Internet-Draft Header Protection S/MIME May 2021
Gillmor, et al. Expires 21 November 2021 [Page]
Workgroup:
LAMPS Working Group
Internet-Draft:
draft-ietf-lamps-header-protection-04
Published:
Intended Status:
Standards Track
Expires:
Authors:
D.K. Gillmor
American Civil Liberties Union
B. Hoeneisen
pEp Foundation
A. Melnikov
Isode Ltd

Header Protection for S/MIME

Abstract

S/MIME version 3.1 has introduced a feasible standardized option to accomplish Header Protection. However, few implementations generate messages using this structure, and several legacy and non-legacy implementations have revealed rendering issues at the receiving side. Clearer specifications regarding message processing, particularly with respect to header sections, are needed in order to resolve these rendering issues. Some mail user agents are also sending and receiving cryptographically-protected message headers using a different structure.

In order to help implementers to correctly compose and render email messages with Header Protection, this document updates S/MIME Header Protection specifications with additional guidance on MIME format, sender and receiver processing.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 21 November 2021.

Table of Contents

1. Introduction

Privacy and security issues regarding email Header Protection in S/MIME have been identified for some time. Most current implementations of cryptographically-protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. For example, lack of header protection allows an attacker to substitute the message subject and/or author.

This document describes two different structures for how message headers can be cryptographically protected, and provides guidance for implementers of MUAs that generate and interpret such messages. It takes particular care to ensure that messages interact reasonably well with legacy MUAs.

1.1. Two Schemes of Protected Headers

Unfortunately, there are two different schemes for cryptographically-protected email headers that may be in use on the Internet today. This document addresses them both and provides guidance to implementers.

One scheme is the form specified in S/MIME 3.1 and later, which involves wrapping a message/rfc822 MIME object with a Cryptographic Envelope. This document calls this scheme "Wrapped Message", and it is documented in more detail in [RFC8551]. Experience has shown that this form does not interact well with some legacy MUAs (see Section 1.2).

Consequently, another form of header protection is produced and consumed by some MUAs, where the protected headers are placed directly on the Cryptographic Payload, without using an intervening message/* MIME object. This document calls this scheme "Injected Headers", and it is documented in more detail in [I-D.autocrypt-lamps-protected-headers].

1.2. Problems with Wrapped Messages

Several legacy MUAs have revealed rendering issues when dealing with a message with headers protected by the Wrapped Message scheme. In some cases the user sees an attachment suggesting a forwarded email message, which -- in fact -- contains the protected email message that should be rendered directly. For these cases, the user can click on the attachment to view the protected message. However, there have also been reports of email clients displaying garbled text, or sometimes nothing at all. In those cases the email clients on the receiving side are (most likely) not fully MIME-capable.

The following shortcomings have been identified to cause these issues:

  • Broken or incomplete implementations
  • Lack of a simple means to distinguish "forwarded message" and "wrapped message" (for the sake of Header Protection)
  • Not enough guidance with respect to handling of Header Fields on both the sending and the receiving side

1.3. Problems with Injected Headers

A legacy MUA dealing with an encrypted message that has some header fields obscured using the Injected Headers scheme will not render the obscured header fields to the user at all. A workaround "legacy display" mechanism is provided in this document, which some legacy MUAs will render to the user, albeit not in the same location that the header fields would normally be rendered. However, some legacy MUAs also fail to render the "legacy display" part, leaving the obscured header fields hidden from users of those MUAs.

1.4. Motivation

Furthermore, the need (technical) Data Minimization, which includes data sparseness and hiding all technically concealable information, has grown in importance over the past several years. In addition, backwards compatibility must be considered when it is possible to do so without compromising privacy and security.

No mechanism for Header Protection has been standardized for PGP/MIME (Pretty Good Privacy) [RFC3156] yet. PGP/MIME developers have implemented ad-hoc header-protection, and would like to see a specification that is applicable to both S/MIME and PGP/MIME.

This document describes the problem statement (Section 2), generic use cases (Section 3) and the specification for Header Protection (Section 4) with guidance on MIME format, sender and receiver processing .

[I-D.ietf-lamps-header-protection-requirements] defines the requirements that this specification is based on.

This document is in an early draft state and contains a proposal on which to base future discussions of this topic. In any case, the final mechanism is to be determined by the IETF LAMPS WG.

1.5. Other Protocols to Protect Email Headers

A range of protocols for the protection of electronic mail (email) exists, which allows one to assess the authenticity and integrity of the email headers section or selected Header Fields from the domain-level perspective, specifically DomainKeys Identified Mail (DKIM) [RFC6376], as used by Domain-based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. These protocols provide a domain-based reputation mechanism that can be used to mitigate some forms of unsolicited email (spam). At the same time, these protocols can provide a level of cryptographic integrity and authenticity for some headers, depending on how they are used. However, integrity protection and proof of authenticity are both tied to the domain name of the sending e-mail address, not the sending address itself, so these protocols do not provide end-to-end protection, and are incapable of providing any form of confidentiality.

1.6. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

1.7. Terms

The following terms are defined for the scope of this document:

  • Man-in-the-middle (MITM) attack: cf. [RFC4949], which states: "A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association."

    Note: Historically, MITM has stood for 'Man-in-the-middle'. However, to indicate that the entity in the middle is not always a human attacker, MITM can also stand for 'Machine-in-the-middle' or 'Meddler-in-the-middle'.

  • S/MIME: Secure/Multipurpose Internet Mail Extensions (cf. [RFC8551])
  • PGP/MIME: MIME Security with OpenPGP (cf. [RFC3156])
  • Message: An Email Message consisting of Header Fields (collectively called "the Header Section of the message") followed, optionally, by a Body; cf. [RFC5322].

    Note: To avoid ambiguity, this document does not use the terms "Header" or "Headers" in isolation, but instead always uses "Header Field" to refer to the individual field and "Header Section" to refer to the entire collection; cf. [RFC5322].

  • Header Field (HF): cf. [RFC5322] Header Fields are lines beginning with a field name, followed by a colon (":"), followed by a field body (value), and terminated by CRLF.
  • Header Section (HS): The Header Section is a sequence of lines of characters with special syntax as defined in [RFC5322]. It is the (top) section of a Message containing the Header Fields.
  • Body: The Body is simply a sequence of bytes that follows the Header Section and is separated from the Header Section by an empty line (i.e., a line with nothing preceding the CRLF); cf [RFC5322]. It is the (bottom) section of Message containing the payload of a Message. Typically, the Body consists of a (possibly multipart) MIME [RFC2045] construct.
  • MIME Header Fields: Header Fields describing content of a MIME entity [RFC2045], in particular the MIME structure. Each MIME Header Field name starts with "Content-" prefix.
  • MIME Header Section (part): The collection of MIME Header Fields. "MIME Header Section" refers to a Header Sections that contains only MIME Header Fields, whereas "MIME Header Section part" refers to the MIME Header Fields of a Header Section that - in addition to MIME Header Fields - also contains non-MIME Header Fields.
  • Essential Header Fields (EHF): The minimum set of Header Fields an Outer Message Header Section SHOULD contain; cf. Appendix C.1.2.5.
  • Header Protection (HP): cryptographic protection of email Header Sections (or parts of it) for signatures and/or encryption
  • Protection Levels (PL): The level of protection applied to a Message, e.g. 'signature and encryption' or 'signature only' (cf. Section 3.2).
  • Protected: Portions of a message that have had any Protection Levels applied.
  • Protected Message: A Message that has had any Protection Levels applied.
  • Unprotected: Portions of a Message that has had no Protection Levels applied.
  • Unprotected Message: A Message that has had no Protection Levels applied.
  • Submission Entity: The entity which executes further processing of the Message (incl. transport towards the receiver), after protection measures have been applied to the Message.

    Note: The Submission Entity varies among implementations, mainly depending on the stage where protection measures are applied: E.g. a Message Submission Agent (MSA) [RFC6409] or another (proprietary) solution. The latter is particularly relevant, if protection is implemented as a plugin solution. Some implementations may determine the destination recipients by reading the To, Cc and Bcc Header Fields of the Outer Message.

  • Original Message (OrigM): The Message to be protected before any protection-related processing has been applied on the sending side. If the source is not a "message/rfc822" Message, OrigM is defined as the "virtual" Message that would be constructed for sending it as unprotected email.
  • Inner Message (InnerM): The Message to be protected which has had wrapping and protection measures applied on the sending side OR the resulting Message once decryption and unwrapping on the receiving side has been performed. Typically, the Inner Message is in clear text. The Inner Message is a subset of (or the same as) the Original Message. The Inner Message must be the same on the sending and the receiving side.
  • Outer Message (OuterM): The Message as provided to the Submission Entity or received from the last hop respectively. The Outer Message normally differs on the sending and the receiving side (e.g. new Header Fields are added by intermediary nodes).
  • Receiving User Facing Message (RUFM): The Message used for rendering at the receiving side. Typically this is the same as the Inner Message.
  • Data Minimization: Data sparseness and hiding of all technically concealable information whenever possible.
  • Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Structural Headers, and MUA are all used as defined in [I-D.dkg-lamps-e2e-mail-guidance]
  • User-Facing Headers are defined in [I-D.autocrypt-lamps-protected-headers].
  • Legacy MUA: a MUA that does not understand protected headers as described in this document. A Legacy Non-Crypto MUA is incapable of doing any end-to-end cryptographic operations. A Legacy Crypto MUA is capable of doing cryptographic operations, but does not understand or generate protected headers.
  • Wrapped Message: The protected headers scheme that uses the mechanism described in [RFC8551], where the Cryptographic Payload is a message/rfc822 or message/global MIME object.
  • Injected Headers: The protected headers scheme that uses the mechanism described in [I-D.autocrypt-lamps-protected-headers], where the protected headers are inserted on the Cryptographic Payload directly.
  • Header Confidentiality Policy: documented in Section 4.1.2.2

2. Problem Statement

The LAMPS charter contains the following Work Item:

In the following a set of challenges to be addressed:

[[ TODO: Enhance this section, add more items to the following. ]]

2.1. Privacy

  • (Technical) Data Minimization, which includes data sparseness and hiding all technically concealable information whenever possible

2.2. Security

2.3. Usability

  • Improved User interaction / User experience, in particular at the receiving side

2.4. Interoperability

  • Interoperability with [RFC8551] implementations

3. Use Cases

In the following, the reader can find a list of the generic use cases that need to be addressed for Messages with Header Protection (HP). These use cases apply regardless of technology (S/MIME, PGP/MIME, etc.) used to achieve HP.

3.1. Interactions

The following use cases assume that at least the sending side supports Header Protection as specified in this document. Receiving sides that support this specification are expected to be able to distinguish between Messages that use Header Protection as specified in this document, and (legacy) Mail User Agents (MUAs) which do not implement this specification.

[[ TODO: Verify once solution is stable and update last sentence. ]]

3.1.1. Main Use Case

Both the sending and receiving side (fully) support Header Protection as specified in this document.

The main use case is specified in Section 4.1.

3.1.2. Backward Compatibility Use Cases

Regarding backward compatibility, the main distinction is based on whether or not the receiving side conforms to MIME according to [RFC2046], ff., which in particular also includes Section 2 of [RFC2049] on "MIME Conformance". The following excerpt is contextually relevant:

  A mail user agent that is MIME-conformant MUST:

  [...]

       -- Recognize and display at least the RFC822 message
       encapsulation (message/rfc822) in such a way as to
       preserve any recursive structure, that is, displaying
       or offering to display the encapsulated data in
       accordance with its media type.

       -- Treat any unrecognized subtypes as if they were
       "application/octet-stream".

  [...]

  An MUA that meets the above conditions is said to be MIME-
  conformant.  A MIME-conformant MUA is assumed to be "safe" to
  send virtually any kind of properly-marked data to users of
  such mail systems, because these systems are, at a minimum,
  capable of treating the data as undifferentiated binary, and
  will not simply splash it onto the screen of unsuspecting
  users.

[[ TODO: The compatibility of legacy HP systems with this new solution, and how to handle issues surrounding future maintenance for these legacy systems, will be decided by the LAMPS WG. ]]

3.1.2.1. Receiving Side MIME-Conformant

The sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification. However, the receiving side is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2).

This use case is specified in Section 4.2.1.

Note: This case should perform as expected if the sending side applies this specification as outlined in Section 4.1.

[[ TODO: Verify once solution is stable and update last sentence. ]]

3.1.2.2. Receiving Side Not MIME-Conformant

The sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification. Furthermore, the receiving side is not MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2).

This use case is specified in Section 4.2.2.

3.2. Protection Levels

3.2.1. In-Scope

The following Protection Levels are in scope for this document:

a) Signature and encryption

Messages containing a cryptographic signature, which are also
encrypted.

b) Signature only

Messages containing a cryptographic signature, but which are not
encrypted.

3.2.2. Out-of-Scope

Legacy implementations, implementations not (fully) compliant with this document or corner-cases may lead to further Protection Levels to appear on the receiving side, such as (list not exhaustive):

  • Triple wrap
  • Encryption only
  • Encryption before signature
  • Signature and encryption, but:

    • Signature fails to validate
    • Signature validates but the signing certificate revoked
  • Signature only, but:

    • with multiple valid signatures, layered atop each other

These Protection Levels, as well as any further Protection Levels not listed in Section 3.2.1 are beyond the scope of this document.

4. Specification

This section contains the specification for Header Protection in S/MIME to update and clarify Section 3.1 of [RFC8551] (S/MIME 4.0).

Note: It is likely that PGP/MIME [RFC3156] will also incorporate this specification or parts of it.

This specification applies to the Protection Levels "signature & encryption" and "signature only" (cf. Section 3.2):

Sending and receiving sides MUST implement the "signature and encryption" Protection Level, which SHOULD be used as default on the sending side.

Certain implementations may decide to send "signature only" Messages, depending on the circumstances and customer requirements. Sending sides MAY and receiving sides MUST implement "signature only" Protection Level.

It generally is NOT RECOMMENDED to send a Message with any other Protection Level. On the other hand, the receiving side must be prepared to receive Messages with other Protection Levels.

[[ TODO: Further study is necessary to determine whether - and if yes to what extent - additional guidance for handling messages with other Protection Levels, e.g. "encryption only" at the receiving side should be included in this document. ]]

4.1. Main Use Case

This section applies to the main use case, where the sending and receiving side (fully) support Header Protection as specified herein (cf. Section 3.1.1).

Note: The sending side specification of the main use case is also applicable to the cases where the sending side (fully) supports Header Protection as specified herein, while the receiving side does not, but is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.1).

Further backward compatibility cases are defined in Section 4.2.

4.1.1. MIME Format

4.1.1.1. Introduction

As per S/MIME version 3.1 and later (cf. [RFC8551]), the sending client MAY wrap a full MIME message in a message/RFC822 wrapper in order to apply S/MIME security services to these header fields.

To help the receiving side to distinguish between a forwarded and a wrapped message, the Content-Type header field parameter "forwarded" is added as defined in [I-D.melnikov-iana-reg-forwarded].

The simplified (cryptographic overhead not shown) MIME structure of such an Email Message looks as follows:

  <Outer Message Header Section (unprotected)>

  <Outer Message Body (protected)>

    <MIME Header Section (wrapper)>

      <Inner Message Header Section>

      <Inner Message Body>

The following example demonstrates how an Original Message might be protected, i.e., the Original Message is contained as Inner Message in the Protected Body of an Outer Message. It illustrates the first Body part (of the Outer Message) as a "multipart/signed" (application/pkcs7-signature) media type:

Lines are prepended as follows:

  • "O: " Outer Message Header Section
  • "I: " Message Header Section
  • "W: " Wrapper (MIME Header Section)
  O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  O: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  O: Subject: Meeting at my place
  O: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  O: To: somebody@example.net
  O: MIME-Version: 1.0
  O: Content-Type: multipart/signed; charset=us-ascii; micalg=sha1;
  O:  protocol="application/pkcs7-signature";
  O:  boundary=boundary-AM

     This is a multipart message in MIME format.
     --boundary-AM
  W: Content-Type: message/RFC822; forwarded=no
  W:
  I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  I: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  I: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  I: MIME-Version: 1.0
  I: MMHS-Primary-Precedence: 3
  I: Subject: Meeting at my place
  I: To: somebody@example.net
  I: X-Mailer: Isode Harrier Web Server
  I: Content-Type: text/plain; charset=us-ascii

     This is an important message that I don't want to be modified.

     --boundary-AM
     Content-Transfer-Encoding: base64
     Content-Type: application/pkcs7-signature

     [[base-64 encoded signature]]

     --boundary-AM--

The Outer Message Header Section is unprotected, while the remainder (Outer Message Body) is protected. The Outer Message Body consists of the wrapper (MIME Header Section) and the Inner Message (Header Section and Body).

The wrapper is a simple MIME Header Section with media type "message/rfc822" containing a Content-Type header field parameter "forwarded=no" followed by an empty line.

If the source is an Original (message/rfc822) Message, the Inner Message Header Section is typically the same as (or a subset of) the Original Message Header Section, and the Inner Message Body is typically the same as the Original Message Body.

The Inner Message itself may contain any MIME structure.

Note: It is still to be decided by the LAMPS WG whether or not to recommend an alternative MIME format as described in Appendix C.1.1.1 (instead of the currently standardized and above defined format).

4.1.2. Sending Side

This section describes the process an MUA should use to apply cryptographic protection to an e-mail message with header protection. We start by describing the legacy message composition process as a baseline.

4.1.2.1. Composing a Cryptographically-Protected Message Without Header Protection

[I-D.dkg-lamps-e2e-mail-guidance] describes the typical process for a legacy crypto MUA to apply cryptographic protections to an e-mail message. That guidance and terminology is replicated here for reference:

  • origbody: the traditional unprotected message body as a well-formed MIME tree (possibly just a single MIME leaf part). As a well-formed MIME tree, origbody already has structural headers (Content-*) present.
  • origheaders: the intended non-structural headers for the message, represented here as a list of (h,v) pairs, where h is a header field name and v is the associated value. Note that these are header fields that the MUA intends to be visible to the recipient of the message. In particular, if the MUA uses the Bcc header during composition, but plans to omit it from the message (see section 3.6.3 of [RFC5322]), it will not be in origheaders.
  • crypto: The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y"). This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output.

The algorithm returns a MIME object that is ready to be injected into the mail system:

  • Apply crypto to origbody, yielding MIME tree output
  • For each header name and value (h,v) in origheaders:

    • Add header h of output with value v
  • Return output
4.1.2.2. Header Confidentiality Policy

When composing an encrypted message with protected headers, the composing MUA needs a Header Confidentialiy Policy. In this document, we represent that Header Confidentiality Policy as a function hcp:

  • hcp(name, val_in) --> val_out: this function takes a header field name name and initial value val_in as arguments, and returns a replacement header value val_out. If val_out is the special value null, it mean that the header in question should be omitted from the set of headers visible outside the Cryptographic Envelope.

For example, an MUA that only obscures the Subject header field by replacing it with the literal string [...] and does not offer confidentiality to any other header fields would be represented as (in pseudocode):

hcp(name, val_in) --> val_out: if name is 'Subject': return '[...]' else: return val_in

Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality). No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all header fields known by the sender have these protections.

This asymmetry is an unfortunate consequence of complexities in message delivery systems, some of which may reject, drop, or delay messages where all headers are removed from the top-level MIME object.

This document does not mandate any particular Header Confidentiality Policy, though it offers guidance for MUA implementers in selecting one in Section 4.1.3. Future documents may recommend or mandate such a policy for an MUA with specific needs. Such a recommendation might be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling mechanisms, but these topics are out of scope for this document.

4.1.2.3. Composing with "Wrapped Message" Header Protection

To compose a message using "Wrapped Message" header protection, we use those inputs described in Section 4.1.2.1 plus the Header Confidentiality Policy hcp defined in Section 4.1.2.2. The new algorithm is:

  • For header name and value (h,v) in origheaders:

    • Add header h of origbody with value v
  • If any of the header fields in origbody, including headers in the nested internal MIME structure, contain any 8-bit UTF-8 characters (see section section 3.7 of [RFC6532]):

    • Let payload be a new MIME part with one header: Content-Type: message/global; forwarded=no, and whose body is origbody.
  • Else:

    • Let payload be a new MIME part with one header: Content-Type: message/rfc822; forwarded=no, and whose body is origbody.
  • Apply crypto to payload, yielding MIME tree output
  • If crypto contains encryption:

    • Create new empty list of header field names and values newh
    • For header name and value (h,v) in origheaders:

      • Let newval be hcp(h, v)
      • If newval is not null:

        • Append (h,newval) to newh
    • Set origheaders to newh
  • For header name and value (h,v) in origheaders:

    • Add header h of output with value v
  • Return output

Note that the Header Confidentiality Policy hcp is ignored if crypto does not contain encryption. This is by design.

4.1.2.4. Composing with "Injected Headers" Header Protection

To compose a message using "Injected Headers" header protection, the composing MUA needs one additional input in addition to the Header Confidentiality Policy hcp defined in Section 4.1.2.2.

  • legacy: a boolean value, indicating whether any recipient of the message is believed to have a legacy client. If all recipients are known to implement this draft, legacy should be set to false. (How a MUA determines the value of legacy is out of scope for this document; an initial implementation can simply set it to true)

The revised algorithm for applying cryptographic protection to a message is as follows:

  • Create a new MIME leaf part legacydisplay with header Content-Type: text/plain; protected-headers="v1" and an empty body.
  • if crypto contains encryption, and legacy is true:

    • For each header name and value (h,v) in origheaders:

      • If h is user-facing (see [I-D.autocrypt-lamps-protected-headers]):

        • If hcp(h,v) is not v:

          • Add h: v to the body of legacydisplay. For example, if h is Subject, and v is lunch plans?, then add the line Subject: lunch plans? to the body of legacydisplay
  • If the body of legacydisplay is empty:

    • Let payload be MIME part origbody, discarding legacydisplay
  • Else: (body of legacydisplay is not empty)

    • Construct a new MIME part wrapper with Content-Type: multipart/mixed
    • Give wrapper exactly two subparts: legacydisplay and origbody, in that order.
    • Let payload be MIME part wrapper
  • For each header name and value (h,v) in origheaders:

    • Add header h of MIME part payload with value v
  • Set the protected-headers parameter on the Content-Type of payload to v1
  • Apply crypto to payload, producing MIME tree output
  • If crypto contains encryption:

    • Create new empty list of header field names and values newh
    • For header name and value (h,v) in origheaders:

      • Let newval be hcp(h, v)
      • If newval is not null:

        • Add newh[h] to newval
    • Set origheaders to newh
  • For each header name and value (h,v) in origheaders:

    • Add header h of output with value v
  • Return output

Note that both new parameters (hcp and legacy) are effectively ignored if crypto does not contain encryption. This is by design, because they are irrelevant for signed-only cryptographic protections.

4.1.2.5. Choosing Between Wrapped Message and Injected Headers

When composing a message with end-to-end cryptographic protections, an MUA SHOULD protect the headers of that message as well as the body.

An MUA MAY protect the headers of any outbound message using either the "Wrapped Message" or the "Injected Headers" style of protection. See Section 4.2 for more discussion about reasons to choose one mechanism or another.

[[ TODO: this document should recommend generation of one particular scheme by default for new implementers ]]

4.1.3. Default Header Confidentiality Policy

An MUA SHOULD have a sensible default Header Confidentiality Policy, and SHOULD NOT require the user to select one.

The default Header Confidentiality Policy SHOULD provide confidentiality for the Subject header field by replacing it with the literal string [...]. Most users treat the Subject of a message the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible.

[[ TODO: select one of the two policies below the recommended default ]]

4.1.3.1. Minimalist Header Confidentiality Policy

Accordingly, the most conservative recommended Header Confidentiality Policy only protects the Subject:

hcp_minimal(name, val_in) --> val_out: if name is 'Subject': return '[...]' else: return val_in

4.1.3.2. Strong Header Confidentiality Policy

Alternately, a more aggressive (and therefore more privacy-preserving) Header Confidentiality Policy only leaks a handful of fields whose absence is known to increase rates of delivery failure, and simultaneously obscures the Message-ID behind a random new one:

hcp_strong(name, val_in) --> val_out: if name in ['From', 'To', 'Cc', 'Date']: return val_in else if name is 'Subject': return '[...]' else if name is 'Message-ID': return generate_new_message_id() else: return null

The function generate_new_message_id() represents whatever process the MUA typically uses to generate a Message-ID for a new outbound message.

4.1.3.3. Offering Stronger Header Confidentiality

A MUA MAY offer even stronger confidentiality for headers of an encrypted message than described in Section 4.1.3.2. For example, it might implement an HCP that obfuscates the From field, or omits the Cc field, or ensures Date is represented in UTC (obscuring the local timezone).

The authors of this document hope that implementers with deployment experience will document their chosen Header Confidentiality Policy and the rationale behind their choice.

4.1.4. Receiving Side

An MUA that receives a cryptographically-protected e-mail will render it for the user.

The receiving MUA will render the message body, a selected subset of header fields, and (as described in [I-D.dkg-lamps-e2e-mail-guidance]) provide a summary of the cryptographic properties of the message.

Most MUAs only render a subset of header fields by default. For example, few MUAs typically render Message-Id or Received header fields for the user, but most do render From, To, Cc, Date, and Subject.

A MUA that knows how to handle a message with protected headers makes the following two changes to its behavior when rendering a message:

  • If it detects that an incoming message had protected headers, it renders header fields for the message from the protected headers, ignoring the external (unprotected) headers.
  • It includes information in the message's cryptographic summary to indicate the types of protection that applied to each rendered header field (if any).

A MUA that handles protected headers does not need to render any new header fields that it did not render before.

4.1.4.1. Identifying that a Message has Protected Headers

An incoming message can be identified as having protected headers based on one of two signals:

  • The Cryptographic Payload has Content-Type: message/rfc822 or Content-Type: message/global and the parameter forwarded has a value of no. See Section 4.1.4.3 for rendering guidance.
  • The Cryptographic Payload has some other Content-Type and it has parameter protected-headers set to v1. See Section 4.1.4.4 for rendering guidance.

Messages of both types exist in the wild, and a sensible MUA should be able to handle them both. They provide the same semantics and the same meaning.

4.1.4.2. Updating the Cryptographic Summary

Regardless of whether a cryptographically-protected message has protected headers, the cryptographic summary of the message should be modified to indicate what protections the headers have.

Each header individually has exactly one the following protections:

  • unprotected (this is the case for all headers in messages that have no protected headers)
  • signed-only (bound into the same validated signature as the enclosing message, but also visible in transit)
  • encrypted-only (only appears within the cryptographic payload; the corresponding external header was either omitted or obfuscated)
  • encrypted-and-signed (same as encrypted, but additionally is under a validatd signature)

Note that while the message itself may be encrypted-and-signed, some headers may be replicated on the outside of the message (e.g. Date) Those headers would be signed-only, despite the message itself being encrypted-and-signed.

Rendering this information is likely to be complex and messy --- users may not understand it. It is beyond the scope of this document to suggest any specific graphical affordances or user experience. Future work should include examples of successful rendering of this information.

4.1.4.3. Rendering a Wrapped Message

When the Cryptographic Payload has Content-Type of message/rfc822 or message/global, and the parameter forwarded is set to no, the values of the protected headers are drawn from the headers of the Cryptographic Payload, and the body that is rendered is the body of the Cryptographic Payload.

4.1.4.3.1. Example Signed-Only Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

A └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
B  └┬╴message/rfc822 [Cryptographic Payload]
C   └┬╴multipart/alternative [Rendered Body]
D    ├─╴text/plain
E    └─╴text/html

The message body should be rendered the same way as this message:

C └┬╴multipart/alternative
D  ├─╴text/plain
E  └─╴text/html

It should render header fields taken from part C.

Its cryptographic summary should indicates that the message was signed and all rendered header fields were included in the signature.

The MUA SHOULD ignore header fields from part A for the purposes of rendering.

4.1.4.3.2. Example Encrypted-and-Signed Wrapped Message

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

F └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
G  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
H   └┬╴message/rfc822 [Cryptographic Payload]
I    └┬╴multipart/alternative [Rendered Body]
J     ├─╴text/plain
K     └─╴text/html

The message body should be rendered the same way as this message:

I └┬╴multipart/alternative
J  ├─╴text/plain
K  └─╴text/html

It should render headers taken from part I.

Its cryptographic summary should indicates that the message was signed and encrypted. Each rendered header field found in I should be compared against the header field of the same name from F. If the value found in F matches the value found in I, the header field should be marked as signed-only. If no matching header field was found in F, or the value found did not match the value from I, the header field should be marked as signed-and-encrypted.

4.1.4.4. Rendering a Message with Injected Headers

When the Cryptographic Payload does not have a Content-Type of message/rfc822 or message/global, and the parameter protected-headers is set to v1, the values of the protected headers are drawn from the headers of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself.

4.1.4.4.1. Example Signed-only Message with Injected Headers
L └─╴application/pkcs7-mime; smime-type="signed-data"
   ⇩ (unwraps to)
M  └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
N   ├─╴text/plain
O   └─╴text/html

The message body should be rendered the same way as this message:

M └┬╴multipart/alternative
N  ├─╴text/plain
O  └─╴text/html

It should render header fieldss taken from part M.

Its cryptographic summary should indicates that the message was signed and all rendered header fields were included in the signature.

The MUA SHOULD ignore header fields from part L for the purposes of rendering.

4.1.4.4.2. Example Signed-and-Encrypted Message with Injected Headers

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

P └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
Q  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
R   └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
S    ├─╴text/plain
T    └─╴text/html

The message body should be rendered the same way as this message:

R └┬╴multipart/alternative
S  ├─╴text/plain
T  └─╴text/html

It should render headers taken from part R.

Its cryptographic summary should indicates that the message was signed and encrypted. As in Section 4.1.4.3.2, each rendered header field found in R should be compared against the header field of the same name from P. If the value found in P matches the value found in R, the header field should be marked as signed-only. If no matching header field was found in P, or the value found did not match the value from R, the header field should be marked as signed-and-encrypted.

4.1.4.4.3. Do Not Render Legacy Display Part

As described [I-D.autocrypt-lamps-protected-headers], a message with cryptographic confidentiality protection MAY include a "Legacy Display" part for backward-compatibility with legacy MUAs

The receiving MUA SHOULD avoid rendering the Legacy Display part to the user at all, since it is aware of and can render the actual Protected Headers.

If a Legacy Display part is detected, it and its enclosing multipart/mixed wrapper should be discarded before rendering.

4.1.4.4.3.1. Legacy Display Detection Algorithm

A receiving MUA acting on a message SHOULD detect the presence of a Legacy Display part and the corresponding "original body" with the following simple algorithm:

  • Check that all of the following are true for the message:
  • The Cryptographic Envelope must contain an encrypting Cryptographic Layer
  • The Cryptographic Payload must have a Content-Type of multipart/mixed
  • The Cryptographic Payload must have exactly two subparts
  • The first subpart of the Cryptographic Payload must have a Content-Type of text/plain or text/rfc822-headers
  • The first subpart of the Cryptographic Payload's Content-Type must contain a property of protected-headers, and its value must be v1.
  • If all of the above are true, then the first subpart is the Legacy Display part, and the second subpart is the "original body". Otherwise, the message does not have a Legacy Display part.
4.1.4.4.3.2. Legacy Display Example

Consider a message with this structure, where the MUA is able to validate the cryptographic signature:

U └─╴application/pkcs7-mime; smime-type="enveloped-data"
   ↧ (decrypts to)
V  └─╴application/pkcs7-mime; smime-type="signed-data"
    ⇩ (unwraps to)
W   └┬╴multipart/mixed [Cryptographic Payload]
X    ├─╴text/plain [Legacy Display]
Y    └┬╴multipart/alternative [Rendered Body]
Z     ├─╴text/plain
A'    └─╴text/html

The message body should be rendered the same way as this message, effectively hiding the Legacy Display part (X) and its wrapper:

Y └┬╴multipart/alternative
Z  ├─╴text/plain
A' └─╴text/html

It should render headers taken from part W, following the same guidance as in Section 4.1.4.4.2 and Section 4.1.4.3.2 about the cryptographic status of each rendered header field.

4.1.4.5. Affordances for Debugging and Troubleshooting

Note that advanced users of an MUA may need access to the original message, for example to troubleshoot problems with the MUA itself, or problems with the SMTP transport path taken by the message.

A MUA that applies these rendering guidelines SHOULD ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting.

4.1.4.6. Composing a Reply to an Encrypted Message with Protected Headers

When composing a reply to an encrypted message with protected headers, the MUA is acting both as a receiving MUA and as a sending MUA. Special guidance applies here, as things can go wrong in at least two ways: leaking previously-confidential information, and replying to the wrong party.

4.1.4.6.1. Avoid Leaking Encrypted Headers in Reply

As noted in [I-D.dkg-lamps-e2e-mail-guidance], an MUA in this position MUST NOT leak previously-encrypted content in the clear in a followup message. The same is true for protected headers.

Values from any header field that was identified as either encrypted or signed-and-encrypted based on the steps outlined above MUST NOT be placed in cleartext output when generating a message.

In particular, if Subject was encrypted, and it is copied into the draft encrypted reply, the replying MUA MUST obfuscate the Subject field in the cleartext header as described above.

[[ TODO: formally describe how a replying MUA should generate a message-specific Header Protection policy based on the cryptographic status of the headers of the incoming message ]]

4.1.4.6.2. Avoid Misdirected Replies to Encrypted Messages with Protected Headers

When replying to a message, the Composing MUA typically decides who to send the reply to based on:

  • the Reply-To, Mail-Followup-To, or From headers
  • optionally, the other To or Cc headers (if the user chose to "reply all")

When a message has protected headers, the replying MUA MUST populate the destination fields of the draft message using the protected headers, and ignore any unprotected headers.

This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, and then replays the message to Bob with an additional Cc to Mallory's own e-mail address in the message's outer header.

If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory.

4.1.4.7. Implicitly-rendered Header Fields

While From and To and Cc and Subject and Date are often explicitly rendered to the user, some header fields do affect message display, without being explicitly rendered.

For example, Message-Id, References, and In-Reply-To header fields may collectively be used to place a message in a "thread" or series of messages.

In another example, Section 4.1.4.6.2 observes that the value of the Reply-To field can influence the draft reply message. So while the user may never see the Reply-To header directly, it is implicitly "rendered" when the user interacts with the message by replying to it.

An MUA that depends on any implicitly-rendered header field in a message with protected headers SHOULD use the value from the protected header, and SHOULD NOT use any value found outside the cryptographic protection.

4.1.4.8. Unprotected Headers Added in Transit

Some headers are legitimately added in transit, and could not have been known to the sender at message composition time.

The most common of these headers are Received and DKIM-Signature, neither of which are typically rendered, either explicitly or implicitly.

If a receiving MUA has specific knowledge about a given header field, including that:

  • the header field would not have been known to the original sender, and
  • the header field might be rendered explicitly or implicitly,

then the MUA MAY decide to operate on the value of that header field from the unprotected header section, even though the message has protected headers.

The MUA MAY prefer to verify that the headers in question have additional transit-derived cryptographic protections (e.g., to test whether they are covered by a valid DKIM-Signature) before rendering or acting on them.

Specific examples appear below.

4.1.4.8.1. Mailing list headers: List-* and Archived-At

If the message arrives through a mailing list, the list manager itself may inject headers (most of which start with List-) in the message:

  • List-Archive
  • List-Subscribe
  • List-Unsubscribe
  • List-Id
  • List-Help
  • List-Post
  • Archived-At

For some MUAs, these headers are implicitly rendered, by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc.

An MUA that receives a message with protected headers that contains these header fields in the unprotected section, and that has reason to believe the message is coming through a mailing list MAY decide to render them to the user (explicitly or implicitly) even though they are not protected.

FIXME: other examples of unprotected transit headers?

4.2. Backward Compatibility Use Cases

4.2.1. Receiving Side MIME-Conformant

This section applies to the case where the sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification, but is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.1)

The sending side specification of the main use case (cf. Section 4.1) MUST ensure that receiving sides can still recognize and display or offer to display the encapsulated data in accordance with its media type (cf. [RFC2049], Section 2). In particular, receiving sides that do not support this specification, but are MIME-conformant according to [RFC2045], ff. can still recognize and display the Message intended for the user.

[[ TODO: Verify once solution is stable and update last sentence. ]]

4.2.2. Receiving Side Not MIME-Conformant

This section applies to cases where the sending side (fully) supports Header Protection as specified in this document, while the receiving side neither supports this specification nor is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.2).

[I-D.autocrypt-lamps-protected-headers] describes a possible way to achieve backward compatibility with existing S/MIME (and PGP/MIME) implementations that predate this specification and are not MIME-conformant (Legacy Display) either. It mainly focuses on email clients that do not render emails which utilize header protection in a user friendly manner, which may confuse the user. While this has been observed occasionally in PGP/MIME (cf. [RFC3156]), the extent of this problem with S/MIME implementations is still unclear. (Note: At this time, none of the samples in [I-D.autocrypt-lamps-protected-headers] apply header protection as specified in Section 3.1 of [RFC8551], which is wrapping as Media Type "message/RFC822".)

Should serious backward compatibility issues with rendering at the receiving side be discovered, the Legacy Display format described in [I-D.autocrypt-lamps-protected-headers] may serve as a basis to mitigate those issues (cf. Section 4.2).

Another variant of backward compatibility has been implemented by pEp [I-D.pep-email], i.e. pEp Email Format 1.0. At this time pEp has implemented this for PGP/MIME, but not yet S/MIME.

5. Usability Considerations

This section describes concerns for MUAs that are interested in easy adoption of header protection by normal users.

While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document.

See also the Usability section in [I-D.dkg-lamps-e2e-mail-guidance].

6. Security Considerations

[[ TODO ]]

7. Privacy Considerations

[[ TODO ]]

8. IANA Considerations

This document requests no action from IANA.

[[ RFC Editor: This section may be removed before publication. ]]

9. Acknowledgments

The authors would like to thank the following people who have provided helpful comments and suggestions for this document: Berna Alp, Bernhard E. Reiter, Claudio Luck, David Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Robert Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Wei Chuang.

10. References

10.1. Normative References

[I-D.dkg-lamps-e2e-mail-guidance]
Gillmor, D. K., "Guidance on End-to-End E-mail Security", Work in Progress, Internet-Draft, draft-dkg-lamps-e2e-mail-guidance-01, , <https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-01.txt>.
[I-D.ietf-lamps-header-protection-requirements]
Melnikov, A. and B. Hoeneisen, "Problem Statement and Requirements for Header Protection", Work in Progress, Internet-Draft, draft-ietf-lamps-header-protection-requirements-01, , <https://www.ietf.org/archive/id/draft-ietf-lamps-header-protection-requirements-01.txt>.
[RFC2045]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, , <https://www.rfc-editor.org/info/rfc2045>.
[RFC2046]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, DOI 10.17487/RFC2046, , <https://www.rfc-editor.org/info/rfc2046>.
[RFC2049]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, DOI 10.17487/RFC2049, , <https://www.rfc-editor.org/info/rfc2049>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC5322]
Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, , <https://www.rfc-editor.org/info/rfc5322>.
[RFC8551]
Schaad, J., Ramsdell, B., and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, , <https://www.rfc-editor.org/info/rfc8551>.

10.2. Informative References

[I-D.autocrypt-lamps-protected-headers]
Einarsson, B. R., juga, and D. K. Gillmor, "Protected Headers for Cryptographic E-mail", Work in Progress, Internet-Draft, draft-autocrypt-lamps-protected-headers-02, , <https://www.ietf.org/archive/id/draft-autocrypt-lamps-protected-headers-02.txt>.
[I-D.ietf-lamps-samples]
Gillmor, D. K., "S/MIME Example Keys and Certificates", Work in Progress, Internet-Draft, draft-ietf-lamps-samples-04, , <https://www.ietf.org/archive/id/draft-ietf-lamps-samples-04.txt>.
[I-D.melnikov-iana-reg-forwarded]
Melnikov, A. and B. Hoeneisen, "IANA Registration of Content-Type Header Field Parameter 'forwarded'", Work in Progress, Internet-Draft, draft-melnikov-iana-reg-forwarded-00, , <https://www.ietf.org/archive/id/draft-melnikov-iana-reg-forwarded-00.txt>.
[I-D.pep-email]
Marques, H., "pretty Easy privacy (pEp): Email Formats and Protocols", Work in Progress, Internet-Draft, draft-pep-email-01, , <https://www.ietf.org/archive/id/draft-pep-email-01.txt>.
[pEp.mixnet]
pEp Foundation, "Mixnet", , <https://dev.pep.foundation/Mixnet>.
[RFC3156]
Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, , <https://www.rfc-editor.org/info/rfc3156>.
[RFC4949]
Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, , <https://www.rfc-editor.org/info/rfc4949>.
[RFC6376]
Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, , <https://www.rfc-editor.org/info/rfc6376>.
[RFC6409]
Gellens, R. and J. Klensin, "Message Submission for Mail", STD 72, RFC 6409, DOI 10.17487/RFC6409, , <https://www.rfc-editor.org/info/rfc6409>.
[RFC6532]
Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, , <https://www.rfc-editor.org/info/rfc6532>.
[RFC7489]
Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, , <https://www.rfc-editor.org/info/rfc7489>.

Appendix A. Test Vectors

This section contains sample messages using the different schemes described in this document. Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it.

The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from [I-D.ietf-lamps-samples].

These messages should be accessible to any IMAP client at imap://bob@header-protection.cmrg.net/ (any password should authenticate to this read-only IMAP mailbox).

You can also download copies of these test vectors separately at https://header-protection.cmrg.net.

If any of the messages downloaded differ from those offered here, this document is the canonical source.

A.1. Baseline Messages

These messages offer no header protection at all, and can be used as a baseline. They are provided in this document as a counterexample. An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection.

A.1.1. No cryptographic protections over a simple message

This message uses no cryptographic protection at all. Its body is a text/plain message.

It has the following structure:

└─╴text/plain 152 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: no-crypto
Message-ID: <no-crypto@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500

This is the no-crypto message.

This message uses no cryptographic protection at all.  Its body is a
text/plain message.

--
Alice
alice@smime.example

A.1.2. S/MIME signed-only signedData over a simple message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 3852 bytes
 ⇩ (unwraps to)
 └─╴text/plain 204 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part
Message-ID: <smime-one-part@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500

MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq
hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz
YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh
IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp
biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD
fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB
UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL
UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO
HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F
KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L
DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW
fC6Pm51fEkabbmw=

A.1.3. S/MIME signed-only multipart/signed over a simple message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 4156 bytes
 ├─╴text/plain 224 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="76c";
 micalg="sha-256"
Subject: smime-multipart
Message-ID: <smime-multipart@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500

--76c
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the smime-multipart message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a text/plain message. It uses no
header protection.

--
Alice
alice@smime.example

--76c
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCBBQlio2vX/u19qayJ1Cm1QL6VZY0fBeGz9o7nEzCRO
+zANBgkqhkiG9w0BAQEFAASCAQARvwKQYbbPuADZ7KqyO9LuESdEfBxOF80sHKNz
UXrHZo8JdKaKxr/cTAuzBvoTxsmqvzP3ItCBm+javqX22+tHTpqisz5jkoiWyNVS
e+F++YX8mXokgQpY26mZ+15Mv8pYYhptn6zdkRU1+QOwwlDCc6ykkCZeXyc+Hf7c
xqM6SqPMQ+G7wIF6P2jHCId8Xyl7sdbL0i6PjotesHU+7nQsCjgI/iVR/ubWUdFX
CTg8HVy4p683V3Y9DoRNP4MlUdmon8JasHDvA0240JcXxhJn1zEYa4gOnwgu3kh9
3Y+NeucYCT0bXCBq2RLVQSpdNZfScXKL9QvZ3FtB0r6Bmtky

--76c--

A.1.4. S/MIME encrypted and signed over a simple message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 6720 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 3960 bytes
  ⇩ (unwraps to)
  └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed
Message-ID: <smime-enc-signed@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500

MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAE1K2Qo2Ln5O6L9qgFnOdvuAuXnh2dLiYWIt
x7B9W2VMQCtrxTipZfUe+Y4oV/Rxifp4gChJ2lCgt6A4hHyApD1yNqmR1pCT+ky6
jOJlr907Jzy9nIADEjaeKTIHePPWEWPiF3Otlrvg25NobNAE/dzcSgaS+SHsfPgu
vW6gA+lfzdoOKIWNVl1AJfbDRw8DeDi5n8ZPLkb/gYteBpY5mC2Iu8TebZ5qstQH
i8G01K4xb6E7eMdXKx+gyDxox1P79E4q3dCKwYPK/C6B3AaY52WW55js9mb79OH5
6/XvIEez58lV4a9d0iY7g+aoARyTPE9Z79miRYT0aagyYhblb14wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAWANrcGMnwYd7bg/TA9Wagm3q
dbiZLg3NxHQZRLRySCFHt5wGkq1XcD7bWYwF0hSKiI4AJxJapfGUDEpDk1FYBU4r
9zS/elrwCnhwpO9sLfbJPRVvMTgTZuCOaY25ovZWvWtkS9MRDH+WoM5SNTf4vHHu
kjcSx5hafbhyiC5pPLLTRyIjObYgKraIMBXix7XKtSR/G7uD+HSIzhYUXqY0q2uQ
w7XiijbRd4bq9zqBbXriYyhFdo/JsBnYckjmmKcTLp6DfYTEzILKBJOepEiY5X4J
0JPeFyGxs7WSKDp1JZLZtjbMwvtEuUAwZ+iXDr1x/rQhq7mZIWqIbG6QpxYX6zCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBDwXZa6LrdPCgLubNCkd3qAghAA
kaaty8gkFo4+y5iWeOqsbZ9paegmFbiGsTQxrta64sj8znKQfQKz6/g055IcDixI
STqxPMV+w01jv6+Azoy9qJP29UTL0mXAP0LDionSBTn/4VAwBMSUDRus6jkq045K
UXxmIpcO3SeOnpCLksyij6QlnAO24SbKsBex7R5EXYXU7W1G/PCoz9SWlYrQuXJ9
cU5ONWldvYE4/WeD1m3pjv3XKLNEWiaUIVolKFRhR4v+FUedn6dlVYDgfJrH8xDC
kW9gQvI1ZBbnBOr/zkoDhMMKtTgTvmzLIauDEi2RWKzlvwCattvIkkrjt+SwWpvr
oc6i58XfCx/d0YHPp5AIU8pslawDtQXe5ecACY9J/K0OgX1G51HI+O2XMC9S9QYn
YPxA+CsRxmhKHzQv9au48aQwmLBkhkXZq7FCve8GTnCLdU5AmtP6ff59lga7+hfb
VSz+jSodBL1WnlIKw/lrBvXFem/A4mtY/W9y9EVhGyRFuhoZDCiGRo/bPsyDNZBS
WAsjHLI3NJeUgHFFcEn5xOwDmhmJOehzs712pqrzMd0VrT4hALvvhSGB7nybL5dR
pabbxtpBgqzlwu6eoX1jSh5bF8/RsAJ81dxvn8AWcFc8q81YfYOzjqf7ZnuumT10
18/rdepv/nfyiYCRhr2Eekj0F3bXjlTG1oeCNTuUPcNHVX6+hQ7FY2CJm9JCqNhL
7whKhq+kKJuPugHb1e5d2rJFkNHrMIJAga8QqKy9eqKct4gW5FFT70wyB15YToJb
qVxb3BEZ6u1shpZ9IGVzS0Jmvke+Ptze86it00fQIJWfrFqoag83GcCuQEyYEcIc
HXWFsZIbQ1UD2+YSWBOzRBUUuJ3U66w3J5oDAYfYnieFNPuP0dhaAMsu7QQfLSZa
T/GbSibQoFXcDx6MaZ5fbZ1iduvoZZfERNMe5vN+q/w9Lx5e8hf1EZmTNMuoRn9O
wfT/wuM06Cc8FR2Ft7QLu80jqePQ6tAYwvA5QOvpBN9A82DUWz0I9eRDl9+S8Z+I
QgjbPcZ0ACFqLCfbT6uzrKp2vGSrA+IcS89+qBB+sKbtWPgTrK7QlJgc7NpHGyhZ
BltAVXv4fPngqn+gSqGuerD/xmvszHMIIHq6Q4ADxbxDE4R0yoV2afXUVyAMo85Q
eNG5WJ83Z12msJqx1+1EUzzoQXxvrZHm0bMziCjV/P1cu/ChtmuemopRxkplLbJv
/mChRaKv9TotDy2Dwzf5N5Xy58gb/0ktMXMdGpYts9awYc742TCscrTqutBAXtNM
dXA0OyelkVHBBCRcoUEWWhUGQKYmK0NQIpxduJYcLLhkMI+2QfyfdkODplEtXbX9
LaZhPRi9osmmF0fnSkmt2mtD+W8uxBF7espDkUsidb8NiUtzBrSqTADQUIuAw5xG
322wFZ0DtpFM6nHpbYBfIGlIR4LyqTzyaSRJtMkMiDFgnMWrNF6pMsToo+4GbARO
MWM9mq4XSMrKAinqu7T8UGWOt9bMfMJrTrpfETgQCL4vur9nI1CbgcPWW14U2oBW
2lT1duS0o2eRpeGA93U6zF7BbCmlEqPK45Qmm78NwMcI9i4GgHSG2ssEn8URmv0L
qp9+UmkhvLT26dZtkB0wPMEVOIWx3e+F34eVzno5jAbiJxuUIdDPDwQg7xtrcLif
lRsaiGx7MtWsP6paqGBrYdHcXNt8P8k2ywNqRicTSThG0P09CNDWFwNaKa+9Ia7a
EnWoFmNoNm/IUH+wbRQUnT7oh0qU2mxdgMnygDhEELe1+4tGCTAPTbxSU3gxQyv0
w686bzZP9uGLoRfivmXKm73Wu0HtUefT1rNdPsJDfqEfo8mEY4EDMh+Fa50S9Yj6
SGe8X9jDaTEJLd+yL7xEvdEQ7FxHbqo7twj/g4Im0OeG2ngEchWlYcuOrlgog4bv
kWwcMhOCcQ/9242sgCTG/ATAV1ix0Z16/WCzzY60Zxk1eAlP3Ar9NiQHGuVClR0o
QxhlP/1KvyVMAQTtuEposNLUdXMydq8lVErFuopYej3NJOPE7eA4BeIXNyrhxqfX
j23tfb3/C4uHEmgjnfW1LZIjwWrOjoEZa2+lG+Si7YQWLLJWFNqEEH2rpxQMnwvx
282dIYpyY14PDLLN5nMltY8MeMaNp6Q8rOwTDozmmZ9RONzbKJL3FxSVENKgdJTf
v+gpLOvXou6qDdidAqxErGM0j68g8Rnsdw7Lj3FQH7JjLZiR3EQgGxRKDwTsV1rW
ODtsNyKBtHDBOn/zOFTmgTVpYol2x/kV22C1Wn9ZArHFgZDxDyDjjJqxJwHlgVdE
J+bUZ1C5DatXxvjpFhrTpUz1dvsTsq48cmepEiEnqYO/33uU7KIqjBxY527dagnR
q01ntVycY4wiLKjuJHHHy/b25ORyxS/x6nVYJsoRNXsvYCZ1zqHC7uh9eQStAyj6
zotbPet++u2REXKSwzhI+6mTCrFkfeHxt3BqTPAxHPxsZAmquayksNs8e94G5LnD
VLAbdtwuIdeuz3rDWObafnaOVXD8vzjoMpiZcYKubb9pdFQIdxpYXPyqwz2f+c8g
9VnLXajpwqByOPtLT5knKWMbsXJ5Gc8sNIGl1blYnj5ao+z6JNV2qqWA8dukpM5Q
/KwmBvR9/RijeIEPGoqRcwUi92fuvVJV7oZf2ZCCGMLw8W4pSrzfs/xdOJslrTgN
trDrAOKlraCKJQ5zHwZyg+c65KUe+5voj4WTu27g/vWTmPjF70htA+UIYcsNVYU9
yGuznj6x/2EV7rLsUTpMqMFN0s4dQl4Hhfr4gaoDROb7bOdkVtWAvwP4c18wlJA9
08X9kQNPqID0M0NOruz8JO8gyTIxyAmopnEDREvMT7JCGuwPM9YRE64pVPOZ1AZm
STC7LY11zMhZL+RvhwbWqjkKeKN3hQM4/45BHGFVgg6k5iobcv78lZHWO28SWila
dEgJLSobB9ieOTfrWqBrBBHjpaDwuyjS+QwjsF8SFLdRD5TY1IugUvW5Swnucikh
X1rK/FaRRQJGzUesrkN06LlpFiiRyW9nuDjdpaKV4P9pkEjHmtN3KF95LjJnXs+Z
07cF0sX2K7FY4GCfFxGPSsqbcR/6zAFHVPjgPGDH51yOTe05RWLhgGEWqt7mIeSD
ppJdnY1LDFK0AFbXAFnjxhNwlfJiLB4vdsFqxGSYXfAjns8vZR62PgSExxUMxrO6
P7oIAYisiU+9XuG40ok8RFCZgN2Qdy5oNDbYow8x3XR4BQu8+2sT9nLvJosjYNhT
8yHMhhAbJl5VWK1EaB2gMxmAISiCCkQQ4YlStMc/LUkl8XOdQmf9SF0L1puuGEpM
V3BhxNxCReiXA8ulMtnytw++lhl3qapALVu5OsJBQ2sqrhc7VhZTfiRQHr5s/i97
OrBb1ZHv48NblW+tsS0Vl+jW/7AMUvQO+j7wYDI8Q2GplujJ08iHxZw/YDjR+up4
bmQjK3xySaCi9Ef58KYOj0Y8ITvS61GMn0bCkL23UGNwISo2gPEcStdOksZtlvGX
X37skWsFPD3M85DqQeckjv3PFzGQL7ZZLUQmmYqwG43DKrDJSZld7VYHmTY0rrMj
gNo6iqzI+6Ygi81y14ZWTVeOFIH9tOKvjtuJz+90Qi9vEbDqF43+hiyWVg/aOke8
4TGy7BZp5j/+SCr78/LvTko/5gafEymhaQmmsR7hskt3AhjfTyUfq/cAtuIm39U2
MmXRwPdrzWASGy/lF0QnrgB0T85+ID58J9VaP78mI/BtKO20wWMTjbabR7J3Rn+8
KW4H6eewVWBqghCnsJQuqibbZeFDjFgJ9kIaTvGD0TBehpp9TidmppXM4Dl4J+V/
u7dSL257DzlKkk42gK4Cs0P1dZwe888KIABF38AZ8dnWtD492eYxA9We6NB2ru1o
K59oloZdn+slcF3DLfvVpyfkZ8o3EVgAPVXiDfHWuVp1gL8Cv5ahVlk9BJSD1CgC
Vwsm01V1E7QeNh3gNdQI88tu4wh5SVFk4U2cYI+dDMFUVDMzrUI3tKvWXNZOzn4V
Ce6Eu2JPIcCOYUwDHpsq5aj9BPKBguhQQybDpAAkgSZLwhzAD7rEvo8TU8gzZ2KZ
zH506GoFtU4oNinnrvyHX96/bG/VlizOE9YtQNyEfxxSOBsZD9jgd1pG4j/FDF1Z
Ib+KUUo8Y7GKlOu+l+/WIVcp0nIsyIC4zGdM6DThCT6nGrhKboduTgF5NRH/Hf03
Vrbj/ZarK0t1gzbzPgxotZiUfCVEuav9AVqxA2Zq5afs6bRfohqyFqwKHiYV19C4
m00v4HisEFDGG3f5+Zj/x6tnX9QxR81DOomUooh8aYs/iAz0nrKyux6GMHSlj8db
UbvQ+1VvNE3Fj0xu46HkKzGtFqpgXxzDLkE9e7NJ+Hw4tbOLfINQ0qS7iTcjMbwg
snexBuL6rf8NF28EdlqQzCPLZVhnOd1+KKJS7V/M8u/R/y22+IXzFSA2TlxhId09
IduZ3ByCz2HFJfVj7SameC3KANbRnBkdud1hclIBDS5Hhpqk4M8i3zmZRZWgLyjR
edtSaHuJAlHiKgAtQVeIzlL6Ilw3jVoHL0vOdISoQpoWWhejB9f47KRmUbdb5Pxb
Ot2ylXJKYFfoCQUs1xkNAyynSJAJ97yEAZm7aDmE4bjs33pz4L3nYxO/KUY6EB/E
eGgPk3Cdvt2JYY5BuFoxXYRKQgZ06c9mXzavJJXXWQUUB5k2QG0uyKPmwNr2sdJQ
A8ehhmgGws+7qXwZQEcNC3W0vmiGOBDYP3JVJPiNLFVQN9k8ClE7+0emFn2UcNyG
294hO1G0uBPAbCdhAyDnNpVj5RS0EgY647agQHyp/gjSt4XeoaCIKaalb4iGpT+C
4r2BqRcVUCdE3MRQFqiT6ccm+8h8eA7xtMB8c9OgUTEIKk/WSc0DUsCJB62Plgtj
KJ4xXQXTzzUCDMnACFp6mBTd3g2ZbnfHKSyJdAvPigVbA+Qhy2eWUTYpi6yjTIyT
eaQ2qafGppn85oLFkdgdmE3Ty1UxOpAsqLyNlNAa6YT3D/0Jl3VnfhFKlmywWIG6
Z2SLd0r07xoBUuAKHkFUuRauGYbVbU/Frmdylv6I9DhCqV/XEDa/tHOa/LWugvb+
x5A+g+kZiTiWRRLZYHungyjquAf/zeJsPYRoQEi4KHAQ30xCDk/dhWdhDBnUXT8P
hzMj8VN3yjQA1vMNA5uefj2/+MIkLkz6+XPl/lJNLFHYi+EERgxJ2mFm/s02h9NF
NhyWBsBtsEwi+rVbfcRRBpVjR5MwUohNHMGxwgj7rzvUkDe47ueXDP74j+JclO68
r4jQ3sob123uSYryDHBZxZSbwjFU2ufE8W+XL/NGwTw04alHZfKsH4x4ZbGqwunf
U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0
sAa1LzD78Dg4FKO8t3d13Q==

A.1.5. No cryptographic protections over a complex message

This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.

It has the following structure:

└┬╴multipart/mixed 1357 bytes
 ├┬╴multipart/alternative 780 bytes
 │├─╴text/plain 206 bytes
 │└─╴text/html 290 bytes
 └─╴image/png inline 232 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0f4"
Subject: no-crypto-complex
Message-ID: <no-crypto-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500

--0f4
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="384"

--384
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the no-crypto-complex message.

This message uses no cryptographic protection at all.  Its body is a
multipart/alternative message with an inline image/png attachment.

--
Alice
alice@smime.example
--384
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>no-crypto-complex</b> message.</p>
<p>This message uses no cryptographic protection at all.  Its body is a
multipart/alternative message with an inline image/png attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p>
--384--

--0f4
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--0f4--

A.1.6. S/MIME signed-only signedData over a complex message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5229 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1274 bytes
  ├┬╴multipart/alternative 868 bytes
  │├─╴text/plain 258 bytes
  │└─╴text/html 339 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500

MIIPEQYJKoZIhvcNAQcCoIIPAjCCDv4CAQExDTALBglghkgBZQMEAgEwggU6Bgkq
hkiG9w0BBwGgggUrBIIFJ01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImM4YiINCg0KLS1jOGINCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9ImM4MSINCg0KLS1jODENCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt
b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN
CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
IGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh
ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCi0tYzgxDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt
YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+
PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4
PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg
aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl
Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l
LmV4YW1wbGU8L3R0PjwvcD4NCi0tYzgxLS0NCg0KLS1jOGINCkNvbnRlbnQtVHlw
ZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQN
CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFO
U1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJB
DQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz
cWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytP
bkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtE
RDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS1jOGItLQ0KoIIHpjCCA88w
ggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3
jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLY
Yy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dP
zZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5k
sKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5Deo
ULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAM
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJ
eKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30i
LrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc
9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94
M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCq
h64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOU
Rza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnX
MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92
ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2a
f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z
34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4
xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3
vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3
SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCG
SAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUE
DDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYS
HJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0G
CSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sY
onX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3p
dpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqD
IdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9
iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyH
AVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kp
olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAxMDJaMC8GCSqGSIb3DQEJBDEi
BCCBo3TZITs9IUGlq1clkkamrYq1pC+qAOmbM6mBrJaWJDANBgkqhkiG9w0BAQEF
AASCAQARpMjNRbLD+Z682oraEKCbEbDsym9Mrdu6nkcZ+ivEj+AHTU9rt+LBdvTb
gHEKrWW8/HJ8C9eybTU4XJlVzbvGLRFhLPrLNz23qygzUH9AJ3nONY9eGAHLRagc
Ij3L+IAoRjfC3KO00s0/rLfb/l4EmMLCUDJlShrsqCrFfXQxKi9dWWvVZUzEsGqG
lhkY58o+No6WN/0SsWTHNNXrg1RKql5PyaHfWtySsMZjUOCJrlQDMeKBSE7dpTjX
wA5N/m9eBDASJyzlxdLOHGfJ1uWn/VR0Lm4xbscAdVJEm5gaH9o4QKf7jXAl7O9n
yuP+ZEhRpnjHfJ3XjFKuHiZ36Yon

A.1.7. S/MIME signed-only multipart/signed over a complex message, No Header Protection

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└┬╴multipart/signed 5185 bytes
 ├┬╴multipart/mixed 1330 bytes
 │├┬╴multipart/alternative 924 bytes
 ││├─╴text/plain 278 bytes
 ││└─╴text/html 362 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="d66";
 micalg="sha-256"
Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500

--d66
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="7fe"

--7fe
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="848"

--848
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection.

--
Alice
alice@smime.example
--848
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p>
--848--

--7fe
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--7fe--

--d66
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCCpaVCRppoO9Sw65TWLCDTpvw7N8HHyZsFXr4qP43kV
mjANBgkqhkiG9w0BAQEFAASCAQCW76eXVAXnm6vEII1CD4QNEh2kpQeBr4/NyspF
5VopKxNrBRfQs000ewQ0y2n07BUJtVyZrZOdrP5cG6K9KByxVGgpRY2Uyllz6hUA
K12zvtU3hU5oKTKVgNtDMh8qCMVqYdJzFSZ+exTGLIaN88bMNErzw9Id1F5TpJYF
ISUP1mXY1+GpjuXo5WEM8c7cfFH2/uDw3PSFILmuXowedbBptFH7ccGhNg6huY2c
AxIADVfW6YVG3SWVAaTHUM0QmvG9AyV4d0dce+p4aoZfhUfjAF6nWIRLcrfu18z5
FBxL02+VfWaYOg0d3TgScxQgE2vjAgdz+TqDbQpPriQXf/h7

--d66--

A.1.8. S/MIME encrypted and signed over a complex message, No Header Protection

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8670 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5408 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1342 bytes
   ├┬╴multipart/alternative 936 bytes
   │├─╴text/plain 293 bytes
   │└─╴text/html 374 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: smime-enc-signed-complex
Message-ID: <smime-enc-signed-complex@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500

MIIY/AYJKoZIhvcNAQcDoIIY7TCCGOkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABKoUk6G/5pRCkn0XsCial0oDti/uEUw6E3T
PAqN2WP4KjYkf10gKJZNaJYEGhOmHfu1r53FsuW3jq2IS3A16AkpZHY7ROluKpAV
3qkTBDqBnsC16f3q5uQxCWZ3DOJDvf9X48iASbXArXOjGk14lgjW8GeC5stnK9s9
4O5KpkCQges3lVWngSPYxGkDgyp1xjvftn7M/EnXAKf6F2ujLp7is9EgEjdK52zV
GE6Pqqeq8hy7Cyqlz5pWn76MTbgjg7OxXFzDCTePXiDPUCrOoCxwHpj6yo/bfbrE
HDq5rZXDY4ZWyHGpTQbVLA8zMMJqoVXiFz8NqNeDwY7ApaODpU4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhI15RwR9LLMR9+cR4l8VmlBW
PuYAz1vENb+Il48IFNmnN2xqAU7ATw+HvD2noH+6yqf9N0fXz9/ARD0GtsGrG+wS
s0gYC34/x1zwZ0DWIvrVq5yPsly4Qd5KkFEo8ACtFJFfInL3KaHg7SMHYObg6OcT
izGKSOp6wBNnVlvknSoIGjdg7IMFO2dVeqUXCkpf7N944kqvfxJXKPcOgleAG0Qw
n2v/gJtM0hsB6lQhh+vc5RUYIfmX4N5hNW7Polz3NnYrPPB0QFBGyAiCuFFEoWa/
nj+DWJbH+cYYyWXBMVcqasx05FCNkuX+RcemRzDHyrMQEs1TFj7NxSYjvjCaXjCC
Fc4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED8PrzsI9SpFxgbjoB0E0g2AghWg
gsBBxGC3GwCWWfnJH4kpa67Ta1NLifl03nBkTKakYEGsNRk6BvffDHiQzB1dJg25
NKp4YLNTAWPLW2OP77KAvc2NQooQgP2bSaaNSuEf7OPnfhb/p2rLvLeMD5o6aSbp
WGFcMaIhjqmNAtp1BPBANEyDgiTdIFP8mMDklvqRIFh2lJNRN3bCQqfYxH9dCfaP
RLAmqGnkaG4i4BROgn+kHCprDoHvlWy+4l/iIi8DIaKSwDIvsbtk5yVhUNpbfxZE
wuKvVdMDRMf9BPMY9QgoK0BfpmovhMuqDClzn9503Rdv/Um1NErlPj9fNgtEZg17
bxKvsBRAX6k2J6r5chEjdiMsoCB+niFL8pOIH5sj0G556MnPWFfNi4bRehRzq5+o
91iYlHfNEHTQDNjPSc8zWfH/KqcfymxoRY1cUdXyuE0N4E1FSdlS2kqLkJYXcIvJ
9ReXT7eyUUrV8YGgsFxAXmjQ0Ky48+TCohDsf2BzgMaKULGjiHwNQPrd5ojhWZiR
RzVbN+I7AVeu6pDbs35pEyIypgGXTMlNPLzKuHcF+XVuQ8bDJzOTCoEaYTc6sXwA
c5LxLa3N+p2q5J3PO9hNWY6kt7inpommoAr4X9JmUvCk5Z7rQWf2WWkwkA6GGt5/
Wtpkne+vk5L2fFKK+DfBNv3f/fjhp6SIgkShF1h69iNzgN+SA/SMQ7c6eXB9WMZv
dSLKt6dWztY2Xd4DvjiTaQAT6mK2MjpvCxoBbEphmYqtfBVibLBzxVr/v/rBI5j7
sR4dVHyN0/TMCktR7qZfMdfpDyY5d9uabxzUI0sGKJOxB+fQ7iTnPCpQBGPZCUeJ
41CiiNif5ybqgjhzl16Pv4UXQfdwBnR0qf8r4z1rMjXO33LM8Vo4H3I3YwFlFiUV
FwFiDFXccPW7zQnUwcRA8cFkb0xI9oLFyWQ4M1+yhJ2j+x/cLesukAWJ3lDSX9nd
obBObwCRjPNgYwhbG0DnSK0dSU8oAm2FA65T4y+rkwaT2NnsFJsyISHHZG7LHlPU
lFwRQ+FND1LO8XUs+ZYj17XndZ5tndZx3wQwHmoweejvJZdgx+ThS2I47YBw/5kx
Zd+mJQ0E0Uc4FWhtGqSw0l95727xWbF84HEYnC066DaGFGFXsF4bF2+ocq57kKWa
GSFFm+San0QoMWj7brKmfRccX+MDhOHFfFvVsJ4i4VbVvSNTnazKZLndeZcUwMAk
TWcVLXwEnPdQpQCwHmfxbuYj7WlmhS3YfISS8Yu915+/U1zPlska+jGJi4W3YN69
FjGjcoRMn3fyGgvwaITiPcSF/r7QATQOfOiI3vy6KZTHBU5VNXuKYV5yeC2Mf0SW
pgwH2vaSlBBgBQDnG44BL6JDRXIC/0JfOaS7ouutPWRWn6i5z/d1NA89f2g1HUbh
gFBJhM6ayBU6nAAiYDLcN1yGpPykDTCF3QgJsw7hqcdZuA48maulywP4CR43XiS4
ouRui/DpJk1TdwI2oBY52y0dNb2RI30bYJHCmbxpTJ8yVjdQjjldSGTBs+7ScV/m
axNqcLxf4ciE5BGr7TVMCCEl/s6yFbL4BrEZKgpaf28LiOQdc/3sWA9jpQCSR10o
xlVurEK7fTNQhMCTwd0wxqrOZhPm0HL2GcKyIGpAJh6UkkvOAp5V8pDJyzMxmKpH
K20PQqWU5xVeMFF1Aa6HUOuFYCMb0fKRaWBo65KsEepQCNHcQszQT6PywIFt20Ny
y5jbiKzcXZ3xpJgGRWeCHrM+w8/bkA+yrzAQaFXM9OVxg9pU7ov4YTxn+DbzA+I9
bu4ob7lehti/z0AfmowF1db8B9ccBq2KJPoL/r6iAunDoppE8p8P0n+KKX7Ns59f
MA9cA0ujcnWX2rptYxrJXub8gqIfiPo/6HUCG+Y63iy+MsFXJ6n4KdPbcBQXgsZU
XsOkuIYpdjAZMsy0trlgftS71fwY+6z3Pirfzq8I7SsKO7IBOqbuOGRxw2o6En14
i4huYm7fizX5oWIqQb3+nZpgX/mnxyPDSrrblgsCl9IW2NYbIh6FibjG9gOXzSFk
AvVjY5oPYct2eorxyKdYl8pZq0/mSQfbHSVp5iCOxRJr7F1l364F+KsunF4Qg6Qg
4qye+wSXYiBDnOIzWRGNR9BPbvwHWv5p0mv0eDObVm8n6kDvdLa7IJnVN7VJkjGr
8+RB/uWTX33h3N52sRbEs51sstdXkg/4H4PwtxiIRviWWM8bDcXmMjclwot3xvej
xgJ7iHbgLsLYc4GshIk/lxxaUbZdRJWKqrVRJtUP50AKALjldfUGuKh++Z2SWSI2
knZOJRjvaWECd0soQMOvwP6oCq5xgKtovIr6JPNe48t4DAAlIb+vvbzHPBVAm1eQ
gqaZ+DzpYiPR/+A9j9u7q4CtNAXbIep6MbV36W51oix0W4La8aINl4uXxvM/ahHt
nVvKHs4MQfUwT6CoriHcyPGr4n6DudlLzlKHt2pvotyR8LFUSdfrWaXoZK7gHn6t
IoKAfNwE7Kqse/JLcVDBkdQhodLwyLWnVWCmabwjUtBr6zMApjpLJGsB27DV7IOn
VqaBMqMOmurYA2/+zgznnxQeK/rFutc7hckG6I+MO7T47JRgmWECNYp8zbBVsEkL
A4TDTarRoLLz2z4GaLmFKG1YPR/70urvWINp1YbyhCwZm+WvroLRmF5dYpiVdbXj
9DUzI1ucxoGKEAWXTxXq9RUmHwNuDN6SvILzaSvFzUigygZgMjCM8CvRK3Nf/rAF
sHp80koNZ3cfK8Z+LPMHDEdMXuep0ahEhOTBlpVbeq/Idq6rpOkjXpvcowlyj1Jm
L8ADlcyStEdVViv4/VLyzDSeDLOIqBz9RTBLfXb4Ek2h2nFJ7MpH/BJZi253VYxB
xXc9NuJ9M1odj9uJJNS3n8U4gLHFm1fjGvGAOExd5M5qmN8b/ASoeA6oHaSg39Ur
27N4/a2HpnRWck9H6aAOB7PQyh3L497/sWs3yoFa93Mlwe7vO4uYbW8X34ewXTNs
oX7gH4lRuj+XbbVM6DCH6KzNOkWyazhCNMGBTeO+txUZgoZD01OgAQQE2JPF2f7B
OT1ZeYkxSDLJH3nkGzfzvhvJ1b8eRUT1f9JrDdm+qd1/fGt+uyTIMp7GqovjiPJL
q/NbbXq5CrtUZf2rBq6pK2NM5l2l/43h37gH/xMJH76u/VdAbcXRkq5HnfEuG77q
VXKeoZDsXgwdhQRP3VGVKjCvqLpHs/rXco8v2xGDvqAnOT19mXxFh1jFl82KFbQq
XDQCJnyMsG4Jvc6Zv1mFyFba5GaMwxWq61thCVEqWA5AwnMsSnTnsyG+CpBctyWZ
dAOkrjb5/NAgSAsta6S51Nk/7oo+CyEt/yOs+A19kPFdtBjtEot8r2YXCLg9gqbh
exX1kgYR13wh5x4LpVY5cfMeLkjKWmvUfTPSmVLdjBYuG21F+Sp6T3Z2znQqqYEF
7qXMocZHhLSLWQOj0bk0DVL9AF+hIvuAlB/urwWuIBKdQyf1tjsS61u7VNQOLqqm
HB7vNkzdkihIyNU7f56a8D8k75GLF6q9cvZHfTmNWYDOxsU9Po0CbX8OtffpxmAQ
ikAi+40f0elM5AMV1Au11tYuA6ckSvT/PqHZPsU4bFk365LIZRm/wQ+Lffi8CZOw
S0L52RfwSKIP4kjjwYHE03XoNXVM3iDgBesI1HMVJQYeP+kLUPrzAtwxtQ7Lccv3
oLVtVDK0a2VR5DqW6oluyNPddsa/RV4Ld+8GVZVLA+iuSziaW+bmD23OtLw0ycEn
4pB5heZNxVSvQ5NzE6mY6AYLolSN+trTT9hihc+Z10hN+S2z06w2M4zKYVCd0Qzo
UnMbJNHbPgaGRDSaLl/dBmezCL0NuHFUklZUCCKD5ut5fTFCY/zEpe7Xky/2WFS+
Tk+9f9A6Eha5zVx59yTwriWgiBhyu5zOq6vJoeiYoKluDkganEVKyco7Cy1ejEU6
C8Z/FzC2iuoXf0hH7/D+jSmMhKkCu3bFz4sR4A4+ItamCFgA1DoeljCMrZwLwZBz
fEwajERkr1tVW0YvyzBB8Qff48MpjCmrGcpi9WRRob9tXzf7DtIURwgXUDAEtL4X
ApSmswV9ZG0UrSytwzGfFz2v/SIXIcZCcgWzGx1QhpnjyS9Sz6AFz3Ba/SvcUk6Q
r+Hx6HWqdN4MEVeUnhFwCK7XwzNEA110g4twEYO+M38F2LDXzvPAQkmKkQ2BwItc
3wpK9Cl3d0Td+TS+bxdKV89YoQNIWw37/Bzg2uSerSsEmrmo+ZGcrcZtGlZX5TQK
OHgkPM/CUztbjKFcv1mCBF5DH4sXYVNP4G/OticVMLiL9QBIeXAZcjdb0CuSkt/8
gZyhCDNzVN5me/fhtN+tuTjTETaQFcF7ErTOEHokvns//NdpSFgrUvFe5jhc+nMZ
VryVxxW/iDk76C+H1HxF8LWAlXeeVi0PPfeYX+TwWvaKPX2wBv5qOy4KlX/NvJGL
XyrDB8NJe/csuU21wsKs+k4qlsoDIz7U8lU8JiZ2oxwYFkffqUJBlncHnjX7jN95
bBKMolpwSd2Rvnin/X2L97QceFPoMYxWA2YWbVHyfXRdQoNpFHGvDWREBqZGl2K7
UTqWptWWsOQD7MGC5bmGDFj4sq0/D4F1HoAwHDjZ/t/BSYXv8JsahPT1L6ymNJ2J
QpYkqkUTFoAcPGGdRY7V3LDFnprFHQf329krDizoHx8zXkSWX1RPW/SB8jcxkbKT
5nN06+GIJI+CmO+YJbT1OQ8a5bLDAE8rrS5K6d8LAS2b1zX1tnYSqFWIyb84iEG5
sy6NM1VU14rWIzEVnr0iJmAn3PLDGxVtVKJMlzp5m4EZBESadPFUwdLKvQXQUFeK
bmUo1BAcLxaemP0S8LJ7AS7mfQSHTRQGI1UCAU0LTuEQg75kQtEPdic71NjorMEZ
a3oBk72PFLq0AMF3KZOSih8PQisdlUJckiUqlppbgoxTJBbHWd7Cb5GykRb1Sy3X
hLCfuvxZ4ima8SCulHGfDF4StdJMdpqtfdn0ttKbcRkMsIVHrNhwwdIwLKR+JXUW
UotEh3clhvEkuMvzBtkJLG2eEbmCQ7tSOkZB6+fqCJ8rwjFYrlLxzsrJZMmN6+Wk
uIFRnM5GAwdr/y3cNcUA0lHliXhYjZ+aux5QqM3hnqiXwRyjtdBqjZIAZdfphdYf
6kIuJIsmfvT2vV8IWKzoWeNswd+n+u6qqVWGSvIG2u1+F1WhKS+35kVcppVawtA0
BG4wMhkqEBJg0CIL3RE3AMEMvswp6i6xwuk+hIOlfk2hhenTed8T2Y8vnAZiTxk6
rmArxR9BCXWBi10JryL4Yr9eHc6e/eOhhxk+QrKC2nJs+QTcArXdLJvbsYXdVNuM
Cf8xLegWrkMRsK/FbarFPHzESH2Chy7Q1DbY5ICyfluSvFFlFh91FGycMRGgd3rr
ITLV57i2OS9blJVGZNoF3bmRjejxCCHgl5A+Qz5Jxszsi6HIEeg07IrhE/CCtike
BfqlJvR3rm8XSZYX6Neo0aqbXOFAMp9YrevJrZ1hIPT5BfBvElbyaJYGX/jWeqx9
7nJ2Mh5MxNTnzz//xTdqCrU9gCk5bBe2ZvDwnZ7nCwXRbcNd97+x30EAdHirss/5
kZyJwrWwuDGUFVinUYf1i1Wo2a2dEHlfYymNr8Uwe31wRMJKqqy0bUhB/Rez2I2t
7U05g0svEnAz/SPbgGk1TUvqcxMqC2GmpPq6Tfk27sDfUCqYKgrDfE44Q9IszBpR
fAdMTIQLtUWmLCq7ZM2yFkl2mx+ymmEaqKA+3SzC2A32nZ4IKqebD3vIYA6c8aFn
V8OHuub1VAvFsGjviVitZmXL9wTvTLCFzYlRoZJWqmgH+oZZJ36o1tYaEobaTvCU
MfpKuuqQO1ifjFtdnO5wJtd4Usw9OngspR3V2EoTiUC4+oGJYQ1ux8ACWjNJ9vEB
pH7DBVIIGyiAXSuqL+W77PRi2I6xnhA5eWR+jUXRnr0v4DGjdsQ8LWeyS1APmCHh
Wbf5p/Z6k3mcMF+vJz3DkWq5BI/horJK0/lLGGgi2j4klnus2H52OOh+f+4Vn7Ky
vYby8jm5Oo6RXgAgc/rFoUinUo3//syk/+xExYZYt37hL6PlewkeG8vhXoFvuJAJ
gi0d7rnqWYuse+UrzUrbp5z/UpJQp/PyY6rdDlScWQp3WJYSNgEe62EmnMShGf+q
TboTsuXy8MfKltJsV9ybuJGZdtA6yIrlKwj8YYfbPX2neXmZrdnDMGkOSfdGi3lU
/yXCBPWOnMCR+MVWVXUpf3wfXlHO4nZfNtyVb/v7e4lRCylyayXo7g2rkmR+LrH3
dEnczDF/LZLbDnkizNpzlgLU5BAlk9rDW6uwyMywrLIYlttVnRrHwjAol6US+mjF
sZib126lo8EIeHyccGZIqfyTHld03m32IzMnDnl6dVeX5TAuBmDuNGbXHP4h2OSG
m6tUHSFI9fMxO2pBT1Tts1kjYBU+jMenqI8GxpP6DD/Y8PUbxBNoPoP8aVR3rkBk
GONb4ksn6zWoRxT4XyaPvmImvFX5nkHHnvkThvL0DaWcwuIOrjtqOJwmPBTOywjA
KYPPCK7qVCwVAssJxx7adE1W+F15UoTyyyjpe6pVtgO90lGRcprYQnBasw03kATd
k8GFN7Ej37OiXIvrmsJ1toHzlhungW5uYedaTMBNmw8iU63r36sMhj46i9nML2jP
mUjfxMeMvQGMIMmjDBN0j10+5tANXtQY8CdC3pSJLe0lmIIHMB7gTlf4QuyU2LP9
5NRz07fwamd09k3N3dIeAB0I+YJyeElO69772qnqpiGnx10uq5lnhEyvtJCyH1tS
vWUvX0tyAFfuIBkdyCKMFP6zhHVxZCCa+r3W/qrfON6GH/tJ3aLdilvjwC2zQy29
iuNYYJoyAS3PCjC7CL41U0kAOBNJPka6Vqn6PwxpnxGaZZyFCSU2fpAvNyT2auOh
CmLz/P0tNE7z7l1JXqao62CoPa1dOQJ27NbEjsoR3GobhcGQQkYb3Zsss/y1QZaa
9lkTdk02ZDXfPPyaIUY46+VA3VcHlmWxChZiiFpqOdV21aAt+f4PJLtspE2/OTEG
GqHngtafmMV75z+MO8ExXvy5YrI5N+S2eArIteQxBjNs5DjXnsPjE3CGwb7GPx8T
XMsEmWDQ7TDtqFSUzHAIb8EieTziP0LL2LOd9dpE8xDH1X0gDC82whSxUrZOa15Z
iJ1sZkS1VRI/iq9/5zc8BX+218FfdN+rbHWZZAM02ge1IMyOsLF9qaaiR1K9ZQPJ
lYDLcCmnS6Q1oKA2JvDOiB8sbrpKLsLk31lcqCrVJ9eOIqnA4yAijsCNiUjI1DSC
TefQo1PVS8qAGhfkcA/4nw==

A.2. Signed-only Messages

These messages are signed-only, using different schemes of header protection and different S/MIME structure. The use no Header Confidentiality Policy because the hcp is only relevant when a message is encrypted.

A.2.1. S/MIME signed-only signedData over a simple message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4213 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 566 bytes
  └─╴text/plain 228 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-wrapped
Message-ID: <smime-one-part-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:04:02 -0500

MIIMIwYJKoZIhvcNAQcCoIIMFDCCDBACAQExDTALBglghkgBZQMEAgEwggJMBgkq
hkiG9w0BBwGgggI9BIICOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0ClN1YmplY3Q6IHNtaW1lLW9u
ZS1wYXJ0LXdyYXBwZWQKTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LXdyYXBw
ZWRAbGhwLmV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
PgpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIg
MjAyMSAxMDowNDowMiAtMDUwMAoKVGhpcyBpcyB0aGUgc21pbWUtb25lLXBhcnQt
d3JhcHBlZCBtZXNzYWdlLgoKVGhpcyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBt
ZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEg
dGV4dC9wbGFpbiBtZXNzYWdlLiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2Ug
aGVhZGVyCnByb3RlY3Rpb24gc2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1l
LmV4YW1wbGUKoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV
fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK
tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M
RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0
LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw
fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu
OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3
QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo
7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95
0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW
Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC
n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9
COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw
HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA0
MDJaMC8GCSqGSIb3DQEJBDEiBCCt+Ik56mZTd2mpSgOXM38dS7jM5alU2FDX9/58
cga1szANBgkqhkiG9w0BAQEFAASCAQCxKLkx5li14OIOcH2tcWqcsQilPLgQ30ck
qhJL2X9/Cl22ibOGNwL8w3qSEBeG1a+WtHw3bSqJx1ciRYcLs16ms23no5QoZ0pU
fRLmQuTEgObCf+syiTGnWLj8e+2aRVP1L9yEIbin6+hFyp4s393zYhdMOPAP2ruI
lg+BxoWXUjXso+8lPgqLawA+9KMI6tQZMnwI9LpGJmZfoSXdHWqWtjdotzZpqsKm
Ihr8DBKtUetqgZ2zqDO3zo3W2L6EmNM05BJUmqwAt/cN+X9kws5dAqtHDQhPNTa1
WUX0oTTkMzn1RAlOxfowEStSnfDOOzIqg+L7LgiMw9jhIgP4/uB2

A.2.2. S/MIME signed-only multipart/signed over a simple message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 4451 bytes
 ├┬╴message/rfc822 596 bytes
 │└─╴text/plain 256 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="20c";
 micalg="sha-256"
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500

--20c
MIME-Version: 1.0
Content-Type: message/rfc822; forwarded="no"

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-wrapped
Message-ID: <smime-multipart-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:05:02 -0500

This is the smime-multipart-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a text/plain message. It uses the
Wrapped Message header protection scheme.

--
Alice
alice@smime.example

--20c
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa
MC8GCSqGSIb3DQEJBDEiBCAFeROUUFydTkv9BzCYqvcfCJJbB+VZNk+SH9uvl/MN
fDANBgkqhkiG9w0BAQEFAASCAQA9qySzpCRsqdnJMDIP1oTsPBkHnSpqQ0/wm6/v
CstcO2XzeW0q1D0JHlYp1FHdz1fdJuEhpYdfGwoEPme/bItTYrXQWARZKdAMgZNg
TRVS5iBkSRqRD+WAi9rk87rKQmdVv4kMtWHoaA4AVecyAnACYUS7B+gjQmpxhCXb
rmM0507xLdXOScFyXPzz2NU77yHeu2AhWbLteuSWh07jGP6gOnD4uzYcoF2kHOEh
4nvEd6KZLwefp9jRxI6u1GWstrdUkOSYDr6nLFNZuUa82pRLBclGz/OvHnbY2Xv1
1K3AEOrZvnudTWhf/1m+Rnl6pSyab6PhlfwJreF3UbQnY3CK

--20c--

A.2.3. S/MIME signed-only signedData over a simple message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 4185 bytes
 ⇩ (unwraps to)
 └─╴text/plain 239 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-injected
Message-ID: <smime-one-part-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500

MIIMDgYJKoZIhvcNAQcCoIIL/zCCC/sCAQExDTALBglghkgBZQMEAgEwggI3Bgkq
hkiG9w0BBwGgggIoBIICJE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl
Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l
eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTA6MDY6MDIgLTA1MDANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
dD0idXRmLTgiOyBwcm90ZWN0ZWQtaGVhZGVycz0idjEiDQoNClRoaXMgaXMgdGhl
IHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBz
aWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEu
ICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMg
dGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyDQpwcm90ZWN0aW9uIHNjaGVtZS4N
Cg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3
oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4
WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoi
ZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3i
Ox7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLo
OAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqU
uqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8
v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNV
HRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNh
bGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB
/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgw
FoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCc
sTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPI
FlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMG
HjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M527
4XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P
1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1
SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0G
CSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQK
EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxh
Y2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+S
tijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc
9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rT
iz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJ
C3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfo
g8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOW
wks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFl
AwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAK
BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeu
KWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqG
SIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2
doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVY
eDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqG
JdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQs
Pn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcs
m0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw6
9Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCA7
4grfze+Y7DQEGFAYHyyvRpNkuuZFR0V+RvSTvu4FGDANBgkqhkiG9w0BAQEFAASC
AQB1KYVvQNZpe3EKeM0XhJrlJNxneVmZWFCEl5YFeRsO8FeIwJkV65YtFJKjOVVy
qYuZBGz4MsKaddXxAOXI/Q7cJ+70d9iOc1mL3PD2/U6DOwwhNfJoNSK7miYfMASV
42TMJWTt0T1ORJnvBitjkTuZDus1tp3xwxbrZTa4pyGaXEhBW/Fc4z6L+z8hpQv/
+6dw3+ORgfc67VTHVnsVVfb0UPrWvdxFdL5xYdqXxlhDsLMEms2ttHHzvjC003Kq
As0xMHEmMpfdL5M69MAjvroOUv0SXETfQaxca7IKd+9xUNNRretZ9xz2kn2uD+k7
unTEyVGeHrWmQMw/8MdvEac/

A.2.4. S/MIME signed-only multipart/signed over a simple message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 4417 bytes
 ├─╴text/plain 258 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="12b";
 micalg="sha-256"
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500

--12b
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-injected
Message-ID: <smime-multipart-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
Content-Type: text/plain; charset="utf-8"; protected-headers="v1"

This is the smime-multipart-injected message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a text/plain message. It uses the
Injected Headers header protection scheme.

--
Alice
alice@smime.example

--12b
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCCXRoUdgR7J+TnI6kw8MpGtWVJPCnoAB+XfkDf78dWi
cTANBgkqhkiG9w0BAQEFAASCAQCitU3JsEMd9FhqUu87UxYScDI1pDfZnX1vjges
xBmmSy5lq5vvs+axKK/hTOR7YLSuLJLNwxJgDCPEmHi1hV5Tpj5mLH8qEXu4c+kK
s9is53v0NvibhIvDEpnqNvL/kMVDAk2gTqYHCE2Ij7qcWWNhnGdweMJZsBvLy/Xi
BLaD2t4qHY9lPaeMugDrxThNWEhjoDIoI5f7NpBPYvJgB7b1cJhXqil5weYrJiGr
hyTr56lff+Xjs8qjgrrzdJ8HHeUsxDJulrX8auo+pIKudcu41U8Ben2M9nCiVbEG
aqbbPK7xip5c/YZEaZWYAs8w+dif68J8Eo7QO/kkr45Tt5pf

--12b--

A.2.5. S/MIME signed-only signedData over a complex message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5615 bytes
 ⇩ (unwraps to)
 └┬╴message/rfc822 1599 bytes
  └┬╴multipart/mixed 1535 bytes
   ├┬╴multipart/alternative 932 bytes
   │├─╴text/plain 282 bytes
   │└─╴text/html 366 bytes
   └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500

MIIQLAYJKoZIhvcNAQcCoIIQHTCCEBkCAQExDTALBglghkgBZQMEAgEwggZVBgkq
hkiG9w0BBwGgggZGBIIGQk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjNm
YyIKU3ViamVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3Nh
Z2UtSUQ6IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1w
bGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxi
b2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDow
MiAtMDUwMAoKLS0zZmMKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBt
dWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJjMGUiCgotLWMwZQpDb250
ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlz
IGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWQgbWVzc2FnZS4K
ClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3
IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5h
dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50
LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24g
c2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS1jMGUKQ29u
dGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRt
bD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMg
dGhlIDxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZDwvYj4gbWVzc2Fn
ZS48L3A+CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2
aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFy
dC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwph
dHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHBy
b3RlY3Rpb24gc2NoZW1lLjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFs
aWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD4KLS1jMGUtLQoKLS0zZmMKQ29udGVu
dC1UeXBlOiBpbWFnZS9wbmcKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFz
ZTY0CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQoKaVZCT1J3MEtHZ29BQUFB
TlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hi
QQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz
cWxUK3p0OWNpZGtFKzZLd2taCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09u
SkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkKdmRQZjFRWjJrREQ5
eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09CgotLTNmYy0tCqCCB6YwggPPMIICt6AD
AgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
DzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVa
TC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse
2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgC
ReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqh
BwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/P
GeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0T
AQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxp
Y2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8E
BAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaA
FJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEy
nBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZV
jdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4z
E4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2
MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YS
HjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpA
r4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkq
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo
0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQW
l+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+
A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtw
s1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPP
dfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJL
OwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilq
kBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naI
s3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4
eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXR
n/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59
fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtB
iN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4
as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcwNDAyWjAvBgkqhkiG9w0BCQQxIgQgGiss
3bBs4a2FSojj2NVcmGx+Y2J2N13x7iIWxuaypk0wDQYJKoZIhvcNAQEBBQAEggEA
huOPBptjY2fcRzq9DPryHFCFCPa75LnQl2zLijpFMW7qyswoyR6BguvTEzV4kBPV
D2Sbh86FibwmvNdgzzXc2PJzcj6jtYE0R58tdO/ks7qOeIbtZUgpZT3W/wlEpnmd
Pr7Df4oVEV9qS+vJh0iNASJspYwccPwIf5fKCPJf5H+xhQlSJ1rLIhw6Cu2ogkWB
bQDijNyjP5jM1X7Xo3mP4ReuauS4e0DnnRMH3pDGUaKAN5dnEVqdXG1C76+yOBwr
/foPN5vjE8RMtte3DtOKqGeWwsoEcjinU77z6d0kIWQqNYUNmqDHJ7O/yla0xG14
IPJnl/JphEWKl3FjI6iL4A==

A.2.6. S/MIME signed-only multipart/signed over a complex message, Wrapped Message

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

It has the following structure:

└┬╴multipart/signed 5528 bytes
 ├┬╴message/rfc822 1657 bytes
 │└┬╴multipart/mixed 1593 bytes
 │ ├┬╴multipart/alternative 988 bytes
 │ │├─╴text/plain 310 bytes
 │ │└─╴text/html 394 bytes
 │ └─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="932";
 micalg="sha-256"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500

--932
MIME-Version: 1.0
Content-Type: message/rfc822; forwarded="no"

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="c35"
Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500

--c35
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="645"

--645
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message
header protection scheme.

--
Alice
alice@smime.example
--645
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-wrapped</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message
header protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p>
--645--

--c35
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--c35--

--932
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
MC8GCSqGSIb3DQEJBDEiBCCV9xSB/IVw/tBS3A32iIL4hLUx22Ane+7Zjas34KM6
yzANBgkqhkiG9w0BAQEFAASCAQB7m9+tvuIXlRpTmHv+V9XCZbYbMFSE9YU9DBzA
GYf9GYckf113NWwg75oi7MA/VHSDMhVkd1mBIN/Te+3mcnhda+KkoDIChzPJ3k7N
4baRLQi8S+a+JEQxj8/lUp2Dd0giwO9J8E7uHAzYu9MEAxKRS0Z9F8BudabXg+tr
8K7fQ/0WpjAs4HkSRZaX5eve9U1Qf99+oCyYvRmv+BZhTCbaic/8ZJuN0elYjbB/
IRmiN0dV4O1L4EpNacsFUYLpWqwUsMGrIJ4+b/xwqEUkmLnh41XKh1/OBp1natYs
3PP7EUNBBJebAPyo1ifT3LFR4qsa5QRu20X0JhajvnlQkWs9

--932--

A.2.7. S/MIME signed-only signedData over a complex message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 5631 bytes
 ⇩ (unwraps to)
 └┬╴multipart/mixed 1565 bytes
  ├┬╴multipart/alternative 936 bytes
  │├─╴text/plain 292 bytes
  │└─╴text/html 373 bytes
  └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="signed-data"
Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500

MIIQOQYJKoZIhvcNAQcCoIIQKjCCECYCAQExDTALBglghkgBZQMEAgEwggZiBgkq
hkiG9w0BBwGgggZTBIIGT01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs
aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpD
b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImNmZiI7IHBy
b3RlY3RlZC1oZWFkZXJzPSJ2MSINCg0KLS1jZmYNCk1JTUUtVmVyc2lvbjogMS4w
DQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9
IjdiZSINCg0KLS03YmUNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
dD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zl
ci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1j
b21wbGV4LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25s
eSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBh
eWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFu
IGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVj
dGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lLg0KDQotLSANCkFs
aWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTdiZQ0KQ29udGVudC1UeXBlOiB0
ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN
CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhlYWQ+
PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUgPGI+
c21pbWUtb25lLXBhcnQtY29tcGxleC1pbmplY3RlZDwvYj4gbWVzc2FnZS48L3A+
DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBL
Q1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2Fs
dGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRh
Y2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90
ZWN0aW9uIHNjaGVtZS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp
Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPg0KLS03YmUtLQ0KDQotLWNmZg0KQ29u
dGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6
IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlWQk9SdzBL
R2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0
MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RL
bmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpvMDQ0N2dZ
RHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkNCnZk
UGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLWNmZi0tDQqg
ggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0B
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY
60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6
kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b9
7enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMs
wt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5
chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQAB
o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G
A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH
AwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3
DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F
AAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX
/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U
8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXs
U4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZee
gSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo
2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJc
OvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha
MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B
bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0
iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7
pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rB
X7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQV
tkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/
2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVC
CpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQ
MA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxl
MBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQU
u/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpn
HGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40
BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeq
AH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ
2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYTo
j1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6h
noQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB
/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD
VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3
QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDYwMlowLwYJKoZI
hvcNAQkEMSIEIEZJTcpCQRTwXEI88+nlLqN3b7JQ6wZ3y/JlosQRxxY4MA0GCSqG
SIb3DQEBAQUABIIBAEj1f7sJy7g9/S/3wXfUqyyg/3Sr/4H7n/Wyxg+FP74Bi0Km
Z01zoauH8fpjsOg0fS/ll14j69FCkaFUqHYotT6kojdodBRM36IGMIHEPPYH6pAL
4K4CPk62J9PWRwlX+6HYPr+WDfSjzGAL5mDTzYVAuu2aUn46SmTUVNDv3UBaxQCS
sghtVe1snSHpJYz3LciIWyKrE+Kpw+g6cb9hVY/a4p9jHu11x7MfCQddVg2qjZsO
9TH1X9hfSzxV6bmFRZ39+MU/mOV2pxVYXyDnk6BX48PVx7C5tFWDtr+hB5dEQ93i
sQt3VRgv6NwEiyxqfxyQhHgpJY2+DqhoFgwbhkI=

A.2.8. S/MIME signed-only multipart/signed over a complex message, Injected Headers

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

It has the following structure:

└┬╴multipart/signed 5496 bytes
 ├┬╴multipart/mixed 1623 bytes
 │├┬╴multipart/alternative 992 bytes
 ││├─╴text/plain 312 bytes
 ││└─╴text/html 396 bytes
 │└─╴image/png inline 232 bytes
 └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

Its contents are:

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/pkcs7-signature"; boundary="a23";
 micalg="sha-256"
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500

--a23
MIME-Version: 1.0
Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
Content-Type: multipart/mixed; boundary="d03"; protected-headers="v1"

--d03
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="8d8"

--8d8
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-injected message.

This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers
header protection scheme.

--
Alice
alice@smime.example
--8d8
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-injected</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed).  The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers
header protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p>
--8d8--

--d03
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline

iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

--d03--

--a23
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"

MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCA4lKOx9a084fB6gb7XvsxC6U70hVOXe3FjeF9sS6mN
qDANBgkqhkiG9w0BAQEFAASCAQAfMFJgqp9Vb8dS34Kz4fZfKGA1SMbqun/XqC6S
9/+EpIiDL54Mw3qug01eU/ms0YoBlu8aV/9CbC2DlOdPrFCRuHTWyFClWgi2X5Mj
fg57SXgGd1KJmhWAtcNuI11l1k6TeoI/pmU/R9tNKrF349tDVHZU/4GWUfuyiorK
t6TQK0/Vf+JUySQVCUqnx+Zb+bhvWmKfKuX0CJDEOyD+kH21ar0HMNGLK9S9R3MJ
dfL9+1PmXCXsTP7TIhmnwCJSpBJpmzzq345uu3N52/3SsJYrahIUkbPLnYxTAKDD
N1k0ijGbEofDEC9RtdwnoGPfv1UG95LK22Ys3tLqApQqkByY

--a23--

A.3. Encrypted-and-signed Messages

These messages are encrypted and signed. They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies.

A.3.1. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7345 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4436 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 679 bytes
   └─╴text/plain 321 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:08:02 -0500

MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFHb+aM8bhyJ1nFFuBDyyBVQf2IplykrvvYb
mKqBk08i2gecPSOMTkW5e2oQ4+WT4rtU4E0JXfMSA2KukKc+QUA3ycVCoL5zhetX
GsEx74S5P4JMY/uAoyBlEogGNi2lvagvgOGkqHJCZAjKjPNmqyTfafyv1Y4BQRQ+
WJi7mURDIbgrc0xfcC/yt7UWxFlfUhm6n7rTvRKhe4D0EOOB8yKupUgcDzBMTw5F
P9HEy0vFij12+LNKSsOPhVp0PbPkMCVi+ERtXEgV7C7BRVVYBiprpYJxJryO9t3E
jmIupqHZMgXxlAKFpBsdlPWfI1mrMVZTBpRgy8Bds7CORgWbs0MwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAX1PxPDDlV2Wo766+MhR82lW8
pD0GWAM1ScYPggh4t5OFmSjFtyiqawhMcQhoRsAkGV387oXupYXH/lkaD7nIdZW+
pZK1/RZUU0txvlsRIpJduXcWm/Dsu0lQtQSfcg5FaslSMjBpMI41BD2KC9M5meDP
NqHnzNMFv0ZiPO6x+bTCXhds8WTi/B2DDyXGjEaN6RUFw6rKNXwbXoR0DJCMosF5
55gQuo1k040YMqYRwdsJGETr/r/JaEPwNekogAfuXBkNE3JQB7aVgePp8mIZNIIU
0nP6eXp95UwLsoA/zwbOv9XSYgQDCcQ0MWycXmmn4ysbeWi1p7P+6CLwgx/TNTCC
Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN9EoELwqIPQUHcQvENM3K+AghHQ
7MaGZ6VZ5f9fpYjTHCbQSjcBtsF3qd7/z94CkYE+Fdt4Xtm91GlDSRONaVuT9yV6
vd3hoFTCfrX1aQSzzHn3SPtIh7ySaTG70ctsXP33UjcMjzDbvyvfIl1mxsct5rSx
e+cJ4z++pLB0vQeq1JlbuqY8SkSX9FyDZegnUD+zCB3qv7YSZEwD+EjifauMcrl5
p29hRgVx522WoILf6Ty14stVYot76cyOYE5AlEUMxBg98tLLzNgvgpevmhZwNzby
B3v68cMTXh8Zm8UB6F17oxdLFIszhEMnM4v2RSWB5O7L5C4ab+zWpB58AcOeIesg
E9TvdhcJVsiQHLMtVqxXcyyzlh/T1g1YZnfI4+Q0gNTTS9kp5y2Jpl8AWiHV3lJH
ltigpNDSlfbskC4ZUKNLmwMTed03kH2leAZGK9afAC+nNwKvSlhWovXXujmTwGao
8fQPc9cKfRS3tx5dOnEY5A6ZPbAx3SkcdHpUc/Z6Z9at0NnN80ppl55sichJeP+Q
yoWX/IMhZwNksoiP1Wqa2KYGk89l3EvBOOKMH3G/IOcilg75VxjfKQ/IrB6xrhb7
wY3YCV14MtJ4T9gi0rtkXxq6YfJ6LQVXP3BWpmlf3xwxQn3HUsQNFO/dESQMikOy
PgNT/wkwX0+v0XY59maI2tF9sMFiheLeRRjPDbwaXNCX4ghzpOA0KQ1+0/upcXPd
O2sskI3b3qh+gbRhTUOxAMA5i/POQ6QOj/0jxfbN081YdiHE49jlx5MA00u/yn2V
WKlDkXE570tX5Z3upvQvLVYuc7+hfsr0oIC/A+4UKzt3G3kjmHqKvkPeP4ytu5Cw
VxRQlhl+rWISO/EzflNHsgNwE/X3eOmub8vNl/fX9ng5hMVaz38pAQyQysr2Rg2s
ZDasrLS4kWuGOtv8gXD+Lm34r31bQfl+0NoVpJFV0iHYzBcmL+refdBec9Jfm0yI
KkX1YkAovvlnYL5ZYzP8E08hNtZW+rln041yyZa12hRlORO6lBqxb9W23vTgU4O4
vIRppUbJrf6tmYQMiYXkC+Kugur1nBJtEbLQ2WurYFSkdrrZYLg6+cs/K+sGgCMI
0GokK2ntwmLWHCVU9w15i+7G0HYxZkschUQeIokU2M6KePbp36Mb0vQlVJhlqTmU
HdW6EDk+iXDNW72gZccDyPhZbhZT2g4iWHl6xA5iydhE9le80boq437OlgMIHUkS
2+cEArcITxmKpDQWxREYF74jJyz2Yf8rZY4uI6j97+LHYlds7X5HIIq37xVUKUud
sDav+1XMQygilVzgdQ6MTKH29rK+/OKJhWZYn5HDGUIa4GzskjL9Sp93xG+sRvtP
tC2bhURNdHjg7HyyH+RldvxN74NiFrNCj39TXyw5Tzs44nxsVqghdu04BYMm5uGp
9rN4c7Asn7kfjg9rmntnmnmBotKncRM4W1ybT0zZ4QoBCvl2306QKgll3Qiv4E2e
3l/POH7VEtTBeYph3JUhCjoF/DU7lQetAaH3sKDdRqvxb8pjvQKI+q3NLUhYMLdl
/HqrtNXq4ItRsfz+yYsEKlw68fPncK4OEVjxD8e1kP9iccyhEWK9sS+zZmsJmRP1
+CzHNdV/3F4V2eaa+YRiBgerv8jjqKhozquzKBnFerDrGvBnctYkBCL04sGowv3c
uxADq5pw1sBo2XIwsA6/hKtCijpkIOiPjawE+uKwDiQdGutdxOx5v/wk7McMU0qO
tjhrKGa3WqQ7w9lLO/xqNVBsGxKSDsyCZuKnpYlg3MgRK5JEq7GngLiBKRN3EErD
f74gk2ZQ5l+41eokY/3YTYhAFnDabzhxLK2vZxuc5JWOScoo/Ej7AATgKkhr1U/g
CHvGyXxqrozMu/Vks564d4QTx7SHcOzJs0pIeN79muMOwEFYBKnQJWZPxyzZ+Bx9
p97BbhQwhJ3sCJPiwMrLUJCI3d/DDPkz8IPru7rBmuYfTJv2buakTrR4hwjg8oK1
2YnhHumejoHzR9EfDQelF3hYZSzwCH64ODMsSXGCRZjps7Gu1KWvdRxAiZHHCCA8
98vBO6pjBFG+J1KVufCTecBAyFKQOToYBMiQ195wzucZjnEeFtBDlaSwTJAx8rM2
ROR5DasKHRqdV6i2LV4b/3Xq5CUqZw3Q/kZcdSQTrqtDafc5lTLS/dPdCVWr/XAh
wjBgP9alKi33QhB73CFNTM4T9HAgR4SkqqpfEQEWkcJOIE3K7pfcQbplvR2uIIdg
gExjg5vyMloBFEO2YBcBi8bzUKF+sVpIkaOyfeD/tUydll0e/eDkwMD6Mx01ssgT
POJKR7EggddGlm/BCB29IekA5Y4Ydc7GslOFhO8zC2LCm5OHfNgzCaOos6lZtpzA
II9ihCb2/P0VRO0XSJ4RoR9Srj4DJji/VlzHqqswZJQyzqJMRJT15mQHf2tOmobJ
PCHpkJVwJNjHphbKTcqfokzHh1YnOvTJ2f0svarDhV8H3q9cM+ODMDPFOARjZ/hi
ciDo60l0MciMAYzh5CoAbLQgzlHNUZIM4CCqidPVzHyn1lIifhH+yEWkXkkCO8QV
1kDFbwmBhLRPawpIxsr7QuZ0aICJBdGZ2Xwx55VAbht7SObllNYbM50QeMtpzJC7
0vKgPkoctvuqR8vO4lsIqxUc6vtHW8C8YWHhz8g9oLBPeR0o/0I4+AePScm/BICy
DrnYGfFM9C/rMU+PateE/dvsGiW6dTm+9SUFqEqwIOazGfAwE83G85ZVePQ0Q7RB
jxvZkgnSg7DZkbuy1EmSRUa5gR0wttH+4jVTYo9Zqrjw7NOvn/OLIIYDcpxQBrUE
/ntfknMq8luYOMou8YJCIOtx/wL89sYZhJu49H657dGB/A2tpGRVSb82OIei7rhu
+9quDIPXoPgBcEPh8k5eLtF23XJTfTi2sxD7WU1XwhiX0+0CfvQNFt8ptJUrPB9/
GzNzN0brNex9YUbFEAeGh6BiopGlTAeauu/VSc6J0Dl2uxLtt/sqx5riBDvgiXpu
vp+N22l3sEjyMeQ1iO3EJKhAHNpAFbMi6uEeMVCNneg9IxJj8lodiCaWKxjQafhY
i97omBTNjLQWXj3gCyIr4gK8aD9jrcixrPrUuK1yO4jdSuprINoQcDLE1T/yPd/O
OTwDZewzygLHRI/2eg0JPHtjZer/m+stDLbRxnhKGfwjTR7Redk0cX4oLPiyVI40
mRZ30OkMZ53iYRvzrsChO+L7Z3D6q5nZ2vO5yKFvfHgcmy3RZW9WyaiCF+wnLGD+
gcOtrcMs+SYc1FO1xCpCNd2obYK0icviIqH4TpAuSrW0bYCtM6hzoDdbW1OBtcal
08D6XVsUPgy4o683tf5TyqMZYqEssG6UbY+O8HElcJ4p1jzb50VxwwFrMkfntREv
Birra5k4+/Td6nOWE/Ba6lCOWVC8cBy1qp0bkKsm1IWNrbbGZmfLx9hgfLtxtCZQ
+DaWbvzEEeH6qyGy8VR/rX6kU0+rHMIyohPbk35VysC/s87OfBsuUheFCigfC7xE
v69dle3NAnXQpCE8OyIlL063AWlQBxEvEMfkutCX9LM/w2h7PI7DGu71Naj1CxTo
g/74mJrIT9lneVCKlEpkmEMCimLd5NzjUcGatCLu574LfGpsOEDRUDvIi8HBJOAP
spptpgQ8LMAjnvWilPQZcbd/0WvRzzKEp8i5k3IvtVHi/aFu9lZvnopgDJe43L30
tT3Kt9d/ZjHRswW4MT8vnCiDkBNF7TTyTC/jUq6pOuHglfc5H6QRgEjow/maBCB/
ApoGhlvCv+7J8ExVzkesaqrcTWQpHmq2szcTpnnhjgzV5W9CHGv2R0GcqQGHvkBB
Ds4wYl+OKDQhXczbqX7C9bJOjDb6hhlQhTtlO1/M5iBdW53k2OCcliV056KNLFhd
yLDvXZg7r7IuGo75lb9urObCI/w2KGDfN3P4Y8yRseJeBY9m+txWMJNyhCyNJQnn
7jLZ3es8cx/zQC/6AUQtNrjHzM+sIoSxSHXnS61Akj21zY0qyn6pZalPgVM0HIy6
I5r4BTGdIeI/kc6LoKhrfgeQnH6PwZmmddNIFQo6la3lpXuWgOZfqWOILo7L+2dR
neQ5AYaQj0QdH8z8aYrIgwwFzxFzETtnGJkE/HoN/MNGSaMD2x5b4y8ObDpvAkG5
AD8/VxZOsBJE1hTz/v7DBFY062MdYDbKHkBSOAxUPMI0ivu8yV5JzC6+x/98L+C7
NJTs6g2OIWXqgAX+NHZbFDdeIYMcExoMH8R/mz1zLibFZG8f4Buv73rdhwuRQ1/F
aKAxL58efL/ppkEvFEGrJhOKtXjQv2mEloseTc64JuG7wXql0/LW22Fiw+b9vP8z
aowf6DrVDB4CiZBvbjpyk/t8EtByn0JLq+Qp/f5FgIglB0DWteA1PVC22i0zlg/d
+aVKtOHRCsJXupP+jIjdJUekwJSZCid72SmwS6lfCinpJlVedq7OOA/SrJ9eg5Om
Etg28g9N3x3BzC4Q+gI5CMSKlfC3d2xHohxxdkwO2MJWdOXbjwPaPxgqYbngJC4E
WLCXLPTLw6XuTJ6lQJRpF3kk6REmqnRlDz8Dmm3ocpCcNLa7Vo05LkCnZfUvmZc4
jw/2JwuLcZR9yooiuHRMZj/WOFzRhPmWQWwCESCqcKYfNnXLKVsOZfWaUbNapIbA
5EOZoVpFQYZRz00Q7vdSodDtJ0REPxvybjGomJTYm8VgsICQZVTAhU8cNkRgh3KF
tqULWhLK7TzOzl2rrr1+LuSq1pb+QM0Az4ALYByeWEKno920ZaCfa/DxxMitx/Zy
RDfAtYiUzOmtWKcJnGfPzuInCHQ7QRYh2+xDh/o9k5qSeSV+lrG4MlI0sptm4lfN
W6oEJR7Y99IoIt1enqjicyLDYpJavZCgMjHznCSPffWziOB8Vy1vpbs80mTQlvN2
J2V6HqLTgDg27MO6vZoBjjSjBdW+AJcwOzzY0eMvT+hEkLqcSRXXEB40Wr/qtwFv
aLYhIToRENyvxRbQGmXWL8iT2mCs57m1sr0tvP2t7J4DWbp4CoiPY2IFLC4vZLK8
KgfPwD1d7qdZEwykzn9tzisOdx83ta0qeXc02kXsvxglglxlhO+DL6oamH2G1BBz
yVVaDnw3C72aV6BKL5XFjbW5WdqKr0/2Gh8EE6IPZIw9TlMbt2TxSTdGxXDgslBB
plIDqlQo47imspSjw1lbZm/duczPWuDpNW1f9uHRyIPcA8QaqXA+hvgeLbVpJuJG
6Y11FEYeIl+0tX251S9qhkDCvZ8MIZZ2muqYoB/Bac/CsbkoGJHgF5kglRNBMCZv
aUGnTA/PaUEDyHJY74VsJJFVv8Hbsvwi5M0AUuAIIy60lGL3VZqQRdQjInJKEXIp
szLOcHyaL8tHY0IRSP4XaSR6hiEbFJvbPUIKS4TqTr9N+mT1FeVkJXxjGJVqwcxn
GSohbJc93gt3r2sS7HAr5fhJI3xDyXIYhWmRIQatvlKh5SXsg9wSVMNFn4D1Ql49
Flb9J+ydb3ENJlVnOaKGC/hyGhULNAUTDyg+pqz3Nu5lwejgFNgz3/W/KPNnIFnM
6vJto9bEpNKATOOBLXW20ztJCjgH0DD7AvQAVTGu8208MBL8PueUDlUysqZduTay
f2aVXIcEfPFwXR8lzHtDe87Iu/RqKwPnkHy+nFRKUSVhyhQ3EgnWZpLRNzHgPxvf
C74UbBFrBARWFRty28HGPqM75jNsOIsquad+9gxleRsuPE1klsjiXlvDTltrEYE/
EF56h9hdn88C7SEO4KFMbI/6ae62JQdpO7CPgq+5YGHMVUZeQHJZkfLAQUVTCRQt
cZH86BtnMyKPZeovEd0guyX0kv27gswviZXf1h0ey5voAGw0EH9j6+z5SN0sPhry
AzwG8mH27qDlrrGCn1gX5fOS39+xtuuseqAW+iQgDk9IGrqAstMQYRW1kRYXKQlg
y/1c1Q5/M6kyq5M2iI9ggd7hrqTcEh9Xy1dRBPdCljXyWZo2eTnp0n9whXZbMtLu
lIZc102dTwLWWXM7uLK3xDQS653AQKc8C46DW3GslHl5+jW00C5orPHh5xeLX9UO

A.3.2. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7305 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4406 bytes
  ⇩ (unwraps to)
  └─╴text/plain 333 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500

MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEqWQtP9NMp0lborDI5F55uEoZxerbw2f8G8
04jr822TF4ehQnzqtlSmtb3q7XZZGz3OVYv0JOO2DWrWWbSzaaWHXwJ8HdM0vxiO
87SvZMWXXzwrZSyrabmCte7HhJOo0FYqMphkC8UoGtIE+J5Z1XpZqjpiicTDHZPD
qKPIXCE026LS1ujO/1l/ON5cBrdMRlzEE/tnl2vA3e95pUEM2ILObukZPPKLiTfr
ejLM2/oQUklYmh54leeC3dQA0xIf0Wktzrp4qt/qJPPKI/RCw/JL0Saf2x005pET
PBRhxQdPEyjKfBRIOm/FMa+LkAqzjHlJI6MbYs7a+zAZvqH/tXkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABaLUv4/qgPpg9LQVoTctoa3J
8+wK32xlFwCr3LzD4A+3AZGAzqgJ6roO/cyDbz6swNjZQb6IvsHrxn2hCLyGS7JZ
pxaqvNh0MTZ7ppvAAMY/cbtim6oo+aR+YBFMuUejNy2Lf4g9Qugs7C86BqwT/DDR
8012vrQcTRVqxxgtaJtTSHXPZVQeoTL9QvyvBR69XJ4fNvap1F5CVPlGONwVWgYd
7u1FQCViH1ASwcJ2VMYTAp2vWgrghn6taCB5NuzPH6TLqXM33bzaEZ9+7ya0kOyC
h6PtoTm+Sk504F3qTf3EZ9l+pZw9dYKmHXnJSXzhInzob22BUwmi8rmAhyz7YDCC
Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECnEpHap3uuwIy1DMX4JXriAghGw
Y9Dgh6eaEPJSGb2YLpt5P4NZqy1iFQN5A5F/ejZ+0XBWbhPihaoCRKaixUL0XFx0
f1THjHHFDNcuiZ2dxbGtWtuCZkxt44ycJ2GOJpCNcWVnO0aJckEyiPxhjn4yu16d
pqbT2G4Pt6DEW8teMJFNpaM7AcGbp04KTf02zIy1PQRjQRafhFO8+7Jkm8ndRPUP
bNfOdLq+oIErDaMDlr84VyUEaSjJzIS5xh7+Igilk1O9cGQViTaOEtDhhL19sWrn
Tdmrit+/jso6IPZKIlkaA8U1sZ4B3gWEjyxOphDKmtzOY5P5hQNcbXquk6CQT+N0
2XB5h9OdYPQc5hSUY3PxG0WwUovzQGAQLH/LwCm57sjfSNdTYJO4NijQB5kIzmSI
8KLqLquMser7JzSyhGaatw3zC9rZl52FUohJQk3OSIzeMhJoXrQ1lyWEQOSfdCFo
+iaV7OjHoEYQtmmcamzZwOi18JN4FyufRh7DyCBi4RoDx7OwWgKr601VrhcPZNwV
r+8Ysuqprpb1YEPlE1cqL0ZxVX5z21UQ133U08p4CV9fW0TuuNnMFRARnfnwoXFS
ORqrSR45G/274tG2/j3R94EdomMSJ8/Zx/qf7fou+EkdhfVNB/6ANb2jAm37bUeg
I89QvN/BTVcXwhMDsYV6OqPMaHwD3B/O7yF8HjyRiVh78bUX9rU1pIgXSrmnnuyB
1noOrWKpacjxQenLebNa8CZVG4ZpQRa3f/NXOcS17auNb/qoT/xtgcTaWb6jF5M/
D3ulDiILH/jCyDaglL7ItSzTKu2BCH9tNXy2DVV0FSMTyfOLrYaZpYGLULvoly+u
yBqTQram5ZxmWjGhM80snWlmaB4kQ1FBWoW++rnEbQ9JEL+n6UxTJHBbR6bNuY7u
5jjYih1tEKM7Y6cQbWn/PykRIjP76mukR/PI84WHQGP+n6K8QjCP32Ij5v0BdXCN
KftDYROYNGK168oej0ozUpPnz5LJw3vbDEFzMVVCjEY2qOD7EdTFAYojNwL4IuGW
W43/PKeEi7smTQWxGWrbIFxPwuuNKyMOHLGiKXqSJSzj531jTiGasWVpHibEKlUS
IWOXef/7Q/PZvCa8vxmVGowSQ7gWQTVEohKi0MV7lYuxDTWRacPetjFzkwOZoTHF
5gFV+/CY2W5VXVSKIR5mr/jjQtBu+7LOAep2MGq1u1LZJgXDaOkPR5Rz6orfCz70
M7oE85uq430h6goP4YKeCU1sxSE9YXRqICN83AhY7JCzrP4bKVnKdia56XEmxMKR
LQ29Z2zSakaIPKbSmxMuIqknlOV29PGG1KztSDonWIFVVLJb6Qne8altI7zTxml1
IMi5zxcto96g35HGN1V0h9zJKA8xOf6q18yhfJnWQ0ONkMpfHrHPTOXaU1r4hzm3
mPEnuG94PWMw6EKi485rsY0tZgE/PZr1slDsxmAO6r06mqwc5NfNZoHwNl6WFWZ6
1uRmctWEMW7gHeqly4TfXH4QiRMXAuzDdrYnVjWGqNlk3zEY/v/ppxI/woU4wBmw
pxwr3LTvna/8jpkt060hM8ZUkAs9zYbtQBGLqrSy1prf+nplrXDQhkIgbV3Lpx2H
hdMljzMyvPJse5AyQ42L9w5SZa0vIA9t7Rn+i9LKxjpdMsY+zW7tgqMhRTd6U9pY
kfRsOnDJJuv1ypSBwbaEfZgiNtUkFwuzQRrfKLqjJeKCXw5cpad+f4xPPPc52UM5
RnJMTFe6UFlNmodzkyLr6pltMRmnLxs12uTXHR/9z8Ni/+mUWg8G/9aTwujB1JOl
6Le8TE96yPlWqF//qSz8WJVWgTrfPGpQkwpzBWaV251LvgKzETe16/EY8zo/G3nN
ahlOW1aeBxbKm2VwtGwZM84bYWaH0cLPAQAvkFhv5zk+5pgC98rwifhhXTefYA2P
0D950lUaTQTWkjrw6t2kzg6mQ7TF0Ee1i5EW+SxVKbd266MQgSZNhzXsFTgs8XA/
aNmXLx2DjpbQIjI5AzvE5YWeN+d5lHDee4Z54sDp6GsqpYj136AHZIE6I1jxxi8U
p7J7Bkc1zs/4FdY9cGfHTlhV7ugtaENq3w5whavoMgaQZIj0qi/PyLBSFrScCK15
3kfdaRRwdg4E43PqQDRW0e49oKWX6VxGzqVlsOhzo4Hq8GvMhvSjC9gJQK1hIeDY
otBZIhEmOZQBq4rlJ6nVaWEPJkfebn8GB2xkogf3j+o16u4rv+djux87+QJ1h+cZ
vOIk/12eJaW3cxzBa/ckfph6TAPM1wEkcdxpLtF+dbNc7WHXK6NV8P5zPBTq58mC
iCpwhMnRUKY78wOdsAK5/oXl1bya5fFBSrVf7lPPyADaw09puu5di9cJUyOGEcH9
dWWI29MnuhJ/+GPGLrT+X36CDc4UMuYHNqGI0Eqk6XuEUgZDwbsmpYUt0J2zBvu+
Rb4xAIb1a94wXzsAQ/4aVKaUSd6ofjycbzcc6aU1vyQtqAOZPFP7S9z3dyN1LCA0
Uiat5crCQbVhJQNVMabkFBOWIF5kGIIERqmupnlukf8OFS+XGw8t24PPq4os2MnP
xtdZMOlmE1wvFlcD2/thU8hfXUfYnT2qmObikJpXQE0e7BAsAnYQj6u05eboEhfH
1bx1ZsZX+8bb504ah7QLfuqwAg9WTzdWooCpiCuYlAS/I7Ey2JW1tna3BZMCYMJi
SOD4yZG62wfP4QZFvv4WWKyg+NYdPj4XkHse7Yd7qTI5mxCr7bjtccBZi80JU19G
w+OvdypURyiYXylUYolj55nFnEUX+IP3/pToBWpL7yRizP/Q98xEUjoOS1QV9rz8
ppg7XjBYZrns2JERC2L2xQUUfBgTtd28lNgCt02PwnF8F+KrS2w+kiJZI9CvN3ie
No/ufb4uOFLlJU+YWC2c1kBb+5bxF1uVN2jhIfZRNXzbGVVifpTsIaz/qddsFtnI
8Y6yhImBpFCrdzt9GjsZjdNRFwTy60fJrXdkzwQgTwR8k4b8OF7AWYPxqgLHRhRv
v2P26GOG2d7+BhGyZcaiz2y/eleV1eG/rgfqYHi+a3IDAa3Iq0hDg9IQ4x6/qh5L
viDAM70hN8kqGkg8//BaXvgETIIMyupmvi7nWpBVKozs/jGI90UCOSf8uJDDcbnP
XOnV47XI0XufAeIdxKa30hxw7b9UTqE6DAe0Vzc3qtWLscadPIxjHOoko+PGoUOe
A7w0vNwutU8beBDHkhz84Ni9hmSWOy9A+7J3XFMm7QxJJTmKoRe5bySvCy38god5
12WxVrlxuftoGPf8QYtLc5F7B+gx5i8Pv8eI/JJLMnGBdci9OUYkIe6IAw0zMxjz
0wPzIITHL8l5ejE6cc+Gy+SwVosoa0RC43n0AzP4BWu4wRmJungQTSzMUM+6xb2k
ku3XkjwdQLVY7qX7M7AbDr/7eK7ojWnixTyNY75zqObQaoyhgKJlD+6iwadbMVq8
SYpSY2EUnFSVM3+NeGVF/ANLoGcBHzYiokQy1HQZlTpB/2nYA3kBfL9mZoUxN0fi
Ca8uDcGvB0MsHne8wvOMv9A4GCYYHSQxZ+SMtylTMtZ6qENDdRSz7JFC6jbaho3U
KM5+8iyAbXOh3PnMNURtJ+9+nFHI+7Uiudkoel/ymgOZgJhrKkbSd6X9i0f2da/F
SeLx1jFtLx8GDkwZfI+8N/JOTsH0/0tI5gW4UUvWoRtF3XUMU6ZFPnkCK8GLUCqs
eCgzZdnCV0tYxvZNtQhZe9prONcE1bbRGCJ/OeZRNKKH2CrjdLG811wFC47KfrMD
xRTM9wFxVsFDyr6VyhxojPuEz2OjmxnStXyd3nofcVVr8kI9VxIqPbRTLvlzevRC
CMdeZPGMgvEPLXCWAkFTuqpTYwWBx+aHDGj8EPWoVKp/4DRwjwYMEyiErQjz+a6c
0Kg5lovwNc0x3w5qx+7aU5hA8JF8YGj0+Oj4HdNeFs0n5uAqSXI4IkaiMcik3F5I
pJRwI5VHLfm/UoeazisJ3IDq3TKAYpeh7lSJ6xotJkZnqlMBFzMA1vu/WMN8Ymye
1GUEFPLgoRiukUOrfqDC1pfgYKXtvRsJRIFMPiaT/6kGDMA6OOVRjNOBO44OxuJJ
N2o71Q7+J6/Rig2Gck7bEVmmaZdj/lgrD7H2Hs/aUhFS5vQzdCnTiXBdcfUIyHM3
AsrOlzmwPgBup6FH4GW6oL64cFGmuSsCzkCwdXJKNt9AMq5h3efJVWhnRnldAYKo
bgkLdL4u2ls9R802FQHqC9WahhGh7EF/fnVGE+yJkFI13jJUC7ZSU4W+QTLYR41e
ucYxmO+DmK9UDLOXyExJaSqohfaCba4nz+Dw2BFRSgV3JG3RcbsLsfcerXwQdyxl
R/u5ZRt3SThNNz/UIgkTZXTYMWZezQbHv6REvER0rwlDtMXpg0/rcPcH6iGSKEi4
Wn365bCmBTYHd6mCOh8p2YycZoQBgqGAxfSxz5q9OXJGIikrou7UfnSKTHqhubXz
PVmNwGbxuR5FrEYkR6sHQwpF4Hr9pbiqq4OZFXr0NvdC0fB7LL63x9XWV+TFXnPE
j9ycJeqxVQgB6fQ83nNfwb7WKCe4waoEARcZ2CNY14V3pePfZttMYwQDtHR7Ssko
VpjhgDqoQpMP3sdNFR7u7DqmwLkkhwArU1J0LynI72G2IutRxnOx4hWxiNizYntB
d9bjlUpcOt7UYf6mDnadqFg6gQa69YiYuRR5JChc1P6LUSVTyNNMkCznkoPVOWGm
VQvaEPkWWZI2/YSmZqtBsuE2G2ggK6q0nRXCO1GxjeNuoJkgaedceHrGFtnyfQBQ
gHG1j7L1HV840nwdJNS3nMhxceof7nQVsOyllcdHv7Flui5ZSxPzAJb6turW8ssy
xU8838uMVgqwnwVzj1Hz9mGguIeGX4rATS1tlvVR93GAebDWcEBiGg2hdJLfrvUF
Gru8B/HMtDc+HFwyDICgwVMrjixqb4QlOMZV8X8B2NdFG66U4KMG2KCmUeVU8ExX
sCMrf0/JEVC8uXZWUNXby7H1u4rMH257aYkhhXwh/obKUx9DDqkWxW8QFjNeCQYq
+ACwiXXJlWOPg8CSXw5HQHdTLJHDtUXQ6qGuJMJCB5VCDcnO4SRv93e7wxnqYqpM
vQeKYt1gEx2SBn79jgkoZUCJ+GKqqdA2X0lWs+n/yl39OSyckWHgEvHv+MzLjx5T
pAG7lMwClyA5Tg1xiuYhliensL03XmszIm9qLTRD7tQ05RwC+fzpmBa6sU4eyQUe
ZnLupGijRq4IbhFWng18sDrS2dyVnib3tS3E8dnn9jTBDXxDnQrfgq1GNcK+W7R0
n4c3EfHXenwQ1mkxdp5gefawftI8pa7VU9oVPdNHG2DbGtNfyrdcvKBjNV8k5Eq7
f2ScfXVavYXbDN0kFohBQZJCQNMEdrJRq6G1OoBmCu1joXpo48LWj/Wf4EM339nm
A0umfbUWwMMUHOtHDCdFwMUQ/pviN4J0u67f32f8WnK7FJGLqcKQSBmT710lp0wg
B1A2gBGUp3/OtsLsc5RZMSUyXYuqZ+qXjKkhEj8ApsB4sO8mEkho0KJRDqW0uu5o
yij7OfBY9kxe056y0xWee2Fw4O0SRscjAcuGkkiCZi8Beb9JriE5ddE9Hw9W5/Ai
Xyxn3C7Mv4ozpFzvKgw/bukNYIKdDZ2nWeqpnRoSyAbuHJ0FFdayEvx/XSSPdq/t
g3V1bNrMbZMYr/QJkQqCvncusXK5OpFeOF/2jj+EnJrbubrOmTR+GzKAN88Qq67n
nMRrQVCOZ+3Wiq1ykBY7nrVLfHW/AF8BDW+xqr6uNIO5u084yZRpStkE611JMZVY
MvTtm+Yb5trb/qUuzJbpgSRT40mlHynstp+vEEcM6ujVFSUEITFCQuaPKmZl/qHd
M+AqbdMRu6MLGBR1TX5rTVd6kIj2qDTmPbnV/6PK59T8Nv6Aekokdc5CtYgc4oKh
ftDRa60EjpLGiJgCQzT7khzTrHZMN9YxdtrTDBr4fHitqlr5RjU+Aymx+NL0CXmX
V+LiVvvQxHGpGiZEaV7onQ==

A.3.3. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7865 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4810 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 923 bytes
   ├─╴text/plain 51 bytes
   └─╴text/plain 370 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500

MIIWrAYJKoZIhvcNAQcDoIIWnTCCFpkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEa22w/F1c0bIG8WvzjmjX22NFNUPhwFe1V/
qCroT/wns59jF5f1JcoqaBlFwKcb681of5DTO8vnSkWPKWrnokNw+n7WDxPDCt97
mpdL2yESFnqJNtOPRi8A+wIqaWL3tbMTcVmkNv2Z+x2gkdjvtXpkv1uGrnVdJ3+I
6GqCibr/IXM0bqpOLOpDAu3oGz7E7phULsVNqf5pKBgFBO2rz5LoifSfzVXb6NzA
3G2W2+ohE5tR1tEWif7EAVI/szW1nIHh3bjwvMIcL+LPVR4ktMZQMI7108AUb+95
HJAZQcl6eiyePfhy+Sep7ADdPufBa1sZE28NA6LF8OCrkRx1xVswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAcikf/KvXtwpXJ3UkcmT89anq
Gwo/y0iMoldTtl2ZC1RIivydxs2bZY9f4+aGk8eHlvqo/WKedsln6X6h/VuysHg8
LysyubrBhH7iTE636Jh67I+juBDcX8B7H/qc/lYsBp1ryJ5UGSMp0lctF5OSQsy7
2MJZkYHuA5EbDAHsUVmbTfK5ms3rkomKkDPeg55OV+aYXZb5KROw/mNzeK2tgvYk
ec5AGboecFaiedYYXootzo4XkbplhYLf0Pw2GnUhBvNLdzYEbKdB390EQjZI7liG
5sAbkYcjfQBfCwSrPHlGV+AwgldpHtIRrgYlxywI72HekKN/BIj/2AyxOcKmKTCC
E34GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEB/2upKq23GgsDZUcUo9+5GAghNQ
iuAya0TZqTCj2e/BIPKVzRT2h+7eY7OHIsBha+U8Xns2rMqCPtYEwYfyJAmX0nFK
tkaXj5MDdhXtSBATyz+QMVzEC/m/0+D5U7ssdE9dK1ZfxwW8DpYlzQvNfujGPuXZ
XP4m2Fwfy4If9itpq3cZubfD9n43HLDcIxiceNYf6Gp0ITvKGPW0z+AThblA0gdS
aGlRpRokqqYhwNqPS17KqCzSuZz3DfdaOis5d4SDq5l/BC7vSNLb3k10ERgZ5+dJ
+EaNyDlOuFqL+qm5xnkJzgw5iNJ7Gp9XwjTLbXNwmx7U/1n1X7PufBQPiKsVhTLa
W98kvrWzckKeHOveCjvjIsHvgtoKBO5l/PL1WINKcDTDH9iFO52FiGLdLtVimTLl
LqY7ysLEV1N7k7FpVR6RYYdKk6G9xEG3r9bIMlwGQAn4wLk70qFC2BmNGekpzG9/
muiOdB2XIaweUvNrYGB+jy4oqVYl7Re7+TY+De63ZCBx4odw8tDKgExKWoVHHYWP
eBxk1vZd/EZjwAkbHI4NMPajKJ+rdT1axfyvRxVfzINsJixkvp1A314fBbNtkub8
k9kR+oq6R0SxlMOgp9PzKNqkWMkmJyvOORb70BcagZh/Vii+ySQEtRIdoNUZUT+2
d+TYlunEGiNp3Ny+JvL7n5nSHE0WskzzQrGWV0mZX1pi5lXeaZPXorBt0JPk6H8A
bzm8480Ioo4QOAohfJsuztHmWlIcBX9KX/fBDzBYux0SGbbsTD3TWK/+ITUZASkG
gxxt6XJ98uJ/Fji86TMkiE5EZpAcsFQucELhe/IrdTT2sOc3C61c5i7VsGkiCpRS
URpHL0HcyOmvdLQIKPlpTxEku2W8mBoiRWXWs9tFOcmKatS97ZCj8SbHA8ptq1VL
0P5Wjuno8PghvVeAafPpq7CI06+EaWu0NETzfywAYhPIs6zfcnct8Zk7nVEHiDZX
cEBrILiR3pZdigh48YySLofFjYpj1vqb8GuRsVTIhQeyP2K42y4kUHkD7Nteg1Wk
FpA7Z3bSYwAJp/FGu8+Cc7ItaiMwNstOf+ajrbNkI2+tPJoVuXJmR5wLaXyMFC6F
PjFkUsJKpB6ZcEFYkJ16WxWYtysYn2FIcQOJXLCQeAn7lPw+awous3Gmfo0wjGo3
lXjZFKJxTSKsEpMyFPfCHSv6BCwMDfg1/29IjzvhmhGAijs8RHHWm0YexfTf724I
eBYvn0IpPxfpvlTf+/9gVU6Gp2hJ6u3zkbH/2d/30m2/F9DhDcT5IxIx/9B2r6o7
Qi0ln9Tx/vCawSIBYE07PCijretGbjthGQzOzXlEG24ARa35tCO4pgPfkD35VSd0
xHV2bewdZDFKTCpTatl0KhSgBwLeAixU7jBVrZR8VnJByjxWBgFLEDE8KzEddKn4
Nomaa1oifV+yVBwzzG2C1vZjH4O9paMGCfX3z8TWU90+tOhMmkpwyQriTLjKfIwN
cIEl2yii4eqWWrrU6gg9POEP04OhmgCsEn48SPlMxnQ6n6g2r0V+wCcow2rPqvjC
Jsz6VOnLZ1gloZwrJo3Vm9UBmNqiB/PHH/dDjTTRYf+FJFZ2A02Gdc57PQ6MWGYG
plbzAKYunqcYkVe20/qEV7E6nDaWBK9CkeT1tDB4PVq7MdrzmpgV+Ww7BZ5GVvnH
KTH+gxoGRd3osBXGiDXSJh1gLjCJeRKyK0L9h281No1WtoF0kEucHubBg8tei6BX
P4gYgchmcZ/vE3K4adRSm2bnudFRE9jM5tU2ttwxmsp2t+trVIc16MTq193JHYZT
SzIaxa7oshTxNVJamKzyeabTgeDnB0VQhPrFPxwCxssCs5NQpyWBP7ho+iaqMf58
tKgV2OegfK/6N33l45npAb2hmA9e4pGuPtbw41/Vvl9q5wdA5M1R2tdMN9PYHLZ9
HinWeDjg9ibHoQejI2Ji3pbtfqhhBVlVDLGOtJ+4Lc6PoFuZcrR2RWGQxtHOOSdb
R7zenb+kXANT9Ax0IRPr7MlJAt8etw1yswd/YUws4ifmrfGZSOp+tm9inXWCLzR3
4bxdlmsUL3AKRqsWQd8xi463Ye69G0W7auEaCl/GR0RnOk5L/FcxcGXAyPdcvn3q
+mYNGErvcyJIDHAiPbrTvLSrrO61Uy+qU5rv8r6D7JtxUubJujNrs29WmVN44hUL
SNcf1d/nLuJH6xXFOK+JheMjbb1wQe8fGh79sLoSqp+HNlHnBH+AQ68o4YgomUzq
0bDNjU3aYg8hQZV2vwpM+hWAUPqU3NMJGpR3k+Nji32R+0RhvdLWeqN1kfnQoT1R
4aJub4sThKfLuYV44UGr5lbfaZHyNDgjjTCD80AM41L5m/EZSQs91fjzumpIYwBl
QypmLkoUGiLOyBVP0wdpwmjA3IzbiWMbOmDKHXHsUyMCbxLGs0SYGS2rriwtcqCq
5sJJbn1l0PizytS8i/BrJII9Nsab1GtX2J35+njd32FsdtL53FN6cPIL0KcTjElG
4WOg//34Jl+MGbgVPjTurXXGOVZvsdZN4EHy+4rnfd4fMKRYT4HQ27gYMBXHIDHn
rm8HIuDZ+jYC8AKin3dxJcJhHlitKYTgCeEbzy/svlbhkA96MQaBjiSpVYrELIQ7
a7hZ5ud9S2Av0hwgcOiMRonpYCGtCdkCCyHa704w5hVxZiHelf5jThQtfTK86oJf
3HiCAcd3iUpLlNtxBTZ6fbF1yTymjcjO1iGL1wJGFanWRg2ZV3AI5mY3hMq7AtxH
Y/Bj90EF0sz1Gs4SSLlfYt9lblYjs7c7uSSv06GWIE9UbD8z7HW5FU5tK+HBjBdw
LPM8brWaTrwL3XzRy/w9ZXdZEPh70HUIMeTC+Oi71hgemjjQYZUDhvXoYVwaIU3v
CyZ5FajozqxAHng3E8i3dLOYjNygTlqQYsw9joGA1BA2EpQYgEUjSqhd47gXXtdo
qHRVrHIl9Iz6LAzkdSZrMwb1IJ6kBCI+aP9p9zygcLC9qTWUI6bye0/ICzGIPOgP
yQPZFiR0aOo6akIeDznSedHDhR0YN3RE/QMTVDk3v7vBtgyM/z9zDID7bScE/SJj
KjV5V6BDgnnavicg9wsxeqV9V/3cql39JugZR/ABxhy3E1fqLIc/G1ZYruGH1Oej
csJrtIOhX2Gq27Cq74oezEg5D6wEf4YNs/GNwBPo8ptu/hOIHEHwyKzX1GAQWgnm
Ip1+AtGXuZlOsWo+ZsrYjfgoL3ziKIszdBpUJTcH51Qlj7GoSjzyppyIRZZxqXBt
dl0cVI56eZD+nJuT2oFJN3Rgdv7VHOAOtG8kl5iwwsvT4uO7hA2pcAAV55OutMPm
vf78urtFFzenepJ2dgShgZB8K+FkWDNJ4dyYpajAhnnqkgvZbzDVd+Jc36UtZhnW
k90OpLrjc9nFTQkyr0ygZPnas8aKs53lM2TSQnRMHBkvoyswglOyBP0eJpptBiqa
mJDH5qK2ivjt+J77g+QkzolY0K6MwSELc0QwSGiK8z6XEktHYxd+O2Xda5j+mvAc
Rlcmgsk6HD56X2Ev5m39bMmAzCwXxH58xa4pB+0SAPf2IMD4iyXkOH9TMwA/yu0X
8usDaDjHPW0S7mjrrA5hvv/NPJHTmahlOPG9ddaEAXqr3JSCyr4/BfdLX1dDq0U+
m+unOyia9PPOSk+jNGUgp6Z4kT0cdh0d/Z4PiQmPiH9U9H2UTALqBw4NhZfCKlgo
2UMAhxv1bB/2ovqz1cczDOgCiNO3i49J7y3kTl7b6igRJo+/J6jJPPQXYs/K2h1x
MZamB266yvpzEQ5XmQVZ/WD0e8UP8PyWmALyhGObnucvDMBH76ENnpoiKG32qdGy
aiFbGDagENFNLURcZvcT/ov712ubwbfNK1U346ly4npNqJSCAWiw7X9wFJjnL175
aN0xf6Lif+eYOY+3v/p+TKT7X4dWLqrT0+G8uS8CWg9m5PRHCh6AWH6Rko6cJcpj
0Fiv9sxu+FSXCa+4N1p8MGEzy368JojdVB5RSE6+i4DFy9juKnH8xlTaJKTw6JDj
wi54YOxYpqJT4KLYy6ubzr0ka7TPU1LNdyvxoSDKGS549d56E/jP9jBNBKB5MMLI
nE57fAvuIoEZsSy/ndjmyC/BWfDDMXFZ0Y/w1n8OSph5sudLk4RCCsq+PeFMis7P
jZwliinGCoE67migyD2BygrIrj4p1GCfROgcgxqez5IXlxvl5xQtlQ/Cohq/HrZW
bg/HoXzJbbiZfy0dxv9rg/5t5WrzCtIq7TEvgyk9jPUd48vPBU38YXBPF0jxIAxd
WUlNZMELTHqGyrvaZFSRnh9Z9bCw6V3i2kRkSEfICZPygt+6ocmIDXmA0uv22I3I
uZJc7ykY7HlgfzrvgENSKN3bdLKfLH740tiBGfvxD/jyk0iBtY2j4lLmnaKeyZwP
CcZPmoh6iKc8zruDs7LA7v/zOuzD8Y3snjkmuh+kLGtdpP09IkYYdmdoYpPVkcb3
4Ndz5BjJ5FpRuRe69hBlZV73KZGaR6cHOPzfoKfHJo7dF8QNoK/RSP+DWaAV9bLu
6ZRKzgVVAR2QMD+3L3zOa1o8SIiSFKlUwR9B0oILEj5ue5bUes9zgIRmPn3ORBt5
SxegQO9L65uvcg6vnInvUe7BxIBqqxSZFyjCHFgU8qOrVB8+wB9thdTNXSfh9Qak
ZVtF3Aw14GdvQJaVCNu7jSDuUP6FykZjqLPSYQQqGJcBzAvaZOp6k5Evjnf/Mnk/
gPwfCeJdAXyJcxSbFYelbx7V7Xk/09OkHWN+L5pqCQ9BAMk3FXWiv0K7wme0iYS3
krs55liUz2ZSTlWVDdVxukBGoImY8A5i4+8SaOvVuITfvYhThfYS8ZiIKqgySeKe
VHQl9cfF5gzko8GFJPJB5zVwX1uUnjGerB8Y93OAaWE9/UE43C8QG5kSb7mLSWwT
OP0/NbLQWwax7L8jPzn4480ntX4AeOK834Dfx4a7blA9/fKtighNZQlAZ3ec0RpP
i0MiwFsZfqCYjDGHYhXGot9Ak2BwiN7Qpk4VHhICtr1nH6kJOhUbJaFSTHdRW29t
10E87vda3aDYjtl2Jabl8HqQSZCsJGUskc+4mVq42BQGzuFHxMiHI4DLvFyMpXnx
l48QAUnwDW5jtQblPSA8uBG+uKTIHOK/JKmHtPGIFeGMi1h8kEIbGEkfE/Pose2v
u31RQmBs4BspSiMROnGMiLH/aDWgSsBgT+dvsWrtXaVHISgMVERqfYgy4WmyIJyV
UQ04MxOoGjVr5cO8JH6IdT0TvHpagP/lVlb6Acc9BXSHa2eLAL/VEtm74A2tt8Aq
AYZ2jHlTtREgeU2PLfffLAZk6PDZwkNi6ltHb7XQNBnyupbfLiWpMFZCemVd0SG9
MxP6COt4ZQ4d/Khd3ZlVpDClsHX5oLy438m/4pjHEEVUrq8IwR2iE2N4oVqP8BuB
yj6jswjjEu1uxahEYUqagASBAZU/uoue4B/hPrMgx3vVLs18UYPSIvJ2cawRFtEo
PgFoTvS5uMDlOTcCvcW6pRksNQbOvkwgFa2DnpxAOKWY4o+6zhWcAzzE4o58m+hm
54sURdkwq9hoDKwv61Yw/OlI1DMSfoZyccoQ1r54PE0+rDcru4IPrPVsK65TMBHM
utS8DatppiLRuuryLd6YtRNihlELM6V64vPlbZi/i7allO04RQvHjy/vgZTHrCKF
lHZLaOAmoyGTPVAugiOVsLGc6SE/7P71Qxfmfw4nEAEkD5bDTLNXKrgSXN+26An9
pjAg/Kv7VzqkNvPeu41Y8dLEOA4LzUx00W4TtoJaGyOFY9jrOISPkYi7v9c7Onih
Qay38UcMyaHNrJ3ln45GrH4d6SyY3MFF9pCzYzhrYgMrrJoF12VGRL0CVfWEL7Co
lWmMQ5sg5vYAVEZmdZA/BjApb5/yByVwYdVEcO4YlyZ4IKXutyPDsOtHn2f1YM6M
eC0mZq3Wlwac4h8oGh+bb5uyDtRxux20x/mFBO3clrt2Xlxg3Kz+30dz0rwBcJNg
gb0McWbNuvqkrqbtcjrSsgiYSyc3+8jXBZTF+Gzb0lcQocDCH6c5EVhgkvJ0ZK1q
xotnpJ5KkmutQcEaxWyzl5CZZJvUatasOH+Hq4742stnIjtgec5S7Zz6YyzWL/uA
PbskoDQW1FBEgzMBwREQ4M+UjPKSsO8CAIVSreGTeSYYS9JAmfe5iGSTx7HkFRft
cP5KgEr1sm47epBnV7C9qAf6XVUWPpQMR0mbkn+1b+BYNE84NG3CCEDRl3JTs5fA
7yLCnNJ13+jmqjtyCtcbYfGVFiZ3xnPMTB2fbO16oTShsTx6jDr7bC+a959XBxWn
WSwc47R27JurX3+t7BkP0IYiED6yydVbQ0Q41E0p3o2Kec9VXh0fjIEuC6Ttctgk
JyAEwUylj/APoa//GN4qqHQFXIMALaxfwj/1IvyqXWEE5E6WCIhUdV3GFkMhztul
d/X6IOqUgQyas/1WakdhSpRiHZC6MXI5WUA1Fj7DqwlckxWDar3Poy9VsvtmP47w
zh5cgHDbi1Kz65mGK0AjVH1D9UYbOgkW6nAU8yO5Bm0AhS8bDceC6GaQzhhS6a5m

A.3.4. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7345 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4432 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 675 bytes
   └─╴text/plain 319 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:11:02 -0500

MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHMG7sjRDCJDMqgvQrFh4sk9MkaJJY7q6B3r
hY87n3jM6UYk/ZaBi9uzcB1pDAF0hJkFLmo+PRUbFLUrmeYfQI6OuvVElpwIDWMp
cMtfzlXgKAO6fh/On6aoVhpfv9EmaG1rCU5ezDPPbaXW8caNi2/yvL0ustpqKOTj
cOLgMK45tPcHeIaSD+8A4P0uf/GLzEFhDPdJrt3mVq76UbAoIGasA/sDhhg0xygq
ZH3IPQoYShFEUmsK+RC9Sc9dmXtVYPByCEsPdhTieJyjW695dde8xl7ZeWS+JZai
QK8pXZUdRL8El82+001HTXZYybfF05sFmJHQZ3LlftF2Dqs800cwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALvjSc3y8/+aA+Mk2+8tupO51
fsr8cR8BV0+aR/CYDXaeAFg6CPk12PnLcpFRZDdqitxfe7SpMgk0oT3IsBxvuOsr
0QckRlRLOwlv43Y9jJFMc7VInrB7bJ/cPHHgB07tPtB69/Qf252gsUs3UbWko8JU
JXBkymfUAe5+x8/gGQYNJdvNC+v9cmnwTORFF/IJ/WcGsyHPhxguR+JZqIJkSI8T
xjawV40qcahz5G/O3vLI8kxW96lSSmVE9WIuPafsMbP1KZN/6i1gaUOPFcsH1jln
fdnk3fToayCGwOAQvh/UYvlGTA06Rtnmz44YLZiGbVLFLGlvcXFfwL1JLdl25DCC
Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJo6kOdMHnCo9aCxhG8k8qSAghHQ
oifxeGRuuDaxdcCkEyNhsAq0P92jEteuI38u48FqaDfBniUs9wmW/EiEaTmXWvdB
f7df3XeOK8yGqyR4pcXSYSK8iGfLezceiIwABbXRS8eLcNT9NPc5MPopD/h4q1Vq
+L1iuvm8P0OIh561cmKglrAmTebH1bnyjYLw6GH82/dscgRu4mihqvJTYQC3uaLY
H0dJnqyYV124/K0QyAPKCm3gR9gniHVlejlQKIVwOT649mTdZ6FVeMk9eaLQtKf3
mkx0trUzXduJnBj4cASKSovC8yySEuGwWu4kROF1g650ledfeU4SC9lwPwzvHPD/
lk4R/gUA0UAolIj7GaNDZ4CqpZqDYOG2wJvCQjfK7MU9TgoPsSRXhlmZPCam4ecK
gdybUd0A4UTQ9OlZiCrS0pDyKQyatn0u04SfKU/b97P9VwNageENErZTERoUx1T8
Vq9yBTKZIWoQe/2wsVvVJaR2+SXunrla9HDwpHqDtZHhR6i9TtnpO8KMOCWLZbb+
lVrxswrexUtGPCJRl62TBchhyO1dIyz8eWMiUvHhLUkFnSUGh81MdQKItc0qJ9g3
iu3tSd05AEHxNf+2hKrrTZzWCClatSvyfRbW6/OmlIzh9+JUyJLcCywJbxQUuWRA
5pc3bHrd6/Ff1dqgw1dbH9x0Q/r0lbKrWK98B+7/KIAfvy/XTW3NAJNdlzpzyhl4
Ko4ujuBiRJz0xRKIPSMOH4w76YejowDi4O5Ea/F44hlTop5N/lYNVkPIVnGYrEHD
7s05/cjQTX+A98PpoFVKHxphV+jRiwDz7uUYlW6ClyrC7/H7VkzdtPk07EyY+zXs
uThq5Js+uwgsbNqnA613vTEF0p8f8k5fLi+HSgL/TYz/UtW7JknTl6k7TvLXuQWT
UWmrWrD/UKADkkehGkZHpMZe+RaImwRd/x10M9+ZBovlbflDigfhRVimwTppKE2k
/S+GSXDs5r5ESN7OgIZv8swYTk6Nl8yoFijBD+wvWU4u6JNLl5RlJZZbki00Hhse
4Of2qogvmNfTpHbAU5DL4UWdehoK1fmPu4KaSpL2sRnTpqzyZEdAwG1JIOB0YAqE
ztszmcxi1s9KWQ/XdNJBG2QHvSMf4QTCuY2e+335Y9/ZC5WBphpAazRp9xfXc3de
Pl93N6ydfn09wT5k7TMeLOJrqPa84H06oRAyXqFYwiOVWRvyfrsInUv6AJfhRJBN
dA3ebIVCwrfG1w8OHerzDBo5yPc1ASLrmuPjaQ42CDrHqzfnMw9tHq5ZajoCGF60
4mzqu9/99upVaaToFRsA40lUpRN2QoOYUBOl3Ck34mWGWg8vf6akYADylm0SrpRO
yM+/8WeERonQcc3YqrmVjzM/yh4RLpl89oWWhHIHAAp1YyuwCj+kjiOq2HNhvyuq
9acwfjQ7mKBfK1i7PAydvWb9dt95VnY5LF+MvevJOdf1lEt6rISePs+AhoQCA1u1
B92MpDynfPUFoeRMx3do/zhVmY64qN7rlV0XxuuZXUW3WoopjdUzTmHycYBn7sM4
3U0d02yJgy+IqiTOusRaQGC3/IJiZmXoTL94wBsOB1++cP59GPyvm6qgM7iO9fUW
VO4ik8lTEs1WegTez1Lr96dwkPv6mfFJQIDlxVoZ4LVRf3FbQa9cZS7wxSe6hgpI
0Y6YB/s21v13GpCX8RtHEkEkW4Zc/9CrpUv+1/R3QXRvYOnQaWXc96w0/lVkoxCd
SRrlglhl6yY0QYvOmTbusUdC0QtrcQBRVcVeqqbfLhip9Nxe8vabPkoGQro+l5sO
xkO8YwlPt6oa0hh5NjqZaBpMhD0xAqHT0826xj7R5wp49KKtR90K4wuUy0OAWpFY
NdihvipP1jGuCio13PPc+Vah0+ACMMDvEWjYk2qEy2TRbWooNB9szzUoQ7P0kKJx
LfMSO7ecJ6sSsjcprsKzgOsjQXtIcAgRMnxFFaCfeg2zjW1I5HC+jbiNtqda0aQQ
L0RZ1a3KWIIPNBq18u+cXXjfaBy4HQhlXmQEnStkLrx1JuAI1wxhXWYdsrjJ2xEW
hQBjBwcnTAc5i/vU8H+oI1Pnc32DF8qfa51w1uLdoYl37PUMlerpXq+mPvL9cX/l
w2zd7Nc+UUezqOYPrBbwnrWOvG1msrjBPqKnJGHZJhlZOfLdmLa6inlsQBpX6kXb
K+8mpshqf472HOfje8/hrdLnOe9Qxdf8eNyi0DHs2MzxkYRktNJFIEK6JHo62NSG
/aM1VJbKudK1V7FFd/hrOAVg+uLbrsaFBdI6EE868qQpDThpd3WnyX8HztTkm7Up
zpPujeRarCgEk4RPLl3erYa7d+8lpD0hzZOlQkEALbSlCV0uTW3RSd60fNp4gvXu
GCzrJ/gsevjRJNggz3QojIXW9RFaU1Wwy80yIWdTguCswGBjMdUBRghKQlM6LlHU
qqXGdRL742XbYU76RVNlTnjUvAFvumey5cylAck7Lm68hV8rhTBsWMAJCP6VYhY9
i2AiW440gsNOWu/uCLBNpxPlfA5UFYNx3fo5XriyTPumhhkwsaF1N/jnWeXm8eUz
/ylnM5K6sD0gOX0ThLWVg90IC+qbMPNu5dOpCznI9DIup6dIhx8L2j+JoeqdsCBY
6Xt6KE8silLZAkYFFe5A57qlTq/z1s/p/6TlhmRP/2IC+2sSX9EBqXGDD98gy66h
rBapI4n5N6RNt1N5fnWJPVSnvFYIDQ145EmqPd/gUmMBF/AalgyLEdxc3xKOT+Gd
G0BcwQJdvmUp8rPGWgP5oy/qNIAdB3dnlfAdeOeeeiiGhaSpcwVhEaWOfYS+IXUM
kGWNDccjDIZHvGyLNYSihyAP6vOxZWzj2EWWUEAhtGodCQ74qm6JxRMGyVuBvyFD
MtZxMQE/AU/bPQmNBNCkN69NXyYW9Uk7p//Ef0EvZG4WYgQvaZ1u4E/P8xOL6au0
pDcB5UWRoqkyU7jguMb7f167iCgkRTTFSLULD+ljv/4zflFv4F6cQhv+NaEAF48l
fCUFjEMtGLCp99xxnu3M6CdiabZNCyuGEVkhzL/fq1JpVlgKRFeDFU/wfTe8D4QT
9tranwYyAVj3gd2f0ijrlQ5/9Ch0s83/X2CpSk8fHFOz3oBS7Gfyz45BugIhDqml
NkX8J2vKlCBOx2Xo/3waf/Wf3ajOEFXKR9fC+TSO6DrSS6XGBSQXn95SsWrzuA9I
RuemiW8+wYbygIW4auucs+V60BRwG0wxAzn+0lX7zac+WHjerZui+E/7ehmFc8NP
ZW/FVFtCYi6oc26dysKTzhpOUmh0WX4TvFHEx4KCL9QXTC/Ya1jrZTBFF+OtsJOi
oRDK2/yjrGU67Q1zK5escKJg0YdorZjMkfb0nNdjNOeJ1fLNL5eB8em/LEpaF+vK
aCWLa8tVvuq8ggUZ6PHQNkqeIssJoSXrmCfSP0DEtjk2ZDGsHaHOJ8KUBLR+wiSs
g+NRIG3Uvch6kARJqN3AgW1BySV42A+C6x+BPUEbcwDv3qz0DLmfNob4WArd+jyk
42Gnk9VL/bbddnhCyzYyHCr1D0XMIzewqzfR9ppDbgCLMxb7Q7a+8Umlkddd/aC5
wFUAVB88JT1gj+NqxHZs4BIStd91ElFslmx9yXD/dEUPGfqyl5tbTrbGQpfv393U
Q6L6cwZS11Rg+b7E777ZSuOWxJL92ATouJmzCYLjafI0jBN9BpGIymvi2QvUYgB9
9Bia2X/SRc1fc00VRK77c1GtW6Nj9L37eiXMKseQEWY3i94vY2Z61ytosB2BCcSO
R0QRJSWzXCXTJ6btCnFhZUuGhrnG6ibGKYmrTJTzNcrN4yJ/eByDqOc0YBUR10S2
uGMqxwB0adJ9ci+r76ZLzdo7OvTIb+WGbOP3IIYeSjIsymkc+ShbO4mAEcodrYX0
n3wYsjrhRYf4WIDxQhWJRUdBpty2LGl4OGUOTPOQPDaKwnGIiBUiT554NJMvv6WW
KLEBxtJlJQ8LhN/jo9ZwxwI/FZ68pd0h4r5Mh1atVxJHbLmnWmdd0L2b8w9UyBwM
ts/zY9bdjfndBgU3zmDsjkZgZdgGtzL9KbUwHDInvCKtODM+X7QQKHu482dRb/vo
uIkQDy6meuxdj8e/xzdSua2aSQhYaRXuZlE7uq4EyN3OcJB/rE3OR1sgKh5k+7hm
kSibtsFYYMWvBzh/Mata98kYHs6Bf+Rgx/FdA8989koFmkAb/B41NFKuTuS0DmK1
2SDKgHb6rmn+cftv1MOzfgJdnGObqa3NCEYnICWitPw6NAbqllvRWdKj2A91oMO9
YU1P/ZNox2vKWdH6rkpGfKJYVwdtVEwu1Nhaobu6p2c71RyCzJSYuAMshOyLXxgE
1mCup6EU6+IqLryA4WkD2IdpYbVP/tOdFLKY1fBcGJtSVdgJCXiC/krDLDKhrEkm
RCiIcf6ghGlEn0Jpk0xU3OWMh+kD01MO2IJuwk4TlT0kBRqZAtYWQQYQv0xecZ/K
DvOXZNUQQSzXFSpnGo7wOLoUh9gB5GOIbDqtAShYsCXbU3fuXl8/6Lojv+f0YBBN
capJh5oWBmJAmowJU3pL1JyABd5+R//cj1hQFApBKrs+cbP6ZO2cDabDWavBPPQ/
QQCPjbMENRsGrU5bdWRoG13qP8+FVk+aNHF0xtn+mc18scGhwfem6/hFgKyBCAZh
H7RmYuWoRZP73XPLYAM3sfwb1hLZSFNhbKHs0O/Fg2b5MkFy3DwttMbqH+2vDLBv
6CJ8s0VTULjSk9b+ddvk6rgUy+Nce4l3s8Gq1ZfUUdV/AfYeovwoUhCIkKYj2DFS
jBB6Zvoo8Z7zQpqNOHIiz+02zoYKtLconQWBGhVhn/A5ytYh05JZ72725AjitaE/
9iRvigf0u4hQrowNuR+5t6bjA+5nfpKimd/3G6JdvY+QcN3BizQ39ZyUrUr3pmY5
KkyHTZolsazk9ZKQY8LU1/nM2IraTuFzLhP6Mttj8DR+zXDjoPX5xxsr9VVWlcTG
Y1NPHo1SYvqScQ7K3LVVsiqAzbr7SHOABDF8ZtfwVqIDDmk7cubaTlUEdGA/tXTu
iQMYNv8iJ4MmE0tte0sRrPKKbnEPlf+UiSI2LDEYPuvXooGoroNFHzqPUX+6BswB
8GSEpsQDPzSJlYTugYrX+2PlM75c89dhfuidAHdubHMqurOUaWtTKTl57rd9en4e
HF0ZHQpXBgGQyQ7fT51WsXBZjxhWjHM4uDmc3WiST9DQX+blihwoOGx3moRbbAR4
UsUJ8lopNmbY+Pf5XGvp92PtxzIBJyJ1Wfp0nCX3g4LhuwHpi5JOGu2nfKD2LZR9
l9OehrIncV0oF5rcJWwKnRZbTBJgozaxKwkUUfp/qEAteGYxEeAJC0wy4ZD3N2cS
r3I2871gQAni/LsF8CEAPaXE6swdSsfc0GWTi5W+jnDh2oeAWeUOqb10+vwLikC+
Xm4VabpnHPZPiozLRL6TaVEqvmBpvUXgZffUIXpXHsWbVpJuPsIzMlmgeKEdwUvD
Efcmnds0p3V5B4ZaXLfR6aHdtrDT+B8eNb1bB2wOP/IA7Up4NzVf9BtEzq2JKj18
mtSbNmSuhSGqYP3fKWV4inAgRQiDDw3bnazMh/mI17qMLa25lzP9IJ5RNDRRWCjf
+mljnLpyYHb5RyZ4nqD4+w59YM9Q/v72C2cyL6WygYE4JVXIWdnrHPSTkjBBjoxD
P1WbthMP6DJcM5v9t8Rv8Mc8bPiUrKzMDCbXNcPJm1HDCnYrWXFYqOvUpKvWn6zt
Q39rPppCdrHkNzFS20MsvWiw9KsWg2rb/ph+qh418ac8VdyXNcETVgkLeYHnue61
Rbb04HvCvu3bBNjy8D6yRlFVIVxH3Zy7+iz3fJ70VwlqqpmlnMsidx3v1ykAeK1t
uo42n/3t82Dx/5s3p9rZnhWXUdO0etjL88GpyzvdwtkYy3Nj/8afvB62iUwZ1fR5
rcnklWkphSq9HL6brXQsS3lODDHsy8xIJlu5RrGD2MOIOy/rbMxNT5WnGoZ6j/RJ
Spn1f944h2LkyVFFNgIlq1W6MLfTNBrZZ6kMpJ8X39iL5KmkrQ1me1rgJTtM4heK

A.3.5. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7305 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4402 bytes
  ⇩ (unwraps to)
  └─╴text/plain 331 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500

MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFeMxt6IIoOR5Kq2Jiucu85qezrNEQcYm6sV
Cuo2f+/3QCmr85ho7PNGXSmj0LkmkvIAh4RYf2fH6jqYSYgsxQjT3jOcx70hhTms
zQV8e/UJvWRvxQHhPbtnDFketPi2CA++Y8zqvbl3L/dBeL+ltiQqcQprqy9RY5pH
FibcQ5OkxPIzBZQUL5NrjwRf16gujq+nGVrhphjwjWsCX+ypt6ZrrBPtje3Iudw6
/0MkMj2lJPEkgWvFEFNL/FkcNRzHlH3dQxqjaf28Jp7eY/3tF4NVHcirE9DSc6hV
7v5zVlVEtthdFE9shnbPxf+Sbww+M3ZTVOxJwGNwPwhM7ehf8wMwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ8MBsyH2Tp59sokhPP1DnTLh
iblpxffhKGR1N86t0QjQcmsND8MhB4aM7BtgsymR3IcdKrchClmkt6ATp9anhFwz
7U93WrdRIUcSqLnwoCU5P6lGpM+w6XYJqWjpU2Yd76iYLPOYBeAFtMbxdrOEwSCh
KZH2jyGohfZXtA8jwGbf3rV4sQ4EyZum5yfm0i8cOK7FPSPK/7pqtP797I9IBT0L
YdssDTrrNMDRBKZ8AXRO/UZFGyWAcX1SGSlwAQ4Ilg87lgUblYdKihC4VhH2Qn0m
YZG37Til6fmiZqAUFyJZp5nuJW8sUMzgrjzv8vuO5u66W7LoEhCQQYTRSrxFYTCC
Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAfIC8XIvnLoAcDMT8ITOq+AghGw
lTqzvMWiOchU/VM97L/Ya1UcMR5Gp9ca4N2T5OXhTDXkanfsUHQtiKBHI9XXBP1h
Modt75Gunm5g+Jaj5K6hI2OtXZHGJFrH7MkZ6ttTNUeIHqtjacCA8j6Bunoa2qmT
MCCdHnTipVzH8tFx8d5xcNETtOvuUjXwIpBMsehYbKBqpEG3qcS/Ke9chuwIEbwJ
vDwkagqw97Cyn+b+EWAj2hEKUGnS/YtzsrhPwkhox3M+MG7eCJ577KUmIvrJcOZw
d7vku5E0Z075QiAfw40KaHVkqHsEEuAJ6FtQAOpwuHrTTZkMkTiZpETf40N4SPWu
uk0JIZpJvbxnZvktxbCDZV9FrGV/6TCpFgo0iAh28LWcjVkiFTS1kOtKqMFQxAu7
78W/dA6JSkli8OYPhevcdyP8Ffyh+S1j+7cFirJPyKi/WS5oJn5vIZqzkJelySyf
vzGAiy84zd7AFevlZyHSJhYhvkpRa3Q9puIgF2DveqUvoFWuhhkg9SJ3QMGqVC6v
z8bPYqk+vG2btGT6FjlzZk/J0et2jpe+luFQ6qqVxQZQReUXaY3KZk3jSyub5M8U
RmIBw+lOeE7HXor+L/IMW2AV4TC45Crl61YlbOadPDyClJtsleWj7nlRkfRZTmAv
fgecHCgqAFIin76vB0uB7BcWXEJ1je8QBP9RHSadMFsxtO7QMwVXqMXLil4xaNPP
hUV3Z+YquW+rpMbb3WpFO1AzYtwUbagK08eIzQmEa3nrpiX0so42imrrde3VgWiN
l/ZRyo9cPuCmmsdsJkxGfa2pdTecK52lE3Add8BI4qjF+W6ZhZnEmzkMiDuHGmoD
OOWvV+yV5S40HBhvGFlbBQR9xjKp2k5oIWLiSSbeUxpTw96sQ8Viu+MLgjubTjrL
bvWPHJzykokgM0VgZs0MwDQ6TNw3sSeI4wB/5btssUmjTwOinqjHbVjyityjM4WZ
5u7z29MaUNUY3I/rTBvN/RllEh/dBBBh1hCjbywizIQtOv146GRwPUGZeWymkNkt
xRqRxU+ecdzT3FZIDMjcK4F1PqY0ylK06yevfI8mioUFU3HwNBpmkhfwgKx+K+WY
zoLatFBnvon9gemuVKvI/HblzOSqMXG30TQVzifza9Zhfeh9Hwz0cnknLCKYVyYq
NcQoTI6PyBZ44Rc5UmMr5o33OI0pffYHq0+QueAb15SskBOnCi6ELWBi6n38fVEB
Nh/7kpFO19JqXnUwrsl7jRMGp0gsM+sW9xaxbCkb8d6VOVS78gewysolaGe0AerO
qMQnNbfzbNH3IqxHGote/Y0husOkU5Kyglq6k3Aq7KCLtIlVLnyT+7rPmpf8jbrC
TlZmT3IaunHh3qS/c7xo0ybB1sFJzHdlrgwZ/FqMFGI65pynQ5zVGH37MspWs3L+
ZJ0w1nvA8W1e9cYGh41g/Ipz8Tl8hn4hhxP3XbQrPczDQ6i0cZn3Il84Iy0EyW/h
u0lLnQtzN9aes0ihuE8uL5H5DKFlG0L3zwE9eayxb9DXk+1wVLnCfO6fGHgJFNt4
tbFIDW6y1ZLvsNT6FZwJUiLD5i21UIaMUDossMBzruTMGp8sTPqadxEtQRO8u/mU
ezKAKFr0DP86svFjFtMUK8mp9trqWpg5c6ftgN/7uG4fzq5DKAcPFbUspLH9J+Mw
WcbS3bojohXXNtpV4VgYbdjOqNFw5P2tKHRHSYFyHmu7eznQCrgklNNONJFQA9dr
3wHvLNshSt8ECsLarvnHUxyLCqn/i5Hy3Elzalma1iL7wYp3/7i+rl+qx39U6RCO
1uHAZHWw2/IU5JkDkxjqRDOlkHgcfmwGdIBoKuHbcPxohwAlR7fD6ez0pnjW8RBo
AiDbgUB1rWOOrLKFQMIabr7QDFrnmjLRQ6f19MJUtdsktb5E+r5odPTE/87yPS6w
wZxtM3xoFbIkmjzAjc3URxJRtDNVeeyKOCvnyxXO/QSS62Rs10/gOGmrpdiAA0yO
F3+n0jCBMkhtMmP7J2DiCDCwTCuuFglWJwxfE+TzeOzEOiiH5Pjce9PBTRgHJfnS
7apBM8IT+HatvHMcC848/mtO7Sg1ZpYQo+xBRjM4viMwSfYX+HeuiTQ4X/AxjGeT
sSOsOmozJwJiRkzwB95wY5yaTuSBLZgk1w0cakzfk6elcxVYiN7PUc1/GOR43sp3
soZF7Q+vI6pIbDzOXGH5gE8yrutkDhHs6pnQJ5hVWi4KBo1R5dFNhYv2FsQHpVKC
ocw/Ng+jARRSHTEvRyvZTTe61evbTjG0ocCYx7j2rNsyov8MX4b1XpECBOdpOAUE
IcfQUUqYtgfs+m4h3QGlch38u4UVUPAbhqCy14HHSsmA2y097eej/A1IKx1Q7AAh
oyjCVIIrKtZClfkfu6gPq9ft3L0aYqwQY4Ns9Br90qNyC57zvklvZDziNDy+/5NK
9raZxhPSJzek09erc68W5mR1d/M3+hnHUJJtldIfd1Ud5LdJSnqUd/7f98xxFrSR
zxyxdyPyCnRix1+mcCRoYsFwkYtnocmBcuKgoNtiGpmx9KZfbEk85xHW4OOBZPus
BQReMzmCHYMPWTsh4RrP0BjLkdjMrlmwZ+P3fr1PE5CCTwie9z9hO5gXnrc2isRF
PMhm28AVdi7HHNHW0eCBRluz/TtgwZKK/ZsDJ9kx0NXCoWgvyLC2QhU9NT3q5jYr
LzSdyoaTypOzoYQT7rIgaQ6nyuo2gJ1rtkKYGAAWKp3Z8QIWz1VFV7XDXekKnPK0
i2O63tw/PtB/PMRXMqRvO4lBP+M3GY67yROQ75RWfvaAmQhyYfA9p+1FkLnaXlql
8sh6D/BSRAr0aaGBPdxY+M/WBNnIAr0e1VfcwUIav+x8j4/YJDGi7Rb8IJj3C7+P
9ev9NDQU3NICaUVlYOXo+PCa+WMVG6cHkk2u4GvYu2r5/v57RScgzDYpfOJwadAx
EINItmSH827SL6mLKPLPr6nvGhMZSONUSVk9M0XqgGWUVlFPh/Vc7PV4qpi8F36Z
i898n6XP7u1L7TFUvWYHEbsK5x71uURECMlkCr+tueRKzfEfRtfnpP12Y6mVt9JZ
fBkOGR8I1ZAoghQ0IsC0JP3c1f4z6msuZwleDm2C98WpohbHX3D1AnCFSPzl5RHS
/abEFkAJ2hfuaSQNc/nw9BWcceX1WNXxC1bA8GsXRguODW/BgfJ+lGsptFZORZqJ
u+XIpl7NaHPrQl8pnF+pRN5Zqzn+nDO3H0Uu5tdKKpk0spelQenzG4bDzy0UBJel
l9cTFLJwz0sUXZStIGz5KhwMiIW9O9evFGE6q8lm4LxUcG5OaSgUNmZWmJ2dGWGN
72Q7Qyg3FSZRBbFDkkBYAWUFrnjrHEAQSFsD9NVjrCAVEXEHfwnGncn2Ysh+gm8U
Poj0VWH6R1BIAgDQbITeskfo32dyIn9RHWPqwF16914VXndx/5XO/bORTCqQSpFc
vaTwSt0NVkFVRvCsGG74SCEznwBulWd6ijslVKnOrZqlMXfzPiNUSTk3DEdwatsL
12yNVNiKoAdKK9oxbIyMHYHJXJWVluhwPy4gS43ND2PllePBWC6DgnFQyIS2uPmD
sJ8V4fz6MYcLZQyfI0nOVwyRUE80vTKAczJ4u5hJ0HhhIXSoEqBJONSO9X1Ta7MW
uKmqm8O3X7JHEZcCa1kb1SO1KeFXtVXRudVLhPP5Lc+o+DaxfvtOEpxjD3wjB2O8
Z3fYwkH0aW3sDo2aWSTuYC98UJ0/imqlxG8+4FrkwRkaoGetwt6oXaDY1RXE8GDy
FOBIxBrxAncl1gv5dBxsjOmzQmNYCHtMG3T+AfDKmzsSRyPNWhi8NeEK9G0PThu1
LYezQjfKTm6zhq3Jlm6Fn9DZ3CxXU7MZRqrVW0yXgsjlC0Mfb2WKiXZB7PZ2lQKy
qi0hZoVubPHAoAK6rezhq0Amd0lf3K/L6qVeilFMD7ilcP7r7dW/6hm2ZV4WS7Ck
W3R1ERI/HDgJ15NnWyyaXqcbwaRhpJma70FWE6c3lm5s1mcu64txxJDJSB4E4aI8
HVkz51slcwbuE/YzdNUbNrr98iuAlh+3iJOZ1jKK3bHfb8zBZL9IDYFv+Hsb/fdb
tkTASb1fZUIp3u9OhvD91Vqb3IYriQiX8RB6/6cmvk3L+lbDGNk8leupqSPrhIOt
YvDSVbQSyE93KGdNbyUe1U/l3TervPeu2dOL1qkPFoEs+TXThUUxzjyCvp3kapmh
MmbI3pVHqZKLfGym9BZcm80gOVMLsD/ICYwLfmMQbGXOVvQRBvn0rVLdbu3YKOll
MZci10F9Usak+agLidFmLlCBWnLk3uBNsj1zX/KkSFMPp9RBCpVDdtY2f4Fm1SSN
Mg+dmnVNqZHQuXA/Z2nuxwGKxrWF29crk8Nakha13U0X+qnBPUnRrs7X/IFhpsY5
OsGsD3US2ACHpojAENsGoCpwJ0ydsQJ1926iSbQpcyL1avqxouPA70KoNWL8Jn6F
uuh/OM/NC2JhKNa3wbfMHg3btoAZiK1hhT8NKFbZ6P7QfDkrmP9j8kJK7nfWsiYp
psAur9z0EW//oWWAWR/xZ0E5rG0QUVfjTTWEMVQOwf6Q6cjJ1EhxYrpIj0gA56li
Cw+ZUqUAyl1FHFEvVTPAeJD2XyZW0jwxaL67DyyxeGBLJj5dzTBbBiZ06vkMk7b+
u5Z/iGaM1mgn3jS0y8a13WAn/y35u6HZzteP8A42ZL4+fBsFL6cmIrWDYsLYEmB6
0owZ5Iz6xmqLXbfwNkRZBDmixp2eeQPcMX8FnXK+6lZEl/AGlSlRSz5r8HoPOwI4
/3HE3uykVyRl3dWCnQG1A9V/2xw325/WgbvZ7z4gOxhwsYTNucIyCik3PR1j8OdD
GfEICpkLRCA/28hWE663wV93bRwVMqJi1MSTfxprAW10ChqZqe91RM5ijXbisdoG
yiwKF87xW5/lfEbBhVJAnXqjvjMtDZbkBEteBDMOJ4yR2lWOj8/F+96IPUulX6N7
6BGczTT+dFe22fgjFqjOllOaA5H9d0A2me1oaSpveDLWSd9k++tuhgbq5amEj0+V
o8qcJ8YydforXi39Tugm1elPjlJFSfG7uH1LFNzBBKp+cfDWBtfNqnsFUkJoXT/d
21Xwl9DKzGIfzcjDyrXDQEdf9Lzvh6VJ3CWJ9FwpbIw0rzo49ULXkl40Uyy9nhA6
JJlX1sI4q6yWxUTSXQunbZH6LogTq9FshR5xAhkHmJhjAdDMkR/d3cBcDxKs0pdk
5PPw7R1w43Ledc+sV73bvEmD7r+mrQXfbYhvkP8nmLB8VkbPUqq2dqUwvnAq8WkZ
ggzcOKk8vETew+4B+E1zC3wUzpL+B9O8qhIJu2XHQqkKJraDaB4k7/jTtlgVFjQN
J3swWfsiDRKYUrPzZfac8+smCyy6FN1S37fGLOAIaDFcTiO1fZc1OhCXRHI3uRpl
dNXwFG6OepZTs+r3yLEpqH82vnbak35zhJTZgWWlUutcLLYLuulaTv85TntCV5du
tEPiR2f6oxgo+96zUxxpFAMU6+EZz01IeGYy61+NTJ0aAOhWvlmpff2uDBEJtdnu
/i7WYT5qC6Pae0ZWIhseLGI1U/CUMfdY295pCfCQSTS8O16J93yHY5bWMwMyDw52
Vf584mGeE3a5/j9ju9qnjdl7Z5rjR7bc7oYKjCP+Pv+R3pOo7jhNhTKCbipvH2Ik
xi+aa9nsTlYgNFMTmbFljhcsiTbPSOw6NpNfJmynWlduqM2Ra5ZSMOjdKtOEW5mL
HKN7LhzMs5nWvxM2m6J26kzfbM3+d5W361BvgU6v9oCE8uSobGI/sSNP0kgGU9Cx
A9kSrxMnhahtlC02aROS08PSeAcErUnyKJLOdrcACRM/T6iwROLI38Nn3E/PuqmF
XDcN6aosfk5Gz0WhEuIe7o4bEDcHTKkeZ90/qNyJuCTwh99VUEeN9T6PovTSTYr2
xpl2Dca+KXzEcdmT6bL3eyrBAMRW8HyfYTxAJntty0pLOgszHc9Im6q5Y+HvKOU2
Jck3h1nygfBehDUwsLTWPg==

A.3.6. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7845 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4802 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 918 bytes
   ├─╴text/plain 50 bytes
   └─╴text/plain 367 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500

MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFlb0uw75g4ZCsNeHmu6cGBIrI1m84iH5M8Y
h6VbVpYvAPA/KiFDEtYIW4jVzcWrLuDPIwDsb5rhP3fqOJVBb+aPueeX+1O9+3kF
2cbvhTGXV4ypzmLnflRUDcvJc48uin2W9r5jwnz8Hcqzh/hpxkhyjQ+A43PrkNei
xFk9DHl+TjlbDXIHDBpq4a9UO0DwX3lwzl6+0wqFrnbAKop04yJ11TLZeNlukxci
Gb6CO3J97HGPwe1agFIp8Dy/V6dV1oHYq2fYtwgXro+FIMKgQJrJIzO/7oXdFpBa
zR2rgtoj7vlilATvQjlz0TZ+EKA8bSMdAk4lqTt7jsk7/5ZBBrEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABqHnnpvSQAY9G9b+jB6pp/A8
ed7liUtmJEIpUdbJeWjK2wXX/ZMl8npfxptBfpyVUX/hZKv+7CEXxrR3HDmMhegU
zwTWcF39ZC2cIYOe31l2J+ejNPWr7447svWuKyNG/TeobeZBYsVw0s9TFKN8+8KC
T11WUqCA63rx4SG1Ueq1WjRc60fEPiCLrC9Cy0iNatfulUFiMWaUsenyUisqu9e0
pyknncPN27BkIPY1Zj1Ks1PUy7SwrRztAFey4cQ7duElEoKOz3SrF7vk8/k55GKv
Lh2WfTZozb4iMgqIVj15K3ARmgUAcoLrNRpFlia1MtN43YyHDzIopnbMLVPyuDCC
E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENl7tFWc2MLAxbzfKk5mB5GAghNA
Xw+XtyPyo6kYsiwxV6nx1hSJyw4mPDO9YbV7MWEBXixmizwqXrF3MT9F6ummVZSs
6ZNGuQ8grRFzR7jjhZJX+plXiErAvp2ntmD50JQ9kzzrzLK4QvWyGIwqPbZ40wn4
gvk1s1fgWmKHzmku+ajHLgTDAdIhFWvPw1eiodSmVFWSMT1X/KhbTwwcit+mYHId
L4qND9defiJ9uuadxJeygvQqQbEI/OWxpmYBJxqxWrepc3RnVOdrDpsDx8ONVHLI
ujn1VaqKc7MFiNXJyhag2F5FngrUyl5TxvfwUmnmPYfwHBPHb9qAHslbnM4+4Mqj
Q6IY5cio01a2D2fFFETACMzKexbNKGgLzLv8DGIDcgRJGyLVL7KHXdGPG/cUwlTh
s5IAlFA0pKjZA/rwtgQyGA1oYoL5JThQmYuA0vOL6PuEFDL31vZf3oXKqaSEFoPX
cjzMaxiBktvqkGF7vyWDk3fGH4iR1Ttgp/xv8Va5Aw94aZORT0dcW2bPKip++11k
M3VnfL2hpl+5pOsmPDc2d7kXo7OUHkDl4xRMuz0P4HdSlKNH5Kz2bBlBJsuVX0hW
8GlpvV8NFcJd8ns4x+Xajfp7cRPz1vOP1ISoGs2z5CKvVUH1jEsSC4mWEWo3m7tN
zmyTqVhMVduAwKmCXn0dfNY1tOaZd2KqJ5/1DtOfy/0JpsSfP+TVe007asHhWEuI
6uSui1r1XNhXsS/GtIthhxN1Yh0CBMQ5sCQlpcPvbkckAdfh8gxWy1as6mdnSSQH
6rH7js2DErqn8SJUW+8QW6cIwXCMfuEwUR3TXAHZJZc4+FDzLDh/SFAjUqBAjUw4
tAzy8O1zM9lUNMaGFjvTulokTn8S8zdg2E22BOlDN6FDKa7xhrqJy4wMycinZxJ6
PhEz0Cci7O3l0FUoT6pt6WVZo/jwpjmCoY7SWIREzxn8QISqhOCsQiPixdohSQW2
5tsfSjC8VS75lGEHT4cqg8EZ4/oryfCLw4LVCZTeCl4V0xJFL1p6Vk0fgSOiN3B5
niGj6eOHkmAnANr6Okuro3ogwoRyOPhetiGlD1svYxvX87vLGxtHYu9+NU5ZwI7A
grRd7v0XuI3a1tCs1PT0id5hNWfxWYbJcHT78aPJTT6n4Wzy13pKIxkzromw8T+7
hYByBPXWvrULea1irKL1QQp4Gl3bMDmNH2QGd1l6WlG58IPLXYMH8R18JQg3YPZl
4ee+dXq40MaOPe+5TpDgBMWj5CTZGswLUOujsSvP4z+p6/N5H4erXNF54O7yBQ42
oxQjQupz0NhAouYmXcdnsSEc++VwNrgoaic9EyroUCNHvcowtBPsw/fhJ2TYcm2B
wUyNqfOaJ7VfqeYUZBXhJidTx3E2vvayQ7F4tY0QdXzcSa/4rO0IWnI4Sn8yBMmQ
ReVXjN2IqTdNo/fWg7sSYvTKLmqKIfGnEIt/+u+V4horrQM6HoaxXuQ0HP6ekEAb
GugQ44hyMwvKny3v/fhu/5g4y9V4hgyrwXTLoQYIooW4uzFOIbW3XzAOY8GMgIPZ
7TTdMGTXpQxMb0k7GoFafSBHiygruaJ2HDVaqpXAnOh33ZdbGHxdBhRPlxfzpT+A
bJ/P4JP4nG3MhrCtHbZCd6pKANcmLtCK7YCPfndumgqKPPl+Alq3QfwXwTnrksMM
Aqt+PwwNJSq2i/LuOZoRusH85FqnBAhAHX+yTinsUTLZ1cWh6fkfT3gHcAe0u1Kd
f/vBsS0tbbkJYu4LV1Uqxr6+mm7oZla/NkUZ73Edf7G9IzixsVRXl03ryB8sr56o
4ouRHAF815+RUFmVacuMGwpJrOs+ql6NNQblPkllveMBly9ak76sjnwX7LJUuhje
uxaipDAOmd/49cSsKGkzzzAUCW6Ug4Ar+a4fa95CuX2ZSId+I79Mg9GIXRAiz1W1
LUYHVf5avjvnsms5d54oJCKsukizbSq0T3ItofhfQt0osK9VhbmT9PlntwwjXY3v
5BhGkSp3CtOZpPjkrx6Cc4WNTBb+PX2ZTprF2+uWxxYbHKKyWv3eSoiJcpPkQUjX
U0ZaKIxDv1er7Lq8wwdXLjUH3x3KgO3YsofePYsOWmcp33+fTef+0zBT3e60sT8f
hnoUHI5OzR7dRqEiiKLFSN1Zw9fSXtp9cTxBeM6+jcjnZURoxgy6U+KbVnVv/je1
P5v3Wqau0FFFmWb5vPSlhHSF5L0z5CvCdWZaadU02lZmdRkYbBDtDADUlUfcQrXi
T+mJlCM9tAl3iCjm9Q88Poxcye3pri9tq+KqE1OUajmX38wWvlBISiXU1YIAxyWR
HjnIq8SZ3UvJzAkp92r+3ayy41CotY5o+RqG2ZZ/gAvH4FNOuzeZsDAJPeMR5ivO
grInuAfP6VeVKgvosaYYKvOL1rkm/acdKBs2wBXlKnceKR9mJwdnXvZi7ruILSpi
WaAcoNvxAPNfd8Cv12IXz3q5t9OTZhHKrXFMhpMRq1XOmMfIdzr4UJgh8A2LQDsJ
/Dqpc9NVfqhWVP06ZAgWQW3UCQ0AyVRwYpaUh7fsJdR+rthFMusNrt24aWkE7dtn
sXPrwC/z7e/nhhPnqUaDmEYqP9i4k0ITlnACDnZsNOUbbNB5BZChmdc2CvTHvkCa
KHrloihhUT0YWygKGc5BEKfif8l/BrUaDATwzWAGICAyWUIu/XR2SbyjmRrulvta
+dYMsekYozcKnTtu53JAD7AUun0Dj8Q1bK1i6UfJT/4fjvWslGrR3DDJwoaVC7Nv
t11hb+seTKdzBAtiF19p/ShhraL33qY9E+T7mo5paRO7GPVj/iOFtwUgUopKSt8f
BjzoYuwcZGacW3YuMd9qbV8P4V2I9GL+FlnOcutSIech9jPS+7Fit6A+J15Ca87Y
DlIh1n1MAjOK7IvKnq1UC9ly8uC5e3CUDNGs1rbg9YSHaqnTQ/bTJIjfR55qBmBy
eWK4/JNsE+gjQzWgWUccI1wDVvFktvM5dSIu1RiFEVHkzEcE8wQbMQ3i58EMhJg1
9ACyTLucKLuGJRm+CT+qsYXF6PEAXe589wo2wlg98EiQLfS5MI+ofrnMkpG1HNye
pLMo3YoZt8bUZo58v/e2XWLKXG/ELQ+u6X+MsvfWA12HWiwHb/zyEyZuNZDqVDpo
RkeLtYtaW/RDHyF82RyHYnmtG6xQCqsrsbtkWKVZCiVIcZONGt6Z/5AFnmJaMjZk
69ShU2R5x12WGXsvaDaw2Jzgb57DJfukOro2KDYebgTSRPiIAIxtinRlvrFAOfhl
4W0BQehOVTv3Z48i3QYWG/vHkJTHKgwB6fXesTa5ylfs+YKlwCoP11UlLrove/hU
cvXtsGju6y8Vs3ga3OA37Un2feDCZkNnpo9jUG8ULAmpuKlJX6otzxi/ZM61W/bI
5pvxe/GLm7f3zzbxCX16ibeO/ZbqPa6VrqZ5rSXSj3TP6p0IusQ3lqOrvib5VEX4
YM0g5A0VTFJj1yQ09KMXa9qHoxVq2Ux5ai2Ry2/8A7nI/SFOjEex6mpL/NoCMMAN
ionN1GU5Hx6oN3nS1nBWv9xNJW0sQ57fYI/gHzZ0mBn88RiwDYRoAWhR4hrA7okq
elg7J9X/lLDDrgIWNfImqQf8eu5MbJ4fteomo/s1usR0xEisF9RwECWEDLoHLG4u
m3VyXHzgHUbJEdxnOudweHFGfZDIncnCONYkQSC/IiU7p5t/AgfPyXK1kO+yrWkg
aslamfOG52KaF1bk+rMOSlD9vQoFQbh7lsRkHg/MMznqHwFnN+/+YM9zGHHNd23A
SyRnOHRVpfdIRPEwPKV0vf23v7CuajncmG35rl7ALYCPAr3W617N3/w8rNYiTk3d
D3gCu/gs0S6wOzOTsiMpA4fmsn0ze8GIQ+fkQefTa4f8VmITdXIAuh0uIeJcauqy
EMSUbsJshKgnXg9zAws19VVRz4tbbt5rgSutuKY2yb8y3qst3bOg/AYlDc8jU2Kx
k7unJAtMqNfDSFBs8yNd8iRh3OJ4u1jAYt3vbF+9EuGKvdmJStSJuErR165grMeI
4KaV0JacRThFzC1TW42qlNMx2GE567agk3SQ/+qrQJZ9LvJe5AUaBQU/Pga9S0Pa
t8k5qKewu9L3SFShSuqWjGTNdNlfRAzBj37I+l3wZe6SFGc7w/TBvkDcXBC58duV
oZCRMsSb2QwNpkwsicLXnPTtjqQBPPsEklS08pjnYn4RJ3QOQ5LRP0M4rJ5i17Qc
zO/BVXFtzP/SuGgrjWkEX9Qm3vgOLBGbNdk9Zn2uLtog7vrlSjydl6fYd0dF5otv
GpBBRvOxZ5BzP07L9CfzXyAMeDu46JRA85m3qEZ7CLwo/aIG0Ff33/yUh65AmUu7
/j7sLtICekmG3q+gzgreATkA45aVN3v0B3DsNHZnKPwIsit24FItq7mun5coHG6/
jPoIvLiqR8ER1PROs7S8khfPZk3o+uoJmk1cmSPQdXF91y4qYbCeSuod6FTJU9Pw
lsjWiaX5SORLkLKea/aNPC/s/v7zfe/Rd/3rDv/UtRr4Ys824X0qT9HKGRXpF0QL
R42XRcIi3rTBsOmalFlyC6Wjy1RRdGOBisZLnQgNI+enmkmN/ik7bbulwXujIlWW
gXHzxBo8ADKqtxTRrri1ahNzxdBjuIz7/TkVgNxkTudSy3X1oaqA2TDxW2E2oNkY
t7raY/bQV1JQra8YXe0rbYiia+u/vEfvEzW+5oGTz830wV6YqxLbTgNWvzYqw2ut
HDP5q/6YQgoAFzT3+jFbqaankizXQHnZbQFrdEQIom24i+I1wuVhc8XuJydWa5Zz
z6uitAZF/mxEQ7BoFjNXtxoRVdxWG4ki2GypiN9/VzXpRvSUkUEpb5itnQeo51P8
2sfTXLQtYKK6r/nLs1QwlfLqIUY73qAz2lStvI1P1ou1ORWK/Ksz6CF+kcUfXOB6
KGDZvl0NnYg9Tu79xu3sktjfGNC9vaev3MD23Q66xK2kLY3OMikpXwAybmrGdu3I
OQlZRWVaGCtnNuj6jweCS6vvZtjD5m9uqTvRAtN+pMcqzdMwJne4jh4ljFOcv69z
bk9Z+mxJ5wfQsRNaH8QoaQmoHGRksaYIQr4sV5L4rA60+AtmXsmTQram6opUAXIv
7G3ggWdzwt2Nd6iVuMAtq92hiedoOcb7qxCi9/z8kpnLwp7r4X4AzQRsiLq8w6vJ
rVu96hIxmdP8ob/XU0DXCnZons1fhlw1Qcw00JnxJdQbF2a8aUQ1yBh4ySPfBgZ3
9ZnZtgzmzHS3LCqEs52r9nJAGvjiGtnWnCmGbFI0xU3j61/XQy4LFQx2Dcx+DCnH
6qkYaxPJr6LZZQcobiYEHNOCjkajVFW/OTJjPoR6LsQletdRMjOTE8bggbHNEDGk
ghcwzKUE273LaTdJorbEqsfJ0ZJee3n5l2P2IHA4a+rCvZcXBNfQKlf7JkUabIDf
f7FPTY0yGj8MuZKzWWFJJ1myE3o73katd7f2cSw/Vi1mFJsFe9hR+9A3ycmjUSfn
fsaFJNEaMFYckdG5Bg8imadMBrKtO4GsAtEFB0c8qAFxvZClz4/hGXwx7oU99BNC
LyO07jZmQK0XUNXIwfaZZ5gyfCHQ8nu8AcpuN/7itIRA/ubHl6na3vg2eif+vcEG
Mh0gdQ3B8gKQ9j2ZYT3X6bpsOjeOXA1e3Xz9KXAgfzcS5ECQeBGPBdg+WIhrhfrp
WS9+GtY4J3YwFsB9QezWVG6jBZTk60KcqXZ/8JC1Sg19G1sOI/WZ2vyrFPw1mNif
95zdXk6pM5vyucfXQqOrcIpRmRMez7Dtf6hQv9D06XVbS5sht/bwTqwLXBUe7Vp2
QjlJhEG6LGv5zuEu7V1BaKfISyMV5YPCqvuF9emD+L0rLirsTgbrOQ10gezruXF4
r/Biuz07s51rGAahwuWj4vbqaD/onN0G7i4nfAx54YsCW1U4d87ty19K7Rcra93Z
PeYPT0gwEYcQsQlKVlrU8BmZLIeBOq4SKBIzl0ec/qd+48pPSuom+KuVT/LBiiS7
JtC469RvCKnlH/kILA6OatQGzYfD/R51QtW3e14LZaJBr102f7oQFFswj1K11Cag
ucIj54+UQTm4PEMW2SXsWBgwykfLfl1Aimbfp4BF4by3vqcd5pURCG8+B/++tL+n
DLxf02+KnPHZz6GRhhoGRoB0P4I98hC0/SqHMzbyLvsqDnOWesGUpzpka+JH0aTL
jxuSDtfR3oyEz6E2v/k66E3Uj5UaRVatOeow8AFZ67WTFmg9v+8yl5wTsw7pllMC
PNTy2aju5CZ2qP71LA7EprQLjrjc5rloXBGx71VvVgs1iSss/Irwy3WoaI20kXv/
d4vvl8mGy6Euha2Il+z8l5xCinZgdpf01YTboVBVa4NVhnvWIDihBp2BAIFLWq3e
I/jpu2+jfPBfPX/9oizqDpQayelhtUdXTL94RRMHR/z8NxdqfJ8X8xOlxLjEZsZ8
llPcVF7NcqciQEFfMJ7agW/FT6JTBqnwCGr0xXUXc6pRvZKi6qst1ReT7AmNmJS2
QBF5Rc2fX0e0qQjQEjaXmRymhxiH/sHslb8QNHFzgyw=

A.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7605 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4626 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 816 bytes
   └─╴text/plain 327 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:14:02 -0500
In-Reply-To: <smime-enc-signed-wrapped-minimal@lhp.example>
References: <smime-enc-signed-wrapped-minimal@lhp.example>

MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJG/Nu5fmnMkn1fBsCANbQMYLALsx0mJWEly
TzK5u5MUntTeOq+fVAUULIJkXaF4inxIe6HSau/bWDWISRy5txztdBIrGLB2RZt7
Yq6OY4UVqXmD3EwkUab9wJVVj1ZTP4O8ijOAfpCjJkzfcQD5J0ZLr3CRXz7JT1wR
CUHwhSBCMOuy7/lM2fKeyI+ThUNFUQQRECIjA0PmMrQt1dYM+bXNPi4lY9BVM5qx
J8DQG9XNcQtPsIfz7ELwD20a7jGykPYUHzyFE681x+4KTBKjRZb9t2Ezecydep9M
T92aV0ZU4A3Vd8bujGl9sUvWCbFR6/vhT9TOHHpqRUOOLJr20iswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKUK3Tne27yc9+vIqGMeTO6/u
Ieg0Iav3LcaUwnCOGLjLZhlnpZEzC/SfNTobX7d/2yPH5oc4gDxGekJO2YyCkin5
RqpYlhIeCEWtii45otBUInis/kAroFNbe7TOfJ9ck5tVXxLJ0WwG4mW+CoMlRF6o
E7tB3VSvplzvuapfi2/TrLtmCDb4rlAfyhTIeIQy8J2LuSEbmDm2RllrWNVhVPTo
9gQYfEz9VxyC6Ix13w18tJ7vAgvECibxVDj6AVkAB6ThJJGle5YRQHsqbEDbQjBX
RBXfKBjTQ9eZqxRIKjfP11iYA+tNktr4WRyY6YUA1dWvb+GBV/qS2F78yjK4ETCC
Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEE9Ajv97rc3cRK2SsCiVP3yAghKQ
4aCK5bc+ic/OjQtKizK3Vidpqd/12OkW7gP/7UOS3BiPtRIUkwQux1cSiCmFa8FS
B2Hv6npe8PgIkgv6B4E/paVga591QdjPmnyoUmAWrH5ILbAdHllugybzhs45sSg5
xHftcE9xswAoBb0Es60qRMyNEbOilRKYIDVoXjFiyA5SxLCFxXZTveJGqQV6bErY
bEsTEhz578Cq+tMZVC6fRR/iSi1ZilyP7AYtCxUH1K5FSgt8qnxLSwk1kiRaBnMJ
Wtk3Ve+BETCUBTn6jYdL3rBLw8rx2bp+qUcVCu48KTW1Bk/eytSJ6Fn62hJnmNs3
m7U06C3nra2hvFWYhKva0JgOD+EyAiqGWwXOdD7jRS9js/dkFgguZVT9OewCvEb4
gGTXLtmTF5oiCipk5o8rRhQk8mkrXQSmfAkD0R7hav45BnaisfI+4rd3VRBqV0NZ
wXVFiOfEpq4hhA2fCV3owC+DiW+54F6gUEz0htkkfbJdD4r7+8u1Y8oLrEkPZGJU
7SOjAM5yC7TErr4U9FCligOLjWKmeKud+rV+AGKUVEtgXlAe1C6EPQDY+uToSsP1
bwRmAroLwBBD1fttSRuS7089AsGqDNLbLfhoxrwkwtyDG/1t0XbjWNNw+8a5y/nn
xnLklpqHvaHRSzrH6VAcSmrSuJUrJ+bxm7yPWqJbz17+8wrQa1FObsq7NBfUz1LD
93+hvKOmLVIWTpYq02QlkYgRNyEFSXgTbLslA5l9WChT75VhrwQrRT70JVP+RXwd
LT9su8myIifWOZpEIJpSgSMAJs7EPDJTdckMkBEVyiQRIcNra7lZsjjI5JQa6nVg
8pqD7tbH9ZH/AV/Z87q00VNUP3ppQWlkwaw3ZuLEH9DWfxVbrIxD+c9DjzTl+axI
voBsFnXWUQyW7CsirR0jhoM7sLcLXqv87UnwxlH7WgSiwkzNAoNj5gvZ8FB9xLw6
ZvndV4o8MOYKaXQuOkIo4fJ8xkjxa4g2suRFsOHUS8+EeuBKmMJhmOXx3P2TVFmY
jZcIPkXuHbJUMS3sCcDkwsN6Xbt7aa3jzqUpEJwwge3BG/1PC7Xeb4JgWH9uP5Hy
/JkC7Q4gfLcqXNvBE800MyGXpZCj9iXWNYSbAHLazBYpARpj+a2/nj+D0xjPYNo4
iwBzCBpOpva2C0f0MO7Axas7XDRRRuoP0bVeo/gDS7Nm7mq+HpH4RYdLP8Idr4ff
8wHmnihggUDFmvJnWAEePrMXZb2fCjr0zFAwHG7aL7GI4bH2tbN84uOYFGCUrAf9
qRe+7v7SGZIiQIXNvQCzsHkNbhSb1hOeAeKpMG+nkU4IHI2GGjs2291D7kEkKN0F
VA4f15pSlKLlEF8T4HhoWc8S8+sGxdXm4iujbis/yrkXH13bk46A55DNk+aCvDkl
nJatM4o58mMFun1LaCMUZl/AQW3CFDRJxOU2Ae7VbgXRsb6gokkiL7hmxC0fNXwG
ff75Lo6/MywhXI8vANmoTBVNeOCO7atRVdzYZ3xvQ7tTgUgr2BCDQlw+1aDLso60
SxunTtZxDECm9V8mWeoQjzmWYLuYeCbaUfeoY0dhQfwlph8tOrunEfwrbfCMK1Gv
QX5b1eQURzZ/owrqE9/fUHHY+EjMrxk0T6+45cA+N3oOJS32KkIgv6+91GE43YKK
9eAiDYmrBaIoDMXAzpW0yyWmzPjSuKuolPsCKnVeMN1bM/1Iib1/lyjF0yegu4bS
0VIh+z/cNBg9Eetrbr2gR68d5mZzWXvB/Wfa6VM6Odl6t7Kq30wiFUJ5OtVaRPkg
NSOeAXekL2rUQdmVJFwOtO6FmoYimgc+YD7b4HZICUSbpaernIhy9+ZS3iLrci3Y
9tiMlikwHpBX8ykQ59fI/i21SK+JVtqzjFOVq6hoRLegzQ/OSHuiEr+RWYmnGXH3
TLRaPx1xp4S5P5zEsrIGmkQVudXavewItyxq4vyEzC1BS7L4rK0XcK0n940IKJj5
YwOIj2uiGGew6AFVEF2GsO29XdpbM4XbuIrXMVKBV5VR8B06ppA8NcVOK0PgvfhO
66yomGxgvUn9V0v76+x/ZZpsyonbIsdfnoHmaK5gIfUcAKVIp8I2B7gN4tH8ut1+
YumRhc/R6Y37ZbeY9ZpMh1WFDJ04LOaiccFaU8yt0Grdhmg+VLQg+mzOUIZReTJb
VCP2201EGNisGeYp4sIqlVfziAtyPgnvTN8qtUhoZOZ5ghK5xlB9nmmbhf2wjOGY
vB3dyw+dTkOBIH3tqqS90ATEddzJHHVV/oXzFAs6FtGbRFA0YpGvgYC+RUpYqvqj
lcm1OLqlEHl8tpQlrWzTEIGVUMePTRBW77CXSZGNh3yz+eC6l270KPKbhNbvZSQg
uI+NZXnGCdapQh8NIUmn4Suo/Kevo9/Z5WKg2k1gFI6rZVw2rdMuY0PVZfyuGTeE
KuLtXAmNZ8GVFBOq/uz6GoiO6s5nFh7587LHc+X4bayK63tuKnkRdKJoqzChoU7y
P7zFJGwR0Rhe70vFwlihlYI2y9kH11Y6GSzULYY2tYozH0cmAkYMnSTmeo5lq7Oh
NveHC6v1vVQZ6BUYN+6fm/jU8fuE8aTgrnREfdDNbPUF4G3hZz7Kyzu5KgWxWVjm
a7Jd10MxVjUhqVtU52/H8eikdanl1QCSTtjnt8BP2apT8lXjzT2zdZsiIeEXhylX
03ao14tBqMDvpZ2Uriq0S3d4O6zZ8DdCA/4vqyVpdA5GYxj34Wg2tMN07XHZ+5iF
4D+Dra9pXS3mqmR+U/MUF495/9xM6+eKSN0e3gyHW3LLhMtnc/sNIod0mMvIkexl
1VblCRNsO/vKpLm9TOgilk4uhk6//Nha+SoknZwZbKpV2HP/yjFm3/yopccmqRbJ
96z4Uwgqeq37EBPdrck7d395U29Wntzzh122iauJyNYXmer9OqsH+tM71mJ6NWiR
KQ23Pj5h4nxvhDRAMD2tN65RfRPD+Qjz8QJ/6h9scXL2we2QuzNSZZ/IfITHt1Tj
c0Qp3HQgFH24JSf/QnhdPz06SUZp0rzR1Ykgh97miSOzOZZt6K0oPYy/YeAC+kyL
K15Cu3F7fVrk/aYuU3TSSO10vfblioC3K74lWQZHmEd8nOF25++U7FspYVGa68Gq
lJiI/W8vhtTDUCdSwymn1NgsrVVg9ip7RCkSBjoibnup7nTOLbdi/yNTmgD+s/Fu
F9ieEEQN0/k8ARP71YAZR8YSaG2dLuYh/pRTpe3xoxLqwNyC6ck2eOWq0lK+LBOi
/T+b6HH2v64De8MGR33MNDf2DagAJ40/RlJJqXhLm6JTn0ZB4C9gygJRUumv9KIV
li9yccYXs/dU+zYXiVOwedmN7vtm6lJTkWfet+gTRz4zS0z3UA2+dtiu8LLVm9oG
5BGb8qiRF5WNXjaB+HC81bpJfuIDzAja/2QPAwFH3tG5ixKlN4/ryCwoGllkamDx
IiZPf+2itg/7CLDnomfCGn2XEe1WxS8CGR+c+sH1k3umqpDJam0FZ8y1g7gaFUO3
QhpGY2kt7EvPhOXdbwMhNADHFCu9oEC/TLxknowMsdjme/vA1h00ttDWG0dPnKQO
VYpCRCFQCVOvNqbrc/kbRRiIZxnuPmcoRcI31MqUDirZWfyxpMJsfgGCQxAMe72q
nCHGQgaRIC60JXosP0wFPSibg9HloaEAFAwheI6rMoKaLy2WL696rG/zxEQSovB5
wTsHFs1UAaB70nCVoLu+0lS7mL2s5JPv6Hk0i0+wSi5uYMOpO6TUY2tZE3ay52zR
tJHKVK0rT7yTe6VQOr6PW//y7Ygqy+glBPVUJo8YV6oV4QF2vrj+StNKV457paQ4
+ACh6FXcShgGxI6Em41W/wrBQEt2wzOUv2QKsx1T4rjtBk+hA1xfJoCYuJjiTqtT
HpdHHTPqX4WzGa+7Kelr1YITR7TGAbOlPeJd0IMP8mu3zoRc1p15Te0mrXwM7CuA
7f+c5VIPIXaPxcQmGdPgrs9t9jzpV+JUpeokAtUpVJ+jcJtTaFf1SQqd/6w6rI3o
uvYT5IxS05EUu2nTYxjQRuTlonWNXkqVHEDGi99u/FrOgh9fZ10oX0FgTN4u5R6H
58uGsmJnWUE0Voj+1iSKb86wgwDJw8QOHhnrAoDBxAhtWTuydmuEhjGaFmQdNSKr
I3xC9o2Q4dqI/Kmht/fzrZiifbxvPleMkvaMUOKPEdWOQXaDeIAauR/Bg14jyrvo
5GcTdHxa9DBvSpuhE/jpTk0029DBIKhTWPiUK2mCoRk+e1JILSi+k/q6P105sziD
TIBCjg7ba04EahFU7f8EReRzToWb2e+a2/F1DIw0r6o8SQJcrDi2MNORjEpOkAWP
HEAeTHh9WojXnEsnHChwG+pshviy+tZInONjU3Q187xSUbNseO5u+tKVTLtMEr6H
AnU8UzFHkUDnpw6fjJjRfKYe7BQrM4uxeN+V3CjzNrK2VLQvMiUw5fcuEOboEbBT
dzhUObkrGKaUGGbuyIBhR5zVRQC3QsATra0ITzrPEBxGD2yY/PkpW+GhiV+6Qp57
fHtZSB0EQHOM3mihF0XJqLnx8dXAXJobdo5jNBXSo14os4fw88WdUCpmBDPpbWgD
Fy6hynY8tjtmeaGFQC6o8tzFNMnSH/Re7uO77x45Ly1WeHBhXHARumCEVRkI1Yg0
8WE9KLZ+TEkcTok4hMcYH27XnKSWElrUNV2ViuXKyH2jDZe2lSvLO9kex+h8Fl3C
cfgeToh4pYrcxYB1Q+2Sehwy/nubL2pTbq09ZifaTyJaUyf6ilbAX82TUVSCRRn9
pqGlo6+sFZsKG/AitwV0xZ3DsuFbhVaePSArpAGJ6VLTMeHqHGy/20euCky6fsyE
DAU/W4DYjv9cN2BoATOxWkWKyI9IbGyN0Ob6E8LfPXoCswXAtuW/MdphWUHWlKED
v/WYC1ZYL8oRIzDAvNQGJxp7CI9iGaQCEcsbwzoGw7AGsb7pt0lfLJfVTNC28qSG
tCei/HdZbUvdwUDRwePFXxSh8uhZEOWFNnqaIVTYDdbxnIHfnHNNjBczT+TjKKlz
s5A5dWgxCtLZcGKGmqcOmiw/KnNsAEJ5y7fFur4fvKrXQvQYctdYiJ5yX1O2gtci
IHiHmfohFrl4TWB7iKEVj0+pfQqqnJIWYj5Sgd96UkR9FOl+Suc4lnTRqzSkOkYj
zkYZFaa7SPobvhK3N7as3niAgcb4VfTAoFXkOX7oVPPpDrHcd7UfZ/Vj2RnuO2/7
4o4aUm89U3k/9FgEapUL/rKCOoCGnazK+w4+Hcg2wzkgkSNFU/sgxEqY7cKAHjTt
TAxKYh/F1r7MizSf0uFRyksMEa3NSeDqNhDhHV0IbPandc9CWVT2eqU5uvOgsNPp
oLnDUUFC7rkQhQW1h39BaUzndXGU88LT5Lqb31Z8/8/AMMn4ZxowOTggd3Z0NSVe
ymrsuSGyuOEU0agx9ipbomjzc5Cz1oOcF2D0/0ofzdTPkGFhb1NtOjutGbg5x50B
3bIphtV6lpFP+GapZKcX6e308lJ/2AV2hJywbxN1AnLPnqmkGeHaU1nOp60JQ5TR
It8Oi/LjjNc5hrFa8zKU2aM+c0lXT0VQu9DvEkHqqkMBCH8B35NXlXn7GYDzFwBs
NnGcrNvJl3y5LbJjdrORsyggVHjl5Rda8Nx3ihLdt2lkse6UBoUkZMJGwc3ZmpGW
2wX7+5Pv9ttUmQ4bx7xcKy0su4jQaOWpjoJ1l2G5Ju0BzRx0Vfvn2WGX4aY0AJR0
uIZgeibQy5/3hW5keuHgB1Q7134DgYMSSjj0C4PBvHnpSnuTjYPqgE6+D7UrNnbX
x6PbWeP0soJxQfy3i26+flQ2yPZcNIOSzSulQdK36RTeOR7C2XcQhsivgBbsM35Q
3E29rbMMFDfUzCZmdJNivvf+kvHID5I8RtX2p51YIQVcyItTunQkR9P/avTMBqyN
28vQlzFk3RtJrpOuy8m0nOfNue4VpUV35u3FdYIa6RkqLB8ZBiLcSFoi559B9czW
C6zz4GlpoHMNJbPN+dNbNFIoTeSi0dE0vHlP++Xo3phOC3bBcRxNwEoIExYwxxBS
uWGQBDNIdRHsYOVYSSiEx9QE0bOinnitTHLthPcpcE0yMQkl+diABJe/J5IBPee8
O9sicjpgeFcIozBDz26njPOgLMl5o0xtKDsJ1tKloM2g9NpA2kjXy/4uW1iru69E
c592xssBoY3eEzoKdAOE2OHUBVnmA2v+kJc51y1BkY3YYi9LICEDPZvR0PTDl72o
cJY2hGykCCDvfrTBjTuvIB5KeKgMfJRJDMtGAfzPESCXOZcDr4pXX4im1japeGUx

A.3.8. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7585 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4600 bytes
  ⇩ (unwraps to)
  └─╴text/plain 339 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
In-Reply-To: <smime-enc-signed-injected-minimal@lhp.example>
References: <smime-enc-signed-injected-minimal@lhp.example>

MIIV3AYJKoZIhvcNAQcDoIIVzTCCFckCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABgRQRzXTRs0Jqxrl9ouqlyyOUVTZpzsEN4E
rRGV0bKlOV1O8OiF4s73Oamfc1GowC6YOss5JBen3EQq5NmMsFXjlU5sSiFGgsX6
IjkVSHC9c9QtdJtXyEoqEhf2lGJ22FcLjU0M21XxtKMlArch5aouJO1+nTj8AIqk
25JNvqG2dpiLaN61T9hSnyZe7bqDUflBo5Xm5REOc6EBvO+lFgjtIJB73QWiGBu9
C9iPJPz7du0yIReoX0wtkClqUzrBEiqO64SNQ2MuLTLrl2niNDfaQrvfDa62Y6Zz
RKPE+I461BxC2Evp18cJVdmOLPE/41b6QPu38l6L8/fSoKYoCk8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbgflLBuq/SuTA535o03fl0T7
hFJz1cRgrOgdYfajI+bAIAncrUXPCxEhAIJAV9DNOJnISnnTNW0E5ND32Dbcji83
GwhT2iC+Uzx+0auUYuuVZ/go7eHMUWrY1Vm5dqNq5JbTwVgWy8lIC5CatZVYDVFW
o26J351tuF7mAaIaLYXOnUrLgqWpgqI7zXjHrL0hADXlaJARcCY3Uv/PO1YOsb83
1zQQs7Mu82fjhmJWqZ4yQX7rBKSk5V3aoPjFcj1w2vQWUXHqczJmr0ZHYiaZQuLT
gglkNNSPNFVlfipXESE0ksP3ZoM+DzLahjfKSLiQTY1Gacasb9+oVwALBhUoCTCC
Eq4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKODP8WCdJVi34OU9/jVCwaAghKA
Ed5TZquhpH35bEbuVz9wfPotJOKJ6xieYlQEcchc8+87Log3fBKWsZo1NwcRMZzW
PhE8p73CscBYylFWDtwWTtQfsu+pizFoH1B2u+byGhyr+cEVOcI2hSM7BTFzBEbR
RlAWNZse0ZlvW9MABUHhu/7QFVwV9LYaL+UlEEAvoPfnX1QP1WPbjyIl4v+/4i4B
6jk2HBMlN2r7Kjk1+i0hdt8V7WXHRWifGO9rGmZzi4hVkFIiRkqOqXpghbsHOdTL
mWf8LfMXatmz39ueE27ZJC/1KHygfdFqQkTfSutBP05eP7lJHPn3cb7ktJ3wmEj+
0iCyGySJlwKB9EFbWPOo3ENWZ90csz4250Djzzx6HIUk5jA2ePiEw8VyoTCq77kc
n88G6ucn+7hApODGLazPByQeB4OTg4EwkVwa3fZ6CHENZfDNDjiqYtBtxLUh7KAt
elv3UmZ5PtoWGuUd/7MYNeGiZeVuALdFAzI9Z8uY1BEQE6kZQY4g1IAvvd09Xvu5
Z7LA4qbfbpw3708ps9KmKmlcrhmDs62DkZP26lKUgC98FmpmKgpKmPb/V475+OlZ
FLJkE8LVPrhBQlgJWSFmPCj5FTkWml+dAriVS+7RdkeohjOepRIw7ON+BODCpvSO
AKHry0k5ANJOZhIgYOPCByDs+AypJtqPl8M0azkThmlFLBc1m6HDVroDklpZkGib
hgANe0pnA87omyIXs3lWpkApS3Ri4HrlJXj8sM1gqJABeQEOOcej3yIlIcKgVh1J
OYPfeRlibKzDHbIpVFs5QMzKNNwil/t2+VmuV9Reye1pdtpXPFDP68ilPO/VCyMk
Uq6yKfU/3gtieCtCgYbh/5dAcYwAVwB4XvYqCO4Sxj369X90TBM5Ege/4e/jcNik
S4wJ1VNVIgs6WlQbAsQ0GwwyULguRbnmXuwXmLySLgKd3pqSeR6mM6HGGXe9rdSN
miIc53pdrWAaLRqP35oyOCjwdl8xgaaLAV2Un3AD+Lwwts2rSOpiTFbTLRHPYvN9
/44HfmulG/cxGTWfJrXq54hh+UteebsyKUx9Um4LGqs29HIx5skDVOxhzYPM3+J9
ZP/IVgnm/tqkzVvYd0s1SmHdhQyXuGt9BaWjii2JZdrQjbUv7KrtfLcGUNGl3yzR
q4hyRecPQeCO89AryPZor5CQ2H1fi1ibSDcILtCP2UDzScA9qd3lvMRZV83rFcYl
cRYGUyckJP6aJFYUPCXRiDei9/nSkLDCIjtVHESDyUtGFTv8DeTH208INYj5xjBv
cEtW1IM2DXft68jf9Z5XsnUM1QO2jhLDaUptBWmKDgzeQa3KESniqdceGLrTM1H0
lFgMPFEn9W/Ma3pdi2I21TnzIcS7ZaO+NG/2ZLKXMEVBrXVEU+R7heEo6mey9+qV
ftDsbNZJoB7mTlMf75Ut4jax9YReArT22jhHyxZ5NiUu1200emE6VMlH2t3UB5gS
9aoVqxh9xNiDMO+6Gh0xHbc3m712hWT6yIHYcPCHzC/wqBE7VE1jcq5PF3ZpfrBz
ZMVa18yGAvhW+lF/Fl5GUpsyxJ7LR3RMUappLFdx+OBrAHWI3B59ZIDYTodigu6k
e4qJyNKMwlEGusefonkkAX/53Z63QXe0RswKzW3cfydOvwfC0Hi0TQX4kqXj4MAg
N/gNFOVRpbUfLEmaWyohkVEkcgxqyYm2Qvw0oADhU/Loz9p6a1Fjz2E29DNsKtdT
uszU9+2D+9PptibTCm5BOEbgM27wSfTwjcyKpcZ1E+6SEiGVQthWIIj8cCSkp9uG
vTQrG0F1HCYzBIUixyzrCJoc1jBRv9lcRrjG+xdVOrRX2gNKz/bgU+9e3MPW/MFe
uuhCqpee6qMBPJY7JQqa6qsJRDIbmjib2gCdSLsYr8+E/KGTwu1TDDb9bKq1I1lm
3LWl+d+VrGBz3Hl10N2PDgedjwHco3igrwt3dMiciqF7l4R/aDCJXgQOb2PxOqoY
Eyg6vrAoykdSfrpFU6UDhXbnxBdlsRSQ5zfX49Rr+YHXOk/VWuQQkeWMA0m9nQ4C
BiU72A3+nP11Kh7mc0/3FXzSEuF7zzfhfU88tEVvzmTpVJkgNm70NEZ2tX6VBe9g
ycH24ytDbrYu5voZUP1CepPCdOTwq+uD1iU/UcIKxnsnxwPmnvqU/3Chl/wOd8/V
4TwbNbRlSYit7Xt/3Kg63vkQa3wOBxZ5j/KOZLLPYkSy1OJTzvE7Y1Glf8T8oeGP
li0RQbOaux8t+j9ZrHCtxfDvbTOEOXYeVuQV2rnbvQcXg+KOAv8Ef4TEfSnnnG/1
dW0Uvb+YxJjABh84LTf6X7ja8BTJIY+oyIMIptw3Iw3BKmpHe0DqZaJKatzZ2JP7
IaBmSS46Oxngqb3tIs/iX10OuvfoYFF8JP9VNwlVacn40mU0YuGJi62oWugI5yPG
zjI1lcVAsiiTYMM8OUmw/UuTDwIgIO6AOSVNMMjWcihBOQSn5HgJNP3dc9JWCIzd
xM5npoLCukhsKgzQr3MHHroiP6Jn+UsYwoNvFeVkVzb7nZM9sqmrQ75JJPiqADfX
NpSGqNdGU6q4o7aCtjegr0coM4xyfyOEKyq04w5oXhYzAQ7qGvN4j0iw+WVtIX6x
kMV1cVXLzeJ/oNxL1aIgZjt+sN8MGTf1IBftWxfuGO+WKvWwuO7D/BTsxexdfstQ
J401huuod1YSoSsHMcT1YdDaRospOz9pvkjREwwb9RZtlnCjKALdVGeLDBLG3bc8
SX/LC//AosoGt1gzAFtBa7/n3Xup3EqME+nXH1K0xjvED8jh6xchDA8U+tSghuC1
0OmY4GFlqXtshxJOf0tbCGEoXJUGFLeYPUG8d8cn6aLwQiRi3D8OMZhDRSdz3KWw
M08i6lvavxGnwBPG+XIVDvxkzEaeEZrZ9Ea19/RnW+bZwxMwvC7Ecqk4q7o/djW+
FKjWedjnGYAJIHSZCljRDosskfmgCEL4nfgMwVfqF+xS8bTxyQu5RxqwBPDk8EM9
ZN1EH4WY00hgN4N2oqllTUn8L2Ehx5JAhiTckZz+cp/nzKVpKArnjBQpCjTBUDiG
PT28zjiTkrZi1eKw1C2zwaQ8KOjMjRp1An1P6zSiuayEtf/GW8nHzG9FcJoRlMKR
TUt05KBg7wgE1RxPumyws1RL4cpIb2oWlyfSqlYNHdNCQykyuu/ubaQVg3VZyz03
CRl5V3ErDa95ZM+cbaGx2JMXR29N6wTXEGi8FCMZpS5gTucp67yZtG3Ik+PPWkih
8bYskpn0AcPCl283neE57MhsEp+BOekq9tAx4IEWDVzL7w1EotLT5gp5iZlqMeQT
A4kCWEbcX0emotgo/KgYhSfgaSDa+LJqvFNlOAqpWU0ApqrBkhDUUY97uznHWjXc
yS5rzHHDbrO448nJpFo9ioCAwFYkWaEKRCEljUlqlfdaP+jHYIz48nuecCtuVOeU
gpdgE4EhL0mGG+ylj1wC6Isrqdj41aR5m3ZwMeucBE7RkyiCVMW8/GobcG4OEqGn
grvjoMjWLjOIoJoeuZsv4ED7JjAbedGsA7WqGGzVTyyXbUVseSuYsb7eVy7I0VZF
KiPI06KglRA9AQYPtnij3qku/RMQNWWrSjSSwUlm4FceY77GGo9BctQ7DdYSoMOa
ia2CYsL/nR12wRySdKzJOBmgBPDA+cFORwReVoBwGl4z1YB7jCBCpjKaB3zRrfwa
RGXijQqS8frHtNaj6+jQqa6myg6vlUPPRnEyPz69WyE5BVJOaSftCOixCtBI+Fnx
hJDiobd6WBzdueaB7Qc6W6tS79C+F50dUbzHeZLQNRXHztZX/H4TyJ2Jz7Bhy1hh
Haa5mIhgjdV985ZHUEBXIch5x85lmAjUQPADei3chwO0idxi+nbq/exCmsAxj6JC
cIuVA764o2gftaIAEj94JXMVy7Xi3en12L8wbUezyFZGKhUxwKi1WFhvb3or70DM
yT4U/URV1HgDgeKAyOsAkTeSAZsK08cRvhxDrpLl7y5wOfxFkSbN/04KujYb6YBe
Z/aUF4VZeNeg7FEmpW6XAVSorFQ6DgMLmY2TyIIh5GswHwfcB7tqgYVYSieRM/ns
GZ9hks9nsg6NlaL5ueYYOyGs8MB50XHDS42uK18fvRI8qA5liX/CkCdUJC5Hlu4i
lt3BXM3Z25iaYaKEmosgNj4cMdreoKFckmq8nSBdeZdIJ0xWX4/ioBdOaQRTknIV
wSSQb1utN5X/AZmKnF/65svl3IgngkLQIbFCCaD2IAzS5itRuTcbK+KZbKSCLNpg
U/qYmuh0TDeHHMO126VEPQXAQnxvtV/0MobXpswmuo91PVsbFgCU2IA0JDILkI/a
xwaCsoQSzTnw9qN5BVmIodbT1BBfoDorlC/C2HrkeD/J3+jSX/35Zbb9GnuLnlwU
j/fQaGftHgt63pLqqMycYcVmiA0quvpMZYRmBGhHPyr+TcoLzkFNAsNswev6//U6
hxWkF6SAaIVWF7hTAePbDqIyeVLm4s2S5Qhjw5IAsQokxff2C9GZTLDJpBlKv7oE
r3HBtOIs6Y2CzkCH9nXfQvbv2LWEgsAgq4dLk3Z2NRCt/LZAWF3E5a1wW4YRRH7j
Ozl8aACWB6WnKnz82+1v2FciFB9L8b0gNwU01u7sE1ayC2TQGzXAhu0riMtqBiJX
bLmCos3/VelP2TodcI9HmrjSPH5HOWnP0h3M7VgXHbohm9FgOZf+0GNaSI4Hr/3X
nvFuT6JgJUS4Nrq9uE2RpZ1XDvLUVrwE77tnLaqXMbLeHm/V/TXviqaxEEgtCSba
iWgsWkhjk8JL/Oa/HBSA5mhf8Sq1ru46/sJXjRdZ1wXGEVmCoSkJmgKTn2a/8K1g
XE1NMeTFZucz8WJDAC5DFvqthrHHcAcG8YMVTE4EzwfTrYe9dxfHjILMDjP8A3Dx
c7tlM/6g1c4nQTI471xs28iOsRw3upKY1T4S5MRqidQD2yKYbBVp0zMAwsybq0ay
Bmugnz5xafztkADCg1mgQ4BzhXWz+0CMNj4txId3kMwGt7Qi20RDf7cDrv0S3krh
lDGwGSl3fr9aaLISh6m62v7hg5Jn4wl2yXEGxAPj2TXzZwVGL9hmzbghxt8pJM/u
HR2vMKohagn56K3xIfwi8QrWDBr9r8OKj2Ia88v2i/QeQe8CqOVu6yR8xAxGQFiW
mJZO3enMPl00rRF9wdj33CxaF2q2kVysid59tPfJanTHUYz+IFV6/NsRfMgye0gV
9k/ebq0x5OIIjAjhllfIFj/jyupnblUteAILhvNBfkqiDkWg9Yhqd2MZXgIGuJod
CLUq8fWt0iNV6WkSthZI4O2wMz3ek4YuIfyVrh+oxQcG6PihlwEu5wamZb2g0GDp
tqa8AD7v/mezlHR4a2xogj9lDLz3RXH1RYOQHSbvvRebgjZrntOG+gidcbQvsB2e
aS5X3SZXYQ0hbG4KACkwKWTj84Jxflp+KMfdybhVz9HneTtiLMsvlibPVj54ZuPc
YNmELTHyCxjlsX61mmtydIAoitzN+YrB+MWx06KnPbWW18AsH/gWNX0qtYIRxJjY
rZkvzOEOUgRBxdWuK9FlOcbAfq6S3fIPMJycTlSalOA6ltq5XtjfozA2ckRutqV3
1n+JM3Lo55CMe9igKfi4sEuIPmFjQQccxh85PMZKXZv+k+EU/PgD21HxWLbp1y1n
lwSllaTC9kNAplcvelROfuM5jqi1qDF6Q6w8pwem2m+vUc0aV0CBGJvvz8+Y76Bo
fho7SD9SeBOnCsSxq1cOKaeWPl10Y001wUfI061oTbSya/tbNGgaE+pXzIbhKCvv
wOTZ6t3+12dhZ0mx9Ozo1pxslASescGr4MDQePR6lecDPdgU6cJZMCzMiKrbZC1M
lFlApbM5HdkJOGOAVxHvbBP5u5SSfu5GGDcjiVp27A8kLGB1x1JkFr/ayVqyi0Zn
7QUQu85CxW0nxqFFkYxXfvWVpPvbzorPySEntj+ZmwdqB6asqBuHoW+WEVf/U4Sp
7YZ5c4Q6mP9/HZV3J+1b+BaFuuROp8lwuvYuITRpobOncr3+U4Pr77vdBbzYFm65
kR5uZgS38rm3DX54qlUhb7AeWPnwqtEIaJA3soThkk+J4/GAIDM46cQaJdPfXikq
AuZkkSOqjH0qEQR2gprYNTTakISQXK3os+aSrdScZq87W55RQ4bW+1pwZjCnlEI5
zTgzG2iWGCaPHZvoCV0cv+Ln14a+rplNBoRDHhDuN5Vxnd8R3QFz7iL6WOW8XPUW
Vfhi1ZMHR8/e0rgqlF7nEw8B8XYydKsPRpYDnrjWOUA=

A.3.9. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8170 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5034 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1082 bytes
   ├─╴text/plain 57 bytes
   └─╴text/plain 376 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
In-Reply-To:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-injected-minimal-legacy@lhp.example>

MIIXjAYJKoZIhvcNAQcDoIIXfTCCF3kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB4ecHLrDWfKl3yL1TN/yBLvobSKk41XBXYb
VJ/3GqI6j/32SELFoDOUXgckW/66RyPsEs14KTmJRFA5KWGZ8NBPDN2AM8zjZfS+
iRgYm1d57/u4DEUnbUTXOagYTa8eanBrWX4/oGHg1L5wI6pZ9zyI5YUCj0tQUaLW
9t4v3U25z38eCokhtksHNsCtXSvLAQzx2L6KrFRTCfCmgVgsXhsOBEiTCMf4ZiB4
hh0lhyu6SV+07dm1LcD0T7cLXAD4mkoeldbIpi92W6P66Y/Ay4PJAXZmvyq01+za
5eYAieaPxfVbMaGdyayOUMV68ISqH69uKJpRVwVsZGhQQZY/MdcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAkBeWGtHTul5YGzJtjM7gl/ET
UpVPGeHs/jLsqj6oeFQwrE57igqf6sMpY69yrFJnDm3aOjbZdIJg438bax+XjSG7
vQUy8m6CgeztdBAzlTbdVU75sstdXeiRVwC5fMtz+H0ZymV3SRjjsgCv+0TEJR/j
gf0IB84y+zjJ1QMgIvCxIEXj3j4qPI6mijEnwqfPZ5nBcBL6/W82N205SArWYX71
iIt/GE68DH9o6FU4lAXJSQj8iuxVFzDV2GTNJc1pTsgcEFC9bGD9NgZVUZhaSZkM
JleDMSMloQWPPd8HbXBiogIJG3dRudWSfohmxjOUZVj8Plq5q9JPt8sp6pEIKTCC
FF4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMSKvlmchoxV9HtD4C7JxlCAghQw
uVLuAYWsCKCp+Ltfh81OkGuphM6f7qhorQ3+GLdW8e5C2kjyxEAjowXSHLjFAQBP
aw7UCTiBJX9XCl6/0D9iCh8MzLDz5XMxwyJmluPAmOsyWvaGfFV8f2mqBrpfgeJB
kXZoou1UuRjv1MnKCOmwdfGTQTuvfEwawURVVM3cZVNidgP5QdHWBVHayWW4zCwB
WpdArroepsEA8HvcUJ1j4t+rSefJfA/C3h7+J4HMi+/02tS+0iEUSMVl/xsp7Ote
jzXdtdjFb53756oCnoRh66ozZlL2EoMs2v18Ccos8yHkPUCkSrBoRjq6fTl76PgM
mRiREJHwYnNZImV5vNRcvwy/S/+rKwUEfshRDYc0P5NHSkRZuMfNu3yRB6UnaDzL
3l/qOhv41DdptlI2mbvgziItgMlXdnzGkJQkS9G5V+GLi8/ISN2S7DtWpFCaJOh9
A77YNI35X5nTFioQiYZgRFjHkLEB/cpbYiANBHHtX0ZE00tW1w1QOUVJHPo8N0aI
uRx7oIeHWJf6URM08yVqKV0VSrKHxdQ/RXii8qWDlS5DUk9lVZYypqmui4Nd9Vc6
N8KjbqEmaOlcA1XKTZ41PRAXCA71pGDPVutOrhSx1CuAqk0UJoMcx3FiM+uCmbQQ
WZ3K2OtKWpbRzgGxn6AFPMYTxmQfhbfp2WFBK4epEZeK9TK0XEba4/L+V++bPzqb
SKTa0fYkRmfrXrQ+K2yKvMIBO3yPjSbEXQ5Yq4DWu5tTohOgQm+8zAdYeH//S0UU
F63qGQyKYlTIu1OjIauM9g9F2yGQdJGRtjSmbuyQ2CGOeeJpVY+Y08/5O73GvyqE
eytAb8Fa7d5gsToARMcxZzBl/NBgIJU4o6PPF7FYSz9cxYVtBdYiRAJBjuF+CghM
NWPPVxR6SqsNq9fm82EEunJZNlIzkqv0s76xySZaOizvjtvw9TkjDAkJBCP4+o6+
eTRjYtGsgn4Z5JY5lMQirVxEy/Fd3gBRwGD85mDxrHKXtKT8j0ke7DjhAUuw2YoV
uChtI1tGku9UZD3n9mbd515LXODVtbCXAJu2JYkearRMmOq+h0Pu22kGwo+9hYpm
A/hr6XWNmQlytONCbIuNKyRTAt/CIA91trDVpnXqS/hIKdxFGx3OuYfHz2pELJUD
lLcqpPhDYWsf5RoVykafGc76gUDzknIl8FdiFCD6NNJk+VjBUkPUvwCEIM6fyIPL
p07H7arnjZ0gJ6xxdyQlXwINqAMZ5DJ/dR0EgJtxJ7btzBtqZ4K4KyLlsDpLj8qY
OI1aTBH6UilHzQn5khZgC7XHuEHy1mHIbR9B5QeqqlwezWmtpmfPGVSv4UX3fRHa
h2yZ1QRqtvwalWPa97xj2fvQw7HbWtqF4scO0yLr0buvksZ+FWmc186t3zTdpnOY
Kvb1GK9VATs5UNjzpAdqqR/uPfqGyxjOZDM1BrDxVMejTL1bCCfzgpJ88A16tTIH
OvoLhY+8wUoZwaV4aaQIX2/Jq9H5EuXAJX1nffWbPdBusWlbUECf10DsIhjDw4r1
PoPvqcjIuHNrp8Rs1G+COI1d4KHKN9mMgOxDTNgF1gKkkw33wEy7DRv7/b8ej/CY
e9xLlTCQnXW+kAKs+OD179cHdHR42Jv80QEwB+Rx5m26mYsIcprqQf83Z2V4Gg1J
OYUCxd5T5G5rBdzLtRE+NipJJ0RqEKCEyc3RH39NXkg9LnP2XvA8zsByExwrruTb
6HZ5ojO7UvEXRZ2A/H9nu94C0+KPtER4mtESJFDq/k6Tn8MF+vw7k/2Dt2Us+TVI
q3do4FvUJfyZXmpX2LdDhgQE8CMb6B3hNPg+NSJX8KvCdWU8K79i+ppaSCknAaNq
4cxYavHhYdHz2U9zQKLEJt8am2/Iyf2d46q6plUzvFj+DCFoD3z/yddRNqe0M1Wt
tdgvklkymsJ6E/G+vpoDw89FeDA7oFc7mOgBsxZggi2X1WY2KUIqJqm5GwYy7j0J
CGpHfQqU7WDvv9kvADEMOq+vIR17lpn9PRUluwutdaKNwICZEw4A9G7LuSNRhNz5
Me5pO1Tt2BRK7NtKCdiMiuKFq43ezOpMpCla2VCuEANA6iZwGJlz5iBFckCN2IsH
NTNXA8oeL2sFcW+J9JVTsw4YnR/KYSgMlpoIU/l44fD+FMmC80+MwVPSe6QJkyKD
zXE9a/sP2WsAC2WEKiG71U38HDbRXzjyEVJcrTJAN/LSjIh/Ko3PFuuEvTu+2Rmk
A+pOI2vbcEUlcS9qkQHuvSefxiIosSGR8HSWGr7BJMAnQ4/GYcPfJcib8vpN0l/n
ID6LcyTTAUsPg8rYb7DeGuiwR43iW7wkReWc3HLO0p9N1UhYWQ9jy7Tf4L9NzK9B
rZgAIPPrsoHuE22crg85aFU8JR1GHQyNJQnRirCCOOqS4B8t2ArY+bkuWrYj9JsT
xbYzTYYWhA3pytxm10NRGmwD4MU+SEdVGs+yvTo0YN6BJhm/OaHHFpWywNICO3F8
NeO3+GBtaPXaxyZc1l7y6CJ1d7xGHnGkE3pQfkg4he8exYfyhdHpzxconSoOZ+XR
ft4fqgk+tB6hyVGumlhyPz6ThWFMorxnJEgzIZR7iIuk4+ooiePjgTGjrtvp+rNb
98e09SqpIxqWdiU4yCOwfkOg7hEb1SuJVoNFVLKoRMIgf4vBKIM0DBAv7wUebO61
9JnhoQY20YMxSsVypdYeycF9TLIDreu+zufX6LNkZt+kq+oP7DyRodCB/4SIcRzv
tzXxNPUjnE5kHv4dxDXieBiC2S8zbQO2vaQ8kjf4/MOGjpP7eYBA7vK59kELCq0X
b5ooYbxS2aUF/FbyTSRCIeNsCWUKMBmps0pS+MA1rpZ0zFxVRqdgmlpoMQ7AkjqB
DI9B7RDDrW6ORZXX0D36Tcm+/PbJxf4QFmq7/SAWKPsZlN7GEYOAlRhfOr+XHHBy
91jPA+XdUDgKXt+y5kUxEcFRu14yGiCCUIOU7vbWxHqvXdiBMrjulAgduWJlVqgI
CkI9QEDt2NNV/ElKxUS/PCnqCSWBpfg8u955rLijFchVD6sum7w9+X37tblXKeLC
rn88xK/Wbi4NxZwEdp9OWbpavugUAe8ynkwBgfYIWP5CVbX+gP6BshyN7Sv23TWd
kVUjudyfoXXBx6paTL64IgokxXvYMHXTPHmRkPhZhcPjOvaAS6SYr9FiE7cbtFCZ
yL1EcV03stmTO9x6mpJeWuoQs8mLllqzQFTwIKyLG/2gbOTI8Hjq3hWoVnSwDvxT
xljQQQSqAGhLFhnGqnGHDqTUI0I31e7Yj1Nn4E3z43ft22Kq1+OSJ+g3LCHrqepZ
N160YqujX1Kd6/5t8dtnKFNjUlCy9gzJ6cy74pVyfQl4edAmMa1s/vZ12VEECXeg
hi+EmuMLquKZEVv+U0cNQxPfzm5x6LzWj7ibLkiWa8vDoa1//WGIWBcZX8v7HLN0
42cNimy9xklYmdXVZ34711KHEhwRLpYfcrwNOttlwKOtfThkw0cW4bSatAmtguPd
SrpBwOpbTKI3am0yVsPCr0cgKmeMaNTZSEN5njDB84rsaLZ7aM23+s1UlJmyMQAi
/CCD9Lrl7S09s383KZNpNKmEUr4VZ9IQYipiDzN4wOI907mC6DWEVRh1II+bZeBM
cPQlrOrcfVqPqlNu8qiEyJUT/03Rb4xxAjH16EeeMcEIPs+BRujxEybRnBuPA9BO
oZ3pmIuN/NEFMBMZz7/VKoCbd0zapuV4KIMFzaEn5HmnHbP/DU9lSQKZcr/e0MHG
7dnTM/zx2VxNk1f0b+yBjvZm15pV6FyjgGeldnl42Rq0uAzkYcs1gcKDmaEy9OVZ
gNbu2k78DOtDhg58PRfBmX2luk951xf9F+PMe/K8KHSBqQQ+oD51kSUxuMPgQxA7
rMxjdy8G+mfk63cYrWKZcNrr3vQ9e9w0oLjZ2dCtKsw7jLCxjAc0TIycSvn+bmOS
kv4vg1BgsU5xTUVEK+6AIRc/bzOA7JkqMW5tsTYaQJ3szW3nYrTRjWMOIEG3ghvb
urJy/Jw0UBkozxP3zl0Neol8rrhAM6zFQXIE/nuOasAd6YF+TrFljIOIJIl4IgTV
yTAQMeRXcFLYWRggFpdp3d/7a+M5d2p4lYbo58jydWPvqSF9/1PThswzHbDFT4fo
iFZK8EDY3wWjN55vyXusuB+8vOXMBLvamfTfFb5XDjZLeXp4jjoyaDf5dI3m65+K
xegr4fk0R0wvtdx4h1AtBb2C5myMLN3tUPQN6r9aEoc+U9ZiyFZinpaW8LGuqcyE
MIP4qWglDlE+7GaQbuvQfSsxcQ+YbQI62OyIgczsp6X8zMqKzhB0MgE6k5XSlYw4
86IzcjlkdDYyDHNvQdmt+yfcqSrHsvBgkyD+ISr7zFrcW5WgCLuzi3WIlaRjgLfz
IDNUjroPB8xE+3YguefHdSoPF/Ai+lUzFXpRj9AE14JkH0WM9pPKc+JPgqlda2US
a6hLRd4+z4MF1HGbINbFWDmV2OiPDJrUzLcwaAHWu5QK+NyXlQWmYUB+iwOg7hyg
/gG9mYNUpzqtJghdu74HZxigX5jGUKQLthULGqDA2EL0vR2KCOMm9gLxeJkOrxqN
8YvCSpYUkaDvtIJcwExkfGu7LhiTXl5vvHrF0RDnhK7Q8QT9yQo7Er8Aay5ySRVi
ZFD9GhfQlix5cDox/YBNMyfSQm2T+O8WJdvVFWHF9mBX7ceUEg77EP65fjV+boY+
ir4XmTJlZ01QUX/RuepGrm0969L1kpgwhpXIecyu2u3RKL4JTv6jLGpK69GMqNrB
Ol6zRufAgsUbFAzpvS7KeffSMQVeib6TthMSqiw5eTlUFj6stHMJzgnzu2tQphDb
TUkogk/41XGI2q8oMczv/4AL78eRQVTPTCU9MQGe9jdNlqrnbh6mSIXAxA+MUdpf
KzavSvbQWqnEEGQzsabx6nLQ5uPV+e5kDPs8IeEV83mi4Fg9v7YFrAtMf8nA30Vt
eCHnZdgiQbaZQ6lt+hdiaJQ/+Edu9HM2v8aj1o0beiw8Zy++bGo3G32xazJVkFte
704GrOVWo5W0N0YGbzacvkI9ktZpwudcS7u5qp6HvATahMJpI0Pzujww+Y9j06JJ
xudfTJ6BgJlak458LUz37PrzSPuT0l8VGA7WUWeTTXjpNQ6WEiEcVyVmyHKbeB2+
5hIZKHnueZzqbtQjoBldChMeLRpYgA6RyrUxDJjRXrkPKdn0h5hgwyrYqdeQO9Wa
5pfE2mZ4BJbOFLPZv8SMTKEnbR6a9bP6Fxhir80T30HiPW6Gc6Yk+yUx0aPfiRcJ
3qFKBOVuwrjEP1QZqVopm0XnjGr6pSii0+qk3f35bykpl15n/wRH3lVpPW1jFAlo
xKK9/9atIIy6+UejHD+tIgbVZD+FXcJKhtdf0by7WCOMnM7qaRrLqloEZlRVN8pD
283HqyRu+F05U+0bVL171kjRkPlb5FrtpqiRV3KswxP661pvIpVOGSh75izSb9fo
YsdVCcSa/8jFS2VxugUa22efyOhAlCNQr+kwHTXztV3V5yMALNpnnUOd/t5IG6oI
5PUAWfhPFco9b1em9v/XfaHwKt4+/buRfjIXiJOf9v54FoO6FESNXcyAPS9Fmd1S
lHSqrGKlD/lz5X7IbEq4tnZoBpkTMtbPnQrWUU+6HiHggjrh6goeLwKKp5IgtonX
YmmGzyiLY34japtze8CfCyUZGtzkJqQIaYg2V7XF7aM068h1OVupmCYlkr3frM7Q
HWssHhhcyVZ1q5pM2+5lEi6AZTblEVI/gwO6/0Efn47vwAwABCGKOR//MX877q7m
Zcn1X1fxpT2V8hcEcgCOOmFWebIBdagvTDYu1QNBmGmKUTe9r1OTWhG2OEC8GgB7
WMrNGS1i6wYDU712ZnjvLfUT45wsDgPBkGToecIEcT6PN/kjj33IYQDQGxxrXAuf
oZeYnioFc/7aRwh3tYjJNnNz7GpI/gVNwHJRwhufkVvJjlxqkE+sCGjgHaPo7n43
0ZzaA0OADyFmrLQeFDzeFElDUn/35LjU87CZSZxOisurHvzV4hpfQJtCuJh1FPBt
hC6ITgbq2hZSjPtyZEd0gYTyMhw+mdDyk/a+fbgquB5UcZDg7Kj8Kh738m+WLxYn
wNiMwMbeaLMw6tnDt2D6GI6+qCjlBGydFm28El30EfimhifK0qj0utVgbNvhzgJe
XEJyXivslEzetRVvSRAy66COopqyDb/R/cKXJ2r7zgDmr1+Fq3OXB8ypw00km7gw
0Tih89GOnyTMvTOVOFF9xaL3WL9lSEi1LjJ4S9XgNxiv6nCe4r2NW38Ql8RbF2jr
XtOjGt4nY2KSaCtN/FMElqUilj3VtTmRRBzrjB8T9NpnfHSLbIgW9xevNHUeCZwB
fgkpW+CjkywygPuogLtdq6tuqb5gE0GT9KBDRMTIlQYgdICvBnwDxVnAQreJ3HPH
VhpRkJ5Yav/37Yq9YF8RSM7XqPuZm+YgZElNMMTHBVKfE5cW50fFWaZLzZHjjS1L
75nd9FFceSjzhLMVC8sC7oWZqGdQBpcNg/BYBAn2Stf81ipSpz9WBoqQzNcO25Wb
qyGxUQfDvto9TVrJe+/7bCFqZbwx6RKZDUAnfgC4hs//PKm8Ts3+suSkwzfEpxN7
0cESXR3yioZNbkubxRXWzemAJzGn1G+Dk7MjoYQ3h6Pgjv7FJ2MDnmTDoJlL0jLI
zYNMz6izuerW2r5m3PXfkhffU7mlwn7Bo/6mbR6ztrsTOm6CbjdlkjjdSq4cMmX3
ZeUnehbRY/W4cGu9zMxJtNVGRTFAGV4zXGqjL8mTEHzA87OHf2BSJjOCM/V545U+
Td8ulTmmLG6hyNn3E+cL5Tinka/j92yxTzzUA2TU1uE=

A.3.10. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7605 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4616 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 810 bytes
   └─╴text/plain 325 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500

MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIEzSE7YJfWjy0TMQGEfYcrcBw2uruGZw+/k
QaHXEcEFdwDSaKvAzEFoNN0xMpZ090ybC5MHqteYMRpaax43TsCnes6XevL7o7FV
gSMI6CCnmVlY2Dvj+oGPHkl/ZkFRPz+Hsrnvl65Fs19thjbtQ7LX9uKE8TBODLRF
nCnuyDdHx7iDJGI6xepIvD4M3zaUwpNa3fFi8XOC7UH7br6+UGCRQCZl9nrAU1W/
VvfRt+6XSWXl71IU/0syMw4ghwS2tsLgZhIrDkFNlEokgVR8bDejaV9px7jH+d3m
FJ0t4hBjsZAfnggaecXwoKUaPqlj6Xl0e9cLtqwr+26h1TmA8X0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACUHcgXEC4pKuedLh3CB0QLAW
HULF5htBXebTlJVES1voU9Smp5OkueBMptF18R2ojjM36C5d3xtdsBddVweJqNyA
Hgp92O7qVoPyVXvp7BByoNRgZcrMx1pRoTREEjCX585MOXEBFUxRVRPohViZaOAM
dgdWFB02fcOwGh+RtwBfE5Ege2zujhTpF/ie7XIbNOlWsZrTDGdQ63VaqvX3AS0m
TPJyeqUkstDWSzOIrOlp1W/YjMcYNjDkygeNgppdV4SEUFYTNxz6rqql4E+a8LxX
IogOTMh2ruDPamtoAEMfsMvz9XUjSN4TRWXORLkzQeaI0jcPVjr6AHLJFG6etzCC
Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDyefElL8mhLfkZjajQLY7KAghKQ
4f1OU+eyhjobu3iIzeCooqq/a6JmdoGQbY6s656cODYMhlimkXQkRV1QEZiLkAOi
aKPZy3zmuu00h5lnpduDqzFq16Clw8CY/99ep7I6vANjzmvh4pV0onCsR9GuYexq
65nR8oy9dXdCFP6vkGBFXcrTqnbPQrZF9DSxpXiicROjS5ybp8clDbMJKB0x9LQE
vHcxB5jaNGAsb+IVHZr3LjvO5V5T0/YsXn6aJXQAVU3bOO7iUjxgvGxQGSsShre7
F5qW99KiI2cc0c/wPtv4PyvgcVuLs/CFtvc9CfgbIAr/Vm4AupZUbaizLnpxSK3S
PKY0l/8j0x8Eavv7LsO7R9WzZwS8zK5Zrx3aDRclXUMCXyQkel4nZvCOintGDoKo
QuSs4Fy3M826VYkKfc7uaVo7j5lzoSeNUeD0q5hpmrTnJ/ce8C9T0FES75jc6P3r
Q6yAakdLcsTL4XPc9Hi9stkX0pPrGYrK1HYaDBDBKZ92VdiEVGlX/41hltwX0f79
M/R1sbT4a2j9PsWKRI7Pva3L0nNGV0iajjBslyppdXLKNFBH02Vy4zoujcjj34Mr
SsrmW5EkoxUZGzlX9NAYV8N5/f8faUCYnSbfHg/QIK9WBKggCTm7e8Gq2iGgzVmx
Jpj85EkYXLDkS7tN4KhgJRp3ZYRFdRUutoq4SVNzNc3AhYDMVyBWcpDAIY/Y8ync
ZsHpEFB1Ypau4/vtj14MCjlIfOtRDf3oH7Z0Gp6ecWGFwkZ+P8muIY95FEfOofeH
gTzUi2M3NwbGVOSPpTMxZE5wesAvXaWVS2pN2KPmQLBXPVij7vqavbVd1e31d8JJ
cRJwxdVYO3Tfe42TQRdKjYIxQmPrjRdx9d6TyyoZE00mGed11v6Z7lxWcvGZDl8k
rMM30LF4IgQjCVr7EiAYIybviRYLNNKptCqLK/TvANtevYEhb9yTynwevu1nFW5e
Uw3rihR3MJgCV7+zSvsjKHubdSpuu5adyMKfYpRyDQM94pKVEvEVxR8Ja51xyVB4
p8T3Y22rNWjlsBf0B7UAVqb/oDuN5oW2M8K53GVXEPUg+80dlR8r82Wq7ahSyae+
/jAZcaopN062hQvXXsIFj9vy/B2rdDu3hreUtFIjgLrCmKqmeXIvh7lcBL1hQ9Zm
EI+F7fIJJSynDna7PLsU0tANrE6lmn9XkdL9EVCVZK5LMFp8LtuGo8EMZ/MxZ2LQ
99duo1um5gSBdZJYhrxb2rpmsVRrtLjzKCmywxOEBlyj3hYBNjFcdYhRd9RsMRgg
QjoZME5ovHDRyBABUiwOtyGIFD9rt8xNqjzHWEizeAzfj+WbDfWDz9qrysvx4Myg
scicK+yCWBwRvL2LbNb+uHhX879Ejj4zzkSlqDIuOTvGduojH+Ti6aZjEdnpfKGM
xHRFRHBI4hmwuiwzqO6h6CpuX/2aew8wByIAaomyyGeTscBaJk0JumMxhSmeyImn
T9DTF4dUXR9cGEs2qYquQcSSc2KNZpaRpVDNcTETNPLNh+vFUPJcv485g3e8EJIy
VS99+e2lECdjkc+iHVMBTXdwSMEgrlYdIlfrPCy2nwsajp9+4lhL2aPk3yEqSs6x
QHPO9cEKNuL7BG1Cpq9wkr0O7CVayEWY9W0k912ARy637pYpgeQ/w3eNhlGjSuRK
pXZr7WWgT8MEuF0PJPOVWy2V49JmKjP4po+9/V+ewHievS/Z74/xozJnNhNqyYDp
56mGQ3FH5Q628WcPdk2V9h897AOsHVyFrjFHlObWeUuQqQVctYqT6QtW/rITmQwE
85DzWoYELv6ng+IjSswQEeKFm7UIbz6UBPe5IVYJaA6nAXV9Ir0ErT0A8QLN/Inw
Buz4RnznGuXNgm7mONvWZrYnbwNKGsbO/LSmsKDmlCqDd/CRZLP2/r0mgNld6Iqy
wuFfFo9Ml8WXUY3veMD4J9+i1sm08jMQfIqKgBOOczsBt0sPn2yE9mgcsDgudO95
jFz4g2E8RUSRJgj/av9nM1lSCYjnizkBezVvM/S/qJmGHOl8RbYSZlZBIJq+xkAv
xGKG0oNKVzHe8VtMUwBbi5kOOx5oTrvJ/A3s36MrE0JlcBKV/jMMt2FyDE++PvFE
0X0zf1YsK5281jNBMBIA8GRbLb8+G/6q5RMf/epfy7c4oJRpDblPVhSMWXmgUNxc
mLmCftewVJZvvtUu0WWcVWZ4s2GZOjtBFlqXcm8nBdY39drprA0pcrkL26XKWM7y
F+6CqwCgsMabwViBtsY/BMVeO26UCfXJfytMGyCeuano9d3p12VHCLM49TQcWIpZ
6yRLmKEYoXxvtThZE7WndatiUmS646xpsLmtoHpAhN9V/AJVUB5DPHDkFr75fWp+
GYsKyEDDIq/4U6gYlFkzWuNF3if8PWwT8PbkiA+2XWrUs9N0Tw+ugD8LkeobRw5M
gHcphVR6Zia3WvpXBe7u/rGgNqzRWHSDtT2UWKsJx32iPuQEVb7/KQNT6blBhFrK
LUa6Xp1ZUtvdiJ09fNx9plaKquHQqjV00YTga++ZCrdLnEL0IxRMUbzf6tkF0fF+
gNnP7uaCt/1mXRyilDgb68oLxN8R/fCRTSVZibLhimWPRFXm0Qf8nznYR2+nOARW
K4SfFLhhB7QqsLHuQ6WB8k4vwewhAuNM6EDR9wSyp5wJ4/NRtwm8b+Vf9aYXweQ7
8n+mGBpKQBwStOllzU+pDdorM+jmLeky2hPVkR59IvEiZmnDQXdzEWZAVEC9jbsa
llb8FnL61OedbblBkjfeaXn+hD3iRbz44vyHa/l/4fi717XNCyWMEL4Op/hezWdt
pGtexT+AoYw2uA9+qNkz7OxtqcSzcVkm3jWTJPJLrYslUUhI5HF8yH7NtbaySqPm
ybxysODBGFXz7qf/o/rg2SNHfSIcfr/itP0ZpnuHiCtFwIBYFLoY2ceMYeKfvrKX
9Ble9lgex4BtKL/uPFQopYWNPKAchseKIJzptZpPW2T37kt1UYzEhzieQpC6IDCn
qSZeq/Nd56iF/kw78PQMDCGLdulJDh/nu18LD62GhCWpZMEGdxDJvP+VdycMEIkb
BHXKLKm5NNAygyw2Wj6kiAPR3+/ZJBMuRzBFSxI87Zt/iXoHM9PYvyDcgjC8wwEK
z4jRNokSW2eSmgRp8ty0ZSWcgnnegymkRsYSYkIc7894qFP44PmypNB981mLje3c
FsuvRcVny3r/KJ4XI14OqbkYWwD8rkHbXohiYQx8N5VUqlfQCMyPpaqYf247fW1p
YJwOKXeOsJeiv5/uUiC6GzgunABnBhZS5uFVKoCtVITzzOKpqAEFFMr6fG1nOMzv
Y9XwwT9fnM3XWB6RsXeHvSMKjQQXzOMxc23mtV0wse1Mg01UJVcLURy1jWoY815F
DDNeBt5irzunTvX3eRCGz9oaJ6Dzl6er72YqmHFyKEGFyFjCpOxMI3LlwZhUCRM0
MrsbtGKchcht9fmh2QouxtQh8T9r0vLlVrHyJhWwargNxQG+25ZPyb7pmBR9Fs+B
5PFhN2O3nOr9LbPdrDXxvsGexOwAwf5kp0LdM/8g+cn5qqSNGcj2jDagZ5j2IPbJ
9S7HmRxx/D0v5RFnwrc+WVPR+z83bYwlN6Ug9KB1S1lwE9E5DEUb4MWbnh3RCi8k
Uhh0ErIcBWByUooqZz1in408/ebhlpC2zYCOHqUP1AgVsycmvbZf68bHDZxJWPGz
w4EJYYCAF9DGbvaF+pA3TWnt7jmf8qLliwGCgC7U2XjsL6aTClql8QseE2OvvBLE
11g4ZbXJXHs/rV9ZuKzzIE7MTQmZTY4923ROG/Bt9Bc/1AJ/a3e/mdYoZ+79TnQr
/sLP2FiqVHAOtLY8SQXnVP/Tes/Jc6EAxemoCR7fT+959WcC+vaow6MTngjk6JBb
YQUU5wNNFl/834tnvSLBI4IohjKbp/ZBqsctq6bg3pGb5MjfJgOxybX3G37CdccZ
yxd3N0+3lXBWuEuUEzusUu1pqxK/TpVTcptV8IJJweiQjwYCESMsp0vHO44a5ruy
WDiMaDOdgSiKgTl+4LiQsTTqVG1Hd3WB/16hUvIUeCmwbsDLZ7JZWy6b0PyQSqdi
AH2GwmcRRU0Kiebx942EDTkSTDudSCd8fcE9B3zg7VkgNkTRyHALUW/4kEm2LayA
Igg5Rkfe/t3w0wiDfiPkx6KZH//S5FpHgbFbPiXGLcKIozH0ocs5kT6L7vKc433K
es5nwUksTlIiBdSP8fJjknUww179CqF5H3N00HUo3vN9Ghso3bvBvI0WOd84iuLk
7OX098rJyQR8HBBiUFG6ze6ZY8hd4EY87dFY2/01p24iuQkLpXgxIRPmm2Z49Wvo
2MlXLGIao+4D+sY3+E5RtOfjJ9oEUFZX1HJ5zjGB9poPJV2O/RSiRXpU4weIW2+t
T4gvboMSMPZh4tccAsIMZxostc1LjBl3lrLzR62crJOdOc3vKHhDrd9RdR2QM9yp
ufaOAwJm+Ubb5+liqVPo5bwyXOxJZ5Q5cyBQRhwwFUL0y+tWwPmyGR1ysoW+soFm
w0NNGgn4qZFm3O0i7wkFJK1gZzo8t5d2XXx1yp063X6BYVLT+SGuTSNrfpk8MuWo
0Q+6lyZ6UjZ5XLuGvyKFOyraKr3ETdfMCA/bDmx2FI/rFDhziwWgtYJpSaoEptP+
I/+rZxfQEd1kzJ+SgvggUbpRXR6/UCHBcvjSnJNMyBRnjTU5j9FBfitay2L5ZOL8
79hudV2c/NO+qTc1yMir5zQyYLfN5oIHUIOJRRTs1/kSu5Uk3i+ByDvAXG9nJ+I4
t/zZ9FSvk4RatM+nHLbqQvA31qfv8yoz9quVhEAMZRMticGWmwvPkchjZQdtzwTo
vCKBC7M12xITparw+kZuD5tD2d62xn8vTAgLhaFebflI5N5dF58XgwOkqMEoYq+l
mYNorq/q659Ac97jyJ35UEGsS8tbkWCAHcj27WwkCcFnXMyfkRrDXasOyQWqZ8iQ
mmZeVjJKrHNHAV5Xj8l+CI2BJlLwYyS/IwbK45UuIi1xcMAAx21J/HMk80Y8laDR
qbqq5IPR2ndsYs2JYchBB06t4VXmcJSzK9Y9CFzK8OOOawFE3DpTjcl4ZCxodKSM
MuTGLS2+ZYqM4buYp92HbeXBz+tjCaFp16wFiPm3yRpm969smGt8Hhc0wkSvJIOl
LmFkXib4QXDx5ulHVDRH93B2tnq9kCG0Zs/AHaUkN5/TeFx2BIvMEJyQTNHfl2Sn
kF0+ao3jREVMhAadVzFq5Yvr907MFID/t29EEyWkk7NU1zmOjTzOt02akO40Pnog
Qibu6gHHGFY6Aje3zHdIBEXnIETJd1vda//GG5u1fdb7bgJzoY/sdORb/U6ZY2zA
hlqJnifV7+0aT1aVDXD/F/FSd+B8sK96e1MC0oB7YJ517ZxdZ09WJ/fNJaXBU1PS
2065hVjG4S4XfYonkvE4Ig3OUntnwg6y4fx3ZUgUFo3XJtGhgyBIw6ZNrHrhyJHZ
w89PxnGJpGTA6tDbJMUNSir6yvR9/uhgADhfVJszdhSFKKre4BdDwn7gEtd3X2dx
TbkFAs3TzfummzNHO0Cl1v86RR8xx3jRGRqJLd5RtwoaNUoTMIR6oFNx+1KOG/lp
ADjBJU3otm8hC7Vp5HdTtRk0mH36inha9dPTjFalx1OIUmj3V5icC2ZlLApdAuzD
uAiYMqntZJGHawGLKOc9UspeMgmUiblo25gDMYsuG0stOfQZjQi9EQLQ2xyyj4Ha
RIrSLm+guqcYPQJgRhAOEx1owEGqJqYoR4rmps7w/kAW7TrTrdXeXHLBbvavGtwo
rt0mrTfHPhPmsYbQz/4T7Lsm2k60TjGbSm8tGgBRydJI5ly45U/FpNXVgykgXBMF
P+hJLVMvKgHehLCoxn5sBE5Zzf8/PrgZ6c1iG/iBXgnbMW0+yKUQ8sVLvp92YpY7
hKplcj7RKJL3HBxzUeuUhFGfaiq7MgpKm18vgnFXJoc/NL5N4eKLzn3TD0q/Xhid
5lpZgm3+6c/mDgS4RUIqtHaALsVQhoMGdrK2Tr1bi2VoKIhEOng9UF2WxQJiDNhr
VM99rYy6aX8H9bj70xYG+KtlO1fEjp0+S1OEfxeLCEi/DShQjPrEwumCW2dKz0Q1
7G2u+qo6Zcml9eJp5ZX4GPHrlImX4+ngp27/cNDQML/pHZrTbT+h2HZiDObED3if
Lj/pAB43Snah9bg7XoUWOE5lNQoOq6uSG+bUFsuuprFeekcs850DtaryNWzpi+4/
5bScqoMawu64YqNq/1pSCXImEEab9nXtn6q4aPjhKHEAhWD73YR0nP3kV6XUn1yF

A.3.11. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 7565 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 4592 bytes
  ⇩ (unwraps to)
  └─╴text/plain 337 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500

MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAD2qfM1qd/wlIn5/weLGjTIvhLXq8DBtZlBx
74LEO41mLd1hgnRYsPIWC2PtjkC/seobOuZC+CV58bybhtZc98t+SPFhw/rCzvKD
r+TYWJWJ5klGojWrmZJXuXFUA6GW1KvNQYQV2xkntNjeOe0dUY/UwXDXnV2hwOSz
K0MpYY9/M847oDrGiWv4xDqLd7WrN+ztQiy+4b29oA4Hy40Ll/z9o3yNMYEeZ+ZU
oICNWAvSHhIHuHztoEhhGI01wF7KFpygyjP34o5oC0MRFwyUPmqJEuj+/o265hfj
zKAzd20Dh0lY5f4cKRak/Nq7j0YAVUMftIn6Z1AI3NBdqAuncSAwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmcFRU9fU/PySxv4kLIQ1zBV4
nTTHsBv+t6RGYcEOmqToQCdNyyQie+HqTJh6M2/Cc1sbRuOVsrfhJc0RQqKG2VOa
huevYf4E/x7+3Apl7zzg6rOUfi0rSCv8y5PYLaHe3AbZvJr/ilj5YKIj8+D6JnZe
WxSSPZTDbmnN+oTtePW9v+hfq6OWomQ/VnUJTSQNUnkxTnhBK5MiOnwmIYBpOD5Z
29/dLzfgciF1gFtTdEjszQ05IkVB20IvP2hvyaciljfKmFXS3302jAuxLSPiAQIK
UYw8JQCLz+TEGT7jr2XKXTQQo2yv3dRTB9Y4P0/MglX8fbzqWLyOY94hK8fWMzCC
Ep4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBaBWCdD05Wk7rGu0j8AGnmAghJw
LWbI6Q5pWF3Q3tMokfjJ+6dzF8HNZm7De0S6Hu3eU/9w7ooJDnRsWbdr6B5QI3b5
fsXYC3Vfjp4iYgwikm2xX4AXzt07T4YUl2V3yKNU5UKPhRLrbH6zb91+ghmZ3Nor
yEWWu2QuHVTg4xsCaEG/+LX71k2wJTI6Lk4QDH15OyIN6KaivSZkqjNll6OgQTp4
/0YdExevb/K2WX7w34kdq1KFg0Vju2hGrnPMhgpvfuzkQirtFtZ6FmeUXWm13lX9
Guf6GeL6F4r6aZqH5gz1JUVh++3OC6bzPG0MdkSVo5hELTYRvfclnSLbyYcoE38a
v9aMDlRv8v45Nd3eCxClG93Vh/EP8NOS02geATE0/mNk5f3jsZ9iFZOdRMZ+jVuB
l00t/jCj9PiJaxLZ4+Vf9qB2CJ15PtbEp8CfhNi1mGU3Z8LJbPApUpRW/rzmTf0P
JbGJzL0mU39zRnEoIRDAFAaqTj5pVgqWiYVJhKkfs7fHXd6hHM7MXqpQXtc4KrPC
UJWjii4DhyEEeTscOx10QPrGqST5nNFbc6Hb8qFKc0/bIE//QGz9rGerH+cFxeKa
sOkevWj7Gb6EhMu2aGJMmnqoh0pNj2bp/5vZ6paFmhn37B89nJJhLXqQeDcgglmA
f7DzuAAN5CSw6KmiJocmaYe6RHZjCEZmILXHSRJoDoTEIIrQiV4NNGxah7Nw3gaw
wwASkf+dhn6mKg+6y1mVIIPdgW/CjjLSUTvox7WeKdmlX4yjmJSASoCJM3NWGW3z
BVDdY3nxkSQ6QcpaK1N57MpOmkP2EjbN3ch8vQuj+croYOmR72zD2mGNQ5iMzcl+
US5jIew4R49N1TavwubkQKXtxl6WnUgVGLeFm2d+J7zGWT6tw88k740Oce8UwVpu
NBZduEjPtYnsyXIRxL5tYEPqUrSbrTbsK10WesjpTD9+i+fBqvf2Y832yXQeu97r
9JSQi1Q6Xtyvsmy2lM5ahdzwS8cz2WSxMmJgVyGKlFX7REPjktHf6dkDM+GZs+6w
SBhDu4Lyf4yrtiwuNsoF1qn2rdhnGQAkjishzsOOIcoctx8ionRi2p+nLn963tfZ
kYGcbbRaDs27nMBTFCncLpXFqq8Phfmb6fI8Amv4JzptPtqnwU/ygonOdkKoMrqf
DUXXAJ7r/5otGqc/ABjuCOPe7TeAi4JZm0nnEnJM1SvvuJuPk2cJ18ippjYIF1lf
zkOU3aaxJtQKofPszkX6eBEuKWlTo9rlh6M7NqmZ3j9Q82SA8K2W43q0ImgYnded
h+5i3siTYTHrXwSdN07hKtPI7c2ZE9J4ASDtTmWNmrb2i4u9bxF3+IG1ze8lVZU2
Woj4mqsBYOEO27tKn5IWVGKrCgJ1maKOCEumEi+iICajyyYOXzl5mXu6Z6+84uDn
RxMCOxu/mualrIjt35zaUVuvkhMMJnkRijEcdbHk+ICM9x0DLnRQruuY9Kxwjgui
c8YACZcQf0SSMyQZTbMfJjVXvplXUA0TqF5dCX4TorUEiWy7pclCmBvvAkOADjug
htFRym605C5HtjmVQonQWL5c5e5z4+cDOISgdkaEvVCqg0pu+MSvMLhjiqoQx7dZ
Mov5sdbk344oo/G0mokjLT3u52mhM00SighMtW+ABfzwBE16DP1I9sC9Ge999HsU
EU7hw6vEOIzM5O8hsKTAceB6wpXX0ch1um/emFkjglVnxgHGxYegMezigQwkgaNV
UwuqPnnrFIce4xu7QZ7pcAcpcWVLUZhEtCK1vh8QPUBcdA7CSrcGWdXuzEZ5V0Xt
LpF2augMYQ+a9XFQjm2Lx0UZErfesN3plZ+1ci/ltQgVNuZCPABIFNEdZpEKtOfR
czO5y++dgqlPVOAdAP3bhY4cFSFfyoeOTtJo4Ev1kph7Cgp9s1zR2QEUrwah1zMa
4zyeqnwomcZtbJfFysNTlIOT8FeRrynOImEZaj5HoCRvicEBUB2Y0X6uFcFlyydv
1pEEIBfoI2opc5Zczm4x7sr+MUAaGbvVBRoXTn8L0r46JILp7hVYlXt+DeoR3BEt
sKKSE+q3uuGbWCmhAxeoYZEZwt9VGFv5DPJyhugkn62dA6P6AXPHYf+NbIQIh0oM
HFRx+3xZwluTmCq4+MFlLFekGuYenQnBEySm7ps3aLRBxjdKTuG59Z7nu1KIeLjg
nyVhQfyDgyheDLdf4EWpb+moqjmfKnW1k83KSMLR7v8EQyWYBO1jSCCoOTeEFez1
Z0E2ALHfEWKMFt8fGHd7VQoJlwoIoixNj5jYlm8xGBDvNbFDBCa/4e2CaAIj/AZp
lhRBXc6JJibLqOihgoxc5fMNTE2klv3qWa47QmbYnkQ1VV5C/u3mwBBlnFHSVHu5
s1MduNiVpN6Z6/Cex5nloPZK/7TqixnA6/058Ckrqf6nLZUGIT5gFo9RRYyGqbNU
ptIeBZqRpOxLoFanC2KSOFnJFhDAd4XVzaoXTEvyCjj9miTbccY9xh08ldAlWcZh
0RItsVcqKhkVD25FH9kViSKjct1V2b1fqBAEcuqwytnB4gp2aUNCRmvu6RDPBpy/
yNAM6d9dgDCyW55KNpv2aUoJmSxEGLuZhSMJjbiZ/B43ipxJHwpMmP1Vj8y6UX6r
bzpaSRXhPv6RCdohH0Z6dY8rpO2PEufTa+4YNYcv5ehCY0AVcVSGGy4PgSiS+M9t
HezSWjMkqB/Oa3a7rEKo0Em/n9Y2L+h3npXY5BPACo590diiPdbOajojdP8s9DbH
kGepW9TxYpBKKSODBZJF7Gv/yUf1xJ23g+eZjnRgOBaNTRImSe484pSgmSCbOg8N
dW4Odnk4zyoZg61obVAQShRtmBU2slIx6Yl9zrVJUIxo77d1dkybPob6mtgAauxZ
RDKT9uaaC03fm4GEJ9HEWfKwK2m4lt8EiHLrjz5Qar/XUW7JajxsJG9+d6pMZtak
TKevdDYv+3Sr7+TSDUEYtYgPbxBdPtT8yXZa0vruA5BA9yazmxIfbK3HhKe9XFVW
CEpR1kHad3g8t+xQFEvdKJEEfwrWd31KuqXCmPJqPEyT8uZ51NLG4xqb2oTM14v1
DcoREgm8ZFVpsvuwylItnwH6jluWV9yzetCoL4AbH/M8os92mzgl9OCygBl4PV1T
t1UGyDidOpv1Pa4tWvvzJQioGf49mPeatlpFv14W+Iqqw1cKsDVbmq1MusOXgafm
qZ9nNYAnxLU07FfeN09ljVyAEYMTW0BglxWU2Vo65GoZURH8mu5OHau5gD8FPOqJ
yl3kUiZ8PKoQp+TCYfWs4IyEDXCo4+wKJ0TPVOhH8mBeAZBQsfmYEXtZhBGSlWxB
OMu9DJMuEXMSlUWFH0NEajhn1bdU1KD3KUvLXx6lH35NoL6c8ER8AwHTB51wPWsp
hMiG6T1bhXc8mSrz5Z9ftBXe+5NIN+eChmxUZpYTbv6wvUQJ5aq8iO2CTjBa5948
RhXCrENgzF2sa2tRVQjWOeMzU5G5NGo+v16bIZIzXv9GsWJdhQfiwJ8PEjdNGEnF
gFb/zSPJbno41vgKhA5vp4r3T9IGR8wqID6Q4Tf6MnP6MkEPwwzqH6lp1tEhNElV
2W7lpbkL1n63ciSw+2frJ86QiDDeKMU5OFpWR+pt/6dGuHTSCOG6lKIlJRzDLRpg
Wg4hOEJOFID+9RU6DBZiNpW1FIt5VZ2ZHYjrqSYEy8z+tenmX/yg42YFxI+1UL63
PAeyXDuNQ+D2OSrs5WqPz+ac9SGqA1NicNMDnLrm+82OG/4z/1xcTUlTI1ewQRCD
VvXiTNxll1PvW+/wdD5YGcRz/yjBSTqV+Xb1ALKPTk/qrLpHFerTxWw1BITpNEA2
kKM3lYBpYZQK+ubTQexACbQeeE7129OG5r9rUEtcTEeh1vzg1hiYrWoGzFOPXUET
G+ru146zMsDoJSALJuJjgZrEQX/BMumYdFHwPVxAXy7d0lzchXUTUlbzTOMteAUs
Hn6hpaELCpuWYhKPQ30aN/Q2zWpat7jz1w6rm+NPTHbnw1loE0zJclaw9huFUCQZ
If/DRPbKz9JTOdfZiz1ZqCxDXilpfYXHgFMWa6OMpcMYQ/yDOggqD7/z2fvwUdOU
NlDv2HxpoZKuBV6bF664gJ3qdHmHEteecKXjKbuzUbTrQLE/dsZIsgvZyW/sMiZy
ErLCFA+pcGIeO6za9DFYVQheIpv6/y+gJgc/H8NPJXZVREbfbRqnhqkMGmnw65FB
lDRstzU1AYvq65aeLXkDaT/9wydtN57ebZWD7zbum6OrgEjdBtJWd3NuiUQf/pqY
dbKBfBifI8r8oUWomyJV3l7HOxXLZO7bwXt6sykngeZhnW6gULF0J2VqRShN62iL
ycHtr7ug33fo+EGHE/FTia3Wg9SUJXgssrcxB++igW1Ou96AHA/Ub4IQZM9plIpE
BH4a07A0ia2DxYbpWCpeWZWuKmBa5jEF8VIyVy3baic8L2cWmMPjPZ9+DyQpsemj
RTutRPZUUI5pNUPiGvAby+c/s4zLFtKFFzk0/mE5MhFhwws69llz1BOA/L3QRNX9
py9AlucjDPOjFrJ4zmvDzdogkwkXGVSF4ELZgh6Jpe4ZKNqkI0Xrv79GOngnHm2Y
a1srIFshEQj8TxXc3GT4W7HrzrbCjT8NLGE2YVq8xva6iOAX6DcpPLb0DH3fUcJh
IYBE0Wxlr6ZSU4DaahCfEuNvKBtLv3oE8izP+SBDvo62etQXWS7ku4kQi3z9Xhlp
1qjLh1ePnZXdO60RlgrpvfwbmT6sFWrnRrOpeCkjU4YgMRJWwzyhWDJK9VVvYpFv
axcyjGzBgkmdh3+EV8ha+Owy6OCY95+9tZmv5c3jdBHrs8ErFh1AsYDfVWCeN9rW
T3PcOGahl3AKqRWT1g4yPxIJSGCwxLR1238YLcd05LigKh6VDV10X1AgiON5fyP4
5o34WccEbM4qvroR+sEBvlFJkA7k3965R1K1exSFkVqyaZbn5P5EgvY4MMgtCxez
KvYoCaS26llcK8ofGVy/UTyV8B1N6ViBX5NPcKycjVNrnSroPIDZtXjwRHjZiPud
iboVmbLDgLA3m5hoUUGeLi1jbTkH+OUVga+0rQy1QSNHX/MGTP4zV4Gcj5NU76CQ
0XWwelntePs9LTNJCJfYKyLPcelDAJ31JOia3Lqg4GtYEJbp4pq3rwdp8vF3etkb
8QHUBcwfEPe3kyK1VYRPwfwq4tpmLrfWtvofx/mZ33TAoMa3e1p9SXHI+Ndb+Sob
KL8Fyp43miL9wUFYKnv0Vo67do3cCXYOA6F/wbJw4V+oLdBS2amMQnMwpra94Scf
L+B1nmzQsGVpl5nieCQE935uFDxfxGUatNbKbsqkX1ZOIORPplfX+TJrAfShBsSj
E22uxGfq0Bj2W/3tdFVKnkxzCuNtKECq1xQSuTaWkAHW5apFfpVBpWxzGO5eoiE8
CadNkpr8YFGswCrirpoYqPgGHE68I96yIHal7H+ufo1XK7QH9ZtVSL7CEirYG0Xi
ZhGhDlQwMBDAhI/57sF2xfGgv8UEm7l7/94isN0XPkSqEmmbjcBpGhRBvRmWggnX
7DHoQj0viTY2Cj8B4f8ATvdCEuPY+JpCU3xWVdSTJSOXq9NH/isNzxWWxx2aCS2z
T/K9ol67FcXMJN8tH3TCs0VmXkYwID94DrPknaUXMPqr8fiTedByso764tCoK/bZ
FcDRnUbdpn8UCN8koJF4UMp6mHOwWxIg4ekX+V+REudBAWOXF9pRdury8xbVFb6A
t+RvY9aZhTTr7sFFDHOSlhOnRndzfOVj5u0iiKmdmk4NDMf/gIMq1kQ6m2/vjAEu
2H1p8DJ6XNsLCIZ4nwdqU5326tFOaeylTAcwSXox4M/23zzEHW20+DCSXn+GAd3v
U0iN+AKsss6pGPFxzwwBzaWBIpCdXmzV1w3JOoLiHQOx2IHkGXXEeaNPDBOa2PoY
G/vQRsJCv3vgeYHuq+oKiOORye1rLkFakmuSZjgG2Wo05B5tapxMHoW4plyNDDPJ
0cezb1xnqbDkceXcHa+nTeCouRCqd/P6YVz5ocD4BIdSwrda5GX+6U0bl/e+IDoP
pHWKijdsU3DAM+uCJrE9EwZHDrkW2qL/Spp9AhtbdMsugaIqVuuTQyCWhoK+wpz7
wjCdyk1XEMoCfQ8PAS1RyaSUz7fYAsIk9P+FZ6qwyvM9zhmvFQcNoj3E5ObIq18H
GezlvPOeoDwieqKamAHWkEwefrUb6X4IK9w8dBJrYQgCjnwPq9G0dWu+MbbP8xwE
w7LgVMRJKMMDllquSaKDrQ==

A.3.12. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 8150 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5022 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1075 bytes
   ├─╴text/plain 56 bytes
   └─╴text/plain 373 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500

MIIXfAYJKoZIhvcNAQcDoIIXbTCCF2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGqHqgj1xSnDA+I9w1gM5jscfj+VbIfCbhnx
X0JP91o2lvOWKQP/faiuh+g/m0aWux3LmKbFTmeqI1GthooqMKdrsneFFPkq2YVr
t/bKwwt9r/BHWX7YmC4IaUEt58wY5EpJjyNgxTS6W5rYW0L7Or1u4VavRwDQy6UB
Z3PwtibHKXAWPRt0GdED9tUfwJodE2NUhpsww0GfbObN19UazD99Tb6l5ez64avb
v6qp2I3T9K2777AyeI5mTPWLosR2e20ph8VVAaElK7eqoj6fNWUl9oCHEKZ2ugnu
V4cMPsaqOAJFHnqFjoBCVtzMwKQUlSQdPD/G3M9QxD1eZyUA360wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAe+PncR8a8M2yRVIrPvFoFBJ/
sjeT8XqP0JrDGQJAlltXX4VP4yv5f8QnxVyI4GPbmDE18nGDWewzgOcssAWZfuyP
28Mwa8EFDstckvkFea4MvtoVbIZ1fj6zztvZeb0d/cMz9IWpM4qfaMrF9Ejk4jfE
AkagViFvjJ6168alDlLbJfAjFUAm3Kg9QMM3GVQrXlLxlhoOAANP+MzTZBk4a0/r
LS0jU0v6KIq8T5bXj1pwGW/64+koLYA1ilvbMbN+G/1KucNgyYOc3++6LI50BzYX
woOnmcNJtX32+f0kz33Zlbo1FNI+FGISzxYk3+ENNJbzOApIgRK8N/n6ky95fjCC
FE4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEF8YHUGL0G/9JbgGJzcUb7iAghQg
j91e8wyDIuHSPaIhkChDZUXsZphbmazatN+8ebg9nq7kB2HpmK4PyfOvv/kXpOdv
lMsP8vVjcQBneqza/wHl6Zj2HxqH0ou5sCSuiyfW55y8pquGuqLf77fb+htPIjmE
+Cw+vCEUw/Y3ekJO3kTSBPoZIb7EWEJXM2LHQ2AW5eE2NhAi7XZVWfMKbSwsRx3d
LW28ErQcGCDYoF9CTGyGQ7dFn9snr/mi5lJk4nrEXr8wVJpqgfxvcZqhWEAndv2t
9okudg/3f/kzY8A4yFfoapBF1SCT+ktTpWo9qSQ3gG1j/uPNhKIip2sCWBcwuyJX
MRv0DBTxObkpv1rgbLB8Rw/8TDRfPdrk/dttoRdqol/t/e/+Bx1KPMGRH86sPPLK
2csc2fiEGUT4aOALq09mp1ayzHXHBqH6izqKGrR4LvTMEAMgnzbvhBSJVtS35Nu6
LeJAgytmK3AI8NUzlPa9Wbxn1urGdP0vqisb7YcZ3hfZvifPiVgPgIcODL/6Uei9
fL7yxqC5FR1DLzJh8KrZ6512xKNLWAH1A/RrY3KIPQUvZ2L1BtzVm1xvvju0m5oj
1pjWVs1OnfZbft/VCbhyxbpILmOW/XK3lhzRd7s6anzb1nioBPsFw5ToiXEKkbT6
Pj3Yk+mWPGZbl6Q0pB+o9lgWtcNHr3fc4RIQfjM6H+WqV5VwozCA1CssSL07yYOi
jQArheZZjo0AsMlr5zOfPQTM/BlQIc9oFtFVs3Yes1pHGeX3c7xiQJ2aSNb2YtNk
89toDxtEJpzwctlfbaWltjghW/fTBvXj/pDkSO3i2rI/XxuPror1BS5OO/4tB+BC
qj4Rvf4ZGYerXQuZtNiiv+xwvQ1wQOqVnEbzAx9d+gfh8xNzk7xoAuNUJL9JNyJS
OnmM0pTPnHyRGFPFE49rE4rpRqWko1t5NHy/T67FZj0rGhssJR/y8RZf0Esqg1Mw
zHn0qVaCy1ZQimCM87D2+mvZMaD4VOYRanCWNYVOV6NLsjPxG84UCfuPSdNH6SZr
ZXSy5M8KJgd2IkgxBVwCy//G4mBsgFnQUs2E0n5bh9HnQEQAB+ttVLElGtRitmrF
UiuJwzCVat0Lp8yQLk/FlLz13pqZSpABLdxKngIfBR7tTUd341/rcLadnF6u7gZA
cl7ymFwoQT8pRg5yPHqFHoCxgreM6nXEr9Eh/ScaYKB5gKsPTdCGFKDOiJG2bxO9
Y1RB/EvydEyoCQTLD3qdgFTqEoBqH8Z4u/jsxakqg2+qypO89Jo6QNhrZK8amuZ7
q0L+ltxcZRefx45cyYrzqTodXk8Gk4UxjD1qvj4nfK1l8JZY8cgEEkKEgCbrsyO4
mLnmMxvNT11PWqdMhXeQ9KyoDQEYb1Kkkr8VFu9PCsw4XvwP0u/DvvASM8XDawr/
krQtixD6aXo0ps13JPuzzXy21fJ1qwOnSBnJ3bIrllaeferjBFwmbaxzESi4UtK2
p0XwQpLKBh7LS+7KToClbvgzoqZO2mN+nTqn+mR+G2PXnW6KBFPsYaupBQoNoJAC
JwokhlrcdMZXy0C+YNNdmj8lgz3J/qNH7BFAhGYNaqMi9EODs4wBKxt4+WKuC1az
7lqbFMOy5eofcSl5txCZZyYjQp7aU5QE+2GkY867RtUqqJ6IrxEtt3BBKVZtBwWj
DeNAeX/UENoDi8bAxuQyggjGsM/ozgfq94q0i4wKThvGR2N7lfKs7dlF2Vk9zuWd
G9m9MKXmZBk040HRtYDJlvXt7iuHpp/vvqlx4OoMf6QbG1nI3UT48PUHqHgNxbxW
NHPvNqQGW5ay44ZIbDmpTIAp3e9uUWGqS7F0bfAQJ/IEDnoizEFCL94MB00KCeAO
DBiKlneEHjY4EnsaKB9XwEjdEumhfveVgwpX9wn3PR9BDKZpWXIxc81I4C1B55QZ
zfKr0fGcvDRDVLIqFcI5/E2/D0+maSJdtvI3mHv0quU3wT863lDkKruz42ym/h6Y
M0d9qr9+MHllxedB+l+Qo1LMmkNg8XtVBYmqtyOEA3eu20AqqX2a81YZj2S6qqW7
fCwiLuSLNvrRxCrTOVkrgVRrKYynK7gFPZFRNaOMQLa3fv0mxiR59bVYSA7qh9OY
h7swt89nizA+IDKdaUpkN9zfhxo9IvkexukoaxbqHY+sYmy+ULLg9ZuJ9ZdiJpu6
waBgNKC/ELPvV1V/MwU6u08X+L+LZKnLRc1Ct/EOJlevDVm/MaHEcerKIUmkxUWP
UDkQoUjjrIznQIODRYllw6E2pKK008gCglnm7er7VjE/yjEPzOdBuFAoRqatVsLL
pCXATV+wySNzFgpxJWxHcGwRSs+JkWnw2rdbLQJOxrZr4v2rrNztx1BfA8WtGWmb
vGXqztE2LV2mob/aK5Nb14ZzcySbt/rqqzJo2bGPU7TU++WxlOOPMVjjpURS6Do1
HeTkgb7JYS65kCYDnr0hJMGdWJCEjqh1lSxOtc3q7R2tWbQokcU02rcFHFabA+4y
Xc6rDQykW5xeB4XVJ0fO1QQ0L+k5WIj/9ZIifmO3kILrA7d++x39Ewnn/SrQ32Ex
lbsOIp4AMpyyUx34iNjsQXLUq70ixvWvs0R+B7gVdwa3w8KLgZUYkk6pR7pg06y3
+R8CzTlKktxNSonU3AazQ4V1TWVcyMxZZTG5+MicEpSF1MUEvDmjuoZHfWv9HgYA
K7G6hjQ8Q8y6+fY3rQiDDhAAGmLI9FDvoMDCQ1g3zHJuysZlXcOu4x8sCPTpz4O3
GvtM5PIIB8K2NDeXucYc7jilElUX72sAYixlyoGWmCB+fM1yIgnKXITLRRcGnzr5
eB3Qjjb/2H/tIOdKysOg1u6Ki3ZwaHQZdLRwRxmQ/BUGxpX54WYAbL7Dv8CioRNy
wBrzuxldQaTqWsMyOsxpgPSIlzoJRRRrI8WLp2iK5PbKjaEXhdUXOD0zqbXV7KvJ
EO/9efDUSocGHT4mfTNZHRCxT6AE+rNZ+vPoO6nUpfV0ZIrVEUm0Vi3TTLAvPAR2
+loTHLSZQJzay4LknzauN0IsD2Gkr5YOYBP1mb8nqHGrZt+9wA5SPfPpBb0tqSzq
aRIBl5t+Nh3aTznqurQUXoJJlA9F6nXZQoFRwtMhgXqe1c2j9QrD/6r26+wPW2ZS
3VFH2ZDYLJP0t+wudEz0hdlqTgHqZrJal2tnqdE/Egh2Q81qDE6UiOEBsVa8cx69
gWz4lfJ9ptmUGuxOjN/Wx/lo/V4apwrZlJarxhkg1DB5/s5rZXHgWen68HTg9nIa
cc4N7qBN0twqdDpWPebdEMuEms7KqnR/uW5uBTp5DpDRxTyu++71K76HhUaCB9J3
98uyxSYBZdAl+7aDiKQn+HjJ4R2EaxBNtPiAwYkej24SasQ6sp51IcB+OeXyeIMn
+EzweYVGn74tHQ0R5ZqBroPKpUYEVz536UCFHb5//9vvy14C1sMoaaqKn0TCZ55R
zocRoFruFTkwRoEaNnfnB7g/CHrfvm+NIsbcYqIrmyM+FQsRv1SmJcjVxhrB/z9s
6I6UwJVQNHXs/T05Z9yepEhY4UJDAS19NKDZoH6NTFD13O7PhbW48uf/9wVCH734
PeVT8swKZjBEfY0hVJ0I5Xh0TchKyUaMZzemCpf4U6/QE6poSggivtD7AF2uwwHN
4SlXi5cKjwZhk44GEIVRHkjam9OC611yNOJC3DRQrix5ibeXjdVHRYJOk4jCXJba
hGxhJp21ZLPktke8lVR8BNSs7fJN6P0OahAuWaGxd/EfL6exWfTv+rm4nyDuCDBU
FxbF2HcgR3b6AStXGhUKY+nNL93roNcpxU8sTRlJDHuuFUmp4jrGVKMs8mSvUyWJ
BgL9PcNjfV155M+5ggj/VyipUv5feFKGiPa4wYq4zTWBMg3ysl3v4i9f3f2bxBMs
VwM21BgajuV2ilXi5lbNbLNgLDSeTH+VKEOWs230GfE4dsL+/06qsmVQMVowMtRN
xgHtzbcKOZcqKgZUe/lb82s4ZmY+EuKF+Uj2lXeGdFO/SeJ2X6A8thdFMnnUpkrS
eJDZ0xo5B1abVVPldqGPK6d5bC6V8NovF02t24Y09T8FFE4PPdup/yKeZXCa5g8s
VgztjBNQkrl5K81YBd6gMDMvMdzAfKnbHdzCmF4BvEiES6wpjE2jf7pTlFkrCEew
uva6sKsdcH/zPshz/BJCSYyNK9r0oy4moHWVrKLvOO9kTc9L+CYXG5TCmHRM1Ad6
Itbv9249SBepyBJX9Usyf2NNaXvUtWIpZ1PmDH/ctWPqpVYnX9heLtaoDLmJB5aG
H4QROqKT/EIvaW23xzZsNr+Fa6lgaItjW1z5U4VLW3T19LX8uKpuNefu1fXKLaxY
nOSsFmsYh+dkJcyfb18W0bhXWPreC2ALI3yOcL5RH0Ix99fu9ivLQtkmUrGcL16c
9sCqNZJjUbAENUYeGJYLVHnhEGgzHmYsHvp3LcbgBnzdTyPXanAek7Rl8VhIo0vl
a52LAE0Ld59Cz4Ta1wGDbQezt3wvwJSngKOmJYbraSn7YfmLviPbemeKo3/G2Yt5
DVzqQBfelLUTdDIm4VGIrUv/UOwONBtlgnzaUOMXJdEE8+Ky95RKeajkPU2ipkSh
rv3rAdyNx+Hv+kt3PQEkScMhvLSrsbqiyx7nJyjewXzzyNZvu/4glNWZUGQfXzV2
8+2Ce/zx77vugH8/UulNZntk4CP205P1KNPjQn6Nuw5OqerOOKWx/EIFEUmGmVA/
Bf46FMejHnrPsEdFJu9eVGwpwF0ut+CaekLCPUhBOBTSCI3n+4f8G8ESTN2KJDQB
41u+LFN4vhJCq6m85SRcX+tc31GF9jYDXCcrvPFpU06FxKmmKv5rLISPVH9nfzyS
L3ZhsgUz5TURM2H8OaL5+mYpSpNJvIFajeqNAmWiXsUbZgMSes24ZEgvSjGc4SGd
IlGCxAQDHbfFfoB6hhb1C9I/Xj36DqNRvqrW8zI+KprW0vDcq6r30/imHn4OE8W5
jUA/dPpVFRRvMdSkeQfx81FlbNDOThSpNQkrhCEWwp47U6LXzGs7d/WJu8LoxuGh
jQntq+bhctOqdnolTHSDp6wp6siguul0zobH3O8zP8KQ+y9CMJSKumgNATgvWUtY
2nDEPTUh5Tjp2MZ9IxVFH+ogsa1A2XRG2iSIKwSrSLzfzgVSTqO5SUATGJYs4qSk
Kfaz8+i749PZTDtviMTQi1t6QnNH5vHezV5CBz4w3aE1CSDVQJPm3DreSNEXjnzV
Vy82bjcSw4LCA8bl05swwHmCysoqX/nluv+remcFOPfTEw/gciH5kjBhDhtEV4pz
DKf4+Sr4OJ6Z1Qnfle3lL8xNCFScL4G7mu/dQnWLklhnlpmBG35elwvIPK+ZLU99
MPsRMedK62OIkxIE9WzG5Hq2xMP//v67FT/wZuJ2qnXV59u5NlJNc0iWbo8yGy6z
ZQa3f7SIXoCQAgGbv16T+Hk1YsDFapC5HKLzAAKaWsd3ytmIoecsChRaOsKLla5h
GehI5HUD67UHjiBqarFwkZ80V4auIFzR6Lt9F+pb/HXyUKsGL33WwkES6TKOnxP+
8hYBdWGWBZtC9tHkfvrdb2bQi8RNvnzez1zX8V8fCizEgAziDXaf2hWbipC4+xep
hVf5mMD8KPaME9uD+Rb5Z+AlP+U7ka/d3wKh/DwDPn/4djy94SLJ1TxE4lpUaBm6
5EIIvnz5LoXEHizghqOIP74y/0FUggCWKEAMzCtLa/eBK3M68r9OFoznUy2QQeYc
i5Jx+vaP6J5GYffGNPXgL17777goCMNdN3UvWjf5ukDEhE6Q5v130nzlqG/3aKDS
WSi/MrnZjvhtn3XZix7pb267F4hdBp4HZDG7yLZYRd+O7BoDArqciXlQg6gaI1wA
2KlImv39QHhJF5aaNUaSYw9vMql0aKKG9OPCCvE/uSLGSbUNT7mf/fRMPznkatlC
v8UhNIzE3T6bIIlr45gNQdvMZsAgQ+yg/hPFpkteawKdqhZL9cvyyXcr5/f24UE3
USxH7XiIobz76C93oK4gdEjBihN5uglkedwukwqt1/WAGiHBDpM+kbXuKNx/t4R3
tIMfrLdev5ssBTnBDuh8134RfxFHGHEOutrOd+ECZAIy4yPilypr44SfmKKjECUQ
bCu/Jr6NkD+89ZjMo9hssAD9If6Ctu4ryx/jO2lZkUzzlDSs5WhwhIhTC4G2wzFj
p3YYRT1xvaDdkCwAD1gzInssQvTUDEkzHeWpCYSu2rZJHS4ccCiGGA9xhLceD7+h
4X4epNtb24KysAfBXYIY6HDKnVJ4FEApm53BcLbMGiuM430VfyeMLsTw9qSOFuyh
KBXW42iEw0ubD12cIKq3CuuTTYSQj+lIDxgNddD8T+WmPRWP+Oi7dLqGoJXRZyaT
RL0lj92WZ2h+/3P60RwV1+D4zc1x4ptNRG/KV5UVI9rjq801dLEZjayHDm4/Wnse
raZJV5bFsui/N+MyODq9WTDlHF5GgxAa8Lyc+muDOPOQffIccX+YfaL0aBueXemV
TrVyq9wE+EXFj9V67c/9iGMVqhjT1Fvq0kCP7ROlPBnJIwO2SzMWKjQLpE0rLZ5g
nmb6Ii3qM79NNCZHAPMkbdvRGkCfURrR+s/Yi0GXRcF0oT2h8eIwTR9xTFgDFtcT
lQgVNoS2UcJYJ5k/+q+WQRtRkX39ATSR0HuO2Xfi76p/TnLOqzIKVeesB1BIs4Fo
DYoG3nvcSItb/G3wLrkryWtRbktpBaEHIDtYrWtITkM2sx6qjQuBmk9NdRQtIfch
u6MSTmNwqpKIj0rSJ4h/IV5pC9FGxrvF0bVqMU0+CzXHOjjfa+XQWPEZAT1ijOQA
x8UuwNnS1G6MeJGd5oXIzA==

A.3.13. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9450 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5982 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1805 bytes
   └┬╴multipart/mixed 1741 bytes
    ├┬╴multipart/alternative 1118 bytes
    │├─╴text/plain 375 bytes
    │└─╴text/html 459 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500

MIIbPAYJKoZIhvcNAQcDoIIbLTCCGykCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFXRckr86ZKdjwWngyWuYzh2C83A2vwhjy3X
CIP40KUvi3zDTIC3bHcS4J2+dfZughLHJ4zAUpLaV9aE/mXRFOR4R7+KFsqgFMq/
AdZYFzPSolrBVrX4mJ/S33n9o4C8liWpYKOHTuCuaIQoncwJnxMjC3MNkTz3IQu7
bA+8YQsXHKfxgYx/fDqE+M0vQ3WXdN3hNqFV1/vvn9XBcJ4vEqJUWbh20jrq6SWH
LA4Rf0ehkqkTO2eLfW816sEgRDjbmz9YnwPZI+9v9lTA54DOUHqGRCc4bF22Oauv
cSMSlXYqYc5t7GG+m4FJr0ojYP2mfqO2fqD5MAWREKiXps55bM8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAX2QNNJI5Eh2BB+XRtjP6Xj8w
I99B8w98DcikKNcEO97Wubdh2e6zqTd5ZcN/l4RxDDC0eo63xq5urZxpjPQMDHNO
VssAn8w9g5jZ3HSCqGlPqf91uRuZysIqA1QftgYEgMoyv3SJDsTviruYnPlOk3QZ
rQhq9crW5eMPwcU3pR0fz9RBnUsCA2YSZtZ1Gv46IzxmPIhgn4EFX3gQE5P6Eh/k
IGdNg4egeONZfpHJu2od14RrII/3keYC8dW5PwqJ2O5M8glq0tcERYG+9G1R85vT
LVh4+wzEUKqUBG0ZcNuuB4XCH83w18aOhnVG5MkHblyqJVujKuVBlMzS5lwzBTCC
GA4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC83L317JnRlmVmZGWUVqz6Aghfg
Dhdevr/n3aQc13mAIW+gC2eax7HfkRXLt5pfz22kYNixmJQTrGScKgeySwqUIaqC
sSIOtsX9PkCc0oTY9fer0LFSFCts+Z9N6Br6R7XA4o1Q4+rIiJKAgkxRZaN8HUZi
DMrz3JPbIRAmSyP3snRlbLpHZWHBml1PaE//wIjBX5JyHwIUSMbfKqZAxunlzuvX
23zJx7bu9CZBfo3oUF54zLWFNIWSd8Av6TCo8fNFB4nb5CCeUNumnAEOI/gZqhSu
/RdeMvB+HtAc8MiXyOZGbWVL05EUWIczY0rVFqU7S1MmlDX646Jh+2hBDkExTGLz
wjWnJ5QvjY375XxHB5SMidNuCWV+/ZxyYPy7GkFZCmsvjPb6J97ABSRJ03t2X67p
yNz16lijBj7vepUuZvPbYc/Wn6oy2tbTPww1OeWkw/LtzmbNGzMm+f1FWVvuxxpY
9pxluovr69RfrHzbl7f6Dl2EGVbvCD5yjXxARqXkR+2Nr43KmhLcuaKnrjHdKooG
XaFmlLfY/A62d9btJd+U2uFFc156PVl+40/q8CVO73bSIZqPEo1MFN9pCs/x6mX3
RVgzipeItwteQdd8xcBvwYHX18lRVO5j7tql7KqKe2zTGDW4Mm9cy9Jg2o/9CESE
IDv0nO5Gr1NP4wcu1y0Y0uoZjIK402enFrRAjWKx12ai/iTFfJH05QwkQLWrOycq
0sHjaqtDgDaTSpSIdctC42QkvoikltgeEyjFC11zbt4CjD9bYI8/MoqN6MjltwI9
G5TVT03tyBNaEfZrUkcM/CDd85hkClVnX2tBF28T63Ozui9GbVFviW9WUs+I02Je
KWN6llM7UWNb5XIwR//UG2fWxhvFK3aJzhEIHRV9JBQAQfzK2EVOZsRomgmOBnRg
mvOMH14trTNPaOcBn/SzdJ4ZW6FvvYjVpH3x4bJ2+pvWWL38t3jY0MgsfXzq/s19
mvOhoIG7+UcchsQGYR5zrRDIb3oSc+hIJyHk/wkPM5a/iUFCvCIpGGw8ytP6ywhh
O5KBYA/iEw9mjfJP6t9LWTky1pANXCYYxPXGqBQEQTc0i/yYIIYMwhvyBDiBAcS9
aAbhlsPEjP2OO978H4MjdMpYlc9ftI62beqXnWRYq7SutLwG9xrdQo0NNyPhxBcB
h3xR9xNgkC3giBi7DVj30uzDSTVZaSzNf5dtctS4T3SlBGeeqiio0uczevPxwHQp
xQibg4IbVKSDyETS6TIVL+sDliAWiPTjozptNzXN3ZNxk6pEM2Dtp+6kuje/KHxU
mbNiR4u4j/0/+lsOlCPtXiso25Zy5Db4FeWC+0kLHcMfRRcHTW1BJGBcHAtDlcwJ
RnMQK+RSRRGUI6B/bRUsosAWDk766bgJj42Q6YE/047amHvhtgCScqYaELG8G8+T
rG647BR/rxj/tMX5EKlQvc3qm+/MMc+LprO0WGVWMrGV4T64H5kcbvP0ai7nU/X+
I6L3VA6v35uWbwi8sfzcrjXh6tyZ5dTSM14T0xkuyzXbahTTEL2+UxXH11qbxh/A
ZWHpYu9NNocE4/V36BZ+sbsisu6G9dwEAEtX+/rB3U9hm2QJ57lG05SAZ2mrcU+Y
x+tbMRIBz5dqJSN4hkL4r3ySMjU+p2hSWNWHYX2LHqjywM3+l0Dubjr9BvJAlatn
uawkgIOLgEbr7BYqyfgr+/2HVrYTu+w7kGWHnGyEZgB9dIZ/kmSdJLJbW8qVdh9s
v1Z1BJB7ZWIpQd/kI7EXEm/OQsNM7soCrDZycDLDqy3n8G8Y2pu4QkOjvqpjP89v
T/TssRnDi7wOJ9+3RldrycQSnexuO57PsBQezZHMDbiZ4rRu1heolgsggygdpeWM
gRS58oqxDakL6S2n5uM1xcBMhY8NBHZQfOvcU0koJo7hbFFoxzRzo+USxJDsOuuj
+NhqRmVo/Wp0er5yKdeEdeqoqeOSq9IrS/txX58DX2lP/Wnohn47dm3tRE4eImj5
VsCOyBV3LNTnu0vsWGi6sm5wRLXvQtSmfwTCPwexiTUFjyz/UEpQBUONx5TWhiON
kBeoz3OFR7SNj0vmLVVny5cIMa5CWqZ0F87ycT7vFzwo/X1QQppmcnEVysipM8XB
e5AoYlMkcDf0Lh+NFtbksT8giOHoWHhM8pnQSRgScM2TdXC2+YayIb3G4ukgdOTh
KT8YJolbeEZrzegm15LBwcUftfAcUcxt20MUExVZSf/qQuKmcmwyFrle4thxK9yb
CAHCNBa8iYyKU6qAdjWX+aH6UoRI/7ysWlx6SupMf8Bd2Ghk+iUllT8CrORNi2Lb
M2SjZwKA/zNn4W584bAoV6fiwka4IgXh5SvszkU3c7OJYXtRuJwD5q/TpY+0fiAg
EOoPrqLiTTrEDE9obzPh9lDHGlF85m7WRjqtTmbgHYjuHqydXYAG37QgWMnyoSAF
YVHWqh7UhFoFvsHpn1Gxp2aqznkw2qXzoGZYoaCfTJ6cXbJNNID4n16eRztv1bOO
XLVG41ldICCbOH6pmA28+DbNKQBx7cB/ZSpfwD/pQCNg4IXUuJA22p0WRdd+2yVw
7fPWdABaWydzQtKgN7HnXWCogt6fkz50t8gLkY1F1Q9pRzLDBZO0O/bCMlvPXy4i
rXGP3BgH06G05OIzxcs9/EbNereRb0/OzXmd+A0wTDaBarQJYNu5IyaV4EIhVLBj
7x/tYSf+74o9uuw1hjiz10u57ZluHI2LfXcITXRufM3+i4VBlI+RSe9uUgv3dWcr
zwqzUsMLxqGpVLUyISDoMMjIueIVLKg5TlsLIrjXyQVwj+ZX0mEpubL9US3AKDjr
UG09davXIkfK5OAPIJn4T9YOmw+bwtt39GCcd0ITKpX1rHhblJQKy7f5yqm3XNPo
Pw9l2XAYAJ/vnvHoiXwp9pVYWqGY2qoLuCg5VLzlHgQIN+mN0OdzSqGG3KW8s+LP
9cb5oOw23VSA2AGjEYiEuFcunP5aZMCT8o0wh5J08a04/zwV3+IkaMRfC1ZPgyyz
YZ7NNh+v2RvR3VeW/QMPOFB6lTnzcHcYQdmK/DY9/BPrmm94yDS9t+wPfvVN67Ce
zIkk4arX9S2KEJ3mOH0Usky4Co665+9R968xOjzSlUYaPdqmRb46TvYJ8BzmcUH2
fXMAjPRsxaBeApglXFOPVCDR+H/6Y7T2lqkKWQCZqsIcOIPlD1YVILdPJFTRwXrm
N85n+wflN50jpAoKKEg6CAsxgR8YxemQB1TFMee02Iv8j2Z2gpnu2TQALVo5dyjV
PykeuGpWooq9za2hdLQkolkfCmn619yzAsfZIb1eFVNxyMvZO8BdtyZQ/u08eneT
4a9bAEXzzNTT2iDTXj1mlhO/ifXojWiEyTBUqNeT1eAnD+pNiLqZEQHqtlev1T5w
MaGx1M3mMUyiU7XN8F7UpfclDuJyOLP2dg3j3ffg+xBD/GAWByXjqTpOFaN0zg89
qA2wTkLGOFqcJzOWDHb35uPQGdHDkzXaWOSVWr+ebr8w/i5PNWYR79yL0MOzavvs
rvbgs/DL52R8llVHG9XYxHAVUxDrrvkOczg/e959xFntSsdART8NkuSEQnCBcJiK
wTHjgd5vke87yC5dMdswj99kG5OJiUSRpBAOZNpUVqL6CaENsg4c6csACQUR15wS
QBR2MOBaXxiqma9k3i2JM0SPtkpCzfJoRrsSTvShKFVvBQIQXMybiVwFP8HTrnqw
i63Xgew19nYRXv5jjsmQNvxZJDS6/mM3rbcyLBk3uSXciPFkQuO1sm2wdKb71Rt/
8ohiCt2xH03dmk1poVq3r0kzelvR2yt+gxqZ0G7DpIhIlm9SASZuoL/GIT/d/d+4
fecTkPr8dK8SobUGqCscev0ngVJWsDMM/1Q5yxZPoKtccOW9IOqY0zBGgwQxv9s4
4Bz3vo3SNDRvcvaTyfehrJmQIUm3+ObehmjPMh8l2Vlw19wQbROffjlg34RF0OPg
spdcAupeeK6rzGz/qZkqs8qvioUM9M23oliyUJQ5j0DlywlnbmHQwbDTRzccroqY
e0zpiUZ0RX2Pd/aXaDVF3Rvd3ZQjHagWvgXizhNW7LmHyqTxupwYseE3mtBHllZJ
rNy+Ako6qxPslMv4x1+TrPiEC3xqFQxQ8Fkl2tJ9waY0PnZapSTNIaxf1n/zayLL
uqVVDmlsJ7W30QxAR8MvazDgW9R3pA/QlTHZTT74vxkjEhUfsG0xNnumWfRmO5Wc
H5dsE/Bg6Y9lCPsBUQ8bTF6d2YqgHrA0jScPf3S2Me0zpzCYnkgDJGMiZ/DVXY/L
GUWuItZr2UqLG43LcVuzVAp7av5swE4ebwc5NRKf52UCAJE0R2wwYdHjj6ETd+q2
1R0Vw8GL1aUn8FE/SvyOTMaCseXhKCb2olnoLm0K6i+EskVucCIeNwwL5+g7kcf8
/wnTEC4sQA8zvtG68Kr1wQI5zgMNK+/MzYn+Dz2Hkm0NFJRXJFp2JG7CeO+D/OTk
RX/VBd7Q0tqQFeOnLd3JX5n2Fd/tpsrim7TuThDGVlUevg1Lgp4n4bucUFe+A7IN
srRmfKChsjU9Yl+Vjyk6wyM7OwNAMLJ8BtY1aCJegncTMmNhTK1IQF2D6lUa2hJX
FG5Ewc/xqd44hI/pchtFV0mKMX562GIAsndqsqBpgVX5rDReMt6DN0h23f7yzXIY
xpan5It5aQE9PrIULl+oceRQPJ5tg2JajyJWwDv0nrRLQVk10Ryh2IZnpnFGmrPa
ukEsJOBde8kCoGpE+4Exgsenv61MSpYxdmhQrm4AgIAHtumk0xBFh7k0TByZAYig
MuuYUn1iVG87c4E7hGqSKmT3/oycprhRUTSzR/ZErszPAZZYTr6i4wgvrSEoFfxC
TrVw7w391XRsysO65KEN14pHDUWV6tswSoMpWI1FlcVNaGvfHipT91BVVJyUKoyG
iEjGzCa49IhqeTjLyjaBfB6u6LDAyC10ovbMo9gmRuEK45UqRWt3E414jUwXD4hT
jdzX5fdYmHjHfO8dcp7BOKOmr0SEwbhVMxjdGDCj0+hPOJC82jsD5FZJ/sfRtdvh
lgKUhtAiTu4qjfmq09u4KXeYrZ+8UWrX2XvLlDlvNKYhe+iEqkjQk6SDzfWBYCa+
UNaDw9SG/cTBWH+JknHQbB1v9e/Qtj4n8FT+aM13D78k/kaVu1tyqa2NfyWIG2of
59N2IfYFnKc4gw187MPp6NeuhFMqphqYqYSHSWsFa1LSa71R78eK0R8v4q/e6q52
BU1kaUk8isdPWkG0sgS5Mmejm/ajtoMHYCzsCWySkDfXqM/h9mOZVKRRfDI9Gpvp
7j4ScwbL+lgKu0XkCv8Qjr5a/rUY8ltD3g6WLSuu3RIWuslmkkfrMHGUUuw68Fcd
XQ2B7y3vEWU+t9kWUnHnQc1n2jrY25eZ7S+bpuFepUR5a7s3+FIjQJ4EdLActfzh
YFVC1fNR1vzKI+xtdqfU5p1wddbe+1zlbrmits1fnisg8GRjFjtDGPeHLv31AZMe
ihvH8devCgSSac+0CTgL0XAohSnnqOemBYYtBKTYkLYPMBnDHpQlqoPuU/2c6OlP
VLRinaHgxkVx9ZkdDNbY/clTbIgE+hVTOLxTmplV7CPnR/PPa6mWm/DkJXr6T/VU
vHxP8LQUjPWVYuxSZ8gjRujebi1gc8JSzK4drOf2qgZuRY3pRjHlrK+HdcUAUu+4
XdzdVBFlPuVl2p57eYJi3QQN5BOHbJfRyCdnitccyLDGNkXbx1fLJf1aGn46LHV0
kgrbHpg5p0Az+s0XQxvnGMf0n0IdVQ0MwPa3MNvJzMPohAqwfCC47GXAaZFde/6C
1x+BGQr6SqG+PaHcp7rxBLMGK+IXQhqlbFZ3muwW/AUsTAH47PbM3F/Gcft1m3pT
LjIk1dbqKQtGmu/cwq37WrMldgPQ6r2Uc4G/0tOMo0B2nV13WJe7jgorb547WUBJ
3Im1Hl4rXx/uf34FxjTVhy/tuA22VA1vZV2gzwBQ9idalMzX2ouziaoebF8E5uBI
IcAQmA4oyiaLRQmOwAGy4UBNREEqW91MCGAwuIvQO910iB1mTUjFRx6MskpWUuuU
BmA3UPzXu4QbBTVSrrbnLZEuVaSKbFRSjhOUdsH36OWQLereNZvg4FyiSm140lD8
0U2s8e6c2k2Dj0UBAWtJdeCsRLg6xyMCI6z6Q9EbRVsfoJGKB3eEGKl3zRzaTwKS
3+EA3Mv/0UUshDFV3yd0tnkBC00BXbmKS4qc4Vmgx/N3UlCO+9AlEXoyeb6Z8esk
cMY6GbsBZwtdRAfNWg9/X7rV88emPa1kUFI33iXVw4XYdYZMtaWEXQZrdab7dBws
/aHvkHUAan7/Nl+lbuTcduLIHEGshkI7KKO0F8XDTT8TXf6mSgDZrTd6ICKKa74h
NzO6xEtr7fElIhvi65O2ybWGKA/SVIyIVT4TXpz40GpzzY6mPC/zYv46RfzTetVe
Msn2Jpi/tnjGVUGVzOLJzo/rQHukaNtDMKb8biQR2SHpxUauizdM2t5KQlht/GyL
nmvHbV0PdFCKVRrQ2XtwOR9XCmQKr5o2cztaE6Sqh0PLn9PxEwrpmswaMBhHfbdi
k6hK3gDPypJQYSGohd2AtUFlxokNDO4x/4yzHLCfK3Mpqfg+Q513EiPHEqSubZn1
Z2i+qSLRnlfYDt2UjPD7jcSelW3uUdLtSfd0bN3uHxZZgqf+3WCi0ry/0WlG/lfF
g87KfUhWhUtFF/pMN0wdp6BrMWFxrjPfmTb3B9aQ1cQPoMeTQXYc05HxS2Rx6/HI
LO9s/HNehvLt8tyOy65KdHzCnLfxSlSl4vtRbhW73TYgbrh1BfSEFpzgU9sM1UkH
8cCzrZ1U2cm6vbv0CO6/1wVhTnL+Ij3i0y3cvCUZpHSz2i0gra1wxEPMT/z5p17t
z5sppHHZZhzV0eS9ehUkkLdxbguwwFbKWl3OJ2wG82CDQb8Xdtc03K/zTD4QJJ0I
LSvoCYwnBJi4waoVQCbLGN0FC+cJAqqUaMVlAEHXauQ3VLDOnOWVISGYuUQZ0b3Z
yom88ScoNdI7jNxjfRp52y6mVkgTY6Mm4z+X5E90+VqH9Bwg7PSFlaaQNC4hIkyP
ygciHDwcmQHDkzDpoY9+PCZb2DisR7DLxmGEKqX73POlGYTZGXb8pshypv4cqcnO
WqtJoXs6TPvgu2UvKwdo4vrw6OhaR55wruq5+99irV+IuUk/qZWojKmLdd744fnM
fYJEKLcU88iPoEHohals4z6km/osvbY7GHH6vRzgzRDIOMV64lONZD0kxW7j+DdG
JeyoDuxKPICR/Rav1qKCjBxdzhHU73TZijFf4Ht2YelP4g1mx2ciLoZuyfQgaf45
rqFSXo/GlftzXbW2zSqr5uhTY6J+Wh7kk534m0yqf0lJ1Oa4avYqsZE7VNe+/Xnd
x8JqZf2FFqnf8+H6FL9DOtyfZugJTQwrDs0egcIVsbTHi3i0N37iDKGGaCAotdso
Ix47BHaBznn2+lU7VpHEkxTcTSZGAPJQ/5zZ10mQf5wwVAWUnaJlegnCpjjlr3xd
t81KWFMWAPVuL3otm2vp94yE/lcW1AGGO0tTb1e1e7G4qCzjQv16cy8FlSZv9Vj2
efUOVSINU+FmK8s0hMsgbJ/hY1yWGkhkL41wrcfvYfkt+Iwv0wzH0Rpan+9zC953
/KIAvVqO6BK1BQfpYh5u/hOJ/tBC+wz7uReLT/q5qfZrP+bRvvQoApGKZHkWczif
9wBhsM1cEPWfpDDIhTYdAsG7JFAaznlhb2II7n6g0CXiLP9pNktsLD50oJ9p9RVv
0bvGc9Ag9x9gTQBOiAqFeT8Ifk9gEfKKUpbpdHYlwiEKBNEvboJ5Q1KROb56OgaI
gm3i3+Q6lIibNQub39Xdka+zl8NVBf5id0zTjZpFt85/7TGvHGCNuGudW79Jl17p
TFXMattXtTHGEuAlWlqRKYoFPZpLMynTLsTT5z+gqHIAgURgTOMa9YY7+7QsNLXb
8et3eNsg5E/cAgzt0OJO/hpkQ0fL5k4dB6DTiJrwEMiedvp7cTeHPtlOdMa/KDge
Mqk0daemNTOUbk3Vsj2s3SfS7BpDTnulb7/1U0Ti4oMF1Eerc7fb91dOhsKkh+13
fRAIhT6rto+gbnDKGQffeQ==

A.3.14. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9470 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6006 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1771 bytes
   ├┬╴multipart/alternative 1122 bytes
   │├─╴text/plain 387 bytes
   │└─╴text/html 468 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500

MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACHOyBpdzWJH0FBPgjsElRkfM603OpOAWv2e
JJk17KWFDzNyqNUeh6amywEGtKMI9yEQMiWNDafOaySww5OAyv4m5Td1NqvM7yAK
If8GwwHBsZkZfcQD0XsPeileAUpW6vhIAXNHv+Jx8PxoLef1IlqbpvIch/OYXMrA
vrupwwg4fV17S9nPLPAbAAsHxkIblgtQd3VA1KUwW7EmuIyZYKlrO1oHXOTKu9fm
f6+ZYptlsGhqn+sxjWqgdryLyWgHpAyC5lGcRA8/oA6NVFOseeueqYEfRS7d7S42
34MgvX72chqxXnrEEk3jyq+ofs/LYiOQxNVxnsAcw7uInwzthXcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAd2UGrRGdkmM5K4skCB8Bv28Z
MhHF+f/veYUT+lxq2ui/KUjsxbCAH+Wp9KZxoAqgCxuoc+eqhd96bTpfJ3m1iCNO
V84S2KOXiq4A1G/IqM056zklYbvPfLI9+EOotWXXW5RSHyMczxsw3GrFEyLLSGsy
X5mYSLZpdPLzggn7VIP1Qk0gMXQXGgsjqxoUJUhb7PTmYR7F9f7qB3nhxBSIfdQq
itXe1GgvI+e24eURa+lH57FivKbQGUCPmf24pB7WhjK66EuQZNWJvkMeQPOa2Qao
lHZBshnyMuTzY88yDthhUd7M3zkzTLTbgOQEFY5JdB2Df39AmhWD5tkD+PD0dzCC
GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPcJVIQSixxxaBzyW99anlaAghfw
myNPcQDx8BhQw1sJYG8BmQwWk13lQo28xcdZsyQgbKJ5Eq7Og124W3NJFCTWKtwU
CmTyu/IU50zFxmD9xm7IPCVFnCZRwuCfeNXiDfQy8KRQSIzMYnFz2CIWNnyJQ9wZ
WoeoJPTxQapw6ILEm8CAEpmTtpCarvrENS/MKQm7FmfYP6Z4UzIKQJMBjVS99xO7
3TU5KrneCPFYS3F5i1J2yNQg9O1ACQDZk5O0/arLdYaOs9ybOFMXLofxTgOYjATF
Oz/2W0ElzsJMhpZo/yCNa0lq/dDSHQSumJTcLhKjSUDTPnj+fTELU2KUmmKmsRWz
VXxYuusjuDZ00PRUp6NUF+I3goOYuR7+hvXurJFHGQhSp1rQ0fCkAHsyLCjfU6ux
i46LOkVYZrjQiuCIVFvs2otvHYN02xqhZBARNckq2rEORfA5CaH+9iGwEekhRfND
+0Nwa+IQmh7AzEBS5vm7Rog5zymsTOu0Rv6j0QlonUiLiKQ6KvTlYHzwbZlspPuE
aSEq1UZAriavn7Rh7fhX+JPcys6ImdXbQAqE8dl6Wtm+2y52HCaaoKHcJbCAvKY5
+AttDKOEzkTbYAhmlYOqEaW3NbKGyLGm5MhZ0iTyyCaZfk38P2c2nnOsotMJmtpG
sbdYA1qWrohadiGUOsLzbtqJaHCF0+TwdVdQ9/d9ecfmmdWm6oHTqCa3zOG2urTS
JtpVFdIjtp5+5EYGT+HQKYnxEl+Zge43Yzu+70i9Vv+y2j8kubLLRXJXF5bX2Dpi
cyluo2s68DqrcXrLQ3d2ixmnq5gt87/HZPCykbKzssCQNhdgYR7Wv+01EZtroOL3
yvqRihxSqg6x4Rg44J29GBUL9b5arwRVo4pciz3F8WPP/jZNldLNqSeqkH+GSXtO
MlGg6s0dZlsRGdClr5DYCrLN4cqOA6VxCQvW2JiU+Jiwpt3XZ2v84WBEX5ZmKjGM
oQtVe8fx49OZHrnQsgTMYBdY/Lx3nnzrbnpZwIza3V430HUtClnKbanF1zbnNsyA
dn6aZVliZW867m37N67g7Yl9VNrB9Qwwg0pEA90G826vXoBNI8aao2ZInTS+sEt0
iuH8Wz192z+gFFzfD3cyN1HczxBdXaOF5A2pOUEhaWCJWZYhFCLBj29/oUv8ax8w
obsApX5/RJj4F0POW412xRCePCeQghfuhUUyUYLWn99X4V0ZqAVXmJhNUgfrmass
lUdPvQDm+FMK7v7Tz23Idt9nmuN70H5GG/Y0r/5e2JkkcxxTS8+yUL4SbVw3/03r
AbgpVFGYCMcug8UI/BX1CGlSI2PrMAg5MFVhpNW87ph2rOub4mJS7SESQvbPEYht
ZgOv6gDLCWluJ7QrxsGIUYYOwHw82nqertruj3oZPepIR6WFiDp8JPgTLn/fqaGL
gMdfGV+Z1VruX4yCTkVdd60MITN0sPCbWoLQqK77QMk7i3fw4PahAnVdasuF5xnz
/xUYoelUq0gkY/7o8AFjc2zSFM76S+XWZMrmnZpM7IiBx3vBSPWPyR1INQYrD4ZF
WpK9LVnAOtK5pxIlEziaqizSO1gp+DsY5JFa5W9TPpwbPw3nm3UMrd07cJMGu4yw
dzeokbYWSAAAu4qfjXB2RNHSw6HhoE6lTHIUJhH2+dw0LA/e48KfRgoUs/BA7E5h
qCVOY55mqxcYl4eOitv5cYPdJeeqltpifhwEIiW77YFk8bjsZIS3y/yiMiqbYb9m
+lih/CNy0gLa3TmhpIzVGcTtsGlc2eSl2/GAX4rgg3db6Ut6EyE3MlUquOuQ4eOj
RGufe7coSwJ3HqwvrFgXYIWNPdus7cTiuIq4ryIqFwg8fShJIDVf9XFncTXNdkkB
Fbxt2Bd4Eko5rXRn73wDKbtHKI0WclWxChNqGhkpydmQYgEV9GqHXtHTRertkVR7
sO4Ua2U/is9C5JVtwnraYPNnsggYYWBQUs8zrAiXEGNH8G0mTonPEvuWlay23SbA
KsnWxrAkrSREA3KX1klBsKhLvJexr5jezV/VoulQs2buTUa3T7Poa+/gygxaZQN7
0YPZ5FvBdHWZMrnTCgIPi8JyEmlvZAYw7OD48Gv7p7GjudPd3NtUM3v6g7y2Jazy
wTrQHVCW/BfBs4Qd+0NV4GSzzvGLjsGe7PSUQ5uNL3aOqbPcSanZbtE2DIRF8q4I
KyI2w+uRh/uiXk0xh3KYUq69xXMesnAICQxdDjqNE6Gcvdtw3NjxAaXUn8MJC9f7
xd+Je3t51s/r/VyD7p16lo9UXurR/QjtOrMcoC7H9+xnmJ4xPD1aB1Nn7zE6DmH4
uC1P8thxUQxysv6UVS2QuU91vC1jk6ioamSi7zbfXi/T11Z9pFxKxvjOT+w3b2W5
A/rG+zou4o7qO6ad2KWpei0ySQMVOW3XZN/7DcFXcQy5gGns3iWurW0L6R4bX6kx
QQqYtXQpDA8NxfBWu5ZyhCztkTXiuj+Z+YN0/xjie7Lw5wevJHNcqzHpshf9xEH1
mX7lWpcN5F4Z/uaG6hFyKmICCMCPNimEusCjpKSBrlEl2/ZfasAf7+nlot7gGRLa
+nEqpZAHK6eZ2u1cOJcqlM6Kd+kj9Igp8evi2IaY/Z1FyQ/3HLJE7hDpP9GpGJGe
alBt1pfu0IUyEJ2Fe7lJomcVreEXYBMdcPpc5btJbnsuamK82qCUaZBbxzxWfvGD
yofGz2WySMZWttrMHUiCVLx6cFa9FMu8ME6HjaoqN7FbXplabt2ae+lsFJZ/Ehmy
5uz/FTk0QqExHhF4uWvfoP92qUUgWnrT92Bua2CLMs4nGxh2b6pH6pjGLLmdNDwT
w6Z+Cy5FFazNnA0w54FuIGLyV3HL8m8Jbzty+uiIB4NnfpXeAmWvhqStV8GVzH/j
6VW7ZaZbg2acn1HMTSfKYa35m0RQlakc+1bzIqnLWMdbRB7Pd8mghNSHrZ8rrrCJ
yUPhO0A980KgzFJZgh/3eLG5eYWwN+6B3nlkT0vETiALnTOE0+ICP6D25yyiy9k+
iEAkiXY00vUnUv2QJFTKmgrYMRBpnebYE1y5VgA9etEUIOV0tlzKgbMYVlxgcK5v
TnLVmTioj1DgSPpOwkE8EKlRgjjc8lA14Ih5pcW6qgarDkyW60ZRHfLRsuWkNw6j
jFnRWskK1LukllBvG+S81ygPvfc1SIMlUg/nfqp3EF4i+1tCA5am5AuOrp23bBsw
3k15q5FKpsbn3rQ7b3L1NquBtPwIr1E5rIMx6pWXOs40M4GSNri6Fg92eo4ZZfYZ
BeJZy4jerGNxR4SE7NunWj66j9UumyVyE6EbgZ8ITuqEKt3lx9JMJpWHnkgeqDsA
K1YI/+L2zGRIMo9WOoPuw/WdojEEG+4r3JMAK3/fqKWiiQosStG2u54XExuUfTpm
Jzc1keEorZKCvmyhiFFObkQli1Dn0ZwEpx6qZbowDiMmXSGJgC7l9XUd+3mDzmJo
QPn5IIYwOIkdoPastOGNuuax7RGUOekjl6f+T9SoGu9eVu8sTVNExarMAnwReJTh
dnrdqWLzSNuJweyR3snwxMruvYE1yy2W9mxiQHM3Mj9apwIPmU3dtE+H9p7uP6CN
HAMiIUsegY/2du9cSeesA1re3B4Z1nJ8Jt/7wFOk3ob4Ox2lCk+U2RRoorBpJtvk
8P/BRHq3EoUpbNnoB89N06GQ1w5DkfqOeNQC5E/wDDhx8JXWUHnad54UWGS9++fr
4mHqUNdU6uA9wgUYUEeXkfUEyVlxY2OZAgKmb7xwAvfPrWxLadODpWMPb6dogmBY
icxx9Sg4ZOPFgBoSuwLlc+43NZNz++ziOgdIvtbpf0a8GJVfg3ql5Ch8vUsNIfNU
9cYkQg+hTn9RehPdM0QQzOXWQX3C0vFshV5eGqrko4z+Tw+7E4wfA16Hm6S73trc
4YmHZtlgtgvWPb+CvQvmmx/xNmpatBYSDzPyusaA3GRb+0vxeIMqGXxdoriD0qrN
lQeADPDYPcZvGOAYjvpn3UDs8aqKsZrqB88QUannTO+bhBUrjD8GBTSAg/Xj5yrP
8DMjwc5Q//QhiizoUtsAyDvsfjYFNriXiX0XsIydnVCqBQuk0h2spfIHqXT8+EIo
nNTq78WLbZiHqnKBNxWWCXakU7L5MeX16GlggHB/Y+klrWq9rcJEsoh68klYO4WN
jCrLweQMCmAAktbQQhS2TWoN4gtwd3lmjtoCU+97K7Umh0nQOOtOLbOPCONfxwLI
rnV3HG2gyILR9mOjQbAh70F0GjAgov4C8eDdzVTv9WL0blN2APdNT7dbW69Q/1Aq
Zh0BncXV4QH+TIH3A/6gwEhsrkCMeLgSpEDAsQgZgPp/2XQ0JjxlnkxnTmsDie/V
OWH4X5rj1uKa/5dF+RjR05EmGzbExxIYgI9GUx5K3JbDxnx2teEGznvpFa4o8fjb
dxOlpnrV/NWuQBtyS6Ated+0ngioqqaLDrJBRaWp2Wj7UIepTctAq3Ps0ZaJMGol
DRg4LtubSNRDDYfcnAbwvMprC1s4IMzLPjtVK7lHwwvqGO6BatjcWUN2qwbKMA96
GqQFeXZ24loj2rPYGD1vcnFkUHty+ZfEo7F/hdmwLz3/WCnmlBtGj4/ot/UTW3UE
VFTXxoz5m4JpRIm/eozcLVHh0FT4XviB8RrrrMqelN0dtzNTib0LnklcbAo7Fs05
2MMWRTWxEokIx3Qmg7X+umqUKehNFtz+DaSmyySZ2i+7zlnWFY9yYV38N5D84Dca
1BrbEpMpwxREaWTpnxHQOOPPmWAOpdMvBBePNinw2jSQxGLnJt5IGjQ1b+YxcDA5
OSPvZp0igRaqNi+Dp2L9DATcvz2o3VQtqRDwzEGZk35K0vSaeD6BrFOLSsVhSXWG
FaMKB5RaX1el+CB7L3wvIq2WsofM8rBAEd0ExLiyk/IC+n59WQPQjW/2UZuGUQiW
CtgTtpWak+D4V9LSGiET/kUBXor0R1DlKCPmqXdvkd4E//Gwfbg74J8vyZM1y1o/
dlfTicOJWZhqu7AUdLukBs0mo15P9JHXOg6Txgp/fpAGkYO8UO84AgHfpRDbzHKl
HGTrERj8kAOv7MdFqDwVZHIdel9+JMw/sUq/TvJgRwrOdiEKLOaeVrRBUoInAe10
RBFqcQOgTClPZ4Q/fVroIuoNxMQF0OnAMNG1KEDVYt/Gwq3syNH9wUFBLuEriOdd
OKiFmj+beOl0n3JDREGM9pasBDnE95JnMF7X+EDPVo57W+5ua549SctYcT7SrXzO
v0Y4LgT3y7EdiwQQy7eyxzTs1fkyFHcr0kLl1ajGLVxaaZWfMchfGIfyEYJWRLip
HvjCdUhPGjzrAkpbmhWuWbEbUTNpyi1UIzC4rtzWYthVIdL1n/CodIiScKCk7QOH
0ysSOAveFCmabvJG2GCXo7mcu0x7ruDxWZar3RBaLS+7gLLhHwZeZjU05E433yRc
2Wme56dOTguGIVv1sBVZjGoQsGg5h1iYBxc0PMfHBCdD8Bz8cFhsU3GzA7lvPAw4
ILtHuw1pMVM63YEHOeoZwPYUoriQsKCG8C9QDCJGXL2BL8b75b9+aZYojvRLzACG
YszVDnQ7809N1M7YER66bWpr7Ni1w6+9x2XogefKDYUwV3+cw9BrelaXK4xGJmkp
cjucFDnUVuTKZwLnmQ3EeBEuAJTdLbTQmKlZi7nX+Sgn5uiQRySg7gy4hAxPlNB0
ZowjiMIxrr9ba9MYUgS78xP8iOclFJ/C5WxzTAz5XzYcbR4jGoMpwWY4CHAxFERz
Tm3ZBqVvxqkLYoAts279KnjpYWwft6bL9acZ4Cmovb2wSzsCi2YXeHdll9uTz1be
Lx3eJ2P3AR80F6LMDtEIL7/EeYHI5zF9bBVG7s3xtb7u0CEAzEUG77vcdQBZOMsr
cMjEZ70fza5GFIi+cIYtPlVjocd0p4mCfSuFuBrICQDA0iLP3nqXjc+5RzZSkwKq
TpuVs6PSp52rikxC04IUozxpfaJvqRNQ6fusvMn6/ZinRbuS5ZWncTyfqZYP8JCv
3OHtdAyF+uGuqgycMGPQU8zZz4/+ZDXP0zpySZQ9WUiQ9zpqeuk8QkoAT1HgwnBE
53K8HE+ceV32CrS7EODkHRKoMI6WhDg5PL9FobgSfqhNGLTYEW9I3lQxD7U4a1Bq
MSu4z2QGHPwYjSGZ/aQgs0vu6+3SK9ERSjXzENKDeofah4AVooYoSAMXuKkEevVe
bjnUJBVh/SBMGx3NTlEVu0JBZqgbfpW7PHDmg+Si0TrrJVSD5IVWYYfxM2iWdLzo
GHuckDuw8f+jpdZtLpEoQhdzOD3iIiKJ+hrk03sf4vowSZSAmIsNhr2Xjxt2roFH
KzIHyuIOs1RDc5O1DCZvVjjoC+HbDwaFErZGEQgIcHgZqPgdaTcubsMU0ykmmdw9
SsRq83TpNTj5fbwrT7Nq3z8NtCr1l3PW11KwzbjIBJooX+bBoahkb0pG+Xuth8eL
HXmpoGViY+Obet4pzbi2g/41VK4Yrp+HWgc1ZqzlBWR7GxC6lkc+xY6whA00L5Er
3pBhXMNkyKVzC5hYoscocLOXmAlQVcDoMA1G3Bu8r1e6Ak+SYIviiHj+ElD67kBw
gIZ0Qruh5GnoBiwIFQgsKUXFyNDF2PSljsWcZyevAJBiue3SlANdztwWMZQ6E28s
NXMpF345BMGThDDK+YP80rmcwTrF0nOK3oDcn/hFKxNM1RQHHRpMkED8fiGKeX+n
U32xWYhSBzuBKZN2sZWHzNju81AoK6braMqPjRTxkxX5Lvy0sKkgtGxxu6sHlvru
26oZloZnCsBvjJyFw7Wqbbq8X9HXzGGAhBrBTCMcuL+TVShMbcgiV40GwCJDQ9SJ
zaVS8VFoAzYtm2dpjnmjLOAp3QYOhNu78cEtjtS4GXFv+5jPdOuyn2NC/3dT/BI1
mV0f3NKviHWX9TKLll7LwEeAkdycM8tJAXEydzq/Jyrj2Fk15P8ZM/ltzC85dnht
qljIT+8ENZSL4U1XFFTOXF7QiEpCmbenvSlyG+0xYb98FSk6Y0KoO1I++qcsr0UW
n08vhhv9nuhNRAHHcbR5ogv4S/Cr2yW5ChCht0u8a6R13cyJeHEtOZIB0Jr1+/yR
Jv+tZZRzkI9Bjtppm2W/W/gSMvXFNdx+C7naU2Gtt7fBBTO6i5bRvfy1bGEAJksE
ht0Wz9ri23JT/NfeL3rQuAfgbp2WaWQzCkuAgRZODnJedA0xOWm5rimru93eISWX
sDx2eQPdTxndKBxP6b9aFZrWmX0srW6jKeAQ5f4Quy2sXBvU2jAI5vjkA/wWiG9z
v8R1sTbkXzM8VWz8kJbT1uOEMFNtG39kQoIRq2lQSHrSFn/VhyG2wh49wG5giLB2
eUtnSUvo3miqqCDfZY9B4rpHLbeDb/3NYlcMMQPQwWEKKR20zGiqKmMV9/jhaIoQ
Tr3gP8TUhPeuC7vbS/IFLDkIAliAzgpoYllAWUwZmW5J+84dDPMrVStiQMK/CAZk
ZIBLxwBnH9s6ucxtZWNFaatjMgz3Y03Twn5GOjjOJB9eaR6SdAZxDTeODajJIuGJ
jB4cjm6Un8lZki3PTAyBFOupETWxRSczCs1aPnaZVcRWkfOV/O8LILxCA7lesZmB
IrJ5U9LqJLoluggC/4wuxCziXCRXLz7nT4UhxYqG8ZoJ9rjHtf2t1EbmpmT00D+S
71rAVNUg7Oep6ucSAR0gPQEA6T1sYehVYmIkz0QIJpQVP/Ls9ArZCkVpsmLoVhyu
+pU/HIn6mLmmnqSlAYl38M8F8xjNX8UsOEuJ1X62coaGREi0FWgmti6rnzzYx0DQ
8dsaQCHtZR+7+tgxYGrBls6PWxpP2gjwk2u/5kDiirRfIMhvke1ZKLmwK/DvlhSI
p25G88scGcwUoLhsIzPSfFHoYEIG9MPAS+CJgbiKqljpyhMZoKfsHXyHRdf9YrmZ
bemiWCBmwQK5J9zAcR8l5ULfkVC3kxgkdHff4hXsf2U08D+oANABAxDhxZFNMIvy
d6HCmDdxtzdeUNcHF9XTJ/YGme8gsU0PJ1dPBsMPS0lBw2TXJAkHmY01meT8/r0v
r2uYdPt44EwrLtWonChUe1LwMWeK0D4soADI2Gc+cGxt/CWTFRFbULZF4BRc+1N9
xKgCvub2mwWSwCGP4tHGKWpAaoTX2b6uP5Kb7N7HDRE=

A.3.15. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10120 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6474 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2095 bytes
   ├─╴text/plain 59 bytes
   └┬╴multipart/mixed 1600 bytes
    ├┬╴multipart/alternative 1194 bytes
    │├─╴text/plain 424 bytes
    │└─╴text/html 505 bytes
    └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500

MIIdLAYJKoZIhvcNAQcDoIIdHTCCHRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJY0bRwKmnM0NyOz+IgHeWMgMOX8/jDwHHrP
t0MXudwDeJwQDmKd2J6YtkG3fRjZx+MS7bpLReFPedY/7RAe5oW3JgENYa1HpIwm
aD/h+qIxTicIrNwzuiFAgWpkAArav42vaMmG+/Xh/POG6Gzi0KPeJUnHyySf4Tp0
AfyjVj25criwnRM5O747uUuPB/jfGaQpY3juME48/ncykOBtoUJjZRnRfGPEGXi3
PC7dqg1DU6psEBsAblddc3UiWHmvbupTrzFRZ5GJpQxxAiEP+dyYkhEmmymIwVkl
LmxiN/ym+SGbYN8M6bEyQV+fa1XHVz26LJIZNTM7f6ud9rZlRQswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAP6JUg6dihpC+SAwERMVQthSf
ztjACWhmPPjx4+npojd9dah/Wc2iimFnMUpEUzU7AA61CmqDuC3TWJh0CUFy+QdZ
TS4Z/46E4te2mimwnE/vh84lgRX0G7+XjemnjeWlfbbtcxjwmUQA+largOX/O78C
3Wq6s45zUj/3gAUDOaIrbS24/VdvM0kNjbflYC5bVoRV7zCrnsv9HZ5Sl4R7aU4f
AMPAEzt6JuNb56XLUeEjtLc/J1rg+by71moz+bl2vAHrCV7KS4rjuvdX5mtyx+7Q
RsxO/4U7edUDYP7xwoRJH7BJuQ4TCpribA9gExERt+8TKVw1axoZ8q0gfLklGTCC
Gf4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELIL/TZpjp5jGGOzwxBSul6AghnQ
2G/ggROJ0uuf9cWwp4La4W+lALvFdSImHu8llX0XfYLiBrQWUJsRX4pa4bT8jUPl
Wq/HHEZvS8ehM3FIlpxebnDey2FCxeAQ6Pn4oByw74UnzFeluL21PEeQeJTPbui+
sLqZqq4HWlA0WpDERVLbWxhMDGXLNHrgmy3tYGfOa7kP0mKnLahSRBI1FG2HSzpd
71pHqYy90RE81qK6B6ocsK0+2D5pPZHFOedAS+xVMhagBRJrK9em5mSoTVZPUBWv
sITwwJI7lA98wuX7WlAHwk2SGNrmq59wkU6hF8ZVpIg+ItMwDW9+5lKI4sEJy3Y/
oxP/zQX/+/GhQJSArY/Bc2k8dOcLZcFSGKglv46bm5NgDl0tQlg/waZHVYfyvDO2
lB0AZpiVnum8B8KueauYQ95Mfaq4p5dldBye09fCjNNOsPuPwmmJMyYzwr1+fmQR
C9yNfArM13+/2aRYo6ti+8nldGl+cnCQDBXu48KlLZH8oBIsghIEmMw+3wGVb3ka
TXpTsYqAQtjg6V3J9FFTNbyX8LlHhAUbs0I6lyDwgILSEI9/pQdbkTE8oqJ8qChu
wz4ZMwh89+AcMqInzKkhsOq48DbBLVeZoliknnJsLcejbM/ZN9tYVc+wqZ0YUmEo
gCmd56WDhEGwKoSz7O3reLmAjen1wrKH8wGIzhlbL9rja1rgWSC1PrlcPVug9ghv
6AlqZA2q7C+dVqdu2WhGgEktkccAnM+DDmSJxJxCzVjJomW9bdLoVxdvbhNfleQm
VjxPiY0Bxkqkq/JhyU3JcRpQ+b5XhA7q9PIhDRllcMOarUK4sMEVK3n38fZmaSzZ
xl7/DjiQn3EKwnEQso4/dajEdCAOe4cjRBdn1heQS5xnZgm0uuYajJ+jv35EvyE8
gXayeJiyXOHgUesgqNBFzT/Ld4qwQm4v64GFa2NHyUYcyqKpzIa1cWMKllMhaIbr
iGQun4s36wYtiUEaDDxkfbcMr1jDDHokB+nCNz3Gg36zBRQJyf/LFsIk0tQiCOBk
qOxMrcYD5x0GT8EDHKYtmfoXlCE+H5I5wAjK3KNlpWDrrpO0Ynp7fYHGeMClt23/
cDej4eqGpy+/OrVwQMeiJ/V2hL5Q0Qk+POhjUEadbPPw4XODQADBeT/y/kn3hWYU
otNWg7bnJYhh4pMYXCxYwFSK5tpc5cszCsaR0+CtSRyTVMxWTl56IWl4n6xk/A5m
surHCqVn33S7TIjH9aTCltz9pB/5c7/Lq/RJbGl3vw48ILJaC6qr7/w1eWJFp+tL
ZEnFg6oVFa/aFB6QDQHkJfyGa1A8AgtCcCSLPsugeEOMfYsC4ZEg7KooLxDdIblv
FiHFv0N+R+p8PHNbETNO9NezL1CIGgzS74xGW3wbnOlVbCtEJbGjVljVYWdpBnyN
8c6i/ASwjIMX4NuAROfJ+B/XS5Q2WTMwNmwxwsEBK6ZDEYEKIgiMstS5cwcIJ5EL
4f/f/O/7XkE6n2SJ2+n8wSJXQM9uEO+QQSawXBkGeoSVDptDAwiiRVpj+aNmr8Oe
Hqofz8lbdz6t10Xm9j9+DG7Q0kqoyLBnjBdwc2JGPlTD96BRFz879V/jgTw/FEyr
x9aGtx+5sBFTg5ds+WzfraqR9DSOd0q9xEGZ6gRKbN6LRI51q96rzoAGoaYTo+bS
gIL8dxU/PzDxEZ8GOnH110vtnt+b7lYWkLQe/K+tMmEBLMmNMsMHDO0amRU46xG0
Awak2XOOx3p9lsuCR453Vn4CZwaIXpskIDFo3V1iWIJd58tqHbVwnyizjpnrcnq9
FILQGrEoLhrOvP7S/utBsZ9PYihbD8aduzZNpNWxC/Lv8LSP1FTDB/ZPogYeDw//
wRxo/m35QFwfG4U7U+uW6Z/7N/5fX/DdPd4bw7vuJQO1JShB6PCfkK+dGh+1XMKX
/yI5PkmM7tFNg4y2BORcHGWjaKNp7/xU0PpXFraIwENhXSGT7mOWjvyONjaOldxP
Tigh3VrsWGOf4kyOPpBDzcdqUs8wbmp3F2OQ7OP8wpa2ou84Ka85rIc+RyjT+izE
nUAq/aT/agOktwHBAe8EzXBQDpSfCpTQaCfv3NQPL+QK2Ty4EcMq9FnT5idTnlmv
JP8Q3+Kk8oXz/bdkvW+dksfQw+yE8fZfyfwRJKLIEMzWe3HtOMr18WbVU3pHhwfP
OouEX/9OCZenycf8P3KJ+ViaS1RrRL/O21jVupUgcC7kumJwiYYYjH8q+e0JI/PO
FqExNOjm1xm9ZX7xu36KUawsw1HiooaI45x75ddQlRpjmt14pQJYNoaweOActoba
V1c550tHt7xlOIJNwhLFxIgN2axvPEdhONDLMOqwPjCvG6xep6wBagxrKHvRUjU5
XLvsPAeItrX0oUCvvydX7Dl6PmWauy8NCNlDZrxrcYrFHQdTWYzVUp6M+pt4SRIE
V8YYAvAavVsZBWSG9cYTEkiKGBnV07qPfrKn0gzjaqDMGtF+FOxoqv8EiZ8bI5c+
IztGlNoT7bpFoVv7Jcx7wNcYV9Xh+/+Y7R2GAaW1GN/A7OlLmezgJD2HdfHvaVZ4
KEZMo0QHuBoJLsqhS7XSLoLgkaq+72VPNI1xYpHC3qO63wW2K7LvxxTs7Z3na81g
c5brAyNhyERIqGLKUypxNLehBzqoA9/+VoBxnjO5DLpV+7lbVCXuI7PUdvMwWemW
DFzGgIhjZUf00RXc7/3mxiFtxXc+9/GcBwIluNcC06RiC1cqo8zGbwC2bMVKvrKG
7n+1shUyxz3QFKXQu/Qv7ZPpDy0QQvv4pOrC7ArCYi1K100uo/lfN7WWF3S08RC/
5VCzAaUYA0h1OuKbNmhFcK8GCHM91b2KBU91lfmbF6QNh0qeEdVABj9uBO9+26LT
QaQJZh+bBDQCzTUVu97wHfbQKbd7xy6epVrSoBki9uAfof0pElcuTbpSFtTtgKzT
kOAWYgmt9QE8ZEqjf6Duj2CBkcXqFKOEacx6QoUxC/tMMrMN4w+4vZyJp0k61/00
2TgmIUBekdqFx1cg60v5G2ad9fBB/a+q/IwIPI+T5NsepMxapvH3OfqBIfPCLAg2
3SJKuuPa/YYr0i1z82XHKtbmFwF/pVGVksiJYg4mLZbXAor8RXzAgATQEQ1Xz4XR
NLS5PAGD4KpY/EFnROv0Iq56t7mEnxISi2TolvjtWnGkML279EDZjBycik9+yRAy
DkBcMhe8WQdlPKgPXlLLUWZE8QteESP8YJSNqyQ8sYB/W9JzKSmDPYgwHOl+q2P5
Y1gY+h8uPLzv8Hgbs4WvEq3ns2FMUaP6XuuMeWO5qAgAirUU5L7pNLQUB569z1NH
GSAhjSAJdhNug9nuubG4upaWuc9DGMbPJe+EC6itqitSaBtL5lxu0aBa2TMhjn+A
PQEVzDMf78TQSUhZy5HJnj8c2DupKL6i20NIaF1doHHgOHXRxS6VPJGxq5X/XanK
TzMV0cVB2cltkcf75/JYu1JALe3o+49fm+nGUHrGlp6eHqXo1RwMaKFh/2Kw0nVs
nivNX2mAoZAQRlZSJJCm9KOX7AtcY+uo3E+9wmNX+3iCwudxTjWNqFmD//Og9CED
aiqxFmvJF5AopqL5peo/BqH0BsEwb8lbeR9gSP5LUKmFFQ/Jeaf+EmCznUfMi5JV
q2GzcVsLjsKjBipSccydc96D8TXbWSJJop/qz/47usS5kAlha8RhEDCKGe2s5mPV
MRtJ+Dgn3HHzsVf9Mhb7IWbrq4W9jG6elr18hRxs39FhzZD0ovnFXPdiR64caAQP
gyMFBrUdR4AMXahTwyl+rCtAt7SUBjAyIOXsjqEghENX/M/qi56IuI8nWg+cJtDL
yFWhq3oJ75wEZGSX66GHMYcog0NMes8Lx9rsvBun5MXfmM+Dmq2VHjkAKP4NOPlQ
jXo+kxW6YjfPGRAdBmlWrXqRqJljN8qffpgbAOgIF4uq/QD0dRx+dUmTWIAcU3C3
AW7Wux5f3w7AUNZDjt39eD0ivI+3jgMiSUGxCp3yZ+dQ1hxjnpq3YnVCTU9iJJ2r
MXg8pOQFK4ofZB1EmBmhxJd/2lN1WAvAJHpgFXGs7Qy89WhY6RObYwvBPpkULu2D
aWVc6sEPXCgdBiSUd9fFbWNhDQd5puLpEuqLftejN7WNE1+Db9aiIlA+v05T3zX7
PYGxVGuYxf/P+Sl2wBR4yl8r/vONAyctAALCYP/KudSIgXQ7zWVC1klAjqRksWmK
SDtNmnXHlMfPTt7Av4vHX8iZrz6sOGpMso9j+Sdo62Ppmbwl9vS8gbZ4zFeelkXh
OXXIbRo7p3tMeFwsogY/7o8Y+9gxep0rm/w1mTWsQRHJr0t967Ki3AUrX2HoIa0j
mlOL846o7a1kMrKIK0FdFmWUFV7/iWbjoaX6GWJ0ovF5+KffFmfF1jPYDptlKR1K
PFjDwpzWuIu94fmDL5L7KcMUA/cGd4eSkXaIpYjNBQZ3QD9kqzoT2KopK2yG8DAX
ScKlkB6EehTUzBIpvYRA2pA0W1Lfjnbzn5EU0PWa3sp2Yq++C4fURxEt+8yT8t6N
WlFlqUJRQfWmEf1ZLHTA4Lvi7/HUN8JZDfNw7wckorMO4ZPWYI6+zBQmhx1IiGun
PZ5s+lUSQKPi1uUArMwfcT0CkTE1ebt44z02GEyLyou4ZelKbz5oXh/mz7qyUZcX
U6WcaNHuvIu+3r2I1RlblH1FYHB0/l6CQYQUPZh/GvVTliPpg0VqxbE//9zTYi+R
JF430mMMRXBhiNvJhWEfbdVr2YQXQKwN8yngzIlC1blCWWXE8LxrSb9HWbUrFmpG
XcHg94A9B3uUcZwX80AuW8Km35KgCqNR5se9r3EMWeSvR61cTjZq5jU9lwwpkGdD
heD7fdGDLq4DRktks2jvwn4UIm7uEu//7A77jhhvXgxv5no1EcrctPsMZsIuSsp6
wUlMgY07vUuRVTSxmdeSwUXzwTPKqsSCq0XgdPe5bEjgIU/+jCTQczYeIUHqRwLj
5qay14SkHSEBv29pwEXTJg1R9NXYQ1J9GtPtHrrS9Nf60YWMbsWvCdeM29BYHE0A
4bZm0KrNNtiQcQu91diLXG4lxsW/ukLTMndvp7zHbKdq0dX0I/uewQsecCZOTNkb
o/NyDKUd215Mo5LOTQtvvgZ5BB1bB9y2fWGsRvGbI6rZXCcEa96PoCaNlFAjT2tM
IjEiBcc/5T5qY1zNcw9HgU47GEIY3iTVNTVAdDAIfN9IIt3rWFhjiOgD9jcGBMyf
O9NNPwapxJ0QDzFBgOxYyQXe5u84T7PTxvsJ2W9wYXawqx+yr44zPrSTGcRC1ed3
EH1VhSuooWwzhlXFtRKure3d5K0lGUoNXwQAlqyNPA9GoyjGRdUnO4RY85uf10za
76z8OfGYqxnxyir0ZNZKhCqOhzGI8I1/mNJ/tvmjfF9hLbNOXWajrL4ziMeb1thT
3Oj2sTLyFWlEcakU+4XhU05IAJDk8RyqRPXD9mmiJx5h9pgAaa+B4huIB8Tbx6Hh
jsPszUbkzFNt64/+C4y0Oq9c501ZPBKxiSx5/1U6SlwkepBL2TZjio1w9fACjGSx
/OxUjlZNpWe959WL9eG7GICIy9yDNWGvHiQxxSZZF6mlN9ob1N7KR6jpKhWyKIwh
EukNuUKuYYqBnLO+nRNCuVJpSPOmXXmbTcPC5QRTrTem/krg6cGRMP1qCQ84jJDB
XBY+MX1QqAKrK/JLuydUrWjoIeN4Zpw8USZEaBlO9ZNv8ZJlYNv7Y+mkz12ZbnmI
8cF6pB9Dw16c78ESuwTE+ghGnPtvxZ5dn15oxlkryWIWHkOJod2m+3x6assc2ADa
HULNQRYqyR1RgwUysf6rQLMT0WRWOEoqn4n/SuvPpfLe0VylldnBMT7Q6awFkTtY
Y2kWJ3NwP1G1Q8rcW9wcXj6+92XH0NU2sn0bNei7+wK6YnLL5rGgmp5QjPYlYJrw
sBGZ4hPtxmmuAKRWtoy8+oyT0kHjIEmg7nqxUZ3WJjk/SxQt2j+mYTaBPvqrIqmo
g0nxu9cnUVNJs1ScnF7Tceu2GFtN1yaBFZlrkW7uX9FWL94LtGletsVJlEPB4oPN
dT8x2siM3HHmqdCUiQd04oRUYG4A33NwI2GlI6RQ73deLlEJqUPUqhahyA3FvK6K
lU6x1Q13/TUj2satyjiZe+YNhlUZXmwTinPb+pUtsuo037yt0JcXjqdjkTEJc2yk
gSKWwYZxQJtZkYRme1TnI0sciULrdtLNWQ1CDR+V4lyoc+6P7w9voCM297Ip819b
xif6PKmHwNqdigey565yB8ngz8JwLtvq2BbbQjmm2QV4nMbeMJGkvwDijp5q5pTF
9Rh2ljMBcJq9EY8w0fYcEEEB0PNF8iIVPoIvJNSfUIPoWhz4ocBxQCJTlD9ZhWMg
yCpOuYjcLm34O1swrvNvO5hb5Kvz0xSMlYhC/bU2phWV3EmnS4DBvZCfNxIUAok/
zfbfc1B1AzJ+w/3X6dRRcG3tD/zn6GXT+SBJGOAKZ1W7fJcNA0a8yzHq6IkpWdjw
D+WeHOYQUN+UPiF/8pN8xPi71fyzJRpqj6s792yudJNvcg2WZEf0gdty2LEkQ52Z
m6mVcj404cGhyeiI8Sa4yD/LP6msfMUB9NGxKpknMfkzE1STGIuVr+3E8wdkLfbL
Tl/HyfO5GpxgIb1Zw3i/EUGDkd1dy1qI3nq2ILccaYJsY/LjHKnbjAltj/CCyWqB
W7rmbpHpqhNEHomC1on2C/mzN/Ea28tzhci7bErT2giDHVlqqfaAsaDFGngmbOGx
G8mpoj9yjrrew9b/KfUjd+eUzuXoWlFVqmaj3IEIGsSK17dd6TCOYbujDyRNfpVf
nH9H7JWBdpdH3IJMapHuKVj3Gdfb+L0KHgAImHMA2yQQQxmluvLZln38UQuM2a/B
mXHx4D9tIzk+wy5F7atOqH73gx9KoZcQRvU2E97H9y1ddcTTDEDhhohuupn++5ni
wX3IE2UywQEd2TPYWV7xCx5/LypsNG+tnwLneN0HFrXle5Yvt+zTKiZDlCl9UkOM
wphDI6TRyOlIuvK7h44fTyBKSFoSYyev0CBLDP9tUgo3oSR9zlcDJlP0v2XPoCQ5
jTlj7L96h1JQnKX9xINc5bPDLocMG5ht8q2VItRHtSEQVrZtyVqokJnRtIVDR68F
aho1hjC9pZoU4fEB6Qwpsy1ITyDdkstjuYl71QDChs0ceoN0xx4TO23czVCLN+z2
UF5zQwK/fwz4Zf8xpStxhoqEfG29dkXR1y77I6hJTjmjxPyOaWw3Ffw9fFU2mtQA
f/DrlheHMOyogBSllBX1xXeyD7tneLVebUK/RPzB1wfsxA+t36+f4X0XfI1xMbWV
Bd9o1bxgaob+zASOSoVhpi/64FCReUQPTrqQlyu+5rz3GsHSVxEBjV3K+F2ZFgXH
FMt4lj4LKlErUZpLKS+PsoR4Uc71dlrcTni+baJtgsdkuUCnLbI1o1+c33qqtWyu
3MD2OOEkIO+2AReqvbhT0R6BwkZGlhU7k1sZQcmnjS+wUR6zYRdnQ52zJs/fglEH
fwKJaRagDSb3+HvCFsQVcgTia2ppzcbnORTYTfHiugWv6TWYBLOtOh3odigIrMZb
I+a37z4tL2bBR0engUKRha///Hv0HX9hYj6HufnHbrakx7kJ8QDiM7/XbHmp/EFa
QsubLIXp07htSBG8rYeyFcnY5DCygtNRyeBa4gvrQxN/fsssay7wDPylUjIc/83Y
WRxvKlsONECIPAUYovLO0AvHZeZsoes55AdGyzqZqhCwOUNwwZknmhL/3D6sZE+M
8acu/0dBUSVkQKceswjAlK3mwHoMV87E8s8Kvg4g7/mpZbZfNZ0ux/cj08Ilglb4
C55JlH7H5a7rueuUdkAedi/QB78MjZKsTFHlfeiov5z7C0zv/xxswUxTHF0l5l3c
N8IWLrgaKG40QoFhHjTPe2QAmgXt4Zhi5BCp+e4JqYnPmmBrw4GjwbnMD4AE5YKf
SI/JkCSQTaGeL5cl789uzqnVh+wT0rft5uQpB8l+RgekwIqAcwmeHww8VvTIGtB/
940B+UBeiWsCgFBANm350hrfLn/dh7HwOemg6CRbmNpBGXpIjWwE5L6V7aD9T5Qk
fPZgmPkc65oZ9S7EejomfGH30OyUr1oC2jsVPd+1llLYlH4Wv8pGWzkKYhXmGyjj
TKOdWcOsc0/9ChR0cHy5b4E0NVKm0wCoJstY+bgpDRYbA1G3Urmmh43g+pbfZ15p
jVnx7oQmlzeLpfpWcFZbJ3NmLBb/Y/QmMlmoEtYbakYkbLYgB2DMrBdM3hN7Bwi3
8VM3WUes9gb1xvz3X4IEVL6Z2cAJDlxgyyFD6dtFlvfc/ONoZXF+pydrWQAalxQZ
uDZLKo+pdGkVZC5bHtHQd5tc2EmWiNawzK04KhEVkYTbO2KIYWQvwoN0aiDZEY40
Gb4Pf9kUUMCI0T/uG75DqVrjIvNooNPWOUvE5PuVN1sK7vK9sKxzhHgyElygOCRl
VOzHKuB787LgfyXrHlTfY2PEIOKCqa4FuYYT8WTG/NtgqVjDE2yCZsHu/qUXSe+9
EwfhEUDwS3np2N9dwcMUNZKvefeOnc/7D57Z5xCvsioU2yns/NGMlbewMpbVaDjK
08G9pfLq3EDTU0Jw7iAZgG2duaIouYgQS1uursITbg2npAD42JbQ5iebrRUE650s
z2rLkM+/7/tz6TWhUbcIJv1BbP5M+xvnWwCCzvm05Rm8CrLzgb+7jFbYHDIaaYPE
gfGxSiuIXxBYyTAWPj9iIiHuCwr1BBw71VY3U2gRqxk=

A.3.16. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9425 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5974 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1799 bytes
   └┬╴multipart/mixed 1735 bytes
    ├┬╴multipart/alternative 1114 bytes
    │├─╴text/plain 373 bytes
    │└─╴text/html 457 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500

MIIbLAYJKoZIhvcNAQcDoIIbHTCCGxkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACjMzFIXlc3EbymBS0JPbwPNsuC8oupYKV2Z
zEPTKjXpbK6gAq2DHXW+UN6VxRnuK5og8/5A6CH1qssj4VvZFE9BYmVtXBQzdSYg
UB1lOVwT16EfEhaHMPlw2rZ6F7hnMApYrpiH3oMNzDF3L3AOMRwwu4botbDl2ONY
KC1TGC2i77Uy3EfyHxO6yx2mOvL2xfzXf8lu3uP6j0WcOAI/bcwmMybxP1ieHsxp
MM/wy92eu4cRreEln/W+FDwp2PCTEQE4EMeJvq9ovQjzRSa9EjAsadZmJ66KRbDH
OjIxpVISEgPCSD/nmY68P92JPWt4lySKmjm3Z4tzNVWcVYtxKNwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAI/LCW328CZK5s77+nE3oW/7D
8ciV58oIhhU2ACOcQX+pBSXDPWl4DcBF0PbajRnzCL+RHbEDOpvV8iIv2pG3izDU
XKvS9U5iVvFM9ZsCw2aUfOSiyw1sCT09gVMZAJc32hASFpPZDQvQnIMG8lnPMHaH
nsj0CFc7M1RNcgrI+5hLoc3YSZzlv/khKsj04/TkKtfqJdhoei17Ch3iMRXLXHcT
J5z+Pp56onPplEa3l6SFYEqj9l5k6aMqIfujFipfXU2xLN8wthVGnus6wroDde6G
Rh19XCDBTwsqlr46QAOUMie+JOx6mA4anWEDK5UzWmkAsJ70afNOF+TWxpTX9jCC
F/4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENOmE62/eOPyBJsQx75+tcWAghfQ
RlceRC3Yh6DhNhJPej5k0aSqZp4yYE3yGFeQ/nuY7KjRFQ43ZJ2D/McFrfRQrox7
2JXDYRlN1QDrFY5Ik1CkCArMAH28D4b8+VUH4bLD/hjoCti2nfROXY4dZaBVdB4k
1sOplPXAHoy5gK8TeMBToyXoIwdQ4SP7BJFzfU1uZq0JIrC1Q7muA1MM2AY+nPhU
fMv4zr7pODpQz7YWK79GeJVM1Xsu40gvduJdxdt19Tz3cqB3Vg64nU08vDXp5A+e
fP8qxogkv2pOn+hPv2Etg6TIpZYdcfHIysbQYwGjkdrXxFoSijD9Ankc/OAaZCvm
WFv6+GIff0jk+lI7vWje107u2WIMsceo5cXdVhBLL4u7/x18RukgCpJF7LPEvT4e
1aWzI6nfCM+yz7GucNXeRUJ3PP+zjmDyzFJg9KvgL/fibz3G1js3CibezT7cWPDy
9WeLULXNgvfd6qdeRAk4oW0NN7Wk1ar1Dz/LOyv+tC0YVx7B9HkplY4x9XP3dvqy
cfgTJ90Z2b1JN9YKa44wGN4PfJkT8ChCpaw+1L9LDZrTQyQAzfgHkAKTTazOS1S6
SUyz02sM5cx4w/FwQzdSEyHZSzor80DffYiwSUQEgvm8aO3gYtWGvRdTQD9re/yj
cotzfYeezN3Z2gr6LdExUwyykvpctLjDM8IAPgXfcaJN90QHbfOPoqOCgP/68ohS
5tY9getzCcNE0UjwWxmkJIRBCoy3IcCKNjAtxwaEEF2Q3Ummaw7i0VkvYaN1f4Kt
M4uYYxV+Jyde528ltqIYcAsB7+P0PzJ+192TSO/zA4mCH2PlpQZ7OaUsgY4WKo6h
oiYgTNxNgD1I6SlhqQtRkuQsAOQcVy5rpss453xZNBU7gOlbUygMMZ9M00TDuW2Z
cGGRi5KtHOxIVkdN8R2/zFLrtyBXIm+erRUyfUupYrHxCQr+BlZsLWsuMwL6nY8d
beWupZ7uD7l9xdbKwTuHDXwttRhzRzM+IkH5JUh769T8IKNU+DpJ8APSs9sn4Q9w
y/fuORtJIHKMo6WmTyV1zipHd653aKFL7Zz16rYz4Meg/qsKxzyjlH6yGhgccENV
2xa6DXmbLMvKp8eME/nurEB7g0ifozwMPab85eJDxSQfPktofgDESqa826WGQI88
rzHyw6BFBC1uPn1hcMq0r6LR1zPhAcqQsx7zDahTYRspN4xSEUe0p3oPJ9tVJKvr
mHAHO5GpEx2Zs7RWzXLBYb4fVfrCHu55O41EbXWU1ROX5JsVJS6+lLUQViqUKk3F
tyBIYZhylAGEFHft/J1JdjNz/6iMrsXntiKNIpRDSkvQdVUT78+97rH9t5DbetxJ
NnH34n2ZvQEuNghL35vBQv6Pcs4inkZ7OLY07k+3Zt1Qogqxlk/3ZZYQ4gg0x99C
6bS84GZV5OchQR0h6Ci+iCiR0G4+koTYo0BDZUa6JNR6kyX1LVPZys0QSbwi34BN
n38Aenw57CUUkLigHfrcd+kw8nfF/VjMFda2wayrpQ0llmYWMkM+XfUtFQjplZ0c
O9sdIQdE9G5+bG7YcU8UZfyl/UoqTBELBLyVIR7y7+80IDobuErkIi7WbQrs/rkK
Jzx1lI7Z2zR/Cer5pTgaKURcEzGEyHwUD1jwNdpUstVXgSLz+Pe0zdQOLucAVgtG
Ct8VtAE6xpdYl9KxU40Ke1VH/FU0L7uq9Br5QBawLVvH9R9a98JgfKdB7Nu4teg4
P1X8IWna8kT75n1V5o+EcrZTExyNPgQJyAvH00tCdj9cof0QNWQ3gw8RitEGIocX
+gWqLaeFmXX0500a6a5ypQHQuU6sUujZMj8biD0NaboGN+wMiftu7fRZBcxS+3n6
dYx0pwlU6CSrDGET03HvVVWaJl9rJ1iGB86Q9VFXvELvwysuR3IpUxmlH8LDyb5+
LHKxe0PIEEO/DGBPE8YFycGXIpOUGeO/NIRYXWJy3nF5UoVbYLuBrB5i98WB3CY4
RNsk5UBmoZ+q0EKmzasXgCYc+nO758kBgNtmnVyH/cRrwrQALA8oLm+qURNUF1PO
vIrQkKnFNh6QH/K+mJEPMQGzSprhkhS18WOql2gpgqiVNbUuj2qQ1DC/riJZOF+S
b3wwGyBN/0WmTs1VxM7TjyWwfu88RXE/SozKwWbpHrOIY10kQkPxtE2zYACwrXEp
TVZr6RTCbiazzvaps93hXruLDXBKc0UUUn/wTgAzLyCVuNl4obrl9CAPDkZIgU6M
sJNArE/HJti3cvWTIavEOf4ez/OTpdzoIsnyv31Wc/0QkGk07qLaxq90nNwiWPJq
J4HsMDwPzuLhfg5cOaA+9xzKzEEQQquXx3UMKRLht3/i4mwuNepZdYpGz9Go7Zal
O5ZwzzKde2H3XGa/3wsXhXYfFD/wUagmDYEmILXwFifSKLOo0GnX7E4zR40T0Kfd
6JJ76u3RCo1j7BMas+dbw7RQ+X0wCd+KQi0lvd9IMZ4Yr7vurZnpGRdQQh79QHbK
l0RBMx4nyEsHyUQii6VxfmvslF5yzRGzePQD6HW8O6LTci96omIBsdpSt4rSr3CT
Ig3IP0gSNI/H4pu90R5XButCbu4fJcNFmb1VQswBsmwTXl+5G0QTVRoqst3a8tAI
+4mnaR/uZRfTt8LBgMDK59jSuFNNWxgrCTUm6PSRaqm/9ZVcwvXHLWXNFYFGC+6L
tufao/+k2Bphx261a/AERJyRJhgFF1gDyA8G74wfrVcYXXLYwNSP0sirYsjN9pE4
RVMFNKYFaLsMyYiBAJLAoD0waXEBg2/kKeBPKhpNr8yIgQoNbpSxYV7oYqHCtBtT
k6o25FIj2MXauDvdxeN27drfjXM40x2Jtm/ryuBhZkF70do8bqUjMWEHkGxbGUa1
7M7vPMReB7lfJeJs+HjTYrhHXqtLsKMJoHD64boPNMAOQnaJTKT4WwVt0Op552yS
rgc9vhaA//BN0oONV34x293H6Z7l9aBY6Su5xp5frwgT4vy2T2xXYASSN6ewGsN/
TSyp5RV7n93PmeYxcssAxRGs8Ww8V8AI8xk1Wi+hRxoLy/IcxuIKajUzdq6XYEBB
RzAQslcM3bXpIA7xM0OR3P/grAqH1Qhh4zBGouljMH7LWRUqspCW4xGZdBAuPogN
JgbQaijQzPL8I93qw74qce6qTVTio0EK2ljRdOQ9Q1J/teG8hfaRlAcC5QUAr3GV
X1Z+CjNG8ywLaOyyYHoQ22yRYmiLuKkR93u79W9gogN8bUE3Qrw4wPxLOKfKZlQn
k02QnVMrHaQAcY3FgXOpdvMC3Gxhpi8AQzF2OWQDo35UHDjB6rTWTrRIxI7O5oxN
icVPihJ7XZF5eL2WpISJzJ+zj8tcVDA1GOFiNlC0zF6jHEUEdRvc++tOSao6Ckwa
+8sfsmoYRAijrsKN/BW6P2NC5K7KH6LwzySHdJNgDofW3Ekgw+mrSK0TzhrE3F9h
R7m3/mFa/22I2cHgAti+uF3RSL3xli0HOoiH53MM2B7G4xpkcTCWO4tmqfYBrNUI
BnLSoz2yLxWYH1mYGnH03ooVK45N9/BGUadV5ByQaB9nC8sD3BEft9wTxq0jRBPn
eEFeiIDpbz2TzkJ5XTrAS14mR6jaxT0gYfM6T0YMhlt60HHUujWtv3SMoC3JBXiq
lx62lmdvxvJsoxmET9nTA5RmpZJPUSXn9R6jXVNg87CC3EHXGYS3SVyGT5l24X4x
90mRan9QiF+a3pVjQTt33UzHgpW2hwrljL4OEik9jFwXf4plGBT8Itzdud4P7Wqc
4Lg3cbsBe+I53m3Ghy04tQ66fggE4Zi23OH6DxljsE/JJ8DBlnFA5kCBvLfAP8zc
ZLbOMo799nbexsfJp4jo/0TkFzMbjk5Rp0vRvJlxqCxZiMpj51FyPH7q/hd3wd9f
s06pJpXI4AkUXxeMl3EDmcYe4e6lR3RdFR0Oj+uHlQQFwvQSKMWK7Jq6K3bK1y/t
DfutHObp05kmTjgoAEJPxcuKV6y7bSbPc6LHKU1SPg4E3hKHVK7e1TQqAbTMp3du
Hza0QeEbgXw0+6/8pcC089XAoQ9Et/YvfxmYLZ5LMGfYkAfHsmnsy7kKLEOiPQNS
ZNwef1XUfUecsdGxg67Y4E0y2RvivaKFsoCrFCKVIRXzKIIwVUTo/qyDmbUJaI42
SsqdxKh0S42Uj0Ey8pew6G5SJuMK3YhOvmraZeVqJvfpQxj/FpEzQIqCKMiSF1jY
H009sESdyCWH2F0thzranDGRRNDlIbwv81kaflTgl5Ug5Bu/aoPnaBhMmTd86YPs
PNjBFdcr92jnEjj95zPhy2nGn+o96s/dzrTvaQpq7BIbtZcZRxvQEkY0tYGoZ98R
C1M+kKImegPFoU+4UajtEnPVhbPxom0kZcPffJcS7i4nRPlrXKaOZnQ4Kc9jxwIQ
kqJqXakWQqGri3vGaUP5PIfdbEdjVPONpf/WJPMHCz1v4fn7eEsu7uB1livaUVpz
/vhLzvjMiJB4D0z+B+YKDKmvtnGK2+JNJbwbYiPTaykXBUXxmTFMeClhvz0yZRST
mWtRFKopcKiK/ME9roq+FpZOeRSPkP3inpZYZQ6UpcfX2GHa6sVmIAIrrmPKjWsQ
MFNMQXUWT7fwmHRzZhWV0jzDzjPxAIaJ9PAtEGkdOwAbWManCx3G+gju0lJV+WtR
NQurz4x7mAotU2E4+DwGSAw/XZO7E6Ht+oMKDI13EGzc3P+Tbceg+uoUE3bncrr9
f9jOXKf8fL4OTvmPeLJMbgzFDTYs/vPzzSuL7X673geebfFhagavUweDx80kNn7j
ywHTAFxmWEa8irFA/pof3J9T4kVFspdLQoVoLx8PBoCwDhU/12jZ9C4LgbWLbkMh
4i/eP8ULCiEvw2wNMKt+BJMv9OmDQ4oidBMpxYfKeOullKPJ5FXKF8swhY7XZV7U
ku2PwEQXP19Ry6RK4+KVWZQlJBS7/IBggyN8mVx0sgpbpPPk3vmesSXRcuiOQe0Z
3nCvCjOV9A05lk+zS/+O4rwudTmmf0+DJr+cUa0VNSZLNsaykm9HF5txo8Hg7tC8
cJdtUI2UBTGfc+EAzpbsv1hP0K3SHABmatOuJA8YCOdIb4LWyxxy3EcFsHXx9UhT
K03riK52wFzaoAkZJnIfx6y9GK1StAQCKaAmo3OrxNWajKV+oWT75ZXfPRa8Cu/D
sA907g1qT87WmtVHQu5JFE4r2NC52B8bC3UIJVOU/qtijVPhAkundJp2yx7q58hB
Vo8A3Wv3U0XMpED7wbJBKO6CJc/wa1Kx7RehcEfh3JZhZvYSpbRNkhKBFszW7K/T
j+Tght9wozEQoc3uVsXflHAN2mROTOT6axo234DmJ8K3jUlpsU+zI3n0qwF6VMgD
5Qi3lfsbBISRsVK18OtRr7XGGlNNHCnQqsyi0AoTbHSO/N+BhME2jBw4IAh2Hd2I
0ERKvOuFsy25IrlSUwoTcS0wDR4gUNB1UE+JMRMY96uGz9uYhNby3TnNUclhBGTv
jH/rmHcIPy6+RAGhnC9E8ejcW7KJ2hwWkvMRl/wsR7M3OSzy/yOMYzQkTSEOJ0os
cLB9ROASnPBp4ymEoUuqxYd6L4eTxlnUlcSeJK8PI9CspQ2tFCoMs1lJh/eFwp7P
FlISQEJh05Wl7a7svhDpg9zsUNbrqeyp1UMO4f0ZzQaXK0xwZzUVXoPyCsoS+TpO
zAp0isrlLYRlHPZFkl+1GctlX0/ho0UqNdhh4v383mGOQvuGridR1J6aOOBUeI3t
W5ZbD1Z0lZOMYHQRHd7UefCBWp3Iv4qd2iyBoW68JmCLrEnA5MQtBNeuPRFztBjS
RrjshjrpqthStLAORaX3I7J2tEilicQXD8ohSqRk3GBy922mc5F1RWV5lem2irva
Vq+gz6DsGaxwdF1AZXnngDw3MjQyCYgMs8ecGOoPr+hJYguhIT0DCNGFix8fCWWr
joWeejmNokbN8ZDadID9or68y2iCVVVX4N31yxqWUppojT6OiEs3ANhIG0SA990e
6yaZH9fkG4fA/GoiUviFGy1qaulO6jFmP8M3FDZ0srLnJAf1PtWgGOpxXA+sW/uy
BSnRUm5fv60rs2T0NsQYPIMoBDwtjcQHKH3xgU4NA94EDi+BGTBVOq3+qgXVwPhh
0HBDQi6YlRPTDB6Rq68k1ybSxqxIjf7Kin/33fn0q8jA87kl5dLvnTHskZ53R8O2
QAPRABkjmOUAyYWZIaNU3GUsQhNDKnAi/s6X1zM6YFmgcFdfZZic2N49DD93kXgH
hjecAv2fmgsFbYlHb+t9rTDX6IQk5KolfbSAsYnFASwn0AIyKnkAkczEGg/p+1oK
gLp8KQj7dyG7SNI5azVdsyZZxGkzV+zmgfnN7mfGOlAWh5KLvTzGFwd9EtlQDC8z
CTCrzOKm9Pa7SwSQKIOH4o74XXgeijCTSIYWwRDqF7SWF+0E+kQ9TiMNl9cjG20P
VWvHv2kMBdCXEfBmPCwkiqmgSIP4txiq1FvS4swwnoT5WzMlEi/gKxUkwC1D/o7o
d3m3ywLOzq2co9zNNiuvlxblIUCCz5MbCU1rz19rM92IglljN9mu5g476PvzKHPt
K3fyU5YxOqhlR1JxUgL1dl2tMtBycqUPu/eT1yO6ER4b5Z4v5jzWQ91a/La2l/tV
gllSFIQ5yGPB745+CZ3uCREOAFnwwXYw42jaV1MxJptchjJHY4oKFarROlXF3Oe+
7nwuFS4WMkCZuXXHLevrRBPa7F0DX9tRDs2fYpJeEfpOR8epvB4nglk7x+bL0RKd
xrY6dRH0cS1dJ5TXTWJtvCL/LocfiN+TKJDhlkgq72I8aKOZqxhqDk81nu9y3tbt
V9QGTzXhtg7KzXyQacxYUoTHHCDopEVVr6CNc0PY1xGN9CpLIg1BTduuBlIoTJyi
EBgE9dL64xi/D5jYLsV0L+iWO/ASRYEhKzqETSyPte8kWaqvIUUgH8bQCI9rJXab
mngAU8eMR5Fdl8aXE//FCpUiLfK3cMQtKZn3q15gymnqSKi0BSZoogU4tFQnyC2E
gghhGe0fsdJgUbWUqlTyhtFTGhNCsFtooFTWVotcPAuo4CiUevm5v7Yu9xm8mvX0
r4S6I2bBoWhyiosZcd5lZensmUHBAwoHgKuJGAScPSfGQep5nUXcAx8rgW5LOq4+
0kedmfwIvcvpc0WEOuycX/zFBHgZQJ3bnbNkBtzZf2xPg6jW+BRi7vOlfkzhhOcK
fSwVELORItBGxRq5eysPrNnNhsftJPv7yy9boCE+MwrwH6WGG+4dnm3Gj6sNKdZv
44QYT81muB6IDi5lpbK1PNEsko/Yxo07eMjWgx3ChnuuNdfgY7xWh2gnqBFvF1b7
m1D5AuZW+XAJ/yJTbLrJHLQzSoVp9+k0kvbe/suzbVsGNv+Awqs6E5csFgTM+lwg
geqq+lF7R6tH4GrPdpm7raGmQxZVc8vh6x/CKDEBqY0Cc6tGr3V2e/gH2oiuHIc0
V8O04kjr3hJQBBZk34jWg0pFGNGxzPE4WtEI0CxvINs9aYdNvEY2iVRfH1Wi6+HS
KwuRnMKbysO6rwIevDe1wa9JqBmqJFGteKqkdGzlaHMJTw9ehprhKrRAjf3aJ15C
xS3AiWc7guUeZiS/pN+DYpgX8HuFTuyf2FxEiDdLFFa0A6ozlq09CzQ3i6OYjQcO
4fckHJD2PyoaQ3bbHdiEp/UNqq5OrAHSpVlqCCcN/gkTAZun5mNEZ96Yru16QrUw
jwXRwRff4Fhtux5WQklxflspTTPkQWG33X3WELecjw0abCYo4gcpD1kTjb74LmhB
eO9t8/YCMC0Di96YRHTvsux9qLFeYzI7J/hSeVm8G2ho7/McWU1q2jQMhdF4e1vv
G/pjZpCRUj9jfSCGoA9Yu05C/ifkS6p41mt1z1SrE0ttXYGYYgTLZzCR/XsyCHSO
rLxSXEp59N+Onc48lbgEpcpN3Z0Cf+bOPYIODGfLwRorwoqJpG+cv4UJQfj2ZX9A
bhBfC4dD0ZlqMAhBjK1zvfDDjafmY/5CD3xfTqPDxKTDjW/UVShgxuLn/Ida0NAA
pAcZk4SNuLYBM4uG+YEl6ddJfuzndZgKOb4MbCPu34rRIF9AWBNu8P1Gca5dlzuK

A.3.17. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9470 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 5998 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1765 bytes
   ├┬╴multipart/alternative 1118 bytes
   │├─╴text/plain 385 bytes
   │└─╴text/html 466 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500

MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACg5SAEbJdRyrU8Bf5P1nTcvjMySeblcbXsC
SPaTgaVlplQQBJ8FmEBqzqelnX/JRwlJblVRu3LpDq0jaXSvJOnU0G9n1uuVbwIO
g2rKZmzj1nR3GUfnvVip5f7hfxCXtdIkTW2nxYrhrlMuOCSn8vhIg1vaZNKflzwl
B7xn5F94g+SJwnxyOi66u35/A9fzexPN2CziSG9z2UAf6L+PV/AUSM13NnnFCNxP
WwbnG9DqAOuCPVXq+W8Y93CvFjG4p4UP+6PLTeLcciFe60QKqeZoeE57xBzferxu
u3HOrMm1m6nLHXXzayGx2PPfC9rGZqHBdS6EeuMd50SchpyVeNAwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAQIKKinEhs2gGBlkr4wmROMLj
J5BtZ9ui0KT3QP47qn7cy9N18l7BK3yBTmqx3Lrw+Zb0Efyk6Hf5uP7PYj0wdET6
smbGw9rmBbRIsTxqu/Jpu0jUEwPperuRFfSOU+2h9CkXlbCY9ZnntltaGVKJxFCF
myXpOYFf5MfVyG6+Z4WljpR9JeiI57DTAPbD/+2LEedm0z/lvhDN/QSCZLDIe0Jo
vOfS5CvzHmLHyPtUbdHxJ71NMQvbkQhu0dZFbxtFUypWTFk+X84PSCZQt5/NvrKB
W7+SEzylc/Jbnp3je5M7bd+XjgBdhblYEO2CNw4EwnQxEtLhD+JNn9wzeelrJjCC
GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJyJ4Y4LdbBu1BDaj40MuPmAghfw
BPr3MdKD9K8S+bENae4nFDCZSuX/TxLyWxeCErUi452NWR4++LedhDvwMIO9OQPI
zEzvs/1974yrRPhTfXtls8uyKS2MArtXEP+SwkqmF/sI60Miko1wrYZMm/ccCSor
G45CdWIfCZmRaFJ+sui9+Uoe9aUw8gFtDE+4J7smDXWo/slu8mBcjbe+ncGk6ahx
4607LxUagIoUT2ynLRV4N7Ex2uQ/NF/geMAqmAyYhD4mjjWC/WmIDVuQt+j1tZzR
hUiADCdmR1qtynmG+cNu0RIa04lBw7NQSYZoI6ysnYKyH2e4F7cT42LdcHsiVrPQ
sgiSG6zyh+pk+Va27L2Ou788dSg+yZ0MvZn129vPksqn1z5Ep22JQh5WKKX1f0mT
U2lJbn+4AMGQPMzo1dVFydx5HFfV7cbhY5spO9uTV/IZPJOogOaZkNtLM8MMJDJy
AOWO2iNyFJ5qQUCgK3gHwAe0kwsX9eIKaoCK0m4VeK5a3JLI0ktQduEw8y29asp9
33CDvr/u2qpNe29ouO7rw0G4K61uA1w9DKUxuSOCPVYocazFKd4zsdlSXgHmKwuW
GGdYGTvfLD/+ZWSbXWwRXIj40cPzbyHgIRLWOGxkEeBRyHnKp/wdX4QdpwOVXItj
+fxqvCYc8iKEz/993R1FdGtUG7StJm0gCfOjU4DWnYJhNBSNfv/rkUd5bQtmUpHI
HxxG7nC1EC3MQdGlZXSghfj2PKVDW6mFU6p2ExpsRkIOJ0RZRrhJuWXsNZvcNKFn
05GrZzjKiCI199cyY5yJ6hUMl4rinVtr2YEibH5LTTHJAVX1ihv3pS6x1mFsWHXV
196gLUqHbu1bNceZ1GCS8KJxsm/IGL8lPWWVup/QF4d/528m65Fw6Ww9d2NsSUPf
byY420MylkUlZslOsepqST14h7jAwYJqfctT6SvK7RBF15c7CH2MNCyta7no7PfM
6xpq1xQylmBuOEYu3Flk6Z3LHwFNRKxYlz4+rN/5Om56uY9nsGECpC56kjbD3pZj
cbjrOMYJxmJk8NQ+tPLmNTHBINtUGGUrO9rv2xYfNSPVKOGzKDacij2i4aNhS4IT
kr/j9Vq6qF1QCZ9J6sUJgAynKQKiRZS7QUFwp0LaBjV7/f9iJE0nthxnw9z+ndFj
UQXnqTczPc0fzCG8r3Z6TCH3KvVBvJ7uc5gJAo7hlZ2p+hzsaTne3xmQlclorzJI
53qD6jn0AO3mCb/Ce7atobRput6cflyu4wsgSX7XqjB6GyEtyhT/j2/uZUEwuK1L
sbkVt69LerG19ALgz+zEpmoivn4Jz2TQ+h27TKmAm/IZv50EbGbIzoJR9ZAYf6ep
EBoj4XtWSH04kqmTs4qY5EZdzaPgzKrAP1y1H/ouxeltesKOqQAbpeuoNLt17oEt
SZRfzQemo4cYuqu7cBfIOF8JAn81NupfzD89FhoDIzIpz2Fa2PdUZ8v+CBJSfUmU
aeem0Y+o1TmoJnNBSLHBCVkzgpvph7efjk2mxNHREOAw0iqdTErh2j1HxHMWJyiz
NMmzjEUg6Sm7bTTkY16zqMK2j61pH+cR+4nSi+OyFboJbf8PF5Ge2XN4M5ZTbd0F
/+CXTSqe67ncl9nxl51dz7U9ghr8ryYAAsl69pk1Ozq15Ek+jdqsfj6urjHWIZWU
ejb4x5qicfhWPbEnmax/TG4kV3LY53KjYQzIzwcHE+jwq71so4uMUf/LnmNv6o9u
ti4XNQvk+j9hvQoolMuuzOzJO/XIxte3aSjhukE72mcjoU6U4Mid0fFgz1UKELv3
uH9o4DsLL35cGaJUYo7AYyRXz/REm1VT0H5VtdBPMMvWOC0FaVCnZqHMoZVCSPrI
Jo+E7W2l/sxNrzKAcy4gVzZKkrazvIEz8tMzWLaIMo0tkiu7EVjUMvHoMLf7Y9g/
he+JNo7GbfCro0PaycGakfvTBX456kxn9RmWi08hJHVP3fMDGR7DVZyoVHmhgRuF
o1PYB/CnVop6SHoXg651w5MVa6aVPmTtb+oMK+BzZYshlqQ9JRdbF1QiQRWW9rew
DPZAkc8AqkDmMa4hUbDl7wPn+noVZk65Y5Jqq6Fn6gHFZSZxGiAwp2R+iF6QbBi+
GFAYJsmuBRXDquJi//1eXEDFhtWGOOrfhyvtdT62RgANWeaHF/pXXuhVczwfQTwA
3Bigvd/PsJ/vHT9iJUItTMGLeS3N00xJhmz5VLywW3P5yhC7DOExk3w57guBl+35
Xxc7Yz76vkKpAmiqHO2sPkGtn8Wke7S/w2uZsfLiflJ3p/8IOQMNK7eTaPuQM/ez
+0ktdSTvambpu9xekyCqTLyLSwZtlN5Me0iox/Uz15ytNzshe/2enklHEgLMJTrB
5eHy6J9SykSRSHbvw/aXAIeJYeRqL/e7uG2JHxYsdbJ0gmrPA9kvtTdPvWC3qRMK
36UP29i9YZQTH5g/3+lfOSL/D4k10RXVO/XfIuU/LnLHeijCIpdQ55hvXFbO6w85
otk5z/NGQdqO2N2w9dh2dv85SZRZQappzuMVp5N8M0Vb922vhZbOwMTtSDNjyeIS
xLarc3xrmdl4FV6xRDLWIKVsa12Qv8PGLvYxGvFVHBbdtW1nwP1yEyc8unlBAYvQ
V73tgsZhwXJ84FoVwGtZ0rRoQ9l6edqNlOYUiSkIX2ai9amIlWuxKYf/rIvu4T2n
6/t8n3i+MqBKcOmcPGxVWMaYfLxlBQqg0kCh031MgSw/pLm40eV+lHgI8GixyBcV
QrAV7c8B7Tf9u3xDZ4r360k3Nbm2TnMvVWaO2brcwU7UHrGhjKCJETK7Yn4G0lv2
YsHamXmxD9ae2+8QnpwJ1+j1QW2K0NzQbj4p5boMQQPZ8UhVIw+btgqK4uu7tMLc
4a97LDsZY9GefcbovG0IgNFNIYmSolJQyk0vdzRgfcKXbl/yUGagjfL7RuhCU/92
oVSVl07mGeCTu+WRC//aPCodyT7Lrv/Y/dd4NYzIv7QSyf/RklYiJ75lBhLuwLoI
YAOtiSV4s6FpOZkRvPby+FuUZLWrD9wmED3Yq2nMsYGSGhDtaZGsWqnrFatfr02V
ajh1j9WNBJPErhO3LifrWhU3SpSnbzRORZh7AzjjoDBJU8M8lMgkr5JCn+e3COfH
AfRR9cansxaCXTM8Su/+Dtw6oEm/K7aWAim7KZ7uP1vnhZYJq70vu6/YH01MD00z
fK7P73+JMs+c6s0PcaMMRm3j1WILGIKQgGk65iFAUW8iGAp6T4Zsv8P5tPPn00Da
F9Vr6Fz6APk2ueLwrF1dk4eXKt1IrbFeu8sMzPv3O+z6kC7IFv9kL8Wdjlq6MNLE
BdCVosbTYq+QPWAh0mg7Ky7t52QHi3n5YGLClsj+RXBcv6jwNWlcqgUFjZOAhJDC
zjPlrRuufAGTK2QCLBnHoVcl+pwFJniCT5B0VuY8sZiwuMhNGRDpMvILw5w+lEvc
CIQ1lqR10a+OvwFN42YOYmTCZtnC1wkH/1OoY3O0m/lnOrypLKLc27WBV/4ficGY
VXf6nwhYCAzZEfChQfdXxpAqYp1JmWO0IvKwzrhI+dMr925V1pP1Q6SIubJyci1d
3jVOHYeFLBr8NwPMaDgG27DnM4RicmIb2qkXDgs4l0jQ+qCEEFF+Itbk+agNOZon
pILFOAJfkZ7JVptHD0p10AgrZVRx2efUJ3z/RHqmRecwc2S1bftaq4MSVz0R5U+D
G9ppeQSZwGLXwMhPxgoa40Wu2R9nQAfGB3UAsZHB7yJy6XRZPKncuPD6981lkxAX
lZG/Ft2lHLAEmnXdzQI85hRiDdwVOY7YgzL7Jibv5oFLOxv0qBEPC+UDurkTOzjf
w6QS+QQ0gVwpIODaRT4EFTT5rbqAV44/qx1u11JX8Uacz6cGlqu+KBsQ3QAomg4C
B5PAl7ZaAKOtCPBEbrSSWEwXVgozYVHDJDACGc903cz7rJgcJilvMEM+ZVwbC1cw
gAM7I3h4Xsku4JZ87lSFz8guc1q8D2W+Z7rq9fMwIxD2nMK11K7LbBMNhUzrDFYn
vmRGWIU6qatgzDe7qG9lvsGuFS/V8aIMnKjcFuDMSBH/nj8dF6r3X+BBmJuKRK+D
jDbzogBI0oPnBjs8AyaGYHS415Mn3P/cTsrG1tddngVoKX3Cz3NV8pjd7uIKaBUr
OHSAwdB39RU20Jbv1YqQTRcgSyBOnVf2HKqP6N9836DAQKfDofz9TQxExaFlbxhi
xEdc2HSIewAZM7fJY78vpnvLwB6IOuqd3egD/AUjjhK6SDcSaVwfNhp5CLGUDSqb
zKccNVWu9M6hV38M7yfV1S3FqSZNkZucmd5VTuZmNBpyQhm7mfc9XYVTK+WrBFEv
E5lGiAkMqW+TBE78MFAf90L2ZkwVXlUjFXrDc9OURnEu7j2UaupA8azc9Aq2Ho4b
ri7LWwbJplfiGi66TS2CstCnokV8XZ4S3GK/UgATxjVq4hpt1vGWBF7hWIduHJE0
pNtkoyWby3enEXPUBilH+SSZRU/ZnItmjK+pyjSwJm2SxjIqv98nCB3sSdU4jBpW
tmqVR2pfUM2+8Jr66Wk8iLRYf0xlNKlTk7U/yKbN/0lvan3nPoXkFF2/HLYdUCd2
LblEs76eo+TxaKIHu8XKZRDbJ1uzqIJYaOL1INi52kN2gZuKmS6ARdfXJ+V4l19Y
sTCVMIb6uTrZrzcpPkuxNdSPFex5+jrfeB7+7qmW9zD/rQFPt88VNu6wrFnpNvhd
hNo0BtEegVk866eJBmKjBFQDzDR3gtRIQXsi9JRyllg414TB7cg75L3VbODOLqmz
6t2ErgUFZRLRkSepH0Ylz6He4M3LangIBaAd1DTM82I+i8vY8bh7JZsm215BafqQ
Xqf4yjjfByjcE4nbjeVSFOKrPNCe41caINZd9LT0PMDULCiKQamYCIlyKz+3y6Br
Hv0Bg+mcHZEqmnNSqAQfY01sWnlqYwqqAat/LwabfVN7AJyXgKsHwIV2aM78Msfv
2XAx+axVvelIEqVO/IX8g/dQLJ7Lrd5ZVMywRHxs77ObYHrCnhan5m5r765kiFo0
tUw6ff7ReuRIQvX3i+Yy2LlsIWa4aIOg702TN2BKTEcPo4MHB7frMD+9DhhlmlHW
oGCNlgrPBZUOU1h3A5LTmiqV3cyeB67xjPMrTVsMp3r8mUEJEXfU9gXXiecRem7G
vL7KsPSnDnV+YV44fHKI9eaAtUH/XTG3ELho5jN4z6KgzALpramB3bqPmsi4palc
Qim4NKqhGB3vin4gDCOOlopKpn+CUaKFsBsmmsOZXR5llHXkHiGDAvet0x64xC6T
/Jt7Ywtc/oIaRxNYAruTQXyva/OEll4Z0Mic2rZyn2UU8rjB2Ax1yKo9N27DbPrv
wlHqKFO5wdo33s+XECogMJMqmW2almEzw9oliDNWODU/5qDQMUz6/gEBhW3g6nBH
pF1T3Uwo7S2OGY4+qChysyV9g9uf8CcykQtXMVSYDboo7B9ClUWp4+0W3woVnVZK
nAgOI0N4Z0pUOg742DDn4kEZMBurUT67ssblb6SFzYrUIXL3hVtJAyLPlkVhIkdW
aahmeBMAGhq0vgTxlGKvT4DaJZuPCy1rxHDkley5RKiZBHBzzH63kAxikarKEhO3
i/aB0Btu1Y0Gr4vrM/ynuIwTE///giigc8rTfZnXnHkojWBQVehHaE21nD4wXZbs
V5FV+RYNnhNs6IpNRWL7h6IdvxwtGZmq1iGYyMmJ3vNIMHaDJyev87ytQEvjphi+
re9BMYGXIGsbxTwwdKW/VViBMP7MxVoDHO4e4pBoVlhFElGL5gcnpCG7qiJ98i96
VlJyTFF+ktUtWmDhE8ozkbTnqbz1M79BRsLJIrsOSWSzDeRlfBUBEfBpYwlMfKik
hEjL4FZCL3UZtE6lpEozA5XWxavUDvFOO+4sXwSYLeos/G9RGCGHs41vVoTu/vrS
RyCRTQFm7d2JU4yNNUCLKrjSXyJ5ob3OYMZTrpseVwy+9Onwvg5ic81vYQ8ScL3h
xCfbUxuFf9c72lSNYUrDHCUGdiqPmi7UTfEXn5JnnhG+s+NXY9iK65DcQfuUSL64
LjGqZNEMw5Z6+UgPOwgw5qp+MC10iOAXvrIXxVeqwAPGTLKpPcSzH/p8z2H51AFG
xeMNcUYrb4sAY+IkFjhe1lkNeymFax9HogCSsYiYXY9OAjNLsp/gpS9QH7sZqdll
UHp2pj1BHqumW2EzhIEURb66+/nG/3o1T0JFwwCMVV7mm0pLRuU6QfBet3oU+iin
9gIymNrJLYa9K3hJ/FpyA2tcglkSdHFGFvHBzKJD2m0B1Y05FIIlDuTAUpjujQWy
kDrF+g4EWmTn4flTGfbugxMYIDFV51sDKMfOWtDXRGcvef7PP7qFSw3RworYPZed
e4AvoToZnVIC2Lq2oUGIJbU3bbSWlw6iIOmENBKA8U0jnbcCN6TUEPO2vY33AypE
BbzgkIO+ruZyIGrcDlhVeAE9grptGCtc342Ii+ywDMPYSkgNC8qs3y+I5WI6NDt5
RY8Vrm5sYnkJDIYZ6wtkDB2C0VXLIqHtE4qTL3gm5R1pGGZ3y+CRD7ns9yUs5kQM
a+aQ8AwV2cvmLNgZuJDLlyMBMzrJoTjiHFq7N2l72XRx3BUeDykK8gWeXj1vBZum
OZen4mUXUskGH92WZcHG3soz4ceby+uOyxJPKMusxJ8wdEfGDJHUKia7jpvi4v21
qvQ12fwmBV/rPiEunNnKEakczNB3fmZBDeTHmkkUpEyOtIAW0U5VHa0N9sHAjHh+
wCNB34BFZpHoXQ2yy0D7UHmFep1hFu3dahHfeohp2FEHAi3BkNc8l/Aem9ERznY+
IvCpxQbLb4pqtnWm/ko9Ai0MI1ouKNAyNzEbwF294ZGn9ABYHOChppB/zGyDLUFn
K8PmHio/OSyddzwXyHi4gV6+Njnle2M+R/07SMxTqKS05TDIvsgW2i8AN7U08lwj
csKC9T+4fO7CMFrJqgeTwE9OBE6CY10mCe3AdF/f+a7sgt8Oe+vTXgBvtfo0GNLw
P5eqf2atPl+/5WzQdjtGSC+CWVmK/WJk/98n1DpoZ0hXn4m4F1AUq1nv7/g5TFlX
WUFpDbjRb676ynX7UEj0AzyYjrUU8hAzPBvcQkndrjeYSWaKkE4DHn3bbH7wAhRg
AOhQqXFMIbOnyC5e0NWsIYn9nab+PlY7HUGjmWtW8XSheJkBh6Wf0aaO90OHTrq9
ZLJ6XZkwtuh5pNUGYdjSrjmVcEPwin14wieGfJXkCbmBsZ8kJXR+eaQBR3qadKcR
Cfn8kAC4efD761OJk2HvzjNZaIqvdNVekvJyGMiTWfhHpuZjQ0fcJC5NDbmwCdNY
Qz7iS4YWdbXg10JNag32tazuhNwUegZFGXL9a5gcNkv7AdmWGkSdt0lsSPV05kfC
QurrTtShb3hfJkR6KnVBSK3jFjcF5asLM/VxoQ/iBgaanPhen0fNWgkyJJaVmDJi
4xzAhz9r6kPENqyCY5C+e62MvEaekDidg0gZUWuo/gdb6moIoBrCqZr4J9y4W2Tt
6AZQtChAdW/A4OqDgXlXmXc/tXMy65zIccDzc/JMzufzQcP4wC7DbYC+sg/bNvv7
LWWT4esu7njEbX7Ni4zIjhBlynqL+qecT5kB8ipGeql6+Js2iKNsi1HYQ+hTt4Xz
k/sEobzFVLp6yWNpa0ZqyY7RTLcb3OJUM+KCgSftZd6FWi7M1cPn7PUWG+Hdof/R
dxOt/PaXDxNYEK9yrcVWP4yurQ1YS+0oXzpmuAMQIbWvQki+tr0JcpsKnUxcvvsH
ZFxZ02bTi73DCFCSWK00j8j5IVbvrRBvtgkVOAl4c5WU34sh6nwJPPBTeO002wFE
VgO2F6dPTTys/6D9eOzd3yb3aEJ9PNFhpzY4uhS3TBWhEcuyJlpus8ximdQjwjlQ
IgvT1ty1v2SRJLA8gVY8cmR6yn6KEL2lc2PsclF6zjYZd6khKSyrBBu7ZceIo78Q
bnPly68qrr8l7x/DxYHFJ6pwZ8LYPg8XkZb4k3TmLZrA4ys3a81R5RKHkwmc9qAI
kyNSd6lJLMeD2IMC7rxCupV/dIJZ2cIjH/46ZTOTB4jADtrHN1SjeFWOqnHhjKr+
naZLCDk2EcSquYtna4J4BvyQXdcebEz8/zSNK6jS1v8=

A.3.18. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10100 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6460 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2088 bytes
   ├─╴text/plain 58 bytes
   └┬╴multipart/mixed 1596 bytes
    ├┬╴multipart/alternative 1190 bytes
    │├─╴text/plain 421 bytes
    │└─╴text/html 502 bytes
    └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500

MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEWYkOXbozCgn9S8iXQC0gutDVG0YPIJVm7k
oS/9bJiQJUvaRNUw+Nj5QB2RYBoyUkAYI2JX/1q8PUAHH9KfUR6EOHkMWMYjZNZD
cEOKyz0lFkhUUL2hW4NtriRalYxcQoQb5lbQpBIm9sSSxSUPLOVfDCKWVtfezLtG
+G4qtZyK/ih7LmcWW05GTzOhoaWx7QM4n5UqIxvleH2ncJZdWtQxp2nhkww745ME
jkOBqXRxUpeCGiulXT3lU4efVIsHcJA1G9q9mpXz1OZFewtvLkdUDlVgm/gA9+Nm
D9LXe6z4VLwWjTCS1k19/9r/GMjxhYn0yD8iwo9d6jXYsTSv8iUwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFjcQW2naUCwQ3YNI7QTekTBL
hqLffZscJbnMbWEWh87qQh/++/hy3h4XCgB/28tCMiBkuBAQHUFbrudBaFPbk2D7
jdhwdId8QCOV64VIP59T2jHwqqEl47M7+jN28ipnVHy4r2hg1XdS8xN3EcOOfxbn
rE9ERd1D6IIHrGTNMEfzs1Ntvd/6katezKqYtV2zDUkF/uL3SmkIoitIb7hEW4mH
hy8UsLGt2ZmEhY49lsQWJQqxR4V9/7NYqFCSdSKt+oIbTzv3PVN7rtvZOeM2MG13
/2zLagsWuUMPrvpC5HMMl8YR4mxOPJOi5m2xMrIS6kgfd3/KrpX1niUfuvEgiDCC
Ge4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC+d2DmVGu7vHFBEpLF4Ke+AghnA
kzd7S/YbQDNpFka9cVZpJMyZSUzF+U3YQH7KjV7717o23YBLQPYEGxsA0LWTSILa
JOon1R9d7vP81XGUWVHmpP4T7d45bOgQWHysoAREhkMQqyUb01mW3F7kSJkOmKcN
uNjVH8MJuhr8wiraPjN/GT7+xYy7tH2bXYmkuuzruXMH3s+P2+ZN4nqzvY9KPUDM
m9muevN1p/dQhYq2vPTFrrUS2QBOtuPjgxOAG02R2jNwJlWiVQrSCG8O3li2JNDc
Inem3VkMajeDw/8+dSjUz/eZ2/xvmWKhJ9YwtGu0e001+SEXNzMRO3lbJJN9yWqL
2j8VtnuAwX6QBcauaUg+kZY5DInb3gNPq6pX0px7rKRY78nXLsRpYsOM7Y7xiu7z
5HoDzf9Hxim2j3gkYr7M+ULToQ0e8t1Vo90GSWB9Z7PnGt/NbCwK2LtDsuzZswuM
EclO3+Hfjey44GSB7GtuT8hc6I/NBnIEAPV0IbJfgH2MqTowuuM/GZz01rL9ijgX
Rn1FFGLkrba+pw/DpqLjZCE7qS1vZUS10Br3scbayUl/4HTVWnLbrV2C1SGjVinY
1pHqiZQSpk6KPtNXoiL+XXNzpHXEv05VFrpulXheD1kz8w3D/Z4YqjR71bb8FVJs
okvUR1s4ifDrinFwenBtdtH+Ra+8lejaXbbp0wuKX3Ne7hryjX4iKFv7aaJsg+bx
38DaXujx+9pF2gXULSSFGIxaTujy5fdIhvcKqHdAu/c9YZMlWnkK0xyvC0asGM0M
H1Rzf4BWMxk3XpVZYzyqW0LIR/K5OUPsl2pN7B2y9QiWBQ061/8Mv3pViiu91thd
73uzgY9gKdPwsrKYhsSMLqrvuV4O6qTxZF/EwiKn7JRPwRozIVcnZtJSz7+MUH2t
6mqUNygJlPPo4BF3/NZk8NeqfaHTic+nhgUyYwejhXk3dii8Z7etAFMsyTWFiEw8
xvdzI521CcmTn/+Ov6kOWSSbZkfzcMkhYSSpoh+8/kk49VPpvEyhT3D77pfIzTd8
isKyyxyqIxFje1wDXUvKwoGHI1tvRsmxmUkRl9aa7iO1eXHVtQnXosajrM41MKI6
GYgKCLBh2jIAP/3Ae1Rwrd60XXbKhJek+4W2F9yqehTN9+ev0ZQ/Shtz9I4QiT6h
gWkk56ijCZGUjxdIIAO4dAj/Iw35eGxvVxpKk7AE0kA9W1PV1NyrxytPn1SHsUHj
zH536kW463PEBuVbPucedwr7GiAKHZaERhHZwEtSqrXi6Hk84z6LVzb8yG0KEuuo
a7WnjdliVc23EQsbY1CV1/ZmyxaMZ1cVnKsvda8xko25KI+/y0mD2YK/VcXprfRe
WOfck9QWC5cvQqMTVpxV1ykMFFPMOOLRqyFDYK79WoMKLV6LTqKEsuzj+JxeMFf1
rjR22h5WDEjkglngB8P5KYHmpKIJVlSycemCu0gxu4iLZ1iAkncXF3Q/jVe3OepT
4pj1hiRE6NbmzSo4yiQWiRMAziXu965vloLLlqhyGkeBgI4virllLegB4GM958Id
iahOSRan0S5zijfQFWW/6ugAOK3d/iuZc5/OnzL1DTP6jISOVpkfpwuh6Va9vxkQ
dUQZK4bjSW3A3nLl6AHn9RzV4pS7RfINyx/hYN+XoJl7qkfwWBLUxYtsUt03qqJv
+n4eOpFQXSEOHyFWbIsdoWMUrBjwKCa8xLYCjPbxqCQv2IuLcekNj3rEYxjRWFkZ
OzxSHhqlmKdNCLrUpxhqRwivDQSHr0VRpNCCfv9HkdP49zdyoF5bOXW8b754aKxI
BN205TjoGRCbozJ/QmFsrKRKqURPo7R5Pi0rTe51HbTC0aLP056whZjIsjAhNXxt
QXu0K/ZHE1ip5QD/cfsOQL94lRjwSQPYbv1+hNvxx/52gWrf7DnkVk80NyfNHMcm
UoeiVgQxp1GpHz8iv/ducJBx+YLCyJzZ6S0MswL1uPuk08Dlhz1ALM3deKEQcOoS
/665Rb+ZMuwDNFIhi7c7EK6d9FWHLpvAv4OOWVWtv+tQi+cU00CNKKO9R1TLZGVP
oDii0CcFszUyiluAO5mCUwbgk98EHv4v5tqICI1oUpTy/qF85vqg+//6OcwJrYYP
4MolKXNYLVaYvjzZZeYpcyx4kC5bLZktp/Yom7Kq8/Nof/AoBJjbDc/IU3f0u81R
vZXM+b7PTwbfTlw6TQU5UFqEz8BarVINhrMlCkOUKp3ddgkRbnnBsXQp+BvQwh+i
dQn5LnTew8kVenRPozwG/nThBQd7L/XcLYwM7S5cytcpbECERR4h4axl5FS0jud8
UltbXu9mG2xSL5ZKDiPteQm86aocxd3bcwD9zbYnx0T7/2nr0gnkitMpO1gGVEC2
jGJUrmMjvBX3VZK5Pi32FlWJ8u0xWJchY/Sfx6k8hrHiBuyYkHYyhbos7VDL5E/Z
Pki+8m6aa/LBEV60ll/ZP2CpvWEjtaLqOoR2qUHsHFLTQsGyL6Tvauh0NI5hkFG7
1nqhmJqp0jL3H2L/UO+cw9HpFUxC5BSu3L1bWp/xsDBvuHQkfvlI+WSaxZCHUYys
XjcXrrr8PNYKixOlRDUFs3bu+vWhO/SQaTzRKrlHyWOO3M3k/mJdwFh7cQMwXchf
vpfHC+Ha4po/MLphNa9ZCARlh+OjHt3Wn0TqF+NEqo7Zckqpu7eWKzV6yr5CNk84
UeWzHXpoXnOF9CDINDj1/+1/ODooRjSHSTk7GSlPzmrl/IUqhfwPTkr+XfozBwWR
/m/IwWAqdVeS6rxE7IcN3m9cTqE66dX3uHBnOdlc/E8N5lhEmKJJSDgcpWDdfiJn
YVK4PWHify+iQEg/DI7Bk2slTrmQBTiYHjWPaRhjFxBeHTBkhWeCTbcrT3G/1q84
3LjrkKmn6VGnc9Oifl3ua4EJinHUoWn++5HgyEosifKWQiPWYkfV6uIYUSMf0Y/9
5RiU6dNxqPrEwbTRvGaqNoY5EE7/zDrktHl+ZavezUtEmFCGfVru4GmV6JRAAC72
/J1YcQXjfscu+SRW7GS8pj24jGMM60f5RZy46efRlmqVqZ8WF5ciJN5BAEz8FQ7R
5KYqHDdRsqImEf2folbLvbSFkDmsnFrLswKdXVgInfdr7ddiud++nRb9KgFugC8a
lSNt3eOwkEmc6vDd1+auovLXXF9fPnSPx+9N0wBnQbIDMEG4Qbo9FBFOHiiMC89u
8Up9kmfyqwNge4JaQxxOG0RvQMP4OypGAhyNk0NhGYbS2OcHp+s2kH9BiYw3Xn64
XawZnKQtQWpBSCKzq/aBIGya2kY/olHJm59NXRoBax60vHf08xGhGWTde4sMhned
fRlRRSzwoJRYu35a3Xg+iZ8SwvnwkGnAB+pxAip1XDm5kGiR2mXckNJ/8JQQf+CS
PpMeI3aieEoApqh9CiSgKkNVZnZkzMMBXoN0l0nQ75sPficTVOplYZ0DpbTgmieY
Kist3Yf6kKH0BBXUmc5tAqPOK++TkFx6wff2hpJKJu0mWhMpTVBVSdv0eiFA59wI
NwuI8ZccVQcdH2dP1Vqun3C87y49ClagneW818TxK3KocUSJ84/jInFucc/v41Nr
Kdbl6g43MQmj97zcaIYRB6JM102A89bN9j6UX/GpsICafLb4Ml622SH5LZyrcVSn
RujexKoiLCTYJscg6VfCnxeEkgrsc79NZ/rp4jd9gc5h3B+azq8uuJj4VwcnqjPZ
JSdLQKCMSH/nyb+hv+30zi9r+4HXn+sqgqAD6iUPsWB2GL1nKnMHKjMo7FnmA1Fu
w65i510BeSAkjF2Gx4FIKycoaRqUBjICMtMrorrO/KmGP7l7dRpuhauOukayTOS7
8VKnb5lJOewHkS6VD5sAEYYrp7xMlX+w+azPxYG6subuEyiACJNRBylcFaKv5w8y
2FCf4SVXO08bCgM5v6X2V0+44rNTq9SYygUIppVFbe2gZuPA8ZNi0iN0hwTsO9lw
yJndiesu6NDfxnUqeP4k05b2dE3NMzgfqICUuI+gRVBNpsauXSkZmKRZ5xGSxztG
j95vpUKXzyzzC7mIrzRq2ZeL7tj7X2u8t5wl+AFWeu8d5jkiII4jFIZlL3kWPSIH
guBvePaqkcR7uOzPksP7dx/dYMjGjsMucdnf/a9fqa1uouurpZXCp8hSpxV3VHD0
gN9ojaFQlNt1wqW7H3iy6eY+b8PngKY4//wdyoj3sazcxUWN44nUa+zGHjQWwFFB
SgSFidez5n6vQABTwhkZrBz47Yhkc0QF2WwzlvEx96/9+eG20MfTrQINCPx/cDWT
N/PP8QpJkG86x3Kokr8thJYQHnlxgLXZywLIx31jKR3FSYzsD5PERTDzVU9cNEF9
tGwSqEYg8AcLBFHzOU/iz0ilU2/i1ilcEoAivRD52H4OgpMArMZEL+x7peLEKs7n
a+on1E1RuQE/YSrA8KgGQ2kSaaouCuybeqx5SyYi1B003c4QTvcE8ShVbJhhbTka
3vpcb/Zw9rZ+AeYyFfKj82Z6n/ujgEhmd+6Ianz4LNdgPgATpTgD9L/MiFv0LaWl
CtcGCBHSpBgk1ghemkMlVKORFy+CALQFdoVWtY1dJ2rDZl+BkyQPfTIXdoBmW3rm
P+TlHYBTA8WmOyS4Td4040h37gqNzk6WOi7oxY2Y5qKL05K1mcuymIvDXdDTTRY/
Pf3NcnBEHMVBqp4n2P/tDdqPLhkBHzGB/c82A1BXxt1tSrNZrKNYL3sPZYWEUd82
EtMDgKaNw4on+whyZexNl7hDS/JpO/2M1h8TaPel8EaPc/n0WiTgqajrNWdNUm0K
Idf5gmeOjTLbNHYyBg81nkEif5k/73YvJvJDDAxZ2CxI/URgmpeqNWQ8SNukidiE
qjkO+uvxxE105UIOEBCqwNd3MQSxmggMPHyfAIy6wVkE1zaRuEZvikZr2lMB4/qT
myc4tp3JVK2s4cK2933tWE7NYLMZMGRZJa5EDijFi4rBggiHP0uv2u6MYFCL9WZL
fahwSlpa1mF3Az7+LaglL7ymyXMEcr1xHCwzolL3pX2J5q98rciCvkw6qkGLZYlL
x4nAJnaRoxkya7eWZmHb/WcHOV4KghwYifsv9jlSfYrGZrB8YoCksuKZUlcZWB9f
8992P0K+Pmcngtn2mBh5lTJ5nxPHUOLap3Psh77FLvflfkitP/Py7BPWq6uEQdgs
Zy5j8DbSQ8gUUzpDIHxwhx0xyvK8jIfAaKmP9ldVI79n+kElJt3ay1r7Gvm+2tsT
7+AEjB8Nt382mAQte2zhmF4ecl+c3fgEFDySkbM/n/ws2Wp7tbNBDQVGUOTHUq04
3dUTfMyHdsW+wQPEUSJx5U1OA7T671hwtf/X2OJDdC963efXDdLUiwMJTvK48HzX
zjWlKwe0PNQj0qmLnzLsz4jzAo0lYeBzmfGmnXQb1+ReiQLAbzvg+q2lKrR93X06
iSOtSpNP562saAYSD6mx/9ngqTfdODqZUsnD/wcn29hNox/RHVVf7+CJ8lWBrU0U
7u/E+wKVfvFRkiBw9Aj3gEBC24GSfsb234xYILlIX/9zMMurslXL9uxZz6lKtenR
As29a8xlDNiDUdZMwJhZbtABJC2gXsw0RK/uCasbkVGNeb5FGYEfOgN9NLtmryP1
2dcHQtug5WHcyDrtAjxVY6LuQCCpF3/9pzAtpH//f4qpf6tzumnoKwjwXMs54UlY
snBfIDQHNpRNYINiCyAO2mrNO/h6C6ELJu42zqZFzHcPy/u2Kq7IQAO5CvF7/2TE
kpe+PusukCdfpJeR6xOZJlR8Zd+CD271ZZSbuxveRU8Q5pu13Wena7aBMXySt3Ro
RlKM2sQ6gI4TV2hZgk0uOg3g6l02ebXe39YZba2RU8FVsz2ySIgTYDixKmBpnZ0H
rrl3xEUl5FW3hcH6FU/Bpqtv+K2xp1MsE75l92JIIZOMF88gtbw+/i+gao8lAMmx
MF+Oa0ulBxpG/uRFMxY5+4iPRK3qZrZNLyjLAtOZ0wBbtoN8ws+MIV7/W9IiWbYB
Oi3Nu0SXCYibdSFjHizV9Q1SBPHw64V0+wFb+kcAFeOxMeRtvAEsWrQbYlFxRxFx
17Nm/ldToQ7jMwZZ/zrL2Z9WD6SQgAadPqrXOFtZ1EiioHceNCb4X45GkA1wecsc
U2yBmjyGiRpNu66D7qI5WjmLI0pYY8ozFJ8sWYWjVnx6B1mi5mOhPgiXjcKnLW7A
007QdGeAhxOv5nHmPsH8iO29nbMkxioRu0xqw/EvluwBEl18iXyGQXyu8BPXYMzz
3EDi4Apeu6D0lssgxJySo//TQYCowW9gE05QHTPp6ucMiuFuxRbxmGFz9QvNihxM
OZ9/d0ZDj+d8uOWSJhDzN+g/Wvegmpe+l4QsSMtPz4oY9xp7MmlJjdr24m8OsS8G
6ugkxD/Bx4INuQ6OBClWYEn/abxrWJEdsIAnD+8VyVYERH1CJPuEpEtEKPGZpJub
tlMGAP5H4G1v/vcRNuzwKtwBfwy+2HrCsEXg2ID6KNkaQ5rsF+eaEP40sW0Agrqr
XOWjvttcSHMzWIdYnKM+dNlbJYQCfszPEyrwoNPy0TZvj/GbhkvptZhxfYlyc1wC
5bakTYtX/VEQZ8K9u0tHKKbkm1YCq6s0Cj2YoKWDkpFPSqAtw6a91TyWAO9MP1DK
JAizgrwwJjZz7W68oVeUbVavIiSBqaJEU2FuQHftrpALDTL7Vb4HG+uwlCU1MlTC
gfl5Z18q5GwJe2BM2ngEUfsddtsWRh4pKYtRoQavbLS6F7A13tvxbjKVU7l18VVl
bp8WlPN3soXuEe6N1tWfvzZ5LPhC10lUYBv/QasAjyUPC6quYnz4L8YLOGZbnCB3
xKkTH9LwK3dK3JSu4Br8tURe5tMdEJFmE1XjAXGjwLS7Ao1Yzo7EMtIbdXNFxj0N
O0BE6ZedBUEoujik0cRtdckZ3yVZzQKkLhA2iTYV1JSpoRRjb/hCEqE7q+/oIqz7
HkdmKbCWa9YEm9u195BSS5J9vRSADFR3h/uSQEGlNgnxnNBKMNTfXGya7B9IzNig
MUwlW6IL7sHcUsQI4lfV25+QaW6ii6dZpHXVNUGfFkjk9aVv2D4oBhekLAJxfS9D
t4FU7GQ7FElrJTiGq+L7+Jo07VBAHQpTejhFUe/myA5y3CfQ/cM6GDOyDJ69Lx3E
8/lv3Y1EmzbhE6BKCmGTv/3BtGcP1pbMN/NC/SQCYLyQaL3oGjrWiJTLmaPYT+/P
EQMvuIfoIEplqHLqrZ2tKihBx+dcmt8GvD0ekC5yHDhlZWUFxtJ9LRYaGSY6SgPm
poceJ756fN0JQFIzUFHzifY8u0TplXEmtbMSLw5qMnJzKcMwHjItG/3/HhaR7lO6
ZzhrGGCubD3fdnmsSvEIf+3TRMaRX9umMR9hl5Ub6eAp4j3VLDaQK0llQooxFXsq
Y3a3Q3zq67sDJhUDdxwfeRbe5omx0ut5BygkOWRtT5eYOGyOISlA4f+mQCO6tvVr
1EH0pncE7Cjm4Dhcg0Q3FxSfAPbr3FubD8D0bqFAAmDdGsR5iowWNiDnVd3+baqz
PpL2PXsA4zA2fewBQbQtx+W9y8u1bG8R5F55QgzTIU1COJAdS4GF+jUkH//ZUUeH
0peDMkTIFIxTrbUK+cM8XwnrfixWuKU+hNSKULUxLZ/U6Hwvve9gCRH4nTZrzpX5
7r7noQBDDA3C8ly4CME3QMrkav1uTnjroXosgGL3u6z1BpuH9Reh0FUYvWo4x2bk
aHFs0tMx6BOg2mi/ut4POToN+WW/jh+1c8HJfbCEX/XbrQlpzn8O/a1/fU535APE
pB3AThi0b5dfsMMHGVGds/FT7EnmubAYgnIdTgmXI5aXu6mGChd2SSi1m4DmaMbV
PsTMF9EE781RWHX3fRYGItLWLTSckZ95wmsW2ossKiLkCpc+oOAfzn4RNcRCxgSz
KcZaOMhzY7N0Kfq+KZ/iHBcdMxvdVXiQMkAwZlv+xBledRBexuZ5k6psEYDcBXbV
qhxNF/k1v3deCPJKZs1222LfsxqjzKKk/m3HFwFcEIXPfsImyJ15CYR3m0E27LJr
YctpbBPYSLzZFHHVOLJbOwrO4u1B0mC5mVW2KNg4sMzSGPBRzr9RGQk77ERDVcSm
FLIH1+7m7Vvgew4zq2leQtCMKc3j/YHDiWOVse12qugp/56ejA5y2yWcsS/yULqp
FQb6zqvkZk3Zq5IauhrTrBJrkox7viiZtDXoS+iM+Ohuk0bEecbePs5DEtmwUI5R
XaaRuKREGzxvPqeTlg6jZu4XuPDwE3zb1vQudey71NDSy5iccWd1aqXDyVxvslwy
I2srfh1W8v/y6yIQuuwi90/3fD76LInAYUrrr8d12hNdq6sLmrm97vy8Bj1LgLKw
WlNU15UOIJg3rQ58tfpPt0G2ViULWhYgzS8vQqCsyMExwODbnUUPz4x3RId1lYRh
p0HIVCVIhJm0mA8IxdttmyD7uPdzaSNNtgHb42q3GhRUQuSDvRumJWastCC4d+bs
mPjNST59uJgARWKQJXskVRPB0UUW4nmof/AFzI5hcmMsLTWDasaJdQkJlJjib/Mf
AUTEGQ728gzYwnD/NTvGr2NjcmCzI+O+MW76ACBWrNlLJNssqC0PQ4hDOhk5yRv1
RMm7qU3RoJ7lRP5Jcv2q1Ttw5zd6FIHBwQmltm/Y6MKQkkPdto7boCm0Zom+xW/Y
+AnlYDu5cR07uOnX3sYcOp+hye6uWL+IwdDDjZ7aXA/rAj0c1X3A8PAJIkp+o7zs
Gd0+hXYLrw1ooZzXU7ujig==

A.3.19. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9750 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6200 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1964 bytes
   └┬╴multipart/mixed 1900 bytes
    ├┬╴multipart/alternative 1130 bytes
    │├─╴text/plain 381 bytes
    │└─╴text/html 465 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500
In-Reply-To:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>
References:
 <smime-enc-signed-complex-wrapped-minimal@lhp.example>

MIIcHAYJKoZIhvcNAQcDoIIcDTCCHAkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAC6XPc3wZgeB3FCnDRhzs7bUIr/hjZrbZzPm
H8yaAt5YW8XRZI/Bt31j9i1OtPWRqthYxM4xwIc7ShdGhF92sGkV6czLsH8kkT0p
Z+FD424d5ohgjPw87eyufum1GL+1q6TPItjC7DDM4kq3v+kwMaF59PCZ1QdbB1Yp
p+bGYko42Dd55Ur9xrbkklIuFI8KQuLrt6kdLehhPU8EFF2Trd5s0hbHR8/AE4GR
46lKp9nZNgkNRo9KKMXSMB9bkVe9kaTjGYKjtD23AbNDDFrwUE15jrgBkQWtWU9j
BuZG/k+vtFch7NNVzGYQy95etutW1b6Efh1UJ7/sEv1at40ipKEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAkZniKnyo4dOigzoqg0j2AJRM
57gPSOt7RygacVe0zmHsvEnmvVeRA2u3C9gJHoxQpZWdDilIEDhFUEG0POmCvksB
Dl50HiQvSP8h7RDohHPCAT4TpgnFcuLwxASBXOGVEEFUfQOaTxeR3ZecR2vqfXXt
TTTh+gO8j7y+uKqAdpwaSVRcawrX6KQwjiafPYhWYGkrZ53cHhN9Ljn7SvfwoigZ
fY7DanPi59cvr69ErFFVQBwQUu2IGpQ2q5O18GPuk3Rjv1WMyG9aX97OlbLxjJnM
Ql0ajLoSdrQaPe5y4pw5KisbXIAamC7Npu7hc0Trwftyn6SdydpdrUNVJPGf7jCC
GO4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIT0h4LUiMtMNeOENaw0gB+AghjA
h+dlTSrH14NOYcnRg88Aj3gjke5sIzCIy5dF9rptdXw4wmUr6pAL44ufkCY0Qm24
cq3223vx8qLJYROZRn6DA15kFHcHw1o7mZWLW2EjNo8VsNo2eIrPmT8S/2UqEU8z
s9ZtYacYtD2bTJesQCr1gGck5kMJ3EXMknPUL4razcOxJB6sJLhb940fw/FsoeRC
tuaMNP4wYV1FsiG2zDGuOtnIE0Z/f3I8uhLF5uSsScnCDzURA2ERWPK5SwGy2Wz6
PSw3nvIN0UtA2fSmRETWAog9DFWo/t/6sU428swxvqhFCHH7VZY/jqbE48GffVhV
b8YyTr6jJvn1QJydL5n4V0rPPJdUMvmeXV/84/5oVPVY1YlOGhUXlgA0yl7JfM13
q+UubdpKCGXCOXg8NT5g1eBagomHvqjtStAscpcIgvcj7SaydqtnIgOKAzJir0AI
UkOe8L8uiAZAQ+GjRUdvJVkrRood0EPDUwRO2DFXbfaxyaZOhpc2EsJlm08BTAyW
kzuRRaZJHYPLqQt+UeibGg653Uo/WYi7m32gjgU9MktBqKw93URtmw8Kmy5xGm6R
8s10FNZBg1Cj3aPRXbPjkTP5WUb0bxJA/aYBUTVt6bgHgV5NSbUS9DU9S7gf+YPb
h0LoTqE1DeQktnMjFCeNUrI98js/Hfnq3OYRCn/w2jsJSvj90SR3djIgiUXl0wUm
YEh2cD6/OAu7UJ+LKVR9JhnJhjCfWACT1G36BLWdC5uGQ1f7/mSmYFxaD/+pwf/o
GgNZyGq/ob9PLpVXjhCUozHxc6Ucy1KoBZkdPFdH3AZ918oDdQdJCOdf9jP/BV2i
zPg7W17Ppd8i6QgdgUs2nrRVgJW2J7Jbf4ahlsMGeumoehsElc5BcLqM5daBB5jo
0RBUrIxUtVpuwjYlJ4fe82vgSUlaa5prSvGQlVhpD2uHqaTf4/5qtCxQimxGMHyz
+SUSnoglLsYBiDVaaDgVjTv8KRtrXb3ld0PBz1RVRBKJkoynNhgw6GRxjQrce0+T
qajjmpGWKScDPemN7booTxzKi66Igp/PMsmlDE20VTRH/lrg2pYcdsqz68OBLClp
lE4mTpM68YcFD7O6Cu7qlW33fxw0hU6jiIVghR1bLm3j0oO1I/wJ9qu8zn7TLc+y
EFYmOVTWE6DA4Ntoj5ASt51wNAXr7OLqoyod7N/A3XxJ/A80+LA0j/uhLBeqE74i
qHijFBkdtM+m9mSxhBoCJeOCo/hIWDKP6ML+AQsUKoa5GqkswJ1+OhFkp73Y+PQ6
3qONvmpgf0qrcdpK7txfva0fxdaqhHZ9Ua8GC2s5CQJD0CyncDWg2EAmC+fQOrqa
2qDPldVoeUgdl0pSfi9VjpKcG0u6T05WmgFlpEAJr8dJiu/T0u/fCPhkBspAMP25
glP/sRZwDlmAT2DBDK2TXRFQaqHvXnHfYkbYtUVWkVDwfloeYOL38Xg9CCOOwly7
S5J91Pp3yFCAQCVZb2m3LadnkMYz22Xy2cxqViP53JPzNdqx7HgsklSHgp5ZZED3
PV0LNpkeeokGxjGEg59/vA4gk6rxP4Vr6wrpVPo4+WFTRk9QjHN5UbjMgiOYtWhU
SWJb5G6j2ABx/UpkOY/ICSjqBmJVQnLV5xKJvai6DZhWYdYuRtAQxhrmnJC5Azt/
7ZTDqdQb0rgyyfvrPMKGB9uoJLgaMevQH3zASx/oJlnbopA03UNaFcDFDejxtj69
/p696TJesf8841xrZi/JyEnF7eGEXtlENINRqSpdvtNjHCqrcPHfn0zYijFdwrtt
mrvX8MpUFXTnVZps7bfWOxRzeYbMjCrYmHxt+3belAtrNtuWRAOBNFEU9w0fPtBF
QKi/Qc69Rc67mGDPSMa+AFIPk9ncJUZN/Sb9Pmw+rj/G2ckrMhijEeSCtI7lNDj9
+Arts3gZ+jVe8GkP0y5ECwmSMufMdKxfEzslBAEoCIWJuhoK7bms8tPUAJA3mCfr
IPrI8Q5+2tSMIjqFH0ZY4gACx4RMe22aV86ZuClbXfGeu1vODnk3EcW4x1yLC+jq
X0bhYHaXmBAjW0Y67q+uNarcKP0Stw17eJt9sgJm2vXUSiY2rsCrWo6oHXo/kiGJ
OWTx5hMO5eDvEiDvnl7bQx89k+2a9hVLXYcN2HElLhaaW9ngi5DyDU4z0ZIk0dBl
Qq0celJQYKW+x+2h6DL5JmABT4DoNAi79VI45N9Ku96NZYilgmc7u8HDFJXOA7Dn
B2NxrmmFx3eAokwXXLr6cO7D7ftHyheRdapaB8Lf5saoKBDE8qAxdspu8pWLoEWN
SpaLeosea41JmiEvzt6IUFYdPMRCZVbfdo/IY/IcjES/8BB6RCEYCci+MU+mzmUt
o9e33NxPpO9QHmNrQC//sxfXBevzPDb5fLx9q7RMt5GJUSoggzf1EQxkxGXR3nyI
uUicEW0zaNfyPUtPyXYDd41ntrNAr5GWQjbtmFzpt2GBK7DeCAmVQTU4Sa7SjMeq
jqlFtJI5JTCxOyyFF/zg+9qht1beTTTjoxHbc+PFjfGyO/nOr0vbF+/lMbnZ5Wh0
zCYbR9uDYhPwpyv4lIEtZKgt0udSp2PaaD3N9A/U9AlLl9+cey8yf1li984B0hTa
3rK50GyIpiP5+KYLS09E0bj8U8r8QilSt7RIbe03aQ3JpfRZ3xRiKwrajfG3VBwB
8DTgMea5un80h4/RsdxpIN5h7maqbm8pWU2fPe+BIdoDnuM3DXlB2xafZwTTdOoK
GDmWMBoY7RfFTKryA7vNU4jw3KUHQvE1czL/nIc0ORhLmQpDHQYhgZh+VKUr1J/y
leQ03G5/iVRNIEY01V/Zf8akV1RIhnGB2Hei0GsxtFsaH644VVedyDspWY49K3ji
ivtMMZPq1HVY8PADH6bdeiCh0R2Z2T5JqyqCWZ/DUzM57mvj4B/7uw29gF5EDIno
8qNcdQcsZRCsM2btmeTtN9JNvLrL2v5mSvH4fS0Rd9e56lbMGDDGaECpJHo6BAOt
ZcVps0041mDMzkFoOs8G7t7bkiNIMTpRaMxNQOz+XBRz6yExkfSgTXaqqs7tv1He
65Vv/otPZJg1h1/TiyA+wpYnSpH4YDY06pWpk4BNlVDCM7iIeQqPwpLEoZxSVguR
9JWLLzvPbcOXTJruCoylL9Sf1zgyqwYya5FUhUIEftvzZ1Qt5l6qOD4HrQtz6oL2
BbI7Ftdy9iodZh+CW6GxaBxPbpvrBtsAazmXopHu+u4E0O9PuwR0mi+WwY7z+RU2
nMzqFtaNRX0SS+jzPpew7soJjGpPSAwrOinh+NyM/dqG+pTZhOwJuaZqNCQBpXLQ
696fFQJrddleN9bAV24mjfKy/AK1qbtJRk8TJv1HuxWU1iKqpzV5318i6hilhmDQ
KBh3S0Ees8vXUqSgj8pG0wGFuzfj8pAEWmEanZko0c39BG/q/1rJmm+bDLIiSgYL
AzzNTxcHjzDiY/3W6Y5nzV7Z9f2+jYOtAGtDMuS2O4DNW4Lhwo74ud/SIlFkmKtg
7zTR9X8iK+DUVFgT9DVL4awJYYfoiP32a3Acxa1prL4zXZfF5MY6T7WLn1wMIwnl
vGxn4/THyTGAOGIsf5zYx2NNxy4xntI3DZO/XJV+nIlN70RrtyuqAicMfzZqkmU9
3j9+OGSPNys6GMPtxBiB16QZVzk1uUXuA10tRykNnnwWBu5zdNGbYpXcnBm69BgH
QF2IzlKfh3xwNZQA/oSxxg3oWfCIvVJ2tCrgk0MngZMTmyyabQaEUI85qKAMzfav
joYB0dUwEHs5RuyGPL3Jfz/YqBaS95p2B9QFC0R9f4sFAQ41y2w51AabVSEt5GcY
fY9BZGc4wKCiRURjk7NNLRELClNVUmBnCnAkas4QpZK/Ghc/l+AgrJep5vsmpH2p
gsbY6zBmUm84p4U6f2LXEuNkzHynvyWUZ1o43LftsbfIJM1ao2pUbYjY/Qi1ye+t
liukpKbGB38YK4GBXbv/9TwCfRMTSjkm9Kh/tz2c0qSVwjhSqoyQf5LZDOdcgNPc
MlXtVPVGl/fkJhrhzO+Odo7sK8/dpEWf1NRalSHeBrYszmlp5MoSOrRaJs3jBGlc
kns5SrxM9Ollto0eW72SLZGewu9L6gBg9qjVRuxXzPFF3l5RxKT23/irwrxMzvYr
vNmopJpIL6WYv0+7K8m3FunsYGc5jowFU2fE+EpzTth2SlobIb0TeRPsiyhq71eg
+W9hbB59VYURK9kNMtigXpUTP9FENdWBqNVBzalbxKAWi6s9Z1rHDwuqVWp0eJ+x
KEfkdZg1M9WqVrcNW5JxEFrfQOACB/tzusOBYV6CFXQGPKtwLQmrdspRsSo3obxh
pt1gEMJYULiMIvZk1q87iemYUCc5ohRKHPvAYgs2k4IHaDQobHM/4va4fnyzJrAG
u/3ii1nGwO2Ea+//5AMQEG0txgdmA4KOuum4tKNK7iKAEaQ1+WIho9rtfRoLxHbz
5tBmRgjAdhj6Itd1e2RDMiMRGWiyYzrphyupJ0NSzDxon3PknHg1daQHtAa/BsQZ
Ptp4QkEUNs9j00gRpZPgMhu/GAwKnOfY/Ik+dT70UvgB069b50yaSKhMCiwALiez
KnrH/2+IvyjPcfaRuaDbJFA2hYnyUVpDGfV1rOYh1gtuyv9cWImJtgkvJ3O8keZp
eydNOvmhqDR7NDNIxzjco8kveA19r6jAXyCzX9cTeJZTZUAEor7jedsQq8fHijOo
l3Hi9b6/6eDNcR1Ud8vjxmTAHUg6cXMVGCxhSI12hGcrPmXK3l3gGhuZjEyEoafm
Ax2QRrfS7lYGnyrS97BmtJBVQ4AxOD0ajkYXEBbztPQZCtUPqv1/n8d7sTAMjFHn
qDLmy4btxKeH1q10k4s9Gk8Mhv/jczXtv8nB98ZNrGMq8WAL5Gc6vIMQBoBwpk8B
BdKVsBFezHCefTgV/cmi5llkhc/Q2rQmXQi9a0MgfrkvlyP9Lvw1AxqJGaWGsWjU
6xuImeZ9rqsY8jEDV8+cNBwa63CPSqqNKeWUdBNF0r4TVlFHk/IwQ4dEnRKhSrvV
tjLSbCxhzlL+FHUM8+DjysvMLELs/ZgvBGrpBr3vKrdQTqVKsU1fkNem485O+HCc
Ir5RiwWygdvavp0bdXSoXY0vR6xKrkoJGbhmtWgh/UYkIcQKUQ9mRdzwlmRXgzHa
yWi4aWiLTKLKr4yTPXQxHOpblDN27Sjkj85wFSUSHuo4b1yojvFFU4CiID/BGezr
1FIUd3S7bhVh/HgAD+qW8mR1JP06m9S/vAcgmalVdEsOKo4IpN5Bie8PP6BMcYBV
VTnLB5hHdg+saN58UlqObWnNetICxcHlGC5yYpcmxmbZQe+uT8ARIYFB4jlvsPeU
FUN2QDZT+35UqnZGSNat4CK4r4pCQS3lFGjbBAApRCYdV2576fU8LfHCFGqtPgv4
0JYcdTlWVNMI09LYmnSLvmZYLeKDufYXDuF6DXt26etEi2E3LLTkjg3j4EZUuL2i
mvPEiRIJHquSkVHRZP7Njg4k3SjcPVMPwp8i9jHrxbuEmXcsPWqogN3XZUFbGXiv
i4bfdzJAhDjAwrKWjLWUzFhNh4ChDeptuCqs/be1uW8O26xebnk0kW4DidmKUcdZ
Qpef2nA3e2G/tNRrgx8ogeV/FFrI5jCwWSv3rYGEgOR5az9NaffzN/uMkL6vn+Kc
gpIi6cIH6wBLo1DrSI4IGocAPllvO+iTvvVHXPSsdkiePtvRdDrLu4rwe+yUB/Bl
VSWZkmTyIq/nOwfpRX6mU6HWYlvdvYoxJRRwKKhWjE6Dbe2h21fYAOjvPkTwm8Tz
sXTYlt803yU8ipgdaw93lvuuxNMlkIvKQ20Zo5hOtGdbuq4jyUZ5o4if8monlcQH
n5xv/5nK5jAAD7ZHmbcaOoMtZlvPf5DIBfAN1kWUQlD+ehjAq1jMjo6R2e7MkBc1
N8xvK3WB7xJ2pS95NeESyDv/HyTASLaY352extAacSMlDUo2t7/s6aGMbZdjchCq
x8oc8Ez2045fKfvvNezvTjY8PFKOgzm7KlVJDaVpkDvae004GLCa1b9IeUHCKT8G
DJnM47hqBAQecijjBczXUHxC19B05aAPJU02CrlxASiG3V2aKI3m9lciNaMpksJb
/fr4kaMVwUpqZiR5RcgjUAkoSA7OHaUyNkQOL0UUFYh3Kl/+q68gpy06S0PCcU3m
RIY/Ky4rjCGXGeXhT3uOFRJtZ5vfX4cQ/cP2YZZ+kO/DIzZ6fVYQfRelvC3Ds1zV
2y/bI6wNn2BdUTtztg9Tyamj3WTumOwZ+o7+XHzjuhBjvc2P8gZOkXVOXTXNFrqz
9jNuGa8WIIRv3zRHAHCTFxazxiqeoDLjLc44YmTqpjgRDodAuaccAeD+wx+XBYLH
WbvQarq+aAbVWWaREZ81hRnuac1uxybbkV6JVFi61GW3jFdLc0oOLKTa2RBeO3y4
U8e2tqSlM39u25lzF2qrKbIyCNK98BvxotWWnogDsH6s5TF2MyqcQpq5kzs634C9
ZI/8Sc33Qb0zLFDBnvtWQzA26RP+0KLN5PeLJ+2XkjCHJraxg1HRkWbXdCNB/8s7
gZ8LQDqCj7ieG70FuUWJIPQ32lHpwwv8CU8xPTrMdfkOabsIK0MkwNv9Quv6umHR
gfToX0l39hV35d8KBuo0SGPkZF6btK9z/V/9RSgGktCC8wsb7V3KEp+C914pQsmU
XqQ9pF7tZLudtn9J7e1WdRjAYf+Vh9ro80pV/cv8VkMI9OaPJ5/XD/CJMeVuNaLS
hbWrAiLU6bjhRuuYBgtnxXPG1QKBFwqCyMzP+7ia2VNVrKPjZM6F/D8Q1M9ifpTX
CkvPX7xi2tiW+zXtAgZbmEnaMp38CoKB5KB+HvM+LB+ms5GVhQV/CpeuLts/2SKJ
gjpj7dZb9vtU1X8JX/Ek0I/BKODPCyL7ZD2FuR2qYmhgcA1/G89Jb4PWPRlsuRTc
DTexBIIygaLt5WYDqDjQIslOV9T3Bzbj9mSGqjzTFhwX6Bk9hUxIVcEee8221XRU
fZwwfkp6wlvSVKzavpRtDFvGqjVfHbHx8IGW2ILWlc/yF3/B2uNbTWFahKpDipyw
syXCwdZsDDpLFYqxrhBTY0WApT5hYsJSK3jqbBQU4RiDfjXhHpu9RLLpI/abs0nG
63XIGhiS6nN7d7y9LbkOyq1PJ8ZW+2OD6aq4Cntlm6hXZVHkmOz1h8dTk/8UIKwu
jmmJI4Mf/I9KR6+k5XeZob6Tfi0sJdj/EretoBPWPVA+lNUB57LbPdWM0K4VRS7a
Bk/ZoH9phhKRhWMDLdMTqm1kDx/dxqe7DS8M6BfgmZCtFHeQvqPnd5i1npik5bmB
ivkNet47fMpy+FnQF75Aj6EtKVyNpTWgy2Iju6xiPTle5/1FwrUc2cl7tbHxJhdA
vmDsIC74DTqN+qw/WUrf5VoUXjJfiVXN+v3JSiBRy34TF4HSsqNRSikyu0Yr+2iU
UIGhg08JT1WblGjiqxG0+oUyb7lDPtjWeck5fH/qwm8w5CSpVTjJPgLDh9ij59p8
TZjZS8vQJmp9tfCL0IALmd0OgfmZgGZEiDrsOzMSxaTObpt3kUa2T4qbzVeizQfl
thSR24XcH0maln/KhLbo1X2mVMlGN1KJf0bMdA3fjL/4tn6JNQuUXzKGTEDhVBVi
KKmuAkaZhc4Wm1QVLnbNmylr+Re7r87jKAXkg1h1vVg4LxuHEKSv2iWkWoTfW94z
uSA4Rz0goegkrbsSRdSqxnI99zVVF51FT0PdMRUDG4PdlHpNI9DEZDwJgWipU4pw
sjvxWKCU2pKv2iryIyChOTEf4rrVNKRNrDA7njq7s8czkNjopR5UUiu47TFIW5H0
ap+5+Uzl38mqbjwHq/SqhzOzdx0G0duvGc8sX5PWUOCyN8qDn5w7HJT/owvsCQa1
Z5BQUwmHmnCskr6QzUnXKe2pK4f4udI2996Y0E1ka0OClffCsNAmVDd3QhjvOE3M
C3S09VCYNAjEdO5QsENSGfdp3+xtH2JhpQUaZPuQUVUUYn4bl2q0oyAdKYnjvGtj
ag3O8gXaBJB7yu45KE58jPOgokCapn1jykmKkg5iqNla68oUqW/4V4u8EJuzY2Xm
ZgLL1iOuHYsGGCktPwR3YpFPEd2/t/lmE5pEUyGWD0lRX689zahgvF1ez+sRkm9T
/dqT/26HERXw+hzdM7PvTdL+9HBkJLO149x0o2WlYLQCo1yc6MWs1ucM5nWiggN+
rdYvFODbhCZKqJXf3L2n4yO9i87wPRQI7VAVRS8A9Yn9zbMT/7xPwdJzOet61O9a
P6iBenWdJFJOurnLi4d3lq/Nce21G3eTLlBy3iNo/B/edQbl7L/K/GZ2hdGe3xqL
EhuVvdmkaOS8RUjAg3ZR5ch7FBGgGFQDZgHdlBS9YNzIhMhLvBpdBaRD1uYX26s7

A.3.20. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9775 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6230 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1932 bytes
   ├┬╴multipart/alternative 1134 bytes
   │├─╴text/plain 393 bytes
   │└─╴text/html 474 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID:
 <smime-enc-signed-complex-injected-minimal-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal@lhp.example>

MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAE9HDUrbtMm6tMXFiddE04F6o6+6+bjTxH8s
sdumFvkas9JR+jvk2mMX6lOmglY5/r87cdSAMFq59MAGLAxpBHkr2qzzLsKX8JGc
x/nMEwX+pAqvd6gGEYtvJlEpOY4n7MIaDSXcivOOEDd2JQemZ8nCqwAePFZ161r1
NgmG9hanvscPHz3slK4QEiMI5SJ/81EHuYFZsktu6JtqrKzR7vvQFRRMwKZ+xcI5
QYSQEIMIhLG601FHAW9ZvQpb4lIcm0BZOkVk05zLUimqAN5/g3Cb3rlPzz8rH0ZO
maAO/K2OcZG/3kR4r2/mMRHnNQQw5atxiBz0bMSfPCnjjjltYDQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAC0bAX0tnVecfETyTe/YHNlO5
RkMhIq7QWdrJlsMTdIDQIe4LtcL9iyHi0+5lbftUdhHByg7az0TKs6rJ5NV6Uwo9
zH5FDMzk+Q1ry+KUdDuZqlW8gCa81n9VIZj1bnn51/7jTfa656ILTD4oF5l4TB39
VfDJ99OEJ88aca8MKwB7YQp9mQGMj6ZBHMR8qz2m8hov8t0iVnuXEv2LqBXxh3nW
TC3/Tz4eVbhsFWQWnBolLPG+vbgXy1UJl1Qc1g4qfcc+NoNgIOVsF4Ydj5DJIhSi
TObg8Atl72wKDLhnMFmdj0thcdhj7j1+UoW3xpKXoZtdU0JjLKyz0JgKZ+mMQDCC
GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDvsksBd/Sxh6/HtirTanleAghjQ
7halciQ1qTXJOovaSxq8ykfDhIyzuHI8vAv2YCDVAmRhBA5BURTAI8ByapJwuHJY
1PMlCXJGYaCJ2YMGfvUHW8KMQtSJwbPz6FuLznN5wHVEbm9rLc9HsevvFCi/HFsP
igfu6k10vP5CfLlR75bs3NY3QnFthGdoTGsta4jf9yGqYOA5wvVNQ61N8Yw4DALK
SRg3kE1cAvXmjtUaEq5r8n7F97lCLhbces9aRK2sGDE55mCGE2VR3hDSkeMEkve1
mmRBHYnjRBlqA9ph+tpFMkdaSTNiBxDbrN3tfJglSxHAwFfncx/5CaldBZ0rvdwP
3msCeJNNkTy+wkiqEN3kFUo3lbkcgijteAxSmGz2xePytwONy+Bg3/75PmGwSe3H
p35HdfqzMoHtgoyOgR9opKsRVfGKtoQwsi/oXGTvTmA3cMh9LRlL441yEjxuFKnK
tqax8Hz9bJJrXqItUqr+0kSswEMvGalw7B0GFlAoCDsqhfECwvqwoftfIIWmddcY
bd8kQhRYwMWzg7Xpo3RoH0b6AYP2Dc3uRlpauq9jHRzozzbBni2ZvGnRRausVvtM
Qu21NXdome3FNZMNLx1a4RlN5x/VXWvaU8snlCIQqcUAT8pCsrjP++WvXC0+dHIa
MgQyGd4onroTh11HeyjNmJgINh7itdqXBSDlZUMBymcZOXByB3SA7OfMB/r+3MEW
rOHNtEWflM57fvHu9HgTeEDp1bwh4nb7K7BLAmbsp8RXmWum2ZiCIpqac/NXaeeA
1sKziN9yC89npmQscQy+BW0KUxoqPzRGJqLb6uUyy2ieGuHcWfkT6v6+BZsCfWDM
wGhLP0Po6LaG1RwzPwk3z17rIlo5Z0B6abzDo9J+3NTTlVE4/dkbXfhi7LXfwJBK
QnJN7ZrPtVLK03auuN2oKaqaP6RYnFU3qNlf2azKqy2U3lkeqvpa2iw5Gz0EY8uc
GYV58Qu3YQkNWRE78lVmKL37A7RkVGBi6Kpgi2XDmpOqIkDa49Eu9hBfMseivXJm
Ym7OgfRNSiwej4Ccj750yRKr59i6TwEzrYkIviEE4sXsVMueDFWtDLcjvQ9NRt/L
0E0zrmnWX8T+yMiqJp7fUcpHjnOATpO4QHbpGU/+l+N8hT75pQkwgW6iVCyNTClH
FuziSdoSvq1hT5bUGBK0dVoHLcTKOaKhxDSwQGcb9C/+GU3wYVUPh3qa5s9VhXmT
Xwvw9wln6MibrbfKoc3P/k/9q2gNiXmaJvK1SfB3hrMt67OVALZu1QKmJd/S5yPU
7vBKUXwCqr26sxATQPqJ0Mqvbgasy5V41ffddwXMwXzH86m+epy3fIQiAPoEA5NL
LrwBQVFV/1DCMJYAlAXTFQK2tkq9B0p4CxnXbkyIDG++Py3a+gSBKmhlEkJBnYsW
5WqKABo+4k32Knds0mmp2ZCZ/tI8RTG0q3CAF6gfHRRimdlv3uiOXhF7JlBZZAeT
pM4PCTT6hpZrlNC9Ipo83n4qjXnsy8D4eS7hJgZ6zdM5E9zczCYislSqPWkvC2ew
7kpccJHw8D73e9bAicUPaXyz6+Z3C7mDEdZpJ7Av6C6ChsCaSFGwrV92QLzTAIHU
nfKuln2TArGYxqyKiI31ihSrMM/F4AnNkAAZ1hh21Ni3WCQ40qVWmbW2LCSBUHKu
vcBYJ2/kuTKBZOqouORkgZQiuSatoesjHptHsWnCVxJE/+0o0xoJphODfP516ivF
zgJ87tb000E/Kn+yUASCHg8bS6cNxnQ2995mC0wa27htw+xvWpwPfw6gPL5r4pDn
pO1SfDuCO8iMbyNaIg92qiu/gFdkIXSIAXYLABAhSgThV1wauWtdJIxPif3sYsoc
AoxVRPBQXyfBqL+RE/iSyhkeKH6NfN/f2gmfSQ+SB8xmb/NpkpA0clKIxgCLUFiG
3sWj5EY/02raa1T63+g6zO9+UcYNpeoqu8skzVPUrudhcVTZtBBTYAjA8ATsmkFJ
nm3eOj2BkJQ079qQ2RIjXk7nj+b2RMI9UPbM9fFxP5fsjoiMifNsBA6Hddlskiae
c2a69VT1LlKi2mQCgxdLiTkIGBuf6t7k5moMFeG4iKnIgi44EDYHAd+9hsuALS5Q
w7A3NHF3LXvugAse192Vq3aEsXoeQqOajPdDybctE0i0cQXLvD7e/We/3jZ5MX7/
uEyLBJgFeZCqwLzX64Lt+Z5saUQVbq75JbrmA/kLcweoJVOIxnz/nA8sX1G5tTub
T0i/nJkUkktL5rLpEgPwuOpt3ed1i4hna0LNBDNsmPonyS9nguNCMyU0VYK8Q1xz
GDvPwH7WxaVggn+3zQ0DDqE0i+XmYjuryEemgx0JC9Aki3yZbXCf5QaM++pqDdFt
U/HX4bfB5sofSbNIqhq6TYTqhJEmUuQaQzH2/4m7j8sJgC3EzQwVvU/yffiKBGUY
CeSgy+eLHEDzqC342SCAY+okSep0jgrZwsRx4r19PuBeVq3I1vcWcNPrEcjamk7U
m0gMfi8KTIiGex1He+eoO0yupXu3JI91gDoIwZCSjjq4bOlBOrvV35OjlRZl3HRI
xAYa0etVtrtBUrBLayFWpFBYDcDHlD5CwU3YpgB8UWEMtcci3qjsiBuKWLQ1tjhU
A+xXrEg4yBHe2NNPbUxqYtxFf4lA50QRUP2vxOnixOiCjd70AfWSXm52tYijD3eO
uVkKgyL3g/xJsXVA/oNlq+a37PY8sb5Lp+gc9g4NcI86ZaxBWNE+PfTTFTT7TzdJ
CVajr0dWZMhWmPm4hwwUuR0Jy9Y8nxiFES0erfL36ftqtpZbcdeK62W9EUKGD3jl
X1gM0TF8z2UHUqQ5UWq0aHKrSDaL4+Ipm3JWBxERIAWEtiznc58B3yyiwm/4Vh+L
n+9V1F43psU3KLUTZ6XkD2uYS/AenypljtUJFEEFCZtwKLXugKEB0AejSpPUqNFO
pa5338v5ocqMowr9c3ErqEJZcQLUj9TdYAry1FGe0Spv3LX7HmHr4KcvDXAWSUQD
lii1zJzQatmuwx75SYMeN3x5D7yhjYL28bJaJcPvFDbgCsHrW8YWu6+o9Xpg9rKA
JVvjtThGsLEllTA8c+HYCf97mS7ccBoL1JqW6/TgYF0aL+jnSTulcB1snBhGAjB4
fK8sYQcBAFUHbIMuxjr2tHhxWirfSkI1zqaaVg37chfkCqp/r7uMU++xs3xbiQvS
mOI/intNv4bZBE05guL/EP1dHyjyc1EQu1t8Bj4cCGlDC/AfmGJM1Zz+GFImW3hT
DZco+uenvnMhTi1O0vqGYYKwTmlw3VQGhllo6o8CUf2HL9XhmZBaA1sAzPByJTlM
2FjPMzM1pG6qj2vYMuRHK6/GvqVpHcJESUIrXzwT1RwxhDV8H0j+ygZIM2Kozgkn
Xwwanf7euqy562uxPIWP+kXKCSuCyAZX5oZG7Qx6yUSCcTV02zMOrCS8WMYLxMLx
MB1XS7EjqLEkfasgW/IzRR/3kgznp9PU5FaT7VaiSwkIL5PNl2RoXfoCAu/LKBF9
bYaaGW4FVkn/JocuQKtG7URRPji1uL/kM4sePpgRuDJmvu3AD6YjQ/6XUt4GfPIa
JpTVJT0fFH8vRpdiZ2zRlib7meLI2If6swEzv885sbp/smsi1SjNIuTgzqeK/Rdc
XOdLutvQ/MZyyVDKHzw/rG7ceTKniijS+tqcPtI+2IdSxuGCxPS0tE1dJ+DVPBS6
PfPx0uM+l4T7QEWgDEP3wGDKXyAETj9fCgPPaTi5qjX1bEqCo4xSSoFi3qu8tFXo
nPBrPnJbjk0Qpd/gRXsudKm5T3Mx1iL43FtCmNrdRhyrAMZiqIXVqvFzoQtxutOB
X5KTBb4SB/2NCnEwhZwfPaiZVU4CdTQWocffuyzi5Q7VpJGZZA2aj+FPyx+9R8w7
V7d+7yBgkEsYBfB7c7760QaVvNWdIza9OY44VioMGt1KYmj/xLoR5MnZ/CPLDRLw
V6wRbsmyuLKn5eq2lkOZPK7zRjhPmk4jMI+hZ2NA2vxgAOnP0iQbTR4ilXms8NKz
+wgvr4W6zr2h2Aa+CLPESKeo+OQKWaxr3AwBsUHgVUYkFk+gR5GZHRuZWre7KI9f
zMORjhYthKy2l/52+MFIirsEBmIR5aB1b3MOUWU1OvaWR5purOVYi6KO+zzmZGZd
lHja+wOi8/KC0liG6kja2JGy/Qrmg7icn0ScrRTEvXb8ut9Ej2/ybx0WK6oty8VH
+HnRdKfb75tmbmsM3wFCO64szakuLwJyE6qmBmWej4tf0JAZNXpt0f2BIzE5XzdX
sEbiUZpc5wk06obXxVmpluMRAJR0mUhhDWiCcdRF1LrxCYAQprmS4AV7/kxOxSTT
Uram5vArneefy66nIZ/pPajlWY1oZC+9BhViGk+/TJLBbGCCWRWWDHLmlnl/UjJ3
uURhhEu8qhu8sRqUh2iTlYlspfZLnlldZYhKX6gbfzPwK/l4ydF8JFSUTKE39qRf
hrzxsVEjpCKJOGGiGUia9B6trZvFAAYr+sxpqcYkqwNMB/pxRVT/0GMN2oTjq3uR
Z21zPhtNL6nUjUrQRYyiqlPc6OYPntu+ZkrKFJYzfHBkqfmNQtvLY1V14Y3V2vU0
QjrjhvreW0IFKeadZpYjP4uDLz3r75LJ6zLkjDEQajl/ZAdEXUf3EeA1bgncFYO0
PUTlhxXf5LrsPLydaZIetBAuklKSCBtfohVt6HIjWWUkwDj7evmi7KvrumyFePU7
4QNya3C05HgmmE3RYgrmYBDiX7bG5z1NmiL6p2vCRs+inOUMDjEelYLAIKjLWqx2
lNNS7ZR0ZyOOBq0OcvAxwvv4FFez6APBzLP9ZTj627I1ZQg0pCM74YKmssvFmjQ9
IoHAyp5Ru7W6hDZLTYKNYycybL0aKe5YafV1NUZxox9k/9iN5Kf6lnaOuEtpTDCh
8V9kxHadOFLmk3QoPZ/1ufih6ZV3Ael7XRPNL2SZ6a03/rpf6HFOqWxRnhR3V9fY
LdNe+/Xu5yBYSjoW9CxCR5YACYhGSesSUR8XZwwuN+i1BLUC9WjjNh6Gpar1Y/ll
mWDKSSdPXZUdF4iD7i9CDaC+eFd7eW370mpXTJNXyCD2jMvYpXRzyf1JC70Atooo
WAP/eNkAiN2+JDzOYSw/ZGv97Ba8Tz0oNVMIj+aZnw3tlrAmUGWywVOnDoGKPj88
IVCX007BDnM7oUjmgaCPJpGiCGDGh8+CdU0105cFUiZP8g4Mv049tuE3VVxKQi3o
h4VwVXU0qa5FLhaRgRiSvpB91ni93oQ6Qc/vB+q0sBThRpjwW2Cra5TAWfJoFia7
N3l6XqntXZZOsCFDrBs4uzgJiDFj4w0+l43vwIuBS+Z5sCl3pJANNolwdL8jEQu+
6crgYH64Ib/eJpOEIHu+gXa76XBO/zQ49X25qXDmzDslq786kzLN9QXfBhNykO5g
nkW0vxIx6y7bI0IzRrx1kP7H80I2d/JR3RwTA2Fokw/9LCptXZZ7D1mv0N11p3qV
X1doUFDHi/5TkrlmhsnP/1QARy9dLn1FEu3R4GgWNNE5+r/WlODUxh1Qmv/8f43e
4PhXYiN8KTj4XXNYRVi5Wz/wflZF71V8HbYXWLPD64DuKM9cNGlHpX6SoR5NbbRj
7H9+OpCah2Rf44N8ap3J1x82FTr6/y2vPOtdU9LRJ3dJZzYUvXe/LRRWN52R35I/
wBfTgxY+nErhCCfaEcT4SBtQFM75SlxHNHD1IHFqV3a+6q6DEgqAbYz2Sbs56qAc
8IirCPglJUIxCcUe0fWstwHTdcOIZE/2AhoSOHftKgreC2GkBSTrmWFWzA3Pkjd0
oovsv2tTHJ/YI87UX9PcUaP1u9lI0Dm78jJmM3GNSCqbWQf+E1LvXvqrF2p/TgGF
2s4gFm5yanbPUEDDOe69OkZlZjTIy11Qsor6vmwDsHBsBB7DSeRUa+08WRh4TyJX
FOLE5wpcAj9t2FjAYAEiPVOOMHAnAQFBf18SvKeUr7T0uSVW2RYFjdV3iiE2U7Z5
WW7UBG86GvttCLRDmL2Yhgp/ex7mEu3L6YgwHg3hAHWhATqeK/yKsN3mA9GA1FvM
7rI3+SUV1jfJ0/GaauFtXJnZaI58K9SnDG1bCQ6xjzgUowJjjhh2F6hHe/WwjMUd
w5w6d3cjIUqp3olkQKL/RE5ZmqP0uQIntfQeXDClM5HN1vg4UbnPXXw4d78ipK+N
2Zu9sYkFX52YcZ2hC5bMenJ1DjU4o4AU8bTdnyTNpBLG8S7Pw0gTySG9rK11SerO
qaC/xcegf6IkbkXy+YHIdplzsckHl3Dm5Bzh/q82H4YmaikExr4FqJewOyNUydGp
mYRKNeGcArMblb2XPn8ooEhGvQQaPKRtuvlXdXd6fYbR24YevWkX7Uuatq+RgiQ2
WmRo6Xx3zduNWxI7Z6Ha7ZFV85jGGikr12ajydccx1GvofrozDzrG/7acdiM0hmw
OzFFc1N2MBFW9uerEA0jyylw26TCOILN+LBBME8SXzjo2rbBFXJq8Mt94r0PwiEB
hWuk+jH+4llAEy5Kel1SXDeKfcQOvEpo/2hhrP1XXRfWNv79DF0jDxkWx4jV3B4i
WmPrWExY5cmEysXFjDzqF+8E3pR5p95nYax+qnvqY4DNzDztQ/Po52ILUsxsw2Gu
B+lrTp6qVxZoll/lHgxSsR262gMhxJZYOcCkfcQ4kMYzajYZpdqsMlUK1TfuQoNq
dsHofrYZ0sufTZ/wXZpTmKvkxc2DUaCi43iWmj2aBFYokUA8nlWGA86Nln/GtXR3
XPSCX0ZBmZ4bYdCMqhJI17JjiU2r9VkdvkaevRMsKE5Gum3NgRkLwAB/EMnvYefS
9rF3DmqZl7ilyrCIJo+6EZNTo1Ol0y6Pj5mogmix3ZMaVHmOwUCknAFcShsxhV5d
2h+SSL4EVSRn8OPWRPzYEnlu8XVZ+EW2lHI3nsjuqwiR+4PllpC51CqV1a7PHwHP
fNXJqyCq+Ru2eFMelIzBWBmzfONXniksGQHn4mX3F7Cby1v5vfJsEut/tkppEDa9
1Wo0FSMe1IN+2nNtEh3i3MUNykzYJpgM4PGuBNyAW3KInaMmQPifQN1d5Bz07fHN
sx+uRhi2Kt2dLDZwjLl4U/ZdUILGorGDtisRPyGxZYa1+pT/2RHugdVEFAytR8cI
LVsGtEL9H1vg2lzHIlFfM5oOzyP9B9eO5XBG9O70+aP2g/kNWWETJcGzm/YE77SJ
TKZakC+QgAEvfIhHRUx5obw/ekJDyZlcJRIN3wn1HwJ63USgBHMl5OfRyJNkg1fX
2P+ad2rjEyN/PW7XD6EjNQmAnbRCo3/Yamyg/6MzIu586+MIFZV3mhjXzgwZWzG9
Oz7R7hjPcaK0Y3kgOGHR/RYWW+MObEesTdCSiLwcGOaucbMK1lRwG3pvFSysj4DV
DjIhAKF9ai+qBy+G9g/rTO+J2nszZDBW/RgVz0EkOmyow/F+zPk37zavG9VUKYQ/
Az3CEO0SXCUWRJV4DsaRRMte6TnKMF9grNY/TD+EkWPKKv0rdt80OA7R+y0f6RTT
EcAG23jJrReBRCwmopkoqhFv4w1vp+OHbMxj/WhiZQUda5UP/ks0YiGSim0BG715
ExLRXkV1CtgfPji/ZRKdK2oH4rJVTWZ6ej1TOyLhu7UMWfOZyxMei49RP47oV7Na
wMz44+oFm1oOCqloOIugc2wrsFS04OiAzpLym3wc2kSF0PfnaPY5JqoeRA/D9j6H
RKhFufAKlJ4Nd/sZKxM45OgTSWjsDBX49UgdRBoakZKhgTVgNzVncZ4AdF+D7egf
9h2KZOCqWcysKEc2mqEe3MWnusP/QyulTq8gmL+p9tEz/++8ybH1vXVb1VGiFMiZ
/J2yZoT2l6wBSM5wn8lK7W+Nk9F/ASqVfOnhXUQs9uy0c9+A4Xw45wgxHQWgK9hP
2dMW0WXIaHCmqPGvg7jEa6iuJI5aOlf0/4xJeqDGfCHR2Rgv5z5K3P7McigBW/ty
+HAMHnaCLkJ8D/mBDe3ss+INPxnWPti8Dgo4Xrot1hTrdTxopSw13iG5F3i7fXuL
8ZKQFnWbzFUnhg2ZD7ODrOpjI0/pEe0C6H/Xs2ZpZj4yyhjrA7bHvNXis4D3pF1r
XbfBYGttazBT8UpAMo1jrUqP4lQ79nBKaTn+nvLD8hpARG1IYiSUe/VMpRLyJ+1J
Tk+jwqMrD00wALSsoGM5pgA8CWWIAZGz6T5YXkZxI5ArGJd4bj0YR8g7kUI/TYfn
sMZcROMB31ts24gfQJLWAqYbLI01rf0DH48FTzhE09ZHDDNO0kolViosU8i8HTI+
xL8J3luyoECvcHSQKXXNLdV56bYrFm0p+KeclsKH8kE9rQlBfLaoO5TOhwgGZxgO
g3FFo5gLqwtlasf+hXU8ZJanCjUEh1WBjtZ+AwLqMjJtsDyswvxr+c9/WET+4z8H
BvdgLI+cdV+sKOi+2EJ3Vg==

A.3.21. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10465 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6728 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2278 bytes
   ├─╴text/plain 65 bytes
   └┬╴multipart/mixed 1612 bytes
    ├┬╴multipart/alternative 1206 bytes
    │├─╴text/plain 430 bytes
    │└─╴text/html 511 bytes
    └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-enc-signed-complex-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
In-Reply-To:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
References:
 <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>

MIIeLAYJKoZIhvcNAQcDoIIeHTCCHhkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAC/zB+nn0jWI57wKmTVdRPMb0gUX5+I/CyN7
ggibIEWkRQ/Xg5h8RS74HQIHBq8apDwJsMtsEyZLnkwh/9/O+7TYYpMomQcmfT1+
/O9kt0bP+X8CyDwC0ObwzdTw5sfCpBvRC1s5wmsCG4n/dBxyf+xbKqH34C4DlJVz
mB487vVdUQ3G+M4C/P1epEahjuskm0LOIt1ZAFqPig3fI60NOAoE+169vIQ4WWbV
AYEX1n3Q+n4L9tB4LsEt/WjfBU5HQ6IsoHJ2WeNLF4bnd/qthy/qtlbeqrhPC6h6
nCEALq1hiYMqT0Ydv6U86fXu+nG+GZgf+l8Vl98hhcwJErevsuIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhpgwI1cnPotx9KvqcZS0mQl1
3xkhoArwNvQ/Nv7J9vh0+eeo1AjvC35wOwmzlT+8eoFNjdxVcab/KssfM1Mtf2x6
m2iM9ReNrTCVHXxWhjvqwGIHPTvhFfdlI9cwuMis9+PaU87fjrOCLLrEijZ1x0Ia
DPhJdrOVe88xtrf7e45JuLRJPchcjavdPW7ip661mbVTWPEXW7eJk2OBENEoEi0S
hU68if0w8bagImEKJOyvoFI3WxjcBMBulAnOKY17foyTxPKBDZmX2FzQ3de7ZmoH
HHlNV+qPLMMn1stiExGftWAZ66ld+oCMU8YIaN+Mgn/Yj2CT9R4nzCDgUM39xzCC
Gv4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFlhhAGXoQFFBU0VQo5Y/UyAghrQ
/LkVplLBhjWKm2DFogyc3/xl0LWqqWgOWrpFuST/KCrWlVgMJ7lEoFaMOZ2jrX4K
2JwnspyqbuKU5Ng/he+vMsgHM2toGSaZmPa+KmyoYlnyTNKdDx9Tnx2Ey54UGl9y
DGvSVWzmJ3Wi4G4rc4TMeHHfbHLR3a7bcNT1Sb9+X6IPW3qPAplqrwmpRLWwO9Fy
GXayWTOyw+HVshCBJz/rPziePAJp74mI8+xaZNSfN7O17F6eAXO/vgwkilOrtnm1
0krF2W+wsClWDaJDZQUTXeGWirhdiHSWhrJ+RRaQFBCC8kXT2J6HyPVwrpMKR4JP
H+SpePyK+Hf2HcTwMFwiiatmxZ/gDnG59TCtYatlrAYOIEkXNayfbAOTpRogqNE1
36ruGUw53TuvLx6xlXYlnnDjSaAFZxN6dPEQNmcW/p3HQFjKJnSQJ6L4pIluSe4H
3eiY8bpCW7AkgldmG0qRyBYbPHXHwk5GbUq2FIVUtiAYZCaeP9kcvjh7KasV4Fup
eFeAtB7Qy+L6gKMD+sQ173rGihy3RFwe8Wqhki5vYXrcUdlEF11DnTtXem9L8bsK
YX17pQyWJqH0gvIoMJLrMWcRhpVHsg+zLDo3yoqDdEm6hP5LtBzA3rlvd6DQUfMf
dACsi80tYH8vnAOJ/BO89yP3VU5E/hFF59AfzD8rkkECjeiDxsyqzKeIxLj8O1kD
t4pn0Eeg19dAJYZmeY3lZ8i48ELRDE5IJEhfE7QzagG7Qkd0xvg5QJM/43qm0sQZ
2w6QBnBpm9SdrHCT2N/SQhZsvGl1ah4McdNdyRC9VtuKFIGxU0DMd5qVuRZCp6dq
ORWhw8b8egfN4D/TUOoiNVNx0//s26h+G2jZgvC7XSAgmKyF3Ivh07OPqtyz124z
sqt/ee4rRpIi1KWLrZiHwAuZbVIEmSazCmgX39q0BvaORTXjKFpaCkxCIPhMV7L+
Qq6y3LtVxWHtIyyfoQNTti+OwSiH12eTU0oraWpgCxI/IF4U9dInnN/xP8yyetdT
x2uG9+hIVfO0zvay0sCNMWPN4pyG7OigfqAeCkwzjFjV7/kwwe6vlEh1mwvDqZ4R
NcmjdHSU2tsCd4IhXkmcP77UUbGp6UtheNxbeAUTsQtMDcgLJYitRV2ndVOxSmQc
UD5KzymuUI8Wg2us2wSB8PZBBDii0gjEBJmReQwHwGMMkcBHm3zxDU/Onr0DwcZv
lDmqgx9Zpf8yLSaA6WDqIT/SU/dar2gF0N0Tvmx0gFiR93eaS1Dntxkb1CiGG8t1
5sKwJ8HYNf+4Dey1e72vsVNo1WPxZHBH8BAXzRkXD1r8YiztX5XJhIHO5PIqApse
q/zLbjkN59G/t++Bc0eg3KoBJvaF9JSw9Pm9ta9gq37AG44PcTXctwK4rtv0yyQg
D2cUKwIWVNrUei6cqSRmnG7o83EmG6y+0730a8g7OEpksZ9TM2pHGwTI/+CW8Cf1
o2UXIE7HBbjFMjYEYXGG9629kjE51Ez0ChSfg5xF6ZyDUI35YY7mltwJ3f0SYQgG
wWpE2a0uIxSaG3bIkbwcwThBlbpuO2w1nlqNndglQVxaaBO2wO66zIuIYqzeCe/3
zHEE0DOq5XL+eCIRt8G3cT5eYcKCafyPkrQagGlFDIPis76awxukHBpKGpn38RQ+
quvARDsEjo/iKRl0ZFICCIQbs2Cx0TuO1luhYMjfa3//y8X9p9ZBGRzuxvBu2eXm
SsWfUSYjMw4bra1Jmcf6dqebJDVQ4NQs43n0k8kPRUb4qxlfkIJpFcbpmb8UabiT
BZzzjm1gDwhd6nkq8NhOzoDmZKnDw48feY+NnLpltXMjqMugOa7KLGmNPvc4rFq1
TW5SD3Yp+wH1sdAq46Je4WLRtYvb87fRPz/0fXIl8up+VVMFQIL8BBRhNOEYOcQu
Eg8xGm3sTf8jxZP+8Nbfibwr9Q/3aFV+fj7AJQ3RDDgm9neVpOqwNQ28OtrFswlB
GW5V2kjy3U5LrrvKMiMuVQ3Xk2TQgZZ1IsIir7i6NCLa0vzJY8QzgWNMqmIGLHZg
KUTMrg1yhwbJFaaO6eM99zS2Wrf48KXmRPUk0clq9UyTfXcZsC3zTv7hILo8Jyes
ASV789kpxXyMvNyBcIcOSL1NLUeb6sdIZUMi1aR42ryELCbM3q9RLzVrvr5sRV23
fwKRLZNwUaAK20Ex4l714A4tN8hKQnqT/KBEUV0FQzxY8o7zfwXpBCV4AYCybvPl
EVsHUGB137G/3p+mFfzlfEsJSrqIEIMSIRNIccmRJGNpmI+OwXNda04sWLc2gWYm
gdJR9WLH+Jb0nhAzrVBJgj2VgYBuMi3LRQ1YT1stq0LASfAoarg5c7Y8rH19qVuZ
AeiOrJ8xQHPoYcLxWT5magiXtxWXDARA9H1uq6eqhTDHNHYC7HIP5yoN8w195XV/
OZ95+LVH+7CYCljUjBzOoetB8WdEfa7qAsjL6qhUIhzHo/VlRkbKBSj0h2nmH77Q
JjhOW+FbSiB6IoNlIUCb8kyQ9xWMEhLgdlcm5ZvEnFoKJZAUmQXq63MdqlwYIR8D
WCy2f7KLP9Po3UFuOrVbpjqmNWO4o/Pe584gam+uX6gfMVSM2cdAfkV2YWCmgTwq
RdQZ0x3E2oJZnnjUgLx6KHndgYRU1KMd30z+cgao+4U4bHfZSjKQtnmeQ4+jNtFq
OCTO+fLfS0j3wlXG7NBXDdibeS5ZPJ+KzumFR7txFAueKMbt4UA+YvlOD12N6kl2
SrtREk02JRWbn/YTtSSJT2MIGrg9c+HFMr0ik7THx0bZlCQNrsoqm6jZ+NVyaPvd
EdzXXaMupFomKXiMJTeXXDnQGtlaUn3jBzn9Olugy1P4Xz7gwFiZfN0ph0NqjDIw
u6j6I/FPvJXK/TLCrf6+iOmXawf5BQBVxzAfS4Msbqo4NH7Trg8Gc6v1p0GB1NOD
efJABG61HExQ7JVQ9K/b7DECuQPqUcLW6nhFP2sjWF034ICebBN/pt2+tY/eaaau
9RGPcKMVkkWuTIFHn9Lk7Sqw492Flh9bV1HEN+UBahcW0rKFlrZkUJqtGGiCcsMO
bICmiqLQiWoSYsPB5pT3VFPu3R49T///Xfe8HZHz1ZpVpfcobDemuM9wZGNOej0i
08cEX/hLuANdCdiRsK4rWs8gB7u4mvGqM2ZUxC+QGkp4Ao7OucZ4h/V67MHdOTHW
VUHrp689r3G9NnLrUrux33R1VZtMMSwIeMeP7I7jm8eOiBSLfHOUkptF1NFAtlGM
+JJvS3aAey2rLNGLw4/SoYUCnRgiguHvlD/fNljIeMx6pGIW3RlK8OtR+CXKwtm4
2Zfdj/mDLv8A4owJuDPT9aA6dzWOHE0a+8G2Fn6Hn5jdGmmI+d0sBE473AzbFUYa
W29iA0+AWS/9hnB8M06m/w0G0Cgqr1+OQz+1KJ+6QRDuVJXcXN1FqsIZowQ56/O1
try8d/dcNetdckBHQuLY1FjY6xC6EJCsJQFeYI/a9g2IIAH2CGJVm9rNxzsCrloo
XTUQk/rvIs9NENlhOPlJsjB639OcJ3GLcLdcABPfSWsj7dzBjqdZngyktA9k+rbg
TXVM389FjhIuCOIgHeD94pPpeMmul+yc1CnqxK7DoiRqwgJAoY4CXVjIae8Z/Z4G
S/R2VtmTRLj21UtRGDfpp8uYehNjYnkBbS1yt5/2mNSnsq/Q8gRFhikWX6t1m8Y5
v4QKafDWWQBqU3xF9MurToO43+6UMIrvuKO/1cJle+g/q5PQg3/Cnx0oDRJdnmMD
mvHGMts0C436RZCCtz1xZdYM79O6fmfDM1cmjM0gAqeatX8ez7wdvhrHm6pipDdW
AzsPfNG0+Tfke7IzSAPmFyxuffmMqBx0BzzqIUdni0wXOivPy/Vlt9rTX0EPr3Ck
e4VtrzExz1Axc8lN90/bGf0d8P3iNQDbgAkQHURlxfOvJslOs6tK3U09/36shqQk
0x2j0isAmQXHZLUCxrnfUVWsPJ8iMBxDPlsV2ee3M3YcGu5XXJZYCXl+XJgbUWcI
M3Gussx0MfwwjxLUT5K4c3j9HB2zYPORfRUvZOpcUME3iEXAo4s3pRqLynbRoYTJ
LYzSOPb3ifcKQBDzUyATi3MgHSZWJ0F0FCyyZnkGaN3mbuc/bcPhx2/3578iHJ8o
hKOxesF+l0rpS9VurYe2rgxOY1KCYxcqF/OeoUfaFvtv/Wqi6vr4DFXoUSj1H5Bs
uQ6BXb+Zheul5qnx2JhpuYN2iGYDWk28rQN2K/JmFQzNAItKIDZG3/1XEaRb1xkT
ZK42IXCuE178R1/j2T8usGivOqmTMsIRrvEFQJzBJBuOAwcyBcnhRfqa2jJSBKNn
99vDNOhWfQBRvDMSZfHrK/Tu1ra674y7vSb0/Rk9ygjUAi+rV4C2hM2F7wZ4adyt
ejdZM2iBgNgCuLFd5GnOwbALqZgxD2Ym4pes3OfexsmQqmHRKAQ+l3zhJfOKhUYx
9VORuUUDacAv9Ho9StvkBq6T01xfqyAVHhr63QXGj5I3s66Aa2+tiIcMItEuPrKp
Rb40WXQUdUMYy3LwoJqGjdzZPL5Ea3R7LM4KFZRqhyqG72WndyLxvANb42QWADFk
4KPYY6K3CNhPP1Kfpa0FlTsirv2nxkaUWNqm7oqFOhoDBBj+ISP72PDEEGju0mZF
ndEKOcx7oI1HZdS9FgAyE061liam/bPl8DLWi/57/nbNxKfK5WEMLHLEpFs6IBKy
HxpXO5cl9vA2Dt9X8UVfFuEcZd8ATe7+KjUD6y8Lx50Q/I88kBPRzZS3nhY/ozvA
SXZ+Zxqi4W9hYzHLOC3XOX/nXwW/ygzr0BkysxFRZ4L2qo192+1RkjmSirJttZCc
l7McK7jLAWIPlNoKJzVghZK67VVLY0jHM6apcLl5AVoG97ljCxWUIveqyitPcvAV
nMpBbEIbS4zGEnR4GByckP2yqV2RkeqVpEFQzud9HUmwon5UqYiFQX/XsuWorY1L
2FHsc1NtbBPzv5SRBsoy1vTQIZw3ULSURd4rfU/F2gUllz8zzvAY/qkkQiO16eh2
6EBLOyc2R8gMVDyAmF4W898+bWqAZlrivmR6Uj316tofX+4fbil7e/V6iZtM9+OO
voOp9bktOUMLPMTQSOSVVOVoBA1LxE/4lUyeivyRPhqlk5Z1RWgoCrXOxdqsG4BX
ltGUl78UiN/kwmcd6m3ZClbqPEZF5QzB+6RkMMPaEd6UkqzE0FRfTYtHMDs0xOvR
aDBCjIaQRjPy8lXY2NEjBfNnBPlhuoIae9y+5ThWiGUU9RAXJlisfUeUgQw73nd1
VPjg0iKbVIuOSaeCHnYjEwHkvc1KY/J62vZvDrHfSk06z8i07+0IGDsPK/bvpsjw
W6ElsSPlnjVpXTfML36aN+u3dYNjlfW9aX1Mqqc/+WNl/PcukeMbYv7EJLkeqHSK
dJk5cD70xn6lgEe+wQcmbvAWZ3TJmCxLJoWlyisUWr8m1OeVlT6w4Ar4ddQZ7tfU
96WIRJmKYJFRpfqcHiwAJP6QgAoRZmM1jFyT9BOPxydJtmfxRXDecv1S7D11oLlw
16eOZEVfgFB+OuDrHaK5iXSMe7vXiqOnuLMxHgAXgulZD0iPZL+nkUT63hM7uDvM
h0YKbNE63mRBmjXApCgBl6tB1K8yj9PNBHh9C6i3SznAa+YTJb7BxGCqPSkjTTfz
fxkvCymv5VxD0xRz73f0CAy3bqqaq2jQYdPrNI42JPoBKgjWeYoBSbj/mGxRX6Ls
I6jX9uEmY2h7wqn/sY2vPx9Pj2p/cmmmR4r+inEw6J0O6M5gDFh27ssY8vpMN3vY
Mws5ZwqJSBdF8gGHHcqAzfed0yCaevOVIqdOyyb+dtg68aC55PKV1PGky0KdHa6H
ERNAq5xVStPLvtr4dotA414f4/WRQg2l+AuxVGDUICxaRh5oSPkXWQMYAwy7oKoa
4I1UzRKe93tiGH2NNZXKDEyesYk9rxIO2fqz6ON8M04Oed6V1LqkJdSmLz3CqZCf
TZFXuLgLMZFNkknmXzoaOwwDsmO0fPBmzuoiXCUOzOjGNtC2kVmPC/bX+EZu+GPw
IbOdskU1U4+kVNP0uhE9lvOEwwEbkqpvxhUL18N72XLkhJj36BrUq+WbMYyraFgF
hEyEctugebCv19CaCS1nx0A+SCfAF3q2D3oTwjQXAHnbuQhAggTTc0GsWDnre+Oa
eXHIAPbTBEsPk0ti7t3l4hGapCmfzw1PEMxPHJLoIBriL5+ctj5Om0tdpKYHGm4b
dJvP65UE6JRY9PTuC+/lTRii0GLp/QDd4IAuThgSbXCfMxmIoPP6cMboGm64BKoc
Dn//tXU1OYSntM65z9kzuRTca+FA8biAkUG1OBQq/HempIF/l/uroL5mMNgD8HBf
7T4UGrtArL1OG+GPhNnXiL1lunnMsgAKXb00SlbTCtiG8JrC6uFmCYB2r6Ih7GIQ
EQWK6vxW3RGLanVtlpQTEdlYC6TSsA7fThk6xOvvacHJc35wyogStNIT1BS1xnvV
rUnuTSlDvLCnrBAuJMMLOoG8m9POcbR2v3Wd0g/BkAXEZndsxX+jwfT18haQJQqr
Ii53EgmJEzN+dkhs8rYZple9zhRfnIntwvKB4wvFu3HgKD8a4oFEF/OCNVbCG8Eo
fNuJ77xRVzNNytWMN/BSdgq9MH0P9puEpDPYyeaFOZQcCqZCRSL/dSgyRWeqgppd
xyjjTXvucoR2c2pDLeI2MUrT3Qa2QBhHOlgVLDFWD/kespr8jkbYl9cM1nnJXWgM
TYNSn+AIvLnjPyRDSsJL5BWeh3UkRxvnYMaDL0SqEZe27fFIlLMEXPKkBisggpeM
gz3Ju/0B0Ot/ZlfqnrwEaS8WGTx/yxAwf/l1jfyvyHzoXt56fAEdq7115OMO2zLu
W/X/Ry5bv5Wl3I+a8PNC0TyOGS2A+U2C9OEZP1woCAj7DdmXdyetKRWkcABk+R8e
KRBnIZBYY9ufMcOeKlArf2S4x+CfuXtZdJL0tU8/JvDNYTeJLPPSmOQq+IwO5uS6
VQ1DD1yK8V5ynKOdqcVrP2TFCYX1TIQXnS3tk6L25l87Pt2PJBgjpr/LrX41qSdM
KfUIMAHKxA9IxDzfSxnhJ3K3l0kwYR5NNGpIR3KF8iMaVM12hfzPHuhGqGmRWz8z
ahPKQ87SDi55gUFgEyv7xKdyKKkMGShADfuS8orLlXaxOtmFKrf71HOGbWlCF/VN
wPbDc48mSPEciIHRdAS2+tvHJ1HjrEOAqNrdyOrsZz3/PcpMSbU3BhkPG//1yl7B
XJ4eBEiHp+IoSkH0Li/trO9ea/Eq1s/8yvJLU9I2mELlFCASJBh9W7jc6tdVzxdw
PVpXm/zDLyqsnDkCP4zvb/l6h7IWNBSlsjbIMzz/VZi4EN1zAINFovRikvdUxzcM
QWXjLmXT19X28iV8nuLZjueceeydvjpP5Qacj7WB6TEVHbR2dvMvuColYATbZ5IP
NDUyvEXlgI2L0fiVZpjO3zyB+cykMUHe2SACwaiLnS6m2xl7lP1SMl/Ivmjrz9Uo
B0laA6uv30t11YX/FtOfCayEnX0MXKn0QxTIWDkVIqykzbl7fnli7sipcxyrYKjL
vuUoTs01FIZLiiR5f98FSh9VgRcaURa7bM4RlpSVrIkxDxj1uQkjFTW/fm6EmYxZ
U9uXCQMILgp2exD6qY9UTgTS50ZYTsGuzHUMShpvy089IAWafd7MrClWAAgJ9TEA
2OTmeW0CUhpsuU7SRk3L5khrRDYUhj0gLHxjEPpBnk9iIeXDOYPTsEix2aOXQAOz
sMxfuPy0BLk+b0AHmp/JvreYA/3Fe1OjNIDHXSYJBowUwrqnJMC2BQ1ZA6q40hWB
/a7K5uBNRB4wTUVXXgXTjRM31F+qjYfYGf6Gcw0PVlgpWCNnUwN89omFEON3Iydu
7m/40WGHkRvY5DO6PEyR38hVnnlcmxMAI/BT3GopBxQSdEpym2uagH6UeaIvFkUM
pnzwM/XvkQJqy6uVjiVLwADPRuxk49k0FTNKY1XPAC1TVMbg5JIn3lvA8MTZonAT
hMX+GjVBx7oHgtF3g7MEjdoW4evc+HieF4JmN3Efij5+HWv0Olo8kR4G+leYrSXG
qk9Smld4N+UX4X9PonDtC2hxUs8ojV2dblyqGWgl0VrBQhIWAnn3e76A1km2fqEX
HrqPRGdkt+QcP0BFP3dec7/YITy6Zy4PodRCDBwf+IVgK6Rm9y/bgJFuYIdODnOp
wpzoP4qSK9pS58RuBKZ0iAV4za1UJ9QxaPc1nkc6DnqeOufHz6WR/7IjS94paerY
XsC7ly0HnwcwL53zhKGjsv48WdWwXFca2b4gAVuC4HWNFaQkYPUtFcC8Ahmj/Mec
L/TmVjEKU9IfStmwvzylTvHhnbT3udRVKXPKmPUyImaQyNU/1qzvdomRbhSJTDRo
b66S3GBWcFTLdLt1lfZlQTWgvQyu4thaxtWQTtGMX5YoOLFsmDVahsZjoqikKvbX
CJ0YhvEqJEL4+sfSXMRHqtZbOjO4o18I+wRKp0xq3yzM2rzFWsoTAwryoBHxzLvR
q0LdDURt5qXmNDx5+GDiaK85QZ3KyKvhKkd1Bqn/GP87dAc4kk3T8fgTEnh3TOXq
9ie1lpOQsUgrg6ad7jDku5N54QLEoJbKtw++9HtQhpjNWemYMnR+WK3Rh6ZGjij0
hulTG4WkDkLQJBf94j+F0e0AwAGPfR150U1w3fehnCMW6qdV3TQ2YqZ6aL0XoonH
5q37KcgoJk636h+qXkOKikxVCnwCvMcnaF+ZQE6IwmgiV8TUYVVbSCrtL0Dk+5W9
T+ZGROgZe6Ro2g1rKYVGU/D/MpqYJodUNII9AOloc2eWXuIXdGd8CcJADmDJP6z5
bMoGLXudivQpm0hGScHvg0s7A5KUuSGYGJb3eGuKh1GARjkxW/pMbSwpMmob5oMR
UCEA91EKlSWVsYT8utyarh+MHyzSruV2+6qC2n/WVUTQ4moeDRWWDaDiiu/TjVIU
WkscDMV9SU2BaXDlYG/ING15oGkjo/xFxXIF5/eFFXUo8PQNbI6iI/WVsuQGHBMQ
5RYRifuLhgL2N55990m3oajpGCQW/NODMbfK2aJqvcNsgs/5+hmuQBMPN/sbr/C5

A.3.22. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9730 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6192 bytes
  ⇩ (unwraps to)
  └┬╴message/rfc822 1956 bytes
   └┬╴multipart/mixed 1892 bytes
    ├┬╴multipart/alternative 1126 bytes
    │├─╴text/plain 379 bytes
    │└─╴text/html 463 bytes
    └─╴image/png inline 232 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500

MIIcDAYJKoZIhvcNAQcDoIIb/TCCG/kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABemnHHf75QhIl2ZGjel+3wmhpKAG/LVZP+0
rQgw6ZvFFxGLNvTompRv0NrYzBGh7tJR3lr721cWSQKzBKtnpAind4NjL3EAO/bX
4hICimMlE3HWS5LqmGefPGd8vhuxP9eAjXGh+RaGp9YJEQOCptHAEeHHYnGV0gOb
3dQEJY3PAcn1JhIX0gPGIbPmjbqCgRbC49F2zWBJvipWADfQ0CE4H0icrG/GoBo3
KbeAMTV5CRmyzb2dbHdJq3MqM8cZ6WfoeeJKeYSekwe1p/KjbqXhqtnWL3KB10Cg
y9Mzr9Pn/HOeXgB2utuszGfi8n83rihuQBpuWTKPCgdnrGoYaXkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPRgN6kAFQanQSKXPQSUt2zjy
aTK9dJDqvQrMrgWz6QjVGxn4hAPnZHoEYhW1RAZ/q9XkAV5UQb3U5fgZ9IkRwTy+
V2Gu2Z4AWIAsWx0kRkYxcu/h2JlYjOgaJmKDwTFzkg1SrgKgre7OvivKmGfrxl58
D6IWTY+8lTkTSwPMFIeyv6is+IPsGwdz9O+vYPxxaap0sGOCtYKAqwkqRyYaOHH/
zM2/OyFQ70e/SleSGmndLkodcDQV70VJeznDoJ+c55sJ73aujN1YN8GWL94ZnMx0
lKKCeOG3/gQ8jBoDMdGZBIJm9y/1ITfYskE+SFesVMJbcXGT6il9105lrRLhDzCC
GN4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEELPsK65V7wIe15uJa7OWzeAghiw
mRkClkXZhb1LxibsQotZWBEOBE72+pz9l3DXSIkD5Dvd0r0Jc21r4p3Z/PxxX6f2
fMSxjP/an/OcfPq19DGzbLon4NThL64YLmAjAWYeoP22DJZNGirpvUXDyMdqR0u1
egDe78jmp08JMy0F3p8v++lkQhOu9WZeg5JZ9yJB9x2BJwnve3r03X2ixRQCPQDc
S9UCcBXV9zIpRjseHhe8yhLimaIqcI8Ug7yqY2gM85ETfzHFX/KFALO/hQuZJo6t
kmHxfsJ7WvowszS4n1Rt776ooXRW7iwWH9xdi3NIGFilJLsbRAzR9g7Kg1V/I5d6
Nh2G+fD0akyrytsW/lKg8jw0Mqja/f0UFEvTVGTN6D4Yd/I8c7W3CtQke99QM8gB
N1A9KOexpivBPZaxb4MG9Y7UHo0l131XIQxvbBlUB2/eK77PVKJq96NXusHZbzEe
qmGM0/GAEccBQI10JHP/i/ozD1icRENY+v9iNJjBHIfLQuyQlxqM++FeJoCU2c0e
ZsgVGlTvjl8C4XCtfh+9MxlWdpldoaTNvpsmX6r43N/TF2GaEyHU9O//bDpCr+Ck
G0NI88+I1oJj+e5t7HNJt10BCZCZ8NkYmE0cwmieBWzIBHB2bp9h6g/nzgpVU1bP
37++dp5EOFf92RBfL4/wEXoeKs+iA7BpJbWXF6AytE+FpcH1K42V3+p1CBlkfiJ+
KaXR+EqmztZUBgUfJgB0HioauckrGHuSL8Pb+36j2f16yHsMCvOemme+gMtm2Vbu
YnHvx39UkvFMjIm5DHhDe2IMo898rc5wvri64HkOltEwgJWS7zNCU3FINVy0otUe
yYRaGD8vP+QWxEnVV7T9t9gIoPKdiMUXmzE7GdB0NgSew1PgTYeKp7JD5xR7Di7l
5G8Sia5KxFHMTiqFQEHIQfRCd5ka0pSREu24A1oqhH5AERlJQlIKYzH5yzur8jUp
RYprPX0VJ7A8TWfcpETQkJaH9n4iz6uv3AzXqziQiSYj9OqRN649iuIWALNaVsGA
xEVOgem8cBkx3TYOFyFTcrbCgiQsUHmr+CoemXL2lGZzYpeMCtcfl8J922n66XA6
tc8hLQ2zv8T63MkXGTLUvVKb3gDDHfs6q0Yy7ZUyk4ULUsVne4bAhDSuC5LdGjuR
A/8V+tpElFfC+WcmgkNpfriJWAobaQajXyKfmpJCpn8NSX7UDy0+3Gqc4SLN3rU9
NfiwB9me6rZOe3SJ+8gQUvtJ/r8pEE3lfSWDxkiLIcuHmSLCAtJvOxoHUXy2WhFL
gHPvj2AncfDF0Uz1WAL++mZ5o4eazqFUf3znZJka4XHa8ge/5NsfF8kGp4Imw2IL
BNSa5p9GJMvMMMH9by5idjxhzwGSEmWpXgO10DatC0rAjrwNb4MbW8w5L/jHe616
qnKFAn07LGQBxRLmymUBTfkDGQzgK9ioV/z6A8aQqPyFmWwCGr+AyUwkb9RCpdoL
B+nhHWFuwdoH4q/J8YP5AxKWudtipj0s45ABs9OWRnWsmeGlR8Ont4NuZJOdpzAB
fSNl0PXJP/bJFfDmqsRt4kzp71nSK8IW6Zda/NlLlua6BBhBUUkYtW040/b2miT8
iZU7+k4GN/Apg94Wq09JNtUltma+NZ7+Sp0gRp21OTxW7pbaibpxqRv+YvouNjuu
f7+oDSRzjNSVinMbngLjNMXonk/dxyFVpnTLCqItkgGEgFSq/90lgpWPi5BU/sXG
jjkIcXyPn6nmpzCHz8izZyPLO6j3H2fcoyijuiVeTQ8pf0CshykSbZNI5yfpEgwv
U4ZDdQFih9VfM318ILVh++BIXu4qNq8YSUaMF+TbjKZY85ls8i4x4E9UbQvG6KDS
gh6G1yBmBetkNO+JQSo3v4JraMTsfqlngVXsSs7MnWgDAPpmQbSqFWouXGF0K/cb
ZM3uc1nU19EersOpH+0d9dmYNUIXzRbN6op1prxbeY0A/Wfac6XtGjmn3s6kcVKN
BkrG5eZmX/bv0YNkirtILqRyLg1b6/cCUHMBWPzQHvqrsRYCJia2pU1pBahP4fFd
ubUwBL+Y163DF79VxGZIyCCLT3/6mlJIK9hzxGPpua9RPpRDPYRWgjI9lKnUHNTh
SfO0dKNfflVJ+RFHdTuQKzRrpVjmVgU8nIJ5OAqY1GLzkL85oS9aAgVz5Dz/Ub6Y
RYMyoreYicvlFJmg3+Xz4TQ78TUfDODIxXvajAr2nvrGNDKd/1zs+UK9cD+RyqBw
pyj8oswX3mfxUxDD51CY6eu2uA2XkKyDqB9+9o2qMpAzn/sKpb8Gufs9+w/h3fYq
wN438dwrgm3QmrbnnKd5DIiGN73R/sfbU+jPdBPt1+mbEcSuQfOpn248l1XXfkC+
AqgOQt/g+zVzEarovYShdrzisNOGWiL03B8I3FjMPORuDOL97ocFjEzODi9qB4A0
JxNkOWVZSKqlgdAPsnMFV6VJsUzY4n5UU70CO07YaYhUcTNDflyTogDLXdZTZ+XA
seYTmasKA4AjEi1ryHc0xakiCwXnTREDoteMB0PdsYfETV4epJ1Ulp4Dvuyu1jst
LW/z32sLvxI4Vf+0+zhdoSsVZbLccdRrGpZEswWl6jGigJnfzHmv/49VRbHk+4Pn
34xgC6w/oCKHHT4nMxZb9ZVBOONWmPu+pJsv+6oR/AEup4RPFRttX4Su8WoKV5h1
FLex6YsmBt8Z4EWUiJ1MXOJ7mLsPg15+unnWWrka83zLgjYKa47PKmQtXRgY3AO0
NnwuF4h3tCmR+1bYmQAwdJhph7ZMS7H2yEBFEDDj7ZWZMinYn7uWLYRHx8hQJTWj
bxg6I/4HYqav5AvpaDw+4boD1vHkIQiWZcDCKbalHSrUkkwPwAfRcaEFFtVaHrTI
Og1NXqKY82hT6wuaEZ1FM++S8ggsOzphHGHzfYa3od1VNFKDY7tmBdZR1UEiYFJu
vuqYfrR3HnaUXhJ9f6yNalXHluAOSRpkCd8mU6xNcZ6WFjRvtR/wnIUbCHRMB9qu
NkRzDtXFxpzOc/OM1huFXkvkchS998RqIiRBzbQn3IJnuqcS42SadtmzVPVFcWYQ
B/XQAEQOqxbBRnxGuTIQO66lQexPgZSdDWOYBt0iwgzvNo2jhw1sEAAgre12U0lX
dt1D0NX+ng4MSmm94NQpOUyVubUx2gOdktIeCptoZ/JVZ+52Pu/3pEi96QW58iGY
yQVrTTxMNHCa7y8EDgwhJCTF3p/+OBQvy2WeAxbuT7eJM8XNAeYl2h16qc9R2BLK
JB9N5n+tP1BOeVabmdYDFK9dxuR5OdiPe6p+5Oemjqduphq+THutCTMQLiMdbw9p
80t79H8ghZa6Bfp4MiWAZR9jGT0Zwti3eC9hsXAA2YHvwPjO2WGQTxVxRe4Tt0Ma
g4FQ8dlj+WhiNS9Trc6hHy5iyaKf6n/ElVbhzykB+6GVMvu59gsgh8nVlERNc0te
V8Kge5H+nrflBVaXUc9kZDWcoawn0T78dZ9rdZYhE92mtWsmcqHJzKX/w2q0ysP6
cC5Gr6raTsQRI6YM7jMgQP2RDCqWO6FNZ2oEjkR29Z2ILJ3I8O5wyHzjc4wLIIIh
+g8oEfuQBDoJDKEGA9oP/KwO3QdwCiL/splag+lFAnQ7ZY/8V6/ODPHZe11dX3Zm
52H1sFC2kjZi5jrrmAXEYfgrQz/9StGReHiB6xTnt9qNe5hzkhutkU5LCdMch8nh
2MrEghbmoCyDnMOGTIIs1MshNYR0N4akI23TtSjbxxc6tQO9KjUWGc4qBYBJMs4W
iyCYwDVIuO9W/wtEh7uHvFwiiUL4+wfVv/mxwdSCIl4iRxBbPWgcvLobNqE6Ik5w
kFPsfZ8Slba4EkRlgfjK1c2o3c1khnFVJaHCbc1mKSGOO6y2WKasLYczbfyfqv/G
vmVmF2SNmun6N2n/R6Zv8eGmFKC7tPx75tMva6+33+uRc2kBva8kd8pvd7pFHZCN
81P1jf7+Bz9zV1t9sal3NPwtST3CSlRr6fSEYKGF1Uc8K35ex4AOlAxAIGn4PvxN
8stHYQ/rs/LuxYw3AtFOGBNALeivYyjv7h5c5SMH5xgIUD7OD7WAJkSI9EAsxKSw
c8FZieyl7HSGzY3Zw9UuYU5CEbkLznkQCwbsG+g4IU7dIGko6tZNDl3TbCG7E1mG
UzcAfLlF/lC/fdVJCgseGDLiBGkXu/CsN7iS+qvRKOBflryc2fYnwzc60FI7T9H6
Rn1wpjWzX5FaXu4MPnMl1QmK+rk9R0xkGoYalw8PJ2hWPQYbui4igEjzIj8fjWn3
L2X5+Xh+utJJjqwnDZWPCgOVJe8ALGXcBm42K+YZpSSbh6urdfpN2U2cZIOUHHbG
+7FYUD/BbHZKEc4RhZ0PDI62jm7XmK39RgFWkFNEJx7NR2AqMcrzabBn6ThywOmO
XukMU0t+IODdxCkv+Eur3zD6Ckfp7nVI47jXuV+7lRThbgtf/vBsiVEgY9UsRXIp
KXR+BqXZKU6eXtVdE9mFntfpJgzY/gUGVUAC0FnkPCGGZ7nJxwBiefjogTdmwumr
OpMhPLemmKcyw4lhoDmEpfw6PC8V7Jf6mXvk7y/YBI3jhd93d4MWGrYo6sfk40aN
ipOogZChn1vVF/m9dhJCpWwYAHAWL6hs9aBMPgAyX1Se4yoryvpwCICQqTDE3sIR
FwSiM0FTJg/b3kNXbqDL2y/F+MD7GAj8wkTAfzdz5cF0zDwGEYI8VSd/Fuo/8iID
LMERjH7EBIzrDRbDN7y/hNaYW0f2IH0T8U+IsWMrE6L0M9GrVrla8+5AqBfFQNeB
0W3hiJVKBuWEAj4GMEbe4ui5brMgNMQ8gmsFSSChpsI8DDOuDsXT7PdBpTGluPR6
RFXW5Wg3NAVjB5R+oTTEDiERj7H4mQQBkQY6aYsjKgiqUoh0KMvggBfQlSMhoXPp
akeggomPbrjWDTZB7oIxb7+5uIJ/E8QpV1RSpIM+lkcEKwOd52pNGmFdYam9f0uB
E8fDDmgEqLaxpH5pT9EHCK93SvSGpgknz9NjU7mo4BwF36FW2fQ98MmnqCTppcOP
HMEh0PPuwbIPwMNXYJgtxIXVVOXHcpXPZ8Ma0AXkm+GbQ/bJ8DNwhCjym3lvnHid
c8zhr2OqPyyobkxgqqDmXd/6j4ktgbE6Mj5BhGXUlhPJvaM3SMYSK7glVMzJt6/0
l1P8Jj36d3Xuc7Q1f8DYQbug/t2+EUyaEFFAMHdhRBT7UVARIlpsLgOEIHQhgYAp
jbB7ifMNNwzy0Av4Ljw8blaTXOAiA9XXbXxUA9cWTehM+q4aNwpC62qpIYfDsiQE
1PylVVLaXp9dvgVoUx79PSYL+IK0oJVBd/8TC+vxrbE4oMJvivfKpRjvb0Gs+df9
pGwAyquOK0Mca/VhDTj4iz/wRfVN/XyxlYrIqL2SNDvZOK4XK1yoM4Hpl7VR0fwS
tsVxDUoufFGcOGWdcxa4G2xFQE9J8PI4zt05aTPVU9blGobxY2h3RK1ckPueqzcN
YUIaBCLZv1tWXaq15r09dvH/77Ft2cij1UiWoSJqCsUpGqaupjYxm53Ccd6GcbFC
26NoeKqn65VNLhBo+fEiN66igZhLaARY8pqqs9vFJPFXiz9iWQskIXul7B7dy5oP
+ZZmb570ZWUWyCX95um4m3h+OpjjzaKL3NGiYSIZG6xmJipZEFBj0Pz7oSVbeG4M
JmjpQoLAyFuyRjjDw0khwxWfURov9+vWTTzCriLC82Y3bZ+yMsLQzSVRe573LgWP
IHBWKHQCzAUO6OtKVhk8kzOav4cxUqjt2Z7iBTLmOAnBgNQQ1GBSr1WPddryXjTt
8px6zLd61sG1ki/4Wms+C02hZVc/p7RpK1C5SrsI18TvIk9Bkhcg1G3lwRSsdRkq
+mVXfiszPZL1zUJebHljoGK+uU3l9MsLC5rBQ81WvCr+M6ggZE2ep+fZTs8TAgPg
YpfohgibWutxc1bkDOCL51nO6IbN4DS5Y2/VenQ6EivFGLsnB0B8hJ8lAAQ3WyJJ
6GbRxlkkOhYYLTBl+DOaVc6/+ncmBQVoKeV4ATm1GDybxnNvPXGTGx+zom7EVIrO
btfAlEE7Yp+Q+roXlXhZIiS/W0virxKQxFKthhhzGR4jbR4Hy9HKeQGeJnk/7plG
9RauFd/iHdYQk4paXxMEyKPEj5/JMNhcY08i8Yzn8wUnHMgRzSN+hJ83XBODW4fN
Kg5TXhAzWy8hX5t0xPU/xzyzwj+TGGbJd+7dkv+9GTJ65MZG1VVHRpiEBEFj9Vxi
c3xTrice9/QULNIHR+o4beT8j2SnWY2UpyhYL+Rbo+7nRy2n4o9PKjzMYWVS6tNV
biFel47a+ulvyTi751Vhd9xV+VdjO1IEMHbzN1T+5KyXOvZBfx4eqkdsZ2Hj/5Gt
3pFODRzhz9H25rePaGZEba6vQe/lKsnba+2WCH2NGXToa4i/CHWIvUMyVM67AwT4
wVoIePNZcFI24Pnmp/8ACtumdCgTSD8pfFc/mh1Ysq5gU1tRLTODTaYv/9poAVOy
G2EiikP8TST553FyQesWtlkOcUvZyvGHhECjsixSYJ+8lrFGd/3SuaXP053Iwavz
KswYHRp5ykstVEbkLCBUh4pBvKUCr+lzY3EYbcV6IenO31PFHwbgWwoV+5Savazt
f4oYeWzl9fyzY7ek15NqVpKIo6Hi/SkZ93ZDf6IjcN7fBot9uZFQZ9IJ/jva/r/x
9O3e787qED29fhcqQbP5mYtvnUTEgYXriffbqPnrY31e4UMO4XuncNoXBnO1uDKd
EQCyYo7Qu3HvxE1aS1H2jx6wliBzBhIv0QTSlkSjY8KuO1Y4zYfdo89GcpEcAUWW
5Wz8i2jtKqHpochDl4qnRKIcu/N5ped7HZ2jtoxR0erZkrfokujVj6qx/Mzpj/ta
XF2wNkSwJSMyeluo8Vagsk3a/aNDwwN2UAb4S+H23mVWFb1LmlK14CSSOiRLBbxr
72b5u34wsMuaRjs9sy4YTA13PBpRga4vLyQ4dBntDj4mp4w0iLXS22xx1u9y/FGK
WWKDS0MTmTubwZ9RB766/e4EYc2KeGMq6ytTC1GkBSDTLzMGoJXvMaoeVcaDzclV
w6NCA712RkT29BI81vNW8M5d01Xp9LyVz/HJbP+Ku9EjdUX1DHiv3nUSvEtRKYaD
ayDvY9avOqX2x0VVx8i1sSx00ramjBfX+H3raR4zIdHYdEylEQNaVuukLQweTbuc
48BJi4WGzYmrNDhZ98qxQIJJOU3ENFZ2Nd6dCPGwsoiRZG8B/oLZCwbduEdyUhVf
574qupgra4B7oKrXn2bBb6GCufPrDkqcyYpq580mMuCfio1yajem0ozLFSm4xjMy
dYKR/FTb60MfAM1iDPTCDhUtg3NsxjbXlaxFjoipdaFT928fR3sbi80CklUxt/JP
1hyM/aOI0d9eFpiAJvaz0QPpqCrR8V1c8+edYxhymI4uY9ZFzTA66wgYOr50r/gm
OQDYGfPdIsst89dimu4VsjOQCCwH8KSLL9xdxp1vLsbFMWBxCNh+Wso/HLEhwrrN
nd52fJCIqLKknBEH3wNPWsadrsPyJ+gzhEmF5Bcl9zhiiloGnCFZ6H4Vl20dO0du
K9MXE4g5lJUAWEGCLU0VZRL05PmPDWu7nRk/00Up5f3acJ3OhhuBoNMCF1hYlDd0
r7xKN+8PYIGuMAlo6FtLtHQQ3OMAMspIE0yvpQy4z8DFHF7Qg1OJe4iC1GS3LHcu
8twH8qh3nAtD1RrUcTzBtxFhN+MuM7W6KHNN3PX0M6ZaKmK85kbmjQwyW4PKL++O
bfB+XK5qKwwLFmhVt8hGp8h/ZNjn2rS0JrNHWc+4vGmgVLjoiGtYz21WpQmDy69z
mmU5qH8GnHbw7bhKwCFIVBd4FHS4DCSNVDqpxD/hI4k9mlRyIquhSacoWk6J3rH0
ntIkWuAsjw4v8+arLCCXfutBqMYLrKtFlOED/6OidqsFRtCH83DsgivRTvwBw3G5
ogcNF91U+tf7VN8ij3t11LhGaXIGdXUzb659IiSVCAmqzojCLBPmEPQOgeWnC8WY
TkJnfZ7E01g3WkOiTheVE7sCVGy2oGQ8HzvzH+AVv4lNi55IxPVWVgLEFwbQhRvM
MeRPidNChc78jREtwyVJPsxKm46gyN/eYquZG4cMnMbM+IzMid4tESznXMmiJJww
cZi/nN7mSSD/M64BqvsiZ1L81JdDQQxHvHJrTlWH2R9nozsGkSzr8IpbSienRF/F
iX7pNZXAq/L3mPo/4iC3XUPEPluweAVJfoa/irEZA1tu8eKFqIqQt0kGsFYO9Yf4
LCXtun62PTxnZ8b9NfqdzWYR3lsJE494Hq8PwMChPCE+YxtVjJI5Wtx9A59otG2S
FhjPjS2KIEp6rONnbasJnAfb9JGqAd9l+yofLqbajiU=

A.3.23. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 9775 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6222 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 1924 bytes
   ├┬╴multipart/alternative 1130 bytes
   │├─╴text/plain 391 bytes
   │└─╴text/html 472 bytes
   └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500

MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGgB6GKG3BktdYx9b26f98xIYUpPO5jQYr8y
mu3jMU7EN5GwAY0Ip8BEEtWVO4kkV3HQXLjPR9kQ+v82Lsj0MX6+ByE29ESGUDhu
xH5X4grXCpBo7QCwHRP3vMrvz2rnUwT3qmP+15eIT/mpSlCSn0nVe0yY9/awCKEY
FmhxSOz8c7ZOeJnKwD7Dcen+TGr48KGfjykISEpESzDQRkMxRHgysV3/LtVP4Z85
5GMCQWcWhCsG3gjYWv8qsinz5dzgsCvNdyOrK+q/PwTtAaoGZigwl7Jp4qzp0Jfk
KdovaPtczTI3cboPx4J9SOlkuYOoXHTvs8TVhXehUejBEpRXnFwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADPLALl6xgtRSO6KJPbXlmwZQ
rDBh5k3KXiAfi100Q23nJ0d1cwaDu0zASg/Gfsl2zg5PbVesXD2KiIQrHxnGQniD
6kXIvExpulKzi+JVIWUHDsqAiX0rXWC+pqu4Xasq9vnDFiahZfjv432Nfu7ntbR9
InqjlWZHCnm6Cx5luBIqBjyI7X2ScuUS5IxwS7x5NPmo5zvOEAiAqFwn1+sQvnLB
1IfVpAJzRlWOQ90wRxHOJ1TdCKUPBKz4DjNPZ5QkKoyrcZL1NRmZhc1zYaO6/WkE
fKcHP9whDZMI6xKPVXopLdoG69yridXDfJ9/cqPHZvnOQ6C9FnDFb7UAOqodpzCC
GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOtLatHfIQxoAtToDlaMkYqAghjQ
vboyJHrq47OmceZe8qUJUTMbh4n9X3Xm6okY6K1/HEL9ocSqD+YLGlbuJ5LLqkCb
6okCbGytW+zDCBPmxbvXbNfCPVDeq9S82586o+ZkJWSKk62Nvvr69nIOjsL8i1jM
A6gmqLvYBlyzPX7ZJpaqPSG/MTBaErO5iawYfcMNw1eMcmOWK7JKypzAMuYInsyL
BCGP47SR3MOtq3Qhyj5dvUNCNhl5oVdI0iWJdwVHVPyGdtMZZcTrZI65+hrvfcJV
Kz+Js6If3tQUGXtcoHCpERiT1UwQXJgjuGOlYdMfpGGRdz2ysKclBfoOjnxJ5W73
7uBt+1Gp70CnII+OnwqBLFpPlb+VyKv2QovMlyDMtc1YGHbZR4EkWgqmfa6j728t
BhqDt85tMy7wVc83rrDfcz4xnlwBFjG8rzoZvldmBCDxW39oeMLnosnPaXltFP+v
hunoJtQi+rtocaoMOC83Um4OXmNvhpIMQ39WbYGEeJ3riQFQbvhkNr3iMHUo6yt5
SK8U0LJAd2eUjPATP9fR94bIp9I1JaVB2Sv2BDcPeggly+GI5bFlR7FEO+AtMw+2
nFjFf1oFgW3gYg9z+NEepQtMfIo3IrZGup68T0XuxvObSnUMx5vdjaIkILUxukwU
AtxxNzwbX6J2Hu0P808wz0i5IwfMONZGE9Df5g9d3OF3RbM7oDzOAvkljMTYC61C
FqkoFmsaiQIDihugvYjOcQBfFzCU51Uw8e3L0nkeJbCK6Mh7mPRop6MmBHPW6dLO
twq/HLZCx0ShnjfVshxS2dyxSJuFrsrqhM95RuOWEFn9Jb+ww3eZBw4FRyYsTXda
V37J1UpU5EFWjFaZe6h/fLZLm578XhVt/YuutPgNoI/nzAl6zf8MmSIAMLsY9aWh
0+0TBltpZe3Iucqiio5QHpAzeXSkgEnc4M9lorjhc0q0EPTJ4DyWN/P6L7DuDhMX
zHua2+LB7Jk3MDljYcZLwRcTWACnzhxk23ie27s6lr4AQMNqtJ2McH5I+LDaV/4B
o7v7z3e1ytN+lu0kD/LcnobD0vPCC/kNdzybZrdK1QmXf1B5g8bKtn9U1r4hylhr
q/5knv4BOoq0LO6ZrJF4SLR7V7yc5vlwPnde6S97l+0rWCKNYdQo71S9oQ8Ng+LE
FF2+qgTPFrxieYkjfcg4ufwvobr+d/a34cXCFtkRzzdRZtHezc5SET28L8QMUKQ0
Dzu9jNc4CVpwZcZJCt2piSNUP2ZtG5Aw6TJoU0j03RgsRjYZRRK/J38EnfWQFDQM
NVgM/W9t5eglXpW+5lfvbOwGdkF/MSwsxUFMdGkTedteqMlhEZ7gYKKRyeYgTlHu
wXnWR9F13+ia7i0mlhW37dTjzRgFqFgOkWcZaLGHtTA0//duQNRCbtpqpaXsPBRS
LB7fLc8FtcG2j32tDLJ196R6U0cl3/4f+ReLxt7SHl+UA62IhnljYjC5BHQClMZ2
FOD9J3zM/TIwhDgGd7giwr8E6CcgzEfhR89m+atgRGkKO2P4KMZ+jsDZHm57RIP0
SbeCDIHU/12syY9XWVkqpQ+RxFuqOg1ifw7w8OtS16NXIB+hvc/ods33JdaKPmhL
0xHMYOG49VaXxBNZKMUV3lhbH9qTOujjvq5Wv/Pn3VX2Ikb9on1iLhGNnWB/7wj4
y+5kyQYWEWJLEgIHNMOYRkz4ZNO67JJzUJXOa3FEDUHaX/LGb5BGxzSStP5+gdbC
bZauUhSd56GP/DG9hkJBkCaSoh9ucrwRTy4KA5Hq9HW9hbF3bK0O1GuxGXME0ATn
MBN7QGvv1rEsIq2It+P7SJ8lOYXd5JKqhOA4l/pXeMkMJd85fIH7/tA1vmmaiRp4
89fTehgfU/hFs7ZoUMKyRMoYwCxSBNPFKQ/pQ7oKQlFSFMhzSZOzXU0galm0JGWl
wWx2zVYmMWt6CsDUDlPxRJF1stohJhCqAVaiWf0ryH6wpyisOkqEiSc8haCbZoaE
n7CklIz3SX/Y3YcdGa1kLdBNiTTeQgaDp2fCjubN/XgAiNN+0cSXyrXS0WyXux1Z
vk26ZFeM+IUrlTpqZSLqmQQThHPmScIYN8Az/tTHkGPqWhl7GnMXrLtzGN7SPCs/
AzAULXxJuf7WysusSsZ6V6KBF42ommqNIC/3IBuDRZRSblG1LUOV3LcvCj8q1mSp
kdZz0O6G/gcWvPwFBY+xNfjAmAVLbOOK7szIjoZOL39aFlaqkLAzvBKpZSs2cRdC
qhHhqV4by9F1FTNoKi6+X6ahWpgtzrT0Q67StiCX0yKxHxXau/GAoyt55fGG6dHM
gFM5n54FlJqUKk+SugjX8zjs1VlBA87Qd6hZ5zpi9iQPZT7OxraZFJ7usdgnt4w4
P8oCyLsT0OP/TJ5uyyOm20oPiNy/MO5svThrp3Sj2hze3QtVyehi+GdC2QtsGgtL
p8yk5Am+hpvUj4Ui50sO104C1eNvFCu0CtiBjiGAXVa5v6jxCauIv0b5br82rDTC
QdU4NQrFD+7940k+Zl0vnQrO0nZtXzbglMute1QB0RhFx+e9SFlXqXwuFichOREb
Hhkf29fn2lCjqPsvamhIADTDHWMMpvB1mp7ra03vRNTDaiPDGAIxs2hbKWUNZ3qY
rgnNdjqCWoXw1cJEgPIVhZF88/eRRaHg+4bUQ/1pdhUt1nrgUESxek4Km7FJkJkl
zm24dCn/QvpIP36geABxN3PMcu5qUCrWn/kDwaK28VftOdRuArsIslNMqvpCMKJU
c51NYTnPC6zFZv7Jcuv4Udnxlt5Txx1i5FhWeH2BemDiTGtKXYhfpN2WQmLKG4R2
5UUH97g4/ccyPFTdTo8Vt3flD4o6j1bx46rKbIVLrCGAnDkvyYcNcdV8lGSbzMXr
h9/uax1DQ5U/yJAz7EpCDR3V4kqdGyf0wN4Hu/U7kufOSgEZSAfmMM4Zt9uOtfK9
gen3dxOg9syJuFf72gEqzQSB7eTPhmNZq5Fz1LTSa1JShZ50GYBuF4g2DCtt3RsZ
PQzFCx+0H1EtS2LWwIGyqrVliN5sgXqXNZ9jvxV+oxuNJ9tLqJmP6rPsuwnuWNqC
N6lr2LLq/DNI/KuJQvjB8c9z/znftdv7b4hBVEp9Avu44fhDAuku+tRhTCyrfFYk
cdJPY4gLrADre17btiR2V2v/MlJ5mlZlZxQlWsCcxn6ZlRRqoBUi2bVq8ZoM3YSu
FzCnqtx6nGQLhIbzQSlpt14dJVjslhKRTXV8JgmcBNXGsJXO6CyZsl1pOQSonWuU
u19s0K++2XliTOeRL+0mNjI8n/Urz8gUyNrLGDOOP7/Ad1Hl29J98m/JwO6YgT/8
WzbLdZhBtKLsa1XRJZsaClJSVSU3KLOHG66+nRxvjWGqjRdo29OqEWTLm5LN42wg
+18plDsVOGE/k/GYQG/1CUajmY5uQe2GxFa3MHEYQuutoJzf9zd2fwgi2awktZCS
X/L7nQ465BX/5/a1w49QGLIgdxCs7aZDluH24w/nKQilDFmcu32Zk7E1raivt1T/
R0UvQY31YXX8FOPKdqrkmYVup+Jm/HcUMTUFfeox/U1Mp/5hpQCQPLJtqsiFz8d3
UtEhsDAWhyT+qvmRWWaaZqLxB8U+I413kqPvbzi+eT/7hW3uWHJHQENILOE52Gzo
vTnIqg0aDcVlW7c7LRDxgNyBbmhfstoE4edSLucbgFNDK+MnLCu5CFhKTcFnncXb
k4eCuMhXg6C8t+ync2+EFLGwFci333MMLRxDu5hWvFHBKOWHZlwdATg6Rk+Y8GrH
8w1DDRvFU883fcdTEnzs9EzAjSQQljinQ5bZrG4z/f4E6qYM6Wx5V74dSbt3UY5W
ytC0sBSSQuwCaT9RWFgQg/NSI11hSw0UpzaLBdx6o7UNZf86eLZ2dQOUpT5dtt9w
dggL1xWPwEimCFdAVIakcKQgkZzPpd3ZBNFNEnN6hvmc4exXJJSr06HEdl4MwxYd
7kBB8EXsx07J8YWThRUKydVvgmZI9beQAnLomg1HdkUYZ9AtLNOceTTOF2k2KN5u
qbuHfVlJs8Re8z0G2IX4piN2LiNugTXhrhNMDRlHkg8TIlYJVD8r9wldWDvCvhCK
+vAFJXtYG4w0jJDQwLpYWJhP40O4OS7CO1m8X+SpF5KHsUbHXiImHX2j2QfBlMJi
ZOMZS4q6c0BI9/atOx9Vc+aPqqw3MPSQPmOJcXGsZqcn2nRvmmouVZhejm7FUq9l
OqbwzgMV2VPiZZcwNt0BSweQmD3uEf0Dxx5yoK8h23DhhYnqIyF4lFvTa5ZMunqj
8cdbo9W5XhSK3XfLi3LFSLASSZxNoPXYLPsRy1If3NPrMH78uvPvFv7PFE/bUy76
UnsJDhbCq/vIXlthN9fBsrlgc0/n8j3Zr9cuVnyQ/SIkumPbNdlN5cnoLNXJxqUX
DRw7CVz3EHt/oGO+ZUw2oT7TBfYRzNorbRPaPG7KPm8s31/FKD3FDXJVCoe5uuqT
sIlMtDmCizdddEX+GL8nWvR45zNZN9LwfpkATiBm/T2fbbLXJDWHpMY68VRBN+tr
BXgDwBQPFjezurdjg2zNd3oYqMQSi8TZVcEl4l2fI5nW9h9+C+z8pZJ4LO1+rnGy
JKigIYJ7XSyU2yruJmGm8E3gq1nfCp0xHiEYI+w/ihtWHtBKDraKKc2W3SQsV54K
cQ7mwmjYy6fROLRfJvMQus6BmR0p8itSLMwJwRH7PlBKZHHw/zwAWlCSKz4yURk2
PICcVErMcXGBrvFFhTZ2syLuMFwgQ+wL1mF43D0byWTq9IFPvkfuv8CLwuN2oh4/
LU1eQmQGGYvKXlyeJOGxaltAj3h5/aBGLgRekQUDnYxqPUQWO4O4OnB8ZCotxOFG
RXLoH+tCMjDZx+cdqoEk1OtJLvu1iSY93qSccN+kBRjwXMeCWpHJPFCdO+IXpV9a
d/JwtIqbHRUqrNc2SGOKB4FwhisJOEdc1gfVQGmK267Hr9tLmA4A3AzvMdFV+3b3
+zLamYS34bxF8MJ5Jc1YTN2pFLbzRbnSrwSwL78AK3kGC1+bfp7UJySeL25HOo+n
2vikgi67xoEiXadTCL/3zfzlpnSK9gk1nuzDIROAUNXsbuNDnHi7YML9wRhbtuPS
aNhb5ySowG4b+2y78p3Xag3OWhn+Kr5zdvo+V519f184cL9zHs/sna4QZPLo1JRI
8h/BkZT22D7sSEw5zAaq3BZexJEbRnc6H+9xCmeS9HYsFHTunuLU6DviMX3SqNuf
SddFF9lvdqL8MbYmJOwL4U8V8+f8cjjtEPK6jIRvlcM04eVfoUX4qfhmQO0wUKrT
VOSegJhywPhN2vI98u5oTi/DDIY7oxg99c+BVGo75Z6RbicnrDH+R/CqMr8XUbod
Ehg65XJUmgKdI6KJhV164dwArPVdjLtQhaM8vEn7GmxNfy0QnAa8AwQEJ2O8VSf8
0W9d9FH2pNdmYLifp73MOauTe4/U8nGLcydoNQfD1d8aZVsH2ISevmoTTqbeFa4I
4l1ldSHN8KXFYsd0yGfJ0m3uJmiZ16dzydARi272Xv7crs9MODe6hv4LZEPpUWlI
DeAOqmsuXU9VASfWw/31kppojLc0aW4UijZR+5Xqac7DLoFW6ufll3cbje9TT6fj
sUTp8v9aaj/SvVY8nLvyNx9CG82UmaBdZbxQfyU73t/D1a6xa3Q1bsbtDIMyilnw
ZwzlNHOnDewl8HdaYxpPFHF6TfcV5Y0vVxBYWYjeZ0M8qNOoJmHRnq3MXTsaLXph
6PlNkiVojCH6Ior1phf+PNP5YDohod7oD+9XP+aVRY4sC+9cLjIfNQ1GDz9gczhn
dICiefRTWf7LxFg0qr2snwSTWfqXJwLE39hSYHFz9O7rkfeiQjnHWuXmHoLPFW7c
Yub2CPqdpnndpREzbyUuyxr3opHbZVNyDKFUWkT3sk2T459phaIqJW7aqjML5Jd5
+l6ABe6W85seCLT+KX7urHrcRVpp7smcK7TuusUN5SBgty2v1dySrsOHOfjr0ruH
N8sKn0cONU437UF7m7zNNY3KlTOhap9RAfhrPhVgVNDvsTcpRN+i56smOhH/l2VQ
gZqwa8wz68jgNK/OsfC1nonpeIAA5HUIwwflnZmh7K60QeJaNoizoil6iUmbUNzY
BrvKrB6Jv5gIS/eYat5RMG83dbjWg/ZsKT5dKqsAyK9FGtwuvR6woG99CUU2SCFr
IbiqTDdg2myr0t6NDZ7Gm+a/WMrEO40z0cI5wbMOTACb3ahp6+woeM/Q0B79h8q8
NaEN3+ic3Ewb7aoZK3mKnuZMRIGa72fzl2Wi/2soh/sKlFmcPnBIYgPJI2k3iA3Z
fzOvwMgnRNc8E/IJkW5Sy6x2hMTUAyxlDaQ9Qtie16n/PBfL6k4bOe4uGyMjEU5J
BShNoZE52sPdju0JSo8nB+lgGsrcH5VP1gC3b6CMGWl8KjFYL/LoB9fQOQ7YLeGY
tiu2lgGPFpFF+WBTEsrPfkkx9kSWH4rn4HuwO3ZpiifvA9SovEyRG5pKD5iPVKgL
cMtgzAoC4eBWRcQGjO1/9ASSw4osCP0UbjzRFa6AnWuI6r8aBKvbAsFjrnS3Oe/F
LTXsVSLHt/7bBaAbBTuMtEi+DiSI6qqa4ECvwzZlLt1m2OpfiZsQnQm0Rr5Cw2Ob
PrJODZ1Mdcsil1wqQ8C+/cByHvoy8UTXNoQ3eBiBEcsWVjAAue/OVltk5EilvOlL
U83Y4YMvE9sU+sPjyk0Gf9H58myEGYe3ZQClRYh0ZhBOlaxV6JM8NxwZYxL8yxjH
qwglYfwJT0z5yMwZNZ2BoS0lQi22mpnGb5RpzhMYaB9olbluh0agYXq5qawkqdLo
Y4I0ABTvcl0i/fgkQpmfeaqROJfKamJXw/gAsHnRyE+PsBOZ2alRqqke9nppP00V
VEWg04UH9+Wq3/JocxQDwM3WdlGiVq58dGeovLLp96qH0ZncDZMuS/VRfbNKt/yX
DnpPTmg92qmy25NfM0jJm2TU/Wjl3bEtniJ53e/pGrlslIvPi6jlMslDocv0a+dj
D1tH2RGhyPSGZm0AzEGCq3rImyfFVRVGNFv73nm/9GZa4O2RaKKeH8+ocyadRZDB
+vbQSRAVggikC6BnCpnpBRnLasxp87mqFcpSHTkyi7b7RBZvyRDIbzrZD1e3Y0+F
HORdtVtl3B5SWv3LqRaZUg4XIixdGM+XwbO8vyLoURMmsy8dIr4mo++XC9Freohh
fUDz5RKfkK1s/Bu/9TdJwLTtyPZ33r0bO4mJFzNxleAC2D3prKkf0k2ByYqzKY3V
gUuHc6OtKgbgcX2gaHESYxgC0iVlOO7ll+txdAa6+BE6QV46NNaeX0CPyKPwgz4E
pd21Z10844YAF3GhXSydumDXuCaRVwxB9BLHqHm90dING7UbZhKzF8BcIjVQsksL
ccAD8mWP9MBG3aCywE4rapjPZm3xH+4dv/Vw1FWkeyneTY/nOrgjTtyjiIO8oVSM
30vCtBUFF7GZZKdmfQ37KSgcgt6TmX6U9cI7lyl/y22xoJHgsB40vRpGHBiWXxP7
2s2X1lnjSxT0Vv600rcoWT/YKnBfvlzf91thmS48kQ+msFYVOnDa8JUS2NgZuyN5
tejdY8YGcFoL3PzgL6ryoDFovW3L6lm2CxUnkmEmzLVQdjSr2iJTBJ2DyW5MOOQ+
X3yIh6fNm4epRPiA+sEnknx0ENRKtO+Cws9pWWU6oIahcZO1mokXAe4xXJtjH533
tWHtZRw7mS5olUxmq6YbAAIrkc1Wkubl73T+Qppr5i6bU6zxEo7MGglfr/aB3z81
KN6tX8ECWG4/IAM9fL7jsn4+CKkSW+JbtK9hFubv0IU7zBg4uyLGjggddvSnxMCA
fcOQYntZaXLmExvuG0W/SLhiG5j9Grxp1ESsloVdQ4o2xOzsW8bRNq6MNss0lFZz
R/AxVLrepd5uW4wF/wpIYjhS8+72rkEx8e7P+Z7qWLWKpYtdYemoTmQxIHRt9bpX
TOU7LYJ/mYljf8EPJgsqKRciADk7vhTugpMkkQdHJCdAUbgt9RvZ3RVWLMJ8XzwG
p0Eyrc8bqjEqa1TD7BXY2NgEBNvSQHCa+nikW1CXhx7p26ERd3sLbgU4Upsir/Sr
hUt/oRt75UHlBuiHo3hPoKD8BlVbQ3P4unFMkP4E5viJvPIlvpimfU0QbQd1CTGD
LCiwzxtY5VbUTJh8Bzmsk68W9XYOoFYM86C8eQiwT+iv6SEThhlJ97ZkbIx95jOn
h1HSVD4BG/VrP1sZHn4LDAoIBugbM5HpwUTVX8UvTkHbqIau4kzadGVHHfyKLw2H
YfbatQCNwK/lHTMjGdwd76j+jUZ0QfBYD9e2SwhPF2qGok9gx1glZue65xEC8XM2
hvpBysW+9HrKwp+/SvJc7974MKCcFs76A+Q93/AnXq0lKcYZeDJtBJfjkbqCuvbP
dTYlFvjuVh2TudqGzxeP9g==

A.3.24. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong (+ Legacy Display)

This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part.

It has the following structure:

└─╴application/pkcs7-mime [smime.p7m] 10445 bytes
 ↧ (decrypts to)
 └─╴application/pkcs7-mime [smime.p7m] 6712 bytes
  ⇩ (unwraps to)
  └┬╴multipart/mixed 2269 bytes
   ├─╴text/plain 64 bytes
   └┬╴multipart/mixed 1608 bytes
    ├┬╴multipart/alternative 1202 bytes
    │├─╴text/plain 427 bytes
    │└─╴text/html 508 bytes
    └─╴image/png inline 236 bytes

Its contents are:

Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
 smime-type="enveloped-data"
Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500

MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAA0KmSPng+cWNJVCbPBeSpZbXks3myShz3E0
bUW2BwUhb1U0UxNgcFJyvDABOeYHXa6U3BHuJC6DwqwlEsFCpsCQuZqrBbsk6PgV
VRKAltBb8K2+qArXTlSYg14dOhhZy/qBAJmyf6JBkzrTcNmndsZe04WK11b8BfJY
OR/YT4FczqIXRt1WyqubDsG0WEJk5GnOqqj1nQkVXxHE6EQKPVPvYvEnW8sy+aju
/x5WsXtiJkZvuVuN5UKoFv0vMsS8MjmHSmeJquJLDgpxzHZA06E9X1+MjCqxorQa
BDiXq9fr1BVfcV1zmP0jCnEa3zW6F9lCmjdFHdTUd7qtGFdZhqIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAfHEHAfy9YX7TEVdvY8simkh
Bei9XOrSiZXM4BL69LYDtuWUSahVtQo3mFwtvfqavK5uxP+sIPoevoj75M0cqJML
lzDsCqECiKY0uEVbXm9hKIBigOFT7hxnEETs3V+RmEoAz5mdL49NJcYyWU4Z++6K
9B/WKLDAk1Bdfg8PWR7mi7W8q78Y387vn3CXsrqH+LlLDJjqT2xoNMYKtWtwjYQ7
em70YgIA/R0695lQbowkAY8Rov42cxWUmVeUicU3MmiNOoiBA8EM+1l05kUvI3H3
tA81AH7lFXuTX2rHrVclfKSLrHjF9VYx06iy93/DG16JnLHv0NpCTu3+avrGuTCC
Gu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEK60EiMA0EoglYVOjIJ5jUiAghrA
Neb6sKO176aT5ELOauda/XWYUZvn9qoGG9dp6SAaJiS2O8zmEgyZyPhdoSIs7wRx
d/pP/iNoITUD6tcWewEY1ZoBF8+Ozcinaf3jthQLlrnVf7XOolWTDK/pRjUoFSyV
KFPx9u1qcWxCs8vlcL1CNR74nySEM4sre3ZxaZrkxA0lLDQKjiOVfWkGLTWJpqNw
3NuUZel3dCNXZqrLAuGedX3guNXYP/RtAL23lCU5oFSwsc01fsKt73oK+Pvvj7+F
iRiCPx+9P+1jQPf2cFnpKZObeF5EVMPGf2HwptXnalLVAPzlKX38Hedy4LENKz0i
nnNm06i5jkCv57B1PaamC1zrCBnAfrT1M3E6MPiC6yRNyPLMAjuyHQfFnF4wJHCQ
HbkDGEzY6U2hwIgD2DJxGQOGpV4hLj3AX8PXC7PI98XoOLU4BTES+zaCvxCJYWG2
+KlzCtDp47xrUYpWMl1i4LVRqKItfyz+oQmShiRr/Ie/0eU1fG04l42IP2kpsB7A
/jPsqvZUHBlooQnAvpjZocWdQYSznsVCOpu76grXUsaIsb4NAkdYcrDgNwbY6ZdM
QmqfKU7JWfzXUQn5R8CMC8LNlqAPv4A0q/PecHvPIxjTood0oGAWTYGYmLDSMma/
sGlrxv767FD8qnwMDNkOedgsP3U0Z+qjvHHg3iVI/kDH5x4WmnUfzpFZgaTu2GBT
WZJVR3D4reM+7ppqKHL5f7rIlzabUIHbG9Y+VN5UsfO3VVdeMzioix45v5u5C5eQ
Y6Ce0doonm7JZMn2rpf6VEANXzHBixgjyY9ZgIQXn5sibRV4vD/qqvkKQsdm99qt
2kXjKb64W0TpPq5mGsouHLrZwLa8uoeJQ10Y8oxmRWcgp66Qp480G2FOeV6J05Ic
e/6zvsTVIE1/Vjwr4LkKBmh1rxsP0ExTQxCvHsj07qpV50oj5Wn7eaEWUOAXXKWe
OnpVzB425SxlBSgKhv5Jyfy5+NeLlDUWnm671iCJzKy7rTV9xy3fG3b6u1QzLyFs
2/Y63S4StzziJbBEF8W9m9z8TQ0cYX90mSAn9922ZbogHzQNKy7glkGcB2htQPjF
BOKIOFavJqP8GMUByyte2qo9FOve2gt1hNHiT7cIAGjm6/i5Ax4gM/GxoLxkK3Em
WisjwDbLvUrlYtUJAGZfwC8dsd6i3EWlNkqb4OAlGrl8qa4FsRLuTxU+t7XyAHdl
qNYE8OusIf391hL3HVJDmF6AgT4fy0NnST1FRcBf5Y6uO8ZIQblSFAVTTm8E2Geq
vFDzVCIb6OGrlnmhWv0W20FEGBjTFxt3HZBF40E7plESAUbEEzH3IXOdJeqVtOFl
uSULf6DTzFDI8ulhLLnkhad+XSkNZtAj585s8VwQELTIlNGbuFLvY6eU4irsQ/sW
3h20gqVsP0m9taF8h8xQ82Cam+Ok9OMPEt0YkZlGOed4x86lG6jraQw6N07qwmhS
C5n0jDaSAIFlpr0CmBTpgbS3fkt0+ZBO5VKrywl3KM2tUwKTyDovrkxl2WhjK+Mj
Xji9A7IXzVnn9H3eMcPAewYSbsuflUEpV5Kq9vZhriFMZUeVPDaw+PtD9hBOKckT
l6g0Zo+XYqeJSzTCVheYp5LCqQOKS93ptpeElKP7M8M6QXvknxcLXWWqrB8aE2q+
DJqXUdLPUJP0c+H3OFsyV5dLbuJRvVa7cUvH+IY/iwtGwDG44/ZkAveXFDu9rfKT
YALvpdmGMTWmW03m7f6uxy3condgOdDLlkTzQ2wZu/cdkm+580kL26KmftTVtwCZ
dqy3nYiw9R/kin8uTj4TrEecIO4l5pcWQ2yfMPVhUHCfrn9JV7eLcvxSaVwl9y12
DKCNXw4FGiPo+6w0dTIT2axXZDHkxRzmFebYD1hr1UbOCW7CfJdkWjsPyDLkw5MP
Y1bvtlWAzackfQu417Jng3WgDofQtQibOYxr1wfPnzTfkyp5iggYcIarm4xYqoDg
+oheuV6feQWDNqq36dB4DKfVgGtUYTxXjBSwdedgzBW7AuwiZSfH7wa/+iphdksJ
P97BGRPrRoN0zmtDcQFuI91do92A8PnB7+7DNvheFaxCHkEFsPpMX8zON3P7kSQQ
HvLcbcJBtHlRHGIaRSWYqZujLFE5Ot1COoncNRdGT0rFi1GFGtA9m9sNtfIAecSU
d/WySb/wCvrewbdxuMh0/j0MVhdv+ip6ev4bDIm52wTxCb80yww7REwtVdSoCaUi
KDDD+XD49n2pxsa2TTqT+trxobt1JcqsYuBQFb96ygeRkaq/P47NZZ8i6WL9RlkZ
Z6tD5xrNLOOsw2S624UEvnZ1B+tjS6/js1N4RWRlJqxQ9FH3LhlmPpRj8IvhCdVm
XM2vh+987iIx6CCkRaVR8YkkpBHTON5DbW48x5NWlynBMQ9eZoPrxTtCG+uHuGz2
x7VSdnA5jIqDZEukm6WIvW9eGBfoGwMkhOGvsCnyKOG408mH3QQIea6WFw4SDz2K
uMnNjCDZ9q+w3j9ZFExd55p9UCX4Eak9rHH/xgHfSRdrsC2bT7cfu7lpJhRrzxdj
rALLXtPkx9hTlVdoRM/ys6uJU2WsnosnJvyxH95LAQSO2QgBA8AxVoxW0LQWULzr
gOIbUGjhkTdYI8GkBQiKq+dHpeU/ktG//FhffRirsXdVgdgH0l1q/PJFx5JUOZhN
eHK/wmtr4NyQtvMujRSIyOPcUzLBAixiyFC3XbZEBjRr5xVOK/Pj/EnS32iKEV3H
VsNr0C2hJmQpp/LszAXttAHBhZHy6UrXAgvYavUuEEGvFTNgk8m01kiDd9HXDJ2E
vLXcmeE7O/Hv0Ydafv4lzY9xcWR7juMCEmeBOMuHkItOjccPgex2JdQpKE40x+Fr
DrXezIhXUpuZyUyx+JLfkIX/pJpIMPFai/rbbmNGSxtNOQd/AijcHr1ETwk1qAYY
CyoG+GGEr/qWYgXl+bhiVIECK/ZVxutzCj8PyqBuhpvMFuWLRRf6mgwoih9dgl1T
CFUAM64zn2DU6bnRFEc9Yiap/Dj/cS+rkH+YP7gq3j9VfXxdXaap+cdLVR4tiP25
cwN3SOy9VJznWNgeL8ZwFr82KXzPvyzxQ0pdr3YhrBm7OBEWbyNJICdicKiNI9my
CSmg4VxkVX3faQ96e2ywYzO6th6ZlSl6/bR40AEQyxA9Cf1UpfkzzL17E1TF+l8b
t1fZvJZVAbr12cFJAJ8nmXp0hV4NPU9TgdzhiX+7U+SyD6/t3r9l3x82Zf2k1XKA
6OWk4WBgVFfvVlQeo5rViAd3yCp6SHZTTA8PbYaYEvNptCYAJm/9Zu16j2IS52sS
7dzQmgkrfKA9hr48zl24wOo0D96iQXbCNwgOSTwBMWJxNhLnPmapMKFBUsaWiTZx
zWW4D1TYBFJafcMCkO49O7I8CsN8EA98BY4chjTwYBVG/BrUnGGy8w/lSMW2dtKM
f88mSkaVK7hzfWTXYL/ZH3gSGMuttb/8FFsqG3ctvR4aFc55L4P9cYZy19tSiwAu
+28tBzN5cwaMTtFyBjPAzcM3hPidF2eGNd/td7jcs4UkfjLw5c3Fhrys+EbFMFGB
SGqg0YV1DClFzVOmuCh0Z/ZBigcuCMA9p7y7UuQwQVi452xhykMQZIbj6QWrmOQ3
wxESQYQomiLon/oOf5KWGCF3CgdG5J4ic80U9WwWxUj/w4d2zXzbON7HGOOuLoTA
NjbeOPROIXibe37kknekXgH4NZZyhQytOpWbGt423IzF5HYs00nqgUg3xnvAmmBj
nkm7GMIFUHATKTnTckmmbB/Aoyucwq1fE5vvzrNABTma8tHIQvl4gT0ku6AETU2T
AqnB25ejz3T1ZoMUshTubcoIOv4dAbyBNPOCUiwOi9O1wyoTt33gy8Iyet0fkYS/
C6641TjHg6sxPym4tBgi9J3p6vgp1ULPINlv7YMXljvaCG5fJxG4wouP4evt3zwD
w5ArhYyafGCsBewemFNM2nsnl86lW0HoumNUsnrs2Llu0/qb0qEkDICELYyZuj4y
6d3cRXv/5C2Gxl1cf4LRhiR7hRtZKFsmd7y2QgsdBrxqxy5n/SDzmT+gGPUp5/hN
c17wo0l+rdHBDT2p3L7zxepCpyjCvMYOXwwmki7y0Fpo03gp79BBGzo7eZQkWm9e
wuxjFsPsZRl4x6ZLu9xSrohGDjB3rdd0g9A1Kqx6tlmzdg98msxQVdYZbt/lDl6f
xbxWiBvIOgI4/tFSmduKhw7tuyrgge053c+KO7XdfVH/1LC84IGQOEjpFGLU4SLf
BIUp1EZ6l8EdOTKQOkOT8zwi0yVlPELBsy48UxCT0h3Vd02YPIlkaJFnniCyjJx5
CcH/sLjaotbKc072lfoPtP4XbMnLO08XD8aUjxpg1qam29fAEZwvOlv01wVVD4J8
nMFKyEbtYV9MtyuXVAKr4Ixw2ns8dMJXmOkfqFWlfJdsABfdd4wtxBQbPSN2R36F
yYMvPSBUbsfLJkn1klRQbhR1YUSMUjJUEY47e0b8MFUbdHwjUG33Rln0hucvGrhk
7drbe/YvjRkSGggUdIm3oqnliJApDBc/T5E7B4zYdKGKI+KV5LB/xfFI91628AF0
UAmPjZNmUT70/YdS7HltLuUJi9QVuvZ0K0sVhsDsnlXG0ZmZ5lqQJW1d4/441QKo
XBlZBzp9BxTZdbOxggV/ikBGjscrhG/H+i91g67HzYsb4Ag43WEyNGQtSAhQUraM
BQ6Wc8PoHDDPdydtKA0saujL8+WUUczhtliH00s7vi8He0Hop3g/vnufZYjY2Lzr
A7uCjBiFwMjKKYQ0D0uECwEoLfp0wn1Jsbrl86dmu2ekckIbdng+G+FUwE2mrMf2
zfk83YEV2K9bPdHhwvzmHhP+DKzdj5MpMKIbIcMux5jPTS7gfBt0qbxm98+LxKx+
6oYK0lNTSnPiVW2uaZruebLBk1FTt8WLq9qjYPvxxfdnsGMSxp8CcmWtZxvWbRtC
ZlyHuN+2E6ZYzJLh4Vpz7FFw5J04KziWN0edvB7AOc8BJylnp77m0aAWEcPMCifB
wObiwHIIE+UtuSFCb09HdDLXCrc/eojjgUEZ90kibxPAYF/jraiFhAnOKcpunphn
Xj6Xgjp5gHYvaF9xMHOON+t9v8E+MBbEiW4mNOQhbH0xAKZ8VbjJdIE5m8yDgOtQ
O6WZLtMZ3yr00ygVK4MFTZW+IHTiuMk+covoZdssEFAauj6+YUyzs1OwdnrwQuv/
0o2L3LDyfqLmdpjPxaVWtfWjmRkHFxv1/H8Q4CaMxdOVOhh+qn+pvPsA0itAQ40/
8Gq4CIss7IEN5fZNl1t0z++2xXXAh0VZVkSJv/PKySfiAog/Iy/jmOAzpH2DlVSC
rtnRcbGOqzlFpsTcfdXieZxGbla5xgfknpCy2af/AUByF0Q6TDS90dEo0WD3xrDz
F8qcvGXe6rPkO5dHj6HYe5P4vwZgPLrI/OGcNU9ArnNSWX2Ge1oqWkmz3sFaM+jo
Em7hj82lgzGSBP9lE9AND7y/3WDyRq3TlnGq/hr7hcKW0sxq5icIRXGFcHS3KHM/
35gTQ443YWCTkuy1pfZdSAe9Ezki/EWB35SaV/4SaPWZVUFa0GxXYwV2m1mmaBvJ
rMsnwkQuNoDy/5ccMqPmjUMl248Zs9VCNObO36wLYgLNFCp05cnmcl2LRp8pid6W
h4ChWXdwYOM542N8pxG6kHT9thPblSXkSIDUpkiNMePJS8S88zl6W+D31QAZyVll
xTXiQJkQ8yIoTPdeIcx/7h7l3KaiThewRFXd/D4BoU5g2maPl8ecBpkdMWPkWuqd
R78AhYCzcME1VBCx+PB94born54di/MNHY5i8RsvnMndj14DAkzvcCr4E1jvy6fH
ajQLpkY3N22z+iiE7O6FChU5pk3qCtTRJqEzJKqHd4b7/UtqE2zrScRxCw582PLY
kggH7GX5n2h2f6ARwtGj52GtFiy4HjPLmvx04V/W2wskHLP3uO0ePMLQKvgFipNV
tIXvBdyYnYOJLzDtC00WPcYXhO+lakXTl1MkFqzTVSFf+0UfnrDLnPiEp8mSUr7M
yg+fIrBeUVfFb2O+UES2MqTGcl+nXBbtNsTBQnf46xUN+3afRd5EAWCpeGtDSWRt
Fa6SH9kOoF6QGSJIIW5NEdyumD199LDOFkw6Sp4ciXZBFEo/diep6mcJQX6AWJEU
aqX32sSgxXFUrLkkcXxehnrvDsVvw5f8s0ehZnR0IooVdRC6owzXPHQKlww7UrO1
foWba1f8kfUmAOo6/ghDcTTzQWPcUqvMC/QBvLn9RSHNN6qqJB6hSrjj8zpmT9K2
LVs10Eo3BOfZn3/rsDyBY4xZZxSsjZlCd6QVi8rJnnf5AJUi18qSIquSeMvKDp1d
NMRbeyC/8F0yuh3QllV5Wtk+FV2lUnieHxaLhvy7H6wCfJdLRw3hUj8SLwclvcpO
z6mHIFpjRSZIWprxyx4A+sSWVSlIKKGMySYv7xClj6PkQwZHBOkESithtm4SnIHe
fYzUylqgQc5k+11Sp6sF/uK/S96wTIc2IffqQBZ3qaoxY944nJL4PnzqU7dQd2Js
gP1KqLZlaYgh6fhaV6dmS0NmdsUc4kRUYodbKS2rhexD9c8mpXYbE/P3/wa0tWHc
PJw/UNgw2oDpbWEQNIWmXPyD8nCIvSTQ3BzXbY7zfmbPRRCd0UdHWQ47RP66ImSN
ZzA6exAJfR9zyjOYznT6hqfAscsRtYZNyGjAJkUtj3ckNZkDWzlrBnBwMuvLtrr/
o+eeK+/zD8PF6DGD3iokIerhLIDZMMEf/OW49DlcD7yu3MV2qTFBudL1Ng/uVBjT
pM0UEGqLkIBh+TP1FAa/fq1mNeV0NEdUieJIvXd+FMgoO/tRK7iBuIc6FuhpSMmX
zuaA4ctZ3gyP67Asx9q7xUGwZpmjrzD4FRCZeen8NjlS9dYEdUjJ3v8G/kqBQQfc
4mdSD7u+AuH2Y4WnjJfifJm8NycnjB86kLo5/sbuiqipsvLKmyM0cEDd8SbcPA7r
GBDsSHt8vC2l8HZHWamIjAxfAb+ggL/RuFoaLNggI738SMBlekZH+dDnLobylpQH
d2t3VEVqGNuubLagBuad5Xth6N2AJHafnYps79at7rlPH7fl3gf1Vfjrabjv7tAt
D6uvYJkyg5wdPULGiFZ0Dtql7YRqWujy7AL3fmedeRgukrbsDugA/1r95pNe83JI
wTiWFj5IVWreCwXhXqPvFynoXqy38Yca+5T+SoXPFmKq178AmIqC0+118L1Jz0GE
Wh0NC8aQbSsIsDHP5IzVogNOTTtI5/yprHG90z6nuAsLLBWcr6eYfL9/2MuNlPHs
pUg8MOQuoZRYzvD1RJJd+tY8z+Df4eOSHEptbNmrGgACJaLh88hteJRDmQMP/ep1
bun7lkK10P3IsadldT7ryEGfV0ZXDLJ9wHf7lQI+kDxZTynmmUgr8AldFDbzOg2K
/APDjgoK/pErH1d3CQBPniDIRERs0aLK8XjtNB8MtnTVY08QlHiXvDqjmtg01nMs
C84nqFSDaPvJ0eUv6dbPPQNwnU9uSdLgIB3ZUrLXR1CGGs2OtR10DnwkvbOQr95I
JTIJfuYp8IGKQvd+F8tXCFDiGQgCw04WTTJfdc4lrc0FDcam7wjYOftu3XhSRYKf
R1bb1wQQWBxW6eB56/f25/cz91PGpZsWFgPub/Yc1TxZ5oxlxjdiBW1iqT3NidQd
w7iGIDx+kwd7UGWdIETluUBZMHsPUXXBtrKurqiuH7hQEjAk29sHpk1JQI4J/ZkN
l1ZSfk4yHwwqt4RzTH8S+umZYtEONKOWoDflx2Xk7m2G1eghOzGYknu1sOMqwMWC
7zHrKben8nWLAnSxYuWePm9pS0EeXtwCE9oUPcGwoKTq0ubzYpZry884J8uw+e+9
D9SxrAd4BLjEcQW8gVJhPNnvfdx1iSRwyIk6f+Qy3WQ3d0nF7wwQoRFNpUi+MpSc
2RMLciHhcroQ0NG71XG7xE+c4o5TQOGXb8leAaGH7G3fEILGOaVnxfYMcumL2xk7
kfToo/Ubqfgv1weZMzJUZxv2X+HkDBwWGydj75Tq7lVlN+Y2dwtjf9HmrOrTfWZg
z+jgF+1ufbrGhmsuoP+Zy7nqifF1G6KgABs+9TXWg4rZWxGb6/SJRYu49C5F8EDD
P4JNm+1ntLqBaRZqbLXQ2zua+nrG0/Ja/JEjdQfRYxQ0t7x5W2PMJvxLFmtCL+AS
n2Qs0AXcgQbnYRI5KYVKkzJ8PBIP7TegmMhgi+nY9w1KNMbmAiEiYcIgqJ9NUaL2
by6eQGK/ELXUcA1pAbEYiGnN/uH9ttINrhiOz0Gd8D6MajMmwNqrbERxHYlxkGKf
j1i76puXo7lTTCak82jvkbTq+T18OLigbyaTLhTBC7nqeN/3BcvJEOzjaGGRuRGA
9zMXWyB7H03entzGRmSGNexkR94G8b1UbAQN3GRcXRT3hTvd48ksocIeDNYx3HDl
44t6pExdRBR0YPp+kVXSrph4vdOKYLdh6y019dPy0vw4m5NrDd4uNtUOkWtGMhn2
wE71YSl3b5vy7wOQaP9Jgps64bhf3iRAr1gSAkoT0rFW0fDJR7VV5rwSRaB/re7y
dS8ddUx/0qIE+/iddSWKkPZIIDWiCQrcUxQqOjS5fxDnzoaaqll0umEDR1zy9KdX
5UyWiNctfexihp8WuPGsO5WoqdaVUUHLBaa3ZzIEgbVmXW/OCReAxjIwZpsOUHWI
PilkacVmrYOp2Msg1Wqw74MekZZxf/v9oAP1kFkA12psIw5fnYXKiejtsrxOvXdI
0Uc55ruTMaMI/SqihEwu6CRjjSDCr6xaFMlKhsE/xAKiJZH0u80QaTm5yT42Cd47
2n6rCBQmKBoJBKELW+YzoN7v0Kcf1gogx8OXcA0UzZLx9/JLfaxlfUKt8dx8kPzZ
UkEdz448mE/V90sUVHGPV1rSOZGSaxe+OKchRRUpYM12xcvldvbDxynLfRI6OUYQ
OC2cH0uJ4wCTCqlRKVvlpZBYRGmQZzfgtZNuFPXkGMfgJ/nMtKasqPNdqTglFubI
jyUq8xdFzYuIeydv7m6Tf2jBawV8zHbQ/2ZkLl8WUPU=

Appendix B. Additional information

B.1. Stored Variants of Messages with Bcc

Messages containing at least one recipient address in the Bcc header field may appear in up to three different variants:

  1. The Message for the recipient addresses listed in To or Cc header fields, which must not include the Bcc header field neither for signature calculation nor for encryption.
  2. The Message(s) sent to the recipient addresses in the Bcc header field, which depends on the implementation:

    a) One Message for each recipient in the Bcc header field separately, with a Bcc header field containing only the address of the recipient it is sent to.

    b) The same Message for each recipient in the Bcc header field with a Bcc header field containing an indication such as "Undisclosed recipients", but no addresses.

    c) The same Message for each recipient in the Bcc header field which does not include a Bcc header field (this Message is identical to 1. / cf. above).

  3. The Message stored in the 'Sent'-Folder of the sender, which usually contains the Bcc unchanged from the original Message, i.e., with all recipient addresses.

The most privacy preserving method of the alternatives (2a, 2b, and 2c) is to standardize 2a, as in the other cases (2b and 2c), information about hidden recipients is revealed via keys. In any case, the Message has to be cloned and adjusted depending on the recipient.

Appendix C. Text Moved from Above

Note: Per an explicit request by the chair of the LAMPS WG to only present one option for the specification, the following text has been stripped from the main body of the draft. It is preserved in an Appendix for the time being and may be moved back to the main body or deleted, depending on the decision of the LAMPS WG.

C.1. MIME Format

Currently there are two options in discussion:

  1. The option according to the current S/MIME specification (cf. [RFC8551])
  2. An alternative option that is based on the former "memory hole" approach (cf. [I-D.autocrypt-lamps-protected-headers])

C.1.1. S/MIME Specification

Note: This is currently described in the main part of this document.

C.1.1.1. Alternative Option Autocrypt "Protected Headers" (Ex-"Memory Hole")

An alternative option (based on the former autocrypt "Memory Hole" approach) to be considered, is described in [I-D.autocrypt-lamps-protected-headers].

Unlike the option described in Appendix C.1.1, this option does not use a "message/RFC822" wrapper to unambiguously delimit the Inner Message.

Before choosing this option, the following two issues must be assessed to ensure no interoperability issues result from it:

  1. How current MIME parser implementations treat non-MIME Header Fields, which are not part of the outermost MIME entity and not part of a Message wrapped into a MIME entity of media type "message/rfc822", and how such Messages are rendered to the user.

    [I-D.autocrypt-lamps-protected-headers] provides some examples for testing this.

  2. MIME-conformance, i.e. whether or not this option is (fully) MIME-conformant [RFC2045] ff., in particular also Section 5.1. of [RFC2046] on "Multipart Media Type). In the following an excerpt of paragraphs that may be relevant in this context:
      The only header fields that have defined meaning for body parts
      are those the names of which begin with "Content-".  All other
      header fields may be ignored in body parts.  Although they
      should generally be retained if at all possible, they may be
      discarded by gateways if necessary.  Such other fields are
      permitted to appear in body parts but must not be depended on.
      "X-" fields may be created for experimental or private
      purposes, with the recognition that the information they
      contain may be lost at some gateways.
      NOTE:  The distinction between an RFC 822 Message and a body
      part is subtle, but important.  A gateway between Internet and
      X.400 mail, for example, must be able to tell the difference
      between a body part that contains an image and a body part
      that contains an encapsulated Message, the body of which is a
      JPEG image.  In order to represent the latter, the body part
      must have "Content-Type: message/rfc822", and its body (after
      the blank line) must be the encapsulated Message, with its own
      "Content-Type: image/jpeg" header field.  The use of similar
      syntax facilitates the conversion of Messages to body parts,
      and vice versa, but the distinction between the two must be
      understood by implementors.  (For the special case in which
      parts actually are Messages, a "digest" subtype is also
      defined.)

The MIME structure of an Email Message looks as follows:

  <Outer Message Header Section (unprotected)>

  <Outer Message Body (protected)>

    <Inner Message Header Section>

    <Inner Message Body>

The following example demonstrates how an Original Message might be protected, i.e., the Original Message is contained as Inner Message in the Protected Body of an Outer Message. It illustrates the first Body part (of the Outer Message) as a "multipart/signed" (application/pkcs7-signature) media type:

Lines are prepended as follows:

  • "O: " Outer Message Header Section
  • "I: " Message Header Section
  O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  O: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  O: Subject: Meeting at my place
  O: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  O: MIME-Version: 1.0
  O: Content-Type: multipart/signed; charset=us-ascii; micalg=sha1;
  O:  protocol="application/pkcs7-signature";
  O:  boundary=boundary-AM

     This is a multipart message in MIME format.
     --boundary-AM
  I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
  I: From: "Alexey Melnikov" <alexey.melnikov@example.net>
  I: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@m.example.net>
  I: MIME-Version: 1.0
  I: MMHS-Primary-Precedence: 3
  I: Subject: Meeting at my place
  I: To: somebody@example.net
  I: X-Mailer: Isode Harrier Web Server
  I: Content-Type: text/plain; charset=us-ascii

     This is an important message that I don't want to be modified.

     --boundary-AM
     Content-Transfer-Encoding: base64
     Content-Type: application/pkcs7-signature

     [[base-64 encoded signature]]

     --boundary-AM--

The Outer Message Header Section is unprotected, while the remainder (Outer Message Body) is protected. The Outer Message Body consists of the Inner Message (Header Section and Body).

The Inner Message Header Section is the same as (or a subset of) the Original Message Header Section.

The Inner Message Body is the same as the Original Message Body.

The Original Message itself may contain any MIME structure.

C.1.2. Sending Side

To ease explanation, the following describes the case where an Original (message/rfc822) Message to be protected is present. If this is not the case, Original Message means the (virtual) Message that would be constructed for sending it as unprotected email.

C.1.2.1. Inner Message Header Fields

It is RECOMMENDED that the Inner Message contains all Header Fields of the Original Message with the exception of the following Header Field, which MUST NOT be included within the Inner Message nor within any other protected part of the Message:

[[ TODO: Bcc handling needs to be further specified (see also Appendix B.1). Certain MUAs cannot properly decrypt Messages with Bcc recipients. ]]

C.1.2.2. Wrapper

The wrapper is a simple MIME Header Section followed by an empty line preceding the Inner Message (inside the Outer Message Body). The media type of the wrapper MUST be "message/RFC822" and MUST contain the Content-Type header field parameter "forwarded=no" as defined in [I-D.melnikov-iana-reg-forwarded]. The wrapper unambiguously delimits the Inner Message from the rest of the Message.

C.1.2.3. Cryptographic Layers / Envelope

[[ TODO: Basically refer to S/MIME standards ]]

C.1.2.4. Sending Side Message Processing

For a protected Message the following steps are applied before a Message is handed over to the Submission Entity:

C.1.2.4.1. Step 1: Decide on Protection Level and Information Disclosure

The implementation which applies protection to a Message must decide:

  • Which Protection Level (signature and/or encryption) shall be applied to the Message? This depends on user request and/or local policy as well as availability of cryptographic keys.
  • Which Header Fields of the Original Message shall be part of the Outer Message Header Section? This typically depends on local policy. By default, the Essential Header Fields are part of the Outer Message Header Section; cf. Appendix C.1.2.5.
  • Which of these Header Fields are to be obfuscated? This depends on local policy and/or specific Privacy requirements of the user. By default only the Subject Header Field is obfuscated; cf. Appendix C.1.2.5.
C.1.2.4.2. Step 2: Compose the Outer Message Header Section

Depending on the decision in Appendix C.1.2.4.1, the implementation shall compose the Outer Message Header Section. (Note that this also includes the necessary MIME Header Section part for the following protection layer.)

Outer Header Fields that are not obfuscated should contain the same values as in the Original Message (except for MIME Header Section part, which depends on the Protection Level selected in Appendix C.1.2.4.1).

C.1.2.4.3. Step 3: Apply Protection to the Original Message

Depending on the Protection Level selected in Appendix C.1.2.4.1, the implementation applies signature and/or encryption to the Original Message, including the wrapper (as per [RFC8551]), and sets the resulting package as the Outer Message Body.

The resulting (Outer) Message is then typically handed over to the Submission Entity.

[[ TODO: Example ]]

C.1.2.5. Outer Message Header Fields

C.1.2.5.1. Encrypted Messages

To maximize Privacy, it is strongly RECOMMENDED to follow the principle of Data Minimization (cf. Section 2.1).

However, the Outer Message Header Section SHOULD contain the Essential Header Fields and, in addition, MUST contain the Header Fields of the MIME Header Section part to describe Cryptographic Layer of the protected MIME subtree as per [RFC8551].

The following Header Fields are defined as the Essential Header Fields:

  • From
  • To (if present in the Original Message)
  • Cc (if present in the Original Message)
  • Bcc (if present in the Original Message, see also Appendix B.1)
  • Date
  • Message-ID
  • Subject

Further processing by the Submission Entity normally depends on part of these Header Fields, e.g. From and Date HFs are required by [RFC5322]. Furthermore, not including certain Header Fields may trigger spam detection to flag the Message, and/or lead to user experience (UX) issues.

For further Data Minimization, the value of the Subject Header Field SHOULD be obfuscated as follows:

* Subject: [...]

and it is RECOMMENDED to replace the Message-ID by a new randomly generated Message-ID.

In addition, the value of other Essential Header Fields MAY be obfuscated.

Non-Essential Header Fields SHOULD be omitted from the Outer Message Header Section where possible. If Non-essential Header Fields are included in the Outer Message Header Section, those MAY be obfuscated too.

Header Fields that are not obfuscated should contain the same values as in the Original Message.

If an implementation obfuscates the From, To, and/or Cc Header Fields, it may need to provide access to the clear text content of these Header Fields to the Submission Entity for processing purposes. This is particularly relevant, if proprietary Submission Entities are used. Obfuscation of Header Fields may adversely impact spam filtering.

(A use case for obfuscation of all Outer Message Header Fields is routing email through the use of onion routing or mix networks, e.g. [pEp.mixnet].)

The MIME Header Section part is the collection of MIME Header Fields describing the following MIME structure as defined in [RFC2045]. A MIME Header Section part typically includes the following Header Fields:

  • Content-Type
  • Content-Transfer-Encoding
  • Content-Disposition

The following example shows the MIME Header Section part of an S/MIME signed Message (using application/pkcs7-mime with SignedData):

   MIME-Version: 1.0
   Content-Type: application/pkcs7-mime; smime-type=signed-data;
      name=smime.p7m
   Content-Transfer-Encoding: base64
   Content-Disposition: attachment; filename=smime.p7m

Depending on the scenario, further Header Fields MAY be exposed in the Outer Message Header Section, which is NOT RECOMMENDED unless justified. Such Header Fields may include e.g.:

  • References
  • Reply-To
  • In-Reply-To
C.1.2.5.2. Unencrypted Messages

The Outer Message Header Section of unencrypted Messages SHOULD contain at least the Essential Header Fields and, in addition, MUST contain the Header Fields of the MIME Header Section part to describe Cryptographic Layer of the protected MIME subtree as per [RFC8551]. It may contain further Header Fields, in particular those also present in the Inner Message Header Section.

Appendix D. Document Considerations

[[ RFC Editor: This section is to be removed before publication ]]

This draft is built from markdown source, and its development is tracked in a git repository.

While minor editorial suggestions and nit-picks can be made as merge requests, please direct all substantive discussion to the LAMPS mailing list at spasm@ietf.org.

Appendix E. Document Changelog

[[ RFC Editor: This section is to be removed before publication ]]

Appendix F. Open Issues

[[ RFC Editor: This section should be empty and is to be removed before publication. ]]

Authors' Addresses

Daniel Kahn Gillmor
American Civil Liberties Union
125 Broad St.
New York, NY, 10004
United States of America
Bernie Hoeneisen
pEp Foundation
Oberer Graben 4
CH- CH-8400 Winterthur
Switzerland
Alexey Melnikov
Isode Ltd
14 Castle Mews
Hampton, Middlesex
TW12 2NP
United Kingdom