I'm confused. In way does your application protect users against you? You control the code that handles the users encryption secrets. Your users have no effective way to police you.
Why not just have the users send you their plaintext, and rely on SSL/TLS for the rest of your security? It seems like that provides effectively the same security.
Why not just have the users send you their plaintext, and rely on SSL/TLS for the rest of your security? It seems like that provides effectively the same security.