Perhaps you should require the encrypted files to be signed, and then verify the signature if one is supplied (which is a good thing to do).

-- Brett

Go not to the Elves for counsel, for they will say both no and yes