SecretKeyMaterial is brittle
SecretKeyMaterial::decrypt_in_place
doesn't do anything if the key is not encrypted. Should it perform ENotEncrypted
?
SecretKeyMaterial::encrypt_in_place
is worse: if the key is already encrypted, it does nothing! This gives the caller the sense that the encryption worked.