PKCS #7 supports 6 content types:

 (1) data

 (2) signedData: signature of a message or a cert

 (3) envelopedData: used for encrypted messages

     - sender needs pubKey for each intended recipient

     - and will create separate envelopedData for each recipient
       by encrypting the canonicalized/encoded data using that recipient's
       public key (or create a session key K and encrypt that under each
       recipient's pub key then encrypt the message under K - not sure if
       S/MIME allows for this)

     - note: provides no authentication of sender to recipient

 (4) signedAndEnvelopedData

 (5) digestedData

 (6) encryptedData

"A MIME entity that is the whole message includes only the MIME headers
 and MIME body, and does not include the RFC-822 headers."

 - so if we encrypt/sign the "whole message", we are encrypting/signing
   the DATA portion? Not *also* the RCPT To: and MAIL From: cmds

MIME type   	     	 	File extension
---------------------------------------------------------------------------
application/pkcs7-mime		.p7m

 - for signedData and envelopedData

application/pkcs7-mime		.p7c

 - for when signedData contains only certs

application/pkcs7-signature	.p7s

application/pkcs10		.p10