We have found that encrypting pieces is much slower than encrypting one big chunk -- one vendor reported a significant decrease in performance compared with single-pass encryption (also true for signing in pieces). Using Encapsulation (encrypting then encapsulating) would also allow some attachment(s) to remain un-encrypted if this is needed. I don't know why anyone would do this but it certainly could be done. There just doesn't seem to be any way that encoding attachments and encrypting them one at a time could possibly be faster than single-pass encryption. We would also have to face the need, during decryption, to decode and put attachments back in the MIME bodyparts. In the mean time, what would be in those bodyparts? Would we just delete those MIME headers and assume the receiving side would reconstruct them? Or, perhaps we would somehow encrypt the MIME headers too? We faced this same problem with XMLDsig & MIME headers and it turned out not to have an easily solution. Encapsulating the S/MIME encrypted part is easy and smooth. What is the business case for fine-grained control of encryption? Regards, David.