It seems to me that the client is just keeping encrypted information around. Why not just store the decrypted file on your server and send some sort of HASH of the file (such as SHA1, MD5, etc.) to the client as a "key". When they want to view the file they send you their "key" and are able to view the file.

The beauty of this method is that there is no chance of somebody "decrypting" the file contents since it is just a hash. The downside, however, is that now you take on the burden of storing those files locally...

Another thing you might want to consider. If you are worried about security, it may not be the best thing to decrypt on the client and then send it to the server. If someone set up a smart packet or network sniffer then they could hypothetically sniff your networks and read the decrypted packets as they pass...

just some thoughts, I hope this is helpful.