S/MIME encryption rarely wraps a plain text payload — production senders typically encrypt a multi-part MIME message that carries the email's body, alternatives (text/plain + text/html), attachments and headers as a structured envelope. The platform's S/MIME decryption was correct for the simple case but fell short on the structured one : the decrypted payload was returned as a single blob, leaving the calling code to re-parse the MIME body separately.
This release closes the gap. After decryption, the layer now parses the full MIME message and surfaces the inner parts — body, alternatives, attachments — through the same shape the unencrypted-email path uses. Multi-part signed-and-encrypted workflows (the SEC-required "sign-then-encrypt" pattern for regulated communications) round-trip cleanly without bespoke parsing in business code. Credential handling, certificate-chain validation and the supported cipher suite are unchanged ; the work is entirely on the payload-extraction side.