Internet-Draft Cryptographic MIME Header Protection March 2024
Gillmor, et al. Expires 2 September 2024 [Page]
Workgroup:
LAMPS Working Group
Internet-Draft:
draft-ietf-lamps-header-protection-20
Updates:
8551 (if approved)
Published:
Intended Status:
Standards Track
Expires:
Authors:
D. K. Gillmor
American Civil Liberties Union
B. Hoeneisen
pEp Project
A. Melnikov
Isode Ltd

Header Protection for Cryptographically Protected E-mail

Abstract

S/MIME version 3.1 introduced a mechanism to provide end-to-end cryptographic protection of e-mail message headers. However, few implementations generate messages using this mechanism, and several legacy implementations have revealed rendering or security issues when handling such a message.

This document updates the S/MIME specification ([RFC8551]) to offer a different mechanism that provides the same cryptographic protections but with fewer downsides when handled by legacy clients. The Header Protection schemes described here are also applicable to messages with PGP/MIME cryptographic protections. Furthermore, this document offers more explicit guidance for clients when generating or handling e-mail messages with cryptographic protection of message headers.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://dkg.gitlab.io/lamps-header-protection/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/.

Discussion of this document takes place on the LAMPS Working Group mailing list (mailto:spasm@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at https://www.ietf.org/mailman/listinfo/spasm/.

Source for this draft and an issue tracker can be found at https://gitlab.com/dkg/lamps-header-protection.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 September 2024.

Table of Contents

1. Introduction

Privacy and security issues regarding e-mail Header Protection in S/MIME and PGP/MIME have been identified for some time. Most current implementations of cryptographically-protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. For example, lack of Header Protection allows an attacker to substitute the message subject and/or author.

This document describes two different schemes for how message headers can be cryptographically protected, and provides guidance for implementers of MUAs that generate and interpret such messages. It uses the term "Legacy MUA" to refer to an MUA that does not implement either scheme. This document takes particular care to ensure that messages interact reasonably well with Legacy MUAs.

1.1. Two Schemes of Header Protection

This document addresses two different schemes for cryptographically protecting e-mail Header Sections or fields and provides guidance to implementers. One scheme ("Injected Headers") is more interoperable with Legacy MUAs, and is mandatory to implement and interpret. The other, older scheme ("Wrapped Message") is described here to enable interpretation of archived messages.

The older scheme was first specified in S/MIME 3.1 ([RFC8551]), and involves wrapping a message/rfc822 or message/global MIME object with a Cryptographic Envelope around the message to protect. This document calls this scheme "Wrapped Message", and it updates the scheme described in that document, effectively replacing the final two paragraphs of Section 3.1 of [RFC8551]. However, experience has shown that even the updated "Wrapped Message" form does not interact well with some Legacy MUAs (see Section 1.2).

The more interoperable "Injected Headers" scheme of Header Protection is introduced in this document, and is preferred over the "Wrapped Message" scheme. In the "Injected Headers" scheme, the protected Header Fields are placed directly on the Cryptographic Payload, without using an intervening message/* MIME object. See Section 2.3.4 and Section 2.5.3 for more details.

1.2. Problems with Wrapped Messages

Several Legacy MUAs have revealed rendering issues when dealing with a message that uses the Wrapped Message Header Protection scheme.

In some cases, some mail user agents cannot render message/rfc822 message subparts at all, in violation of baseline MIME requirements as described on page 5 of [RFC2049]. This leaves all Wrapped Messages unreadable by any recipient using such an MUA.

In other cases, the user sees an attachment suggesting a forwarded e-mail message, which -- in fact -- contains the protected e-mail message that should be rendered directly. In most of these cases, the user can click on the attachment to view the protected message.

However, viewing the protected message as an attachment in isolation may strip it of any security indications, leaving the user unable to assess the cryptographic properties of the message. Worse, for encrypted messages, interacting with the protected message in isolation may leak contents of the cleartext, for example, if the reply is not also encrypted.

1.3. Problems with Injected Headers

A Legacy MUA dealing with an encrypted message that has some Header Fields obscured using the Injected Headers scheme will not render the obscured Header Fields to the user at all. A workaround "Legacy Display" mechanism is provided in this document, which most Legacy MUAs should render to the user, albeit not in the same location that the Header Fields would normally be rendered.

1.4. Motivation

Users generally do not understand the distinction between message body and message header. When an e-mail message has cryptographic protections that cover the message body, but not the Header Fields, several attacks become possible.

For example, a Legacy Signed Message has a signature that covers the body but not the Header Fields. An attacker can therefore modify the Header Fields (including the Subject header) without invalidating the signature. Since most readers consider a message body in the context of the message's Subject header, the meaning of the message itself could change drastically (under the attacker's control) while still retaining the same cryptographic indicator of authenticity.

In another example, a Legacy Encrypted Message has its body effectively hidden from an adversary that snoops on the message. But if the Header Fields are not also encrypted, significant information about the message (such as the message Subject) will leak to the inspecting adversary.

However, if the sending and receiving MUAs ensure that cryptographic protections cover the message Header Section as well as the message body, these attacks are defeated.

1.4.1. Backward Compatibility

If the sending MUA is unwilling to generate such a fully-protected message due to the potential for rendering, usability, deliverability, or security issues, these defenses cannot be realized.

The sender cannot know what MUA (or MUAs) the recipient will use to handle the message. Thus, an outbound message format that is backward-compatible with as many legacy implementations as possible is a more effective vehicle for providing the whole-message cryptographic protections described above.

This document aims for backward compatibility with Legacy MUAs to the extent possible. In some cases, like when a user-visible header like the Subject is cryptographically hidden, the message cannot behave entirely identically to a Legacy MUA. But accommodations are described here that ensure a rough semantic equivalence for Legacy MUA even in these cases.

1.4.2. Deliverability

A message with perfect cryptographic protections that cannot be delivered is less useful than a message with imperfect cryptographic protections that can be delivered. Senders want their messages to reach the intended recipients.

Given the current state of the Internet mail ecosystem, encrypted messages in particular cannot shield all of their Header Fields from visibility and still be guaranteed delivery to their intended recipient.

This document accounts for this concern by providing a mechanism (Section 2.3.2) that prioritizes initial deliverability (at the cost of some header leakage) while facilitating future message variants that shield more header metadata from casual inspection.

1.5. Other Protocols to Protect E-Mail Header Fields

A separate pair of protocols also provides some cryptographic protection for the e-mail message header integrity: DomainKeys Identified Mail (DKIM) [RFC6376], as used in combination with Domain-based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. This pair of protocols provides a domain-based reputation mechanism that can be used to mitigate some forms of unsolicited e-mail (spam).

However, the DKIM+DMARC suite provides cryptographic protection at a different scope than the mechanisms described here. In particular, the message integrity and authentication signals provided by DKIM+DMARC correspond to the domain name of the sending e-mail address, not the sending address itself, so the DKIM+DMARC suite does not provide end-to-end protection. DKIM and DMARC are typically applied to messages by (and interpreted by) mail transfer agents, not mail user agents. The mechanisms in this document are typically applied to messages by (and interpreted by) mail user agents.

Furthermore, the DKIM+DMARC suite only provides cryptographic integrity and authentication, not encryption. So cryptographic confidentiality is not available from that suite.

The DKIM+DMARC suite can be used on any message, including messages formed as described in this document. There should be no conflict between these schemes.

Though not strictly e-mail, similar protections have been in use on Usenet for signing and verification of message headers for years. See ([PGPCONTROL] and [PGPVERIFY-FORMAT] for more details. Like DKIM, these Usenet control protections offer only integrity and authentication, not encryption.

1.6. Applicability to PGP/MIME

This document describes end-to-end cryptographic protections for e-mail messages in reference to S/MIME ([RFC8551]).

Comparable end-to-end cryptographic protections can also be provided by PGP/MIME ([RFC3156]).

The mechanisms in this document should be applicable in the PGP/MIME protections as well as S/MIME protections, but analysis and implementation in this document focuses on S/MIME.

To the extent that any divergence from the mechanism described here is necessary for PGP/MIME, that divergence is out of scope for this document.

1.7. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

The key words "SPECIFICATION REQUIRED" and "IETF REVIEW" that appear in this document when used to describe namespace allocation are to be interpreted as described in [RFC8126].

1.8. Terms

The following terms are defined for the scope of this document:

  • S/MIME: Secure/Multipurpose Internet Mail Extensions (see [RFC8551])

  • PGP/MIME: MIME Security with OpenPGP (see [RFC3156])

  • Message: An E-Mail Message consisting of Header Fields (collectively called "the Header Section of the message") followed, optionally, by a Body; see [RFC5322].

    Note: To avoid ambiguity, this document avoids using the terms "Header" or "Headers" in isolation, but instead always uses "Header Field" to refer to the individual field and "Header Section" to refer to the entire collection.

  • Header Field: A Header Field includes a field name, followed by a colon (":"), followed by a field body (value), and terminated by CRLF; see Section 2.2 of [RFC5322] for more details.

  • Header Section: The Header Section is a sequence of lines of characters with special syntax as defined in [RFC5322]. The Header Section of a Message contains the Header Fields associated with the Message itself. The Header Section of a MIME part (that is, a subpart of a message) typically contains Header Fields associated with that particular MIME part.

  • Body: The Body is the part of a Message that follows the Header Section and is separated from the Header Section by an empty line (i.e., a line with nothing preceding the CRLF); see [RFC5322]. It is the (bottom) section of Message containing the payload of a Message. Typically, the Body consists of a (possibly multipart) MIME [RFC2045] construct.

  • Header Protection (HP): cryptographic protection of e-mail Header Sections (or parts of it) for signatures and/or encryption

  • Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Cryptographic Summary, Structural Header Fields, Main Body Part, User-Facing Header Fields, and MUA are all used as defined in [I-D.ietf-lamps-e2e-mail-guidance]

  • Legacy MUA: an MUA that does not understand Header Protection as described in this document. A Legacy Non-Crypto MUA is incapable of doing any end-to-end cryptographic operations. A Legacy Crypto MUA is capable of doing cryptographic operations, but does not understand or generate messages with Header Protection.

  • Legacy Signed Message: an e-mail message that was signed by a Legacy MUA (and therefore has no cryptographic authenticity or integrity protections on its Header Fields.

  • Wrapped Message: The Header Protection scheme that uses the mechanism described in [RFC8551], where the Cryptographic Payload is a message/rfc822 or message/global MIME object, augmented with a Content-Type parameter to indicate that this is the explicit intent. (see Section 2.2).

  • Injected Headers: The Header Protection scheme that uses the mechanism described in this document (see Section 2.1), where the protected Header Fields are inserted on the Cryptographic Payload directly.

  • Header Confidentiality Policy (HCP): a functional specification of which Header Fields should be obscured when composing an encrypted message with Header Protection. See Section 2.3.2.

  • Ordinary User: a user of an MUA who follows a simple and minimal experience, focused on sending and receiving e-mails. A user who opts into advanced configuration, expert mode, or the like is not an "Ordinary User".

1.9. Document Scope

This document describes sensible, simple behavior for a program that generates an e-mail message with standard end-to-end cryptographic protections, following the guidance in [I-D.ietf-lamps-e2e-mail-guidance]. An implementation conformant to this draft will produce messages that have cryptographic protection that covers the message's Header Fields as well as its body.

1.9.1. In Scope

This document also describes sensible, simple behavior for a program that interprets such a message, in a way that can take advantage of these protections covering the Header Fields as well as the body.

The message generation guidance aims to minimize negative interactions with any Legacy receiving MUA while providing actionable cryptographic properties for modern receiving clients.

In particular, this document focuses on two standard types of cryptographic protection that cover the entire message:

  • A cleartext message with a single signature, and

  • An encrypted message that contains a single cryptographic signature.

1.9.2. Out of Scope

The message composition guidance in this document (in Section 2.3.4) aims to provide minimal disruption for any Legacy MUA that receives such a message. However, a Legacy MUA by definition does not implement any of the guidance here. Therefore, the document does not attempt to provide guidance for Legacy MUAs directly.

Furthermore, this document does not explicitly contemplate other variants of cryptographic message protections, including any of these:

  • Encrypted-only message (without a cryptographic signature)

  • Triple-wrapped message

  • Signed message with multiple signatures

  • Encrypted message with a cryptographic signature outside the encryption.

All such messages are out of scope of this document.

2. Specification

As mentioned in Section 1.1, this document describes two ways to provide end-to-end cryptographic protection for an e-mail message that includes all Header Fields known to the sender at message composition time.

A receiving MUA MUST be able to handle both Header Protection schemes, as described in Section 2.5.

A sending MUA MUST be able to generate the Injected Headers scheme (Section 2.3.4), and MAY generate the Wrapped Message scheme (Section 2.3.5).

2.1. Injected Headers Scheme

A message that uses the Injected Headers scheme has protected Header Fields in the Header Section of the Cryptographic Payload.

For an encrypted message that has at least one user-visible Header Field omitted or obscured outside of the Cryptographic Payload, those Header Fields MAY also be duplicated into decorative copies in the Main Body MIME part of the Cryptographic Payload itself. These decorative copies within the message are known as "Legacy Display Elements".

Such a Legacy Display Element can be useful for a Legacy receiving MUA that doesn't yet understand how to interpret or display a cryptographically-protected confidential header. See Section 3.1 for more details about how the ecosystem could shift so that a sending MUA could avoid the need to generate any Legacy Display Element.

Composing a message with the Injected Headers scheme is described in Section 2.3.4. Rendering such a message is described in Section 2.5.3.

2.2. Wrapped Message Scheme

A message that uses the Wrapped Message scheme has a Cryptographic Payload of a single message/rfc822 (or message/global) MIME object, which itself contains the original message (including the protected Header Section).

The Wrapped Message Header Protection scheme is very similar to that described in Section 3.1 of [RFC8551]. The main augmentations this document provides to that scheme are:

  • an explicit discussion of how to obscure or remove Header Fields,

  • an additional protected-headers=wrapped parameter to the Content-Type Header Field of the Cryptographic Payload to indicate the explicit intent, and

  • a recommendation to mark such a Wrapped Message as Content-Disposition: inline to encourage Legacy MUAs to render the inner message directly rather than treating it as an attachment.

Composing a message with the Wrapped Message scheme is described in Section 2.3.5. Rendering such a message is described in Section 2.5.4.

2.3. Sending Side

This section describes the process an MUA should use to apply cryptographic protection to an e-mail message with Header Protection. We start by describing the legacy message composition process as a baseline.

2.3.1. Composing a Cryptographically-Protected Message Without Header Protection

Section 5.1 of [I-D.ietf-lamps-e2e-mail-guidance] describes the typical process for a Legacy Crypto MUA to apply cryptographic protections to an e-mail message. That guidance and terminology is replicated here for reference:

  • origbody: the traditional unprotected message body as a well-formed MIME tree (possibly just a single MIME leaf part). As a well-formed MIME tree, origbody already has structural Header Fields (Content-*) present.

  • origheaders: the intended non-structural Header Fields for the message, represented here as a list of (h,v) pairs, where h is a Header Field name and v is the associated value. Note that these are Header Fields that the MUA intends to be visible to the recipient of the message. In particular, if the MUA uses the Bcc header during composition, but plans to omit it from the message (see Section 3.6.3 of [RFC5322]), it will not be in origheaders.

  • crypto: The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y"). This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output.

The algorithm returns a MIME object that is ready to be injected into the mail system:

  • Apply crypto to MIME part origbody, producing MIME tree output

  • For each Header Field name and value (h,v) in origheaders:

    • Add Header Field h to output with value v

  • Return output

2.3.2. Header Confidentiality Policy

When composing an encrypted message with Header Protection, the composing MUA needs a Header Confidentiality Policy (HCP). In this document, we represent that Header Confidentiality Policy as a function hcp:

  • hcp(name, val_in) → val_out: this function takes a non-structural Header Field identified by name with initial value val_in as arguments, and returns a replacement header value val_out. If val_out is the special value null, it means that the Header Field in question should be omitted from the set of Header Fields visible outside the Cryptographic Envelope.

Note that hcp is only applied to non-structural Header Fields. When composing a message, Structural Header Fields are dealt with separately, as described in Section 2.3.4 and Section 2.3.5.

As an example, an MUA that obscures the Subject Header Field by replacing it with the literal string "[...]", hides all Cc'ed recipients, and does not offer confidentiality to any other Header Fields would be represented as (in pseudocode):

hcp_hide_cc(name, val_in) → val_out:
    if name is 'Subject':
        return '[...]'
    else if name is 'Cc':
        return null
    else:
        return val_in

Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality). No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all Header Fields known by the sender have these protections.

This asymmetry is an unfortunate consequence of complexities in message delivery systems, some of which may reject, drop, or delay messages where all Header Fields are removed from the top-level MIME object.

This document does not mandate any particular Header Confidentiality Policy, though it offers guidance for MUA implementers in selecting one in Section 2.4. Future documents may recommend or mandate such a policy for an MUA with specific needs. Such a recommendation might be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling mechanisms, but these topics are out of scope for this document.

For alignment with common practice as well as the ABNF in Section 2.3.3 for HP-Obscured, val_out MUST be one of the following:

  • identical to val_in, or

  • the special value null, or

  • a sequence of printable and whitespace (that is, space or tab) 7-bit clean US-ASCII characters (of course, non-ASCII text can be encoded as US-ASCII using the encoded-word construct from [RFC2047])

The HCP can compute val_out using any technique describable in pseudocode, such as copying a fixed string or invocations of other pseudocode functions. If it alters the value, it MUST NOT include control or NUL characters in val_out.

2.3.3. Definition of HP-Removed and HP-Obscured Header Fields

This document defines 2 new Header Fields used for conveying the effect of sender's Header Confidentiality Policy: HP-Removed and HP-Obscured. These Header Fields enable the MUA receiving an encrypted message to reliably identify whether the sending MUA intended to make a Header Field confidential (see Section 6.2.3).

An implementation that composes encrypted e-mail and hides any of the Header Fields as described in this document (for example, due to a non-null HCP) MUST include the appropriate HP-Removed or HP-Obscured Header Fields in the Cryptographic Payload. These two MIME Header Fields should only ever appear directly within the Header Section of the Cryptographic Payload of a Cryptographic Envelope offering confidentiality. They MUST be ignored if they appear in other places.

HP-Removed includes a comma separated list of Header Field names that were omitted from the outer header when the message with Header Protection was generated. The HP-Removed Header Field can appear at most once in the Header Section of a Cryptographic Payload.

Each instance of HP-Obscured contains a Header Field name and the value that this Header Field was modified to in the outer header. The HP-Obscured Header Field can appear multiple times in the Header Section of a Cryptographic Payload.

If a Header Field name A doesn't appear in an HP-Obscured Header Field value, then the Header Field A was either removed (and thus would appear in the HP-Removed Header Field) or it was copied without any modifications to the outer header.

Syntax of these new Header Fields is defined using the following ABNF [RFC5234], where field-name, WSP, VCHAR, and FWS are defined in [RFC5322]:

hp-removed      =   "HP-Removed:" field-name-list CRLF

field-name-list =   [FWS] field-name
                    *([FWS] "," [FWS] field-name) [FWS]

hp-obscured     =   "HP-Obscured:" [FWS] field-name ": "
                    replacement-value CRLF

replacement-value =   (*([FWS] VCHAR) *WSP)

Note that replacement-value is the same as unstructured from [RFC5322], but without the obsolete obs-unstructured option.

2.3.4. Composing with "Injected Headers" Header Protection

The "Injected Headers" Header Protection scheme places the Header Fields to be protected directly on the Cryptographic Payload. Unlike in the "Wrapped Scheme" (see compose-wrapped-message), there is no wrapping of the message body in any additional message/* MIME part. This section describes how to generate such a message.

To compose a message using "Injected Headers" Header Protection, the composing MUA uses the following inputs:

  • All the inputs described in Section 2.3.1

  • hcp: a Header Confidentiality Policy, as defined in Section 2.3.2

  • legacy: a boolean value, indicating whether any recipient of the message is believed to have a Legacy MUA. If all recipients are known to implement this draft, legacy should be set to false. (How an MUA determines the value of legacy is out of scope for this document; an initial implementation can simply set it to true)

Enabling visibility of obscured Header Fields for decryption-capable legacy clients requires transforming a header list into a readable form and including it as a decorative Legacy Display Element in specially-marked parts of the message. This document recommends two different mechanisms for such a decorative adjustment: one for a text/html Main Body Part of the e-mail message, and one for a text/plain Main Body Part. This document does not recommend adding a Legacy Display Element to any other part.

Please see Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for guidance on identifying the parts of a message that are a Main Body Part.

To build such a message, we replace the algorithm described in Section 2.3.1 with a more sophisticated approach. The algorithm for applying "Injected Headers" cryptographic protection to a message is as follows:

  • Let newbody be a copy of origbody

  • If crypto contains encryption, and legacy is true:

    • Create ldlist, an empty list of (header, value) pairs

    • For each Header Field name and value (h,v) in origheaders:

    • If ldlist is not empty:

      • Identify each leaf MIME part of newbody that represents the "main body" of the message.

      • For each "Main Body Part" bodypart of type text/plain or text/html:

        • Adjust bodypart by inserting a Legacy Display Element header list ldlist into its content, and adding a Content-Type parameter hp-legacy-display with value 1 (see Section 2.3.4.1 for text/plain and Section 2.3.4.2 for text/html)

  • For each Header Field name and value (h,v) in origheaders:

    • Add Header Field h to MIME part newbody with value v

  • Set the protected-headers parameter on the Content-Type of MIME part newbody to v1

  • If crypto does not contain encryption:

    • Let newheaders be a copy of origheaders

  • Else (if crypto contains encryption):

    • Create new empty list of Header Field names and values newheaders

    • Let hpr be an empty comma-separated list of Header Field names

    • For each Header Field name and value (h,v) in origheaders:

      • Let newval be hcp(h,v)

      • If newval is null:

        • Add the value h to hpr

      • Else (if newval is not null):

        • Add (h,newval) to newheaders

        • If newval is not v:

          • Let string record be the concatenation of h, a literal "" (ASCII colon (0x3A) followed by ASCII space (0x20)), and newval

          • Add Header Field "HP-Obscured" to MIME part newbody with value record

    • If hpr is not empty:

      • Add Header Field "HP-Removed" to MIME part newbody with value hpr

  • Apply crypto to MIME part newbody, producing MIME tree output

  • For each Header Field name and value (h,v) in newheaders:

    • Add Header Field h to output with value v

  • Return output

Note that both new parameters (hcp and legacy) are effectively ignored if crypto does not contain encryption. This is by design, because they are irrelevant for signed-only cryptographic protections.

2.3.4.1. Adding a Legacy Display Element to a text/plain Part

For a list of obscured Header Fields represented as (header, value) pairs, concatenate them as a set of lines, with one newline at the end of each pair. Add an additional trailing newline after the resultant text, and prepend the entire list to the body of the text/plain part.

The MUA MUST also add a Content-Type parameter of hp-legacy-display with value 1 to the MIME part to indicate that a Legacy Display Element was added.

For example, if the list of obscured Header Fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/plain Main Body Part that originally looked like this:

Content-Type: text/plain; charset=UTF-8

I think we should skip the meeting.

Would become:

Content-Type: text/plain; charset=UTF-8; hp-legacy-display=1

Subject: Thursday's meeting
Cc: alice@example.net

I think we should skip the meeting.

Note that the Legacy Display Element (the lines beginning with Subject: and Cc:) are part of the body of the MIME part in question.

This example assumes that the Main Body Part in question is not the root of the Cryptographic Payload. For instance, it could be a leaf of a multipart/alternative Cryptographic Payload. This is why no additional Header Fields have been injected into the MIME part in this example.

2.3.4.2. Adding a Legacy Display Element to a text/html Part

Adding a Legacy Display Element to a text/html part is similar to how it is added to a text/plain part (see Section 2.3.4.1). Instead of adding the obscured or removed User-Facing Header Fields to a block of text delimited by a blank line, the composing MUA injects them in an HTML <div> element annotated with a class attribute of header-protection-legacy-display.

The content and formatting of this decorative <div> have no strict requirements, but they MUST represent all the obscured and removed User-Facing Header Fields in a readable fashion. A simple approach is to assemble the text in the same way as Section 2.3.4.1, wrap it in a verbatim <pre> element, and put that element in the annotated <div>.

The annotated <div> should be placed as close to the start of the <body> as possible, where it will be visible when viewed with a standard HTML renderer.

The MUA MUST also add a Content-Type parameter of hp-legacy-display with value 1 to the MIME part to indicate that a Legacy Display Element was added.

For example, if the list of obscured Header Fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/html Main Body Part that originally looked like this:

Content-Type: text/html; charset=UTF-8

<html><head><title></title></head><body>
<p>I think we should skip the meeting.</p>
</body></html>

Would become:

Content-Type: text/html; charset=UTF-8; hp-legacy-display=1

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p>
</body></html>

This example assumes that the Main Body Part in question is not the root of the Cryptographic Payload. For instance, it could be a leaf of a multipart/alternative Cryptographic Payload. This is why no additional Header Fields have been injected into the MIME part in this example.

2.3.4.2.1. Step-by-step Example for Inserting Legacy Display Element to text/html

A composing MUA MAY insert the Legacy Display Element anywhere reasonable within the message as long as it prioritizes visibility for the reader using a Legacy decryption-capable MUA. This decision may take into account special message-specific HTML formatting expectations if the MUA is aware of them. However, some MUAs may not have any special insight into the user's preferred HTML formatting, and still want to insert a Legacy Display Element. This section offers a non-normative, simple, and minimal step-by-step approach for a composing MUA that has no other information or preferences to fall back on.

The process below assumes that the MUA already has the full HTML object that it intends to send, including all of the text supplied by the user.

  • Assemble the text exactly as specified for text/plain (see Section 2.3.4.1).

  • Wrap that text in a verbatim <pre> element.

  • Wrap that <pre> element in a <div> element annotated with the class header-protection-legacy-display.

  • Find the <body> element of the full HTML object.

  • Insert the <div> element as the first child of the <body> element.

2.3.4.3. Only Add a Legacy Display Element to Main Body Parts

Some messages may contain a text/plain or text/html subpart that is not a Main Body Part. For example, an e-mail message might contain an attached text file or a downloaded webpage. Attached documents need to be preserved as intended in the transmission, without modification.

The composing MUA MUST NOT add a Legacy Display Element to any part of the message that is not a Main Body Part. In particular, if a part is annotated with Content-Disposition: attachment, or if it does not descend via the first child of any of its multipart/mixed or multipart/related ancestors, it is not a Main Body Part, and MUST NOT be modified.

See Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for more guidance about common ways to distinguish Main Body Parts from other MIME parts in a message.

2.3.4.4. Do Not Add a Legacy Display Element to Other Content-Types

The purpose of injecting a Legacy Display Element into each Main Body MIME part is to enable rendering of otherwise obscured Header Fields in Legacy MUAs that are capable of message decryption, but don't know how to follow the rest of the guidance in this document.

The authors are unaware of any Legacy MUA that would render any MIME part type other than text/plain and text/html as the Main Body. A generating MUA SHOULD NOT add a Legacy Display Element to any MIME part with any other Content-Type.

2.3.5. Composing with "Wrapped Message" Header Protection

The Wrapped Message Header Protection scheme is very similar to that described in Section 3.1 of [RFC8551]. The differences are outlined in Section 2.2.

To compose a message using "Wrapped Message" Header Protection, the composing MUA uses the following inputs:

To build such a message, we replace the algorithm described in Section 2.3.1 with a more sophisticated approach. The algorithm for applying "Wrapped Message" cryptographic protection to a message is as follows:

  • Let newbody be a copy of origbody

  • For each Header Field name and value (h,v) in origheaders:

    • Add Header Field h to MIME part newbody with value v

  • If crypto does not contain encryption:

    • Let newheaders be a copy of origheaders

  • Else (if crypto contains encryption):

    • Create new empty list of Header Field names and values newheaders

    • Let hpr be an empty comma-separated list of Header Field names

    • For each Header Field name and value (h,v) in origheaders:

      • Let newval be hcp(h,v)

      • If newval is null:

        • Add the value h to hpr

      • Else (if newval is not null):

        • Add (h,newval) to newheaders

        • If newval is not v:

          • Let string record be the concatenation of h, a literal "" (ASCII colon (0x3A) followed by ASCII space (0x20)), and newval

          • Add Header Field "HP-Obscured" to MIME part newbody with value record

    • If hpr is not empty:

      • Add Header Field "HP-Removed" to MIME part newbody with value hpr

  • If any of the Header Fields in MIME part newbody, including Header Fields in the nested internal MIME structure, contain any 8-bit UTF-8 characters (see Section 3.7 of [RFC6532]):

    • Let payload be a new MIME part with one Header Field: Content-Type: message/global; protected-headers=wrapped, and whose body is newbody.

  • Else:

    • Let payload be a new MIME part with one Header Field: Content-Type: message/rfc822; protected-headers=wrapped, and whose body is newbody.

  • Add a Content-Disposition Header Field to MIME part payload with value inline

  • Apply crypto to MIME part payload, producing MIME tree output

  • For each Header Field name and value (h,v) in newheaders:

    • Add Header Field h to output with value v

  • Return output

Note that the Header Confidentiality Policy hcp parameter is effectively ignored if crypto does not contain encryption. This is by design, because it is irrelevant for signed-only cryptographic protections.

2.3.6. Choosing Between Wrapped Message and Injected Headers

When composing a message with end-to-end cryptographic protections, an MUA SHOULD protect the Header Fields of that message as well as the body, using one of the formats described here.

A compatible MUA MUST be capable of generating a message with Header Protection using the Injected Headers Section 2.3.4 format.

2.4. Default Header Confidentiality Policy

An MUA MUST have a default Header Confidentiality Policy that offers at least the protections provided by hcp_minimal as described in Section 2.4.1. Local policy and configuration may alter this default, but the MUA SHOULD NOT require the user to select an HCP.

hcp_minimal provides confidentiality for the Subject Header Field by replacing it with the literal string "[...]". This is a sensible minimal default because most users treat the Subject of a message the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible.

2.4.1. Minimal Header Confidentiality Policy

The most conservative recommended Header Confidentiality Policy only protects the Subject Header Field:

hcp_minimal(name, val_in) → val_out:
    if name is 'Subject':
        return '[...]'
    else:
        return val_in

hcp_minimal is the recommended default HCP for a new implementation, as it provides meaningful confidentiality protections, and is unlikely to cause deliverability or usability problems.

2.4.2. Strong Header Confidentiality Policy

Alternately, a more aggressive (and therefore more privacy-preserving) Header Confidentiality Policy only leaks a handful of fields whose absence is known to increase rates of delivery failure, and simultaneously obscures the Message-ID behind a random new one:

hcp_strong(name, val_in) → val_out:
    if name in ['From', 'To', 'Cc', 'Date']:
        return val_in
    else if name is 'Subject':
        return '[...]'
    else if name is 'Message-ID':
        return generate_new_message_id()
    else:
        return null

The function generate_new_message_id() represents whatever process the MUA typically uses to generate a Message-ID for a new outbound message.

hcp_strong is known to cause usability problems with message threading for many Legacy MUAs, and is not recommended as a default HCP for new implementations.

2.4.3. Null Header Confidentiality Policy

Legacy MUAs can be conceptualized as offering a null Header Confidentiality Policy, which offers no confidentiality protection to any Header Field:

hcp_null(name, val_in) → val_out:
    return val_in

A conformant MUA that is not modified by local policy or configuration MUST NOT use hcp_null by default.

2.4.4. Offering Stronger Header Confidentiality

An MUA MAY offer even stronger confidentiality for Header Fields of an encrypted message than described in Section 2.4.2. For example, it might implement an HCP that obfuscates the From field, or omits the Cc field, or ensures Date is represented in UTC (obscuring the local timezone).

The authors of this document hope that implementers with deployment experience will document their chosen Header Confidentiality Policy and the rationale behind their choice.

This document defines hcp_null, hcp_minimal, hcp_hide_cc, and hcp_strong as a way to compare and contrast different possible behavioral choices for a composing MUA. While the HCP is not strictly a protocol element, this document creates a registry of named Header Confidentiality Policies for ease of communication.

2.4.4.1. Expert Guidance for Registering Header Confidentiality Policies

There is no formal syntax specified for the Header Confidentiality Policy, but any attempt to specify an HCP for inclusion in the registry needs to provide:

  • a stable reference document clearly indicating the distinct name for the proposed HCP

  • pseudocode that other implementers can clearly and unambiguously interpret

  • a clear explanation of why this HCP is different from all other registered HCPs

  • any relevant considerations related to deployment of the HCP (for example, known or expected deliverability, rendering, or privacy challenges and possible mitigations)

An entry should not be marked as "Recommended" unless it has been shown to offer confidentiality or privacy improvements over the status quo and have minimal or mitigatable negative impact on messages to which it is applied, considering factors such as message deliverability and security. Only one entry in the table (hcp_minimal) is initially marked as "Recommended". In the future, more than one entry may be marked as "Recommended".

2.5. Receiving Side

An MUA that receives a cryptographically-protected e-mail will render it for the user.

The receiving MUA will render the message body, a selected subset of Header Fields, and (as described in Section 3 of [I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the cryptographic properties of the message.

Most MUAs only render a subset of Header Fields by default. For example, few MUAs typically render Message-Id or Received Header Fields for the user, but most do render From, To, Cc, Date, and Subject.

An MUA that knows how to handle a message with Header Protection makes the following two changes to its behavior when rendering a message:

  • If it detects that an incoming message had protected Header Fields, it renders Header Fields for the message from the protected Header Fields, ignoring the external (unprotected) Header Fields.

  • It includes information in the message's Cryptographic Summary to indicate the types of protection that applied to each rendered Header Field (if any).

An MUA that handles a message with Header Protection does not need to render any new Header Fields that it did not render before.

2.5.1. Identifying that a Message has Header Protection

An incoming message can be identified as having Header Protection based on one of two signals:

  • The Cryptographic Payload has Content-Type: message/rfc822 or Content-Type: message/global and the parameter protected-headers has a value of wrapped. See Section 2.5.4 for rendering guidance.

  • The Cryptographic Payload has some other Content-Type and it has parameter protected-headers set to v1. See Section 2.5.3 for rendering guidance.

Messages of both types exist in the wild, and a compliant MUA MUST be able to handle them both. They provide the same semantics and the same meaning.

2.5.2. Updating the Cryptographic Summary

Regardless of whether a cryptographically-protected message has protected Header Fields, the Cryptographic Summary of the message should be modified to indicate what protections the Header Fields have. This field-by-field status is complex and isn't necessarily intended to be presented in full to the user. Rather, it represents the state of the message internally within the MUA, and may be used to influence behavior like replying to the message (see Section 2.5.8.1).

Each Header Field individually has exactly one the following protections:

  • unprotected (this is the case for all Header Fields in messages that have no Header Protection)

  • signed-only (bound into the same validated signature as the enclosing message, but also visible in transit)

  • encrypted-only (only appears within the Cryptographic Payload; the corresponding external Header Field was either omitted or obfuscated)

  • signed-and-encrypted (same as encrypted-only, but additionally is under a validated signature)

Note that while the message itself may be signed-and-encrypted, some Header Fields may be replicated on the outside of the message (e.g. Date). Those Header Fields would be signed-only, despite the message itself being signed-and-encrypted. Additionally, the data from some encrypted or signed-and-encrypted Header Fields may not be fully private (see Section 6.1 for more details).

Rendering the cryptographic status of each Header Field is likely to be complex and messy --- users may not understand it. It is beyond the scope of this document to suggest any specific graphical affordances or user experience. Future work should include examples of successful rendering of this information.

2.5.3. Rendering a Message with Injected Headers

When the Cryptographic Payload does not have a Content-Type of message/rfc822 or message/global, and the parameter protected-headers is set to v1, the values of the protected Header Fields are drawn from the Header Fields of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself.

2.5.3.1. Example Signed-only Message with Injected Headers
A └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
B  └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
C   ├─╴text/plain
D   └─╴text/html

The message body should be rendered the same way as this message:

B └┬╴multipart/alternative
C  ├─╴text/plain
D  └─╴text/html

It should render Header Fields taken from part B.

Its Cryptographic Summary should indicate that the message was signed and all rendered Header Fields were included in the signature.

The MUA should ignore Header Fields from part A for the purposes of rendering.

Because this message is signed-only, none of its parts will have a Legacy Display Element.

2.5.3.2. Example Signed-and-Encrypted Message with Injected Headers

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

E └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
F  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
G   └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
H    ├─╴text/plain
I    └─╴text/html

The message body should be rendered the same way as this message:

G └┬╴multipart/alternative
H  ├─╴text/plain
I  └─╴text/html

It should render Header Fields taken from part G.

Its Cryptographic Summary should indicate that the message was signed and encrypted. Each rendered Header Field found in G should be considered against any HP-Removed Header Field found in G and all HP-Obscured Header Fields found in G. If the field's name is found in the list of Header Field names in HP-Removed, or if one of the HP-Obscured fields refers to the field name, then the Header Field should be marked as signed-and-encrypted. Otherwise, the Header Field should be marked as signed-only.

If any of the User-Facing Header Fields are removed or obscured, the composer of this message MAY place Legacy Display Elements in parts H and I.

The MUA should ignore Header Fields from part E for the purposes of rendering.

2.5.3.3. Do Not Render Legacy Display Elements

As described in Section 2.1, a message with cryptographic confidentiality protection MAY include Legacy Display Elements for backward-compatibility with Legacy MUAs. These Legacy Display Elements are strictly decorative, unambiguously identifiable, and will be discarded by compliant implementations.

The receiving MUA SHOULD avoid rendering the identified Legacy Display Elements to the user at all, since it is aware of Header Protection and can render the actual protected Header Fields.

If a text/html or text/plain part within the Cryptographic Envelope is identified as containing Legacy Display Elements, those elements SHOULD be hidden when rendering and SHOULD be dropped when generating a draft reply or inline forwarded message. Whenever a Message or MIME subtree is exported, downloaded or otherwise further processed, implementers should consider whether or not to drop the Legacy Display Elements.

2.5.3.3.1. Identifying a Part with Legacy Display Elements

A receiving MUA acting on a message that contains an encrypting Cryptographic Layer identifies a MIME subpart within the Cryptographic Payload as containing Legacy Display Elements based on the Content-Type of the subpart.

  • The subpart's Content-Type contains a parameter hp-legacy-display with value set to 1

  • The subpart's Content-Type is either text/html (see Section 2.5.3.3.3) or text/plain (see Section 2.5.3.3.2)

Note that the term "subpart" above is used in the general sense: if the Cryptographic Payload is a single part, that part itself may contain a Legacy Display Element if it is marked with the hp-legacy-display=1 parameter.

2.5.3.3.2. Omitting Legacy Display Elements from text/plain

If a text/plain part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • Discard the leading lines of the body of the part up to and including the first entirely blank line.

Note that implementing this strategy is dependent on the charset used by the MIME part.

See Appendix D.1 for an example.

2.5.3.3.3. Omitting Legacy Display Elements from text/html

If a text/html part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion:

  • If any element of the HTML <body> is a <div> with class attribute header-protection-legacy-display, that entire element should be omitted.

This cleanup could be done, for example, as a custom rule in the MUA's HTML sanitizer, if one exists. Another implementation strategy for an HTML-capable MUA would b to add an entry to the [CSS] stylesheet for such a part:

body div.header-protection-legacy-display { display: none; }

2.5.4. Rendering a Wrapped Message

Some MUAs may compose and send a message with end-to-end cryptographic protections that offer Header Protection using the Wrapped Message scheme described in Section 3.1 of [RFC8551] as augmented by this document. This section describes how a receiving MUA should identify and render such a message.

When the Cryptographic Payload has Content-Type of message/rfc822 or message/global, and the parameter protected-headers is set to wrapped, the values of the protected Header Fields are drawn from the Header Fields of the Cryptographic Payload, and the body that is rendered is the body of the Cryptographic Payload.

2.5.4.1. Example Signed-Only Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

J └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
K  └┬╴message/rfc822 [Cryptographic Payload]
L   └┬╴multipart/alternative [Rendered Body]
M    ├─╴text/plain
N    └─╴text/html

The message body should be rendered the same way as this message:

L └┬╴multipart/alternative
M  ├─╴text/plain
N  └─╴text/html

It should render Header Fields taken from part K.

Its Cryptographic Summary should indicate that the message was signed and all rendered Header Fields were included in the signature.

The MUA SHOULD ignore Header Fields from part J for the purposes of rendering, unless it is rendering debugging information.

2.5.4.2. Example Signed-and-Encrypted Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

O └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
P  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
Q   └┬╴message/rfc822 [Cryptographic Payload]
R    └┬╴multipart/alternative [Rendered Body]
S     ├─╴text/plain
T     └─╴text/html

The message body should be rendered the same way as this message:

R └┬╴multipart/alternative
S  ├─╴text/plain
T  └─╴text/html

It should render Header Fields taken from part Q.

Its Cryptographic Summary should indicate that the message was signed and encrypted. As in Section 2.5.3.2, each rendered Header Field found in Q should be considered against any HP-Removed Header Field found in Q and all HP-Obscured Header Fields found in Q. If the field's name is found in the list of Header Field names in HP-Removed, or if one of the HP-Obscured fields refers to the field name, then the Header Field should be marked as signed-and-encrypted. Otherwise, the Header Field should be marked as signed-only.

2.5.5. Guidance for Automated Message Handling

Some automated systems have a control channel that is operated by e-mail. For example, an incoming e-mail message could subscribe someone to a mailing list, initiate the purchase of a specific product, approve another message for redistribution, or adjust the state of some shared object.

To the extent that such a system depends on end-to-end cryptographic guarantees about the e-mail control message, Header Protection as described in this document should improve the system's security. This section provides some specific guidance for systems that use e-mail messages as a control channel that want to benefit from these security improvements.

2.5.5.1. Interpret Only Protected Header Fields

Consider the situation where an e-mail-based control channel depends on the message's cryptographic signature and the action taken depends on some Header Field of the message.

In this case, the automated system MUST rely on information from the Header Field that is protected by the mechanism described in this document. It MUST NOT rely on any Header Field found outside the Cryptographic Payload.

For example, consider an administrative interface for a mailing list manager that only accepts control messages that are signed by one of its administrators. When an inbound message for the list arrives, it is queued (waiting for administrative approval) and the system generates and listens for two distinct e-mail addresses related to the queued message -- one that approves the message, and one that rejects it. If an administrator sends a signed control message to the approval address, the mailing list verifies that the protected To: Header Field of the signed control message contains the approval address before approving the queued message for redistribution. If the protected To: Header Field does not contain that address, or there is no protected To: Header Field, then the mailing list logs or reports the error, and does not act on that control message.

2.5.5.2. Ignore Legacy Display Elements

Consider the situation where an e-mail based control channel expects to receive an end-to-end encrypted message -- for example, where the control messages need confidentiality guarantees -- and where the action taken depends on the contents of some MIME part within message body.

In this case, the automated system that decrypts the incoming messages and scans the relevant MIME part MUST identify when the MIME part contains a Legacy Display Element (see Section 2.5.3.3.1), and it MUST parse the relevant MIME part with the Legacy Display Element removed.

For example, consider an administrative interface of a confidential issue tracking software. An authorized user can confidentially adjust the status of a tracked issue by a specially-formatted first line of the message body (for example, severity #183 serious). When the user's MUA encrypts a plain text control message to this issue tracker, depending on the MUA's HCP and its choice of legacy value, it may add a Legacy Display Element. If it does so, then the first line of the message body will contain a decorative copy of the confidential Subject: Header Field. The issue tracking software decrypts the incoming control message, identifies that there is a Legacy Display Element in the part (see Section 2.5.3.3.1), strips the lines comprising the Legacy Display Element (including the first blank line), and only then parses the remaining top line to look for the expected special formatting.

2.5.6. Affordances for Debugging and Troubleshooting

Note that advanced users of an MUA may need access to the original message, for example to troubleshoot problems with the rendering MUA itself, or problems with the SMTP transport path taken by the message.

An MUA that applies these rendering guidelines SHOULD ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting.

If a troubleshooting scenario demands information about the cryptographically-protected values of Header Fields, and the message is encrypted, the debugging interface SHOULD also provide a "source" view of the Cryptographic Payload itself, alongside the full original source of the message as received.

2.5.7. Rendering Other Schemes

Other MUAs may have generated different structures of messages that aim to offer end-to-end cryptographic protections that include Header Protection. This document is not normative for those schemes, and it is NOT RECOMMENDED to generate these other schemes, as they can either have structural flaws or simply render poorly on Legacy MUAs. A conformant MUA MAY attempt to infer Header Protection when rendering an existing message that appears to use some other scheme not documented here. Pointers to some known other schemes can be found in Appendix E.

2.5.8. Composing a Reply to an Encrypted Message with Header Protection

When composing a reply to an encrypted message with Header Protection, the MUA is acting both as a receiving MUA and as a sending MUA. Special guidance applies here, as things can go wrong in at least two ways: leaking previously-confidential information, and replying to the wrong party.

2.5.8.1. Avoid Leaking Encrypted Header Fields in Reply

As noted in Section 5.4 of [I-D.ietf-lamps-e2e-mail-guidance], an MUA in this position MUST NOT leak previously-encrypted content in the clear in a follow-up message. The same is true for protected Header Fields.

Values from any Header Field that was identified as either encrypted-only or signed-and-encrypted based on the steps outlined above MUST NOT be placed in cleartext output when generating a message.

In particular, if Subject was encrypted, and it is copied into the draft encrypted reply, the replying MUA MUST obfuscate the unprotected (cleartext) Subject Header Field as described above.

When crafting the Header Fields for a reply message, the composing MUA can make use of the HP-Removed and HP-Obscured Header Fields from within the Cryptographic Envelope of the reference message to ensure that Header Fields derived from the reference message do not leak in the reply.

Consider a Header Field in a reply message that is generated by derivation from a Header Field in the reference message. For example, the To Header Field is typically derived from the reference message's Reply-To or From Header Fields. When generating the outer copy of the Header Field, the composing MUA first applies its own Header Confidentiality Policy. If the Header Field's value is changed by the HCP, then it is applied to the outside header and noted in the protected Header Section using HP-Removed or HP-Obscured as appropriate, as described in Section 2.3.3. Otherwise, if the Header Field's value is unchanged, the composing MUA re-generates the Header Field using the source Header Fields from the values within the Cryptographic Payload of the reference message, as modified by the HP-Obscured or HP-Removed Header Fields. If that value is itself different than the protected value, then it is applied to the outside header and noted in the protected Header Section using HP-Obscured. If the value is the same as the protected value, then it is simply copied to the outside header directly.

See Appendix C.2 for a simple worked example of this process.

2.5.8.2. Avoid Misdirected Replies to Encrypted Messages with Header Protection

When replying to a message, the Composing MUA typically decides who to send the reply to based on:

  • the Reply-To, Mail-Followup-To, or From Header Fields

  • optionally, the other To or Cc Header Fields (if the user chose to "reply all")

When a message has Header Protection, the replying MUA MUST populate the destination fields of the draft message using the protected Header Fields, and ignore any unprotected Header Fields.

This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, and then replays the message to Bob with an additional Cc to Mallory's own e-mail address in the message's outer (unprotected) Header Section.

If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory.

2.5.9. Implicitly-rendered Header Fields

While From and To and Cc and Subject and Date are often explicitly rendered to the user, some Header Fields do affect message display, without being explicitly rendered.

For example, Message-Id, References, and In-Reply-To Header Fields may collectively be used to place a message in a "thread" or series of messages.

In another example, Section 2.5.8.2 observes that the value of the Reply-To field can influence the draft reply message. So while the user may never see the Reply-To Header Field directly, it is implicitly "rendered" when the user interacts with the message by replying to it.

An MUA that depends on any implicitly-rendered Header Field in a message with Header Protection MUST use the value from the protected Header Field, and SHOULD NOT use any value found outside the cryptographic protection unless it is known to be a Header Field added in transit, as specified in Section 2.5.10.

2.5.10. Unprotected Header Fields Added in Transit

Some Header Fields are legitimately added in transit, and could not have been known to the sender at message composition time.

The most common of these Header Fields are Received and DKIM-Signature, neither of which are typically rendered, either explicitly or implicitly.

If a receiving MUA has specific knowledge about a given Header Field, including that:

  • the Header Field would not have been known to the original sender, and

  • the Header Field might be rendered explicitly or implicitly,

then the MUA MAY decide to operate on the value of that Header Field from the unprotected Header Section, even though the message has Header Protection.

The MUA MAY prefer to verify that the Header Fields in question have additional transit-derived cryptographic protections before rendering or acting on them. For example, the MUA could verify whether these Header Fields are covered by an appropriate and valid ARC-Authentication-Results (see [RFC8617]) or DKIM-Signature (see [RFC6376]) Header Field.

Specific examples of user-meaningful Header Fields commonly added by transport agents appear below.

2.5.10.1. Mailing list Header Fields: List-* and Archived-At

If the message arrives through a mailing list, the list manager itself may inject Header Fields (most of which start with List-) in the message:

  • List-Archive

  • List-Subscribe

  • List-Unsubscribe

  • List-Id

  • List-Help

  • List-Post

  • Archived-At

For some MUAs, these Header Fields are implicitly rendered, by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc.

An MUA that receives a message with Header Protection that contains these Header Fields in the unprotected section, and that has reason to believe the message is coming through a mailing list MAY decide to render them to the user (explicitly or implicitly) even though they are not protected.

2.5.11. Handling Undecryptable Messages

An MUA might receive an apparently encrypted message that it cannot currently decrypt. For example, when an MUA does not have regular access to the secret key material needed for decryption, it cannot know the cryptographically protected Header Fields, or even whether the message has any cryptographically protected Header Fields.

Such an undecrypted message will be rendered by the MUA as a message without any Header Protection. This means that the message summary may well change how it is rendered when the user is finally able to supply the secret key.

For example, the rendering of the Subject Header Field in a mailbox summary might change from [...] to the real message subject when the message is decrypted. Or the message's placement in a message thread might change if, say, References or In-Reply-To have been removed or obscured (see Section 2.5.9).

Additionally, if the MUA does not retain access to the decrypting secret key, and it drops the decrypted form of a message, the message's rendering may revert to the encrypted form. For example, if a MUA follows this behavior, the Subject Header Field in a mailbox summary might change from the real message subject back to [...]. Or, the message might be yanked out of its current thread if the MUA loses access to a removed References or In-Reply-To header.

These behaviors are likely to surprise the user. However, an MUA has several possible ways of reducing or avoiding all of these surprises, including:

  • Ensuring that the MUA always has access to decryption-capable secret key material.

  • Rendering undecrypted messages in a special quarantine view until the decryption-capable secret key material is available.

To reduce or avoid the surprises associated with a decrypted message with removed or obscured Header Fields becoming undecryptable, the MUA could also:

  • Securely cache metadata from a decrypted message's protected Header Fields so that its rendering doesn't change after the first decryption.

  • Securely store the session key associated with a decrypted message, so that attempts to read the message when the long-term secret key are unavailable can proceed using only the session key itself. See, for example, the discussion about stashing session keys in Section 9.1 of [I-D.ietf-lamps-e2e-mail-guidance].

3. E-mail Ecosystem Evolution

This document is intended to offer tooling needed to improve the state of the e-mail ecosystem in a way that can be deployed without significant disruption. Some elements of this specification are present for transitional purposes, but would not exist if the system were designed from scratch.

This section describes these transitional mechanisms, as well as some suggestions for how they might eventually be phased out.

3.1. Dropping Legacy Display Elements

Any decorative Legacy Display Element added to an encrypted message that uses the Injected Header scheme is present strictly for enabling Header Field visibility (most importantly, the Subject Header Field) when the message is viewed with a decryption-capable Legacy MUA.

Eventually, the hope is that most decryption-capable MUAs will conform to this specification, and there will be no need for injection of Legacy Display Elements in the message body. A survey of widely-used decryption-capable MUAs might be able to establish when most of them do support this specification.

At that point, a composing MUA could make the legacy parameter described in Section 2.3.4 to false by default, or could even hard-code it to false, yielding a much simpler message construction set.

Until that point, an end user might want to signal that their receiving MUAs are conformant to this draft so that a peer composing a message to them can set legacy to false. A signal indicating capability of handling messages with Header Protection might be placed in the user's cryptographic certificate, or in outbound messages.

This draft doesn't attempt to define the syntax or semantics of such a signal.

3.2. Stronger Default Header Confidentiality Policy

This draft defines two different forms of Header Confidentiality Policy. An MUA implementing an HCP for the first time SHOULD deploy hcp_minimal as recommended in Section 2.4. This HCP offers the most commonly-expected protection (obscuring the Subject Header Field) without risking deliverability or rendering issues.

The HCPs proposed in this draft are relatively conservative and still leak a significant amount of metadata for encrypted messages. This is largely done to ensure deliverability (see Section 1.4.2) and usability, as messages without some critical Header Fields are more likely to not reach their intended recipient.

In the future, some mail transport systems may accept and deliver messages with even less publicly-visible metadata. Many MTA operators today would ask for additional guarantees about such a message to limit the risks associated with abusive or spammy mail.

This specification offers the HCP formalism itself as a way for MUA developers and MTA operators to describe their expectations around message deliverability. MUA developers can propose a stronger default HCP, and ask MTA operators (or simply test) whether their MTAs would be likely to deliver or reject encrypted mail with that HCP applied. Proponents of a stronger HCP should explicitly document the HCP, and name it clearly and unambiguously to facilitate this kind of interoperability discussion.

Reaching widespread consensus around a stronger global default HCP is a challenging problem of coordinating many different actors. A piecemeal approach might be more feasible, where some signalling mechanism allows a message recipient, MTA operator, or third-party clearinghouse to announce what kinds of HCPs are likely to be deliverable for a given recipient. In such a situation, the default HCP for an MUA might involve consulting the signalled acceptable HCPs for all recipients, and combining them (along with a default for when no signal is present) in some way.

If such a signal were to reach widespread use, it could also be used to guide reasonable statistical default HCP choices for recipients with no signal.

This draft doesn't attempt to define the syntax or semantics of such a signal.

3.3. Deprecation of Messages Without Header Protection

At some point, when the majority of MUA clients that can generate cryptographically protected messages with Header Protection, it should be possible to deprecate any cryptographically protected message that does not have Header Protection.

For example, as noted in Section 4.1, it's possible for an MUA to decline to render a signed-only message that has no Header Protection the same as an unsigned message. And a signed-and-encrypted message without Header Protection could likewise be marked as not fully protected.

These stricter rules could be adopted immediately for all messages. Or an MUA developer could roll them out immediately for any new message, but still treat an old message (based on the Date Header Field and cryptographic signature timestamp) more leniently.

A decision like this by any popular receiving MUA could drive adoption of this standard for sending MUAs.

4. Usability Considerations

This section describes concerns for MUAs that are interested in easy adoption of Header Protection by normal users.

While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document.

See also the Usability commentary in Section 2 of [I-D.ietf-lamps-e2e-mail-guidance].

4.1. Mixed Protections Within a Message Are Hard To Understand

When rendering a message to the user, the ideal circumstance is to present a single cryptographic status for any given message. However, when message Header Fields are present, some message Header Fields do not have the same cryptographic protections as the main message.

Representing such a mixed set of protection statuses is very difficult to do in a way that a normal user can understand without training. There are at least three scenarios that are likely to be common, and poorly understood:

  • A signed message with no Header Protection.

  • A signed-and-encrypted message with no Header Protection.

  • An signed-and-encrypted message with Header Protection as described in this document, where some User-Facing Header Fields have confidentiality but some do not.

An MUA should have a reasonable strategy for clearly communicating each of these scenarios to the user. For example, an MUA operating in an environment where it expects most cryptographically-protected messages to have Header Protection could use the following rendering strategy:

  • When rendering a message with signed-only cryptographic status but no Header Protection, an MUA may decline to indicate a positive security status overall, and only indicate the cryptographic status to a user in a message properties or diagnostic view. That is, the message may appear identical to an unsigned message except if a user verifies the properties through a menu option.

  • When rendering a message with signed-and-encrypted or encrypted-only cryptographic status but no Header Protection, overlay a warning flag on the typical cryptographic status indicator. That is, if a typical signed-and-encrypted message displays a lock icon, display a lock icon with a warning sign (e.g., an exclamation point in a triangle) overlaid. See, for example, the graphics in [chrome-indicators].

  • When rendering a message with signed-and-encrypted or encrypted-only cryptographic status, with Header Protection, but where the Subject Header Field has not been removed or obscured, place a warning sign on the on the Subject line.

Other simple rendering strategies could also be reasonable.

4.2. Users Should Not Have To Choose a Header Confidentiality Policy

This document defines the abstraction of a Header Confidentiality Policy object for the sake of communication between implementers and deployments.

Most e-mail users are unlikely to understand the tradeoffs between different policies. In particular, the potential negative side effects (e.g. poor deliverability) may not be easily attributable by a normal user to a particular HCP.

Therefore, MUA implementers should be conservative in their choice of default HCP, and should not require the Ordinary User to make an incomprehensible choice that could cause unfixable, undiagnosable problems. The safest option is for the MUA developer to select a known, stable HCP (this document recommends hcp_minimal in Section 2.4) on the user's behalf. An MUA should not expose the Ordinary User to a configuration option where they are expected to manually select (let alone define) an HCP.

4.3. Users Should Not Have To Choose a Header Protection Scheme

This document also describes two different Header Protection schemes: Wrapped Messages in Section 2.2 and Injected Headers in Section 2.1.

These distinct schemes are described for the sake of implementers who may have to deal with messages found in the wild, but their intended semantics are identical. They represent different tradeoffs in terms of rendering and user experience on the recipient's side, things that a given user writing a message is not prepared to select.

When composing a message with cryptographic protections, the Ordinary User should not be confronted with any choices about which Header Protection scheme to use. Rather, the MUA developer should use a single scheme for all outbound cryptographically-protected messages.

This document recommends the Injected Headers scheme for generating messages with cryptographic protections, as described in Section 2. An MUA should not expose the Ordinary User to any configuration option where they are expected to manually select, enable, or disable Header Protections for new cryptographically-protected messages.

5. Security Considerations

This document describes a mechanism for improving the security of cryptographically-protected e-mail messages. Following the guidance in this document should improve security for users of these technologies by more directly aligning the underlying messages with user expectations about confidentiality, authenticity, and integrity.

However, many existing messages with cryptographic protections will not have these protections, and MUAs encountering these messages will need to handle older forms (without Header Protection) for quite some time. An implementation that deals with legacy message archives will need to deal with all the various formats forever. Helping the user distinguish between cryptographic protections of various messages is a difficult job for message renderers.

However, on the message generation side, the situation is much clearer: there is a standard form that a protected message can take, and an implementer can always generate the standard form. Generating the standard form also makes it more likely that any receiving implementation will be able to handle the generated message appropriately.

The security considerations from Section 6 of [RFC8551] continue to apply for any MUA that offers S/MIME cryptographic protections, as well as Section 3 of [RFC5083] (Authenticated-Enveloped-Data in CMS) and Section 14 of [RFC5652] (CMS more broadly). Likewise, the security considerations from Section 8 of [RFC3156] continue to apply for any MUA that offers PGP/MIME cryptographic protections, as well as Section 13 of [I-D.ietf-openpgp-crypto-refresh-13] (OpenPGP itself). In addition, these underlying security considerations are now also applicable to the contents of the message header, not just the message body.

5.1. Caution about Composing with Legacy Display Elements

When composing a message, it's possible for a Legacy Display Element to contain risky data that could trigger errors in a rendering client.

For example, if the value for a Header Field to be included in a Legacy Display Element within a given body part contains folding whitespace, it should be "unfolded" before generating the Legacy Display Element: all contiguous folding whitespace should be replaced with a single space character. Likewise, if the header value was originally encoded with [RFC2047], it should be decoded first to a standard string and re-encoded using the charset appropriate to the target part.

When including a Legacy Display Element in a text/plain part (see Section 2.3.4.1), if the decoded Subject Header Field contains a pair of newlines (e.g., if it is broken across multiple lines by encoded newlines), any newline MUST be stripped from the Legacy Display Element. If the pair of newlines is not stripped, a receiving MUA that follows the guidance in Section 2.5.3.3.2 might leave the later part of the Legacy Display Element in the rendered message.

When including a Legacy Display Element in a text/html part (see Section 2.3.4.2), any material in the header values should be explicitly HTML escaped to avoid being rendered as part of the HTML. At a minimum, the characters <, >, and & should be escaped to &lt;, &gt;, and &amp;, respectively (see for example [HTML-ESCAPES]). If unescaped characters from removed or obscured header values end up in the Legacy Display Element, a receiving MUA that follows the guidance in Section 2.5.3.3.3 might fail to identify the boundaries of the Legacy Display Element, cutting out more than it should, or leaving remnants visible. And a Legacy MUA parsing such a message might misrender the entire HTML stream, depending on the content of the removed or obscured header values.

The Legacy Display Element is a decorative addition solely to enable visibility of obscured or removed Header Fields in decryption-capable Legacy MUAs. When it is produced, it should be generated conservatively and narrowly, as described above, to avoid damaging the rest of the message.

6. Privacy Considerations

6.1. Some Encrypted Header Fields Are Not Always Private

For encrypted messages, depending on the sender's HCP, some Header Fields may appear both within the Cryptographic Envelope and on the outside of the message (e.g. Date might exist identically in both places). Section 2.5.2 identifies such a Header Field as signed-only. These Header Fields are clearly not private at all, despite a copy being inside the Cryptographic Envelope.

A Header Field whose name can be found in the HP-Removed or in any HP-Obscured Header Field from the same part will have encrypted-only or signed-and-encrypted status. But even Header Fields with these stronger levels of cryptographic confidentiality protection might not be as private as the user would like.

For example, even if the Date Header Field has been obscured, for example by normalizing the timezone to UTC or rounding to the most recent minute or hour (so that Header Field is formally signed-and-encrypted), the MTAs which handle the message can of course record the time that they first encountered it, which is likely to be identical or very close to the original value of the field.

6.2. Header Fields Can Leak Unwanted Information to the Recipient

For encrypted messages, even with an aggressive HCP that successfully obscures most Header Fields from all transport agents, Header Fields will be ultimately visible to all intended recipients. This can be especially problematic for Header Fields that are not user-facing, which the sender may not expect to be injected by their MUA. Consider the three following examples:

  • The MUA may inject a User-Agent Header Field that describes itself to every recipient, even though the sender may not want the recipient to know the exact version of their OS, hardware platform, or MUA.

  • The MUA may have an idiosyncratic way of generating a Message-ID header, which could embed the choice of MUA, a timezone, a hostname, or other subtle information to a knowledgeable recipient.

  • The MUA may erroneously include a Bcc Header Field in the origheaders of a copy of a message sent to the named recipient, defeating the purpose of using Bcc instead of Cc (see Section 6.3 for more details about risks related to Bcc).

Clearly, no end-to-end cryptographic protection of any Header Field as described in this document will hide such a sensitive field from the intended recipient. Instead, the composing MUA MUST populate the origheaders list for any outbound message with only information recipient should have access to. This is true for messages without any cryptographic protection as well, of course, and it is even worse there: such a leak is exposed to the transport agents as well as the recipient. An encrypted message with Header Protection and a strong Header Confidentiality Policy avoid these leaks exposing information to the transport agents, but cannot defend against such a leak to the recipient.

6.2.1. Encrypted Header Fields Can Be Inferred From External or Internal Metadata

For example, if the To: and Cc: Header Fields are omitted from the unprotected Header Section, the values in those fields might still be inferred with high probability by an adversary who looks at the message either in transit or at rest. If the message is found in, or being delivered to a mailbox for bob@example.org, it's likely that Bob was in either To: or Cc:. Furthermore, encrypted message ciphertext may hint at the recipients: for S/MIME messages, the RecipientInfo, and for PGP/MIME messages the key ID in the Public Key Encrypted Session Key (PKESK) packets will all hint at a specific set of recipients. Additionally, an MTA that handles the message may add a Received: Header Field (or some other custom Header Field) that leaks some information about the nature of the delivery.

6.2.2. HCP May Not Mask All Data in an Encrypted Header Field

In another example, if the HCP modifies the Date: header to mask out high-resolution time stamps (e.g. rounding to the most recent hour) and to convert the local timezone to UTC, some information about the date of delivery will still be attached to the e-mail. At the very least, the low resolution, global version of the date will be present on the message. Additionally, Header Fields like Received that are added during message delivery might include higher-resolution timestamps. And if the message lands in a mailbox that is ordered by time of receipt, even its placement in the mailbox and the non-obscured Date: Header Fields of the surrounding messages could leak this information.

Some fields like From: may be impossible to fully obscure, as many modern message delivery systems depend on at least domain information in the From: field for determining whether a message is coming from a domain with "good reputation" (that is, from a domain that is not known for leaking spam). So even if an aggressive HCP opts to remove the human-readable part from any From: Header Field, and to standardize/genericize the local part of the From: address, the domain will still leak.

6.2.3. A Naive Recipient May Overestimate the Cryptographic Status of a Header Field in an Encrypted Message

When an encrypted (or signed-and-encrypted) message is in transit, an active intermediary can strip or tamper with any Header Field that appears outside the Cryptographic Envelope. A receiving MUA that naively infers cryptographic status from differences between the external Header Fields and those found in the Cryptographic Envelope could be tricked into overestimating the protections afforded to some Header Fields.

For example, if the original sender's HCP passes through the Cc: Header Field unchanged, a cleanly-delivered message would indicate that the Cc: Header Field has a cryptographic status of signed. But if an intermediary attacker simply removes the Header Field from the unprotected Header Section before forwarding the message, then the naive recipient might believe that the field has a cryptographic status of signed-and-encrypted.

This draft offers protection against such an attack by way of the HP-Obscured and HP-Removed Header Fields that can be found on the Cryptographic Payload. If a Header Field appears to have been obscured, but no HP-Obscured header matches it; or if the Header Field appears to have been removed, but the HP-Removed header does not include its field name, the receiving MUA can indicate to the user that the Header Field in question may not have been confidential.

In such a case, a conservative MUA may render the Header Field in question as signed (because the sender did not hide it), but still treat it as signed-and-encrypted during reply, to avoid accidental leakage of the cleartext value in the reply message, as described in Section 2.5.8.1.

6.2.4. Summary and Implementation Guidance

In the abstract sense, the above concerns are of course also true for any encrypted data, including the body of the message: if the sender isn't careful, the message contents or session keys could leak in many different ways that are beyond the scope of this draft. The message recipient has no way in principle to tell whether the apparent confidentiality of any given piece of encrypted content has been broken via channels that they cannot perceive. And an active intermediary aware of the recipient's public key can always encrypt a cleartext message in transit to give the recipient a false sense of security.

Despite the external inferrability of some encrypted or signed-and-encrypted Header Fields, the MUA should still strive to avoid additional leakage of these Header Fields, as described in Section 2.5.8.1.

6.3. Privacy and Deliverability Risks with Bcc and Encrypted Messages

As noted in Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance], handling Bcc when generating an encrypted e-mail message can be particularly tricky. With Header Protection, there is an additional wrinkle. When an encrypted e-mail message with Header Protection has a Bcc'ed recipient, and the composing MUA explicitly includes the Bcc'ed recipient's address in their copy of the message (see the "second method" in Section 3.6.3 of [RFC5322]), that Bcc Header Field will always be visible to the Bcc'ed recipient.

In this scenario, though, the composing MUA has one additional choice: whether to hide the Bcc Header Field from intervening message transport agents, by returning null when the HCP is invoked for Bcc. If the composing MUA's rationale for including an explicit Bcc in the copy of the message sent to the Bcc recipient is to ensure deliverability via a message transport agent that inspects message Header Fields, then stripping the Bcc field during encryption may cause the intervening transport agent to drop the message entirely. This is why Bcc is not explicitly stripped in hcp_minimal.

If, on the other hand, deliverability to a Bcc'ed recipient is not a concern, the most privacy-preserving option is to simply omit the Bcc Header Field from the protected Header Section in the first place. An MUA that is capable of receiving and processing such a message can infer that since their user's address was not mentioned in any To or Cc Header Field, they were likely a Bcc recipient.

Please also see Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance] for more discussion about Bcc and encrypted messages.

7. IANA Considerations

This document requests IANA to register the following two Header Fields in the "Permanent Message Header Field Names" registry within "Message Headers" in accordance with [RFC3864].

Table 1: Additions to 'Permanent Message Header Field Names' registry
Header Field Name Template Protocol Status Reference
HP-Removed   mail standard Section 2.3.3 of RFCXXXX
HP-Obscured   mail standard Section 2.3.3 of RFCXXXX

The Author/Change Controller of these two entries (Section 4.5 of [RFC3864]) should be the IETF itself.

This document also defines the Content-Type parameter known as protected-headers. Consequently, the Content-Type row in the "Permanent Message Header Field Names" registry should add a reference to this RFC to its "References" column.

That is, the current row:

Table 2: Existing row in 'Permanent Message Header Field Names' registry
Header Field Name Template Protocol Status Reference
Content-Type   MIME   [RFC4021]

Should be updated to have the following values:

Table 3: Replacement row in 'Permanent Message Header Field Names' registry
Header Field Name Template Protocol Status Reference
Content-Type   MIME   [RFC4021] [RFCXXXX]

This document also requests IANA to create a new registry in the "Mail Parameters" protocol group titled Mail Header Confidentiality Policies with the following content:

Table 4: Mail Header Confidentiality Policies registry
Header Confidentiality Policy Name Description Reference Recommended
hcp_null No header confidentiality RFCXXX (this document) N
hcp_minimal Subject Header Field is obscured RFCXXX (this document) Y
hcp_strong Remove or obscure everything but From, Date, To, and Cc RFCXXX (this document) N
hcp_hide_cc Obscure Subject, remove Cc RFCXXX (this document) N

Please add the following textual note to this registry:

  • The Header Confidentiality Policy Name never appears on the wire. This registry merely tracks stable references to implementable descriptions of distinct policies. Any addition to this registry should be governed by guidance in Section 2.4.4.1 of RFC XXX (this document).

Adding an entry to this registry with an N in the "Recommended" column follows the registration policy of SPECIFICATION REQUIRED. Adding an entry to this registry with a Y in the "Recommended" column or changing the "Recommended" column in an existing entry (from N to Y or vice versa) requires IETF REVIEW. During IETF REVIEW, the designated expert must also be consulted. Guidance for the designated expert can be found in Section 2.4.4.1.

8. Acknowledgments

The authors would like to thank the following people who have provided helpful comments and suggestions for this document: Berna Alp, Bernhard E. Reiter, Carl Wallace, Claudio Luck, David Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Michael StJohns, Nicolas Lidzborski, Phillip Tao, Robert Williams, Roman Danyliw, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Wei Chuang.

9. References

9.1. Normative References

[I-D.ietf-lamps-e2e-mail-guidance]
Gillmor, D. K., Hoeneisen, B., and A. Melnikov, "Guidance on End-to-End E-mail Security", Work in Progress, Internet-Draft, draft-ietf-lamps-e2e-mail-guidance-15, , <https://datatracker.ietf.org/doc/html/draft-ietf-lamps-e2e-mail-guidance-15>.
[I-D.ietf-lamps-header-protection-requirements]
Melnikov, A. and B. Hoeneisen, "Problem Statement and Requirements for Header Protection", Work in Progress, Internet-Draft, draft-ietf-lamps-header-protection-requirements-01, , <https://datatracker.ietf.org/doc/html/draft-ietf-lamps-header-protection-requirements-01>.
[I-D.ietf-openpgp-crypto-refresh-13]
Wouters, P., Huigens, D., Winter, J., and N. Yutaka, "OpenPGP", Work in Progress, Internet-Draft, draft-ietf-openpgp-crypto-refresh-13, , <https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-13>.
[RFC2045]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, , <https://www.rfc-editor.org/rfc/rfc2045>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC3864]
Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, DOI 10.17487/RFC3864, , <https://www.rfc-editor.org/rfc/rfc3864>.
[RFC5083]
Housley, R., "Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type", RFC 5083, DOI 10.17487/RFC5083, , <https://www.rfc-editor.org/rfc/rfc5083>.
[RFC5234]
Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, , <https://www.rfc-editor.org/rfc/rfc5234>.
[RFC5322]
Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, , <https://www.rfc-editor.org/rfc/rfc5322>.
[RFC5652]
Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, DOI 10.17487/RFC5652, , <https://www.rfc-editor.org/rfc/rfc5652>.
[RFC8126]
Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, , <https://www.rfc-editor.org/rfc/rfc8126>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8551]
Schaad, J., Ramsdell, B., and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, , <https://www.rfc-editor.org/rfc/rfc8551>.

9.2. Informative References

[chrome-indicators]
Schechter, E., "Evolving Chrome's security indicators", , <https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html>.
[CSS]
World Wide Web Consortium, "Cascading Style Sheets Level 2 Revision 2 (CSS 2.2) Specification", , <https://www.w3.org/TR/2016/WD-CSS22-20160412/>.
[HTML-ESCAPES]
W3C, "Using character escapes in markup and CSS", n.d., <https://www.w3.org/International/questions/qa-escapes#use>.
[I-D.autocrypt-lamps-protected-headers]
Einarsson, B. R., "juga", and D. K. Gillmor, "Protected Headers for Cryptographic E-mail", Work in Progress, Internet-Draft, draft-autocrypt-lamps-protected-headers-02, , <https://datatracker.ietf.org/doc/html/draft-autocrypt-lamps-protected-headers-02>.
[I-D.ietf-lamps-samples]
Gillmor, D. K., "S/MIME Example Keys and Certificates", Work in Progress, Internet-Draft, draft-ietf-lamps-samples-08, , <https://datatracker.ietf.org/doc/html/draft-ietf-lamps-samples-08>.
[I-D.pep-email]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): Email Formats and Protocols", Work in Progress, Internet-Draft, draft-pep-email-02, , <https://datatracker.ietf.org/doc/html/draft-pep-email-02>.
[I-D.pep-general]
Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy privacy (pEp): Privacy by Default", Work in Progress, Internet-Draft, draft-pep-general-02, , <https://datatracker.ietf.org/doc/html/draft-pep-general-02>.
[PGPCONTROL]
UUNET Technologies, Inc., "Authentication of Usenet Group Changes", , <https://ftp.isc.org/pub/pgpcontrol/>.
[PGPVERIFY-FORMAT]
Lawrence, D. C., "Signing Control Messages, Verifying Control Messages", n.d., <https://www.eyrie.org/~eagle/usefor/other/pgpverify>.
[RFC2047]
Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, DOI 10.17487/RFC2047, , <https://www.rfc-editor.org/rfc/rfc2047>.
[RFC2049]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, DOI 10.17487/RFC2049, , <https://www.rfc-editor.org/rfc/rfc2049>.
[RFC3156]
Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, , <https://www.rfc-editor.org/rfc/rfc3156>.
[RFC3851]
Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, DOI 10.17487/RFC3851, , <https://www.rfc-editor.org/rfc/rfc3851>.
[RFC4021]
Klyne, G. and J. Palme, "Registration of Mail and MIME Header Fields", RFC 4021, DOI 10.17487/RFC4021, , <https://www.rfc-editor.org/rfc/rfc4021>.
[RFC5751]
Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification", RFC 5751, DOI 10.17487/RFC5751, , <https://www.rfc-editor.org/rfc/rfc5751>.
[RFC6376]
Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, , <https://www.rfc-editor.org/rfc/rfc6376>.
[RFC6532]
Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, , <https://www.rfc-editor.org/rfc/rfc6532>.
[RFC7489]
Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, , <https://www.rfc-editor.org/rfc/rfc7489>.
[RFC8617]
Andersen, K., Long, B., Ed., Blank, S., Ed., and M. Kucherawy, Ed., "The Authenticated Received Chain (ARC) Protocol", RFC 8617, DOI 10.17487/RFC8617, , <https://www.rfc-editor.org/rfc/rfc8617>.

Appendix A. Possible Problems with some Legacy Clients

When an e-mail message with end-to-end cryptographic protection is received by a mail user agent, the user might experience many different possible problematic interactions. A message with Header Protection may introduce new forms of user experience failure.

In this section, the authors enumerate different kinds of failures we have observed when reviewing, rendering, and replying to messages with different forms of Header Protection in different Legacy MUAs. Different Legacy MUAs demonstrate different subsets of these problems.

A conformant MUA would not exhibit any of these problems. An implementer updating their Legacy MUA to be compliant with this specification should consider these concerns and try to avoid them.

A.1. Problems Reviewing signed-and-encrypted Messages in List View

  • Unprotected Subject, Date, From, To are visible

  • Threading is not visible

A.2. Problems when Rendering a signed-and-encrypted Message

  • Unprotected Subject is visible

  • Protected subject (on its own) is visible in the body

  • Protected subject, date, from, to visible in the body

  • User interaction needed to view whole message

  • User interaction needed to view message body

  • User interaction needed to view protected subject

  • Impossible to view protected subject

  • Nuisance alarms during user interaction

  • Impossible to view message body

  • Appears as a forwarded message

  • Appears as an attachment

  • Security indicators not visible

  • User has multiple different methods to Reply: (e.g. reply to outer, reply to inner)

  • User sees English "Subject:" in body despite message itself being in non-English

  • Security indicators do not identify protection status of Header Fields

  • Header Fields in body render with local Header Field names (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.3. Problems when Replying to a signed-and-encrypted Message

Note that the use case here is:

  • User views message, to the point where they can read it.

  • User then replies to message, and they are shown a message composition window, which has some UI elements

  • If the MUA has multiple different methods to Reply: to a message, each way may need to be evaluated separately

This section also uses the shorthand UI:x to mean "the UI element that the user can edit that they think of as x."

  • protected subject is in UI:subject (and will leak)

  • protected subject is quoted in UI:body

  • protected subject is not anywhere in UI

  • message body is not visible/quoted in UI:body

  • user cannot reply while viewing protected message

  • reply is not encrypted by default (but is for normal S/MIME sign+enc messages)

  • unprotected From: is in UI:To

  • User's locale (lang, TZ) leaks in quoted body

  • Header Fields not protected (and in particular, Subject is not obscured) by default

A.4. Problems Reviewing signed-only Messages in List View

  • Unprotected Subject, Date, From, To are visible

  • Threading is not visible

A.5. Problems when Rendering a signed-only Message

  • Unprotected Subject is visible

  • Protected subject (on its own) is visible in the body

  • Protected subject, date, from, to visible in the body

  • User interaction needed to view whole message

  • User interaction needed to view message body

  • User interaction needed to view protected subject

  • Impossible to view protected subject

  • Nuisance alarms during user interaction

  • Impossible to view message body

  • Appears as a forwarded message

  • Appears as an attachment

  • Security indicators not visible

  • Security indicators do not identify protection status of Header Fields

  • User has multiple different methods to Reply: (e.g. reply to outer, reply to inner)

  • Header Fields in body render with local Header Fields (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.6. Problems when Replying to a signed-only Message

This uses the same use case(s) and shorthand as Appendix A.3.

  • Unprotected Subject: is in UI:subject

  • Protected Subject: is quoted in UI:body

  • Protected Subject: is not anywhere in UI

  • Message body is not visible/quoted in UI:body

  • User cannot reply while viewing protected message

  • Unprotected From: is in UI:To

  • User's locale (lang, TZ) leaks in quoted body

Appendix B. Test Vectors

This section contains sample messages using the different schemes described in this document. Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it.

The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from [I-D.ietf-lamps-samples].

These messages should be accessible to any IMAP client at imap://bob@header-protection.cmrg.net/ (any password should authenticate to this read-only IMAP mailbox).

You can also download copies of these test vectors separately at https://header-protection.cmrg.net.

If any of the messages downloaded differ from those offered here, this document is the canonical source.

B.1. Baseline Messages

These messages offer no header protection at all, and can be used as a baseline. They are provided in this document as a counterexample. An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection.

B.1.1. No Cryptographic Protections Over a Simple Message

This message uses no cryptographic protection at all. Its body is a text/plain message.

It has the following structure:

└─╴text/plain 152 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: no-crypto
Message-ID: <no-crypto@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500
User-Agent: Sample MUA Version 1.0

This is the no-crypto message.

This message uses no cryptographic protection at all.  Its body
is a text/plain message.

--
Alice
alice@smime.example

B.1.2. S/MIME Signed-only signedData Over a Simple Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 3852 bytes
 ⇩ (unwraps to)
 └─╴text/plain 204 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part
Message-ID: <smime-one-part@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500
User-Agent: Sample MUA Version 1.0

MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq
hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz
YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh
IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp
biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD
fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB
UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL
UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO
HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F
KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L
DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW
fC6Pm51fEkabbmw=

B.1.3. S/MIME Signed-only multipart/signed Over a Simple Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 4191 bytes
 ├─╴text/plain 224 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="052";
 micalg="sha-256"
Subject: smime-multipart
Message-ID: <smime-multipart@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500
User-Agent: Sample MUA Version 1.0

--052
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the smime-multipart message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses no header protection.

--
Alice
alice@smime.example

--052
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCDAkJYhqVAHhprkzEWP6PweksoYhj5ULTLbcfQ9Tu3C
zDANBgkqhkiG9w0BAQEFAASCAQCJe818STb4M4utvQsdcQEH0CZR7I38uL5TSZF3
llKmD9PuCDuV3GIkfdmZISKRuffBle1xaNc2av/0Qogr7OaFF485DAONVAEIQ7ah
t94pwgAE4yvXXWKmFQkKid1tnMXbnHADKWU0YC+BQkgd/5J3zg4ESeMwOUm0+b3C
GDaUBTIJhHfu9sqlt7jXa7PbzQEfemYZORPI14/uZSs86SLkPvNGUpWb4mN6olC0
2h/U4SCpq8Oy390oNM0VNpoa+nsTu5yOFc34pMIvjwCJyIOYPaDnvw9FYgr2oOp7
cdOgFcSJ8q7I+Tx2yg60VW8tAT7UBkifc37UUuVbnOsqeVB3

--052--

B.1.4. S/MIME Encrypted and Signed Over a Simple Message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 6720 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 3960 bytes
  ⇩ (unwraps to)
  └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed
Message-ID: <smime-enc-signed@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500
User-Agent: Sample MUA Version 1.0

MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHmnSO2IdHZqhpStR4KWdgv3WQtCaxYUhXTJ
AmWV0NBvy5u7gilyKnpgY7CcJ4T5bA68lWNos4i4D2bsiLDGtMAuEynCKejeKp+r
rS6BU+iI3QAruW8v4xxFHmYtOdge1tV1uws7atc8fXnUlgcfpnOD+IvLOdwkrJBs
o0AePTxqKmi3pUkSoZ4FVkfXJNkM3KKlXsqf5VFJV21r/AY+3w5V5sFkengnXv6e
kAZWUVMZ5GiiLzCk54l2rGO3Wi5oC1cYqkbmnKndm2MvcwEosO48N6XTvW9geENp
y9stPxv9pAp9HD4miuwWA2KlUPBVLh7l7XwjDwA08MGsRCzHP64wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdOnjKorhe+/7PA3sZPAMGBA6
bQlRDw3HF8/5y4ld+ZCHw02YeGKvc4OT1TO4SsY8zdOhNBhJRaQqRkK+5HKOOPqV
ADA6a90U36FAyNI0Zn8veG4rHlb/vWHVdxWbOW69Liymia3fBz65o/6E1yX/GAb8
m+KPtKx9cvSFCazv95M4C3Girn8LkAswtmwR+deEp7tYPdjHky7TOkdXpV/z0Ee9
HtjilLeqUD+mvV3CJkIbywsUBRsZ0iLA8B9WoIsvcpYDU1biaxMko0rWlUFh2VSd
j6+TjlW90dSZM7xUF1YefRDd9XnF+HcRNbO58ucu8iIMxVJq+LNBEY4N70XmFjCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMyuzbDBN6Tv2WSNq2aSZ5WAghAA
nq1HKlEGKfDdd9BKbpZgRqgsSUEEBdGSgAC4v0Ugu6eD+ukLBk+TZzGuLHFj1vB3
/Nk6mjv4xakp/x23yGk7zc6bzmHduR27avvu9zZf8fdeNMkwBeuB47WIXEnQKmlt
y6I7vVEJJE4CEVF0VDIFH7B2wpo5pogs0N3vJt/Gr2vAO2NjRosgGuHTRDXybQlY
KZKOCw2G0+vB1CYCP9YeM5gG7vQNirjQdVPJ0K+4NOEHy8JZHQZvu7dR2P02/QiS
5p8wcYPSRLsWRdaPaBDnfkDTWaaQYUcm909iydoYUI5Xg33LzjGh0UMDg0vouQ/1
Aqj7zwHXfHJVKJ38lSQC8fL88/TaCkouGMAw/dHCUQYOB5v4JlsSaYBo8ojaPIIk
T6PYuFUo01ghi56h21sKNsuhnYSR8c8rZMq3jIKDkmdjOpNpn6kevulBHeNnH1wK
WPBiMx4CAapizFjeVmbgnFbjNBdw2kO55bPqXrHMoG5/hHC85JV/IgCF0uvQgOY/
kG2eTl80pJ3dF3/iJnHsn6wB50UDPYAqXt9bpAgtNNd0iCyd5Gd3guQOCAfvpBOO
IkMPH2K8xsvqk6cUncEtrbSColrldePnQhiTiwyAmJevan++mvjUuBRPN1grXH4v
AeCR28K+htOxC/5SaONcLX6FhppX0MR09j4nlwlWvvXfmm0Bo3eyaYqLAatmId1/
ig17gk0JQBw2zzZHqEm1URQh50r/6DvStMj2ASjGgtsPPhBQKO+CaITceLhuRNyw
cH3tSLeGmhMj0lDT6gmB/d3PFcLjUx8DwCwYsshDY3Z15GrzIq1jgZvmzjBxaCuA
VPGA3jWMOwBdJtXhAP7uYCe5qjbTL9L6EqIo8RQl7zrXxP7etwSjbAFbTUKBxxik
AZKPAGoTFsO3cVhUBmSzoMupgiUAieTOOS43iP9JeXLFHOnN+cAlo7iJx/gEcL68
1ENpSaWRV00NBtF6vjpNIEh7eN0MCA/fTipRR7Pz+g2oKQLUZPNkVxUTi7PjoSPb
bfKpK0xbHqao40mJdNvX6lng73PsQnJGadYu6DnMvVG7oTibcsA3aoh3jreb1vLO
mzpATxg4b1QFC0Cjxqd8FKRxQZlync5cO5E3EhYlVXW0pi17wW/a2Ca7S8iT3+Rw
bVNd2A01JgS6r+NsvgIXQTjxA6RNzP3K1Iorkuhg6nNbqgJffskHz5uD72AXQc9J
OfxGIFAgnIbNr9u+pvj3WVqJLZTHFdDvvXPGza5/D3tnoWb83j8Z9T8pxlTGK3m2
GVFm4CyJxdzDrOcfXznRO3lYkNeTA0lSySF0yhTHAzIOU8lYaUT/2P4y28Fc/79w
ofFZSqVz+J2QCoGbZfbWsj8RbrcaPYzPj0cBWtUxPyCni0Mf/4if+GxLv1F8a7DI
onHVJg5w+Lo1RKcvPpRIrq/w7wrwFOhEehyQr6a/8WbiAOSMMRsqj3+9atQViPFb
QChAtGHq1TMWysVVGod4S3OhkiOsp1s6tOFCJb8QIL2DYlDSbg/wtnNbWA0BXytf
tR1bhQRI0ytm7mhN01kfW+dWXOPqzofRG/zvaKIGoufnmqJpbk4RR4r+KHUZ3xDP
2URkSh5Qrf9yZ7wE791QKomGSZygvX1Tp8TzicUWpeTQB0IHXsCg2JBTykU3q3m/
SV1NYl6oP6oClvVAzRNxQgs6TQ8PEgGqPsE323VDCpgAnqsA5zq5zeZjjEK8p+Zy
HWjcaWf1top6+l9Tt/5chnAmCk4wS120Lkisu7fOzB9M8UzQC0yVrJ4L1A/MD73Q
KE1zP92o87ZfJnnNjpBb4A/EcBTmhVxbjSlC4cT6UR08pv0cfhSqFni9eMhImQmS
0XST/0NkVeqBmC6b72fATGQb09Iv02pyV/2w5W04gCNCvWBN8kmQQLEEhkDaOmZD
OYxGkgfbT00RxsC2fa8VnRuc8FyRJwFO9qWn8OTNhnVHbd3DPfsoTHNl5v7dsGDz
0aOnVMmwSmAFfzQStA9qC+OPeBPXBCKNXd1Y7/7ruO0GpUW9hSHKkOc227QtbTAH
LdUAW1bBIPA3gNJQDkmGQaefVFJDV8xn9v/lRuVxegh4N8QIK1U9IPz7+wec81S/
4cXz/JT01u/oGpcSE86jzarGMh/ik3ovckGLvH7q7TdT5BdOYyZZa6PcinfkT1Tj
rj/SMsHH3alXNipnSnb+5OdEIQUJksSgQYE1nFgV2M9PBONy3YA07Z2ArF/f0sEf
hRKQw9YH9grv0beRA0C5182tvvKrZ5j0q6gttYZ8PacoD9DnaXJjNGKJ01jwNsmV
vlPx7G8yOuxx2qUuTBbqr8jHg7XR9/UaYEuvmDslQZpnuDMOrxuRPufI1nWVZVd7
wxWd588fI3XOXmE9ZA2/kq5uq57xpoRLlPh/sVqVysj9ruYTU7uHz629jFeq5mF4
iIpa80hPVJyC4gDtKLqF8Jb8VVKb4kdbTph6+pcRwnqIj6pEZq4G8FvquntzNn0o
8ydpnyZVV/bu+Py7MYq8YtkcEVvIk70b9gBI3UhKEL1PfRj/t/q0XM2C63a+c93j
YpMSCnb/wOlpy9Ws5VMCISKsDYQLdKwNjj/aYWiHfgyghXGSY8/KDLl8Yyzfqz2n
zaOUaFMS7TMvHSjTe6Cv0zIYvht8P6gQmXVvEOLJ1VWUh+q3ccXnW5EHg4CgIbCI
dm5iN3a+OlIejFQSZvFW4kB/RWNsOiyBextmOxxyAmu7xGayLZul/bzBFT5XrQwv
sb524bGOYs6zcKA5zjnkQY215aGztAXFuMkI2nRiUsve5ARm/KQhbl2NGthQu++2
r807AnZGdjhGlz4h5XfR/VvmjuMF/LxdgIJG31VC37u/343lgNbIOWybUorzFaeg
rVnSDvMrfzMdZ/KRLTBhVUC9KFjlhn4L7FdfpWz3LbcW5Kn+uIU6EsRkbdOwdRPN
mEPhgjT/+PD+msMoxtC0kaPtgRgB39I5jnIgPBAO8iKtObHttmZoZeqD5+N2uTyK
WB+tC1CctNGGYfCR+YAUMTojhou1FSwiJIBTTE7QmSueuLmrEuCYvxUdEuA7RtTd
LO1Abt0S05WURWu0pNDFroYbYPEjX5vEoFbU5jHhzEZF5WQ3cy+/EqMkxk7/47dh
ux/J9UXXJTyT4Sh8KNZOPh38lcVliqIO/Ms4Nn859zwafCAKBZxn6ZqFQbBmxZWu
D8ejB8KfXUIUp9H6wSPWvxJ2XW8By01UuZFIE6vvZunm55eYvotkhjQFIag6CzOH
CaUZfwJ6bEWreih4lWFghnRL1ZhRptnfQhnsKKVUqJW0jiaGZNZC+4jVCOr+36bo
W9e6LYfkemtKEMer/nrdgvW9LXo2CaL4BNgReK+T4ZkQbyob/2/ADN3mYe+ETBF8
m7lbfEIx73e87xNY2mWhvNMA1/hZ04lIJQdPySNwi5V9YE2/cS+6UuLfOVIyxiNG
DpixiwTJroJ6GeKOtBn/K5eCqxKoF3gKiH98DnH9NV1otBej74998NG6ATN5jpaZ
C46LiTJpMZpTx91EyasuT6eDW+lEGa6EWylC7x7zjjjwaNlqD2mMlNpnSm8L1oB3
vvcwP60GoLgyu50+M0C+hYxrNuyCG2aoX6bvzdFrh9DyLl8LEErVdOPj9r/hOMtB
PJzmiDqHIYaZv6+uyarrjfRG6dO+kCZDtzuAy/HEU+UXCuv27i99gkEyeMcasQSp
DkRjvnVJQlO1fMx/ttIGyyUbTH/jlBmLQ0cc+hrBeGGTYyKM5N6eB5WCukYSkfva
6p7zGiKUER1py0ZmcO4BN3UqPR6P9pJbJ0cNhpCTx7/pKa9OgDpT8+Ma1RxanOLK
mskKwQpnkJf+2ays9Rv0oYtbNfVzJJPrT8iVglD3aFwmCop0Ml/kW5sYFdPpFGsH
byzTzq3Fjw0AQ5UOG5Qq8EpsAlAJ3hy/5Vv4OaVizAoJz2fZXnQ9Bw00lud/outL
ZbRUEC72vJewbIAS1lzdJ7RLlpSMvB48/cA2dgeXqqfnvnAsMzgOIlaFlVID9H4m
/KtMJfKPkagrka91wFwLECu207zihtHmRbkkWlrswqA4SyumWfR5AEGW/sZ8g9LA
rugrt/sE6SpyYi5zzYL9/vNT61kQVy7UhUqcasQU+1CLVuaplAk4uvRso88wXYKn
SSQXesmy5m6eYOIevOmyUMQzzfwKswT49j/7hrHsECtzpyCOP0/8zBgGH8f/wg1r
/sZ/O+sZNu819qUaJhHSFIEx/CQKuHYv5ez6aT3BAtmPn0iWrFVzna3Ogo8XAL68
eDwN69Qm82ikDO2LFkKZrBzn/1dyZs/dT6lQYpsmhxJzoluZzW/sYFeOCX6fWs7n
fcrz9yMIDKvj70JrZp5jPRghFKHmqo5xh39TmeTsQFp2B8UlGD9YK6YfgSEaGbyL
3BpUjZN/713jmWYHzGvEQfx7vP3SaZBMZ4GSCoeBT2grQoUDe575H7UDJsmRVJ04
bO7iTWPZ1LdIC+oifedAhGhCoum+tApUYj+3BHz1xIAZJMCGARqgyKcnvjw5WVu3
fDna+4xJdNs0YK1uBkr6N9FBDfmQIuneIsQHAM7lZfucd1FenZhy1zNreqgls9QO
NncRNlltqmT2qmERXw8/HwcwNjR8FWrwbCCApsMgAZ0xWaRxpEct5lnGNbBpplEn
BrMafVecUlQgwa1jchA5ZiOuaZxizi1Pr9/eoaX93aa2u+6OpsyPqdadxwDeV1Do
4dg2NrDqQMFo3I1IcADeZEcEqPx8PV0tYjEeFZYsE0k3Qmcti+RuRj/rNTaXQ2Xw
VkgL1BG8POkxw0pVIKVyevcPtUD5tSlTxfp4qBFlEY/yrGCHy36q2mboBcRyYQry
oBnsvoEfrIE8FEz1rOJVM+HN2udrKVJZzEPySflZvbDzxINcqDu09r3UO+L+ymW5
9/ncHCMyoa0KbQ08q9i8VsGchL2FF5Q66g7I8U9u7R7V4Fz8RvLOzs6bB/Oh7+Z9
0dTWreRYp9/82pQ0VSuvkWYiSPwiy37spaE8uALD5MvZOS3CqOwGI+o45uLBP/a6
dgalPv1kThe8/a25+FqiQP6boCsN9wgA+T3v3kRFibzFEtyqX8C6Vu795PpycZ14
/RGFTm2Df/U38DN/mlNhGgM6gMQr1YuSPieFJ+0/ctzGpSaS835d+DkQVvS3zT3/
5EpybkOZrqf6erhNTVa8Onr3ZNdt9QyNUCmwxpYVvV2exwoVfcIjQgCxwehySLW5
UprvrRNgHo0OBMH+UmSggBfT7/omejxHgAJz5WCl/P+DiQ/dZcBK1OCRh1ZkocLB
WVpunKTMuLyqSqNG87nzXAgFCLYQRWeCQNcItSbJ4aed+sJIYxmEm2UzyKAk9eXI
dCZ/5fHOtmMDl645r/v9eSjeZd7Ed6MhGladuVlNm9Dl29sIzKcUu3zfZAqBlzFK
1RzPS3IUeM2VEJbK9AowEQ==

B.1.5. No Cryptographic Protections Over a Complex Message

This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.

It has the following structure:

└┬╴multipart/mixed 1406 bytes
 ├┬╴multipart/alternative 794 bytes
 │├─╴text/plain 206 bytes
 │└─╴text/html 304 bytes
 └─╴image/png inline 232 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="c39"
Subject: no-crypto-complex
Message-ID: <no-crypto-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500
User-Agent: Sample MUA Version 1.0

--c39
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="05a"

--05a
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the no-crypto-complex message.

This message uses no cryptographic protection at all.  Its body
is a multipart/alternative message with an inline image/png
attachment.

--
Alice
alice@smime.example
--05a
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>no-crypto-complex</b> message.</p>
<p>This message uses no cryptographic protection at all.  Its body
is a multipart/alternative message with an inline image/png
attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--05a--

--c39
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--c39--

B.1.6. S/MIME Signed-only signedData Over a Complex Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5249 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1288 bytes
  ├┬╴multipart/alternative 882 bytes
  │├─╴text/plain 258 bytes
  │└─╴text/html 353 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500
User-Agent: Sample MUA Version 1.0

MIIPHwYJKoZIhvcNAQcCoIIPEDCCDwwCAQExDTALBglghkgBZQMEAgEwggVIBgkq
hkiG9w0BBwGgggU5BIIFNU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjMzZSINCg0KLS0zM2UNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9ImUwYiINCg0KLS1lMGINCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt
b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN
CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
IGFuIGlubGluZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh
ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCi0tZTBiDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt
YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+
PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4
PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg
aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl
Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l
LmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1lMGItLQ0KDQotLTMz
ZQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5j
b2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlW
Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
bEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpv
MDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91
bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTMz
ZS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+Rp
wpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPK
J2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ
2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3
lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMH
bM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpq
tQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw
546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXO
SBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2M
fbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHN
aaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwD
R6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459Cyq
bqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXnt
dX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRr
jFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP9
68+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dK
vIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCx
qqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATK
RGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNV
HQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cb
bmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVE
DMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhs
plrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnu
mghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4
rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYx
ggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDEwMlow
LwYJKoZIhvcNAQkEMSIEIMhGVzAx/S4dUwqko0cb+oa+gXfmEqw2Iz+svSKpWzC+
MA0GCSqGSIb3DQEBAQUABIIBAGtNM3MMhWZVJdN1nlfSk3mhNk6E+LFoOqG4aiHz
e+HEQjN6bKft5zulMCqh7NKRpRmDcEE9RXDGKGYQ9BKBf6Od/04lolBY/xpPu9G5
XnUTHN3MmqubrTSP3xxU5AozL8i7XmkB68VxKBQ2YpfcXBFGbuvlc6FXkbh2QtRX
UgBZEp+GSxG7o0UVJRa97t6wblUdMwaQ1ONrtBsmrO46bThv4cgrlGBvz8tGfHwR
4HbS/Rp+6jNAS0K9fZ0PQxy2b4M4braYg3f1n4q3dDH8N0XiUcwG8FiB9XQo18+D
fdkZwTVUoDHWjSVdIREobdPI2wdpnGxS/AB1VuiYpcebi4o=

B.1.7. S/MIME Signed-only multipart/signed Over a Complex Message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 5234 bytes
 ├┬╴multipart/mixed 1344 bytes
 │├┬╴multipart/alternative 938 bytes
 ││├─╴text/plain 278 bytes
 ││└─╴text/html 376 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="452";
 micalg="sha-256"
Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500
User-Agent: Sample MUA Version 1.0

--452
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="ac5"

--ac5
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="813"

--813
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.

--
Alice
alice@smime.example
--813
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--813--

--ac5
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--ac5--

--452
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCBwnBPnNMORN+JxFvMbZIJ5PtqEBkyDbOtU1Ar5RuGl
LjANBgkqhkiG9w0BAQEFAASCAQBRpXYXiiCEQ/lshkbhpH566H65wAf9rZbGn+r+
o8vLTFSs84ER/EAHGhePmVDiObJS+nXIC7Sa5Y+tUe8JitKPXBQ2oDq2+3tN7tY5
G398yv+LnmYMMf91dlnlyPnQujsEfPSLXYNToa0qBqp1DThm/pfn6RbbOqpZjYr9
fdcNdErDql5+CKaf8R/JDW+hiLyvD0KCpXucWLHb1okt1Jpld4kkaA4wu9Idh9fK
GlN20s+dBXoytH/G6K8NhOh3Qaf3lMP1R60gkvJVJ3j9jIs3/ZG4qH5qWQJHLvi2
WLSxDhkYmZ+dYSCyfIauNkq7a0wauSpZj82elFA7HdyZmNp0

--452--

B.1.8. S/MIME Encrypted and Signed Over a Complex Message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8690 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5426 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1356 bytes
   ├┬╴multipart/alternative 950 bytes
   │├─╴text/plain 293 bytes
   │└─╴text/html 388 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed-complex
Message-ID: <smime-enc-signed-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500
User-Agent: Sample MUA Version 1.0

MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB5TXoiCIIIIxehywh5/tdFM72iw946N6OzE
mkIj1x+ShPweKrmTgPxaZbNgZpMdyNetqSXTn5HlZwUAxOkE+EPp301kveWwxBAM
/Umzr/ODGiYLHWORWh+cPwjo0OIHo8IJzmF9FWMr7CKYhvbSZn3AFuERRfEccwH9
xsbB+X5og5bu0Mn3y8KdX7XOFVbgAgFuqqWpj6mK2AsyWS0zRKnGNd72rELjEzCv
RZqBFAecaxdJd2RXKKwLmJg5EL/VmKuyN6TgtmtwvzGCKc5YywdhVrP2IvQTye10
+paj8dFQb3W9AGOuCdw8r5CoawAZdYMvZ/v0ixYIkQid7fsOE+AwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFLvnVkTKKAXPN6g5xLlw/7bO
5NQs0DVNxjuCAOXWm9zsyhH8tYGdNVvzktxXkn0JV4g19TEu4MisuhcIhqJyrSsh
4epi0ZxbyM/YTnhHvi4wttaZq07tNVF6eafyuecDKLV8/WF+AGSVWe0xPumEni3w
GADvkwmcO2mDZO/ad/u7Jvl4jF//Id/IG/A0y/yBgrWq4pH7BPwp1W/rXbnwlEEm
8an56+5f/m8teqqXaiRMVQgMaKGCmXHyD3Ud21Rqc4jwsN0VCpzabK9DSDPcxwVl
H+PPUtza/Ux7yNgJ1gm816e85luOjvpf+HliioHpNKCQ+eh6mH0BqLJKJkketjCC
Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGaUNdPZs2K03fcnaJXCvfaAghWw
qf0kEcGMlxiJegJu4TKQPvtUKje4+xRba0xUUSlTzhXrDk9tk2J8zdmnQglvRW54
r/xH0TLM7ny0unGI3ow8lpyUV7g/LFmW9kiaoTnhNcEe6qqSk09dEH1rEqIpQoQ9
1GjuFwlc7uf9vMzb72TdAEhFIOVwboM5hmLtoADvQeH4AsDKfbPvkrFPPNDB7Rj4
QCh2PilelLH+3+78XvJ0NdcZw5KyVFIAa29vlSYTjPNriFn+rKPzxjk/cQc/zHSH
DLZ0CRHvJZKX6z+oIVAq/DYUJfhm4zz4LRSReQfdyChRHDVv4V1dFT2uaqtBPP5C
6c8Ad/SQUfk84wns2/+pKocqa69tVTIok3Y4+1nDcvg8jzkdPD0cednWdYjh0vQz
0qXaJYFlyVuQV8A3IUFV7uX7JCuo6m/PIQIiH23dE7fkGXCPiIwAl9BZj0O2bo10
ZbQgka+Csxk/S/lBiJ5hfdsU6tOk7JZwSNQXHgGrCp7lboSljxOEfiKQVjo+ynyE
LmUM0zoZz2eUdsUILQtmFs9r0AvBrW8PcF79IIOQR+X4QEJ6Ztz3zAgj409q0Fmm
fCrhJTUMcVZyeqLUTpyLWDBKqV+jm5dA7WR8CL5NqEsmtyQRTabkPv8a0DNpgMl7
fCN3bIs6VdsiQXdhwwH8U8pcdZSINvNb2nNbUrFWlU6ZOxl60DGQKm5KxuUd0Uzi
xKe2v0DMl5TyjRekBPhoZC3Mwqf7Ud6vDoBk4Evhlxjv8MAKA5LOghtfvv4xP/eP
L5i4V3EnZtRy4hnW060tcDOodWW2PXPYFPxN0z7UEdKk1hjomBGFlWt1QrPzMO5x
0/m4NezYVWJNWkqPmCUyz+bDzQgIdWXGXGAejNBJsssEvS8eHlRs7V27UfOQ9c2k
/KqDn/Wf15RfoIiT1RfoU4FjBoiq6IXkerP1Km+SzHHnZozF15M684ulz/PPpo29
pziu9WRjDPsWYmS8RK/XzutHp1r7vDInwCdrManEI811C7z/3/FgwA7RJIJ6GNhn
GVD+PUBULWxEIPHQU58y7KwBeXtNX/o9rPul3Nt2HOINyYhhLNgX5AyTpGlONrFJ
TzP3rrqvgLSlmq644pBLfJagaxcAJENyoZ7GT9YgWrT6WzVM6t92VpfCo0Wy0SRy
uy+l6De9bJWDvwPy+RciW5UyN7YuCWxe/vYcAiL55Lv2ZO0m3zmE101bJ7/ZgwtA
k7yABCQqUQPRBc2EnchLv8JdYW1ACX9JIlG/dTmyI1OLNAGb20UGX0d76mGajwT+
a5OF6z+HYxd2KehL1+W7wYrUxfZ1Utk6rACIVD5b+36nE1mqTTnSOw9z9mAZ0+8+
hRcBQ9I0JOB3YMAi4lepbcGGvEAFh9kOSY+9bYy7Lri0HoQEaDZ0aQxf1/12UEAj
P83AjqaswVVKBJNvFpqJnJeh6Y/sTr9eAYE2+Y1PGGH9Z8fzbD7+CqL78sbpaMCP
7cgM9UHRjLY8yOIEl3fME/JF1pR3NMG3LQ9dohsgvl8Z11JABy8+Zz81O3g5ZjBy
xJXkWAXBdTYx2l0bdaIyoTQnWcN1OPaCatCv4P4P8L0SoCj3DrEb1rK9pCUIJloM
pElAoPDJIgYrEPo2d3TunL2qJwAJEy0asaONMvvA3eSdC8kzM+NP5gYHl6gRFvDQ
WbU2LRsCKwu4TtHRR92OqKW1r9x4ZgyZH7UvVnIZVGz2buta7ssQ+PLDwIXemtFh
3laYmNYrssJ7lnd3WwXvS5MxWa/OBwPpDS20IRwOOGmAYKWpQzgFJb/gWf4/rSiK
KSeC0qIb9UXL31AX7eA++TR9mblzEoIrlBebF+MwX8EzQbYRtbvezL3xhXeu1TsS
JUUBS0Z7qF/2AljMgrTjkIQGNuVLhLxexaQJr0GLAwlK2ijOxXK6bGh+JUW12HcT
Ms71ef811J1fHrS7mTzqAAreAsUrUs30WBByMwsvRyMMqNuwRJr4Ax1jF/5HBNPI
bdx9X6Dz51azBBQb78S2hxLwrGLffbheyYJO6CwMeM1epsV/VvCuKfakVGINs4yg
i7DHBQrHXekU6XzCgCRARC288zwDpRSxqubQYGchpewg9ZBK/Syu1FRw/AjQowNS
ONatikKD5N8UZAaf/iLznbZG+bXF4esrMpUm8MY1acow7A6IyQBioGEaAh6U05Ww
sQz+6KO6RNneu5+PvGtl8rGGmVjdevtTZSTT//dlJyREItmsyHkY5cHMugzz8FAh
Yy2ez/q7sbll2P7YFY6TXRc4FIIEVooK6LbsHggzwciBhc80Ue7bq+T6ouFYECBW
lhNwzGLbtjkOlui/ljbqBRAYkbbqciWj337ZRjzbea8NeaoYYQo2ZHM9HKMK7mqS
z6E0XGz++vz83pdsh/ZHF/i8l5OgvGZjG99KvpDy6zZ3PxSdASBOxx4O3wpUEd4B
+8RB9N4I+9xPKmqBFQx2/gLY3jqLc8lWGp8oP1jZHDCYv4rMPnFZk4k+gpYu65r+
Iwy8HIYDzsUNJPxZwHo1GX9BQKt+/X4p0aqLE04G5gP10TrnsL5CM4WGyphpPz0U
3b69yGFwpL/Fj2NZ3LxD6b+fFsVccoqrEz70WPpgfB4NAVVVXLTjI4GkMCHApLhr
466UrQvoEGlVzAPbxVo/2qVa1+cTc8XvIY3s/kKLcHnsOvC6oICvKMlfNPQLv42s
K+qg2NZpM3RHyeplbHe+rPzUeOIOmCSUluVQxp6HghEivLX9D4WU1Asaut747uMy
fugR1lvaTmqVHpcO6Bdc/lO4TiyAXvZYYh+Uv9U8YZPckNZCHl5y4sJTVxQGQhLN
KzQzFNX3mcqFYBW7xzr0fLSGaQxC1qQ6SPaOcUKp2jShAInPMB13i16MzOSOo9BW
9SgnXDcqaiGQWeM4VY1gHuuQmKj4WitLU0Ue5AizZDTPMN0JvUnh99brfVETjien
gNHRtdvrXwt+N2baVRn0GFtj66ebu/rAzqTNZsA5p/F+APdUzxUDrPfh1WYrzzSQ
8DxlRmCTLLRzafCVXLV3xNbWnrfFPX4ilkT+roGTRjYqPv0yDUtvrIt7HKFnZoLl
mLkk4auI/TQgJ72Ne3+wYYsMvOwrHbF8NLmsgyAJSEgWl+FUUBx653i9H6CiABOF
8YVvz7ShqSwhxGllroERl1wJLdXclLWgR65rvkCYvCH7bIHU7kvQoyIZXaLs1Anh
rBNh185OH8RmBfNXNPbt6Hh+2KknmaPCkMxEWkNrLmGseoTJ1/okRunut+DW3FXI
ashoguanB05zVngb+r+jzAwFRGVY3OCgeepb0gBwQDyeZBCCWD3Mr/1wXnB7S4Oh
/zMURX7NtwZUOh2qcJ3Xlpi0S12mNvLSmIyxzZv2dYDolmPwJHptP7tBiKnsZoHM
wbCEUA2lJsHRLDXXyC82AtttZv2auF1pO6Ne2H/en8Y+z8MRDG7gBI48IDGKq3Ej
E0hlVdxVhWvEuavw83TVpvdKo0Q7rVRC1hHSttat1z8TxnKRxIRvxC+fJ2xGxlPv
on1aYRq5tL/jIujIGVHHeSeqB81yiwJ2dFfYdlI3VaCSObVBwVbDKvRli1HskeSB
WGT7hyhS0SDnh9MVHw0z30JWnxxXfg4dB0C0vQWLsTqZm0bncxxBZBR060kSY8RL
S9mYpaSeHLl29h3OIKecjiXhhsA3UI60yIS7VS9dzLE9W53ttU5MLiHhXnYANy5U
eqar+8l1uxtB90CjunOqtgkH0u4Ch+lnAUjdmz7cUPxLwgPgwr/WqJxORTnpGLlO
hEumGFYF3h/XIuW3bNCqjAutco8B38s0kGBipd0XCg+Rr60S3lUS2//mnrqlE05K
VtKVK+NxfcWkpzczLFOIxGLwHsSqg3He2QgGovkRRkCZE0/bBqhvbvAeZYZlOi2/
clB4eYdplZZJ7s3hKPwq678LBRXT3Fs4a9BpqEnvUot6WfgOsP/zsszS247EjWra
w+OAKgdhSOILeuaxfpHRR2FEDYVU+yBdwJjHYzp3knXDDsEALaUmAbOIhZ3A79hY
tCSmzEhXfHdOdpw0wqVoL8VpvumZna/GZE84U8uPEHbE5eeX/6BLNJx36o6FXkB8
waoUUNuiHpPMQbz3cLxZZxN2TGrmmUbpId9+CPfymRGQ9sqBTShxg+tZ7FzO3vSM
WB7Vv+uxhCfBOy45MPX05vVAaxIENdQRabGPty7WqZepGXNdjwC5PaKDPuG699WD
22BOPA8sJ7TLqGj/yJ8Azkl0p15DUr+Kr5gDSwf+j8jt3hhzeFUpQ+9aFmxblIVf
W0lKq5VXLVscZZl3J7hpbG62BmnlEMPy7pV6B+PkbxWkXaT8b+GW8OVSzW2uuOcl
Fedl9AGzjYPlFPfRAtZkHqpMfqbtk6oSNkGx/9mjs5oYR90RCmy2PCKiMh3tPYCj
iQnyJymV6x58UB1tRNbjaUD+rCiuea5hEUv04xdKB37XJ1OEcNT/Z8A+DQGLpLby
u7GHTCTMzNLOwMibhfc2FRfC2q/MaZC4N/IrB0EWAXDIm7GDHlkUOaHL9ADc9vyg
xz44m/CTcf5ETE4d/rEm7FEFnzVtBPbdlGhi3EXhQ7WCRy1ojRPoktdKNvePxSQl
fVemwRsBA9jfLTwIzS/ASUTQohDpYaaqV97aUNn9psRuFblwgGUx0I/XuCUdbFxa
zuM9a7jxDByOVyTn43GINFOlnK+/R3zX1cYm0CvF4+QUNZI0uEP0NvE9Cjb68SfH
qAeV4HIRBg3/jU+8PRHTyUzlQf7vRXKiDM1nrT1belccJTWxUtybEKECersUX+zv
Ybv2/w339RJrY0+Bc2VJt9uB6DX7p2HTQyfvaZTgN80ZLAkBJ/xk4WC6Vc+h7fm/
y5cqIjJJj0SES2VoyP0cu/rJ06+gg7v+OHHehmhkehuQNsLnXldAgGJyiFKcvw4C
+NrQ2II8uJ54Q+ytrAMr8GDV7F6cHb9BuyTT1ubQEP1L5EwcEFWUESEv3A4quit9
t1r3jEuPBc3fqyIcmDNKP58qS0ZPO3m/fJEW1LX6yR0IEkrSxZD6PbUYgNT+qZD+
RhlNUJ6dIpd+xxA837NxUOnkrJQ3uvOvURBKVv20oOXzDVkRtAIEy8aVic6ZAxIX
ZHqkikEiFxgNcMxiO4agsE7qwCKvpq6llM+xxXFs5Puqoj7vL1ihzCjoABqne5SE
yBkYqU2OU7uoIvWSwVdtwqX1Ih/adN5t01nlHWcMHBooh04nfpMrhci8Oi/XYTA0
new3jLMwZXEBZhlkZ62ZZtlPA68K9f6XkSTaJ+bx+s3iV0K4RmLt7VC88+1Kspsn
/pnDEBfBCQhGD07YeKUJBbJ3RPdRi6rsj54PRsZkOAi2MoQZJ6PnzfI6EHsQXNad
PnYFB6ZGrse1ayA9QqibkRFMKGRSakkB+fq12M36RB8CeO766iMoc5qc8n5qz0oH
BBlfTiAHTGU+6AhEGU5kifLZaehBcp5yDl2I5I5lc0X786Zjdm4oGbGq4q6Ieyu1
OLx8vkb9L3ZvkLgZAvn1r2dZKOxyNewjQwFG05ErbK7qpqD6TC5VZCiTLJKslN+B
l3/UjwSwc0Lt3P7dep8oDySMgxKYDQJ0qNBFA6kwdZzTlaXRfQUFHukwn6fn10kX
1p/2K+oYUsA40E9qL0cWEMWcNmYRQyk0qpgWWIykrMl4efXkQxSddTqP0WfW/uxs
pQB4rVeZStpzO9cie1E0tVcoipItpNvvQTENdC/p4Eg2bw2dW+Vd6NB/HwobsPY3
YRox1LGrfj0LH7Rg0qg3pI0D2u9qo3A7ZZ95vkGUtTtF0BYkIf9/SFoEwNSJARNp
BOBA5lMrq3S9qwJEOYoA4KuFqLmpbmQg1K3bdi9M9aDK3hgQgLqWSGB4TF0OWuaG
lkKQSPvZH0dZGtYxCjnNDth5Bp1MhVmS05mlr/uRKdVjdSq3MKj/2O/Nm7P28dRt
O+w7rvRINTp5fWbstkwtBnheOkyX9usXU1qigTIUsAlXqlaG5g5qrDpG9Ijqya1i
ShQJ7cLOtGFIJlkZgG/fT+jbJNSNke5uvMLF9/chmmR2SZEHou1tahe8J2/97H+H
L6epMyb4QYeH9JTLDLEbyz8bvouA8ydhOHbMj6Vr8Ox9af+Uu1FhDtJs57goehgS
/SBljJGQMwl0kHhLpK8qOk9i+NZOO5N+GiBlVgusHDyjsUHnxk3mM8hoRqqpkxAW
7mqZagmE09qk7PEctl1oAgrwdTSIB9WHIudg9cV1yFi1kkI2ktjEZPD/i8uZqO5n
pd6v4w/XJuPopVn5nwJxOwQy1RKDNSOUaWRasZc3l+16D4eywDgDesSLaBmXUlUi
dbbtKOi4OnAEwQ1iyE+Q7JABttILJ8aDSejBvP5gUvKPBliDLwAXMR98ruJeMdbE
/6qCA6YAc5v/UxREKCZBqSYsOaEqD1YKZEIMhn64NDqpdiCX4gwe/sCawTcX1E5r
XLgnSSpfLbIexggQ46Ma1BLGp9CbiGO2bw1IZmlGGOXqpQmKN6FP0OsSnwwq9D2J
nquParO4ILWbL9aWBcA6EIkcer/C0fWGidtazmTj5MXkD83lY3cozRuC9dYLO+4R
FXsWzvqQeXiauLz8iQsgxKUj2DcPT2k6j/qzSXz/M5xapj13Bk6VH9KoR194/smT
gjGJvWOnYdZjv5J3i3oQOwCL9T/ZgdqIFW82jfmGvoe2zu/00XnV9FP4Lbr4rtv6
if54Hr/h8jqJoRnBGAh3doQIGdgLiZZDPt+GWMxreYAk16mbXpuqn49bP8G75ZKq
5Azp5xgNcm/rPGYEp+9iQJSggoz+dqGiQ0u37lK+i0/A0OzJ845NW82hoUye0C+X
DB6OkbbYCgGmPou7bBVaUJNQQdRUTnGd/Yr1EaOQVScMZ09FN2hjx6V1zjdMUvTe
XXpJ2C5Rl4kxHY6pw8mInAg9ja7jmY2e7xaNA4cwRNTjbH7J5uZFNEC2kSf4ZO7V
k7MOX+zDe285FfVBS2+97yAlL3xalj1E4DZVFOw+3dKD+W2bg4r0Yhds/wxYH+M5
GU9zLrHEbw0GsPwUr50w9isSu+o9SKeOCfWrzHz1fJnH26woPOObWy+kkG2cunPN
T5e+OPw9K3MgBkNZ9YG6Ce9ULqhO65f4LISdwDSsMGl3eNhgzMPLtCJZAP8K7dEt
8Oc3POY0NSB8lq1oyxDwHKJz0S/HMwrancUO5V9abkZuYhsOGW+1Kjswd+cPh5Y8
HoL3GF+OAopbYYesvIWgzh0/MtYYUoI3kPvUd4vdWNHEbtHlfSALDs5pukAE9ny8
0GhNtdoH04cVlvDmpyfbLcDTwi+UJ5tT1VQMGLuFo/CxDV9vWjXhJd7kSt+7+K1L
YPzrT6ggMFrLA0kYRIa5K/n99wp2aYab7/DkwfpEjZI=

B.2. Signed-only Messages

These messages are signed-only, using different schemes of header protection and different S/MIME structure. The use no Header Confidentiality Policy because the hcp is only relevant when a message is encrypted.

B.2.1. S/MIME Signed-only signedData Over a Simple Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4319 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 inline 642 bytes
  └─╴text/plain 228 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-wrapped
Message-ID: <smime-one-part-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:04:02 -0500
User-Agent: Sample MUA Version 1.0

MIIMcAYJKoZIhvcNAQcCoIIMYTCCDF0CAQExDTALBglghkgBZQMEAgEwggKZBgkq
hkiG9w0BBwGgggKKBIIChk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBwcm90ZWN0ZWQtaGVhZGVycz0id3JhcHBlZCINCkNv
bnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpNSU1FLVZlcnNpb246IDEuMApD
b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpDb250ZW50
LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0ClN1YmplY3Q6IHNtaW1lLW9uZS1wYXJ0
LXdyYXBwZWQKTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LXdyYXBwZWRAbGhw
LmV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAx
MDowNDowMiAtMDUwMApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4w
CgpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC13cmFwcGVkIG1lc3NhZ2UuCgpU
aGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBz
aWduZWREYXRhLiAgVGhlCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2Uu
IEl0IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2FnZQpoZWFkZXIgcHJvdGVjdGlvbiBz
Y2hlbWUuCgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQqgggemMIIDzzCC
AregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeN
SiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+Ithj
LeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/N
kug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSw
qpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQ
ury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwG
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P
AQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSME
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4
oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIu
s8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2
AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gz
nbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqH
rg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RH
NrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/
T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5G
Otz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnf
itOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjG
sgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/
N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ
45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIc
l64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xii
dfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2
lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh
2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2I
JCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcB
VyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/Qqmi
XDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MDQwMlowLwYJKoZIhvcNAQkEMSIE
IPno+5X5nFLPT0q5vegHgVP4OV2/uzd4xPnLWkqhqYIvMA0GCSqGSIb3DQEBAQUA
BIIBAKG7Nq53TFMHU6ciIcQ9Tqq987YPEVAIJJ23U+60DXrXSrrmcZCqd2ZTyhJn
f5Wc8vBoC9tzRBoQpl0WMS3WyQQkkWYY+ovPyDqcEt3iixC0aVRWIZoDiq5SiWR8
lB9CUcsKueu0IG1xmdvCmI/wrODkDEgiSV0Z+d2cs/I+OS1FSNVosffsd4JhkTxi
2dD5BMCfa0zaS96GPadv47p3oizmSO9u2TIBCceD94k6iIhG0jl9rdeUmOunTKlb
Odz6Y1TlVrb+s+nYGQUtOWWGulO854oCYjWuTi2TwzlBI9NrrMM6xR+T8JAxIkXx
vKwjA1ETt2Nvp0OqVR9izIeeiO0=

B.2.2. S/MIME Signed-only multipart/signed Over a Simple Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 4562 bytes
 ├┬╴message/rfc822 inline 672 bytes
 │└─╴text/plain 256 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="8a8";
 micalg="sha-256"
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0

--8a8
MIME-Version: 1.0
Content-Type: message/rfc822; protected-headers="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500
User-Agent: Sample MUA Version 1.0

This is the smime-multipart-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses the Wrapped Message header protection scheme.

--
Alice
alice@smime.example

--8a8
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa
MC8GCSqGSIb3DQEJBDEiBCALOMrQogvVsAh7w8dZ49veRaAFhTQ49VmGVz+1eTbz
tjANBgkqhkiG9w0BAQEFAASCAQA/IjhMNkM+NpI3wGfQyDClEMkiUG5SQ88JC0zc
Xaz46K27ncQh+PW9TChvi9V9VR9EvKx7sh0dBnjhogrMTH3V1mZPgyL2HdsfLvXa
WHmHQmbTnsZH8+kqOLdOZG/zbQMgR3sSv992f6ShxZNdazwGSf5s7Hs6+an6yy24
VtJqhT5xHHvMfDLUVW4sXwRugWKohiW+cjZ16SQ5zP14KJBpriMWv8A/4sJv5aC2
ImraEATJ1gIse53X6XPDt/+9BsXOrvbIvXRIbgMJBK8gIz6aO72n/dvm1fHjdBXv
9t75zqN+O821RiUiSbBoaB3FP0sl3prsZ4QRr3Yv7vpv/HoR

--8a8--

B.2.3. S/MIME Signed-only signedData Over a Simple Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4234 bytes
 ⇩ (unwraps to)
 └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-injected
Message-ID: <smime-one-part-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0

MIIMMgYJKoZIhvcNAQcCoIIMIzCCDB8CAQExDTALBglghkgBZQMEAgEwggJbBgkq
hkiG9w0BBwGgggJMBIICSE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl
Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l
eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTA6MDY6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAx
LjANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBw
cm90ZWN0ZWQtaGVhZGVycz0idjEiDQoNClRoaXMgaXMgdGhlIHNtaW1lLW9uZS1w
YXJ0LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBT
L01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxv
YWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMgdGhlIEluamVjdGVk
IEhlYWRlcnMNCmhlYWRlciBwcm90ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGlj
ZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0R
OZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg
9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07
k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74
zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY
9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r
8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNV
HQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRG
zJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5
AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5U
zpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGn
UZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19o
WZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgw
ggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUA
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l
078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6
uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEO
ls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBl
fkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4Ku
ElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8w
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO
BgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8G
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB
AQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAo
cCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoT
WgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2z
L3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF
07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSr
JNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRG
MREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglg
hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
BTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCBWJ1HsKaiXvrMR26xS
/wrb+5CS85FLWuHRuKm85dkUFTANBgkqhkiG9w0BAQEFAASCAQBE/g/trAYogNeF
9oD6esBshX+oPQp8AhmTNr5mdEi+YCHauiO4z94lPIGHwPGGI220cly1C68bMsjT
HPlaumv6zhotJym5OtJH1nD0cOxeqMSP+/htEgb/YmOTs1tGL5W6MRDE2Qpk+ZT+
skuKKBT98a/VQGEmyIZSTJV9SmiapvYDb9BA+KPuFZ0Yd/vMtTjq1dRBzadE9byX
O10GDNMBiqOeDeVcfU2j/rb3UELfJqSpiTqEST/JIq1PvZHr+En2Z0PfMA7BKjTm
sl/sczGLBObDAJztOOG7oU83zowcKn0JNse2cKU2eQMAENtuahfaXzVrmbfsW665
Mrfom9Z/

B.2.4. S/MIME Signed-only multipart/signed Over a Simple Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 4487 bytes
 ├─╴text/plain 258 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="f1e";
 micalg="sha-256"
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0

--f1e
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; protected-headers="v1"

This is the smime-multipart-injected message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a text/plain
message. It uses the Injected Headers header protection scheme.

--
Alice
alice@smime.example

--f1e
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCA6Rhu8s2iPcyWQk+TNKhP9ZHJ9+wulWjsMpAF1NXCE
jDANBgkqhkiG9w0BAQEFAASCAQB4QMAYf42dnAelBRb2NotiixNgdjdSpVK75af6
oND3UjdCWcd4bPbrfTZMQKp0FBPoOft9lw2fWNgXwKbhD1cL3RWUmUq0zcNbI3XI
86vWp79p+KwM/+SyDdfgudIRGjbs/tmKaBvaH89a8SvuxhNxq/pxgDzpy/JWC8Er
AUDTbKrNVsYD+MfzMy9B0TlK2YLKoQ6rV0N1n2nXbW0e+Ztv0a/getNKAEAP+5hE
OQkq50RxUP9pI5kQ1NdU6zqCNhRjmd1wnMxn45K+hfY8cxwwemFn94PgDGpPG4mB
yRXQPj+5oyduWiHRMLXG1+fs4tqxHZXN+WaUHvSIDqNXK3rj

--f1e--

B.2.5. S/MIME Signed-only signedData Over a Complex Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5737 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 inline 1689 bytes
  └┬╴multipart/mixed 1584 bytes
   ├┬╴multipart/alternative 946 bytes
   │├─╴text/plain 282 bytes
   │└─╴text/html 380 bytes
   └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500
User-Agent: Sample MUA Version 1.0

MIIQhwYJKoZIhvcNAQcCoIIQeDCCEHQCAQExDTALBglghkgBZQMEAgEwggawBgkq
hkiG9w0BBwGgggahBIIGnU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBwcm90ZWN0ZWQtaGVhZGVycz0id3JhcHBlZCINCkNv
bnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpNSU1FLVZlcnNpb246IDEuMApD
b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjFkNyIKU3Vi
amVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3NhZ2UtSUQ6
IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1wbGU+CkZy
b206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxib2JAc21p
bWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDowMiAtMDUw
MApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wCgotLTFkNwpNSU1F
LVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjQxMyIKCi0tNDEzCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFp
bjsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQt
VHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKClRoaXMgaXMgdGhlIHNtaW1lLW9uZS1w
YXJ0LWNvbXBsZXgtd3JhcHBlZCBtZXNzYWdlLgoKVGhpcyBpcyBhIHNpZ25lZC1v
bmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQpw
YXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBh
biBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIFdyYXBw
ZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hlbWUuCgotLSAKQWxpY2UK
YWxpY2VAc21pbWUuZXhhbXBsZQotLTQxMwpDb250ZW50LVR5cGU6IHRleHQvaHRt
bDsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQt
VHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp
dGxlPjwvaGVhZD48Ym9keT4KPHA+VGhpcyBpcyB0aGUgPGI+c21pbWUtb25lLXBh
cnQtY29tcGxleC13cmFwcGVkPC9iPiBtZXNzYWdlLjwvcD4KPHA+VGhpcyBpcyBh
IHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0
YS4gIFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3Nh
Z2Ugd2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMg
dGhlIFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hlbWUuPC9w
Pgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwv
dHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tNDEzLS0KCi0tMWQ3CkNvbnRlbnQtVHlw
ZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NApD
b250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlWQk9SdzBLR2dvQUFBQU5TVWhF
VWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkEKTUFn
UzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6
dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpIa0lo
QWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpCnZkUGYxUVoya0REOXhwcGQ4
d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS0xZDctLQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE3MDQwMlowLwYJKoZIhvcNAQkEMSIEICsRogMUJrtS
GAERSFiPMhqWk+9misjv48XcSNJBKUj5MA0GCSqGSIb3DQEBAQUABIIBALJCpfEK
FQ+M1YQIuTcVEHr/K/w/8ht4pOy4BmEE+q3yZUBAThT37DxdZUXRZjUB52FdsWed
agkt3DjtFzJwRiDSteChrjrA/0jbFVOuV/9VBm0VGGfodRTovS+6wH+yJNAXHSW9
p1GXmPcDFAtN5wr69zBNCX5mKU6bwcaVX41S7/fmcDlBNSQ45fx+RrXRhMX/vG2A
tgu01LuRSCvGgzh719968R5D3obEtZwUi8uSOpvl3XqThZC5Q4NMg68UNgNb//OT
Puaq1MOvhWhSkTNKjbtv2P/MifHWXj9TYHkRc9l5k707LqWj3yWNFR7tpVO07n0+
hTEzoJRFKuxJlQ4=

B.2.6. S/MIME Signed-only multipart/signed Over a Complex Message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 5653 bytes
 ├┬╴message/rfc822 inline 1747 bytes
 │└┬╴multipart/mixed 1642 bytes
 │ ├┬╴multipart/alternative 1002 bytes
 │ │├─╴text/plain 310 bytes
 │ │└─╴text/html 408 bytes
 │ └─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="aa9";
 micalg="sha-256"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0

--aa9
MIME-Version: 1.0
Content-Type: message/rfc822; protected-headers="wrapped"
Content-Disposition: inline

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="a30"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500
User-Agent: Sample MUA Version 1.0

--a30
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="844"

--844
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.

--
Alice
alice@smime.example
--844
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-wrapped</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--844--

--a30
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--a30--

--aa9
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
MC8GCSqGSIb3DQEJBDEiBCDvCBOZJKngosmsBz3B3if2ErlYiRyR1KnTpWbe6AN0
fzANBgkqhkiG9w0BAQEFAASCAQB6Xc+YUIEUCqF3vqlZTP41u/jEG33O+bc5jw7D
VLUbKQ+AI6c6602LAgMwX17VuBdbgHecf59trY2F47Wr8NlcbTcAq0jN54tqrhri
8cL4YzS8YGH0vLrDdwilChjs0N1+t5nQ8Rya+rdGqseE0TK38P/K28cnU3udgTjb
6E/QcopIlnLaaji+x5qjRHql0Yt9tbA5F1L9vgqgu7Zf9w55tZIe9cESnVZpud/1
+zqsKDfj4ndnMDFzrUtXztY2e1f/Y8EVjSIVtY+ZeYuldtGhPpvk/N3koxZ1yL2Z
mrPQemZ0C2bIet7T1vv7lFCUtUObdyHoHBvXI7OhbCmGmak3

--aa9--

B.2.7. S/MIME Signed-only signedData Over a Complex Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5700 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1614 bytes
  ├┬╴multipart/alternative 950 bytes
  │├─╴text/plain 293 bytes
  │└─╴text/html 388 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0

MIIQbQYJKoZIhvcNAQcCoIIQXjCCEFoCAQExDTALBglghkgBZQMEAgEwggaWBgkq
hkiG9w0BBwGgggaHBIIGg01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs
aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpV
c2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjM5NSI7IHByb3RlY3RlZC1oZWFk
ZXJzPSJ2MSINCg0KLS0zOTUNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5
cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9IjkwNyINCg0KLS05
MDcNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXMtYXNjaWki
DQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzog
N2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LWluamVj
dGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVz
c2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSBt
dWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZQ0KaW1h
Z2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMg
aGVhZGVyDQpwcm90ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VA
c21pbWUuZXhhbXBsZQ0KLS05MDcNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBj
aGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRy
YW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp
dGxlPjwvaGVhZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlIDxiPnNtaW1lLW9uZS1w
YXJ0LWNvbXBsZXgtaW5qZWN0ZWQ8L2I+IG1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBp
cyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVk
RGF0YS4gIFRoZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBt
ZXNzYWdlIHdpdGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQg
dXNlcyB0aGUgSW5qZWN0ZWQgSGVhZGVycyBoZWFkZXINCnByb3RlY3Rpb24gc2No
ZW1lLjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5l
eGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tOTA3LS0NCg0KLS0zOTUN
CkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29k
aW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJP
UncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxF
UVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5D
dGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0
NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxp
DQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS0zOTUt
LQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZI
hvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv
BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
IBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKT
g8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidm
buZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmn
x4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL
7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zN
S2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUC
AwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
ATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsG
AQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeO
r83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcN
AQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgR
yOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x
9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmk
w1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0en
ITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6h
vrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/
QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1
NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE
AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQ
Ul5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evP
gP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryC
qeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqp
o1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRi
VokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV
HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh
bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0O
BBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko
ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25n
Y/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzE
f7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa
1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poI
ccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKyp
yQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYIC
ADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0B
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA2MDJaMC8G
CSqGSIb3DQEJBDEiBCC84gf/+no5va6ErXhHIk1xELMQNWg9BUh8E1M78W5u5TAN
BgkqhkiG9w0BAQEFAASCAQB+q8buLwucKfPrBoXxKP7ZaJ/ifg8Y4Axf84AhNJXC
+NWzThUSgq12Fn9cdSVO858oDrWDSndd/zwgab0TgQZ+64atwiQ7bVTDkG8qgeT+
I/R1I8jGOCUTpkKcK34tOYbmhkc7/2BLITc3qOAxuN+lrsWVL2NF8LFGh9RbfzRu
WFVqAMyfAo9DRr1PeFDoDQnjAGti37M8/WvftXixxOAevVmFUWbpnFiwdvSwdrt0
CKquQ1NYbFAvxOawxLU0jFqhIgW10+fU4jqQDukUVSKFiw1/dK+7jlZC6sCXf3Ys
oHRhxqY/bSsgXn1DUWSDjhae3HnlZuoVXLJDHGCd6oSR

B.2.8. S/MIME Signed-only multipart/signed Over a Complex Message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 5580 bytes
 ├┬╴multipart/mixed 1672 bytes
 │├┬╴multipart/alternative 1006 bytes
 ││├─╴text/plain 312 bytes
 ││└─╴text/html 410 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="f91";
 micalg="sha-256"
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0

--f91
MIME-Version: 1.0
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="099"; protected-headers="v1"

--099
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="9a5"

--9a5
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-injected message.

This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.

--
Alice
alice@smime.example
--9a5
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-injected</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed).  The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection
scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--9a5--

--099
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--099--

--f91
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCDzzjU9zkYamvSgC05wewF4LgTekLa4P8khUZ1HRNkO
GzANBgkqhkiG9w0BAQEFAASCAQCFAaiW0MVy2tnagCpthNu6sAL22/BBu2BS5XY0
vTH4/MtLzU4lSokfcs8lgpXmE852prfBZfyoBiOtKZF6TkW59XPiEx4TfBZ+pFwb
MaJbZ5Kil2GpqKib2sEKbaNHaUY0H+vixz3NP6lo2Izras33cw4Z7FE24qs3zTAA
1WYTF8rtPhXVW9rFLumBOF8LgGKPTh4mjWrAEcaqqmscisibxTJ5yp5DJhHMf9Xv
/HVi9lOJJ5BlYOQOL/jWPxQorYJAP62HwEEzz7/GE24hm43pK8uHT5DPHiG+gZZL
35qcfe8j50JVLTG2wcRH/aKhat12MMnPFMqnJGwugLv4rwg5

--f91--

B.3. Encrypted-and-signed Messages

These messages are encrypted and signed. They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies.

B.3.1. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7540 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4580 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 783 bytes
   └─╴text/plain 321 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:08:02 -0500
User-Agent: Sample MUA Version 1.0

MIIVvAYJKoZIhvcNAQcDoIIVrTCCFakCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAH7NZ5T5anffqtWAgtooMtA/krAJvMnVSghb
3dWk15izranm5qH2EdFCxvdagu4bsboapU7GH2o8sZ+Hr7ExuiAFRSoQMS/wgOgW
VtfwjKSoKYqQb0/jxCKMtDGqfz1p5qBgNAz7GLEkC/P+PqYNHJrwX2ddrlHJ1O0G
6ut7Qjgsv03UIxSO9IZ+KwsnxuPko5AuveAifbOyN5zNA/yNGWrdVsLFboz5sD1Q
uyI/cWctTDCLvoyVtBRkIWRUJlHmgB8AlFoT2pBRmFCExx1NK0IG2xlDc/K8K2g3
LTFEoderXpcOY1S9WuXuEGWpYFu//Pqt0kmAacfbp8DbF/KL0k0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPLsdF0Kyueyd/ofoyTKriNDH
mh/Nr7KhbiqQDRZpJ40SL2QR5Tkt95RZ2FcHOmP8QVRoCMPDfIY7tXXVxdaCewju
qBEW8TrDCSLsBa0NZ0hFvMUed1VgMLZuyj9RFumYCfg6MXjvS2yLskPCvdZJ6urd
n7P1Q+Izs8yKSZzkYuxY3Zu94pA7uedClTP8hS3LB6JeZWSQIVA4ZLZ2/9JD+0Tn
0EX6Zx8fySJCZwcIoWewcn6KSmSekQ7XRevkOxj7FWvJ4UBlQeo/trWa25Y/oj4Q
BoBvnOSiMm+64zARzVjmqIHTRmZ/HCZdeEcM6Ci/+OxRs7aO5pPEKCRtRtPQ5zCC
Eo4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIdKwwRA9368qAMYmmSuOLqAghJg
05DvwW0FJ4IGaliquIe+CXt+Bh0UMV7FaAia3k+cV581Iq3yTmhX8bZpRLBqM2Hz
yb65FDoCFqzmilBH2rirDi/ewj0y0rXunHq4WvNxl1a0a5meWec2kdG3vUir8BzX
b9qVNGn2NNkOUWkPtrdOhalGjRVAfF+hzgdU3GTmBRsEtzaOqRKg0Bfxa8Fa8Q8n
1IjYA6HV4bGzWTg6Pd+nsjZHLvlLcoY5fHh6Z7ZFWJ/oxxRTXBCYurOqFz+YPtod
p/0h7yiBEbOTFPCAvzQ+9dlK/SK43somDj66PlBwNm8gi5K6MlMxpXqXvJkGMYu2
X1sfp2NH3pzHe6raO//jdBoSnHN/qPeeyJeGpPe311/FJmBEWX+ZWlOb2Q9/hyvS
sSkfEHkypV539+WK43ClMA8FCLC1zlZxv/oSBJS3CWz9OtpsXk1yXKJo8QZV96Gd
pn0pzdDuEzx/xLrBDDkWMs3UW13xf/1gHznnU6Sv14VF/Q8Rmbx5wsveQunECnaT
J7Ay+p3RuywANEfFBjzlMwW0zk1/zH2f5vdGyIjjUhJoHDDTs2xNe2KpCpc2ZvIw
rgLXVb+lep+Qc53Un99tKCAAb0H3ApCa8lXpWVBZR1zfpike6Jc5T8EYpeEjLyDr
w3jQcR4jAg/5dwiSXX88GzfwJQQg28CCTWX9moVevQAH/y8ZbALaiCHzfoGEXvNb
I3r/e6ebWYf1JJkUEPGQeUU3IBUT4ZQY+S/ZPvPkhDUBho/2Gk5zIZiAS+YRRyXO
IUOYkjpOBtnd+sKnqQYE1wCItzG9hOVcuJdU5uJjkXTSquf1DwIt5GYR+4EqW8nN
vnrbeRvCUgiy6G0kPFEvFbFVyLD14ldVAJyjPOsP1G3QGTEhBtAi1RzEQU8jvtk4
IHm2aqYKntIFcC/wq9KGXjiKBfwhg9mFvyESYFaj8pJcIbgPzyez/+WSRTV6LdMd
sbwiCXbeJVezAFlb5yd0aBjHCDE2q7KR4ccTksf0n4Z6Kt2WXir5yd2StKcJ4sLb
5P2MchRjPSDM609l/5sUOItLje1NgeVYUzvN494kV3s7rCNfuyyw0gRoM9HGWlj1
rvIdVGKZ0vJhaV/WjxznFKsZuOUG+zQzlka3LGriTQH1R6cVrSi7XmlCLrKDR70M
mN5SlFq9Uw0TZ5K56IJQ6MIjUezIwONSFDwynw86LVLM33cvV21Fy7/4XlMkIRYU
vSgwDSmvxLTrdaUNNThIamtC3LtTwZ91XjnjgmIXHdQ7JS3cX9cIsNTBGOYCT6V8
taxyzv33pjwL2GU+3C6GfTzGnPGOByOnAWpiKxbECz3fuUmG1EwyBYeyLcta7ZE3
y70fhpvFggdVt2Q2fpMFemnc6d5hdi3KBrTb2YpyFRgpE91HjtGoB/iB+StrTclS
W2MeGn+p9EkJMpMq+JubFN3Vx0mLFvZLlFQFRv9emZmtWYJLkQz3c3PSge9QOrZP
hEv4WgV1U3jz2Ll0xMMAqlvO65tqZIAuDVUOoVLE5busbp7/kk/boNimArS2pYlF
1IWIk7GR2c3i6QDrVf2FGLFJxmitYscRPyiyFS36dI+iWu5B+tbvEfp8ZjJgwA93
BueKKNalKOG5JbOAbBrErm0Ol8/g7auxPthuRWo3hax+Y7ESVNTf5tniEmluPj1B
/A2wfORTi41sE4CQpMVqWufaOUZ+syc0Ow6Xu/JINvYGxpU2X9mMbSVzv3ZJ4pZ0
AVlCvEVLp7bt5XZR2kolPa3PXU21jCh1iWshgtlXxtdQSZFPYxItjcOVIJ7X6O8S
ByN06PYQ/piOG6RaJ7DGK95xtz8sxbYKW5oDliU6IF3lEuVPCXfWKG2tks1aLfKL
dXDiDw1P5ZmDMhLnyzsMzrjcdrlvj3hOE2rGb03ol/cfmAD7LWsetaXnSTOus18Y
ksvaKwIffgFbu98nxLMbwXjLBAX/FTagi+3NJ88lKbnI+2ayPwPFqEQZsI5W5N/w
IlrjcKDTxfZ/nvICwDdKnB813pJWoMk0/SM0NYEMANMmFexG2NfjRwhUAxLpy2Ma
nTr2fRyco1z2VyoUmI5909NNDHrOtEtsBR/LcPOENy9tR1N7WbpoktjlZ1s9uYxJ
ng5QDXtIN077yCdhzbPpdx5eEQEx8jUC4eqIuFiINusUILf+jzErtAS4Dr3P+HjH
1ZXU/klxwxngMgG9FdEPnO08O7JoYVYjpaZVaRZWwaKjkypcmehYxXq5fx9UIYxm
gbTIMF7u8uK4SR0i28fEigIvInts2xEYfO9WFq1A2TgpTh7q/I3JyuW52KYCtFOk
40xiQuxiC+/58aZycbjLfP6e+pYsB1BQiBamlfJceZuCTW2vn5sjuVCdSqi5k02q
hgzUSnlduCb1T7QqZ9KjDZlEIN2fgmA2RVxeaFZ5EXVxVjA6C1dL70yW/GlA4Pjm
hojv+slDVfXxHoaFC0LutvBFxMf9I6efheihKbGM3mCXWplzMKcqWgl9KIJT9raf
N9SrtHuhC2JwEqRvvn/XQN29NCr2GbhsCtmayGkmgD/c4vgN4noukUo1vuNVF4Wh
1GPwju657zAHJT6qRe1p7BqE81Cpf8aNeWWK1xBu/HlAryRMKKwRXm8x2baOs/L2
CokiV3GM7ip9Uf8hF5aML8fL0yNMMpHyk3h+rhsntjK0A/0sF4gysk8WyhBnD8Qw
lhJdkVoc81NkGNxIrlgVFjQ79fScPfe3oIveHHrs7BpEABdcZDf4NSrCZVStw0AX
YdQ9RjYbTiDHprs7sO7D9DV3VEVin1Ng3rMtoPqxb7HKv+Sa72+11QJeu+lzVQax
Uy9EapOeTELAwOqsSSMxgn65VMaLgd3E7ThUr0Kp8RJwp+mEcJ0c6AzdYLnfpyD6
ic12ENgtL/Q8FG/0tahkp0Th7TkVcjpJzuVNpijvkIxhuA7d1xIkKaLHxjkxCiuw
oVTfdW8Yt+R89SnkPcx81+ArlpkCaC8V4K9U6C2FIz9W40dHFUFajTnycgUWMybf
A7D1UNAeJBNjRFEliSqPu1Yr2mooi4+hV2LIMjLxs/aHWKTMah3K3mTVyoltAwVt
+2kMIaqtWKQi5xr3AwlP8GKEo9FlOsza4B1kWK3eDovCy2HGl7R3HJGgWnDxt02I
KM/HTywrU13qMwxdkejYgV/4RWQeOI5FBBAemnwJNdquKrOOQiuHFxGxl4OY1jja
l/sRUtS3pecm5x+CHCqYHSTlmAk+1kWL4ELwdAd4atsyrKn7SiVuZCgZ3/pi0kEd
ZBkxh7WmzAn49FMg2lS1S68skCN14LH+315uxs2PiTtxtm+h8D+Fsc9G+Wnjp593
CyPHQxQo8xSqCrVupdxeuimn1I+ONn1JUpZh9O6VRS/Ld7A27xW0a9hkGx5V0ACQ
J14i+gpcsW5jP3JVV2lplpgXqktR0gMbgUOU7Qvst3ZRQueiLJb9Ujdvhx4KcJS1
q6jrEldOXTHkz4N+RZyMn7JJAlwBB/gag5biDlHjvFYKWnrpLL+fBj5KPrfaDK8I
AvKMhm3PdbsAw6qieAntacTzE/ivFsORPUvlZr9JFJ3C+E6ScztrMvBCCqK94Zst
WVjcWVvKmd1ARSmPE1Q/SO9OzfHBTkMaFNXA9l6yUfQ1b1E8TNDHIDO+CS+6U2Pt
oiPay22qExWsnkuU0mCUDkrzKUR0lMQlYPTf+zD1qHPZ0BCHHFsCNxcE3YKpK4s4
y4HdE8oCVwo3II/rpOHAqIb3qEM9lAH41jtX0Z6FfIhOi0nltPJCIEm1OElmVjpZ
fiOYsXjTw4QgDiQF2w88sIV20ov/bvCydBTwd3Q0YgDLLmGfo99XJREaPhXeKKNf
noNSNV/xR30PwOnWoWpTSPZnYioxFOY1knpUIRVEbqW48B9KMUoXrawIZPGSWO+U
Ib3H1DxwlcWEpkC4GB/G7UYeZS0Z4XKcqStEdn5QSSkX0v7DwoqI7etmUhuspNGn
Po/HL1PR4q9JF6jPtYqscKm0EjF4H4C6QR3Frdz8FQeIT0Mz+9/6rAgYjtCbaQN1
I2zn8qkKQfmbKC9jYTRgg/T+IGbSvZPuWVrkOmMrv6K8uQCySuDpfPS9KmIT/0Ln
iGtUtycME+riNw4Tc4SjOP2VVoFEX4rfiGaybVy05BUcZVahbmL2CebxLyoT8uE/
D3/w196tyWYwNADDgYXdH6jSdws9FJvTNT6I60Z6fAiDspAlPO/wr/S/yTiFHDJw
h3jzSj2GQtWGiDFmLuLXztFG6BTTDVdyqBhAg9AghLuPLHZctNvyFmIVNUxDjvzG
1ViFJVfkuoj3YLMeLwrD6vtATct5GUQfKK4sagGwZ80egMMSxb0yViB1SglEsrRd
nQP5vA+1INUQrR2n/L4mG5ZdJL1Eh/dRpBbRn8szKMXtGIuLx0LIYVl5rnFCbBMN
H1U4fbHFiHdX41FTOiurCxvya6dNboLwm/2qQY64dzbj5kTQpxz/UmBN/8AwdvOf
NAkb97d3/CsE1i/soZowZMghezjWUKs/hhL7/KBIcXiTG+2aXKs3etryNJRiyCOW
ehkEpOvhHA6IX4y9VmorT2v9vee7hlGaOWekbl62EpukuD+dCCay+FRLP1jU6wqD
Q0Cqv/7kybANL4jcZI4Rf3joE/yB/mr8Ygd+5ATFHNmOVhdm+RKrOQchuy+lhrre
1mjLtoeQs4d8bUT6T/WcX+xGG1Z7krfiYwJQ90qHclVqAUsYFi3eQOtsHdliyOLm
AW8Mr/aZSkSWgygqL7dd0KGC/aOO7GcryqAQeQtSFBIXvb3xR1S0HgownwgCTdZs
IgWrM8BkESGpywMrSi3bsfkuKnTX0lFuso0q7Kn3VQE0kTCfSRUunOT8lNYLA+MV
jsWgB7uYX8AXFhWM+MANGIuOFk+IeLwtCfWfk01YCLn47NUahQsMPo5/4N0CeiWa
SFmwu8CY5UCLCPCW5tD+zP/mRtLM9Xd9joS8LXF2gRUAKEzOCJpy+qy9YkCuMgPd
PNx1cq3rcLz1qMopCmrDO5xR/LkUuY3I0l7kf29Hb4HZ/nXil/p9tKlOJ+qOiQI9
zFRxqQoxLQsN5QxA7D/w/5mBSDuRda6am2yifmdvwjsARsZiSSY9CY8Q5yEc5C+H
BhK6qMC0u82Yl58VjqrJRqvQalujMN8+CS8+4KiK3giZU6PE4mqoBMmNy9Mg4zQ7
zOjg0m/DYvPz5/AMk8Z/jRF8PQEffb0JcfE40ksKQyja8lNlTJsqJslvYQdITz1f
ghmVxuDfcXURzz7vQLGcezLOe6cKbPtt6S7OoAvvtJjpJOrdwphSmJN94BG/9DYn
fQoQz9hUbboUgfRVeUWfStMEr++fciSexJVyAj+kgObAaJrhstvjM871PFLLfY19
EZFMrV3ymygWYc/pLKWW7VFXKxmHjMAG2tm69LCpPWxsw/rmUaVBVe2jycb2FLHi
8sw3ecNWoFsCd9fucBGtmqPEiWr9nrIVj6I4mPd7tCXZQEhaN7sLz9hX6lTd9Ybg
3WO1YSWzaBZyxJDuxXbZ4Zd2t4T43PRJov6W1FAcatQO21xzOIq1u0oY1s0eMXHO
FF554eor4J7SceENG0c0vlIarFDPYzPmNoMMthvb9+7N4qmgJTBJH/SwBalbeDBI
7yN/SZwHb8juuXOOlfmuBDofTWWS4nkPi3Z+vUMUVVElqP2Th4mlmP6f4H2aknSj
OrMFPM3C97UY6Azyvb7RYb/VrUcnM7kiYjYM1irfRSYjD/vVYwxfGj1ruSFYw7Sb
+iaVQ0+g9XDTVytovy4xr7302goBJcUK35kDlz/2E2CLeFBxEQu/PmYjOoSvpv3f
YQvWsQsCqBfZIGAlYbQjPeHJIISVsJg8pa/BkKCCu1VgvnuyQoCAbawv81tMB6sh
L66GdRK9zc8G4dcr1tjaxAp6/LW+taetP04yRNhBlXAjd10/6ldyaEkyLRk23dWN
VMr38oup6w4rhFwWt8Py+b48djfqRzq1cdqrxx4B+qLsecEaojx3SgBriytofYhT
a1zNXHzltqSPV52O2s2DPGkjQy9ZCIjX85WRW6KZ1e6aT9TXE3jzDJdtsAnp/jf7
0S0DZMAx0hh7ELKqrG0xP92IYh1sf+OhpubGIjuBAPo8L0JaQ0SmSWKUwfF8XrzX
HCzu+MtnQ+6Lf7ctJ15XQJNEnSpEWsHPFpXGL2IRFdl/EgvIk75OC4JQ1kW3D1/s
R93ikylznWBF7PDqWREq9Buo53ENUx/lBdsXxJ/AxF5hz8tFe5QnK5fZ+iYHbhPV

B.3.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7435 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4498 bytes
  ⇩ (unwraps to)
  └─╴text/plain 333 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0

MIIVbAYJKoZIhvcNAQcDoIIVXTCCFVkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAE4jHFjgjvcL+vJbAAHC/TgYkD0lhFkLlWZh
gSxqqlgjf4wieoJudnfk5t9FO9lLxUqqrqFCOoR7MTdQMJhgmcsb9G8ncJoWsNsO
EZ5Fdt/rrxHgtjXJodVbrk0BOJ7L9GVfzQBPFdwKEg49vP6+sVp+CGmByXvdlA54
ueZCKs6SK2QMzodp1nJws4IXm7BIaJsvGu6huNEI5lNe+NSl9qAGej+oJn0i5vsa
S/2H/0fxS81sIBfY/QYRr8AAb4lbFltWRWfQgix+kORhltIPP4A7Jo5a+fA92ZCT
HpFER/cZBLpalp2M+HVBajOUgASwsA/Y30Y7Sj3kXqE37RvaO1IwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEBy7Zg8b9DsTrdlACEAgiB5r
w6FQ6Bugd6UDLrGOmyCSZ1KoCmPUxpb3veBdbYTrjSIuhkMYq0/ZUQ7JVS4jgFMe
4dHUshBT3CKj63FQj/fT4G7xFKuRnyfk7fpeaGBR/1UsvQ+OyViHQgf4JA6OGEk0
R7oyMOROcZznSFT/Em585/5Iq2dxsq2X+fQUPeHW9sSRRnDZQMmIhQGwo0tDI1vv
OOlAGv2FP0p9iYQSzJ7VgJAViKHYoXDZTrGJnL9uygiIJea0gvw6f2jWLK4j04cl
1DNnQ4KYhWgIaPp5njGCKEiqssMGIj+TkkIYludeGy6dEK6f+Noqc7Lotfz7YDCC
Ej4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPLJkiAiTOk6hJMM2eSXOzyAghIQ
VZdGI8O0ZwU7vWIZenIr6HSnwSw6yJDWDd6K6bteA6qxZ4LMCFXNpNxH5VFIowK5
PqneUhXG3FUR88453uLLUDllY1ynMwvcbH0GGPOIn+tcP0VQHkFpmJk7qbmc1f5Y
jOsWMVVdYDGqgiDMgBAPp2YdqNv6o3h+RYItALY6rebm/0FbQq1nSRduwh8oBlnX
BOhV/LwC4CsqvRo8SigWxGOMMhrJeV2l27uuqEmOIA6fNpQ7yGiKJHxZ+eaVfDmy
bhz9jPZCVH5gL+7cBE2LVTjDrF8H+JDpTC+uQ5YJzGCaxubDbHay2R66Y+qfSy1o
EDXvli1/aX2yqXViRyxhkPteHBCt5Mtwqnfqai0krk76mx1JBeBQ7KrwPi8US0Hv
LXnQxj8tVVts4btT9bNRh8WPAdnhc/elcokASMaEZIB/Oix6hvhR2/AxIIXEOn+5
HOHzJ96UhFBstBf71mIwMzwW/l27zYIzNGK9r90kUhK5psMMkR5Ul6evSDPMO3rT
gKJJwfLH9nKvm12kp+Knn8QDoiHqAmjytzrBwgZrpklqgFFTG8Zz633BpPLwqb3s
j3tSaGrNv0dfFG1HgGsgahfXtvvFpNFj4zR9zx7UNQASXTRXZ5lNVt69CnKkvuYp
45toocAZkYQhTGEnU9s+GD82vFxKYN6PL6oRyef3fvAZ9F9tYOw5xlyf8TZxoMIY
GGM4Unaqsty6YmFqqMO4do+bF2G1bFXYI/2MXa34jz0tnExGOgZ6bsfi/5KYZIia
+w26I0OOyv58j0Jy+CQ6Mfx57+9WOwhx2tOcYeyv1SM2ER6edH0j2bMgztGO9+UJ
APUN6Hq/NUJ1uiBNq7e7nnDHFS9gyiHabq7GI2yilnEebZe32jw9OSyu0v/SyAsx
47m7OKZAukwI3h/9W4iS8L9cEShGUJtSKf5Bnp/m2iiX9B6lSdqT6nwVWEJ+67lv
6wonwAn2CDGDOsvXNoMTktDt4dBNb1lgLC/CgtupTXSosPovX8vgpb4VdzK2arCL
ec8EIaJmGVRW0xyI/w+EkcYIzBAoUDIt+fAIHLz5OXKPFFs2rGHrmneOsWtToCcJ
L3oqpz2QXV8/teUQ5vxF+11nF95vIBDeiZrEY2eAIPZwhdaCVc/EkzdxeE2Tx+cq
JIoVTA/anwMUxmgIRPKdIEMevgiUe/te4pIm+aXhy3VTNlDk+AnGAHvJnh705Zx2
zmmhRUj2OL1sOLxHkC/bMz6E0vjMiE1WsIhxds3EW9booN06wCjZ6GUKnSvOj8S1
ac5kAAomzErAUisWkbsQ+lNCysqNGEowSWqOG4703CzjcCMDoAfwCv/K7JvpHxvv
zosGC0LXLQHITM9qT2PMN4D5HPavNCGAxKQz5mJsovndj6BMJ7HqvhtPixWrLNK0
N4yQMc6NUUDn1J7h+PNquTtzRMqSURk/L/baNF5txyv5m6TgIHBfslnMrfRBEvuI
3sgpW+9aers/0vMh1LOLAW009kCf5+nkqQ/I8ZFaLIFvdRM+AkvbVaQN8li+Ew2z
lef/Aeyo4X1ofNkmFTqxyP+F+ZrB3ZF3/Z2m0d27379QyCXviiNrBvOE1BXzadwd
TqcyILwqQaqFlgEx2d4R/sdYoZLu95R9iLezeZmzYi2KLXmm/WGTzB2gzW0WINqE
k0+b7Jqg4qVJJBeQ0UrRFBZvVwVDQ+cXfWZt3ij6jo8h0iHG+LXHlQ/sIKSmCZKK
XV3U5Zz4iiOCCWEenuA69XN60VJON15QRBIiWtr5vjNUJ8AAg01qCygGZ5VkQzxi
fh4YIBk0OY0nzVIbKKvei4mNDYNdv2rWWuSFSUp3MfqPf1Wt35sSapBXPgUNLujS
7J12ZGPeiV6iB7xibbLsIQQTjroktQrP7qgGvKpSu2Q6yQOsJd5zqrQmyVzzhKEo
Vl1wAMYDEOO4vxNHSHpz6m4B0+ey7ltH8MpeXHk5cyQYAh+dn0u5uR96FWRjM6Fp
G3gPC/0mS2PytJG7KfQOkOKE1w1zt/ypg/iAKsuaMBx70HLuVR+BiQYFTd3YO/72
y6c4u7BarWgn1FVLjnNQ4aodZyoDqh/DluEdkF5AkJb0jNjP8DQAp+78E+ZsO4OK
C65HWQdfag2gNtTvm90RMtQjK7K4vXneBvWLahp74vouNNaZSS9mAAQQ/1YEDIdk
rJxa5hnjgB4+m63U0IqZhO6Yzuv4AlkVtp+BdYcCjur10hvWyq4k2FwFslaROh0d
idOlMirNC/rSnXcVagVonmS28Ykg61SE95r7CHtbUIKIGcsOe+AcSGX+mpJwLYqr
1qNV5PZZ/mFX69QwcDVRrzmDBLi0MW4iGQOup0f/S6RXTjW1nTvoJOmcm9J7/Bgn
nRhkYcd8C/4g//H3XndKdxyojr7KV3UY7iL/KPHI6pIVI7h/HgPJTAuecdXIXWt9
Yr/Srk7R48cpqLxdFvaaDWe3Q30LtNeiL5czscnLubAT6LBstJPTeQE6vnag6N0J
BU0Z0kiCLLIE6We1CUzwQjBzUAWVwHl2uTuFJZdPyVt94VpWeBEP3daeCwnJaOgF
krgkYLC3qySMLK24Oy6X8wESNuJjTEPn30t6/D5CzLIF0SugIwd7GeswWfJvbql6
4Z7JiTCvpZ+M65LFmLn+2oPB4xh/hyzNe0qs+9Z1zd94M02TxZdk6LRaNwI2yne1
2Wv0Eg+JEjqilnIPljd5KhJLou9BwBKciZTGu6OgCeIWY8pKsfLFvMdxkUs41xvN
o3FRhQ1UZPs1VzMabkP/NRb8D0pEedyPiY7v1PlefnU4jX6jP++Ejwbr8vT8K5NK
zB3tC+1MfZa8YTb4zuEIz4ept++/At6oUaZ29DOzhPzckILTsHxoqdbudSpC/RQ/
djKYTYu3XM1EYCUf9fRDaowYjPTHjrNgFzqF/Gv7tAr/1EOT/5SeMNrKaDCngh27
BzE92JTTjgkIjyQKo39JT0DNbcxViUX41EIH17E7tzY7Kaaphousqdjo/mBm4SCu
ncHK+mEBQ+2IGm8EaRlzTHqUqPXwwY5hsv4QMFezLQCFAlsgh1vA1/IpPIpESV+n
EvIgZCr+RLFWnX4m9mEOKHjK+yTds+Gspc1BWBby3pQUqWFQa36zSfA6Lkm0vuFv
0C8YKHKDZdtIrhPTD7e1Gooz4yGZc9//xiUO18HruLHiCnsbQjSHaln+EFk9qzxj
hRSI/4iyfn6mDqwFfqIt39GGA4Jk1eeb871bwTBhATbBkGwGhKVkeRT8xp+dRlCj
S4IsUDbU30rS50SbJ/fRYpVB68nQQNCC8pE2Hg9TlopAnRY9kKiJ1pnMNWRMoRV7
axH3BppdTvAcqaOOXFAtTUJR1lSrJ2XzYQ4GzoaA6Y4VjEu21Vlapjg8Zd2ehtVf
Xfjyc9vQSrv5AUuCRlQRdt26s5VveM0c9wODONxLgL5pimKUmPC1p/0oD6vWdSEn
uGgxlXF/Y0qk92o0AIFjey7xiQELwIP0bl7ukxi6TBayeZMttq4y/OrVgMZMoM/p
PWYnTHfoq+c6iuHc9HBcBlkUpK9crv1iKaNo9UgHvfIg87FkGkLRvol/c49VnRLb
Vm2IImWCOS4TyQxWrdo+iBENltYA09vpCHw4wrz9qzCGEblfvHhFHSMn0V0TJA6r
Rv3W7KrYhIYrLRouWtm6pR0yvXtsGK2b7w1Cn9afoWBsqOyxlAFfSwMpplXIA4rJ
6gbR0FIKgCA6XVGQQroYtdUihp+Ie9EmQuoesyzg3Of2T/ehNil9aZqmeh9rNuSM
PkGIfa/qMaXYiX1pECSNgRaPeUkt655B424KedP4A1p5eDkKKAwHoAsPM5nZ3LIp
WvK6pBZy4wy9ivoTR8WQUtyqf36yEOJLdVF8r5h+UjR2RGg2e0S/sbSyU95KWshp
2agwKQnzGBO08K8IP1ELlNP45stzpXYFcXxqezUwwRzyWqC+hK5RPNjP4CXjAd8j
z0ex0sEoe+5laknet+MPWkQ1wGRqzkrgbiWbl5SFpbM1Qtfv56YUTe25h1gmu8ik
cRBVoPVIi5As0Jpgc8cw/q/1mmC7ha73V22W5s97y2B2aSn457eXZjJ6tR0p6WPF
q5PDDjjlvDliZP4NgM/uyllFbyi0gvW+TZiha7YQIWATaG3EF+0QTzBuHJADH+M3
4RfT92fV7Euya0+/nNxCh47H1ex6v8fxvN46aAuYLv+GVVKC5Sa/QQX3IwBqXBwa
Vb/57a8+dqonQpvr6q8FjdymapGR4kCDVzXNdCgAuoqMRcuO6wJI+ZjgmvNHTwIx
03ASdCVgk8FZaR8hA0MKSDexs1iIvzEzWnckwVdGsuIszxlLmnhTiAxJZygh5GJ9
SYEV5exBe9E4tpAV2fKtzLK3b439ZK25JVCE4ZDY7M/4kPBQ9caFQzx5AiE5PuSB
URZbMFLK4wldwmfM3B3lRsRlgHxr3D7X7fp7/92+fkcM7F6kGwoR3YZ+cXbVrdYP
IJbepUoDIzoLXwC0/5KjivVlt/VVGrL5SKcQ+QEob9DlhP6l4jevV6KYq0QXEw7R
r79EnzkKGqgb41HjP902y1agv8+RqLQnna4cpiySi4SX3de0ojbntyet06Rq2EDY
O62yLHGAYRrOs+qxV3DPAWKnMbXa+Ae0C8D+MzJCk9ZJZNnNTRzeJ+bVBypVC5wO
0E4ouXA3i1tcgrjQqr3yg69l/aj9sPoT5ybE90+pdYccH0VO3beXOS+xZUUpcyqq
VliZINAOxf4y+P7FgPh7+gvrfKYIh+SJMcxk1DxsO4zA4M/aE7QhxjivEpi7ngr9
+0v/VV6X+pCFPmFxia9TpEiiUG81LsdGCHSzedABgWFg0M7rsPuX/5gNN0s2rdti
7tZu39pRWZ4+HXwXgKnMPk3Kx6i5PMLEW0PlM7NV+pLLRiwS5C/8w0RWnzBlth6g
nqX4mN3euezQmTrZAoFD0SEymLjLhOoMLIMEuDBp9k/4pQTE74VMW7ZwjYxz9cDS
sAWa3+sk4c28sAmTdV8hNLtSey+NqA5hRj/bvVEiKNLvuilkbwlseIzqg4OHnrqq
6OgAaZ0bNxZ5PYbY5T2hVA2+tqja9FGJLCvFr0Dq7w76VeAui9hqmpQVmw9YrHmz
TqYYYvCZRTn71eHmITO7j7MGTRnyfqcZNmM/o1Jya8vss8tiusS4DkGNiqq3J2Vk
KjueAqBo+3uYmzqm5gKSbNfXrkDTZJCxj41ZYZto1dCCHUADSQ0vQ8QoZ7ICW7yN
4sMnoqOGL63m7oaqc4983iHk9sK1ZoB9rrkBqlQVNN+ZWE1SgE2ASfen+tnvFKeJ
72WWtgQtK7NhYVPfWF0pzOlMoBEwJaLoMVokYW3I1Cp2joriszqu2ALAmgGTUbC/
dafVABuvHuOErPhHmlp0yVcifF6496mspG2pRxEb3hhHkOmq1JwrVkk37qMUuMTJ
Npr2r0galtYT+Hzmsw4ZMG42O9fUEyAvsNfF2VeanmBJRdxHslBwMHDEyxrkYvcE
R+FMtAIvKNqyDTQZOWkdy3knwDgfz2TJ3M5guMPO9zdQLN1ckEDa7nn83lCtjJmw
lujtT5N0RYIpkt0Xb9ZZKAsnxvn5LlSfz2dC9VFeoIn/amkVAVaZXZ9vWY8V5Ae4
UD6f19EhvZ2SbDCk4uRWCf/i5LcjKOyGwLOtTY2HCfqjmfpdaHDfNJKwikIx1Yly
I5421BKwMlaQuVPYzBUgN3Abd5CaRn1etDax+i1N2jyg+dj+x5NQDBsWJ9IJUOXT
nMDScnH1YW3CeuL+WBcBozVltZaO2RKSDCpm1z4TGTAGHYMoek8PGW8/ZBTIMqCh
7Y1gq54IRMIhO5JS+MTbp4MWaR570XxKrc/09PyDD1EzhIpixAOHqDf4LI97i8Pt
M33AKEIwZjG7lmnCnURdu5YNA9Q1hBgjshd7tHAZI57I8UwdX/GrH/jGm3Zd0L38
xPfZpa9QSr2Fs/f54Zje/G+9vK543k5PY26PckeSxVFrAc1eLNRRXuP0DHVc5xxX
pwj+ARVUo23qb2bn2j3Rk8u41Z+mtOq4YmLc5Q6a0M034HTqrc4jiHU0Hy2nekJV
pBbOU/BFByUFHn+M1h6yRtgQjVKmC88O/aBb5u7MqrOsQ6cvNqHfs3A12HgjBxga
+vBLwEHtHYgBOeZRdIeQwA==

B.3.3. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7670 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4674 bytes
  ⇩ (unwraps to)
  └─╴text/plain 423 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0

MIIWHAYJKoZIhvcNAQcDoIIWDTCCFgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAA7foZVL0cKGxTAGMEqr24xmXk+R9+1tBvxo
vVC0FR62j6F3bEqRPggJoL/HYhvhbCluNzS462O1GUESTn6dU0sFnAtHvpm/aggs
ywFJsWc/fzzIyEN9wQ5X+2BWM9SofTEikdGaUUz/fub8KpV3ZHmpO+boNOMRWys5
gOR9GFt+iv5LEdqhvaymsdFs/qKAZBZo28ffE4DsanZEVmYufMriwoyRtyqnHD4A
hmihNTH5ZCdeUUSZXb0w/UP9TWlQ9C3m663fywaS1zUNaol4gEpTcto76D/FohGk
s9mZ4vFcBgGWzH7GJWJFWE4VRCQoNiWC4H8y+wIqfIDE9d4isEMwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEASY3CY6TZFO/11DvnkCjzRwpZ
S+1JJ7S/t7cPtxZxd8ZVVAmNmVEvYkcXsCNbvUrTy2BlVFWYKuPOOvfXQVHhK4PP
Yq23OYseIXVnsP7qlDMS/ZS+ptGBIXV2ZzqBt7I9jgMLC7f5i2NQwDns0720Slz1
MOIztq+Ccy8l31WlF5k40PlI6oy6PLv5RgM7v5CGr4RmGBZBiv2rQPYlfSSGvAQ+
Xn16CHji/70f9tEXfXGREJRzx/lIKFjz+JdROE4gptu/wXNjw6bTVTPx6FmfOhnD
8XUZA6oBjN14Hi3lLHzYlrhKQG+9owD4tsTcOcdIh7B8ZsMy2G8Mg0mWWHTWgTCC
Eu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFmrLeGX3dF7SOczv6nMLxWAghLA
C3wQFKe2rnY/Rc4LgupEDeMq9p39XhDQIEYeYvcNiPuRC0ietAnYPfAegOQ1hsZh
Nd87LpWCtj736OkRwUXhQyoVEdr8YJRIBBgOYC56WyHutkdWAFsCXrHhJAeHdq4y
5XAdOPX9McvqKmdeDCfanXMWNs28G/sVIfwA1o6Tg4COw7g1DXVJhYqyZnX2tvDH
u5XM4EMVezY3F1dh7rs+NTNQ3ziFs/48dzIVPLmOZj/OX9o2pcnhzU2gyE2ciPtR
t8p/hWw2bdllp5+ZH4Ma/Cmaz+48GrRn3TgQzSw1/QtI+x6h6RBGSVTRo/nTEvWQ
t9SaoC1C+SxmEtHCPWtWLDnf979+I9ZGkqsrrjasoTKZAieq6KeTBB9Fya6eyyGj
VdDEx7jmKtpJpGvb0pBvl8xxWKD7hjX2f3qbgFKrwuToayXLXCw1hYnX3UQ4L7cH
t7h5T5m3pIehG8+HyNFOGvt1QaFTLzibQ1fgU8hdDQQkVhPDkPyCbLI3nFZ8HH9D
V5dxxd6O2t6oNeBJQUKMAzOxnfsygBhw89fobdskQnOPOBvl7PCSLrzGMvvE1WUq
wamSi94s7V6gFfUmbe7YYdZEl/VEEawzaw/eZ+wHbjVxQkpEZ388cFHMdHOnkhUG
SFobdwBYQj8vV4hxRTuoM9V7ZaV58S1MuS4Z86MUkCf2V9Z/9+XgkvmZMu/G+G7A
td574PqjRaFrOuLuEQHRRZgcgUP+5troXLRgcJJTYdZB6JKdfNg1ikBF6Bsl2Fv2
XxXU5o89L53X87Q6oyycSuZUUwhaVQbx4voWjnoR/Wcgo5bE9+moXhXHkFYOajDs
UAORrQGVC+NaaVwpQMQujvZUOYQJJaRiZc5kALd8TZ8c2W9s3j4L4pDDmQcrgBp7
BVdBnNDh7rNwFqrsp5Tt9lJkaA7A3JcMhTnxvWQCbe3e8jbgj5oFfR0vIZju7md/
NwT5rzrSVOAHpgUGEalM6u+zN5YU1Am9aisFYy9s0d1j6uzGTP++UfSI6mJPX5HZ
7HHVExQmVCjVgQwpifT8sOA8GBWUb9w5i3+BXhJroFJkgELcna6RHiRasndr5fdK
ssqW/DRjs+O5WlNfHhnXW6fBpXGeG7tUuaOj26Va00VWkpudP9jiH8qw/tc/ff4v
5aNwO8lMZ5XjKDnRNIkS4lSFTUsYDYhxpnQiIS4PRpbpr3GLKLm9d+vWsq+MV0xZ
u4UM375UCi4ngrtagq/pgrQKdMW7zd6S019eRSm0QbGV97o3Cipr4+6uC+Hv/MHQ
GTCxM/6+uTqESnsngQu5N85Zt/zs7HagRGSOozZwfakUuxpqyGQ3C5W7JMsbQ2HM
KFwQuYh//C1mSX9AZU7Fp0i7sKPp6C211ErUeWUgyViDrwFRi6F2f0nDHNr5bmXy
QCsJdvRIZxCQpWtz7/iFPlEP68dNsGZsz1nXjgwXycst36IRdPks4A3Wfx1H2Ifn
BrLKqg1FUhJhE7dqo4KrvJ3zWIhMoyeQf6roKdxmcECrzigftrVRP5C7++3Jqj5U
VFDeof6JedRUP1rXv0TYjzwta+PUhyGFbDIU6CskSQo8+Rj3U5uYGSUPsbv2bE6u
luOPZYpYNKgBylPsoHZZIRbzmeTit4lDlehWANRFjCwsGjdMUTd8yca9zWr9l5sX
qhWA3Vijz8CHW3DQMSO2obmvDwGnOmnHoxvjWWcexoTuT6AfTBw04XIIh5UAgexI
e5FS/2RzsqbY9la2WhGerXdrB2EIWsO2xaQvExyuo6JJEyk+8IsBqmgRr7mS1lId
H35SzbjwXkPK36si16vgsbDs/p0NIvrWE9bLCj9YZTagqyyUSkXNZssfQQdHGssE
kX/pWS+8l1dXcbQxamf1XENYHuovkX96nTq7a8jxP62FR0fbz3CfcNSAmu3bdGGR
CsQQfW996D18+xtbHuks801cJW4Lnnavjq+SCb7mZroFuDSeS96poK+g84uXPdMj
1TAPgXxHDuvf880nUeuwdnM4j5nA1nHGSnlB0U8ZPQTRn+MVGKHgMycl+Rh1Klkm
DjwrzflGBkMbtiPqKLA1nsyHw9TnYfBqQ5MhlY+jnH4MaT8t3Fm3hzmki2m4u+3W
AXeS5uznfU8p6Sbm5UvXJITRQbBowGD3/6cz04ymkjGwwAEyUyjUNOtlbjLa+8Lu
g/zvJ8EWud3a0az7hFFVY0ZQTR4CympFQUNtT7lszCRL93lCa2RLD+LZst8wCoJ6
vdrHmCsuuXoNnoDE+Ox0CNGRZI9t6SleqzENwLpY//X3Gna/iLEdWzgo9V91DZQj
WVxuPB6YLrlWYoClG4ZB8LANa1t3iGnLGSdzmWDY5ajrAEiaPDe/6ApPbHkuhB7/
fl6S11je2MijlHJn8x3NLamw7qGJeYdq9lnsr+5UbhU+3+xtIUScT+7ncvWgf0aZ
Dib+Xv5ss/GIh3AwYdgx48mqd8/ERfgA9dbr1SiHk3KD/0R5t9cU8VFo449vbODy
1E9s2tyRU95zkArMudoHKvoiB5qBazMPnTEE3AKNbr6HDZwP9EAkpSkdc1ZXq5pW
SvELQVvdVLtkG7Ujwr0GfDDasCMk/g2EFAROVPDhcPuAIivHx9Q2BMCX0ZePjeKc
xOy/iTWnwCwtvlbadizD8McGqQRkFnIezjKnsGDkJkuTxuigBitDNM9m7hKR2N7r
nbYcfPEJ+PorfaaeLIFThejzpBW38NqjPJay+APZ/r3fWNqb40Z/5pB4viBttLx4
ZHEqf/82CA/hNKoYDucEx9lJwB4CBniJDPE9j//Ncr20M0DJYziFgpb6g4+9KNsn
Zz2HIkYvy2DLlgxzyCxqcZsmZIBahX2ID0zsGo8hZ524yyubAG82OCwKf6q1OcFv
ONVGNtH4/GGzQ6PEjeaJiibzVYJJPBeaqpitJMiVdwu8Ar+yS7aO1p8RS5iXxBjV
L770yo2DGgwU3J6BquWeuiO5BK+4AsKVSMhsQgz5q1krKZpMOUviGbO3lCx+SsNd
pLevlECSZqkhjC/XaiHeoHRAuGd8Vo9LcntNjcfJKRXBE/gQ7H9nB1C7qIf2FngI
y23th7XSrUA8R8xHi+AwWyHS8g+WeTx3w5yDh5ey4l1qOR5SpNvuYOgBgZhWxlsV
agmPUcoULPsxeIyQYKQq42fcb60hJrtw+gYB4x7RPDQkX2bEA9TgaXIOYPnQnxen
mkAlIIE7VSHKhPdDpQ6NBueQDmMwby3UbgjttiHXtffUmgZPTfE7G98Nfpq/8Stg
RNPunCj0SUIbIrdMTUbyHOkLMq6kcH9EXu9NqdY7lBLDMo8da0edY28n/sdgrzDI
03GESEjBV6KYjs9gOzPGhUMNXM5t+pst2LbzFpVOA+rONMzyO2lbED8Vc0skQtGz
H4Oliksszm1Cy2zFUXt2Y4kzmO8FCD+vfeTD/2QestE9geJOL3P0YQdGQntB/Wff
2T2J/ERLNLgwZzB+WQcBmH9rIgOEJ+LaWzHF7cJRqkH7b4wui4WsxpDlB1Tj3Xsv
jVIfXsRSUrvCT7QBXcbHCEnCPo1ETMv6/owEysVPYEnym7zc6L5e9krLDoJCY0WR
wENraaPluDZy7PA6NIiKknhAR/MxnpQE1XF5Bhil1l+1hW0KNooHjiJgHQrxkA38
oSrQRciYbzVsBSjiUEqZ+ksD0IeCQq4MzkwV+3WhQ2Y38pKeTNIDsRlweO5UsXXb
c8c0nFaWoSsAP15G5TSqiywqOMEZ/K4sqb4H+FBrqXtAzxzRJmCWKW0su2WsM6o+
YEqxZ5xBL/GmTLVCMR+DIOV9Bd9fnKdjk1qvTbOWK/RFleAyMvWO1W79B+ZlRo36
0m5xGBns9m5Q6doBefeSJXmCBo3krhxznDD/RG85psnlxOugVJuAl8cWXnz8t8pZ
uuyNZc59Sw67IQj1lvJlS5Ta90LcroATUGB5AFRkjqZAkvDF+9LaWeIaIkxFocqF
UPCDVaxdupakvrw4+pLukG2C6e+GU0Dqv76Bnx8xfPrPSafG9whqi3wrzq3dWIah
kUFnkhaE4tZH5ek1fOJYBneStouSN8Yf6M6qE0TsgFWo9EI0iUWASB9HhS6bfTCu
Erg1bH0+JOKrf07HoKCScBx2cnlQJU06NET23bnUg4Zg2DDMdox/278ocQ8qmqum
4cpayWMHvTMgFz1In1++n13n8EVBlKJE0NpNFs1YnRHYRk1z2x6jB1iYXbfPJxje
pSx1qAL2w+hr/qi3NXnkKnz57h08weIgwFjf+cvF84sMThqf4Kr7r3iRdlXtY63C
mmlYKZ3iJVZEULsRnCGXsOla6x9DVqP5a/EurYPWqlzvxXp5sCvqIxdfIc0IGIjg
ncOXHSK4V0ezr0vRzL3rINxh8WOuvkcfqthJf1S9aeYS5S/8YEYTDdXf9BK/PcHt
tN6SX8EPYpHDtPatkS5vHQG4cfdGQG57Z644DolSNs+bKsmjb2KFPMaEyoDCW5pN
ue86Wkzk7ArN3HK6tq/HSqrSU4tUBObViI4trOxbNsPDFmcbJ3RIfcKKIVGkEjGD
t0eh3ox4vdNkiW+5La75VAPGD7Ox40zqHT+6K2oNHfrAgRcecBBAbw9dCRuPPH8u
+m5kNdTo8cvF3BR6pVOx4rYn2T2uZaZPZ6JhMsRRwHbYDsoMEWBmrhGcHMnrVXKa
hnygPpIl0z5REFlWSliNMpX/35RG7dODm6TeK+Wtp16qdSLOso3Kd0BgcjEUbMlB
DMefqY+0dE3Pts7J3UXPw8pn0H6ARrZn01euFeHVxMPJU3GPss/1B5Y+xtT2zrVh
j+ouAdHOtXx7VnOwpYi5P91UEdlBOG4ez6eBc3BMVi5Mol1Qgp5Jr6eHrOUI1DEg
+G2HD2jrl/ClhWcPUJSEZqqH3hkhQ25iJxBd0ol6F5W7NQ2MLaDeE2/xGZ5OBBPB
stf0dFsoohdVtIM6laOIVeZ+TviAh4IlJoHZrmjMRjpZ7vGNlIdjg7z6xM4YYtCl
piJl0n2/rr66+GS7pQcoVOuFAyBnblEg1HrJTfDBy6BAgA46Fe03npuCYpiBGoFR
4I791+nN85fE+JzuEuny182ui/qtR+PQWeNV/oiV8wmhCez8g2zDmuLwfNcAjJtI
xQSOvH5PNt2XA4OjaJWv8YzHdnEHdSmV0gxm7g7TVeT8Ez866jn93fwOKo17shfZ
9Y7TyDCRIcg8hAi/kEM8eRL0G2/Lgb1jMH1HHTZuguE3DYf+LhGXkcvmmwzpAlZO
vLSKYRWObJBU7ag95fr4LptxD0nVfzXyteyTYRyyjceeqcPNieg4c46mYxalmU9U
BZ1p+2eM3AVLiW9+J/UmWE1M+oAjKiJ7C2OjNda2ap/eCLQUsvoHUNQKLz8uawn9
zVJiD40xcpahlF99YhzGTdkUf4vSSaoG7J2g1y12kto6eWS3SawEnm93qJAVDQFK
I9lT7QKqJ305eN9WVuv9+uQBgZHBUfMgbaeGtlycTfasOD5P4y52hP536f7+jS9f
bjyLRnXj2Pzpj+fr5XfkbsMU2tecChJsqoED7EhTeymOg0OOt252dORqQxb47Woy
xRHi40jusIM+HWXCMMPRPYsHESSG2+Mu1IMl1ZN5ofSEUuswoFaboO/ssZaL/Xf+
5rhPpG09YC+I9ZWYyotIl8HQbf1C6hylXTuWQo8bU2IsuXCNH6GdlMJIuTKhLGk+
+RAhVnCq9A1abcvuAYCDFnngY/b78DIENgq5cmSnC+1740SV3TdxVIVEmz8oCgrt
2UMbnsxrgmTW6qDLZdF0bda4854AI3SQ0G3UUUTTkq8+/E2HOVXKBsPKPKIMi9md
mlRE/xKUvsb/Rtw2AoYjDEyciwi4jCc+nyv6ACbhWO17v9FpcHAb8QRD8BxTo2S9
bB5J72cU1BLec3z6p7ijYxn9G9GzyHb0R8kbTcwUnFsP8/LGhN9Lx911/2Y66t/2
7GtZkv6xcttKPN4xDfSdu6Ymvjh/2EjvyvitWTXCMmbVTrkLu4DXeBW3SUYawjxi
8UvT441E6oOK669K33yNnj9q+YtuUWm/vx9oIICcv8njy44W/tLS74wXasF6T9nB
OdZB0NVb1cA5gCgkMyY96lBkTe0h0P5gQjU2cxuEsVc9FhEUsR6j5IGpPJAsmr66
HqUKznyG28I+Khru69SZnyewyvKMsnlCrMSMTsIDn7vfZmB7nDbwhSITm7t3ksfP
/weh7b31c9dq1m6Pi89ZZ1hCCSA/VcjpLT0SwbjvG6s7Z0JXl0en7Yxr+09RxghB
sfFSWHHhwXjuVC3uQyRMtF5PN4HGo5FI4tSqfWnK4ScVVEKXlSxKTIRJOkkyZTgn
4jyvnToOV6/ViCIEeub6qd/rU7H6I/01SIo60W+hjgqhO9CcHz98fH0lCoWK9+0a

B.3.4. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7735 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4712 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 878 bytes
   └─╴text/plain 319 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:11:02 -0500

MIIWTAYJKoZIhvcNAQcDoIIWPTCCFjkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIYa3OenGvm2fxVDHCD1/mOK+G0pkvIp9vgH
9ie1Xt9FsGcfZkoi6msDh/Td2ZLZXWyP3RCOcqvwu3e0M6IEbbWhFVAdgkfJ4k1a
wlfIpe+ECDsja7I4rP2Fle1lPelgQ0yw+pmG/epN9Ga9FVvfKhDTHm0Zr11mNjIO
FRuTtU+G6A+hQJrCz+DVh/3ub7P1DBomlG+bL8PIcgSzVwigtc0Hh905uZWb8ypd
CE7R4SzQfX6u2/I/9K7FgZ9pSp8zZpi5WvcBuJvSqeLgTL08mm+7AMAYHEld005y
B5GFc9fTTV8ByI1eLzvFK4xl8EnFeQNVtcpoIuJ+BxAihm3OahwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhCWApyit+JqyC6p1+Y2mE0rR
LziSUeCZ72cLwSS2GXyl4YE86WTYQPgF5IHUymyTwtnqyjKZB2DUP4jOCqOOuHJQ
cEVy+uO07cYIp/K1bZY3mKy5EQkdlo6qpOYJmIs03zoQfzYb/5FxBBIhudMqB5U0
t2kPTnlgFsLbo5c4FTnCzVBezJRyA1Gw/tQeZU2Rfe8xySkKEU00vUkIVI96X1RR
UNPGVgO72/V4w/Yr0oF0ZT36RZdW54hhccAS1t7VZoiV8z09xsgS05xvs5d1eRzz
DcaFCz+bvtACJsjt/UIf4PP1jar9bL9BYoKzI8ypqzxfsMJSYiQziKpEWoaJSDCC
Ex4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED3mqLx7mUQlV1YWlLnecdmAghLw
+jeehq0xxQt5o5VAsKJcy0+00gqRre1nhO/2cQRsFmJHkOhTtWzY7H6P/0Ayw6iG
KvSlATb7J+tV2lT4UJEzr9abvMIGwZ2wDNZAHuyWv7hKVuriVh/NLsDDFeJXGJVP
XJ01saqeGsyx4UJmjV3alsjtqeEzcU8Dz0TA5l33v1FNXR+HB44Sejg3zHWLPw+2
MMc7WiNZeIcovrOKR8RAuBER74EawkBsNoAG+itMPIr+iTjXD1AJNOADfz2SBi7p
zPMS5ypb70F0xnLwme3MS6QMSkV5Qg2llDVzDR4vfqgLWkjN/fUOei/90ERrY6Cx
Dwt6x1oy+cIi6DmMKBiVnblM1UdWhGsgmaA6LV9ZKm4BFXPxZ9HJRq8JXgRwBXRO
iH6xjdjkVzyPnB0jeGInCRBz5vPp4GFUhXPu1wJzuOjVdvMecqrciyF/sN/RfqGo
KmZ2YO6iKAt0aijTPWeDprUeE3BgEQ0DWyjySWTsnAdqPBCT3XPpUV62nhb9Iu5/
P459Trn6R0LapKmeKdTSj6QC+pnDLe7dMIynjzirX+EfkFJVSiy/PgsnQlA8vRut
1CtmYTF3GAtBd4K58whmTBLBzyuJlXKNmmZ/OvfalVZ/+Zsz+vNdgvurE+Gev2kO
PGn+OBtx35F7joWW/HVgzhySOztE9/erD/1mAc5Gi+YH5pv1iT7QLtow3x4srGHv
TBugWvLVdIkzufB8k7IlDyMGYrAP70BK2ogKd2J4QqDot85YmwPephof+R9SzU2j
PyahZr1xwg1Lbuw8Qhv7padO40Y+Af55ZVktcqV62T4PaYy3Qc+gTOSfcNf7BoR2
aIsaoX+OQVuL7SQol1tzETE1bliyZj5Z4DUWxyqmrz4fJHKm99YubT6qe4nlCTFs
NrRcris570kqf2EjIs4VHzpN3bsbMG1Qwr5lb1KXT4EjBO7LFeNppze7Az9Vq3aM
ZoLQ5YMG/OFDYOVIOHqjq9zgoRw2X5KaXC8Fzm/hiSqRVNtnQTXtQaVbSWUo3voP
BX+0zL7U9EGyg3/ZwSLHsteGIoDGA59cFYaG75GTFeR6l8r97ETkjxmxsYbMTyRN
8HfSx3kQpm4ODyvWqaXZuWM+uzSQuTMXro84RtndNGUryVsQItzw8cCTzw1ejwj4
9MC92mTKgXkc5ShYU+TiKTchBUznGj27hklFmss4YC/V2Q2X5TzdFj6O1cuyP9QH
zBlYkAgxl+wXuyr4Q8iYy2JN4eC+LQitnzH1EANrnQ06quwQPtDt4qyrF11u7VN5
wF84SvB7KsJaj6ft5FvsPjafdp5z8Yq585ytPwLQ8+os0fJC3GOsIzngpJPx/13d
+4MV39BoENEB3AJe3UHtafueBqmwsZG1ps1gcX/Cnrrkrcywi8tfKEVXRaERzKw0
D41TD4R3Rlw5duqTfVJ8c8gSDR84UW+XZ8e9aXRKPkkQGSvfquuTDZ77ed+0Y5+g
2hse1k2svSQFnkH+OWAcGZy4RarI6CoovVbqaByGnwB3G6R3rzitT6g6b9kV+qpS
sOnBanfi4yEoYUVw9eo3cqLnjo63eT61aOcl6DqDRo95D5VLZPCBt2xBh9D1KV+b
6kvyLOo8/HJDIQHPnsKwoGaQMXkg15kAx0aDxKp00IFxaUU42cxKMyEmrfzFx7Dj
cXH/++jrGD51788PaAfS1L73WAlQafbExqQe4tii8gPrjCyVo3/XsIcciz1TJDW2
OOfINjUrCW53bLkxn5xA40FX7zOBGzwvNygBfhnUlPDEthU61q4MU25UY/tnFPqK
2GjtgQrOVpF1itYCjxWcFoEFWYCy774wU6juHT4nDuKpCLXuJcnyzRLbmRnQpO81
skocHI5mRHtDYfeyzioGlqGG8wC0c8JX3wrXHX8LSnjkQYf4mPiClzbZWXSA8Pe+
xwxV7EvU4maXQBIWUshvL85WdfXABKw+cvg/dt0OdCt8yz2vz44qf6BNt6z5jMJ3
SW7Bc/4FfH5W+uZV8uuXChFs7aWVW/rWAcB6saT5KoOm3EhrxXxdGJeeuOP05xJO
UR8hsj95Icad4yP2mtnh7kKrTXtv7MsRsJKqLWrhaeSDf2XBvluolV31F/mFYmaZ
gdvAyxbL6rY5dljH2moP4TxjvaA6V331FYCecnv/e5UZQBJLE4WEZYYAAuTwgn2p
/B85JP1/yB5BP5pzmf4zM3ye64BKsmjN4xwsFkHuKg5whYiKQ+/BhL2x+Jsu8iY2
7y1OAwMhlBFADf5DjFsufeouIj8P3wpPMF3FVsv4hgkQH17zZiNtyaga9q+zSz7Q
omgiUOJMcV3LSXnjkf8GhyqwEu1iZDmn1HBMy90ASC4bTIfHa9bBG5TJzDnNtUiC
FHNcdERJw28fod0FPvZQaQuvN+sLJOtmaycsOnIkGUjqxu/GYRR2hBPo6QEuwxAG
paGbRSmSLoMg65AEk4XKCsTrEQUWvejYnIi9G8J8fu5pLoHZ7HQUBttthmah3S/A
s/yRcqqUz/83XOJuf/OybwGDGRGS4YO3Mnq9H6owu3F2h3BwASjK//nf1xm7AvpO
RxskZ/s6dMLJjWA9+g/uacJozJa5d5Ey6yY2TKR8/Tl43/b3laJFj1rfRcXLPBJ/
AJQK60RoDNFmmJKIF66xB6g8wF2pumwve8XW/BK+c7baEInlSnMqHeqpoACrk9BZ
Y+hM+2Pyq8kK2hvwr4eG5C14zlJSwrT55SNbSY28iJUEJNE5dAQzgy1f3vgO3Key
pTCAyPZ1nZa/1ttJOkiHwdSq5ZdxxRWC5WZKv+9bHdgQqqmEyNgasTaIkdjeriZN
pQMxHCVUBUggzpF90c/GOIx5F2P9f9cRVE5eHACIGn9noZgCrLsJ0VMtRWBy/dCa
3eSl++nDtO//2DHkUHLjdIZ1fcbqE/4BG9z071HZhOP/Lu9thTQOmutlW8s1r1XQ
LYe9hz9oPTVDsVxNF28k8YKuivkBic+9tw12H4pFyBhJyj8+mhXm/dbkq2ivrRYJ
0tP8vrLfTbT5kocdUYzpauQR5K7PAM+pNfo6vpOLN+ODgVk9O3fOYoqk7GmfN0YU
wXC3tPldjOSQhNCiH6YdMljREzY0lYf4u5hpBimeyS+WauFcNu2Misbo3e+4x3zA
3DyNYJKgj591NEbZA0Nd8pQ22qvBpsKyZTIav91dItnTsORY8XTvXmYj+wYt/0wB
/l/G8jrnXetyASXo0gARxWK02+dpn+1waz4ml98luqyl3fwp6F5X3vimLQTSgIy0
RCgxOzZZBQxX7fFrT+erTGjtovMMXaLwepMqrB6aGAF611Ku6bQ0c9/RpYK+tegt
R4ZqLYg4Acmam3X4mRmX9XZC7WJzYIFuJRQw7/vFPBz3dsrtt/F+j8ggLF+NLM2B
yfZMUYJmrf+jU8PxL4mHI5UxLjKvhZ/LyNG3jbTXT9jQeK3AQ9HCUpXkFhbmrVRm
LQMXiFq4gGWm9PgAweg3fY06TEyl1aIJyDNNeI1d9vWCiNG/tgH5NoczSUSbOPSw
l1WCNMJRiJHAjWGHquAN/seBE3gCFftDU6UgZVAgHOwE3z6nVzAzrmfR/Lwe1kU4
T+WwUYBi0CMZn44ecVwA4n3GL1aWgGcKo+g66jUfTtng2IIn8dm84QtW7RDM4LKu
iOfBOm42+RzL7IYOiZPqzAccfAOiFb/yOekTLaktqrksv5P8PkNkgGFBFDrMc5br
VTOZVVDiZcvQZ6kvW1Hd0yHfoGSqM/YPcHvUGjof4khiq9XXzwFamWwlknjNR/Lx
NwCDMKTzXEbiuGya/NZP6dKaZhSCHMmE1Y12TVgS9+q45eY3J0hHiKnjMrEQP/j/
txu2pgqDedURvXNsT6R+R/MIlcsUoRJag3zVxzTaJghdZdsw88WO/0IzTIIZmQwd
v3nDIYOZwVwcL5QnjKgeMDK8Tr5BHBJDdV8QZOpVtki7/EgJ28ddySuaxqtzzYMX
sb1eBNjSIjgx0a3k148jnf6V7PqVy5m/2OPcQmly/3qtl78b8N2cNBzBavyAKnUM
68dCfQ35iCnVUIfIwfnUVhNKiiKAGM1/6GBAN4aUgqdlLq4BBgJMU9aYRObiepXc
YVKXWJOjsKOaHKTWWTjaWi2DEn3h6PkLidZm2ZMm5RJSwX5H5Qj4Sh7NcATBZNnS
bBOgTrBj4ygNhnPWStTQOygKTVZ9beT+GLsJGD9xI6vejiro4j/Vw3sYTYuigmCM
ufMS8n8P2IB/DjVU/GE2+dZ5mL33sUbjHIHJ6J6+1XISEI2F6YILoCK4x7gBp0Vr
5BacDYcAwfgbI45ZurXWaxY2ij7zHg9mupavujjwv6y9MuLfKHR163xEkFX67ZOz
u4aCFQZ/8u4WiAVcyQKTypzfNxz117azpUwT7E2IEpPF/zDVpeo7K2W4fHgrG+lp
lNc5f7flrrbr1O9/V7dMTmqocFjjaOmHOvpVV1kpKoscVEoEeSx41nMmyPyJkEDP
INDak1B9tt/t3q+vEQkJKPKojFQlYzcHS4l+z4aJ+4ccU0+3K5tfrungA9LCevnY
+R/RH+TIGxGMW9WwWjqmKIPlhoD8JmUK9tYC0JHWB0KL7hxf13sIqI/BpNGRZ1oG
40HdzmxYZW6HQvWQtUYFxDOa20ZtBp2rRxJmHuB2gK+Wd0t2/HXxQelJjaW0YQaF
nNmee7PTMk1bCBYr4cJzmOCfTtHAdHNljrzY55BCHntWekYhk5GpzaMttu+4BsW2
lSrupr4xY1zrZkUYGNXLgU0/hmVCasYJSShypw/y8ZGpFI6uEzHY0gok0akWFLe7
7SN0PdxP3abKrRlROInFV5YC1hvjSnEStZZxk2Jv14j5q3dO0CWROB/y6+P16954
jSp+i1/FOp41IpAt22NZgwC1jMg89aTnK79THy+SSj4S5J/2h7QaS3v9XdGKmj0J
msVwgavzK2amj4InTp5/dT5nMAA+GgvvF/8+W/NNc3yTSG/D3M5re7p2Jof7Ueo1
Kja5Sytmef5+Ot6fhwQhiI7nUZC0dgCXg4ZNKR7T4CHa9WB1YUOtNrGr+Xi2Y7F5
nJ16NC+K2jcYxfO27VTNA3xaOhtwg9pioeYaZmqErIRhm/8R26ganjVK8Zx9AmxK
sn25U99AmTeiMNxwMRFFQC363YrcdX6kz/YV81DvEv9SeJ7psPYlCkTVJ+OUn9T+
PauBE+VH+Df/CAjF2yJyEMr+M+QZiXqxBI5pGC9lDRQvlEzkOKwbs0d1GlQroafw
KbJh6WiJufkF0nInX8FFCIUKF7f3WoqrbGGXm+rgdGCthmxvv1T/vEuPSEhJyzX4
pA52Y6LUOg23VlibFqWZVtZ/SYG7gZ4mT4iYak7bA/g5NGLBi4DCstHKkWRB48OY
bd/v/ix9ell8Pno0ximW9AI9vHbZqAmCpMjKMumYiSh3UuaxfN3Wv5dU6eUbQOzo
W7yrSBHi4Ik8tbe1XjdKHg0Q90NHbxBMIZYO7NC8gTM/VRUNOR0wZkjo9yzmu/xN
CDdNA2mBeFwoa6gkhUOahSLAgfCcHYKN0yv0JHTYULBkfGG7Dvp5Nlj5M0oDhJo5
0CP7VXrZUyYDUbGzZWS/JTH+VroILUH6exoyHIJzrwTRGqEZmEcAOv5/r6fGYQdx
UMWrAAuh2/IEDketRdcfnRZLv9jmqJj24wFjcuaiqGzFlYj8VWvfjn1hZDUDpZOS
aO0SEBBTr7Oi8iryKiT+fvaoo/SMm9fu+Rqatl47jO4FcZYHaDj0GE7KBEQe6FR8
S6jqCH+/IbfDXj/scyQAyE/PxCW2BJsihktnMXqz7D7+8C0JYiQpXw8VegGob60V
R0fYbKp9R55mRpxI9th+PhEhggRqvM7sf1Byaw5Kl5s/+M43RPzL3hDdlgDRGFz5
jKEYDNArBSzxUCrRfGU8q/OrapWmIjAFdMcH9MSh73X6SmLMTsHjniSCQ1nmbZUQ
uWND/WSArv0cT19TpVRWgPYZwQQFPE88x0DwcIaqz0DFpWgE/4ccx9uyQwfZeSb4
K2cp5yDrYxdTciH30Ha9+w+7/2XK/AfEgSBMtoYIkdN5yNggR7NLhjc3MzaHLhQx
WGDSsxoEctMaRW2aXUTpzIvjwAM0z3Z/aF29DnihMhTWC88s+rizq5abnNNToDQ/
lRUfcGKmV48N5Qrtr6UstwDqEFyMqLGnqR3WNTQYZM+4EiAVeVecZyjOayQj7hF8
4vGVhj7am2+BDuVCY4r9wLu9n0VCniC2wOAfjm9ET7RmuhoebdVxm5DzogO07bAr
lxhMnaxljhzQkS9T+wygwTBVedEJPb4H0EMa+E38XjO6l0XHh/F3Dp1yhW+RD3oU
jwrH8KIx1e+RN0R3zmkr8I5RFaIWWY8lQk6YgJvbsKjgCSPg+/hQ4cL6uLaGxkJT
gkBqMWgKsJFrcQst2zUg46wBjHJF+k1lcfkvp7dMQn/CbmiAZlkVTGMgHkrzBz46

B.3.5. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7605 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4630 bytes
  ⇩ (unwraps to)
  └─╴text/plain 331 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500

MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHDjf6b8nYADPvM7jm6fi20/h20vJSvpXabk
JPChxwLJxY3a33r0vWwEanKZo/k1fbkxXa7w+FqMEEM/3EsktY3BgsTBDC+vN2Dx
1/hX9wBNi2D3emJnmwEv8vOmNxGeg+P+vZN7WjM6kqVrUgEyfyRkzMo1o8YNaFgB
F/b9ss3PjYUEkN+k+Oi1Pyi3GIxPw1KoYyO4LXX4QQhTFOIje7b9UOZk6zeoz1qZ
sBQjrOnh2bKeSENwgaS+61RvS1FKweluIyE1OuUUvx46WQXVJ4czZmdnSORW0+nD
XbSo3Um6fzwO7Aqqbw82qHcg7sGhQWhbA4F2Ud2aM8p+zviUEn8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEARXtsiPCj7mfzszkuZ4d+30YF
Q2pPbJbLfhl6xEI171WNKwmLMtWS10oQ4Ojmxw+W2/yJCMtUbIr1gXWOlkW07ln0
ATq9WCN99ipuScfQ7mfB1AsCelAoxbEzGtrNX3IInAk59oN21SKltH4hd3UCULlo
So5A8AEJOdYnzb/Wq16ln1wOvAIIousVa335bEoAMco4rS4TitZKYdFnD4PS6tB/
8hUlvet84cSYqoFT7Bxz7TfnP+JksrSGrUK6dqWiFPJbbQHtNKmzpSM25Vfm1gHV
hPX7Z3HJiYpkGaYVmu89MbX52WeBrHj0BqMAk3ufG2exN0VxUI7j0burMpZ+tzCC
Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPvMKX3d5Gy0duoR8bPf3G6AghKQ
LqYpvTxH6buu+cekW2Pe2RA6jN+IBCcBJ+6cxCkvOPPnwwCJ69Zx1tMlcIVpUkuT
2TBdnTeSqCD68rvmVVJuwagJxQKiTOvRpxNTj+jUssmuMMiA0WIff/M5FFQAGJhq
d0JadL7CjuJaHYu/4aw4Xk3Mmw26Ptp2DYCzr316UksQwHW+OnDPX+BEfsc4lQjj
eup79OjAXl+11lwi1poPQrsB6TtxuIr2z8J99L6t4ZUT7WHmlUH6ukEeYmOjWIpD
9UD0VD7jZCAK5LE+YbDuoYuQ9vFjMnDmvZoyH5WAvSYsPSQSlM0oyVxEhKugQUIF
aKcp/fgnqcmtN9ko8QmVCvZpR7Jju84Dhc3Bpf/Y0ma0Qzqpu5IYcPmrnany2x+k
hDQaRsrJzkE/d0UJ7djUHuyeSucC9qj9Y7ch4RtWUjCKhsQs1BpFmAyCjd287CXh
a03YYg1/Z3o8D8ZrghJ3xmmHt1hCH+1SOBQnPZrPCOSrDkU4+BAw/oGPVypqYUaI
WJbk4xP4qi9EtLOHz8jOhMrgFlgMthbicK+kkHti3bA/xWM5I25N9mvDYjHHrhuj
0RcPBngxro6ZGrxvBYhXtSOGEn5RbxCeS7lZtAK5XcrAL5DV7mur+Ehp3NulTDj2
2GSNuneGWqYMMT8dvfG/UKmt5OdmOockk/x7UBMJ3TX0DQUxrJDFsUVUr1gbZwuE
5K16iZsNxoaZUi/cUaEv1ZHXN9GkM0wXNATMcbcHbbxxhd5+Zd/PJWmTbWK7Tde2
Bir54zdAo9Ojo/0AfT06nuQsVdM2LDr3PNEQ4aRLJzIDSA8IrQVZWB5wQBwS7Msf
2+CKkYwaWunIJ0DVUQVSg72bQ8xzT1NhuwfXIlekPECI2B8yaaZeLT31fctGzvMq
jodeOtqynMwWQBrmHVw1yHlagtIJdjEXVL9Rc7jOWvlqlrHE4QmO3EObEmQwmUHs
DA5W2ODPAuH373jS32Mq131XastFG407kZU6vHZ3HBtrBUmYHcK7Madx7/FYYEdi
tUa6anlBEYunHFs6srH1tif3v1iIX9UCqoruSGyUfwlNSXpIxEE1bQMigNu9Vgmx
8nAq51UoxS7TALdy+xn9uG0JH4JbTptWJqhnaDJfUQfHWBKTNQmZLElIy+Dz+BvA
GXT+V6Ay7dq0Zo34+NNVsnDa9rMqW/C8uDoCgADb4+JVQ2pwZgmki8FPHpXDKM7V
HX19hK8WGNYPmFot2aNujTRIB9VWFJhUCNpjgc0xhzbTv3V5DTOmCuXkrQHe7JjB
eR9BGvUs5KSjB2KegldfeFJSIz5zAEZYNeTkQVhAGd6r/OmYj0YJN63eXQCub0Lf
q920ok8k65cBl71HZ96fJqTDAfjA3LKanV5RUAWaTQUCg0OjGgNc1E4pCXa2G3au
VN9iES00s9wbsE2ZR8Hk7ysl1qFQklo2drqeKFH5pKI4bhmkMjeLIa2tzR6AxrnK
jKxIO6fpCAAvWXf9mRpuJ5YrQBqChE97AqfaNwE2CeSOkO4FYIXeOm6iK4iCFlOG
xG1R8uNt+OD/Z+6ODUGiogzH8GYjb1jDbLHn4q00hZaNiB9eCbP2Hx5ighKA72Wg
nGaUCQTTwS2N+Xty/u9HGXKK9jDWBrqTo5YhT7TQ0MiwjRAZSqRii4VBjyAQAnTi
ECS7wsAuljtRPChIW/JIaXlqDCTBg8hirddXSqgk1p9ZmClNmOtP7O7c8zxRhRii
NcgZOwC3DG7asJZGXQWoje/df9XTOgI1ucxmndRwmID6y3BQ7qCge8TubbnDHbUl
cAinpK16k327c3I0D54w1C+BNhwtRgtGTC3CXMsmEBqQ4fJDyvM+sLSNS+rxMhYR
K0WrOlGT7I3oNHSTjUQ+T/vuOm+b1ur0ziYTNnLcWYtPYwV812hDkuHSkeEXb7p+
HBJE87WtIHoYpM5QZSqWBTFAuMTPD/+3n/w3UqFq+xsq58QyNFU4007+u33ttYda
+UXtpu4iReGCHS4Ay151t57xFZMsXHVaTz7bQ3pBe6sEiXWP9uu2J1GZ7b0N7gWN
HEWmJkp511T/OuhmilfxwdCQFM2oJvftqt8h3ex5qAn4hHgipUFI43AaSAj68LaD
wQb67bSkJL2pMbGwTOFNkKb/Rf5O6ytV16S9CZJ+62Es002vE9b6c7uJQkqmdZW6
GQkKzxPR0ghsComJ0h81djW9BUg3qitlOz36GKDHU3PkmjyPlrTFamByceF1Bk7q
FLASGnS22UQzPS0iPpNJrsHxr80e9LqvMB+ehs74gDeQiULdowlcnlLwRblJJTkc
Qy3Cpoi5Vev/MTV+O2Kh3R5L86U/RSfBLXqby8dQISbEGUxIMe387kI2BjgDKV1R
ypOOGUBTneqpeBkzh7WZ0l713a6BC4sunMqkd6GmrD12V0/AWcNDBU7S17W4IQyj
sSNzMIeCE0gCVAQ4cJ5ANyqSFKwgbzcECBr7Ojbx3zsjOsXqSNvuZKzj4iQnbmvN
rUhVnU0a1gDozNXT+jsRUctKu/OYwp+MnporZrdMktt4KZ/E3LPWnLY0tUBcWgen
KY5ea9X7rPuons1LqMEMrLsn0GWQ3sDRw42vIPN+tmJUoeDTqfaW6knY9xvT7238
r1HcX6bqLLyQdBl5H9XOPEDiwH8dwYuHMlexpUw/oJ2q+qD1a4Mmboi7UYmaBTWn
t1sFSUAmwKt+H5kT1ivROq72KwY9Katrj5WBcfZWdcPaP1ogsF1sb41UzVc6Nwrp
MVjU+f4i6I1N13UXtAKcgwzUPR/QCQ1WfPC4oInSCeXnnmUFg/R7aM1uPVJOR370
5yoIy4T5p0H2I0jiuO1Nk7g5Mt4GulRXVx+mfDf8xytnh/QcQDmGER7HkFGPrHnf
Ye0fjorSCNfoaJJkzwRe+S8I5MjT0KDsEJlHXhE5HYMv1OoYG3bbvp6l81FFhIqz
EzkJKm6QSF4ucQFQBHhxoyPO0ck1o/XO2YSmEty76cNdgm0XDbqE5RY0dv6xX/Q7
oiNl7uNs+sCX/B5GXek4cSX4o4DpETAerxHSQ+RTt0uBGXdMa11MzXYzvVSwFu0w
DZ5gk3U6ol3u4d2ybyXb6FdJE6Xa2HECqY+8rjtAp6kH2DWT3+ZI+c8nRd6c6qN9
pDQU1+IkggGB110TW+Y1l2fvOqdFar6K3sNHRby4dNG2o8KuEYT/8ugX0vubsioz
puXFdGMGTtYdw1kDDH2jNot0LivJ83jCsHYHKho2tepBY03k5O/c5+/OUAeDDLeJ
BKj18gSXmSuxbdoNd6bOcR+8Mavjb1Uj+FUJX5rfeYaam2hGe0EUzy7xUTFqIsFb
3FWos6oUdW6Je2nBEqitj9JmtpOK1pQV/+HtGQb52VZ+VrfEhQAhb7AaeHTo3s1E
i9m6p+6lWTomxSefzXVKHayZ/M0VedRHba7aHrZoy6wq+QkpWGWzGmtr6RFoXJtg
PloLaAGIMqRhpDJ1ltJMrbyY53Nn2GIQJKz5pzyx5Q3Q6RzHvYBb0g2n8wYsmV0H
GzT/PMBUc6QcfWdNTIpQooRuIDL0p3iuNO+1CU4cDi5hiJ6MWKEyabsMqw9MWEX8
9YWG8j0fHOcyDaHh8L/kcv8kS7ZkeyULPrJg0LYGfCWUjhBuHRmjiAG1w/6XddgY
MKeSedAqY1k6aWbfgz6P3R8q8tnooRT+SSgafEf6FTL1oRqhcpebR3Cxac0f27GY
6s5WyMCMpqS56o5eUExkDHlgcY7en+SvrgJ53FbgGiEtX06F0/OXSTn+zqiCmJAa
nF1hCWkY7mqfFhlRfwBa8acf2zC6H8KVpohS4ysfpildCSvnl44YkXt0q4b1A1RF
Dv8/7nY1Exe8PbAve8ZMWco/ymkk63Jd566Xc+wNToKRYWPA2Otwc2DADreliK6H
Lh7rkX6ECjN3BouQjsSszZvKlUH3aUfGpXzR3QAPiLG7FBAI9VnRv6+xp1u7eSbV
xPQvaCQL4wpvq1esafxBe382ortk1jN8QkPVBHaUWbg/MGrlB9AzaW4MoxdyTiSH
40lXVci3ed7dMCdOpQo4yXiYzRGqUCAbXbQt9uFjATfWNQfpYkEJ/Deqg6mEGmdC
OYt8WhZ11YQGzOAtjbdjJtVbc8sqe9C4c9q04OUMQbBKeXCFn6BM60ZDam6AAUM4
gUf1zf/yuIuU13g4GJE8tQH4Apj3W/b6VDBcbqPkoSoq8Yeqq3qU/DVuKMdxUa4n
Mus4uc41tp5oDHUOr+/85OIURWJrW8Kg5+uEduYAmw88k6s8EHdmEcr08mla9ayR
m3pRnjAmN5vqrhq3Q403qXFv0ykwHjC2WOjmZIiK8cAmUG18H0JAbAcLyD5zHNIG
PbQB45HCp0OGvPhD9psTA6eRkpGgtxhDzwvFwZqYOYrDTIURWvhyf01V9M4ic4wD
coosKQViJ0GlpavFtNg5gD4sEbgfSfdwWr/91w+wewdfV9Jj2iOb12FcUSf2sqpv
cB6m06b3ZyRlcWABdtI1YL6f/VVY1omR60muzBhIP2jZgVq19DNh4ybqAHkjhHex
Z9EqQiKt1HmleD1sxtNKvWDkLMAIRmnxfrXkgWEsVw4kNSvx71kcjOd6nYUt5ye9
IIyIHxemsnbu7hEdWoaOba7pTmQy6I91CO65PcLvwUlC8aTP5m7IY7Uq+RUlreVS
1KcXieD/dXZ1k+TsC5UnCr4YjvCKLKhzSFJxEBDo72BrcHemHONC8gqvT68iOgny
GwsFYI6H4m1ZDUvJvMq2AGNgK8P1p8gcvjBhZ5rTlci2PugR+MTkV+F8X55sCtHi
NVZ8IcbctOf2OUd6hC29sKwc2T4mL2L1+aBxa+K69qO0ovkcoeEuQhp7Qq4GU7fF
v1jGl8AQn3MgDjK1gz2EoRfpV/ldPutJj9AE/6HNJIJ+EA53GttHHHmTITkaMpfR
RPRihuaXChirqsUj1oO/7/xSCh/N3YZqpfQjqsxVIUtYOaVvWXRRlKkZUByuc5dg
rZ0xjjkZaZKEfvwfffsIl/bjUeROkAPPRrRDN90kOuRSa6jMqwEp2rUtqbJLiNrE
Bd+WT9deckx1CA7KayNNnV4iaesg03rfB+D+vZq6NSvG64fBQR+Z3acg+EH/F349
2gqq5FU4XpaCtcP6u8/dDRKdXyhXy828ccNWJ376U3MGp0f2yv69hQxHZPoHH2Yf
MnpzSL+rvM3W7lmdCCBe5R0H9EhU5cA3IgC9CqWnW9i1UJlhJ3YUaceTAU7maqAx
AFEYkeFBrIXuFtPOJlpCF0hiKiv+ErAel8JsjbR4Uf2aQC7t7of3O555N577Kj5k
e8ACBNxpQe1tSYgxPtFmCHZpvSoca9cls3dBXUlGhhhMtIqW0EfzMIb3Yal/J6Ex
NS2hKchqPCdXTUbRg5N14Oyf3QLMaTFCNUj4F9QiKJF6GkYpbH7WWuiGAkZQ3Sfk
VZYAoVx4Jpu2plETEqkpqP/y+ZCfYEj87aBCffr6KMZV5Dph2Prgk6lGWQGPxhlH
b9yF43oTnrNhHvICmxveNRhRVNWNmGpCNqgTmzZYCsxEKauBaz6wE7RVC3/zrrjD
lF97OwVw1JZzKXDWidcNhfZhRA0fYA4PwribzPsPQL0R3CjLoguFBg/O+rdjs55d
4O5UFNk7h2ClnpA8IN1dnmJtLCTd6o0QWLC9lS3lonmdYoBICIqbrrDW+1GiS4Ss
pWHB9IgpnieX1+wbEGqtdPPe3+ePW/gOZTGnRvGvZeZbvHqrCUoGsqldBjwLBvD0
BAHwRFavH2mj9QTxr2bZMNtO35pfh0TnQ+cYnvtX60GuZFJM6LRydzWVurZXBlLo
v1Q8PvIjPUEpAZx1k2qSRKreV97NQU1QknjdcXXxVQCef6J4g5Y86CvlDPzRE8Ou
lxfNL1pfhQQyOQ7xjM2LCDkM2/o6HHjmqpyiH0F6sg/FklAYysK20loKgFQdi3dC
lO9V8L/2Z0jZcA5gr0GWc0/Hu2T7cMeK8MNvOsRpI9dUQY5P1nQ2o3Ea/vj2qvPy
Zlow1vZxNCYyml7+3AcsWG+W6Z70DJw1aOz2HAHiwPklH/U4VJtFqJ+Q000FmWeE
tZkFcKcbivE2E/sBQ2fGnmf0ZF7fAx9D2CMXmoq38hJeoBasdfLCjIU3O+S1on1B
IdVeW1nxpigFuyF198kJDuWcRxEIFJk5Bt8yG4KWyD+4R04NK/CPS56AyPoB/2CD
lmLZUeWYYGrqFER375gyRnCgPDAircopx0XiEh5ZGox3ml7/QdkHXvV8kx55NLGz
dNVeRNDadBm/1OIBkWpeQ2CMnuJHsIGDlfYtC6N4k9cBBIHfh8dItE6BYuDCzcas

B.3.6. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7845 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4806 bytes
  ⇩ (unwraps to)
  └─╴text/plain 420 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500

MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGXrH1WNm/k3nn8sEvr1NxWi6vN9dWkgNKBk
uyHpuWbmQxgdsC4i0rQBk0W4XOaDdu5yYwt4uzqqfbIlgJQRnFfNt5Dj0tx+Wqxs
/uK0Fp8oCFZ4pJQVyX4idSfWvbq6J3iTIA0cPHBogIE4y8mMuByXh97VK5IGKvXc
RDYnE9vsYJY0Hpm//5ZUvUcNa7PeIJmrv/eJ0kjxAW7pa/64ni9T5qP8BKHgvcJm
YFYS6zy4UMjRNEftjlGNZa6QElsy207BIZI3Vp3I1nvBCZI/Y6IHyN/Z3dKLG+Yp
eRhvtvF+PO+YeOLjm+o76hCIkJx8qqg3EYLV8dbbthK1aDgNO2swggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbVIWhJ9+bVLKFMdyq+QNi1mn
qFxMKKidulH5s3NmRCYn9/nu82R8k+r4+FeVv+mrIIH90rG6v8pJZDFUDkG270Vj
v+ZmqsJLTuV1xsS8p6sOi/1sdoHC/GBLUffalroOJhRJ90aoSYnM5b9h4hWxYFi2
ai+WG6mgK7A5/LN1OW5em+aWzWNjoDNDzLAcPapv7ZjeKA5loyIutbbl1Lgkta8t
b+hBmyREyCb/Qh0xS5ikztPqgDO2n39erubT09E0YzvGo7RTmb1DwnH1kW44Sdlj
wqVIwRlX4oIDLKMvPd717j7wEplmgAHCWVRMTs6E1cjNm+CezS3o9S+6CjkQSzCC
E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECNM/iph7panVLTQtINOBe6AghNA
Qo2zwm6jSmU3io3mCTlOe8vTtf9fspgytoop1I5ZqNb1lqgiz4jdvAbqYVo5nnw2
arDhE1C1ZaLGxTnRC0XQbC/b1tBmQepeQsOYizTIj+LdcZLN+M3AymhRPXWc0H5n
wibbdCxS9+OPP0B+QGfH95bSynkzdmD5vIiNuVGFm4FQOPnN3ZuPxID/OpVTZLAf
E9JN1SRdxiyZFDPNA1tduk3GVRuSt4Upb3X/jfTe6FhqDjFKCx4D1WypmTR9Ivba
B/+DiM9xrEry0mv+5eauxR6Swoclp5NR1jSWHCbD7g8viF2dVA01qefOm4+WwMbu
YbhjIDZtfWbNcYKtRnGOB33qSS6+K4Z0aPy0q/ACNzi/8srbxY+jRgIqimXxMCjW
y2hmPPct8YYx8333wLs/psld/zLowShPRg7Fsnj0HxDP1AKYbW6ja72ER8sDONSl
KpZ9JaHclqk9FWCBSZjqM+cChupgq74LYakwM+leXncSuNs8uMcaZYqrqM/nrigE
gIQ0jYOPBVnmm2SAGOdLs1exex9K9B86w8zNJKYuZ17C7I0iicM1kEGl7UO+Wu4V
XmYqLW1E9QmF+LFqXFQlhBbpfkRUu73us8VCyLN8aaM8Tkqean5cvvC02LFCySfp
hhQIPKgNx7ccULAUatdK5si0RW1Hg94dZW5FBn87RqXKLoUYuck/NZs9r2tSkKCd
VuE9o90GEQwhWvcZYiZz9OsPY4NkhMHQ2Mz8FeVPmqEmzRlnPJRBgt9ti1d8UfMa
xzMfNZru7RRMP46WvpOy2iGvCUIDwaoz9tY2+Q/o6BYrOn3Fdd+HRIk3PxQERjnW
UGcZtWCuaR3/ughENO7RkhD78sLGXe9Fzqj+CT6XxPRECtmd4SDSE9SpZTKB7rnr
fK7+Y2wUf8Za0fZjiqtmfoLCjG+58fPGXlcrpqDbI+iLmXo/YaiEeLr40Ifa6R8Z
pgx7Qni6iVHLFHV2xUurrYWQMqtysGlZV73kGMkIdfZuljygg2aytx5JvrKk4XlY
nnS5+N7yX9lI7pDj+k7kFJpDG6zEDiHyMtOLgEARvI8a68+6+oI0/QTi/t4aE8jz
xfQNWWBDxOqkJtvV7437P7D8RKJ5fKpoarCD9haO/WkZhI0zoCEO9Ii33x/Ww2n+
qbpfqiVl0FarBUwm2Ch2zCqF9n3xYHceJJz05UDqjn0i/obgYVYw0LHikI1Lg764
hy7xiuD8v24dOPpLBbVBqZnVTn++QsIy7UgkDOzCl3IexTSXIwCj73Jp2lNkyho0
NIZRo/SJ/otAG/qMzA6O/hip6tk1qo94Ku0/y2XtdTc2NyKGxwWN3lB8XnBIKDOo
V3d/eCDvmDFm1oOkHBtaa5Zq7c4uy6b1V6tYbqOoQSS9DECTKMNcQh1aG3V/kyCy
ddK8cKLDVPNXzjZVYYsL7/0ATa+iwjR6UpHzLEpU6BQWpPzkc6rgi6ornd5iYN1T
9DyxilBWz4lNVg4XyY+C8iFMiTcS1/+wocjrV4/rReyDX8/f7IMubpwtxC5Joe92
bwrkHg0imSBZv1oiZBVjORNv/QKD4jZhfjMDTbGTuMllowR6Qiyw0vgWXN1jbjP2
R/HcWFEej8HwYWTR9RUEB9GFnxPsDmv2EZEF944hp7Ic2JtI1M/eKc0r3VGnPIr7
q8L/4kMA1bE0bbyCKaSTskVD9+81+dNxWpPICArAutROOammgmwBQmjsyfdCRaCX
Cu+P3HoDV11s+Nu6PfoZGjEBboaphvAkvRbboH5Zi6i5uw98EXbX/lsuBj+xpBeS
4ChlG/He6/z/et6zfnewQ7VVcmUwi3q5xIFMCMr6/w3uO31UgPuq6CqMZt7wSid4
78SPQ03EmUeAtottuaKyW38pUiyfzZ7ZpBVuPCE9MXR9H1B3ccuGNJdtUcPu6UBi
ZZrkkg0ahBF25NNuTTtzx7reETt+LfQXQlljxYO7qfoNa1VkJy6ZUJ570ITorgoW
sU3/W9sIujanCYHtJVHjnHnFYFasbzkS7XRi/mrPx/P3R2f0FQW/LBJ2CMcaFxMK
JkpfZVBxHgHmv+g4UFnyECawrxDXoRuasd2F9AvB+YqkDLLxdHsbBiCnpjjetZyV
DSv5Dlpr19jrfbgqb9OaQVigeCZxt1WXV2nx6UvU8ZVfmJPb2O2eBiPKl6GYyGNi
cSdQYzy1KNR4Ge0sNliCYOipwAYrwcDmcT9S3A9EaTqy5qh9DeCuaHhMpQMrRdeI
X7KKs5Q/8kSeLG2e3FqK+tX0HBDvJOXPV56NdwHWtuysW6p8I6HAmQZLG5e25MLQ
UWkStjI9ot11X57ZbKxwyb5FLXR3dsg0RD2ooDQxIqxulErogz6QSgk413I3c4Lc
YnE/ni5a0FjbSk/GozWoTfE/11FRKJETL25KwMSo7x6jZSnOQVKFR/z/gNdV0zsi
MEpeExLkPt8PYVCLHJ3RNiLEGZBnWyYPtf2+SAZjNZ16GlUIbOXlCZxdJfQYP0M7
LNmRF0eBtydwhnyyjm3e/ub+BgtCDJCtYZZLntmZLbFIfFDoTUeLX2Yz8uwRvkKo
tZY2yd42PYbiP3ShlxmIWrYllzlnmFRq8ack/ooosUxwmu3QOAC1k7Uzn0OqdC95
X0KZ5C2UMD9O/+/2v/bFohGg7FZH/kFjRUoJHgzG03dYS5fsr7sUQ2n4i8qmNWkF
cQhNIsaCEYrXQcIaUOUYjn34GN2UcStjCxEN1N0LWvXc+ri72fTVFbO/oHEPdOLe
gJUNg+HrBGZvDdjLvXh8+XaGYXhwD8sJR3ZnIjmL1N5ExrUztL6lY8Pxvi0TnntP
AEXrJjxMX41WzZ4dGQiGko4GDmcQxz6XS9qRe6V06szDcD1WMo8K6XZYFSeogUvk
Frw5z1occx5dw1GNI81ju6EjlfzJKyyEvbkSGFKh+KoSP24u+rNDR5pTXvgrZcTc
8iBC1dbgQrOfppXVfV8/PSjEM12J3a5BFK1WtHHqF4uvhUaYSc8/i26bW2Oe78Co
bFqTac1us6O2iHkyd8a5rnA9TOzN/2lMh3Kxtlddg1bIAPvrHrAfMEp4LtBQqD6p
ztbsFjaFJ38ErhFfyUNIFm8RpcLWFS51MTKHkhdq4hFgfYa3oD0QAHeTmtMydniy
sB1VaSFiihGPdz0Jc5DH3ctkW5z5PoKcjGO+zInaT4ZQbIxQeXFofn2wOD6bEbk/
REar3MAKFvpYGVHrtRLnVhBtvzF5YBl6DDm7CA5uwdOuUlq3WZixz5T1N1IxQEwc
9giATZqkns5KMzd6HUzCrSCxRLK5pyDI+0wDg1kNEl/Zj5esdBV70XtBE/PwxM5/
WQJEhHmlBDokH4wFQ2P/MUg0l7DEZju64u8ecXqMMYV2IdLZUp4YqoStSIk8j7/6
hYBrI5LmC/Ix7h0UZzbJF68i7NgV15jrlraF12SEk/CCuAu28xtT8r74egOAwNbo
zi/FeWIvtXL3Yhf8JH/ixoq7VIDucmaeFNTa67z3AZnLvpBluzevUU1n2/oHmgAD
c9nGegB6z5oqYxuqQuSQgMbwwtcYw9aT3vu9Kp+gkxqDPfeegVTFPWSodXD+WBWg
+wQD/alscbM9OET2jjYen1kbiwGbr1wYqPaLSlhm/PaSDCE7bAVjNhtm3m/PeThT
C7OomaXsSiQGJYU3JcRGP1jHAA9WQMflsCimBfMFrv93VkJm0LdbeFeCunPeV/jA
Jmvl0Cp0jBZMbFrng3P+kCJgqVMO5tOZzclvTFQu7FhgFOxAdC2S2RWyf4F7uYjD
SfIize9a56bglabgNitpEQDnLMDcPEdPXUNve3aWTZxm/b6GsqDjw3xdXF7fHwHy
0H1HB5iZnKrIWEKEQ39v7kDdLxKN1S2QjOq67dK0BsJlfsqeXndO+aiVfX+Ba8V9
79w6+pbA3icZMxmE4NX7wwBDSH38ApMrlXxyi5RNSCT7IYa4cLxmHVHyWWm8TCtA
N/vyBGrMGWZWavUUVdwk+LdU3PiuyOXR4KzegQan9N4FQk5UJtl7hyVfL8RSocom
3gqxb6kp1TSlVVi6jEBiMVaV3iIl+2L0MgLsoyfm1WD3RYkvh5+IMLXSotqyHRVf
U4ba+gCxZl6vURbjl3xl4JMOOisTCXBKp9INr3eu0Q0PQ6rNbqx7Hp8GjJx4sXJK
IgtRP7k1960vtSqMb8b8P3l/mwqvB78UlawDr7CPgxeEII5liB1zcXIULstXNjvK
X4P073MAonSLwx7mNY9xKDRuPtDWULdgi5pXgs25MY0ihsN6STfI0B+TTC1WLQvT
/5UVL3MitLxttN2Xx2m13KlM+hmeOihrqBKZhgZIRrxMSde5auXUlRqlcN9VOBrI
kQDKJN7ep0p8O12R8Yqa6jeOvohm+GU0V/GjCxoilT9oCfhkAAB4xPpFCYEtPGyf
9JAe/NOkoTGE4LBzBvGERqBa058QXgQ0Bdt4tEVsZMdCdFWyBqjdic3smHV7TCNp
2UFw3fgFKGb1QetyuQkF1gdLCXf0U5PlKpA0G2jh7cerGQZsXZxnW47wf1Ndgw5s
9GR/NPdZgU0VZbJUN2mcFz4G9ZH529P6fDCpBdHNjytwEkk5PF5FGKiTbyufN9d4
rwNnswfum0xd+iDDVcw62233XsiABn7cTdIinAMgVFka5nyjer5rahKb1LbpTfoc
M7UdiiC+v6jCeKAZ0LLeFcDzup+MiVZ42Ej7KELseu7DgSOz6H+D0irGKJYRFoy8
Kk005aNSSKW4MZJFKnFH+k6jbR7e2QBR1Ez5vZi1sll7VE8OfK/dig42iEe0QjCQ
a2cq32gUJk9vx1XigKb1uXtnLrtgygNsmuTlwHaRZrJETIVUn/v+luj0Ork7eLSH
ROuUdaYravWkRYwMbVSXP/Nien3DXvzaxH0Yg7cdWaFP9RTXsIe2N3SO6TzKgKgP
cVZ3qwiFS6gt3oO4tXqkZYmnj1kpoxHRYCj/dtBywX+0V0oZznm/Sib3ldnHBnGR
ucCCw37DDKxad8H5c2NSDOQ5s4slTuzaf/N1x4d1UoKzTCX5WecUJGIeAduYjdTm
ZBrkkx+qPy6DvnzWVL8CaI3zfgBLoLuqPY5WRufCp9j9raLTg5XWFGabXFzQFR3Q
a61HhRCp/PihuQjmzB9ptTYaAT8JdO3rNDM8Dp7gHC/KFkbZLvnrhZUBLWuP/YPD
T1cKQst74EmxtqvkW8lG3h/NZZ7PoMRyL76Uq258RNkibjDhwGQKGWvHL/KhJXZq
7OZ8bdceHcz3uFYbV5gfPAbYWRgYtctF6Yg/OeMQBI7g0XTLzn9famG80pOiLGlV
pfWUsjkiX5xP6tz6zyvS4d4QpT9e5/fB/PCp2XHEwEuIZLQz2uiqwuwnDnOmi8G7
I5cxhgPBZA7v73VBmLP5oJ71P5SmOWfAPB5xPXwmDkxhpg51s4OxDOqvEakQTU20
udBZsy4GSJyusTkeEy+GqXCcspEuJ8nEcJ7QlUTt1lsShzfiVaXa12+U5CB3kPen
Tv44U5XkQpOB7Qny6VkmSy9C9FxSagQfsqhvS98xB+zZ+JFvSwpfFQ/1Z1wCkCvS
FjkUBep2DtiqWBs0FW+UoQfo/hqYqEtYSyh+nmOJrozT1wfBdxLkSvH3QsC7p+Ia
OaPsIpTl+8fwngzxE4CBOLHEuyQt8BrUrb5mvluTjATicxSe39A6sDqPK9HXjYbb
5eJfY2TT7PvH0S21hEdUK6KX2TPFgfam/KETn1wFZxFxf82jCd0PM5WQn+COYkFQ
KbQgsiyDhd6zqS4o3gOF9gFyRAA6TtaTygaR64kTFsqWWFDA+V21fz85U5Wy0KA4
/s5Q11MJfrYHWIn2MsBYMi52Ac9JqK3Fm3uVltxRWtNCmOZCuoJoGePlVNUfA5/3
wK4Zs5XERUmVKEh1w8DMduuRbZfVvBmE4/8aCjDCVfbvxNz7s+Sm6mvTmDh3RYUF
ycMXmp47bO78qgAj9hzCcYtJKzbYc0d6OvLKjesGXycWY8irkjwzbDxVcPghoYGZ
xgverdClW38h52/Cb9jXtYFek/6ZTkG4tmzJdwxjqcvMsoZnmpNIYVRRb5bTLmRL
JI3VBioAc8D5YsgaSmd97GnASRCaS2sR2zUfSE1mvXiJr94LrcDyfk86P/aHN5Ly
9VhHlyhjtILy3BOt+uArWFjnIEJ7LxHd7DknIYQ8JWnxYQyEJ+4zpIkS8weBs9bP
BDxwfiN/gUVj+PbTueLVR8VgYzta/yc0PobG9liStSiQZdXoCzihjbctN7WbYb9a
7O+E5GosuFO3VpWxchFXWSUziMnI3Rn9bjzK/xEHMgMe87ptvIp/J7dNwdHCYU2z
dOi3aTvuK+9EcqUKl4k75wY+sysg/ljl+YrwZ6AFCOJ0q1R4Xpsu0GszFGAh/Pgc
HR9+sS2JY1U32Pw6b3c+6PMohOZzb0i80GUOphN0SDH+bbKWejwca7Tqee6oKHRC
w/zoutXWDDK8Wmd1JTScfF/z0DjHa771J+7ypwu+JcDhAhjqWWMYJ8G89fq9CkIL
v53RWDv4IhiylEv0KDaVOKDVJ8OpOIc0I7SCiZDcn5c=

B.3.7. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7800 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4770 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 920 bytes
   └─╴text/plain 327 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-wrapped-minimal@lhp.example>
References: <smime-enc-signed-wrapped-minimal@lhp.example>

MIIWfAYJKoZIhvcNAQcDoIIWbTCCFmkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADEgUQKlrg2+/XSX0UPb/Ei3BGHV9bPdcdb6
9Kb5AzgrFjXl62h75z9kr7n7laGQIEvqVHr/93cOMCfOrmF4Q1jiQC2HazguNuQW
x9frIxOQqKnSf6rkeN/HeMp/z+ySEn2rAD/zJxQkqcX6vOLCR1O2whuQzkCkWSun
vgWYeyOHcf7tbf3u/FTAZkBW4lfpA6vBgNXG9ntspArT1OIyI8sworBZho3nldHi
Y7A/02cARB7jVoueV8YhcAs4QPGxNtpseWHfQn1ISTT+SYc+sBmmdznvWo3w9a+0
HrXHwYaayfJ9iH9gFLeiBGNC6yahQXMbgzxXHfFw6wl0LvGe2NQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjtCbyUK4xtTg8t0Bw1L16j24
DjRCQoOLLhszshjDrp9pnOh6s1QJv8VbzDevogdYjAqPWdrDmk1tuWch2OBIVjtv
rUEXGs9+sBmZglM+6JKfXsvwXM38Yf8i4RRapMT1V8yY7j7QJCXZNh692flbhxUx
yaxznpBTqRwT4x53QrqegkW5YWpDvAd0PjUTlPHJl+4ydqKvVxccndbagHi2Kr3N
Eg7zWLgJJS/Qdmbo7J/ABG2iMGJy7BkfSI3Lb3sXtvzo34W92xyrQl5djXr4sdgn
6pAnDdadewJPjkKOCJyEMVdAIU9Esrr24u+3+M/JmBwK7n6GWJdZ24BU9OnIXzCC
E04GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKsx8ZPSgjzn8vj4hZoLZmuAghMg
iS17y/PtsB4ir0/csayKDxSY+QJi2gtR2PJiBXvcd5798sNfVd8v1gAXrRD7gEiG
rc7epVre+xFxcPxPkPmvE1rINh7rKqqewi9tkfjHDslSuuMdpk8fxrzmMfBRP3Gf
YaX68MIhEUPoP3IyaKSeGxmttqimF9r/5px/QHMu2F1jqMR2vTJvUs9Rdjg5C2Mf
CGMf7Vq+nr3sfMAZCLHRJV7DpakDcI1uYHGAQr2v4Hy1eKpNl7MDWQtAB7/9+e7o
HHw/wlfeulbduI9yZbQrHhVzRGzdVYSlOcQfqte4QP+wTr//Zos0O46bjxqFH6qx
Sy9WZmLI65f2kJntJ8WLH+6Fwh0q0+n9vXSJZRKPIRE9Im3m+WyJgE21ONlaAr4t
Xh3VetqpF2RpXduFf+h3Rwu9eNGI2WK+7/mkXizaCgo7MGh3xZo8vPW5RH0p0+qo
FQRFYl33SI1EhfgUJylqZITamlC5ofheuGFaZusbIiqiwJzHAjGuXjEPNw19ATas
Fxw1syLlYybYnxeXaPQ47mO+oHY22+5uy7o9/w9V+TmJeTzPoG+zjep3Ly11TJIG
zVGFDT1boc2XbF4i3KtuouPppZ0Jwc9vL5VW6BWKDMpe1hDfTSuEJb/OPF/9cCNF
m4ie91Ke26vk85Dl1rFKAiDXqTeoybboIQkxqJ9VX+9d+zkRIwZr6nDAfUicYZFS
LSYZahUU7ynGZi9NCk0Hrun33G2dPkMsCWAhdI8/EbFZQW4r0UJup3/DfIBpS2rV
Z+aZuBHUDR/VSdIJ/rWF3MvpfNBxPfkbts7Vir3inntwzEpw7LrVlU69pQQCq5mz
VICUCuHYi+S6x7fcFQqDK059DlL4kj1bRiBdzWAE4iEFMjX3w1v9Gy5TGbWCXOxO
JV8OQsyVKq4renCtVCZZ8+EsmuNsND4sQu7aiy1nBa0RCjerYLtoXQI7Mb7Q+JKF
tQbxl4Olx+C1Y28HcUyLr4al5o3fc7Em2Ymvq8rfrGiI8RPAC+ILPSY5BjD/wUEn
aUDG9H2IRvujrljKScWRhSFF7kC4cZTIvf2pSSb9HounYaL06fhn+ORkxqWsH/uw
oeeC8WAfRb0wHciuPzXTCDxclNse2BbOOra+Py9fqFgD8JMxj3JvBLVOb2rgtawk
z5j09zUQpXNudjsniOJgF9+gSIx0Bauh2Lvh9y/gQoEegrpixk9JYsMQRFLLPnfd
jnp8V19NiAalG+Nb2JSMxtmiqCKOQnlOyi+zOXpPt1TVOpfF9z1dyIrJ9V7l/Fry
xdak6KdpWa8OhZ1TCvFHg9qjRvqkMu5tsLo152pFxcFa5SVOgNgTyiAtlKAe8Ndx
+2AMb2tEHmOEzKXSf4F92q3qI66KdMaUQjuwX7PjrJ7VVbv6lC1NM5ipgQd9OuMw
eXeqwR8I52bpsdwWPcCHf4Yz+hcgGil9n0XPtbHEjSewRQ9Sbpmgv7eSDpLSdStD
YKvIxlQ2ryp74wCMJvN4XfYpdi2wbRM7Gwth/65UADr2YFr4SvghWbMpJRZoQTGM
r1ldQvlqL5GPz1XV+xegItPjCWNiylJmCKl/YEnntd9ZJTJpj4PE0f6yWwLwm0S0
yEWkZe/Glujp6G53HGJomLlJPYNGv85+wEmHkHF0au6K2LmNtdk1D8b2POiCI75w
mlBF0CjkNnT6ThDsNvr7nc1UW7HOnCn5WmI02MTzEVPUCuZguB+txXNTtWuf6wRP
eomizA+yRjQDjqBAvIEHJ1O3iTcMhcrcuBYFX6zAl20KHVsVadLS6KGcAxU9iYec
3TYoapsk/UQfBajAABRL+JEroUv1n4rUFkCjAoxHIgtwdeUlHvzGPAQPA9nZOKEw
DIeyqfSvMiuiQ2lBO6jncosYYMFAmQShPAposPh+sSOEsm4qdyiKj57aukzHRwK3
Rvk0HKAPc86zgjVxycwmHqFZJQeQ+Wtn/F57FB4BgcGDG1jlkPBZjKSg6LwuWOGL
wIb+INJGPjtgupHsxniigLnF3mpjS6TgRgXKxzXQExhdJP4LAWfGtYllk1b39Q/4
V6vDp3orU6LBaqPCkFSzm2RH3rFk9uWoKpfqE2gYTQn+Z/jNmjhlXXQ3AXi6205N
9GcA+cLN/Wzb4OyL1UgburhpV98dWoNFxwAUsRQDYklW73E1+7BG43xj2BR2Joiy
WI5OqND9q5Ar4NdlqSNXKimbPKUs7rsmkX/4ZhGj6q7f2Ab3IOwlppriTiLNfuKh
+0/pEL7ylcCYpfoweDGOHYkQyH5I//E2tZi0IPVVsB2XZYf89/Kx9kcpV3GTjOtq
jDyg8cYBUIBEhk5iXvzN9qPQtKcYc21phk52AG2fKX4LJRcOO8i6Bt0AuDCOY1yo
CmCou2RNUM6CeAvD1ByfJF1Ot5z1Z5vILqNwM5P0ceRYvr75IYOs1iwD9niVw4vz
nrZF3p3st1AAqn0xU3+DGGkSCTG++Y6i+tUI+XG663dDgebHfG4hQO0uRjfwHkk1
mgxwuILvaKSnlu8RPPynmyBopwJzp42hlDsK/353KzW/fbNHBEVKdAdB6BWiqssR
mynNSEB4OBiEtlHz+emLHAbXA2dQR0VzMErSu+pL7qGAMI0uYV0yGMdFwNkNz9Fl
IMMZfN56MDXbVlupC4qOYV80o3JmFt9HP1Aym3gEcoTBqU9pywqtJ/ZKLQniP35o
EGr83kjqRrZEWG9tkPHZ/goYnv7jkPny/Xl3VTzoeO+OYlwjfTLkVCeaZYZRjymO
cRbwkDqoEceY3r+EzOu2EOczNwOpMmNGwEwTKjYQ3kCdfZOhOne/s5e07vwfttCv
/Isj2aruUyiK5t3pVverelLUjrI/f7I3t61yBvIZ097k8oRfrzxtxGJCrfIL93hG
xMwwYmBLePzSZJITPrjijQ3JeHWn1VjN8OY0hRvhCJDLK99ZjVEHY0qj2HHPQ3lX
+xlyJM7Jyz3Npo73kfPBAjVxNRvX1dnMwz/ArIxdr04NDncJlKrkAfDGl2vhXvKp
Iyg9tTWHs6pNeeZg7cNTdtHLI0TrCnlxYSp+A8iQGB2D8I8fVOX7XkqEO+WikEvs
LXiTDGI59+tqZ0XeP+/i747NjJDkPfxC+1tDXxADkFBcm6+ANoo1o3DrmBCmn9O1
ckf6Mz0uZjT8l8E45Gfn8UBTqB+bzjqPBzfk/Ad19P9RhpK0j5mcUtz9qSPg1tTY
wrwDro9fBLq0Z1fhJnHx3DGV7SZaMP6Uo60u2MO6NDVsnQXo+ocpU45CDsxgMvH7
elmYKhslSDSGRKAUvXv1VRtLB48q14Dgy93ElRmr491BmQTcgJIrlxJVmA/knZ57
4qY/jGQUarug3lCFcbiiEJJWMNoHO6Pe3JeYq5snveiH3tUwuHiJQ7awt8KJGQGP
Nrw1dQuk2jhrYSsK9CTQJQ+7/pf9DP3EuB5S5lPLs6sgQ9ycVdJyZDkbUYXvQ9rl
IjiIlKNMar/QswzUQSRGJmzrEPKP0lUFJY5YTVXunr1HaxQ9sFrt0VDbcTJL5Kty
Y646gRnQbKXXMdS6EdLmvpCAS7idGSajo95kUHWLMl9YhOI2Nf5i1dNxz4EwIoQN
2dPTPDuBO+D528sXnKs8COg7Q/g8Jzr72dBWxk5SxcG4L8E+aX/XBIKe1eUB66mR
bfrmdAuYy75WKrZjA88bzYg9hmVsJ8C5O37y6vSBOpPqfeus+IjIL5N37DjkUv+a
Jbm1/hotI4RNSAUmtrqqbI/Jklf4wwk4/dH9+Tz0gfI7Y4UqExlV49zuAtSROv2t
GjyuNOnIlpCZhvD5sIwfbUM3NxCNVwgQ/sHBnd42HDOLDlJwHrDTUH3pmIX1XYOt
+HDxecBZB5r+vGmbpt4656gFqdmMikyJSNLfN/KSg+SccTFDoPVs2p7loNDDFXVD
Nc2QR24d3Yn7oXTBXso/K4f0sFI3L+G3DVhnf4DyvkNErfYw5RBPgZq1SXqFSOCA
ZCVIhoWYU5WtVKPp+tX2uy9Jq3Sv8XvV+ABvcimu9K105kcMMsB6EvACBj3yzZKE
I3HyVjL/xsrBrMXhqH0liZt8XV87B0vzvGOACMrCzKamWLQgMjnAYPuSz9In886N
c/AtcB6sd9MsIc7+eBx0ZrL0VLqc/OVSdmx2xZIHIRpM4xRKLkDpnQOBz7eeVtXd
a0nqWLTlObFj79cqK3qZRTxBmsyT1U+EJpRhkRsTw2z3aGsTBgs0RRORRHNxoXr+
zMNlRpxeFllxFCEncKYlESBXh8O9hpNvauqQZEe5cSGAzxVBY5kJGl2NGtQ05emc
JopRgZkk6NGhMomd7nSbC/Xm59uglu4kYFagCmcdx77hkQUYENdvC6VqzFuGSH+s
9VNLqk6XHsF7JMD5zX3lNIJEGL/1J6Xje0wHU35O3wxWpi3eQDvqMe61iWJmMWZI
AkeoRYTe/AbWI8v6oRDOrYp70UL4oVbUj9u2XOZC3ileXlTJO8WNUdDYCFHhJxq2
9d8xiN0uKrSetmkXSIsWlkCK9WXIpu1XiWlkfa1G7lQPe7UzFuAMf5NfPVaLfiha
pFFKZf9+8FiV0ITW1w17zRHppxxDlaAk3RAm/PtOJL879ZVEwMC/ojqcfMGHIHtG
NzpGDh8/IJWfK4EP8TGJ+BRcgl402cEZNUBGlNINkPTT3+gPb9xqKal4vmyPxMxV
QihLWp46rN+h09pWdfBUTcCu2i9pPduVaFQlBPhQNqQpldYGP3doV/0dAHijPMin
6z1Z4pH7rJ5lvNhbwsF6FgQJCx8nvblCVDHgaEKSnzffaLbNFe/Ino2Kcn8FyxQ9
bg1q52Tc/fg9OSqL7w0mtsCY1lXyP6Pe5JM84ZS05qbodmBiFJEuhXBWwbG70cGs
YQXbas3elKzU+wXkiAhMZ6CE8tWKg4jg7cK0pFEquFdJywhyvcIB3ZcpF6YoYVMk
8rbp3tFrSPIZRysvYBaVWMwwVmtfh3Hm54j5l2HtQEsA/lD5Qj0IlW58kCvYKbOB
wHdchLAjfquSyf3kRtf9fS/3YX4SyWKzqhw8Obwkh3bL76dI5AebhR4HWCQvW6r8
tggt4/qewNm2fg3MeKQ+Cf9AG6MWhu5NpZ7RPjiE9Vo+5NUwulIh1bFOnrbMTKWD
dW0PveLdWdOVNVT6hnFTYYvmsmrhaDoVa0+Li8RuLhYsgVGahqOPxnmukSTTHcuR
uZ5apKQhIgdcNZtNzynv+ruAVoSsf/b+TXGoLQ8ylbEY9tNki62wl+ZgZmUSbMxZ
reoiBSlXIzLvNtoBpsbrB3hvp0v1+Iz1dXuEwOjwvEwwfq8+az/g1VA2iQRcDfzw
uedZed6vGX9q89IBerou2y2Z7a+f2tILq6vUSWKR3ThY3dPBTDlCmVgcBvqC7u9l
PMXh1SG7eGSlXvNapbDwZ3QU0Ztru7zefin7488j0qyv2Y8e8AjbxSpxl1Pgjn2d
sTDTlm9TQ0N1Q2Z7JwmT/v5cVQeRqmmXHDYk6U56I2JRdLHavyNJe8G0pPmQX9f9
YeSL+2Zxfx+VJ7N4ia6xv8HOfMxhJxRVOcHEaAGBS8wSaWniyZTMq/CdD2/gLhI8
WF3HsSrzVjL4WzjrarXOGWrZEgn2H2y0mK3b52Flpvunm+TACpIhzfP6MkdvFLJS
prCQH0fplNH/taeEMpcehv5qd+V1QHdAtx0Rt0Vx+j+gVyWtlA/bG8LtVDUX9kYr
ngwyUZS1wKDz95Dz2I6KufzIftSxSJPWl2IoegVu7Eb7A/xWWdDojUv2cS/QxHiP
NBplM6VCUQ9rXnhuM6wZQnUFboecqtxSBNmLgN9443vnRw+9xOUbdCQPVYDGS3MB
2t4X+TLBfJPadxtnD9YN+xpF2UZZbhTLBfw2gIlz5eg939BJ43WATFsrbXmvhVNm
+5HB5zKZDqdydAy4fiGeF+xmQ83xA6x+bYBZdEyqDcNMgIjkoG5fit1dVkykgtls
Iy58ittUjbA9wxVJVSazh/HTYpJ5qMLAFsq8zdcV9xVsB0SVuMRs4TtThSCej2lC
rb89/BFQX/BHcvTEWgsUqjH1rjGxteE0kUPpbCWW4bFyY53ayBT/0p66TA36DNTB
ddfbL26ptulZxKU4Gdlk1wR+GTaITVqEu7C+ZJWGUrf3BZyOqVJChr2ZwyKqUK9M
8wrvDU4eoDVqzT1z5Ttj/g0SGX8LjFv+Qznd3xt518MWiuguL/1FSSZeZPNGhFPJ
nISe8wWDh9MLBCV8xy3ZHAVLjl1+cYvIHhn85T7ToO58X8YFL6ki7k5UPm4PYQsF
HuSEWnQ2KZLPVUJw0ckbZAyWgzkwoR0SltIeaGvJ7nM/10WpLdxGQr3tnHk8e7PR
r4rsLVQJvEfj8FLgki651UrcnKTEPtp1TChLZbhegBSSGkgOokLpDsR99hGdQtQT
TCet+3Ol0Otq5uCRkncOGVDbrJO2yqONU4Sq0oksMt6ZQIEZM8150kh+bVxu/ixt
86+BxkTFfKo+yOL5/K0Qo0J2WK1ADN16IKZbrr3kQFuVOnHmKcZrt/kwttlO8iFj

B.3.8. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7695 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4692 bytes
  ⇩ (unwraps to)
  └─╴text/plain 339 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-enc-signed-injected-minimal@lhp.example>
References: <smime-enc-signed-injected-minimal@lhp.example>

MIIWLAYJKoZIhvcNAQcDoIIWHTCCFhkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFd0ZCRsgbltPZeKwiWXdgr2zAIdA97BVi70
qi2qyF9MtDCkjE1VWu9artXd4M220u4iJKEHTdBXZ7jbhI852ljKnn4JsClo7OqH
S4F5NeZyaT8gX6LCnL/2z9SoWJrOIa28eSF7FO/vwxgzBYHtSQBtUzaXjimb6BQx
TVq+GrpOiE+QaWzRTmip/sgOfiGPQBSJPRJiIzM0NIQhuc6ZeFpDyRz5/EK8Upuz
kOaQZhpGBAq6QeP13CxmYYSk4jnnhD2AjxRGscnonaluELmP4moEnc/SOLAkVHwj
7wEdCG+PumR5Ni1Jf/nxeopZKGYNWva7zQDdTqGdMIIIzfLaA9AwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALks1aYJrPOhzZXHz5t3vIx06
ssGmUbBL7qhD4quYbIx7rjyMPQ55uKOHih9F7PoSzE35IbnPLQgkDTs4ZtaVXcM7
PBVdS7qD5DpG8MG01KnAsJ4Jl0J69xinHszEmRHtAjKngqImWQGHJIFwqSyHijWu
qDuVz8RajyLdLQ7hPFkAcZG/Z5jCr/yR1K/zZIntgHdm2d+TxTIJu2uLzkAZx6L0
H8/VXloYxDgzrZ1rRUoOwfr0VJMcOhaNBv0Jy5fSBItRA8j0D3YdWNX9obhn4trq
mtm7HQ6G8fxu/pnMW3IaHZxzw1+HeZ7HoDzEmgmTjhlFmQwxxPJhxDJh3LaBVDCC
Ev4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFUjt86MMy+RRwRy93mHvryAghLQ
/QMIFUvM2LMdY5WoMKf0OvDUdxH0en9D0BFGuV7pAJ2MIc3jAdFF5dQyGKupr30P
Bpoqle9nx+B/9yx8VNFzVX77ED8ilv4m4ljFpYSgPfLnxsqOYUz0QxfxzMRaipwY
GE1YcqaoF5c+xx/nprdc9wBIAllzfgViI8uNe+sBU+uBHTfEU4/FAb1wc4YyiPAz
QnIMQOThJoF1rPGj2Hyy0sDXub3rhylY1j80hv9t4gYZcfVsbMXL8nEPVl4pf5yU
d8puc0TJfvL5hi8wX2TK7+iMXpsY8BJqs5i0LFlBUYN/DNDl/vm407xQqsH9ZfZs
/HGlPUU5SK/7MYjDCGOkht/5nm2l7HgcnKPviwXmnFpsL5pBgyo/+OX0mJkJ6ogj
YDvGkm44QctWqyaQnFxuQFTODSMsaK3bf+Pbpb3boL5Xe5c0uCb18H8q7ett4osn
wMrSn3KWrfaOsR/TeinnfzL3GeXCAGeskFb0+yKW8maBPSo4z9TZ9TvadOGt+CTt
jcAYA2WkU2DT2od17husRWjnyHZJr1xX7Rh6LjHuKm3CLF2OVsxP9gojEI3I0+Oj
+YXlalQBv+9+t/lN6iz5zSKLXpluR1uEPzm4PyKhQkFMd4srFGRsa6BVMIHhjpXG
kDrsdbX+xP1RPXRWsrAKsHoQ7xrzpyR4uSmW1US25FtYUg7G8z5Lo6pY1iFd+2RP
XoVClVqvOS/F8J0mBR+DA3V3iCsKu9ZV3xtfe1gagTOGGAf8Gx/di4gzXts6SRZ3
9R5HWi6uYUYvdbJdPvH5skjSQ8K8RxvI5aVpaUKU7Bq+sok3nYZjY4sWvlOAMDui
/NkD6AaUlklotIl8MjKPE3Sk4/TDUKL/jeT3Fj9r+6tgeROmjcQp0fG3q3VRbzjv
t0M326Gse66+BjVJ0hEnvY0bHvi1mn5ig5U5xMglpvIQPgPezEXEj2w6LJULE3oV
wuj4vdbOkTwDv1ZxZ08X6eaBXWihWQ91p4e+TtAC0SuYtaO6GeUBRBayPOuKNutE
BwYV/BHExCGdu4S8e4aYElCzJKqLnKFhyfmQcdMk+s0EOu9Sc97Tyr2KvQQfoIqx
vwsGOnMrDAx9BE1rQDB03ef5NwuB+sNZNL5afiJoRLMwsYUB0Epc/jliF6SveUGF
9shSHfMZjwwEtaZRu+bQP2u0RZOz8LVP2XqwHNinMJ0tHiBwagNYBAzuxGdTJZrY
271N0aevOLqjqY9XhiCfnddN9RVo/JI0+FB2Ac/UUXvhiz+d0/u+RK1lIig0VMUW
YIEzvS9b7Km3WbbdjiLP1wGiozIhDiw4jEjiSEIhV467vtaOd+Okvb303E5MOL1z
UbFo9wS1+aNvoT3SRRD73mFSzUlvjpXEsH2K062D7Q5wT6i/M7hJPbsSAAJeMSxO
Aj+rJZQy40qWcPDYuXr/g+r9AjpjfnZTcbBMv31v++4GafzK4bPXmSmRpIWzaV7S
JU+/7g3rmhEk2o30AMiOmm0TmyivruXSv02JSJIxwyW1U3xSWYNEu5izoHmLO/9D
XrMxTVJiOhLKI0RTUQGOES6G+2vmprU0YE08pBLcI8ZRM8Wlbwbjg7tswLA+Huu7
PLpIv8pW/WhkHCISVcjG/xsWqPxnHafoN72Oboc1IJeDq+3j71qRJG27Gf4p6tEm
KI2HTsDXqC+7q5cX8/d2OR8rw0W6oBNTiGjptNW11qFiEhrB40JKe+cH1lhDxn+H
otfBlklHlTyR6U+ObJazcvm4i6F+f/pn3q77mF5BYakoE6L3TD5V9astEcS8pMQ/
IaU5vHiSndSPEj2pFBLmgdhGwhf40tCDoEECc5Ue7hX62dywRxjzPH+YuwESuaIx
ZxLcrJ7o5j4TBBeswJ0txEOM82yJ+qeDtVFvQibY6PLiRuKjWa+biMk144lHS9+7
wPn/kOgreAq2FpFLJJlrCbEOqyORe0d1Jy6L2c6444aL699Tw7zOfPsXyilazfU1
51lS5d0uJhymls67PFYVjKDWejAB+2bQeE1HVj0pCmBDcn0fLWLPJnbeidYCrafm
gi1YIyR7S+wIPmK5w5ofKNzpQaRX1JKQAYAR6PZF5c8Isj+1ipfi5bZyhwQRzl3g
1E1VP/Eg4PFPfMmkOl62rPNzXQnm2iEixa7S2Rbzpcj0Lgu/h3PCccZnw9Gl2k4c
DJoWmPdaOvOODW845ophWQCWNCDoEy9KJyJTz/vqC3Gyf0EYXH2SGNhL3tpZtgnO
O1LfQJ2gu4dzBAMMgFxvfmza1se1xE+uhBeP+Fjpcfq7PNp4rc7fJu5JoVBcGMI0
EkchC9Q5fRNnyCwunYFGd6N7lsVtdDHDLKSykeEzSoGH32ZZbjkUXKyMkEcm5DDx
k1FQSusYCMdFhS09n1+Q+A7gj3NxslrEPVrdkKW01aUgg4OxFuN4nV77NBE28qV7
hJOdl0jvZes+tqgl8nXgtqJ2cWaM3cspKT78fpwnqbg3rGkgQrgcpuUlVXO+sEk5
CDEQ9RAsCLW+A5VRXHMnggzobOmVnXAzLQ+M40LnyQTxn80NvFr5hC0uthnRAF4a
1Fu1CIaw2MMcrPHPRXR776hQGmMk11+1Qbr/XfG+D40vAVWulOLMw9vccahQqBjY
G0Hv6whQPJEx66ubMBa8uRNdCTOJ9dJ1xYd/ETrswLw2OULJYtZtek8gwWQXgFNn
X4WnSQSCbhN4hbaCmcnmXiCxQVHNruc5cR2YzGQkgSD9u0CPiVMHHVcJrXFjBKM+
//OmFwCteJaVwJS0fVZb+BeHibR48NZmALl614z8vGGAX7MTvtWd2KQSnKkDz7f6
/ktj8R1p7qLOMaGgUTX6zjTEY4mY/SkCuWeH3wrHHcvE5RBz9PbPU8QySOBEZTrN
oCwBAivsGUEB0RbjLWuXoB0bx4Yzx0vRf69Aysweg75gAni6UXBOzp2hXMPZiCxS
1JhNiWJrGwY/q8Z6ATTMOdNfhKbN1JiwHKveTni9Dfsje6z4C1QR9p1fqwb4qGpw
m6tVhn2G4cbOUThfELe/o2hv0WXqMj5ev7D48QZnR17Kp0tHvQqMYZ27n+e/haui
4O5F5HBuc8HCW/VwPRtprxK1ACi7jyfSQP9iQ/XOkYz0JpiyFZJJmSLlmFm3q6a7
JXkTdUPOsyihmaOQMZUaggBSX91HMjL1i7A8mCEK+wIEzLbQmsoHlaJ8SANoP268
6j8eCT+/DAXWWSGnqIsfB7c97m3ZkDZIFR66KUsvoebVWgVIuQSvDe5o+Oq16O06
3zB1xqC8z7LFmrX3P/IItA7R1DYMdaZdVh6Vgpgr1epfHDzy9hdvGV6Jzc6vAi8m
TPS5xRdipf0OqwiHo9ohbOB6bFDCF9pKBHxzZkg2C4Ncjewa2wu/Kd2YlDhuVy2M
6xz8KrTPGd9TEBHL4VusO7xYgsdCIkdWUrHSAu0MdJAP42502bILxq2OFVLmjFDU
/7lqHRYZll9Q7yv63A+91Sqndrb9MLzqX4cCcQryi0GKzKx2d2IZacSUViUoP09u
ngg4T8DvUz51lGL1kbPSPnZJY2LEkUjemb9SZqGJmcguAqc91t2BAKZIoENUX66x
IJpr8RprrolgomTGbAbX0rAqX1vyGp4T2iStwnNEtHmocetfGN5IdtmCEY3Xv+5a
YJvFq4q49NAgz1mLXpskg2krz64Y5k/z7cYnsnsgWlLec9hcvSEyhF3wnt0j2ABe
TK6dDOIcvy2JtucgyMOdsFTQSAxOvd0hmKG2/0zn/08j1d14yBZ16osCUzZTaH6t
IYCAuPi8HfiYa9Ubmx4V9zoMN9c1kUqcwvFnu/6mUsMNJjvNukgH2bXTteckFM3S
IfDi9yr3WohnQzt1vITL8c1g9iRxn1Avwh4C3X/CTpCNtAwTTQlD7ZWIJm7slgOy
m0dk0coKGO87sYf0BECv4I7O5iyV20ILpsFC28RsFBJY/cxXFOCX5siu3HM9E5Z4
H+FaZJ5ToyAwhjvY9FWv4Ti6RSxz5OEDcQ3KJnNIynHKWihSg2Q7YpCXP1HlNgS8
T58rUJyJd0ny1RUDrxDOcNCx9KCsZS7K9k8O9BtPax6rUC1qnPExO0sKeNUzpBH9
vJhBq9ROFuVTACgHPJ9g8vFOAkdubhtKfUGHTFPkaGvSlV9ZrQ7j1jS6MT+Q+jQO
DBjddj0VGTbdRxdkeK69fuUTP7rnngfE4lTzLCSFi5krqDAT6rJxKy77LwKi+qEZ
o8YuPHciXH/gIoGnGgcOlKoEXMILHxWDFuuKNU771gvbbDoUqrRqsxUTxKeuSvHw
Cc9cIvsoBHSlpK+wxmIOEBBSDfdeyvh8dpAtmrQHM8H20aYmc456+H+2TCTBpfcg
g509oV7/W26AyC/0P7nIYV9Ar7sHgS6s78jHnfwv7weH9FB4iXXgoTkm5dT/vjsR
uqgRxgFm84cAXmxgOcr4UrafMV5+PAXCzrZY+0xtCFDOr//Y/k67qTPZc0pmO5jE
IxlPjxTkWvXe3oz3bOspcHjQwrIF0UpeQ7WL/uQskIzHkwkcu0zHnTKkZCQke80w
xczH/bjD27nHOFzUWZkeUwjNd2MF7VXKwQtAPgj0T0f9TxGiyNQgKT1IdvSRS+s9
iiffpaOtdSlMiOiLRDL4CzQDy7Bz50DwzhrA1xJ65SIYL43R1vk4QIkSP5n9KkbV
/AgJahlpkEdfqlhSa0i2BQW3VMyHSaLbnEtgcrnmNKcDDBS6XmM/KBuS/C1EsUBi
4k9+KQzY1CJcQH1Wy4fuz2su3P5uiHMbK2pm7td3GxAeqkzsqKFYgdCRMSLS0MLb
jDUBmKWUOE8oqji1aswkk3DBxAKGh+uFNMsEGjK5uWGuJ5GzUZ480PBiyng0WdC0
VgihPWbHWDqvZcCspnl3ctcLeQNfnk1JbWdyYMvH5sIeYCjD6c8FZhgtaK37g8qV
yWmXUVrflTnHMDVect+w1aJoAkCvDUcIJvqI/82xaC6uQHkixVsKu+etn7/FChpW
02+7TNMRKypX2uzpoXe7ac5mGAf63tUiRyMSSKbO1KRn/3yHCY4seFso3t+Qoo2w
830YLb5Zxhfb/Y5n3NQGVwWDjgyAmm9gNy0EJHDVKyxT9OH/leNVOQSJ9lpUSiw6
DCkNvxgQ27LBb8DEBC2jIZNc5Hc+ZWSHR38WCDj5EheuHZk1kbrkqWwGhzBfr2+F
qQgLn9l7zVPX+UgQfntjz9Ob7SNGx+LJevZqEXLIk2kCmGy8lOdlwyaI0XMFcWlu
d8xX3Yn4WL3rHiLHk2TvJ5cd4vtmjf+hymG1gUs+dX6HOapOyxUcS/Uy4CmabJ/O
G1sWS2A1RBR6Zq1oqmWrHPrZ17ueDHLJMFh4EW0of5/hALa+8oZ4JqvqQVhxaIQZ
f2/NanRIIbg/Gk8mS+xhmojHvBVWovqFxDj7pXKr5/WQnDFdp4Dn/cKGeO/uwwhL
TKBwaGuxOfl+Wt1rliL61ccrFd5ig/WBcGUkHTOy5kXzNHzjf5LRj9V+R5AjWy1t
FJDar2UKU/zYl3BKmesrL3CIqMfEiM6DBvj0vyI4E2eWceH6VCQGCEleHCGR7WO5
S1uhPIAvBbSFrA/lCSqirWwh+NYrWq29672fA00zm7so6xAIS0zPJquC/wI3VFM8
T19KG7zDj+O6iiY/kNyLqhLdGRcCerXNreYF5ECVDPvv24wDNYNEdHz5VViqP4p9
1RT5fozXiecBkaLZUAJFZ1xMHuU6xjFwsCKvnY1VNUvePDXsiYE0WXGj2EwTXRcN
zUvFNX0a8nB4bEwiQ/YfTKXD0ddCNX5jwEhDdf2fe4cyvmuUJFxC+F8ZdydupSrH
Qu/0XTCLEA+ijEDmc/7GXAQ3+P4lVn4RvdbwnO6Kn8aUPge5yzSk/XNjQ3G/eHP3
twEYCIhcWH1TWHx+yU51292CCb6nBvO+mNNlTTmTNEwmYMJPttkVAmMRIoxcOOK3
tdQtdnVty8ffhA15B06PwNuQ+EUSbvZxLZXrbDA9X2RMgfUqEJfyIWTIa9M57rsD
83EVdafKSbP++/EpkMImSvPVGMawSSxY0R6Xbz80ER0OvghegfR6Q6dv5NT9r8CW
zmFtg0kmjYfcUR8/mt+EIFO2524dzqprmI/sfIW8OfOH6AJwSOGqFxzuM1KoLKXc
bEr0mv5Sr89W1FdRxsH3zSLnPHacHx4GYO0tNh71eeu28Z6VejDlIVOf2wy0Mu2e
DsjxExn8Jsp4SKVY6USRe8mWcr1HAdibmFNjvv97DA9+3sRp20x1rk/FGL504nvL
ArvivC1f0t3LkTDhnXI+/Ae2jOdIolpJJnMOU9XXVnzs2A6v+Zke0ZfsS/SoPq+v
vME37CehB9IHyjfYq7pikz7vLFdRn7JyIbPqExItB8611sXkKvJPsmeKJE6kzvJD
KWZrv4qEgfqOMJHavYX2TQ==

B.3.9. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7975 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4898 bytes
  ⇩ (unwraps to)
  └─╴text/plain 435 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>

MIIW/AYJKoZIhvcNAQcDoIIW7TCCFukCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJDxg4GjNIIaOr9Kf4xVYzLZ9okfUMbBaiZn
ecCbmpTZbaEOu7Lsxuw+MirounSBPZIeG3keg/uO0HHo9r+kHDt2wq97StpAQRTE
Hb9sdS0xHiGYiH2vpgtIInNztCQQduzOHBzbGtQWa1KG+DoaGp3jzqLp3yaP+o4f
BxcCLcNJIxn7I+H04wSWHE9jQpaguk/2SiGzUZxr+KMP+0HFuYT4l+72cOVcAAXY
p73P8kiMMj27mf28SB3naBDB75+fwsgtcrfqOPHBCIXwyKnGpJ6vmKvFvEzAP9kM
oFQGsi7dBTzi+MQBtg6EfxgHhJfGtcHfE25FlAJJj3o9SbGVEV0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAVQdgmLjOaxQWmpnLHXA3Y2Zk
ZWxNCpmIwmiVM5jvuIjRsU07QcEkLYXVM1Jx6UbJ5A5olBUM9719poHGSPTP+bv+
E3U4Nx1u3D7tgJ6hyZNhn2mGfZmrHahQ3ZZvazhBOpxjIyXo8NmxHIoql8I+1loG
WZIZ4lICZl/nR3Wb+2t8WGW0Wpbhqn5GJdngzvYcRzna36ug4UV+cdp23qceR33Z
nD11PDV0Ss1cGjTH8qpL/45/wOjuLWb+8dOnsQZww1PiIA4XxJgsIjcwD+/Z6g4v
ql91e8oFFZxa6QwoZKrX9x2mbzkZoIugF6sL2TQS87WiDd2SElT8xaqfgYhLDTCC
E84GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGR32whnqKtvXU4g4YzKmm+AghOg
2lFfb92lcqqgkptJ/+rpubdQoPqjugHIPlnXT85kvzfd1dnun9BqrSYaT7KGeVqT
+h+/4hHCwH0HVE3d/cnxFzXrr5a4KoQ98mwnSeDgPcRXUg/AX/ujo6ISFgLPMAbl
XX30BDL3B5CamNf99TxPgTl74qeHHXpW32j3whi4kZ3O69YvwItHKFdfpgwa+gg7
/gQJeJUJ5PXF+RLOCA38aA1ttNNj8VJ1shQTarg5EcmTABp56sq7xtFFnBnTab9P
ZEAvuaFUwYJajkmsydsmFNLHFrtoHsl7KC/VIgRP9OB4jiYs6FGUsxJJFUSXLH7U
H1DM2i/L/AXCVKDvI9UKdfnroVFnYUN2B6IHp1ttX5McGsc88N1/rms5T8Meu5t4
JNBrlOMRzGAzdT4RcsJehRBHZHcBdVFM+ia2LQWNHqCAGjCqMxw48Yh4YwPFf+jL
oOkQO/iodju2oUkgbHORifXs9NDSPA4Pt378dD/8UDbyYNnYStzbf4w8dCyP6Bzz
2tFeRao9Pmj58lIBvsD7KMHSeoQWVZSv9cz12tZ3S/44BLL7J/o3vQFfSCpsImsP
LXf8pGzBlyoxtGlVlRucmIX8WqwjYx0ks1rTCLs8hd82kSTD42D4MCOC9Q5FP1lB
t2P/mwryGVBH8nrd3AKqoGV0fs66nKow7PptKKF1rZt+6/GUe6w9tsmGY78Ttedh
/NwhsA2gKoXMRefM84UTbV5bVdf3xEeS5spdUU/tgJkGULHutcJTuf3e/y7bXaeo
79y7TmuAImqltF3q/Ca/RCa+Dt8fjqNoeFW8PjB2e7+JniDtCzRFIHBTgc1eEGh7
IGGXl7p7C31HY2uC5dfZGiMgIehllnbMUELM1FXa7poslg4lxhv1Zjp4D2ik4YvA
VMITUelZwn51gIs/ehhyfBKmSFML/X4Q9ORFUcogCi3kDjd5J5D1SMZGzLIuWLGY
tUuLHOXGDiqxIoMoe+aANm27mcmHAJNN86lKeg6Uee4pAIQpOUIM7NL/qH8tZnbn
lrZFXYTKcot6xU0bDaW5pnsKjRtmlsrHJ4ptM+10GeyMai+YGJE1bgdsHvbv36Pj
9yzxUoEY7LXDo7AQbpe/PLZoqXnTMQi24/+7jj0MRdxWtTNjbQRH7vYeh3mwDvNN
gy7AXcYC+EM9Zo6O4ZJ9Ui+b8yzoI8oWJhi47dUA9RNxB4JOu6RV285d8pCR/pyR
kKuTNojs5j3uHfCRwyriuVRGMsJnoUKbbQ9wJ8Jx0xamrXJBQfqp8yi2KLpxeYNi
cyMlkErYBCBNuLX/q2xC2tNO4dUvE7kVt+bDOozxlQl4bRqZJAHptUWxEuzla9Mb
Gs3M6j1d0fuXMjbC338aAdkcAkqWYJ3kOJuV5xwmsY6OKPxaQ/glvL41gGA0lbdb
UFJDlNr5mftCfrDflCObU+Gkcf72xtGnlaF6QNSdreznJjlhOpHK/4IrCDcHWsbI
JRO9kz4gBp0L4T20vsAjTq166fhrVZNU18mh4b//LIGHwp6pITvfA/7PsP/NBewS
1/OAagmiSYDKONByLYeSND4iMPv/XC07RR7+LqjZhEZoQDxGiA4Qxaz3D0wIBX//
SQI1r7PA5xcLt03AWMbfoUX1IDpgoCL0joJqKQsRSCRvKS7tMqTq8R4jq3Bepx1h
wY7clFUh875araXYrFP/Qodw3v1weVou7gkIMt3xYLJdPukMzovZuUYtFyUbug/k
KdjZMslV7z/5zebF6vXdE2T26rJX/x2lnl+/6CNd5ouzYjVtYUD6keay5McDeWm/
jd4L1SWKIxIaP7g63Z7PfoESg3LfZSSQqEyoBQCjsIzovw44nji7g7hhntlRUYfW
ansgLFyQjIoytcp7jSTdkUpDF7D5gVrzfRl3Y38ICQ2K/s6kUQshwg8+EOCIJgDw
O1uW60Q3mK9m5KkGkb4gTHKhQ6EUEKiYzh0N8LZ6EuYh2U1FxVSVojscPXSOkUm0
MGGouE3Emh5oqvM7RZlUdZqCgZ8GEsXyVd6Btw6e244ScNa0PawcHxN1Y0NL8x1Z
ZGjainNwNhIm7+Oh6310xmWAGQDHaaxuLq/IgCmjzykv/7EIclsAGx36HtroVBY2
hn2AvFBTd5jxgwRsQZB11ULfzFbJI4DN+3F7EgZJpHlhW3FDU53zGIMB8/PyDN4n
w42R0kaoGxm1FMMfdfLEt9FVvraaA9cLcOlcpa3mUoyOUeaHnKzHnj6BuZ4XChjF
v6PHxHopLPh481OdSKvbrj4E1wxwO0F6+cHqNf0laLkDopyk/WrklnFftJOEAOHC
wJ/JfHBWputTFsxXqKbcX9sTijO98Ev/RoBUaGRZUgNFNQoZ/UpOhvu8OQeW3M7T
6qB+WbGsxS2yP/MHK/ndvJD1I+/lNxfBEve7A8uwMLTGVbpawNaOU9lm0H7tQhix
Zs4yW8RSs8GtcvfkC5f+mvwTHKGAZGqR3RF0wSeqT5PrGHBJtPQYVoSbyj2PL0+C
o03+/TPoxqt3GiqhPquawBCi9B2QfJS/G8H8naocVhCcxINMx9bhIZUIVbz+0Lo0
NSHpeok9++dHNMFiGsIpEHrXubh+829CI52WXZOp1tZXza9XVGgcBD3rH1FT2mYD
f2dtO43MDcp0WYQtItFHV/CpmlK8ro2o1+G+ONhkNgRD7h9+2EU2ZVgSjQM6U6Ec
Y90MHH2zi5UWzR2z/JPGRCif20pyzHziWWv5OW2t4IxU3CVfLbMTLe7LW5GULGk6
7RgazcpPHMCokgUxOggyIA/PAi/pYe7NOvrBbUUqK7a86V5vMAZkQuKXhHlhv1jc
DFv68Xwt5AIazMGhmWx+sn3ZFNl7NU/ymWKXeDXEvgxuJjP6ZoFOXmm+TCcnOUel
+TxQaF0VG7oVHnQTqJCRCjrP0Sg6IQ+m1gS6Tb0bDS5jeGM1uP4DDQHV3+lwk4x5
zhjPpc8VJuj/h4e/v6IxvlvnuBri+g8B9RwjAjqIYnMgTtrYKz2gRJuU5Vz4KEj9
ocO1dUyQRGF/uadBBnt0yQLlojLMkcZB+WzTmM9ie2NlHmIK+RmhJtOHCMn0h0Tm
DKVVeatwpVcOV4aGsoeNrcmx8b/8tlT0ZHpsDmWCiNoKKlX88wZAINbI6W7ZRM61
yx5iXaxQu0PqtvqjoDUiObfBVn2/ndoZ8hZXnd4L7P0KnkakNuBzcRSXxdRXu9m/
OJruF0wtJjDynhk6wP9zk/x86Zt7/yVNGMrKlA7YjxTSzSi6hPow70atzw3TTnm6
MDJ6NlIvWVdO7lG9F2tQaH/3l5wflbzIBQQW6q3wKLf4nakWiBv4R5wZQDIUHsQH
z0OnJT1cdZVPQhfHI/mgKdZWow+4E4PNnsDgzhdCsjeVJfAb0WxysyGBpxPs8DF3
0/aLzMoFTnoysbR6XjmeZE+fZr5lGxljessNjSC/64JBznZIcv7cNn8N2BhdKMxx
y1hgRBBVqSRRUdJfWeYQ/70s9MKQMr0pFaIG9SOqnjTwRobuNSsVPlTeNvYSuC5j
SKC4+UsqX+Yn9x6q82oCO0s3vDVF2FfmTE41i/TyAMUaWaKUm7GCLkJD3NPSDBso
MG6X0eyUVnw00kNryFDRrkzZC1M3emVBsb9AJZdtVd36QiA1pC2k1vZymbVBaQul
oRZiy3zXY0PRKXylj1PIXX/u5tExzIKy4aufl06ijj9B1LrQ3SAI/PYEisYWTZTG
jPdqJb3yXpawXuFjYVeQHCNIjT63dlOtk7z9Jn581d6/T9sTraD+O6Y4CingybdU
LmQ4LS3vEbjwIQiS2siCVG/NLkZK0UMie7NxDbFr0jIBu7SrbIamNU1fLPr3w1JJ
fi5i6664AdPxP8myP6AGRiN9eP6UkTr7K1w7V6KVbYQ9dhSpssT9uxW9dYoDE96O
4pTI9xXtk8pAfRuZzIhZWMIvgBz9u2GByz6+sze7PDfjP0MXZd3ByPSFPgBCtU6t
EIyEtZ9rYe3Jwm5ySdIeTZz2S2fSEBg2BxoR/aTj/2H2cD9+BD+DKoDrCAZTV3aL
8JEGkiC+h5HbI5bhye9vRxDY6zywDexbG9PSB3QAZSzYqJDye+21Gog3zStMpXEX
UzrpFFfzOhr2hOZkAMFmMapnuzw3rvLVsiu3qCiUnG7r9/eJQ8MwNDy8nqT6TCLw
870KN72CRyuiKaXdm8VfPRdthwzbzBvUwex2DkX8F/0vSAYUc5ZHlWM3xPu1HPRM
7naUuSSv735oWvlN31HWbj2wHg44tXKmhEU0Yl6MfeEEkd0IkGypUNkGVysHVaPx
AaVYrPTbsQMHyCpDeA6Xolu0rEUzPnc2SYTt1GRbPHDv0YmXVmDwEo/mOwDGj6C5
RGWSRcIDn3gp/ySu07C2JX8E4xredCAPq9Nb+bSjXvqQlQ0MchAEQKo8ePl8QLK1
InQ6+T2938i1iBg8iXbipkWsV+Ep7YBSicowe+rJJoCVzLafdQyj15qOSkJcHLsu
MBNU3LcjN+BA0QB7+BJX4f9dNNMVive0FT49o32XzN/pEdntoDQKsZW5ZPW76kUe
ctCGV2moGavodZVD9Ur/HWdHwYhRyrAeRWXy14YCeYD+K0S4GiaGYKuA3rMU+r1/
X91wYcdaC00Gli7JGP0ka+7HmoW6iDMHTbg024Iv4S4ot/iQM7L47OFraAJ05zId
i68W8HRnZSMfbwC6r36mT1hLNZ1/PTYKEZNtZszM57dK2qEmdbI/BW530wwxQ7TQ
JAzVEs1+EVNljJw6EIIVXK6q7uM0woFCBYLhrwzy7kJ8jsL+5ugyEYKPszJrcOCN
f2aznRRq5m7qRACNhlppSv8ByS6OGAbG964j4fbUYtdcXQTKA6OZ6lwBd/2jprt5
OudG5QjqtSH4O4RYZS3F2KSbC2jXvhhhJh++/vCPIrhleP7xcdMLB7Vhffq0Sadf
pSWqz2mavJqA4J2qTixNbZuef0Rc2zNBpYWTFaw2F9AIwYLAbzjQTbJw4BOdquze
OWsY//12b1TUESK+Tw/8Lu4tEq6qqUzPwgRfW8FfTSX3DrVOWFIgJBdlqfvss5ta
vDNin2vh3f3Rbl5p8bqw5w1QhEFYEB0YdZOM0IUFKsTrtC8+iAnuM6ngoXW+ldYu
F1O6Z9kLacsMTZSBzC8SVjOvHEFTysH9uttHvNtBLF1HyRCNlaND53lNc3J39Ftq
yiHm7xWQaCZSFcvoIgOaFTkt78H1PJAoQVTGwA6Frj0oTxPtQufSaqs58aHWzJ6G
jjskZbSZP9g+gsa8tDiIxEpfiG/c0FG+bFDsVMOhHgtkfy1vEiT1v7fAghkZmT7d
kiBII9WtYxfkpjyF4eSJyoLFSkRIys+v4Ki41Ys1SrbDmeBBdoYEnD8D70qVdGoV
Gg1nlw+PBf9g3EgtwkxV66IvFACArHYzpyPzuzT0ICL6sjVmRFgNTU64Dra4uaaj
nK7iUyHKxPPXMD5oTXE0aBKbW6H+fySrYcjiUKW6N5hk1aGzkui5tkE9L5Gn1ZkS
J3sVajduSlL4fdejTFitqStbyr0YDp/iuaYUH6TA03YS6TxMk5uCgiLjZOohoeeF
9pm9SCTWKhIXiX9/vPl4ZqU8rCwt0520U6qK+hx2RVENYOY1LUQRUYucULc9FFdW
wnD6bi3OMmMMPMvVbtbMKplN9gsBtDa9yBjRwvl7L0iV9OLc45pJpde6Xd3A2P/D
6mxXl94H+4FbvTmRn01JHHpgmJ5q4faFcj9o5XCUmRvX8rkp6uxGX3U+wDJSq9Bx
12CSAru2cJ8D5yBvnss8eOHPFb6VlcJw8FFMR3g1qezR9pg0z+K+ZSJTfeTQf2Tm
4HhFYOO1ZEGBGHHO7NiqP26Mj4EzbSSfUSEIgI0t6+w75uH6+dbiEyPm5tAwpk5C
DLy9p8eVkXIz8H2GWQjULBYzO21dK46b79Sa1pudQ8bHyt/eVT/aMcs3nNWn9xO7
ZpddAqveyjwMf4CE+gt8zmAGls6WaZ74LTNJIdc+KNkLg2VpAID6UlCrpjzqPZv/
oDa2DbKyDHLU9T2AiTcGBkmGYXmoVLVfuHflXDeVSDyOPtpOdcEkzBqy/qRf34MI
Kx/X42u/uOX8Eh9ivApezUoAp0J1FeB32wPtmmfN/Lmi1E3IGtMJsnKperFjVq78
rKQF5uf9w3CKdAqwWfoQBPKmjP5WI5q99TzMtvQcNiKW3f9plHbmVaEIvor2Btws
B6rHqBxcvN3mTy27BDYzvJEGe7QK12kfeNGIRmWTGo/DT6xxmwYmVdHTboZmUDKI
z129E2C4ITu4A7xvT1C0CScD3fVjDg7D2SVfcYSHzA/K3b0jkOYMg0/OiUlHOI//
iYFURenOu70sXJXtT1ttz4cQEEkRgKN9SIiloi/TdbwDcz9Sg3+NnLkeEG1UlEz3
eFUbAsBCwJBVZQACGtAtyLGEElMEdNz2za+G6Mpb4MA0XTI3gENKu8SAKLzAU/DC
Cns8/koY5tSTFlPbwA3cxrrFXVyvWLRbqCfEpa8/L/peuj870nOsjtr485s4+Gca
t5YdE9k76pIC/JLfBA5GpTjY79wevaWEmsmKTry97cn+C73zzT4YxVFjpVeRuCBH
4Scq1sR5315HRzoP4mCkIe7hm7pbYSd9tk+uJJULCu0h0ZiUelbNtnZQiSp/zGqM
MdCfVk66rAsqEdIY6iwhMos4tJHbn5xWrugyfjc2jKk=

B.3.10. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8020 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4930 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 1038 bytes
   └─╴text/plain 325 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500

MIIXHAYJKoZIhvcNAQcDoIIXDTCCFwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADm9A/Lp5jfk4RN5/fhwF4iuuVOef9Jr8ed4
zR65esdHuxyfoM+gBpdSnrLZQ/0uWwXFKh2ORkofXO+K1qm+UaYbOq5byHwddP+6
iNP86nopcRJpeUNqsbWCSWr+niLbjxfZyJX3brf3+ckwjgo5+gik4wePBK1c58Ks
DmRWbl16bqYeCReIFAHJNXd9dpGcUkyI1NunHi9720uyDqOvmM11xarP0Qalz/Au
/D24dDevouDo4V6YGvbQ0Xy1rJ7DeIowrlqAq3t5+NbuZZPgDDQ/NdmLdrQOlsEi
0v2M820B0uM9L/6nO3BrFw66CWOx+PSAwrTNRnWLP68+XVJaHBIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAm/DOeCI+Z5umxSECDJc8oKbW
cicXtQzeI2drFZVX0d0QNvwKLXKMM0Jt7MzEjnYG7J+LKI/VbVJJ1kGJ0rDEYNZe
6cb8HDEW3TJxhB4BMf/offnCpOgwlE6+w1p0h8vgAZsPW/dFSMQKpjU+p1VabchR
Gu45855mlRhL+mlFR/ihLARYrecR8JCrmFr4dFCXcodVIHDjwGuKTk2yWYRPzHcu
3SwOW4QGCkyB7SiWzfFuNjoAmBnZA7qhI2CYuZH823xiDMuZ7c1uDYpXokDvq9Kv
MPSKR22uK245maFCYuznTJ9Ytsx0ZD4k9u5R5vuQ/TW6NSEfOpXhBO4BXWR47TCC
E+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGtJ4Z+U4xbXftzqmsfU/U6AghPA
p9ayt17k6B1aYmjgIIhLk/8MjagX8PWTBf8EyjvtPgSVHQtFagEUSz6qxqD8e+EF
kgYXoxwqQ1jG2SqUkMiD6Cnvo5LTABgkStQe48hUtZGTHiNTzdjy20e20eZSbtr5
M3+nwb+z9ED5UChCqS75dfCpjwvtOFcoTn8EbARZuK0xChaOf6QjaAcVjmZEbChA
hjPWg79eIYvpiNUqmtDd/FIc4SyqlI1WPcks8EHhJBdQyIEucsSxs34WMf434K3R
wQ0Uj7CFc6NEptG1aYodQ+ln9nbo4LMz3fa7ZlYMYSskGn7zmGtsVbFCr4K0ZwSn
M/NK6bAI5TFYi+gky3myxxV3S9nW9uFOMpRN16kDKoUdoScK3KWoNOVn4CxUlO1k
hNzGhIHkbwj3qkqxtlQAcTvtIhb0nB4hMFIgT00Ei7Fd2UwsVPVDlVSg9P7D+OXg
a6G4CzOCV9zLPY2/Sjb+J9saq91T00NyDVc2tyttc/HpxezzMDeDJ1A5f9yj6HK6
kg3c3E6q5u6z2+eyC9tkgAsOPUT7NFYHqfkvMClffbHPJqEm9nxRToqIEEgfNiy8
jx2iFOZN5kbYBzI8eJEjHXkRXEldgx1rHOkoUEgONs/D/a6sNk6x8TeXOK/e1h7B
oESRWMKWlG9XsVvbIyTUELuE4NeQE/Dvh4ihOykkM0FqmMHPNYUcYvFQEtnnqCXX
+L2sEMl5LR8P1Pkhi2nvVtQiNTNxcGh3JlzIEFaGa1tC5qmujuTsCpt+nirfTGTu
RNe7iYjOiC1XnaMgJsMPDcwHsHdHot8T7ygUpKIPCGXCyfg8LKHv8k+ml/MvWMjg
SkO86BNro1DutdQzXNHdkH6t5deKcbRuPe/bVOKNBavG+WYdAjHJkHTyWB4YdBey
rvadVNQtI1qqpNhIanX6I/rJoyabAjyTs+pBAunzs5HUbrmYmIGN7INf5FDdQbDb
zlbtZs4L42dwvJXGV8X8OHVzfEfskSSoSq1r6qf19T/uaX5OEXNWuNrI2k4i5Wy6
jDrleDBct0I/QDFtCaPuqfDRt6I5DuP32JebT8J5M7jX8kqjPUfB/ufyiZCNDCRd
Q/S/HXRNF846LdRYfg254fwTfaN2LBKIfMS5veiDnWkHtYmlXKPkA8GPi56FZFvG
M4zStmbWUyd9AkeWirtGwL+d6hqk5fHwWSWT2z39iYlDhwVjoE/ne4JkytM6O4ug
1AnIL2e8uz7PXI03gWSCrcafWZfYK1iHh8AMcYThwjNqN71MBIU26m9am4GvcXhR
jhvBIlhkMU6JrgoDT5JqRC6gCI8AC8pIJX1C0uMSS60VbC+7XSVi+oWtuZCzUBqa
5klMzAH2NRRKXzs7mo7YuECRopaH0lOKQ5eCTMAzHA3VxJG2no8x+PTCNGNOC2Vn
lzPMVnCJgDdpGpm84+KA4OSUSdIPmxuSkSfuEbdH06vBuOeu9NEjx1JiFobolGGG
7Dqv6O18ZRBlieCLXEk/JuL0yM2KZ4oEFx+iOPdiSNFuuupwSYHWw9HxGtTMZ81P
+XE6KsoTR5laoTwBUbnI9GiAHRc0VRKaB5aPFJJ/lhkculb0vKZQQXgQrWcl9Tbd
lKWzF1bP7j9bBFoPtyP23KwTwlae10ACagVbEc7+2ZWDcOMs3ypB5NwtZT5BCiYe
xj/t0ZYDlKWN99XVIbRmmx7r0osHT20O+cjmgW9RbX9UPADtzGmlq2Pymj24Ohn2
ly7iM2td64JjWMSvW16HJJ6USOtl/6oZOUsow+3RoX13K3Bz0UmB8ZjTF3WQJI8a
8TJHckFf5RR5IBQiNTU3mM4dsuFXhr/mPQ+O5jNKyEaW4FWgH7z0rn6ksbhv6A2W
U/ohnuKWOMj4is9yAxVnFMJMqAb7q1mSNA2IKi4lFyZuQnV+TxaxYQPppFx2x48e
1lZy1tPKuV1xg+1pwW3DBmawDOAAYIpU4bw6s1COIRMNup6hXLxULVegKIpiRu6d
xLccRPyrhHhsUfmsaPOQqyZ71oTUPJ90OpVK2luY0l8aTR9EWW/Xk2bompBJfh4l
Fzdpxvtd2mYKN8g0V68uFlcrnQCq3yvJk/21DFNL9fAtk4ey33vQ5Jv1peCe3hP/
rR2oBpYjdhsvIKv/gjdKgzneTpEGxfus/HlvcIgRC3/umwVeHB45jbGh68/dxcEU
UtA6MTbEskhGDSV6uhdvQQ5jCeZyINKye1fWuna/wyVpDJ2b4N3uwj2bbPxVsPPo
yd6wNdAkDxYc8IWY5I80t2U+Ncz2+DrrwFE9ZyMMykJJyDHp1RDQ1n66K8X1Hfa3
N/Q/uFqyxTBhMvvPZlGThSuJubC04KoaI/5XR3D7zmQFuINwZm1GHQEdH8r6tFuG
hNJWno/X5BKiA5/+VC73O0ucPmPhsm/nEJ+y8+eIMEG3+yBQHL4nvEAbiNj6+aPV
zTHqYoRnaZAlsbSHZ1KjGvZu7kuN8wrr+W1bWnzo89YXRmwa2UUcf8968i9fKP6n
26uM4WCJhUCloxGEio+6urXBq/htCSgdE5OPpxKxH2HDvmcNQzzxPjOQPkdbiflR
IdiObHbA1MPOgTc8CzlqAKZFmoDjWoimkbWJOLU+Ft9Ft9ru0qrCeZXO3wtlxGTz
20omYEdvK3yUChTA7lBjzjMnfF+eoX4bHVGFcfmgqPufOjZ9bFNSTpuVv85umlNh
gxzAuMp0gqzoHzUaCjorSNag0d5N8HJSC3iY+OJaI8fNfVcOugb+afnxjqRTxDnK
dGMu9YyBnZB4iLzG0uIoT4zKmQDdxEJazCg++3qBW8b3P1KRyLrI62xXhPqi9cgM
2n/UreP5L4giCtwVM+u/nbV+jw4TbcMdhETOm7PC1M0fpc+lL2v7SaqThBZNAfa/
dQHlbCT+zC/sJZIrZCzJ7gHCc2P8Ssx9Ro26E/1L4pOzTBkSeW3v/4mwrrnrd/b/
3sheutKzEBSmJCBMioV4EGLu6m7iQNgs3dZoWgWyvQVJ6nrKQ0gOjRlIx8yGYzt7
7X87m16KEHtZlAEkTI96QDw9kesWZlTMc35zW2cE34ks0//uqPUk6fQbUIXIIu76
YdXns6VZ7VZj2NE/CqI4zRbLIhygeyyMGeU66lRhlflzb2qJWXW/Nh2yc6pIm5O6
XEc2KqG/rXw4K3oTdz/y0CpgW0zBMoa8UAldo58EH1Olp181m0EmBjAg18yk0NGN
lkoHNmWhDkOgwwYlFncx1VqGB46io9oWhk1DRGiJqL02MmYmdq/Xnu0HHQciIvH2
3T+/JQ3mYHrbHaqb5zKX8ZU8QASMtXtE/382cWfAQ1xB0l5t6lJA5z04IMZ90Whk
NiMZVb9ExHFjwz0EGZLzg47mdR4APxSUjNEY8Z0f7Jdf/cQ6LLM0HphKocXU9v2u
oFYV1XfL3uWq/EtU3PEX97NkQjdoSQ390BDWxWAde/PgOVsybOYHC7y/njkjj/Nu
3hSyhH77/j7iafINbyNudIKYftjzmibVKV+OKb+/ET/r0sYtPIoA//ydD5YjANsD
8Z8/WSD7ynvel5OSagRnC+b/FuXyKBXLXQgnf4MhbpzyVOMzuhgWCK4u5e5iMGjG
Nnn8LVeQ11SuvgKlWx0BCymk3OWWCs1kPYxPxU+m5XQ7M1XTyUFAxV4MSskl8+O+
RXCTjMfOUE1rmKR75KaRgn8NpEpD8/PuzBF0EAB1dRX6AfrhMxjvxI+HzOvhVgR5
FjcCDmu34XlXdT3hWnVgp7iRJpkbMmF07K3ocKWBjtgHGFXL7nViJaY6z/58dCt6
6IfX4NDdUY4RTn5LQZK/ikoBIJV81ndz+iGq8H0KCynuuZEOrlAUuXDCOluQtZhM
zJgLZY97SZapoSD51I/P5/e3J4cwU/3IS1+IZon7vWBVu/k5sBazKp1zmc0VrhAb
i6qLPm0PT2hNA9zuzzOg+RVX8QvthJXeF3+wfRQKXqwF+7ksZWz+3w20qxaXIq2k
lCiJ96p1pY7URCexuT8ojzu2NWjb2DHCr/zD0OoYYwtFQGN488p4W5y2GdZevC5F
c4u1z4nYifn3P0lYeHboCnVNhnCG9gfvWMeoeFG1brRqXXQJFdDqWOjs4/c2sUHI
nJu57c8QE99N9Ff+V4LwcDcOsPM27InXlBntFSyaIF7WVkCXSN3TG8jJ9HDtIo8Z
tnTE3tgs1jrWzh8f/93XHf22e5ONRXaFCMFx8YTd420k92b0hiZUf10Of4iq7W/W
YVzuBuBub6Qc0pH8bkQ9uPNY+LwsWwDXoWwQxTq2m9kQVyyZ86Kl5mgoNpO95BJk
qyIUogq4sd6v8hsmesRbodZWLPdE+L4Cqk5VBJ9IEqd4ysmc5MrSn21hegQKlRnT
UsCgWwEs2Tk7MYYH/suoXwjYBXF0hXWdEWsxHZE6LFDEFnMJJXRgdgjduEahO0Tl
Ap1o+In9D6hbH7imH+aDERpfoiwpS8lJTmHc9JZijH0zJpWzulxpoowdJ2gu6uiR
CkwRP7Cx+x0MMtMXWZmxNZi93FwGUE3VkTMev+VrnjOHrAHjrN4Sje9POQCW5ez+
ankMWvnqjJySSJEKKF2r1MY/bSrd3nadrm+DYQgKYoRKkZ7adqbhQBYW+y1qpy1d
XtZ9R5RPozSNhuMRLuTdPgu/GLfTTcwLFj+hTpFFUwibzcpu/uOmnP8vOaxx+kAp
NEZbxxla+OnidzH+DJ/atOeJGfiF3/c2W1apsSRDxFF3f0bIVTKX8nF90nICNhOj
3MU63gN2ZitDhpRdIejMeL++Ew6fJIvNbIJsQhCZNTXW8MvA0xkDdaTDah5RrkGV
cd50F3IO5/vretTC+29bSEE2DTkBoa8MgYgqo1XikHfUpQ2MmshlK5w7dtDre34b
zEBuOO9M4EBD59wxKnzpfbNwI/7i19GjqdJJs/kHcFsZ8ySsK1dW6idfrkKCeUF8
MhzEEJTmmrwveeTgrWHqB9gQXUiZoS/OkzCb0Ks2qQMf3ilQxtXS60Hsj5xy291S
/jL9aQ101hDEpgeIyqE3tSkDKfCAd1SO3nmd0HEeLpz2ehxUiT2pfsvcHF39CoZ9
bQXFPfoZiZmJGRtXvlZE653IALcZaJJAQdjQOTaR3+MnBZ0BJ57zw6MtggBPnMHQ
CnCS4EJ0OgHwZcNGC5DU/QqELmiCyuQwUtwdqLgJFFs3Fm/KnFZmuzc9eRkREwea
hOzRdqFUYsLWPc79PO3T3abokv+YB9fHhlWIiR1qYhUTV5Pgc0DwZ+ra7rSi656E
JhpFQFe4XmYTiMEYm3+TRV4NxbqoA0x/Apz3L7xCaHkCnszgV9RfmGtcNTb+J8BU
Ivh+ENByU6lAkeCmud/aYIRsOZqVYNOTITXnJspOg4Eo7etLX+dng6RCqtYV/dzC
+C+zL7iL52/WxFp9Hm7bzGaNQIQrP+TayH69yhJ5aVRoM+YDDaqwARv6AcxL06RS
OTGEobPVtu1UFQOLsSWKulmw+E6YsuX7Pq3AN6dGefAmn7Aw/HVXoFyZ2pK9DKRt
CFNh6q/kdY2nVzXQ+mCoWO6qysw5WNk+BmcUd+GVjq6jm+eOSS0U+VHcxFofz3l0
DptR/hDzjBhLn9wfclooN99hxKZhXH+aKZk9/AUjau3GU7yZGBNDa7NOJodjtXe3
j+SZ+nVcenPKuVewTHEOzDp1U8k0KwGW1+EW+Lk/z6OxyAh55d3cwRpHxYsuJSUU
C2eNrgv+iKA1KY4KBmDH2T/U58k5+qXxeHpBPdRnk8yxvDTihIgFljLR37zhM4Td
M7F30MyDGT44OBAHTEbPBhG0B5gZOj0mIyoBhoxPi/257AfLXXY72bZKm0swqmok
PWMhH4J9/MfLnJ9uDNo3dIgCJ1kOkCx8XF/BSs4Fda2mfwmauTMRtk3BBoqfIYkB
eAW2DADrliZEkL+SsapvFsN+9HmnVICsIB6gkOtZLCKyVwkIThwidhNBkNqj93EW
yReer8xcaoldRfJN1uA5ck0A+f4hZxP9lo5fqMs8xa+sdc6fhpLUoj4RUAfmo1Ss
P+4DPjHkpTGetlTf4t4cQe05ZQesVRt3Bis3nmKpVPV6jv22EumjmsEbRESsiddQ
3wnIADljTzyOXvAESQm/SiRQ7HyrHzzSWyOkO6MyuYYQZJVbQ3kBW2EmuBXP1WjP
I62JN4S2vyMPuKIWxSUxoraWWIg67iK4rmK8PhiO2I6bfB1GayDw924X+xTUw9d/
nWO9+xuSQHZIk2ykPb4cjvPKxV5ZlzmfI+b5WmdTF32SKR0tPci8hcYsBgrfTv3+
UME/HraCoC0eHV3mzRff0puWyEu3v5Vrbip7Nz8QbYGkm2JRDfIip4ZD4ZBUIzJY
qyAJHhkpx0rDgAnzV8kkfjdEAF3Ji6+RKNgrGHcKq6gyE6Gl797Vzof7MgzJy6en
3ertjNhzGjms0qAUSIsx1jQVF62XoLVyO1uZwU7PqxOgfJSe4JyE8a+ddcY8xF9O
Dy2R1536+eeRmguF0XC1G9wd82w/OadV2yWMoOMpxAB8Ase+iU1WYz7YtVWlKGye
LWfbtQqVSlFzQr+MWOMi1BT9+TPj+8EIqodap1PjmU8RLebZs0EcNaPv37djsIFn
SycK9UBlEai7T0/lYr5h3f2/O4XsLqtjGwq553nnnk56WpIc5Muo1SSljiz5OX5F
lpIdOuLXNQlG/+emflGTbcsPta38GX5VAwe9kF3vVjsWryw1SNPXYoOKAJVkBLq+
C0nuJO5Lu+dbA+wkaMCEBw==

B.3.11. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7930 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4856 bytes
  ⇩ (unwraps to)
  └─╴text/plain 337 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500

MIIW3AYJKoZIhvcNAQcDoIIWzTCCFskCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJcdIoUSpo1n7vGPkIbII5F90QJDgjFBWqN8
mrP3eorKCd/HmE614/YrIqI4MD0rcJBkd6xNbUeBl2z3wU9w0tyThZKAxZH8XkNw
ZZu1aA3MRM+wqwCnxfJTSaZjkIMhsMe8U9ROY7InwRXqH2O0QRqRU4iJpIe5/DUH
dn/70YqO5g0HOGjzWS+6IoQdiHf3eSU40AlqNyg0QQT5CP1OM7aRXxt006GWvqLW
Lq52uimRL8AanDUkrEsOh1DggpFwsn/kTkOq9eBrjgNA8wHDA1BYfoLBHJQvn9yd
ivkXnsjIqoaBcx/61TLrP97dn2v4STbiZd3LDe/8yBCdnOv08qkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ09H8ZLLO2dMDjR2ysuZrqyi
j3KqVh8Rq7uzjB+IKkzFfun3FxVZlUAvIwb1Pwrt3lFx20ekpF4PzC7x9sdbxWJ4
ZJKftmD6sMZ7DVeV5GABH3ClO+aY1MWs10Lq82S1TBzwcJZpKf5srR0QCuXaQq76
47owb3Dd9Ecn03AIPeJDy05EMNGLRJFqc8md08ykQEJwHFXeZOotDWDm3lBAmqn+
An31eGbsWMcYYwAXoz65melW788tJWCht708gsiVzGdY4Nd5gQAysf0/iCFhQQzg
X+vrFmPwm8EJUmHPEX6I0V8ylyDXBt5qplJgku+51eH1BJtF7WWMVvI/1RSE+zCC
E64GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPmUUHGHIyJ8IXE0zUFiAKOAghOA
iBj5O1lKw12s28QbuFG9Tc0Ejhf/AcHUB2kdSeTBAKLACOsXNXcO/eDFttc+v3sJ
eVAZIO3p97XjwZi7q4YWIInBEFjVrZilmFnkmWymEEuhpAx8eYBZ176CRtq4F48F
DHekBraJgyEOpiuU/k0K0rsPu0/2W2vsy00QsefIBI/LN2+CxgPqcJ9+s3Veru6L
VbHR0Ih2NoLj2RPi1czHvU7B/dQGIWw5e0ZWJFAiEujZ4l6Vp/9I0CN/Wwj5BO8Z
B1cm/rrD6uM7VDJS5jPenm0O8JHd8TuJh2XBdscrw9sePmwyubHG11fViRotOw9r
ux552Pq+8Vwx70+nZVvST8LzYfKT/GmRt5qP1cyg8lUgiNZyb1wScDff9BIXNKnA
+8tZE7yi2VA3vaUMGPb1CWbpTm46mbhsfzRacyyB0pEK1mphHbPdU5pFYULJUhWu
t8O5q7gWy3SeJxtmkTsSbMfRHxaWQyzfOuH8iWW9IPdpd8bcj1Z1pklDe/cy48zT
TWUpSy1hnEOhuB/NLwycjT0pREGh007G04SvR46bH1t587B9Uy3qO04tn3NK8H5U
+hi0SpMxO5Cjp25sOrNToE++zO7dUe6ZjnBDyO20o+a7ASKG1Ec1bJfa26O+TxoJ
kW+R8eMHPF29QefDz8LIDozyulZ/telKPX/Y8pIaOPbnaqcWmO6I1k6kCWLeZAkd
VCpdT3DHbLDdGswODw6iXAMpe31811knTKebGJyX8XTnPTu3HOWirdtoMvmhOlMm
DqqSKR8+uxg3c0++pVGrXwCurOyYArWvkli7ZGy7Ve4ToAOq36hImlr+Zl+G8+Vw
Jj26za6H82M8w3kmuZRwQwqH6YzAivjVxutOnwU8DTSp2b+eIzuyb8dMRqp/X4aQ
CVGBDC5Uqrtccea1bs8pV9Q5t6KDh7jEgISAoTdhmrnwXWnXqcWDX4RCzlDWJiI1
DeMJ1DOQcxuMd1vO15qGRI8PLXa3FPrAABKQWg0zfV2UHqZP7kybbYCOQy++TDA/
dYdJ6SUccFfuYIfuUI+tJP7tYihnJZmD1JWPuDoIymjpnRk6t0J1ZRNkA9UaXWYD
wC6sLn3yDvKsP7ZdiQDUt4OfqW8tY5NmaxTSVdwOMjkKB9JN4KxWKsox15ntar8e
So/vSDBPzSLAjZbqOnP0RppwUAhm2eLiEPNmATCk08jx/F/bqhainHUZFmq/2D4m
WsoQogJ01DtaVBvtzc+6GqknFATY2wZVpbNe0RY5T0vnFfDlg/S8BHKrGNX36tBA
+2S/Lj6qM5B7Lk+BOqrJqhfquyUaNsmvyxFtGbzcdjmAYtOLEpaZ+QtdPBjaZGdd
J1v5hErhQW9At52gT35iZP1kKMhMWFkC09VBQw0QHf9hv8plt3ugvYpmLn4fzKhe
xytNCyLbaWooIDI0Tbpm2QZw9IJ2VyW71Qtqke0qlA5m4tkB9/PpIXu5xeC0OgPm
orNz6IrEGtbbg1C7OFEsJTvRLE6zzmyT7KnR1CjTLXQ6cODPVduoFF/qISe1wKhO
hsBHjdGdK4rcJbVzX5QkJbaqc09IsVnkpJfATyDBN4IGM6xzLbBXxHboK08928ZP
PnDUYjzyArjKhWguHl0f82ioF/Y9miD+iohw1TpHci2aHo1TflXgLWtOLCOXxV19
V49w28dLoz4jPIi9P1OpdsVK2q8gag2vndmDPnIK3AXbiIKAYz7GHXnCIKChgBWZ
TuGfWhVbmQ4yyS1izCmwdQ8ws0qCFethd0HaJUBMIKMYesmbwhw91QEg8T/cTpxW
IsRfc0bVo6MScz4QG+mtU0HnutzA2R6LmFBoaf+25nWOA4bCosrlw9qHRok1AVCz
f20uzQ5sTKU8rTXYwH7+9qzc+LDb47Y31s1xLNXGcGfOc15HXmx8EOUQrYeIyKle
lupWdhk5woEwRCljgnyqsMG55NbLSjpKNmaRYISZBM9MFZRUwtNKt42DgCHXLdM7
oBEMJXlUzlzoSmFKZ/eZ1yjrrZSZaHrvr2H2ulXLXukLfPSWmRX/TY4e5x707ygj
2WVGxTYLCwDRGVR3/ugq3hfmi5jfUHuX+/0So8NVwgWfL74GYJT4Zx882lfvu9n2
gy2dXVFzQwGI4hYUx/SjztSGpheuAvUGf6tJLBGVQz7Z/2LiNWge9giNioE9M8e7
8Vwb1cWx6fdvGiaUvwqR7tt7y6kot9giYVgEtzDBv+owhubFa5LFx/U47smDVvIJ
A6fElBOMSJZMU2Obp3ycYL/CEXtilbvX9nK3InWn5/ldG3JtUhWDSUGMxUonvcw4
BJkxZwAQUQieYYLUF5Q60qF8k5AIWHyp3dtQ+Yt1qwfBpm9ijgfJnxqmtVeUZyA2
dQh1cDhSd9UCodHm85pLfdIdqUcd06uqbR9TQh45Hpgoo9LM8HjeRXeHAYCiJqgs
qAnRgvyQCnqUibhlsE5elrdQGHG0n8zzVBYoB2knm8AwfrlbrVD+nTvmgsGNmIlw
9KU/VMyfHzVQrlfkxUh5E5ILVNMHPp/4RtQ/l0NLPfYfrzrlxFaXbQyVR0N4gTWF
o8OfmoNviIAAxp3Kbu5sc2k0hZHyw+ASxNB5y8s0gwvFZkIiow5VoGT9LWP7BKbe
1VdPq5M8/0ouuzwV+2L/KpqYNbOIUryuJJ/YJenj3g/xmlqcWmCybKIwXWqfawBB
lBPquzSz41/rrjmkrqw8Jcf0MrC51275U2RN0FEOcBCFrNquHH3OzBQrUxHIeZMw
mmzqsM4vW+7qz2ezpa7nPWGfahzqxtsJCs0DnZveLaIfiidQ1x9ePxuraXB8d07T
OpayZXMmrNyaUkxA042EcB7w5IrIW9Gypkcm8AyA1NgLYbh9hiXy7MMbKOV6sTdR
cC2cMoC1GMvH+NywpGWhc0WH0yZTbVH6ldT+wXz8C01pXCmpll0cjv8f7kwFVJLB
MjQUZCsrNwFRyo84vHTEhkviLEM1DLoooTVdvqd6m3XkhkHfZLKFKHIKH5B1SskQ
UPJszpZB2I1+OYuTPfTnbTIeQToxA2BB/HhXbj5eRx1LEQ56ZL6QGVQp6f14zGuO
ZjNQb8lwumE5wUQrw4aye+lv8ObWe/0nNe0swGqhXXPOt51vjbXTbXIZ4j9mMnig
9fIMVSHkNWgA5KUHxlc0XRypWWm9iwsTFIoW8LssH5gtyHvJShUGxXM4WlerQwz8
EmGefrRxv112w0IIV4Lc0F8kSgM/yxBE6yW0PRhorcsbMU7wHPj51yRISntcHG3Y
MHm28iiL+ztiEwlowne4R4xYGMT3aTHmXCXEYUI77jpocMP3rWLAjt19lsPAds1o
I7PzN/3g+0EFPh7pJng3C7JZwYhDJ8pl5y3sUB8Or+gcm+4pk2aHYz7d2PlRMy0/
fPaAeoIOwi4Rv4YoaqxNMYf81DuLcY7rJl46PbNPcqHNpbGBaq8ZH0b6Fp7hvNp8
dCyC439vM1bEA9ttQaOcYDi4bGSB7Mg9NvLfcGjSEFvbwbl8sLYsNrvAetKXUDy7
AK5qGHaRykDTkERofBdCACtruRkvBAg6EXGXtQQtHstDBr6J5J7Mc4jdsBcYaLU5
ojWxPYnDo32c6+Z0qWfV6rKgS1epva4jxSe7TiK7rkgYf5JzF8rE0ZAOEox2UYER
3HDuERoK158ln0FnyD2khZNai0O3/SJfyvnk1x1FYhpsS/8z0TFDq4UmSz+eS5UF
vqLVeJ5yJmcmXy1gSR29EDjeMI1fwzTPXF826D4WjZwGGecNt6KdaSP+PBqsTOIM
mReUZsSlu6Dg6MiIIQptScZH/6XslwzlHbK55ElqYTs8KY/pVY4sjYrxNlobfWpL
MJReUehfNwg3Ki39HUh9q7zYHxuIfqn+JmKKwnJNp4AOhIW1GoGCMuX3ncr4Yj2C
pRHiXXB6/pOxf/UQMpxnBC7fmPeYq0hxMcx2M3VjUWnWxN61jXbPIGgcpzulbzej
T5bs/C601iqgRWAV1Pr27DCW1VFPJARsuPb7Pg+USOHF+Vzjom6+TelVKgbQYQrD
xo5M881NCPxyXWsbe9nmYhZpXBFU9wmHhOCf0VFyDDFIdS+X4if8JxQfcbHan+4Y
+OdeWcCVnEzccKGc4K3sKhrhn68L4KESLKgVSm4bRWfWU5Wf4vahdOfGcczf40gS
NtW2fBTR7EQ91csLXE3VJrETcylQcdLrIykLbrg0F7qzbvi7RVXpUDrvQGfIsCpv
68b9h45msj5nGLh9f5onwo/DUpU87fkuUNgjH5r4FkNAjdgQI04aYbDQ+KK+1c9G
bsIcRhkIZ8fLQ4WtcqqlM+CVH7hkZwtMJXHXESB+n+iXn60tnHao2St9dtDwY1NV
lUIeqHTqGxluMEL8ykS872P81rnPAyVZKg50TW7iE7aLlxTD2TPOfx/pATDVyHLb
VzGaooYr8NHKwrGECZr1Mo0zb9nuhc3NHqDLj3gtwnT4LbVsgdIXwaQ9gEL7E+eR
Y2YFrtz9AXeuEWpvM/DOZgmYXIQeHv4VPv/CSped5JZMMQ2ZnXrG0ptqNgI78Tdi
xuHJDKVFsmLsHRDX0Q/DadNMcCjF05i5pQjKqRwVI7BF3vIajtMB1QQa/fYxK3ib
94PceJKlxDb430CZgzgW5+e2Gbo43lP4f4HDIzk7lbFtHxIZWdqB1gYHf9ZFXF6S
9kIqQS0plZUxv/4fqLFQ4gs/caAufbwtfeqfFODwecdVZwiAGfThrOLhowxJGhMf
NIU3UiHcv+onKVNi0XODU2YQe9ONr/rK19W54EhpIDa6z/dkTTGCw6cRtvRN22cI
KZEKfU61fllzaDV0ea3BOVY0mIrsTTQTk47vH/HYRXAubYgEmD4WXGFP20tDG0lI
OAZ1h9w5La4O58urEk002ZJUEMxEZlBzjeTljb8rZoefeivEJ7Ns0gitHesLJv81
mWrqhx56HHzLIJ6RxW2ChEkZyMsjzYK9eXQ3duSAd7Ye12/dVQEKQVqmkO6UdQJB
76kbQum/jgmOIi2mHiFwCHeW76kzfnIqzxd0Wu8nwQj2OR9wHO7KoiI+/T6ur4s6
FP1VBvzfUXt0Qa9EaI9wMUYAVoZ2xNyZSzpLkQh9Yec1FycEjzkW9cjyBYkJSVwc
WDVFDFDdjZUulonv0rmlz9i9fsK0tsDYcS4TDkimaDOKrGCtnxbxBzzUhEm8jN3W
qoVoAWCnE3TgIbo4Vw1gkFMP37obVrw9ocSMklX3+Lrp1B+Rod2Ps1n6LbuyFXr5
lZsfFJr6eT1DFQ3JBIhm47uGURZrKAucCK63kh3Y1zjLlL4mVDrARMnHYZw+2hIA
lFpuTp7Cu9DNSAsMTIykM0UGNU1XsOGRPo1HkmfxFLCHb8G9N9SAwGggAT4yg0n4
TZ9TbG98508vyMfRYSLODZ+63bvunv+RUtMH40WQE/tE0WNiykDJeQ5igkeLO1N9
SIsUXGsNZG/8UAZSvGxMsgPrjg+7dF2afmE4IHRKFBhElp2TkIaKzkbYgRftnnSC
JYSueC9y9IwDEH01R2ZR8keYLGRG9cxJBWb0Ow2R04XmbarLyvFih6AZ8WnPdGPS
mn84uHqyOupRaIDwvO65LDs07v/ArqkUZcy/ADw6F/2No9nju7zehWcnOYoX4k2x
x00JPki8h7nQo0GH+qtIAwt4pAXorqTbGqyWKXgW/TBm7uwdg+ciIaUL1hStw8XV
3RWW2cmL1ew4DzG4auZOOpAPxkOkPq9gOj6NjlPbAz3g67v82Obv/YOzLwxa69jU
MofBs5itg8XQf23gUVN8tC2zbJL8letTIKnKGvxelQHM96R83PxT4gUjfnKR63rs
cyrtlqfU2+PKa4SByfb9NgaS/v4h2R95j6JGGtSW1Ua9rp3aFLVf1fACHiMz9EJP
pbPFxUnT5GWxORbP5Y0vVU8RFgR0ArKRZhn1Mmyk9vRaJSrT+6K1c3igKDpDvcZJ
AF8NHDUL65szSSWVc0b50wlwBfAIW5MgI55uqDrhTleip4lbbWNwxcd3a6yba9qv
lu0ZAD6E+drFKgZu5B86BRnvcCYGaK90WaHA72ptEQcSKbAAe9Ox3IJ5Cl5aCr1m
M+2nh0x5JbSuCP76n4PJEgrwYJUlSsHy2ga2xMc4wIvi/hkgvthWNLi3unev6A7C
zF2AMR1vxDJYJV833JkA7oLEojGM9ykjmDBkV0QfD2WPyLAFRLR70BmVo2JB1Utx
rb+g5Zav7wI/yusXsFMjEj9rEVhBvhNvpmsehl2ZnvOk6jUr1dNksxH0CdT5hHXP
4fEeZuIxv0mzkAbWntTAYy7HAhBp7i34Pe7c19c97UnP1ZYB8xCWu11ty9kydQQD
9Ve8V2DvgTdgLrc3SHZn1BgtWwISf1jLRx3IWmB6kIRTKoqUND+Mh/bgblfnKy4o
OTPmg2hFLvY64mJEnWC5ATZUx8IN71dsKa18CyDCVWjaq99H+DMbBB+DWk15nbke
ZPwTyUM7CiHIlnpoMBu5Xc9H/2EtLsESNZ90tNbyQH1eCU/OaBM/5ivEZWE3VCnT
7VRke7s3JYbcBAkWMO1oRGj/s0HrPFR6ju7LHjZvWIjeZap1Zf4ldJpTyC6yRcs9
DjJIu9BUU1QE/t4uLOCPsCLlcmTzXtZpD+jV7+9wH8s+LZ0AE1GH+3FZyL9p3UA7

B.3.12. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8190 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5058 bytes
  ⇩ (unwraps to)
  └─╴text/plain 432 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500

MIIXnAYJKoZIhvcNAQcDoIIXjTCCF4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACIQq5gYVGjxS7N/umioYGQaBDzYuvtRP0wn
3/iHOuNThZd19MbrcaWCYkYZfrFFpAuqpVCPZ8mtxHrijYN47vAQUV6uOSDoZYft
drJZYTnB3yuCJmfeS9zonrI+CYksfA9NwkFJdyl9b0ILw7tVf2QFEqX/5tU+6o6b
NEoxlwp8I2+tICsm2oXq7rLZq9Wxw72pyV9OzNAwajOQML1nvPFyV7P1nB3EY6K6
3Mcx5TMplYEYEQ0sDzftTXfsau2fbQ756q1myA6aa344Y6j/oeUMeOuuUx/dQJMy
BbvzzmA6bLmr1mBkuSJRher3NNZkY5BlYpziXXlzrdkZcClYAtcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADTrdvyR85I7Vq+f9+ow8LIO6
6OgE1Cs5YeDyvYgdYW5xpKbd/WKj8IbrUqN7ucVaFEyGjP9Iruf74Zw+MA9CO/iZ
SDn+UiblUlWTqtiWx/4m8ZIkEkh0CgcBNHJT/ZqIF5WclQKqvxJGGUBlBQBhJSd5
snC6cKkTedQBfJ81GZT2ZmoX0dRLABvo/bu5k1h/5FtQibRcd/XGzIeeSSTsiCS4
8BsQKkx+mBDsEAocaLIzHA1Kmm2fDwPwDBDDcGAV4P0nnzZWK5Zdo17pJRpg9yLy
OfUh/w7EqPopX8bHRQuyLIoFs9lzNgMTcGmIg7SL86SfkClkJ831EXg4zX6DlDCC
FG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMJrzgXD5KffUisHbSEv+TWAghRA
IybXhrlTywIGr1n5kLYPD1+FGUjGaKjKFAIK6MYGZur6Ba9G9y467ayUbv5tpU+G
EF8VfYFZG5o3NL809/9vII0FG1ujgRN+t72UvIBuZTDMdP50+imi0G0La93BNdd/
bZ/9eWFM/RGEIoj+krdearRJ9xeb+Y755WcrvlyQBhgDwlTeEAdDbTj/3GFGjIYO
jypfQPfUNofYhFLFi7QwrctHzP7qele64/i4ouHWk1ETw9vzgfxp3CuZVdmImuQR
PSXHpBwwfMnqQXAV1keUPqCifrNWkVgEvWGPBgLoC1jhOK/lbJUBpvhEiFtbcywd
gR7wg0LEsXe4zsEW6GJQy2wF8+L2nXAA3XlSCwpHPj1uAvL3spgOTKd4tSlQ9f9e
5DeRJ60FO4KIq7xG30bwBAguprf/8KzSl7xVntSslz6sp0YLk2OHcD8EC9ZkbkcJ
w9qH487wyqWrl0gAMrxWyac4OsXJV/SfFvYjBMGpBrZXYPYO3Ay0ekLT6xFf31Bb
OAa0hi/TNhOjwBpeEah+zgAyUYla0fsYrQGrJBzUmQxcSWATGfBtAvHGc3EVFSH8
gyP6B0k8tm8vz6Gkp74S/3BhudhO818GBM1RQ2JNwhdXyBmwiTUwYKjCrvoWcSp6
CgTC6c1bSn9u3zwkoenBs0pCarBGHMbL6TytfeUb5l1Dmtebv92C1F9i7x+nuOML
ZVKjjGTISnWJX86Zj3bJRNQHN0j/dQMrGhnJmvIpdp2iayt2vR3yYTHIWMmI/H3d
yeBNVb5pU/RWt9AfxkSNZjrEh/tiMXhawYChB7aHpGI8diS8N5mBGjvXMFQMtGqK
8oFwocldvtjpALqmlYPRaPbLyaZNQrjrCFRyLA94WyuflPT6EWwIycB4spSWTriv
uN7aVVZwxis97frZ+qeavt5lIRSUwmkliIM9bwq1NYVjNXHweN5IBVHvIKl/sjdl
FtmCf9eKCspXsEKSIRvN+AFTVnfP7VQB9xY9OMuBrgwzDoknaZKzJs5BvD6VDqvK
4N5eFGhmQqWZaaN/Jgyk/Bg2Hf25146/wsPsOTdRm1urQl9/G5QiAggZ9OdCPKJX
qdmuO9Jg6DYckWE+MG83Q0gkoi5s+z9mZDtzPCIMU6wh8zwRXwAFVNCi2oNE6TMz
WnLgYyYj/YioeKeYjgAXQeqlMOy47wXn84Za5XBOaNmYV5cr5MBD6heVcQauCHTM
ofotrXaRsrqH77iEVsG3i0BaIagj6KwnlaCmy+xCMDR/WEIX/t1UQE6KOhNGHyFP
zlGaxlIHlfnjWweHoyFntunZrY1MbTnmaSCA+xx/ii9lg5urxqhRPEtbUv49p0Bo
CeSQ0YCTp/Yla4j80bPDB1eno5riUPDzR4UNsLpQ8Fms+qvJJk5e5rsA38Z6pOOi
KZFlCOQqRw/loZgoiPEhYjnmyM6wZyLeZHzr2NJINYyB0ODP8AG71xbU0IFEBoOc
orxAjpAS1giNwHPKdoSdCAwOainwCNvDuc9XSHH//sL9tHQK2o6h/USpxeYK8weC
cmkQD06rqzZEXes2aHfuQo5hq19cSBodUqq48KBGlCF10oIIQkVw5X/PkKX/MrYk
u6rk1NT19Eg3+HUXfp56X+qQvx/KSlC1qRzIZrq4x7p3ANQNSUM/C5h1stMD7Q9L
WNj19BnTAJRJLnASVzBJn/TvdlD9ersXGjwpzPe8fAcXJWfPP3D6gsLdNP3imiac
Etg6Vt6PJtvWO1jf2Gq8lZu4GX3SH15n4jkDOWQtJO9hEG16PCx4zT/5TqdVpYxO
q8QA0QTXjL+zONDwCCgL395n9zW1VGVj3HXUCHo3vLRwRwEazmyllJf7z9nsGyW3
Ol2kMeLE9ddPYavLm8FCQSDq0g9W1w2mZDtRahx66kV9WtOXJdCKU1LPYRr1/gVH
VKpC0NR5f/WNB1RcbCyFb0TqGVirR4tletjdUIbdY2nRov7PIV5hNH68WNS4pJrs
ZNP1iYiohIvy59OyBzsz2mQR/ETCquOf82fJCXRxZ0wphAdXO2oy2o9Vky/njGFf
Fz3EStlH7Z7EoyLkj5d5F+74a+1hWzShS4mw3aX3LmsNq9f5MWC0TuwzxDvSGPU3
PeVLog/vsCNt0fhrWold4Eazc9FmTsyVKtWgNopnXrDO/neQpy8ipcRzn+klpPmY
5g0R+BohkWzBP1aIWhF+b56ZL3Afkpqw5q5LkXmHCuSlYA6yMhR7govC1uFoGJ2c
dP56jqn9y84MqKUMw1fhizhxTjvUKfltPk5398zwQTx2yKRH4bThluK82EFtnNC5
B6E7uTGHX4/x3nz6Q9hLf5zmhUdFJzo3bh0KZx17YFBEZMHFqdcv9jXMBQzy6aUp
qVav9IzRx7h8uYGUwo2agvCoUCuBbujuJrm1tGy0Z3IMxy1w0KMKtkL4Q2uunLzm
MI9KratRPCpqZ2yY0HoGoOUJUmua9CGxrmYSUCWZVdyMdGoUMPuUc+7hqqSvChgq
LfJSqyYKk8TQXVycB+Zq8Q6GI4POGaorIJxqenAMQwqsNziX4/X/YRWSzaHf8PNq
uHUGjv57I36gUl10ZKbsWrVTP0C2/DcilAdhHyJmynoYDpfkMMvmgPO8A66Z46//
XTAtEipnx3Mp7KX2D2M8UyYq6h8c6yl0dPvgLAB8ZO/Ji7/XTTy0z8hG56+Jhslv
Tcxgk72593Vqy9Q6Pqvbe7EiT8kAes14lP4kj+DlTJ0teWoc6dbndK94cE1fE1oO
S7mlF9RiDK4Xq71EbKn5TINq0JsVBv2LHY7m3fPSMHAqrX077CEOy+Xi2PpNL+45
k2g7mTjU15dCOYWuXF/Ma9RiggjsR3fJ/KOu1IqAHkG402O8WF87Ku6wNZUy4bE2
QJYljwwnBwej2sMjSjLpr16fzvPm7hTx20Og4gMZB2qTPtL+VcQ8oPSVUWuEDuAV
Ds/pIMaQUr9EMPSqQumDXpzehQMe4FGaDUu0AF5ynuTacYKNd0am8QAA0mT+zB7S
3Om176opyuGSbkVqff5EpOqKZzk/QTlWFutby/3y3mn4qmEQ5abZ74CYHVuFcQ7b
vcYDHrhgNqGnMVqADM2LIEyl4+SWlrjekytTOr+I9s76C1TG7wu3q4elefZpGSjm
z8DQG/TMK/pRFOyAiFk1PtqiD/VYcUxPQmaPMx6Mu1VArGjkvedqIVJcTF1OsMIy
UJPYGI49Udgb6m4KHK7Q3g8ZMf5eNGfl7myC6mf1/PMSmb+19xI3cW1De4AJCrLn
eiTrLL+kPYbsDjJLzwYAWa1N45ogcCFdKbRtVR6G4Se92b/CU/tdOEajhj19lFCm
pR/oet/vj8C+EH2wgjbKP59YwVTQyaqknZQxhfQIZINt2TCwLF2VT05qGU+TPhTm
UDxOgTObCpElThELwI8D8DHHV9VTrE8SbyuBO07+/6B8m/Qz9NgHkPIpc8Zs05XQ
l5fzm+Ck0IEvY1pc76oazSqN2RtImopUnoB36IMZ1TghD5O+4ywZTAFpd/L/YNoU
O2tqE+hiZ9/08f87g4jCGgNBbAEX+wiGUUkt38riDgrmXvI5PsA6LM4FY4p0PVBN
G4YoqMypb/pU+CeI1yx50N1v4HWhgdkyHN/twWTJyNGESpVjKdlsXmAMonKrJZGg
SSKYMb0T4vxG6PjT6Xg6F7mCZmMAMztXzaEAUNqjr/1taVW+RplkwzeP8JvOTGnl
zOvt3DkVWZqvjXjLHxEptCy2ja9KlPzwvXTZ1KotdAdC755M41I1P0oQSHLCX15w
WAjyfghMQOnpsK40K1wVLwvOW37vkxmh09R+2BMfNRdnXtIO7yKgeY1qsZrgmAzq
nGTXthixWwsW2OHKLeZNBw31h16k1jDm+8twEqe2kYVUVwX0VRVHJE+zspuhsK38
HVt5vCJERCyXRSPYZmoUjgRKY8LpvzJ6U2rv8k+qo6FAIGY3o3sIF7baks05BM5r
ME7dMGsPTqpkCNlJZA4V5JM7lzAwPu0IsXvIeNQw9EK/Flo/7WftoAQADZ5fLx8p
9XNA+/ycwSsCj6a776f0kfoL+Bx9bA7FRvZk3VY6nxT6USrcT4vrsYyANLc2xVDo
nRWog6YpHLv2TtrLCqSqfltbeJxwHEez+0P2MDhVvJYpEeiyZdAAvov2YOF+PHyy
FrAUaltnbuhem4aHs35aaMMmCGItXBV0/cVkW9dJn++8Q0ouM1TMBzFgEKdwVZRP
LdP01nDyyh07WJFXK74f5y2ila2gjAVrg9VsuCuegKCmMb0SoxJ+10gFl9H/F+qn
3Hrx36LBy+tBj4EcRJS07q9m35hmZIRhE2zV7yfnpSYOWEHXsVxeL+aanx1dVIZ5
D6oKjPH252uV9WKZdbvRgPgg/l3gLAGTGXvPbPL+EwYeHZkDVCuU234l59t+Db5w
orVZheuE5q9klV0SauNu+JawzU9UZg69m5QnJ9b5fyAMtAFVVNVlmTzZsonY0ovj
KX6rj76Y4NcLjEKXwJzWDGJvZHv7D4KKgK+ptBpud1hAfmwlDWH3oFP2uelz/262
0sUDU3I3IZk2XDKbPkt1Z/3+WyEpbG+MSKeSvHKEENeqlHpRK56qBuid4QyfuhO1
cWgT2D+w/Nx4WQcz19h4LWYBecrUml8Wo53DQApeLJNMdUzNgeKKOFxs3an/y5/g
NEJT4p+kCpgQfSHJ8sKujf0X8/HHoaxfH3Vd/V2wZrYCVf5IxECQ2xyO1lorvU0w
YbK6euqf597puiFolZtRzOaSnuauUvVAQNthTwfOhUWswoUC/i+jaS9m/4GkIoUH
S6zPE7/w7KBrEne/4gtqgpSOROl0YDnxOGNIFOMNUjZ1zlIKASa4AuU94hYtnix3
dxg6Y2g/v8GUe8Z+RKoLGdjzavyu0AVgZ5O2eH+u2BalxfpQpbQtVFxZEFCeHDLZ
w1IbrXQdbtoks9WVtqjVSutiX1Yf07JQCK20WeGfaVfwvmd54VWBNypXSce1RRhZ
Ek0uX5FGd71l59FYucHQ6TNPbS1fptvSfsiaCqPzU5Tqk1XLBMpdwHrJQU605usd
T4no88uZnmoWE794m7CZ81ZpxhluRB3Dp67znf3gEYSFpTvtRvhRc/e7lBBmPWZH
NY+bvMfrfnWwgkR57Y3wrKLMMcUfH/R1PcXQ1KbLA4FGkUUvc6lVW2u+wfHX1xX/
s3ht5TA4CJ1tubjVmaSFViifQDs5BHADZHVmSPdmpDVjogtBRYnDVNqIEZPWqdya
eAlLLPLNjthzVWmnWF8bBew5sWsjlV5aw+Ly5tCC472KLLM+t2NcVB44OcBa/BSE
p/vh3TEsoZ/m+UfK8EGLqNVs2vPZhuVW9i19cN/5ALp497jj7Pdq/LY19x8VIrjV
EqbFPWIKeRDcBIvh4R1+0Z6nlHvILjv1NlNABnKqHwfjCQicvOaE7OlJ3QWWbBjC
dtOkxhC9+gBqDlq1YWgwbEzDPcFVzcCmTPH9wHhshcmp25O7lxqSxONeNcGMKy17
yBSrKmaQr1escqeLJLH/yofTni7sb+xeohrz+YYJraXlcdLgSK6BzpF7wpWhMB7c
Kyc5T3ReUPHrm8RIcaccjIwgxxyJ8YW3iCpH2s+vdaJnEC1Aa6D+53+0aCFg0/2g
asqTZ/iLws+bFux6MrNs8cohuvtF8Y6A/++cp40kp+PtSN8G7+g1CmkdZZdMg5u5
9J8s8SIrSbVj3y8eH/DSWGQ0gMc+NYLaWBXNReVPndwWP7aqXjLysuRAVVgOFvJa
zrwFU3JeUphCtGTht785hFePHTZ5IZBw+DAxvWHGX/5sIBokYH9E6l224r3ikUXU
DApjB42XlcYwo386TU6OUzfE8xHaJ7o+nW09t6sWy99M+BYngsu5ghjqIz7EAZjU
BEB4pDKLcVf5tXVKSOSeIA/nauOxb8y+xve2ZkY8UARMwrtt7mqgqYgB6/gLD7Ah
Rw/Zs0+oQiNqv7XTY9clU/FfAQlRYiiz8o9fU783ccpsuw0PcgtnHWqyrw5I4vl4
fRHOIu+dIl3Bl8fbPQnoVJkxbLTvG9plaXf4fKPpYsR1zjIOSFSqimx/ogkNjlaq
4eG8h+lcyFIT2fmz4Pekl1uASudAGGQn4AGPu/d9FsM6LJv0loYzcQVI13F1ASgz
Eo8/ks2dfhjeiMfHkGl5aFybZAmd1f/sEtbUX5rCGkf0REfa17TC2NpB+OVSIJKI
V8sLYNVsZc9eiBJTli81ZWUPzNaFtyk8zRcmd1OzUIvpESNve8x/USztcqIpMIwX
N2mlj8D1qwnFIOqgHEoMgWx3Dm9EMD5xjgCA9f1Q9dkD2WHVv62DnMUnSuYH3NKi
4fZ5EGXTNezry4SpXmgLiEOGpiXz/wSLP+/n4RvNfJ4DE0D27wiHchvTAyW8IJgo
9uJU/KuVEk+cmUVwAbqWimq2XpY4TyopHyVjSFy7a8iaYs/sd+u2E2EEfXiyVra5
UsJmo/RdgZSCt0yLcYAKsO3gpXW1KSthrAUFYbSDlg7g5nQ9y2JyLsZGhjM+c1/I
6fEhOucX0MBaqMWpS31pMw8LUKSKOdiMXS+OlKzALyg3X1ObR1yK6PNK4XWs7L0+
a8nAdbRwoasr6SrenKYuTPkuRhLEkj0k+V4B7ilY8xGYuYjiZkxYxpZBwB8AM07m
ck4fGBGOOYdaGhraRy4DImP8SzVebtEj7i4wN7s+fHs3c8d7c6QuKOJhicyK6Hj+
spmo/oEd8vsvHieyu056IHduU4aeDkVoTYN2ks7itpuAv9wMOv6It2r4fob/aRSx
ExuZeT+RW/qnFpLDiUXa/z5VYZH32Ea6W/MUjoLc6VqzfGScE0FKJte+XiasJ8BG
yLuotJvLI5hCIz8gW8M4nSo8yly9VeyZ7Fn/DLsoJ32jQpYmhUjKjtNzqLcq6Wti

B.3.13. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9665 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6148 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 1923 bytes
   └┬╴multipart/mixed 1818 bytes
    ├┬╴multipart/alternative 1132 bytes
    │├─╴text/plain 375 bytes
    │└─╴text/html 473 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500
User-Agent: Sample MUA Version 1.0

MIIb3AYJKoZIhvcNAQcDoIIbzTCCG8kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHpthaX3pLTY1dQEpjs916ELlnCWjEQaqMJC
b7U14ds6WpcbE+m7YotdmTDc6sMudcq8QWt13YfuveYJMPp88TnfLOJlmxvh16zM
pBvxeDudVMaVk5AhRsIDeZy7XejbTUQbLvKNsfYaWpzcFQgw4pTbSj8adkH9ktJn
BpOb9B1gknnHni97slF+6wc8y6UClQmwSV6M3rFRhdx/QIT1Y+JsO8Za7ByfwWzZ
8mgmKCW1WhQKutZUZes335ES6TFg/rXQwZfC/g3K2gDVWQJ2KOGoJfd+3gV8UhG7
XGwzJHn2H16D0+ryfmLqlEpdpH/n7lxL0etM9wJmyXGCbxNfODQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAldsl+A7Bcif3coy6a1u5rzdj
R5dLE46I2ScGw8LvTkwXyGnpR4KoNvWvkQLJ7kbXAYLg+Td3abYLDxibz4s9DqLs
6fMo45Sdrifv4TLZ3JyPl5Yc/ZjpjWcF6h35foI9SPuGOSeMD6nYX/d+Baa0Lxlm
ncAHYq+KUWhmWmkw2xDmiY6QWQgo1+Og+XLtVhbgjiHGJ+bYeVQLuQgq9Tn1vIHi
8EcvqA6lXaP80AOPS1Tl3Dph1MQaU7yEySyasiRSVlYA45iEA96JiPdLvdneG/2D
cLzhkZigGZHVvH+ZpPnr33S8BcTQG4W/ZHLwOmNB/To+JnAcSYoziSp78qs/7TCC
GK4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPEfWWrJtkXQczxhrK23VBSAghiA
aS2akkBo7J9AIkHtSGeZno2vqidZXAF44XYi6sQysoQgX9G4Ovywjq23qbXFxShT
d9JP1tZcoL7KXlyCfHN+ua74NUetNTmykoElZY5A8dzmPkdITjZcUEeEYiWk2t+b
VWP3qeCIFmL/NVAkIF9v8/VLns17uzop/bx/lbV0GRWkc1ipS/75ZIY7jzHpognM
/6lpOKEJ6DYjOUJJS+cY7SfDy4dVudowyiFBrEPeUXJKUe95R4CmAiByVnO9oFf9
7g3HiiIEJI3IMjNGTgloeXTVINkoNIJu9FGRZn7W84mZ9J6mPTjtY1vSCZlkr/U5
eGA406ZJWU/y3ZijDfRdhQIScUjg9GhMovYHTYfAR4GF+HTbNHt+eRj7pqWRMetq
febcQhuqnMMiossq6zTSnD5ayVbKeDJTdwnQjdR+Cyg1L+AVM202LlZwziW/Yetb
57/s/DR0KNjhwRhUYYNhQ65g128BoI7MuaySnkMAqtcmnmAfMhQb4R6reVFA9fLU
sCuN1MKsFmFKgSJwNWbBehlofCp3gvdApXBXMwCNLZLIprA/n/6uzTe3+EsJeX0B
vLlYVkNaS2/MwbbObqijmgjR2Y0l+hlwOUmXDTG2tFQkVEHcaEQogZ/Wf5Kamvny
kzrxGZBdjUWQ78DOWhRWcmczTuhYR05IIb31y8r8wUoybRydTl3EdRCXy8OC3PS+
EeZ7H/2Pv0TnQySjAT1OP8LGliiRg0LWmROmaQ0CHr6HU8o6mQHyaC5J8Km3mSEW
7krJMqL1e6ecYCPXOi6Asur22Rh41pyHwo7dgtvuKf3IpP8KQOSSD1gUkC9WUTPp
qP22f5R0JmE0tliw4h38DSLQC2M7uGmByCzXw4YSggF2paW54gQuDKEay229lpMX
mXIbUTdjVDymXuOBv4R+t8rcV09x8YY/DbqoGBKkY8F/SVrx1vlENIba04MEUe1z
xUkP+1cA6KdrPcTHjKAhR4Vq35XANyJG2T4NhF/kF+O9OQu4UupdB/wgjJZZ2HJc
XjQlQxS+f/Y5KsPNdkax8lDMwf9aSOSQIpYpm5PqjjHxnA62n9ho/hwXnk++61c/
3ZJWp0ck0pBqhx4rbQwMVlPcO8zl7qYK2LVDPVyhkvUB61EK0gToOE615MlmmUUE
PC8NtmwjfC/rXFRIPI4gwYNCqn0BmGB91hXWTrmbNVT3H+wfshod48QuVr7bsvOf
DAmtDZM6eYWoAIUrOgoAg8OcZ+sPg6OzeiMoe7VENTa3m0whXHOTLxGoe4VBtQuz
52PTK+4a26qICcnAZvx4C2AgEba/sdUOKDjg53kR+JsQPPqS6/JVuL31eki9tGeo
UXnbhk5ZKUboXj+nQCWwrKkreNEgV5fsHgeZwY3/+FXm6pk9qQ+/f++S5cnBm/Se
iSvKwkAXzcf9/lGSgM/EKg6AcX4/4Lyr7sNOtIyZhLaVfsceLAU1oprJ53hED4HC
6E2CuFllF+EwIYAaTQGpAvuJPfH/IiGy8qbaY9foYbO1WKjnumHdyoGwXHw5CdFf
KiF0zW1a6fjvM+Z4ld7SeKv+TzRp/cjVr7GavRHEp4EG53EQc9CIXLqmz32Ep3ph
kMsqm/REp/VswvSaoxG/YV82zgdK3POhTESIAB85awrPmfj6mCOu+ypnLYuua8mo
ZNqIleDvcofTguOy68I5cI0QGLog8915R8umqPZcRPpA8I9gotIqkvUyPQHczLfL
oIHnLKwe7WxHcQQdbQaKuz5YAIewUz3RF32g4qmr6d7C/MdkDGQi7+d9+wp9wbDX
L5klauXJDzsNiz4E2wrpOrzuRF7vMrc6VoIxjSco4gkBI4ANZCwtqB+H+Ci8ubwT
VUQ+jDIpt5q50EXMEfqnzdpQ0tBWgwNS0b7vguUec//5MzGNx69rnaw+06zkjzri
JEmsTZiXPrwEhse3yu+N6xAHtCF2/CiYgeHio0/toJyXpmbRsC/MaeWtHgd07KXj
LMC1fnTPUn30/aR17rISnLWhcezEHEv0h61K5mABH9VI/wUywoiQuigl34WCDHa/
Q0hpUc/wC/rFsHK34ZWSj5MAKtdXacbZT2ck8yK2HJRPda1lzRurZd/A+rCebXRn
q/yHz8t/NYxz8n0mGRKpwu57Sdt+eASt7YJ9laLMYfSd7cJzO+8rhJKXxU0eSFdr
NryDjHMvoN5nPle7UFcu1Rt1kfjRnTyjw92wiTxskGeG4/HLc+Zlg85YMXq9thhh
+gtRMVrVsahRty8rRLglJmmZOXYT4/i2e+mqPTOgngCABmnU1CkAvfwo6QVAYpTN
tTjEbS0dQ9FBPqppQ9Npyv2bpfPJPIf0tCTClO6JPCC+73agjOyQXT9zHvcQibNY
WWsvh7ri3wm2RYEbsheP7cPePWS/raFKNdRIRBcyqTcpV3YIBgiY229EmJMXagKr
3Z4KgNT6RdSwrLMOxbdHU88yK6OMRMfHOgHrPinFT81j0oiw4uxnmFnXUqcWXaC0
gv9Vl/z8PvQE/YgY9uQNwbC/UEcZ7GttnxEZdVk8nuJeFYr4o4/wJAbVcMKWh8JM
V21ERzWoTjv82VuBGSRFQw6KlLMUQAfZF0q+hnLzdTBjT945GXiRkeHcENxsdC1H
br+HW2bg56ZTVerczUKODuHQtviQRl9oV+7uWv2BCEu5SwM05rEOjwKMIE04zgKc
CWflGpudQKJXXs24iQiMzPU3ZCxokBgqz/eQxcQAPk1rFcmGJvvGj6oN+FsjcXtR
jAZUnr+WumYu9f3GcTm1emtRqnnMALVzp0sJ6XDmIh0xhey7UCWDwodz0w7P+IhJ
J8M4vvPwj5f7OsVx29lhsZV/hBXgS9WW8anSrLLHYH6+o1tiSHEQKgHFQ2MdPwzk
xNtcmpGHeH9TJtiseGbU5hsYzeSJ8kbphKcHO6gL76h6XXOcZpXNywo0TYTDcH1C
BNBIdskqGrL8gd6IoeP7fjG6f4syoeYjWhCM3RXgR2tNamFxD1P1lQeX/A1/WQ4p
p5bRsC9itl/uiMjVM/fic6eslIJ6XOGpYACPjqrt6JoCOEP+e4fHW5tjajaVbk+F
jl4aZ3e5/WvYwJzkUulTuywdp79Sejk9kil/RAzvSOS2v+40sWXoFFdr1TRtazlP
gciRlOsTAT5y4uiL8Yi+IPO8SjS6C/mbpyAfIFgY4cWu309zo656GNlOyEqBQSVg
bVYJEXeJ4dcix2LloMbNDoJfiFQz+pmyB2mPGYrktDG0hwV2w8CPHCOhEg4yCV8R
JoZRLQiix/6WL4mTIy9dLsMruRq6CaQCauiu5XUB8P+aPVuilx0WxwVfWdEcX4if
Ns57xmGj5mNaCjSrtaW++043bfXR9NQQr788cReltBMTdEZCVZdQJ6/K0idnWfaj
CYiZ6kE9KUe2phZxbq2J7Rhk06dq4qicFYZAqvjXsxbOdJapQNWtM1HOE01MA6aQ
uOgZq8CWvVwZMRE/KRF8RPYgrhVPnfB6TVUoTdGRLgnz4S7dqwz6q9H86Jd2Fz86
W212B+LIrBkZGWgmz6QNMT2g85LaC5GnqMLKwsSf/cBUWc2rBjwYk0xb8jEmZwv1
8mz5o8YJN80qMAKyeL4aDF4naa6RPoBUavZP0bLAX8YHasz+85D9lRPSrNWerI64
SqRRS2OQfQCASnpGv60IAGbLmNn3URRIcRfVP32kgLqk78cuSxlg/qhwvStNbdxL
AkISRZdOd+ajyU+y1JFRFmcMRDlDef5gTtJ4vWNKWiThJy5qPyW29NkKxBkU/6F0
0Z90MjUznhx6v5DJhIuxKL/v2OZ8VB0oDfcMIdu6XC5x93NQoJmyxP6R8MHHiK+v
WYeVVPHfWtDbfd6dfKhyVyXO7w3pk/8tpruc2vwoe0uG/f0fCTUG1xCpCahTGJYg
Dm1/+X1gFWJUthK9NMZ6GouF+DJuNKaBBxQu9nJfHmUzzl+4eQf1bcKgQk9BjuVl
1zWXZeKNGXRIEaiVO2E87/m6fqRx9Yv9me9QIhlmVvt2687/eoV5CteRKzL7+RIW
uMb9lNatVjX9pIv5ZZ9W9le1wJasoc4sqKYhG+GNuVl7cir1xwmjJcZD6rHgjF2D
xCDwrKPudpbxkZL11eF7QYzvqylmgQx2v0cbshfIEovZAbD1zWzdqvpJSrWEDs5q
sXPdN36TAWVF5Rod1fueIo7bv0tCGQ0zrYu4FHPDLe9a7uGWZs4kzAnQBSKGKrJR
METU1btrMvybibgU+8/Z5JA+4hbQsxjGAvpwLitXcPmO5By0dULQBdRlHXXMd2mF
Q8XuScWoGQDxeCqOj4VGgGAUZEj8iW2UyU/q6vuSfzA3TAMl0cu0dz7/WQxdqw+g
hYQx4N26R3DG4c8B5plDcEENHZhBkkeEcAyCql7jDpPqwdxxaSHM4HjcibrgD/mN
HDyVgwbyy+aiucg3aq6EfpZHM16DVA+uwHs0WN5cqByrJqAiI2AWa9/rCoiXtTkZ
b/hJbDIXlNZ2b8s8wZzt/MOeqyMRaDuR3LiGuX18y79ImYk8qr4bAcsdsl5zlGHs
+5Zuzs3K3MEAMW2ff9c6QUmfkMGmdKtMtG/hdiqFcpzbXlSmxgZVw4EM1/OLftTI
Y/6k4QuE+TXh2OOeNl5VGEMYam6+AMjWPC9u1I/AtMy5y3yOcuouRXayBqpfy5Hg
xbxzoQGhUqg7P+Pn0MPjUn5bQdbHfnbyK4kv5sGQrocQ4Oqtk7VODaEx0mcm0wN3
Zs7jzcVxRC6bZtH5yxR5zDdqzsH7qqXHRe8OZ4yhvc4mokrQrswiIL5kFt43gL3y
h/cIlBp4KBX6pqf1IzoFuiO9scgFVRvtHygsgQ+UqWwuq8xMWgXFaHuy9jrrPUls
iV2hQ96pKCkERQkt519xMKmT8/w7neq5rUUyOtCgLcT/E6NMwmpyZv4F8BQoHeAO
69PHQ7dg2uDeKAyy7szDr7EPA/1Jc/AiRRX30ohPEc6xqiYFO6U4Mc+Wrf15oW/2
SFuh5+2j09W1y0XVMSM9vXGfb1wiIp3QZqWUfavm4C0NyXLjfCkNg/M/rIjRFJXr
sToHAyus3wrRT+UVN4ARzT4thfejIx65026NFyAE8qeZNd/cgqcCLOzX0Wuh2uI7
opkl0J2QCYuxsHHQf93VcnwuLhh8669HdPTuInw0poWzmy6nUTWifZ/MXIqq3WcG
E8mkjQpsl2vGJfHPAsW43/cwJ83dI1LKzJA0XHaURU9C0yvzblaU8QO47t2q6Ne1
FLdOIHwGPSvBbhw292F14iT2oSe3CQ8QjfKRW3686zJMlsjjjRLL1JtnAUOeIyNX
OwXB4pb6m2emOZWfp052z13bmAVc9/Ja5Ikgf8pCgL004WZpKF4kJ+7wuoIbwfsx
mu5aD3C3+wzRZ5d8KEDuLGY6EgtSmhGw3jBUOS8hML62lYiuqAwiTZL1mmXjcmY/
nB/YncK44CBsJelOJyInx6trRM9Buwo3K9+Ul7e/QlZgri1Zph5InrB0d+vO+bSy
iqYu3lF/lAQplxijK3siURdEUWXYwl0T2qbHRhJO3MwvSi/lHz2jFdl6llJTC40e
vBPfwOt3wv47assyifSqlVL4wKGkpN69kjmvwQzfBO2oSxoYebosX0v1OCjHTpvz
Eg6986NX5P7sXt9LlQ48xBmrSjaB2Nmh2Vwhxt0/nNd4yyMUHpaGC/Hht/pnUlU6
2fTGCqA1LOxmZT72lb8OSPkt6quZ+8xDbpX/183FsM9Bt3/m8x7Nxk6HRHj+GVsv
Zo5epA+EX5gQNZ/EFg5FoNUuXu/j15AwMF5tl6XoLxuyjdIdT0TkJ2/fYXqAjmWq
IV8IaPJpiJQ8jjuEPNean4Uu3UI5d14katc8yW9HvTd3ANXpAO6Jzl+ujhPkRsdr
9xSuV63fNXg60C2wrFU/B2E/rAf7fPllZ1atvIb6AksnwXHaR2+apyI4tgoBEqqN
eHS5rqgr/vtEAYybOrz5bzQo9ZLBvqQ6Sy6ijaNbJJU72OMwlfNHdTUhYpeMcqy6
RhLOrFX/OwyRecOYtyJm+8N4/nmea2gg4bdN2ajET9GXbEuIwBLUxYEpg22XIrIu
iC+Xqm7E+vcG0DynGLW5AR2HVRKnNFeUerCE0Mi3lns0tbpls8FH8cLIEzpU/6Jr
4+A711E2aY30HIbXcMhGVkFRFKawZllGSY/3A0/zuWcPLRfvfI9iIcO+73fDrXwg
CUg2KoHBh81rwMDzx9HBEThByO++sY+8FdYPtC5EmMHS2gICDSfcmiI8dC5J2bla
Zfv2s5rw8lFMWx3IjmAt84jPNjFvXoCm1bWJnhX2YZP3l2MZdVRq1RQWlSZ9eQFp
WyYA4Dohp27izdz8Hk1l62EMEsyjumHHdFl8ZuYlGETLFyzJcJjJb4THJbi2S+yp
Z+83HZoTX9OWYh2M3/Si5jUuVxs0KSM8odJDNE+zbRmzgKLih19EWkFRaEPGld1H
q8uMXq0CHByd303MVR3z+WPQE+tZOxHjhtMVION/5cfKTqO4UWVTYup8pUYa8Ea0
4RvHlDc6V7HARTWo7lai6vm81p3U1oOvVqIX9j7mx5+WLmPznM7KcIFCIQihXANM
Eu1/tbpFG6sOGgVacHsz84P3laZZuFe6i+gjlz+Xr2PjNgshZJOHzLtuTuWsBMdw
l2AoUC0A+icf5564zgsyYJ6I5iqKvFdL00zoVMElSpFqCdEkA5IHYfPnIlwsAMnp
oqjcoxfwoXnDKxKFjS2Qhae3Iqnn64YDxCD+gtxHPe9QMRFQvbM52yPxLGPwrayr
1YhDipe4Nh67gYRaNdsmG7hnVA6zlGhaEyPaP5AJ+YsuH85cMV7Ck11H19JFcx3l
7ZCjw5FQGx5ThOoZBJeEp24yO9YPRnlo8Sy9gAhIc34ZeBoFfx08F1hu/Ii55n+c
yme3YGUazZhErIP8TwoSes0daEXzSn8oGwWspxRP282frfyUAhe8W9OUlKgLl2FI
bRZiV9S/F/QgoDkpxo1T2z1rMoAsOQ95Oy/9XtNw7ywsbLJVIVXNv0KCK+S79eIY
XxCvDW1ZSOLAxZKdstP9ZZiAqkC5bANpMFZlEUPxBSJCBEb1cav4k7NV4fTYNQ4V
Niy8WS/OUMFWZHw5BITRjRx2bwmvaSEKuPPiGtZ4lQV8j/jguZyZp5oH6pkGlC2B
AoixTqj4y9w6DbC5ruYke0o0px/nkH5V6NHGOdDzuyEPtkmYVkqMezNDnx1qynqV
QrPZIvsHT97MYbzj58Y8DbTx/hBr/uJ+ya39MsR+N+vpBV9t3ubM9i9l906akTWg
rBbNwdU0ayL0R4q/TlmDYVmSOc1xDwVe8kLD9vMiNcwobOkzxZK7J2Qcq4cromDf
8vNMzjYu4DmR7WaE9wfzUk3FpixeWJrhJpdNC9cUaZ3I6y7RSNl43mKdZF54x6JX
AnSbwNE6dtuLKa07MutWuq2MbBDQDIgxattEmnRniwOjClKdQYKtJM4MOQVfUTy2
xubs/4wjIS+YOdmH1XGlnXP9N2SmFqE1puBJ/5hdp1BOIFGHUj7KUra7lN/TqtRU
e3NjQlC5VbbYNIxvcSsKqaVBlESsxgEuC8pmJ4N8FBVclWekXo5kn1NevMFJphMO
Fv9gyRo7NDCNRY7oY2yzyhnoZN1FHQr7GxeaeKseOtNc7kM1QMeCdhZ53wPyLJ81
lG4lCHDePQ1RtI/Kg3foHyNG4bvQ3vgPPt9s4T5fX7GStMQxh770i2Njo9OdNidJ
2+eyVuGFwwP4PNeEqEYe8iCGygDbGxh/I02zBPV3UgFpx/eWWx7Fwm9VBu8I3NYT
0OAtTUB0KWDXFZ+02uwKwZ1+Z8FBStB+HLuP5c03Iwo4gDkWWbSP2SoIeDnC0fbF
nAOHb8tHJ8AbeJGcnaE23nsgI+dal62PL623w72uvK6SFvPNS+q93uPxNNKmh7lu
rq0hQiaDtBSgSYRa1oLuA8Cuh2+K+AUKIc5mnC3VRpje/QqISgU6q/3tQ7LE/bip
qJONE7TiWw8hKRhOPgqRuLVDpYk8qaqujTt76rVZwY3Dd0rc5bXljTp7YZpMKeg+
3YStlo2zgFrMc3niyYZsDPoNsZhxUJFLMIynBQO3+HpX1ve8WbyKJ5WqkS5E0Hl8
rHmLEJrQ4PYsu8yFosaRtfDDMfWA+pYSgnHSw9VAxlXS4Fs4uSPbprbuSNo+ARpY
PlM97viQDUdxB4co3vcChQYRv+j5fzxE0nd2ceKTj9XJ3RrufrA5KhBB47OOXxVj
HNp5W2ERPEBIRszF3p2J/V1HqRDd26MrORwfpZ4r5Jmv91NxKZyw+mnZqm+Sf0PF
/X9g5MCZtCrPWFH1AiRB8S2XUvbQMjh2c4BWPExc1Dw=

B.3.14. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9620 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6114 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1848 bytes
   ├┬╴multipart/alternative 1136 bytes
   │├─╴text/plain 387 bytes
   │└─╴text/html 482 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0

MIIbvAYJKoZIhvcNAQcDoIIbrTCCG6kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADkVMpcJRfEa4tT386C5ia35Oz07sK9g9yn1
vdGRpk9pUDu1dIeio6wLIzCtwl4TtjfxJ3m9sEL0KDMSszkV0AANUZwxl576jpM7
qEl/7d2D+WXVGAI56Oe6ihINfrnPUJmk6BCj2Vk9918mX2FaDTtCQsVnrK/gDNu6
c8b8uJJbjeqbuDN8cyhATJA2+qSl/Fhoxieu2uiYU2CRjTfGELUOB5ReaksOxw9g
ICfc55w7fuiIpTo7egwLaPaA3m4yUGoQSfoe+FZm4tCpsyIufBR3YXRVmPFMS2Qf
k5G6ZQnLkxynZ3SEy+XjqO4q3HZS+3ylb3ikQlo+7umpZI/eQ3kwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAafaf6lhcWl9exMGYiSEijqEQ
wFqMkjInWObOGS4Tng36oAAiGiLJ3JBV4QEgcjr/FhJ6A1HeN/LFxBMhYBXiMrqm
d3HVnDtlWSNOcEoyECUeaAPQxVKbvXCPGgsts59nCtEZwE2Ct58RLkd43lBAEt03
TPqKfzo7u0wADP1KHfxSpzJwmpj6HP2pKNaVZNKN9w4ZTMHCwDRwR+3WXb+kwlp0
7ChjrmpLPuWRhRE1ljniRdx1tM8R6OlmbB/6rjtpRXbKZH6jTYBRmOnzHJg9wsMo
WfGn/uYtvIegq4e2v/H5peA14Fp79u8ndV7c7xyPsGDbVjNARvy5hfYQF/m72jCC
GI4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBxcSQvgHyVtT5BnVpnby6uAghhg
I79rjVcQLwsmWeOaVCPz8zezMot4x7NhxWfX0RKueazhiW880A8ASrDW+77sbq83
HMur9uth951A3ICkuqZfb/Pj4GTxR2TNYDqiv5R79Wc0yf4gG2Gb/Kq7CE97/6pE
/9U65LLuMDXIdL1Z73rlxjjtN7LVJ8HN8PuUgtT8gIEnw09IIp7aSh0T/xaV4F0L
Bahsnd4oRINgxXYE0gJB/vO0rDpL5UxLwCoS4odsalPUY4M/03+IqoIuaJv8nakO
qrzULjcy7XFNxQCvVP8UDntvjoTZ7+RB4sLmRNd5qIp9R56dXjUMY8zizE9qR0LI
B4f4fp5IcCxU78UO+JRu7IPJYbD+0Xctx2pEOYwdl79cK3AErM2wSOf9xuQt//s2
CquqezZyeFs/i+WVqCjuSBJU0pnRS1gZvz3B6ulBPK/qehAGFpR5LHbulfjWelny
0svqhMcozSvTBm7xf9sIlSF0Xdl3G7cdHXHsyYc8v4huclggFvcd/5vXO+QCetkh
H9vThqYQFd8tno4miPI1P7KvtypnLUeREpFt2pkuvy4pZl+Z2J6cZI3DaoKvjI/M
4Nhh5SiqtwrM4ZTweTwCojjvdr4iEWRLQ3KscA3X41AKm2XqoNNASzhLw45bj3t5
nJiAVobe4EiCefuqp0gq61Pz5WyePO2u/uG3mZKCsouebdQEl4xhRub/aHaq70nK
cXLnAV8knPXcA38r7h3lAGgCc2ZB1CQiXs6ewaNz8oJPr+P5dd6TALhtev9Z8pz5
YeNWY95AmMMNAvsFWAq4SGALAp2hH3w2yJTu6F04Caacxouy9bB9MAanJfxS+i1/
gkU4dn/3Em+wM0tEPznYckcrsFi+bQMyE6/DWiya1ykCTr7IlTQGep71wsDaX5Qb
mfnhBDo7vOzGkqvchMMAxgD6HKBPojdvnMCmFMVAv33jErGGGkLxV61QntInFt6P
K9aGiS9EbU0v2spQQJZ8gXJRBwAP7E0c40EoDkSVnx2XBZD9CatzPnbgf7lgWdFS
tCka7NXluuRUV/R1GWA2AArMHWpAECzTdVfkQ9nSNqkeyZbcPazgr7WUKXM6SNEb
KgchxJTCfQ6dJC/+dD9MCJH8FNN7j4lCgJ/Uaf8FeSHnvGnAhPogjqrENYjJM/gh
czK0XK2x3hzgq1f7If5CUqD41C0yzHAlfHolKZQprZHJXw9+QhjHzcJ+uKovp+3x
mu5iWxhHpwF54Eo0OD97Z81UDdSeypk8OwazoIKgFXm99jeBgv9TDhXQYwUIfAF5
Qnpp/CR1d6mfyv6wAAw//K+/fwz0PwK4RuXSg0upbodg9dM9O+dFOAidpd5Ruu/t
pGnP94ytVLIouSKq8rM/ZP0Gl51fLB56Ps7JjadBOFPz6nepHkMDwEZu5U8tqOq/
akx6ZakjqkTIVkhHC/HSypAC9d13AYm8XV/uAjOCpGiAZpLh9/lNqpVSadeQ/Zjl
8ZDJg6usgfxm9DPTvpxQ8+KuQMNY8vWJRrn6HCnoTh6eE44Om0ot94prlFOLLUuT
BANmXOYxSHPJ7IAduMUUVh6h2JMIhiVkfP+mZj/4Sy9iBc/8DS0SgpVlc1etv7F3
fGkzsDrMrdMT3YwxpF5dX9k8rIabWYOl03YVHdfPUNK6r9sd1asvGqXVenMBANuv
ZhHPs8NtYgdbRfOAfrtaEsE6SNubEUI1ndJiDZE6hOdfIbOQ92++95XmEneODZOl
6kXy1HeheBzeOCe1w6TXxhkTaSBPcr9GRBeXoTThiLev4jZG4LDjRU39hZiGKJQB
5hJBnL5DBfEy8uR9xNcHHZpcBSnWg7FWfSNOlywaCFmOKXrJp4oZjvVn3hdzWRP+
H50Wi7BNh83CSxqGEGuw3gnSrZtzcpnt3/pbNJOvBfIl4RE39eVZuDT3d3n/1Qho
ae2X6PhEG0MMgSObXZzL7cYsQ0itfsLJUDLaoJXT7tTHhhyaxNUY6Aqk8R0d6FC+
07T6EL5cZQ5pg9ERt24WLufIQrUGah/nE6+ebdjlGmc2DF+NM/+VGcLJ+3CSzu0e
fCxi3lBhvGr6/62CFjPk5XMR3xRrnVlxgj/7A42/tFpOFiOQ7OI2Kp7xl4y1cdoP
LmLP/6PgY498fadbyWqDEWnICOM60W5B+T12/p9d0U0MZOafSmSKLO+5TSzjT7Jc
xptzejYn0T0t1/dwsYCsmvu8NRCsEAU7B02ZrTbzau98CrSOEQP51LJ0ploRv14w
qXA5Qwm9prF9NS0u5pVN03iEqFGBYv2t/z1hWC8H2gJaV/0hqY6RcIsGWS9C6LHE
qhX2OmpHao31ElBit6XdWq7iDtpjwtQPJv6USeFbCxuqk9xSGe6cBHeS1MQh3xBH
0z75ey41DSTO+B4IwWjzHQM+JS9/edI2wq/yezQGpF0U+mULZk9OOWTUXpacnx66
DbOyeglPiA8tYZPR47nHoNFEW4nGeF6gjHpWjse/a0c6Jx1ALd60QN6cpKrJfb+8
y/Lkn1V4xgFHcsG1C3GNyMDTvA7A3CDCdCALCdXD5vlOFHwLJIemygKspPIBZIP7
v2mXqheE4arG06MTu5sCAPYB8L220WjdpGy9Q5c9lay52DvH65JnnfsrtopkKSfU
RuVo2eNrGKKSseL3wFUS/xjmSvYJDWDVScT/KNtRWi8FDuLw+lCq/eOC/CaQ95a/
X6rKyGuE1mUYLe1fiFJ86zZKhQ19+LOMjituykizW68szy+5axC62aBP/Q6Dv+Vm
2NlOVssZubRNnFvzq+Sx2Mr2GdnLC3wb/zFnYe3Ctm4WSJ72khpBfH66s6gzPZC9
RXJdghEHdV8HiQ1YR1YrLlQfwON28p7PpMcOIJ7cemv1V93L1/ysxppMA3CZIm4Q
ROUIAG7s5pl/j1G3D6wHmkibNs3uUS4S5TuZT52assAMpQPJMl2tF+ubwEtRqhiA
6s2u4jNOqEWyzCDNitKGzjtw8ifBVm0PDHRGtI9WFemCWtlppNto4RlKf8NjOfPf
lupXyISaAFEGggwbxx/o2WraNc9pOq7COjZZFAGw2DPA6eyC3yKcLT3GuiNGuDlp
DrzlrEfo2thkAyqsyG5lMNkzooihi7InouvIgUCmshAEr1qrjwGeBrcsdVNKur0E
kEQFLtI3PycbnBxC4q6V3VjyNHL5oscmbqxoFVaMIbK3ApXNzuWwl6hsMI1tHeTu
zWAMuMnGlKbgL09iHUaTvUhzMaaKlR/dZWG1J420tB3L9aEud6lU4IhdEz1EjC1d
7VEti422OQzeYU16Tg5WiHU/MxmsqOQsB09A0kHbZ99nGeGsUNU5k9xfF2oVlfsD
kKnNrdNq6xD+Bp3iFxjLxMsr6HzXNaAQTRjTB8EaqCAp4BgkT9j9xMsUIY185eFu
SI7Jgze8WAGAHQ9WSY2QxVbjO5I0Slz8ZNy2Fv7JeDkCsePALuKCdDXNlPHRoxsa
bcpXn1oiJAb+PM0V4AGYoR3jy9+NznK1KeHYGi8lFA4I8uI7ukS9VBm89BHNGYI0
ajV82mXIessCtaSClGjy5vWNIFrYyHKWNdxd/vQgwV09EAfbhD5Q3X1SiwvCvdvl
hQRWAF9E3GMXAg7q93r23Q/cIQpkaDHzOK+p637fnaEawuSDU5pTANgz5NdNSAPe
Df8unnMf1L7cwlO0ED9WO5JHa1TZBMZejB0G2+074YE2HzZm5omS6fomxsQ5Ldoe
jaCAMDTFXy9SaM1H/0R45750cyD+2xrJAWtgzam7JUiSeeWdpXdnTgkt7nrrpE9T
eHHbf3v79yWBnq6ov2N2bUii8uoyZmGrnT8pRC6/0814qwZWm3GxsB4WBv/0EmTr
20ARsnc9A/ve9EO4TcsMLzBBPV8P8PouFoqK6O01+QATE8cBY3GekqAXAir7r1Nv
Vlnz8UKFQt+KoDyZakAyxk6/haJajS9vKnRfJFNs12w9Yp1lbQsQXwaLwu6y2EQP
V1ph2IN6BH1+v52YtLQ6ntEIcX7wBEwlcJCcQAMILW9OSuwIrIYXSkDaQ3Sw+YDz
oNRiHneHKaW7HevSOZY+Kk/A6XozbAXxeuJv/LeCWALBXbz7r1kd9p/0t7M69bJR
ysTKvNcnBEbHgMK7eggzqd8saboT++vWnO0Ye5VV2Jcg2FOm4x1rgscniJZnxUUR
92619lqtfVNV/rjcDymU5mKGT1+lAU+LqS5/oT8adjEbAYyN1v92qSJPLQXeOBmJ
McheNylR6WsAXo8oF8VJ8l8fwM3NptO439pKY9dXfVo0jH2FQXfCTyvlYZL4OhEF
Y8Do9OPbiBaKtUllqH2hEUrogERXS7DLUloS0yA6jD78eDD8fGs0KYomHiaLws7L
m6laUjiU3RglTQ44hZFhqlfM1zUgCXc94u0wXuRdpik2abxTmCqcWnzPZJFGK6Vk
oF1vZLfve2b9fdG4EB7uuQ+Q9IVJrTui1bH5d9klS0A4fQ94Qo5Rcy2k9+xKU+Tn
s7KUduEGalVl0BtzfCMpd1XbHLat2lnAlsspZwYY0UCfc5f6HNclyA0C+8fCCbnD
f+tRvZ0KxpgGr2t6z6b+3dZNZUNNBQiEW9UIP+TOQEgdzR1YL9gg3BowpQlV+Koy
dGFRKXcKDlyBPevC6jkf+GjE+ocDBtq12gCNlQlfE5mXQMtFi4uce0KThx98kx/L
ZJEWOZvOoWSk7J+BhiWtbGt9yzeZJ6s29i+f8mtzyycmc85wJuzoPIv9dXmIyyXO
NnnCNc2J3G6PydP/xNP4z5gcdVYwi96JC42Cc0uwRdZl8D5ONOLpZdLuEV4Y9vZu
86jLXnWdF5pIf2JqB8rDjrUtu61jptnqFWmcXOQonYmcjzyb+UUfo/cgAalZvK7W
4KzJ+NOdwZVLnYqlWA6XkQFmxKjVIm5TTYE905ylznpKfz6oeXRltKsxrzCJns3r
WysdeDewoUczT3UbZ5X0S7AKtUI3By8+CHHzKWlU0ZWGk9+wZeJT4cJIDaRM6eUO
v2YHnDxXyR8o5VhGlE/UxR9oC4iPrZYleAG7amMapIIKmb26ZOJYcyKuwjNg1Wlt
mTzz0VI3tjsHXgPWHEMiZyI59esnDD1XucN86YfpT6W4PMHz3+LzTutcxMpx2Yhd
OfMmDFITE7bkJ+6oQrLOa+BjScN6jRUQsxUegyrj0OYW2ze1o+gXAceznJzUX2hv
V8C228zzHZUSNv6h+dRXdaztAu2QTtqPHFQawCqB3UX1u67Ulnlvxb7/JVshl2aS
hkioncKVxXhHKSps9i9uZOGgzRwmCo3ih8WDkSDUeD8e4m8Sj9aCYvPEyNld442n
HldVFGAnskP/hBeRYG56JJTN/W4Bzsy8b2K92ylQdZm1NVzwCBSp2r2k5eYGdPmO
cOlwT5xUKkubKqQmpdAzBCeAJBhOUY9QuCtyP1CjZ6WVaFG/QVvaXbByiI/2OvIP
Z5T0+lt8QB2kE05KXSYnWkxcyaelYHTkSdsTICUnmDgT6IyjGFuDfSguDtN0p6H9
1yCPKLElSNcL3z63fDngAivYZE0LyicVlnAGuKMzV5THg72IXU7V4N0WOff+dNDY
3jHsYCNYwYXW700r8golnfgZgBzzoEeUWGMhFHyubXoaJOBcZhRG3CPggPnUY8ij
20UXJYo2X2r7+pRRx6H7V1taYZA9os6VKoyM0i2V1cIYsOu1neXd3H+ejP1dzJYr
1blx2Cd2Fw4NmCUimekWxSFyhu5GPHcvqU00kA25Djktmsq9MKxZdtZ8WvNYnC4U
sh5m8JjYPQqvELzvt+E1szengbK5sQUam7Iln1zT7/3cYTB8sAJkuLcAy9u/Y9+M
y3xqq0VhH+4/joj2w4Vm1YB8FT8Hm9Mq62hYz4XHhQOS/D5r6dvnDUqSZOVxMNV+
pHPQhUrUFQ4fAFWzN9I06Pen2IfWDJKI9+ftVP/CwQxXFvG3lzJdua1Kbo2IvujN
Nn05Gc01PHgQFIMBy5pVTUwq1y1r+RTBRnv22/paj3ih1r7iBpSKAqtlBEssB9HL
E3Nwkd2P/zM8vccDdoxjsL6Ss/sjwe5yU21CncXDcvRd/hpN6OTXSWsw6VnlN5fh
wE7NVmwQ+FQ2Hw0ro33zRiYsY/ZgIaslOedR/ybDho0BOcx5l7OIyEdowQpFaJKs
W3NYVvaMtJZI7AANOHg7gxKx/TstLCkyzFsa4l0qnjjzLTVu5wyWQywERtjv5U/m
1CCXzV/q3pBARgEnMhmwdRb4Xfp6Ik/LFzRddG/t5z8iMKgrVKa8EJeiOqo6iGiy
b6NJAvzaOb7SprYv0m0fow3nsWSCA3m0Vr4mEyCkQVeKZq/CEmWKD+XKV702YxiC
W1vyaQITXt+s8Pi3GqoPTfTg3TE4KoGUQymE1cgBZqEJslMFXWzldvspyS4hpO0r
LOwq/o4RkYhXHMfib1sAC39Dxxct0KHEJ6cFxaWf7ABIVwMk1EuKtm/QIlGh351q
N064Qn4kwMhr5/glYjIFKIJLU1MMKWg/bkqLx0L2eIUpD+UFzSC2EjvpimPTAhNx
RsZk4aWNscJI1lBgaeJpZ15ZojjBQ146+QGcri2isW6BkiJ/d0L4MbQT3q5Ejedx
I8+xt3C6U4OIcf6gQD0Zr3AgOQGTIa42iuYhAK6I3ieJan051yv3PjfX9nxxdsos
EUvn8b8jG5liQpwbJEbh1UhbXFppv8BXDC3Dphm9NIR/v4456Q7KwZ/IDD/zUI74
K6JUXolN4YuzDrXMZnMR6oHywLqvHmvXQd3F1KRpr8A9ofuQdO5J1+YLhNtrzquj
1wuU3soH+zNeM1dLjOpGust8sdezM+6maqI/ILZ+5GA43RGU61td7yyGpfbG49Ml
SGBPSyMn6MhKyngbNMJp759xxTl9HeJ/pFg1BAvvQoCDJMEbl7V10LZIgD0Db/7I
qUF/hkPg2siW/VctB0mgFZWLLOeh0s2zmzuZAFeTUmtvtulaO/R8YcujUEyw7nR/
8SmT4nxvd1j2n4dLW48ukpkahCkULWVR248qmZr+1DWYPuz4P7OJsOSk2dois0sr
ZH/EgSGHRtyHbv7NxchaEWITkKuH+koQMYCE8g7WoW/kcsrqRuuV50PYqKllmtZ8
5n7duXNnnO8hLhahIcA9rXYchQ1P1dIZCx3oI3VvRh94CQeyTjFzzlBCZOyESzWt
/ajcNHM7gRo2oYUyGymikspuvvKozoAiRPS4rTK88un3ojvlI8+JLZyiNHaNuOGz
uP5h/BuuwOcKY3eLCgtTsapMqAMvybQB4hZqxywoEwKvZUwCA/HJkoxuwSeuM2uH
PmmxufmqWHndNg3BSCpN0xjc1f5/ZGQZGREjYTKwY5QsyeHItmHr3rCGM+Qbdm3H
4YoGwPh6sa/TVIkX1a4zlElVzDVlqN3+ecy34zJeZLfgn4f6cYJ1Qz8ga+WfTt67
QIq84sNMaKCaCnUldP2xVFDLwxzqMhHXrYEOrLGt3tGFRbxGJH7ecz02vHp8CWdq
VhPyB05RPFgch57GAsu1IVNwhKUYlgvFb/9aECYgONcxqNcvOCKGSVgyRDWGV0Sh
wPyluTaz+0QxSQGaYvU3THYzzQ852q09DbDhH8xR7QsDTpTbRr2Rk5CSNHw/gNsh
OqgdYL44V+ryJA52q/zBESoP1oyZX3Yy9c8PbI0n49sm8Y0KWbHoBhsywREdtTsH
0hKK5j1XjgaZY/pTen2D34xSh8guGQIseDi4DMAkRMAhMCQCD8sbZKk3ZBujCB8J
JQioHhcIk7wHbcBrtL/P+MZkp3StzSncn/zr+2gd9H+Gs1dS/gun5ZpspGcCk3xT
tG7VqZxKyehEXeElCXgbNtwGKnsKOAgZ84MMNukFt3EIs1x9JR8358lB6tpYeY/j
7zYSdwnUlxvtt/ETW682XYqVRBHS86vKunHAnlEZvleRLd8Nd9WM+5LmRM1o77N9
x8n/1qvmJpzVu8g9sQzy/31rWtN+f35p6ISDRs+KHOX9EYvpqrh/dwVacsd/XBIJ
T/La84y5fr9p6pNODlgBr0s9c3Vkw6isbZXNdYrSwYOAcRmzXJ/51Mxt4P8r4RQC
HVaPR/tewyb8GF46BQ/gllVnc8eQK6GH2yw3FZba4hKJ6HdGEytfvMUSdoSF2Do9
XUYR9Fq5BEThAGYx1RFfVR9K+BdqLJpD3Fx1UzZ3fFrmyjE5+vxe86HOo4x6j3WI
A4ljep6yAgRzIFJ7f//L2+5/7drzD8jhjnwH2CKQZiSoSqTMAVqNA81BSdR1o8X8
Vf0P11sV1zr7VwyLFJ4K/QB1nLAOnj2wcgGASli00ns7w5IJJV4HbZx/cyDwyekA

B.3.15. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10205 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6548 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2157 bytes
   ├┬╴multipart/alternative 1431 bytes
   │├─╴text/plain 485 bytes
   │└─╴text/html 637 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0

MIIdbAYJKoZIhvcNAQcDoIIdXTCCHVkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAF3P8K//f2QuFu3CB1QYWA1UVOKdVUefYICd
TG2PVFlsq76rPSChX/WA765rYh7rlp7cpKSvcuGYkLHxA28CXiR8i77ZCcoxFVVR
vOqPGTZZ9eoNvpYa0qOai6KVhkRbGTwyXC6mi18N+Sy6tLCtR96jSLi8k4EDtKJs
v4cCrA4QRDEpNFyzftj48yfjhKCBZSjnlPSeq6p5RWl32SFKGe81k72ez4VV/pzK
idOG9ltviQ1ffeRFlI71VpEQov3fKCkkxCo/h1DilcFAo88o7TMc6U8DwiaMr8x4
rQXB5S8uBJBLNuhrdFiNIftRM2OJp3ij5DM3YRBoUvnDaKfiEMQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAGuRE7UAzm9ElVleX0vu8IXiY
vh/9cLBb2MVdmWGKIwHthSLxiZA5X64VxdGjFMlZzPanUhhexMLTZaP3ADx57dat
SnmSfpT9XXbpkokCPBL+NBpA8e9vtWAOS7yIgfpwdJyBbfcYi0CHGqs1q/ctRsVF
UyksjPX0dvJjqSM7Tnqd7F3FIToSdoe1ZtprDHh/opM/acJl++qovSgJyL8AZak7
mSU28HbTnBZD5iXxCppi0LH2wK6KfwPqSV3AG8wTpdlqF8vlIvjF2Sur9Jx+hwKZ
1kNPDKOH8G+PgnIA8O0gH2VDW4Husj64hxShEWzAXUFqNqHPwxFbf0h5Lu0S3DCC
Gj4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEI0ER8I07SembW0J+kNg4yqAghoQ
QCNckOUPTLID4uHVLA4bv4N9/bwWoKN68FQvcoXFHbicA+KkrxCMHO+nIrFVSNnC
FtVXb5N90rVy82ACdT1MWQzC/npd1fKQB41F8f5owkRSGl01CZvxE/LqDhFNfLrV
xHdPWi6djHNRKK96S8HDwhR0FtCrCt6kSP62AO/U4x/FUAcQxxc/ad0OwHACucFe
IDeoHb8ne3fF3cyuh4Q1K5MdW9g9xp4Qw4nA6WUYYFY9V78X8jYvxwC15XRKiWaH
rdeQCMdY78V56IvSXto85uCJDMgsvTs+xRyyQZpzm9dt6LWRMm4XNmkt8deoXn8g
K8G5QenEWFqj3uPVN7MSVYwA8WCx/qgCDtjeNZkM70EGhX6SXm8JRhmj3QHS0wth
rc6Tpc6mGZ8ZWBGXOVlGpL4JPB7jgewWM1qEnZOjofwyOLAQxhnqpPOEmTvfNSrm
/yeDFBz9qPX4Q/Z9OUnPYybiVYoly8Flam5bJqnejR9XFUjv95E0rFkwzMv+ceLy
WaicDNCPbXI71Kqj2KdT1NefcSSRLmtEYqn14aKeI0MWA0HHfCkmf8SMkLGY2Cq1
DdH4sf02yoiXpCa3iE1BaoPavMrkVzudyrzRXqIRIDci8ND4knhVdayLUfvyZ2yB
aNomiQ9AMtya2CCGh3GJfTwz2U1IzEaZ0n7ZczW+2pWBCMatvgQfbtCDEhmXlQGN
V2UGz26tMwf775yNhAoldYesgZZp+tnGlmlMnwGgbWIxyqM+FPO+Bmj7/g8/vKC+
zvuyYW9rwbU+VIMDQ+X6w1o6bzOYv/znSdKKl5UI8nSmfkbechyN1BN9o+kX3uJR
Mw6gCShn+ouiA7PK7iy7PCaEAAPS8cRsT8XbYZoo83KcHZM2zaYZ5gGOPOnu1cOX
GSmg27A1zRDjJcP0aEJ/StIwomT864lGe39dprTUlIj6L0pWWEa3x8M75HWMmA92
phMd2f7X+eht71Ix+ne/tc+0BGdKcWRRWJDMIrfpX9WeJZaZZmJhNzT+geR176CQ
OPmmtsFaNt0toVbWDTquzcHJqRNFwRmwL9jOxz1USPPtKAXIvtqgYXdFshLDpx5O
V3ETsmomoE1r0McwwHHB1rc3sVvNoP5cqjNdmtYu/2iX8lc7BjFPfUQmwfMdhKb1
mYMEyzrWT+ABCCSzf9iNjkx59oKSuVDi3oFHOFgu5F723QCw94nHfWjlfhsx05tR
zaZpfuBwc+a2z1Pd9FCsu6KTLwdiUVR0AeFsgMl14+1AVVIeAsZt8p2el/f++W+7
T+OxYTpeN3/2sUr6tzJANWw+1dAmMmiPqlE+2XiSJ1HFqIyeHUSKJVRhjxkbZIxo
e9tW6wU0pb5abx1A1E7rYiL4HlN9DoJStLEgRADxYBCf76QQAlOjR9JLmOFI4w1t
alUkC3MRpJeFfHl2jdFeeHoABM6NaLhOzS7+MtokP+zQsFcLea5FmCmsSNdJVu8v
esS4A1p2szK6fuwXOhsPRdOAuia1U0mc5zRolxW+VD7vB0JN+VxR7puh2b8/5qEd
XJgEedzO8cDKRer7hSoLxDUsdJq7Ruidwvtsz8lpXeVF8ferw+weDNrM1diDSv3J
kk7XOqvLwz5Ud5W5D1ffo2cl68LbejB6ZgUzV7QqCKIzEHfgOz7AmZ4rkw3L2qaN
7EmE6JC+JGsqQsAB+QQgmwmM/atuaDcUXnzKrRWHmNL1XJe8Cdpd3tmquKqp066C
qEriBqD1qKbtSZmYA80YRrjfFRKk5hXuPimek9XJaXn3tOa6WwDniXvS+nE4+qyf
by1qy3ALwm2NVMFkVAU7qFTLgK53sppEEmDMyR6bMoDX7zk9vR1Gipb4JrOtkuAT
yZdVIgkW67kLHQtdyLSaGujNjA07tAMw8UTMzNWlxlT7KYHDrqoMMm6hvXKPhh1g
PaHGTRFxDebmW7hQ7nmcLHs9ca4cjBgAfeNCZrNhm2BZ1D46gO6lNf56npjATYEL
saJmeJBAXtrvgqC78CfngLG5SEAcZnKuUYHnpOB0mCUdqL4KHB15LmUg6jBRIUuQ
4aZQHx5gJDCwhvcQCI9uAxtnhwxcwJ/KUwGntfBeyh71UAbLpNqjF9oJ2UQfAEol
j/qr9QQ56NJT4Re9obu9XWzR/l20chZp1Yy8W0cP1MZRQU1zq/Fp7eDuYv6qy6jo
1yZfWLLe/8u+zaL61XbgksEvDrR21Belq1vhJApw/LC7Ju5Qucsc5HTEtND+k5TW
XUlQ4QI9Vf3/jRsoCuW2jpqgA1krLDAtxzHV4MkyDm9hqWHeFSSqLGguud0MxFel
j6q/ubZsIxt8Ce3NuAQcQMZdkUM+0e/4KEHFJPPUnfh6JbdX5wWJieOPRWt+lceR
CaIpvQKaCPKPiGMWEyI5xHcHJDJJDy3WVmSCTtm+gka/CpwZcI8+szy9JRuUnjyg
LviXjnEQm/4l3QFgW5eV3oa7aUjjSEuh5+DvYWfB86ECneJhQCXG7c4ke+aIE4ub
dx9dyOez2MjaY0eJmjy+xfNHYSfQfmDlMdarcPJv5oBdM2NFiDPAVBgRQte8tSmz
rmjWb06jRzhn7LEMGjRZ7UGjgsIL+/+MO8KckFs32yjzEfz0QUXyhaxn0BVT/4QU
lfQs3C3Perbudo5GXbhXIDIwkIoWLwbUyZee3O/Q0oNBpYsax7AAk/IuKNbdt5kz
LssTIxrLDnpFirt5pPDBFbaQTJrslrPLTiIZIMwwJIOryGbP+P0N9g9XoQal0qPh
Ub/O2CsSfragMboYltbhGMmSvPgnlC71dVztlpMJ9LZdoHHgdtH64WqBO30dSljg
rb0kUNNAz0Sj72N2w5PM7RQ2wzbwNirC0eBrul2CmT4cPTGzQdeA3ygoAWvHYJ0U
MYERTPUBHccQjOqicPZIPz2FEtw5+40jxzuJgyJOqRnt/teJH/MFCkDLIDC2iOGa
JTljsSqTQMOjJBNb+3vAF607LVoRAFapgMjjbJNHRvfNzMk2+PAbQQemEe8zOVQM
Ab3iyFIdJxQl1UiDrfh5/4myWu01BaFPZLCyJET64QX0lXfSUaeYisf7ebvvcCbp
4ChqhxZcomqfs6gKhZNevlv//8YDEwWvHwRaV7vxuGFhZycUsnXUS3JazFw1hUgb
3H3lKL3QGyWPkK3ogmMD2HfKLvFblPdNBMu++jeAef5n0Gvau0oWOHn9vhhZ++mq
ZGbkhfD5HyxOzglF8/MrEQmFrs/ISemFKtSN07qeifzpxqAu5blrV3rdx+4aDK2J
JaKBX/GSu2y6XkrZ8vHZ2leXDaBZzQ1K2cjZuzqWwNJhAg9n+xpOIR1GkLpgm+XJ
hbHWef7y+g93cpVAEmMY9dmffRWFMDZdfNUgCuaV20JhWnqdRB4fPlbPobneyqLA
zFt8R9DjsY0Xy1KXnY07X6yDnjurVLTd7h8dYMv7XM4JGHMRqOwMJvz9ou0KfE+m
VbDkzN49wyy6lbuhVFhBsibXtKwladl9hapfGbDKm5/XG5FctRbfzTPIZ7vfbrxP
JOKjfeTuvcX9igkNJdp0UbJWxdTCUw1or53jlGHZN6rQbjF7GlFkXiXGVgI3T9VC
P48zTCqoHKmWkStKjtqFqO5vVFjOxmxLaLoDlwFtme3apTbbs0jedNav1tXjQNgw
Xms+N9DnpcMsXaYLVB1J/8aVIFmAemuXcShVeu8cBynkRj9oM4q8Cf3nK498K7B/
WKv8qfCmzUUN0LVQWE3n9XV52lMhYDRpUox0D3RCC9WedWXT5IQgJliBR9B17taK
pSRyEq+XzVqgIn8KkTSXinxMbXWyRCncYB8mUdHaEiULkw3QaxyQvODJyF+V4CWE
v+T0EeqkT4QkVzH3AKdURw97F6FodhmJht6qT/F/WnoIvPSTq7OJQ/uzEs0aL0UP
L4oy5jHYpYgKnQZp3fI7DQSbCf+Nw1Z2+Cn8mXf2iA5Ps31CVPObfPLQ1LG1Zc7o
6BkGub3bqmNp18/sgGHB/pEQT2gjT1TllJGGH5CoGE6+x6xqHssugo1pH4+NreWd
O8EBjGAOEDy4vjGAcZAiIYgIJBzIeffDw61+R4Kl4Ljfehkmx6ANtXabGYI6NBs9
zOCIKNe611oHKZT5FuQiBCivdDyD6bLeoKtzHcfkBuTI2ZL9FtzolODBzv6FjMP3
VlNJRtZ4UnsT/nvJaeqZVofqAvVBL2CRIWo3IjfKskRothbvUNlZmLQ+RtWeA35G
xjX54VlBAZxZcudbJ2kDUsAieSIrPWAPeywbvbWDvAme00PJXFUsTZ/S/aQXmg20
EBpACCUrGwYiybW3Q75cuTTwU0HTG9mQJsX+zDmNAafP120lzB+kvv+G9ieDWrie
PGux3Fg6G5X4VXtUrEn6Hee4cDLBVbuVNX8vWO3cjvauzQZHq57wD7ixxcFyXk4f
pPevmSEX+3aQDhEabRe5lNBzhH9DdzxG+Cfcyj1/02xDgVZIlqventjBkkA6Qfp1
Rxz4FHzqNMlbWM/P+CKHf5e/tojrhoIPsne4rVGFWPYMXigF9M29Pllut0KK4qDV
RuJJB9ruG3Rs6sqN4x/m8WJxvGjsObwvvrbQh9yusV00pV6d7BswCBv50wnwrHWB
Ka8s+Bo9Ax8uTsPKBM1Cxu5BMKjWtC+3yRxU0zSjFu0vpae4FvqHqHqAwKJTqkmY
KBXnDbB72DTTLivTYYqgTrsx38AOpi2MwZJGdn4AEiaufo577rehC10lcCWUEmHN
X/12qsTLo2Ym9oQySoSW313ZKFZdFrIbmPd4QcL2ecedk+ZjsEGyJ0yNJv5NDPI7
yASEOLCqzTmiei33MpN2B2N2V1bhx7+B0Dfi2gdguoGACqwqnIFRBrUK1cKPPAE5
zfIDDXp66XmUMvCwKEbCJPzND+6x8ypvKqyqbu5scS9xP6daSNY1QoDKSgLKIgm+
l424sl93XfOfotYJtZbpZANRfu/aUjV04Ptej3NosmScgp+mEoZbMC8HlUKUJE1Z
g3LNZPYisTWNhHPtqjldPPr+4p1eX0+YBaAjfizeh3aLcOr8lgzKsfrxGVYs/oj8
JrY2oN3C6sHrdKJnL57AFzE0vF56/A45znvbfqSUQPI9ylahE706ABHpHqk5/zxF
2brwm2BWDD06T205PghrDKwGwVqmfI3ckcd4UNMT8Gqwd/sw3Uf4W3nPFLK7yD/Y
j8uT3TrjI5yY2KvIj6m23hTCa35r7PEB7WcTOgsmFjTvWPOysOK0d5az3wbsV8DU
xbKzsGPSOCWy+ykdW8eN5LtE6GBFitU1rbw2DIYQk5dKtdUoohaM/x6BmXIGvmp+
pTTLLVJHEYwuZTEEgzDBYPB4WVx2ziXGrfQiuBq71tBp587VNDpMkqpyoBUSCugj
Cfe58nW5DBGA8Q5sjAKHtcGIO5AkHC8LDQDdvWDTMqw5+d6WbAsTRESsL8XRHxIO
pDDcs0006LNcRIJo9zdEsADDZomRxsb4xRcSETKevgAhtPPD0s8qEl2I+V9o9dcu
oFDBeALHR4KWaZ9xQDbhTw3w8QSwZbzbYOrPB22eudzmLxrOCCim9mYM4vp9Gan0
/bvTWcHJt8AkyqR5y08VjOjHH9UGJIaCG++2/H8ij+ya5UVY8+Gfewt6TLIk+3Hy
y8HSNIBn+4G9DydfmUSd/j8x+L81YkRQlZ5S3/peWTOhJOXV8StXSXcQb7umRy87
45hrrDffcSZ6QeMHnVRv6ifh8ImIC5hCxMG9dfz4sMZR5tJRv+LDcL45OLZ5H+p4
TNxGHpDpkdDzrTMHb2r9oYMPjHvZygHlfWcpAtkDDy0fUCxvJZAKoVhKyW4IM3fp
FrlxJ/614a4M46CIgDMH12FoZj/wUw2VKDf3okpusY7y/R93akMEm1BIDCXgGmUg
dy2OQI2FGjeongJUo8Cn8XGfMD4eWShqBUDc0zEiZT40Nx8Ao+qbwfGgwegBpx1u
xSWIM4eQ+YimqLpmMqN1qwk9cME3pKAHZnVBUwJ+8YxJZVz/R1CUmcjbJ6WKDk3e
vbl2FQbV3Kas5vierHSTaNdFaRxZCwfCkFfhjShAHdbHYd3ftwdw4TG0Vo1j4bCJ
DyVn4v+/aZ0O6cgRwsmIvbjHQzYKItzegcn/6mNGuz5i8doi//cwhm6ylr8oxebT
d4CPHfNwL+rbtjV7nh3Px+8PZEcYOXOs+uvpdtGMSiao065lTFb5F5QBbtH6xODg
HvjZ60bVzK3C9ZTIkuE/JNQRQjHhhMikeXuv2k/QPysAo8TQvox5Pcg1DXSMn2Lh
MVj973B3mm/TXbBbagKFeQjcq/4nKiy3lDzGwR3rkVMEJzXcS7rgYkopzccH8XuW
l7dSymO24h2J/7mFotR3SlhGn5jrDWLT9oCyh9caExf58KBKm4lmsmSyTKj70U0d
5gQRSWxDezz7AvWNJo9OZWjaEpBQdcjte3KZXlZxxv9scEsI4jDCQY3D++77vGon
8BcwQbQlLyzJnA7kSBW+QSo5DwceOU1DQqSa9/Kp0HANjy3mZxMp1Bg/+0uA+8nS
UCxC7DqQVVa6xFECxaQwVA/fD/Y4NJhmFxvh1iBYC7iA34K4WOE8P++6fglm7gS6
XyYLVL+ExjjgJLn4xRC3556CGSr46XWyYLTEsqZVWan6ThcxTdYeybeUXW4JOUJx
AlDIL3mM5447P5A6gmz9/VUuRkqPRQsdeOAd7YQfWAe89carf7gQTqdsG7CjD+x8
0ivGprQjfXi5cwfC+NOCowZsFC/qdlr4NciDjsgwZNpP7QW9trhol8evo6jsUiv+
+4kC2qdQ/Fm37xMcwtqTE5PEnsNX1302Qbhp6Pkbx7mrXsib4gTqz6Wyid5h07LW
Afwkvju/p1sUV8gIWmRS1UnrmA9PepLt75pO6+u+7LDcYuHAOun/TC3N+AvC0ORE
CtRIiyMFPDw5v5sSeRidVpoRX2AV5/2ZncYnXizGk8FIv8C8dj/Mtd/GnFFIot7x
9zvd3fX7PGdeIzpTPDSl81a1QbuvxUNiY/d+oaO80/HkbzkoA8VaTLlHRxLJveMH
Snfa9GQFzHP1eOBuwPGNrTNHMLiREC4EQuHunyHyaZ7ut1eRwCXqDMYd5i9/Vclu
K8yuMt1kCyfG110zuCfSFQ2COl1eN8K8DKIiVAzIVvQuG3yaVTSwtNX90mP2qRkn
b6O8M+Xz3bOsrajjxa5ZN4eKROuu+1KA2JeC0OBu4r9wHIS6OtoBgyWzkhkHqjkC
2n6c+4YPcMMi2XgFKF6T99hEzRr3rWKTKsAJh/5dSVSQ19dH3Hwcy7C3WygiuupI
qWkHmnpDMBUuuL+YkF+Fxm2wU7mKDB5ee3GTO0MD19qZSpbHvrSk/ATudlAbgYXd
NGmHBF72S8VKdS6PVPnsTpuNbkYAHMat+AmfdezW/FEWV2Q3riL6KA3thnmayFxA
GlCMQ0sm/4u9IL2RCMZF2V9/v5InTRTAYEzo8sSp+5Zu9I6Rb7mwHZTgLmLWOBQd
kjcbxygVSiBLWvyofQ9WkP3iyUVjsB2mF5ABk4SWMeFiIld/aAi1QvbcnrcnjbKw
b5jnYm6b6bKUJUZzoMGR2dzWi082TnFuO3j1Su1+1DxhOB2LgKypeJGPtMD0smZD
jg2ZhpB8HAJCfqhoseln3lYN2roINWEC0kyTDIyHYZmmubd64Upe/wYbJWAAI2gm
kj0B6+HBZatjHCdhFv7oR3+smnFUtfF59LQ4x9eI6DkJ/3r/Iwyd+5XyZKoDJYJp
5jiwD6pQKW+VuYzg4TxoTc3GXIb5s/22yQI30v3sYG3uSQHviYmStGQxp3pVBA0q
+9xkOMpzp7nFrBA6C2obNabDpTofJeF2aItfPPmuiIrjQYpAc5o3542Sl2fQFmbQ
G2LumyaiTdGuH8uqNBtYNnDQFUsWfnyqcDfIoyLairThbgkMcB8PLip2O6TEKwfV
s3O4MG4vLdGYjBsus30axpSYXtS91JfYPgPcEZifkUR7yZw+sfb3JPAjeNelqs2H
llcNEiMQzL50A8cOtzXftKbLU83H1DMhiCYnS49VqxgChYK8EPCnA0UoJ18CAahf
oRmOoK8N+LMEohQV6VcVL58ggwnR5oFGY6ZuBIv8jJcCS9uXiFZnnoCY8bgkxxvK
7d0kASdiN/eFnzJkPfOVHnkVLUI8kSIY0799iw3kl9dYxShfrma18Xcq0r7BKM9n
LChsKG4lP0RLLWKrTNyi7J6cX484j5FswT8MWOAayc5s51MPUkTn5OX+bWyGV2eV
Th8QwyRTgo3DVcoqNWQ4+W12TEgXbiM8w7ZPxWiwfGTrL4vR+4y/H+BqKvJUjT7W
za33W6iRkgh1bd0jhbehmno6yRcpw6Zcu7ndW+FdtlGBoOtiXjmqolBo00po2cdP
3ToOU8fHl/NExBG20S3Rqhl+IEtVq1Xrw5hVIF7FTF78CXeGpvjue4BAKoiR87Yo
mHnesyBocxOaTxGgiEucDWJtMnJ1L9oh/Ob/UAPQVQngkWSK9HgP+cGiJDkt7e2I
Ktd/Se7OjZa5Tj0Ry5+9akSpa0HWnn24GtauqUmgnotP3QFxrO2FR1KiG6LbsfGH
8NrUGUVymMDePLAGDb4duclasNJGJ2uSzS3GA5EKHqMdIV+VBjl8k1uEffwn55Hz
h7lqzW039NOQ/WyEJbmZWg78l1CnW0dz8dD2ac/fWqpEmT3+pBsiJok+WxPKqv39
s7La32r0XAANEUcA3m79ExjUtD6YfN3kls83zlZt7rgoI5jTVMSEdtaUctJ5/GkT
+ruh1fX05FpB8/8oq8hPLAvf5nLZcVtEBHcgKuIeFwPmqChyqPFxnRC6PjbzPVBH
ugfpbVP45xx284ej8IpXSSXnFtmPhAzPkzNSTfYK3NG5I34qTSaksvCQWkPJIhUd

B.3.16. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9840 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6276 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 2016 bytes
   └┬╴multipart/mixed 1911 bytes
    ├┬╴multipart/alternative 1128 bytes
    │├─╴text/plain 373 bytes
    │└─╴text/html 471 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500

MIIcXAYJKoZIhvcNAQcDoIIcTTCCHEkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFa5urZzuujCF68lwqMjpt5q6ecCrubcxfRW
ufCpLVF9IwsK5B8mBc/Y1Ao1Izm1ZLHe71vRftcPkO7APU/bkaJ0YtXyElF67P9c
AvW8XQRf2oDHEYgVerva1KvWDxoCDgyBXIGfaD1wjaZKs2nAM4fnWfju+d6zcw5q
uArKn+BbUI43ryuHTDiaurzBwBEUps64ZyXNjP73X3xSlYV58OfftHQSHOKoPHg3
zebVKPSqARhugLWk06GxDMXAEjYZZBqrrYEgKNANwQllu72bFkD4gCXm4kIc9ezU
ZDNTctiFc1ShGZB4Kdmrrm66ogsxJ+Ecvw4YVAkWbJE4+eV2g5gwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKQ13b9qWHas/pyz/sKKJKkkz
DMpP1zOvhEtFBfsUoKvSrgDwWgmKhO/V+B7abpEzibR7I4rAadHzgU1wfbNf30cb
WqcCmyj+YA6w02rB0+y9X/SazD5+fmBwbDJnMWDXnggImy9xXrLjTl+7gII2J5Y0
JQXI96iSLWdFP6/Tq+Xj3HD/ZKL0+HgV6ncTNcpjkRPPuzm9vTMeU4qFVoNvTErI
V5vvmzvJccr8E+oyloP/xbd4qv9OrxbfFn5SAZ+HkypGkE5NAy3peSRDwQ6qLEM/
tKuYIewKJdv3xjJO0JyQxPRcA0FCEQpOOvt/zPum3aJ5Rb+YPiJEVHhwd7gzgDCC
GS4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEInoQ5WNoSAuuCSGvrpkRuCAghkA
Retlz414Eo8kzcdBnIBWQ/HdAhaJ8anHqEqq+Cko8a3zBHxAD3QSJ/Agje+62Cj/
1Mn64cw0oDarrIzkfzH7bqOjWOys7VmqEOX+v4WePKd0CoAzYO4J+ugOf7QcGPzj
unj5pXTjPmj7RvklVxhPG4DfYaFwpjQBApLE6stWAV1Rdhv34LuIeKVJuG1114ZI
Xi/0ilWgeRg1HdxXT3OrmrZpP8VAu5oH2tg1EkPHoKqeahyNLkA+fLqjGH3ODVOb
mphub7wyBNRDH8yyXZBJKoet/jq2FQkNjworQgbL4YNYH6yysK8/rRwAldZGpKFU
eeHZf4N4wwquwDAV3OgWJ2ugJIIvqIEB36JwQ5ocvWTZSUdGe/HwgoG+YUzL/53s
Kyok994Lrrq9JQKYIkPIibF6ku46LAyMz8Jg1RMazE9zSWeqfyicqZk1bR9+r8dw
E7PK5p8EAEEiL7MLCcBUbxkqZVHnNFPjGsQbMCwkRx8ErPM9hgvmpSRTh0X26ZDO
rdTYZfkF6jfnMHXPSbsjx5nlpGV1c/VnxRJOKmEFFFDA3rOigz1kV8x1Ib0RlxDJ
Spkyr3KVxFvHNOM3/GO1Pnaq9fngKPMaqANwp7TqHrGp3pU7aCg1Ol4LS2NPFFaW
o+jRrCPgs2jBcIC3ySvWlUg32S4UH8eSFYvO9XbC5Yp0EZxhpzLST4Xk+VfDT5oS
LFoSO+PAis9cEqeolVrSWnUdCkMyku8djSOR1OHUCd5XVnN4aXGDSlKF8YvwbDiK
vvjwb6NO99AAMx9YMhETIKmUs2GHuROkegdjm5rLqgdZ0mXIaAtUM1vau+MBrcf6
JdyQYp6b1i070O5xb5gI0nS7GsSf/5iSaBRJwPz6s2wr1sG3hIOkqBaq2GBVNI4i
3wZcI7YvqFs0DO8hwJB40+I1lKHsu5+SlivBaOnMcu2Pzd6xXBZ7AdTKhSXrBdhH
Ge/Ly/00AYv1cawWvhh/weWV47y9bSef4B+8PVMh3WT22z7FWUldPkeb4+Ovv2LZ
MfgrhWZHeCqE1mrKBn5p3CmhP3B3NQyKfeB9PT3w4niTe+0HYZbrmunGUMXOJSah
3A+sRIlKDThxImwKy8D5EUEFICoNeUIAC2qv7KyLrIlRHBkZV1WAf3V4Day6ZtJX
Q2/oUM/Z8rrUmveCkr5oXm0z2CqDSaUJEjR6VDc8wP35WqjR9LFL1DsRhCLwukQI
RhdtVXu9gdhaDuov9QXKZCgkKhodE2IGMQ1W+fQf+39ZdsZvgSlHV1GSCFmb5Pet
n3c7ECQVvQ7SwA6/IMej1D7lQ7LPNGVdR8mcX3+RW8duiFecerWDYakOWS+OnlSx
sUh9FAEnNdK+YI5RvUfeS0Gii1D3SpaJ8OQwlvgTdCetw2ID5rvzFTA5OV5tpjI6
CTRK1q0JzV2gdSmRuKCTr5zoAti6NyI9v1qhvZr+zwpyWD4RrieaATjL4MaSNJUU
mYE961MOVwIF8/Q/wXq5XPDrkiwbob/ak3iWSU9DUQuzPCUaOtw+Xo1GoAn0RxMW
KucqrbZmfeCO7vlbdWxju2LSfh8LA56h+OCAZqOFLiXeRcFVsrRMf4OGvku7sWOH
x5XsHZv8mqEsC3kP43Yceby64n2mxxX24b27xbk0J8RyqAOVGsPPIvLIW9R1zScd
/iSe8/DyE625H7qMTezaRKaxbh5ylY3+cMJzlGvJLYewQdjHCLCTVbRmG8yRRPAD
7siN3po+WEMLbPX7LnZP02v3xicnwD0lNX2VQIw43WYf/9dbGBnxe7uz/GMt3yMb
E92nayUAsBNfPJuIz0hwUS1C1eISG9UhBvH58caoQkMU3CTiMtvhr53GDdgK/cxX
1z6yN5peJPrMMLlRSNBVmFR1ZRVf/iwchvVdmJmQq1hRcIbkzWMmNtalkVCfBRcD
s1k6lglZZc3kdpf0oOWNPcqp5BpVHP2znONgalrjyxUaHEh7dKrZluNDXmioUzTe
pCEB3+IMVjpv5Hvs59XkeQRl1Lol3VIu2bwKHh6AjV2/6cOjcN+K9LDDbSorkG30
3q9paSowTBYlYiI0vFOECCXRxSCnUcEEwR6GAnr5kYjJQZXZLzkOBx6BiurpG+JF
EOchCrk/Ob/SHgGqHpBS0l5TspZRyVFrLDbcr8JxTIn9LTmf67Gyb0R9jWMKX1ku
5dbscuLIfOVB0fR5iNOTE36AJdzPh3v+/Ws9EGxf/ptwIakmB1Kab04yUPvuxWeo
NOvgDRVPAlA9jm1k1bHGJKNYOwuvo6rzeDIW4EhsxBr8kt9R2ElJWlA/TzzuEIBI
ox2BaqT2u/txvIdpicpnuAOE8Ae1o+9Zm66oM3ODAcBxkHqk9GLh8jotY8Wt7o/M
faZI/znUQ8bOyNXhxNriA1N8+sXZaNXs6enoRNovkY4mvNVevT3VmSSNTB++tMb0
whqgHyba3c+Bds5cymzWzDD9Lk81KR+40AkaE7j9CEGqAGpvYqcDcODtwuLQuScd
OSyp00p49D/XTu+UCqw3gqCDDC/mM0xFaOviJv+8P6KerOCy4LOGpJxnPjg/o6FB
LIFv3ihEJ4Pk0DMEPnWHHgY6NQcdXlgLPRsbBJvIuKAB4BvOrcH1Uexufy9Aiq3P
B+QhhbU2nalxV7ITmWUENWm0hZkwkwQ1YDfFvIi9G+EhJ+3j077ACzF24IBkILTr
VOyQOIty1iM24CcfuHtVmJ8St3RVFpv/xJ6hwmdGKxOzrPSNuqHhkLXGWXDt/xsP
B2xbmu0HBkUxhPr6cgtNnZiVa+6sSXZa3GmB/vXh0FwGhU7F95z4+5tKTF5ZxjaR
ItfRMxBsvxWjfrYvvECR9em0dxN0Anom//+PZHgt+2G0/tUqgow7nUfXy4DHRNUp
Y98wavg3qQRZGSrnK0BTsjtEHN9au3arzZ5Xp69g7URznIP5OimdiYj+Yeo87tU5
EryHhybdIF4WVE+JoYxf6rDIc3trm/lr6J7obw5aQQRr0Vj8Gbh2XaaSFcyuWax5
FTwV87GDJ05XiLP5hk25q87j8zbM+UOUJV6LCFXBmL8yXucztCg9/GlznC83IadG
VbzQNXF9TVEpq12SF3aCJNrrEHUxM56h4aio2jQIxo/v+nHVy5pYYWieY8mgF31x
g8ZtrORYYV7szzHzETbz1i4MF6SOQh1B7q4ShOxrZfLbl1G6gUPOIgox0nK5dxnu
DFcfYFiBerJJsvUIwpKAq5u3AJdunp7XQYgMKjV0xcMCuhR/1jpb5eSLNm9AauCK
obq/JL7lDcL0Nr6XxhvDiqtnjFVd3OZdU8XpSl5S9LdU+c/PrWmM5lJlqg2lLNKq
FAK1nXcNLFqVObOkJ6Wf/ZyXg9cXQzFVM6SbSI31yXfmi4ExNz0iBolp4v7v41yh
VEfUCgVUAoYswcpSnw5gihnwz+V4hQJ7vLq4j3i9bZI7pIWCwlqI7wWgyXxsBS7b
NZ37cthex2uleGyMZ9YCASqKRggUtFgYDQBoIK/aspPg56sgCMsubuvfRJHm1pE7
JBmHw6oHXOEwGQBuQPW8VPE1qeNxSTTiAToP1L/ohUkZ6lg5LSWbiDPSccAHv4EZ
kJGibe1JTJK35hvpqFCZOLJ54psjr+XGgJ1juE0nyG0+b1tVZk/mlGaHVzBurltq
Yvd708BkUIQ3Q2URK60iUi29j5dnS2t60Sf9+v6i3Fn9wVYyeMoQ3Vx+2ZcaNBSF
zef+luDfHPRMakoe4pio0Z07wUqa8+oC9YSoxGBiJXVlew+NUnf/iCAQCUfIhEUE
1DhhyeVmduzHRQjroBxypREZDli0xANfdWjzgw5E1J6AB3iZhBZBTHFAJO4P1Qto
yG346IVa3nbtOeeGw64/79zQR3/LH7IdJ5bVa2UbkRDeX5ApmsHs9uOQKGICY0AW
Acg176FtnOZ5mIDCxYmP18wy9KQIi2iAz/b65sauY49ZtYcoKE6z4gsfnrgIKRaf
f7taSiGf10nDIjnkkBeZ2+ZjdUKNc4r06SQ1SFyMKmqsgmGDOvckQKpzmizcwAXF
MQEOX39G2FNtuVXp6yQ1Xux+qGjlyk7U7QW+Tj3Fwra+7weQXK4slU13EUnTfE1y
8jmEalkz/76brf3qCE79EC+HjkzxmRwkLcAKA4f0ihLUjHGZArEbYM6gAMqSkC8T
9C1ond51z9Tvg1xCqQsISZbP4o87T4TPzwXXc6Ut6cJkuILsgZwVDPgorvY8uS6u
vACffeqKhsO8h/VVEHQ98CHVt77Z2dMKCCdKJsHsFmlo5FL9oQaX6LauE6sJEcq3
VJSNs0wSMkLZPDNg85VrO/8kHaAMfmLU41cjunocgqkLkIGvTo0ej4IiF0UrGpyw
o1UNBcNJcy0IhIgJ0CiYj3tX5VaJFNWUY8AWe4sdYCO0WNmuqS88iTutRtuRnXWp
SAZbLvFh0wGU58oc+S82bLD3vNMIq74n2QuyJlB2mq7nwuYzl1LE+UhlnasRw3Rj
3BMQK6aZNOT9uUyfwF3iWKlZRKOhDgozqN3mltVEvHOSjy1RlAvGW9V1ZudRsw9u
vHGkeePZAwmC90aS3DEwzEvHYebTQGQ7en92357TOQDibUT21r6ZAJXqHyqD8uYx
qAPtGRwNNspAFV5ad43e6FoL+muM3gyY12hhfbkf8r/6rJwRWt6/hL8OljP7DmfW
vc2WPBTA/OZ84Ixu9I68w4ICrBSN+VqH2NkHQcUQALoTzyYBLdT5oEN+S8W6oNyJ
tQ1+UcdjaBXMblf51/tFazIBwvZw9VYyas/N8zPRK2p6pPF8opsCRE5Kq/cuIrHZ
fXgzoXH4VfIb/zGuzqEIZfCHgBW/ELX3u8l40rrP9m/EFKjdgd+/tA9zVEYVQW9+
M6E3gpLhddhZcuVfLxQYOgXU+jIm9K0VgGCsFFNpMP7DBDfTQ+M2QGJkj0b2a6Bc
jgmiy9Zrn69p9sC+OmPOLv8c/lyV9HGSDqLAWQTeWYAkaeGk4/rhOh2i6/cUVWCu
NSeHLnwPewb6OnSAIvQez/VAGlgYiSNJdMktfKSlv9Qi+FKEIy//14TU3Ce6VamE
JcRE2QTHTr2hFBPSVM2nGgQfJJEK5093YZ2kLqb1GZf6JawN6Z4MMa2ukTCpNgeZ
XXSft3CnJtUJ9DJ7SRlmh51wDwgS27YNF5SL4vn8HF/2c88Ig1o+1yJvXBI48ZR2
ra/aQ01dJRj4IB3Qzi1ByAC38xSmHMk/zxcH7j3Xxd9wvm/PNNxhcn4bfe4bseHO
GiLE9e7eU/H7TeEfzN4CClJ1YWDOf6t7Jw2AXSfdq9r0pIg2/mVZeQ+PP1PwRzLx
uMVJ8tgylHYd3gfMo8Sok3dA4/0pNTfJ0ggaM8+0KOl4+fScbm09JskmDhXW7pUN
IhygGYLOPXCn1u6Yua3TpX9zTww8dKD8iVmwAVISrdD7EFlAD6MkQsA6Z/tFuRrR
egyD1twvVSOGsykAnyuQfQ2YTi7nht/4wAyBGsD//iVZf6VQG869Ng4Dje4X6Bh1
sl17L4Rcl88LmgVeyhR1b/lRu2rJTn+eFWJRRn/uOJJF5479W/lKd0EMme1SJiyt
EgQdT+S7Uve5onHYlbjHETKQ56nVhqu6BigLBW0zwb49JA2GUkLGJQnvyKEd7u4T
d23K5bx4AqlP/w0UwfYV7qMS8vnhbhv+YOVaGTTQXnDLqvnMujb1+nuUL2jjDD+c
syFkpm6uPbi45bzzuLuNEcuh2Q55mLrEMy0hVOYbRaZszGgv+AUrLIfoxzTZNwrX
krP18o3/IYDtZc5LdKSM4wZdk2jMlE+2SxvsdP5gRXc8CVwZ/b3nOkXyGzvgFUb4
Z3rCZX4J3ZjXRkhjCx+ACp+ASuz5C7RSr5Uox4dEiWnUOYjS6P07x9OwYKjbX/U1
QfhTQBIEsRC6xrmG15zLT+6CnBF0GalLwcPbLxRTX4auRJMfy5Mn1HX7sQL6jEo3
c6hUtmfI2fcFotqVgwc5yciX4Yp38rqmRhUwFDRVrENyyApvk/uRSolCxnjiQca6
9GPC5brfg9PRgljlCSCZmhA6UrKy4xuKB/rGmKl2rnHeuL+98ldK4R+dvC067eyn
pZjuwZ9PpGrCKsmib/rEuwoU9yB4g/ycnE4SG/C6NRjy6gILdckQN0LJtvHw+axy
3TlT2uaO4cX9dvxLtxPedO8s/j+1TJjcBjG2HskT2WuHHz5h0oPTSxTvqxfYwZT3
nb4QiIMxMTBzh6LXYA+gM9as0QNvJjKG+v5/s6AVzPL3/J6Hn2biG9hXRhA/TntH
JwIW8Pg0Dp1vhhLqllXG8UFCsv1SY82sQpnZORkhBfLuznHYp4ZgMhRBR8BIOKto
TwqaaoSuAxIhSFTXt387mLmJJMs55N79cFU4T6bJLhwLmW1TNeusli0vRJnN45Cx
6owQ5CDcxU0nNeyoz2HjTSD3EDIdRbMzQs8iE0vNVMlKIg1YTsTr20dFMTaE9TfN
OeKML7L8cI3PTZt+fUg0Ezfy1YdAKHR0p/hVW7kzlQyti5P727yrxeqOQNGhiFig
SYqI/OO/r8xtXjNG4nDJoUOpRPEasOYB9EZM/Gq+VewG7G+JG8pYU7azJpUjXCkQ
jaq6IRUXnSuQlzmyEIcnCAZ77bKoLqe0cmY5NJ78T+R2cZFFLrxEjhYyGAd7O+LT
sNzLqrrH41P6rta90BM4EslmLv7oJHchdKiFZYCXqZXyW4IwIubHzb4yNF7ntoki
4Yk6qadQrQVZjF6tlZz8xevPwyodUC6tNcqMT7PunPwUA1flXHfWksPqm/J4RqEp
CgQZdkX//dWt5PW6/vKUK87BBcC1ISVM8NFpME+EuftXLNP/7GmSOeSu7qnS0+Qz
yoLuC+4FFXxB1+ocpvHf4i0WWfme7qP737bCMwNpdBS3XwUMwG3U1krRnKUTL+rQ
vSmW9vSX0Q/xDcJIX6d2Lb4i5qHV0/o/BtQiQrP3F7f+r1sI4EQiuUMCBxsi8Zab
pC7wd/XWms1TED0yOsFRX/Nd8hXakrgC9XlRyoJ+mdMsI5fqsgIKIRhyhRmUejXN
9D3FAu2c8PyP+bWiy1w+0KrlTSFOT3FMLF6DKUDQYLplVm/stmREJFXJsw5+qxbm
rtFI9hQHJiJNdxFvmxVcvurddJIt/D7PUEALkldIQ50/mIhTUBgwvj12705bJ8ju
xFi/YkUlINhdbIEt2/we04QAuew6Y3mAp4CR46OeWNIEtQeGL1tSJ3nSl7lOX2L9
gsxwKtfHv/33n78w6XiK821wJTrRGfR94ZDLJAA0yoiOZdAg0RS8+HOdrOgMuOwL
t27Zct6RzT8Ni+L8gjI86UIepUe6QVZJMYgDr/nisD+gegJhxxuHTkJXWYPuDkNh
ACLgHS5iMh+0hnI2MLcoYO5shOLUVXahs1nJbeiJ2onEo/IG9EsUzzH+oIX+hGSo
nzdTu7MyoBte+VEYtV/7QkTKuhUa51kTyUwM1vfqTU15wlOxAhfp+sPcHdAtdf+O
xmaUqDurFcltQbvjHoU/bB8y/Bw5Ie8Q1ugu5EVSaIoavmrSgTCioF64z4wwqwDk
o1sBx4NBtjkUl6m/CGW58geCIIioUCAXD6EpAllknha7gBdO18Je9fMM+Dr/URfJ
AUv4cVByu0d0cHaPAwplNg6+CK2duL0uHg3LG8HIGuL6NHhM7G2D5/Ltw/Wi2t1O
NqXI/OmdjwHXJ2Bnt1S0/cjO7shAgnWigp8PiTN7nQh8U6ZA6TWqPm2uDFcY+Voz
40PLNFLJ5akdKBZ1w9mjtx/U+Uhkba2GoKehjaVcc3B1uyk+wv5i8RrrIdO0S2Q2
SZBCSCOLjU1X/9t/MjhFNHduhUzTGKS2PUo1ez3Zpuxxh39tt7UuHp9YGHO/KwBL
1gKGVgHggeGt6fgk5yjAfpz9rRGfl2vA39y+Bi9sn7KP0CdJ158rt3qW2Ka8Z1Kc
IVOjzoFecveQJ7NxVo18YTD1kyYmxDGXBuHWX7CdNWM+jzdHgoL4Q87WqKHticB0
Y+3d/RVb4oHMVXxNpxFXzX3Ogqp3Nr1Glz/nbqzFmyokBms0BeyPqzGkScdiazy+
w80USxqJR4KXl2xkkadNHaXkCvjgkbVQIi0nRuoZN1PrPczmszFrsBlUKa1xPG4g
zij5kClWI5PvJYxEVKHNn4dCOYTli6rrPC2lB+RNIH2KXdjc8+8xKJ4QKkrJ5sou
COsGRNtFRVyzVT30Xe5NKqjjsdjFWThXkSbIhDDMORY044NnKKvK0AzS0WHwrYel
4ZkrPY1Ta7lYMg+kOCEW8wKiFW34JWRq11hJlqJxolDwNy9oWkKtqUXuZ2rnxRWY
knSvlFJuo01S2dQHAxO9bOJ+CCdWry/9UCnIB/4xwwezHU7NT9stBLCJgIflRtQ0
mRnjevYNQpB7W9HqVRoExm47+jTJInDIr6/fXm2kk+sonwyulCHhPJFRhkBdchc/
Ad+iZ5IK554dEI+e3JQesa5vKtTRtsmBdZiyEpkrXNA/Xm0AYWjEB0KDUVmr7TTE
3EUkKKEGHIMQy1GrVMcAiQ==

B.3.17. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9795 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6246 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1941 bytes
   ├┬╴multipart/alternative 1132 bytes
   │├─╴text/plain 385 bytes
   │└─╴text/html 480 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500

MIIcPAYJKoZIhvcNAQcDoIIcLTCCHCkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADPyejv9Q41LGeGoBdDpNDv6uYtRx1aRJOfn
f4sbWXr4O/34962uv8O3XkNQUPykKKYZ41bEXBUU3enu5MvV/CQIbHYBIxhYmAMD
vrw41JyVFN+yH53wtubTwSC8poa2TtjNv2S4nBgbsDQBbN7IR/DHKqCbUK7Am5t1
uuSHgMWpZrcRkUmBlkkqYym/kYfK51FnZbMSODJESjwQOrdhXJqv1RJFG6T0kw2a
GOTxsg7spf/dDxEyNMnqm5tLOArFLKOBOxcpbJBPTWumUyKh2P+d8D/8pSGW351u
SVEfw5Zw4zX5klwBKLVowk07vI3oSlu5DKfQJ/5WOBucU0EqDGIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKK12BJjTcV/7qS94clNAH+Nc
slgE+RXD3UJ4VQM1fu/X4uszwrQtE8eWO/ToCVp/g+WSFZIzDRBfhbv/7rFDF1s2
oRVHpoZrO0sUrB6IQB7R+5WCueJomWRjJYbjbAcFSuff3WzC9sh6o+hu8p69lnJm
7/ht/8X4ObRHcno/68mPOu4UEl9jOphAxwAzVPc6DqAPztyBvTOIERp7JhfYUy9W
r0lWxuYsVFF0Z5NI0ZRybPAJPuBQUM38S880am6CxgKgOR+QLy/s0HDiZQ63tbXG
NcRsbWIHMrIC6xLWHl4cmq6VQdnSNGqoHVaQKAzlQjDgfwp4cQ9pFK3HaJJ3bTCC
GQ4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENbAf5M2+FbI0Ai6GKC0Vf+Aghjg
88tKiODrMGsmUZonZvPq/tu/822mi0P1iqCEdG3Jby4dU+exxrgn3InoEZQI0QcL
go7Qm0xpqdSPHFp0ZPf3qDAIJub62gC6/kvshuxVyWeHySYp9qn9nwwesP8JLGBJ
iBqtQEjeRZPxl7A0oLLalGfe5C88Z/zM4QqL3H0HuJzBM55W5pCm5Vv2fvtAnnpW
q4S+YYV9zO5elpo1x8dQQm8+D3RGp+Dlp5nd/yiSgMSolIBZhnxK+jkPZ6dicKXV
CQwyIFfHB5k2J74wsGDYBqeZKIhGZuXEL2YQ9LwchmMv++AjoGOhXnoYdStCh7Lu
zI7eZqnlMriXFXJ4rMdD58BXYByFrjDMoIiMXCD2dZF6wrCPDfECKtaEA4XFP32n
hkLdX6o2r+9uDS7vJX3RvcYVocXdk6VnwxB9664vLWuczw6BueYitlxU50d1sU29
v7IpFTrcSYJOtqftglY38+L1fHGrfd0EKIeY1KeXv2TbT3ZDpiZOVe9KuC993XWl
+5T+JGV02jiDWgDgkP55TRnz+F+i0cowve6gcRrDVM87ECP/4qC3mh/st1g/AkvY
y6DFD45GTLkrMqeKcSHBo06jS3D+/BarpG4XO1tNUhUOgd5DVhURSMNQXrtVxA6y
ro5iupYlJh/00sN8gHoCcwsq4v1Y20CwqmSrfY+8FhfZXBQA4sHP/apBVJDmIrgq
MRBXrZUHNmSwEaL/kFVMzNDPrVjU8RPr2qgqufkelU6si9+sZptEEEraqNWUyWZi
X6e62jWAxv8qOnuD/6zukqOx7tsQVpiJYPHDw+tVd76Yvefe5UCtp4/mBRFqZoz4
tZFm/nC52VuRNyDQ79h4YPQTryxvrgKaGEm5xDZLcM5MtJUy1o/sNiK0yoZHVEix
d4DkM5/IbEOoJM1zhVp3fDh1qkkCEF1yKLsYV1HFamAN22U8ImlGsRSnZVmpLMM6
GuV78wRP/zwJJ0pYrwJf2SzyXI+K9vc6fZQUT9oLCV7mwRRuMN17HMJN/Qi64lq+
KaL9sTZKs84Nu8jAmjGLD1lKbvpAXJIr1nlnKoeoT356OIh0lRHfXmh12ZtTl6qc
zUPROCNGcbDePcmKwpUrS+DPsN9VZnIFqWVsi2bsGFbA5pRxTiulA/rTgIT3/ToA
M4gp2mANIG3dtxKYDnJskUn6LoX7Hsbf9ALSI2CFrA9Ma1o47ILNMhDZn8foho9e
do6cIw1LY/lbaxjh5sRFe6IEYI8Bsc5whhRRX5s2cxYtQprYfr+HDYl1LwJTOEFl
JDlwQ0yEBSmGFnE0wiZPM/iquwnfVsackMwFxg2eC1e0wcryRSH7qFtB69gZYJTr
lGiHXr9TKeKduXVk7CpeiM/SQkgi3cA69dwezdb1HAKCcb8zjpGp4hjHWXAnTrwV
kuf9s26nTCljU/z5XTJc3yP746MKHe+G46Qetn+h/DjvX612v5VKA+XEavB8eyex
5NYLFh0/JQ4zgvNB7DwW3T1+OXyQ+rqplaj3l8sMmH7Zkcvk8Zlbnl2TAHV1w0c5
GQnUCeoJV0guIC4KKjgneu0rNxhWUD7WczWwm5HIAvgq0bjZu9dzCIoZXK9UJ5UN
hp5W/G5MLCqEzmweTXGidg9UBuOBRWjaAEoLsDZYr4E1ElQiIzY0VUoIRh9qt9tO
DvB3YksC/788W5jJX3Q5G+MjX7kxm4Y5fcXWHU7BwqMLKkpvy2qCNYC4z3rBPaGL
ftZ/sJdkR9uvClh9X5zU+JJNAE3R9LlDFW68cUIFxpw+bx43BCesis7r/p1hW/Vp
4JS1x8am2uChAKNMQTjHxeGuaxEvoBjOwTT2D21i1F2KJp+SxKZtb9bTbJZvt/fX
/8nUUR6VdwSfgxmOEf+JCRI5U/z7V1Yv9O8BZ+wf0vvNbfGsFdR1UhEGusARNV1w
gRO27cfkJ0lWDkqYWzWXXvwoTbTgVJ4i01GhA6nChdatU6m5nR8cXrUchXkZQ837
OsNAUN9sjSR11PA+bwM49kF1kysRRv7T1+uZ59hw3Plj/eN95+GNORsJMwUJfAZp
bqx+8YdB2szVpBoFYy9eYmeAajdO6NYkzeXvYAoP739iFs+DQSYvoASUr6CxhBZi
6d3LO7c+OHsgGTiocgGtX8qcP7T3rHDd2njfPzhr980zHQbESJ7TaZOsSlYtsOB4
5rL4nWDXBFqtd5ugCfYmtbMdyWH8xuOTPB7yCUjUI9AdnTEFGPPZlcgo+YHHcQMd
7K7A6C58piH2qnz2NuFcOol+4uwVittRGS5ETrpEA3wPjiNtOl8wt72MbtsYgMec
36DWhQpUnnKOJ6l9jbQPooa14Gc/TlrSLtEpsOJEi5UHkXiuKEVTH2yjP9RdlRYI
7YWecLbK5Hvl+Tw45k81X9IIKMFtdPbQ4sUanD3ErzKGOvccIcEQH947ZI3BlVJT
Uvah9ODsIdJ1a68GGJwFdyydJdHI0WUqBiQ7190/33x3CzxtOTlte9dRkJkP75lo
V+vLRDQ5HHcHOSzWQ0VeGAsoNa4AFgrO9HMcMTH5VYeeHMVZBCtKGpuC08PKehu1
rxY+tQ3j1bYgPdL40IdyNFCVD4edYol1sDkYofsGEjcV5J3umLHWcfLOSdcXylcj
OcGWIz1mAwSeOT8Qqk+8vM6fRKy2neC1QB5L4SFGrmnnVPg91KBEgaZt6E0OMmlP
CwrbY5VET5Nf/w2jJWlhxnViPqlg6E2Zx9dRRTriGItd81FA87+dL7xZc+kt3Otk
2RhG9yLW6OlIpBQC9akLEAlqq/ikJWziVrerWKZ0XQ7IAh7c3Q9Au83eRYqL3jEb
1nXN94Di6dfwGXi29FwYqxzkgz2P21t6KcpvrRIBk378yKn7jLVgkil/TEzQ5vce
quAinWS2WmF+iOaW7nhcIpYBO0HZK1DYSSLAraK0xvydsZTO5HdGkynJ6ddty0z9
j4KhE5VT7X6hrqIkOcfoGl2GNXjelhNDUJS0YKRYvda56b2hbn7ppThsaydOmdG1
HxTq+/9ENaBmASEqcgF0/RojJ5ZcLv8+fww6qmxkQI+GG7PLyseI0GA/Zy/THHoD
uhikRUmY8eFAZNT10kL/4w1GFIG0Ik/ZGVHs7paRJhWeOcFhnGHqQ+4q6ocGcWMi
AZGIgzD7A7sb0zKxtbeSWWrqvS9fhussCMA7avcDNi6WCVTxHSMnV1wCzM5CHemt
rYQ6/kRKQ7mkJ7xWyHuKDb4e93+ZsBOomaM3AETVwagmeYiMKG8Ir7EswzuQLkau
Pe5qh3i33Z3UcNE+4jaD+Pg01LUOHPMsGkTi9hJSADwC7bZpRsE52WtoJ7PoL0FJ
I/SNdk9yzLnDLPiOziNQiY2i+rLI5H2BlRwGRspyZiRw4MthuP4A261dhCscP3fI
TY+DQ9tV5NItvRVNa640EoX/CV/bwNIV8ciFrsGgpVrkAD7gmSdrK5IUsxUEUaYh
v6LECYSmICQb1n0A+GxwCFrPWL3Ls59Q+8UxDjyqcPUA3A9jyz6GUGGAwN0YOqXp
DXHHafrIKs8p5ixcjVili9Lz6Hni9XJGZClQ+nxZQm1C5h55jft+UD0b423beluT
2O+M+Wenck9OpxfbK7IPB9XOvBTj/WNQDWFbt2t2wzgYxZmGZ4x3ULMYHlyqGlu9
KpGu40w+3pAqtuF1fiXW2yBiv5exC+/vz/mfozBnW3PF7BpCmwqHXPp0IHwqcL5W
qtmnF3rz3SxUiHGvIwDU/P0C6PExGixbP4xhmAyVH9kxYLOEK3Jil2QpL8UHh6w3
eXJwuztXaK4HUQhLI7a33lDRtI+fQ9JPfh1bXLJJsLw8Lor1oBgjV9CR3Dl9ESff
NFUj96B5QPwu10KAA3G5jtrBoNa0U+PWxyw3CUhi4d7gsy7eXpGJCc0JNgY6P65t
kXVIzY7RI6zGg+4RFES3uiaxG4oUyfIat4YYGq50ox5iwmOQgav6Y8CkGOQmZUmF
49CiEvsxVUxzUsmESGvvTXTeOsG550DX/XqyG44ieigPjCcMjRTQw2wO2CaNy1HC
8jMIMiteoLovVqThlAmHBnK03EqnOcRJ0isR5JHkv4WTpML0gU+oEkiDhjEKymqy
UAgnKwdZN+2dc7wYFSj8U3oMnVKjtQzgpRVZsanuMmTGaT1hY7+HmSl5M4TjViqb
IOJ+mJLVYyNr18zvp1hl/pAI1wepwoihSO4m3S0IjU+JWproQm6EtEPuW2VNfmIZ
cggeDENMq6OqS8ZoX2wPUlhXge4OlFNSKHividiFYCqqW5SZ/obLqU6aetzZnSVT
KLfpQDqib1Izp2wKJXvBiZgCfIp2gRLoushp7v57DoTlG48KBI8/a8b9xlCvxFVk
1Tx0irCIHSjcnI3OYSPURZQfZE/RZiiyxOrnMiloa2wP1lq+z8mDFikKcyqHNL7W
do3FS2GDA/hj5GJFV9SEtV3vBUmdqjSxyA5skxAXMleHwHl9RlpoDmpAUq/4/hyJ
8NLVJ6GGOZFjbbfJzLdh75qTgjbCj/tW1W0ChzhnjXRN9U2d4YCR3UkE51Soo/Fw
Jg5AZNo51cuygrvWAljeRgCmDfaHp67CYonsr4VuWy5JpuI9/lszIk/19C0U9qY9
wH23xyRz5rG/9NfWMbh6auVHRGypfQAGNwwjslF4hIFAAJ5WkmbPSRn+7SVMLDdW
FYOpNc1iMbknfapvsU9cQiTxkRB7NJfgazVxd6A6h/1rOZNmSuUPou/8NB71F9Jm
1rYt1Op9TF95Z9D3oFwsmCjhRAZa/tlk7SicT8K+LJSGks+0yS0KvH9EbsoV9jMC
vBMzfXEEVINk5qvHNe9O7T5iivAf52jnTYMwVP5UwvNnseR0/q5/Z0dseLwqYbqS
BS3NRjHaV3c0Y8E+Koc4+1RrcE3w6mv0Fsu3IApwQj4AyKd7JDwsfzs2iv2Upe4v
RMCzS7Tww4gY1SIejqlr27iXgi0kR4ehLChh+k9WbyewNYWQWfJqvqzfT39ormMg
dTJDCQh08cUVmBflMKImg/Tf2ng+3SvbnD7fkb9mqfCHzfQlmSRrwp7amGRj3f5l
CfMywN5Bo2si9UrKVgZMaMnl0pIXwziUbSqiGyE9/8SqdLtBtVR9/x/XFUL4eEEQ
dUUCk/9qBkB3Ml5vquva6BUVj1hhiKFgnnpZ8eI9o4RL02UfBJRtgBzicI9IlGOB
+Dfveo85TdQLZB3duuEo1RMrnSKre0Ki50xp7I80guRkie+++71s3wixp42GENXb
pesxCaAZWreIJoVqFsqJLkpDHrh/C1VVc/DlMfYROf6rTKLdFsuJy1bxEEOXwlQ3
DkNIgPoy7x38a0TUj59t2H5xbfbQj3rRmbSuhVWIYgeGL9w/N4NXYmW0iXs9QxHz
Yl5/X+cYWrOV9zLhHvjhYAA3z8pevd3v7HgYvyayHH9FAOQOzwtiNPlDijZ9zVQy
XxDTlm9Y+rTdVxj36dzUd/EVAmuIgH7HA5TdC+2fwfcoMN+4cyFBNVw/FhnvhqY0
S788MBOudK6UPbTyPte9szSqkdVRLzTtjiURPGf3DACDPOVu7bzewbXN8f+KHjDK
aSdLktQiFgbzdXFsCZPOYHQXbs9zvztTU/xC1iGjvsDK/A+exn8QuBuLnumKZzZ6
vW88zNPu1JdZIqdszjEQt5TrMnSVBgxcB3TeerA8GQCmgZ1gnN+Jy5PIQHTz4oLu
mp8ZPBWd8DRsT59LltNwyKTDLCYTiN2Xx1YOmfpUQDKnnvmct7W5usjD8VntHWoY
gJ3J+Rd8xPdQsnW4/HCX3uTjgp/mUTqCYP+J+226n0ac+jdfDmi/otRn2jE9zvKG
7gKpFu/gGfXZvY8OUSdNP/h8+VCtaUzbDqkbNkIIsyhArupkDBvSJCW5qxybXB/a
k471+F9nug6jdyIi3Hqp0FvubcsSchYA1UP9EtUg0ae9hDB1tRY9GTlAaOBd2xbI
zvvEBeEcV1TlzaY9B6XaTG3VIt40i8S1BrDlJh50jc/qG3B7X3Tk9Vvyn2N6otF5
nidTIwwJ+HLGt4h6c+YsV1WZlPZDta3n6/HNh/+pAdwSP/2t43PJMgJ1OlSlxR1I
C/OUgu7gNndyg9sm0j8rpPUz7p5s7cTPIzGkyZ1VzEAcl9dv2RFB4TV6z9h/BLWI
TUfx0RcH6Ny4mvPiQKUADuMHGNZoOHXEpsIQPvpqL/XDXeEZCgKIH7nZIaoirNWO
OG7cJU3F7Ko0EejbSsrG2HJVrDd09Tlfr7HP6/4Tu3h6qoxlTuINjNCWs9wUqdxx
3HNzXc+0JAKE1xiuoat5Y/aGnfabVUVB29ad8yFPtG4cv3ftWHM/N87Uezeni6f4
vsZhKLoo6FcJ6xpmWD0Y0Hys1YtukQs8IhuKNYBBRTNFGrBlCqKJVn7MIsziVld4
NGgmDpVQ6sgIr8EbIVVsQC/0WgzON1hsfLvweYfd0I8AaVfPWd39Q/y8DSlLq/yq
of7KgAyObSxxqumY+hJwW7lVufGFiRiZDYi1bdoRaVb0qVnRF5pU7YkXYwby6wzF
77olQUVcEoXMJvtWLnu7h3mI7fQ5F2F4a9bclLGXDcNMHsfh3JaIlhXkmUbEyrgF
EBOuotyT8Jtz4a6rSG8vLCDEjfw/DKFm/2vtAg9CWb8u1Tj8Ir0j/0YP01VjNtKe
dQmi+Grcts/5cYbhewOIaoaD00N2Hy+7MQLMDrHo/NFlrCHtLUT+B0I7acnjAdit
v202eROGGQa9YDjmZ8tMhHVGYko46yepO8AWm5RR4vVd8b3CbvFbzJy8wIGIBlsE
5Ds5rvWqgzKcVVlxRneE5k9uJwY7CeL1DnVX5Sks4mZoxgabfQEcRl16SB5RFmSW
y1CDnTwMg64WCGG8XCWMnjEydtEGK2JoI1b5Zikor9F5Wiqhq29Ropv+CjekM7MP
F7lW0+C0iB9PaQsn47J5WuZhdt85RfLpCm56r57z9eMctbGfmhUl3YMth9J71xOB
NZyBXUnAzQ7qIaOuFJ8ZxZT3V55hYAokF/Ph+6W/rHcSshEb1nzUQ8Yf4jqjLmcl
S9I1cVf2xkwWTS+6+xOMoEuqeGK6TF3brI+s8qmnimIIxYsspnpznNun6fXcoXmh
6TOKCAoCHh3wWPk1ucj+JzK5LHDUhoBzccx1co1Vf4To9Lc3X07Svh5L9ZouJ2IM
NHqP5tv7V3dCyPfiLo4R0LGfQ9o3x4vQq1Q9Tt8VPi++Z93H7SqIy9/XNYAMtp2b
erh0i5Qc7p1zFgMN+oL7cO/r+jM3/Xt4uBdenLklWs9M9CC21Pg4vLvs7f5XNj9F
nKSsAqo/zxxnqrwsfLCEir4nIZaOSmQvFATKAumiIq/Bmljy3yJaNFhNuo8k44mi
6C5rChBO59FkqFJI6s3s0BW/ARDMpRzwZzLqEiaYQxXrvh/YWatmzdMcOGjObivG
R6cgEjJ3ycfymZ4cl/dQVqqeNGSfcuumI3eimiIg4txhUFaSQwkp8WIl9n0yBnFm
ygdePhIuatf5n9yuKNLbTxamloG4Kd9m2iHGp9oYETf4xt9icTvNa1q6kEjkEj29
jAl7hx7ws5uArlNIu5Yo9dmgzQ9c5DToQr3TPsNM0SnNR3S4nujNc5zyAybkgD9N
oirZ0yz3BMyWadhbVACK26hYMEjdM/eE6Va2M8yg2aLXU+d1H+hR/C4RN0v50u7L
xnBmTU8y+AY/vbl4042v1TcvL5IC0vOG5moFRgUziCcsncVcE1h5EBbwcK52dvWt
OCE0JR7HV323h/mBe2uMdCrsvRSdIO9/VqTU9PbVbl3xGwz/mXpQrRjf/HLk1Bxx
8PNZU6gLQP7Ktgo9RTKV4ZgEcbsFrg/np4m0wb+wQrI4d6XXlvHMPit0ofu6M/e4
FoyKwg0Jf2Bcfq33eCeTa9tioa4G7d0ML4NqZi6sxaGG94XMMzu9nD6ewUN8hlxa
mhn+uLGFiE3y1EvhI3ICCeJnZNfbPU5bXq8zuwqp/YJUU1hoshBna+VO891W217v
koo01YxZB5GE/BvngnYDUPY7cGyutF03uRofOHmc2Q76mWl9hgdc1tFfCO950nre
d0cNqrMsmtryp7tJ7FpsD8QE2t/jWG5PlCk+m/8GbeRk2qimvkch0M2jSIEUhLTr
ZNxIQ0dVtrMTtsLaATMTG1sH/AiY+Ajuzhbp10G8YVilyIYpxx6RSpRb6hpvLqC/
xZy4kBsoJfcppiODphgcRLyNg+8ogdHwg7LXqT8vHQ6t3wfASSVlwetnwCQvfB8J
XjnBSSUXoTHhqhvpJ9SXxHRiA+XHgFYc6BOAepLYWMcuIzvxTweEsy6feQynVKWG
p9DiKuvc/v2gqse50u2E+E5rPQuTj8/SLrGUbw12i1TkQhUIYZMI0HYBDFxu9pyD
u1zx3DsnSlLWTzJr//wkr3lJd5L3WUerfEp4gAaq5hGCqkSZs4yC7YfnjiNyGWS2
FPFhOo2EhGBGLHCO+mSSYxMNkRi+sDUMzx8d1jVByeM=

B.3.18. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10380 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6676 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2248 bytes
   ├┬╴multipart/alternative 1425 bytes
   │├─╴text/plain 482 bytes
   │└─╴text/html 634 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500

MIId7AYJKoZIhvcNAQcDoIId3TCCHdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFyXL5Bdsrj47hCSCMZg5HssJuT0Wkfqzrt+
Uauk+xOG9fu/C2qZFlc6itV0sTYKogOf2UOEetIXbj4ad9TeExHOn3YdEbbKBp0a
KnYn5zyuaRc2VmBGwCrAcPaGLHL59ul93+Quyvp6t6T7L+y+rvgtOh6tMsCH2yVp
TGUj2FVg6FxB4kg63f1FB1ofpU10wSB8nn+dUzUqxD/Pwvt0yxhB89ea2+3C4ncH
36wQPHM71la9981grPRH7RHBcWdyvny0LPipQ8v9p8bweJyVQ4oDqLdByO4XuNzL
XqZnTKmhXugkRs2pShYJa9P/YnVf6fPhc9mlzl2R0UXZ00ezMZYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAiAf5NTfAC/vD/MMeOHO+9ciT
ntt01b98dS2zwaGnUR9B567tVQjWS+hXSWYZ7BSdp4Mnt1QyeIsFadrHZp9RGnXS
gxfzpCBQm640OPesyumvXNwJnjIsgFScVJ2cfyFhdH8DM8yKCdBZc1ueiaTDTHXb
efDBndblmGaJESe99TIzSWu7dqltVm81u7NnPdY7yM1IHPp8Ij0mxrxm/5pXN9Nv
ZK0QlvoE2pBgdQZS2gZIoevepePkveqNYsMk666ThBmSR3RAelucLaRhCdGJ1utn
my00M75Rn6A9UlNAEUa6HXXqqIx4G3XeRFvwjEX3gW+sd2+qlzNaIOK5VKVPDzCC
Gr4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOSKKKhbXhpNDoX/l0pLf+GAghqQ
fImfWw1xwLL9IO5jrbrEB+Nwv/IEPx/eZR77kGkohfz/lD2J14obHrkGO8DF+6l0
d1cXUtVeJ4EJeQdugoF3Zf4lulAF+skxo/0kbTZuReffOaGENU3beequQ0fi8yzd
UDGRc+HvYpmKFgy8YXdNexYYXaDGxBCvHx4WrPmczGeLE3KdnR8BR663OxU8zcV7
zmG9LH/7N8JimcVvphNpKpbgC0W4vck1wsJ4HsQ5/5XQ9bIrXvWxDLqCL7wNJhFy
MDHc582aczLwOcb/RVr83VN1JDLGe+FR/snhhxpM+yFNblpXcZiDnzVwpr/kVE55
B8Z5P/9Vkhu+dG3opNmronOWOgoUdul0H4BaebYmIIRzvFFWetRSYmh1IZeJ2s4u
dCc1GclveZBB0fmXWYRjFlmbEKdo5vVN/wbilQaIfjbm4iQ4YkZZBmRFhsSqv1pm
GqTE5pm+A+4oscp+dnqMGDl0jzAWnyN7tlbkIW5vYlcnoDdRpT2r93ZRZ/sFggog
pkooYY5q9d2Vw+ghVPS19wToG1RoL8GuQ6SRTq8FN+vuJjT1dfyNhsYp7ia9+ttq
Y5KdR+3e4u6SmVLWudC9k4jsglndrKNqXvVyd6NBPQpmeGaXGXhtQkzy3FBBfcsq
mjwgKUmkpqsY2a8YZqRce2PgCuDSsXeYZvVfs0EDj17XnPadzjIBdLl9oUGaaD+i
3q6j5y7xbyvjGc8T4TJCss7z50Louuxw/g5VBHHDz4huywugOR3SICAOFn665uTS
zSXXuNi+jII1aLOtPttqmOmPa4KXHZhQFiT/F8D578Wnt5hGV6fwHXOjvvi1JrsJ
k5X0Eid+vY3THdmE0e+IWOg5ViTK1j4Yc6I36CX/Ek8k6sjjLl1qKgKo0XXon2a3
2MdZxnNuSPvx0EZ7b3GE1okJyChNPguG3J3yxOLeb24pQ+jDLmka1X/pLALIEZtR
HUks6pNQ35eYoULzB2Sc24t3Xk1C2As9dS6xVXCxpoC/2f+SDOMJzCDi+3Cig+dU
SZcqHGNmKdp27ScsNmtgeGp4qKPB9EVBClSYHdWwuAlhj9bOuBC6zAEMfr4FnL1r
bH/K7K1HyHjBwrIZmfvbEOMF3CYdX3kFwUnv71sqfwW863DrJpW6o0Fyzi9zecJS
MHdj1mL3t5Yp3u0+z9+MVJpfgJfv3GDwoM+Cb4s2+kH/P101tUdZcAyohu8gcylq
eJ1mfgRbBSILwrzLr0egML0guHdXWp1LncSswqYm52zcUWuo2M+gz2/vD+6t16OV
Ax1GZQE4Vwwd+z765wfiQAv9OodQYhrdX0zblgdDSSUCrlI/rc8CE40qZQM2q+Bx
ZVzvFLQI15SgQMZ59IjZRcNcOsunqtnN6VqUrbOvqrdYBFHjd9VI5qTL8CtvEcJW
EBw5nsz2dPYXYjbZkQsxYGVxeEKiNyOt6XhFKAv2pFiiECi26XbnI1Pcq0BU+8iM
KTv41Ku2lGp+DVFtSxaBY2ge/hyYpFp5zTPelPSvDw8VEnAZn4BzFd4L5Qb5nNGh
MOsOg2nbU2CFZJg7515qTODfgdeCDJkAbDjG+3g9Tp9rMb4tNsZlj82OqoCHY4eE
iHgw96FAF1vR3BSk7w0rNgAbCEt08fBKaDqp4XOivsNk6ows/3E3DyCuZdpW0hWN
RZ+fdMWVgFaZa7hJAiiQxeX+b3ClbHBuEeRIPHns93uAA7Y9+Bicm+9lp5lMwefe
yEW2wH9V/d1vOPUnUIV6VSe64vB1kdbfexY8/C6z3owe6KyLJHiDnLK8sA/wHOrP
3pXMZ9ldHweG4pPeUmWFfQWgYDufiH2uRWSe9qLImGdL01yuKvt5bV8OznIGhhdn
wW8GGIwZtzpL9IfShYVk3RAAEfUVO1elB0C22fNaQZJZf0FAxByW3g/nkVxMW1nF
9IRkiMWWYXK8f73YVrxfCn/NpJKxfkm60r8UrJKapDbbqbQ/phLVPyEufA/12/Ql
qKKlcxvTUIyJwnmMCUAv5P57QpWCmpJVhRzKJGgmquf2bjq2UKdtnuMJNcD5kVlz
Xa+4oeSEFahhkDzoeJPCGrc8s/+OfObp69YMMLrlonrbaAOuiVyRL21tUpR4Nexu
YVEwHRAkwM0L7qL9dMngEv/p65OqsiXXMuhn0oW2QaWP7YOJYCvrIZCDEsMiwzfW
TgDArodbZ6Z+X4PLf9xLALXZEGanQwc3Z6nz40EnJAYN5FKodLjMGUyXAtYfkUTV
zF0e2RqVSRQ03/0Sz0nQEjgo07UhHIytprIX3JKqNENqzQFp7TON9RpTTgykmxTT
6Drz1yn/daFZubp3am80Hg704V9CWHGKiO3E/Pm09UcQSb6cPbTe08QVZd3O74ne
unrho139pO0UdBSiWAllRcAcBiH2Am4g4ILgXMX+E5JTTUWCxUbtMtK7QXX+YzYu
BdwnmvzNr4nLgM24Tcq5c+lDqT+fxMc8jyOO6IegdtABgGUqGdW/0jfDWID+v9Un
FTf82vMpYCwZmeCX7/N4BAdLHBa6tjWQdN0kAhZ8QWNXO6X5TGQStEtpW4zrSe3s
QWjJNN051ajQKX58QY95z/PntOWUrTmWC+pJJZhxFVWBAFOFlNKNse0WB6OFzbqZ
C1rN14gCb6twVR/F8nIJqICeOQHMBS9tFyl+FksXg5WwmrA4kflorihZ+I9AbhBL
PD5jdJJagZeLYP8XlW0AaaSHa2p5V/cdDumDz/rnkzpbiA9VN8/pLy2aWsvQE1qE
R3Fxb7N8bU+1c/FG+ekaiC+mzBfaOq7WimFqk7rKV0gfSeHXTQVolkNceeIowKDY
9YeodW61yVClzWyPfh4x/icE2xzD+0hjM/beUpfUOCWlehut9dwRmjujhwK7ZivL
rC4ex1D5KrT9npqcB+cO0wy1ghr4xjn9xpiBIFmo4NJ+76777Puu4khUBuV/zYav
fkupDpG7Ml9n0eX9x9oXQSLeEDagQXnqOVgxbOgCsJbssADsy9Q85mDqc4jJxc/Z
MunEcErg0lNIEOeu9wx/yiNu2ioPoVvIUf9qRzh1i6cZzpZOVkpsfC7KaunfyU9a
BlIuZaI5ZclbeuLxjC0O5tCCLzpltdLNBBXAQzQEDz0CNDExsXhvsmQ5oPWwbHbF
IrTTyWl0UYhiqfzKqcqjL56sd4cPz0AEbxHRbi4TGWjG41lFkgtTjle4wRK+EGWm
JtzZ8DwgU6szLrEc/R36Jc+vFNDI4+UE4tQxOioR7/yRlJeACjiWcliK3G20aM8h
s0Yt90pHZc7C0c3v3ls5g4i8l15DL/qK+4Q8PJNotFG9ScytPiMd2SRNcHK0RAHz
mgEe5+MJUKxRcTLM9kXYC5lcPnl9yjRoJYVB68kyaC5sxs1DqS2cTTN5h8LymUGx
pM1PUGdmKF+AV6ovcV5lYTqm4FivtYFfYIDfC7wSfgC9trWeFZuhNIjzmWXzYuTs
o80LVeeBRAfMgIbFS3fBQ9EiUs4IIuoVGoG64vg5HG4Fxpia1PHDdHJB8eT0CZ7i
XAQK/ml/DHino+SE3bNUIArL27v/e59Fc/USW5BeII6hrsmRhJgmzDf90Aw641nS
DKUdWYJVyMGAoS0hv8AGvxDDh93kSjAw1NUHieLCA2Ac6H8iv64napmdaeI4AOJx
DyRjzUT/MWJijxmfnUlkszqQOIwq2ClFHKAO31P5T3e6CyGIp8H1wM6IvYIiGu59
w1CXpHbhCxMS/BeZX8SFq9mIMdyCu7HUQFaxkbpRh0uMkMJ8p7ej72XGbNY0v/Ur
1WrQyRdOUFPympv4tOXFygDc0rjOR/Kwnlh0Kxk3ocm51mDUvWXpTrraSfQNIG0W
R1YUO+VCoD5D/F0MZ5cjPYBHF6EkKysfZ3sc1LkEarkW+iONWsOaJ2Ax77fz23ob
NaG9SYBkHV9e+xsmVTMt41RgtTsF8ptFxmJPJQ5ERDp0Lh//nPtmXYqtIrzIs2qK
2AuPwR8QjqHZ+wjeo/xkjBsyHnQiB+nxfH2oQhwp8umEs9Kjan3qa68fITchKZ6f
z6IzV9w4qn9EdLaM713n04ZizXpN6SKOYQfOsfDyv5uvSPKH/jeskupt3JBLpqLv
aEXzY2DNZApFdvRmbjd17t2DuyX1zh9bs8tP2IpMaV+6T2cH8AiNVUumoVzCFJSG
NFb0eWzhP+EFiLojHP8QfG7y8QX3YjbpGSfnapiXV3/nPg5xCaRZC6ryz1G/c1j0
7HDfOmMxdllF/hSAi+CbRmGAsp8WI7cYH2Q+lwGiSwOsOYU22t1ivqdRm6cNux/Y
BeUDqWOfYPdGn/UM1FGxKWvdqCeyrA3j5k1PTFO1AeKY/+QGRnASsnDC8UUP003M
VbiMD7Z0uB52J6tt/mpHcUXnZ2LkoLrAacFdi5wxbz/LnN5A++QP+rkh6TMg7puM
FgfXQCg43+hYhbrkvwmiBFAJz1B91j1LSL2G0HzszyGcKNL1s9YoBKjb0xx8wIfw
eEfuYuoQstu4Ea788+n7ozmNS7kFQ6hYtPhCmUPhjUuTrWtWV1F89Zf4JiFihrzF
WUFj51aAjou8wzB0kf6peInRy5xJ4rpwZIizM9eJruIvDD+HmMwU2UGcYjjpXN9E
yi50cJEQQZoP7JB7fw9Emjq/WGlODxRlezbmOHUfbqbbFVM/KP11iJ75OEQdKw1J
M4iTZWZ24e/aEqoGZ/R87dfG9ZKuu8o7i3QxOvn2cm57ywdG4NQV9Xj74FdVrLoM
U5nTKeimdkYc6BUhNDrWeoTzjfAWbGxBomgWoy2+mne6f4hVX08Kxv2YTG+yDeAn
iGxK0LiUW+F9GkqUlHPqAejMoIH6Z2zTyuTVJVc8ig3gUQLfCO2AJz9c0/pQILgH
npBgpq+4WdW0Yip+9lr3BP5KGU5mGHde1wxxmL3A7/p6tMaCOwOExhfIKIwUtE8c
1CXT+HUS9zjONA61tTVTPZkEY8KIMr6voINHuUCvbD62P4W9ZEbxWuSoucc+XHo+
Bqk5r4vFgR5G3emt7qGsFennb3siQu/aB+jENycjzN7RnlRCYiZvJAlqy3dLEeE9
S/M1IfCWSLijcJMHgMvm4akifigl+wCrNq+S15End4xTAet/Ur7rzh1VSfQHxRM9
OVP5rL3vLgbYnHNOnBWgM8FV4hDBzsfLy4CRvNUvYiJ0eyqv5Wsift+4sSj3nwLO
COoNx7+oqX1ICOo7yiClW/DhakIVI5Ydm2TsBchKh9dSg+W/Ez6C2ph2v33x4ZBP
ucurUokYNqz7U0VSSYEtB/lEzBCWAM21PXdMphtWAObQFtO5/8l6nDY3+QO+y0Au
81A5nhgzXIEoDwPafSjWJ5YUJf8tnftD/CiSH9KbmwQ1sTbvXAe49Jtdx28Jb+Rp
9E3QBexiFqpkkwAPi75CIb8yPVjauqBO8kJQcA0yookzBya/ouZC5uC1VmACNrYl
8BA35zxa+/f4kmffuvE0abmUCTGxwVwJOan6uvaVqVMIN5Hjlj2TZcNmdqZyCwMW
JIAAldAI5bTEYkUdctqD3CrV0eqQL+b/LvlOJZD58R+1iaNsQaUGpdsycW2aBfUc
XHiesdGlYCS/J2biGSDIrYYKho9ANkNRtMOXRAUR/dUaVikL8jMN2ka89RDyX4lN
gdQH9OmUQP1oQcKImACQcB00QLl62WLlnEKoP2P3VemkyMGRSditD6QPkfutnOlf
6D8LCYRTb4/p91wzIxdov3XvpbaX//koMOWHWaDgDsBPK/MmRwPp8ym+yE+tuz+S
JI3Nv8L5KkshFraFsEUpPcx41njBvQV0h7vP/hqwwnbFSJYPm380LK3Os4rD1g5G
LNyaBIaNTPrc4j78SknD0lI0KhA1JXSKX2Ul5TMmgOOyuP5wGBUJjAHpYqvTnZ7C
fUihEbg8mBx243NZP/XrHlOXtNzGv64BJdGNx8bmwW3guuo4fXG5aZ0AFzYlHMCi
UfFtEWAlB//GVpj4uxZ5B5nd8zNiQrMGL7B/xYGilhAhDYN/JLwgnNkFWP2Uo8dU
2MPzCBuglZLvzqXQWBRl2M8JX17iyXKfKie+592lWocB32ZSclBCrpc9cr1vzWfm
YJyC1GvHkAAY/b4XvRGrS4NmvDLgjzWNzkDCru5dEc9+oPvf+/rsyP7709Hsde0Q
qAP2IwEF/YHJDIgVwqEIWdWHRbkfasLiqsEyXHZ6BGNFBaywfQCaZ4Y4dVUzryDC
mtz4YgXwsvOHcaY8UvHLU4c3/+FwYM+0Xs1C5oYbk7D68KNeXxw1lui7WSBySa1f
IGcm3OM2tZfwauLzXHwSRLy5gtIZj/RH3gfVQZ06ys4S1kzIbJgo81K6ysgyDIQl
iHWzSxPnGUVz0GOJ2rHb1eYyPzPJlqqJkIgajvDh3Zdnb1HK+GkIJGgXhgQCaYdQ
1hwIJzHOX1R/usdFxyGA396uz7cSTejY7D9SN/taXdHUJp+TJi1vm20xMWwHvpkh
uyjbjVJTmyM589Oj7dyTSBGbRFdRl9y6ekkMCdDi7Z6jYyEi9pMvMGUnWO42mHTL
ehLtRFG0LX6vVF1HJocqMLvcs/yInAPWnfTtgBbe2O28/rfWpkFnVTEkmEobl1pP
mhWSue/ldrOM9TL8TYtLF8+zF4+v/E11vEfBlBiRLZSA8+D+uG3gGMDq20Lg4XOV
9cv4I4x2KSYKivv4MnwJd9ih9IodTr4sdgeLLEd3CTl5/fziP5jb9vfD+2c8NhzY
Qb7/0YPqtPZwgNrp5dB9n2qNm9y/cVhYf1C9pauNnLSdNIXBt5yXRu4kzNv/B56K
FtbDalYVdfLbhSEcW50DqpBFDKPzbtGdpCsOP/+ViQE1mtNNuTJYwQW4eBtIGfiT
37N/PvZyKn+9uoVDJaNG6iTeKj1WB/kNz+zdmuag3yxlkttcljDpchMFqRlCUKDj
+SPrKp+DqlGC0TpvO+3JiN567WDV9CvjdfttHJ5zpGPe31C4Muu0VYASuN3UrCXB
eQLee1ty7rk61M/RlgIizC8JAntPx4hfBb6ujZnyrujGRowG/TLsdQNODvj3Fw8r
i/huor6VwkJwC/FQxvjTNWcEL+MUu7cBv+O2Pd/gL70tyQP7eg0QENUcyUsZ5NXl
f/BJLERQWEsr1O8fRTbkWLHN6/nowUZ/0c3AqC/SNHTuMky0Lcy5+33Xhlktb1rz
6TRBojUl9yjD+DnbmpGY5fDKhQeOUV+ydFSRUCu/1X5P8mkU5+kja8KIWP9HTRDu
3QtuUN/MGQ0iok8Hwr/3U9spCp1E5KsxWfxU+M/l0KIqKWPcyW1bX8JUZMRMmL5s
qSiZIbkE7yuXFrZw+ubzDnoCZwNM37F685nJ08Wuk6giK6wl/q7tcKAv+mMmrq8+
2iKIrT/oWIA5iHkEGI56VrvqetNLoWo0HKlf8ZjsBd3Xc8SIYn2eWticKy8cH5n1
LyI11qNjphhUCz0b7wSLOA7d51cZ7yCPgWs9uB7bMlHzefIjTGVNVT8ktRm9/4VK
OqQugt+L5OOKRvZ6UpHXAz/Mkd0Y8lcM39nD/hlDfxA/oIoEM9Ze7NQS0sxD+PCG
Pylc9Z61hys8KH1onuv7tyIZ1a2CITXJzPl1cIi/cqbrUdBK6XVNla9exfSxVH2l
XJPUcB3UIvSl750KAXJXVT+Hh+63LCzhUZaVVwPR21tiYZI9exGKh3n2H+Mm+H8g
ODkrO6y+WnmhCwGFZLGUKJA8f2qq2HfJcL2RGV6C71ACc5PGQG5zbqUxmEXidQmj
cpykjsFcy7CsBWI/wmH5vX4A1TNl7FFE2Gutasn/JICUXE2yoeabr35F3SbFMnLa
A+x4+MPbsq8eR1RK3/X9eGooP0fkQbuQDklJ8B9md0TlyXVn4DTDSSsxNBK+HRBM
Q8GBkIVisBV5lAfEeqIDYN6rklhEwAEi4Ulc4Uv0IN24vMdaeX55wE5o7JjNFNcT
c7qoChUxRP65LsjoTOxM1lE6Ra7302PwaJZK3dsmLIE+7jaqdm3w689tw6sr9Mzc
hTK8nUWfkXWK0OiLplESVIUG4E14xARjYgQMltYlrA/wgFLoJkVBAEVMvVL6hRoL
JOKUTBDqwU9jvu7ZhgaseyOQ48+yY8yPET3CM2XCDIyoGAbc58qIC7vn1meuL4+F
otjxJW1xn2T6WoUtTUi6yCCRHHe+xcxlSvt1wr36M7i7IapqGlUdrRoKZsiPWHDP
liEPqlY7105hK+pMZg58OmFB1eRkSZlrZDzRZwCPErT7vGnZX3InSRtNuhjx7uTB
qN7yqv47r/xMPEPVshGj/KQpEu6+PtMZn8OmFlCqN69yPhc4OVtNwyQwWHBBZ43j
Gx8v2IHL60HGy0yhdcSz5NdNdsBwhs0Yqn72xxMKYY/Ax/kVO4GP8kW1lF2mmvPq
a93lxxKUnuKRY1Jwl1gPnJOmtLm4WjPqSXxgY0D9/vnDgfv/9PXjK4hNnDNvi+Ji
qwwAW7nLMF4uVkirCndrt1dhIDEaq/Wju+gvo+pCl1ggRZJyuQhCwm2swB5jTuGh
c7V8X0KEgunWe+QXzMMBddU0MAIoHddnA1d0KqNjIRfnIw0Eb93j9zYK5U3cDjF6
LKmD9of2rbA8mWc7DDSiN1ZglQQf+wwLzJ7yctHadK3dzNZdMiToQb41KtuKXdxM
sTHmhXcbeC5cPIWzbr5tQA6AtbusfwgUFek+jh1b69cw3Ibm8nCu2okSbJ6DEaX0
7/Q6D/wQCWV1HSQRpzCV1BESRzg823D/VPK1Cnx5qjlFupXyPHlh1jlBEongTwwl
7LrfK3UGH4zgvr0aqlaMgDpOofQ36DvMge8Rmho1dlMRHqSuIzRhJVYL2zlAWaz6
unVy00hr5FlR+5FCynUNxu9XjofqNp4032Ihd+0IiOqORfObfPhFMLDFQgWCXnO3
W3LZR8epSit76AEYaw+6+FmrDPVmQGab0JgEOLctPNyYPm5XoVLM3/675GyKz/3E
dx0HTSm6BLyrY4h4FMVaI/nCu+MkizmdZx8jDd4nSHya3NdNOjphJv5nW//WlEPO
6BOTjzVrI6YvHJuqkC3FssUY+VWZRC/+0iYlDYnaBWU=

B.3.19. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9970 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6366 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 2082 bytes
   └┬╴multipart/mixed 1977 bytes
    ├┬╴multipart/alternative 1144 bytes
    │├─╴text/plain 381 bytes
    │└─╴text/html 479 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
References:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>

MIIcvAYJKoZIhvcNAQcDoIIcrTCCHKkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADCscHA3WYayfDB0SnAjLLRn3cTsjsbLknQh
iSnryqFniP70VlHS0exfVjnkyz5YxHRCrqLuXfV7EB4GRaieVzIkQTUEnhfBB+oM
jXJzEZWi3Q/O3b/5AMsV8vks+gCf3eND5y/dxgFuzgTrYbE+M3XsfkiI4f9MaK9G
96uzaT0E1PLOCwQYUuWtPCffle484roJwg4++H+jWYpGvWhM1fGUu7dbNX779ErA
pAMmOS4cywx9W20uczJ2Vzaa7OAEbgXrSinji47uAMFNVb/g2toeXlm4bITvdjd1
JhBqQoxgIGdVLfmxG9aZzKIWWF9D62cEdnyCu/t7A2knMCPkAqUwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAedVmzC4JhhBlJEdXJ0NgpV+6
StlCpr1ktO3ukPWbOBwWuUoMKcyt8aCN+XHtdVUFNqSAqJPHtcTGjq9JC4qUn8TY
tiH5BLyu5JDU1d1f9FvnFgbHpdbiiFKF3d2F8YRYEa6IrU//1qJdWisnlZBoYBKe
t07G6mMgL/4cGfyMGGbWxIBLZDImhxr/JvPS93jGRJChTPDnNbYKtL4t0rMquM8e
pE4ya8MpWXZwXZh3qGz4pcBrGPY7oEkho9pzOMmoHU/sD3CpmXyGewWHTOqZBqHQ
wwZkg8DeJseAai2r5yUxlf1M4cZ9LTcgUQNFOu+vOLjEL5eiG1zgmNhx8axcvDCC
GY4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDd1zb1BMvVv1ZjclFL6tSSAghlg
XtLH7SSnyPyftXAjx/P8qkLeTa7PvaM2TOhUL9fQsc6oNeqG4tLomIbN32XajG2N
kxPAX9J8ywwHaFjs+OIXgBGKdyYDmdjRAnfI91lo52ywxkldXkiYJV5mfpKkIAp5
NBwYkfgyLSf3Qed0+6FGdLBXwBrNdv9yn4zn90qwkGRRzG8MQOlMXVGJnqzqClZ9
CkHSPpeKS5vUH0WGlJOtRoEjadmLXG9dJyYHdFm2v/Y65mvOhmCnIfzieGydzTxS
kBXRFttXEsPoxOjR6jX271KbVu1O5hAr3xxrO8qtrFUZ6ug9VvqMfwpTupsYiVV/
NSqB1KBHxpocubCF+84BUBlN6nE1qZFdc23gVaDcqDd59QETfiCj6cvkuI2vrZYm
6RSK3s4mt50glry85o7TqAKqZXuGqRgEHMx1mBlXQcVzoiXai4NR0AwKTVrm0J5h
tSqs6zbd8asTjJo9+CcykzxVcx29O0z0mRDb1z1dAFlTFAQsvmY/TfKj0kiAl9MC
Tc6To0SUagvUV4G/2Sghh0zdDihTK55dSG9jygVOjVsnRtg36A4bYef7lA4jNUbk
dz8AsP6JVgHwysQs0n8JVkNMEs1i1hR0Z/05BE3PqMHhKSzlKh55zb6MoBJquyqr
7RF3w1mXb+tsM6yUR9WimlOgIon/GTxR0LHKkYeLX2wDhQCr2PBcIbAGIP+W20Bb
qjvjPxcjfOAQzfxsTYGUr/mTcaLZYvVN9L3wg2u60pqZ+67KszKn3U3Efib/+6aT
8QV1weqEfjZRyc8o+S3g6JES/zPhCxykoo5DmxltrvTOhK4+0V7U5SrUbC+S/oie
hQZd+pk3AVS6x0ojtAQWoBWKDZvPSQ3VXPVN1wCnt3muq/xV540MqKtZ2XRkuCwy
Cez3s4AyhdX1Ko/8lsJ8isSWsqG51iT0DRGjooFMFMz4NXmNZXE5ink2Ba6w80XS
CPmVQ3SKnuKaUGmknH5mAQfUrzCZrSqwppTuWNZ9xTTrz//kSiBSv7aAz5GVcm+5
fzLWdMoMoWWn8lnhEU0jX8vmZ17I5onAO1UjLNBTyomiZqz7PD/iIvEPm1XqgZpe
mJBYmIZI9cSB1lQFlI4R5GBhBTBT3fyPAT6iNkVmgWgL4KGOK32tz9XAJ+UJP4z/
pAqPyMKXcKsIq19YLJzFgi8ACRtuAC5tQI61vkd3N96oHZxJ2T7QQ+n3skFXXcud
v3buX1+N8M40VBFybsx3dAxUPuAtkb/tiYcXHL+9ivc+ncXZWm1j53tPMiodDEvR
zBb2s02cCX0+k3mdrCgLMvw1xN/874+CJ8C98XDijhclLL+/vfe6VfH9iJhoW/Hu
5SLt+bTcr1bcmbgBkFwUO75vp/9YIwFW1MQDa99PiwVYzM7GDkWtFZRGS8RUXaHh
BoCi9O8wzibGTjskFvu42xccfqpOjYrFLktMp31G9JMyZvaIHxcY1dJLIrB7m4fp
Mx5/mxfxmbjwJziG3Y0uTOupzJtzb94GogLA4VyG3D4EzQyUWLMsvwSrJXSWuMHY
ZTgb7qqjb7DVK9YVpmmqAb2JhVJbPRSlUc9yOSSr23KqrJ9Z+z8/8BJWEc//kMZ2
91NnMsZ9X9rPAuuQOjylvqBR3Gy6Wm+dRnqyPp1/NWnYJTKrbdM61VzuMlNFtxKn
d6eZqj94N0BQxvTn++F229TILgz404kJSvKGZc4af6aE18v4VMe95pYdiD8vle5E
mLbAo/5jMu6EnlVz//U+0AiCa1oZlBUNXweK6PNHSAUKF7RY1d3eMBqVDaIiYJJf
dKkMtK2bGUsrTMbWhA2l0p8q0Iz7LNpCjXBYzDevLdWzn4vZq4obaja3x/YOe8jT
iqxC4CZ6drM4eHKRjgHjTqnxKXZF3/++w3JpdNnUYe19nCQTCid3DLQKYtrmuoSJ
SsJJKFqkEC/lnI4Hopo4MQG1KDgaHBps06IVvAm9TFzd4IErtQSjgRYZkp4i+SfU
TLYzVQP/Up96jphXuQGmv9veks7oNiFATyGzsUB/iCW7ysoNpcHN7vrXv4+3KyDZ
1d82+dqbYTk7HiFgAt9UtKoNRazBLF2E5xcax8TjEHsLNAN9nX4hwIjgyJMqgXcR
9H+v3WHYsgyCHHGxE15b9/PLwuBDiYAKOQHCjHqujotRSpWqmiFP7D/QQUCGvsEg
RhtyC8KjJNtFmd/4PVGbct1mTEyMuk1Phxg/+uj+iEr8cHmdKvL6aT0VQ4dp11E2
jCzdqos0uW0ssSBJHfWDG9Y3NtZz+AeToty53LZGT1gYWHIWSjIMHoQSFcp/9UEp
rzoT8YxaNUjXs3IKzvfwDdtdVm2hmukVZaRcp0qMNAlZNnbznq0u7Pw8jeBSc36g
HhsPJUgWLzlW5xr/BpduJwrmxFz100MXZKV9FFJXVXM0UMJ2P2FrZRqnaPAifmS6
l2GBGfBcgTv0b3cAussB+lEjaeZuqQMwThMuKotaWY5UKqhvSKJIp07NOBS5kQQ6
8SoXh5ekYcesMwVTzx4btEEJw0VgKFli4S+eFAtOy9tcBv4A9aIzdYZ8blIMAg4p
5+uVv++0G7OuS2FB1x7ANX1gsXG2HJ+IbwfUTmpn7XsI8e/dNe9P+F2h28390So2
Yp8YdobE4Kw/G2E9VQ9mvRK3BLs4nTcyYouHzcz41GoVQkB7MQrW4iiVY14BBCSW
TLVklqRXNQsw5yN67YRGmmFPGnIvsOzswlGOwzBu15sHXTFCN7p1jEkI2udfdoWe
j1Z/RgMOvLOV5H1Han0Kxsqx8IPcw7szf4Ccd1JGKHEVPkD0Vviga9oD6dC/vftu
nxM7l8ResIQuLIxTpgL6p1ZUxbGhsShurTdHb9fuPDaSv4SBeYXV+mWyNSA1ydv4
6sjVDSUCPiTm/fmq6XFHQwi8DC839RkrEls/YpHKJ2xuhSr+FvqMkh8UVuFyxMiv
OXnbBkHLAd9jnRjy6TgSU8EafYg7pAmqcBcyVmrz1WYATaIodA84xeCctSpT34Du
+z6lsLddbwkgK/SyFKLjrSPNmoeJjHtRe+LL0yO9ZbbR6YunaGnKIEWS1CSBVVNR
fV8Fb6XAMHPbH/xVSBqy+slqT4IbcLlBAytHkgNzCYgUKx8RQLFUbiEcrN0TMbBt
OKQUvQHoJXY8pbwHRgPCgUyNQwLEYdVuJBnWt4bUOg6hcsLfM0tfhvxSMgWF4phh
ZOwP9rq/8LRik9zw59PF6rIxFuZ3WtXfRcLMGDq/hLJ/VNN7eCqQyTO/DIzPM2cO
EBOP04JVcYqcTy9FuaiJNE45+lBotjA1HdDwTPWyWFv8foLSwwgG8clN7Z6LiOT3
PoBIBvNhT2McZ/GhOMXMr12T7I3zHtpvh3XecfmOlGsNijZU3yxcygRkisHDbNTn
fAYo1U1TdgtTvqy/XuWFOdK/+/t7sT4owjrLHYXeeZgTszYqL0gZdTJh7vhZ7nnN
p70NLf0bi+eIUbCHhy6rTawucjnxOoc0SI7q64GU2dHSlNYb/7wNSAm2DjcobNrq
iIVyWNd9g6a8JQOMBfBQtrbGGwfDfcCiFW63V+2KGWS+Wghq5mB+aXWocUoRgv02
yrQNuRUwSZbjTDgNsSE+5aCLCVIppoKwGU+LY5oNXfE7NTERx7zKfgv1G2y9df5p
2rSimOUEgLFJO7r74BzcTysTOpqF1PsRYZgxiwGHFgyKqP8YlvZLeMkdDYwUtu9v
Rlfru/e137/rlvlEKPfGoKPVTwsM0S6Ur95AZSr9O/chy1xSp2wLaoaTY20crx3H
G7DDYH+Ldx6fWw1T6oJzNYq3Y5Oxfir22F3QVwsXs1WhrQhjHs5qgG1ucSJ8kh4V
nCW8kkdrvAs7H5wuTmxR9hatO73vnpBNWOoAmWO2kLLuVs8y/2KLPPjpRP/u8ol4
o7rHFsestbznvbcPaoAtKFsEyUbMJewR3ApTuR2pubpZ95cdJqtc1ZHYyPl83W+5
zbyNqwmmcDQXvTocOqYh1TpxS0UjXwHgSCxjKbq1kiR9YqCiMR8ZlTm0oCm0LV09
xm/sArkY7g5NDZdLIpjTxlBtwSWe9KDuTHWv+58CDPeXyDz/429g9A6TzJ9mqS+S
WtmU9uh1pxs7yqlYAWSDUPY+uCAO2DFett6tO6RqUbmXEYail3Z4wc8qdzgkf5+R
TGlnB9lDIN81rUmhGGGpWuhHKQ7YC+n3hijDWNyUbbhSYQGXZgzOz/p5eO8GAvZP
wbf76FgkjFBKykXx15lPQn6WJHRlS1KjjgJepf2jf5zBt35mSW82ngOrv0R1Ey5o
WafAkxvdx3Ouoax5IAdb7/gl5Po6fvsFQ71GFTY2/skYJMIltZa32M/4qPkdIIa0
urUs7R42M/46LASI4+e08inNtun0we42AWlqYDwuFPfxE3ZIZVzkc7+26Lj0oGGK
QrViXejF2czzJowh9FQDHMZ9DQZOrksGev147v+vfnRULMWkCGEUEbuunDFJiO2J
cL2wtqrf4H67YJ5lwkn95OLoCqHu34eXz24jMjVyVDBMJS9wH/jIfk+7Yn8Llbab
Fv7AMxx+iOePwwF2ZNTIXLvwRqgtN7FpbOtCkoQZkDILEjLS22bCOzGt6eCwOv+I
KoP9nl6KjEutLUmU133RWyW8BcyImgDUzaVo8CsjarznJLFizNYS/lwWSIzj0Eyb
ZnlZ+f7AAqwM+hE96lOhALUhReVYQfyxwAMxN1Ik1cmuFsuG2gFgRr0CaYCQOYff
RyphlYLKlxMyuEM9b4UCZlCIfFXwDnjx1ukJjVXuujVWE01DVsA4pSzIupCiq9Y6
pA2ywyaD2nS8vLvrydpG3elvkXaSp8wTJzJgOxJ7McPtZWNnaRt7Vb203hn318R7
Qe5NiZwmBFtSdSCIeEvmZ4l2ewKSc6wDaJJyvK6C6/0ism2cyU6n2bmESxt0oD4L
gYSfQa6yhoks9O0Q+vmALnw3ocupHg4CkI6+9Y3eLsx8U2NqAYVnWSuFxQ/E/tuc
7fAcsJouG/u38MSE4eB+4Yrfn4Nh7trE87HrwtOZPn8fWosPY1g0Qn1k6vg4IxY7
d0iFtCJmjnsxa339pl28C1EmOi0Z0wcwHJKrMh9Axzk/pQtYP2Vl/ggMh+lBE+It
PV/Et9pjlzsPBNvKOu2C0t1jQMo5TsEGX/fg1IVYNcobDxls1tWWu7xWkREUOQmu
Oz4jWzU61G4Oo8VOeYquV68onBYIWCxsiZMTdwpPkxK3rtc+LIdFByDac7QPWJ1F
NXNsr/9pF3viYyD3wcmKng4X5gtC/adM3OJUkAacrH4nPEjtCSPKLceeJFVlZchq
yeZsZJBE6X2CvIcUIIRGrSIaFHOPvzwlk8jgN/2FDKNvFhVxtB0KNasckImhZGUY
TF2oWkq1IVQQeZzCZezX5yqaq9G7RmiegBL8k6/CJaQs1VJ2t+gc17Wb3JR3uatx
ukfZE//8iOWuFvJXDiKgkLryJev4v6e39nmF/myEKjmM1YLG3WnE2lrCKkwkZVq6
HJqJ7sflZ+zzeBPQTFsaccuOPxF8wpXFzNNTNA/a2W+gjbSXZQTJkIVujtaE9wNz
/TnybvsgGsTi0tGMAJXfCJL+yTp/EnRDM0F9Gdt98p1c5Jay9N6tNyMitxCo2QQZ
vjp0SBc8y0QUef09TUDnwQCb9M/aw3J2f4HtzLjdyPFRKAVLBvwEp2J+IZ9hpBPS
03yftnWko5nBKAzK2NVlsWjiq/A6Pgev4XOi8HRsJvZzVDuDLioeStB52XguORr7
qVbMYwUg+BcSwPLrVH3wLoRq2UV7cXvB6WomYNh3/Iv1DLdrVhhVd++P8jznG22W
F8l7vfIuSOgzzM9PYWyLDfYEh9XiKiJAWpDr4QKx/K41rRIc/+UNNhnbLR4QK/Zb
Y6JIyh6H8ZWq8es8aaWKYE9PhL06gMGZyf7gw0jHZLo/5GyI+tAhPMIDdeT/aHRs
klisHJ67A8WsNrHWXft7jNTKnVm310XIR9tAv5TTWYXntA0ZO87f0YEwrywYKNHf
w5icQ1Up0wWRjNATgW4887N2yKqPdLNgxHaMdYxn0eKKvbhkJNadA4A+vGKcnVYm
I5ZdUp+AHaVArDf4oH8xmrP8o9Ty9e7boxLZGzBHTif3UzuAvD5B5rZNnJVSZ56W
VXoz6LxuD/NMGElVUptqxCr6miaxeHC4Lc2CV+5FxGKTy0Jpi6098crFfngKr7Tv
WEgWHbsjb3JdKT3rarCoxxxC0ccqI5hlJJ55UvCn1rZAVxBla4z4eG/UlIfmy3iR
76kNbWNqrG1T5rr7OwtxqhxBSrTRXC0AW6j1HM9YkvVcqoKgS/Mj7+hDVUdq1BtW
/DEyeBgAeQTekmMj1N0eclRqMmP2VhPjgKvXdsHvi5HRVI/sLELkBXfnZIIyiVR8
4EM9sJyJWrB7zrK/ZSjR8eY/xYi36iS24GKufZKkIg+q7+P4lSBN9xGp998DzT6g
/31E9y/7n1Zb8sQZtN6wa2KV0Aov1t9YWPkQ1xdouaTp4MCJwPpPbD/vXrgXwcdM
fX05EGSuyqyyU7CDEG88P/xyBikToGRygfNKjagD4Yw9PW/1KswtjaFFIqtIPh3B
IeILYznxYvIp+FKAyFESPJioM9cI2/ge5u/SyVNK3PZ5rfkZmX5EjNdbDUGmQBCA
XjYgyEEjAfVptQ/rqdnkedOXnkdmsk7I6xX3QkM9jnhcNgzGWXsFwa9smwXubWfL
eW89gdes3PFXps5gn+VZNr3POJnvcd74q8cVuGDvCat8B1AdEeTDsX7BtEvMd/9+
EfqJ+pQIhbvU6NIy6+9suDFhzJIpncPMZ1oLAC+bdqjmRM5eg/7okLMlFXDZtqzs
zAX94ijUP+6IwzISHWlmoMc1vZ4zA6Z3HfFtdY+uAA5rRutmqtejv5FsKWENpq4D
fW2IFljoOOBkq7AAKds13kFR3UmG5Cw016+EQ1mUPYIpaZyD9SPxlXZ7djtRE8OV
aOdilENelpwX3WGUY6rQo57iKWa+7hMw/rkdFxC5Op6wyGyazUKSk0QDlS/7MR9q
R3kKRrdSaVq7X6pRXsJJQsGQd2zjFXBM09i+ClRgjBWWP+8eSdhBk0xEoVyiHuM3
3ieTp/uPStDzz1UJZVYrd2rtF/VHVA+M17mrIkgA2eofShiezCw3JhIV2GN0cnI4
kfNo4wKuH0lsJVu+CYWw1gEaoH+nB2//H9R+fxZ/Luh/fakxB1KfIFe96YIVfc9m
AW6XsEVfnQqhTWuCU4evFM7m0pjZS3MH4eL+usAB47MpFZqCPFJTMA12KxxOaAuk
AaHg7cmiCtpQGMdlY+YUNBac4d47szdRhvDnGRyJpGwCYiJRQp3DZKvtwoodJKW3
YW3K/MTdnDRPwuGhVKb2AwcPwSC7kw0azROvVY0nTH0tRkOkNBWhtXhHYORaxSZR
0hUAe6X28GGPaObt3cvduQJDW/eEbG6z5x1bvCvim9qhj8ahoWm2eLoSgmeJLa9X
p6L5JFGTLVaC9L0nIJraVcr70RGEN7DhubGufRQe2AViaJ7DNRUuNmbIOVumP1Q3
gnta0wo8bhUTEpZDLRJQWfbZxtwi2hXgzEqMNZS52yFAexyRvqZN+0rVVAAKbV6/
aJ/nwEK3jIApSCvgUOu+BzHGp6Xq3xcCcA9gRWWYbxuXWmgPgcRNiFU1Mg/HrEiy
y8YWqwF4FwzmZ9sJGQVHkJSzIbxa89JGX7QpjhPov70b4wD/JU8vBgXDHDHkR1vK
aEqRdFbcv2G5i4hTl7y5pxXYvJaLM7BnGDBvo3bbQhHYtBqlC2VkHexvUpmLRVR2
nTcexYO0MssxeYPvSaLQCWO2NZ+0LwFKx/0wXA3zcUsQnRQmghHsjessCCsBXEng
wpJcU2qCG1G1Nkz3dnAeTyzNI/h8hpauW07yZA4tas5l7z6j5vSSwMD4m1XHKBPc
MHQxE+GaHiMZe2FxtA5GQgkggstNxn3W8UcCNqSDkPKUNmHzPKlKL7MvM6g5Hidz
HGKj7NY/LzSQftcu5h31i2YfA1ImptcUVZVhOf8T/halWo9Gp3F9+6TUvhvP9dVP
T33eCEPxBkz3RwUZSEmZXRuJbh3SSiFtFwn5RA9p8XZai/wurfOZsp55ma7r0M3C
2fomu+tcQ4BZJzMRRWvzHd084jIrY6gHcWK7PpelEgWDFSIcU/istOXimAxATUBY
k8RXxpbTVu7csDQBFsKEbdqsCy9QKwjOGObJYThkAvTfVFDutEiT6VlTN9kVIpQE
L8qjyRLqEAnBssW7z4JE+qINP/BDb1TM7lK1lSH86e4U8I/DzEA5OAx8ujATeVmN
Fqz/blzI5ggbe6R0pFtRD4sGPn0azCNyM1ks47czVaSjI3cEN+yU7GBXfAWriRcb
2sQs7tzqmILnTXfytItquZTBPvsOIIM4TGIzzQ3yLdIp01nzzBZ7zWeYNZFbesTw
/r/tl+q/aU4an5q3sgw1mN7ZEjp2+bc62mRJ/cC90mVJvXpPfG/wuzWdOBi680Na
DUGS2zNJPDLnLwQZKaN8HcB6FiXhMNrVIF4bgPoPoiRoAiU/psIaa26CKdso51Jp
y9DdzQLMM/7PZT1w9uRk6lWBHGnUJXqGJMoZpJVblhFAKUZwUa6MREZMBqNbYszH
e/YMYKXibjeYXgEA8ln+Pw==

B.3.20. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9925 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6342 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2009 bytes
   ├┬╴multipart/alternative 1148 bytes
   │├─╴text/plain 393 bytes
   │└─╴text/html 488 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal@lhp.example>

MIIcnAYJKoZIhvcNAQcDoIIcjTCCHIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADE6mU323yt3WjthHoiqYZZ7xRs0RSluUkr5
I1v1OlSNq5YQ95dD5vNuhMvjt/EtfgCJ7AO3aJNaldxCo/jIwbq5I6odTQZ7aEWN
BkZ1KMHtu+gDoczq+jPyGvpYXl4x4yUtSwbp0I8nm2VMoYvNY9nBaqaXuraOLnGE
VeqcJ0lh+hkyb0rcx9cxLk92xMk71/HQK4lYD2uMSnec26UemFmvSbijnBoJqqhi
wDG/iUN6/7yO5UYnku7+66Ub9Jj4pdtjMXAyF7LvVBNcQ4L+aXMFJQQTJ0K6Rfh7
bgogVv/ijZtSRmB6jKJZ0wHruSgKIGFi3GdUhFxf7URV+Xc6/QUwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAc8xsqG6RvJzmyeWC4l7tECW7
cLRsPjr0ZP+NZ9j5BjhHOOA8KUh8deF6zC99DixeMVHxTWgYETK/yAKR6VASWglZ
jT/PXeV3uwjFKFj+VfMzJ7OZmToXAJN5d1PzYeWeLjN7qRxo0/DvyjmvNcfwXI1/
uwiTkdmokX8dyMk93E5Y1wwQ3fKQMiRIt4gngU8r4+qMZzpy7oPWQ72EukdIySkv
wga+KasO7PeTLj8KS/dQ7DxQ7BLMjVF+1zbQ1vTujOPQmQ13u7+sNe7YbsIpMEmN
R9CHHVfml2QdRm7KQhKJ0TMC2YeW/alCrLGnJ9eK9QzlBfcUtJn9hWVsivj9fTCC
GW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBQNnirHKPkL4TpSNOfBt7iAghlA
yX9nf2uy06ybPSZFJaD/uxbWjJNQfItZY7VyFAQBImHBg6MOT21WdzkvQA2njMSF
xQx2zKxBaPtnRUKQCYyHaEygqrCT/cUcJx6nVSoEntZQcTTrgSiDL6TxHgSyp8O9
d+VfULsu82GGbdylE6wesW6wZxJUCuD1DJnfonJZUf/Zl2Lvif0ol2csXjaYpbTc
13GtrcWDVDg+uqb57moD6y1inulseA1viro9dBUT9mki6073hZAO99/kbDfgSdTU
KJ9qIZ19sjifNaoDN5noumSWzUiUSjIT03RE/iATAyjnrhW9Mwzbe4PtxzfHJujE
m5hgiQHyk1h5wv1Qi2vJ16joL8nSmU1871i92+x8S6dFBhpo9l8+mFSvWPCO+ZaS
4TPoqFfY27sAjL+s0h0mHE+AzkQ2aSK23uowh1vTyFxY4VANikyVIJWNW3ULA5Uv
iNirhafgxPwS5p4xiymX2ymqM/t7V9//sePvuVDzQolEzO260iOlsFqTd0tun4Aj
P3j0FrvkXv9BDEbq/alL1qkH7+9CyQtoRb0/hjCe+ZClWU9T6b4Z7bvsOsibnwPB
koEXLPuPMzxQMe1Q4P5jOdcTukoDJMX5nVjhHbQwZ6P+SSaKRntO+uJcGnUCeyG/
MM3PHMzQOP3QcZUgpZxG1wxNQHmDlG8OnLS+VNWU5HQlaKg9xkgZi/ru7a0uPRLq
GWI6EYurZRSBOfjdqi/dAwsYSAmekybCdBYPMDhNK3MnI2alBh6YQ2ML2KHDfLXm
9sHgMA/0CTP1AbVgp49G4QhjfPK5XMEKqTqoBXILeGxwMABWV/QntYrdcj4oShx9
wHz/47YxRSALjvS2ZBATEavEzkIVSm0Mhvjv8mSPjkDoth/UvMIeiIKavyqpZPJC
b6NVrnkYhiINruDUheOU/N4pPr6yF7Q+DdoJfmgRmIry4G8vj5j/36GDqs21hllK
rtNsC6A8hqBK1XvLobN+WSmVjolH9xjHbJ/TtAlb6DGPr4n5lsPx3vHU8pSc6vR6
Bz9OT7wm8UYvRdyRUWbl6jQW0FhO2jgsnKEXMuu+5JUR1J2els32hfPjBrr7B4px
MYnh3O7OXTjyx/ES8tsOdukPqbFfBlLYbdvTNVjyvkJA1aek4+3o/XeC6Iuzuook
EECWH+JSArJpgH7n75dnpmQTGRu/ZnhqhCHrXUnIsKIIXpThI0WOuzXCrufxz+2Z
NtAjJhfrJCxK0+miSLeZv2bsxN8Fb5YKNNYpzTqH+6nFHqbZg1spkQMvDFuo3jP7
LYrcE0I/WwbcQE/xIC3QgtimfkPodf74l+2ZsNarHX2SB9ys3DoQZ1e0ryX7HeL4
WImseW9kY/89f4Hbya3Q1MoASes8pZcoxcGaQM0lDXVYwRszcpgD8OxMA5BY7z7T
r38uATXNDwecqCb649/MYQMCvRX1OyUQvApPVY1hf9N7LKlawCJPMLPWEuHPEs3z
cp9K+zVWmne3o7uZ/Rxo/YwQoLt5lBT991YtjZ8b2AWRAuzfLu8C+sugpE3WDBlk
SdYxzACoUonQRa0QAPx4O9P7s/HKprk1JpzmciaNVV7qL0YVm1S3RPp9wI0HidgC
CSKcHq33Qq23do2+mKU1eZ6QQIm8ZLwgGuAnqSz1wo/SGSGF7FuCURzVjSabITsa
vYlb2Sey0OodZyFyjoc8suyDbv3qUDRusFck1yAbAJithEuzwh9slgVhP+QCLOGp
ga4rgZgb/mVIUqfBuqzv20+IKfeE7Aj0ETpokFjW43Vaf688NhdPqtYVYle7aHpm
VZWx5dRr1Cp/sV/82MuTgpI6fdxi6oOOoITeOB/xOYVaYROSPxG2g8d+gxI5fMUP
isKIGVPdgfH/oyJ330J+rO8eH5bdwQ4ZLJx8VNNZ5DQeJ1deeG3g/KLDKDXaUi3c
wmIRLwZ9ORAsirq3GQuVqgV0h5WRpxE9trhtLBUuuNyxC1lMcvwZPQUfWqNLImQ3
z/5kNguw/qmuzVcd0Zu66X/PiOyhIJINvlbrGtGQm5PVlZc80XAtxz/UjwZaf6yv
+tukIzP8XHo1NSYi0I8qyro/DY3CUSdZZm0e0AbTSbX6GwDLvo4jqg2ZjJMI/aqa
w+lbBrVSVvS8LsUGviRYCIjQTq4q7rGBS5DDcdO9YGjdLn8swV+kZQ+Q6HORy3FI
CNq/9f9GLn8On1bKFLDmRR3eA0dCP/FcMa+20/tfhweawpFcw4RQEVt5qWxSTwRu
1lBghRZ1VMyvz/c8Jtk1bTavZcF96jliuqRnU3svEV60fiiTkvMemb5kReBnH1m0
F2rgLSsgdPzLZX7jNnvZlojlciEOVfqZU6ieS+yEfEDG5DKEZZ9bMUYVUUyM/PbI
uVTl4NuNHc0VkNz5D68iICSXZFEugGH12xb812GRpU73qve+Vwe1CapVxrXCnOP0
MEYCu/ENIBTy/LTrfOE+kJPhWj56LZq2eJ7wTHwd/fx1Rjsvth/1qMLpWBbWWdPd
IKcskR1SLU3VgYOoE4Ph1gaQpd4IjGFFfBbgypjmBUA7DlaQlBzwbHCpetKTWDcc
3CeCEn7AuFzFIL5PdFRbWZzR+Yoqlz+Z15cznBEwyU37fwNWIpUrFPbRp7j3fh5e
j44Zz4yHkCB4iIvszmOO+PGIVvQW2PIZB9JPsyQ7mzONb9S3qxD9VHs3+UCmTD91
IpJWdQBCcosDWgIGSsl+Xi8ty4rp/Q9ec5v4u3fOxqUX2s65N5eRwup2pfNwexyc
H6qsqFVkP9Y/bth6PdrO8qYDxYAP5iwKvQqh7/5vaHdJGOdnm1zJuiajmYTXKjMu
hOEssRlZdT2d/ivnZnSQyCKkKxSIUIIyWb+UrDoIe+GSUWtplaoVG8mTc3NfxBa2
wPyJ6lpIEkNQABO8OJPfj1QXvqBnr6fln365yIKoG9G8va0MDgjGFYHk8ZFfxO8t
MgpPS+W5jlL56+i1qb8V3dixzZxTD8prgd/xBU+fn5559La9faudpl+U9TwJZJBm
Q/WH4V8Ql2sd0qATT6XUccYu0CX524eGUh7bHELejrjO5EW2W9N9hBiNy1InsPbP
UsCBCUujCF+VEe4oN1UuMqqbDOkVgd4d2AcPuhjfYpg7BJSwdxaTBtkJHXYTpvmG
7XhlPj9YCZio+mU9wmHwD8Fv3S/V01tBYrboQtFu9Z+q4hJ0sY+ZE5qtmOpb07lM
TFq26vAwGAOFFtx3xvf9feM8yLL09PigGmKg15RwlVovasdEPajMy74UwhnMMaQl
P8XQldV0YUIaGT1uvoMGs98gXJogJ+1WObrglKhFVsPl0wGyPEHfhnZ4HX+4IMvd
wiolUltWUtdMY2rsgsz6Hp6Gc7+Dke3OzvVaL25RCwyHX1D9Nm1ohY/8dSTcr3/9
DtvBTypw9GZofsmErjJuig4UCUZe3llsLXzqxuaWlYd9qOUJaXugCNtmkctc8Xsa
dXMfxAZc2igIMDDT0pVCufCm7DoA5zsnocDXWXTTf4Dza9Dk/EqyK4brFecXq/sE
Fq5csMWmyHysJAjEswhBxPKz2oIvVhRSOLpPIdlvrg17i4UasneOxMptLRWMLC0K
D6x6o9R74e5QydItuawdeQ7VaHcPdOcmJfKqW3RgOo4qyPUxUnnYYMmMTcH9p8/d
FKJhhr11ECw6hp7g8IwFsYV04pqv0lgAN5wfwu1C/VRf2n9zA1m+lCfRCldfvbtk
W7N0qD61af13Mt5HdcuTCUNNg7chnDPAMQ5PIl/x1slZtigWaAigxIGmVn9eAW2e
YLv/ckPed6ovZlEnqw5qb3b+JBf80hVLjekgzYI5OE1kAiEs8fDhH9UIOGN2rv3o
V7gn1Aux9h8mBJKvr4KvWu2fouP1cQXJ1X77Thdj3asxyd4q7UrnAhzLNWGXYS+h
0jwLb496fameKx7qovgnCEPp2TUbJunP9kk/aZloVgunNe+W6c74lw3X7a0a73oq
LTdPZ/fNkWdpj6tEw2ufJ5Ez5TZ1RtNCdh9H+uk+tbiki61qmCSjwZ6wgZF0P9QA
VkO6aMCl+8oXIsTbP8R5YRq8YTr+Tkft3WmUGRY9ssBweUJWJZCt4nMWMzzZ3M1E
YOOhhZnreEVxo3Hn1RAF3VUGHrkrR2k47jF6lFI6GMvMZBqYW7vGeSOjZW/gfOoZ
QGn2AFBLAMH8oCJoVBT6N2MMyIQxKBQrk2nQ09a4DbZeLn3IBJgiTYsv6w/Wrr0H
qTGflN1O8OHaCcBGqRE7lx8OwKkltPOkYcQBITV6Ha+c0wT4xV4FY6SB+Q7wRh0z
5t2FuqHaoIjvLnGPip/93GEnpFiS3qDoROFiN3xDkOM60CENAd1Bh+h4ajDm7eTa
b8wqsBqU9X2j1LOJYepG81MadrDvMvYnEPqJ7zPY0MZYfL5pRKA78+DHdeYuCikJ
ELq81GjJboHOI4ZLTH2smh3cBDcI5dqv0ZTo387037NnOKT3KEfimaP6cQbEWDmN
L48gAVsGndEOQiea2j5nas7VszypAH4XlCZ/AYgQP80IzKZp888D4tMTw/lx8be5
EMU96NzWvJciyw5aQ33c1qJrF5UB7JJINYhQ3b3iVrPWScv3GqHYrgZrNO4Mvbq4
jS9wFUMGc1oAbd5p5RnJ5ewZxOJDncuhAG9GejZbJ87Dgd2IP0dqn9DtHVjuVb0E
XzuNNxhuBpKk+dwTDRQ6vNdC10fQg1lyZiiwzahsR9bqHtpbWQD7+8MGS6Kh1Yg7
r4uc+MNjuJvc9pMLAilzq1ejKb9JZcWa3v1Yxlf+8AmF80ZaDgiLKKxEb1oQlhIt
WYd5b8S75fGrQugw0up4268p/X97GKLmkJQz5YeSSEKRA9ycHpxB84nmFd9hMFNX
U4m91cwpxSkrkf9pDGaZJ9R6kYigj1tvlDuNtGHxLDJXELHr9IVP8shWsQwQUipT
wZ0sBWwNpp14/OlIvbfErvBe/pCUPMiQhjLsgFEKcCLt2hs0iWW8yfTcCTEKS8m3
7aNOZJjkjKvm4/KYO2kvqx4sXt85fXxfCbrGWUFGGXgugklcKo9jMC2WzY/iEcsB
0pkzkOLLAlYxfPc2HWmIK3jz69hoQwYz0DAbwtQQoChb/bbueyM/gwJxUuor4BYP
bWKXSfcdWDLBUFNK316JHb1nZ1VDxMz3Miqtc6vZrW9zfa0Gj6KRooDTd+TzprGc
uzdj2WJKJusQcU4PK0SiPCF+hMpFzvcnH/8d5JwD9BhJTn8ITFL7zHc+ju5k0Vtu
2c/ascRhbbnm6roX/SeZzoDs4kcYzQioE4GaDxyuzfbEbNt0We5I0pzdiV/lpd9Y
NqdrIRm1D1NjuBpDQSZGkEwCtd3y0RuYpR1LcQg1HI6hvhu5Ov6r3cBMXsQPycOn
mvjzTOZb4uv3Hd6uck1fGIqarFfhfoLPuqIvwVXJZJXFxkPEi77GbaVGcRHCGZC5
aMn+VjvRJSiAs0IESspjH/bQTIjP2hnrqQoYsd33v9dre4enTrOgzRQyo1GXE0FO
MsNT1r7QThBw4LdjPV1h1IchoebmOAixwh+HY9ahXkUoPl84z2d6P31ruUpbd40p
l8i3THpExutzeAPfQfsOhU7K6USyHT8M1a7NacGVqRISBGbMVg3QZEj/b49c5h+M
ymml2xXYejmQFVGLiM+3FnwAX9o+k93MZdICMi3UQHCVFdCb7fRqxrzrRLagLuXI
oW/M8CD1CLem2/wMINJwzpITtFRRZzB+op4ghtnLuIeOCIOtdRIrBTpOK5XQY+U0
fSmY1FfQ+FEBlyh4UNwarnSBdaTtAs6jyXzkDqtU6FYL9PxqilbTruI9Mk+7zOXe
p9N3hHMZwNvN40PnzQgN2Bw4clcbbqPHhozVfmbWsAFINw15FrrFzyAgeBfF1hQU
k3D/Rdq6H/07XDqshc1fjgZZmev78S9Oj4cNC0lxnxihU3/KA09fnBMHSYp4J1RN
+Chdh6sIm6tObJgKEzm+e988A3AgFzcYKVWhTX2nJ7qlvx/zb5RqCD2vVaBhS3Vf
0S5HrkC5r19alwLbsL1LbGNw8dkcL5lnhufvb3zbqS9k0JejpJfs5JEM5bM9jcDr
bQxz6W9YWClAHnHDNB6K5aZx4r0y17cO4QVbUSAzULYQnCfJ5qyUvJ8/j3f7eNRZ
dmdj4Hkqda+Ct6tTJ/KPvefpL7Ci8QdiuSJN+P6pbO4s/9Z6PQjNnobj4StX+hA5
hxXc5dIQZ4Xdin8A8ujAbj0VjhbsBbu8bAIrfldPOfHbAG8onYF34gtzLLyC1o3g
PWOpqGcmGZkXzxwN3N9YfPEZ+VZI24EEE191fKQKyz2UE2/FiCa4cGdtrDrrfw4Y
RK9Eer1KY6nvqF01VzyeI1qxUv1ciTi7jd7Rpn+q92CGVkquO1PHOgMkBtWBiBHw
ep3X/eZGdV5WWZm+qnaloOd/TxqiG9vymJkPzycrrxds7LgYlK5pLijT9fJUAyfL
JCnVsFVx10YiUDmWmwSmRp59M4cTI+0hz5T7m8VIxB57bWmhkXEg79rQm/EczvoV
zvO6tj4B5kFtxKKuAcYrgpZqdN1CQln0ae73eCdIZl6goNWty7N5wLaMhf6RsB+t
m6Zga36Ka98a+y6J46ttp1tvpW7wWpUMsDN0LRRgdCflYQAWM78YTuK6Aob4DMlV
kgeDqA0ESmLbgB0c/mah50uNEPQD+/X41i8jV51wj3LV0nxyyzf3ehne16jvMu1m
Im+2vGokh9POvMPhIRJmPGt8QaoW7QyUDVo5G+n8t8WyHQBT8ZpCS1wg0MIuSMIZ
eHP2dr1uSkiNIQ9fwnQRO0qQgL0K2iALtGCLE3BBYy1tKxDyv2K9jgxGvEkpOfsB
CBajFmYED6+/Ox0wTnT2bHzzy7p49vqE+EkQRVH08z0jzLa7KNEAMoku+27oyWWO
fPqiMZv6yoOkpG3LRgg9tHmPbCvqWIxZufAzZJuv4/W04+Kq2Zq4uicGtIQyx7Hy
KyksxWIAVi18/bwt3MzjZTU3cav/kP2FLDos55ioXC0ZAC1dqqrMDZ/OqP5GsjZB
WKJQpgi2L+zs0SiXbHdLmJTEDUQp4FsQSFE8HFlAAnHd/xx79VEOJPwubSWVXDda
dfGweNmFhaqacc7LMFraCty6uAjFRGeBuRc4nlISbhfPbAr0AgOmUduGXh/QtmMs
hpcs5QNGNWeuFMhKDimpGe530DpPXWZtf6ERioKuacZVCEzmBkmHLTz8K+zml5yf
lHwx6n8s/hP95EsHZpQLl66mrWpIowCODCyHAgrtCqLMRtxO2f1O5KqCGPRXvxzm
He6Tiq/O4Eiz2NrE1GsykFIkXaoB/uKNEXYU4MYG3hglCoPN4BdQrPhkwf03ApF4
aRZ7qbZzkiuKGAVMC8oFGWS26yIwoyxDP9OaLuzake3NLqVV/RwhDLAQtJDD9Qbc
i0q+ACKRSlXxEKRLj8u/8zw+MAPE/zcVg+tiPH7dS9sfERMa0PKlfvWhfVVEiCAP
2j64xuWMAHgPMTleDsvLk/fvpVLfPo2qp/tC2ybmH+obUAgA3aD/repVvtH1BDLV
x+r5pDZCpfTCgZKTYzSoWYCOfHw1L1DLbBe4lMUCSWPIQtOxLTTctv1qISuxMq0W
5JyRfNaZ5OXYgqIhUwpZckycThFt4q2IfJ3cS06rqgGu47kCVmFytVWLNSuczkhE
PDBGhv6uMVk8r0vk+Ojf8wJh/wL5evIY77qXPUIyufVPfoWJhy85oVVnJFqbDwX0
eoDk1VYGvi+0yhe+gQKMmXWE6GsHHPhRfWDkNnAPPRJ8xQqqtVC4cIHZ3KOHofFr
vYG8JnwCpdy2vkv4PtCLds+/jDIRLRvuCWD/HVk9Ove4eQH7Bjcs559eInQ+JSgd
Tq60srKAY1feM1cm3XeVOlFJst1VGq+5DzD/XUIVjVzbEPMHKhgwZj/Dznt6AeK9
KNj8apWhYaYA4jt4wYA2tHyU3UuKvPEIr8+BOf7YLwDAWamXmlS/94454XUJHuHh
DQ6loKR0cuX2BY6Ze7J/WVyyUQM/qt1Q3RlTQwd5Hb+3MG8kFvn9EW2vnkr41jLY
AOzr+fMQyX5H4g/Vf6g/Ek6KmNAiNVgW7exsz7ZQXlraK0CExJkPDzo9Q1e++0qh
O2XX2kr2FICjb5S8QoS80Z1Mwpcc+J8dAztfk+hLj+vN1t3gz2F2O/rB1XGXkVlK
XAtfo7GngbrG5PnKE2Yh7x8nTYdOdmWXDRnrvfwgo+q4mxeCiJbiZW+gohm2iV9T
FkwZ/AS7MDpR8pCDpvQfRyoTu68BmuVCuc/9VaiRz/icIg9jnLAYMyfCc5LhYUxy
spUrMiLp33LvsTd2GhmNnMXh4mWnIZ0Hj3HnizJrRzBhOrA0V87w0wUcDUzWfdf/
UNFtOX4IzMcaSTDxAjDbDCkem+z6QugMYQ55x2FEmMLGjP0QsBZp9ESbpfJmqWJS
Ak7nYxqVtdJzFWSlG2btA13H5i6yynX335T7tlEm1cAtVcraXRijWOWz7ZoLtgZ0
MzgK0bU8ViUqT1G3bmwP1qFyjM75X8AS2rx7olard3CV9l8zGppn9ljQHcW5LByi
zYHKnN97GVhKnRExnsrTQIe6OrvtrkKtOoz0rPG0gSY=

B.3.21. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10510 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6766 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2314 bytes
   ├┬╴multipart/alternative 1435 bytes
   │├─╴text/plain 487 bytes
   │└─╴text/html 639 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-lgc-rpl@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>

MIIeTAYJKoZIhvcNAQcDoIIePTCCHjkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGR5655q11dQrEn1+qj1lo1Gr+bLsb6vwGIH
YA/sZqZfUPrdFQZRoIqGr+mw9OFYhsaTjR+ZiK/19IZJUDSXOIqAN02kCRaLbe1R
822KrjNTYSKYNUI8mEMu1s8Mm/J3Rf6LDss3ZgcKKxDg5XqDtBG39VFTXgHVq5p5
xYKt88FM1CHe6oMOBVnCEKLu9aNm6iaQx/1IPGUYpQfEY1VEFHEyJeD9UenyYR+f
O7UYzlXOk0l79OlIxspqqbRbehwsCVirzy9XfDzWFc1Al4GTtMp8n+7wm7BchMX/
7S86+FiypOQFv/nHoeEgE5Z4Cfm/m464/q86fJ80tv4iTNQ7mGIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAIK+kWhO1GQu8sKhJuZfl1zGB
7uDFNxt/SEB+I31lUgQJuK6BjfXoFhDy0j6Wwi5KFfCOGip5PdSd/UqLIdl0TJD9
R7/j4ZIVZL2WBKNY5aFEoiy4v6/RAXRYY7VNony/vSeH0ZTHyC2zC2mn5R4BU5Ry
pcNTni458AedkjLZGhyh9qbf4XOBMWT7Se3P//h8a00rJsPpguLEr9eYk+SEmdor
s/dvtN2Fa/c5sgf8Ha2j8zFEET0fe5727t3b4TPhLamne94RF2Ban2hYKyGthaOd
E3slE24n/cJP9iUtz5FBFeL72Z87rQS6QKkRJUjyuutwsA2HzgqcRaizMRVhyzCC
Gx4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIz0JLuCYpHS6PTGPdIo13qAghrw
yOPDrc1OUUqt5eVulaxY+qP6Irw2lLxwF7HtbaDzcOiOv7rG7l22glmfKvUf3vYS
k6c2jZYBxR/f4ngS0oTGiZaRnEbD75gEuKOpwlmQDOc8Yv/NqU1t8Iqx8fq75VaW
51SK+rw+BZ8AW/D+AIOKJxjqX89NFZaAkJEcohjAGTRz4wrUoLEpwFE5V6qzSqgF
jJXm4SoDXH8ZAGmAlVyxxobZ5P04Agqn5CXxYkdLV5BoVhkzFizP6HtnKPdlmaMI
Ct0AajBvWjdC+vZ11igU/txiyp9io4VLFUNQjROGzk5p9gFWwQ6tWIf3tpsqGU+n
cqhiSLig6DvL8I0v4Tl5fYW8j09rOSiEIaBGRL6PsC4U6D5xeE7FosGOlK8HVxfq
IIqoOFr4f7eq4+cRxuegtLn/podCkfmfKfMFb5Naqsarc5r/63GMSufptc5RKROZ
8ReYolOJzNzgYUUyMzerv2J6Qya6ybcVHBfLsK9j2XjGtfMG5MiXOHOb3gJEl5H8
yWsNtiew4FXhStzWLwFHWJjPwZEQExqJxMRRmlCfJroW3NqCE1S8AQCseTAb1jRm
M9mVD78fG51p98iPe0JHYDrv3bsB0FaPhCaVhnxt5cdsqU42kblavmH6VPUqoygx
QgKojyvQUllzyZ7udh/M70eWVag731BLa62h5zCQ8V3F9Jly8s6r67da9h09dq3K
5h3oxWUBcQh0rqKMWd23X1X2T5D46LoJAQIqOmb//askhoNr9BKL9y5K2gFQjI+T
quMLP6ysZd+oszVbRtyNfKyFyJNmkS0s0NZ5FgeLLc5h3y/fOM0U559PZvET/fEP
R89dIDTt4lCRrT7N90YESQ8N+e/hajahnQDS78VXlq6nnrIerI/WLXr8eKQIL0Fs
Quw/A7YQ4DOytsxOLUENGRunIPBePzu/gF37Dd8lZdcviTIBToLylhIOPIMw2C0f
vaqy+xwooSnwZNQMh+FifuBOOScbhHmHKUjaymT/Ybx+A/8saXRN+SfizVi8tLXb
XI4faBkFoVbYvuQh4PYHogTz8W3UjWhyVtmCicL55kMk9TSksxu5SGn+PpIFovJF
zuxSk0Xm+7it3gIisd++sZSRA2a/dYyFPOUnfOIBl5Nsq//H5sL7IYo9ynujUd2R
AI1wtAyymPt/+stRjbSq31b39Ilb9A8rFyv2Dhi/p66Z6XLTSyM9gvCdBgxjvcp4
opNEUsriap5zFtvDC3YvPm1YaWo2jK94mDa/F7VmJ52R32NGrTPf3h1prs+ma+2c
wJRT/P2gVip86VOxTb+KgJSEGbIHhdJ9+gFjTNq9y0dgwhLqvN3rWFwU8H/nTa3v
ymRTNEi/CCxcKctLgSckRZ5mMCjEJMqtqF13tT5BdMtUSWd75Iqu/uambE1iJ1/i
9O3ZRB36f2uHGILpWfJTOyL4wsW3GqqteXmjBx6qyXhJ4pNc01y4HF0XIiWXKZEE
0dIY8Rpx9c0Tw056YP4qHXAc2t/jJqTM9M6hB8y7Pdnh5XIw4ltCc2qLXuZwKdqi
uWHnMzCVmIykubDh87yZgzZb8BaWZbjYFnwXFsV+XgV7hiBGMBoQYRWFQQO5synd
LzvG8WKcBdTDTawuwvz2riK4n0p0YVBNTnJZBXsvS3GG0Jhjto5c+pZ1rLmRAUnu
eosO3ZOboZ6bZGt9goGHAydoIiOinUyMEtAEs9l0k334nCnTh79FZAd/aEInLupq
dx2aNBzv0IdCPiERuWvMu6QLHQ7vyqoU7ibu0eLWcS/IhJsnMXLj//qxlCedax/5
rerO59X4kK33h4IY0Qlo9CF9Xs1CVhpVnVwuw9Hp3C5i/fTdq+yR3xdQ8CAJWJid
UfZb/nIbU246OJAnRvNii7LFW4Wwywv6uDbC3zTeVR/KUJ4Zg2uIMcpLCUSVXK6U
vTviCdljyuUxDoPjMPpf/s+4kCkR3ALqyZJMf6owMTBw8sQ6U3H75UNGertSkPEY
A0sStLy/K5wtqoHbsANk8iUNFmlUdVh3yEAfzz1gNxuW8y7xCN4ihlaBF6UBJf3x
PggNcA7802kUcJeAfQqC1k8WGodnaCy01XQA52xF45pdJ2HzGHRpKm2hqRYBjNOA
2kS/8eTiufFmqHvoaXVvNspEwNaH+aJrsk9Tm1Pk5m/lvjB3kYsGofuUp94MPYAv
PG96GHJoPNs4/KRx8ECBQgjVruE9oZj062S4EeonEIQOipulAj6CXxYiQv5L1YO+
HOOgVlAKDa506Yf0rcQF1ys7IVDGokVScJqCEYzIOfubhrw413Y4Sl6ka+ZgLKq9
DLzuMXkNMqL7WqmkK4pLx2kHvLqqLP5XjynagJHWNm0zYO8JDgWHxjbQxmaoNf49
oIFXdzESzLnz3T+lK+OSyJjq32IJZbCWCzWcc8PX829b/KnO/a9VD/UCpMMz6E1E
aSxE+ywyGo/gpW45d4ZRJxzWBTo0BVvhrUC6NYjseSoNLUorVmWbzkqpnfO92bfi
L5Fu4YnKbh6VCxnEUOmAMaCzXIWOlLMg5Myep9JrNnVPb+PYKhQm9QwVpwhxKwsG
+/MKZ0eOjMHd6jk9GZxNDV0VuCcmtiLPuBW9+AxcAxjU5h4GH9fmH1ZMJDsIBDaR
qt/D1jTognJK26lx8KmQ7yI/zUAKzOlwALxBBnV3f26O0LQfqrA2MpTvdt0YKPCR
brmXI8ROZjGX0H3HZ607P2NRum/9hJAQxl/ZR74gu7FpPUUIJjr3JEHQ3icNcS4h
9icI4wSS1oFngY3ONUdVH0tvCEYsMexrZo2rk7qasTFHoHTrbkjncbhw/dc0LXCX
79wCmue63UbkamFUz5827rDiRpEd7QwWg+RexkYeZ+b52Iloyti82ivolKeBKp+f
vsF2Ni+mag0zUPrraO1g0QYmOklZiCm+GtYNp1t0ROT1Yhlcq0743B6qvRBkqSM5
wYqMR+zIVBbqK0Kme1+C9AfPF4K6vsGmJKnRPWHXdsEt0NzwGM06HhUhKXSKPYTN
EKdsM2Et4dWFjHDYBiijVna47yQbHVCm0a/1l8tA7xQTETyZoDdxg8eoWS4NnYSM
0nUOny1bKIN+N7Qj4brWegRmOFDvxas9He/msMOoYNMVWXMoKc64UfLL4mRcq7fK
YVY90E5YKanWsNDku0NSbK9zIlQTz9ASOuvohQniIPGBNGO/X9JAgIsg7hy5/z33
58b9JyBpufXxeCUP430eEm3HHQkNWk72BxsuBZKlNp28fdFgstOVsjDXFdmUpFtf
0jbiQ+GM+GwCCYkfX7mSV3kCAWdLHJLOCEVjlXZbhtK6y5o0G9YP81m5nQnqyvyM
nG87JkhY1MpzPGKIKTxRHCPTKrGqxkVEIOVEmvZAqZ3fHXzM3cRvRYER6RB70KYU
C0gvzTAgBr6W1OErYNKysjD+QG8FyfzbfYH/zXumG8jiiEqNKFU0YOAxoAKHIQYH
a2Cz4Dzcbt9YdTf7V1FSFWWZspRivCGCmqsFD+pbz4Xc0REJf+fG6K4ytaIJFJqY
fVkVe+Ecdt3oo7N+LL54jA2MBrbktXhpnHGmD3WAksG/JMorMTKpcKEM6JOou0AX
q/TeKF1fUKP/6ig5fN4HwCHRwXxGNThBvFzg+gXUvZ8IddtYEqOpSqJ7z1PvD610
vqBFovrswn2E6hiLMgwS6n/P/o4HHbLXVBCca9w5sApMsnfAQK5DzLxKiUU3xUjP
FIsFIVxWMJ0aCi9UulfTA5J7IOdCeo1dJ2j3BmAKfHsNcvN8MfuG3gHLX3w6n+Bi
oXQVQqqD7plihfXccgxYk070CtCuxi8OMB0mWFvDm6BHWEJx6BNNoCOdpVFTiF36
g0Hb9aVIcO6pietUr45MgwlAGCB05Tj9VGOROnErdQZChEjOw7LsoZfNT1x5wAnz
okTLIbvHcKKNUTz5Lb9WwEl5o1DRxmHfa8e0jYk8PrjDfJ5hSL2n/ug+SCb+w7dr
hzFsIhhhAFPt5Ezv0vdad3LAG8aO8pgr+K+AbAtwth9Oa6ufLMMeUkR3AQrbTL4/
svQX+yVkQsbEp65SgN4h4g46ZJL1yY5i38yXi5a8nFusWbLH/gW5qHLCN6103FuZ
NQP5L84K8HiBs7ykqVE0qdl+GsjtNKUND0LxV6IsAobLtcX4WoYUE8d2FnfY/I2a
xII82SmhXgL2Chyymz6odQNf29zfBVY0NZS82NlJroHHMrwvI/ys5odtjNve9kT/
xKCjWAqj5X8rcnmch+kL24HNpFntNbddiPdfVcV3q5+Ma2V1A/ZH0BokPsjl5yrt
CDFK3+4x5bRnFbNuMWUACVeORO0JlDHMWydG8jhqFv96lNsYnKrVQShJwjMWSifP
I6VaR8kHo8ZJP93NNpXy7GnXeByF4hDTy+PDS97u1Zu2eXo9/5txg4Ted6ts2tVa
L6nBR225Nne8tfasxOLnp4TyCOFbvAskPLQzFIAUv72Rh2iGxPq6S6300grFXD0J
kiHNjwh+IxuZ+lp1GsK5oafrG+dAX09APDibR8X09iBhWtIJD9Rs7EsW1EX61/T8
y6kV5CGNSxbFjiYgkNWF28EdSy18ipmd6a1wczNJ/uqvfxef/Vn94KqwrHkOwuIq
UwtXr2j/Xl8+0/RBVeLARpvILQM37pWKB9T7+/09QyAAEdyET375Zs0Hr9sYcSgf
w/3vb9HX74/cAGQVtQz2qeqCr1cSgKBd8riVirakIvdgGI83DoIim/EcHD7rKh4B
Uyb2Z0V5Mi70uncXn4MHsJwrpfiFZmgcXUfOKE35gNAqbTNi+m01z8bmQ+VO8qF8
Fj4hW8JJmfnLxwjfE/gh7RjYOYrQM+JEtY8PFY1x6A2iJ51TKsCOXFGO5oOObngv
01rRy8LFOLncR4f3syZhymcccrR6obIdqwdcz+l+zWDoLxoQsLQKrTqKnJez5GXC
kRXQ4YNJ98Ly8M+wcAz5bZCeqoq3e5BCCB8Z4g+I0ryLKirnFvSbXxlQWCIqV7sG
QDRFPve+moQkBjw9UfVdD2C+ofjPUZd8m87tlbKdxoz3lYSGVNy12b1McsNUtQRI
Skyhri4OiIvcheXuaAEXZ4YCW787ABIyc54DLvlXSnb22Pr/OJGLSjGDLu/U7Fe8
3iE90fCDPsfUU6yAsfNLRr2LcZhNrw0F+siRcEHe/naDOuntYq3W3UB5Vji8k/bw
5kvLoTUEIEb/UJn05uHX2tco5qIqdTyR2WL8BCLekJdpvzg52M+e88BX4S4coJ+w
MlgyXmG8TkSXT9GLGua+JEyE2qk5pG9dmhTO+K1CqKdrJX45N1CEh7C617sWC3rg
rdc5CQFh2gYv10Z0WJ76wn+LA5gUTU7pvhgdeDCES3dTwyNHjCFYJedBH0jzFG4m
oJrThIYxfMkPTBLa6htHIgutpdOG6GD9nP7mKimUXq1jP1iaJMHTaQkoRGYsvP7y
2O19eMvOQm6Ppm35lZOMpJnAO0UwHLMJJwH1WvTvhlvKjVKMWKscd79fybBk6XIt
hFbWKRHQaVQ7YvPUDjYfuyAhnJt1016fRiRN1MApwTTHg3tVZE2QoTfkKfM4km9h
+VQdyiUwkbpg5rfCVhQWI0+imqKFWoATjQm0+352eJB63jgvH7o9myg5RU+AK+6D
ssSVGjhp9vgOC3KbGY81dHVhFjcWEApJ39REOxe4YkcCeaYTDMqhldlhzIUWNbPZ
EdCnr1GaZlEGeMQeu+Q0mIBM60ur/Mwr712cwMtzmbasFiC8zARsbkZQZh8ujXep
yMiWkXXGPKdYClal4pjoBmLrPaOXlrybD9K5mKZEOpbpDPGYzgE/C+tvPYCP8KpH
MGmaHYUwWdLlIPI2YDOFL3WAW3fA8ugJUNdnYV7I2sRAOql9JOQZaYxeGby1VJZh
EWRSybauamQJ7TUORdboivZOuJNoYKP0wJUIpEiK7ZgJR8pvP6HLEoSyXu8dgVTS
gi39Nrfe34xH+TMpuDp7K2f1orTNMVe6WMryOonuTCln3KxD2nCXr5pT+AtUzmZm
4O1YzwDgIBlyNgSpxX9FML+mFqfT3mtfLm9Kt5YiF4/SXiEFi6Go9VV4xM/znwIg
RlaORawjDtZ+CzPsRU9v8Dr78xHFhiAp0ohwrzmOVHGbZk4d9jtI8yHqLmPEpKHi
mV8vvDNgBbzkpst2Z6ahBMa2hvOiI3JzE59PUXdg4GBQz20pieW6ghRaIyIVJVg7
Ot0cZ+wp+04X9pyUtKaEZMDfQMJO3F2Z/dvSP1538NsZieYj4PNuFlToGG3AbB6a
Ccs3wK7TzG4bQtRnEUk5121U2zm5uxoUJTOrfS1iOKs5jGXN+mxow5H3D6QEGYgI
nZbhB5BUuRoiAJe8uAbUnT4r7aSB/LFxV6NP4HaF0qJv2YCE5KdV2//2dHNgL47k
pqL9CW53XRjr3xUnLO8+GjH5MWNfVwVLatSLBNgQrLSwk2IrbHjEHcECrN9Ctx76
P4/CkOcLqx7wSlFVu82Pm6UHQhb9Ke4K075tNRDAjIDJ5v88/zbsu641AyfVXxma
ifHuNKgYhd9mklIEjXfTvJPouyI5a9FabSs7kK9S+awuENvyhSJ6PQ0+MC+J5eW0
yW5SJqcCIXSkIKNhUTdVLUmEgj1a7KRrbDjYF2u5GSa/sey7l92laHnoXWnC6W3/
rGt+BsbuJhf+MqZf24zVWUcFhMJW6t6a/jguD2QH7opt9d7NLvzLNNStARxR0NAQ
0hXx1dj3fk/6hrVO2IsuxPSAysG1TQhrwEuNsp8ff/cJhCjlXQ9JGoiWYP3+niaT
ZrYoaTbPRA/N0ELG3Kmdsinzn8+EClAKsh8cy8EwtNdl4MGiZNr0tZVJ3Y1YPzFj
wRr27iH7c1IzBfcK0V2oxvO/mEYhYxLffIUid5ph23QtSEa/4r2/m1HlLMD3ZlCx
/6XOyeDx1bQBjnh0SEVoElS6ATwS14sGE/DrNdVhotrdDHEBv6u9vcOzob5o4us7
mWBGFo28ypruRWxRaQ++H3ysrW1GPZY7lOjLjm0BwRiMg4aY7LxbbzJU+tF3mRBm
F5Brb0zRMKiniZtP5zKqIPTBIfvuymfQbrf8pEElVnSHgd8ZFWRUeBFgIFGHli3c
VdL+n+tUTjXUXRSkGKgXc21AaS7sU3ziloPgi2mU0TsJY20F4kWznPtUFGn36zbm
QM7sH18AFw+rskI6R9kO9vlBd/SqBMxPl6Egy0u+O92O3iNKbildpyiFSynhd4Yj
oR0Tzr4KZf4KQlzyclbVgsrGNJKx0L6SmqYIchkwaP71VoZPdn+XYr37WSPM6U7l
SkRkJMkxr++p8qqnY60BHXQW7u3ZBJgkSXuJk1zo1q/THVeNe/gDA99Qt2bC4YYZ
JD/9naGv4a6hzT/oWXvCOLmcdp4iN9Q8Z7Oc7GrQDLq5GdBnIogVIIhCCUY3WBn0
XTlLv5tZMztOsIxYEA/UsxgtMU0C8kRX2PhYSWFFyRKiF+I1EwZ+7NjCDtRI+1+2
hIG6DvYiOxi3FBZtyZxkBaoggv5Ah3wOPf4URjdS7s6HjgvLdHMDJkuFL6q0dUsG
fSn7+jRCAiJGkf/MCMBEHlbZQpnY1xT+LB93rguGV/PkoFFM5nZ0c9ZjPCVZ/ewv
ItqkF2oXuidYmLd3STxoHlMF1P5/qNrucwYrAo/M7dJlWl2zMwE9Dr4+VJlOBZkw
AUlSd14XGTI0Lfby+cCS6RhSMf8XqJ2d2hxUX1hNgOAizsVpl4HCTddKCuVfyp1z
t/HlEZJnar4UsLIcWsgB7vYRMMMA0XAhIn4RMi3Y8HZga3/jLwHtGdPFYelfVwOc
6VVefVA+21vmXS4nKcOFgGWhLTQ/u+xhJMfY9mAzZSH5f74KK5FcNspC9/mOUQmv
tDVcoIWIJdxoHVNWcSuSVW8+ISl+25wST0wShD3sKaTVhgFPuQGbej2wCgirZkPQ
82FCxLDkzhL+goh85EGV8FuxMoo6gb1krFTxDF7MGdEv6RwOyj0PxLEgG/ctyu0e
Y46Peb435ScUFXTa5jU6yGOjHrzzjNN74wArI5FtFI5qgTDcd9DSwZFhl5Adbj8l
TamIMutl3IE6n7v5kuTnqEAM2y4He5d0Vnv/Ms5+lal2LaPgwpykbz3WdScD1Kxc
+oFUTNXGfsi9C6/DiWdAB7btcMmXVA0KaFPql1HtUAoP+qxrqwwL3aa3+rtC/wbX
EqG9W+6U6eMBbPw/li++M1aiAWSq7e2Ny1T7i3wy1V1cpSSFhrn2EX10ISlVmPwn
f9yzUwQ6yk3r5CaOXg+LmqWrebMnqXmYtHICGrzkk6c25sKY424S/d2ggJeCkUp7
MHhl2qWj0rUtei+DKx3SjkHXhct2O+t5E0zmaGQgGKL5C1HR8ODX/pmRH5qWILUs
F1K8Uf+NP6Vwmf3sYpyWchMKWRm1AdDibSGfh1fMarEh9kpxEXuGdcvqxIXfWfHm
ksitbzmnMzHhfXy6UtN6VTp5BfYma3rD9dgAQxmkgmGKhEkKnEu6RLq7MVXwh6Kq
H63f1dMdx81Dphv6tcpD57BS2748MbIkGpVGekpwg/HQJb4YY9bPOPTpMKzrZ09w
aWdf5qJ8NK638ZEpOYFxoq7lEAOjL5JrmRmhX9OuxyyIhbR89v1IfnCPnozN0s9D
DRqTLEi63UbiVMfSYTJzO1Di0sFoQfMM14/8vqwh4NQU3blC9GcMf/hOQyezuKvx
/UHnm64IeGuF2Q875R340q4T5xF/iQzMb6uBWAHCfVB3kDrETQ/nSGPu9qLWMkeG
RkCBrotadhbkddytBqM9LaqIWPA2ROdr5W3PU0h6ZLUzh2hGRiF9pQ+wLj7lYmIX
5FXnT3n2KzCEVc6XHpU9c+6PAa2nYfIgcsli8I1yyxJERzDeIBNh7m2ihYHyFQ+1
GGkjF2pWvVIN2hB+KS961UAwm+1vvRN9wxl8YSpJ5T2BKNkg0pucDUYP7KYsiRd4
4TCHEqK0JeF3CzYYt9NvKHCulQMa49LARmcEndoKMS2975EqTpq0aP3TpnS/81Uc
E94iZftUsFKhs0yttvYS/fw2OSp62hmT2JIab230p4jd2wpwP8GA1KHzWwjjbRjB
F9vrhTYbWntat4k8AeEKj2ZjHJMOGmG3sSx33JcaBwWug69Pg7nEcxdP+GxbGyTZ
fPCC/s5GOgxtUc+Xk/sv6wI7gbdlBYAQnBVs4wUVNMw=

B.3.22. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10185 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6526 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 inline 2198 bytes
   └┬╴multipart/mixed 2093 bytes
    ├┬╴multipart/alternative 1140 bytes
    │├─╴text/plain 379 bytes
    │└─╴text/html 477 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500

MIIdXAYJKoZIhvcNAQcDoIIdTTCCHUkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABOfkRzWpe8+giahAB4aK4FyKBN6535VHc1c
4f+nf8otkhBtrdwQfFeOuErPGeHzRvmDmaMtJFf1J24hsbhV4RbQ+mbxJPxoqKT5
qOYSj218aZlRvM4E3Y5Cy8i6iFGDOKBVSc+RHv+UukIOs9MhLC3K/Tmf64MQKYL5
sGAepPWv36xSQR3VSrmioM5SuozXl892mtuk207bpPiTnXXs4LHCgZptWc85vq4S
jtS2AKUMUQOcUvyOoK1qQsERyy5BfkXE9jkjB9O/ba/No5LUBnhfhyJpmnfEeU2F
JB1dGcO7drxF3FQNHgvj49IJHYEXndC7L8LkDvL+vh3XSTvedLAwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAqPKO+X6DScUv9t34OnIzHRne
LvUyO32lwpOwyvc6rFSLrBto/WGpAGS9NQBGFlk7roGzXH3BTMnzpF/sFj8rntQT
jHHqm6Cqvam9gBlnyu5/tihN9eHBCjF8M6OYksj18TomW99tm3KADcoe3AvpEOEg
39AJIsiS8c+sayVKEG8gyeaDn/m6AK1AqeoWXJ4yZtVl3B5J/mC8Td9m1dPQe74r
JuInHR5tM1DKLe8Lq79zs3SwcJgNZhKt9IH75ZxDTYEI7Bpqa2ZF4R31ElXrKR9A
fRa+/fqrMjTKFm4/1jeqVD5owrjK9iv/T3caGpI8WwGUopeOqBaeyYeLkjo0GTCC
Gi4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEP9IzMSducnaqC0xK5rxgoCAghoA
ZXRVWTctm+0Vn4Pow0nRtA7FkfnVfUCkZNfwHuZPpjNFDLiFPRrl2UjvMLA20Wr5
8cISjkBlm/wWzoW0XAZStAlX2kvEluvdKTjS7ly/kexutYDc1f456v9+H+IQZkbI
xTjniKhnD7NKlkkjvzRRcZ3D9MFfJMbS5ISvHL1055I+9vRzHJIbwExwL3ReRhHo
lcjdrMRzs0sTsRYEFyf+xxQT7yCTfz6xglkzAfRq+kilCCMbcJCXZOH9lkv3HL6d
oTWJ6RItWpALJQk34MlHJkHKU8yYnaIyKcDwu/b2wMgVhy3hcVzUIz1KoqUOfm5y
gotJrpJOQqGqjfuBkzk7S/R30zLLlY0wAXbEhiJsCepYrINeYrizMB5rwGGS7wP0
JPGBRwWUkXjPTlzhAkGRwk8pmFaiBC5KzF3JJ/mXwNwCT4lfgu9MX4uqhpUUs/FK
16V+LjSonYGATec9K9405eSszRKTi3z8BYtlHI0ur/e/P/easCJcbO9zd3okONCC
83WKUaqw7VBLbxCkfVDYg3S1VmdpHXPnrFUqkn/NGAKTYhJS4Wdlq2rKF0FPiC1S
6qux09Kh+aYJYX8SjbcFDBFl+1UjmIBAhNMqzbUaYo1jtNIjxL5fqCP+Z6Wy4izt
lg/zO3zVPP+ZGi7i0D5eBNYMBfHMZojJUSK+HqVvd80569khEGoQGwdm7SrjRLbf
SKcPu93aAucALk8S5ur0xmR1nVbDpiu/VDYIgz4Vi4RFV4rjvU7aa4UV5rj4XJSS
IpBM1GYJhZO29ZxPGC7e8Ji1sC1nYl7gnT8aMWeNKk4GN7ATWFZ0qoaENepGziUI
yRr/ORn1umEmrTGjv3HZ7cbtovm0r58JtiUX/2CLaFAwfPjcp4GVfDqtosrKdUIy
9xk/rM0vJshXr0UoEhfuJa6yqiH8Fl/49UTCdDQgcKUEFkwza9OromsVngEFljzG
AMTOPDVQRXcYc7DYaqzDiaIBXKYrt/zcdHpKeOYttHY707OKrzNEZTZ9y1q+k0jc
F6XuXMHWWcFN+Ca64d45ABOyooyxgYWRwQGq0OKoWY6eVaub9b6O7eeTe7j8+HKb
LPQCop80JFHFOFOhpGIaCWY0Oiv08tzFNbP5DNsktTd5ADOg9ZK7WqIhnIPzOG/A
N32EEjnoMQIHVj9z0Vwthm02Ltnqw7buAj0B9gtua4ccM+taallZKHKBKIXdoAtr
L+35BH2lJ+OFOhKnKG2nLooYdYPmsaApQboaGy0bEnu3FFICix9yn9ZbG1BD1IR4
GQthFIMiyxnkxSndAQCu6K4I8RGY3Tm45tlugAgvopmd2ze5SGnBWOVIG8/+LImJ
mcP1JFMn0EUdkWG+ckNJE1Q86C7dVpOLAl7Kkp6QWBcjmN1+WQ76JdmTMEPox5dV
cBY3xtbYLkOHHebwqmnbq6R5GGD3dB2mU+41JJHzOyx/gqco2Hb8MDhbOtx9sb8j
zQlRc0NHrDzbrxRWZkuFlUPJq0OtxWqVOzqdII3eUHhV3gziuHW7k0XORJDqx2OR
jm7+dve04VHmoKmCeeDU/iLcGlB4ukErq3b4s1uein7z59KFv5oQPY68zlPj40Jb
J8bV/fL8vo7kEmsoDALXYSetTtQY9h1oZ1jymzcz7gJAu9JQmkq7f6G3rzhabNan
el2tnTWLFJXOecpKtnOJzH8EzRWVZcelJKhgrUgzAwQeSazXXMCeRUDOe66EhMCT
0pBIzJKvuY0zs46nwzRdC/HxqfdX4aj80wMoKjxlB5rAdB9b9beZXiZXgdY7kupg
53UyKJOt7efeWiVrsrjk6quek6AuuZtgLbBHuRM8kIPtEil1cnGvZU19Z2igoNs+
F7U/Arn/COkl+OQmCCqLC2+nqf5UvpwSXsX+d3bZ7b2osYrGEU2iA3sW3ucJn11v
Kf9thGwNgiqgGDkDhejtYUD2PVvmeBpsrkUK5BmHWlOu1hHvliL0KmZOg5xUCdLK
wkUD2hntsMBoVw9A8KS22ZzIKm+3U3tUtrEcp6WG4kcK0EQH5rrEU5/m70+sbSOs
TpXfe/0pOU4XounNi+K/LchIMe6VizL58vm450DW99JRKRvssJpjY1llXHVHr5uH
joKs+9xTapfStY8WKwX/cd7J8B2yQfxU7iy0de6kGLfUZLgw0uur1xrbOzVkO4FR
q5BWOWgFKX8GUC14SFKGbyxhQG1V2Up1o4UloLt7SNwA/Rd3Tcmxy9O4YDe0yHfL
VM8JBR6dOBGhHvcYYjEd5+lITNFFkxLglq+MfFBi8eb0qfHzNexCShN2C0IRk/16
KX3OCOmrYZAusQXk/SlO/tdvUFaDwvmtiPBbuVaeTmiBIwMfLlqbkuphykeTSgWm
dCU9uBNjhI0/95BexW7+ifLjVpksBbKiyAdHe6+lcnszoNrZWW5P9vzqoPLLUjR8
DDbmEeW3ud6QUGZ7V8qL6Q6cxBpSllDvqIp7Srf9ue0RTcmv39gIrhoEszybmhZS
pMIInSaJhuYzYfXJS1rNMVIhms08DVO/6k7pm6QA7pMwAI8rntSEf9Z70Uzr5Wg1
eCSuOxHqL71pU49wNap8r3YYK2PuMUtGEzw+u9HBf+F86NyqDfhmVIEtl4Q35jQW
/6gpJy+hibsPLpPi6ne8bnvkdNV3dxFoV0o/rD5aiQejLs0HvthxsMY7qpnV8LoU
FW+fN154VyGg7znerTYHyoOlG7tmsxs/ejYaT0gG1rk2WE+9XAGpkZhapB1LUrCu
Y3fF0CPaNfC5kYOy3oNAambJViYrZw5J2zjaL4wb0FRjE3dmpHU+M1ffRK86ke/S
MGai7HW/uAVZA0QpUxUzxnN/zH1xHNISrgSTcFeYCnBcx1eMxoARVges7PPEYVKy
QapYffxV2BKZag4215PkxQmppYwpO+gmCYg2fF/Ilu2PN42BmfTe40pPrWSejuDC
CD3coLRnsgTydRsMIAB2XaApMepwEp6Bp6PyHU1BYRZBdqj+MuxVG2+MBfLYOSlR
B4V6ZQ+AAlUFu++eOVC5umDr8oCisITepnc62S5eQKp/40iA+JUjD/SclWNrGGO4
Dy6/2MC05EgKhQxNB5TmUlq0Bn7/JZ0WI+zTBypsMzcHuiBHKylCAvB3FU+W6L0m
XEuLZeokayYotg1J1fLOqZSZiX2RPfub2x3lEPer/NsXISfmfvaKa/2ZHPKQjmRW
FC7447gHXyrU1SzBH4SHPAoplCZMAhA3N439zGM90brtlAq6XVeAxkiv1rOAhd40
BrAD7ScUBGhPPeKp5zY7p4HSe0hEYdIumVmKOKY6Jl6X7Lia1pj1us+Va7AEAhTv
HWKDWr1ryafbj5ixrAxR0fKltFtqp84ywO9gUdf6Mam2nY/BFhktiyfmP4iBXDUD
gAAciNotDXSVMwdA4rbCGDf3TdX+rJg4ny6mGNY57FljXK8SdnLpyhb0EEtyr/Ot
75LCcXgBPmPN6y69pRF85ezLeUMINmzmLUQqTVupRfU4rFA2NnEUnFtbpKp1AY/H
pdKfuP6khZU/fCXRoogGeC2LkIsofCiIJA0hf3FShVH8z2hXhjsNRtx1aLUSFxee
rYEG374iuRjwcPkZC6dxzrcSpWHfRwS9nsVLVvXFSkazr269OWfWiMDVUtm+XS1p
YefZr/+SRGnRa4Xwj9F7b+CC7bHT+otFr3IAayy+RXVAifjHypRUpBVTpk64mp5H
ux8FF/qhgbLjP1PN16ZB6LXVl/HD7dK7Gkqlsfu2GTmjpQwSFx/SMXbDv1bfiQT5
8tR/nY6ZvL46jp0BTxEgezwWX6+SvFaQc/AgMo1L5JdJIUCX3+QUOKE0hVP2PMaT
GjVuRivkEyWzh6eKk9YJqdmB/oCptKFpdEOzh5yqgtPcmT6JQuJ6pJH7fA65E+i2
k9beHYlhd9pzcQiy5Tw7AcXsRX7SOQrdddg/ZK60kL9b6458jJLLTH1R57t89O69
qGiNl8bdrFenh9TiqpbwqTAcmLHIKU8Nc+zs9Wbk0eqeMLMpEU5R4TO8EI6ojrZt
gN0hQw6jWCbA9a+plxiF2ShRYSaACdvUybC4hSfMH2fcG0s05cjchKvJbu8W8k09
tKedeNatpRXT3DJWAgKIHh/oWt0Lu3ulGCJxP1f7ip8E8l95wrnDFFfIx/0Plrjj
vJpL7nmF1HoXqVLbTyreDAMLGBMYpXv1HH4ef5vrz1OA6r8jqoDwo0pcLQzzZC20
4rLCKSCgIC9+6Cy8cfD1tGkoMLb1BRM+8OFO7pUwpt3/B5fnMQ+WsHxOcVYbcs26
17zUgFWV4Aga3TpicWqc+EUAhYt7DEbQ3c773y08sRJFiHhacpBrI+7aDFJpbFkj
SpCKzY5ReQxbdZiGcbxic1GGaUNQ/qFX28n/RvgIWgAOz7ytsme2pcEmp+jJLT9D
JJ88hzFliK1qLGCRwj3iVjROpgnAjd/yPpwB8TNyoEc5UrDNOBoRlRX1djWQSkRF
onCJ81DfXJOBNvttb0AABLwvqiA+jewXyRnD22gxx/m+uD/6jHJ+U587W/Yhr2Tg
OKR2zhLxgz01Nc52ik8geeCH1KtvWaKWYsUg4CdINQTvtBhM0LtT76F0qW+AP0eO
yrNlF3ZfynT67Leat25Zy8biHCLaO5ccNMG5SEfzugj1zGosW9w/g22cqZ4k3FUG
uWagQYAZeaP7GZNGR+Mf2/x8YTkq2nUoeHt0Ehk3YQ8NMtgcE53T5Pa5op4sEQVZ
Mr5+LscPIMKOP1Q35uNIkhYMXtZp8/VNuERa3UvMv53NjC3THU/TGjfO+Ye85wss
sGmI68EltTkYDhB2GIdmd/CD68E6Y/u3xhShP9zDqBUh3hHHjJbFF8DYpA9ACBtl
Ad4OVbllFXoAfY4ZtQ1UaOBgkAkXyQ4yROFNMpWhS3RbRUsez1ie1Sg8PKSLy1YE
bbvvuQGkaYBIvNoJJhcdFc5ELqdz4F6vXHSljzMg0O7leyL6TSFs5nIjvXSa3MsF
AFPGWuoKZAdjmwV3CbUgR7pzUJNBtJ1KlasPUd4sIAPKxP473AwUjYyfMX/2tWHt
DQalwVph+pqad4n/GchKN3K4Pte6RTT7j2LG34+WOud0T+LILS7iVnw55PsP4P2a
qh5Yt2Ed2/wSN+WnPBooJPIg35fhI4AiAocKjA9B01Rv85BaVi5UpyviB7YiZNxB
sU7BCMYnMlSLqwQgL9HjaBlXzUNzPaU8zkzJVa+/qkah/61CkCp4FL7QNNnbcQgi
sQW+C5Xi2QB5tDWNmRkRF9cwCwicpERhri/rQZqq/WV1BiDmbCEgujxfgOo4mCse
80XUNsOqfRz40UAMIPUyZwaDiLgl8jXjQ7JTyJ8SmOggvnC0CApua92rToZlM70m
CPzt68j9JSfxpyrGqQpa2c5CP6qJi+eJGfUoLtmc25vt9sYilZTciekJmNDRMMyR
7zDppxLNGYuT5Ly4afWq30QOUsK/CsOxd8JNsZ5FFNbG7uh0996CxQjjFswah9KL
6Xp60mBNsYuD9ocaffelf2ShqF2KSJ/bkSeYcAIJ72mOl8EXPn+zKu5BDoanCRCt
Y0A7rxp3N0Ga4T6JQNOrtN1w8mFfeUWSwi4PRYJFqDkb1VKvapN3oCovj3wqelwL
K0p00yFDML9/SxrmbFjioKf1lKhIRV0IA6t2+n4wuJciyUY/lGQqnn6qQje1GtJm
NpTAHHMgM7ejBJL6Zpmq6Nj4xnqiaoAuvd09GjqlKpfR38j5DW8BN1VfJ+0fPo0D
nhLpYtWLA7cudQFWKBUNazW6YcfZeEzKExDdEab6CJ5bhzgbXEiw4Qde2snuVkZa
MpqvXgCtKkT6Vvm8embkJrNWw3ge10MRZQHUoBnv7D+ai+CveXKEm2sBMLw+qN5p
93ZHIW9LDyeJn9Xc+nuZBzgKxoA5UXA7hkPfOt9BVgIOcaNlUeMtguYf1VjZdKCI
LzXvK5Uz5ZKIUK0WuXmoZHXPcCFfH/3VSpME1LgRXxfWRi4pYyuxFFW0gRPNCizK
MSHIUDYbyzdTPI7Ivp4I2vUTjLVuiQSjYKs4SFc0EKsP3jFxPQX1vDfu0sC2h2pm
kV3Wl5903AEwsj7VXg5zUzLMJ+8Kkv6/dVvevpu8+mIpuBQ6nv6roYUl2QWeqPjh
18as6/TS919xm3ujanRQN7bxBJ8LBHUJPiuUe9iIj+2YqvlYQFj0GdKj1NTn4kSl
KFTg1Q5tewpiCiHnDok48asnI1TDZQrcncQfi/bQmG0BUwZNij4v88DYhfQuxek7
hRWqcFqRziFxXInHI1+ABF0Vc1nwZeAiwwanRSgPlUzxMDRIkFWkmpnQC4NoDNaY
ECsnUX34Ffh/0hx40cjbpVxpUcQuJpTiN9EIXtJs41DKbwk3wWe9VfQCjji1khsh
X3KlX+lPY1/UvqHHfxHPaTPKNtrjYtWnASxLoVdF72olBWGSatd/QDCRy38oVNFl
9oV+WwH6ISalLQJugqrcO2uVyIzsiKwFnFR5zqb5N0MdYSu9hXZ+j7IvL+ixFSMh
AKuGK1nNhKE91UfJq/rJojV2brpAa2PVuq5Kd1pY4MN6qEUY/UrocyPxV9cwpa5d
IF/XPAfHFyBpXfV3lBiEOCvEpUc8TGNuIl97O0bifFTjPf8KolGp8X0Th6uGoj/b
WWZyVRoOa8nx5W2q1abeKQlwaZoJee+HkLeuWqRklVb7kNsjVH6bJiX4zQErsyts
Gyz1psT/kms1dHiclEFAUKvqYPm05t90d+sL9QoB7XxpM0mtsMtgC8n4XXdoCf7w
iSsmnrQqIVPmGBKGUBimxvWyCN6mvWgi8ElgmBWtvdGlsPgAqr0nZrGs4gvd1wu1
Aw8mhxEE/brrjPs7o4BVl3Q24eAfr7ANJRQabPapOie4EWeXyUdaljkKsoLauboR
s+CjiB3TdNdRv9zfSBJEocFnQ4MaMvdYXKDVZ6ayeYVkRPcBPlRCMpwHtr3KrBcH
1uHpRtsLV2SQcl6cn/EzQY5Lus6aGyB/KDSf+ONAuhv+BziNvh8ThGFB4L41xIYH
0nNdek9qtNOby1pJ+DAV/CSQRfdRrTMQuTKI+T5WqB8BVvvHCqQBP78YYz2Do3K3
2JjAVe03MdmMvDDMfDICdYmKt2Lc0p6oE60at1O51zB/WUvnGcPKTVuJHlCnTQls
wI5QG7ALhT0MpoVmmJUstqgQElIeT1sQPKf1l3g6HpG1V+42V3Gp2Ne4oMGni7pr
cssoAAMOeDMUJHObx2B87iWUUpKC6UnlaYFlgIixrbiqba4q4ZYrHdDxV6YWNNQR
Dr1kw2XnPHdqRW7F0rvMCYITEP4Rc4DrzMhzTHI5Esp50K2657QkYinOWb07Ki65
fElI7MGkjkfc+ToLDUIz2J9irtdTCZSlQDIcgHISCHq7jfVYjdt73ffVhUS2Nsw7
dlL7RXl9TzmeyYTCpkqTsVsz1ncZruj0fUlj6m0RmFQynMmD9lzn8o5+HRbIfODy
plaipknwoHZjhRYiHqooZo/0DOYHQXA+0vjkQqquJKz9rkDeannMedtBH2Uq0aFW
jPT2PlEVsP59lVXjwWwo2jTjk6F9AOaSb0LW0cwYxJJ08Ev+/NWiD0WMEBwmoJ4m
cLxub2XHm2XUdgiXz6EUYReMoMzBSKfehJAZ6rkUxV0i7ZYRLBi+nlRN0XIkTu+o
4UKMLReeTMcKW5yQ1x6e0aQcRxw39FLgcRjF8e+feny2rK9OGXUojgVU3+1LAj15
dQSi+dw+RqmvntcMqmeBhuEWf/KYbqvTiIRqMrPNnYE0CfRL+y0xS7QVv0GVr3YL
WMOTTwJZ1wK+JDkrToS5UvoGolPNDzi+md3sYV93BYqbMvzXvzIGF1wq4+h8OwH6
0p7TMxaQK0nHVh36+FW0AZpWApF9NTDBMFXsUiWFENHs8wU13XBgwRBpDuoBqX0m
AgLfBgtXspJq3Qv2qfX7/ltEhG3FP8pJT5iu95AKQD4zm5UaIxqpJLCIO0eagV4/
f26RrrdnNKJDpWuT6tkE7tD2bKg6d8HJXh7FthEODVu/47P1kS59flwTswKpUP5L
Ye1gxEg+T+gzcvaoJK5Ymqo1bH5dCEfF4GhZddT8bGDJ3twRgUHir9mpqVtn3C/7
/ak9jF6gwK1MnJo2QD+OM57TmqhDIZfEvYRn1fiIaMte4As4msonmsSUlKG9i+uZ
i5c0Q/1xIoUZ2AZGMGvYlGsAZomj7hxiEkfauxUESHU+BjrC6JiTzqt40oltn2YP
q5FdnVsdCilp3vMwiH8K+vS570QDlU3Cd4qD9+Kv8UnFyJ5yc5wF8ryIcT+Dz+3G
bRihn7DAjcklJohqpif/PnDzBQhUWkNc6Du/GE9llNGv6iEOJbRqeyli8WGMsJBj
p2zTWxHy90xvXqpg9Jci9JDg/ZQOe58RS8hT1u129qRKPkupf+L1c6GZqomxZ4us
h63bK4GMIjTOkYzWU5RrDm2Lo5EXizbVfUtKLgaZolxtVdPpbVNXcQNJXEPPjvrZ
HxJUUu7gfacXyeJwqj4+9Mkh1FXZ4QEaueqe+ZwrwAXlS+cN5PNNAKcEmYXnjAD7
dDs75K+hx3/LtHe1lbmYPjG0WwyaWFV5Tpz84PSz7FR+tmFbjnalqwLxNBmCGDDp
vClISYOwoWcJRmVxqZqTqWUqOAOggiz0VW1l+RO3z0TYbJLJsAci+AczKYRyzLGC
W4LqUchjKmgzXr0Ul7ERgR9v6doa0p+ajGrPf1Ys+VJZE5Lb1hMO/E/nrFtjCIGS
AAiD7/MLA5FRO0L72brj37aIXMrrZ9fWZMo5EwzRT+P7hzGMcICyH+l/52it05q5
K0r4TYYD3L9oTEpytBI7r3hmf6hr59aez9xbWhHaQYU=

B.3.23. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10140 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6502 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2125 bytes
   ├┬╴multipart/alternative 1144 bytes
   │├─╴text/plain 391 bytes
   │└─╴text/html 486 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <c6774fdb-3ef5-5293-ab2d-eca8b66b4bbf@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500

MIIdPAYJKoZIhvcNAQcDoIIdLTCCHSkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHw/91uDg1fJb003YLEnXot6ooUedmQUuwrV
0+AAMXpx+Ag22aGkQndo1Enr51SPudU674Rqcmd8GhOYv/SN7k2hJHcVJlNB1Bqk
KBlndk8OZ3CmHiV04gDZUaH0CvHsXFS/SV2fixL4CuPjl/KolO1AFuOU336iRXTe
cxiI6UL/n/feSVf0HNqSFgdnQs1/3pQIOA/33mSJBN9gLsZIohefKGYgzhjIO9EU
T3PKk7A59hZhZiso1DMUSnuHOMRRHGbfPK1e9mMe3s/H8LXkqRXFeb9Dvme3R4pC
GHEEsT4zJJqOTwYC2o1qn83v22k1Tych2daG/sMgDp+1nYV4KIQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPe52qnO+vt6h8MkYH5DP9GdZ
UkyDSFBx4fkz1m1OivGHVrmeMAacHrU0EIthagq/gIoX3VL6+t0czMIm+l9svu3a
tXUyCjDjOFS3gXmlwxg91rYWunzlMj7sMBRt3RjvZXUKhluL1kz3f10J77Y9GoG8
rDj+BnVM4GHuKknTTSaQDYsXnarJOFTLMHFTMefuAf4bSxn/WyNU720tNYG1M0/O
pE+SZPEA+we615WjdMvjwsBZTlhQKxV8mFsAmsiukjWYAWHn5ZaPS0xA8W80NyEh
GF68xjy1tYBwLExtii2NqD+4atl6aXj/odar1/FTLCG4fUJeBWH3/ea6keEr9DCC
Gg4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGkoJQ9zwq8mv0aBdHyfuSKAghng
Z6pgVbu/KHUwPthP3sxFazxNC2ZfrvCGWwuFAxAZQQr5D3WhHqUYWhWoMRP343rZ
NjZzzBNA3KqDRoZ3Oj50M2ekjBb8d477Q2ytFz3wuC6+0jxFOl7y9OUQBZnlBI2z
HdqO2YJhdmlaLKoRThsXHCdSzr1Jxlsp7fhkA83CcKAi7z3T890f4z8q7pu+AUvG
v1MFYxQ+d63eZTucWXdjbbxgzN9iQGlP4kq21IeccX5Fr6gzwwoTRcQSxj/wyTRX
pWjoVWfWedOoiMbAXsol20+idiam88MhdH0kSpxve/DAF51x14X7mMJJFogrsNao
ebrrzg+hojwO9CMJvLFBNVlmy3EcdrFpeFsxUWKlXnc1UycAv5jNHkERmz5gK056
a1BQFGkD38VsiH028KT9uNbpInx1FNsvfJ0u1YMrA04kuYcOvbuBDnF/ha8Tdj+v
d6No2bO5O+jf8OTBlIe1khM8jV/Cy3pYqixAm70gH+USuvVjvjLhBp/EJ2xWA/mv
MbvbesuyVERZpnvoQlA3bayJAV3HyDZ1oJdmEM7/ynY6J1GpQaloTQcfvFbhUnYa
ooV199V2kXAWIJ5cKEWFoLFHv3wgYQPK8lBpqxKlp4/ZqGpnjG6I7liFNxDc7mzU
dNCK2fUu2XbSuXz1gz2XNML77LkD/0Bbv7clktiCQ6nNCd+Zhb2oeGO/WO1c1m/a
5ZFI3pW07vLNIAaOTQx1mBUOc7tvYi0PVmnj1k+6UshdT2MJyUagcz6yPRWJFtfg
LaPNphyRVTYPCAoY7TmfBNoy9VssOAbbxq8JjJOL4aV7mS0J56BHzLUNH4GQMYso
nEr6b75sRMoV1sYAinDf0fg2gAzWrdAOO6XjNQ6rdgrYbHPN7WqYhcstN+vTuGAP
Ze42pN5L7ayKXKwrTIvHB2jliP5pKNat2jZ/MiLCzfzEvSgburwpYVqkk9t8ZvEE
ICmsUK+vaF+GePy0LO3/G1bVBFPHGdFBTB3DAbo6R1hF+sys2/xR3Lc/8+mPJThO
3gAoMXTRRgBxF4pTgilTGF7JjYbSQybNZ8f4Yl3IOZ1uStTTXa0f85G0gYpTR3dI
cCk+fTDU3UALldQEr8sBm/hdWxYJ6yL5kw34R84/vL7yZhs02z3rfVV1/WNfNF/i
TX8Gl4PYT3IZo6AeSZ5Y01Z1/xx81D8t/azHhX+ln7LZVaZj2M/2/tqI22wWNjZb
yiORjDSjeJ5TvyElqVIFXYw7dz8vK0GGzjDTx/OS50hlmVhJ1rfY/IWMrHNhSVAP
H5vcjQ8duMhbPIWj1/w3bhOL6UWiI+X04lcElTeABE/ZLfgA09EoN4+kbXWGBJMM
BYqWTsp8/tKqZQC1jWS6drh8v08jP7aMRNbLNcYS9ZG4fpMdTJ81onJgDeLdUks1
uSH1CpGop3XGbFvOHN1YS+m/ftSMRvfJUXKIixKHRLIhhclwaxKXWzvfn4Q4Tsli
jKK8UeKOTXI2bdaNGkDGVW2Abo0YdiDqCe5v5lXHiPecPxoGvzU4TT3625sKlmfi
4f4X4f9X+E7e+6iSIf8bs5rJZDEnE7AwDLqGpupCYO618Oyuq/VDcnHFMCsgvvCJ
yaBk9nRIYJfL7H0uJyn6tjlCqbu42m5zCM4ONiQ1GNl40SgJykTKe5opSy5nkDDy
BMyBdnspo1Ql9HOdvLtL923VfPD1coS/MjSg7kRVPqOJdo7odN5sjUD9ldnFI6he
97w39ivE9zeGQkWMe9gQts0fy4QN6bLxrqSbtSKpLvd0afpbaE7/zyswtPu1yhsj
AidFKrgOqyuiRdychkA06J1qSsbiBpvkOsFmeADqdKnG7lg4e3tmGME0rooIBfHq
txCMG9QzMebaQVI6TqzA2xs/ta2OrokiN15YzjjHhLgwXN2Sr3eOXxUR3LNF5SZI
HrzY+oBoamyDFSFEJLAHfOJABA/bruPwCzIzraXq7YtkOJNZGSK1CvMpk1orMVrx
vdMcoGCT/UcGOLakk+3r6OeuHO0T4UWwO9/vEyxWWqUZusYiiR2hlZTgBae8F4nt
QLhb+sZquSC0a7tf90228eK7nfmUjXyhk07wTZkFL6vdxPvdzfrAVDMTMsEOl9aw
XcXgn7cMshA1qoY3GJwnFKvvHwZD+x81crpVEMXUblnN10nseH35EWm3DHvHJr4H
ET+jbiQfXiRs/qEZAvPIzE2c4UUkEYyKPF3fFNKJ1/qWgAh6o3yURYD49ayP+7gW
wJYQ4Y04aaGPxURZxBAXeVS3t7oK7ptTa93isM8fxGVJZofraeCX/I8VIgdTXzzC
QI0smZydy+GKcQi60U2/S0eoQ0zmCd54Fh+Mg7YzJsyfxGhCoIVEkDknyP4rMBr3
71BZD05pxqWsFRoHun8Aw2nhb+TIUNAHK/6iBHqlRNljhEsfc5d7yEZDGvA1RVDX
oZAhXBxcKz1GJGd1At/hzZDmj8MsxoIhRN6pCvBrN1x7OxJybtnp/6dKtE9A6VRM
ek/zdWKIdHiZ0nNnp5SBnamRCx+pHECFtTuQyVmcvzbH2X/itmxrLPIAfdLk11tW
Qv19Vo57I3MKfEWPVWVsMQs6gDk6n+hfSplhIKHS1jv49llB0RELdp8Av3ijCVae
jjAqi23xwAFUE6EtniNwwGyFGKMdbHRRNgsNiaUS49VP44x/60ae4cfUQ0t1qLXW
Z/fmGSB1LeQUqlnv1igfRW6u8bL0bRwrN+jOPWmxxAdS2ipjB3e8PIbNHDi+sYtW
B8SRWcQ1pDUEtyY/hGl7pqRtxFBgRZWxAQWMXwVh3lcexasEd6j2cIRklCk/70rf
H5zXVSw3LNDps90Xa0k9TnP5x1Yt1L89SDILylDUlfpzhwhsyS3V5fhoGCdxbilS
qjA/pYvqjC4m1IS1ytjj3bMUvbP3x2etnqoVSGAtaH9ewHfCEndFIkMGIqlWee8i
SC8hvNR8TcWIANzWxqlUF018EMQEN1OTAjE59K8sXa4gluyXjbN2K/DibdbZG7hL
XY+oQxLsW8uJdlZvfiuqLnmu1sNogAgrJCvq0XTG6dx3MuaTC4UcijGpWvS0r1Xh
FO+4qmScEs9tg5xXRqRRhbu5BXAJ/TRlZ6vaSKUoeLQ49MC7CeBO6XTKHSPPo6x5
Fjdyq189O62hnqKFa8MgMfwx+vpyyA4KSVPN36Wl8EPmYNABkTMlTbL1+SHwAMVX
qhDuDNRZv7ol76CYrQrBqunwzGhV51vhkdT8uyqV9VtdfdpL3gpQHbqqIjSQT6/k
iDfMI81QLdHXv028jFSNl/huldQ6GluOI7tPsBWVoIcaKCFOz63dHfOQzPupT4wO
ZmDv/Yae7wLuhhDCFoe26A4mAWufXCkfdKouP7GygaLVzi4V2bYVmVWO36XDNDyI
6PETY9bQU+fOHEhMLKdMpkblLZiWTclv9PIoR4dwKnufsnncbZsgAPankJmBjP8p
tHvDrctJvqYCZHSyTqT5IWgOAp3c8K/RxD9lwiFvCkEcA0uZBUqTLwZJ1bbKLxEM
hLmtBn412q7ic+ud3zT5O2fAeuAw84tKKKbpT79jxiaz5EOATiBeEYmR6MNxux3u
TDvBabBA6h6Sc6NbQB5QpU8knGmoGyJTm7nwNPsJtud7oQ0pjt//XIKAGE4xBLAT
qB44uBhwJETObjkeWKqVV/Umnv/TYf7CZaKIA5udixJwglOLldPAXgNXRZVX2+2K
ArZABmju+eEKLZGqF1LIXO/20BaIJUbpK+DSappBovKoTGdSTfr83OECfVuP0BNu
+A2IkB74WzoVJm0orGRhzJZlJlC6X50Mqc0+RXTm2LBaa7kl8RfnUQpRrl4PPJ6Z
JL93AmfFZgGLt9N8ITg657MHvt2rtZpTb8c4vBDsbg8kuDH/CMyZFt4CpG7TMhTC
neVVRYNHwj/d7Kd+9T6UMly9LGMnJtP7yXPWu1dLGLv0qklwRQCfVN6ePHHLAW1O
b4Or6tL2kURqCL0QkIVxmJx3Iypyq4mRSnWcZTJ16hvWVW9P6elXERXUSWf0GHRg
9JNFAENt+p+x8rocnrV4+AOg952uhH96f++0szz6T0aM37SKfUfAvJV8XdtZwyVj
a3LAh8vJzhfV0WfRv110UxIZUVP4qM1K+cTpj304bE0hi1gQL6+26s34Vrv836SG
Gae+hYTGX1NFjReMi9r/X4YY9EDpKC5eETSnnZYSkP50163vDsVtTmZfkSXyT3vY
7p1UaF6AvZTdhapMKCelEq0yMiOMNSIqXC3VX12bd4miHuP8Z6FgKIn8vtc2dNPc
d+d3EA0+Gpt4L33lokogHAnEHokiiZkvWJHyw6UDunRmJ3p0AxR1zmgGbFGLeuYV
BTPlXlyYHRHuWI+TVL+QVc6c77Q5QRvX6RVLxeqSW+drnkHCtGX4eWz082xy6lS+
SBoOxt2JVPYvyiCA5cTkALyVhlbak9dHMPVeO4U1f45c8mApm6xPT20l87vnVBxd
gWwPxVaC90X1qXvaTvowO8yvgLQPE0+eISkRCm3X26Wfyck8W6HsMrUEl8Boa25H
/Txq2TdRTjkIkaE8ek2YOMdv+JFnkxbgUEijJjRt5rYDzD8M7yTePkrq80chx2WX
0qUjD5dUkXYXsGAB0CyoE7RRwsHuzc39c3NMuMzKm6zBY2Q8jcC9N4ANzS22iq95
1nhN5/7dUkByuRMpXNqhKmkP6AA7h9H7YNeG8hdlmRB+3BeFIdezv9tlPGs/mtdZ
lmsI7yfIPDTXF/7gF5KpcwAhWQ9uMySeTHBZwrLP8mNoTcoH/0r7PRGUOR5Uvf9A
5GnEH4BhgnMKf4MB/TbhkNMoCB1Jh2NFiQ+HlnJRxRoXXjZdIQj7wF7evcwHIZxE
I/BSUSCrLeYOsO8QnOLOHbfiJZMlthyqFJC2Hc22zmeIu7wNRMAlyQZMv/0z8qAk
Wd1MTpT2jFBn/uVFwuEBv6vbKC9Dm9NADBS9xg0P39FmhYtzCmrWuG/gQ+JP9RIe
vuw9wwjqxH+VEUwSxNtSAOFPyHlm2ggWSQuTBRFflSfj95PUMn6kgNFwaIxzLpow
quFfqhz5HIzdjLlAYFOzl+MepHXGGNm/H8UMAV8tO1MjBIUqbVjbGSkF1p2oSVqT
+9q928fB8cDHy8rSFVUjEMiJT9uEQHBr7Xk3d2gOHBJA2iivjxcYe2yWa5qJZ1WB
ObKTXaLVbLvHac5XdX1vNtzzF+qo5C5UGRng93IIbFYxw6V1kF6kQYJMusgceMLN
9aWDHsuVtdQR+mNP9FOKktTQ3GzYM/szBDi+ZaPmkswmnvA80Q4Qbrxp//TZFLKd
HlTiqPTk4XgQwS7k4K4kv16K7Fn9snqqUBq9ODaxrEfvH8JS6pvuIvf+wvU0ID9H
23jaZ4wj1CkmzWj11G/jWBHiMhaXc8lvS6C6lOKyvVFoiJWOvSdhqM2jgm2TYBSS
NI6hVgLpAQvFNgZuKopRgHJt/OQXfQBCUA0ijEBxBJ1ZDzk4xSxo5bsw+85W7Zz7
vzePF0LmT7Cy/qkGQW+RO4ID96w8Lq3+qX0aAi5oPwvA7G7Jtp+BhPucvehn3z5r
bl/aMEcoIgTd49gpcYZLqDPaD0SsOYBicShs/CtwqdoYDgwkzi1WfQK3KIrsJxPd
Us2VG1us7Els0zQKz0pJuFUzlxdyz0339tuh04Kc39DNPzv1acwkPHMVsYHjOqmD
zeWxpxHpiVJYX1V/CEHaOCtQHu79WJZDHDWaiaXopVp9V96toArzz9nZffM+pSJL
Gqv6P0DZbGxecnSXqQNw8nucoEK6pXSoofCpCCqWFo+xi29Mv3gA982UDEDubW7D
zpc6b3luSYEw13p7VMqWsbWsitzjt9MBq9g354SWnTMoF5yabvRoZa4gj2j3Of8Z
9pEkpEgHO2cQHEgrHvpFuAiNHk2qBmFiIp0/MUIeUOXVsrD9mUzoTe2W9YYeIAu9
4yE1cT1apMhOoFGurW35lkxbRlGQ4zy+osgikbuK3kAsk0HHkibRR/sXLMrHgy9Z
gdi3Kw2aU4nyzzMqueoK3rtC5u1IEfHMsRU1E76Q6TfS1gcITGDXwZJ1T9z3pfa5
lBet5lV9MCBpOpQkvxGt0OKvmVcqdXVSz1ZF3j15qkyz20pn7uyUWrl6r4ppqIPk
KMkiOzlCKIIWfnnA3dDiF8a6otgX+bYGgBwxOoZ8GIzIhqLkrJNvF5ufeZGaGSCo
iNT24WGBcnKJot6Zrr2K4mo/eNuvTrYv4dZt/rmWBUdEyug9VK0fiSGfYED9hUDA
uxGpRXxIU1Fq5w0HlH1tNH4mzQRIIMdS9nw3xCbvPDIwOlodalk6KDXF2fy6Emgt
xSCLb8AlWS8/S0VtaDornyN1ApTvXWX/tDSUa10swZpJBNB35vrYh8NOcK49j7Kb
ldEnsuzSROZX7hPZvwc9z9jS8IqNuX0nPr0mNLi1gpxPOuW3UMDNr6gKBZnKqcGo
HnWDll2Air849gN1EAXcGcORuWb4O5dOhu61csSvYKvaEj4Mct76vDaeFECb5Pzj
yUQ4Z2UFpp/KsnP3B2CE1zdxu1AstDRdO/x2dcDWLJjUy3c2wM+U9nvHvbxTnM12
gx5UVlM21UHeM4kiwAhYKjOMsnpx/HnNk8kqP50OBlWwusS3JTr76tzBtzQfocqW
HEOMvMy35x2Bh1ql1PRTSh9c3mgSpXIPut0l4xvNBtVKh5GG3rTZf44qJkMbwy3d
C36hOWWkV/z7y5e0xERArT1CsFP+uDdGny3XGUPi0yj7jz/XFy3UnxzsKGVQPaO1
E90Ezi8eMNRtx/gBy0s9KwgUvam+3dG525ylGvbio2mrgLuTI2CKZiQBoTICXkP7
/A1RGp9W4wI23/Xt3hDW0XuBgvoJb6UxlNabXMBoV8MQF/KfWVJ7nnhqQDrRujuo
ya9Id5L57bLdP4SEHCWLvPERMDzRk9wpeVgivKN29Q2hhAU5RCgO9KjXWd1moJku
4FAlTZErCqfkIHdLTN5GKeL+kYFIfUV8CVlr6D6MVwpN5QGzX2Y/+iat7iS4C4dY
MZlHqMwkBRdxyjBBDYBiXGILjhgMGQ8HyzV/sJSYv3pDS4WfqhTW3mSNqQ5OcVz/
3uGZeNe6ZkbE9EyGe/rRVCiBT5HkCpabG1l8Bj8MO+Rl9CM7ddVvO23WbaKt+Vw1
f+yzK+LAELR3XfAfqJPo7nK1UE2/QOLFDw0W4/uPbb61lRkp3lMW9NRznAQsUAuT
HgLQT7Q9hn23wBTiQwiBS3kej4Gi6wVW2Cj4o/8EPR0qn6ne6nhGhgcYHpkw1Uz6
Ql9vjLyUFKjEOo0NWOu6pgyDcfW4uGNzvsdxcnvRQ4+qVyHeXLEM5d2EhAw+TzW9
vWDpgYTTa/ZIILvJv3f4iKNZYs5PeUJWLX1IPQbrPPKFevufJk3ld8K8QRuxtNvx
aKp+scqFC36GXvCrGsRlHVaawBCGkCL6DYZVTDtaWIwztIvCXu0zOR9D6hnsbmFn
t15MSUwr2B8GWm1I0yVgxp9U0tF4uTDUfo9BLnPpJ+2QYjUEPXvlBqjEaw3iQsBK
h6XPNfRJqrRXJCbpCwZSiqSMKPgh88PB3F5Hjr6//UgVY4ZlwfYLSUgyZFIKBmKZ
8LAdeMKui2WTsIlHMlTv+yWcbf/6m1F6qx9Rbl11Q7OxGAP18JkfVBdNuFqu1iLm
ir9x10Y+8j/GcaYOEwC/CHxduAqprr03sEz45oM0kSD8ZfhbHfuYH/QrbEdZQd87
FkCzNVdV3ZjGiaOI4o/0CpmBfhU5xN5G4tXY9cCfIXEpkqvO3/guoOlkbNWBHJJU
WGLKvluSpoa6C9bfnaS9xr4YZjolD1W9odFC9uE6aHyMNFKTt71YT2sTMbVG9Ylo
BWKv+DQAcai6BECVv1bvy9UyhicbzGLFXRmFS+/pGSi6h40eF7uEkUivmlZYnN/B
yKL3yEqV7CqpUYrBmAC5RLj0pgWsBER6B9wf5gfRL8LMZp3lO6g/w3yjgH434L9H
Su/VZmVjrCzZIOxE/ZG1GGMUc61+Z3D/9lQMeVdWs94YhoFT4nn5SREDVa4+4YWw
sUokqK5i6los9mYlu/SJPxnwdCZxk/GyRRqH6Kk7IW2iWVXO8DEn2+n5szNLhv2E
7OazywsBB9jEH+CfJk1mgC2gL7RbN4TDguMZvNGmtK3y50or3wRDMsCBX2iWG4r2
9HYAChFcmbEWlCL3A3y5MGIFTrrfIYmKAWB8foM6hhWWFVVTTIxPqlvSZ6QXz0MA
VA7VL5TVxltJotzLAbCKoYSRVmtJSEhsxTXHcWPX8YUpZvop0/dWsY6uJBkaadjv
Xdp6MyF0WPqs3TYKFjZCHueaP8vq46vr6jP15h3tpxi5Jj+TWgqbOGmmn7reJKvx
xNFpPHjydvLC3FbHoda/sE+cbjDup/bbjsUdZIVGulg67sMZc0Xk+eIIw3RIzcso
f+c0AJz+6bGZ/k8xryPcGO1pud37J6F0nJZH9TrEAsjFJQtVmZoYbHDsZq0MVHw0
J0YksygeZn0aYHVA3gxfVcG2PbQpeXfnZyUsQtfjZOoEH9Wh1vh6bSFs+5TFbIUC
Twxyn5ssf2yjxTrI+kCxlRfIe7r5/etsBUjQzpKju5VlXcg5msTqO2xj0QFKyjyZ
wci7X/lzVJvf6T/v//ItTWzmUFEJ+Bux0vo1jqdxlsgg1wPyAEgKBoXVM4E4OJCL
vjC3vLlb8Yl134JcymIrLk1D8etIJdhNMsoil6oy7yFtyxmqHjJ+9EqbJRhef1au
JWP7++n1NNtheB5YoLlGoRfgxA8pIpDrFlUxdYKN3mBX+IdaTk4f+gXoNpTXbtRD

B.3.24. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10790 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6968 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2460 bytes
   ├┬╴multipart/alternative 1449 bytes
   │├─╴text/plain 494 bytes
   │└─╴text/html 646 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <acced3c9-111b-5a4f-bd80-34558da32b4d@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500

MIIfHAYJKoZIhvcNAQcDoIIfDTCCHwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAAqBquNyGXBsi563D5scoeCEhSWiHeZcEBof
53CMvSnOVtdWust0R7xoMAJyq8ZDsQ/rIWOAvgm3xYi/8hVHowZtCe+dZozlkiG8
yLla7UpcJVoqRZfMKoHwgySP0vNK+1BhgSQSPO6z1ilT2HBMeMBwjJ+6y9/CwOnr
hRXiQOWlBTBcLF/P+rpuAsFtv6jdxm/jzXEMgQe5j/aConPchgGzKHy9XiCc2YOz
RZDJs5Zc7cmnefTA3f0IH0QaO41g6ST8EnqimWsec/eNaAEakZOZZJRYAhgLXciD
1qjuByWAAn4h9KnKXWg3VtZpX3I40YMPLw319TGAJGnP5kh+DScwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdhmdRrcVpFpMT38ZFuEl25Pt
kTT7HYAcrOSov7Fuohjk7kukQyTQCG4y73sHeu/FZ1IPKzxkOU3kfBEbJunPykkc
VuFJPQJmrDpk4j5dvSqikvqU9cP/GliakTrCBiLdb7DO5jsA/8o+3OmN4S8F4Mjw
gA6BY0DOT97FeTKpMohtlGhGpTtrVe8cVe1C2QPD0rKBYEgwJ7t83mzyaaj8Yws1
sUAkjFY9hoTuwLspdiTqKbuUvEZaEaKrhO10WYqoTpLPjbl33KCo7fhtwj8zeVbR
Gb/1JbKsc6y/raPG0sTZXrCMQRmAJzEaNiYAmYaP6qdL0VuBQNDhEEf2bPopuDCC
G+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECnSfmBIh5urf+GVWT5DQ9mAghvA
jKFFJHAo+gcmKmrsfGJloYSxEavtMlOlVK8qttlITxGFRxoi2frbYzKjM0ELjKkE
0QSux6e/uGdvnBtx85/O0x+zECTF4jTU4u75oU+pXgAKDHkHQvn/SAeTaDMR2iKU
W1KJXpL98HqBBmaKzXGpXXt0WNKG2fnNs9+xOqzC1TkyUTTNOG81N0fkosHCBmdx
VY8Uslp+BjRKQ3DYIEHi3e0ktMCkSRh59s0J3rOpyAPeL8xtQF1SzjCSBociz/8H
OOECaDJ9RyrhkD9E8t1oeTWF8PD1VMsGq11F/eWPSGnDvKL0fvHPmq5nA5KMb9i0
4wgwRigvIn4yadhughQigM+wveRj7EpCXzaGeMusjc5Gzfau78VguIoIVPnBInwk
cYAm4hLR4SjksWjKctCREwCB5HhYmrCl1adob7AkLSfVbGEGW+wjcOByHSQtLeyX
pjsImxrygb5WpczagBwIEt6AYk6kgWMsPtHF1FYtCHjdfv1Lr10zgVPuEHROM9gA
0kWUnfSEdckaLw+c+YAde2q2NCt52wq4c4hcAvhJnJP0x25HWG0DOsoCp74zx5jz
DuUvv6q77RFZtD/+ykYLYXHhMysKNq7d+3jUuQ1I3LStZ0K1xxeHsKN5l5AGNK7V
3HT6LAo1W4oOUOBh/+bZRm6fPNMLsoTC+WHAiB4rOTUeljz7PEqTvpeDSbHbpORn
Oh5UKUuwTEH6FmfFUCMSlbeqyJoSqhsa1F5ccEJKRzKVR/ujYRcLJPoxRTVEWUhG
agsyQ5893TjSixMFyvB2ZFq+I1JdL/NU398OiwGWyg6FCck/UndwbV+DVrQ2pfgK
s1e97pSnL3w0JjMXpxs5WLWsf9wy2eTajsVMA9RWaHKXKPcIgTmIC6M8q4jWxie7
i4ZfrIVAHTbKaDaL1bGn7Y6nL2aWj1pLke9kE/gngZpKWEiAuG+MjY27lAbNZB6x
zJLl8Btd4VuzhmYnJCPBZ9q+YGV1TVtgbKeq5c9/O6T6QvkEzUlQHUwYKjXvZAEL
ZbGGzDcXVuWoBbP1fbzzpWKuhzqrN8Jvof5e1SBuKe8nnQFUAKiHxzf2shWkQvG7
gPkhDJdcWXErpohhnnmEzE/deIGWRp2Kmh27/FWlFfKbF4s/UiYI2za6jNRmCSF8
FoTtHw0U23YdKfSqg+qx6Cr464wVlV7jUgBIfdMdHk9qx+lNb3vnBpYnhg2tVHkb
aCUfOQxHN7FHySdDTMunZSJ4DLHpS+e4ufY6jEmUwdgz/j+qTTDon9mwH3liyisj
o1nd0vA1ftBh4qfnjV5PQJ+C9vYhHU20V/uJt78jGdFP27qN3lZPj1Vq1/gPT/r6
BJzPXJx5FUqwhEkMUE6B5hD519hNNrrAltvS1jugJGsoGUwbw1qffE29nGxTJKch
+pMJUOXRUDelO5a75M9ui4r2nFb5yUhJh/KwBxTgfsuzQ2kZVkSv1GRWzFOKeV/U
SoAJXR7mmxpKqcf0O2XdQYQq1kO71iIGqxTQefTGNIsv+VSCK9VTjbD1RHBOOft2
lxW0GyLejwtfvRuFBozL268ZfyUI0xfqVRm/mjT27zBNoBDVsF3K8AGvuJRCIoVe
Pw2akifn2+n8w9n3EDNkck4JDxkL9RQBULMYkxAcUwfxdXzPT/ixNHiEqj7VCu6k
qTLPr7Yt7qLe/BbndIs8u/rDc5SVWmdjzX3s0po7uw7XiII3ZvxWVmBhi65rJUzD
bx1pzA1+lrKGcnCetEPpnZuirmb33CKBrzLNXH5XTE1UfLr4g+kEWnFJL/ZvIwct
VzxwIGkeWfrkpdR27chlbGwXyZGeqhR7SgwYoev9wvj55VKfGajWsb09Sw6l3FgS
lQ9fmgKv536pYlSYClfFSshuQiB0FVDlagtnb45FNGA2HaNtZuT+IWfwBpj3O8zI
fEGrm/NzhFFGnB/R8xqX3pB4nEQgbZ09Kbw7Bvd7XQ+2v6zQjHy82TP2Q2+vnDJN
fwwwJJ2mzT9QPcTjUu84RAT9ritBJh9QqU/pskeJJ+LW9s37uCExICMnbaMT0btG
h8JBUYpxJ92M95l1NSgv9pnex7PfUTdAq6CEyqnN2K5XFZQ9kVWYABucxCd++sO5
uLOTbepB3MRJopgKpMYThCHaqd/MCc+J3oO+Jw/g/zTwlq2tXiNw/smN1tsRO47x
ec/I9fK9VkxzXa34HQ6uhjhbzw+pzNUimIlCCr/ZrAGGyUx+GqiAZjUWXuRtETFp
iYUpzM4+0Dnv5ziQQNTWizAFWUTW++FmHpU8Nza4zqiVUkuxsFQC0I4zR9f1C6Ch
2oqRkuFIa2O3tf76D7h+BwoBKlNm0yWjZFDpb7lfbckQJZUQ9CbdpLdzYlSW1jyD
rO9sRMtZeW0rE54k0XMyZ08MIUbvor1Xiif94QdhtWMFz2ne6rjBfgh4YF89QDtA
zjRBS0UeHXzv2N5LnYLaArADFGbhm4bhZVmgdQeHiPW5EaUF9PbaiWXs1E2dz71O
DIgZAaz5ij3mWgRdu2uqBio7Abibsfhd0D3ImyEoB1AwiisV3x8ucrTLjlm0Lt4f
UX1tfF7hDqRnKrtgQFe94pruaA8aWD8hMhLyycnOWhpmBHbWEAe2KTh3xC3XpVbr
V8IQdjSxY0AY1n5ktoAZG26Uoi1V34I6olmCyTTLKqbJv0KaO69Qszj3shoIJbtF
k7WeKn8xgSuqjl5t+n/6F+pl0e4Tszh08+d2F11aBY27gGzxjf7HGBbXY6OhBZxg
vvC4DtZj3iYmzFzXIRgbhgJLAjvtXRftxs90kHlHAfxlAgnrJWmUeVFzVIf2/d10
VmJw/yg/u/d+HhFDl8XXR8YRUHjCAsnewhs9F2I6B/abUpWELATTnL+SPYxdF0kC
Ip/+ziCiOZ6uiwNwiecu+VjzrZ0iGVARGHHHZOjTxlPlOcIsryOPOrJ6vGMIusyr
cS9GYERRszavcaAQqYv/SF8Zi9VcuJA3ymyIHT1MaAghJYYzVcrr7NHWrU6+qf/S
zL3zJj3OGlUftX70tN41cJG9THfciWKIlFgn5AdKiqOhqR2r0WffWy4E3/A2tKBe
AESRwu3p0K2UuCniE7UAg2P8C9jS/OdKQ7fepdUEwSCRJxb+jmm9o33NLvnkTItw
4jsHHjDfF4HxVx/vouoJ37SQqArYThgLcaEWHRrNtmx/vPtYf+MrYviKGdCDgncs
ocBKiCb0Uzi0NYNjnMp3j3rr69jZfxOHI4WsmJlM3ANsyopuI9c5NeXEZIiB1Sne
GAxPbcpIXERxd3HJ5gOB8+D7amyejIvJgqUpQIpBBYCYLFSIHukonEUt+Bj4HcfN
lBct0KTFVaEZsjhPywdqKmzWUuPn6Y4IVoEeQnxP3cSkk5vhgwZq+pfVk6CMPnYx
ihmcuEiuzddzFL9IqaqJ57qni6yduEbo7AqGbaSDE6ISXtMvwjQHXNbWEAMbnQSU
BbmidJA0BYy+GzjeKDX2SF/wejnmucBvVGBVPDyZ8bhj0ZH1jSBRvoeqxCnP7JkT
K3SFIWvTx4iulzpuqxyfQNIWFazRQRyrQqmVk1z/u0Ot1mlrozRKPVDhFA6CwN15
djcA+pBv7qMXDPSjNwgZLm4mhlwpuQM1m0frNdWjLjvo5X4k4B2SCLp2eRYLw/24
hi4Q0gs3yNSbV3VODnCj+VIpLFnwoOD1QyOH2GrEnREjJKSjqzCGbgBkXcvP03oE
dSioL/OvppL4c5FbQY135rQ6YtN8Ibww4QgCt3BEgPjUL820Pod0u/Fs5nOmOd0Y
/TAPlSUASRNoX3huZXPvPws4wHXtymYobUeiTz7O9iJGN1htySDhq6hHNBbzoIdh
OBSI7/j1UwOFLE6gAGIkxqxBRCKur/xUEia5MLfWsIDkd+MiAqRdtyHLZuVx4J5K
SgF08VucGPJNSkxMWpx3OM65CBMc9t7HR2EaMD230L5iF/maNyMH5X53OHib1Zg4
y8PaUdClk6eoJc5qVzDf7a6xtuSr2d1R5gymyzG/22dLIpIL7o0jwcfrsAZrMou1
LoDtYkWxf8gHHMD4AmsrXY61PBECvrvI/s4CQlMvr8pChdtQJcuSH+lvuGUqqtFO
KnpdtecpSIAlh0Eemdhet53LcpT2EUVY7Ns6N7PMHCgtQHOTPLJMkKRw4c3FWxpH
230C19w3+Wvwnv+EDp6Eqza5QahCU7Yey1teE2EY+ljaOFqe+j1eTysemllwz46U
wOS0M6X1zJhwNR1vqag7Ld4ZgtAUFjQjazR+Ko2IK9lx6x+gxXkRDBtsdtUrdnLA
e0SVE8JdYQdJ55i7xhh46npC5ld5xX7igmlWFWpWj6V/5RoTKNYCdYo8UXK4NJ7B
yLYfK5yHF9KnLd9dTBxUuvOKYvdvKzgasfDhCd+SFwxLlRO1JM8yDxmyy4rZEUwt
f+Q9DTtlbINMcIowXtJCi7afhzQRsEnDy1bzuaCi72Dor6d266tnmDNTIQdLZ0jl
AivVD66/kTLb6Pp09BzZRY9x9P6SBHZ5RI50uyVJjSrmlSFjAKxxH/KqkpS06b6f
RBaSy1Jj/oBOFqgEehDZtyhFSKAftkd3qrfn9YhObhP1tDwgOrUtSXrSpazqSzcg
kS/zcFjd9e5lwPH4mPEOrrZuRJzWwrC2G8iZtAsVR8z3Ns2AWxoSDRSbE8IWxJYo
u9DbnvvJV4Ri39N0u1cfadWiNePn22TMT5bszIrcqA1XiAMobfKoklxmAgPWlnAK
AaGhXgvumPCYp6+hNItX/PGIdO11iXyURVW9Jq/q9CotmaRM1j4q3JoHuleARjjW
Uf/jgzmcEFBYYwftJJ6BJQtqhJ+HiBCVmJ1aFKNAXYcSfwBLaamN6SCQ8hXBuITe
TDqnbMo98r7amvNaI1iwXtgYtz+FkfRZOwjgBDVJfrELmeoXbM8Ioj/zvnqUW8Yl
cMQjkHetmeIqGU2Ay9GduVQW7xV9Gc7kkE7SIpnm/dQTL62rkPpA0qG17t5cPsBW
FUSCjbJR2RSlL0UcgZ1z1X6peuCN7XZwA2AvPPaZ8u2IWEqhyneOyms/4Zp5cr1L
ZfycEWokZ33zSGU7D8OPIXDkEcMas/a0hP7zYh+zQr7yazyxMOpncl6MNPJ4Ekeh
Dp1f6Rr/at8JRAdz08iJujlWmcbdycUagg6v19gS1OmD5v7gcScZH0AOzYcYpntz
f36dd3VZfDT2heEkp+dmlNo5jiP/ZxANGy1qU+Dcq5vp/6KyHn1QZBMHw9KEfIAw
H04zUBXDBtiWIsX6UqW5bHR+nhKaB4oHpvnGPFekQZO1+5v/UbkAwJpEd3nPa96M
Xgt1oX0WRl05AYfge1OzJo64KDryolmNNXAqw2gOzN9blHOeltkiNIwFdIU9gGHH
HdT7F3M6OoInXO7X7b2Vw7y/7Ze9pWTnACP5k75EXXMgd94OlclpR99OX805kwdg
yFc6ZKVqEK/5rHRHwL12RfugI6Z43aY5nVtTQpJCUgw6HS4PzAEbNrHAQlEd+BZn
tGXvbtfO9ps1l5AO2HRS2YzdlrcQJqP5wD9gyT1hIzoTn6Z7eyIzYXGgte2GChFa
iC6V3SgPAPi6XheH50GBjllKFjPoFRYiNJsqdJF8Oy/Ywo6ile8sByRx9jiASUZi
QSDxdMqt3m9ATbZQ3JoEGGuUohA5Wwn7ZhUDK1sfxp61h/lD2npjsS98hYuBdgck
a3jYMlyR9oh8KVlpSQ9ebaz2XXqmU2Egn9IOHQdQJ0wwqD7K5yneQ04/a1v3/0zG
jaliEfbgS81Dj4+iuucJUqTtS50K3H88zr11s1vr+KtFA0k8TESWk9ncDc2Uo+0w
jLIumCCdXZk+ZiUbD7bAdTYoCBKaPPj2RamY5K3/CYxRGdhuEra38Uyfk6S7Tjyr
UXvfEFZZVdP3UFvOO0Pw/p+iXnJusPZ7vZw7Zg5SCnO+RXtVnq18OS/HP9LbvX8g
3jgjABxluBtH2HmWyLiNhxZdG/OtgRzVYnBExVafqaBRtP7qNxIl8u36U2p9IFn+
99UNm1uZOup+yqVGzMDH7KUSTf36Oz9QpEghKwyohmK6u6s9FO3zHNVCkg2rvIOG
6iY8ro2q/KC4ioShoU+KM8DyBzAe8t8Yz/c06ipWlae+cMsBgulhqF7oAyyRJUX4
LMX1DAILi2FzmA2Cu347axP3woiquwG9GYiC+a3tfgzsnvVBay76JBPPUh2myy2L
1mxv1xewOjE+VRfBMGo6bPouwNqflQGnDhWLwKyNzIAI7AiL/BHK7xhT4Be7+xWH
7P/Pd+9OZbYC4heifbXg/y+wYHBLVENsM9sM7qCbuJSACuWQkNBBHJUQC1IZeGQb
Z1OdcjBQE+JNyJO8mo4cNhfIWlmJNH5lOjHRAzVO2qerF80ucHQF7xWGV3qKg8P8
x5MAQDTiTiqKFGOHj5onM3Z6rbmRSRdbn6CJu165GGJjx6EnfXlpMG7IlGCFHv1U
CVlTnop5onytADFQih9LmjNvpHxonEOQ8wuEN9CiKEvFo/kleDiI/qRQhEV+KrX7
j/zsGEYFjMMbY6Uk40cPpZ70CwS4P7coHdTJQIX26inNN26UvQR9u48mhA0/ezuD
ttm0IHs7uK9IHOm1MBjSmEJxbDEvwND4srbjlQ0cv84bSPX3HHR0HGkwtPE4zqNq
Iw6eOpYUsJDdNyToq3A8Q+omzoz30YUzeBBRVvbf/Mwrd0Ci8+QcT9DbF4qUkVYT
xwGPQTnoLt+5DDPsfLESLb1gXyxkYFavbnSlvNuAFl/AzD7C2T9GRvK7x7pleNrA
mwstYUVDPAL83egLxxqKDYeS7IPFZal3MJXO+/L8fr5zm+ZLh/fDFcHSTdkW/Mnh
pZfTjjc9NL7O1W2bpKUAVatptOqqsDNgX81mXd2qetYTvVdc0rHrxz6moG8qtb2+
tzbi888edf6l5de8UTF9u4rTgN82IACEZC/78eeaIVOjOgUaQi/qY2yxtjFPOCZB
l5Vwe/KkUMonf4btXlMAU0hSr83gQbhZR0ikKc9R42MwucOOri3mWafVmjN/rB+E
hoF4756QzdkT7N93iGToMeiicCu+nHZ6Mf/4wcOE2GzQ0w8LGMI2AxMxW5bBJTEA
/g5Eaug8JQ4dQ1srdw5Sn9CvaiyGOLvqiYMDj26YfPne75m29HmfFTgPI6xphEc0
Z/MCRP5kMXJuAm89d0KUZmXmRveNoudqmZ0VEXYzO86wn6u64Pj7RoN9N4gQYdZe
CZI33gShQfhpGVKMHK3lKc8tqB0I4PoPZF9QZu7pYa1Ki9VreFv4SA9X4l82NEHM
sLOHlj+7Mr7k0zLXaFOLO2X/uLUz+58aKeho9TnH72j0Za71C7BoIcsVhdvlvHDz
+nw8bmeCHZA7mrThb5DUSG6J8TTDcAqAHxwD3R+vocAJGNDtE/6FvPHIIUmLXOkY
Y+HPzvJhx4hN3plTXfLeB7ERgBsAQnnJYcZ/91sNNsC91ubbyC6X7Eu//V102nvv
Qo4M77evEo+ZW9vxyVxF+GjEuceiSCGztxKFFBhb3Z4XNNnClGP03GbAWAdnyI4T
T09QA7A0qwK5t4BtS57fuE8VgTEE2d29JmXM2J0vYqr1Bu7VWVvK8RjieqWi6g64
pA1NJrfACyitfbibkU51shu7pqrNKOrjiwewADLyUH/8s+HoPJCFellNqialOvMN
5Zy2nYs7lGfW+Be6iNvLBef2vvVhbnhRMbPCwMuQteJp3Vk1u98n78rVY0Q+G2wy
xGoJ5j020LCkboH8IBIsp0tl9Cb28x8AFTQnwWnXpjtmNAWwb9bakf+XvpLPkTlQ
/31+cHHBVIWzPBpbq8am8Ct2Ha1SRcOV3gFlU9jg3Us1pYdX7p0gqaQRgJOumcCu
/3tE8jye4VDUYwHmCiIsO8mnyFGNq7qBb/Iq4AXegXMHTN/loDVWqlKaPoq2t23X
lUWly0KzV68q7jYQSyJCSAbhXl/K/lyY6YiRPukCu3cOjE66SFuVFeVbEPqsNuvU
cgTWLyDibMP3dzP1YTjVtjsdxs9kMoJcKyRG6uPVuD502Q/zrF+tB14Fu8tBscjM
q4xDg5OfcXVH1HAZDDqaPYJEANRVVAEfiOapnrHC7lW/Wit1gCGKyHtwpXNyGZqi
gTdtdDQMIOtKXYcbA4qzaFRCXHAisVVALhzznSlcGPwKZuIKOR3FprlCqbENzOwJ
959ySW84J3qoiNCgA1+gEJhXzCoRmb74+J0XwQxGJNz2EdPaQ9zn7fzS6EaBvioN
imKS94YwzD0bw4viUNxv+V9++hs/3Q5UL/TBrCTtaoUpzdkGGR/zoemj0S8LYLO2
6J17+U2N3i/Wcnpm8Y47LupdvbL+zddh8WQkmdJ7X8sHVfHsUzSLxvYWnIQzdETY
+7xxzAY+W2309MSTJhGHR+xOcLe/FB013ifpZo5qFRNasTWVLuPBZkwF3eFrSjCH
bnGre4WFFWLrOYR3VfslZxczYJinI93N59nQUDN0FSTuoCT5ioIS2GQklWoAbzRL
/7erGVX40mppmzB/tQ9wxXQoKZdWUyAJMRk1wV4XhnpUJScxJE+2HtBkaUi6I4/G
5wUs4i/cHAfrWkSJOSII9zKxlEimwOGc1WcntB2+UCCb7cTJ2I5V6qmhAFK2ReX+
0Bcm8j8gmRJtEEKFon5Pp07CR/8FMr0X39D7VQmpc6t8hyA8xPhWWiRDdLwibMtj
7ZSNtVfiNMBofj+7k/INPNSe75DIuGaO+yAhizYYIJAF+HqObyMv+eBImiM3A6IT
464xi2PN0JG0VHkQb9ONF4GjkXXUe+4JKu9FkyxfaNFNMkhKgcNcEO57TLwyhKHk
vXGp/TDgY+3QMjhS5ufjVD5rOZZQyNclbJ+my41wu8BR2Xkc+uhQaMJ/jOjla3ZN
fgBmxL2+DylgC21hg5X/OFA0KsA5iyJa84lq2k5F/KlGhWkyPgpRSbrEtTWWQ1KM
cbhQI1v1D3/9yZLcrtLr+JnDmqX3Vl71zzSwhwPsbDvf+c5zOEXagDgXWhlWs+sI
bhh1ozpomjyrER6lwPwRIl1JcSdAgRugUvMIGQ6OosIEodRPMCI37esvBv/0XAmX
gsaJ9xT2a4TxezWjBUQInTcv9dRcDXidNt3py3F1jBqx9MkTnEbrYKOXZ1wk71fS
FZQ7IcPrdKjwY7id5j9ABHQfQWy8bRECh3woq42JisX17wmBXlmtjmeaPUkZynKA
taPBG5IM5jRqxHntADcWQRXg5UBB/ssj2ziyd8xSpIZnikMcJQUZAlOWprCXm1kC
LBYanEAhce71K/o79v13de+Ynox5v0smvsMF9RU7+90Yzx/2dWzbMSwh4+IDoAZ3
fYUFootr14wPHVA4z34Vuyc30BR7UMv3JvIXmU8awdENHUf9yVGOTbMhu2MOkp5O
9//u36yzJCV9X6CcF8I1NrDaoS7OSzt5kWvMm3t3nGZAibf12ZGdeVK0+ypaIcVA

Appendix C. Composition Examples

This section offers step-by-step examples of message composition.

C.1. New message composition

A typical MUA composition interface offers the user a place to indicate the message recipients, the subject, and the body. Consider a composition window filled out by the user like so:

Composing New Message Send To: Alice <alice@example.net> Subject: Handling the Jones contract Please review and approve or decline by Thursday, it's critical! Thanks, Bob -- Bob Gonzalez ACME, Inc.
Figure 1: Example Message Composition Interface

When Bob clicks "Send", his MUA generates values for Message-ID, From, and Date Header Fields, and converts the message body into the appropriate format.

C.1.1. Unprotected message

The resulting message would look something like this if it was sent without cryptographic protections:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0

Please review and approve or decline by Thursday, it's critical!

Thanks,
Bob

--
Bob Gonzalez
ACME, Inc.

C.1.2. Encrypted with hcp_minimal and Legacy Display

Now consider the message to be generated if it is to be cryptographically signed and encrypted, using HCP hcp_minimal, and the legacy variable is set.

For each Header Field, Bob's MUA passes its name and value through hcp_minimal. This returns the same value for every Header Field, except that:

hcp_minimal("Subject", "Handling the Jones contract") yields "[...]".

C.1.2.1. Cryptographic Payload

The Cryptographic Payload that will be signed and then encrypted is very similar to the unprotected message in Appendix C.1.1. Note the addition of:

  • the protected-headers="v1" parameter for the Content-Type

  • the appropriate HP-Obscured header for Subject,

  • the hp-legacy-display="1" parameter for the Content-Type

  • the Legacy Display Element (the simple pseudo-header and its trailing newline) in the Main Body Part.

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"
MIME-Version: 1.0
HP-Obscured: Subject: [...]

Subject: Handling the Jones contract

Please review and approve or decline by Thursday, it's critical!

Thanks,
Bob

--
Bob Gonzalez
ACME, Inc.
C.1.2.2. External Header Section

The Cryptographic Payload from Appendix C.1.2.1 is then wrapped in the appropriate Cryptographic Layers. For this example, using S/MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-data" layer, which is in turn wrapped in a application/pkcs7-mime; smime-type="enveloped-data" layer.

Then an external Header Section is applied to the outer MIME object, which looks like this:

Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
MIME-Version: 1.0

Note that the Subject Header Field has been obscured appropriately by hcp_minimal. The output of the CMS enveloping operation is base64-encoded and forms the body of the message.

C.2. Composing a Reply

Next we consider a typical MUA reply interface, where we see Alice replying to Bob's message from Appendix C.1.

When Alice clicks "Reply" to Bob's signed-and-encrypted message with Header Protection, she might see something like this:

Replying to Bob ("Handling the Jones Contract") Send To: Bob <bob@example.net> Subject: Re: Handling the Jones contract On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! > > Thanks, > Bob > > -- > Bob Gonzalez > ACME, Inc. -- Alice Jenkins ACME, Inc.
Figure 2: Example Message Reply Interface (unedited)

Note that because Alice's MUA is aware of Header Protection, it knows what the correct Subject header is, even though it was obscured. It also knows to avoid including the Legacy Display Element in the quoted/attributed text that it includes in the draft reply.

Once Alice has edited the reply message, it might look something like this:

Replying to Bob ("Handling the Jones Contract") Send To: Bob <bob@example.net> Subject: Re: Handling the Jones contract On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! I'll get right on it, Bob! Regards, Alice -- Alice Jenkins ACME, Inc.
Figure 3: Example Message Reply Interface (edited)

When Alice clicks "Send", the MUA generates values for Message-ID, From, and Date Header Fields, populates the In-Reply-To, and References Header Fields, and also converts the reply body into the appropriate format.

C.2.1. Unprotected message

The resulting message would look something like this if it were to be sent without any cryptographic protections:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0

On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:

> Please review and approve or decline by Thursday,
> it's critical!

I'll get right on it, Bob!

Regards,
Alice

--
Alice Jenkins
ACME, Inc.

Of course, this would leak not only the contents of Alice's message, but also the contents of Bob's initial message, as well as the Subject Header Field! So Alice's MUA won't do that; it is going to create a signed-and-encrypted message to submit to the network.

C.2.2. Encrypted with hcp_null and Legacy Display

This example assumes that Alice's MUA uses hcp_null, not hcp_minimal. That is, by default, it does not obscure or remove any Header Fields, even when encrypting.

However, it follows the guidance in Section 2.5.8.1, and will make use of the HP-Obscured field in the Cryptographic Payload of Bob's original message (Appendix C.1.2.1) to determine what to obscure.

When crafting the Cryptographic Payload, its baseline HCP (hcp_null) leaves each field untouched. But it also knows that In-Reply-To, References, To, and Subject are all derived from Header Fields in Bob's original message.

For each of these Header Fields, it observes whether the origin Header Field was signed-and-encrypted or merely signed in Bob's original message.

In-Reply-To and References derive from Bob's original message's Message-ID field, which was merely signed. The To Header Field is derived from Bob's original message's From field, which was also merely signed. So these three Header Fields are passed through untouched.

But the Subject Header Field is derived from Bob's original message's Subject field (by prefixing Re: to it), and that Header Field is signed-and-encrypted, which the MUA can tell because the HP-Obscured: Subject entry in the Cryptographic Payload of Bob's message.

So Alice's MUA generates a new external Subject header by applying its derivation rules to the HP-Obscured: Subject value from Bob's message, yielding the value Re: [...].

C.2.2.1. Cryptographic Payload

Consesquently, the Cryptographic Payload for Alice's reply looks like this:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"
MIME-Version: 1.0
HP-Obscured: Subject: Re: [...]

Subject: Re: Handling the Jones contract

On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:

> Please review and approve or decline by Thursday,
> it's critical!

I'll get right on it, Bob!

Regards,
Alice

--
Alice Jenkins
ACME, Inc.

Note the following features:

  • the protected-header="v1" parameter to Content-Type

  • the appropriate HP-Obscured header for Subject,

  • the hp-legacy-display="1" parameter for the Content-Type

  • the Legacy Display Element (the simple pseudo-header and its trailing newline) in the Main Body Part.

C.2.2.2. External Header Section

The Cryptographic Payload from Appendix C.2.2.1 is then wrapped in the appropriate Cryptographic Layers. For this example, using S/MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed-data" layer, which is in turn wrapped in a application/pkcs7-mime; smime-type="enveloped-data" layer.

Then an external Header Section is applied to the outer MIME object, which looks like this:

Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: [...]
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
MIME-Version: 1.0

Note that the Subject Header Field has been obscured appropriately even though hcp_null would not have touched it by default. The output of the CMS enveloping operation is base64-encoded and forms the body of the message.

Appendix D. Rendering Examples

This section offers example Cryptographic Payloads (the content within the Cryptographic Envelope) that contain Legacy Display Elements.

D.1. Example text/plain Cryptographic Payload with Legacy Display Elements

Here is a simple one-part Cryptographic Payload (Header Section and body) of a message that includes Legacy Display Elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-plain-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A compatible MUA will recognize the hp-legacy-display="1" parameter and render the body of the message as:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display Elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

D.2. Example text/html Cryptographic Payload with Legacy Display Elements

Here is a modern one-part Cryptographic Payload (Header Section and body) of a message that includes Legacy Display Elements:

Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-html-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
 protected-headers="v1"

<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Dinner plans</pre>
</div>
<p>
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
</p>
</body>
</html>

A compatible MUA will recognize the hp-legacy-display="1" parameter and mask out the Legacy Display div, rendering the body of the message as a simple paragraph:

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display Elements:

Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.

Appendix E. Other Header Protection Schemes

Other Header Protection schemes have been proposed in the past. However, those typically have drawbacks such as sparse implementation, known problems with legacy interoperability (in particular with rendering), lack of clear signalling of sender intent, and/or incomplete cryptographic protections. This section lists such schemes known at the time of the publication of this document out of historical interest.

E.1. Original RFC 8551 Header Protection

S/MIME [RFC8551] (as well as its predecessors [RFC5751] and [RFC3851]) defined a form of cryptographic Header Protection that is similar to the "Wrapped Message" scheme specified in this document. In fact, the scheme originally defined in S/MIME is a subset of the "Wrapped Message" scheme specified in this document. The differences between the original and the updated scheme are outlined in Section 2.2.

E.2. Pretty Easy Privacy (pEp)

The pEp (pretty Easy privacy) [I-D.pep-general] project specifies two different MIME schemes that include Header Protection for Signed-and-Encrypted e-mail messages in [I-D.pep-email]: One scheme -- referred as pEp Email Format 1 (PEF-1) -- is generated towards MUAs not known to be pEp-capable, while the other scheme -- referred as PEF-2 -- is used between MUAs discovered to be compatible with pEp. Signed-only messages are not recommended in pEp.

E.3. "draft-autocrypt" Protected Headers

[I-D.autocrypt-lamps-protected-headers] describes a scheme similar to the "Injected Headers" scheme specified in this document. However, instead of adding Legacy Display Elements to existing MIME parts (cf. Section 2.3.4.1), "draft-autocrypt" injects a new MIME element "Legacy Display Part", thus modifying the MIME structure of the Cryptographic Payload.

Appendix F. Document Changelog

[[ RFC Editor: This section is to be removed before publication ]]

  • draft-ietf-lamps-header-protection-20

    • clarify IANA guidance about registration policy and designated expert review

    • emphasize that Content-Type parameter hp-legacy-display=1 belongs on all main body parts with a legacy display element

    • clean up/normalize pseudocode variable names and text (no algorithm changes)

  • draft-ietf-lamps-header-protection-19

    • improve text, capitalize defined terms, fix typos

    • Clean up from AD review:

    • updates RFC 8551 explicitly

    • add "Legacy Signed Message" and "Ordinary User" explicitly to terms

    • tighten up SHOULDs/MUSTs for conformant MUAs

    • expand references to other relevant Security Considerations

    • drop nudge about non-existent Content-Type Parameters registry

    • clarify IANA notes to align with table columns

    • explicitly request HCP registry

    • add references to other header protections schemes, but move all of them to appendix

  • draft-ietf-lamps-header-protection-18

    • only allow US-ASCII as modified output of HCP, adjusted ABNF to match

  • draft-ietf-lamps-header-protection-17

    • More edits from WGLC:

    • clean up definition of "Header Field"

    • note leakage of encrypted recipient hints

    • clarify explanation of LDE generation

    • clarify how some obscured headers might not actually be private

  • draft-ietf-lamps-header-protection-16

    • correct variable names in message composition algorithms

    • make text more readable

  • draft-ietf-lamps-header-protection-15

    • include clarifications, typos, etc from comments received during WGLC

  • draft-ietf-lamps-header-protection-14

    • provide section references for draft-ietf-lamps-e2e-mail-guidance

    • encouarge a future IANA named HCP registry if HCP development takes off

  • draft-ietf-lamps-header-protection-13

    • Retitle from "Header Protection for S/MIME" to "Header Protection for Cryptographically Protected E-mail"

  • draft-ietf-lamps-header-protection-12

    • MUST produce HP-Obscured and HP-Removed when generating encrypted messages with non-null HCP

    • Wrapped Message: move from forwarded=no to protected-headers=wrapped

    • Wrapped Message: recommend Content-Disposition: inline

  • draft-ietf-lamps-header-protection-11

    • Remove most of the Bcc text (transferred general discussion to e2e-mail-guidance)

    • Fix bug in algorithm for generating HP-Obscured and HP-Removed

    • More detail about handling Reply messages

    • Considerations around handling risky Legacy Display Elements

    • Narrative descriptions of some worked examples

    • Describe potential leaks to recipients

    • Clarify debugging/troubleshooting UX affordances

  • draft-ietf-lamps-header-protection-10

    • Clarify that HCP doesn't apply to Structural Header Fields

    • Drop out-of-date "Open Issues" section

    • Brief commentary on UI of messages with intermediate/mixed protections

    • Deprecation prospects for messages without protected headers

    • Describe generating replies to encrypted messages with stronger HCP

  • draft-ietf-lamps-header-protection-09

    • clarify terminology

    • add privacy and security considerations

    • clarify HCP examples and baselines

    • recommend hcp_minimal as default HCP

    • add HP-Obscured and HP-Removed (avoids reasoning about differences between outside and inside the Cryptographic Envelope)

    • regenerated test vectors

  • draft-ietf-lamps-header-protection-08

    • MUST compose injected headers, MAY compose wrapped messages

    • MUST parse both schemes

    • cleanup and restructure document

  • draft-ietf-lamps-header-protection-07

    • move from legacy display MIME part to legacy display elements within main body part

  • draft-ietf-lamps-header-protection-06

    • document observed problems with legacy MUAs

    • avoid duplicated outer Message-IDs in hcp_strong test vectors

  • draft-ietf-lamps-header-protection-05

    • fix multipart/signed wrapped test vectors

  • draft-ietf-lamps-header-protection-04

    • add test vectors

    • add "problems with Injected Messages" subsection

  • draft-ietf-lamps-header-protection-03

    • dkg takes over from Bernie as primary author

    • Add Usability section

    • describe two distinct formats "Wrapped Message" and "Injected Headers"

    • Introduce Header Confidentiality Policy model

    • Overhaul message composition guidance

    • Simplify document creation workflow, move public face to gitlab

  • draft-ietf-lamps-header-protection-02

    • editorial changes / improve language

  • draft-ietf-lamps-header-protection-01

    • Add DKG as co-author

    • Partial Rewrite of Abstract and Introduction [HB/AM/DKG]

    • Adding definitions for Cryptographic Layer, Cryptographic Payload, and Cryptographic Envelope (reference to [I-D.ietf-lamps-e2e-mail-guidance]) [DKG]

    • Enhanced MITM Definition to include Machine- / Meddler-in-the-middle [HB]

    • Relaxed definition of Original message, which may not be of type "message/rfc822" [HB]

    • Move "memory hole" option to the Appendix (on request by Chair to only maintain one option in the specification) [HB]

    • Updated Scope of Protection Levels according to WG discussion during IETF-108 [HB]

    • Obfuscation recommendation only for Subject and Message-Id and distinguish between Encrypted and Unencrypted Messages [HB]

    • Removed (commented out) Header Field Flow Figure (it appeared to be confusing as is was) [HB]

  • draft-ietf-lamps-header-protection-00

Authors' Addresses

Daniel Kahn Gillmor
American Civil Liberties Union
125 Broad St.
New York, NY, 10004
United States of America
Bernie Hoeneisen
pEp Project
Oberer Graben 4
CH- 8400 Winterthur
Switzerland
Alexey Melnikov
Isode Ltd
14 Castle Mews
Hampton, Middlesex
TW12 2NP
United Kingdom