Notes decrypting email from external email (using Gmail sending an encrypted email) receiving .p7s or .p7m file.
- According to the findings, Gmail is indeed sending a multipart/signed, not a multipart/mixed, but the encrypted part is nested within the multipart/signed; it's the first child part (filename: smime.p7m); the second child part is the signature (filename: smime.p7s).
Notes/Domino cannot handle S/MIME encryption unless the encrypted is the top level part; that is, the only part.
Notes/Domino only supports single part encrypted S/MIME messages; its behavior is as designed in the scenario described.
S/MIME encrypted email is usually sent as a single part message. Here is a stripped down example:
[Begin example]
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
<base64 encoded encrypted data....>
[End example]
Notes/Domino supports this kind of encrypted S/MIME message. However, Gmail is sending the encrypted part nested within a multipart/mixed, like this:
[Begin example]
Content-Type: multipart/mixed; boundary="__Bound__"
--__Bound__
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
<base64 encoded encrypted data....>
--__Bound__
other parts....
--__Bound__--
[End example]
