it's interesting to me that it's obvious it wouldn't decrypt existing data. i had planned on automatically (with good messaging of course) decrypting existing data on project encrypt disable. what's the case you envision where you'd want to disable but leave existing records encrypted? it sounded like the main reason you wanted disable was because it made trying out project encryption a lower commitment/barrier, in which case you'd only have test data right?
i think it's actually not too hard to provide the option, but i do want to be sure i understand the reasoning on your side to inform our decision making.
something other than passphrases:
my logic behind starting with passphrases was that pem files are really hard to handle safely and securely, and people are likely to do really insecure things with them (email them around, etc). certainly larger organizations with good infrastructure and practices like your own are more equipped to establish the right procedures.
passphrases at least can be stored in password managers, etc which do a good job of balancing user ease and security.
i think it makes sense to pursue something more secure, though i also wonder whether in this case it makes more sense to support something like a yubikey which is a more automatic and guaranteed-secure process than throwing a pem file around.
in either case, central supports the old aggregate encryption, so you can just continue your current practices for now.
on the fly decryption performance:
i don't really see a reason this would necessarily be bad. if it isn't good now we can improve it.
with the REST api, building a simple tool that does this should be pretty straightforward. briefcase already does it. adding windowing to the odata api (and possibly the csv api) should also not be all that difficult. just a matter of scheduling.