Certified in Risk and Information Systems Control (CRISC) Practice Test

A digital envelope is a technique that combines the use of a symmetric key for encrypting the actual message and public/private key pairs for securely transmitting that symmetric key. This method leverages the strengths of both symmetric and asymmetric encryption.

When a message is sent, it is first encrypted using a symmetric key, which is efficient for encryption and decryption of the message itself. This symmetric key is then encrypted with the recipient's public key, ensuring that only the intended recipient, who possesses the corresponding private key, can decrypt it. This dual approach not only enhances security but also allows for faster processing since symmetric encryption is typically less resource-intensive than asymmetric encryption.

The other options do not accurately describe a digital envelope; for instance, the option regarding ensuring authenticity relates more to digital signatures rather than the envelope concept, while compression does not involve encryption at all. Lastly, using only private keys for encryption would not provide the benefits of secure key exchange effectively. Thus, the description provided under the choice about utilizing a public key and private key for efficient message encoding accurately encapsulates the essence of what a digital envelope is meant to achieve in secure communications.