TL;DR

OpenSSL can extract documents from P7M files

I received a signed message in P7M format and wanted to extract the contents - possibly from the command line. I initially thought that GnuPG would get the job one, to no avail.

I later discovered that there’s an OpenSSL incantation that does it:

openssl smime -decrypt -verify -inform DER \
    -in $file_input_name -noverify -out $file_output_name

As it happens, we need to put both the initial -verify and the later -noverify to skip verification and just save the data. I only tried it on an input file with one single contained file inside, but still it’s a lot useful!

Stay safe folks!