A digital envelope is a secure electronic data container that is used to protect a message through encryption and data authentication. A digital envelope allows users to encrypt data with the speed of secret key encryption and the convenience and security of public key encryption.
Rivest, Shamir and Adleman (RSA) Public-Key Cryptography Standard (PKCS) #7 governs the application of cryptography to data for digital envelopes and digital signatures.
A digital envelope is also known as a digital wrapper.
A digital envelope uses two layers for encryption: Secret (symmetric) key and public key encryption. Secret key encryption is used for message encoding and decoding. Public key encryption is used to send a secret key to a receiving party over a network. This technique does not require plain text communication.
Either of the following methods may be used to create a digital envelope:
Secret key encryption algorithms, such as Rijndael or Twofish, for message encryption.
Public key encryption algorithm from RSA for secret key encryption with a receiver’s public key.
A digital envelope may be decrypted by using a receiver's private key to decrypt a secret key, or by using a secret key to decrypt encrypted data.
An example of a digital envelope is Pretty Good Privacy (PGP) - a popular data cryptography software that also provides cryptographic privacy and data communication authentication.