Options for handling private keys in envelopes.
Omit the private key from the envelope (default).
Include the private key in plaintext (with salt for decorrelation).
Include the private key assertion but elide it (maintains digest tree).
Include the private key encrypted with a password.
Options for handling private keys in envelopes.