– protects a message without needing to first arrange for sender and receiver to have the same secret key
– Equates to the same thing as a sealed envelope containing an unsigned letter
Message
random symmetric key -> encrypted message -> digital envelop
receiver’s public key -> encrypted symmetric key -> digital envelope