This format string specifies a command which is used to decrypt application/x-pkcs7-mime attachments.
The OpenSSL command formats have their own set of printf-like sequences similar to PGP's:
Expands to the name of a file containing a message.
Expands to the name of a file containing the signature part of a multipart/signed attachment when verifying it.
The key-pair specified with $smime_default_key
One or more certificate IDs.
The algorithm used for encryption.
CA location: Depending on whether $smime_ca_location . points to a directory or file, this expands to "-CApath $smime_ca_location" or "-CAfile $smime_ca_location".
For examples on how to configure these formats, see the smime.rc in the share/examples/mutt subdirectory which has been installed on your system. (S/MIME only)