Our process is designed around entering a password/key *at* the file-open action. This prevents an interactively compromised/shared host from being able to open secured files — the second factor is not the workstation login; it is the entry of the passphrase upon the file-open action. The 2.0 mechanism prevents this process. 1.X allows a fully-offline control of accessing our files. Does 2.x allow this?