> That is, like the opaque envelope, it lets us know if someone's tried to open it, change it, or can decrypt the message
That's message authentication. It's actually separate from encryption - for example, some people sign their email with a private key so that others can verify it came from them, but without encrypting the contents. Or data like Debian / etc packages, which are signed but not encrypted.
The two are frequently done together, but are otherwise not closely related.