Would that trigger the 'export' clause? The main deliverable I hope to have in the next few days is a method for password-based decryption that will be called at the end of getNextEntry(). It looks like it will take a Cipher initialized by the master password and provide either a Cipher initialized to the per-file session key or null if the header didn't validate.
Certificate-based decryption is a little more work but not a lot. At that point password-based decryption would just need a way to get the initial password and cipher, and a way to run the data through the Cipher prior to decompression. Both would probably be better handled by someone familiar with the code base. Bear