I regularly send and receive email messages that are S/MIME-encrypted. For certain reasons, I would like to store copies of those messages in unencrypted form at my end.
There are dozens of questions on this site and others with explanations of how to decrypt S/MIME messages using openssl. The methods described there in general work for me, but I have a problem that I didn't see mentioned anywhere so far:
When I save a S/MIME-encrypted message in EML format, and then decrypt it, using one of the following command lines, every header is removed from the decrypted version (e.g., Subject, To, From, Date and so on). The exception are the Content-Type, Content-Transfer-Encoding, Content-Disposition headers and possibly some more Content-* headers, which are not removed, but are altered compared to the original version.
While I can understand the reason for changing the Content-* headers, I don't understand why the other headers are removed, and would like to know how to prevent this.
My command line to decrypt the EML messages is typically:
openssl cms -decrypt -in encrypted.eml -inkey smime.key -recip smime.crt > decrypted.eml
openssl smime -decrypt -in encrypted.eml -inkey smime.key -recip smime.crt > decrypted.eml
There is no difference between openssl cms and openssl smime, and it also makes no difference if I leave away the -recip parameter (I am usually the only recipient of those messages). Every variant removes the headers in the decrypted message.
Probably I could manually copy the headers from the original, encrypted EML file to the begin of the decrypted EML file to solve that issue (except the Content-* headers of course), but my feeling is that this is error-prone and may have side effects, and that there must a better way.
Put short, my question is how to decrypt S/MIME messages without losing their headers, and I believe that this question is not a duplicate because I haven't seen other questions that deal specifically with this problem.
