZJGBJ58IhouYN3WuAjH0kOm3pq96VosRX2YT
3Sx7o+MCaGs3CGOGHIyjr9PEa5LYe1A7ifWC6C1O35voxak9kQj+HVsFRMzGzptr
Dlne2KiJeih015WaGRK1XQhX+tQ8zn01MXUQYpgKWIxvnMYzJZWjpj2Tp82LA0qO
Z3zfSIByw6NLrk20G+hjrTLiDGrIXi5+mfdgK+20Xl/pfTzxFjIxuhT3Pay4AGQZ
ttVSpB2YPz0vEGDFZJ32tkAF6qU1FuECp2MMlYGY1lgs+17X9WPScrZK6yEI/ZKY
lKXLIM+3CHyU0QhKWEJADJw8f+EsRTHQ7QJCKup6geYv55nlMaxGQ248S0+BTZ2E
9f+aTtEtxlc2jy1yW0+SYK8ygM0BFgvVoX01+ZYQP9bwlhZ5D3DWrcnwd8ee1DPe
rYlOce1NybIoM89P1odZh2vaUyAGWkKMyaqV6Nbc6TB1xewh1v2qq+6Rz1E+4nmQ
Gillmor, et al. Expires 5 December 2024 [Page 148]
Internet-Draft Cryptographic MIME Header Protection June 2024
tPeY5dROAsFk28YdO+AYT62O2p7POtsGDQwHJCvWo+2kwiI5aic+pIFOdTdB9Esp
4J9AqqHhNiRdU5wJ6f3WwbzGvTy00oYZNqfYVLz0no/XOylZNlCSPFMQWi03gJ7a
54E3PNpNANUCLeKsA3YsqFdhaUL12OSXWZeyo+oxMrEM6Fb82Tbao9COanChfNzJ
K0oKQ/nxkQIlFjYomdIkHrXsCPVCZlwSYyPIJ4Jmkzx3BNO0913N981r8XXUaAAm
Lb4xvdiRsbv0PYDOKNQ706l7lsET7CunGsxVdwD5zz53aoLPmOjwYK+d4/GmtTEe
rpfFls7LkrOS05jTshqs9DPK5qPqyDZYgWduq8xgjy+LCLoxSxZFzIKtbe68w8Lr
wK1+CNXnokEKrxWpsscF3853zc58M/oitKxg1glh0KrfEpzyjmmKjRRfbPQCBUUO
rDz//KpkUbI3gYuGtvOVxdEuvvD51kM3B+KJsa1dB8taa5r5/iDE5AGmn58AP5FT
ltSbrgdWPYhGmPosTsYxU9QCVsJC3hxP+yauDz2WDxcdTn6Z200pM9MCWHFxEcFS
fI50gKTpIsXIWa/LoBbV33HClsxLnzJyw1KMJtFbmrwb4dtEqcYR/1siVRcGTgjI
4amtZPXLRmzyL8R4dSjIqYsKh5yl1R3vUZIYOwsN8lQHl6ZZKg2NFtOFzDNrxbBx
RXELgKRvyYOb4y167wBvtO8F3ImZnZxJM9pOxYT7UCvN6Mrq2EYFSCjd0rhZ2fyp
2JFxBDqs6nrBcUo2hL6GoyI37rMyESNcATWdTcY7GUs0S6NePx751XUnzzjReG0J
Kg8AcFKTBJ3gmx3xH4HRtMhcJFz5AzQQMXpeMNTP5CDsv8fy3PDZUErw6b+FIxsn
CIvD4KFgJIulbjCTKsT0zrFoa3KV6MvtSv18B5LZM2KNA6FAHxrf9u6lJ0jpzdrR
hDqqkQMAUeKT+GFcYdjjpWcqVa1ttzY4mSfA0hkn4oU97PGrBZO3yfGwPPaGIfMo
MyRFZi3w9De1MBvm39yX1ICVaBqBg1FwyTRqbfdu81IFrAq8UCCKoLYdTQRNDA2V
iidwQMjoZu9MIP1ZztvnrC/m5FA/MYEesOa3rv1S35JP6B8dCS/AUo0zVW1ix295
NvkAzTj2cc/6RVJmBT/qEhatGsbi7sqoe/D89ClqOx9N78o2T/XaBKbD3AwQVp10
51FDCQQWm4P8zawnevL3R0hhkWQ6n8CH6qoifNptsA+8kse6q0NLFtM7nSNQZU/Z
B+Z2t6WIz1D6VAP4QYbHD6McKzfBSLX4XJtuYaOpoixBozUN/1pTAizVtxJnnFY8
4L3YxaLktyCyAE9Rg/yMGEqHlQDW283TYggACCvAhYtrQ3od3rscT3OFmUujb46Y
6qoxfB7UW4cBMLGPKXtCrDeTJFlOoAfy4QIRXC28IqwsjuYh7UZZIW1mOOK63h3h
/kvVLR4k1HfcXgQVQTeqqhP4pMzmksgeW7Rh8R3C0Sq2AG55g87xZPEfiQgf9AMu
BcVHs6w0UWr6ikNhxpKjOeoiwEmWb9sbRWrIj/GmXymiZuq/jyTgI2ZUwESMYL7G
YaK8dDzLawX6iCz/8VDJps0d0gEPRCPO/5Mdvc9IVo8Pugn+aoDpJ8QGoUz7yAGs
nJMoRRpl+OOjsQ5llHcv0E1+U6Dic1NH4IVnKAKSV+El22wjLNTR6HxUHfidZhUq
1nPyBhuUd9uZxz8HjI1h6PzzYpUv+YueH7JhobQnWAb8QRbrSGCyorGS6/jVw6H7
kcd5m7pujzJxwLImV1Pk4OuN55RAErAwdDMjSK5sHMxtoVW3xoRYYIxsOjQ7GB5G
q4JlpVrKqOs3SJEbPVIztegEFjrIzlFCZvgiO13H10znz/zU/0n8d0aPmxg7Fl2W
lltEf3ejNYPSa3ZqAHaJFqTInYjMemkt5lnz0GqlQVQdSI0ZAHnVwaE2VGn8vnkN
0i5nmbgqiT5qQCZSzVvB9Gdp5X1jm+5+IuBpL3BZD7ndfUEWGY4odwwxeWZj/gjL
6cNH89L43i5VlS7Rf4fCez+AnLFmZxwxoGj3nSUEbnfccg8jzU6Zn9ylDFWfGPtt
GLZ7TDfoEW5lE4fCI5yucLaRmACaa7S1lgqKMbIxxGxMLhiWkOktIFwW7Mzj8kYX
g4j2EtJEjVP8gPO1GShPN+J0B33eFCPadmZ54jDHaHR8rzG3uMMcSeFAnQcKXUpA
bvenXs8VUayxRAmK49amOEycVr0elgEAGEQhpgtAI3PBV0UrU41u/Eou2KvU1rN4
B.3.14. S/MIME Encrypted and Signed Over a Complex Message, Injected
Headers With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy.
It has the following structure:
Gillmor, et al. Expires 5 December 2024 [Page 149]
Internet-Draft Cryptographic MIME Header Protection June 2024
└─╴application/pkcs7-mime [smime.p7m] 10075 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6452 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2089 bytes
├┬╴multipart/alternative 1138 bytes
│├─╴text/plain 388 bytes
│└─╴text/html 483 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-complex-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0
MIIdDAYJKoZIhvcNAQcDoIIc/TCCHPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB57QrmTl/GQLc07IWXC25Bnpmm4lzxx+XIw
vvKGm8tibDE/tWyebPw6eitc51Lyd4p7nqIAbeZZm8+OhfYrVOyLbVWfTWH19VoI
gjDEyb9wPGVFUWgvk0Jnun37uL6XTWkZ7CsHrcdiqv0ustaT60L/ppk5gYyVvno5
fKm4QosRnXyUuojnVd7tXmF5CTaAoSR+Awh2u0S9By3io6Kpkg6R36Ojqpy07IZp
bm3eiq2/JmOkyqdvfMaRhBYyfny0+xkYRdedxQPifX2toiIMuKzWy9riH1rf3kQA
XcKDFFgX7maESaYAuVQjC/3WMrNxFOZCKVk4p1EEnTAIPe0BSnEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAd7o7/pe6a32BucEXYfh23xrD
DsOsQsphCaNicaC145XS+UJ3mKLMQ1HcsMekQ/JOJbXXapamMYkDIFMFRnvDO/qs
AsaagcDcyruzVoorJPGixNaI2vPJPzob+X38Trg0JYf0m1BvcREMnGeV35vZDJte
Z22c4QjSao45wRJ3T//ADSmoArklSb7148JliZXnU0ijxMswO/CersNVWRnLRP9X
Iwl16C/zdaZ8Oa2aRjkT4fzln1IViipJFwmlNz3jPwYDXzMpB6QhSdruu9hsd0m7
iASC3XQD1n6mW/kE51mmY3tt/VUqTZgB0tgFMXfw7+/IYs4o3gzQokbXwXZSGDCC
Gd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECgORvhFmdiLhhtqAKADQKyAghmw
RLLkccnJTOSeBwmdbVdZqVKJNUgnKnvA3oJR1lyU0N0MULMHcL3m0Kbk9CbcYxkL
/XwEjlxhuIwv0QqufIGtuqvV9GHdikOtMcYn2EbFValWPNR1GDx80W3bIntlkxAI
uA5eJWOlrTOs3g12AepfFM4SwpacbaAFbJBCaXjLedFFX4RHxdwL1RMWheyMN3R3
t5MaLXblPcDdEPv9hiryLWMDcOXU6+gKZ6wL4BcAfcgK+QrCN2evrpR4rZCRA5gO
htqlLcfvxCzyR6WI0idxMaCf/MCFxurBmP8dbLV3BncHKfK69ufMBXSvx8gvImB4
BFR6jq64E39YyV+uJKuOzIr6bol6y8VySpXdoIyaGarZk0wOtk/txCzRURAZJvE3
lPrxO0qEBxSjvcFZahLKWZhY9yHely4NRvZXwCvhRRQGDFVS2ORTKGbnSX7KpgYA
Gillmor, et al. Expires 5 December 2024 [Page 150]
Internet-Draft Cryptographic MIME Header Protection June 2024
fDdznJji1YLGuJWunNUf0dbu7vk4dphAMVjm0XWq3B3ACQzFzp6LRRxF16+teMUR
ycIHi8e355Oj0OtcU/0ZvDZp5AHnNJWbDif7rQZsHXJp7sMI4e1CY9FH7IwkC4Us
lWfY27MfxBDuVRlsrk7/JroilzfBvkpIQ5guHAt2l23EI39oRhYZ7DnC+9ONzsDj
JDsAirDf5V3MF1FgWRShdFAxuAi+ZW3kxZrLKH8UbYP/r0y0rDX4LbmcLv/PTkui
q3G2cuMLGFtC3K/q7H4Vf/7CAC3LtYCSmWiDTIl5vsz/LqI/Wk76cp0Avb2Ei/JJ
KzyjD4pijc1s1f3qcPbHJhiutSMC/vDmxq3aef4+m2js9fQxnK4OYYGnmrti3ZoL
l8wk+h1LoDn7syvzVx978zankxu3qBmhnTqqn4mNaenEhXLqTHkSpoImcaOiTZKz
0C/GNzUarbgkbZyHKgBfjqTfBBFJwT/AG0b/lFzdmiqituH6rPi3NidDpNjJwBur
s/2NeGRVHznUCBBZXE4MfgadjGJpyykvB4t09zMG4U4ZTBvRhMjkYSidSZWbXSXu
nqesE2V0No+3vAWO5/XLa/gqmmq0Y24QKKkH3eOMBL0+yAlQMflzm0CIiMMfabt2
aqnbUeBI6Hav4ZTbZ8YRX2FMWXHfQgbGfhqH56DDpcyw30AGVoqixQLwqPy6coVk
c1PVncvWAQPYsjNQBKiTUAzN5MDq2pi49037r+9yHetQ7tbp1KJlOueC1SUfOTd6
7yLWeooOYs+WehVPcPps7QJ28IIT/U//3uRw1H3ApRnbaxRvYxsxGgas/clVHFOh
1N1xRGF0jEYaYvzcB8SI3qBnbRU8v89ck+D245y3HR1uZdTKKcf4cu1aW+xTwe+4
dynyn5Th7bp5A4q0XRJ/iKOuePQs/X0iNBAlAHN0LPHGpUFknFx3uXWA7P+GkSr7
vTCydT68HgbCSJOV/IxeJuempCOriqrUT7pM6S46e657HDgDKBZQgcDaqvG27CW7
nDI8cQXP057zUTL5J7Dh/82wfqo1soL+MXcUlBf3Un6d4Dz3eSiOWnidm6i5iVHK
qulSzmFPNxFoAxKhBavSGijLZd+S9yTseaO3yRY5B2l65FF1O+2YO3oc+Vl4fWVe
z5zksr4MYG2/c1424MK4ZGMDe+gWKduectzQxrO4g3ccHdvCpi9iIsqCJ2NPItIG
SN/1ktP+SFNr+r95qTHvDa9ldxISn/J8uGmyi380hLprXHeGa4DKBGsdnyJvab1X
yt+lJmMeYa8mTVVSMeZr38H8lk3Uzngif7VdHENFcvqlRRmwF6O5RL3A1XD0Yxj/
9stkKr4dyFOFTGU7xuLa6fpW9SQXl9geJNUSExKhOKAi4YX4d0+Vol4AX29rTmdr
baVIaFReC1jWyvsuodnRnZGJxPwxVvpWb10GIhaWlc8n8duyfMRGEqrnVonSqfce
GoLwSh6z0wdBS8W6JJ+EIRIEN+AWvrM69QpzfesYeZRaczPCfiTzOkueP562HdBO
MJK7i1SyHX9Xzps52BTeTnPLm6gY5C1bwYphIcJeKolREPDxEBQG8HIJf8quoTHR
r5xvTlkFQf3EtyKvizIwiRH1IdADuPhInGc21x3aS4CFqCEpMMOtEJc9MJvDQcvJ
YZFPNVippzsZcY8ZU0/aCDHkLkCgu++wj10XUXLXXg3iiXeqYl36nMQKbpjENRRn
lAL0koIlw0GhSpM3WmMmK3Bd7qk9uKQd6xOlsLXmfgDImxIDMa0vfYh9feCYHyQq
VTUo+NJ+soMMr6ZL+5ciMplUBNFxdFAfKjvphuRsACbu7z6fay54qPFW7ERhwt0I
Ibh3zX2kpmTExhBM9rmaN3VN6/mtQW3p4TkWYh/zuw0l4PNTrPtzsi5w2E3gr1sf
b5KkEKruijjoWAKZfNSMtSoj7BHj3Ef/l7/+s3kPyhqEbRZxLlvdAdMtCMli8U2s
qDFeUsjIrzlV/bJm2ZwUsaytP6Fglv5xsd8WnZtP54XBd7PyxHC/xaJyeN0rfYw2
m0G+sIvz8WavOnZRh0IacNmZ8S9WCMBR88ND35tguTH9tSFs6/3uKeUrEbkWmC2T
XtvCdXmMPSVodAdoDmcbVvfp/PCtu4tt7dFUWg3ApUXfFMLuefompBmx7oO9myop
r5UY7i9pTcLGDReM2BNYmCwxe2AKaaSEcx/HQaMwQWQ2wZryid0vg3UErfVzzQI8
z8Bm1QcAJs2NjPX2wlg1ydUqHhoa7fz7FOtfXANbVHN+xD5GadMLkaJwK9i4ozTz
YSh6cz40pJ43+b7HpBZW6eW08UNyj9RwFHxYMTUFXXiHAsFxWtFZIyywiXDgXoNb
1Ux+wqMC63Ke4WWx9DgdEoKQ9vqNYT2czPxfbpbvZTm/T6d5RShq6tuKkioYy8+6
SgKbiH1GyduLNQcYPjuMCCSU11eMm9X7UsEqI42ulxqyTeA6Nv2k8pyujVAYX7zY
1m9qrVk7tM1GpcNS1GlgSV3k1uNeeQ30oL1HmcUpO1RyYJQ2r5zPN78C4sGCFEDx
/ij7ZTpROpAGRv6+vlw1lguM+jTFHRvIM6QS+HBvWxAURjdzXULKdVwkOvNRKQjS
RHIO7H18aotzHwLpa5ycrAogmaXBzX6ICx6t3EuxLYssttrax/dZtWeqNw/X6k38
MZYDVXPae76KYQ/OeqmNpGQqTC9e2MfeDF1BIhGUzlgWjCWX6EY4D/XNZEwp6EJ/
BmIQUaYzhOtzLGra6EpXRXxoTfuFmASfOfKn9XrcNeeSuf1SMdaw65fVensJYIB3
QuRf3TKmtmBEzFYfV/X+6oBYf8zKAT2aQxJ3iodaYY6TDeGnjWKhxHerbQ4Bjrka
Dt3AlnfI0EWYqnVUAHuVh8w4iqVitFPkqnP6o/NhYVAO2+6KbcuHw0RQRubiubxr
SmAAf1TnO1UIEX4BYnE/E3scNmksWQqSoOj5MbxCf3k1cWoP5bNDtD8rlRUxrFbA
HIMi/PHzqrV7Xm773GlKd4E6ol6OkAoxYaCLpAWyqUNZI3y0+xG7SEE8XTVZBh+g
Gillmor, et al. Expires 5 December 2024 [Page 151]
Internet-Draft Cryptographic MIME Header Protection June 2024
ltHcUmccIKkwrgc4SyLL8d6idVe+xts9ZysqsVwaMjgc97wImkEVV6yjnN0ceerl
vVXLqppIZSQoGKQ4sxOnBmNBfFPpemd5m216X13gTOWE4oVlBcInW3XfEFOH3fUV
YGr5dp5EhW6rQQaCq3R+nQZP2S2VXDRtLRGSE7QJeD43SmM5RTP/4GmWBNMBhM6k
AdUcut2mIborWesJNga8HV748qgH6+wy1mKotfwb3ejCPX2sXxadtbaaTqcmaPvI
LANKfAyNngoucNUgpJXAjgZeAjlIXv7GDR0ZMvbhF/5d/++pUGqVP7q15WbQ3SSj
xTo2dJbvt8ZJIZ1AbGrCLHNJmAKp5my+RaT7E/nWYhBhKSv8Tq+gFeG/LejxcWnM
cC6EuhRNlu1qPKbSrtOD+Nq449DLMS4Hd/F57ZtUob1JwE8RTGEKL/hArNid+WEN
G9TMo8twzMdZOTYJFCPav+TVmEScR1b/bz9dFqyjdlOpxwYTD0k/CLELopB4csS9
5sUnnQSB4rdDy6mu6t0M7ZHIhTHNOFPOS9mtDJoz+kZW89r4cNpGd4WKhymoSasd
w5BIC+PDbkp25zkEiUTWyCKFuocQppBhQGxuhe2G7eJTTGr9Wdcrosd/AjfZO/Wm
JFkVzzCFiycTTvKeWhZce8kn7jSFxS01wZuoWMtamxFwFYpR1my3l/QNdm7lNtD3
lV5qgIQ24mpc7GoL9XgFu/J+qMfIHvEp5LoGIQZdK5CMnrrjS4n4igcmsC3lMkzm
8Qdxziwwyinhoaz9u2vDvi/rj32YePa3eEtATGCad0mQoJzOJw+mEd0miSXcyaJP
5aW6Yia/KT/ylbyTEGnjSR0xqnei1Rlifv3L2n0Ur+7kTRYTbKqsNOLhATi9sidi
HCCUWKhddatf1w4ccBsFqyHhWVC+gOj8+laTakBQTvDSsl2E+QZAzd+28v0dqsh9
tWYX5XKthicsX4dkMJ4gSyzeffixffIxvGaEhN0ayCKsix2JC8w/Bz92oox7CZxi
rQPhjLYAKIv9f5rkDzdJYxhccF92uEyU4bfap9yCKrzcysihGj2noLlxUH0nK+Kj
SCIlnuocijllD5izJGIgnjYj8XeefXd6jccM9SAolFS5s6FDIVVIYXDOSAPyjomo
oR9JrkRkm5qIo0wmfJ8vVBG/yRo8Adjsr0/5PInJ20aulMtdT28Rs8jSwhhbM8tw
VrNWdDImz86GO2mUibt/6R1lHh5RF8+z1u+m5lQIelKogESM6edcJF0+Y8oypRnu
pq234RNbkC4/0oCdqEXsuhHL4LQt8nbn4iJnAcE2r26bYK3u+M+WLHzUSQWEZlMH
ofG4h6x18K26+0Sz6WX7FoGBu+trK9ezCfI4w3c7Dx1QqzoLFztJ0P1SPToz2fmx
C+ER/KKmIE4LfnOJlOA/rVNUEZP7PAzoph7ej3Ted24F4eDqh4dhH1/IdnQm0FtJ
+Tzo5tLsZr61cxqLy5k/gZCrwABpHhvc0NvQ0kshoby95Y8ueKf+pSJwq0y0/Ca3
WtzfkCrz5iWjB/9E/6OaeNYaQzlNwWXMVqYGF7E+ePBJue4wAxCYXhfkfWcAm4CA
cvS9+QB+E3DfpA/vMbNbgZr36p21pMVfserPUllgfmSL03eK67H/MWS0WKGi+PS5
LL4a9EXOeGeURLbyViOg5oBWUVZvWuJY1Tdbt1wfrqRU/nzU03bMSjrNFpdWzLSQ
C2aSyc95bb093cG3PfKSYLKi966iaTqy9Wpl16MHxlwM3Voa6ZzDUul7E5osNnaF
C6jEy1oNyJdHIQycvagYe+SK3WAF2tTv+GzvZQFKTa9/cWDO31j2mZBrFjZ8Kmiq
SJgPj+zP7Htq7K6ITaV0FDzN4XoMAqMPNNjb4PYYIHH6HzPxu4l55dNpVljzFqw4
iBJDDDLNsDJKjFVw45QJw1jEdyLQ0iO2ClIDdMrmeeoq1nA/ZpQKnoOdpDH64vgu
fuRxdZSMATEAj3uMeNscHy+F2IaH7u0DI3W25F47znihZkOdPjVPlLkwKwGj5y2U
V/z4nz+azHvygYPhh300d+jJT432q7QOGyxbCcS1duGJz6ECIt/MN8fZkAfYNevJ
CqH7LJaw7MYG36mlLGObqPFG5bjBjlBi0d6bspcequhNLZuNNeVoOoHyjXjNGz4z
hMLX9lIfB78RkwGv/7CeM0adHiECKljvXPQ7i3DBa0WMA2DM+LD8Y7504Y9zpSjF
Tg5OVHO93vhgv8URqG5P1ZF7wVgDx3xIC5B2GZEEhlsgHFibO595IctQi35AVZjK
oXEGv3+gk5IS4D2GwMHogzgPYrKn8zaQeZjSV5bwoyx5VLg0ep3qqN6MOrrwSi5n
cm7PnBQ0sXQ6RAnBFHgofbpvbG+16NTPj0m2SUHvojBFBJVNAX232XWVD1jeCHQK
X12ls/yn4YEyjhoiPnNXmix2bcrtr4bKGO+Efo8h7vT+ynand2B4L8qkBsTeUuym
pMHr8uZzaSCRdeYFuDSZk9da7IW2Sz4vcJKRM7k8rRSQ78suRqiv0FkaiBKkXFGh
4EKLje9ISGIFeOGK74rhC6ut73lgHp3YSfTrJR07bK2C3NDPs2To78RX7H1l8Btp
lUZY08ExYfl+XXPIeN1RSZxWE13pP7jBTPwqL3rPgFLN6xsNraeca9YG4vFpww46
2xN9ieZXPfhFHrDwCT1MLKr4x6cQmirxL6/ZMFP028bLoLe9qXjZ4uTce311As77
Wh55wgD0R13uvpJ+hNsqLDiHJyv5H5HCnhlz81vSw014mzeK6gPbSKr/icEBU5Rm
LTudATy2//MnEuykvZ8XMbGiw9a5ddPU5SllxCdm7pymJ+Hzn4Kw20yAVeW5RChP
GRzImHnG1pyglQhN8lYE9x/9r/JOa352IohSyccWnxGoyBHkkhtr8FOS9Q9lsTrX
0pPzQVaMtzcu8EVnALNy4ufBuyZxd/b5qTXgMs+TAmIBZheoFqAw7VHwpUYAcwNW
/8TxtT6mSgrl++Q6RF8aKmHsHtvMaglW3nwzNuLRAKBFpqWH5luFxq+otWeBs3ej
Gillmor, et al. Expires 5 December 2024 [Page 152]
Internet-Draft Cryptographic MIME Header Protection June 2024
JZij1/2OxKjxSclHl7qO6BIpYxeaUrSkTQV55T/nyknFGXRTyHb6JnTwxhvyfk5d
hiG8OIv3ZUYLG7WWfJqlWkZ5qd5o32YSVzn3py8zpzkL+hZnSVC5eIf4epy+XNTH
Ha9yRB24eXxIzqfvxL4JFoxJ8tYr3NlGHXRrnhfzdQtc/UgvVe0OeJCwnGhWQ5u3
gH4alwo+LbDoFp8O4rSu9qzcjleLsgFJunh+BWISfJygnalMOcI3nOXBPHw/GFUp
8pc78sr3QloaNI0dGXSIAbrP4UZSE0Oepf35vYarmdWPWxlA1OnC9U/aDOBy/ugt
Km7nuahmY6DZbC1WLYbKbpEOyRoqACJ4bYABD+mHOaRBE7MDYURivpLNjIeU4kAQ
lpLY61cH+PSr23AoZznDTVnBgGagbp9X/i+MUOtbtRerfMwN+aDLUvaOj3aqkZrd
vTRTuqVr6W8FZrmhFhLRrzSlI5dil3GVXyZ+WqCk51HWwkmZwwuzUwXeC8fkAchj
S8B+X7A4r+3XRsu6sQkIeWdfkTiaRJ7BD/MnEut1eOc+ORoivz81pe0XdqtyIGHw
xSIXpzRXEqAeY4GfuGr0/KKI9gI6/GQ9y2mYTMyi3IZx1aYw/AaJT83YtY+clWBb
QDZrSwoH6g12hy+5hjbxFu4G6XUES8/RwG5uUdERJWGFRqkEX2MKmsGWurKSBRaD
0g6twH/mVTc/O5WUok6n7xUrJDO6WKr7O8cNqYuQhkadhLboZWstP7UuG44d1NDC
ufMX0Snh4NDpPpD8NzgXTsvQkm8JTej02XMKnEfIs7FdzGkc4AJAiuevsGTCYLjh
x13Ym/PrmFwE05zdeOPxmG04S+ZzhTgV7w7XcmdMi4xei229i0gEqtbuGICrNUaU
YbL8DFVTWTLW3wS39ZCD28kpibv36Kc/IxskFKfQCQzn/Hqit0hH92vexEhC4GAd
atZCmnv6sfp5kLw6zm09WjLxFAtWudT23EGU0hU3vrnHKnMBs4w4T90h1WBPwR+g
JdCAcaUNSElY4fg3uTowrJGtOg2wCVoy0vbVphR3P4GLEJ9SjoL/bWLx1J4zDLq6
24VvfF9TYKOTSgl0GVIIqwtFA9/gwV/I3iaG6dWa27WxTlJeg6yAzROkRHb6po+7
IQS9I6EGIi381OiHP9D7KMEqtqoX2wwrH70QeA3B/xf90wLlX+Yr6I9iB7V4Uccb
0IniSo5TYfz87DUsauGq7PiPDz7maMMQGXKTSWhaSr+JBxzstEsUGZ9qC/BZ1LFS
titWQNI2nPlQVWmNyfZc/eXzB3b54EBaqYYEqalscpJYUA/J/tXWJjdQPHvMDTLw
fxRUSKTbGEwmNCDhFiPCl5WMSZ6v8e4cs0WxSaN838NnUO19a+KYAPICcTSKpzqT
NnC6A8hwHB8tDCXoSvnciPO8AGB1Yfj8cv5h7eJeDzLfPYIkyy62pwOoxDxkzd6/
AZpvP0qRnQokLMq9+faeGYtZtKk+hsaVfRQl+xuKr9bV2DdP1GDHzM5Ivw/ym2jy
JMOebXRt+qGSgX9NsD3NXfQRaLrZMK6cduq4JMfSTxPHap0tRKP/kCLm7KqA+Cqf
Iz4nWNuj8cKMrbmV9LKUxscd80eNr+WPHJ8vm0i19BmnFPyHne35oq/yAb6xq0vd
n6B5jMrKl3CNWLRfgnoOMppxHmFRAYOQvNQ/XUfMw0+P7cTL3h/qBkISh2qRjXCj
+wyZ8E0MOxH2PPsJA+QWNQhETcentaf1rqWReqe5pSzsUFOm91w5/MVdkyOSy7qS
USPw6wmNHccv0v/cbRexBurfR3AELLKRBIrHl+tt7gYJfxlkmQBaZkSO/dvAppJe
+GUX0zCIawhYkb4RBr9KVFR0CyYxl9GoOMyCsDYawiOxBmEkeqGqqHvCajznmlXN
HK3TjIqBBZ6eDyCcie0BrVT6Tj+QawZGFrj4kvqhF4CtEemUEkAESIMzHhNuw5Ru
u9iL8ceL776IJGQt6Vry4spuw92GFIh58pXENajt+k30ayVuqrQHPXwRGU8SDkD6
n9Z/lH5qTX15a4GUzR26zySORSMKlIui/+cCXV7GTLKszC4zwiEJWcUYaRREiUDL
vJL2BmA9Z/zzygyLOAQSuwmi3q1erYYvdSk9iJaUTRBH8e/LLr6Goaxilw/x2bp0
B.3.15. S/MIME Encrypted and Signed Over a Complex Message, Injected
Headers With hcp_minimal (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy with a "Legacy Display" part.
It has the following structure:
Gillmor, et al. Expires 5 December 2024 [Page 153]
Internet-Draft Cryptographic MIME Header Protection June 2024
└─╴application/pkcs7-mime [smime.p7m] 10685 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6898 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2407 bytes
├┬╴multipart/alternative 1433 bytes
│├─╴text/plain 486 bytes
│└─╴text/html 638 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0
MIIezAYJKoZIhvcNAQcDoIIevTCCHrkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEDMBmdw6OGVL+A2zroRd2nlCAfmPdggwbM/
A5C43gzgkveuqW/q0WAh8Fd9kx8eIk3t7zel8FCgEDVGD0TpypUN6JUhKNGP01Mn
tfvyNC4Oy9aoY7/OROc3fYJBlDRmtF3xppT1VcpxpQimuqGt387LkYDhaHp3mcqI
rNFRw0TeIyMhJZgUxk6sRnzA9Tx6HPmqwHiBJ4gGOdfbGy+E26fLwQlrS49zl0Sa
jQ5ZmQt+/FYMU/VeRJL59H2tHzkzIMeVW2lPWovhsxf8dzNAlWnkc37Ab3SuXszt
2VYDjFDngy5eQj2YSi7dnTmoy1enw98v6ZTqT9DSvXmjrIk3flcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPt8c1FcjlmKfWrJUJbMc1EQg
7M50y3VosQsrURjXU6FO4KStiNNPAc13MSfCebBzsFV0Q3LCfntdM9/bCJqVnevS
HOOGowoRsMVngzpsc/EB1JNVYSRZqSrqBiOqd7JnX8YA1ANXh5tX9NfLZJTMXmh/
EhXVxEtcwVIJ+skbwLbIi5B0I7UOaY5u5YfthMJFwXfxY8GUiTfqDMVD9uxJ8kPd
seTdHDhm+x0ZO5d6ZTJCR+wSUmaOtHxGzagoZWE2TrG0ZGvfYYW63yI9kGgMEYQK
f75/2Oe1m6ZrI6L1N76p8inoDtjkpRgjP9USNyNLsTS4M/VHGrUDJjKwtVDHFjCC
G54GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEO7ykAwe9iqhRcxSQtZqt22Aghtw
o7vVbBLJFU+8c1ux8WrG5HtCyx7iBhN3GDynUw1WxomH8m+NvZzafvEt/ppkaQRF
Ry4nhLsrfZ8cgK6ldI19FAiTODOaFud2eWuJ1OGNpKjJF6nzcG9kM4lqt0VsmN9p
JjLqm6RXUqVGgjA6grLWkiZdRGdCfRKi8TfmtiG3q6qt+IR+Ltq1UsA2DI30efQe
nHQQv8yGB/j6ArVS5toag7nbuFKxkI0f+LFJm280vt7HKJYXuSfYSSLyVJnWc+vE
ykGFGnDEWA92H0/I4WY4DfKBm3onoilUP6y46ElDhxl1bD/SXp71XwT76JXzQBPZ
6w5ov6bPfdho6MbdQQL0GlsvBAyj7yxOSGSlL2pBNdp2ny1+2Et+CgXY4jhc10w6
VhYgrrHSQ5ELyI5RMOwJMuiT6TeFpvmJ9GKmOrhvX3o1ewYkZ9tgf2f7ivoRWgW7
Gillmor, et al. Expires 5 December 2024 [Page 154]
Internet-Draft Cryptographic MIME Header Protection June 2024
LSDyAgLyhGwQUatz6j3HE+UmFaktGs64YwCvXbF95w6VS4fcHEsi8hdDSw+0fHX4
2uNNjQq6q/V7Wf1EGn7XvR02IddESPYmokTflX96Q+hZX+czI0J/wbWmovXI6mnx
7Gh2T4t0dCu/ZWKxqBid6Fybncktnv9wNGhBkYPuDrD8dYAx6uidyXtHG2F/WrNp
1XhOsNjjoqoyHDX2YVdgBUQR161gpM/2C33VwoafAwdeDZe0mHc5vBFigejsl1HB
N2J44gsDkhf1QQid68WqbKbFdxRQAUJ0c5G8KWMNMe19sOWNJ3//3PRErBMMvV+c
sRivX3YgRrOm8/cKylKM5jgzjSvpokOWtt1ISxGCQnpfwUbDvrggncsafuAP/trG
j7dn6cwv8qd74XpeR5bWuBcV9TCZqGu9oO5gHAaGEFOfLuVGaCJ74/og/wq/x9FF
BG4XfhSM1USUdaaIce0M69C7TwybYw7hXFEMoJubC6gPiCPQym6bwA/AimR+PQ/3
dpnrWjs7PGbQVD37WOBPnKKQfo0PVz5M1aIhyiwLLghj8kM2tOlFwfo0ntdTqygB
mZFoh/QopEKwtZQwDoB5kptCph9dcmAb5O7efQX4h9gU3YL3Jy2FzrzabKmoZrzu
pDepNor4bdJw5vUyB8tB5Q9PC1pENv9cPp+DNwLhnst3xHQOhrCYXxeoH7MCfToR
0tezHaor1KNZIJlZUyK1YxkZ7aQXoxp4V/TeIRkfpY2bOhrbPsBPTin5Czlm+3bE
klwWuEfK2dJRlDeYgs+NbZ1BxTn5JhDv5kvi1Th7hWQRDfFELb+wQ9RVRHxHeQkj
YxcBo2I3XL69wSMOIEaQfKzXo3ziBmZF4oBefjPf1jnVeTiDAEPpN8J7dA6oBk4m
CF8TYwAGuHX9ZVIC2QzC8vKnUc4FWA0yUtO15xy97l94blzaO15jxIZU1DfJlC54
uPBrt5/6bf3AC8iwj9kx+0AE3S26fGsP/XMqRhojv+NOqTkJ9Gw/OKqxDIjSW2Fn
aNzmsDsR/cenY3HugxrzQessEGK1K1l8WX3gfhzFzZt+D9enGGCc27fx8zp8lMRW
VM+tRxzAe7KnGRnbxEOzG1XrvWFFR8xBsuJnMR1LNzxvZm24ITQB/vnUp6P/oxZ/
fGfJl/NcRf5nwLx1qHPlItmdG4y/DJ2e+HDWdubWngR+hLD+ufid91Bi9XNxHygh
JGdYbkqWlgANVQ6Kw7XJqeA8oIdUUUbGaqP5rwkjQnNuuNjOlmfb7F3ldLKP5HUV
YN/bagUTm/ODdBfn2j1Xn4RkhkUM3UjHz2KW/HzlpIF8fF1dqg9H/EipMAQ3Up2b
aXm8PwRTrGkWLXUZoWVKyAsRRvUO2GapkfVBa0KFEmCzfZ6hOvJP2M8FP13kFC0q
IjCgTEBliD6J/g0+UV0/6hxhRUM0sPvCuevom/1yf30iMmD2dUdYwj4OWK+/Caw8
mKrF+c4HPMai2S39DDNuzCSve6Kni2XNXuLbyY3mm4rMKBuXG/VfixNboTOA6J7j
EwPY/UVHiPjYkFcv0yVMpEO5EPZzTq346IAjXcV/q39nLUP6ZEYgtDfNXU+TOg2o
QO/cnjNr6O9PgiZp/JPAFx3z3YKEdTOxy4sXh7LAm4YzlxA8rP4PS6j2WDABfJYB
6gJtKmcRTPSPy6u6BhjLFhoT4EH902Mz12oUgwRLPZbPuVWLZCUkkHCngnObPfun
ASqSpk/pEEq26Eb9MvL1UBDOpk6Q26BbRGVBiO7YC5Y+rcEpGiTmM309fh7WVFkm
9KyxJgYCtAux+rdo73fzPH1FdN5nNQo2fTiBC1TNNW3fH540PIRrjLOY9l0M0HUS
WpqYwOcuTr46sEmG5vy+rQWinEM+zbLSrUMKq6NFrFBmFdsKulIus5RNwcJXw7Pa
gwJWLpQMHLA3Q68RNx262n3xTwFAlJC8m+cYsHI4U5qs7Qp+UOMu3PaGA16D6IKA
5LDLqYb8TnC3ZWQib7Hcd/eY2YZiqUoUyOSjPkuyKoEnfgDlw5nVQPka/aLgLh0P
QWEKpDq8aZDoYArRq6F0WxF5kTcUG8tOHi7m6yEmf2wc+e/nwOy5eFkpB+d+xYRO
bpelvs9J/OeHCxjBrMLo5BDqy6k+w76S7lPvkA1uPHdKAPC3vfuQNXXa2FmEAptl
5grI6vf4U72YfdXhGgCuOx/Cb+6gEU+yvmeQqtPrWnQ8L9DpwjzWsU5XwGMB/Rok
REj8/32AAJs0NcNQ9uACDp4sDqFgZOI+YsvFDZYbVCm9zOfS+AGzcWSaC/tSloqu
ecECIQYKXeH8xSJK7KWb1dzZFUV8/Ed5lsWKYPvKv9RP1Sn2qXRj55Tve5Dekoei
/HNOB17zfV6C502u+NyNfVvEDRm8ozXkJjhyLMG4v0Icz5lUJWtOzu1blb0crrWv
RuYRdylQhQyZ3W1ClvmEr8IrlKmcO/+haGhG5JWjwpZgT0MmJPaso9rSkaCYg4ns
KpFEgjTxzoCslb5hYSKAnOMKxQeg9QBez2WoAth3xk073kSd+Mo6IhXLKnNuiz/i
VPWOjrP1F0h9vuVSqapTTbNR3JGOwMO+ofT2D10q8WKupYpGH98iPEU9/Lq6Q4F8
tq2OmfLAMCnG32F56pyp/7uhj3NmX13WNsrOiA394ipKGyulPfHLyUc/RQ6aZ+N8
XfoXNkVOVcMrGQLolX/Yfgj1yc3gIGLhXtZL3Cx6JtvGcfjUxcaYKERTrvQOStEl
6YuMXf5Gjzfij7RL+tDUK8sLCp6g97vBw8rjhqsjtqPlHuaPeLWgxXtuypOKzvdF
sR6XKDf9ZtL9Y4qPjifoWvH7F9OAsDpOObLOawleQGPtM4f/k/45H6no6BZ1DQnr
fHTHKXOFEwF+1JB4kGlcMg7fmGeduPc4McSTlvOu0Sln59MTGvsWhbOhejlsS47s
SWpqDwWWGAkcdAZUQLLf3zTa5k897l4wlvfd4gvrhiXMCSFuxi1yEpYzxu2fMzmw
EK+M/h+DOXVG0JtKzprTUF9DbDGlgKEJIVohzuH2eJHJSAhjZuyys3DysvqZ0UP8
Gillmor, et al. Expires 5 December 2024 [Page 155]
Internet-Draft Cryptographic MIME Header Protection June 2024
DNs+5SZJbaUToQUHv2OoFaDZQC/ZnW4ht9V48FydKt/if/0qtkeEJ8Z6OaQr1x0G
+PvMDBcZk0epR6KLS0E3yFtkfmL7GzT8GO0HYjBZ1//qohui0ibnPZGiedOh0mMz
3w3lJtc+q8kedEiwCaqHFkPxidJT4lbpcZsmgxCsauNmnlTMXQdIgNhOp2IgwvqZ
AABRzhiZuA8eCHTuuHA+KSC1ugtwggKEiy/G5azZVNvF5OdxUx7uDP4vHikgEya9
jiShbbX+GA/aAKTMTPNSQxpwePhhuLbRgSaZ7MGFRQnbQH2kOn8mha/W5jiLPj/U
5xNW+Z2Gk/YGDDtF38013NAcPJALeqcsLmWrX1xE2rBI6lEkwfGbc86kg64ut/Vf
d74ffLaascoNMpYBLHBXuubY4+1b4bgAJXAbNf0lbf4W96haSQDmJoS2CU2/ZnSr
Vgv/yV84rLApBzxGP5IrrwuX5sznzuiRYCRBrU9IviXsx/S/ye6yL1EpM0aXZmw1
yAEIwsgT0X5mHWKTRVvzgKbeJ28oh6AvcsYmPiz0JfbbwHrhgDr0S/Mh+EoV9OSD
ILJOy2Pie+/pTO4MexSQdnd+1IPLg+sd1tar6reWU14pq60UJyEj5s9vWSNnPWhP
9U3dVYGWwyDcb53NRoqTvkPjk5ZG7Tf/qbjyUfepTQYMQFXUYa3zUXJoQXbl6now
Bwfns+YYZE0hzaIKyj9nnhjMD6IyWZX67DgzDSGwSEodT6sLZUUR4/RoJSBt2SQd
1qatHZBslgh0t9V+0ocM7i7QFaGTn5aTP0N71b87ifm8iTj8V1KyZl1q3wGtW2j7
xeq5BXg7R4Us+o2O5j9JCbB7WaLSguxGDa/syzUrXjawFh6tyih+zovmlejofB6b
8AeeFMwQS0Z6Slma4o/ZEUnYYwFofXIultFIyuxl0w/kiANk3iRxNVjZf0ZlsCqD
VtES9zj8TjPf2nIJ7O0tvxw2c4UQSyMVW/l83EntBuSvQv9Bjpi8xqwSzcb2Cpy8
IOUxWvbHgYy/F9rWdAsglONqFjDspb4CQkjzVj/YH9xHkx7KyRhucKi0MHJeRGqJ
BZVsEdLo+h0YgfMtvcJbqbuBtF6IGOHRktuHhqTvc9kPSf7LYZftAFueqhw/mLpg
ZSDJrF3kgd1cEMbQMNRucxFPE3mu2oGq3X11qJKf3FYAZFrMXAoZRHr4EKF0H96u
5bNOK8vFY1KwXyCzPxteG2bhDm+ufLXFsJJ0Cp1Yos/CbcTrawoWQEfoCXcQ0At4
qPG/n62SnIO72uuwwk1LpG+TX/bfghdUsSkfrHja7NXMXwkzUj2FcrvGrDcUwIyZ
5PxrQgmBrAdZ5SjEslIUOJRtJ3kdGIvggg/tU+h+Vu8a6r3AeD/y/47ovSMkEv77
NyAVqcaeLiMHab/kHDzYheIcMW+3bZuzYWJ4PHRIob6M4fgHlow1EyiPcAs2nANv
C5evDdAkvRMOamLnezJUblbQ5zgRwgQ6nFbtiNiPworrASoJorvClXVQPQueXz11
IvmlHSYLJRUGj9E+Cyvix1/JADGBUG36BizNrT8tWTMv9lpaFk7B3V8LXSk3oSxa
TEXQ5/ZPFguWkT/FzLHE4Sy/3BHu7Rt3SGai+FXHqlrHKYUlyDUZhNcxFa8tAIGQ
VwRYog0roWvO2rIoTEnTvE0kVcIIAq6T++WMkHMqgvLhN0lO6f5n3gtaLKbmB0Fx
/LDiI1l6dRU+Xq7FgSL6x/9+5TEk12bYCyzoLcntW9vq5T2La6Cx1B3KHYBLeMUV
RiS+rmR332j1dkUSMLWh2xXfxcM97m96+Synrdxxkbow7jIROA8nBFCl7e84odIS
mamXnqQRAfHtpZ39CdEGqa/FL6jOYdTl6VR+5brvJYqOjkZOGuxhI9XSufLzRPGi
vsVPJYj256WOB6m/cl6kVuF0mbn+Zn9BxBW9QXhhhqPqTiycdaybf4qabAf09Wg5
+ci6xPBw9NdEfwupvNvM5ACTLcxAjiGDBOpvaWVhERF4Dek5N9Oc71h2xLoMYHCN
V7T6lFxaoEJfx7u3/lkUlwZjRIibo6O9cohzPfrN8qy7zDL/yyojpgIcmSf2NT3+
2Kj40ox6/eUkIMDDz3Nia1ZSsBFRsuj5+pWMMiqW66NEHaB44hV7Ka61t52fFpQi
rNWpJ+Mnp/OnQg5aTvS8YFxF++TEObItooMnuvaIfja35BX/Q3/mIqUMP6VUZtjJ
82eULjSg5OBgQn7VV4VCTS7eecwDpyaiYx5QKY9U336bV6OYwr55mGu5y0/AHDxC
PuVhWKoIfmHHmnPB4HrIv3yXChOha0WRMRE7GTFSF8eufsjwQ1KJpLv4qmlMGoZh
GhncXahnphfMK8TGQ0x8/iL0Lb++MpdxuRDhS9rxs1KN5J/hsH9TPrh4ORY+1bv6
1MKAMXp/93pBXOg7npIptdY7USSNlhvPu77rq/M6/9W6wFyJWV5IwOgnYlJl5Con
o10LMhqhkkXLnYWMDEm41oOSjCGdXepXkVJIPa9BP4g6N26mEeqIfWtxim119saw
epk9WJ/Rehzj69i/SRjrXgWbW0hFCn6gamgJkxxzVVKI2Ysb8xrV1Ucsusu6lO+V
zqgzKJvgzBZZ7xulBFo2AqruIvWtey5rKq/g4dV+0ZNzporBU16dVh2KaMFL2kpV
GLvZe269D2Hw7L+mfJVzreCMYsmGJC2YDBsIafwm4S4kmP49LVFPEFEpUezBhokN
gQUqskZqKjXt4bpVP1rnYc64DjLoZ9qZj5/Mkus5NN31Dt7qqJeCSjtPqU1MHEGF
J3hN8bPeqUBkCZBlAyvLeQNU5sbJhWfKQqm6b1MUgS3NLVamhaGpyS/8IB9QVoOL
v5uzJb8lSC02cFZRiffKYN5YOQ3qtA7C47itnkmi0ttuXW0lkHxCJncqMFb1RIF+
BD81KRTyQruIK6/lywI1GhMN7pIFYcjhL0yVoHIgV2PXrSpmfGkaxge33MOFuBLJ
IpNp+cphBuPZt4u574tlQIuJ8gfsEvULaEs2QI4qzTLz2HkeLY1MNXbKkRMqMqe3
Gillmor, et al. Expires 5 December 2024 [Page 156]
Internet-Draft Cryptographic MIME Header Protection June 2024
0P632pL6CxhPpvfzIDlsQkt86G0fmWMx8HSkbZHKUQlKmyUimazMqAHB1+NDbrj/
mAIISY2AuwPKbajhmW8Gd5dbunNdFRhOq8OztpZD8iTgnf/y/K8rgtPdFNIv9Wsr
3Jb5zXHpA+EfQGkbIyGDP4QhBklIxRoA2P4qNbRhkX5MfR5kNP5Ku/qLTW8pPjgK
K9unbh3KpBpZo16yC2QSBosxGr0uNczuJQtyihECr/oKoelYf/gD2rr+WRh+ok0c
4urSo9BbEi41cAioHJVf/RNnBJbcfIg5ZrquqN7IXaRvu8l3wpVM1b6KbkE1Trty
k2aXPGWFvc+oUmHK94E//jsuwyvATniir00MLCrmEhMcDcch6lIFvK4QB0cSKZ8U
CvN0ond7LSz5KmgCifS1jQIOBlaMYTb1H4LJITuyNNCevdloRQHmlvJe2fa6hXE4
m2A/tRt/xFPCpkl+9vbL122FbAKcN5AO/2r5F9NYvRgpFFqxQW1w0YAfXbsz1zmr
VYP0yifko67HZM9chCv4L0XftWnKZPd899YJjP50nBLiDmG6iLsa335bZiIX6UU0
FVp7Z22sFF4t4s+RcYjS0XWFYc2WiNa7NFMVTCIGbT5ywbWFpUtKXUn535TUMlLQ
SelmFvShjXHi06XDmMwCo4c8zpKujxcrTkV6IRyWLTjE60IKFEKkafjKGjv4HSXF
I21eCOjdAJ0Jz/owBNuUDllTyVyis9KJ7F2ytyKW9wuU1AzEbnBNA8xM9UzvpzZk
zcFMcKrJI6vlO5CO/jI33e6bd+L6lxt9iXewqkjwPBzYdOf85kR36Ko3/xebad1F
iVEIdPICU+C50/ETEeJpDLWIDcuWp2eLKCZHPZc7ehcr3ayCsfSsS8L93WMCGxKA
jd1EodqzBnRz2C+no82UiAjEG2YpMomNA0iLoYElwmbVKlPjlSuPboHCqewk8eWG
PGmI/Z0l9RVX1Y5A2O5ivAmSiL4hU3HxboaV3xftyQy3j3wcYpILWlE3rTHpMBil
10uKBrjmZ2Xibchn1FPHe9krK/H81Wfg43dstRheSJrUR0LPOzBOHbWBzQsWnkwB
/W7EJ4ImTJYBvB9uexoAyFzFR+qxa6DKvmBJALfACokpGVGVwbrZ6Z86BpD9Tq3V
vGtddO/JXy8O2N0WVgEMNrRWBqtCkrpeQZFl0rMj4IYPf3Frm8t/CqrqPNX8RgGC
fIc1sgVjgUmFmfkWgInSHz9ELh1jHWOlBl+h5AlzxIM3+vocF9ZpskDt+oMCF9JU
3kfZkU/GeruAFDo/QqEmDtHKDNrFbTnzri462vJzomQIwbGZhFc2rL6f89EGnYm5
0VaFXStZJ86sAYgnWvIakYIH+watZn98SI1wVx7Z0TZ6OIEYQs4zRTI3MWvJKuNI
pobSMoGuLE658oTkt+HLdYhQ23x2Yetd0tvByCjccW1jdFt+D9691cTHM/ifQImQ
tPyErocF8LV+02JfCc5SQONt1IynW4bCfVm32H24X7xyosFhExL6woTEa13emsgk
eXQMFoPZAydX8tGdG+iBdhXs0khEtAedHVOO6G2YS+U73DYxayGQ+NXE1UY8u3VY
Jl4f9pxoLMtO4Z7AcbX+LX64InvotUVdrnCpynhIUEwu/Nhisxt/FwCGihVoU327
yTspv85/k5BziMSRI0aUgI8My5/0M7ydp9zhcPoAE3RyotXA28Il3MBTdxVCH0iW
6xeZ2S11AdBPd1iDHxZ+MWF1FMKnr676fFRGaIZL0ewlqU099hoVgoveE1mXQ96X
x7KwWtxszsBWX7n4vy5KhR7JtorgNPn+aiUgRIcHimhFzjurwDymz6GHTK567pKv
zuBPRoMIc2j/L750hG65G7YU0mBq1uUjrgxU+6MJzrYboqQ/MvMmYy5Dp6RlQf42
To8keFZ9PWVObIA8DWKLBMOqpsQIffleFilbY/tdmBQMaiQDigmNtohYtFSl3HW/
/lnm3pTVvJzf6sn0KOmNPtmlbWQxgzgVZGJwCc5aHXc4RR8pRKtgb3uDwGG44cd/
Bxm7mPmYmQwPRbGdJfcPV1WzF3HCsi8GdVPrNUPt/WEYCU5D73iUimi3Lt0oCybn
7oaDZxew9/AkWtq/TVDvG6C2oiBzckkoo4fxJJBEdv4Qhogw5gsqqIxdixut7xzI
24/Ug/MuC56x1XEoE+CGSZIeRnP9UJ+9udtDwwMFcYXuL2ZWAWSpfVz7j2b62zIV
jy42Tamz0YdncyR9y3e17LO0ntu/ATegVjZqefGa9/ULtyDaVkFj1Zn6G+FsSVLF
7YTjVwKR4MT+Qc7MSozl0MCRo+v3BcTkLydII0sRuIrYNhJqliFeYBJOkq2gxiGG
HqO92XcpZmG8IJt95uOyfO2QqtrfquEdKZ7uc9apGpauLwucLsDhTxZlm5UGg8LH
RWEYF5DQhFC12iUkjw4bn8ice2ASDCwXeajBYD9HXaPghRePVOkglx6qSrrJEnm0
JhoM+r3QGtA/0eZ1WBYg+9Zus2ThLbHBNwXxN3kcDHzLX9PVPikw9LWVNUXA/aZZ
loIVzEP3b7vQdG9DrD2Rm898QXa1Cr3C0ImzSucPWjKRf4+Qo8AVgiK9uA1lzAUG
GMV0+JL6pxHIi14YLVNHk2jGA1zUYF570Mtxfcnxf91H1zAj5JmZPzX7eQQWDsgl
ndDc8AyQFVniyWQs29gosjcJmzhvc+HyjJbm8FRcvfkfnoZBHNLEtWYJydbw8TVt
8rTrETA4hRZbhyCSKaV6Ng==
Gillmor, et al. Expires 5 December 2024 [Page 157]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.3.16. S/MIME Encrypted and Signed Over a Complex Message, Wrapped
Message With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_strong Header
Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10055 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6424 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 2124 bytes
└┬╴multipart/mixed 2014 bytes
├┬╴multipart/alternative 1130 bytes
│├─╴text/plain 374 bytes
│└─╴text/html 472 bytes
└─╴image/png inline 232 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500
MIIc/AYJKoZIhvcNAQcDoIIc7TCCHOkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACEQmq2Wf/JCpCfYIpu9zxr2mACNkvhVOSGT
W60vMUZmX7J4hejYaElBBDO7KThcWfzOq/SIgKAB4SNDWl0Ihwg2ZuwKIZ2XsdDH
nfw7ibl1Pv1dRMabf8LRdA/hHKA06qCW0W+EWZZkxAH48dtuH0kKRtncaTi2KAhD
cCgNWChoR9yO8RcmSSnfSBeYQhyLALIgKLeHDcveO0iMj35Vsw2Smy+/VmOpSf5j
WpWmpLrouJ5MMxXucrmV6D7ZXknm3AAd3jXFi+yVM1/wX+tE04SMb4mUa2OqkaQw
M3aQyOPwlH+Xdlz52f2yaL5cWOQtfLHb0A7zvzwqpz4w4DIun6UwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHXVIdCn/x/SbTAbxKpkKmJOM
GKaalriGj/ynGb7HLvOEpkkKrMZQQs1Dbzs1Jz5cZfnLXpLq2iNiyXuI0Qf9iPlP
tO54Z6DAnk704PZ/n7nkHMoqtiwC6cnBhnNHhjVA6gKVXW5jlttUi6Az0wLbDXi8
ob6H3HuJwgGsp5taVUroD5kIOJ449PjqiUk5+m8QzTBscWa13ADs2n2ELqcxA1WK
Gillmor, et al. Expires 5 December 2024 [Page 158]
Internet-Draft Cryptographic MIME Header Protection June 2024
MxgmVM3rQ5hliG2l25UswdnsHQeQab3ihPnQN6Pixd3stJGk/vGdvjD7mmrG+tr2
T7f4idbTfmLEOsYaXwawKE+0EFUmTRd+A0Cv4+ZP89Ggv337VIRifM5SDF7f4zCC
Gc4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEO9V2DUQaODV/RY4Tp8YM4eAghmg
W5Q9nePrOzVQ7/rtI6sZ8QKv0akLnlH+wMl33PtTd+OdjqM1iPlXPd6Q+gDTOYO2
9WKo+fTd5i5VXfVREyXzDfEDneD4Z9NH16ElKp+ndKTY8aphijAriHniz2WUPhfK
V+OwOX6g3TAXRzMA/nkJoQQNqDsgfRfXV8t29UEo98mo80MAB8D9nDb4l+wnonTP
48hhJfXreKZpSBYaaPvnqUhLzaStHeqoviIT9GBOcOBcHodlZe203LYVqGcwGtTM
HzhItBuPatSACeYj/W6GxkHv4LZHL/2xvaqvaaA1JZ5xkoPKM3uKJ01UrOYagT41
0oRsjYRYKPwif89Qg1m2SKAuv6H9vl+N/1u6eVy7EfzzdILLZb7N02EWBfDlhlSE
X8DZ5e7HHMPaRok+YTUeV8ysm0i62x/Z65dtSPWhAO7f408zokJfF8KSMJVmS+ql
WzVuTXQcidhRsZb0BQkjrtsMvaBwt+3io3mXcd1KrTkk3Cb++UffHljUeYVlrYoo
s/taRkooX+21HP3OpyIFL2oj+dNCsL2NOPokrnGqnKE1xduni3pmU92Gj1p5cGtv
X49OdSQ/guDw9Zn0TrkADTXDUMgL1fXa+qtC8nn0n/pDTFf3SCAjckWm9RWeryMC
jmjbj45ivINl+BzzlCYtpW/WpDJwXU0qbi6/Q0fMgTVYuMCj6uLh1zi8yB43ofGq
m8RiwGggEmRmxhq845KuhodM3jYpB1TbNdtl5swkdsx7EpcoPsDDqSawVXscSvwZ
k3EUb3fYdernGnzO4MZYHEoL4L62quYK+SG3Fg36qWzkF/S+C4FiATBa+7r5zlRE
ZeJkIC1H6OCwB/z9ApQ/7yAbw5B64Z+f82DN6JsI22pBIBqLVQL4Ogx6aI3uRAU+
+vytwvuJkQbt1y9NJ40c1urSxQogFFE0CSjlIpd/cRkQ1ogvsfPrxEmnMb8SyDC5
ONzO1TkIs6yiHmRa14Skfc+vFXubGlUDm9jaejRc2+Qb0pKAiTeUcRbMYp8gRBDN
O8mPhbUHPdAniLXoO4AHxIF5+bZ7IxgJ2yaH5KosNUMMVxUiGKyjLSEDB0+XGIAu
Fo7FDZ3mmX6Tny+9oEWmu86O4pD+sWD4mXKirgzbUdV0j/0BAQeFAzkFQ0xxgjQg
xatCqoMCNB6/bhd3oE3SJP/wT60rWeYCadSqm7gFe6loGWmzV34cngDMCHfQGBt1
7KZ0FKEePzNDbku9OSJ4UVfne4MPHRCyHqSdzfXy+tmEL77spTPCpUPkYNy5m2lu
jK8XQbMsxo2MwxpdGB3GIOI+oiVbwtO2o68vf4AM4gMjU4kfGD4+fgFlbMDwHji0
9Y27sH/IxkwaD7a5YlHkJuQa3AdwCeaw4BarNQ0bW7jZJRruTa8MyXQz6A5O/mmJ
+o/8RC4E9toX397PkrcazgOehrdFJhY+uZ0EvKodPqTeqYObtKnYxdK5jhcFpImM
fn5yAVb5h/yWIZAiDXUiHuQJaPk7sxlvwWG619CngJCpQVBDIY+pOXJcIrFzir7n
69QrjcYEn/y2cZMv7XJw2EsBHAoNcYo9YAYKp1NjRQAnQCDCmTFWnzg1Txlj2hrG
K+AQaRHkb/jCgJQrJJNcDoM+6KamzpjftgeIBb4B/oEAdeAAEbqeB2iv/OhAhz7c
KuZd8JJpRrnWqGHMP8msGDYSsJJrLLkb+VNlFWGyNsnhWhKAT5Qm+wyQig/Mz9LP
x6Ar+RZVqhRRWSy5TBnwfzSRW5GeTP6hX0NvDZJLZ1jzLc7UuMqZCQLlBSlWh/SZ
QWRo2RejRbCfgDvSFqjALh1JSEc9tulhtcxyeY1zwOomUWwDbQzrm0VmpSB8ljGc
p4QS7EnSaoCJaHji7l29natKbLroGXFGK++EktkApmYQPusYlUlNxfl8Cu2o3YaX
b0e28AwAaYmK6u1z9dDvy0V0gfvss2ksgwTETJ1FNejZlNdrX1LLCJiXusl6a0te
RD/M+yQkDeMx2Ol0xPgEdBqr4808/1u6b4UJFHbae30J4nnuF/Vw7N+usG2mxDIs
+HQ1ty6EFCq45aHRSxFNJNlYwXo3z4asEyZEhhk0J9Z5xEIH+43hCKEazHce/eIj
5ssEOXyAJ0wVZ0BPTxYnHi7ymkqjiGanMx6tsXUs5n5tD/LiFcEOqxe7YvmMzrrS
aIyBGVZeEP2bJlBymrupiEG2F5YSJ9btTNw3aHZIO89SMi+7YNvEKQYIltPLESIR
aspNegu1VH3FyYWR35iH29fzD2IRO+GyPo9wR3xMQkB36Q8cxo6SFPHPqXq0v2t5
y/Brz9vsUM4bV+Ry/8qFG0jrFAAW08LzJ0Sv2mz7LbmJRJ9OT5rfsCZhACLQcOaq
Szr4pZ7OHHB60YFx2sbqXryV30gtniPU7fDTKxk2s7f56MvopkVxr5odARt/XOL8
DQ1z/ZMYzVaXC/5OA5k5h7c2UtJhTPbqjJiL8TZpSFFyolOEFasAZnCT26bhvd2R
OqrnrtI8jkioJ+BMPwxNRRUqFeoylLpLku4Rqqluw+OEIpg6B3RWs4PAv9stGfeo
wBkuHWfvT+gW6C9O2lkDWN4D9CDmAkoMtalok5jAlxnzWqhLTnp5xPPR04ZF1rYQ
FDdqQYyFXjA//gShEIIiYYUQEGBcQ6R/heb1sAUBZWgrqnqGKcDR0/Oe2y1BSdqI
ezZF910mJYRR+iDV0lCXpmDVMjbEg4Vt8bVnwvoaWD+SpMJJ5QrgmjY5O63UAcza
6icy1IZJftdHBm1uGmiCamn0vb+wxzxv2Trxbas0vh41HS30yyREp6yV1HhxC+5U
UN3vZ1CKHGacwEp9VbtwJjmFY8NEJc47BhY45MQZs25lpYzyd5dJTdYTSFIQfySy
Gillmor, et al. Expires 5 December 2024 [Page 159]
Internet-Draft Cryptographic MIME Header Protection June 2024
2IWdzFMrPx1iYm4YHXAphDesmuX+V09JtwBpObWtveFUgbgalELho1MDmIDHLfQh
EatSz3I+INNdIb+IdaB/7hqwCTvAFSvVAhatnkYp2l3a3hKNr8DDfX4mE55oNRWJ
dJG78G33WJC1T5+CyWjfOq0bjIqpw7i00tvt+BjAiUXTQWyWO4hP6dg/I87+ClNu
uO7a7ZxgWR47Z2B4FfHPHBG6JZ3EirBiSMc5XAvcDm9pLCggekAbbqSLxD57RorY
KXavybJnvSaSb7fFT0KGDvRDNLdasFiG5qhbiTKUAVIqcKIocwnoxTa6LkG8SFEk
5km6EGLTxKaKP3psl1JgvblzqT5ukibJSbUhTmCypejuw3UJ7E/OHLWijzf+D+1P
EBE5dumSWYx1BIxc72yOymbtPKfplLdy9C22gz44lGiy4Nroc+c470lapUdU6eXG
a4H6G9C0D277d1i3LexRucGpcru3Z8ZZnmVyyOlqR0MvyBl1nhKU3FMeI7X8bR59
P6YBss+7T/K8XsLYFgI53v5+s5ngC+z+IjKJHzRJIOBc5uRmcvUSYniEHxmo5KwB
v7d0mVdk7FZszeaQEknYlpYcTUQV6Q+KEEgPx5YeYpvOcuttyblCjt89ruQoqxHj
kkav9+s2O+16CBVrzujfYDzBjgL2G8bJRC7LFiy7llWt5MTnPoQv8EC2nGWeRSsi
dC7hiiud6Ta3OPyscz2k4ywsxU430Lcqk/ef8LHdnWQdjki4LVHIuvfc30G6Nh1t
8nKV1DY3ClQHGISlQ0su00nlfG8dkwKcHeRm78VGtbIzn4AepNXCNwZD9Me+AaXB
VIRyh/GuR8PtmRKKDvkVp+oD7nySVJIfNLoDVjYrg+tjAJJUBKtP0FCo0G+GUKg+
yurHW7KocsPur+Ke1huNg7/GiGNdOQ72Rvf1VoOJGlEW9rXFTbvF0ApR/KGIe8EA
nouvkS/+LiNzSuaDiwTgFXWJ7iOjr2AoVJ/QoUw8vLZz5MSS4DA/h1kaK8t8FRFh
SqBCHJ6NxwCWvlQcsMsxKXA4WWHDEgN+eHBIkxTnFG3B7fApgEwyBIKIUsSapdzZ
JoEY1uJfMFwPOiXnU5J6wL4AthaL0AND+yhxlKOGpfEQqsW//D0iNBq53C+JmhjI
Vd3jsY7i8uwxqo3w3LGXJoRo7ikLKrBndJhkZY5OParDtjD6g8UjXxSAtmTf6FpJ
5KDEMkDNXZQ+u+fE1GmJvYnBXPbB3GQyWy4FtCYiI5nKrO8DSh32ntMYm7ei9Ip4
ftol2XDf1Q6qfg8xBbCX8aBagmbVd+qIFLSWoAYWqn71TVVGNGJInjuojULKgptI
NdvH5Qj5jPentXEuXhhqCeUFX3INTNY+/eYDsvh2cItMHBHS4PSXI+W0kmdlJiHa
01P8VX2hGYDI+689JKKw00xt2AQgop7QUje8wVwoWbAdJdFyjtZ5y7F2hOfQ0RMY
xqYT6wPGeJDbkKZH2kTAVWbvcr8NXbY+3REh/5dxR+d4AAe1izOZKNi7Gi4KPi3D
9JeF1VisX/Ue4zXnQIhkOWxiTUHBmlYWN02iyJ0OcARjC5umyxyuaROcT6+hOfHx
BJ71icfzUytKoNZF8tmQ6Yal/iV0aowQSMTYvOeCM/q+sE60D7DndI05FRNxmj8v
DxN1cgs2gu04XyDikXCGky0wNj8n35yH74Jj391bq69OlyTsLueReaKiZSNl738n
skBz0UcOWjSBV+NPS81AZKRMg99K5/E/nNlG7/+YHdruc6CZ+Q9o3f7MYLB9qCEL
M7Hrznbv8cV9pbQDoGUaHA+cGA/7GRCArmwqJXyHD5Cj5JmMC2ju1hviwdnWHHQE
d71H+BKMsRcPcnJ/1iTPusjwBKHnTBMpkgncRDHddH172+tOV+BwJifMx+o7nySF
JDRKZLnogn8HUloKeRbVJ5GUUxB5WVgRwWUyApa7wZLj4/VGGJX+ao37rHwz11WW
UDJcLQHE7UnqXshkveWuS15FQMQGM5KlZFVXZgCZz5xwjgp7XesF+/xarTCYh/Z0
5S16rT1XydiaHK3iQtStrLmimWI77ZJYPjksQtDepOejIu71rFyWSFUqHBa14gkZ
yVbtg92EBjyzdIsukOBDlx8FPcRYV/rozOo5f5nMkwXWycz554WFznBzaX5zhGcg
w8ku7IyxRi4I7L1bfHsN3s9jKjiQpJevwnlHRADFMqMPMTmZOm+KN01/M6ta2M/7
1CnNWfyEAjXMyRLsDaDXTreNYnWYM/MjYYwy6eYZw+cQq9SWcDHJWQDT2EL1Ug51
SATJYccwkFD6rc0A5Rpi2dgGOtRIQbY3gee2/fsxUmv9dIVk2yqD0JDOzbTlvs7R
8IKdpvu3zTglaKkw5hTKMQRAMW9CUf3kTNJnX9M/5FZsWYLiHPYjlCpb/Gg7lXKL
Cx028LW6ochktvFT35zRKvMLdf5yRRIKj2EyOyuUFyzbefCB6DEuNCtRMI3DwX+t
ePW0j+JLPGJeXsVhwF2teh8ECdybvjBd/RWxVIDVm1jJS91KU7g2S1cM4n0eNotE
6BJ7MlwDtLnFObILu/ul9xWFn44l5fl8fQ7VRjqgaTbFevvZuXtW6ApAc0eXhJcV
Qg6LdlJYt8DAWun5lbg09uRLtoKeTr313EI694Dpi1ZzFIcrxIM5hu49dBrqcUL1
hx4InLXIvFXP3RdWODdV1WXqqv/g5TOT1UxQ3N3gLE7Wqrrg3Y9qunqulBvLSe70
Ym4US0U/UsDWfaK52mLT0X8UTV+7BuExuPep2b8Wb3049Y7FWxgEL5lbPJW14Mri
TGRoHmRi4tKRUoJYAner6+RFFT3LKiqaRKWMaJJRxfp5VURqeqKrj4osqwGzO3EG
6abugYMzHxAs/kythGLpD1OOZbQ4WViP7crdAHpupjEWf0KHVLIKpLWSn6VnbmK+
Y8ev9TsqWjYXAdAGUfC+t4n08757u/yXNo/hqsAItF06gmFtzYXEqSGj5HdFEbBM
KXTTO5TME1YSxUbRhrWCOfvDCKGyD0NBL6BqXDGGa8fmev5c8+PE71eitUUK4nGn
Gillmor, et al. Expires 5 December 2024 [Page 160]
Internet-Draft Cryptographic MIME Header Protection June 2024
+acbZsSkW9kSt9rhAdu4IcLoSorDg+YAf+QaGm/krzU2ggSkrY2BYakzLdOgehoH
V/5oFboiBZdZ3s/GeunNcabvHC7+mCm344dHDa6gUNVTM5/TdlNt47I9tooeu/ML
upbLTIetdH/eq5uL1fnw69DLNJsMQC8XDvzNIgpaSIqd/GGeSQpIWoRbIWwccFCF
CIOYIqZjLIVgMZcg+PaG276tLAy1bg5u4+zOQSgHif5NiQhXoCsuQbW4gCaRwiMS
D9IPsYaiSZwLTH+9UiSsw2yNcgTv4gF4U6b1RuGavYN5K2Q83vwDUkHTS7ly6Bnt
s9wo1wMq3GAnTxdYGd6h67rwlqA4pZI97PWDXLYYnzZCtCVqA+yV0VyiaHYBjJKd
vYlgMxJITWIn2yoWBzSGqNt+9MeLqpwfCbWBHF/owSPmKa9SWZjTFjXW9Ucggmiw
DbUl4Gcjj8Quj7D1pttxxOPtPDZFWxDkaX31eXOJ9v4nAbQZqkX5+ePgup2My7+g
bGCbQZzSUF93YItOj/ZWMYtTu0qykaNt6uonI4WbIUfwNoqq6j0Ijk+VUsyfyPXY
OVqYpOC4tnwXSMfNkD3XGWZ7Xbv9g8Covx72ouAsJG+GeJVRzju4vyuDjBMMdxrX
sefegdb620WvOJB0OzXh0b6D3J/tP70Bf8EifZDVXT6VWix1Yo5PAks+Fdk/ewcy
AjE3pN6SWHOI2hzGaCdb9nfNDo1svUIqECQQ3llnx4S65jR/xgQzEGo7Tl+vkoMX
V9XT/SySI+Sdd3gnRiMGLTdOnCc1cH16uHS9YQBdAKI1WEmpQvyHPdsCzFFRZo3s
IAa28EWHu7L9bBpUEwERTF5eoyUCppycOuzVoLtVGC4STV+EWXxCC0zU12qSzp4S
LGF1ShMewAZcdnr1yT1PXSjU20eAL6ktH9a3dJiPO2ynoKECAhcz4AqbC4bmpaMp
qPMPbYuTmCaYrNwBBeslnphUF3E45KA9wC07gJuP4P/Q3tKHrIzdMBjNQpfPeLx8
fnEc7P78YeGjWNhmLhARDSSPXgokFBVK7x91L6LpvDS/lZ6k9JFwQWhxngitIUSx
y3oiM1BZe5VY3nZKZa3QqU/Ss7p68iGC9b1ny4HIHfh2WlsV4ghlXk2UHDRSM55D
m6qrSx9RXVHFYSU5NlZOEYf+QghBLEiVBKazD/7fV6mfDoWaHoNcHkbD0BPeNi0+
lhqaxfqRHlQKRkSVo9RGox/QS+u2tWQD0KJP/ViU1HC3Ndg1gh0+CFis+3LRSTcF
SgAjrYOE7a8ZHUgNMMwEqOo5iN755obK6fvmLgUwXEF3vDNFoAg4z5XOj4/2TQFI
L7qzCWU3oliTZrbb0CbPF/nDFtBi6B2Z4TaPYB29eR7RLpkwdL9qSiIXbMWbJmZ9
7C2i1iXDwaO101VcjoPTsmrUQnX/nvf3Gi7ZVEPz1nQMzbP0hF2jC3UfBawfxyQD
pTVTM9CjBarGKWpgRi5nyVFRbib7QuPsXgd+hW9BfkpotuZePi7wUxcd7aoXsKnz
011HfT9mFqvBeOeVoORyB+5ZV7FmdtbOfqXIlQDTiBPVWDPmgZIE/AaK7OtkPn1Y
903j6Da1cq+dVTAEaBdY9l3kyd7UAHIt+k30ZbqlEf9esQyg+6BTQaKcT44B9jrE
SAG2lNGlB5E5rMUXOBqtlVPeDf8hj1UpiFsVXMGm5t/yQvVuvBvBHX2MZEH7hM3k
dkZ8Mmmn5ru5zCChNRW69e5nPUoAdYRDFeq/VN6XHInkaZbfQqECj+wjCMgLJRa7
x6r+49K/yz36rUWl/jzRcLAcNdBAR2X6VnaDc920zbEfms4hCAQ+Yj9HvG/1UOTD
a/808931/7bwNFGBrgxYOj00t2epKHA2OUEgznltVZY5kCTGUVFxTYQoB89qCaVd
LENGu7EjHTcEaqULZ2w0VbUv4aCa73abREcc+xIWD77D55YB+NtFrCTlpYuu26g0
UndECkzySH7FVxRGNbW1l9jTuZtduS+xBe4ObytQuKSpts3bpMS7scxCDtu5QqJS
0umHJMSOFJ1hVZx9NM9yWT3GQ1LwVo+1UHUEufiCIrMjPTTJ2VrbqJSDZhhY9R/F
Oxuxv+0hKQiy2z326cXFmsvqlZgknewMUfRfpUNXIUqonknsNXKJuJmsvo8XCXRF
fFjtnOmoU8LydvxRyELYT9kJDP+NwOZOJfPbHyWJ/EMLSy/FNZkVINx6/ciDb9Ll
PvdJL4FQyAUpAeWNt0FMJW4FbVTx7fPVs4Lf/fRPiKGpoD8MJ+Fd1YzN5oNe3voH
/vzNTmUa64KFS8of/t3xWQfWHxMWVtawD8AUQVBix7WatMB69P+q6Idoxlw/Gvey
jtigfDC0LWFM6evxFGUxgtaYKqQzh+JQ2c9VhKRfvtryVVUEORbTFPZJjvp+Z7Dn
lyAAZZjY8Pw09CWecr3dOQnlBFk5M1nQMnkxv0OkM//PTaMBpjsAs6x8nt3DUTfB
hW3NYlwSf2Y04Kl2ttDOaooAGJKoh9x3dBOA+k6QaRPkTT2+xCkuKeVDLNFEmOxy
K6Mi6DHoNkA+xL/mHxPu5y+AiSxFpGduWvXLLKl9Tu5rt9LxVME+x99PMwE5oLIF
2bPGBDZddHL5r/F+HS5kLU/TnjjMVKGXrXAkfYUQewJJF6m3Y4Jsg34650c06yXp
y3CXJjZSZg7v+c6+seRiqv7XPcdAV0lNPvCwxxLaCARCbZC+dziB4c+VJpU2wjMS
PVi0w9wUP3EXppoCyfQ51CwK2Wf0yFqIzgI/LOS5HO8=
Gillmor, et al. Expires 5 December 2024 [Page 161]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.3.17. S/MIME Encrypted and Signed Over a Complex Message, Injected
Headers With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9970 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6374 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2033 bytes
├┬╴multipart/alternative 1134 bytes
│├─╴text/plain 386 bytes
│└─╴text/html 481 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500
MIIcvAYJKoZIhvcNAQcDoIIcrTCCHKkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFQqpxusiPMblOO5o8S+BiVOMPjePl6cLAV/
/o2hyG2MhxJrAsTcI8SLp/TLlCACigQ3DBj6Vahc8jyZU7QaoecOjnOtB0ijndOG
z4Nn/z/WhynKcJueqOfzXzDIcLcoh5w9NC4ers4vdMhtPIOPvBdYxHtXe42xu+pg
OtJXLeX3Tkai1UjyWhLl5yW3t4MNS/n1p3qmh3bVFS8cg38JMr5prL+F6g03HXEt
m2xR3pMIVxZhcgkxBORwdvuS77cq6lchA7DFIAiZq9LlJB4EPzS/wmICe7Lmnii3
wB+nB+7SiVGo/3uaR9JVgI2NPjRQio3Q/2S3JoaMIYzTVYDTzkgwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAO6CKa0bdC0UO3WqocZSMCAgR
n0e8D2pgYQx3kvAppMGZA0WlSoIhRwiIr3z8vR8aUbHRLy7cjPYLa3OgeTUqNPwZ
PuxWHav8cZ7zowQZvvR2dU6yu19E9LlB94sVNdgjBtJ4yAZ/nnwu9Ch/pAhOKuqM
QLCDYfNvW4RpzkggUk90YdAaoTrRV/9s1dzMIship9TGHcIV2ISv9cXL3xDy55e7
gP3hfgF/AfmL8uXeN4joU+FbGpwXdFbNKlUP1pWv5mDwygU72FvpXK+efa7EGjOQ
Gillmor, et al. Expires 5 December 2024 [Page 162]
Internet-Draft Cryptographic MIME Header Protection June 2024
5H8kedUc3oHHvUfgfdq1+xww4Hs255mDHSXvdwrQq6g2rL1a79aN4uAOLTf6hTCC
GY4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEEPv0qva0yWfAIALD0aNFYmAghlg
PmbapeLnhNDkz+T9ahZv2ieQuYu+uKApU2HjEh1umWUqo7djz4/VVKDT7nYtjdJ2
7Lv81d4HIlbhcFchq0moCzqW9Ff6JgvWPQ5KBLBrHHIGiRS8jW5UVZLcCCce1qVV
d6zoDR/Kg30SiNjsvRq4PZY2S6Kd4N8roISQMCAkUr2MxvJtqjzKc5zjmyYtF19I
7kQpATuMkN2LcAkXPUVL7xMVs8PVYesFueZ4iB5NtNPADrmbkasRkdxUTU3TeKZl
/5M5ywW4O1a6Kx2SNHBFswpsOkuRYJyYpaZRsffa5xG2lRXHWqHLYvOrQz0+L47G
X2liB29h7Vbt0s9PzrfbsvNB3bBS9mQCRZUFoOszj4jKsXQtr6M0stMLuLEGdMw0
QrLCZOGisRRwOoaEcscqHNddC4DRLK7FLor7CEfBtl6Qzn4NKKwoSe948nWP6Hwd
QdsSZD4DeOJlRLcap+Dut0bNykFX3k1bdyPecW4vyhOOy6+pq5uTUY/f5johwcwO
VIBQucASuxtiPkHX3rTCQdaIMGiMNrAsHfLLeflc2B32ByPPpwMS0b4uFYfQc5WC
kXqBngMHR2lck853KnchP1SHX0xqQpBE3JCZrqQBhZ6c9cCEos4L7xYb2DItIHyg
pd1BnGsxLIbzRnjCySgeNyL5SDHUafwbDq9jJ+MK5DXSNQTv8WOObHqIe1IbjjGw
Yc2Ur4dgXYWvjAcN7d1hCUWtoWEeaVx73nhP2a1qK3cGYd2qsgnQVaqiJW0L/lS2
8z5816F3xhOfURwvz9veW1GPR28BqFgvzRHFZD6w7eLUAwCTirmAYURnzhj8GXM3
vHI0Maf5JMi1Uz4+3ef+89ffg6sm1qnrFziU/ppeheriB4UX76ulDBTohoNEyreY
kiaGJWDTxqtZ2QLwTEteaOCO+qvQUHPmxNH3lyRzUnEcX9/MFYGfV2H6dlPw0md7
Kp0Gt/Wh9Uk8EYVtyMJD91CK/MsbXMcU7C6/Y6Y5ZpsdPOtdRb4seV0Jl6m78V6Q
lBrcb/aHKgEO95/4wzRnbLlsDJ8AmQLMCFG4Satu1ywY6GQBcW2IaAjJJUCcAPBW
k4jQKmf6rKS0vfxxPicLtQyPtgeoi82lYiEjXqQw5TLVHb2zM0QdoPJbD4nAYV8n
ez2mMFv8m1UlgBb/8ulNF/V+364V/pFEj9PrRQXKj4e4NTgHBBOzM9fS7JJeNe09
kRI7o6u6U6uuoKKvi6iF8kvvXsI2YA/Ag3jEKdLUEKP2oWBBXamPJAD0xt38dFrC
G35VgBQQG2xwm20Q5h04ebROXQgUCyCWiyngnofM7/Y5DLu4EasqXOkEPdIQJS65
2IBqjI+KMnmQm7JHGpyqs5AJmzybKN4+pvPeI2WOTkaqUVpMyKIz4HlL+j+nRp1g
vAz7uVKw6imWRNGuGQzJQE0aSn7rhkQpAteTVxbPeYn8rqQT0Qs5Vr+PbaeljcYd
xBIjMJXTEQbs2k5i/XwgLzMi1LttsveHK8l38Tj3Yp8V5CIe/PmoW1pdljxiRTHq
M3OOJOzltGCh/BHmYMSh+jzY5R1Ty4U+pf9WLkmaH24L6noylvtthH32edSifu33
zof7GNa5ohH9DMEDskocVdRpvLkRRfhH6OxWLqF4oIgh2AabEY1SsWPQ3RiQqub2
R7qqPPTxVcV5eSl5n1aW22vVITSjLNe6trBPs8WFTXeRF81Gdl3svWHZAGr4cWOR
UEPLE5WCLRZ9O+Rb0UW5M466gZGd8Ok21EOWcNA92kTAQzRHN0WlE1w3iHeCNym2
9Ywba0nbEToGupvlM4sZfyVV6ReGKGwg58dpAsAU8eoriD4ykJZ3XiDb6FGzKzPT
ixDdTASW2C7GNcM6IIwHT+IA0nTDbWp7B/f/sXTRWQ1TzgT0/7LNuEOy5Hy6akOI
i0ALjNt37nU+E7lt57jSB0YoxPZkY8IeTlHvDKwRTbyprKsidOdcKe/6EypX4p7+
Ihn1nn43bU8AsTZ9Xsxo50nIVxMM62t08nh5fQjbkmyvJG4ubDhxfKNJ8niLE/eV
G/N02retRcLbQ7O9qMUCOUoMpaVwv07w69TTt0nYB3N9aw3BKUopYl1P6IaIR3Gd
cImqZos3P8edVREM8aNjczptKaMHf0daezDETkmJgOhgeo/pAh9VoaLh+gjLu0CM
6zS0KAgy5zjQBn0e9hGp2hvBqGDz9OUvaKHNFIoT3rxg1m/a5JAwjakLFzei5XJ3
mAPoqHy3P5Cgf3PRhLa/N/hhVaSc7VFUCY2SyISre148vrxrw4BG9F59cmGmtikJ
h/4hMPtbR0k7XJm/Bm+mZF+2qikS4QVYOuX0G9qXOY4YhxdhQsTBh9UQB/pRS4dx
NvZEgqwLRSVF+fa0hCoUNcEfNBlcMcOGCi/ko5Ftw7ml4MyfJ00pKF7f0PYOmcei
ReX3zeC24GKR3nl1VyPHoRGBm+B4KwABX8igY83MMEY3I+5Vns63s8kvcwK/dXmZ
lGbmvlItNoLrnC59EPIQO2LiCNfVAJ2bi9h72hbO3dJJqzxbxyOn8RYtDNrMT+Bu
u52WnakJzN6RQgZ1BYV8Lz1Dlvth02pEaHbr/0yPvnVYMjle1NPcQ1U9HARAYnZe
jeXA8R6r+Dspdym3zdh7r+ADHQEDiekjiGqMzYe0mGkgsNBeC1gZlVzbwZJyH0mk
U5PcxXSMDmQKoUVzQRtUQiiwWTysl6pJUAH/lNx8pqZcHOPv+cViUQ6gF914KDzA
6mZOGDgMgJFlPZoELFSN6qofP02rbBA+VcF5cKyvn17a0TEVjWPNUGZFFkrre46l
9ZHHGktXNS1quLdx8K1KpB4QUDxBa1CsaMSE3fl+AyxSVA0HBoEUTaXbUWSVxmGo
PJxU0Jz8TlqH+Lc4UPVY8k2jj5yEP5FkhNfNQvfxXkWShsz/YyYX/06DXv5OFOgB
Gillmor, et al. Expires 5 December 2024 [Page 163]
Internet-Draft Cryptographic MIME Header Protection June 2024
XvUxtAhXZpF33eaL900Dz7jqYQEMuqWMhzojmTpuXyzMpUSPOsc88lyIAGnBEXBF
cdnTbXw6HEt0LJnKS8KUw77e5N2/DYwLXpElGjz52qGSeH+dl6qcxpYj5ijP72OI
EZvPnQhnrA4D3G6e0uIMwR6DXwVXMlG6AvZvM1owFBTbd8ROFDdYEBQZBP98syF5
MLqSnrPzjGds3mkhqxCISCzahcN5qcsjcWoSUkKhHLJEfQVDWLqcZkQ0gcW8j1zO
paEBgpwD2H+saCmT+tAP3KRJmzwEKfvpDn9316uK9NSvSkMmzNy/CPMX0GoI3s40
2y870B9UfXgpVZDwnwPscvAvJMf6fmnJrekJVdev6N0B1udPwnSWX70W9l6VO8bw
WM9RATQo7BoVHkSockSU7dR8kiEk0Bk7FDjVQ1EOnDpVC8MVvOhwbtTNknhhSN9Q
ZPaTSkaDC8tBSmVDOmQ/uKu2fO73ZKJCM3ftLkaHggeDEgUod2REFuU0a/GEcYJ0
yVVb/NGPady/BsP56A69ZzgGlI4lf5M28r0A82IoSsk9GKpGLJ1EGenH7n17GqrK
1hnE11ZlJiN53Ayf3D4aUOTvtXewRm4W8r2IwbzGEWJd6wKPIWOhmXsPYlgwEQqy
hxcR4WVdfz6Zo/ed5StBuI88XXMS1g+mqd8sveBeGUAbDTRnqNAM5Kv9jpg2J2Mc
tq/KG1EA2yvZN4qd99+8B601saflPI0goyu3XugMEEDGd71m5vQcgalowMECwnEl
rVajVJiIDCieey3jjdc6TcXIhyh5XCxMbDiU9Y/6mn3PEs2Me6Y4YwPteFNosUiQ
Z3E98yPKtdxX6Mu0gH/j2w+GuoO5EwCJS7C3yk2TcfkbYR7kdSuE5dOegtwF8mLS
DFGbV5y4zbWrZAuEWtRIiVNNkChG0+X0Sf8llJD1g6ci9kTfe7fnTY1sNPYo+Mlv
uONvHWTcRTTUibW89S3WLkFsIBawIxM2oN6+J0ZDjnoXdP6kzNCC8emI3dAZd9oY
fh5FX15O2EU7MpTXipyvay1efmCucUZEHZ5JCAfQHLdjhmNTaLsL5Puwzasycdt8
GYxBvDOTx+EtuJR7tWiridZUSMI+UAWtYODQr648dUOnqr0JxAuTnSZLZVDN8yZp
WnTz0PE+NoCzl6Y7h5UfHFmKr1H7D0OdridXg6PVd1Vf6eN5tZvZW2ZkTcHWTL71
yOjgSyvwmQGXwR3rDRmvwTXN866q9Q4hmLoXQkOJYRRBaXoXHyEme7ykIr8Uv9SC
DSx/R/QFQwKh38NYANCYMVvqVv5gweY9uUT/BhfmkrnIpUg2nIcMKaAR2BybbFFb
VT1+BmSSfo9OkCNEZGpBtLKXtFL1L76fjcd244XRzo6WMDMBpFD6E/79AJaj+iHS
sLzfJWpdF53EkHAOC8qEWueyRO+cVqL/r0oacA54QlnvHuLpn4kJxePPA4Gq6O/B
Qcv8G35QiIcacnWdb2qFOQ4RnOF7ZOVNHfHGxZszarGE8T3AHnZvYBnUe+bCzKtj
111cSnxLNPrsJk8Xq8GZZ+SXWGR6eo6YDPSoBN/H0Kqg4dhUPJy53ju/O4PKL6bf
qVvJARjMkIyjx94UjVwXVPgR44yBJzBiGmtv4TagUJyHFR8ZeW6LEld71o//KbMP
VJTnnvZ9u8FWbZYaQROn2GPJ1NZFnvqMqYJhCCq22Npc2kI09NT5uAiqi02tta/W
KbJduOM4pyqHPDNJhDAMHJHLapOHJRltARgm1gAqyjpGhOvIc18WrQ5Rmt2XoLbL
uN5BDwqd0d+cHGsJWD1wZUjagasQTWPg2jeV0TJ+L2nHlouFUMGluaNKupGL789R
66E07Zv8nb+BupZRp3in1EAHdkmj90mufvB96IpBfXYIBJrS5BK8K2HbBs+01zb4
XOOIZIbQ3cIyOn0M/s8tTo7ftfskZOzZ7273o5EfqCHbDyVw8Jq4ZSHmnyTDUkTa
isIwsPrtl4Tg2O9ntteY4Txz/FusP6LB7Mr8nrzJHbOUryRHDyEPpeQKFr1LKsCs
DHdVcxwjfz6PFBmztYD7WRw4UaSfMD2s5OBBAYNm73dNLoOFXVg+eRFeJA3z48zy
x0MnpD23EPBGqbgzRj8KcDBy1o3zn2gGO4oQBD2GHQZqF7D3zAitnt5jk9FIJpUE
Y44oFrNteNot1iycG97OuqRqG2Asd4Ko0QKXhZSdsGk2kTmCiDLxWsZrVEj+c2cm
lKXIL3e8p+Xv+18sv8+NQ7r4FPfKsG9hYWYbrddhgeDaYLwIVNlxfalx1wnT4igy
OnjbPYCLlrukG39OcTDncm3xI2pF3c0CXQYcsAMOqPE/A3YHX+H0EIzgAY4ApgGZ
3xcjKzM90tTIoKlIG2EJZDullsTWDSZmbF6JWdVwa+YUNVIDd0xtuPL9lTMw/LZj
4BsqhXIbWw6Icw/2WJXgMbVHBiEdn1TAL1I4LiqXcwoGRMjoerq+LuMFKnXvJs9S
BO4RFCDoW5q4bro8jl9Lclfr+qovnhpO4D8u3XU1d4AsmzZo3EDBK3kp8jXSTtfM
Lx3gBKYViuZd+ew5E+TT/IP0p9xAaRo3HCtk6gnJ2pysbP+wj222HN5HzDpX1CTg
peQ7iiwbAtoMqU07KxeoieyQzNc/d7QnBpWuRVODL7Jhc5LE2U/uKL/ZR3+e0gyo
drqzmAUGFR10HeohrdtuT55f8MpAGQ1dxUu0EtTAAxSIC/9qzxPWMTmYeZY1Yxzp
ew3sJFN3rAaIdoUZbhvELP3/ai7wKYHm2XndhzsXwJT2MDw/Ax31R1MkmkGZnn/E
JgYA2qTAhUhWiP5GqA31LYlZVHSMVGg3oFhmO9g0KGhZm7qL7/vWBIRBMaS4EpBW
a2dCn1EICEPZHntLPraPC3HA/Dmo1PnRhmCp2zFiqbPYeEQaFKsmLuRbi3gxkCRw
MAh5lP4zRL5QNiKQQAcQoOw/Zx8QCUKoygZ5Y8KpKsZkuKbpIFPtYf5r4p9OGp0P
vxofFVV6F0aXcJZC5Hbx66ocOcgACpmMuL4w0qbbwYkVzzD7yISq6EzCk8IHIvyZ
Gillmor, et al. Expires 5 December 2024 [Page 164]
Internet-Draft Cryptographic MIME Header Protection June 2024
qe5Yi1DS/JngycX8Q9/x/5EIsS4N9ZnoaHN1O52tXgmT03pZBrRBRpWMdntkC1XD
aAPNQOAjX/84q2FhhbzrGibWoS+JpkUJUD8i1VEbdEaMaT5rzsiE8U6xRd3MenWY
Ii7aRwm51nDjjbLzp8fbVXVCdCTN9VyWhubRw4Il6qZxsdwa4yBYsV9PlHQWSJzx
UwMoe+/YdPx9ASJo2U1c3K5fL/se0R7s8gUd2564aKlcmlyRKeocw+7ytuFKt4gQ
2g/bOgybhBFqTr2DxKWgWf4oSOdqWoukRhR2McCaGBYxzlJwTq8bKtGb2BbuOpNr
rj7bNVkQj0JYIo0gALwRAme4xrObEqDgFT0vGbUPKMJYBumJ5+QxFN5bcCS7oX2p
hF94iCJU9goIo7SmM+JVePcJr0ofUPuT0GoeAQVEMTirmhsk8irMjZBeRQ2tDLsB
7gwwcp8sXFptfLXNFInOeMTRhMpzuj2fePLJ6sSt6spRY3sMWYJA8YOAunqGSF1M
/XWkppwIPFbNiQQ0PIAx6AyglruEWtveIr1MoZLPswsCZmYecOfcj6M1aiJ4+U/Q
VtNhdY3HB8z4LkIhFkTP46vMMlISt9eSMFTt3VZdkd/roQyp7x7FDqF2zz7nF9p9
olhZtWkqJte6/vTVOZJM/oJLiSVTeoN8+abD+blN63HwWXDhIVT1NcoPD+CAgutB
IV9LZi5VdarCSzeLMe4SOM9JoV8rWPl9XEjme7e7OLFrpBSCFDbz/tHF62Tkrn0o
9hbEsurewk78nhtBR5+0md8hY+y65NSb/HqkacPE6xB7XfADdgvpU9oviNxJABm7
hVqHKw1HV3RaXokh1g4AbE+4Z4hBpwAeAjMIDAzKs57oD91bYfqlXfpLypo0aUWv
gC7T1n8vRaHUCWGX83YElyvtIB7G6gPdgqB2eYjlzuMWlQ5rk7nYNHg6OqEL//Sz
xyEPznl6AvNiqpog9aOiv+GbfedhnwzRkRK4scXwSMC74SUQ7wBMr4P79AdtU8tN
JV9EC5L3njcjqjeZSqoh1O7NXdFoN3vZYU7O9ISEvD/3oIRI/CDWwuu+C9xQMfii
Oz29zf7OwbEpws16ZdQFRz7Z4xrph+RVDMAKYVeb7mrGcf9YGvNxgWb28ZGJ9lIv
akcGqD+5PrfTw/kLv22L1DxOGcSmijpiyjevV/27+Xsuf3DLdo5kaVkNp/3V2fxc
B6KezHXgSKvd8Yy5OiC88H+mwgUUSu150fGAqp7vCWPwvI7xG0rtyGWhx0sG4rpU
r/R0dDRpGBj60cJgHe838RMSoRHIcSLmip7NjCgjCWFWz7pbfRS2S6lQiuUkJYKI
fj0rVV/XCyr2p+B5WNiX1tzbnqMCOFLga+cA/7G2VTWVIITWYTHuymzcH1gOI3V2
6Um191mXzfeBL2tFqC8AUZDrSghw0ah2g17jkWtYUITKwf8y4hFk9Aj03XKLBTco
HLojMaGvmy8M2iTElLKEzXsDh7RBBaT2nMDtuX9lqXmm58F1YSVpN3UrH+xDv30S
Mwq639ckeqXIYdHcA9JrLAMZHjJGknM3cpT5F/gPhTDInduBo4ydgVe1vYr4pIQU
O9xs8lczr6XUlnz1dr+a6cpwfqa7zpj97XpMUlKpbG90QxBSsjVPCBqFP2Mt2krs
mgt2W/DIwZw3s10SRHEr6Vq2KvR56Q6pD4syEErJ4y9rZtoXc3qYf0akJJsX48JV
QE+9yUmJMFZXTodASxm9V5Bump6mgCGtBJKaotMHyTOaLS57E9vM+3pv/95jtE/r
dPsGzZpjd+7eDCol9fCQuDv+hZ1A17oCy6HU6YHTbCC8DVFXUsEZN0TPBkl1JSHm
v6JyP7y41PWRinh0nFmGXfqNqDE/5JRX2uF+kWMvHgCOFKagz3SeVuL+2uPmbcMM
VMuCeXpwUE6bv7ELifQOyJgTDt+gLUL2LdnDUcSrmtFzafgSx6dUA8hvgfJfMk1c
lZ5g5tWrDOgZh7MQWGH5EsTQBSA6XuxJ/0lKlq8br4H/B2UyUkOqDl3UZfDGIb+6
Rh+G0bFGg0KvSx9kbBKg51VqW+OpVVZn6I9QM5o1kZyL2wVRC2PN9IqnKrpsWIX3
zMrambBz2EiFQAV1rvb3eoMA22VEdz/iRwWpz3Oikvn/GUZS2QvqVWGXuLUbqS1j
JPDLZRhlca8XKJOeETbQm4M1TBV4Wy6aayg8dX58mtO8x946TTTqCw6GWRnbrIm8
0n1pvyYtdhhVF7E5IBkvHQXThKqpzsoLlwfPvVB8/WFW//iDW2c/VqGQP+fAR+o8
qZXK8aDPCoJlRr49urQUfuPui0gW80B7JSOz843CQmbtlziYTFfHIf1VPQ4AlcWS
Lu3dDdB/HWnk8hA3mBvHVkplzjrdhUVwCnvG5EmnEbJXn13ibvzOJyLvZfrobgdJ
EAeWIz8w7NZWdvoe7xavB5xG0ebvFefJ/0JlfmYtYcKB3QqUddBNLV3Oxu0jG4tQ
Or6zrlsTf9wgavilFYQxB5oPPe43DFDlhL6jejw/wTVbtMQ8TkCETaxONKVYUaEG
vvxOxJmBZ7MeEk/zgQG1jWo/chqOZs1+Bjk+VMFbTxPlcQwDDm+smos0H+YD9d45
WF9J2btPmh9UR0Jjh8gmHQ==
Gillmor, et al. Expires 5 December 2024 [Page 165]
Internet-Draft Cryptographic MIME Header Protection June 2024
B.3.18. S/MIME Encrypted and Signed Over a Complex Message, Injected
Headers With hcp_strong (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy with a "Legacy Display" part.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10555 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6804 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2340 bytes
├┬╴multipart/alternative 1427 bytes
│├─╴text/plain 483 bytes
│└─╴text/html 635 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500
MIIebAYJKoZIhvcNAQcDoIIeXTCCHlkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAANVV/KZ8/6l/dyLCA6PNX0Ba2t81pslb+dm
uREfMpnsJ6fXSDJ2DcDbgF1Dx3ca5+W+e9rT9rwkAar/NrVYrbJm7KO7U0SNf43e
eBiGugsdMdUBjaC3sMZdT9cuymMiPMCaGoXfK+kGIH/5yuvlwVaL3bDXDa09qv8r
Pv/Q/mOWNH2cDX+ypjK1SIAitX5TYT7HmdxxhSSg45nEamkYdQ3NNEI9ESjDJUSl
FPaKK9wHvS3Ep8t8jKc2vz/LTnGNkDvF8tZgbbnUtaCbmZ/eW8qwz0UsJ9Xpdhr0
ntQMVAJaymvF+1eWQALoeOI9z9oQ5b+U9j82ER6SFjHkNVYWsz4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAp5MbodkzTrOUHqec4G1+g16u
HNsRATuAayV5hLYbDqQe7zr4KnXPTPGUR6dVE+Qe3umaQjQxdcui5nwmkzJbXpeH
tFMDDCqJKPBf4oEcy/EPAlJzDYyloJxKJ0Ig0ABH4WrafiRlLkR+IBoeTYweD4Nw
IBYXRAa8HunCTmiUBvFnFDVox+fHQVyDl6q2JE7oeey0pdQNzVDHfN5BWw+6GwiU
9PfsfTOLXgo20pLWG709N4YlAqA2j32FDVHcPaOWV3cujZ16XHCaiswZB7jWqJI+
Gillmor, et al. Expires 5 December 2024 [Page 166]
Internet-Draft Cryptographic MIME Header Protection June 2024
y/sWnNjWLtjQoieGR2Zl2SIw/sF/MoQB9rhS5x9tVSLK163cEL/vcuyFzaEPmTCC
Gz4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEEVkF2Uc3yivJiA9LFkpPNuAghsQ
3BlGc6Vqp9w4jOIgq5IVAPjZbWiP1V8kP2JlFbyIdb9Bj9LSMR72ZCRVa82Zo1/j
Ke/uL4cVU9h5NVU7vZE5U1VUa8vIPxYlXP+dXb39W4FxBfFQS2RBfNkSzwnflWsp
YmpmqHaWGFRye0K5q4dBGlbj8j9vWotm6z7WX4k06u9MogJxWJqZmolyb/EATquj
Ywe7q+SoLPB4dhN80FXKfsOSLBEF16d1Un7/0w2PbClKDarfynXHn664oRXnD1+l
YyzFnpjoP3XXJz3jg2v3Z8/EU+oDTLVTLK1k5OyONVUyGElW5QRiCrzydG0//XZf
MFqvRz41ApG1uK1xdw9v/V/JxaUk6mfPmnP2RKcirWYNzvB087J4rugjV2i3OTWb
fQpMICUoxYTQg6RKZKDBVMrqpHpmwDWjbZdn/XFUaCyfFvILZQGzEscYxkFPoSji
6GJqJc8fi4WBu79CsSGooLmmLtvaJDUQKclbXFHFuP5i5qrWTJPM50WoxQzZKhmL
qf7spnRxU2wkvshXQSHHBFS1UpPcgVENJiYrADQafvz6VdcUaG7Npu2BT2hvk3Qa
APKnpu/6rTr0kvaFOl8iW8xyk6YoUSUXPnB2W/eJbg/l2AJeBBM2dgfWz0A4eNFP
nkcITI6wXe2ewkjUYcq2TwF1e4OuVF15EWINXLfxG3yKJvqg3HJeCly+OIiQdT0D
t/BZkEm4Z9LLja9pIAFNWEBaiccKgZ3Xx0RI33TGbp/F2QSPWwcoJMdvcV5Xoym6
KRNcprKhIurcmfm7zZAPBDVQNV2JZ758vko/V0dxJK3sGa4E6ayNGuRrRCxLvWJF
cADF1f3HQFmyZ1rALSwTmIuMwN4FT6NrMmEfl4V+e1faEhkw6RcS/DO7b61sjxl1
uujttp6iY249/6UJaZYNz+CkwqtW6ccy4fXxi3lBWURFW/jqVYbOGG16xDMiJR1C
chLXVWV1hJp7MkWR+qnWnYcXY3W1Oa/tRILgFkguu8/mJTk9CRxOQbpPEohkvE2d
tP2cBaMjJA//Ue62NzunUzJDouNcw2pkkIj4V0/WINnaqx3vxxpuGGqNbp1q49pT
IeL3JI1IZBd5K+p3V4U1IDaOzcq11jSccjBYxAcgdJNFccJNTEMGqU5jA+rMJLOj
+0yn4FzaWfbCod84O7/8k3HJWs9b2kq0KQ2kEdyGJnJGOWT3uO5zpooKpOBWmBwU
PJqMm0jgsve16mKOBhMknuDOR1beMpmhCwl1+MQ6z641zc7y9lNd6NmPeyX//GLR
VDgJvoVXTLghEJIM6P0C1hzpMJspKJ72k4bwC6P/93F5XAzRA58cot91UvPWoA3D
Ni5Eq/g52ex1gHAV8VnzuQDUpFF3gCfXFSjUTchg2/3dd6nrVK9P0ee1mlKxRHb5
/2rgvbpg7YZ09koujWlZUGqN+BSn6GTuw/BwEvFaX2iyB/g4vurj4oSPrmnVK4yZ
sIDYfeq8wCEsrvfvJyQHrXtJn9wyi3GYj7RNopJ0lLdzzQ5PQ63CZbe8hlrCuWfC
8FRhTK4+wvUIrB+LBofOj9pj4WHG4/FvRkxkOzsYnc0t80s0B6p2DT255x9uIeU4
ysHnsPWPlEjDoUjBltblm+NLQZE8EKdgrFW6iCUYAkIj6H/6w7UbV5+IzabC27o5
o9zrnurII/tl3TRlnnk0FKhsADxuQMdr1yY25Zjw/pW5uFYgqoWqAwoMW28MOkql
2mXq9g62qy6VPRTu4U5B4nxn1SV6aUAJ+4aZQ1KPO7cQq6Bw8KKwaxV+ytXoSJNc
if6/Zho8RFt1QQucEl2cNijxET0ZipcU9X8jrgvb4RrMeZgXQl0sVakIw60okS3G
zjxMvjoGXZl3uLY871N4V5v7q2m3y1oHSPU/XICIBa7FONTnivCC8UxBr8O0U2ON
uSstP33iF+uM/sUleb50bK+t7uK4vNlML5CbRPtVPFnp2tM3pGK8vOeR9QRBeWpL
IBYwtnrsuv63N35itKj48gsKfQCETGeMRkqLev7BXkgFpfjsHPQYafaReswYz5IB
LihvtX1NJmn96jYGE6ts4uT6rFDBDYouwMD9TV2RNe+yQkDxpwFArL9fH6sSL5fv
wTVjQP74gIf5/T60lzpgRGy6gix2w3cGaUI0FMjke+lM2R7J9gil3hCi68JRkcRC
NA3/MIjdStJ7aUkENcOurGzr0jLywot7uPZbzsCusf1P+7yKfCohEEqlwsFcLorb
qcj73euFSPSmJHloAfft3AQ8Tn3k2HRodXG6A5SY7268pyRF5KPuEsEV71Ix19Yu
o7SNor52QBAI+OSu6uBiAVFeJddNUYM+kEYQszHG1B5A9RbvRB2InVa5xLQRBJQP
gTVQIBcuH8KAWKT2OPg4cmmKO14YSRBrsuF7Q9ZVG4zPB8U/CzMNPvE6xOJKiyv8
SwxoieVaejY4x1gyq9biyjZ6WLsNH2tSLNJOUie2uaU2Y/Flz6x5ezjaATZNtDzP
gRJiXfktuhkiG8jbt/kzl6eW967a/mF/aXLWomJm8aPAp3QRua7BxWA6iBM3zEzN
ZPpL9c8LJNNrDYEBDExZ8xlVUvVruRkmaJBm6J3Jh2sFLxod9cTji9s2ECOXMTbG
HpbP7Aw0htH4ATxKOh69WzFfrnhhD0+ocpD6LZrvobrqXRlPtCOLZQiQlEIYvIli
SbUcd4Evz7Zt6A86sR3IBtncW1fdHVQUxTM0Y/w1Jx3ucubuGY8eVRaHoGwevDKI
ENwA+w3XOWejferSx2SWZTMgCDebjZ/329OSnhexa9TC/VaFrH4gqiQWmvw+edqq
c3bsqMVhwFfHzsLj89MxZ7B1DzTWujBV44crdlvusQ4uhQyk92G8NT5WKdx+RlMP
gY7CLEBjs7shJK+YDVBRmMymyjQ3+T1H+cHv1d9h5iZGgQtP1gXxYehVxoELuoMw
Gillmor, et al. Expires 5 December 2024 [Page 167]
Internet-Draft Cryptographic MIME Header Protection June 2024
vBVcWmkA+LW2DGcBCPuZXusY+N7HMXwPqylpjWKqY6upZuZfepzVyVpk64EDbGmY
qGmTAalubi75b/m6bmua7QlBRpbmTjlRmKVaxeDjpD2tTbPv3t91JkU9S4lMM7BR
kdSOajwq8bsxRU7SzzTVdY1++7g/eWyWHo2/AGyboaj6AZAnZo3yhgKF3TEJHVCU
WeYahQ9SbrqcSLIm6RHeNk/bZUKBaf4tTNtaKPN4uqK7eSaXG6r2kNdlaQmCjw8f
Qyo53LwQWdA3nvu36fNgpIC19qQFo2ke2fMFUDiR/Ax2vRxAQS8ljzsyW9dwVvA7
mgzU/g71TywAlBI6kswbUUz1g8RL2dVxvkawa9oYuJC3Nd9zAbyrwmjoFB0qbNjH
hpnOINAAk8M5LFXQCdfgEqjMMFU1NlI1eUpFso8Yo5AI6HpE36EbvKRSNTHWmtkQ
nBSqyTVdgAdOAhr4ol0dqrJ3j93jeqFMGftaVzIwGNGPwGqOmNuD8o8cnV0X5Bh2
mC2wcs0lhfmXTW4QMdmlgUHy2mmi0f7EGuq5cUA6SSJG/rxj+DZcfmrirkxga3/3
q7fkOe0D5FwKvhBLuSTAaBBYofuZ9I8kW/mOTukPrqazky++vhYhbUxmmZKZeuNz
e7z1LafAc1TTJIYpuaVEJW5SMOsNRgjVXc6XpFWbC5IVJRz+EV3P11jubxZBqini
gzYm1rzgZCi5GGes1ZNIru8u+xbuuxogwpOxQvjEHoHlfWq6OsWRZYfQ+eDEUYY1
f56GQaokmqxVcTjhFGv4SAeAPM363Z/1xDyGJtREPC89aNMC2fMBGhO1xS7R2mEP
3NWAccxVSOY+bA+ec9w6ZlgL6PSDoQI+eRuEsP33tFP4kljdbns0PAwRXvH8LwuX
ZdhHmk6TO8ZAFPiD7Ytqjt5UV4OfvSZl7iDNo8EZ2mlpcZin+0gh2bT26+jsuBAX
+5UZKW1ciavgYQfs9+1vbrBuPOr+59hjZZ6E1MLIbrKN/5VMw+l0eZbPTo/5c2JY
lxfAsGYphnzRq1wQBPnoHCYzaLoazAOoohGNELg/FO7ijqbqLono/7WVzXO+MPVv
0/kDv+mXWXdYgw5nma/sEBiaMRgsL8sDtY0qvYJNR3yPCg535QYuZuo1cm91viU/
KKVBX0TeEHgqjHvRRwLTMiy56/U4ATadOeWEriH+mMWc0p0tjo7t24KrZvAlNbq7
/43PWTL+fo3ccWyk2uAOSxB9Qd6/HAEIboKZFgj9XJtpVKLbd2llA8jel8YQirbf
jq1bKm4PXSEFOisaB1mvcwS9Fa4JLonpeV5/smQrW9XvcRfSN/pqvAiUZJaBBz72
qcagJ86b+KwNO4lebD5ldkq54oI3ZhObUJPfWKtYRm/KGdGHVcfDOar4PU0mYa2v
J5obnI0CoXTMOb1AbPdcNZ/Cd72piGhB8BCWFv1RZH0vtNFBEPmp/a+nu9U77MDk
OYUm2tV47D/jTHmJp+tJFjbUcC1IDTYIfrlzTfrRXRbc7aaOpdkdFV+Dk2AMJpOL
OwS0FBhTJXO8iHWq9Zq8xP8zJWwFTxYAdN62S+ZPNsTS4h7lTIs7IGOu9b2vgm75
po5IX0henlGA/7dYTNt4xBHZQx8sm3l8zXS4zPSJUYM+H9OttrjHwoQzf6lzC65o
mHVB9UT73aQAUMF0Mu2rTMH1HOaaM2s46fnoV4nSvuBojk5BvBYdlebfkEO9TAZO
2VqXPbkS8d7f7UsgqlEq9xFAUE2m309b2Avdx1FWvbnUZXmpIdVGITekcxj/7p6T
xM6A1xWnSYE4BbzijKtCkJNjuNOYQtktwwEG8HFhXBGjJQMEh2D5FbueYfh28KZ+
lEDjhhf6j/bDosjTQP0JvrLJuoEmcVPtaVKo8o6wordN3+zuijgDka+rTJwSCKHD
zr4hNrMbaoZ+39Hd9eT+E072dl012aaCH8EjxN1LW/OnFEcwcpAFnloAUcHIuAXh
QXAb3oUjpHQGz5U0apU09DCqM7QDh/3Rpj3ZSgOMmCGgf0DEds4ezMT+RlaDUjDp
4b1SLH+00gQQUEvejxFOGcZELRyxIYvfM2vh7IOcYhLZLaKqBzSllIVKgq9vNJud
OLm8xTPYTbZpnDwYmwYOUb8jtmp0FKRtQl/LbYpF7/KCyr48MlAsFe+4J+koSg2b
WAktsvjHky7yn0ENZLjttyw4jmihbLEZV33AaOJhUsI+873Dm0JzMFFp6gYheGgP
ZGfyvvTk6hicjhmXQZyG5cLq4vHA19gqv5ioAVE98mQY8dLivF14T0wNAp9JmVxy
iie0HL2oaLlutwEG54ChFFvzmxA24rp7MvVMbzICUnzvz3C/424R9IBDtVIPWaiJ
4t2tS45r5J+/hVtl/DH2I4sHssS8l3/iX0kqDVSLRWdSe3ICUx+PSsEfsOUjJAKD
FUne/bLVOedhfmJ9mKLld9mO6+NnFjLq1U7JiKn0Np3g48AdfWjRX7SEDj9On/vF
c9A65k1NDcKZJmxtnwE8p28TYFncb3nsvFolDZEO75K7DtaRfqz+qTo6LJPzFh5T
dFHVIkIIajo4KpqYca8PWIUbLVeBi/YQvQZQ18pB7dkGcUlVwY0YpExx6g5FYczY
nwy0kov3wPAHeViQErUq+6HhGh/2RnADqUNA1cTQRtHQbrKeIobfeo58eCXu1t4w
Ehrpa+Wie6nzyh3NFkRKmT+uVxl4AuBD/Q7rGYNc8nOP8vPKekD1wdae36V6TcXL
ZJs+gJhxUWJY3Em+LnD8SMUWrefHon1K9Te9oifOHXg57KFSkZ971E59BBDIbU74
w5f3xyUsEH0lAGID08nlZX/TS4d9VLWMZTKpTH1XoMy+6CMPYQQDqNw5Ozt7kwMg
4QJiv0bF0qw7f0FevFnyVrsZ9enjdludibBWJ8cD0P7ED8pzjM8M9SC0FwctsrnP
bSmIqhFmlRymmi6qGeamSHV2HWpFEi/P2xZUT8Vs6Y4Js+fi7VqMTMVTqoL+whEf
w4YVG/4m3O6WFdCDC1IfnFAEVJyfIRqd4OgfdsbY39tUpQ3BPa5ACXPRczZRP0HB
Gillmor, et al. Expires 5 December 2024 [Page 168]
Internet-Draft Cryptographic MIME Header Protection June 2024
cn6cPLFeDC74eP9l9bx60k+WEVQQOtI+wsgUDNGiqnh815S7aeauq1MudpT0xlpM
9MqwByZhrxYBqb4BYMYnvBiEhmzkyP8a1LxDyXIWR07/+vxVTVV4hB8rfWLmI0j2
VFQDYvLS7F0DxKF41t2/rMajkciaOmU285XnTPtS+XigwSR3nbH5xGqxULE4v926
N+fU3hgmZMWgTxhI+1Iqlexf6l5QfIJAsTF71aP1B83ikucT6PBzleUIk2x3oDYZ
prcf+1iL9bKQAGdhGmPyp6jAf3XlVT0QKBXCsmfb5uYNmt0RG02TVZAUBgRMM0Iu
O3VZ0a6VJiAyBdFrif2jeLWSzUqlPgmNcvE/861Lk/mqv/q/mJqjHuk+Te5BJEgQ
7Am4NZYXJcov09+oc8HPICQaLDl/nPYApSlZ7n8OagZGCN2zGTsY7m4DVeSq8RD0
hbXuDgYWeIo1bHHrUqZLwBlPuKl0MBEXLoLT1KVVJNBV3YBwwF/90A614DuR4FKy
kKao6gCtnSet+C/ylH3q0u5LWZ7TuvWNdaxyaUwwoLlqqYmhb6zg2msSvMNon05I
33pdkiG1FTo5D5o/yGqpIg29usTM3oOVf+y6UUro+jeXk1aVTc6ecaf91aXjGsmk
cgtdZMz6TL948XFpzaTfe0BfY8BgHZ0VBRcSZLlrU1TKmaybPX5SVvRXJ1RMSOYc
1j2ZKqW2C6ydTuq4ncMI39HKIuCqQx1h7qk6EG499ELdT3D2U6Y7oBtyncI+Btwm
uCbL6gKzHI3obBTqzcTp+LaJb58E2M3RbWsMDGwnBmMYd+SfjsFTPpSnCQa0UYHm
dXP2A3hhSsj83z9wO+XS5I+w+0cn0L0nm6/dvWxcVkgR8LSnmLfsPZvbZdgki1CQ
c+eSELLZf5BpecfjUnTKNC0qAyKeDAB1dSB8LJsdfAMgyTPAzCuAXr8leHtH+BoZ
fi2i3tPqx8JF8l4T5usBvb0dmb4j/PwofxLq/RegrQ/X8DOoEFUvf167K/yKYBAe
+PTb2NuVkrU8xuxaGxNen1eU1J5aJsh+D7kS8+5Lm4L+pDsGnmTPgean/ra3ZmB9
Mngv2i0pqHvcQgRt2RozI+XXl+dmCn5FOSjWTZ8dAkPfasxkaCb15rteMOWzIEJW
B5vgrTaiWq+1VRFP4wxXqLb/AnOGL0RO9Jw5MdFLzW5VtDt8gejFMbvIP1LwHxfY
TNclf0fMCRKUZ1KG0mLOzzgSHe4+UUbY0gElclxLlX/A7mJIc0OK/E1yGR7G2BER
2y6ZwFyts/wWCD5p5z+Aslg53lYNDlt7Qu+FtQWwVXPTLTjXkve4WU4Kt9D+dDZQ
bsTKWH4YW2Xn+lM1mRlYMJvL97Cbo+w9F6WZYue5MwzbPkq46q7KZHirHzBQ+peF
CVr2EkVu5nFZmiJyGHJ4EnA2tKAqr8HJj5rPpO1bZOYPmIu/x5Ip6/ACnbclq+d3
Zz5fnTlL8m3uE1H3SPIvMS4HHgv9UYGm5TfBC1kkBshvMP/7lJ4uc3kvX5Z8NwY2
uJTf0/E8ZWqocZ6lRzJ9/BYTf58XxxlIsS8z94nJuANicEbfZrQ1xErN3ljOQJBP
mvF3l9Q740jVAeKTZZ3E54L+jsF1GSLBxLILh8nSocaWsUBtaP7rUpGofuLcCSsV
2PoS9W1uIH4u59UBfc6AS5j/YMccQferCkgf/bb3PVfRT2lQA28HyA+5JVWa8kOA
k46U65rc7o36XPka4ROTLPcvD+XbmOHY1GZYd91+rEI9CrpvfzFCg1q7SjMZLqKQ
YkYmw5jmatZ7/00GYYBZ8ghSgRA+wBNiS1fqO/LDO8VQ5UbBXaG4JLDbkAKtA6R+
VdOa7LiWGnX5Q+0R65Vm79C3aQtWm1nrkNZGSY9m9QB3ZMm8dwCMAhdcqSZMJMDd
U/iS8s8yF/lXT/OuYOFh6BQ9W0ATBucyH0/pb5+mIQkmIFLwLzx+yXc9CziNGIf5
oFKVB6PIdhXShuVtmWO7e6bhBgfVEweoFSRr4fLJnwpRaEcAIBJWvV/1Gn4rOqGC
CR5ltQ7wyQppKrIB2IGl1nZQGv8jTVUxE3oUeA/HI0LwY1fn1DycSinbRtskOKYn
tlgAbUi9fq6yg0C0OqxxuXHaGwfDQGCZGwrTRgd9huxqPHMJlnbbnWdh7BExJ8r3
qfBCxcPOprFNx/H9Qy+cFALphi5+DtCl43pD1YEEPc/xeIRv2kIZJbE7jFxgtvKL
u68/OWFAdVwYykW/A9I7mFmdiPnszq75WLMcjg7+idpsxAoA99FMlLWV3p7CBuBm
MHfax+2FjGLXV8XZLux0tI3lL87MCjpplmt6TsQOXkuOe0yVffCLbFB24WIKAslk
mkp+WonzvBsXVZWnwEUtpgaSbOLUyyZFGk6+sXkzxy4gIoGTuFgl+v3edjRKaAtv
bBNFxlcbmW8bqXJxFywI9L9nhkOla/HaLsn7IopQi3Twu2JPig8VCzaiBnt4Z3wE
nOhZQAUC21Wqp3EXqInLTEbWw0altcBVq16VxTjjilPg84MGWWILkz8Cet/dSioO
hjPnnTmencRlB1AGm72eG2ZYelf7AGAElNB1tKuyTbsSE1kV5qGPAxSGBF2bd3QT
6yUPAZN5/PmnlQBvQ4GFrvtk2QuHzl3pEVXkWJPsqRYbnRRUFJc4HNgpJpmZCpnx
iDmIKgKX/Guqta0LA59AoihUr7SiMjvPq++UcN3IWZ/1uw7OuowZKowP0t3AAN9r
gu1FyE/2MkcC+QaggA5h2jwjyXVI/+xBpBpOJCUvIZpGlE5vsclNt5R7ZMgEVo3U
YYt2l7Ffg6dglLLy+s0ZT+JPcIy8YfPhndJdnIEiWJ3V1I/N4Zpd3/Je9be46C6B
PmgfOK8gffMh7JxASGhoRDEv9rF011IFMM9pNAHdAFOBYefpkSimUHgva6LUD1pZ
eeLc4tve46nzVdRwUtTFsjBwvERuVoPxF6w1TNc0xqChaTOkgXMWHScuPhRX1A0j
Qd2PiEgWeDxGlB7flhkE32JXdEq8cDPHAXldppPPop+v+FM4p6K1x2CML61RVc1z
Gillmor, et al. Expires 5 December 2024 [Page 169]
Internet-Draft Cryptographic MIME Header Protection June 2024
FsJfVOxYMWz6l2yNvNHxu82AwlkPSmVLuUxzXgF/f904dYRRJ8gQ/KJeSyq3xcq/
dNwRwYAmn0Cry65WGa5CMFmh1qJfZuOlosVo0zIV8NcTOzH8Vhej3DPIq2yRI0QJ
XYC5eefXA6Un1Z2lcUb2xw==
B.3.19. S/MIME Encrypted and Signed Reply Over a Complex Message,
Wrapped Message With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_minimal Header
Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10750 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6940 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 2501 bytes
└┬╴multipart/mixed 2391 bytes
├┬╴multipart/alternative 1146 bytes
│├─╴text/plain 382 bytes
│└─╴text/html 480 bytes
└─╴image/png inline 232 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-complex-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
<smime-enc-signed-complex-wrapped-minimal@lhp.example>
References:
<smime-enc-signed-complex-wrapped-minimal@lhp.example>
MIIe/AYJKoZIhvcNAQcDoIIe7TCCHukCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJA1dDo9VI+5UFcFDxXhMKzHtA1z5kW1Ta/K
f6XhNQsxHo/KTDrwxq4WRJ2G0CigW+1MxwKllXPiYpLSYTS68aFotTjeojseJvDZ
Gillmor, et al. Expires 5 December 2024 [Page 170]
Internet-Draft Cryptographic MIME Header Protection June 2024
tImu+zeYliOZJp0FOwbpxmG5mrWu8r8qKKCo9ehmlMRrFOpWvNASkrhNtVOgYguN
FmD9JOCvQKW0F5ehaFS5Acba499PhpaeykCG/+JDs5hPkcDCLRwV45zC0y8t8xL8
exF8I+IWP4ydwtV4HGFbzlSHWqq3TS+y1WYQJLW7WyXft5uo8HphMTtAieMJtuN2
gcbSHi6lNO1VBGSR0KqXdwOxHH/Rfxg4qIFkbNbPUxazBe2d9fowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjFXX6wtAxPiHtrkJi5MjNSsx
NfSlRb7YIXGpS3qFUN/1lc5me4KfVe1Y3ikdYJSYtnYpMXDG6hEUOlzS9IJ74gY1
zNbPNgV0AZ+l4of5J2fQZf40u3eXIKfj+7wq4hiav188ncUlgbnse+JPhH2+M+zY
zwP/JI6EEjfaS3VN90tvvDq9vpIYvT4jKOlvHFgXBATvNEwQJHXL5Ad5TqgM4/+0
ZrHdZJlyM9HuPby63vK0/vL6Lm/dmMyINN2+FvbO4mk2+6iEu3L0wQ2xA6+XMFeM
M3gBn1FxRngECUGbVZrrKFYQPP/G2cu+1X9/bj0yI7k1SQ1rscGa/xOGt6OvzDCC
G84GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED3AtT6xxuTwhMxgCTBYT9qAghug
58G2V4YO+FOXv5YNirBktQYjl9gbM7mxHp5QqScm0poVumKg1f656zIObH5khDbG
RIIReLyvvxE6ubOpGRbHAZEopuCG5ODfy5kouWCvsRZ7Zwko1acU5wAUuIuWFel3
0gx3NsY7GJ6xzwxINKcAa5vcPOtuLosb8vuUkL+wgMGwh4ffgNkfd4yzaLlQLp9u
Vx79nz9btM/EMwa76JgZHeAfE4SUmfW6Z13YxE2dfUQ4lmX89azVuaS8VJF6+eMo
bXksRqv9xbGELpYNd7kZnEhuXWj3WOA7rqmEyySPJdP4B3kLDmfbvwddN8IQKnzQ
6eyktEIRHUAFSZjNbd0h43yOoSTnmBZO2xBUO0Upu6lPozLXc4d7FtnCkFWOkpxo
uKUS8Aqb/tIOxUh/yvfc9B/8qeqeOPSmA/HryWnVTPdEBqHBes9dEp4pPBkstibD
ipfBoR1BcggLLh6GrJJgApsDk3eHEhxcU1au3JKyPGvrOvWtznDB9dyfDyk6WHh/
uZ0UZ/azvRxqNKpB0le4i+XaNhMWA7P7mOgmBgr2589UjZMBW8at+gEpN4F+zzKL
qBvSKL9LgHKrcnqWERm5y4poO4eit4qqWyo38KULcvCoP8DhY96EbFPes2IzJkud
Y/uZrXEyoD5re21rulEJyX+dC4IHI07GfLcVvBzCs4VrTIeR9bRXt9zjW24c+nyl
f4jMWiW4aXQx8KYQp17my/Xq2nd9l446H+Ha9Q7fO8WdijAPAKF1qetbyr6HqJkv
TavKV0icWZgyU0R1pmwdaOQzQJZtgGyCKvW4wUzFCyKc/RjJqDePv2/YGjaW/JDW
7pEeOUHlPf81BAyefkd1NX4DTd3whemFT4RNcd5FcUBUzTvjTTXfmpkTl63nmxNp
i5ykXEPAnqqXf0o+MiLZAAksxfLrdPm3zO5AreW2/Sf5VhItocZFHl4mCCiFkEZg
x2f7GQOtLmLibFmWL693N3NwqedXESktO4MXEDTxIMcYgBQpyOAxf10U6FDUFgsd
WqPt46JpUdErLvLS9ciy/ZGRb12FF7GwuKZsuSyBCE+hkDwBHcIg23kZWWxfuNVt
tHREI/YIIlmjscEY7rfx9894c6bkb2l5bA6399ea+hrk92S4804Aj2ZTq4bVINwk
X4/1p/OcZ4/tpePv438hhcxMUGsVnHE5gCgI+qck4B96qGVW469kvCuqStYdK11F
WgRAXaO8/gi/ZCOFir2jJH+yIpecAYjxE/1GiGcxf7ShooOqbgb5yesHiQFH1Mlo
gEfJfdul4ggBb3LM81DDtcvy5hDLZtyoq2D4nnCLYeayrnEoRCv0CfWSC50iOehO
Otbu5N43UsbfLF9oreNP3GGOBoqoBePsInrFyxBNfURxzHKvQC2m74+kddxmZpfQ
nPXTpQzU7/dotgeP2yEf2ZGRZK3uoMJGw4ZNbKmYXx8PAN8nxB8Ln5m8DqtnbYwZ
Uo2hG4J9XzxYsHWY0M0AdvxCGOC3Xol/fqYkMEXjgki+5syfrMn3bO10OWijyVxS
FEeOcughBLfHJ+SHJXOzPi/XorcPbG/0s5at6gSNbCajfyVClUfXxFoP0G2Y/fgy
aAOpd6BF6boSA/oaEBKH3oEbXnELgYFJitUO+DLmt5TwYTqBYqRJY4xbDzH281ug
7j6DT+Fo6QwzB13KYr+UXrffOMZsMAD3P5bWVMwZ2X4E+zDvy/957wZRy1Jbi9e1
7nVQfDMcoERnLRgB6Xd4aK/1GSV79zaeRiIDvJ6oSNMxDa7XGT+VTVZp286uE4sx
mwb75n14w1NhZ2IUvqVu7XSbNGU95jOI+7xdixIiKn/MZdpzHTzN9DwhxuiRW6fS
9ShZBfPhgEPFTPIYsKt9efgflJNKd9w4H+wWoad8nFTrsa2DssUPcX+wmwC6uZ8A
0dXkd8mKuYzdjX3co0cdRP2134EtNCF9gjXE5UzMEgjBYDl0VZLQ/Q0zibcTMF/K
Blzx0+zmbzeOp6r8KTwm1Gkh/c++wAH2/q25Q89yFjaEaEreeIygeOj0SeGUWIYe
+gcAWeUywemiRireWYBojPXR1mxuVt5cPjsUuer5j77z8Fq8ul/+ZzOltgYMgsoO
RyoiaBijqzJeVf11RC1ZicE45DyHQV0zG5LLjym260dW2Jn8PHeZE7Xn4D3RscTT
SNbGoyyarR/RZaZ05J+RbU31CKOVBz31Q6iNQvxO+tGzOJ8rGwJDEJZGJbIuHmSD
Gillmor, et al. Expires 5 December 2024 [Page 171]
Internet-Draft Cryptographic MIME Header Protection June 2024
zG0DGhbSl81AAKVNnaYaVsarY8MrfLy1STDZPiW52r+DNQUDiQ8zbOOSgDQiRR9U
tKQvEfIHj/sdjciAuaIFcQqHXJsGS4FudbvV8zIz7MH1/NN3+w3olBKeEM1NEwRB
+rfkF50PqzGamPxYCXpHgtsS+/0JRVmqbju5BPxWSFwr63BD7vPJUOIBnwCMbojV
gsHu58dYaLZJN6cwz+KqnlvULxdxvdNmm5NyPO641cSOgWi4jmgyW+gBpCje74ZX
HERHarRQcGT9lCRPoSfANiF1+fmNJkYWDrPWZSu//qjGsizl1SaUmwE3O8OBKIk0
/i8d5LhwCqNh8UUDooqdILf+voE8imUdQNQZ/r1OocccxQ/ogoTS02tLvyejz2iZ
pEA2tIiE7UC3uhcjcvNcqr4O2VYOhtnuiB4xpJXCyIVlWHI0otbczKhLAP7cWebu
HQ05hcJf+NhFV5DbkdQ/ktQZckw9fp1lLiKe1TWX0XerWMKKqBbrmjJXnx7nRjZO
EBy54Yl5O2cbZteolZzrXkiVIqh5eDeOm/1/9yK4v4DRyvvBMh3R3oXdzJh3wqwX
h8zcwKThP1F5dMDj0Z9IyDyE6yfebBRzHniTmlJx+OGxMj6x3VVS2l/WY6TbEKEz
nVUOPlTGKUq3ajxpI1mt4P+F0WH1pYPbTxbkQDHKMMAn+ygMx4vkHY2TcGIm5+lq
u4GakYuJcvVd8EY8zOIVU0CCEfia8gsynylU1Ey8Cov7dgByKsymcDG25UXmgRQD
TSYu7B20fW8Qb9FnCqO1sfUNwVDSFsuP5K0QLr0rjQU8GKkmxGVMBa9tYC4LET1e
ZnCfGGKmk5Nvl4yDt5+qoDttA0JdO95M+xfN+lYiPFqkzLJ5awTYDc+Reo82e9Ru
1+TkkREzGU8YgLEZNiQUXxaY81I14Y/3C9TtkVzfZgIAJ6fcwvYVehLgu7wvgXHY
gtJK6cvpnMaX/f+08CYpQoGpfoA9AjfyJnDswtmhnmJYpcH7DaKlo9kkwb905+ED
4dGoJn+xnZGv8fL15+gXy/eumiK5zqG4bpFsvHzU57I6hNcyGMYqDEPZOh79urhW
dcnS8TGY5iee1e8WGpLjHLGOroZ/XSv1ZtsokMxrUJH6kUWHn99ZOKX19WqASHFJ
lpcLJPnkk75mnJ8l7DI+JuLYVcLDOubgqe/ZipNKPrirW8CTzmE4kMyS4kjAdcbB
1mFS8dNMFfA7XxJ0OJ8yLpMymwV/oegWycfnlftjj8e3Zd47X90X6c+0Cid7v5FD
qyNkkcRNtmpEONNz7GMulLYReDEkm/8cSZzCoNEpmYamsz8EDFHFGrgQEsrHACj2
Q6hwOL5DrMDMuoKUZLrZ1SIakssoPmqhrQ3fNiRWrp4J9tWsAdZjHVGDkU+pDjt8
+oT1mcuuI21AgfJkXtiy3qjJnX+zWCiELaeLifG0NheEK8C838oOnA2ZiY+kb6rv
8wpXrqPfyA2c3mO3Gv6ZcGMPTvuO2okqTqn1g3xy+hYBHKSPDX9k3mOPg2n/hLUR
kG5R2krM12sQQPNvaVdxMLeYOh9vOQsSUmjiGAfbtVMdouZXLNwLD0FshbCVE0g1
rNyO9aDLCVGsoLR/lsOfgvsaFI+MVM5p9pGAB+XzurLEG1LbD/dizuZidqZteaHw
vHhiGyliCLsk2GWLJ+d5XUuBpDW8MzTzHTHrU1Cj8KgFBqbHaGxSt+LzimKjYaS8
O89+en1kMlTjYdyTvpnet/FhyiucZphY5gDF9buD8VC+EzgFYjEmC12QkG26KZyW
jgNt0alcj0pZd5V+wDbAxQpW/zl39wtIx9wIXCvenPnqPLuYVIDsnCRk0wXltoY5
Za9Z/hGrTxjRk8tcFumNHEJK2WjLr98hs/QcXVsaeJFAMiqvP6UuClLeiG2TVAy8
Uh3Ttd2BJx3Pr3or9Pobw4JnL6BrtchkigwQBtsBI+gc0okHxVsWiDAdxCKfwFUx
zeODWakuXliZO//gbBgCVL0kTJLkIo7que4vcwknVkOHgb+Y/IT4mithKVpO5H+N
Cku4NT7P/7wxVQARp2pfTYvjEaD5lEcLAXFfOPlDQWFPNzb4/k1iC0zOzvzuK3vm
5H5ZB6ovv3Hor4cEp1SEZaOGDK66PBpM1lR5+eWBBOTc5L1L+4N17LY86Ik1Weee
+biCv4T/cjZN6Md/nJX6blVGhx7SctTHGjmgCZ/DL5YEM16aUVTkBRnlMW1XbGmU
8hxxIrFxkUeNjwBD/w/vYkVZSUqofJwaf0aP0V/5/AsF7aDh2hEdCmgdzSI3c6Sw
lIgcFeji16dKUKtG7O0ojHS5bs2R0MAPpOA5/0W6pj26pcwc19klnoNes741WvP4
R6hO3YOgKbd+Mrl3Elsti6wtENLu7X/FwN/Qg5oA+nL4az0mh8jlhMKjA2pj6Bwp
Di5O1jjJ0JypAUEqf+VkSyPV/zYJGT/PFrz1PI/88JOdNqu0/OzM1o+21PZjU7R3
c8BXKWzkyHtFsQ0JTb0eKf+oxA5IwjP2n6OjsEawvudFFuDkjD6d2yVjHFMyc6m7
mXvKZ7kj6Ec6+sGeQs32v/cmfyNU45HAO1Z6Y0rSw02Gf1WppLJy3rr2vbmzMnWT
HcQCZVF5Y6dodmBDEvlmxwR+dPtq6Til71Ym8XKgoagGgF9F+lvRaK0CH//lol9k
o69sjgjWX0DUdFZupMuvA8aToFCULDakZ6P5P98StGHUZc4On41/rCdaRscVtS69
Qc+jpCFQZnNxZCcKi7JMh+7ht7wFwxGX3h+nkraEF2Y170df2x3C+dNJSLh64pU2
dhKhMLf3kFpcQuuvzPr9eBuqVaEFOKsUvBW0Xb+Kxq1L05lW7JbcBR8REqKMZJOc
LxYrRjRYYGVykGvmTxXgHzfrG9RbX5WhUEDBXrD0av0yXlmxm5KMq3kTEv3mtbHZ
yZk+fXnhKcRrvGncBnZbBGEmYEx8SA369l3AIfLZxLfGaBpFNJ6UJ96tibRjnuo8
tyIs+8YLlbK99UierplPdajaC/LFpVIEK/M1DxTVbV1PSIyCDh6c9RKzdAqMsNbW
Gillmor, et al. Expires 5 December 2024 [Page 172]
Internet-Draft Cryptographic MIME Header Protection June 2024
m+86PRAGVw7R2KogaKgqnI8gU7W4x478yqb+en8nwCD390sktYPdVMmfgK3P2RB3
zNbxUniUGTTAORyYpAFqiUMY/aXCXRViSAH6ViMnw68XZt+MF7Iloqug0+IMg489
zh0ug7XRRrhjsFidKTt+PwuknGNmtwXbVkSkszOpbnNNSYJKE51BxoJ+2DgEkD0E
pea6SR448rmwSMGcwIX2PoAwT/CdaCoPZwMnEEx0dOblQle+N+9aYJAMjgfq+ZpJ
qA42JQi6kIH6Gv6T8Hrty4cmZfEjYeCwqes857gJhxqXgiKdcMUZIAcBIX6Ok4Lx
YMDnUXhiBibbbSCoDZFNPNppjz72w8OxHPw+d0/fhp4v8g59ATX7rrXFGasdWkx8
3/PWINeEZOWOuCEB5122uk0lkvM8TY7RJWfSbld9bP10OEujg3CyAusIFep/etnv
x6cHXbifM2AXBSr+RIy9Zw5MPZjCVZvNry2sOquDWkRkaMyvexGFb1MIwMe/EP86
2B5r+JF6MMJ7QTVPwei/RJNWRkq2SQKGr+fWF45pNjpZ5Xurl2pKWsWiz1eHkx07
00gLceH9ZumIyzGpnTcibm9r8v+0HUSIRMdah1sGHzTPUlVrsXx1gngYdQAAT7hN
IgPQ9iHqNcZ/ZuVFQW805idjP48/u9kN7MGIpkm4OSoL744Vyuk1k7n9PwopfNGf
UEpX2cotu+5VQCWBIOb+2pPIoq10E774A64KH6zlSWyKvU0/kkE1hnGTcY4Y5Ahk
a4l9i8KgmWzGRUjlOHfgYnwK4KqwciNFzE9XtroKcJgr2NWuOVDBu+M+EmtYlDRo
+v8sO7oa76xTNyownDSvseSXsslpVW5eqcYSuoqS+AGoqqQWvyWrvngYvhj7oWqJ
5sVFphvBFG09AVlVRfTmWwzkdIdWCKbtjeTnulINnvrxx4OlsAG59MI/JhSYidoX
GaCL0O96h69G/c6HxwEsWP0vzSqxs7r4nOMMaHQErUz6BxCBEXImUwdoVbMC+GjN
KfBvXuQhOdYblqMNoCD42aahMz6O3aTUsQD6hdyzKKyxyG19lCkcX6WK8XG7UEab
P0N18lXByyPScoVGMu88BtC5ud1gaoKWgTnQmQhHq5fX3fLsQ/suL9RjxgmfMLmu
P1Q5k4GVbb6QoFbwwStyRZHIsLjeL0RoBWlDsOdZZLRn1iokTQFEr8zRMZhnmS75
9IZuushyyVtQCZOG1kYBl0W6UdWeDm2HRQN+o6I/jwcVpmEqMWC/1xzhelsZFZ63
9PUsJWmhoj0fEIEsUB/p5OH9CdgpPfzSVx/xMtuMpCPniH28kThvVDKvp3KkRZ2Y
26ipGzCKllu45acR2dy61+bDRfA5RFCbPmQh28z+ytno2gBudIyt9OZk1IXXqwli
H6yR3YiOcwBHqdrDTntGHB+inSGy11G15fYWVDP/B4onCqTtuvLhJPqtF+YKPrcs
gsKTQ8X+x0a9KQnxS5nbRdV7dr/9frgOv+99SX4t6USQXrcK+qD0RPovfnMNkFZL
ToI4gNuQBxK/5YbfOrxpV5/jGBnWugpzmouVy5izByQQhbNKqJn8GKghGJRKH7Yp
qpjkCHY07tlVhldd68zJHLw80Pc46+hUObhqSndYFZpwc9wyaeyC4EQ9pRWE+SaS
1Dwdpk2/Jee2ALMvHHxzTzqYMGT8/MHYbW8A+68ljBxleizZtEjkwzKz/89V2o7i
WXtJNzEx5vYTWx29wzO89xghwoum9+nGkFtCRWS86iALqLTQa0Wt33/hDW4+5NmK
mvn1My9HyAsfabVmo9xqDcKb9RSKQnHg+HbZ482R9Fs6jXJmuZk+A6IIfYOniw55
ENuyyRK4lltHYfEof2sfC+vSnUHGV4Ys9UCm++edUHoUB2y/Iuc1BhNC2kAvYTyS
HKLkjT2fSOuO4t92Zu992icvVjwaUPlTb3q9Tyh6l+RwFKnZ60rD6Jh7AFlA4ZwB
Aj9JU3pGwsdvEXCVCg8PX45vxHCEsMeza0l7AEsQPyYZQKr64CrqgQs8kV2gNJCJ
MiwSNeMMAg4fTRYk1ragSv8d2YCztfsdjLZ5NWMrlJG1Tn4pNtDJfzWLKXguLZr2
bmKeoUwfh70A8RbDjpIc3+AVh/y1HpRvn2h0FMtt57AyGZnOBLtcJphACZCdt7C1
Y9WMWig6Wex4+Cfql/VQAmhd1ECubYs32FMZOWetCw2ogy2kHc+JWanJS4PeGi3L
M79jOkyTMRwhrBXBVARxLqYsbKrBDBetj9uJq3c/Iop+4bL8Z0TL6N7yUeOHlSQc
9b/rH1/w5g5QKenfuWE+9CSzNoytW9um1BLY66osJSjsw0mv4GSUvMRqB9uCJgbc
CyHgxGfZIPvmTZAbzna4GZ4RWQ7w9RNX5nAyvASJ8ocOzQbT52h06bvbpzSaffFQ
Vm9hBedrnSpqom2RqRiB89VVwLdBIoPFijoYPjoTiFWueEPmQpymJJyBHkeLW7cr
y1KMzpIR7E4rLCr4AJXRj3+V53q9TCmmMKhVx8bzG49W244ZQ8lESubBDK0XN8q1
NoJm4p0mehVM+w4ydCx3bm48wvrHDpT7DH+LS6jqW00Q8KStfCgqonvHBf2KGjeM
8saM3TO0kUdJCAPmDis9EUUdWI7HokST71tfYpHSER6DxgXXIKYBF44ZGBDEiyiu
NxwnZJBS8K9jOAy4JceqRg4XZSYaYRKdhH7dV1aPBe2HP64MTxNeCs8/IJf+IBwS
Zbp+8olxQe4ZYyN/bYPSU8cPuWaNTnuxJVXBYzRvfR1zB0wXv7Q06cGLcXQb2L9G
vMdAczhXcW4Og9EUkDi3i44NW53V7xZa/itAtwNaOGHI+JecQysQOlw3C+NGVqzG
QcXy589/3B3MhJ1iCDc/AgyLULaSS9NYJbJX1eFPLhFhaK33QryGNc74kd96kmEr
e7i0rrhSKjZ+6eiQGlZmHZSx3a1vt/y62AlZrU+4rhQlV6YJ+aXMJUWlI0+bBBxR
dQz22bQjLs7kyvFStPczyiI67M4PY/4wyNxVHafJBpC4yy9q1E3LUpBHeqQP4diD
Gillmor, et al. Expires 5 December 2024 [Page 173]
Internet-Draft Cryptographic MIME Header Protection June 2024
QMR6eguPDbPGEchj7iV9cOvudVwGs3865tBRivVRWblOnyExDUgrGlVbJbYyQbwi
2ZEOiDtj/PwLUxSGNDXqcdrqKfuHTtrJi5gftl2zDmelngv6i71tODrsfVDFoa5t
0HMqjhTX+OI6N5dBG2m5Oh3R7hWLsAxmrczSs8NTcFh9mGZBZivQymEzqFgjBxkJ
3mC8T9ZXStIPxawdnOnnXxTlF6w0+qalLkPFnTR5htmM8YZmtF03oXyPDqHYKpdJ
VEU1xGw+t/IzhUb2Ou2kXaMDb7MX17XWu0T+y2DQ4gWPkSkoHG1WfX07Bsx3Q+j2
4OXm+q9iPiNha2pQciuIPE+8E22hXcLFZTmC2BwSnXy+HLYBSkAn6aFYrklcDUg/
HDxDZMsgaQ6JwnJAMSXQj40INJm4nMBcshsyDbsyemxliBrhmgs1ZPQezGJeFJqL
wCektSR5thTOT3dSJrKkr4ZNKCobNdjUrtR/vAFz3jRfdrsQVh0lF8KyIQK9uiNT
bYu/Cd+r04mw+qj7OAev7d75Jujz0uwhpA6Mf+f0yXfIPaI6A6/X+j8Csm0HqIhI
JIO6euBiKqw295Ob2JcjmBcAHkQ7x8kvxDK3Cie+0xkTkUFDh3y89AsJK3rdjQmD
95clDlSO+vXq6beORSMiIljy82ZIwwkiyvb8KBbKD4dfbDvwV3ayJ8hfhC715MUB
mbXVwpSoD79wY/FmypKgxg6EWfk3NQbg0j6nSvFTu6dF5x/IeceHrF4WTRKcM4Sm
LqbXAJEo0cw4LXpOOnDbxzRHkdtnZ/Wty/KmDq6waBWLBj/4a7Y8ayy+GB/JyHKt
m4OYZopodsVef5fog7+NOfMV5qM2f6UUdWdJm+8UvoDnSRpSCF/bW2EuWxSNkD8v
YRlxuHywxOpVsXmdj2+DIJ8YUslk7MgixQqt2uZ8637qJobuzeLrK0+PfL86r/ld
IVSgpNX+yZiD/iw9Zw+2BmBdZGuDY3ylDk8QkJTRdltXucxpdv1V17vEO1oWGGa2
nG3eedzd2VORsORNDTaL8A==
B.3.20. S/MIME Encrypted and Signed Reply Over a Complex Message,
Injected Headers With hcp_minimal
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10705 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6906 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2415 bytes
├┬╴multipart/alternative 1150 bytes
│├─╴text/plain 394 bytes
│└─╴text/html 489 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-complex-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
Gillmor, et al. Expires 5 December 2024 [Page 174]
Internet-Draft Cryptographic MIME Header Protection June 2024
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
<smime-enc-signed-complex-injected-minimal@lhp.example>
References:
<smime-enc-signed-complex-injected-minimal@lhp.example>
MIIe3AYJKoZIhvcNAQcDoIIezTCCHskCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAILUNliUOep3GEgwzcfC+q665xik3d8KXOpq
9LojsRJWWg/gJuYusWnGk8TFwbCPKIxtgdQY0YV98kITbRKmGjvUgWqDdhllgURo
ZWF6Nlt8BCx0lfsodEdJww1tePP55XQ9ykPLRdotOWQWmwRxGyft9xfv892MfPG2
n3W0p/dA+E2eNS31B5P7v+dE1L/gm1/KkFm5BfydV0pgSMih7RLhLoDn1Ln5JJaz
0ZucSU6tFcWV8VrbSwUFIZU7KXH6ZtLQhQ18/y9EAVhegSwxnf9yBnF0sdTJu9VW
3mWBJO9vBdF0FsZgWenUREm/tgf5rCY9qYIHToQR9kA7ogBEyTgwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAM2Z6vlgM+ghBYYw62Ba/hW7i
HfK6LPmy9YmgheFbe2NPA5qPKBQ1mhMYr1jsXxUPKN/V6EYyphe+1UkpkhBuIZsP
L58JVPveXPUtR6B7pr/dBdxXMxpxSjpJhz03VedrQugqsI1jJdKbsFRqCDTqUTFq
QkMgZG+bhgFP7KoPBw21mqoVHevgLfPOxB2h7kqvH+0e8NCltnp//S0bCnmA5k3c
IZpasxraMZxx8SX0rmBo7tOoIQle4d8iQzN9oO/ZxfALRimO7h1a9s3KCnk9+p1D
2OJ5jLWilcfYz53EgIXvfweVANEy0yjfMAjMhearh27H0cClFRAEHbGGYLMVQzCC
G64GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEEPA4zp+XkdU7+PrLtnvYqaAghuA
jtmKNzCkHzfj6ZO6O9sWvBAhPm+3GilXQpSW6iAq4w6yEM7GsuYrKK0gYoVAjnRZ
NukGWu9Tak9GRHaySap9RNwgs4KxA/9kfNJ+g4rxm9v9cz6AOM+P3rZlTluNnD4D
hJOx7yNhuTzhqHZQ3fvRdNEoY0qfZxdA7uxYnZlc1ncdePwd2BQjfuyDP3KL/QI4
HN1ZI26D1g3ovFqnFl2O3Xta+V/MlL0FbjbRaMylQV11UqENYUdP73KH3Utbxoqf
uDkVnVbz6LiUn8VwTq4tvIMVC2bTaHVwDOCJsLdT0VrM4lI7WylvaYBRIsORaLGz
TNt+d5oS7l6HNGTNUzRcbazcW01B70rKSVA1zO6hFJq3swpZxt96qw2OO0GI0Rfa
j2ax0sGbH/27MJMG9b66t3i2MQQJYIGb+XSniyFr1auvI0a69+7B/OwAV++VzxAv
SI5Nz8Lz+s+4HWQc4xsfGDrXkVzRjD5/6Bj4EyMqaQC8FPOMCYP+JPJ6hISk6fbD
UB2kTrY6J1+SzzCI9afmYlu8hBGAOz3R3ABhw8RhdWFdwf6/pnYhmt8Zj5g7lByw
PX+JH4H4BKN+62Rw8gCiMN6PvLI1oEaf7beRuj4fSfa/kiEcrW+vc7xERIMk8ujy
OUxF2PHzuzNxPvkg+WI9OsZHI1IhquULg+FhYZr8mv101w6mfA63eUtZCXIGOlGM
7KSP6yOkBHMdZIEUElvIX8ynBVsmUyK+K1U6HbNeaH1w3e5uAUrRYwH/jnqI+fV6
ZMflz+T3wJMmHx8R3bSS34sUUs9VhTd6uJ1FvxrzLraAzBeRKZd6yG0gnL+WayQP
ysKM+Quq2ALziFS6+/Uuv8ssVQ2A/65IjZdP0B6AEX7uMFVpUF4wjBauYD81by2d
dpBYmuH35DqSXgnzT5gKmVBX1uC537LXPq24IXY5ZWN9XWlv19bu0LVqKkpC23S1
IdBYlY38nD734vQ56ip5gzDnB0+2TdfDHUDz4H0lhcTzMShl3lr4rnzBLnEcY4Ma
6Tgy/ToDjMkpZ/AlyGkpkKOlXCqbfiTawVCccxJJhHeYIhDrEKVHIX2/mNKIzT10
qe2E4qUtXAkEzjOj7DDs7nqJjP3eoZN69WiJL+xGYwzBy9H1o1eWH+RplG9nlLKw
gbL4R0slZycnR08314ApyFGB23tmLJNnIUxWPeR+Eu34vohcm4k9rvbtfKOMAjsk
lw89YKKJrWVubUfu4Q3xrsKoZ8H/u2J/omOdBhAQNKFwqvxprmycyGlRz+RhdIzP
DLheT16f+MRVO+SdBs7Oix0McEJyyQW5BZA2poHfdfEoTAyOOMAQl/3j5gJjSsrg
ODuV/1ikLhEEd8TKdfG92/C65dmxTTBnTs3atrUm34ZYEvwtAoGwOxeNEJfKmnEE
Gillmor, et al. Expires 5 December 2024 [Page 175]
Internet-Draft Cryptographic MIME Header Protection June 2024
Wo2l01+8UTKw00Dvc0IifKbc/oLhLKjZYFF4DU4OSz0m7Zl7qN/m+gbThsZ7ukS8
btMvcQu5bKckzTmOx2b4z4Qssvnf5viV+ns/2PVrWT8iR1wRoZtw06UBLVkxtrVB
wyqMUcJSzCPR+C2kosoRHkYaxMjcgFjkw+N8F/xfu+cSB0gthzKDuxHbrfWtuJzW
1MUEEpnmKhqGjxdrBVk+aA3uRIS60949jKQI/Oyaa4MdnccMLmrZ37cQPjW1OO30
WnoUBYvQAMyK/iX3g2+NYRQE7FLwOlgVkHFzJmnd3MtC/QITzYXk4YgPKzrCNgS6
1FRou4k0G3rbeAJqvRCE5ZoyiqvO93ZOokqa/ggUg0T7Rj0setaOCjD0yDMwlYv9
iA/+byp2kp9cAFFY/tgUWSqRgImOPWsOY1Da6Lp6s+gAqQcR9cPau7aEa/g/5n1F
SRqR4j9wg4d1AwmVg2Vq6qSTuk65++6zlPwqSsPXIWHIC4m17YEr2JSZUOCslJAc
Btlrdi7s3RMMrlAGHW5Z//Qfw+Mb0U/9sCHz/HKU6QTMm0Oa6hv6APb7H/hFydo1
Rev4vbP8h1FF3muX/n4CidGv6Qhdr5qGUPr0NuKPzOzJiNj27qlf+aW4Bcl3g76P
YPSag0PcVwZS1Wv40ZO5ZRnStnnZk0sCcWFnMIoUlf3iJDLGT6baOya/0C0chRr9
UqXKpNamEImrvzmF+gN1HiZeY1vheyGdOU+ICo5fuekPgU9N9GilJIqxWojarGgt
YWIwjChweFq5FNHY0pvQmk3XcIarI8iNkFekVs8+f56ExtBFwW4EKUhRpa9pi0PZ
j9L0Bo5+/iC+Ucp8rU7b7Vpnw3BYver3rO5M1iTbPOeqGgFaPnydfneoOOug8SWh
pdVdQ9M6aldWioXL3YnYKIGQZ+28iQfJQKra2p844sjo6pOPWrDSWjfyvTFBkXaY
CUJHMWOEvP3V0pYP4AJWKDZmxLrH8umpCptuJFDWQKmrLTh/H5/C1aLHETjs+dKy
hwvGShAnMVT+73OEPsuKoAn7kpd2sXuyJUth5pvgLPw6t6LuIIg9lLjIyd1EYtCq
kTx9MKhuCtpdl6rxrUSBzxQAP3WhPZejMIg0SSEj7r8QCrNH25BxOELEjU5gTrCW
4+VKdzoECAa2eytn9U7Frkzr7Tn5Stu8Bow3QfjdQKjflKNn4lIocBMFF0cNV2zW
Vrbs2bxStOfPap2t3jZtKAXmQIOrlG13kmPG2DBXdDlH0oOrPv/PA2YFMBuDibws
XAjmA7vcydysOkc7aSsJ8w91PP5Zw8W1qdFd9NajgWAwJdfHYvZ9IcWRGmCVQ+p5
PFbRyiTLatqYP1en5YSL3q4GiGDzXB0KBlHLFHRlm2juAnhcjqVjfabwgN2JO/0i
hZa+F/auq5kmIgLlLjbhAqlHXbpZ43cz+CgXet+YyAy656B/nG412fK2my9QuKNX
r594mNMXAytuSXyEOo+ZyJGbTP2nMpBSapCUuB/4kzDKRdBI0D4AF+JUx4F9et8T
uNxITx+FVtoLhzpnlMI4fy4RbzHqeFcSW7tMhyQgviSkCRtI6UXOFoJ3lnSzn+ED
dodZLsfmVLu3VHWu9mv9DzjUeCMfqjE5QxjwmArqCCf/Wtv54CvjRodooun1BHrc
Cfcuf10KSu7C6Ce8JbZP619jllnFBNzk7/CTCA3CvTiLdVEW5mS1wcyKFWmjisnE
GvKFh19yaCWihTpQR1xMIZwC38bkxSj4GKwitd8Nw5GCCR0guHyMPrjfo8i20fz1
7ULn6VGt2LC+d676Vgxf4Ra9l07GOMN4JC/JebkuSDNMhpUoEIligqcsAZeStlV0
PRQyewCGotppbXQxLicFPFk+QLZKnTBj2vRAvd2nBsXxfCG2CIiAJmwj46eE4Bkb
SfSXF9ztIL0IjvuwGPDP8ZRQb5Ne/GfEFpxhBOQ7biFfoZQQqZ9RfGVZHhxmlHaq
WSraC+5GwMGyD13sJKfZAUYIF8t/dqbvUZx8Hn+GbzFqgz7i4yUQ9j91NebZLG++
SOUaWTNb67tjOEL6qJoBuse9vr1XtSAlBqyBtD5D2kuY26Ua6TUTvG/ZwTC6va6/
D2H1hpJ/EYCw4+DagHNHogPwsXIas/rAF03OMuyJu8CJhn8y9hwEbuLdmMhMxYrn
tI0aMlorfkFhdUOQ+2F7SdEbzRTX5NCBOidLgjJbrF9MNbGo9ttClweXUAtqPTbu
HEYUsd3FqxVvZ0G7F1C9qaROnaXG3pLkrdcEizMwKohXnKmD5mXmkrCvzKAsVlyv
NhiEMCStUE2o75lPKqZdvVCvyHw1kkYSeBatLyBE6rRSdld8KbDOXflppIdxZIz6
C9zOVf74rEPK0eDHy7jG3xxS38v0zBQ3/9I3Xk8Y3dopN+1xQErdbpWVB9DTyanR
XorDlFoikBfHbReVVrArHVk3phmwSXgCfxU5VMgWNjwISy4SCTbj1utf4mw4H2hJ
TX5ia5oIotj0aE+15iY7/H9HjmMhsOFdOngYUPyCzUCA7EekZ06qvmVUIkS5+pxy
MfFoIjPC35lfe5XuCKM2YjKPq8fAPL8JxsRa5h0ZO3UHeY0OmM5V4bM/doTA3xMp
hcXojoI3GE170DRsL/R6iNQV0zlSUVveD9qkbFwaB6MLquqEEkmg9o4EYy55QeYF
YbClwvfyTrRaV2vTO33QN753JXKzxvtkWNqrgiXR+h/nT+ld+AD6/Jq1WXPvIaGd
cFQanTqnkbV2rQQE/ka2D4s7sh+Aa+H3c87dI3N8JTUPXOW+gwnaBY5AB6EsZ3cY
QHrKxjlyvBqzF2ukQGajAb2LXwzwGKvJMM8naz9pYzTu99j2ya8la4cwImWCYak9
1mmK501W1zobqvVIaoSXaMhpUcFfzKzzUHOS+eY/g6mTIageXH/iTZlTwGVuJtc2
ec/yVkHJSwu/GWG8UKr2Um1rOoGrbwRwmzLae5Eh3p43RJgo4mVS12+70dkI70B/
xA4B8qoZF1mUQsm9s89tcK5AKZOV/WYMh/hGNUMPe48MOcUDUsRWKZ00GslKk3VY
Gillmor, et al. Expires 5 December 2024 [Page 176]
Internet-Draft Cryptographic MIME Header Protection June 2024
/4vYcV/UZk7eNAvswZHOTz8eL6Zuoxi4pC9iwBqSsRqwJSX5n6FVowzRqX3TeXU6
YDrq41jNthcJm5Iz7xvbBqJnIMSv16ISYAcRNvQTIrDrIMYUX/qYz7+OleCYT04s
eA4MM+g81L2DmwDgDhq/oNrlCGYGdHXg/RyDEgiPjFe9+9BOUHXBMLnpjCUFdmbc
XxF2JXk4R/c5GJVPTX0X5NWPEuNWYtAe9ELyHo+z95MyevM1UHgD8KJaBx3oqSbL
T/LhLFt3fCzmTWQoJ+sU4yH+LVxPLKXsPR46t1ivJa7i3IaFAlpXUygbLs5jQnU7
EenwJV5vI+G79PBQ2r9OTKY1Ck9KLmpbfxOfUZyyZUn3VkPqQTeUnhJc01AF3akw
E76iLBR5tyGl3k7NmkgTM7KSGil3OBJ0NlFmlMNFKZ5BCljAIel0FJjVmrf8h5Ms
kwft7sid2VpUz3Bu29tUlBKx8KES55UK+xAbIUx/4/TFWyRLQGF022cCy6trAozy
r03dKl4r1n73g2Y3n1WNnWUWi4Ti9iXF8UiGh06iLf0vlhpKRLA+cSOa9lK8l/NU
QN/nltsVxy5jstiXnMyPlqYdfqcds7evhfoUv5dRQevZqwaRPcpXWwrDDOoYUTUG
VitsBUUFh3u72139IBx0/byPwfcez6oEP7o6lPp6+kAz0GnQB9fI9K4RMBGR4brN
2GaqKXVmJIEoPNnJox95zKQXaUShbKxuuPZ1R+TvYSbwpEThKafAIrElG0DYClcy
8dK/BJoqYf3MQWjL/3pAqbfJ2NxTy+AT5JY2Ym4d929RG5lxqLc3SN0kAVMiI9Yi
762gqaQcNln1Jk3GLaKXtO2XpAfGwn+rUPEEwB9jmrpEG5sKo5Zgt45Sbsg9y8Kw
FKIShj7Fy+JJCoeP4jInD/8H/Y4kPYWC5mg9hEQRT2Kb6Bc3Ri8DrhQFY0llQhJy
+Cz5gfr4lH7WWY+WaVVhcuGCiN6gtZg5f8SzFX4KV2NFv5ljSd13e1xM6uyz97Cj
YGnvkongvSL2Apq93OtL0Ouq6rXU5wcSsA/+DLRpuB00fPFTgwDmWZxiF61rJuhY
FkT6V6eLze10fhLWtMWSZCB+KRpMJjwQ4wI6HNPUyuDNa6aUV+UmUB767q5tYViq
vNfsUXte9DL9Q533232zj0C/A8eIm/kj4gvmzDv/fz7KYdl3UDBd3oMeZmcwO3R5
4RrTrAEzuqsahJCke9QbTxeUfg5jtuwKJLTiKns+NablbLpK09MGylrlZWuN++Cf
A+7ArUHz53clIdYANhexHOlSfFUX7eRGIaWdOlcbIiNQdZE5VIRp87r097wU2qGl
mtaecKknQ98/BFeGdJ8BHuwyfETo7/76ICfK71ggOOaqCakqsOQuIM1k9n8ieule
PjDI5KgsFkQCYb9OPeq04ehQ+9lp2wawm7X5Zbe7DVMIf7P1eHShjadIwwPwqDHp
B30cS4zFCnmLQ2WiCrxUFxijAUlLwA7Ng6LOoJQUQIDLdoXAmWLG24nafXN8h5JI
ij/S8Gkt6VHkc0nhc8M3W9ocn300s+YMGO6ixj7jYPNF84eDIsWEtDQX2z8xUZxv
S0vB2BXhpgbhjckgHFjAigZ/X0P77+SCuEneOATwdL4+M2boP+MRJBayDapjbVnL
iXEDmvIrDZ7Rcfas7RIk7OTFpGQgpYynCu7SmHaRU7Y4W3xFmFA455PY2AvzGA9Z
GLBzN0Wh5BlKYvSHBLS6fvaeMs2gGjOWs/QSxEt+5vmVOgjHWb1oVkEnahLxZDME
lkk/IEmHBZwpHKUs6F2aeBvFyMFxetbY28OigK7ffCKi3NrqdnNF/BEZTJIrDYbW
foWyC0ifYX9tOd6NgAeaHNFF9/DnTY7iAT0exmKd4BQd0gOqcHzi+8Nll3VFvsxc
VHpBEwkrlhCVZJls5C4AWS3yevvoEl85xqYDX88SBmEMkA7kFGuuNspqItpIkW/6
i7+jXFWDHQEqD7jsLqYm84vDNJt6xD78GrFgf9wydJW6bJzhgvEXCFjumugTgDNv
pS3D/Jp/4uD7Edg+f5TdAR+RodMSOCOOyXOh8Z67ttFgsrrtAa44vZQkDpftRBBy
NmxX2xXCeMzeky4/zzgpl9qkBOtrTUos0KijKoEQK6eoafxUWFPOfIRftnyNbSRA
s0oigOy5s/s79kOtyHrq4qjYK18h21iaq7nhGCwCy+Yfn7L05Y98LPbNfryeG6Lx
jArBS4+o3BXxvUtCEPzNmw2lv2hG8JDPwISeYdAViShIisxT4tyDusjOyCsSsIcG
P/RaZ/aWOp4AJk4xPFyfF1L0d7O/Dn7I5NVhhRdPnhEJyCokG5tR9l2ONO+w2KC1
nwzlO20IqU45xcbt55Kwj0OBaOVNdajckku62BiNcmi3Ja1Gzy0K3HSvu/1hiE+i
7qPqQzFhfREP0SuBk3dKNo8oImm4LdnnnlTxboRvsSDoxWFnGnelMRE4L9aY57b8
D33AU70rQL0c0pSZ4ldMSY7vMgJMXfaV0i/6rmozr/3h4HSm4rGe0Z+6Yu/4KwfA
gFIlmWxtEszIkHA3pGxB9udv/hVvXVSvVraXazoqSOQdZkvYCneABwMfb5mRRV1C
PIxKz+aIyMgNC9bdkYAOwIoPpO4Ejf1PkmIixj7ecncxqKNZkHE/gsQQSn2s9C6h
E3p1vdL9y1otnB3u0WqDlW6s0H/s9epd+dkHfj4mZbNL8XWkI7Qa1iVtp4t7s8TN
ISzNS4itTo3JrnjPaXrP77sRKi0ps4kv1BMlrb5HqX5vYQtXO6PArxP86RLJVvdf
cwtecvaaTSwq+hcJnxNmWtp/dFLXhMq0nnypP0aU+A905ZEO4dT4BWBkdJgZxCwM
h5gjfZkf7e67EekQntpAuTYAnBE4rKjw4S+twsxGpze09LBvO9TJi3Ie7tn9SdKQ
fSWpNG5iUGv/9i+Zod27AFkBh9GsNPnXJpFz1JGg7lXk0wHhcQoINfmvsN/yfbcK
T0c+1YRru5w05cwc+TKexnFUkehCMzclhsgA2W4ifP+zU3ibazsEjozetjxBupGO
Gillmor, et al. Expires 5 December 2024 [Page 177]
Internet-Draft Cryptographic MIME Header Protection June 2024
Vsi8I8lM2DC2wEJG8TQjvOYTWBx2FoCTjpifcqsaofaG+RbVhbOjvCcCBaxfTrSE
n/EXOLDh/AGqyxDhGh3y13tZUWOULvs5t2wWFZAs6DzOsrf/BpdQZ/XczfTrQHSI
BEVHImyNuQ/QaJbP0DFX97kFUJjfNWa14fvFMlOHBebeQ8iwA+xT+PH8DhaWYTFG
J32V9g2ILDD7AZLAtX3DuggKQ+6ncU49Q9R+xBtDPo8TKNr0imz2mj+fokG0iKfw
IJHjfWuNZ9SsqBaoWWP/ZaxaZIryVCiYRr1KkokbL6fwD621GHUBB3NZ/zszrbFp
6F0Rk7hB+qhxzXLoFNfD7evh5gVsD71XtrUuyaTdc88Eriaz4qVIYznuq5NYN+he
HB2fX0AK/uIf8zPKvuwFYLqWqx0yAyVrKbTNdmnu14bBYgfeYlrsnNoYB2yp9sBe
xldfmHwwPkXjUXulNFex7ly79ecAhwJK0qySzBeisWO8AyMOuurCUTaVwM3XpehB
V0xf3ZA4AXosG1cDAjmI+q/udMbM+w+wiu3XDCFv2bEULQfEb+bu3pRH/kIcTMU+
YbqTZ0jEQXvm6Des/rgWSZ8Qh8Xq7JVTVR33mbWY3P1wE7v/okK6x5O9zdS/I1lo
CFn4ggquL7/LBTo1aR/4mQ/0ZXK52Km+bJfIeHv7EPiTFv3Fnq4HDibbR0DO1RU5
Qqv8r4YJZU9/cgMlASFw9I0Mi4cte+wPAWy3Bwt0ssQXGQG+/9OPF7JkaLqY8gwp
ZdJNbRqLfXSmnKhIFmgBNd7z/dEr2+0pdN3Yh+ncmNJ3siuRb2rDvzIagNogFhJF
Lladg5Fs+yygyhwKeJpERkOSwu25N4eeqwWnq6tTbnHdsRrN5buq4PBrsKfUctTo
Ddz68c2G9jSYvLD63yPutXAeB7S7XlZdp7Np7dPjscUvL7vL2odtwPtm0hNDPF9o
3rnIOEWtx8d+2HlEslxqtYJdJ/M1jLYfn2YUQMwr4tNfKaFtXjEUAvcV7L4BQNFz
VgTErW7P8pa3HuqvYC84pqPExsw+45M6GFEdGpTjXa55rq1svTlb8CZQiwd5f9qD
qFS0UzK94CTTVyrzcCUpf17rX+gE0I7QRMEV3a3dJpQoA+fm9GVu7ratVkmpnZES
1Dcu1r0cN8rXjnHe9shxicSQ64XxZXvFeHIDueH+S+RT0iQjhyZ5sqSeQK55K4W3
S+jM+SrBVwRiwMgRDZqPxz2sptMjglPuksajpaurMm5CX1MbmpzNbKMDhWq2D98l
yd3H+P4l5SjSjxvd9hiG5AAAVeNkqU46tHmYlTpslSipzkWuQc4/kSiYlj1ygx7e
K2izkGPSeKKexYu+XKRCq+SptNVU8riugxayzwDrkUngW2JUXKEF4KKj9bYYAE96
qIITHglRMC4q52QxfgXCvCqd5DNGEnMkjqXcn0WnC0wV4fskHK3bSQX4XYv8+/qS
fPTTjpINbWSgh0L8666EAQWGmnAHDTbHExodrkjPMluCwjFFt6w2LLGIJwWmsZ1O
wVUjJ/bTpJcBF3WKgjla+w+lQtdeqgZfco/Hzv7g2H+pM+hj4tV427lIz1WUlbLE
qlCQX6YFrJXOic+tVb/0q/ZjNOUGOJybKvAzgpVClNGBCSJ6lA+2cW5rYOJjMi9q
MZrSB3CqXxa/L5EA85M9XZiTOYOigCEDT2MYFghWvvD0Y+OOn5SpDF/lo04NQm2w
Gk0bh/iPoufWQRZXAP1lW+OnSx1+0uqvE/to96pr2+qvKllgP9M1AaSQT1RR5FKR
Y6Gh0Wpm4fBianRMk+Em8Y/Yg8vRUsl4LUrukAgFdBg=
B.3.21. S/MIME Encrypted and Signed Reply Over a Complex Message,
Injected Headers With hcp_minimal (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy with a "Legacy Display" part.
It has the following structure:
Gillmor, et al. Expires 5 December 2024 [Page 178]
Internet-Draft Cryptographic MIME Header Protection June 2024
└─╴application/pkcs7-mime [smime.p7m] 11310 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7360 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2740 bytes
├┬╴multipart/alternative 1437 bytes
│├─╴text/plain 488 bytes
│└─╴text/html 640 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-complex-injected-minimal-lgc-rpl@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
<smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
References:
<smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
MIIgnAYJKoZIhvcNAQcDoIIgjTCCIIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAA7P3fEOfQIa//CtYDTmSiJlHMxE6X8XEDlV
lHyCPHFKMzTC+WwRRyGDLkjCob+DjcWMGIUZ222apK4+EzCrQAg3TxnAgxmlAKDd
Yzxd29YyJAd3mABiBbpGs/ZlapDhoQo1KnSyIA83UMhW7QOdSOngjWNJpzwID23+
LOxz6ktQXNXYsqWlVPsvWvCNQ18bbzjaZ8l5wOjrxwZeCzdiV6Btz94BzCW3VYWW
m4CzlnruwQ0VyNlq31duHIe7nQRZL5Gh83pGCkBRhnWR03oLIzxm5BqCNo+5gRxB
MveBr1S9dcpjo68WQC1uk5YCNhLDmL9w2/3kq+4VfH3X3TzMhHAwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAN39sC+ny32jsQIaP0qx7Ch/K
JCOB/qwNSguEYuNAJEcvrQf51BmQzrjgk05L3dxxpzKaYl4yscI+p+luKcLxlaIe
aDw3B90ZZq3BbHvOqwjTbtK+lVbv4/Cx837K6d7qR1gFMVfN4u4W8Un6DOguLeGg
Sk5GM7ic7kLvHE/G10IVXXCUHYrY4ofbFsWwXA9SqBzs5VlvFAZsKtznR0M7jPzw
1dFn6X7Dw5BdIH2dvjeNk4r01szTUV3G3QawXsbOVVrfzmy1g/PEOYTsW4PS2yYD
tfDfxaGB0LPt6xSwFHzrLhr0NPW3lunVfLg6Ocp4pmCz6SlxZdv90T4epX8kLDCC
HW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC6X2/fqsNQaSpkIPuq7LI6Agh1A
zIysOQnIWesgOwd5OzWwMRXT12L0+TvFF3bZUmRpyIR5FOmSUrkC8mwB0AktDOkZ
juUrZC35+4rfjlz1GqakdC4B85MLSrsDoc8HsIBnm7gMewh1Vw2lK3E6aUZKKVLW
0RRoX81tAav5KnyOB/XJWqMxX7Q6Hcnlqw+dvZzNmFKTgOaN5MPh1t1+U/Y0O73O
Gillmor, et al. Expires 5 December 2024 [Page 179]
Internet-Draft Cryptographic MIME Header Protection June 2024
tMCxE1Urrp9OFjiUu3wJccHFW/y8LFvRIeC0/i+aUy8W8woleoPXy3lWYXwhV9BL
m05Ok+QJBqv4FFo3byxWz56abiWiS3XL/YeJEH793t436/xBuvlFHXgnPNxQnzoe
cV37flpAq7Ol2MIumDCM4QoqNVwaht4uL+JDhwcqpstRj/33v5+uhJBWYRngtia5
CkcL+0hcyzfyCXiMggY5cUdNemweeez42QPU8o+cpcK51JaEp6Gt8Zyrnt9qH3m3
lsORYaVvgJzjznC64vtqBF81xNnUTRVVjHcurXszb6yokc2k9vP+9pkLmQ/oggC8
aeggqPP3WLnlk2QsKvBGwy0RCleeNkfJuc/juz3oG5NPvPsQGtYypw+VlqqYUpKr
6gOs9kOM+v6iaEk3Lj1w45u8+QLHdGz5NGEBC3ijVcWovt/AQmO4bhCYD+7+29Sd
7QO5ZqxZsJz6Nq2CamylR0oidUZETRJwKu6zC1DCo+HxideIEQsXhqPjfzFZFRPh
rH/bKT9T0rGuNEv1E2XUfkQoakARCcku2CIvzxQ4xx5dbg5uLMG/W+aYIKXi/eaL
VMt0eulSYMe7bkzoFThzRSzm8DhYEkzGVp56z328uGQRDfRyctmWjjpbGE3RI0Ch
8WB12TYWfIlw+xYsb8Yi26xtFknfea8o4KbvjjrSgluIyT4P1ptudPMIW4O3r1ab
DE7YbgJGgn4AsLOtKFIJ0/LaLrY9Tw/IHV7BEMsVaoileRLabM+wa0zG7bhi+3Ej
y98lCHWBpPXLUGdxpEK/tVSDLEs9Jl/rqUWeA2yIMQDuZW6JtG7VWFeITvqntp2d
RFSjta/sQc1k+ioPwRJCT4PCQ1Ea1SBA2yWBd2okKy/750tfS5g1udLhbaVSCvuH
ltKX2KN9k1kFO6fT8uFA77MrN04OQMbdHXZmA7V/L/+JOLSK5sqgKvs69rmy1vZM
dUTBq+EXE8vZg72XZaWtIiU+S6OdOsq+actOjwB8RQwu7+Vt7MPheIQrkFmmAA80
SHAKz0N+T6pYnQzNhMoPxWF5dkO+4jeo42K2VZnsEHRnxnv9S8FdJjTkykM+tUuG
rqYCN1M6CYFMVPKfF4Kc9zjBu8n77A7csf055SPzXgWsoO3BRNXJzkL1BMjwTyeb
qoCD5e6Kb1gerufCvEobyLxp6chUuTGiCQEMvpyZmn4hp7J3xp6nxoSySzaKEy2j
n3H5L3vSiidmXMED8NRSOaqab5ncgoJcX+TWdwEu2X5YtZD0p83zp2yLLjUeuahu
H7pewTNvJEJuYIVr/2Uap/YiS7KDkuUtAFmBuJfkh/WB+Lqc8X4eSfYZh9Z2A4yN
NUpK7wm5WJTSjJTV2ivnyijJdsqk+YZWt7qqgNjs7O4tlpQrb/hSDy2EiRK7vwyG
sdja8CxxS4EqtQuPGkUfvl8ecbeg9hKUix6gWhHVfclI8M0KYJi/QzZIDtuYKFIn
L5pDC2cEQ0/ksk6nKm1jdtIgJfVzxZK4LQ2K1hQSVDrq5aEY9MVXims3Hcdl50BF
6QNY9Ay3xIauyGAetZuXnKZussgkLz9sniicgyGKY2tgwjEy77/1k8TnJucXGyG+
Xw8yyIOvcHBV2rDRzC6XMBgL0RH5/WOWELVERwDsiPQaH222zf8/Byoz8z8BM7ON
IoIKMRilpyTKmNcNFKkL24jc1B9ilInwdyXOIO0hGRQM5w7gFFgNe2NlfbUOpNV2
uCwHWPejgp29vniptnQh+ZG/8N9My0i1Fok4qamscBq6YZWp63Bj6ia3B35jgRWO
r6C73Uo9g3xI5y/ZW/zqFmSSXCFcTBr+1nI3k6J34OOkym0fXsulIB09j3D9st4s
pfgay6DvlYBC+lLFs7rQs+uxbrswtqXnl4cFhVBC4EIuuFRAQE6mx7Exx/EqX/Nu
kiLucCszZdYg5ca3zoA9lU+dSbkP63G+e81jBSAmGWn2CYx1ntC/D7sO+XrsGUcN
GR9pQ3mDyKS5sbAw4RKLFXAkqIP01puLDBNvky7X8KXgzbXRsX+fSa0gQH/a5QCx
XrVKEOTPiEfbMnz2a0bjrZ7+azpMV4XTWmq2OgOFHeO3owNxxRLow8BH7L0SU2Lb
n5ZMAWtrHl/G/0NU8jZ+oLGi2p6WkXwoTqCxUvgz4P0J/QAIIfYvzas8oujMtDTR
xxD8lbn1LjJvNImnNWaPKYMPCUvePR/TWUGgnIEGw+8IMYnIRzhohZx+Izdu7iFe
ykfVVe0hK8V1v5P5dP1LaHQkWkGJz2UQ0NPX/XiP4O9ud9dP/Zf86wV5/cgTpJXL
nY8tSQl3+XaJQgFU5Kia1/Nwg87OUoI5WshKhdCIJdaJew9d3270pEwigs5zjoK5
qhF4rAwZJuKdMd/GnzvQ81BJkcI1ugBDaoyDoU6AjLGAmIKxl57KBCoMB+bN3e9E
hTvAdbII0bVprJMqjNG+dS5y3sTDsWIiQ0e5Hp9ud6Dxr/ZggCi7cb9rIrYw6zjZ
l/01gJEICZJ3og/ztUEltDkzMusVF5Up5Kdor5Iu7A3N9hHP1FmdI9pxrRGJYWPb
pq/p8zabBTx1rASqVRO40ebczTh6ioMY4Amq0IrkXI3YbrmsX3v9e6Ysym4YccUb
hw9/mCKX5GZoOpLpvWe1WhfDs1TCrQDeWXr+s0I3KO/sAAUR2kQmur3fMgd5xVR3
8G4H3S22uLYBnacNkJauFsGSDJ9dp+Uqb85zdtfoMO79pvbsHw5iBnnsLP0Cd5M0
RLzDkjAcxHYPVfq4LawH0dqi9smk6ChbyNNO7TvFP0LGU/PWZfCFH9fjinytIuAQ
VDNRIICElkraVS66kj1gOiVJVDIu8GPwCOzrnIWZHv1JzvalgkV/MT5aHWwiqUDf
VzEwiWSr5FAd5ZXigVRRFTNn+VlsflrXg5GB7qsp+10/TBKUMRKbDDLpqPMeJKiD
b869WwLa+jt9uy65lHMDfc0Vd5/LyN4kI2h/LCATQ0CZJzzF4peMQUdT8JVEjXha
Xj6TlbhmaWqzOdHIBtmvJ2LwwFKJcLinJNPshs2IMhWxAkDKkjGlx+V0qo5mHgFm
Gillmor, et al. Expires 5 December 2024 [Page 180]
Internet-Draft Cryptographic MIME Header Protection June 2024
oOeW6q/81lP0sGfnu333JVyZghMqpVep3e1hcMxBwI+rbhVsIcS2LixXc9q+DW7U
EuC8y4owV99sq+B0jRfS7XnzkVz1Lb9ghrs8Rkj5XBwlnR3OopsZs7YExOlQBSw5
WefxrWzNV5egGNj5q9goXKBIBs16ZfVagCNyBF/NPyZGmk3c/EShO9CHPJy2vRhe
aRI0dFtNhJgCh0ZqPEyUqtzMconLu0kG1TxtH/7lTB8nmxk9OW7XdMj1TUVSlHWm
FYmq9whguRgjnmNZ8ZkRdLuQq00EHaTpY5qKgrKstfvbcj0C2+SFmwWc8ytwZw7p
iyKt769qbRCY9fDJpPiDiZGuz1orowxEMjOsB3qHXWj9Gya++GsCelFyKbC3cGsU
vRh2m7msWK1W+6/KT9WHZsyvLmZDrbuPZoTi5emNn3YTs69sNE7snQ8Z/JmKvdGs
/jeenHvjK4zgNtkld843GBUC/Qw5u5zcgNWfK/Cu9Q3iy8bKRc8v2ZP2nGNYUap0
bHqbwtWmCcDHTrb1TfBFqlH9JFTeRK08oD+EVNrZw6f6os05JsGk+wUdMlN/PAif
x9oL74CXKZCTsKF+6PBYvNw2jebqtn7KgJpxx6kFBH5jJQCknS2cZGoCEl46YQtD
3wI15sSe8rvEGLNe4T4+XBd3lilJf3lDcW8OkSlhnxbxDmgXkHqfNAH7hd0eHeNc
hT6hagStPw4MclrlmyneSYGxxmKwpjvCE70zb/X8uHa0WcNcXOKoy16Mu2rMlsIU
2LtWmhAr3FzFYBXF8cexKCc+xdnoNIryshU4xJ/yvu53lKjhmgtT486IHAzoNgmL
QdvjFPyHK/YCBkkOWIJVNZLOYVzeLPPiVcID+TipVFmD6JXTGyVVJ9JLnHYCnTIz
GstdimRXDNzTWoAM+hJI69h7mpZcS1Z96UmRcn/Jat6qSwidNmLMdLRdvmJidhiT
39VO8yhOnIDF3CdKzSbiOSo9bAbiRKvb9gBzx72UPYX8xUG1kp4hoOzW6Gt5iQ/q
n77Jw2na2Vognsda6sFMkUJiu+Bwo8DG3g8qqdNSOyq14eT9948nojBQZug9edXm
1O8FNWxRLw2oiPCCOoQvGeEgR0kTzi2Jb3av6MSd3jl9qM6ZM5SoPfGz7trB7UID
WaGrcDehg5SIDh9aEkW70JIZtt7o/304NyRf2eBFKPQyGqa669/wDjn1a696Hnn/
+2iZwAUrr5qOhDlDBTyqvbMWbiwyIYIBrLFzMybwcVsAPmIcKtgH+VY1nfcMf6CI
Js4nNHqRRr9ldXx8DsMmzj0La+uTcYaUqWnubnMZRtjnaTNn9Ucxy2+CZ2zmXui3
7GdPJmGJgF4elrUp6uESazVhSsIjbgCUcJQ39EwiYWFI6Pz23RBGT46kg6PZUJnD
Sg3BqGQLB8A85NMeI2boIBbpZjDSiLnMZ/bTB9qDHKUTT2UKI0YzwINbGDb09Jr1
HqYXhPJd9XGtv4UThGl3xlcAt34cRvFjpic+ZjMg+/MEn+JwxVGk2Z/jcQpt+xS4
TLxdqPy8pBn3nm6S5H1jpv65i8yIPZRyknUjHI4p5ocgeAN1JTbO/wtDG+/hWACh
D2785kDI2520i6cRyqqXPurbzElMEPMOZFtWnDHrMIv9zkfe2/jkHRKldrKE1Yza
oK8End4cfjO1XrIfVh6LX8LTcmzTN2fL2jR8eyXKbR/f3nBDJ6MI0auvbq5Rq8Zz
f/EoL4b7RtgW72TRqERWQ8LN9IyzkpK0bchuDa9wX1Y4q3zC0H6z+LYngASLCc+w
cZJ1FWhsoN9FXLAuOn3Tt48CY0Elc3mU7EnucWjm5e1YqDT1RaD9jNiGkeHiByF7
PgZO0GxmujyyrPx7XTMObeL2/VWaURG69B/hpED+AHhHiABe/NqaCkwisc8rulVm
gzrE4MIwLXeRanMeHvniYHkcEHBcUwL08ZkjJvyKAve+1MSwQYf/Ck3GjA+WoDbD
J9zycYaJmMJphDHce7heLTVE7QelyAc3Q+A5lrycLC3L3VO092cbRgKsCVzz1+4X
I/7teSIQbI2BE7t6qubhNspAocXK1UC4k2ql0/LGYrTDuGMIXweJ1tqu+ml9bIaY
ddYcQM+35Oj6z+0QQkSg8ZBjB3cmNlVMbOdNqeLY9S1/jSOO4EnvYIBOWMZLwvif
5sbp3TFeRZ7lU31a6dJIarSZRTeK4aiSEqlpVX17N69+NdlpnySB1VuGACXCQ/rG
FsZFeSnCpkiH9H6BA30DqHJo2zrJYRT7ZVPt6pdxODSCBRYVqCuM1itoQZvFqPFo
rvtVXb6qN8pWfVje/w6j1FJ8oX7ow9kVl4tIvkJwH4gLRpnMo2FnL27kcm9foFQc
kbVHWjV+2SFLxf9ENgQXiobGnZVjFq94hZ2L8y50ZxSZyEQjd/+DOBGwg2RP/xwM
Efd35PcrRbO+T7oSEB9By0t9ttkQC11EyIhe+cexpo9qyq+35GrYdz1TOIlmg139
nQ5C4CbWudA7gBv539Sex4H7zeqr7k8hlRgg3U49FXvjqSE92/O5jdwVTQT2Q8EG
fCz7P+l4CwYaYx0re7ywcgQM9kA8sZ/qjesE8IsOaECptW9ttdiZ0KfM1zZbkeOe
oszxWXHhFH0+UuoRTangYpZyAVspC+f3xZ9ivjV6MDnM63j1L9b4aSRzI2cVt+iI
jJjtnOMxy9Gup4ODMR5Yn3sqlPpvJKcDnDeRZOevWNBHHI1hNFxgOmnrXDtguhyv
4GHnnG+ZcaAaWMweSyMfAKFclo8Y8NNeUiIXZXt0nL5XxCva9jKdcmH5CJYUaJKj
+zge2oTU7nlqKtDiKKspECztuNpV9ven/IbUJitekR7ZXpl2sg73rVA4yjrfhF5U
6LdxbYk3UNf9iP7r+gLzf+4gPN5DQnPVg+liCaILBuQWGIcSgmb08OYNe1AfrvVk
rVENg5tVz8Zrwbu4Ht9ZvSG5IkKcxZ9/6MVKovkONaZqy+YPxblVippVmprF0/R5
f0IP/1nBlrSOp0k2/h6xKOJ7nTXfRcrf0VEFo/xRiRooCUAVSl+3ntz+Rqwqaq+O
Gillmor, et al. Expires 5 December 2024 [Page 181]
Internet-Draft Cryptographic MIME Header Protection June 2024
sZ0WvFl2mVpuG5Tk2TBPAC5LSh5J9hKfC4XesurqAreNYM/QP8zwKMEIpafQ60ua
paVsANO/bgX/VEZMdCkdWITD6QjIqRc+ojDHE52lQ6c9fRcUygHMuqip5XBUmOUA
bFxR1l1YX3FfRoBW0WiKRHXPtfVymHaPiTxYJe4qSLvZgervcqv+sDb7dD1gvOrF
MYTIemUSx03adZJ/eZlJErt/LKWlP05iKjZSKQd4WIfLmvATzQI0zdouAg8h0frD
nMMq2dy4PbpynM9Zgz7HAJWDmjIL1SR2hzubrmPbG1A2C3EOX3Emk0ONe0k6DFDq
RXO/FklPVkzZr1sRg9pteFU7jFIorbtukS53PCSXBB+ru35ZQJchBVaVvtFHF+2V
NbKLTrW7YZIVBkF89x+dTCz9oJUf1X4BYtrvvGcXrWtjsSoLF8JbyHnpUhHmrr+o
+EP9GQ6ylVVmJbF1+a63OA3VpYwBokaYfitmwZjEkmdVgNbsZqPwgtC8q08qgvca
yM4aoSo2RFChwm45LHxSaxab2j2po0pZighxU+3qTWEnDJdC3eGa5q7MRupKdCK1
bYIMu0kIL040HxXnQgXMVMjfZwnHgx6o15csxJ9IVeC3sRpvWqoCxwvCwrvLJS+O
0DoGasKLD47jur6BGr2IFvT0rQlF5JpzS19dFRl8xyv8ewPYd5UMC2nuhfk/ieuV
OgA6+gFJD6K9DUG81i3iyRgZ4xZ5gIiYH0qpMsGAjzbWDCREWMEXQWtWWmDWh7Ci
Pz9keaYMBWsbTWY0Dmc5WB4VzfjVHL8wRALzcmhD+SZ+9QkDgB+fDP6Ym2ycFg9W
NpmQgHCmp0vusititx2B3uvcpRcYx4kVC2N8/Qra972Dr3qOUOC8+k1wA0l0f3/y
5+97IMWwfpFuL8XgU7V+e0H9Q676NdMYRictBRsAn0qsiSs63WSGvzKfXtYUA63Z
ZZjsh91j01khOZtcRnz2h6NmcDKblqi1Bh2QUDrsa4DNqywWRa+Emxfdhg/FV+tU
V+bXyMlj5rjj4psOacHH/aZhdffuyhDnDOXp07b5/ewVcyEYGdiqRXPzvuTh5Aa9
/lLI/w+B85XyVvzTUNvTVCTHC6Jy4ydPn2bYQsZso4DzEuTfwDI0gpwAWP/bRHxY
IhuIbZzIrosJmtUt3oYxMzmI7bCrJaXOoT8Xbsj6Z5nY2GlZsJS4bRX723CWOp4f
ccG5QsL3/QOIMiyYOrchD/B9ozBuoOSRbJ6UTsaVgiXVHUGw4EM4gLREqTMnoYAX
6f6OlNPZz88I0O/CeZ8JzRr7cxRhNcSlq8+cuw2gwikUAXLvs7cAqw8+/dL0RaAM
N7mGE04bWvf/q/P9gn9gk7ZHrE6zmyofZEOFKvEm0KL3WiESLb8/uPJd08Jq3xUQ
dNNia66MOh9FpVhggmvsBxG0dO3M1KfnJOCNSpr7Ixbei/3OZDarBwyrrsgg9ucq
ZHqV1t0k84E/yqT4VY54Yp4I11y5IXhm9IOhrCBb+WmjBRIl6R9IJJFnVBGt5IqC
29ujzbAif2YIy8PMFIqM28gdE5sws/GMMRCtQbGM9WTNnnGsfOIAiHnhk29BPguX
F4ksdQ8rXt4GrMo7HzglgMGWntDc1m/j+HlaBpCPrisPAowhgLhvunchxxRtun+W
V5TTaN4qishkWHNtIIS7zLpm8xKWuLbPfonR2D7YfrL6UuNPcT4Rgbe8KdVaY2TB
BgsqsUt1wITbSwIG1/ZOGA5+rWuqZVyC5d2j8cbbPJObXiEtNw4JkgXDohYOlaEy
sQBfgZGk4VWqfqKbkHA037tla79L1ZpjXxGBh4o/MoKE38x75fZGwdkA/4q9bW53
TV3y/ChDNKBtELKS683S2EqYR+Ns+R0uMXOXfQ0CqiffqUJE/yI0AfD9Q7nfSvQJ
fGROSULLIyL1PKDzXMemd+5zfne6nwGmdSD3epyQwfMCdoHgsGPsMtGct92Kq7Tu
O1W12M1OHJLvVPnrewaZtr7VfLINJhfjp/MUtSTmrxXPIbFP9SYgnhh1mBr/kF2f
OwyNmNkcD3LT7HKaDfBe7hnLBI0L4qmp8Xp7HLAY3hBi8KnUAjOioDpd7nBq43vZ
Ou56HgM+unfVgG+4emFgbtxCuQxegPMLjiPVhbN14Iq1NKCdUxh1c0aG8bHMOYwk
30fP2HuslgHZHs/KMGNGl8PsRhDhxAmHCFOuzGvbm+LbADG/XVu52HJxYVZfcuZz
S6uoyotFNNVZ+VPj3coI2SaUcmt3rHFINTlk5BGSr8C0HL4Q5kjprEgEmnk4aMVY
iKQ2nMfaftj4R97vUoqwlrwzorNwbo1rGrWB0FmwgOcrpl7Or7YHRbudEVIaKUn0
D8ArKD/IUj8svB5QTyLOXL5UJFnLVN2aHXYfmOacHw2k3a8CvCsBUYspfDfq6VaR
dRfRacEaz5LZ67TrUq9HK02xwri5bi8ZfohWzxKK24xf6Elz6ob/NNNl+N2+4+EJ
3hoLwaatUNa0r4KuIrj7JjhzR+CBpaW82zHrAxEMFALmLLi1PEtPT/U8jhXNBapt
OtbRd9ITPp95wcWSQMFOdEMTFeS2dp1p2vzRQMB/AMcRmq84RCQYgConv0Cw2fvP
xRn4tBOPHK8s1bWB3aZ7mx1/0BeXsr/mGFv0DHtufV68qO/JsnfmzJ4ZwzzH82Th
Pcaexf06f5RGy8XfoWBTJ2H1Zx5kyVHN5/PtVbpLMX/CHUUmJMNSE/dxdBlyK0Uq
LjSiDYZ5H+pP1sLGUKsm7rNfwDOWhJMgoYFtvRFA3GykosoXnXM8hAhy8wFgX+CD
PcLb6g/3oR3EDLnN0edbzpzcjnMTKd6ZkgGE1FManw5qO2qrI7WryX4yuId/tncH
pKi89EG0p4Wc/FcaRyEO7UvozSFr4I9XQJetbMzXi6KGKTMYZLuvLs7vPnfYbzKk
7aczEHjoIaAmN5eftrDKU+7DvdfEiu0TstuIqJpcLX9uiycbj3RT3M5VdOrDqaM7
c3SoJuEQic1R/TfeB+7xDMALk2/p2Hh404MWCHTF/pfm8wnWziqHQKlwjGqkwkj/
Gillmor, et al. Expires 5 December 2024 [Page 182]
Internet-Draft Cryptographic MIME Header Protection June 2024
3inHneKxunLQ4ezyJWELY5OcSwHc3HNqJhPOJ9AVUaH9fRzSfEKFjnXKfVilh/HE
/YxZwDsvTQk7dohB2uUdwxtLW+P69+BQY9TlwScEmbhb1KjlD0uAFPgJxqKGeQmr
0S0+jW/9ikXMiJiQGBlsdXxvfVqLKh0V89IZgdV4E9qLSjiLr8mK5/SXcKwFk8mL
mTeiQ8n1FgjoPpJF/ErtXwQFVrl4Vj9ZK0FSkP0ktkc7uYxPFlrOxfhg/Fh2jzLe
a/4J4rSA8STzNkjrTLJS9tdccLEjFzxbuYajRgC3jezNGTiUuF2w7mfr+xFHaFIh
VTu1mB5pSrqHrGsiO1pWwy7Qx3wY5cKyd4uAVRB+pCRSbrf7yXJNVqgz075q4d/v
uTQusxVBy1t7vg/4Dyki5495Ij711b/plJ/uT3j1itYQpZMf+N+3PqaAouvddOfe
7FY4FgnxH0x7pZJ5Lr0BuE2K7jGx0hJkBLfPadTJzJqsx2ITfEcGKF758NPgrIsF
dO5AkhYQuuKKkKByB5dUoE6GQDFjPHAZwBTjM1ZdF2Ik8UCULjvi23AwaHiyCDI3
B.3.22. S/MIME Encrypted and Signed Reply Over a Complex Message,
Wrapped Message With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_strong Header
Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10335 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6638 bytes
⇩ (unwraps to)
└┬╴message/rfc822 inline 2281 bytes
└┬╴multipart/mixed 2171 bytes
├┬╴multipart/alternative 1142 bytes
│├─╴text/plain 380 bytes
│└─╴text/html 478 bytes
└─╴image/png inline 232 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500
MIIdzAYJKoZIhvcNAQcDoIIdvTCCHbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFOfPlMfdbtve+sg23pKOFKN0tdXyAAibQl7
06aJ8EfqJw/1qnKR+vouBvhLZPvStfTgPvpx5bSHX6CmhkbjuyImRGx/pPu8BUKu
Gillmor, et al. Expires 5 December 2024 [Page 183]
Internet-Draft Cryptographic MIME Header Protection June 2024
bVYN79CFqNtkuGTr03uWHXwP+pTe+qbZ3hEyeDPOW/XUTLQS2RfxZVBn3w+BAWjt
9AG7pIW3zqWTE2jIBduB0mBM4ZvpjXIAbJbqS4hNWoswpyWMGXQEfsw3wHTQDZIN
TZGd49AP48+4ePq1jHJ78TSI/7NHsY4B4GzW4QmAK4823eI8yCqeAjmFbJE26u7t
8s2n2NlpST2wZkdcyuplVbXAkivPGzj7ZuT3BwblGKkGwiUZLlswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAgN0ndrn1+mHy2eSL0gny1ekG
cbS6M60Y+5Pd+sHJONQKhgD5pViAxKTYuzGfwhfADKwUsY2pInLy79rQwOhTYHIP
yb3kTKI/btj79GGBe9IFXXNqF1GnYDTwJ8/laXPxFg4g2G5ji8CLr/AA8N4P4Gql
6kB/Jrr/HrZMpzQAFaf4ECVKvmSZxMYfZvPWRA+HWI84VHodOXcuAK80SO6jHCkx
SN8DPoZecsIBrzjsMnOHaTyChFlv7tayk/bU2y1pFtZm3OGxOGuUspIelTw44Tag
kTKyMdC9S3DpAuN/7Vx7lO1FywlyM79N9/9x8AiyKd2dKANLlrIz9NFrqF5mjTCC
Gp4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEElSDWK/rWsW1o6XPw2D0LyAghpw
l7rzHiLqPSDoYdmYEBocWM6zN/Jg0m7/Qr/yfhwjrW64pjTBOkSuI0wVTw0ze1/X
qxQDALeCd3Cp3VYmN9INpCLhb789QcSQdSXwh4keBY9PupbV1SzB7PFjtcCGbOlR
oaz9hM1klBJBXZLNHR6ng3VhqNE1FpI/C5b6MQ6QJYOxSSkocfZXcQy6N/Ly/HK0
9hL2+ac30oBCgGOKDPp7tvblz2UKAXKZYRxzT8+oD1RGOSlDnfIeID0s9D3t2U95
dVUkovfeSMV/FQN6mHL0+Zi9D6AiBTCCNmm0whLubFLBxc4kIza/wp6UhB6KDy8f
LnKo8JSfhUFIKouNHKItM+rEdoNBxjQ4CmGaGxB+Ug7W/zzqdgVlSxAoIXFokR7H
BXeji8rZe7/E8rt9u7VDFxeasgSu2yb9WocQsFzMlCtRKyHHyhq4ml7AXFnywb7A
3AOQXvmG8ILXYXxwCDUBCNT+KUCSaJW4RlABN1lgpD+xzrdP1Y2pvWe8nmyafNqC
nPBG/oLyFFajWyNm6ID42iKFeZkG5jPhttFClXnoDULNe/JptOZrwvTnfbFGIxdU
qAIRX5RfQQ3qunlSmEuxK1zZSd2o2meqXyjEQtgWM/5w3uHZOp8rQWtP8Yjjvq5M
tA8Jdgal1VcSAIznzbMS9AC8LSQi9bonZz+L6sxCeHprWidTQqIN2Gyb2qeVa8tG
JKnBPikiS45FbykUYLLsCVNeXShsEZx1LwNwrlZT/X0IHs3bFyASr0uQiBgP1DO/
jGJ/nIPtdybsNCOtgZLMoY0DdPpIDSXs376oBf3IKkjawOdcUdKyGpbD2ETArDfN
6NLB57guiNsjMG/QxZ/OUGrt+UDtwIJkRq1LdTp/i0dYoyVqvhdhNgv+soVJbEbb
MfCx8KlBfWesBHPeSBAfXoiSndyIbU2nn84F5e0iyfNjuyRATPs8bADpqmLvYeFc
bHI1I2B7F0HgalzhH5jQA8C4wZHUesdneRpuEYasB8hrN3vjqQakTxkpGINZKKM/
2eVSLrmtGVn+8lQ048qUgO9GQP+j3N+c4UomObFwKqFwGEDsgZVSUCjpifJy1ROV
lrBNlVijKhMo4pKv8rE8LZvH5+C4ZNi04dJA7H/qW4QPMwRXoVKtpVvtvddu2WDS
OhFFNCJ95yZuBgNLZyNH13Whwkd4XUFTrxSQxjr1L4T8BiDrTTRb6MpG4BTyLV6J
iyGfeM5rCR5saLXGKEZn0fRfJ5bM20unNG7fAjMp0nK8ZwwdTMaFx9ULnOOrGL/y
65RwcvV6UARo/s6pGqqDRgbcotKwZ/RPmJM8t1W0ApwOQMA6o2Hx+I2refc6W/RH
9Mw1uXRi10xGg7yieRBgbMbzCX7VdF0j5ueGZxBKjxwJb5rIt7yjvwKKcFzdvPnt
6Xvfy6jl5aC1Y2aLYFHnZUrn6BJutfkXZNO7I8pjFJPjnTzqrj+fYG1aN9+Ealfg
WNOAUJuCPZIUPO6bGe4++YPaoUn1U0ZaLnfoA7RX8UMqH/E0Svzg66ZUrqmhopsu
PlKi6Jz6daQWjPqSPbweTlELjcuoIYqu8vE7lPiVxNnjNVkibkMSGdY8petXb8NL
yY23Za6oSvHqQOWPSkbq3yuA393Qs8QY8JM3rv0F5SndHfCAUg8cLVPa8NGzMJTR
xN3rD/svi6p3sxIPkc1rAlKajjMB+DvJgM5U+7Mv2SOjh9zjo0QLRIHQ5kxjQ36R
2vYiaEK0PKZ7HZxait1vGPBGa+0ZAzDjaqP5obmC/qSMvtAn6TM5pzSLuCOGqZwj
RYHmfQNzW4YPF/ZxqYiy8SyOrjcpJY5H5u/WjAOSuENiD2bo9s2seQW00HIczc4e
gd9rH4jE8GHF8KSNs7BcCaREy+wC5uYCefl3V7WH54qiqcZSkWebMGXVqlqFAQr2
3mokLGn4ibmAucNkBEnyTuAMfrKSe4zX6gIQHBmaokEcTd75a+Qkc1oBDSA5d0Kf
5deaUORjE/8Ib9dxd8oJRtRhK7N8QdvuF/mk8gXZ9Vb2ANdxVeBt2LzSa4ycTbpT
Mydkis+Vph2OBaoB1lSVLm6L9KdCShCM18KMdgFBPaWR2G9R7QwI0Ym97xXaW90Q
+orfBzuE8V5uerS05nB1M0XBQZ2Mx0gVVsl085/AT5m6I64skih0MOJcijKtJs0N
dcalaZc4iUdWDL7l0ww1REQ9uwnQrKmpQlF2awttr23JSzntb+8yjSM4W2ZIOxlo
Gillmor, et al. Expires 5 December 2024 [Page 184]
Internet-Draft Cryptographic MIME Header Protection June 2024
3q8WDANMJ/QPCJSdDGALLjP/1ifs0+AzsvB29tOxhIzPacayL7XtN9XUL7OqW/os
2URcIT5a7iRowc8jNwNG5RyDd9riVWV8glncnyH39ijTnqa0VwQvr2xXDL9AiBgL
cC0laDgfvh0XCdPZcLZte+d/Q2NuMEk+CxZqBM4xY6lBXMPE//w9zJKBjfP1B+JD
kdMM5Bj2ep5oGokYPUQLBXZ96LlC4l9UzOdK8feEH9mGyXniaZjslN7bI18fe18O
F3lfbDQwUQV8h6TOJxB8+HacZRgwaDt8l6cFB13t4Zqy7KPSC3eBaV5ynQvt9np9
jb2R9OdeOOaCRuc+FjNbirkiqgPa9cJkrVeJiwU330RUW+phV4RzUdWtsBv3wsBZ
bAds9P0IzceVA48LZlSm/34fU6i6RIsoyOM9s58PKhhK7toNvDse39ChgRJpFLjp
YO0xmbuoGTTVNwtvgALhYZdLGft+YwE4i348kd1wH6m78g8nZXHXYt6hc2IlngWK
+8ahsk2+20C3SCnCXPJ99EjWXZpNmMrJkpTXjCOyYPm73QjpTHNLun9eRkJSPlwZ
jw2msgP1TBxRG4v9whEGJOUZ3S7yDWZLCuhT3XZyeHQSWOI8Omnk2iX1XG2One8q
lZCxeXN+DwDAlgQ1SgwShhlo9Vznb16M8/RowIG79ZjsPhJr6YUKLFrWBVwZoN70
PzRe7AcNU43r8vpJ9XibVwEOtmwFJq71rQiE/UMEddyoznAsi+U4hPcjZUQR1uq6
FTj4/WRfSbBc6ee1zQwXvTOBL42fPBUAT/3cHHpd5XKMmugro9Vj0i3dGOaYPZfm
nVM9j72u0Bdechxl4AnuYCbmHQPDmEGS/+3rf/OP6vyNaP1T85nuPGECgjmERQts
1qV0SGIdTEUjIFNf4C+0YOR23IYup72u58TmoAmPvvuL39t5+O6U5qBi+3ZoZbvH
2gog+9YijTmT41iqF60I4bRWoM4f8cqlo/PAfgp9tP3vY4UmGKucsvQ2w842/kLt
VL9jPn6tIk75yawqzozwQ6KjV8shVrIeS6vUeEc4LmRiqStMbHJIX05jTcDY9Q0Z
2F/ryiFv7w+SB2Aps1xMtjuQUqhTZpM52iXmJQi3Sld5TW2vGHHhsZyiVC7i+G2q
sPlnZ0WMLxjbzQFx0NdFcryZvIL0ZlQFAY8NcrGDUkSt+ygZ3kQj8kTEb+0EH7iF
ggBVXI6/T/AUKMrg0Df62L+MXwQZhcjagJYbiUuBPbxDLYzxQEIrYCD1u0gsSpyR
nVJ0Nxdp6O8129ANAEF4BgAQdHDUqoXKxoCBwAcaog9CsViyfXkg+BW8NxfnFmCR
BDfJiBUmFSEbaylr7O7yuGBj/IF3G5PRqyz66ma1qI8waBkM0/GpgP6cMv5rxmX1
3uM83n3JDcgNIrSS2K9xkfVPyh0w4pQRUQwXOcxTTiLKptZFtUnCbPSOCc06Bnlq
DzkyJVgcj83AHQT1kTF7rpmVFv59CChvkSt6xHiRF5oKAxXnPWRbFukYO1aSJANM
0Tb8Bw5STGd8xroXgwjdLKUWro6PRLHwQ4r2smF5RP+Bc2EH/Fzl381v9yPDtALW
BKI8QGo3WrvIH0WwbZ+gHPY736UODZrIUTpYwe00eHktpDD+43vG/JIGhhAtLMCo
Ykx71gjAdi60GesjyVsObO8v5XWHXaDZkdo9zQvZqpcLG2DKoqHpxr7vqjYxpiIS
ttu+FI1Ez4zpwnLzLm4JTKW7MR9HD/4ca70xcbUylL9DrJhuMo8Ns1+3WgrFzWHT
dqL3kZjRRND2bzACQZhDZ76bLE9rde2Kli74ebREru9JQ7CPEdEGfHbCQUM+1lZy
H12WgU9zDIcWQ0LrNcsNoHSIL8z6yB6QSnOt1h56k6SF61gIIxGo1lncskZzaNV4
AMZWV5GSau0eHXC2qkhlpc0YTQw0Zl9VFjuL5R8VXCFRKDfxa2E59PZD3HufD0Vr
4jvcSGN2jH7aMgmLJ78eQIcCfCJcptsJhp2NNerLB/6EYm4nz/eCtQsdhEj4on6q
5ny70hO6Q1nZk13W/ZwTfvK4NLPeAAkepj5HRd3YuXF7eF2Qlei1zYuEOFjWru5F
oCvLfz7XJLs+YyqSqBBwqGlcyv9RZN12gbY7xfOGRMJF8AmWS/hYVjj3lKaTD81p
ujKB9m59yMdjCKE3MF5G6B2iI7vREYFgS/6HcNCJveezCUOgxLtUzm7oRRlr+M3m
wIrVMVtB8xBsVLemut5V8/vrfMjF0+nHGy8iMv3OQRaEk06iOc+5thp8VCfTxZsW
Kz1LSNoYv8PFHsgYZ9HW4qvXDQEW3WAap36wAeHyLxKxbAxnc07QQr46B6qNZ8ke
blneBgjuethqtzSzL9CtnrLlir9Ty9S8POGhj2RlASXPUie9NeL2Fa98OKaLfTKg
u8IYvePXqJgs9BIuJ2N810van/s67p8G5nOPOOxZH5xN64Ty2nOQtynXzSyu7wH7
P9oYLd65oU0EolsPzuuN62/NIEhLfd+pRIHGPX3gWI/LOIyXu5+WW9AZz19aL+SM
U7VcSfOs7eIFTKCBpC4Szgd2GUUifeDXXA0L4saG1wjFlxxURlBBTPMPXzWT6wGr
HeAmihfKRcWQ37ONTTxZ3T7YSnaksyKaMw1L1eFgt7eSGXgsST/dGkw6GL3GHAP5
eFFNGq/yB5RhzgyzZqWAHvA4niD1OmZWUoX6FsVwF7KN7KaOy7FSp+OCQFEAG2Oa
OodpXqc7ykAk8V3KlS36ry7VgMg4TVox1W/klD+e6ZT5uCyRptKjH+t4SA2QAivw
Y9Dr2jh648cWHEe1tLM2LIL3Yt9SjZ8Qc8bpZImNoxCpaClCY8oT67btfmJTJ8Uh
rHzNt2ITCvefWiuhluZj7jNu1XkfsaHuxToK5nPHZCyofN1vlN2A01thgmoVzk42
Xhp6fphyGAo5ZimTsLkBWyQln5wdc5pZv07z0jT+8s46YeDXJYgrPMe4ggJsn6BW
OAUXHm24vxXTUo9QlXngiBdxW+FpNasqNLRRizdtQGrD7cDxrBCkFQmGq6vkJkZ4
Gillmor, et al. Expires 5 December 2024 [Page 185]
Internet-Draft Cryptographic MIME Header Protection June 2024
yI6FfXYgRmWzjeQ0OLGlJX6PQZtWZmEPyRHORYDTnJc+6e3qtqfntkD+Yv32l8LR
p6FBmuNCZFj87EqZdXYF06pLpbBeWKu+AEFqLJY7YMJ7zuazgfGsz/Fkq5qWIhAU
dR4uzt6vvZ8JYOpsoy3+t4sotdUZl4pjtbwfZzbwt+6jMRwDs3t1+tUFkER8seJE
Ug7SwKvT0Ji3Ryu/MoNuIxYpNLZzHYdERXd1DWImMl1PRNMKkKSyP3+FbM9HlG9e
FQbX0Bpl9WMbJHBjrVwE1U7MW92DyMli1dt2BB5aoz0aaPIVDvH3djxh4UehDgwh
sIear1mlzchoREANyECl+EYdw0nMUvWGRqnBJgfnLfg2nUIaeLoh/2HnbT34cDSe
KUJuK6VKzQQtfX1REsS2VZwYvFQV0ocRpwUpAhGZXFvrIOt8ibzeyqQtT7RXWZef
STfnj1Keh8YCMaVULaWQg+jMtIyk7o5+r5uIrPhfIe5H6SjO6nQT5M+4dUUtT6fp
A7qehxF87iuefOVYMms3upM+7NA2IdjiVhv4vZiCJoMWUOd8TajNgFXD1K554zl5
dwamRWvia5yjwGSjDh/Yf8nyicdRVB0vC8jAPtHz5F0rGO2zM6l2AhL0puu+MxAC
2bEy9RjcHfOxO3gSJMeAU067ifTpNCE/dtmJ3E2HlyND9OYo80wXI7Zy2UzC0E+1
x0LRDxzrLMkjkZmUBRCB0vvcFw2QSvOuuFMWdlI6E6zjhWb37/oyzFp5CkM8KPml
UlXhf7crkU9VqXRHZA4Gele8+un3QHx4E1+unshw+hG8iMhvIuuGANpe4Guce25g
S6CEJnovJK701gTU9XE2DBlyzL7WAydDT9TiFB1QQ7QqRdtC6pCfYUZqJRr++fXf
ToIkgP3pTv4z6pIhOIyOKSSIzkDjJjsBO1Dp3KKEk6qOV3C1c4aRabGZPDwvm0XQ
DtnSCGEOPMKrvuCFOxa5Gcnt97DUOdfiR3ezPwG+HTnpNZ9hgfx59gLxi3XTH6hu
IPM+yYisUy4kEThkfz7YN2Dd7pleg32N5PplI42sWA7SnoRxRy2sMu88UedPNduO
QNK36GyCoqIjlRiVrZ63C7QwpAvjHqzsNB8+EnSWxVIXwDbV/wasLk6h/HJl7SyV
Yt8776HSLcCzQ18XK30WzT0cqsmxQ4Sm/aeEsi77vVj/SwAIsB7qL4kwKQhxrjy9
CdV5mjxkBzR3gGsvP8/t52MT6Ox6HrlyCIU2zYuoCu2XyfB3Ayz641PtnjKaI7p5
X9JEa6XnDk5ygSO4rcP8Pz9uam4ks3pHScSoiD+5kZ4VxpQK/Z/+jnRzDROQw7s1
eOBK24RmC4StYRvvJR7uPLcWl2QO26PV3AzMkuzWf1q5fV/DiZC/Vl1vNsgvRsek
/WX0j1lNUZNh0XWONQV9J6RuoOWlaGYi2euTeuUiy/mcZWmpvY4j2sSQslLmVc5s
Ej/JVQs5mIjazkt/7W54tQJKSaaaj7oz+KM9qgKbyqVJAqNk+8y5gXncBKX3dSoI
ZwBGpcK3ug9M4Gc+o7XvYfEPLAG/TyLZlWL0YU2Iaxxb9iecO8wXXGp5d8iYyZPU
ryGnl2rc9a8MefcQol1CDA7UhjwK730m+wVFns+9HogtBt2K5i9I24g2b53es5+a
af04bw6+4pm9p9HOeLHAJeND97wHFZ7coNgdGHEC2aT9EFfg+hKla5oDY1DDncKN
MgolQQNfJVAQH9JMxh7KrY3RylMvKofgQM66GSK287hMv/tbXyhpl+zUMyqkZ6FW
xwF7LlZHS+R7SBbTd/eQ+zdL5Vwf5fNDMpW7m1y9o0rMT4QJSyZv2852QgK6LMdm
SMsC6dPTD/zMtGVHJs9IaRPIOKYB2sfr658oYMXEtTWKx9y4eUaMpMCqLzXE0hRF
leojVMAczzXX7qA+WC29FfQZENX/UP4WPHN+9D9PTv0fcrHfB25HIUyP8Y3twl5d
g4yhMZIdPconfOchmvSSaB9DAErNXHt0jKLZnPlvw/Bg5EylZhHMGm7x9lmLR8D2
2DtRukZZv0t1TPr3jQLGr3rp/n2kLxhL9Pzk6SrRsSRcxYhlROvkF6MYzSW61K0A
Di4pwIZjYr+RGsDea9MgLNHk9l7XaZ1oK4JycsYwEXGmJnViDrBr0u1OaeFWLB7E
oSY+gVymW2Ez0E5Li+vSi3t4gBzClOA+BMgWaEt5Hir/W/ZvqHxO32IA1kV7+l6+
3FGHjveYLBeBWo1qVpG3jfEreLVN8d7/Tx6tox3QdQLf7KXQ1J3uydn2jh1Dk85U
4mIMdJxrcItBm1v/pYwFMyki+sGcoJ/YepMHwEX20vlNdQtiVh8M7mN/mWvNKIXO
2SG+AVN26YC5jOv27iqbOEjiMZj1keIkyl4BHbdYExKoikeOuKwgVhSH0fmN8C52
k7CH68OodvF4X7w5HUMHv6+Fv2WnKonGMeaHkiXy4bSVx5PW41PqO2eKyFgvs889
RQVr0R2DBBI7fjmlLf7VabVQE/Q3XzOYqD27Glb05ervqLDOmv36/9mdKWvVGyhc
CWkEr2vwHnBagpM8hCDvdIgkMya6crNMUnfAQ3WuBUe5pfkzfdNA9EG7p0ymoQYw
sMev0BNMesHHmCDkzUX47yFPeYK/BVNsEOMvRTS7hnY7N9tK1SJvAip7c0rx7+7R
1dCNxUOTq5DtCld6hfy0AkW59OgNStHIXPkrmk/l3/AlKaxBHLayhabqxykcKmTi
7JR2C2Un56ydywqlsPmcqW0szW2v0PccD/dHXmylMvxZgggAUzC1Tba6rBngX5Cb
K69bBq8WYaZ6z58GRyJSSokH3Qs4HMdrJ1x7MnChw/Mn0Ai7nR9v2rw93EpTq4f8
HCrFFFs8WvAe4Amb9IIemw3qikrh+NWmYFOf7VaHO8kHb2CAUg0wZzpYrPC03BKM
mfigpB90X1SiBuafaPN2lPnsrQ5X1l0WBFXDoefNnfS6l0fPFay8rIUCfAJkaY0T
mhYWc9sxpYP6ihb7fTcXNf729Xrizak+gL9ZhWC6f+aJ5iZcwgukNvRxNtMqHDAQ
Gillmor, et al. Expires 5 December 2024 [Page 186]
Internet-Draft Cryptographic MIME Header Protection June 2024
jSiqZ9mQRt0eZ6QgXGDsMqFmIEaxMdRb+9paucCRcjp0EBmUi2g+HLJTQZEV23TI
liMXfiKZkHU65yjNvxS/UGjCpcwkR7HY27qDLR1r7X4FOaq5YivyjQoQi3cj/VE0
btuIXxIJfP6bd+LKGIy2/IcCBFQ9/f2y2r5fCDM9vutr4c2cSYGdnWWRvTar+GlI
fAJc2W9/vUsYIccvz3fBsvKqLbZF4agSNeFIwhPg3ZwRfUcI+KZQ7+c0UMoM3Lhb
n7fXheqhMsjwXogSSDIbrancgcbuWof1cjJ8Kfydeu0/TP/9sSU9kZAb28erEjkv
JF+fhlMD4HQFNYyfTVOFvkPOkJ7wvGlwva8cGlF/U0x8DVzII4q7dMpH+PFN1z0I
5B3n7Ph4Pk6fnn6OPKXA5yygPEpR+wzAb6kH0gPzEBYoLy8WEsBPyPC8Us27LDpl
jQq8X+clAfsln+ysq6zg2dlTVG4vSRaIcuAe7xPEoA0BOH2g+OlozpKeY5m89RTf
RQ1yCf8GEJrftKo1/SrBCHXSaI4jy0SLcPEVH6Nc/VdBfw+N/fH0gjhr6RtUqync
hu2JESlmyBLMquHAiDpXvRru6exMTi/3u4foNb0lgQQDGKMk3Q1DR1a8FqVUhxH+
B.3.23. S/MIME Encrypted and Signed Reply Over a Complex Message,
Injected Headers With hcp_strong
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10270 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6596 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2192 bytes
├┬╴multipart/alternative 1146 bytes
│├─╴text/plain 392 bytes
│└─╴text/html 487 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <c6774fdb-3ef5-5293-ab2d-eca8b66b4bbf@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500
MIIdnAYJKoZIhvcNAQcDoIIdjTCCHYkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFdjhuUM6D0oOdfBDloQyHpg8YcEtkENHO3M
7lcghFNbqCrX7ESQXM/Vbax60wWn49kEszHQcJR8/2W2u/uDDOC0pnssCvybqnVx
Gillmor, et al. Expires 5 December 2024 [Page 187]
Internet-Draft Cryptographic MIME Header Protection June 2024
Zg1E1XA/CQPYxUJJq4U+GBp6zbpSZ7PgQ6lCwmlYxISGoWk21AWhnuxv5SF1+APb
oBQsj/9lUoJpIe7ETyYJsexm/GfQZQM8X/cFVoeOxnK8rib+Ymu7Jd/tDbiHO9hm
kQfnekM77mp7f8QaTGJdri2I2d4gE3xllOOqc+KJpyhXsmz0oloFP2mTKTZjty+g
v4m+ugwvngkYmvn2/PZ8EK7PIF4TMP8r1prH9Q3fZDqcfK0e3ccwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAUmdISlcmDEbLMO0QOq3KUB6v
fpPpQ2v8FOT+hUnb8nVPpP0UXv6xp4ZzAH47ksbs3YhUTP9fc2ve6H+SLkGPX6L6
R1KfOYD8h0JH+vB2BZIcSdiiXpHtGecYHAIohL/ktRf7f02rHyuZqFwWUmCtmF6K
3J44Nhmzii0CIuZngDBnlfhjFEtLdNtu4F/Jy5Rb4feiBlMjN3uyVBSDV2+1IUqj
95k8Q3i12SLNvX1JMzWWd+AQMvKPMaNE/F776o8RWh7Gtb/EMYtqyq4m+ETK27IG
tWs8RY3NIxTnxmH0xqpxW2OCUxhTT6T7Jt0b75Ndn6AR1SxUZJwROcr99D2TYTCC
Gm4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEA0fItOMJmuuIznitDSuizqAghpA
PImu/gdHqI8w27p1uY4OCkAIAPpx7ii9ac5N66Mzle/woGplBdTW0GFPiFuwRBdu
NSW1Y5KGWYtnHztF3vyJLz0TpH7DQbit3BPZDlyj0aue6hEmfbT1hBDjPDA8fWim
/8lcy25CjwSHUnS45l9pOnZa1n6UHUgOLvrHr5Oy8pDkP69gD6bMrEEKB2VGSm2x
BbGaDxr0N+TS2c31+nFPQyteADBanaEuvA85LkzlWav/5ugU0QM+XOus2bWkXRjf
aetJknZwytq/kYLmiyNpaQFC6FB4jsZW5Ac9xrHW2TXmHAjjni/KeURWHDxbRi9b
U//Ye5Lj4K/gjPT2l6C7XzmtSRdscizEYipusAwIMRe/KsxOuxTe/27AiC5L5LUG
iZCA9Fk6LMYXJPCm6a7wpA+iy9cf3SqmrxmFvCbUmbdL8QVtE4HpSiH8dDogjMFe
ektnGUzlXvQpvdBDkpqYHAv1OIHjvwUi8sA0wKE+LYTd+0ORQQVJ/ZibZkDVSM8B
ZpR7FZvOd2yp3mrAWOyOugaoDcfwLxguk4ZrCxp98ZftgbPNEErgkv+9JFIjU5W1
Ewblm8BC0qytkVNjUCR8Oyizuznpv73sN+AUw4RoKSYMMsZqe8vaJW/c9M+Z0uFy
itTDJTYlcqhttdfHXxGAT5R4gY2pTcuw+iOPIa09NxiOt2LY4oZwUT+cFqlbfOo1
4IZl+KiYhAIQONoLoUjQb80cpqqVFl1XvZhvotfXzob1yCavKsoBpOt3b9c2lTZB
dMaumZ7VsOXOL05dLSs8RSNem4BH5H5uzqhfwoManKz0hEnkENLNGZDSVzfBYLE3
NgkXw7FhrS7wz7Jkm4TrVqJfXU/DlGPwFP4UwkN9A8gIkcY9dHqFd7NJGNUfGgp/
E01MGPlWOKFj8rFBi2ZJ1SZyNg3yDm380bTc+3r/2aglELwt4pdkWTJmKg6AbXhG
z3FfJijIHplQF9LSSx0gSgMXdfXJeCQP90+14J3Yc7YV8gaurhgOffX+5+EZfldJ
S4s97bY+V3ua8VQw1Rk+lTMrYw9dn9UIED99u+E6BU7RMSRBTu6CwMqY9PXOt5VS
D4AC/VZlrw2UAJHAGX5EVmaGc/1jXQ8jaQnHVe5seTrXBk8QykBBuXCbIikyl+1D
ydCHnSiuF/73Dtm1o3nbcOilw4Qia4bAOTji3vFwN4ytaiQ4Ufc+7MTzCNxeWwZg
P3j5+VlWJ9xebQ/OM9svR/4f3tXOo6knuq2ipElxcvbIWzvVG3l/HUcnYkuEAqFb
Bx7SiJ6ZVVdXabz0ToVt2dSn43zc/KtvQbZ6s5k/Z8KO0ukpB0GPSt0UsQ78mlLX
LrTPp8H5yBJUi55glBxZzszUQgfU4nCdcnkGdARTXN34zTnc69ZwzhftrTYN3Iu0
WU8rTPzdAebSsHOOvSYpwRWh/ifGRVwt8b4tkqJtjhwXGv6bNSrOe853qIMsf6/U
lWTX1/A6sU52xJh2ZDlIjuRxIDJ+QGIkKH6D/pNnZTpxpWy6pVlie0+OEYn8RRaD
7/zsLFbX4s2mJtur+8pV45lAMP7K2qNziCzHCuvMb1EiP3HtGcwJyBLKS0rV7kmr
A8lDMniPbxkzfI4ZCNaC7it98oegmlR/oqW/8wNvccsHW1opGsGQzZ0EUTBWTQZK
erJfr5FkSiEeZZ71fJ32ZtiKlDoDAHqCPErcU+K87RwzMYJmWTD3nlv1fQb+4/Z6
66ZQo/v0AbcTYY1Gif/H7XjgVtmnizxOq7zYD0/etw5pSu2cbbVIJkGMaxQEh//S
vaAhLqgAU/KfFft2CzChg6jhO0HNZSe4zYhxIRPTnv0HjEwGnhZph5PCOmEVdPQt
FkwK/lK3dFvnDlpDXM3W2YP8LItnsHG5al+JJbQ19yY3GhFXy8HOFQde05fO7gm+
FaOSqtORNX3x+6IROthX15iCT5SXIdHf6k0pZOvoRdzcCc6Ztx+qeIcxQ5nKd/kE
OKD2GH63nZCmXiv0UErC8JS33x3yzmpmzsFXt9/qEUviJjAKh9mlo9F8puT0MEKx
B6S+KTUraeLU2BVznb3NwpVZzM5sEtMXqa4HlZUlCAzQ0ceUpMAVmNkzf11CPkhw
SFjhjX18eiIppzxHiq8AgIx2C8CDRNcs/P40OSYecXt/S/nrmXx1hy1RXMrG5pqs
7RsqxcYfxwhxliupN5Sd0Nwrykz+R5Xys6C0z1am4EOnmdMHH1bmQibJt0zaIv8m
Gillmor, et al. Expires 5 December 2024 [Page 188]
Internet-Draft Cryptographic MIME Header Protection June 2024
EuRzkxtg8shdzgYZiXdTX5/ErHKYVz4GiOq4FEzoyQufQvdabBJXsMiTd+0HbyaJ
bpjD496CyWLl4bHUdK2dV9avlA81CrdHEJlUkZwDw3XX91FKr3/7vhsecolI1fv3
HTBKSf6Z9rowgYUnrxtBP4Syn0EOfDsNVPUW39MX5JYkctnL6dSwWsLY2ptpYH8l
ZzL6jLGHqsVhRFxGsnJ8JBZmzMJg84cTdWufjfCtUifz0YYetVbq1wsyptdvnsQv
haioq+b2D0Npx68pYjOfVxTJ+q+qrWBMJ66kFEFJ0LjP9JKn/pEeSRPqvMfp4nxO
VqOfAQYIPvhSU3cWYo+ytQx9RsZbPB4Vf6g6VihAw5myyoXMix0fc7TfvMjF0HdM
UcdSLEXqtQK9nUqNbGW/y/NNjyoH3dwQDRuY0b7XG5/w5juu3BMh4VJEBzBTSX+c
vhhBfaDvX3ZtRDLvMVMXCAFicIozX0a1e8RIHw4/VXfyVpQMtI870RIRcgQYmq4K
1l5bkqyXS3jvC9UYuN2yK0Si7vcsUjvcUceMc1Ghrz0OgGcrXJ0YXOm4rJM3nAc1
N5AGqHjeUidMfzfzzJLqyOXcI0ciE344C9euW8s2oLNhoYzyY5h2++ZEA5IseNOR
0QrBieqL6n7VxiQkXGEKGSqL+bhTIoY0yq+9pD6efGcnfCvtcaz05sNTcqRTBypD
vHkFSTgXOO0dZHChDFFBwUmC0c7NBIyHHxUWfDSfbXdKEUcbpgzQsRQWwMOWyK8M
XoPKO67dAnMxUyeRkfd0vyouK4DW+hseYSJFhCGfDJS/P+NkOeFPjjGlEvEGN4U7
lwM7X9kjEMN96FxikzQxX8tXCa2pyL8HFHPBa+XaATVvS9Woe6U6JQARvRw9BM3x
gL54iJJUkp5i3EwTOTWkVSz2+NLJ//Sh+pCxpQ8QpDnw8gNFdm7KSttfovVJBuAV
Lg/QHTZAZckKg4WNO2otUV+IcOQ86z7GBCS9srv+z3DnkAN1Gg0hWgqJC0tVpQuY
Do0u0UdeD2g70Rrlfte+tGB5M7ayv7mgVQx5IQTiiSPIBd+TMQIrh0+6BtK32VXB
vS09sEV6TSIltKMNEVVyLevsDfbeM+aVt3CntbWMy00Ro0mJzfMBlWj3aeuX3YE+
bmuRXwsaiZU8RfhBeEl2EW0D85wF8oli38QVBTdKS2jbWiero0wA8sQ+yp7Iucuq
2GX46DByQOaYFQ7IiuIJLyuaHIc2XpEbc7hQEWc4jyPesP90PfypNnoMeroptwiZ
LYbsfpnL8T/cqbMIm4ousP9RbFrAl19DxQI0bBa4TI+oNJA/bv8pYOrkjhcZlhG6
+fPAbjLbgMJ47NDEHJjj9crAPGN5zJ0NHDEB5zmDqJ7n417scu9oQ14/mV8R+wjp
bOVjlGKY5tnxLMVo1AKsSjm1/gpWBfc2Pa3YJ5yaXlQW+qvuAmRyStQB0dzAItu5
8ZxqevRtYFAd/JJ6n+Lm1PwVuxDy+8gOG4S5v7hnhvVkm9WkJN/rYC96oCNTVS+e
3gatDvdCldlx0fH8bGBMwbxbKVrg0dq5r2rxJWVkQfyJaSjZErTI6OKs68NzHwk7
LsO8ofMnw5l7+w097jsy1PT2OAALrxk4QtbRvSn7bLXsskD1BACHoI/dLJ3OspmR
vxNPV0KqnS42cnv9B+oESDPQyvxV0rtvHla14rnDRYNsNeb7buMA961jXrm0SMlt
MPxjVqpSA6NIyQNmHkUnKqh1D0xMNTIxtVgIK1WgmD8WSQ7hTYrVKNOiFi0eO8d9
0TdywRvtVZW2CX9/cK8OX5EDWtN4fXwr6USgRiL2b3jVgPpB7E2wvcwc1rcreobI
fPhyeVPKobfKxjGnWNR0RaemDqnX3wkxl1iQ4seGoajeUa46+UyR298DS16aeLL/
grSE1Zg8mqLhvi9LwqR6jBrm0vIC3kgcq1UtPUKjADzHmJo++nRP06/Hfwl20ucK
87u19fImW+qvUjuqDn/u7rqxdhX5h3pe8YPeulGBH1xOuBVg1VZcypcbktyARbbN
BZ9yjsavTnRm1K+OD7sC0tgK2GscMj/VRsJhFtc1VHyJ0xUyVmiuUd9ZmH57hDSM
gjdQ6SC04rcL6e91vGkRvyUZpbExdkusmMT55wcnBlVOGADI+YVEbFSc9lONUmca
zf0hvwmnmNmJPz+L3ee4N9fAKAM10cXZrRTReYTNF+25GgBVoRNVhP+IFk0brpF8
kmU0PxNv/INQWL7zjehZCC5VyWv/WNoDkkTIsOdLb6dY1YHKVaHY8jf3fuGMOYdV
h8P/RbdQLZFNB8IJxrOoJBJ8xt58UahDQ+/mkYueoDmtVqFNvtmltupwtSkX4N+o
+I3QieY9wS63aFzQ5om2vnLPlJ/xHM1MD+J4XyfbQWetMd9HMTTBIvkDKdKhhTEW
+qS6IjfNs57E0dpB43gCM00LA9b535htcz/7MGJlD7yMZEgffEuQ4lb52Sm3w3RU
o4uRNXLMbxfH4s8rj3FD498/GgEWLF509BQmXYdeT13M3DCWKUJvaPShGadxoxuV
AIh7t8l/lCo2t/TlfndRCgNMJylcDqW2dgoBIEZ+zu0glJSTQOVOv06Z1uKYLCLw
Jd/ukXAdE8KX9IcibKNdljT4NepHIlvdO+h14F6eHmSNdynh3FYngCofeANbp/rZ
RWPUhfb5VeF8uixmuGDwVvDnhtH4lX8w2AKDLDRG0nHdWXZvy7ED1gyMAE4SxDRt
gtZ2AcQWHDS6SRTyMUDwA0/O+5+NQbyx5PeiaVRhr3a4VwFgyLI8vurrtPQYPwXp
7JRmiZsPfzrkkxPPlnIn5PulbPQ3EiDdooPR7hbvUFFiAERjpFYfvpGDLukwTZct
CHEpy35a5KjFnHm1pkvrabL6KejsPRjHerUnfkTY46wXYQKSTGX3AJOpwk8BuXfr
BhDfT/NlN2SHnDzhCPbsBhonXDWQ4xNed7S+fi2OTZMOwCVuSIA/P3w+pwiKHGHK
ePAtEhrbP3sGwfgjKHu02oDhXV38RyF5/cebCx2bmNPECL9g8f6VGPW/EROC6i0P
Gillmor, et al. Expires 5 December 2024 [Page 189]
Internet-Draft Cryptographic MIME Header Protection June 2024
nyELxsBwXo4AUWhtHmOlvwL3DuviAlwMXl4a/Y3EUnFdrmdZb5NYDFlzF7WGaN7f
MUrRbfJCLyRYd1iSJIEQZSSxdIfzjBAeu7/QerJYiVwck4AFILVznGccpx3U+dKr
hPSV7t5/m7rlUJdGRinMCm+W/ytcAdRpVpvrdzN3PVlwHWFWQAVIuz3gO4/I7V05
vDLhZD25xT4Xi9ckcIlLAb16Vwe1MpY6nxvhLTlHxRI35y30qOctMnQ3ZVgXeKmR
UA7FdFDFKvx5KFecJfvRNneXzV8B+SvQfhcE+osK7jngI7ykmfWdnsKeAZMgr/uq
zbglPUhUlJlV4CSHb8uZz+wVY9b+jUvhIt0K5GA6VwZ4FbHfSR5uABPMtD1BNUOJ
wDHsit0ggll3zuL0X5dOBzbqRaFGSzN8ZT+Ro0xm4deQwzAp4+3mDIjdYyTdA2kw
OZard8q83nKQCZjxRk9eW8D9ryn1XoQNx2wBGZltoVXUZSkmPMcvKEIXZqFG6WJl
bbI+bzYRkLUkomfyPR9uJtaanXxufrd5RT84fqQU6SJBV5A4MP1kSs0W/T62eY9M
DfMPzdmg+c+twWfuZ3PsLPcJVPVSZDbA3iegxgVncMXAZ6keEMYyxVQjfaqoUDNp
CXOKHTOLkgFTSGhOVbQPLAFHufBeciwr0VykAUDJ5kcjL7stvyLHRCe+5iAAr5hp
KLw7LpvZT+8S3TgzWE0enWmSwu1sSiKb98iKRQpIbFnq28y+6L53QueNSMJBX6Fs
M+ebG9sAXKgFRNXXlGi0bXnDmae0dwHsFRDhURg7gPhG1qlhN5CAa37lQzgnOQ1B
/jYtBtF01nX7unelJGNu1HrQCYM5qxVpfYbq9uBAcj+1EYkyKSvcfvG9mjFZXxyd
NyzuFiqHcGGwz+infXXirnO67ZylKyBT4EUe+UgY8XzLfQqv9BkNBOR4+xUrzwyo
u9dCLFt2ZLQDQyF2g7DtEKWFgTf0TqylJmO7AKI5sp96z+fc0Dft+WxDxxuv+TYK
XQ/OZxi59imKsR/Nm2Wy8pEoe0sArB167QT8WaZTg/DbpMWe1vAT+vupP7dZ1Qf4
W9d//xUmTEXfowRfjdOT3aNjDh2F+Jfxx1CbLjYbIc1c5uGZ46EHBQsX87AqK6qT
fNCNYoHemWztKj6HcYJKoAVLR5bIJm0rIot3tTNOfcyCzAxdcSBMTrxXfd0Tj7ye
8TA4RAI5CcWWKhiwkSh+mcMuYDERu7a8IRoEuJa9Y9x81ev1hDs+DGGzmRQzC4c2
434nvozDjL6mEHKFLnr0fAvEAEe/LeyrfBC8WRlzfY/EJhkw8/bm0d2FV7hp/tjI
IKKiWmfTBXe2E8IRJvLVyt+9WuI+YuUXWg5U0w0H4p4cYp/tQwZekdXUhliXuub7
kvca+2jp7jeG2CrgozgmHjASM9sM27eTgbRKWuzA1/fKLYHvWwOKYVIw/9WKjMC2
Epsg+1LiACyE9gnj2WP4/zIWKyuBqL+5IeOJjoJar6rCtBxA7nUdeu4z+1H62k2/
O47YMMXgDqk5l6Imo7eUfDt5atxUvplTKhkjwOLZ0trRFh2zGETG0ensk3duVJr8
9IbcTmcMzTsSdtcNFA0gvCDGv6sUFwONjKgMy5foYqHOOnIXlpbwjZcyMc3bs8oB
B8u/C2CkEJ2DZCi+TTNuVISzB0eP5POabQ4exfR0u2thxalv8OHrkWhWS7rwiY2I
S07cwx1A0eemWVcKUHiVYtzOurvgdnfi+mYXUvrlTYnvkDfE+dE7UlVmABStThqW
Rl8Nf1CLakAzSh78+tCzlpjhl3STRvVCLh4QeSc8nwldxVZqVTdy0CUqF4+rJEhW
AV97NyHLqt3gOAJZ6ilET2zWoaVe7WWrv+Zw2tIrxVYPdUdna+L2T23E49Tg+4l4
de7MZpIl//GiLt0zVhIqzGg3e95k98CUa1VDO5MpqDefUD3+HbiEJ2PGfghut8Ml
wzK4YKpbamU7kSM83dvip5E9hWCzWUhYfELbq3RYMRARcsaSvkLRlRkEv96GWUv9
p0ME0JVRNCCNWHNVW/92INRSemHtTIXl9xvvv2Pe89xUzo7+U3Nvaxg0DIqvf9Lr
WtSnZHgEHo29KAczff2jOY+/iAbE+5/cmc2Y/u39qOLvb/7mz4KS7imjyJUErH3V
wxiwt2Wyv39nQ8w279rmolkf0s328mK14LQE8YK4J+lX1nbBOzKBTBr5RvOONboi
vO9u0AxehRDdNjcQQvI2C8LPcDlMuUJLYS6l1RnslGOccZNy3hltzH5Y99tuTE05
vdaVNDFVSYRzzzzH4zLmYL+9nnPhJlnUO+V54i8ytp+ah0XaW82VoycjCL+lgUKT
2gKzdIRAlygCvXNPd831pjPlWqQnMh7eVpUBAFq+XMGtLWUU8WxXC1jlSMH7PO9F
esEB0h2PQ8ZEMtE5vY5Iu+vSgWfxLx0UJZx44q6I5M13NIBOaBF/VisevMtl9mU9
OyxSbkUpwJsqMNptpZ5s9JTu7L94ofA+p5FvhF6phaj7ZW4GOCoGyThXMPn0hJni
hYAyttrI+fq0i+E6Au07HIx2O3yWUF+9mrctTcPnrinfcojnWTxp1MmjbML57+Do
5SObyZUUfLL5vorcVweOmPoy3uKQZZOFxpj1f7kdZWq0cpcokNkoL+W2X2TJ5BgM
04GA0TftRyzf3/B+ip8/s3H7HQf3SBqYFHj/uLXTIavFKGw1Uxo6akOZQjap1DV7
ClptHH9xM8UfGRPg+Q3dpQXa2xfIMTZkioVEh6xizV6rOj+O0+qd6L0Llw5wba6V
AE765BartXwJ3Nc2RKYN4Ug+754OCASsrboVVfq31ziHuhiTlmCrwKs5hfKm/WOQ
2qjS0R3RQ3zIoPi4hrmdt4W0/B0vVDYXx2PwGxHc4Kv9e+/7DMJq3OpNUo6DEwRc
FN6fmNaZf5Wm/0YvP0WPfwfRSNRjIirrd0w7mf/XrgP/uXYdjztwI4imexORztZQ
YU2Pf5DSkgaNztCIGR3WvJ+rYHY54ZX+lrZdB34f+bsK0SL9aDGK+kQ6EHQSSgD2
Gillmor, et al. Expires 5 December 2024 [Page 190]
Internet-Draft Cryptographic MIME Header Protection June 2024
yaBPAEvVoiUwj5zBcA8XwC/i3taj9B5pgtJETQF2BUGOCgKCySokQyfFngjbZoy3
7STNWaALwNIQYw4vl10FYMQ2oCgY+J/7n2sxu6lhD/Au0ZR+1yiHpG2kpVBeF3/q
mMN+2dK5cyVBeE0q7i81h6SoT07zLAdv9gum0s6YpBFWVsMADxJ4i2Qid4TSQLuh
TH/Sq9VqqTULUY/QmLpBKzzTPH7InJgHfO/6cLffS0sfRzFHkNOoZoIolsKYV/Hl
vvLWer5EC6yFbieF8GYtURASqJuSFIBzv2Bbdg+tOIIWSV24F9Nsg2CkCw2iGVji
CGPRNVk/A+dAh6pMlGF4ql0XkOwkxMcVS0FXh4QmiuUU54nepISuElYyoHUBsAgg
EKO8mfh52p+QZZWX5zASNgct1dtfHxpdw69fmCdm+MArEkjI0EHmB0LgMKav7S2f
D3+5t17G+cmKTl2MEtaMnlkK55BVWUTdIeElzl7FNDp5FDj5/FMuzv4CHbYcMZrq
HCRSh2WbxAwNF1Ev1vAqEULYpo72e3nhpeC6UmnGe+Nm9Hh/vQFR8DlNv8jvaSmE
B.3.24. S/MIME Encrypted and Signed Reply Over a Complex Message,
Injected Headers With hcp_strong (+ Legacy Display)
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy with a "Legacy Display" part.
It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10900 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7062 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2527 bytes
├┬╴multipart/alternative 1451 bytes
│├─╴text/plain 495 bytes
│└─╴text/html 647 bytes
└─╴image/png inline 236 bytes
Its contents are:
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <acced3c9-111b-5a4f-bd80-34558da32b4d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500
MIIfbAYJKoZIhvcNAQcDoIIfXTCCH1kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABtrEf4hqhQG6EnxJ/QUroVp2vxG6nHs1jw4
I1D4yiCdn2uFh006fmcCpbEyTJc1TbQxJxkCnP1WS6OisMCR+wcM2qYq/CKaLYr2
sEV0SzYtRGNr8/oha+oCLUexy+Qw5QW8Q7hOveTYBSX8ov2mVk+KSkeJ3Gl8u7JQ
Gillmor, et al. Expires 5 December 2024 [Page 191]
Internet-Draft Cryptographic MIME Header Protection June 2024
gxzIOcfSlh5m2gbe5/bFNn9jZlOYF2U4HeWNrCZQicwhzk98UKF2fi4NXNJUJ4UU
K34J0MPs8UP3Qj4OluQlL72Op3jzKsA6hVAkpg8hgktHT4v2CtImqOwaHORNeJpA
3grzcOUzt7u2BjsaKVfkplTkC5Y3e9u58gywZ0suJ3R3e5/+9mcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAfv6IBVu4GdTGYCZBFB6tLRxK
hR3IzawNB1RSlP+ROC5dK4098FpS1QMIIxmr39ztnqqWsDeEPwiXWDR2UuYqqEqE
SK2l0cv84sjUtOgGdkg4m7H3m1mz28kuu5NpdohWDejp7ljW+zNzcixOkiLaxYhS
7jP1xXPz44iMW6Aiqi4GMDrqa7zj7S9tIz3UfFrZkv16T+RP9FoT/yPp5CVyQWqg
wy1mepAF1jcowipHuouvlDrOa5imFflH49PDY9HY5u/tI7GvUc6Td2LQJxGGF9Jv
NsOfY1ZXsiQTpQpb48yJesSSS7YzqDOAopc9xL3X2Hiq+bN0ZPUEAhkq+WnRXDCC
HD4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECDKZ0XV2DeFNy9GmpKmtpeAghwQ
a1D88CV6C2SvpyvSJKu+FsGXdfpMF0tLN4u6RgyjNTjz1eUX0FMx3H63PVaqQ4YM
IwDfpaijwp+yIudgirqEzZebwu8nlLssUbMJFCLvalxbuAJrBQ3aisosPuQunsO6
Wn+sVrCV3blu9BHO4XNkwzMPk2PJrpnObVFHOwcdjHggSYQ0ILs1Qitv1j9MxvQQ
5kDNsDVphAO+n+4TjgHf8N1LgY2fXCRHqTgBTuhoOjv3bU4jVRd1UflpKRXFZP+3
TGFnqzlxi1/gyyDQShl84xRcHAxA+gs9Zhwysn6WKX3Medjs1PcA10h69zlTfgdh
/KusKOPketfrEP4LvDSnzObRYJCaAA1gNEoK/JOuOwyPEWY9Bb/DbML3gZ5+gFEW
/ZcIEtnZw5IwAb7goI+MJkbSp0RVstt/RDWBFrPPIBlgi6/3TJndQ6xDPSRjJJeV
PCHk9pdvM/zw9suiujQLFpYGnlqnyRAbtZgAsFyk6wgsXJRnyLuC4fVTX6IXLpJ7
CjKPWhqxPjdxcKhaH/N3d32BXW4bPNzutFZ75Pv52nw/UI9/CUIvJPfSEZqMWeSl
B7x/Y/WqcDDRCd2LoBfeMlBgGYKd5NNIB+FuO3cUXwUdU2TlhheQcOA9nBP0Miy+
ATFylSuVjRmL9/vh9keHsYFp1We1ZHZy0m2Fejc7qoR2Qf5chQkq+vuuPRJ9NhVI
1MqrtCAPcOGQyxnhcbtQeff/6mPnXiAu4T2h2pKOPTO5Km5srMMpztn4vnzsozAU
5/e/4EFU2Lq5qC6IdbC2Y9P8d5geRTw7DqLnMDaS6MVMOnBNlxhLzmzJfqliIugh
I/bq2XM4dpH+1bcWedU7RYxt2QDYnDSNw7lKpFHtDpmo12SEdexAcuKFczHBR5Xe
+UR3guaMhe4t1tIJ8pqzNU+ToxGCrAFsbJREN+0ESBSwIJYLZIv5q0eTebyHVy7d
5l85KyspEf2m/Nd8sB7rnz8hniU6Gc8EQGdsSn+92ycfEnyCPwzPuoEkjdWq5ony
shcsD20XAbwkeO0Ho3BBGD+OEboGpf+UjHv9B1knrF8dxsFyC3zf2gXQTx2awSJs
/E/gKw9eyVbDTSmyls7/Itk8MBYpTSB+fpKMfsOTHKtGdqcRD2EoBHcjfNlM5oDY
2CzBGR17+gcuskSwcMDcIJfnxvBCSr2uJ+AyTsDSameYCCGJFmN2BxZ36X/HBpFt
U+QcmDNYdx3SNGiOR8qPD5mrvmwnYvxpOQEjSGTZVP91tuZpITXcBEcr7kSaHI6J
+u7xccB68EtygtDZ2K8C4TKYRd51XqsxYa1ab+GfWtl7T0/aJNbDeTnDmI6vpMKQ
m730bhO1Q7JjQPjRnTBH12NR4QqKfQ9V3m49Oat3igXSTUOU6Uu/DNrJQvMZ3Oxq
PCdgX5eLgBYof2foS4bgnPHTbVjuqsvNf3lo6vyjkCxuuR/3/Qrgh3FstQkxgmmd
c6LUgUaPX/AAThAkpeoBH9vWD82U58R6ejpxaSAACiS5+6ULvxWaixwXeM043Obd
5chVpP5nBVTsd+r4j1yaIWIDq2F9GY77yWlPwfiFM/oJLmvziBGqXh/1uV8DrYbB
hE4BEw75IO9h84IpEb6hlzyQkZYymaOr2cJLRUExB8mvpJkB8Y4fctvNNG7GtC/m
ynOwOG+nXfZ/apCn/JbOLt75idEsrfQQ1qbx4hPN4c85kFfPavqFGuAtMc2UjN0h
rdRpvn5kRPs8gC2Qk9HCDMlDOm5sMPzdPV4oROIgv4PEpJZMWDIRZ7Ld2LB2UsWB
Hf39phVlQxsy2yjGc+nfnRYvEZVt5KUve98twMKZH+cYvIJCQ1T2pKs3Nt1A5oZ/
w5kQ/OB32ka9nF3iyCIxfOGWWQMOKckQI0SDIkMRPX42IDWcIvfvIzr6lcnJYF8b
2z4Pad02SHkOcP3DwWP4PZQgZTrSDuWkysVy04CUkLfHi0ZG9ziSacTJow936mEb
EZKkEiBBDZtxbvXnbovTiWEarNmnCXoXYG+rutml3Vfvq3u/7Slft4iJCQlUhBsr
93h1A8MfYM6KHQ2anQtR0RMQwzHn1Yrk9QIYdkNnLAPzF95ELcLD5ciPFII5jFTq
cNrgxWTnDfMH+ftaBMg3Fc8vxrpWSyfHMcfotqsYoInrgcpwY6Qjha1u/dXhTDbY
Ks4w5O3IoCZweWyrVs9YLGZ/40XNiw5NQGvZ99gk3CCE6D9ArIcFNUHLrQnricI1
VhCSHRLLClG4h1boMxx4n/067XG6EZO5t/eSYu10s9W9LT7X+FwVuoSvBpPQODQT
Gillmor, et al. Expires 5 December 2024 [Page 192]
Internet-Draft Cryptographic MIME Header Protection June 2024
phS7Be7E+nFo/To2TvAvjFCqVCAy3J3en2mQzblMZSdjhC7ZHWtFSXSu+Y5P2vzM
FVLx+2j8jI7/sil4Pa7ry8gseJTvljyYc3+7iw/RgL2dZVL/CGSZa7iiQ3tOImgo
laqLJbTn7egAZnPstXduLm064g4Svte4i5JbYKhh4UxDD+sGfdqW27q2mDz7HPMx
gQJY0eQRt6YxyuowXCJmOiudpAicXQbaKKKjX26fC+b1heqVUjnICNFwdzppWHI+
ppSnTIqq46OJVmG1USFNh0Fft8q0r14WwPBvlHk04vFbwfSemwj3TSirUerUJBDO
sKwR8cT70ONf2YEQQvdW+lePWunrr8e8cd3aCj7+2+pHF4/EqYZvpZuMgqEaOIp+
RSMQbwzDsZbIfDHuCwzup3t5M7u7+uzNVHd7k3upgZaLTh/5vLRWAj85CEF4gnoA
ut6601ZWDbZm4sk68aaB7tK1sXvlwc+qr7jXDwF6whQeqdLrK+tcDKpKn1v9E1GW
SmID9qgMTveVE/C9jeu0GB3XKKAGns8HuDp+PdrESJlsIU9AQH21+K2Mz0zX0DwR
KwNPXXbuLduCuP+VCqjz8O7Q6Fd7/9l/ntCBbXdoqhJ2e4FpRVctYSk/H8Znja1q
GJQTE9Ai0vU21NAhvlAwoKDJao4J/8NBT4ffbwjr+IenFpeOzDUV5GqB1dIgBEXR
h6tVVJARKl1kqcofZMX2u6rFwE9LVisGCrQmaLXWyFjwfQifSW86bdwBpIFVhuoh
p1offiJnmMllHkkdiCqhicER7PILoCzl+iytEvoA8LV3Ae6JABpKVj2BUBM1YuCB
/fl69JwZ4Laekn7Cbqw8IxFJggHJOmHoIv0kJDmF4uNWYnZVGGrrQhsuAi6nylTi
27O1fokEsBjqoztyEMcWRGvted29Sli9u4jaYtQKe75g2a15J3MrjLEbYRynPXMD
CbaiAIZmEYpP0x9zEjZk6DiW8GB0TgTwpl3ESektTtiYSBy28wdtEySd29wM6gHC
USeRooO+lzzYV9Z+YalKujz/7Bs8NX4gMQjSXAFL/rCf5Ll4ELpQnkvFcl8YtEbI
p1R6QuZ29cW10JnFa4v1JNPgbiSf2cHN821gnY1+nZvOEg71zyAw+pIULLTVm6r+
uwcs34X9cT8d1v+Rh59WivXt0W4PVxiNXizixPj9H6cEBnYU85ZlYtpuR21Tu15+
KalsbbC0U2jwIpSmylXnHgBojVj3VrcERgCcFEyNBCmKibyIALPcWMhQ3NKBKps8
QI3yze8SWN3FLf0Hj3qbhK3UxP9hzW7C6CVdmjUPYNzo6RKcp/279AZBRn1MLpYs
Br+0UhDHXGLrD1vphg3HGA3vABDFc/jZEBwnE8fhshl6tYX/EIHg4PX1/+XlI7F6
sVhQmm0qDsKFZi1LB6U8vmxtl3EhWbnSwi5sk9W4c9rI13ULR9WPb8rwyyKKB8iT
55M3Zw5Q8jjq8hAxstTUeTUCQeKjD6fo024j32nKKDwFMOnKynYBBJdOsXmG35Nu
k2fx8pNhGeRhpK2D+Zjqvlef8vLFtTIq5s6hCY2QKwWekuzHz4VXLTQsg98xySvT
eZhIuD2mSO69kxxhu6BTnvLeT5a5ejcqf4O6E608Mdyb//hp7D9TEgWR3/veRI8P
UPurmyMoBIRRRCzzr21ZlsCSemoBTlminDDeOMK3vl7EsExeBWi1QoJgPD79kY5F
8C6tLn0KvSUpP6RmgFEpkOlW78sKxGoK8SW2NVU7WBnzZ1xTtc5/aRC5fKafuxQ0
5KucWBdQh9FE0RYtALRtp8Pcj8TMJ2uZoWg0VQZWn6DenYKmpscb3zEf1aq5bvNK
snUCbzG1NDo9uBwMq9TMRr9a+mridk0Og5PtkFQzk+ts+AXwS2WigT7MWoPoa7YN
c2r8PMg19Qs6xxi5TrmIjs7gBpZuA01f9Wm+LDLwGzIYWciXVKu5d5Bdn1Y8w26g
d6duNdbbqZmDDRtJuT3xsUJNcZ4CvvdpdzCy7r4l9DwxDiEI4hWej8UhXqj8AHaR
ESW2KstOjZvyfglwDBWyi7+Ln17BFKnkF7zic8+IaOVmXkvZTkB69KiWoItZqRmI
ePaScBK0hwU/JxUEhIXliP2uzTBAFG1c08stFVn+6DaE59OFs/YVemp9B2JR3C8f
vVxEB2OIfC3XDuFucrkB+vb3/pkvQwnEHf79XT+1y2Bb9EvorSeGI0VFIwtZ5Nb2
iGwW7ayeJFXzBqHZYx0QuzRloCE8J2Yz9jpQT643JqlMVomV76M2Szr1Xu08Sfil
qdefLopjlcdbAFn8zAjiTcJf16WM6XzM82LgP6S2s8Bq6iPyJM0yPhsCxFb/Q+Nu
78fidBcRuA2+BxQglPv47Q54ry+ZClA4SdfVkxuO0iJuQ9CpKT6Gf+TPUkrcSk4S
NvEN5dueig7jZCz88eSzjKt515R0m2vMBPI91nGcHz/ig2pRutJU+yHn5HoneUtT
ILzM/CEiLeIG+17vQSnSyVV5+kbGL8XfPntYLPgHff0qglBiqlDsyBeIP45HZSpy
vl0y7cs71EVnlZ4YGDiEYtagf1ahqNc6hyqgm6DiliCRuddiWfAUEVhRgXUncCo6
dIVkbZEkt6+EebD8U7iGjryA6KJzJ3okbE8nHSrCZtWJYCQNahBg1+byQgNL/edb
R3ywWnel3arYVPrGkJt2c8pD+d+cMj/FW5AWLfJkv4x0iwhZZzWNpSWqfdTxmHsV
23jX6VgCs8jvg+znhYFExH6rCTaSRe66rVpKzBHBBD/zkvTnmlrFlqHFYwVRnHsa
+CfvofJ4m8Dks+STHmLkubETAjAy0d8fH4nuJvcvsaFek5QeO+AVy9NsENYVOJEA
onlT1LLKRH/GJUQPwCGfY0dNPJHlWKww6yDauBzSP4vybjI4BfM3rwM/EiTw19Ej
+LbSo1D3NlqhzyyhHKDHNv+HeU7YBDXi2sxjjjoD2hDzVRhP7s7wjVQNfo94FrGe
tWsvLjin7ldQsae9UatdE1Ikfw2ZBFDDUDPP/rWZh+sxQk0uUGp8hQO3w8n6ZZLU
Gillmor, et al. Expires 5 December 2024 [Page 193]
Internet-Draft Cryptographic MIME Header Protection June 2024
ThmDN5l2EwWFa4ye83qqRNkaU+CpmQP5ZNVC5xT17r9sxJO3HiHKNdsParMZSo+C
PiLB1PS7DOY/wTWrl6rELMVEEioqFWwy9/HuQcTMCtJvHRHSbLNiloxA1+DJq2k2
FtLa2zdvFX4Oq/dch7iOoeu5APff8rDJRoStdtqTHkobJQr5DEo5n+rSGQlSfi5C
7LA76Jf5U6Kg0YCFi3y+r4UHAtZvL2dHVbdQO4TIRtBf9gIXlhUQ/tgmTJJ37peU
mppU1/Dr5Auw2fBUpeLwKaNL2NPi6HUx7BfE10TWo/EF9+sHd0U52h8TYc3RasdA
KGvOHu0ukpGHhPc5jk2GCHBK0jAziOhGzO6Rse3VllAxDW2Qt/7d4pAd8AapmVf9
7cuLzwOKTaf/TyIIh6nTsdFPlwLHUCyWShWiN6Ko10qidktqqZidTtEgqhzG9xya
VLK+3d9enqGbFWl1Bngkil6Q176KIvudiIRnNFVY/c5sJFvEkjhyCuWmZToU87YU
8plBGdyBsz+9tCFHoLVQfuQ/0LQv2FmXgHupZSNFSonytIsFiWkUjsHxUIFOD9nk
AKtYESaFTlCvPksfuBuGSpFObSZTqpREDTVnoCIaU0ssclv0do7dfPJvSA8t6uyW
iwmGQjtixDQhUhn23LyjraJi9jK5FlwlkRhef49vOPnnyY4X1VqE/G4Pcb0pEvFo
mzKdYuiRPoWxZXbgGDS5rnSbYK3ZXC9N+7Xuzo+kqDpTI6HzJ30h2tP6h/Zb8SBD
PjdlFhWrvGn1PM6YBdwCNzMSlsGGBiwha96ZVV9t1Y/R4/TAdo5WPMY4Fx16/H9e
doHh13uvJCApXMzhvn9bL5iJTwqP0/tPnFHBOgJD3vd6RlB5er9lTf0XMfAN0ci+
nru74fKhMcx9zlwKqO/rCIXitumVvdESnnbbTe63GoN3Jtp9gy7BmQdFyXHczKAH
VAIKpa1vg+rSRrENKPEOxp+VjSK2QaC8a9Q39/1HAKukJwfAOYCMtfKqs+iBVrPi
DzMRTQKJbidJAjWKb5mXLHl/JvtBYatgnsp//WZeeshS1BhHPY8nFQBdlBTQ+xU5
G78uFoZwTUata4fRissxOUEdrJuQlSSWzYPfAMm8xzg9uEc0ENTRmJ1BnPdMLpkW
zn/HE2JeZOJq5f4rahHgd5U6JbOu7oOloJMgyQiXFQkyEPb08APW2Kjq76+6Ja5J
ieVwu0niC0XZdqgX2YL3ODQ4d1GoRGAzYt6LGvK1O6HNlmDdJgFA4n/M/fDD2U8s
pW3hlaZPTavPsfTp1iBDeRsYq7zwR2VmIxlKWj94giEQFdRCsbE05TjbbsJWvs96
5OUPidxSKNFYhNd4VCDC0xNnCZEbLSjSLdAci/uWZGz8W7/TPhratWbLY83rprYb
FubyMUKEGnIHmsxdkbsJmQ4VaTFjiOhWmtoo3AnOME6AxrWSASRET3XlRTr18bAA
qWg6TdbEKFln/E2N0lecV1dFxRMu02cNe0WNQKUb/agt9hX7mdcRMfgiUcQbORz9
W6zUAs/8PkghnmOPzy6GP336Y2FJC5U+LZ+aLrdgWdVnsthnerYMet+gOo6JRvhP
r0g43D0qAuhPfU3UkC98+9i1OqUgzmXcRd3Z0yIhZ4cnLeQc6/OSgEay1URPDAec
QvnRxCZLuXWY3isXABxSoPyokc9F6kAKVvyc0qnUO0VzOxbzXN/KNfboq/qJo7lW
40nK+uBxP1AH1sVJXPGpaTNGCmbFCi27YbM53ikktYR3HXW+vDEPirFtT51s2408
gxJNMNzFxg+RdnzNwgnyQlzH0lCZIXZLug2PCgV4tpDhygG8L/Vc5d3geBtnZKgy
AKzK0hWSCX06kn8g6tVras6mfT5K08b0tDpza3gPwelGMK2MrAXgbHUHAKtsQQQY
CmsSwjv1OVE17BHqy95VnMMBF4DUOczFq3nQM7Z7tjuoNxUtaIhF9iVWElUE/tqj
UZU/0RPTnf/bsdIvyITgU0snG+mtVHr6oc/l3GImYlZHgIRjAWJ7qfKP7oe9nlkB
9l6JSfllZ8tICMfHr5AVnjtu7xDEm8VVL2Xr/TNxjplv+lRlEThxuTuFsUIdt6AD
96elwVbBAo2cFWmosBXZMgsdsWrovX5XjngXDDIFD32dwI7cADxMdIcNCrZFsNKZ
Xvzd8aHc/P3MuI8MfqugwMIzSVQghCYxm2VKxeCkj2FBUnzRhcLhM+44uHuBPZoc
USOCv2N+QnhcFC4GnD+gvfLJV3/fs/+L46QsDCNWOtSPAp/1sB/YDaoSWAcOPsBW
9DsJ7Su14IVl+QX9A5g6J8W9fPueTPjcVNpWuJXrjNVeMmC7K3A/+JMbrOyocmvP
t+cC1B81vPxG0BUCJ4af2koIcda8yQ0byNWruiaQBg/Yb968zDhPCBn4hgjSjkIj
m7z/J2iR/OMCwDWHJxZjf2qPOYCeuU3IWPB6rvdCDFDrfx7pfKYQ/A9eChj1INmQ
u2qAu17oxZ+msTO06yfknaQaoS0glSUIwZMj6z5WsZIh9ABF6q1oDk1P7ZFq2r5+
8pJUMk7fOc9RqKwwWV4wnJX0KAJKcyYutx0rwoapdVIUdiaaU21v/b+kQMruk+ka
Iu6KKAOiOBD/UXUbc0B9HgOV6Yzto5fiVR7fCcNxs2Use6ozai2HfX0m6t5CecCB
RVeMHTG4tVKbQ5mr95Y5gKge2dL9Jkfr4bqSlOeiIM7PV0DzXGEtTXeJk5FWb9Ch
0qCu9cyaru1XY9mdpoSeB6/zm43osCMMbY3HVR2bl9nFHXH2hLMo+Z8rHoPLRfnJ
StCs/mZiEgDGK1sga91DYz/d9/1FnkcaVfSZl+JP5SCHFgJ1ohOSWEjhVOfJDjjf
kChNFe8qFgCZnfAJbLs9r04GVtpHgtHO6TS/Ty7aH8QN05PqaDYVrM3ghilI85F5
jLlop3oLdx95bcVIVihZNt0ESP7ZqkU7uKmemr/AC4ol3kcoLeafD2Mqwy6S/+o/
HK/BoVw7P08jDkEgp6fcLgexrI9m39d/hNrfxovYNAKWfZnWRLi66u2mqQY6yYKy
Gillmor, et al. Expires 5 December 2024 [Page 194]
Internet-Draft Cryptographic MIME Header Protection June 2024
TgxdwwtHiLiXJePSwVdemriAWas9MQRWTDPvtJYGi05hDpkGvHeKSA+R9mUTPYoK
05qfGSpLMt2aEq/7egWcvSqidfrJAJrMP4ZyBoL9BViHVMTGQ8MRlnkgCWJ7Ekb6
asKeKHZ1YMFPCuJTghXCCon0gJFfpFxx1vcmwOpKjHwz8D+zEbga6pgoBY/PKKvN
K5UVsRQ5KcbGJMnpmuktk8byl5YJPMzop16PvZdTHNE8ZUCy3ZcQP5ROd3jyTFkf
kIKZ27NzG5cRyRZ40PqMUbxqGz3JUf6OZOrxhA/pISSDUP4wqPEb9eCLyLLYT/54
nKN0c4+GlssvNp52HbSVzCx7AD8ekVOeRD1pRUfCPfWu+uz5BafBEJLvmqMo4/ew
ddIytiJATL/IytdbEkkqFecJTwcghV7fzZyYoFfHuZEp+VYbecROJfArQ1MALOy7
IZrexx4vjNqSE8xSgibF6tg88gBfd16w/IU710RHvqjyVQ2Z5C/vfhY9imA0QxAi
Vvoaj5+8+OovafLvW1kV+q6J6Njyo5xrSCd0iLldOUMNuUVyYbotNiUiivqh7OpS
wG2Hdhb3R16/TQjN9mSUy2cfKav6VSVsHTtfvsxoD0hDS5pvrMC9Xt0lp6hA6Enh
CeDxwFBTxWqRcxRRvlkSQtN82qy5+TIKFP0tTDqzUEyN2VuALpz9Dff3iyPmtoAH
/Gsr6k+GwEgKbi5BzfgcFJfk90xZYHZN0Pcgw/ARUa1HC+CmjTNx1OI9gae8yrrN
EPvLpggUSxJXAseyUS7YNsYyR1zh7/y5v1e5Q2YcBMADWOCuoYnyH7pl1/iod/Pr
RLjFVSCELqxZoRwuefMSgYrID17mns2Aiir+LfXR9SI3MLZzP9nf8rI1lC2zdS4O
IRiWTJbN9LTRdt77i6NzclSzRU0rPC4e2d1ctl+XATKjYTS5XyJaEmGoFhR3dU39
eG1A4PCkw7GWl9bKhv+iov5gEursK952jLeL0XUTtJ9Y8lsto9W8EwMydoyGGJWH
CJ1Rg+X3JCMxJP01zXxOjbQ7RoTn2txsNw6eoE7b3Mr5DN5C5EIut98WVx4UexT/
Kr6mBc5TlZGo4OGnXxxGbW1OxiCXzUbZwGAFg+wmu+c=
Appendix C. Composition Examples
This section offers step-by-step examples of message composition.
C.1. New message composition
A typical MUA composition interface offers the user a place to
indicate the message recipients, the subject, and the body. Consider
a composition window filled out by the user like so:
.------------------------------------------------------.
| Composing New Message .----. |
| +---------------------------------+ | Send | |
| To: | Alice <alice@example.net> | '----' |
| +---------------------------------+---------+ |
| Subject: | Handling the Jones contract | |
| +-------------------------------------------+ |
+--------------------------------------------------------+
| Please review and approve or decline by Thursday, it's |
| critical! |
| |
| Thanks, |
| Bob |
| |
| -- |
| Bob Gonzalez |
| ACME, Inc. |
| |
+--------------------------------------------------------+
Gillmor, et al. Expires 5 December 2024 [Page 195]
Internet-Draft Cryptographic MIME Header Protection June 2024
Figure 1: Example Message Composition Interface
When Bob clicks "Send", his MUA generates values for Message-ID,
From, and Date Header Fields, and converts the message body into the
appropriate format.
C.1.1. Unprotected message
The resulting message would look something like this if it was sent
without cryptographic protections:
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Please review and approve or decline by Thursday, it's critical!
Thanks,
Bob
--
Bob Gonzalez
ACME, Inc.
C.1.2. Encrypted with hcp_minimal and Legacy Display
Now consider the message to be generated if it is to be
cryptographically signed and encrypted, using HCP hcp_minimal, and
the legacy variable is set.
For each Header Field, Bob's MUA passes its name and value through
hcp_minimal. This returns the same value for every Header Field,
except that:
hcp_minimal("Subject", "Handling the Jones contract") yields "[...]".
C.1.2.1. Cryptographic Payload
The Cryptographic Payload that will be signed and then encrypted is
very similar to the unprotected message in Appendix C.1.1. Note the
addition of:
* The hp="cipher" parameter for the Content-Type
Gillmor, et al. Expires 5 December 2024 [Page 196]
Internet-Draft Cryptographic MIME Header Protection June 2024
* The appropriate HP-Outer Header Field for Subject
* The hp-legacy-display="1" parameter for the Content-Type
* The Legacy Display Element (the simple pseudo-header and its
trailing newline) in the Main Body Part.
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500
HP-Outer: From: Bob <bob@example.net>
HP-Outer: To: Alice <alice@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <20230111T210843Z.1234@lhp.example>
Subject: Handling the Jones contract
Please review and approve or decline by Thursday, it's critical!
Thanks,
Bob
--
Bob Gonzalez
ACME, Inc.
C.1.2.2. External Header Section
The Cryptographic Payload from Appendix C.1.2.1 is then wrapped in
the appropriate Cryptographic Layers. For this example, using S/
MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-
data" layer, which is in turn wrapped in an application/pkcs7-mime;
smime-type="enveloped-data" layer.
Then an external Header Section is applied to the outer MIME object,
which looks like this:
Gillmor, et al. Expires 5 December 2024 [Page 197]
Internet-Draft Cryptographic MIME Header Protection June 2024
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
MIME-Version: 1.0
Note that the Subject Header Field has been obscured appropriately by
hcp_minimal. The output of the CMS enveloping operation is
base64-encoded and forms the body of the message.
C.2. Composing a Reply
Next we consider a typical MUA reply interface, where we see Alice
replying to Bob's message from Appendix C.1.
When Alice clicks "Reply" to Bob's signed-and-encrypted message with
Header Protection, she might see something like this:
.--------------------------------------------------------.
| Replying to Bob ("Handling the Jones Contract") .----. |
| +-----------------------------------+ | Send | |
| To: | Bob <bob@example.net> | '----' |
| +-----------------------------------+---------+ |
| Subject: | Re: Handling the Jones contract | |
| +---------------------------------------------+ |
+----------------------------------------------------------+
| On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: |
| |
| > Please review and approve or decline by Thursday, |
| > it's critical! |
| > |
| > Thanks, |
| > Bob |
| > |
| > -- |
| > Bob Gonzalez |
| > ACME, Inc. |
| |
| -- |
| Alice Jenkins |
| ACME, Inc. |
| |
+----------------------------------------------------------+
Gillmor, et al. Expires 5 December 2024 [Page 198]
Internet-Draft Cryptographic MIME Header Protection June 2024
Figure 2: Example Message Reply Interface (unedited)
Note that because Alice's MUA is aware of Header Protection, it knows
what the correct Subject header is, even though it was obscured. It
also knows to avoid including the Legacy Display Element in the
quoted/attributed text that it includes in the draft reply.
Once Alice has edited the reply message, it might look something like
this:
.--------------------------------------------------------.
| Replying to Bob ("Handling the Jones Contract") .----. |
| +-----------------------------------+ | Send | |
| To: | Bob <bob@example.net> | '----' |
| +-----------------------------------+---------+ |
| Subject: | Re: Handling the Jones contract | |
| +---------------------------------------------+ |
+----------------------------------------------------------+
| On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: |
| |
| > Please review and approve or decline by Thursday, |
| > it's critical! |
| |
| I'll get right on it, Bob! |
| |
| Regards, |
| Alice |
| |
| -- |
| Alice Jenkins |
| ACME, Inc. |
| |
+----------------------------------------------------------+
Figure 3: Example Message Reply Interface (edited)
When Alice clicks "Send", the MUA generates values for Message-ID,
From, and Date Header Fields, populates the In-Reply-To, and
References Header Fields, and also converts the reply body into the
appropriate format.
C.2.1. Unprotected message
The resulting message would look something like this if it were to be
sent without any cryptographic protections:
Gillmor, et al. Expires 5 December 2024 [Page 199]
Internet-Draft Cryptographic MIME Header Protection June 2024
Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:
> Please review and approve or decline by Thursday,
> it's critical!
I'll get right on it, Bob!
Regards,
Alice
--
Alice Jenkins
ACME, Inc.
Of course, this would leak not only the contents of Alice's message,
but also the contents of Bob's initial message, as well as the
Subject Header Field! So Alice's MUA won't do that; it is going to
create a signed-and-encrypted message to submit to the network.
C.2.2. Encrypted with hcp_no_confidentiality and Legacy Display
This example assumes that Alice's MUA uses hcp_no_confidentiality,
not hcp_minimal. That is, by default, it does not obscure or remove
any Header Fields, even when encrypting.
However, it follows the guidance in Section 2.7.8.1, and will make
use of the HP-Outer field in the Cryptographic Payload of Bob's
original message (Appendix C.1.2.1) to determine what to obscure.
When crafting the Cryptographic Payload, its baseline HCP
(hcp_no_confidentiality) leaves each field untouched. To uphold the
confidentiality of the sender's values when replying, the MUA
executes the following steps (for brevity only Subject and Message-
ID/In-Reply-To are shown):
* Extract the referenced header fields (see Section 2.5.4):
- refouter contains:
Gillmor, et al. Expires 5 December 2024 [Page 200]
Internet-Draft Cryptographic MIME Header Protection June 2024
o Date: Wed, 11 Jan 2023 16:08:43 -0500
o From: Bob <bob@example.net>
o To: Alice <alice@example.net>
o Subject: [...]
o Message-ID: <20230111T210843Z.1234@lhp.example>
- refprotected contains:
o Date: Wed, 11 Jan 2023 16:08:43 -0500
o From: Bob <bob@example.net>
o To: Alice <alice@example.net>
o Subject: Handling the Jones contract
o Message-ID: <20230111T210843Z.1234@lhp.example>
* Apply the response function:
- respond(refouter) contains:
o From: Alice <alice@example.net>
o To: Bob <bob@example.net>
o Subject: Re: [...]
o In-Reply-To: <20230111T210843Z.1234@lhp.example>
o References: <20230111T210843Z.1234@lhp.example>
- respond(refprotected) contains:
o From: Alice <alice@example.net>
o To: Bob <bob@example.net>
o Subject: Re: Handling the Jones contract
o In-Reply-To: <20230111T210843Z.1234@lhp.example>
o References: <20230111T210843Z.1234@lhp.example>
Gillmor, et al. Expires 5 December 2024 [Page 201]
Internet-Draft Cryptographic MIME Header Protection June 2024
* Compute the ephemeral response_hcp (see Section 2.5.5):
- Note that all headers except Subject are the same.
- confmap contains only ("Subject", "Re: Handling the Jones
contract") -> "Re: [...]"
Thus all Header Fields that were signed are passed through untouched.
The reply's Subject is obscured as Subject: Re: [...] if and only if
the user does not edit the subject line from that initially proposed
by the MUA's reply interface. If the user edits the subject line,
e.g., to Subject: Re: Handling the Jones contract ASAP, the
response_hcp will _not_ obscure it, and instead pass it through in
the clear.
For stronger header confidentiality, the replying MUA should use a
reasonable HCP (not hcp_no_confidentiality). Also recall that the
local HCP is applied first, and that response_hcp is only applied to
what is left unchanged by the local HCP.
C.2.2.1. Cryptographic Payload
Consequently, the Cryptographic Payload for Alice's reply looks like
this:
Gillmor, et al. Expires 5 December 2024 [Page 202]
Internet-Draft Cryptographic MIME Header Protection June 2024
Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:48:22 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: Re: [...]
HP-Outer: Message-ID: <20230111T214822Z.5678@lhp.example>
HP-Outer: In-Reply-To: <20230111T210843Z.1234@lhp.example>
HP-Outer: References: <20230111T210843Z.1234@lhp.example>
Subject: Re: Handling the Jones contract
On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:
> Please review and approve or decline by Thursday,
> it's critical!
I'll get right on it, Bob!
Regards,
Alice
--
Alice Jenkins
ACME, Inc.
Note the following features:
* the hp="cipher" parameter to Content-Type
* the appropriate HP-Outer Header Field for Subject,
* the hp-legacy-display="1" parameter for the Content-Type
* the Legacy Display Element (the simple pseudo-header and its
trailing newline) in the Main Body Part.
Gillmor, et al. Expires 5 December 2024 [Page 203]
Internet-Draft Cryptographic MIME Header Protection June 2024
C.2.2.2. External Header Section
The Cryptographic Payload from Appendix C.2.2.1 is then wrapped in
the appropriate Cryptographic Layers. For this example, using S/
MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-
data" layer, which is in turn wrapped in an application/pkcs7-mime;
smime-type="enveloped-data" layer.
Then an external Header Section is applied to the outer MIME object,
which looks like this:
Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: [...]
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
MIME-Version: 1.0
Note that the Subject Header Field has been obscured appropriately
even though hcp_no_confidentiality would not have touched it by
default. The output of the CMS enveloping operation is
base64-encoded and forms the body of the message.
Appendix D. Rendering Examples
This section offers example Cryptographic Payloads (the content
within the Cryptographic Envelope) that contain Legacy Display
Elements.
D.1. Example text/plain Cryptographic Payload with Legacy Display
Elements
Here is a simple one-part Cryptographic Payload (Header Section and
body) of a message that includes Legacy Display Elements:
Gillmor, et al. Expires 5 December 2024 [Page 204]
Internet-Draft Cryptographic MIME Header Protection June 2024
Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-plain-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <text-plain-legacy-display@lhp.example>
Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
A compatible MUA will recognize the hp-legacy-display="1" parameter
and render the body of the message as:
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
A legacy decryption-capable MUA that is unaware of this mechanism
will ignore the hp-legacy-display="1" parameter and instead render
the body including the Legacy Display Elements:
Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
D.2. Example text/html Cryptographic Payload with Legacy Display
Elements
Here is a modern one-part Cryptographic Payload (Header Section and
body) of a message that includes Legacy Display Elements:
Gillmor, et al. Expires 5 December 2024 [Page 205]
Internet-Draft Cryptographic MIME Header Protection June 2024
Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-html-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <text-html-legacy-display@lhp.example>
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Dinner plans</pre>
</div>
<p>
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
</p>
</body>
</html>
A compatible MUA will recognize the hp-legacy-display="1" parameter
and mask out the Legacy Display div, rendering the body of the
message as a simple paragraph:
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
A legacy decryption-capable MUA that is unaware of this mechanism
will ignore the hp-legacy-display="1" parameter and instead render
the body including the Legacy Display Elements:
Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
Gillmor, et al. Expires 5 December 2024 [Page 206]
Internet-Draft Cryptographic MIME Header Protection June 2024
Appendix E. Other Header Protection Schemes
Other Header Protection schemes have been proposed in the past.
However, those typically have drawbacks such as sparse
implementation, known problems with legacy interoperability (in
particular with rendering), lack of clear signalling of sender
intent, and/or incomplete cryptographic protections. This section
lists such schemes known at the time of the publication of this
document out of historical interest.
E.1. Original RFC 8551 Header Protection
S/MIME [RFC8551] (as well as its predecessors [RFC5751] and
[RFC3851]) defined a form of cryptographic Header Protection that is
similar to the "Wrapped Message" scheme specified in this document.
In fact, the scheme originally defined in S/MIME is a subset of the
"Wrapped Message" scheme specified in this document. The differences
between the original and the updated scheme are outlined in
Section 2.2.
E.2. Pretty Easy Privacy (pEp)
The pEp (pretty Easy privacy) [I-D.pep-general] project specifies two
different MIME schemes that include Header Protection for Signed-and-
Encrypted e-mail messages in [I-D.pep-email]: One scheme -- referred
as pEp Email Format 1 (PEF-1) -- is generated towards MUAs not known
to be pEp-capable, while the other scheme -- referred as PEF-2 -- is
used between MUAs discovered to be compatible with pEp. Signed-only
messages are not recommended in pEp.
E.3. "draft-autocrypt" Protected Headers
[I-D.autocrypt-lamps-protected-headers] describes a scheme similar to
the "Injected Headers" scheme specified in this document. However,
instead of adding Legacy Display Elements to existing MIME parts (cf.
Section 2.5.6.1), "draft-autocrypt" injects a new MIME element
"Legacy Display Part", thus modifying the MIME structure of the
Cryptographic Payload.
Appendix F. Document Changelog
[[ RFC Editor: This section is to be removed before publication ]]
* draft-ietf-lamps-header-protection-21
- HP-Outer mechanism replaces HP-Removed and HP-Obscured. This
enables the recipient to easily calculate the sender's actions
around header confidentiality.
Gillmor, et al. Expires 5 December 2024 [Page 207]
Internet-Draft Cryptographic MIME Header Protection June 2024
- Replace Content-Type parameter protected-headers= with hp= and
hp-scheme=. The presence of hp= indicates that the sender used
Header Protection according to this document, and the value
indicates whether the sender tried to encrypt and sign the
message or just sign it. hp-scheme="wrapped" advises the
recipient that they should look for the protected Header Fields
in subtly different place.
- Provide a clear algorithm for reasonably safe handling of
confidential headers during Reply and Forward operations.
- Do not register the example HCP hcp_hide_cc, rename to
hcp_example_hide_cc
- Rename hcp_null to hcp_no_confidentiality
- Provide a clear algorithm for the recipient to compute the
protection state of each Header Field.
* draft-ietf-lamps-header-protection-20
- clarify IANA guidance about registration policy and designated
expert review
- emphasize that Content-Type parameter hp-legacy-display=1
belongs on all main body parts with a legacy display element
- clean up/normalize pseudocode variable names and text (no
algorithm changes)
* draft-ietf-lamps-header-protection-19
- improve text, capitalize defined terms, fix typos
- Clean up from AD review:
- updates RFC 8551 explicitly
- add "Legacy Signed Message" and "Ordinary User" explicitly to
terms
- tighten up SHOULDs/MUSTs for conformant MUAs
- expand references to other relevant Security Considerations
- drop nudge about non-existent Content-Type Parameters registry
- clarify IANA notes to align with table columns
Gillmor, et al. Expires 5 December 2024 [Page 208]
Internet-Draft Cryptographic MIME Header Protection June 2024
- explicitly request HCP registry
- add references to other header protections schemes, but move
all of them to appendix
* draft-ietf-lamps-header-protection-18
- only allow US-ASCII as modified output of HCP, adjusted ABNF to
match
* draft-ietf-lamps-header-protection-17
- More edits from WGLC:
- clean up definition of "Header Field"
- note leakage of encrypted recipient hints
- clarify explanation of LDE generation
- clarify how some obscured headers might not actually be private
* draft-ietf-lamps-header-protection-16
- correct variable names in message composition algorithms
- make text more readable
* draft-ietf-lamps-header-protection-15
- include clarifications, typos, etc from comments received
during WGLC
* draft-ietf-lamps-header-protection-14
- provide section references for draft-ietf-lamps-e2e-mail-
guidance
- encouarge a future IANA named HCP registry if HCP development
takes off
* draft-ietf-lamps-header-protection-13
- Retitle from "Header Protection for S/MIME" to "Header
Protection for Cryptographically Protected E-mail"
* draft-ietf-lamps-header-protection-12
Gillmor, et al. Expires 5 December 2024 [Page 209]
Internet-Draft Cryptographic MIME Header Protection June 2024
- MUST produce HP-Obscured and HP-Removed when generating
encrypted messages with non-null HCP
- Wrapped Message: move from forwarded=no to protected-
headers=wrapped
- Wrapped Message: recommend Content-Disposition: inline
* draft-ietf-lamps-header-protection-11
- Remove most of the Bcc text (transferred general discussion to
e2e-mail-guidance)
- Fix bug in algorithm for generating HP-Obscured and HP-Removed
- More detail about handling Reply messages
- Considerations around handling risky Legacy Display Elements
- Narrative descriptions of some worked examples
- Describe potential leaks to recipients
- Clarify debugging/troubleshooting UX affordances
* draft-ietf-lamps-header-protection-10
- Clarify that HCP doesn't apply to Structural Header Fields
- Drop out-of-date "Open Issues" section
- Brief commentary on UI of messages with intermediate/mixed
protections
- Deprecation prospects for messages without protected headers
- Describe generating replies to encrypted messages with stronger
HCP
* draft-ietf-lamps-header-protection-09
- clarify terminology
- add privacy and security considerations
- clarify HCP examples and baselines
- recommend hcp_minimal as default HCP
Gillmor, et al. Expires 5 December 2024 [Page 210]
Internet-Draft Cryptographic MIME Header Protection June 2024
- add HP-Obscured and HP-Removed (avoids reasoning about
differences between outside and inside the Cryptographic
Envelope)
- regenerated test vectors
* draft-ietf-lamps-header-protection-08
- MUST compose injected headers, MAY compose wrapped messages
- MUST parse both schemes
- cleanup and restructure document
* draft-ietf-lamps-header-protection-07
- move from legacy display MIME part to legacy display elements
within main body part
* draft-ietf-lamps-header-protection-06
- document observed problems with legacy MUAs
- avoid duplicated outer Message-IDs in hcp_strong test vectors
* draft-ietf-lamps-header-protection-05
- fix multipart/signed wrapped test vectors
* draft-ietf-lamps-header-protection-04
- add test vectors
- add "problems with Injected Messages" subsection
* draft-ietf-lamps-header-protection-03
- dkg takes over from Bernie as primary author
- Add Usability section
- describe two distinct formats "Wrapped Message" and "Injected
Headers"
- Introduce Header Confidentiality Policy model
- Overhaul message composition guidance
Gillmor, et al. Expires 5 December 2024 [Page 211]
Internet-Draft Cryptographic MIME Header Protection June 2024
- Simplify document creation workflow, move public face to gitlab
* draft-ietf-lamps-header-protection-02
- editorial changes / improve language
* draft-ietf-lamps-header-protection-01
- Add DKG as co-author
- Partial Rewrite of Abstract and Introduction [HB/AM/DKG]
- Adding definitions for Cryptographic Layer, Cryptographic
Payload, and Cryptographic Envelope (reference to
[I-D.ietf-lamps-e2e-mail-guidance]) [DKG]
- Enhanced MITM Definition to include Machine- / Meddler-in-the-
middle [HB]
- Relaxed definition of Original message, which may not be of
type "message/rfc822" [HB]
- Move "memory hole" option to the Appendix (on request by Chair
to only maintain one option in the specification) [HB]
- Updated Scope of Protection Levels according to WG discussion
during IETF-108 [HB]
- Obfuscation recommendation only for Subject and Message-Id and
distinguish between Encrypted and Unencrypted Messages [HB]
- Removed (commented out) Header Field Flow Figure (it appeared
to be confusing as is was) [HB]
* draft-ietf-lamps-header-protection-00
- Initial version (text partially taken over from draft-ietf-
lamps-header-protection-requirements
Authors' Addresses
Daniel Kahn Gillmor
American Civil Liberties Union
125 Broad St.
New York, NY, 10004
United States of America
Email: dkg@fifthhorseman.net
Gillmor, et al. Expires 5 December 2024 [Page 212]
Internet-Draft Cryptographic MIME Header Protection June 2024
Bernie Hoeneisen
pEp Project
Oberer Graben 4
CH- 8400 Winterthur
Switzerland
Email: bernie.hoeneisen@pep-project.org
URI: https://pep-project.org/
Alexey Melnikov
Isode Ltd
14 Castle Mews
Hampton, Middlesex
TW12 2NP
United Kingdom
Email: alexey.melnikov@isode.com
Gillmor, et al. Expires 5 December 2024 [Page 213]